@agenshield/daemon 0.7.1 → 0.7.2

package/main.js

@@ -1293,6 +1293,41 @@ var init_crypto = __esm({
   }
 });
 
+// libs/shield-daemon/src/vault/installation-key.ts
+import * as crypto2 from "node:crypto";
+async function getInstallationKey() {
+  if (cachedKey) return cachedKey;
+  const vault = getVault();
+  const contents = await vault.load();
+  if (contents.installationKey) {
+    cachedKey = contents.installationKey;
+    return cachedKey;
+  }
+  const key = crypto2.randomBytes(32).toString("hex");
+  await vault.set("installationKey", key);
+  cachedKey = key;
+  console.log("[InstallationKey] Generated new installation key");
+  return key;
+}
+async function getInstallationTag() {
+  const key = await getInstallationKey();
+  return `${INSTALLATION_KEY_PREFIX}${key}`;
+}
+function hasValidInstallationTagSync(tags) {
+  if (!cachedKey) return false;
+  const fullTag = `${INSTALLATION_KEY_PREFIX}${cachedKey}`;
+  return tags.some((tag) => tag === fullTag);
+}
+var INSTALLATION_KEY_PREFIX, cachedKey;
+var init_installation_key = __esm({
+  "libs/shield-daemon/src/vault/installation-key.ts"() {
+    "use strict";
+    init_vault();
+    INSTALLATION_KEY_PREFIX = "agenshield-";
+    cachedKey = null;
+  }
+});
+
 // libs/shield-daemon/src/vault/index.ts
 import * as fs4 from "node:fs";
 import * as path4 from "node:path";
@@ -1310,6 +1345,7 @@ var init_vault = __esm({
     init_crypto();
     init_paths();
     init_crypto();
+    init_installation_key();
     Vault = class {
       key;
       vaultPath;
@@ -1847,7 +1883,7 @@ init_state();
 init_vault();
 
 // libs/shield-daemon/src/auth/session.ts
-import * as crypto2 from "node:crypto";
+import * as crypto3 from "node:crypto";
 import { DEFAULT_AUTH_CONFIG } from "@agenshield/ipc";
 var SessionManager = class {
   sessions = /* @__PURE__ */ new Map();
@@ -1861,7 +1897,7 @@ var SessionManager = class {
    * Generate a secure random token
    */
   generateToken() {
-    return crypto2.randomBytes(32).toString("base64url");
+    return crypto3.randomBytes(32).toString("base64url");
   }
   /**
    * Create a new session
@@ -2431,7 +2467,7 @@ function generatePolicyMarkdown(policies, knownSkills) {
 // libs/shield-daemon/src/watchers/skills.ts
 import * as fs11 from "node:fs";
 import * as path11 from "node:path";
-import * as crypto3 from "node:crypto";
+import * as crypto4 from "node:crypto";
 import { parseSkillMd } from "@agenshield/sandbox";
 
 // libs/shield-daemon/src/services/marketplace.ts
@@ -2620,6 +2656,17 @@ function updateDownloadedAnalysis(slug, analysis) {
   } catch {
   }
 }
+function markDownloadedAsInstalled(slug) {
+  const metaPath = path9.join(getMarketplaceDir(), slug, "metadata.json");
+  try {
+    if (!fs9.existsSync(metaPath)) return;
+    const meta = JSON.parse(fs9.readFileSync(metaPath, "utf-8"));
+    if (meta.wasInstalled) return;
+    meta.wasInstalled = true;
+    fs9.writeFileSync(metaPath, JSON.stringify(meta, null, 2), "utf-8");
+  } catch {
+  }
+}
 function listDownloadedSkills() {
   const baseDir = getMarketplaceDir();
   if (!fs9.existsSync(baseDir)) return [];
@@ -2640,7 +2687,8 @@ function listDownloadedSkills() {
           tags: meta.tags ?? [],
           hasAnalysis: !!meta.analysis,
           source: meta.source,
-          analysis: meta.analysis
+          analysis: meta.analysis,
+          wasInstalled: meta.wasInstalled ?? false
         });
       } catch {
       }
@@ -3237,6 +3285,9 @@ function emitSkillUntrustedDetected(name, reason) {
 function emitSkillApproved(skillName) {
   daemonEvents.broadcast("skills:approved", { name: skillName });
 }
+function emitExecDenied(command, reason) {
+  daemonEvents.broadcast("exec:denied", { command, reason });
+}
 function emitAgenCoAuthRequired(authUrl, integration) {
   daemonEvents.broadcast("agenco:auth_required", { authUrl, integration });
 }
@@ -3276,6 +3327,56 @@ function emitEvent(type, data) {
 
 // libs/shield-daemon/src/watchers/skills.ts
 init_paths();
+
+// libs/shield-daemon/src/services/skill-tag-injector.ts
+init_installation_key();
