@floomhq/skills 0.2.12 → 0.2.17

package/dist/index.js

@@ -111,13 +111,13 @@ var require_bcrypt = __commonJS({
             throw Error("Illegal callback: " + typeof callback);
           _async(callback);
         } else
-          return new Promise(function(resolve3, reject) {
+          return new Promise(function(resolve5, reject) {
             _async(function(err, res) {
               if (err) {
                 reject(err);
                 return;
               }
-              resolve3(res);
+              resolve5(res);
             });
           });
       };
@@ -146,13 +146,13 @@ var require_bcrypt = __commonJS({
             throw Error("Illegal callback: " + typeof callback);
           _async(callback);
         } else
-          return new Promise(function(resolve3, reject) {
+          return new Promise(function(resolve5, reject) {
             _async(function(err, res) {
               if (err) {
                 reject(err);
                 return;
               }
-              resolve3(res);
+              resolve5(res);
             });
           });
       };
@@ -197,13 +197,13 @@ var require_bcrypt = __commonJS({
             throw Error("Illegal callback: " + typeof callback);
           _async(callback);
         } else
-          return new Promise(function(resolve3, reject) {
+          return new Promise(function(resolve5, reject) {
             _async(function(err, res) {
               if (err) {
                 reject(err);
                 return;
               }
-              resolve3(res);
+              resolve5(res);
             });
           });
       };
@@ -1908,9 +1908,9 @@ function parseManifest(raw) {
 }
 async function readManifest(skillDir) {
   const { readFile: readFile11 } = await import("node:fs/promises");
-  const { join: join15 } = await import("node:path");
+  const { join: join16 } = await import("node:path");
   try {
-    const raw = await readFile11(join15(skillDir, "skill.json"), "utf8");
+    const raw = await readFile11(join16(skillDir, "skill.json"), "utf8");
     let parsed;
     try {
       parsed = JSON.parse(raw);
@@ -2012,8 +2012,9 @@ import { promisify } from "node:util";
 var scrypt = promisify(scryptCb);
 
 // ../shared/src/install-targets.ts
-import { homedir } from "node:os";
-import { join } from "node:path";
+import { existsSync, realpathSync } from "node:fs";
+import { homedir, tmpdir } from "node:os";
+import { basename, dirname, isAbsolute, join, normalize, relative, resolve } from "node:path";
 var INSTALL_TARGETS = [
   "generic",
   "all",
@@ -2047,10 +2048,36 @@ var TARGET_ENV_DIRS = {
   opencode: ["FLOOM_SKILLS_DIR", "OPENCODE_SKILLS_DIR", "AGENTS_SKILLS_DIR"],
   kimi: ["FLOOM_SKILLS_DIR", "KIMI_SKILLS_DIR", "AGENTS_SKILLS_DIR"]
 };
+var SYSTEM_ROOTS = /* @__PURE__ */ new Set(["/", "/bin", "/etc", "/proc", "/sbin", "/sys", "/usr", "/var"]);
+function resolveThroughExistingParent(path) {
+  let current = path;
+  while (!existsSync(current)) {
+    const parent = dirname(current);
+    if (parent === current) return path;
+    current = parent;
+  }
+  const realParent = realpathSync.native(current);
+  return resolve(realParent, relative(current, path));
+}
+function validateEnvInstallDir(envVar, rawValue) {
+  const trimmed = rawValue.trim();
+  if (!trimmed || trimmed.includes("\0")) {
+    throw new Error(`${envVar} must be a non-empty filesystem path`);
+  }
+  const resolved = resolve(trimmed);
+  const resolvedHome = resolve(homedir());
+  const realTarget = resolveThroughExistingParent(resolved);
+  if (SYSTEM_ROOTS.has(realTarget) || !isWithin(realTarget, resolvedHome)) {
+    throw new Error(
+      `${envVar} points outside your home directory (${realTarget}). Set it to a path under ${resolvedHome} or use --target without an env override.`
+    );
+  }
+  return realTarget;
+}
 function envDirForTarget(target) {
   for (const key of TARGET_ENV_DIRS[target]) {
     const value = process.env[key]?.trim();
-    if (value) return value;
+    if (value) return validateEnvInstallDir(key, value);
   }
   return null;
 }
@@ -2073,12 +2100,35 @@ function presetDir(target, opts) {
       return join(root, ".agents", "skills");
   }
 }
+function isWithin(child, parent) {
+  const rel = relative(parent, child);
+  return rel === "" || !!rel && !rel.startsWith("..") && !isAbsolute(rel);
+}
+function validateExplicitInstallDir(dir, cwd = process.cwd()) {
+  const trimmed = dir.trim();
+  if (!trimmed || trimmed.includes("\0")) {
+    throw new Error("--to must be a non-empty filesystem path");
+  }
+  const absolute = resolve(cwd, trimmed);
+  if (!isAbsolute(trimmed)) {
+    const cwdRoot = resolve(cwd);
+    if (!isWithin(absolute, cwdRoot)) {
+      throw new Error("--to must stay inside the current project when using a relative path");
+    }
+    return normalize(trimmed);
+  }
+  const allowedAbsoluteRoots = [homedir(), tmpdir()].map((root) => resolve(root));
+  if (!allowedAbsoluteRoots.some((root) => isWithin(absolute, root))) {
+    throw new Error("--to absolute paths must be inside your home directory or temporary directory");
+  }
+  return absolute;
+}
 function resolveInstallDir(args) {
   const target = args.target ?? "generic";
   if (args.to) {
     return {
       target,
-      dir: args.to,
+      dir: validateExplicitInstallDir(args.to, args.cwd),
       origin: "explicit",
       compatibleAgents: COMPATIBLE_AGENTS[target]
     };
@@ -2099,6 +2149,13 @@ function resolveInstallDir(args) {
     compatibleAgents: COMPATIBLE_AGENTS[target]
   };
 }
+function normalizeInstallParentDir(parentDir, skillSlug) {
+  const normalized = normalize(parentDir);
+  if (basename(normalized) === skillSlug) {
+    return join(normalized, "..");
+  }
+  return normalized;
+}
 
 // ../shared/src/security-scan.ts
 import { readFile } from "node:fs/promises";
@@ -2222,7 +2279,7 @@ async function scanSkillBundleFiles(files) {
 
