@evomap/evolver 1.88.1 → 1.88.3

package/index.js

@@ -1185,6 +1185,17 @@ async function main() {
               hubUrl: process.env.A2A_HUB_URL,
             });
             console.log('[Proxy] Started on ' + proxyInfo.url);
+            try {
+              const { injectProxyEnv } = require('./src/proxy/inject');
+              const injected = injectProxyEnv(proxyInfo);
+              if (injected.injected) {
+                console.log('[Proxy] Auto-injected client env for Claude Code/Codex/Cursor. Set EVOMAP_PROXY_AUTO_INJECT=off to disable.');
+              } else {
+                console.log('[Proxy] Auto-inject skipped: ' + injected.reason);
+              }
+            } catch (injectErr) {
+              console.warn('[Proxy] Auto-inject failed: ' + (injectErr && injectErr.message || injectErr));
+            }
             const { registerMailboxTransport } = require('./src/gep/mailboxTransport');
             registerMailboxTransport();
             process.env.A2A_TRANSPORT = 'mailbox';
@@ -1760,8 +1771,8 @@ async function main() {
       console.error('[exec] --max-cycles requires a value (e.g. --max-cycles 5 or --max-cycles=5)');
       process.exit(2);
     }
-    if (!['claude-code', 'openclaw'].includes(harness)) {
-      console.error(`[exec] unknown --harness '${harness}' (expected claude-code | openclaw)`);
+    if (!['claude-code', 'openclaw', 'codex', 'opencode'].includes(harness)) {
+      console.error(`[exec] unknown --harness '${harness}' (expected claude-code | openclaw | codex | opencode)`);
       process.exit(2);
     }
     try {
@@ -2763,8 +2774,153 @@ async function main() {
       process.exit(1);
     }
 
