@krimto-labs/krimto 0.2.35 → 0.2.37

package/README.md

@@ -9,8 +9,8 @@ place and reads the right slice of it — Alice's preferences override the team'
 conventions override the org's standards, and every fact carries a paper trail (author, source,
 timestamp, reviewer).
 
-> **Where we are:** **v0.2.35** is the current release — the v0.2.17 wizard redesign is now
-> shipped end-to-end, plus eighteen patch releases of correctness fixes and agent-friendly
+> **Where we are:** **v0.2.37** is the current release — the v0.2.17 wizard redesign is now
+> shipped end-to-end, plus twenty patch releases of correctness fixes and agent-friendly
 > surface. The v0.2.16 architecture (markdown-in-git storage, `user → team → org` hierarchy,
 > hybrid retrieval, server-enforced access, two-way git sync, MCP over stdio + HTTP, the Docker
 > image, the web UI) is unchanged. What you get on top of v0.2.16:
@@ -41,7 +41,7 @@ timestamp, reviewer).
 >   first, waits for `:8080` to accept TCP, then writes editor configs. Cursor's file
 >   watcher never fires into an unbound port (the v0.2.27/28 ECONNREFUSED fix).
 >
-> **The agent story (v0.2.34 → v0.2.35).**
+> **The agent story (v0.2.34 → v0.2.37).**
 > - **Phase B agent flags** — `editors --add cursor`, `service --always`, `search --keyword`,
 >   `reset --yes`, `remote --set <url>`, `folder --to <path>`. Every command that used to
 >   open an interactive prompt now has a flag form.
@@ -54,6 +54,14 @@ timestamp, reviewer).
 >   Cursor chat" line works without prompting agents.
 > - **Cursor `alwaysApply: true` frontmatter** so `.cursor/rules/krimto.mdc` auto-attaches
 >   instead of requiring the user to type "krimto" first.
+> - **`krimto team init` lands you in team mode (v0.2.36)** — the wizard restarts the running
+>   service into team mode itself (no copy-paste recipe, no lock conflict), saves invite keys
+>   to a 0600 backup file, and validates the git remote URL at the prompt. `krimto notes` now
+>   works from any terminal (identity falls back to `git config user.email`).
+> - **Write-time duplicate backstop (v0.2.37)** — `krimto_write` flags a near-duplicate fact in
+>   the same scope (a `related` list + a hint to `krimto_supersede`), so memory doesn't silently
+>   accumulate two facts about the same thing even when the agent skips `krimto_recall`. Backed
+>   by a new retrieval-quality eval that asserts recall returns the right fact first.
 >
 > See [ROADMAP.md](ROADMAP.md), [CHANGELOG.md](CHANGELOG.md), and the proposal-vs-reality
 > diff in [docs/krimto-v0.2.17-maria-journey.html §09](docs/krimto-v0.2.17-maria-journey.html)
@@ -409,14 +417,14 @@ admin surface.
 
 ### Option C — Docker (HTTP + bearer auth, containerized)
 
-Build the image and run it (a published image is coming):
+The published multi-arch image at `ghcr.io/krimto-labs/krimto:latest` (built for `linux/amd64` and
+`linux/arm64`) is the default path:
 
 ```bash
-docker build -t krimto .
 docker run -d --name krimto -p 8080:8080 \
   -e KRIMTO_BOOTSTRAP_ADMIN=you@acme.com \
   -v ~/.krimto:/data \
-  krimto
+  ghcr.io/krimto-labs/krimto:latest
 docker logs krimto | grep "admin API key"   # the key is printed once
 ```
 
@@ -424,17 +432,19 @@ The container serves MCP at `http://localhost:8080/mcp` (bearer auth) and health
 `/health/ready`; facts persist in the mounted `/data` volume. Point your agent at it with the same
 `"url"` + `Bearer` config as Option B.
 