 // ../shared/src/skill-package.ts
 import { readFile as readFile2, readdir, stat, lstat, mkdir } from "node:fs/promises";
-import { join as join2, relative, sep, posix } from "node:path";
+import { join as join2, relative as relative2, sep, posix } from "node:path";
 import { createHash as createHash2 } from "node:crypto";
 var LIMITS = {
   maxBundleBytes: 10 * 1024 * 1024,
@@ -2278,7 +2335,7 @@ async function walk(rootDir, ignore, acc, current) {
   const entries = await readdir(current, { withFileTypes: true });
   for (const entry of entries) {
     const abs = join2(current, entry.name);
-    const rel = relative(rootDir, abs).split(sep).join(posix.sep);
+    const rel = relative2(rootDir, abs).split(sep).join(posix.sep);
     if (entry.isSymbolicLink()) {
       throw new Error(`Symlinks are not allowed: ${rel}`);
     }
@@ -2347,7 +2404,7 @@ async function extractBundle(buf, destDir) {
   const tar = await import("tar");
   const { Readable } = await import("node:stream");
   await mkdir(destDir, { recursive: true });
-  await new Promise((resolve3, reject) => {
+  await new Promise((resolve5, reject) => {
     const extractStream = tar.extract({
       cwd: destDir,
       strict: true,
@@ -2361,7 +2418,7 @@ async function extractBundle(buf, destDir) {
         if (msg.toLowerCase().includes("symlink")) reject(new Error("Bundle contains symlinks"));
       }
     });
-    Readable.from(buf).pipe(extractStream).on("finish", () => resolve3()).on("error", reject);
+    Readable.from(buf).pipe(extractStream).on("finish", () => resolve5()).on("error", reject);
   });
 }
 function verifyBundleHash(buf, expected) {
@@ -2407,7 +2464,11 @@ async function readRawAuth() {
     const raw = await readFile3(AUTH_FILE, "utf8");
     return JSON.parse(raw);
   } catch (e) {
-    if (e.code === "ENOENT") return null;
+    const code = e.code;
+    if (code === "ENOENT") return null;
+    if (code === "EACCES" || code === "EPERM") {
+      throw new FloomError("AUTH_REQUIRED", "Cannot read ~/.floom/auth.json due to file permissions. Fix permissions or run: floom login");
+    }
     if (e instanceof SyntaxError) {
       throw new FloomError("AUTH_REQUIRED", "Invalid ~/.floom/auth.json. Run: floom login to refresh local auth.");
     }
@@ -2461,14 +2522,17 @@ function allowsCustomApiUrl() {
   const raw = process.env.FLOOM_ALLOW_CUSTOM_API_URL?.trim().toLowerCase();
   return raw === "1" || raw === "true" || raw === "yes";
 }
-function isTrustedApiUrl(apiUrl) {
+function isCanonicalApiUrl(apiUrl) {
   try {
     const url = new URL(apiUrl);
-    return TRUSTED_API_HOSTS.has(url.hostname) || allowsCustomApiUrl();
+    return TRUSTED_API_HOSTS.has(url.hostname);
   } catch {
     return false;
   }
 }
+function isTrustedApiUrl(apiUrl) {
+  return isCanonicalApiUrl(apiUrl) || allowsCustomApiUrl();
+}
 function trustedApiUrlOrDefault(apiUrl) {
   const normalized = normalizeApiUrl(apiUrl);
   return isTrustedApiUrl(normalized) ? normalized : DEFAULT_API_URL;
@@ -2483,11 +2547,12 @@ function isLegacyApiUrl(apiUrl) {
 }
 
 // src/version.ts
-var VERSION = "0.2.12";
+var VERSION = "0.2.17";
 
 // src/api-client.ts
 var DEFAULT_TIMEOUT_MS = 2e4;
 var DEFAULT_RETRY_ATTEMPTS = 2;
+var MAX_ERROR_BODY_BYTES = 64 * 1024;
 function timeoutMs() {
   const raw = Number(process.env.FLOOM_API_TIMEOUT_MS);
   return Number.isFinite(raw) && raw > 0 ? raw : DEFAULT_TIMEOUT_MS;
@@ -2503,7 +2568,7 @@ function retryDelayMs(attempt) {
 }
 async function sleep(ms) {
   if (ms <= 0) return;
-  await new Promise((resolve3) => setTimeout(resolve3, ms));
+  await new Promise((resolve5) => setTimeout(resolve5, ms));
 }
 async function fetchWithTimeout(url, init = {}) {
   const controller = new AbortController();
@@ -2519,12 +2584,32 @@ async function fetchWithTimeout(url, init = {}) {
     clearTimeout(timer);
   }
 }
-function redirectHost(res, requestUrl) {
-  const location = res.headers.get("location");
-  return location ? new URL(location, requestUrl).host : void 0;
+async function readLimitedText(res, limitBytes = MAX_ERROR_BODY_BYTES) {
+  if (!res.body) return res.text();
+  const reader = res.body.getReader();
+  const chunks = [];
+  let total = 0;
+  let truncated = false;
+  while (true) {
+    const { done, value } = await reader.read();
+    if (done) break;
+    const chunk = value ?? new Uint8Array();
+    if (total + chunk.byteLength > limitBytes) {
+      const remaining = Math.max(limitBytes - total, 0);
+      if (remaining > 0) chunks.push(chunk.slice(0, remaining));
+      truncated = true;
+      await reader.cancel();
+      break;
+    }
+    chunks.push(chunk);
+    total += chunk.byteLength;
+  }
+  const text = new TextDecoder().decode(Buffer.concat(chunks));
+  return truncated ? `${text}
+[truncated]` : text;
 }
 function isRedirect(res) {
-  return res.status >= 300 && res.status < 400;
+  return res.type === "opaqueredirect" || res.status >= 300 && res.status < 400;
 }
 function isRetryableStatus(status) {
   return status === 408 || status === 429 || status >= 500;
@@ -2534,8 +2619,9 @@ function isRetryableMethod(method) {
 }
 async function api(path, opts = {}) {
   const auth = await readAuth();
-  const token = process.env.FLOOM_API_TOKEN?.trim() || auth?.token;
-  if (opts.authRequired && !token) {
+  const envToken = process.env.FLOOM_API_TOKEN?.trim();
+  const storedToken = auth?.token;
+  if (opts.authRequired && !opts.tokenOverride && !envToken && !storedToken) {
     throw new FloomError("AUTH_REQUIRED", "Not logged in. Run: floom login");
   }
   let lastError = null;
@@ -2555,7 +2641,15 @@ async function api(path, opts = {}) {
         "User-Agent": `floom-cli/${VERSION}`,
         "x-floom-cli-version": VERSION
       };
-      const requestToken = opts.tokenOverride ?? token;
+      const requestToken = opts.tokenOverride ?? envToken ?? (isCanonicalApiUrl(base) ? storedToken : void 0);
+      if (opts.authRequired && !requestToken) {
+        lastError = new FloomError(
+          "AUTH_REQUIRED",
+          "Refusing to send stored auth token to a custom API URL. Set FLOOM_API_TOKEN explicitly only if you trust that API.",
+          { apiUrl: base }
+        );
+        break;
+      }
       if (requestToken) headers.Authorization = `Bearer ${requestToken}`;
       let res;
       try {
@@ -2580,17 +2674,25 @@ async function api(path, opts = {}) {
         throw new FloomError(
           "INTERNAL_ERROR",
           "Floom API returned an unexpected redirect. Refusing to forward credentials.",
-          { status: res.status, apiUrl: base, redirectHost: redirectHost(res, url) }
+          { status: res.status, apiUrl: base }
         );
       }
-      const text = await res.text();
+      const text = res.ok ? await res.text() : await readLimitedText(res);
       let json = null;
       try {
         json = text ? JSON.parse(text) : null;
       } catch {
       }
+      const envelopeError = json?.error;
+      if (res.ok && envelopeError && typeof envelopeError === "object" && envelopeError.code) {
+        throw new FloomError(
+          envelopeError.code,
+          typeof envelopeError.message === "string" ? envelopeError.message : String(envelopeError.code),
+          { status: res.status, requestId: envelopeError.request_id, apiUrl: base }
+        );
+      }
       if (res.ok) return json;
-      const err = json?.error ?? {};
+      const err = envelopeError ?? {};
       lastError = new FloomError(
         err.code ?? "INTERNAL_ERROR",
         err.message ?? `HTTP ${res.status} ${res.statusText}`,
@@ -2621,7 +2723,7 @@ async function rawPut(url, body, contentType = "application/octet-stream") {
   if (isRedirect(res)) {
     throw new FloomError(
       "UPLOAD_FAILED",
-      `Upload failed: unexpected redirect to ${redirectHost(res, new URL(url)) ?? "unknown"}`
+      "Upload failed: unexpected redirect."
     );
   }
   if (!res.ok) {
@@ -2641,7 +2743,7 @@ async function rawGet(url) {
   if (isRedirect(res)) {
     throw new FloomError(
       "DOWNLOAD_FAILED",
-      `Download failed: unexpected redirect to ${redirectHost(res, new URL(url)) ?? "unknown"}`
+      "Download failed: unexpected redirect."
     );
   }
   if (!res.ok) {
@@ -2685,9 +2787,18 @@ async function loginCommand() {
   const interval = Math.max(2, session.poll_interval_seconds) * 1e3;
   while (Date.now() < deadline) {
     await new Promise((r) => setTimeout(r, interval));
-    const poll = await api(`/cli/sessions/${session.session_id}`, {
-      tokenOverride: session.device_code
-    });
+    let poll;
+    try {
+      poll = await api(`/cli/sessions/${session.session_id}`, {
+        tokenOverride: session.device_code
+      });
+    } catch (e) {
+      if (e instanceof FloomError && String(e.code) === "DEVICE_PENDING") {
+        process.stdout.write(".");
+        continue;
+      }
+      throw e;
+    }
     if (poll.status === "approved" && poll.token && poll.handle && poll.email) {
       await writeAuth({
         token: poll.token,
@@ -2759,13 +2870,16 @@ async function whoamiCommand() {
   log.heading("Logged in as:");
   log.kv("handle", `@${me.user.handle}`);
   log.kv("email", me.user.email);
+  if (me.workspace) {
+    log.kv("workspace", `${me.workspace.slug} (${me.workspace.role})`);
+  }
   log.kv("api url", process.env.FLOOM_API_URL ?? auth?.apiUrl ?? "default");
   if (envToken) log.kv("auth", "FLOOM_API_TOKEN");
 }
 