+  } else if (command === 'recipe') {
+    // recipe build  — assemble a DNA blueprint from owned Gene/Capsule assets
+    // recipe reuse  — fetch + express an existing recipe into an organism
+    const sub = args[1];
+    const {
+      getHubUrl, getNodeId, getHubNodeSecret, sendHelloToHub, rotateNodeSecret,
+      hubCreateRecipe, hubPublishRecipe, hubGetRecipe, hubExpressRecipe,
+    } = require('./src/gep/a2aProtocol');
+
+    const hubUrl = getHubUrl();
+    if (!hubUrl) {
+      console.error('[recipe] A2A_HUB_URL is not configured. Set A2A_HUB_URL (e.g. https://evomap.ai).');
+      process.exit(1);
+    }
+
+    function flagVal(name) {
+      const eq = args.find(a => typeof a === 'string' && a.startsWith('--' + name + '='));
+      return eq ? eq.split('=').slice(1).join('=') : null;
+    }
+    async function ensureRegistered(tag) {
+      if (!getHubNodeSecret()) {
+        console.log('[' + tag + '] No node_secret found. Registering with Hub...');
+        const hello = await sendHelloToHub();
+        if (!hello || !hello.ok) {
+          console.error('[' + tag + '] Failed to register with Hub:', (hello && hello.error) || 'unknown');
+          process.exit(1);
+        }
+        console.log('[' + tag + '] Registered as ' + getNodeId());
+      }
+    }
+    // True when the hub rejected our node_secret as stale/invalid — the one
+    // case where a rotate-and-retry is the documented recovery.
+    function isStaleSecret(result) {
+      if (!result || result.ok) return false;
+      if (result.status !== 401 && result.status !== 403) return false;
+      const e = String(result.error || '');
+      return e.includes('node_secret_invalid') || e.includes('node_secret_not_set');
+    }
+    // Run a hub call; if it fails because our node_secret is stale, rotate
+    // once and retry. Rotation only works when the CURRENT secret is still
+    // server-valid (the hub authenticates the rotate with it). If the secret
+    // has fully diverged from the server, rotation cannot recover it — that
+    // requires re-registering, so we surface the actionable recovery path
+    // instead of silently looping.
+    let _authRecoveryFailed = false;
+    async function callWithAuthRetry(tag, fn) {
+      let result = await fn();
+      if (isStaleSecret(result) && typeof rotateNodeSecret === 'function' && !_authRecoveryFailed) {
+        console.log('[' + tag + '] node_secret stale; rotating via /a2a/hello and retrying...');
+        const rot = await rotateNodeSecret();
+        if (rot && rot.ok) {
+          result = await fn();
+        } else {
+          _authRecoveryFailed = true;
+          console.error('[' + tag + '] Could not auto-rotate: the local node_secret has diverged from the Hub and can no longer authenticate a rotate.');
+          console.error('  Recover by either:');
+          console.error('    1. Reset Secret on the web (Account -> Reset Secret), then run: node index.js reset-local-secret');
+          console.error('    2. Or register a fresh node: set a new A2A_NODE_ID and retry (auto-provisions).');
+        }
+      }
+      return result;
+    }
+    function reportHubError(tag, result) {
+      console.error('[' + tag + '] Hub call failed' + (result.status ? ' (HTTP ' + result.status + ')' : '') + ': ' + (result.error || 'unknown'));
+      if (result.status === 401 || result.status === 403) console.error('  Auth failed. If this persists, delete ~/.evomap/node_secret and retry.');
+      else if (result.status === 402) console.error('  Insufficient credits. Check your balance at ' + hubUrl);
+    }
+
+    if (sub === 'build') {
+      // --genes=<asset_id,...> ordered; types resolved from the local asset store.
+      const genesArg = flagVal('genes');
+      const title = flagVal('title');
+      const description = flagVal('description');
+      const doPublish = args.includes('--publish');
+      if (!genesArg || !title) {
+        console.error('Usage: node index.js recipe build --title="..." --genes=<asset_id,...> [--description="..."] [--price=N] [--publish]');
+        console.error('  Builds a DRAFT recipe by default. --publish is opt-in and pushes it live.');
+        process.exit(1);
+      }
+      const { loadGenes, loadCapsules } = require('./src/gep/assetStore');
+      const typeById = new Map();
+      try {
+        for (const g of (loadGenes() || [])) if (g && g.asset_id) typeById.set(g.asset_id, 'Gene');
+        for (const c of (loadCapsules() || [])) if (c && c.asset_id) typeById.set(c.asset_id, 'Capsule');
+      } catch (e) { /* fall back to Gene below */ }
+
+      const ids = genesArg.split(',').map(s => s.trim()).filter(Boolean);
+      if (ids.length === 0) { console.error('[recipe build] --genes is empty.'); process.exit(1); }
+      if (ids.length > 20) { console.error('[recipe build] at most 20 steps per recipe.'); process.exit(1); }
+      const steps = ids.map((asset_id, i) => ({
+        asset_id,
+        asset_type: typeById.get(asset_id) || 'Gene',
+        position: i,
+      }));
+
+      await ensureRegistered('recipe build');
+      const priceVal = flagVal('price');
+      const createRes = await callWithAuthRetry('recipe build', () => hubCreateRecipe({
+        title, steps, description: description || undefined,
+        pricePerExecution: priceVal ? Number(priceVal) : undefined,
+      }));
+      if (!createRes.ok) { reportHubError('recipe build', createRes); process.exit(1); }
+      const recipe = (createRes.data && (createRes.data.recipe || createRes.data)) || {};
+      const recipeId = recipe.id;
+      console.log('[recipe build] Created DRAFT recipe ' + recipeId + ' ("' + title + '", ' + steps.length + ' steps).');
+
+      if (doPublish && recipeId) {
+        const pubRes = await callWithAuthRetry('recipe build', () => hubPublishRecipe(recipeId));
+        if (!pubRes.ok) { reportHubError('recipe build', pubRes); process.exit(1); }
+        console.log('[recipe build] Published recipe ' + recipeId + ' to the marketplace.');
+      } else if (!doPublish) {
+        console.log('[recipe build] Left as draft. Re-run with --publish to make it live.');
+      }
+      process.exit(0);
+    } else if (sub === 'reuse') {
+      const recipeId = flagVal('id') || (args[2] && !String(args[2]).startsWith('-') ? args[2] : null);
+      if (!recipeId) {
+        console.error('Usage: node index.js recipe reuse --id=<recipe_id> [--input=<json>]');
+        process.exit(1);
+      }
+      await ensureRegistered('recipe reuse');
+      const getRes = await hubGetRecipe(recipeId);
+      if (!getRes.ok) { reportHubError('recipe reuse', getRes); process.exit(1); }
+      let inputPayload = {};
+      const inputArg = flagVal('input');
+      if (inputArg) {
+        try { inputPayload = JSON.parse(inputArg); }
+        catch (e) { console.error('[recipe reuse] --input must be valid JSON.'); process.exit(1); }
+      }
+      const expRes = await callWithAuthRetry('recipe reuse', () => hubExpressRecipe(recipeId, inputPayload));
+      if (!expRes.ok) { reportHubError('recipe reuse', expRes); process.exit(1); }
+      console.log('[recipe reuse] Expressed recipe ' + recipeId + '.');
+      if (isVerbose) console.log(JSON.stringify(expRes.data, null, 2));
+      process.exit(0);
+    } else {
+      console.error('Usage: node index.js recipe <build|reuse> [flags]');
+      console.error('  build --title="..." --genes=<asset_id,...> [--publish]   (draft unless --publish)');
+      console.error('  reuse --id=<recipe_id> [--input=<json>]');
+      process.exit(1);
+    }
+
   } else {
-    console.log(`Usage: node index.js [run|/evolve|solidify|review|distill|fetch|sync|asset-log|webui|setup-hooks|buy|orders|verify|atp|atp-complete] [--loop]
+    console.log(`Usage: node index.js [run|/evolve|solidify|review|distill|fetch|sync|asset-log|webui|setup-hooks|recipe|buy|orders|verify|atp|atp-complete] [--loop]
+  - recipe flags:
+    - build --title="..." --genes=<asset_id,...> [--description] [--price=N] [--publish]
+                              (builds a DRAFT DNA blueprint; --publish is opt-in)
+    - reuse --id=<recipe_id> [--input=<json>]   (express a recipe into an organism)
   - fetch flags:
     - --skill=<id> | -s <id>   (skill ID to download)
     - --out=<dir>              (output directory, default: ./skills/<skill_id>)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@evomap/evolver",
-  "version": "1.88.1",
+  "version": "1.88.3",
   "description": "A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.",
   "main": "index.js",
   "bin": {
@@ -37,6 +37,7 @@
   },
   "dependencies": {
     "@aws-sdk/client-bedrock-runtime": "^3.1053.0",
+    "@evomap/atp-sdk": "^0.1.0",
     "@evomap/gep-sdk": "^1.5.0",
     "dotenv": "^16.4.7",
     "undici": "^7.0.0"