-**Pulling a published image (no local build):** pushing a `v*` git tag runs
-[`.github/workflows/docker-publish.yml`](.github/workflows/docker-publish.yml), which publishes the
-image to `ghcr.io/krimto-labs/krimto`. After the first release tag you can skip `docker build` and run
-the published image directly:
+**Building locally** — only needed if you're developing Krimto or pinning to an unreleased
+commit:
 
 ```bash
+docker build -t krimto .
 docker run -d --name krimto -p 8080:8080 \
   -e KRIMTO_BOOTSTRAP_ADMIN=you@acme.com -v ~/.krimto:/data \
-  ghcr.io/krimto-labs/krimto:latest
+  krimto
 ```
 
+The published image is built and pushed by
+[`.github/workflows/docker-publish.yml`](.github/workflows/docker-publish.yml) on every `v*` tag.
+
 ### Web UI (humans)
 
 When the HTTP server is running, open `http://localhost:8080/ui`. In local mode (no
@@ -496,9 +506,9 @@ Cline — is table stakes today, so Krimto ships it but doesn't lead with it.
 
 ## Roadmap
 
-`v0.2` (teams) → `v0.2.18` (UX redesign — wizards, per-note CLI, notes-app `/ui` — published) →
-`v0.3` (OAuth + PR approval flow) → `v1.0` (Krimto Cloud). See [ROADMAP.md](ROADMAP.md) for the
-per-release breakdown.
+`v0.2` (teams, v0.2.5) → `v0.2.18` (v0.2.17 wizard redesign — published as one SemVer-clean
+release) → `v0.2.37` (correctness + agent-friendly polish — current) → `v0.3` (OAuth + PR approval
+flow) → `v1.0` (Krimto Cloud). See [ROADMAP.md](ROADMAP.md) for the per-release breakdown.
 
 ## License
 

package/bin/krimto.mjs

@@ -521,7 +521,7 @@ try {
     const { resolveDataDir, resolveIdentity } = await tsImport("../src/server/index.ts", import.meta.url);
     const result = await runNotes({
       dataDir: resolveDataDir(),
-      identity: resolveIdentity(),
+      identity: await resolveIdentity(),
       query: typeof query === "string" && query.length > 0 ? query : undefined,
     });
     process.stdout.write(result.message);
@@ -534,7 +534,7 @@ try {
     }
     const { runEdit } = await tsImport("../src/cli/edit.ts", import.meta.url);
     const { resolveDataDir, resolveIdentity } = await tsImport("../src/server/index.ts", import.meta.url);
-    const result = await runEdit({ dataDir: resolveDataDir(), identity: resolveIdentity(), id });
+    const result = await runEdit({ dataDir: resolveDataDir(), identity: await resolveIdentity(), id });
     process.stdout.write(result.message);
     if (result.status !== "ok" && result.status !== "no-change") process.exitCode = 1;
   } else if (cmd === "mv") {
@@ -551,7 +551,7 @@ try {
     const { resolveDataDir, resolveIdentity } = await tsImport("../src/server/index.ts", import.meta.url);
     const result = await runMv({
       dataDir: resolveDataDir(),
-      identity: resolveIdentity(),
+      identity: await resolveIdentity(),
       id,
       newScope,
     });
@@ -568,7 +568,7 @@ try {
     const { resolveDataDir, resolveIdentity } = await tsImport("../src/server/index.ts", import.meta.url);
     const result = await runSupersede({
       dataDir: resolveDataDir(),
-      identity: resolveIdentity(),
+      identity: await resolveIdentity(),
       id,
     });
     process.stdout.write(result.message);
@@ -587,7 +587,7 @@ try {
     const { resolveDataDir, resolveIdentity } = await tsImport("../src/server/index.ts", import.meta.url);
     const result = await runTag({
       dataDir: resolveDataDir(),
-      identity: resolveIdentity(),
+      identity: await resolveIdentity(),
       id,
       changes,
     });
@@ -603,7 +603,7 @@ try {
     }
     const { runDeleteFact } = await tsImport("../src/cli/deleteFact.ts", import.meta.url);
     const { resolveDataDir, resolveIdentity } = await tsImport("../src/server/index.ts", import.meta.url);
-    const result = await runDeleteFact(resolveDataDir(), resolveIdentity(), id);
+    const result = await runDeleteFact(resolveDataDir(), await resolveIdentity(), id);
     process.stdout.write(result.message);
     if (result.status !== "ok") process.exitCode = 1;
   } else if (cmd === "reindex") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@krimto-labs/krimto",
-  "version": "0.2.35",
+  "version": "0.2.37",
   "description": "Open-source team memory layer for AI agents — markdown files in git, user/team/org hierarchy, cross-vendor MCP server.",
   "license": "Apache-2.0",
   "type": "module",