+import { parse as parseYaml, stringify as stringifyYaml } from "yaml";
+var FRONTMATTER_RE = /^---\s*\n([\s\S]*?)\n---\s*\n?([\s\S]*)$/;
+async function injectInstallationTag(content) {
+  const tag = await getInstallationTag();
+  const match = content.match(FRONTMATTER_RE);
+  if (!match) {
+    return `---
+tags:
+  - ${tag}
+---
+${content}`;
+  }
+  try {
+    const metadata = parseYaml(match[1]);
+    if (!metadata || typeof metadata !== "object") {
+      return content;
+    }
+    if (!Array.isArray(metadata.tags)) {
+      metadata.tags = [];
+    }
+    metadata.tags = metadata.tags.filter(
+      (t) => typeof t !== "string" || !t.startsWith("agenshield-")
+    );
+    metadata.tags.push(tag);
+    return `---
+${stringifyYaml(metadata).trimEnd()}
+---
+${match[2]}`;
+  } catch {
+    return content;
+  }
+}
+function extractTagsFromSkillMd(content) {
+  const match = content.match(FRONTMATTER_RE);
+  if (!match) return [];
+  try {
+    const metadata = parseYaml(match[1]);
+    if (!metadata || typeof metadata !== "object") return [];
+    if (!Array.isArray(metadata.tags)) return [];
+    return metadata.tags.filter((t) => typeof t === "string");
+  } catch {
+    return [];
+  }
+}
+
+// libs/shield-daemon/src/watchers/skills.ts
+init_installation_key();
 function getApprovedSkillsPath() {
   return path11.join(getSystemConfigDir(), "approved-skills.json");
 }
@@ -3414,7 +3515,7 @@ function computeSkillHash(skillDir) {
   const files = readSkillFiles(skillDir);
   if (files.length === 0) return null;
   files.sort((a, b) => a.name.localeCompare(b.name));
-  const hash = crypto3.createHash("sha256");
+  const hash = crypto4.createHash("sha256");
   for (const file of files) {
     hash.update(file.name);
     hash.update(file.content);
@@ -3443,10 +3544,33 @@ function scanSkills() {
       const approvedEntry = approvedMap.get(skillName);
       if (!approvedEntry) {
         const fullPath = path11.join(skillsDir, skillName);
-        const slug = moveToMarketplace(skillName, fullPath);
-        if (slug) {
-          if (callbacks.onUntrustedDetected) {
-            callbacks.onUntrustedDetected({ name: skillName, reason: "Skill not in approved list" });
+        let autoApproved = false;
+        for (const mdName of ["SKILL.md", "skill.md"]) {
+          const mdPath = path11.join(fullPath, mdName);
+          try {
+            if (fs11.existsSync(mdPath)) {
+              const content = fs11.readFileSync(mdPath, "utf-8");
+              const tags = extractTagsFromSkillMd(content);
+              if (hasValidInstallationTagSync(tags)) {
+                console.log(`[SkillsWatcher] Auto-approving skill with valid installation tag: ${skillName}`);
+                const hash = computeSkillHash(fullPath);
+                addToApprovedList(skillName, void 0, hash ?? void 0);
+                if (callbacks.onApproved) {
+                  callbacks.onApproved(skillName);
+                }
+                autoApproved = true;
+                break;
+              }
+            }
+          } catch {
+          }
+        }
+        if (!autoApproved) {
+          const slug = moveToMarketplace(skillName, fullPath);
+          if (slug) {
+            if (callbacks.onUntrustedDetected) {
+              callbacks.onUntrustedDetected({ name: skillName, reason: "Skill not in approved list" });
+            }
           }
         }
       } else if (approvedEntry.hash) {
@@ -3552,7 +3676,7 @@ function approveSkill(skillName) {
     const cachedFiles = getDownloadedSkillFiles(slug);
     let hash;
     if (cachedFiles.length > 0) {
-      const h = crypto3.createHash("sha256");
+      const h = crypto4.createHash("sha256");
       const sorted = [...cachedFiles].sort((a, b) => a.name.localeCompare(b.name));
       for (const file of sorted) {
         h.update(file.name);
@@ -3621,14 +3745,15 @@ function listApproved() {
 function getSkillsDir() {
   return skillsDir;
 }
-function addToApprovedList(skillName, publisher, hash) {
+function addToApprovedList(skillName, publisher, hash, slug) {