package/src/adapters/claudeCode.js

@@ -20,6 +20,24 @@ function buildClaudeHooks(evolverRoot) {
           ],
         },
       ],
+      UserPromptSubmit: [
+        {
+          hooks: [
+            {
+              type: 'command',
+              // Runtime asset injection (P4-c). DEFAULT off (EVOLVER_RECALL_MODE
+              // unset/off -> emits {} without reading the prompt). The script
+              // owns an absolute 3.3s watchdog that always exits 0 with valid
+              // JSON (fail-open); this host timeout (5s) is a strict backstop
+              // ABOVE that watchdog, so the host never kills the script
+              // mid-write. A stuck/slow recall can never block or erase the
+              // user's prompt.
+              command: `node ${scriptsBase}/evolver-task-recall.js`,
+              timeout: 5,
+            },
+          ],
+        },
+      ],
       PostToolUse: [
         {
           matcher: 'Write',
@@ -55,6 +73,8 @@ This project uses evolver for self-evolution. Hooks automatically:
 1. Inject recent evolution memory at session start
 2. Detect evolution signals during file edits
 3. Record outcomes at session end
+4. (Opt-in) Surface matching distilled capabilities for each prompt — set
+   \`EVOLVER_RECALL_MODE=shadow\` to preview, \`enforce\` to inject (default off).
 
 For substantive tasks, call \`gep_recall\` before work and \`gep_record_outcome\` after.
 Signals: log_error, perf_bottleneck, user_feature_request, capability_gap, deployment_issue, test_failure.`;
@@ -126,7 +146,7 @@ function uninstall({ configRoot }) {
                 const innerBefore = matcher.hooks.length;
                 const filtered = matcher.hooks.filter(h => {
                   const cmd = (h && h.command) || '';
-                  return !cmd.includes('evolver-session') && !cmd.includes('evolver-signal');
+                  return !cmd.includes('evolver-session') && !cmd.includes('evolver-signal') && !cmd.includes('evolver-task-recall');
                 });
                 // A matcher containing both evolver and user hooks shrinks
                 // its inner array without changing the outer matcher count.