package/src/cli/join.ts

@@ -11,6 +11,7 @@
 
 import { checkbox } from "@inquirer/prompts";
 import { promises as fs } from "node:fs";
+import * as os from "node:os";
 import * as path from "node:path";
 
 import { applyRule } from "../agentRule";
@@ -20,6 +21,7 @@ import {
   type EditorEnvironment,
   type EditorKind,
 } from "./init";
+import { inspectRuntime } from "./inspectRuntime";
 import { writeMcpConfig, type WriteAction } from "./mcpConfig";
 import { defaultIO, isExitPrompt, type WizardIO } from "./promptHelpers";
 
@@ -137,6 +139,15 @@ export async function runJoin(args: JoinArgs, opts: JoinOptions = {}): Promise<J
   try {
     io.out("\nKrimto — Joining team server\n\n");
     io.out(`  Server: ${normalizeServerUrl(args.server)}\n`);
+
+    // Smoke-6 follow-up: a teammate may have an EARLIER solo-mode Krimto service running on
+    // this machine. After join, their editor points at the admin's server (good) — but the
+    // local solo service keeps listening on localhost:8080 with no auth, serving whatever's
+    // in their solo data dir. Print one warning line so they can `krimto stop` first.
+    // Non-blocking, narrow: only fires when (a) a service-launched lock is alive, (b) the
+    // local /mcp returns anything other than 401 (i.e. not enforcing auth).
+    await warnIfLocalSoloServiceRunning(args.server, opts, io);
+
     io.out("  Detecting your editors...\n");
 
     const cwd = opts.cwd ?? process.cwd();
@@ -201,6 +212,61 @@ async function readMaybe(p: string): Promise<string | null> {
   }
 }
 
+/**
+ * Soft guard for the Plan-agent-flagged Risk (b): a teammate's earlier solo-mode Krimto
+ * service may still be running on this machine after join, serving solo notes on
+ * localhost:8080 with no auth. Print one warning line so they can `krimto stop` first.
+ * Best-effort, non-blocking — never refuses to proceed (that's the architectural fix's job).
+ */
+async function warnIfLocalSoloServiceRunning(
+  teamServerArg: string,
+  opts: JoinOptions,
+  io: WizardIO,
+): Promise<void> {
+  const dataDir = path.join(opts.homeDir ?? os.homedir(), ".krimto");
+  let runtime;
+  try {
+    runtime = await inspectRuntime(
+      dataDir,
+      opts.homeDir ? { homeDir: opts.homeDir } : {},
+    );
+  } catch {
+    return; // probe failed — say nothing rather than scare the user
+  }
+  if (!runtime.lock || !runtime.lock.alive || runtime.effectiveLaunchedBy !== "service") return;
+
+  // Same-machine joins (admin onboarding themselves) are NOT the case we want to warn about —
+  // their local service IS the team server. Skip the warning when the team-server URL is
+  // localhost / 127.0.0.1 / the host's own hostname.
+  const url = teamServerArg.toLowerCase();
+  if (
+    url.includes("localhost") ||
+    url.includes("127.0.0.1") ||
+    url.includes(os.hostname().toLowerCase())
+  ) {
+    return;
+  }
+
+  // Probe the local /mcp endpoint. 401 means auth is enforced (team mode) → no warning.
+  // Anything else (200, 405, timeout) → likely solo mode → warn.
+  let enforcingAuth = false;
+  try {
+    const res = await fetch("http://127.0.0.1:8080/mcp", {
+      signal: AbortSignal.timeout(1500),
+    });
+    enforcingAuth = res.status === 401;
+  } catch {
+    /* unreachable on :8080 — fall through and warn */
+  }
+  if (enforcingAuth) return;
+
+  io.err(
+    `\n⚠ A local Krimto service is also running on this machine (PID ${runtime.lock.pid}).\n` +
+      `  It serves notes in ${dataDir} on http://localhost:8080 with no auth.\n` +
+      `  If you don't need it: \`krimto stop\` then re-run \`krimto join …\`.\n\n`,
+  );
+}
+
 function printApplyResult(res: JoinResult, io: WizardIO): void {
   for (const o of res.editorOutcomes) {
     const label = EDITOR_LABEL[o.editor];