 // src/commands/init.ts
 import { writeFile as writeFile2, stat as stat2 } from "node:fs/promises";
-import { join as join4, basename } from "node:path";
+import { join as join4, basename as basename2 } from "node:path";
 import prompts from "prompts";
 async function pathExists(p) {
   try {
@@ -2777,7 +2891,7 @@ async function pathExists(p) {
 }
 async function initCommand() {
   const cwd = process.cwd();
-  const folderName = basename(cwd);
+  const folderName = basename2(cwd);
   if (await pathExists(join4(cwd, "skill.json"))) {
     log.err("skill.json already exists in this folder. Edit it directly or run from a fresh directory.");
     process.exit(1);
@@ -2979,6 +3093,52 @@ async function validateCommand(opts = {}) {
 // src/commands/publish.ts
 import { readFile as readFile6 } from "node:fs/promises";
 import { join as join6 } from "node:path";
+
+// src/lib/publish-urls.ts
+function trimAppUrl(appUrl) {
+  return appUrl.replace(/\/api\/v1\/?$/, "").replace(/\/$/, "");
+}
+function buildAuthenticatedSkillUrl(appUrl, librarySlug, skillSlug) {
+  const base = trimAppUrl(appUrl);
+  return `${base}/library/${encodeURIComponent(skillSlug)}?lib=${encodeURIComponent(librarySlug)}`;
+}
+function buildPublicSkillUrl(appUrl, handle, librarySlug, skillSlug) {
+  const base = trimAppUrl(appUrl);
+  if (librarySlug !== handle) return null;
+  return `${base}/@${handle}/${skillSlug}`;
+}
+function buildPublishViewLines(args) {
+  const manageUrl = buildAuthenticatedSkillUrl(args.appUrl, args.refRoot, args.slug);
+  const publicUrl = buildPublicSkillUrl(args.appUrl, args.handle, args.refRoot, args.slug);
+  if (args.visibility === "public") {
+    return {
+      heading: publicUrl ? "View (public):" : "Manage (workspace skill):",
+      primaryUrl: publicUrl ?? manageUrl,
+      ...publicUrl ? {} : { note: "Workspace skills stay under their authenticated library URL unless copied to your personal library." },
+      shareUrl: args.shareUrl ?? void 0
+    };
+  }
+  if (args.visibility === "unlisted") {
+    return {
+      heading: publicUrl ? "View (unlisted - use a share link for unauthenticated access):" : "Manage (unlisted workspace skill):",
+      primaryUrl: publicUrl ?? manageUrl,
+      ...publicUrl ? {} : { note: "Use the share link for unauthenticated access; workspace detail URLs remain authenticated." },
+      shareUrl: args.shareUrl ?? void 0
+    };
+  }
+  return {
+    heading: "Manage (private - sign in to your workspace):",
+    primaryUrl: manageUrl,
+    ...publicUrl ? {
+      secondaryHeading: "Public URL after you make it public or unlisted:",
+      secondaryUrl: publicUrl
+    } : {
+      note: "Workspace skills stay under their authenticated library URL unless copied to your personal library."
+    }
+  };
+}
+
+// src/commands/publish.ts
 async function publishCommand(opts = {}) {
   const auth = await readAuth();
   const envToken = process.env.FLOOM_API_TOKEN?.trim();
@@ -2986,7 +3146,7 @@ async function publishCommand(opts = {}) {
     log.err("Not logged in. Run: floom login");
     process.exit(1);
   }
-  const dir = process.cwd();
+  const dir = opts.dir ?? process.cwd();
   log.heading("Validating skill...");
   const report = await validateSkill(dir);
   if (!report.ok) {
@@ -3061,26 +3221,126 @@ async function publishCommand(opts = {}) {
   log.blank();
   log.ok(`Published ${complete.ref}`);
   log.blank();
-  log.info("View:");
   const displayApiUrl = trustedApiUrlOrDefault(process.env.FLOOM_API_URL ?? auth?.apiUrl ?? DEFAULT_API_URL);
-  log.kv("", `${displayApiUrl.replace("/api/v1", "")}/@${handle}/${manifest.name}`);
+  const appUrl = displayApiUrl.replace(/\/api\/v1\/?$/, "");
+  const visibility = complete.visibility ?? "private";
+  const views = buildPublishViewLines({
+    visibility,
+    appUrl,
+    handle,
+    slug: manifest.name,
+    refRoot,
+    shareUrl: complete.share_url
+  });
+  log.info(views.heading);
+  log.kv("", views.primaryUrl);
+  if (views.secondaryHeading && views.secondaryUrl) {
+    log.info(views.secondaryHeading);
+    log.kv("", views.secondaryUrl);
+  }
+  if (views.note) {
+    log.info(views.note);
+  }
+  if (views.shareUrl) {
+    log.info("Share link:");
+    log.kv("", views.shareUrl);
+  } else if (visibility === "unlisted") {
+    log.info(`Create a share link: floom link create ${refRoot}/${manifest.name}`);
+  }
   log.info("Install:");
   log.kv("", complete.install_command);
 }
 