package/src/adapters/hookAdapter.js

@@ -76,7 +76,7 @@ function mergeWithHooksUnion(target, source) {
       if (tArr && sArr) {
         const isEvolverOwned = (entry) => {
           const cmds = collectCommands(entry);
-          return cmds.some(c => c.includes('evolver-session') || c.includes('evolver-signal'));
+          return cmds.some(c => c.includes('evolver-session') || c.includes('evolver-signal') || c.includes('evolver-task-recall'));
         };
         const userEntries = tArr.filter(e => !isEvolverOwned(e));
         result.hooks[event] = [...userEntries, ...sArr];
@@ -171,6 +171,7 @@ function copyHookScripts(destDir, evolverRoot) {
     'evolver-session-start.js',
     'evolver-signal-detect.js',
     'evolver-session-end.js',
+    'evolver-task-recall.js',
   ];
   fs.mkdirSync(destDir, { recursive: true });
   const copied = [];
@@ -224,7 +225,7 @@ function removeEvolverHooks(filePath, { markerKey = '_evolver_managed' } = {}) {
           const before = data.hooks[event].length;
           data.hooks[event] = data.hooks[event].filter(h => {
             const cmd = h.command || '';
-            return !cmd.includes('evolver-session') && !cmd.includes('evolver-signal');
+            return !cmd.includes('evolver-session') && !cmd.includes('evolver-signal') && !cmd.includes('evolver-task-recall');
           });
           if (data.hooks[event].length !== before) changed = true;
           if (data.hooks[event].length === 0) delete data.hooks[event];
@@ -257,6 +258,7 @@ function removeHookScripts(hooksDir) {
     'evolver-session-start.js',
     'evolver-signal-detect.js',
     'evolver-session-end.js',
+    'evolver-task-recall.js',
   ];
   let removed = 0;
   for (const name of scripts) {