package/src/cli/setupRemote.ts

@@ -14,13 +14,18 @@ export interface SetupRemoteResult {
   url: string;
 }
 
-// Minimal guard against obvious typos. Anything with whitespace or no `/`/`:` separator
-// (e.g. "not a url") is rejected up front; everything else is handed to git, which is the
-// authoritative URL parser (accepts ssh, https, file://, bare local paths, etc.).
-function looksLikeRemoteUrl(url: string): boolean {
+// Reject anything that isn't an obvious git remote BEFORE we hand it to `git`. Smoke-6
+// transcript showed `github.com/krimto-labs/foo.git` (no protocol, no user) reaching git and
+// failing only at push time — by which point the wizard had already printed success messages.
+// Tightened to require one of the well-known transport prefixes (or an absolute filesystem
+// path). git is still the authoritative parser for everything past this gate.
+const VALID_REMOTE_PREFIXES = ["git@", "https://", "http://", "ssh://", "file://"];
+
+export function looksLikeRemoteUrl(url: string): boolean {
   if (url.trim() !== url || url.length === 0) return false;
   if (/\s/.test(url)) return false;
-  return /[:/]/.test(url);
+  if (url.startsWith("/")) return true;
+  return VALID_REMOTE_PREFIXES.some((p) => url.startsWith(p));
 }
 
 export async function runSetupRemote(dataDir: string, url: string): Promise<SetupRemoteResult> {
@@ -47,7 +52,7 @@ export async function runSetupRemote(dataDir: string, url: string): Promise<Setu
         `\n   ${url}\n` +
         `\n━━ Next ━━\n` +
         `\n   To also auto-pull teammates' edits (every 60s), set on next boot:\n` +
-        `     $ export KRIMTO_GIT_REMOTE=${url}\n` +
+        `     export KRIMTO_GIT_REMOTE=${url}\n` +
         `\n   The batcher will auto-push every commit from now on regardless.\n`,
     };
   }

package/src/cli/teamInit.ts

@@ -22,8 +22,10 @@ import { ApiKeyStore } from "../access/auth";
 import { addUser, createTeam } from "../access/membershipStore";
 import { bootstrapAdmin } from "../server/bootstrap";
 import { defaultIdentity } from "./init";
+import { inspectRuntime } from "./inspectRuntime";
 import { defaultIO, isExitPrompt, type WizardIO } from "./promptHelpers";
-import { runSetupRemote } from "./setupRemote";
+import { detectPlatform, installService } from "./service";
+import { looksLikeRemoteUrl, runSetupRemote } from "./setupRemote";
 