   const approved = loadApprovedSkills();
   if (!approved.some((s) => s.name === skillName)) {
     approved.push({
       name: skillName,
       approvedAt: (/* @__PURE__ */ new Date()).toISOString(),
       ...publisher ? { publisher } : {},
-      ...hash ? { hash } : {}
+      ...hash ? { hash } : {},
+      ...slug ? { slug } : {}
     });
     saveApprovedSkills(approved);
   }
@@ -3875,7 +4000,7 @@ async function securityRoutes(app) {
 // libs/shield-daemon/src/auth/passcode.ts
 init_vault();
 init_state();
-import * as crypto4 from "node:crypto";
+import * as crypto5 from "node:crypto";
 import { DEFAULT_AUTH_CONFIG as DEFAULT_AUTH_CONFIG2 } from "@agenshield/ipc";
 var ITERATIONS = 1e5;
 var KEY_LENGTH = 64;
@@ -3883,8 +4008,8 @@ var DIGEST = "sha512";
 var SALT_LENGTH = 16;
 function hashPasscode(passcode) {
   return new Promise((resolve3, reject) => {
-    const salt = crypto4.randomBytes(SALT_LENGTH);
-    crypto4.pbkdf2(passcode, salt, ITERATIONS, KEY_LENGTH, DIGEST, (err, derivedKey) => {
+    const salt = crypto5.randomBytes(SALT_LENGTH);
+    crypto5.pbkdf2(passcode, salt, ITERATIONS, KEY_LENGTH, DIGEST, (err, derivedKey) => {
       if (err) {
         reject(err);
         return;
@@ -3904,12 +4029,12 @@ function verifyPasscode(passcode, storedHash) {
     const iterations = parseInt(parts[0], 10);
     const salt = Buffer.from(parts[1], "base64");
     const hash = Buffer.from(parts[2], "base64");
-    crypto4.pbkdf2(passcode, salt, iterations, hash.length, DIGEST, (err, derivedKey) => {
+    crypto5.pbkdf2(passcode, salt, iterations, hash.length, DIGEST, (err, derivedKey) => {
       if (err) {
         reject(err);
         return;
       }
-      resolve3(crypto4.timingSafeEqual(hash, derivedKey));
+      resolve3(crypto5.timingSafeEqual(hash, derivedKey));
     });
   });
 }
@@ -4081,6 +4206,12 @@ data: ${data}
 
 `;
 }
+var ALWAYS_FULL_PREFIXES = ["skills:", "exec:", "interceptor:", "security:", "wrappers:", "process:", "config:"];
+function shouldSendFull(event, authenticated) {
+  if (authenticated) return true;
+  if (event.type === "heartbeat" || event.type === "daemon:status") return true;
+  return ALWAYS_FULL_PREFIXES.some((p) => event.type.startsWith(p));
+}
 async function sseRoutes(app) {
   app.get("/sse/events", async (request2, reply) => {
     const authenticated = isAuthenticated(request2);
@@ -4106,7 +4237,7 @@ async function sseRoutes(app) {
     reply.raw.write(authenticated ? formatSSE(statusEvent) : formatStrippedSSE(statusEvent));
     const unsubscribe = daemonEvents.subscribe((event) => {
       try {
-        if (event.type === "heartbeat" || event.type === "daemon:status" || event.type.startsWith("skills:") || authenticated) {
+        if (shouldSendFull(event, authenticated)) {
           reply.raw.write(formatSSE(event));
         } else {
           reply.raw.write(formatStrippedSSE(event));
@@ -4154,7 +4285,7 @@ async function sseRoutes(app) {
     const unsubscribe = daemonEvents.subscribe((event) => {
       if (event.type.startsWith(filter) || event.type === "heartbeat" || event.type === "daemon:status") {
         try {
-          if (event.type === "heartbeat" || event.type === "daemon:status" || authenticated) {
+          if (shouldSendFull(event, authenticated)) {
             reply.raw.write(formatSSE(event));
           } else {
             reply.raw.write(formatStrippedSSE(event));
@@ -7932,6 +8063,7 @@ import { parseSkillMd as parseSkillMd2, extractSkillInfo } from "@agenshield/san
 import { execWithProgress as execWithProgress3 } from "@agenshield/sandbox";
 var SUPPORTED_KINDS = /* @__PURE__ */ new Set(["brew", "npm", "pip"]);
 var SAFE_PACKAGE_RE = /^[a-zA-Z0-9@/_.\-]+$/;
+var SYSTEM_PATH = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin";
 function findSkillMdRecursive(dir, depth = 0) {
   if (depth > 3) return null;
   try {
@@ -7995,7 +8127,7 @@ async function executeSkillInstallSteps(options) {
           onLog(`Installing brew formula: ${formula}`);
           const brewCmd = [