package/src/adapters/scripts/_runtimePaths.js

@@ -31,6 +31,137 @@ function isEvolverPackageJson(filePath) {
   }
 }
 
+// Scan a "versions dir" used by Node version managers (NVM, fnm, Volta, asdf)
+// and append each `<versions-dir>/<version>/<subdir>/node_modules` to `out`.
+// Skips silently when the versions dir does not exist (typical case — most
+// users have at most one version manager). Most-recent-mtime first so the
+// active version is preferred when a user has multiple Node versions
+// installed.
+function _scanVersionedNodeModules(versionsDir, subdir, out) {
+  let entries;
+  try {
+    entries = fs.readdirSync(versionsDir, { withFileTypes: true });
+  } catch {
+    return;
+  }
+  const dirs = entries
+    .filter((e) => e.isDirectory && e.isDirectory())
+    .map((e) => {
+      const full = path.join(versionsDir, e.name);
+      let mtime = 0;
+      try { mtime = fs.statSync(full).mtimeMs; } catch {}
+      return { full, mtime };
+    })
+    .sort((a, b) => b.mtime - a.mtime);
+  for (const d of dirs) {
+    out.push(path.join(d.full, subdir, 'node_modules'));
+  }
+}
+
+// Build the require.resolve paths array. All entries are user/system-scoped
+// install roots — process.cwd() is intentionally excluded for the same
+// prompt-injection reason as the original allowlist (see comment in
+// findEvolverRoot below).
+function _buildInstallSearchPaths() {
+  const home = os.homedir();
+  // Env-derived bases must be ABSOLUTE. A relative override (e.g. NVM_DIR='.nvm')
+  // or empty value would resolve against process.cwd() and let a hostile
+  // workspace plant a fake @evomap/evolver in the require.resolve allowlist —
+  // the prompt-injection surface PR #94 closed. isAbsolute is platform-matched
+  // (path.win32 recognises C:\ ...) so the guard holds on Windows too; a
+  // non-absolute override falls through to the trusted home/system default.
+  const _pathFlavor = process.platform === 'win32' ? path.win32 : path.posix;
+  const absEnv = (v) => (v && _pathFlavor.isAbsolute(v)) ? v : null;
+  const paths = [
+    // npm global with `npm config set prefix` overrides
+    path.join(home, '.npm-global', 'lib', 'node_modules'),
+    path.join(home, '.local', 'lib', 'node_modules'),
+    // System-wide (apt/yum nodejs, Intel Mac Homebrew)
+    '/usr/lib/node_modules',
+    '/usr/local/lib/node_modules',
+    // Apple Silicon Homebrew (default since macOS Big Sur on M1/M2/M3/M4 —
+    // the majority of Mac dev hardware sold since 2021). Without this
+    // entry, `npm install -g @evomap/evolver` on an Apple Silicon Mac
+    // lands at /opt/homebrew/lib/node_modules/@evomap/evolver and the
+    // hook scripts cannot find the package -> additionalContext is empty
+    // -> evolution memory never reaches the LLM.
+    '/opt/homebrew/lib/node_modules',
+    // Linuxbrew (Homebrew on Linux — niche but real).
+    '/home/linuxbrew/.linuxbrew/lib/node_modules',
+  ];
+  // Per-user Node version managers. Each manager has its own on-disk layout
+  // and its own base-dir env override; the version subdirectory is dynamic
+  // (e.g. `~/.nvm/versions/node/v22.15.0`) so we scan and append each
+  // version's node_modules. These were missing from the original hard-coded
+  // list even though NVM in particular is extremely common across all OSes.
+
+  // NVM. Globals are per-version under `<NVM_DIR>/versions/node/<ver>/lib`.
+  // NVM_DIR defaults to ~/.nvm but is frequently relocated.
+  const nvmDir = absEnv(process.env.NVM_DIR) || path.join(home, '.nvm');
+  _scanVersionedNodeModules(path.join(nvmDir, 'versions', 'node'), 'lib', paths);
+
+  // fnm. Each version lives under `<base>/node-versions/<ver>/installation/`,
+  // and fnm does NOT override the npm prefix, so globals are at
+  // `installation/lib/node_modules`. The base dir is XDG-first
+  // (`$XDG_DATA_HOME/fnm`, i.e. ~/.local/share/fnm on Linux and
+  // ~/Library/Application Support/fnm on macOS); `~/.fnm` is only the legacy
+  // fallback. `$FNM_DIR` overrides everything. Scan all candidate bases;
+  // _scanVersionedNodeModules silently skips the ones that don't exist.
+  const fnmSub = path.join('installation', 'lib');
+  const fnmBases = [];
+  if (absEnv(process.env.FNM_DIR)) fnmBases.push(process.env.FNM_DIR);
+  if (absEnv(process.env.XDG_DATA_HOME)) fnmBases.push(path.join(process.env.XDG_DATA_HOME, 'fnm'));
+  fnmBases.push(path.join(home, '.local', 'share', 'fnm'));            // Linux XDG default
+  fnmBases.push(path.join(home, 'Library', 'Application Support', 'fnm')); // macOS default
+  fnmBases.push(path.join(home, '.fnm'));                              // legacy
+  for (const base of fnmBases) {
+    _scanVersionedNodeModules(path.join(base, 'node-versions'), fnmSub, paths);
+  }
+
+  // Volta does NOT store global packages alongside the Node image. It
+  // sandboxes each `npm install -g`'d package under
+  // `<VOLTA_HOME>/tools/image/packages/<name>/lib/node_modules` (the scope
+  // becomes a real nested directory). Because we know the package name, this