 /** Everything the wizard collects before it calls {@link applyTeamInit}. */
 export interface TeamInitAnswers {
@@ -58,6 +60,13 @@ export interface TeamInitResult {
   serverHost: string;
   /** Resolved data dir the wizard wrote membership/keys into. */
   dataDir: string;
+  /**
+   * Path to the 0600-mode invite file written at apply time, when any keys were minted.
+   * Unset when there was nothing new to save (idempotent rerun where admin + all teammates
+   * already had keys). Admin's key is shown-once-only — losing it from scrollback used to
+   * require `reset-admin-key`; the file is the recoverable backup.
+   */
+  inviteFilePath?: string;
 }
 
 export interface TeamInitOptions {
@@ -68,6 +77,14 @@ export interface TeamInitOptions {
   keysPath?: string;
   /** Override KRIMTO_HTTP_PORT detection. */
   port?: number;
+  /** Override os.homedir() — passed to inspectRuntime + installService for tests. */
+  homeDir?: string;
+  /** When true, the post-apply service-restart step writes files but never invokes
+   * launchctl/systemctl/schtasks. Tests use this to assert the new env block without
+   * mutating CI's user services. */
+  dryRun?: boolean;
+  /** Suppress the post-apply service-restart probe entirely (tests that don't exercise it). */
+  skipServiceRestart?: boolean;
   /** Skip `runSetupRemote` even when a URL was given. Tests use this. */
   skipRemoteSetup?: boolean;
 }
@@ -123,6 +140,24 @@ export async function applyTeamInit(
   }
 
   const port = opts.port ?? Number(process.env.KRIMTO_HTTP_PORT ?? "8080");
+  const serverHost = `localhost:${port}`;
+
+  // 5. Save plaintext keys + DM template to a 0600 file. Admin's key is shown-once-only;
+  // teammates' keys are shown-once-each. Without this file the only recovery is
+  // `reset-admin-key` (admin) or re-issuing each invite (teammates) — both unnecessary churn.
+  let inviteFilePath: string | undefined;
+  if (adminKey || invites.length > 0) {
+    inviteFilePath = await writeInviteFile({
+      dataDir,
+      adminEmail: answers.adminEmail,
+      adminKey,
+      teamSlug: answers.teamSlug,
+      teamName: answers.teamName,
+      invites,
+      serverHost,
+    });
+  }
+
   return {
     adminEmail: answers.adminEmail,
     adminKey,
@@ -130,11 +165,60 @@ export async function applyTeamInit(
     teamName: answers.teamName,
     remote,
     invites,
-    serverHost: `localhost:${port}`,
+    serverHost,
     dataDir,
+    ...(inviteFilePath ? { inviteFilePath } : {}),
   };
 }
 
+/**
+ * Write the team-invite file to `<dataDir>/.krimto/team-invites-<ISO-timestamp>.txt` with
+ * mode 0o600. Filename's timestamp colons are replaced with dashes so the path is portable
+ * across filesystems. Returns the absolute path.
+ */
+async function writeInviteFile(input: {
+  dataDir: string;
+  adminEmail: string;
+  adminKey: string | null;
+  teamSlug: string;
+  teamName?: string;
+  invites: InviteRecord[];
+  serverHost: string;
+}): Promise<string> {
+  const ts = new Date().toISOString().replace(/:/g, "-").replace(/\.\d+Z$/, "Z");
+  const file = path.join(input.dataDir, ".krimto", `team-invites-${ts}.txt`);
+  const teamLabel = input.teamName ? `${input.teamSlug} ("${input.teamName}")` : input.teamSlug;
+  const adminBlock = input.adminKey
+    ? `━━ Admin ━━\n  ${input.adminEmail.padEnd(28)} ${input.adminKey}\n\n`
+    : `━━ Admin ━━\n  ${input.adminEmail} — existing key kept (no new one minted).\n\n`;
+  const inviteBlock =
+    input.invites.length > 0
+      ? "━━ Teammates (send each their key) ━━\n" +
+        input.invites.map((i) => `  ${i.email.padEnd(28)} ${i.key}`).join("\n") +
+        "\n\n"
+      : "";
+  const dmTemplate =
+    "━━ DM template (one per teammate) ━━\n" +
+    "  1. Install Krimto:\n" +
+    `     npx @krimto-labs/krimto join \\\n` +
+    `         --server http://${input.serverHost} \\\n` +
+    `         --key <your key from above>\n` +
+    "  2. Restart your editor.\n" +
+    "  3. Test: \"Remember our package manager is pnpm\" → new chat → \"What do we use?\"\n\n" +
+    (input.serverHost.startsWith("localhost:")
+      ? "  Note: `localhost` only works if your teammates are on this same machine.\n" +
+        "  Swap the --server URL for a reachable address before sharing.\n"
+      : "");
+  const body =
+    `Krimto team mode — saved ${new Date().toISOString()}\n` +
+    `Team: ${teamLabel}\n\n` +
+    adminBlock +
+    inviteBlock +
+    dmTemplate;
+  await fs.writeFile(file, body, { encoding: "utf8", mode: 0o600 });
+  return file;
+}
+
 // === Interactive entry point ===============================================
 