             `export HOME="${agentHome}"`,
-            `export PATH="${agentHome}/homebrew/bin:${agentHome}/bin:$PATH"`,
+            `export PATH="${agentHome}/homebrew/bin:${agentHome}/bin:${SYSTEM_PATH}:$PATH"`,
             `brew install ${formula}`
           ].join(" && ");
           await execWithProgress3(
@@ -8019,7 +8151,7 @@ async function executeSkillInstallSteps(options) {
           onLog(`Installing npm package: ${pkg}`);
           const npmCmd = [
             `export HOME="${agentHome}"`,
-            `export PATH="${agentHome}/bin:$PATH"`,
+            `export PATH="${agentHome}/bin:${SYSTEM_PATH}:$PATH"`,
             `source "${agentHome}/.nvm/nvm.sh" 2>/dev/null || true`,
             `npm install -g ${pkg}`
           ].join(" && ");
@@ -8044,7 +8176,7 @@ async function executeSkillInstallSteps(options) {
           onLog(`Installing pip package: ${pkg}`);
           const pipCmd = [
             `export HOME="${agentHome}"`,
-            `export PATH="${agentHome}/bin:$PATH"`,
+            `export PATH="${agentHome}/bin:${SYSTEM_PATH}:$PATH"`,
             `pip install ${pkg}`
           ].join(" && ");
           await execWithProgress3(
@@ -8069,7 +8201,7 @@ async function executeSkillInstallSteps(options) {
       try {
         const checkCmd = [
           `export HOME="${agentHome}"`,
-          `export PATH="${agentHome}/homebrew/bin:${agentHome}/bin:$PATH"`,
+          `export PATH="${agentHome}/homebrew/bin:${agentHome}/bin:${SYSTEM_PATH}:$PATH"`,
           `source "${agentHome}/.nvm/nvm.sh" 2>/dev/null || true`,
           `which ${bin}`
         ].join(" && ");
@@ -8369,18 +8501,22 @@ async function marketplaceRoutes(app) {
           const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "ash_default";
           skillDir = path16.join(skillsDir2, slug);
           emitSkillInstallProgress(slug, "approve", "Pre-approving skill");
-          addToApprovedList(slug, publisher);
+          addToApprovedList(slug, publisher, void 0, slug);
           logs.push("Skill pre-approved");
           emitSkillInstallProgress(slug, "copy", "Writing skill files");
+          const taggedFiles = await Promise.all(files.map(async (f) => {
+            let content = f.content;
+            if (/SKILL\.md$/i.test(f.name)) {
+              content = stripEnvFromSkillMd(content);
+              content = await injectInstallationTag(content);
+            }
+            return { ...f, content };
+          }));
           const brokerAvailable = await isBrokerAvailable();
           if (brokerAvailable) {
-            const sanitizedFiles = files.map((f) => ({
-              name: f.name,
-              content: /SKILL\.md$/i.test(f.name) ? stripEnvFromSkillMd(f.content) : f.content
-            }));
             const brokerResult = await installSkillViaBroker(
               slug,
-              sanitizedFiles,
+              taggedFiles.map((f) => ({ name: f.name, content: f.content })),
               { createWrapper: true, agentHome, socketGroup }
             );
             if (!brokerResult.installed) {
@@ -8400,29 +8536,49 @@ async function marketplaceRoutes(app) {
           } else {
             console.log(`[Marketplace] Broker unavailable, installing ${slug} directly`);
             sudoMkdir(skillDir, agentUsername);
-            for (const file of files) {
+            for (const file of taggedFiles) {
               const filePath = path16.join(skillDir, file.name);
               const fileDir = path16.dirname(filePath);
               if (fileDir !== skillDir) {
                 sudoMkdir(fileDir, agentUsername);
               }
-              const content = /SKILL\.md$/i.test(file.name) ? stripEnvFromSkillMd(file.content) : file.content;
-              sudoWriteFile(filePath, content, agentUsername);
+              sudoWriteFile(filePath, file.content, agentUsername);
             }
             createSkillWrapper(slug, binDir);
-            logs.push(`Files written directly: ${files.length} files`);
+            logs.push(`Files written directly: ${taggedFiles.length} files`);