+// src/commands/push.ts
+import { readdir as readdir2, stat as stat3 } from "node:fs/promises";
+import { basename as basename3, join as join7, resolve as resolve2 } from "node:path";
+function parsePushConcurrency(value) {
+  const raw = value ?? 6;
+  const parsed = typeof raw === "number" ? raw : Number.parseInt(raw, 10);
+  if (!Number.isInteger(parsed) || parsed < 1 || parsed > 16) {
+    throw new Error("--concurrency must be an integer from 1 to 16.");
+  }
+  return parsed;
+}
+async function hasSkillFiles(dir) {
+  try {
+    const [skillMd, manifest] = await Promise.all([
+      stat3(join7(dir, "SKILL.md")),
+      stat3(join7(dir, "skill.json"))
+    ]);
+    return skillMd.isFile() && manifest.isFile();
+  } catch {
+    return false;
+  }
+}
+async function findImmediateSkillDirs(root) {
+  const entries = await readdir2(root, { withFileTypes: true });
+  const dirs = entries.filter((entry) => entry.isDirectory()).map((entry) => join7(root, entry.name)).sort();
+  const checks = await Promise.all(dirs.map(async (dir) => await hasSkillFiles(dir) ? dir : null));
+  return checks.filter((dir) => Boolean(dir));
+}
+async function runBounded(items, concurrency, worker) {
+  let next = 0;
+  const workers = Array.from({ length: Math.min(concurrency, items.length) }, async () => {
+    while (next < items.length) {
+      const item = items[next];
+      next += 1;
+      await worker(item);
+    }
+  });
+  await Promise.all(workers);
+}
+async function pushCommand(dir = ".", options = {}, deps = {}) {
+  const root = resolve2(dir);
+  const rootStat = await stat3(root).catch(() => null);
+  if (!rootStat?.isDirectory()) {
+    throw new Error(`Directory not found: ${dir}`);
+  }
+  const publish = deps.publish ?? publishCommand;
+  if (await hasSkillFiles(root)) {
+    await publish({ ...options, dir: root });
+    return;
+  }
+  const skillDirs = await findImmediateSkillDirs(root);
+  if (skillDirs.length === 0) {
+    throw new Error("SKILL.md and skill.json are required, either in this directory or immediate child directories.");
+  }
+  const concurrency = parsePushConcurrency(options.concurrency);
+  const startedAt = Date.now();
+  const errors = [];
+  let pushed = 0;
+  await runBounded(skillDirs, concurrency, async (skillDir) => {
+    const slug = basename3(skillDir);
+    try {
+      await publish({ ...options, dir: skillDir });
+      pushed += 1;
+      log.info(`Pushed ${slug}`);
+    } catch (error) {
+      errors.push({ slug, message: error.message });
+    }
+  });
+  const elapsed = ((Date.now() - startedAt) / 1e3).toFixed(1).replace(/\.0$/, "");
+  log.info(`Pushed ${pushed}/${skillDirs.length} skills in ${elapsed}s.`);
+  if (errors.length > 0) {
+    log.err("Push errors:");
+    for (const error of errors) log.err(`- ${error.slug}: ${error.message}`);
+    process.exitCode = 1;
+  }
+}
+
 // src/commands/install.ts
-import { mkdir as mkdir4, readdir as readdir3, rm, rename } from "node:fs/promises";
-import { join as join8 } from "node:path";
-import { tmpdir } from "node:os";
+import { mkdir as mkdir4, readdir as readdir4, rm, rename } from "node:fs/promises";
+import { join as join9 } from "node:path";
+import { tmpdir as tmpdir2 } from "node:os";
 
 // src/lib/floom-lock.ts
-import { readFile as readFile7, writeFile as writeFile3, mkdir as mkdir3, stat as stat3, readdir as readdir2 } from "node:fs/promises";
-import { join as join7, relative as relative2, sep as sep2, posix as posix2 } from "node:path";
+import { readFile as readFile7, writeFile as writeFile3, mkdir as mkdir3, stat as stat4, readdir as readdir3 } from "node:fs/promises";
+import { join as join8, relative as relative3, sep as sep2, posix as posix2 } from "node:path";
 import { createHash as createHash3 } from "node:crypto";
 var EMPTY = { schema_version: "0.1", skills: {} };
 async function readLock(projectDir) {
   try {
-    const raw = await readFile7(join7(projectDir, "floom.lock"), "utf8");
+    const raw = await readFile7(join8(projectDir, "floom.lock"), "utf8");
     const parsed = JSON.parse(raw);
     if (parsed.schema_version === "0.1") return parsed;
     if (parsed.schema_version === "0.2") return parsed;
@@ -3095,7 +3355,7 @@ async function readLock(projectDir) {
 }
 async function writeLock(projectDir, lock) {
   await mkdir3(projectDir, { recursive: true });
-  await writeFile3(join7(projectDir, "floom.lock"), JSON.stringify(lock, null, 2) + "\n", "utf8");
+  await writeFile3(join8(projectDir, "floom.lock"), JSON.stringify(lock, null, 2) + "\n", "utf8");
 }
 function setLockEntry(lock, ref, entry) {
   return { ...lock, skills: { ...lock.skills, [ref]: entry } };
@@ -3125,12 +3385,12 @@ async function hashInstalledFolder(folderAbs) {
   async function walk2(dir) {
     let entries;
     try {
-      entries = await readdir2(dir, { withFileTypes: true });
+      entries = await readdir3(dir, { withFileTypes: true });
     } catch {
       return;
     }
     for (const entry of entries) {
-      const abs = join7(dir, entry.name);
+      const abs = join8(dir, entry.name);
       if (entry.isSymbolicLink()) continue;
       if (entry.isDirectory()) {
         await walk2(abs);
@@ -3138,7 +3398,7 @@ async function hashInstalledFolder(folderAbs) {
       }
       if (!entry.isFile()) continue;
       const buf = await readFile7(abs);
-      const rel = relative2(folderAbs, abs).split(sep2).join(posix2.sep);
+      const rel = relative3(folderAbs, abs).split(sep2).join(posix2.sep);
       out.push({
         relPath: rel,
         sha256: createHash3("sha256").update(buf).digest("hex"),
@@ -3147,7 +3407,7 @@ async function hashInstalledFolder(folderAbs) {
     }
   }
   try {
-    await stat3(folderAbs);
+    await stat4(folderAbs);
   } catch {
     return out;
   }
@@ -3156,6 +3416,20 @@ async function hashInstalledFolder(folderAbs) {
   return out;
 }
 