+  // is a single fixed path rather than a version scan. VOLTA_HOME defaults to
+  // ~/.volta on macOS/Linux but to %LOCALAPPDATA%\Volta on Windows (where the
+  // globals actually live, and hook processes often don't inherit VOLTA_HOME).
+  // Verified against volta-cli/volta `volta-layout` v4 (`package_image_dir`) +
+  // `package/manager.rs` (`source_dir` = lib/node_modules).
+  const voltaHome = absEnv(process.env.VOLTA_HOME)
+    || (process.platform === 'win32'
+          ? path.join(absEnv(process.env.LOCALAPPDATA) || path.join(home, 'AppData', 'Local'), 'Volta')
+          : path.join(home, '.volta'));
+  paths.push(path.join(voltaHome, 'tools', 'image', 'packages', '@evomap', 'evolver', 'lib', 'node_modules'));
+
+  // asdf. Globals are per-version under `<data>/installs/nodejs/<ver>/`.
+  // asdf-nodejs dropped the `.npm` prefix override in PR #228 (Sept 2022),
+  // so modern installs use plain `lib/node_modules`; older installs (never
+  // re-created) still use `.npm/lib/node_modules`. Scan both. `$ASDF_DATA_DIR`
+  // overrides the ~/.asdf default (asdf 0.16+ Go rewrite).
+  const asdfData = absEnv(process.env.ASDF_DATA_DIR) || path.join(home, '.asdf');
+  const asdfVersions = path.join(asdfData, 'installs', 'nodejs');
+  _scanVersionedNodeModules(asdfVersions, 'lib', paths);                       // modern (post-#228)
+  _scanVersionedNodeModules(asdfVersions, path.join('.npm', 'lib'), paths);    // legacy (pre-#228)
+
+  // Windows: `npm install -g` puts packages under %APPDATA%\npm\node_modules
+  // (most common; same convention as `npm config get prefix` default on win32),
+  // %ProgramFiles%\nodejs\node_modules (system-wide installer), or
+  // %ProgramFiles(x86)%\nodejs\node_modules (32-bit Node on a 64-bit host).
+  // Conditional expansion keeps the POSIX base list untouched on Linux/macOS.
+  if (process.platform === 'win32') {
+    const appdata = absEnv(process.env.APPDATA) || path.join(home, 'AppData', 'Roaming');
+    paths.push(path.join(appdata, 'npm', 'node_modules'));
+    if (absEnv(process.env.ProgramFiles)) {
+      paths.push(path.join(process.env.ProgramFiles, 'nodejs', 'node_modules'));
+    }
+    if (absEnv(process.env['ProgramFiles(x86)'])) {
+      paths.push(path.join(process.env['ProgramFiles(x86)'], 'nodejs', 'node_modules'));
+    }
+  }
+
+  return paths;
+}
+
 function findEvolverRoot() {
   if (process.env.EVOLVER_ROOT) {
     const explicit = process.env.EVOLVER_ROOT;
@@ -57,39 +188,18 @@ function findEvolverRoot() {
   // be selected here and control `findMemoryGraph()` -> the memory graph
   // contents become attacker-controlled prompt-injection material in
   // `evolver-session-start.js`'s `additionalContext`. Restrict to trusted,
-  // user/system-scoped install roots.
+  // user/system-scoped install roots (built in `_buildInstallSearchPaths`).
   try {
-    // Windows: `npm install -g` puts packages under %APPDATA%\npm\node_modules
-    // (most common), %ProgramFiles%\nodejs\node_modules (system-wide installer),
-    // or %ProgramFiles(x86)%\nodejs\node_modules. Build the extra Windows paths
-    // conditionally so the POSIX base list stays intact.
-    const _winPaths = process.platform === 'win32'
-      ? [
-          path.join(
-            process.env.APPDATA || path.join(os.homedir(), 'AppData', 'Roaming'),
-            'npm', 'node_modules'
-          ),
-          ...(process.env.ProgramFiles
-            ? [path.join(process.env.ProgramFiles, 'nodejs', 'node_modules')]
-            : []),
-          ...(process.env['ProgramFiles(x86)']
-            ? [path.join(process.env['ProgramFiles(x86)'], 'nodejs', 'node_modules')]
-            : []),
-        ]
-      : [];
-
+    // Allowlist of trusted user/system-scoped install roots. Built by
+    // _buildInstallSearchPaths() above so the list is one source of truth
+    // (Apple Silicon Homebrew, Linuxbrew, NVM / fnm / Volta / asdf,
+    // and Windows %APPDATA%\npm + %ProgramFiles%\nodejs install layouts).
+    // process.cwd() is intentionally excluded: a hostile workspace can plant
+    // its own node_modules/@evomap/evolver/package.json which would then
+    // control findMemoryGraph() and feed attacker-controlled content into
+    // evolver-session-start.js's additionalContext.
     const pkgJson = require.resolve('@evomap/evolver/package.json', {
-      // Do NOT include process.cwd() — a hostile workspace can plant its own
-      // node_modules/@evomap/evolver to gain control over the memory graph path
-      // (prompt-injection surface: evolver-session-start.js additionalContext).
-      // Only trust user/system-scoped install roots.
-      paths: [
-        path.join(os.homedir(), '.npm-global', 'lib', 'node_modules'),
-        path.join(os.homedir(), '.local', 'lib', 'node_modules'),
-        '/usr/lib/node_modules',
-        '/usr/local/lib/node_modules',
-        ..._winPaths,
-      ],
+      paths: _buildInstallSearchPaths(),
     });
     if (pkgJson && isEvolverPackageJson(pkgJson)) {
       return path.dirname(pkgJson);
@@ -293,10 +403,10 @@ function findMemoryGraph(evolverRoot) {
 }
 