             logs.push(`Wrapper created: ${path16.join(binDir, slug)}`);
           }
           let depsSuccess = true;
           emitSkillInstallProgress(slug, "deps", "Installing skill dependencies");
           try {
+            let depsLineCount = 0;
+            let depsLastEmit = Date.now();
+            let depsLastLine = "";
+            const DEPS_DEBOUNCE_MS = 3e3;
+            const depsOnLog = (msg) => {
+              depsLineCount++;
+              depsLastLine = msg;
+              if (/^(Installing|Found|Verifying)\s/.test(msg)) {
+                emitSkillInstallProgress(slug, "deps", msg);
+                depsLastEmit = Date.now();
+                return;
+              }
+              const now = Date.now();
+              if (now - depsLastEmit >= DEPS_DEBOUNCE_MS) {
+                emitSkillInstallProgress(slug, "deps", `Installing... (${depsLineCount} lines)`);
+                depsLastEmit = now;
+              }
+            };
             const depsResult = await executeSkillInstallSteps({
               slug,
               skillDir,
               agentHome,
               agentUsername,
-              onLog: (msg) => emitSkillInstallProgress(slug, "deps", msg)
+              onLog: depsOnLog
             });
+            if (depsLineCount > 0) {
+              emitSkillInstallProgress(slug, "deps", `Dependency install complete (${depsLineCount} lines processed)`);
+            }
             if (depsResult.installed.length > 0) {
               logs.push(`Dependencies installed: ${depsResult.installed.join(", ")}`);
             }
@@ -8448,6 +8604,10 @@ async function marketplaceRoutes(app) {
             updateApprovedHash(slug, hash);
             logs.push("Integrity hash recorded");
           }
+          try {
+            markDownloadedAsInstalled(slug);
+          } catch {
+          }
           installInProgress.delete(slug);
           const depsWarnings = depsSuccess ? void 0 : logs.filter((l) => l.startsWith("Dependency"));
           daemonEvents.broadcast("skills:installed", { name: slug, analysis: analysisResult, depsWarnings });
@@ -8625,7 +8785,30 @@ async function skillsRoutes(app) {
           tags: meta.tags,
           analysis: buildAnalysisSummary(name, getCachedAnalysis2(name))
         };
-      })
+      }),
+      // Disabled: previously installed marketplace skills that are no longer active
+      ...(() => {
+        const allKnown = /* @__PURE__ */ new Set([
+          ...approvedNames,
+          ...untrustedNames,
+          ...workspaceNames
+        ]);
+        return listDownloadedSkills().filter((d) => d.wasInstalled && !allKnown.has(d.slug) && !allKnown.has(d.name)).map((d) => {
+          const cached = getCachedAnalysis2(d.slug) || getCachedAnalysis2(d.name);
+          return {
+            name: d.slug,
+            source: "marketplace",
+            status: "disabled",
+            path: "",
+            publisher: d.author,
+            description: d.description,
+            version: d.version,
+            author: d.author,
+            tags: d.tags,
+            analysis: buildAnalysisSummary(d.slug, d.analysis || cached)
+          };
+        });
+      })()
     ];
     return reply.send({ data });
   });
@@ -8699,7 +8882,7 @@ async function skillsRoutes(app) {
         summary = {
           name: dlMeta.slug ?? name,
           source: "marketplace",
-          status: "downloaded",
+          status: dlMeta.wasInstalled ? "disabled" : "downloaded",
           description: dlMeta.description,
           path: "",
           publisher: dlMeta.author,
@@ -8966,7 +9149,7 @@ async function skillsRoutes(app) {
           syncOpenClawFromPolicies(loadConfig().policies);
           removeFromApprovedList(name);
           try {
-            deleteDownloadedSkill(name);
+            markDownloadedAsInstalled(name);
           } catch {
           }
           console.log(`[Skills] Disabled marketplace skill: ${name}`);
@@ -8986,12 +9169,20 @@ async function skillsRoutes(app) {