+// src/lib/filesystem-safety.ts
+import { lstat as lstat2 } from "node:fs/promises";
+async function assertPathIsNotSymlink(path, label = "path") {
+  try {
+    const stats = await lstat2(path);
+    if (stats.isSymbolicLink()) {
+      throw new Error(`${label} must not be a symbolic link: ${path}`);
+    }
+  } catch (e) {
+    if (e.code === "ENOENT") return;
+    throw e;
+  }
+}
+
 // src/commands/install.ts
 var CLI_VERSION = VERSION;
 function semverGte(a, b) {
@@ -3209,13 +3483,16 @@ async function installCommand(refStr, opts = {}) {
     global: opts.global
   });
   const projectDir = opts.global ? process.cwd() : process.cwd();
-  const destFolder = join8(target.dir, ref.slug);
+  const parentDir = opts.to ? normalizeInstallParentDir(target.dir, ref.slug) : target.dir;
+  const destFolder = join9(parentDir, ref.slug);
+  await assertPathIsNotSymlink(parentDir, "install parent directory");
+  await assertPathIsNotSymlink(destFolder, "install destination");
   const lock = await readLock(projectDir);
   const refKey = formatSkillRef({ owner: ref.owner, slug: ref.slug });
   const existing = lock.skills[refKey];
   let folderExists = false;
   try {
-    const entries = await readdir3(destFolder);
+    const entries = await readdir4(destFolder);
     folderExists = entries.length > 0;
   } catch {
   }
@@ -3245,7 +3522,7 @@ async function installCommand(refStr, opts = {}) {
   }
   log.ok(`Bundle verified (${(buf.length / 1024).toFixed(1)} KB).`);
   const tmp = await import("node:fs/promises").then(
-    (m) => m.mkdtemp(join8(tmpdir(), `floom-install-${ref.slug}-`))
+    (m) => m.mkdtemp(join9(tmpdir2(), `floom-install-${ref.slug}-`))
   );
   try {
     await extractBundle(buf, tmp);
@@ -3348,8 +3625,8 @@ async function outdatedCommand() {
 
 // src/commands/update.ts
 import { rm as rm2, rename as rename2, mkdir as mkdir5 } from "node:fs/promises";
-import { tmpdir as tmpdir2 } from "node:os";
-import { join as join9, resolve as resolve2 } from "node:path";
+import { tmpdir as tmpdir3 } from "node:os";
+import { join as join10, resolve as resolve4 } from "node:path";
 function cmpSemver2(a, b) {
   const pa = a.split(".").map((p) => parseInt(p, 10));
   const pb = b.split(".").map((p) => parseInt(p, 10));
@@ -3388,7 +3665,8 @@ async function updateCommand(refStr, opts = {}) {
       log.step(`${ref} is already at latest (${entry.version}).`);
       continue;
     }
-    const installDir = resolve2(projectDir, entry.path);
+    const installDir = resolve4(projectDir, entry.path);
+    await assertPathIsNotSymlink(installDir, "installed skill directory");
     if (!opts.force) {
       const current = await hashInstalledFolder(installDir);
       log.step(`Updating ${ref}: ${entry.version} -> ${info.latest_version}`);
@@ -3401,7 +3679,7 @@ async function updateCommand(refStr, opts = {}) {
       continue;
     }
     const tmp = await import("node:fs/promises").then(
-      (m) => m.mkdtemp(join9(tmpdir2(), `floom-update-${slug}-`))
+      (m) => m.mkdtemp(join10(tmpdir3(), `floom-update-${slug}-`))
     );
     try {
       await extractBundle(buf, tmp);
@@ -3528,6 +3806,26 @@ async function unshareCommand(refStr, email) {
   log.ok(`Removed ${email}'s access to ${refStr}.`);
 }
 
+// src/commands/link.ts
+async function linkCreateCommand(refStr, opts = {}) {
+  const ref = parseSkillRef(refStr);
+  if (!ref) {
+    log.err(`Invalid skill ref: ${refStr}`);
+    process.exit(1);
+  }
+  const role = opts.role ?? "viewer";
+  const body = { role };
+  if (opts.name) body.name = opts.name;
+  const r = await api(`/skills/${ref.owner}/${ref.slug}/links`, {
+    method: "POST",
+    authRequired: true,
+    body
+  });
+  log.ok(`Share link created for ${refStr}.`);
+  log.kv("url", r.link.url);
+  log.kv("role", r.link.role);
+}
+
 // src/commands/library.ts
 function isValidEmail2(email) {
   return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
@@ -3597,7 +3895,7 @@ async function workspaceAcceptCommand(tokenOrUrl) {
 // src/lib/config-file.ts
 import { mkdir as mkdir6, readFile as readFile8, writeFile as writeFile4 } from "node:fs/promises";
 import { homedir as homedir3 } from "node:os";
-import { dirname, join as join10 } from "node:path";
+import { dirname as dirname2, join as join11 } from "node:path";
 import { z as z2 } from "zod";
 var FLOOM_CONFIG_VERSION = "0.1";
 var TARGETS = ["claude", "codex", "cursor", "kimi", "opencode"];
@@ -3611,8 +3909,8 @@ var configSchema = z2.object({
   targets: z2.record(z2.enum(TARGETS), targetConfigSchema).default({})
 });
 function configPath(scope, cwd = process.cwd()) {
-  if (scope === "global") return join10(homedir3(), ".floom", "config.json");
-  return join10(cwd, ".floom", "config.json");
+  if (scope === "global") return join11(homedir3(), ".floom", "config.json");
+  return join11(cwd, ".floom", "config.json");
 }
 async function readFloomConfig(scope, cwd = process.cwd()) {
   try {
@@ -3626,7 +3924,7 @@ async function readFloomConfig(scope, cwd = process.cwd()) {
 async function writeFloomConfig(scope, config, cwd = process.cwd()) {
   const path = configPath(scope, cwd);
   const parsed = configSchema.parse(config);
-  await mkdir6(dirname(path), { recursive: true, mode: 448 });
+  await mkdir6(dirname2(path), { recursive: true, mode: 448 });
   await writeFile4(path, JSON.stringify(parsed, null, 2) + "\n", { mode: 384 });
 }
 function normalizeScope(value) {
@@ -3664,7 +3962,7 @@ async function setWorkspaceActive(input) {
 