 /**
@@ -166,7 +250,14 @@ export async function runTeamInit(opts: TeamInitOptions = {}): Promise<TeamInitR
       { adminEmail, teamSlug, teamName, gitRemote, teammates },
       opts,
     );
-    printApplyResult(result, io);
+
+    // Probe runtime + offer to restart the always-running service so team-mode auth takes
+    // effect on the SAME machine, in the SAME wizard run. The smoke-6 transcript ended with
+    // a copy-paste "Next" recipe (`KRIMTO_BOOTSTRAP_ADMIN=... npx serve`) the user couldn't
+    // run because their existing service held the data-dir lock. This closes that gap.
+    const restartOutcome = await maybeRestartServiceForTeamMode(result, opts);
+
+    printApplyResult(result, io, restartOutcome);
     return result;
   } catch (e) {
     if (isExitPrompt(e)) {
@@ -231,7 +322,14 @@ async function askGitRemote(io: WizardIO): Promise<string | undefined> {
   const url = (
     await input({
       message: "Remote URL (e.g. git@github.com:acme/krimto-data.git)",
-      validate: (v) => (v.trim().length > 0 ? true : "Please paste a URL or pick 'Not yet'"),
+      validate: (v) => {
+        const t = v.trim();
+        if (t.length === 0) return "Please paste a URL or pick 'Not yet'";
+        if (!looksLikeRemoteUrl(t)) {
+          return "URL must start with git@, https://, http://, ssh://, file://, or / (no bare 'github.com/...')";
+        }
+        return true;
+      },
     })
   ).trim();
   io.out("Will verify the push during apply.\n");
@@ -254,6 +352,74 @@ async function askTeammates(): Promise<string[]> {
   return list;
 }
 