           return reply.code(404).send({ error: "No files in download cache for this skill" });
         }
         try {
-          addToApprovedList(name, meta.author);
+          addToApprovedList(name, meta.author, void 0, meta.slug);
+          const taggedFiles = await Promise.all(files.map(async (f) => {
+            let content = f.content;
+            if (/SKILL\.md$/i.test(f.name)) {
+              content = stripEnvFromSkillMd2(content);
+              content = await injectInstallationTag(content);
+            }
+            return { name: f.name, content, type: f.type };
+          }));
           const brokerAvailable = await isBrokerAvailable();
           if (brokerAvailable) {
             const brokerResult = await installSkillViaBroker(
               name,
-              files.map((f) => ({ name: f.name, content: f.content })),
+              taggedFiles.map((f) => ({ name: f.name, content: f.content })),
               { createWrapper: true, agentHome, socketGroup }
             );
             if (!brokerResult.installed) {
@@ -9004,7 +9195,7 @@ async function skillsRoutes(app) {
             }
           } else {
             fs17.mkdirSync(skillDir, { recursive: true });
-            for (const file of files) {
+            for (const file of taggedFiles) {
               const filePath = path17.join(skillDir, file.name);
               fs17.mkdirSync(path17.dirname(filePath), { recursive: true });
               fs17.writeFileSync(filePath, file.content, "utf-8");
@@ -9021,6 +9212,10 @@ async function skillsRoutes(app) {
           syncOpenClawFromPolicies(loadConfig().policies);
           const hash = computeSkillHash(skillDir);
           if (hash) updateApprovedHash(name, hash);
+          try {
+            markDownloadedAsInstalled(name);
+          } catch {
+          }
           console.log(`[Skills] Enabled marketplace skill: ${name}`);
           return reply.send({ success: true, action: "enabled", name });
         } catch (err) {
@@ -9070,12 +9265,19 @@ async function skillsRoutes(app) {
       const skillDir = path17.join(skillsDir2, name);
       try {
         addToApprovedList(name, publisher);
+        const taggedFiles = await Promise.all(files.map(async (f) => {
+          let content = f.content;
+          if (/SKILL\.md$/i.test(f.name)) {
+            content = stripEnvFromSkillMd2(content);
+            content = await injectInstallationTag(content);
+          }
+          return { name: f.name, content };
+        }));
         sudoMkdir(skillDir, agentUsername);
-        for (const file of files) {
+        for (const file of taggedFiles) {
           const filePath = path17.join(skillDir, file.name);
           sudoMkdir(path17.dirname(filePath), agentUsername);
-          const content = /SKILL\.md$/i.test(file.name) ? stripEnvFromSkillMd2(file.content) : file.content;
-          sudoWriteFile(filePath, content, agentUsername);
+          sudoWriteFile(filePath, file.content, agentUsername);
         }
         try {
           execSync9(`chown -R root:${socketGroup} "${skillDir}"`, { stdio: "pipe" });
@@ -9127,12 +9329,20 @@ async function skillsRoutes(app) {
         const binDir = path17.join(agentHome, "bin");
         const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "ash_default";
         const skillDir = path17.join(getSkillsDir(), name);
-        addToApprovedList(name, meta.author);
+        addToApprovedList(name, meta.author, void 0, meta.slug);
+        const taggedFiles = await Promise.all(files.map(async (f) => {
+          let content = f.content;
+          if (/SKILL\.md$/i.test(f.name)) {
+            content = stripEnvFromSkillMd2(content);
+            content = await injectInstallationTag(content);
+          }
+          return { name: f.name, content, type: f.type };
+        }));
         const brokerAvailable = await isBrokerAvailable();
         if (brokerAvailable) {
           const brokerResult = await installSkillViaBroker(
             name,
-            files.map((f) => ({ name: f.name, content: f.content })),