 // src/commands/instruction.ts
 import { mkdir as mkdir7, readFile as readFile9, writeFile as writeFile5 } from "node:fs/promises";
-import { basename as basename2, dirname as dirname2, join as join11 } from "node:path";
+import { basename as basename4, dirname as dirname3, join as join12 } from "node:path";
 import { createHash as createHash4 } from "node:crypto";
 var START = "<!-- FLOOM START -->";
 var END = "<!-- FLOOM END -->";
@@ -3749,7 +4047,7 @@ async function writeManagedInstructionFile(input) {
     else throw e;
   }
   const next = replaceManagedBlock(existing, input.blockBody);
-  if (existed && !next.hadBlock && !input.apply && !input.force) {
+  if (existed && !next.hadBlock && !input.apply) {
     log.warn(`Refusing to modify ${input.path} without an existing Floom managed block.`);
     log.info("Re-run with --apply to append the managed block, or --path <file> for a dedicated file.");
     process.exit(1);
@@ -3758,11 +4056,14 @@ async function writeManagedInstructionFile(input) {
   let backupPath;
   if (existed && existing) {
     const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-    backupPath = join11(".floom", "backups", `${basename2(input.path)}.${stamp}.bak`);
-    await mkdir7(dirname2(backupPath), { recursive: true, mode: 448 });
+    backupPath = join12(".floom", "backups", `${basename4(input.path)}.${stamp}.bak`);
+    await assertPathIsNotSymlink(dirname3(backupPath), "instruction backup directory");
+    await assertPathIsNotSymlink(backupPath, "instruction backup file");
+    await mkdir7(dirname3(backupPath), { recursive: true, mode: 448 });
     await writeFile5(backupPath, existing, { mode: 384 });
   }
-  await mkdir7(dirname2(input.path), { recursive: true });
+  await mkdir7(dirname3(input.path), { recursive: true });
+  await assertPathIsNotSymlink(input.path, "instruction file");
   await writeFile5(input.path, next.content, "utf8");
   return { changed: true, backupPath };
 }
@@ -3915,7 +4216,7 @@ async function workspaceActiveCommand(opts = {}) {
 
 // src/commands/sync.ts
 import { mkdir as mkdir8, writeFile as writeFile6 } from "node:fs/promises";
-import { dirname as dirname3, join as join12 } from "node:path";
+import { dirname as dirname4, join as join13 } from "node:path";
 var ROUTER_SKILL = [
   "# Floom Find Skills",
   "",
@@ -3934,8 +4235,8 @@ var ROUTER_SKILL = [
 async function installRouter(target) {
   const install = resolveInstallDir({ target });
   const routerDir = target === "kimi" ? "floom" : "floom-find-skills";
-  const path = join12(install.dir, routerDir, "SKILL.md");
-  await mkdir8(dirname3(path), { recursive: true });
+  const path = join13(install.dir, routerDir, "SKILL.md");
+  await mkdir8(dirname4(path), { recursive: true });
   await writeFile6(path, ROUTER_SKILL, "utf8");
   return path;
 }
@@ -4203,13 +4504,14 @@ async function folderRevokeCommand(workspace, folderId, memberId) {
 }
 