+// === Post-apply service restart =============================================
+
+/**
+ * What happened when the wizard tried to flip the running service into team mode after apply.
+ * Drives the "Next" block in {@link printApplyResult}: when team mode is live, we don't print
+ * the copy-paste `KRIMTO_BOOTSTRAP_ADMIN=... npx serve` recipe.
+ */
+export type RestartOutcome =
+  | { kind: "no-service" }
+  | { kind: "declined" }
+  | { kind: "restarted"; portReady: boolean }
+  | { kind: "failed"; error: string };
+
+/**
+ * If the running Krimto IS the always-running service we installed, offer to restart it with
+ * `KRIMTO_BOOTSTRAP_ADMIN` baked in so team-mode auth takes effect immediately. Returns the
+ * outcome for the print step to render. Skipped silently when {@link TeamInitOptions.skipServiceRestart}
+ * is set (tests that don't want to exercise this path).
+ */
+async function maybeRestartServiceForTeamMode(
+  result: TeamInitResult,
+  opts: TeamInitOptions,
+): Promise<RestartOutcome> {
+  if (opts.skipServiceRestart) return { kind: "no-service" };
+  const io = opts.io ?? defaultIO;
+
+  const runtime = await inspectRuntime(
+    result.dataDir,
+    opts.homeDir ? { homeDir: opts.homeDir } : {},
+  );
+  if (!runtime.service.loaded || runtime.effectiveLaunchedBy !== "service") {
+    return { kind: "no-service" };
+  }
+
+  const wantRestart = await confirm({
+    message: "Restart the running Krimto service so team mode is enforced now? (~3s of downtime)",
+    default: true,
+  });
+  if (!wantRestart) return { kind: "declined" };
+
+  io.out("\n  Restarting service in team mode...\n");
+  try {
+    const install = await installService(
+      {
+        binPath: process.execPath,
+        args: [process.argv[1] ?? "krimto", "serve"],
+        env: {
+          KRIMTO_IDENTITY: result.adminEmail,
+          KRIMTO_DATA: result.dataDir,
+          KRIMTO_HTTP_PORT: "8080",
+          KRIMTO_BOOTSTRAP_ADMIN: result.adminEmail,
+        },
+        ...(opts.homeDir ? { homeDir: opts.homeDir } : {}),
+      },
+      {
+        platform: detectPlatform(),
+        ...(opts.dryRun ? { dryRun: opts.dryRun } : {}),
+      },
+    );
+    return { kind: "restarted", portReady: install.portReady !== false };
+  } catch (e) {
+    return { kind: "failed", error: e instanceof Error ? e.message : String(e) };
+  }
+}
+
+// Exposed for the integration test that asserts on the env block written to the plist.
+export { maybeRestartServiceForTeamMode };
+
 // === Pretty printing ========================================================
 
 function printPreamble(dataDir: string, io: WizardIO): void {
@@ -273,7 +439,7 @@ function printSummary(a: TeamInitAnswers, io: WizardIO): void {
   io.out(`  Teammates:    ${a.teammates.length === 0 ? "(none yet)" : a.teammates.join(", ")}\n\n`);
 }
 
-function printApplyResult(res: TeamInitResult, io: WizardIO): void {
+function printApplyResult(res: TeamInitResult, io: WizardIO, restart: RestartOutcome): void {
   io.out("  ✓ Admin promoted + members.yaml updated\n");
   io.out(`  ✓ Team "${res.teamSlug}" created\n`);
   if (res.invites.length > 0) {
@@ -302,7 +468,7 @@ function printApplyResult(res: TeamInitResult, io: WizardIO): void {
     }
     io.out("\n━━ DM template for each teammate ━━\n\n");
     io.out("  1. Install Krimto:\n");
-    io.out(`     $ npx @krimto-labs/krimto join \\\n`);
+    io.out(`     npx @krimto-labs/krimto join \\\n`);
     io.out(`         --server http://${res.serverHost} \\\n`);
     io.out(`         --key <your key from above>\n`);
     io.out("  2. Restart your editor.\n");
@@ -316,9 +482,31 @@ function printApplyResult(res: TeamInitResult, io: WizardIO): void {
     }
   }
 