+            taggedFiles.map((f) => ({ name: f.name, content: f.content })),
             { createWrapper: true, agentHome, socketGroup }
           );
           if (!brokerResult.installed) {
@@ -9145,7 +9355,7 @@ async function skillsRoutes(app) {
           }
         } else {
           fs17.mkdirSync(skillDir, { recursive: true });
-          for (const file of files) {
+          for (const file of taggedFiles) {
             const filePath = path17.join(skillDir, file.name);
             fs17.mkdirSync(path17.dirname(filePath), { recursive: true });
             fs17.writeFileSync(filePath, file.content, "utf-8");
@@ -9162,6 +9372,10 @@ async function skillsRoutes(app) {
         syncOpenClawFromPolicies(loadConfig().policies);
         const unblockHash = computeSkillHash(path17.join(getSkillsDir(), name));
         if (unblockHash) updateApprovedHash(name, unblockHash);
+        try {
+          markDownloadedAsInstalled(name);
+        } catch {
+        }
         console.log(`[Skills] Unblocked and installed skill: ${name}`);
         return reply.send({ success: true, message: `Skill "${name}" approved and installed` });
       } catch (err) {
@@ -9661,7 +9875,7 @@ async function authRoutes(app) {
 init_vault();
 import { isSecretEnvVar } from "@agenshield/sandbox";
 init_secret_sync();
-import crypto5 from "node:crypto";
+import crypto6 from "node:crypto";
 function maskValue(value) {
   if (value.length <= 4) return "\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022";
   return "\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022" + value.slice(-4);
@@ -9756,7 +9970,7 @@ async function secretsRoutes(app) {
       const secrets = await vault.get("secrets") ?? [];
       const resolvedScope = scope ?? (policyIds?.length > 0 ? "policed" : "global");
       const newSecret = {
-        id: crypto5.randomUUID(),
+        id: crypto6.randomUUID(),
         name: name.trim(),
         value,
         policyIds: resolvedScope === "standalone" ? [] : policyIds ?? [],
@@ -10057,7 +10271,7 @@ async function openclawRoutes(app) {
 }
 
 // libs/shield-daemon/src/routes/rpc.ts
-import * as crypto6 from "node:crypto";
+import * as crypto7 from "node:crypto";
 import * as nodefs from "node:fs";
 
 // libs/shield-daemon/src/policy/url-matcher.ts
@@ -10171,7 +10385,7 @@ function checkUrlPolicy(policies, url) {
 // libs/shield-daemon/src/proxy/server.ts
 import * as http from "node:http";
 import * as net from "node:net";
-function createPerRunProxy(urlPolicies, onActivity, logger) {
+function createPerRunProxy(urlPolicies, onActivity, logger, onBlock) {
   const server = http.createServer((req, res) => {
     onActivity();
     const url = req.url;
@@ -10183,6 +10397,7 @@ function createPerRunProxy(urlPolicies, onActivity, logger) {
     const allowed = checkUrlPolicy(urlPolicies, url);
     if (!allowed) {
       logger(`BLOCKED HTTP ${req.method} ${url}`);
+      onBlock?.(req.method || "GET", url, "http");
       res.writeHead(403, { "Content-Type": "text/plain" });
       res.end("Blocked by AgenShield URL policy");
       return;
@@ -10226,6 +10441,7 @@ function createPerRunProxy(urlPolicies, onActivity, logger) {
     const allowed = checkUrlPolicy(urlPolicies, `https://${hostname2}`);
     if (!allowed) {
       logger(`BLOCKED CONNECT ${hostname2}:${port}`);
+      onBlock?.("CONNECT", `${hostname2}:${port}`, "https");
       clientSocket.write("HTTP/1.1 403 Forbidden\r\n\r\n");
       clientSocket.destroy();
       return;
@@ -10288,7 +10504,16 @@ var ProxyPool = class {
     const logger = (msg) => {
       console.log(`[proxy:${execId.slice(0, 8)}] ${msg}`);
     };
-    const server = createPerRunProxy(urlPolicies, onActivity, logger);
+    const onBlock = (method, target, protocol) => {
+      emitInterceptorEvent({
+        type: "denied",
+        operation: "http_request",
+        target: protocol === "https" ? `https://${target}` : target,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        error: `Blocked by URL policy (${method})`
+      });
+    };