 // src/commands/mcp.ts
-import { mkdtemp, mkdir as mkdir9, readdir as readdir4, readFile as readFile10, rename as rename3, rm as rm3, writeFile as writeFile7 } from "node:fs/promises";
-import { join as join13 } from "node:path";
-import { tmpdir as tmpdir3 } from "node:os";
+import { mkdtemp, mkdir as mkdir9, readdir as readdir5, readFile as readFile10, rename as rename3, rm as rm3, writeFile as writeFile7 } from "node:fs/promises";
+import { join as join14 } from "node:path";
+import { tmpdir as tmpdir4 } from "node:os";
 import { z as z3 } from "zod";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 var API_TIMEOUT_MS = 2e4;
+var MAX_ERROR_BODY_BYTES2 = 64 * 1024;
 function semverGte2(a, b) {
   const pa = a.split(".").map(Number);
   const pb = b.split(".").map(Number);
@@ -4231,6 +4533,30 @@ async function fetchWithTimeout2(url, init = {}) {
     clearTimeout(timer);
   }
 }
+async function readLimitedText2(res, limitBytes = MAX_ERROR_BODY_BYTES2) {
+  if (!res.body) return res.text();
+  const reader = res.body.getReader();
+  const chunks = [];
+  let total = 0;
+  let truncated = false;
+  while (true) {
+    const { done, value } = await reader.read();
+    if (done) break;
+    const chunk = value ?? new Uint8Array();
+    if (total + chunk.byteLength > limitBytes) {
+      const remaining = Math.max(limitBytes - total, 0);
+      if (remaining > 0) chunks.push(chunk.slice(0, remaining));
+      truncated = true;
+      await reader.cancel();
+      break;
+    }
+    chunks.push(chunk);
+    total += chunk.byteLength;
+  }
+  const text = new TextDecoder().decode(Buffer.concat(chunks));
+  return truncated ? `${text}
+[truncated]` : text;
+}
 async function resolveOptionalToken() {
   const fromEnv = process.env.FLOOM_API_TOKEN?.trim();
   if (fromEnv) return fromEnv;
@@ -4263,19 +4589,21 @@ async function apiRequest(token, path, query) {
       lastError = new Error(`Unable to reach Floom API at ${base}: ${e.message}`);
       continue;
     }
-    if (res.status >= 300 && res.status < 400) {
-      const location = res.headers.get("location");
-      const redirectHost2 = location ? new URL(location, url).host : "unknown";
-      lastError = new Error(`Floom API returned an unexpected redirect to ${redirectHost2}. Refusing to forward credentials.`);
+    if (res.type === "opaqueredirect" || res.status >= 300 && res.status < 400) {
+      lastError = new Error("Floom API returned an unexpected redirect. Refusing to forward credentials.");
       break;
     }
-    const body = await res.text();
+    const body = res.ok ? await res.text() : await readLimitedText2(res);
     let json = null;
     try {
       json = body ? JSON.parse(body) : null;
     } catch {
       json = { raw: body };
     }
+    if (json?.error?.code) {
+      lastError = new Error(json.error.message ?? String(json.error.code));
+      if (res.ok || res.status !== 404) break;
+    }
     if (res.ok) return json;
     lastError = new Error(json?.error?.message ?? `HTTP ${res.status}`);
     if (res.status !== 404 || json?.error) break;
@@ -4294,14 +4622,16 @@ async function installViaApi(token, refText, target, options = {}) {
   const bundle = await rawGet(dl.download.url);
   if (!verifyBundleHash(bundle, dl.bundle_sha256)) throw new Error("Bundle hash mismatch");
   const install = resolveInstallDir({ target });
+  await assertPathIsNotSymlink(install.dir, "install directory");
   await mkdir9(install.dir, { recursive: true });
-  const dest = join13(install.dir, parsed.slug);
-  const exists = await readdir4(dest).then(() => true).catch(() => false);
+  const dest = join14(install.dir, parsed.slug);
+  await assertPathIsNotSymlink(dest, "install destination");
+  const exists = await readdir5(dest).then(() => true).catch(() => false);
   if (exists && !options.force) {
     throw new Error(`Folder already exists at ${dest}. Call install_skill with force=true to overwrite after reviewing local changes.`);
   }
   if (exists) await rm3(dest, { recursive: true, force: true });
-  const temp = await mkdtemp(join13(tmpdir3(), `floom-mcp-${parsed.slug}-`));
+  const temp = await mkdtemp(join14(tmpdir4(), `floom-mcp-${parsed.slug}-`));
   try {
     await extractBundle(bundle, temp);
     await rename3(temp, dest);
@@ -4324,24 +4654,24 @@ async function installViaApi(token, refText, target, options = {}) {
   return { path: dest, version: dl.version, ref: info.ref ?? ref, has_scripts: !!dl.has_scripts };
 }
 async function parseSkillBundle(bundle) {
-  const tmp = await mkdtemp(join13(tmpdir3(), "floom-mcp-read-"));
+  const tmp = await mkdtemp(join14(tmpdir4(), "floom-mcp-read-"));
   try {
     await extractBundle(bundle, tmp);
     const files = [];
     const walk2 = async (dir, rel = "") => {
-      const entries = await readdir4(dir, { withFileTypes: true });
+      const entries = await readdir5(dir, { withFileTypes: true });
       for (const entry of entries) {
         const nextRel = rel ? `${rel}/${entry.name}` : entry.name;
-        const full = join13(dir, entry.name);
+        const full = join14(dir, entry.name);
         if (entry.isDirectory()) await walk2(full, nextRel);
         else files.push(nextRel);
       }
     };
     await walk2(tmp);
     const skillMdPath = files.find((f) => f.toUpperCase() === "SKILL.MD");
-    const skillMd = skillMdPath ? await readFile10(join13(tmp, skillMdPath), "utf8") : "";
+    const skillMd = skillMdPath ? await readFile10(join14(tmp, skillMdPath), "utf8") : "";
     const skillJsonPath = files.find((f) => f.toLowerCase() === "skill.json");
-    const skillJson = skillJsonPath ? JSON.parse(await readFile10(join13(tmp, skillJsonPath), "utf8")) : null;
+    const skillJson = skillJsonPath ? JSON.parse(await readFile10(join14(tmp, skillJsonPath), "utf8")) : null;
     return { files, skill_md: skillMd, skill_json: skillJson };
   } finally {
     await rm3(tmp, { recursive: true, force: true });
@@ -4434,11 +4764,29 @@ async function mcpCommand() {
 }
 