 // Is `dir` inside a git work tree? Cheap, no-shell `git rev-parse`. Returns
-// false on any error (git missing, not a repo, timeout) and never throws — the
-// session-start hook uses this only to decide whether to surface a one-line
-// "evolver needs a git workspace" notice, so a false negative just suppresses
-// the notice rather than breaking anything.
+// false on any error (git missing, not a repo, timeout) and never throws.
+// The session-start hook uses this only to decide whether to surface a
+// one-line "evolver needs a git workspace" notice, so a false negative just
+// suppresses the notice rather than breaking anything.
 function isGitWorkspace(dir) {
   try {
     const res = spawnSync('git', ['rev-parse', '--is-inside-work-tree'], {
@@ -312,4 +422,18 @@ function isGitWorkspace(dir) {
   }
 }
 
-module.exports = { findEvolverRoot, findMemoryGraph, resolveProjectDir, resolveWorkspaceId, isGitWorkspace };
+module.exports = {
+  findEvolverRoot,
+  findMemoryGraph,
+  resolveProjectDir,
+  resolveWorkspaceId,
+  isGitWorkspace,
+  // Test-only: exposes the install-path builder so the test suite can
+  // verify Apple Silicon Homebrew + version-manager (NVM/fnm/Volta/asdf)
+  // + Windows %APPDATA%\npm paths are included without going through the
+  // full require.resolve chain (which depends on a real filesystem layout).
+  __internals: {
+    buildInstallSearchPaths: _buildInstallSearchPaths,
+    scanVersionedNodeModules: _scanVersionedNodeModules,
+  },
+};

package/src/adapters/scripts/evolver-session-start.js

@@ -199,14 +199,18 @@ function getDedupStatePath() {
   return path.join(dir, 'session-start-state.json');
 }
 
-// TTL throttle keyed by an arbitrary string, persisted in session-start-state
-// .json. Returns true if `key` fired within the last `ttlMs` (caller should
-// suppress); otherwise records "now" for `key` and returns false. Best-effort:
-// a state read/write failure just means no throttling (fail open). Shared by
-// the Kiro per-prompt dedup and the non-git notice so both age out of the same
-// file (entries older than 24h are pruned on write).
-function throttled(key, ttlMs) {
-  const statePath = getDedupStatePath();
+function getNoticeStatePath() {
+  const dir = process.env.EVOLVER_SESSION_STATE_DIR
+    || path.join(os.homedir(), '.evolver');
+  try { fs.mkdirSync(dir, { recursive: true }); } catch { /* ignore */ }
+  return path.join(dir, 'session-start-notice-state.json');
+}
+
+// TTL throttle keyed by an arbitrary string. Returns true if `key` fired within
+// the last `ttlMs` (caller should suppress); otherwise records "now" for `key`
+// and returns false. Best-effort: a state read/write failure just means no
+// throttling (fail open). Entries older than 24h are pruned on write.
+function throttled(key, ttlMs, statePath) {
   let state = {};
   try {
     if (fs.existsSync(statePath)) {
@@ -241,7 +245,7 @@ function shouldSkipInjection() {
   if (!dedupEnabled) return false;
 
   const ttlMs = Number(process.env.EVOLVER_SESSION_START_DEDUP_TTL_MS) || (30 * 60 * 1000);
-  return throttled(process.cwd(), ttlMs);
+  return throttled(process.cwd(), ttlMs, getDedupStatePath());
 }
 
 function main() {
@@ -256,7 +260,7 @@ function main() {
   // from git diffs), so tell the user — once per folder per TTL — instead of
   // failing silently. Emitted regardless of whether any memory exists below.
   const parts = [];
-  if (!isGitWorkspace(currentDir) && !throttled('nongit:' + currentDir, NON_GIT_NOTICE_TTL_MS)) {
+  if (!isGitWorkspace(currentDir) && !throttled('nongit:' + currentDir, NON_GIT_NOTICE_TTL_MS, getNoticeStatePath())) {
     parts.push(NON_GIT_NOTICE);
   }