+    const server = createPerRunProxy(urlPolicies, onActivity, logger, onBlock);
     const port = await new Promise((resolve3, reject) => {
       server.listen(0, "127.0.0.1", () => {
         const addr = server.address();
@@ -10371,12 +10596,19 @@ function matchCommandPattern(pattern, target) {
     normalizedTarget = firstSpace >= 0 ? basename6 + target.slice(firstSpace) : basename6;
   }
   if (trimmed.endsWith(":*")) {
-    const prefix = trimmed.slice(0, -2);
+    let prefix = trimmed.slice(0, -2);
+    if (prefix.includes("/")) {
+      prefix = prefix.split("/").pop() || prefix;
+    }
     const lowerTarget = normalizedTarget.toLowerCase();
     const lowerPrefix = prefix.toLowerCase();
     return lowerTarget === lowerPrefix || lowerTarget.startsWith(lowerPrefix + " ");
   }
-  return normalizedTarget.toLowerCase() === trimmed.toLowerCase();
+  let normalizedPattern = trimmed;
+  if (trimmed.includes("/")) {
+    normalizedPattern = trimmed.split("/").pop() || trimmed;
+  }
+  return normalizedTarget.toLowerCase() === normalizedPattern.toLowerCase();
 }
 function operationToTarget(operation) {
   switch (operation) {
@@ -10469,7 +10701,7 @@ async function buildSandboxConfig(config, matchedPolicy, _context, target) {
     console.log(`[sandbox] direct network access (no proxy)`);
     sandbox.networkAllowed = true;
   } else if (networkMode === "proxy") {
-    const execId = crypto6.randomUUID();
+    const execId = crypto7.randomUUID();
     const commandBasename = extractCommandBasename(target || "");
     const urlPolicies = filterUrlPoliciesForCommand(config.policies || [], commandBasename);
     const pool = getProxyPool();
@@ -10534,7 +10766,11 @@ async function evaluatePolicyCheck(operation, target, context) {
       } else if (targetType === "command") {
         matches = matchCommandPattern(pattern, effectiveTarget);
       } else {
-        const regex = globToRegex(pattern);
+        let fsPattern = pattern;
+        if (targetType === "filesystem" && fsPattern.endsWith("/")) {
+          fsPattern = fsPattern + "**";
+        }
+        const regex = globToRegex(fsPattern);
         matches = regex.test(effectiveTarget);
       }
       console.log("[policy_check]   pattern:", pattern, "-> base:", targetType === "url" ? normalizeUrlBase(pattern) : pattern, "| target:", effectiveTarget, "| matches:", matches);
@@ -10600,12 +10836,29 @@ async function handleHttpRequest(params) {
     body: responseBody
   };
 }
+async function handlePolicyCheck(params) {
+  const operation = String(params["operation"] ?? "");
+  const target = String(params["target"] ?? "");
+  const context = params["context"];
+  const result = await evaluatePolicyCheck(operation, target, context);
+  if (!result.allowed) {
+    if (operation === "exec") {
+      emitExecDenied(target, result.reason || "Denied by policy");
+    } else {
+      emitInterceptorEvent({
+        type: "denied",
+        operation,
+        target,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        policyId: result.policyId,
+        error: result.reason || "Denied by policy"
+      });
+    }
+  }
+  return result;
+}
 var handlers = {
-  policy_check: (params) => evaluatePolicyCheck(
-    String(params["operation"] ?? ""),
-    String(params["target"] ?? ""),
-    params["context"]
-  ),
+  policy_check: (params) => handlePolicyCheck(params),
   events_batch: (params) => handleEventsBatch(params),
   http_request: (params) => handleHttpRequest(params),
   ping: () => ({ status: "ok" })
@@ -10830,6 +11083,12 @@ async function startServer(config) {
     fs23.mkdirSync(skillsDir2, { recursive: true, mode: 493 });
     console.log(`[Daemon] Created skills directory: ${skillsDir2}`);
   }
+  try {
+    await getInstallationKey();
+    console.log("[Daemon] Installation key ready");
+  } catch (err) {
+    console.warn("[Daemon] Failed to initialize installation key:", err.message);
+  }
   startSkillsWatcher(skillsDir2, {
     onUntrustedDetected: (info) => emitSkillUntrustedDetected(info.name, info.reason),
     onApproved: (name) => emitSkillApproved(name)