 // src/commands/doctor.ts
-import { mkdtemp as mkdtemp2, readdir as readdir5, rm as rm4 } from "node:fs/promises";
-import { tmpdir as tmpdir4 } from "node:os";
-import { join as join14 } from "node:path";
+import { mkdtemp as mkdtemp2, readdir as readdir6, rm as rm4 } from "node:fs/promises";
+import { tmpdir as tmpdir5 } from "node:os";
+import { join as join15 } from "node:path";
+import { fileURLToPath } from "node:url";
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+
+// src/lib/api-health.ts
+async function probeApiHealth(rawApiUrl) {
+  const apiV1 = trustedApiUrlOrDefault(rawApiUrl ?? DEFAULT_API_URL).replace(/\/$/, "");
+  const healthUrl = `${apiV1}/health`;
+  try {
+    const res = await fetch(healthUrl, { method: "GET", signal: AbortSignal.timeout(8e3) });
+    if (!res.ok) return { name: "api_health", ok: false, detail: `GET ${healthUrl} \u2192 HTTP ${res.status}` };
+    const body = await res.json();
+    if (body.ok !== true) return { name: "api_health", ok: false, detail: `unexpected JSON from ${healthUrl}` };
+    return { name: "api_health", ok: true, detail: healthUrl };
+  } catch (e) {
+    return { name: "api_health", ok: false, detail: `${healthUrl}: ${e.message}` };
+  }
+}
+
+// src/commands/doctor.ts
 function textOf(result) {
   return String(result?.content?.[0]?.text ?? "");
 }
@@ -4502,11 +4850,13 @@ async function doctorCommand(opts = {}) {
         authCheck2 = fail("auth", `saved login rejected by API: ${e.message}`);
       }
     }
+    const resolvedApiUrl2 = process.env.FLOOM_API_URL ?? auth2?.apiUrl ?? DEFAULT_API_URL;
     const checks2 = [
       pass("cli_version", VERSION),
       authCheck2,
       process.env.FLOOM_API_URL ? apiUrlCheck(process.env.FLOOM_API_URL) : isLegacyApiUrl(rawAuth?.apiUrl) ? warn("auth_api_url", `legacy URL in ~/.floom/auth.json; using ${DEFAULT_API_URL}`) : apiUrlCheck(auth2?.apiUrl ?? DEFAULT_API_URL)
     ];
+    checks2.push(await probeApiHealth(resolvedApiUrl2));
     emitDoctor(checks2, opts.json);
     if (checks2.some((check) => !check.ok)) process.exit(1);
     return;
@@ -4514,18 +4864,20 @@ async function doctorCommand(opts = {}) {
   const checks = [];
   const auth = await readAuth();
   const token = process.env.FLOOM_API_TOKEN?.trim() || auth?.token;
+  const resolvedApiUrl = process.env.FLOOM_API_URL ?? auth?.apiUrl ?? DEFAULT_API_URL;
+  checks.push(await probeApiHealth(resolvedApiUrl));
   const authCheck = await validateCurrentToken(token);
   const hasValidToken = authCheck.ok && authCheck.status !== "warn" && Boolean(token);
   checks.push(authCheck);
-  const cliPath = process.argv[1];
+  const cliPath = fileURLToPath(import.meta.url);
   if (!cliPath) {
-    checks.push(fail("fresh_agent_cli_path", "process.argv[1] is empty"));
+    checks.push(fail("fresh_agent_cli_path", "current CLI module path is empty"));
     emitDoctor(checks, opts.json);
     process.exit(1);
   }
-  const tmpHome = await mkdtemp2(join14(tmpdir4(), "floom-doctor-home-"));
-  const tmpSkills = await mkdtemp2(join14(tmpdir4(), "floom-doctor-skills-"));
-  const tmpProject = await mkdtemp2(join14(tmpdir4(), "floom-doctor-project-"));
+  const tmpHome = await mkdtemp2(join15(tmpdir5(), "floom-doctor-home-"));
+  const tmpSkills = await mkdtemp2(join15(tmpdir5(), "floom-doctor-skills-"));
+  const tmpProject = await mkdtemp2(join15(tmpdir5(), "floom-doctor-project-"));
   const transport = new StdioClientTransport({
     command: process.execPath,
     args: [cliPath, "mcp"],
@@ -4565,7 +4917,7 @@ async function doctorCommand(opts = {}) {
       const skill = await client.callTool({ name: "get_skill", arguments: { ref: opts.ref } });
       checks.push(/SKILL\.md/.test(textOf(skill)) ? pass("mcp_get_skill", opts.ref) : fail("mcp_get_skill", "bundle did not include SKILL.md"));
       const installed = await client.callTool({ name: "install_skill", arguments: { ref: opts.ref, target: opts.target ?? "codex" } });
-      const entries = await readdir5(tmpSkills);
+      const entries = await readdir6(tmpSkills);
       checks.push(entries.length > 0 ? pass("mcp_install_skill", textOf(installed)) : fail("mcp_install_skill", "target directory is empty"));
     } else {
       checks.push(warn("mcp_public_skill", "skipped; pass --ref <public-skill-ref> to verify get_skill/install_skill against a known public skill"));
@@ -4605,8 +4957,8 @@ program.command("whoami").description("Show the logged-in user.").action(whoamiC
 program.command("init").description("Scaffold a new skill in the current directory.").action(initCommand);
 program.command("validate").description("Validate the skill in the current directory.").option("--json", "Emit machine-readable JSON").action((opts) => validateCommand(opts));
 program.command("publish").description("Publish the skill in the current directory.").option("--dry-run", "Validate and pack locally without uploading.").option("--workspace <slug>", "Publish into a shared workspace slug (default: personal)").option("--library <slug>", "Legacy alias for --workspace").addHelpText("after", "\nExamples:\n  $ floom publish\n  $ floom publish --workspace team-workspace").action((opts) => publishCommand(opts));
-program.command("push").description("Alias for `publish`.").option("--dry-run", "Validate and pack locally without uploading.").option("--workspace <slug>", "Publish into a shared workspace slug").option("--library <slug>", "Legacy alias for --workspace").addHelpText("after", "\nExample:\n  $ floom push --workspace team-workspace").action((opts) => publishCommand(opts));
-program.command("install <ref>").description("Install a skill (default: .agents/skills/<slug>/).").option("--for <target>", "Tool preset: claude | codex | cursor | gemini | opencode | kimi | all").option("--to <path>", "Explicit install directory").option("--global", "Install to user-level folder instead of project-local").option("--force", "Overwrite existing folder").addHelpText("after", "\nExamples:\n  $ floom install @alice/research-brief\n  $ floom install @alice/research-brief --for codex\n  $ floom install @alice/research-brief --to .agents/skills").action((ref, opts) => installCommand(ref, opts));
+program.command("push [dir]").description("Publish one skill folder or every immediate child skill folder.").option("--dry-run", "Validate and pack locally without uploading.").option("--workspace <slug>", "Publish into a shared workspace slug").option("--library <slug>", "Legacy alias for --workspace").option("--concurrency <n>", "Bulk push concurrency, 1-16", "6").addHelpText("after", "\nExamples:\n  $ floom push\n  $ floom push ./skills --workspace team-workspace --concurrency 4").action((dir, opts) => pushCommand(dir ?? ".", opts));
+program.command("install <ref>").description("Install a skill (default: .agents/skills/<slug>/).").option("--for <target>", "Tool preset: claude | codex | cursor | gemini | opencode | kimi | all").option("--to <path>", "Parent directory; installs to <path>/<skill-slug>/ (not the skill folder itself)").option("--global", "Install to user-level folder instead of project-local").option("--force", "Overwrite existing folder").addHelpText("after", "\nExamples:\n  $ floom install @alice/research-brief\n  $ floom install @alice/research-brief --for codex\n  $ floom install @alice/research-brief --to .agents/skills\n\nNote: --to is the parent folder. The skill lands in .agents/skills/research-brief/, not directly in .agents/skills/.").action((ref, opts) => installCommand(ref, opts));
 program.command("installed").description("List installed skills in this project.").option("--json").action(installedCommand);
 program.command("outdated").description("Show installed skills with newer versions available.").action(outdatedCommand);
 program.command("update [ref]").description("Update installed skills to latest.").option("--force", "Overwrite local edits").action((ref, opts) => updateCommand(ref, opts));
@@ -4619,6 +4971,8 @@ program.command("pinned").alias("pins").description("List workspace skills pinne
 program.command("unpin <ref>").description("Unpin a workspace skill for local pull").option("--workspace <slug>", "Workspace slug").option("--target <target>", "claude | codex | cursor | kimi | opencode", "codex").action((ref, opts) => unpinCommand(ref, opts));
 program.command("share <ref> <email>").description("Invite someone to a skill by email.").option("--role <role>", "viewer (default) or editor").action((ref, email, opts) => shareCommand(ref, email, opts));
 program.command("unshare <ref> <email>").description("Revoke someone's access.").action((ref, email) => unshareCommand(ref, email));
+var linkCmd = program.command("link").description("Create opaque share links for unlisted/public skills");
+linkCmd.command("create <ref>").description("Create a share link URL for a skill.").option("--name <name>", "Optional link label").option("--role <role>", "viewer (default) or editor").action((ref, opts) => linkCreateCommand(ref, opts));
 var configCmd = program.command("config").description("Manage local Floom configuration");
 configCmd.command("default-workspace [slug]").description("Show or set the default workspace").option("--scope <scope>", "global | local", "local").action((slug, opts) => defaultWorkspaceCommand(slug, opts));
 function addWorkspaceCommands(cmd) {
@@ -4677,4 +5031,3 @@ bcryptjs/dist/bcrypt.js:
    * see: https://github.com/dcodeIO/bcrypt.js for details
    *)
 */
-//# sourceMappingURL=index.js.map