+  if (res.inviteFilePath) {
+    io.out("━━ Backup ━━\n\n");
+    io.out(`  All keys + the DM template are also saved to:\n    ${res.inviteFilePath}\n`);
+    io.out(`  (mode 0600 — read by you only. Delete it once teammates have their keys.)\n\n`);
+  }
+
+  // The "Next" block depends on whether the running service was just flipped into team mode.
+  // When it was, the user's already done — just hand them the dashboard URL. When it wasn't
+  // (no service, declined, or install failed), fall back to the original copy-paste recipe.
   io.out("━━ Next ━━\n\n");
-  io.out("  • Start the server in team mode (if not already):\n");
-  io.out(`      $ KRIMTO_BOOTSTRAP_ADMIN=${res.adminEmail} npx @krimto-labs/krimto serve\n`);
-  io.out("  • View the dashboard at http://localhost:8080/ui/admin\n");
+  if (restart.kind === "restarted" && restart.portReady) {
+    io.out(`  🟢 Team mode is live on http://localhost:8080\n`);
+    io.out(`  • View the dashboard at http://localhost:8080/ui/admin\n`);
+  } else if (restart.kind === "restarted" && !restart.portReady) {
+    io.out(`  ⚠ Service restarted in team mode, but the port didn't come up in 10s.\n`);
+    io.out(`     Check /tmp/com.krimto.server.err.log (macOS) or \`journalctl --user -u krimto\` (Linux).\n`);
+    io.out(`  • View the dashboard at http://localhost:8080/ui/admin (once the port is up)\n`);
+  } else if (restart.kind === "failed") {
+    io.out(`  ⚠ Service restart failed: ${restart.error}\n`);
+    io.out(`     Start it yourself: KRIMTO_BOOTSTRAP_ADMIN=${res.adminEmail} npx @krimto-labs/krimto serve\n`);
+  } else {
+    // "declined" or "no-service" — print the original recipe (still without the literal `$`).
+    io.out("  • Start the server in team mode (if not already):\n");
+    io.out(`      KRIMTO_BOOTSTRAP_ADMIN=${res.adminEmail} npx @krimto-labs/krimto serve\n`);
+    io.out("  • View the dashboard at http://localhost:8080/ui/admin\n");
+  }
   io.out("  • Step back to solo with `krimto team disband` (data preserved)\n\n");
 }

package/src/cli/wizard.ts

@@ -258,7 +258,7 @@ async function runFreshWizard(
 ): Promise<ApplyResult | null> {
   io.out(`\nKrimto — Setting up your AI's memory · v${KRIMTO_VERSION}\n\n`);
   const envs = await detectEditorEnvironments(cwd, opts.homeDir);
-  printScan(envs, io);
+  printScan(envs, snapshot?.registeredEditors ?? [], io);
 
   // v0.2.31 — Gap D, "Keep current" intermediate prompt. On reconfigure runs (snapshot !==
   // null), each question is wrapped in a two-stage "Keep current / Reconfigure..." select so
@@ -498,16 +498,22 @@ async function askSearch(
 
 // === Pretty printing ========================================================
 
-function printScan(envs: EditorEnvironment[], io: WizardIO): void {
+function printScan(envs: EditorEnvironment[], registered: EditorKind[], io: WizardIO): void {
+  // Four states. The crucial split is "detected" vs "connected to Krimto": the smoke-6 user saw
+  // four detected editors then "Keep current (Cursor, Claude Code)" and didn't realize the other
+  // two weren't actually wired to Krimto's MCP. Now the scan output names that distinction.
+  const wired = new Set(registered);
   io.out("  Scanning your machine ...\n\n");
   for (const env of envs) {
-    // v0.2.21: three states — project-level, machine-level only, not found.
-    const dot = env.present ? "✓" : env.installed ? "~" : "–";
-    const note = env.present
-      ? "detected (in this project)"
-      : env.installed
-        ? "installed (machine-wide)"
-        : "not found";
+    const isWired = wired.has(env.editor);
+    const dot = isWired ? "✓" : env.present ? "✓" : env.installed ? "~" : "–";
+    const note = isWired
+      ? "connected to Krimto"
+      : env.present
+        ? "detected, not yet connected"
+        : env.installed
+          ? "installed (machine-wide), not connected"
+          : "not found";
     io.out(`    ${dot} ${EDITOR_LABEL[env.editor].padEnd(14)} ${note}\n`);
   }
   io.out("\n");

package/src/server/banner.ts

@@ -3,15 +3,18 @@
 
 import { connectSnippets } from "./connect";
 
-/** The placeholder identity that resolves when KRIMTO_IDENTITY is unset. Keep in sync with resolveIdentity(). */
+/** The placeholder identity that resolves when KRIMTO_IDENTITY is unset AND git config user.email is
+ * unset/invalid. Keep in sync with resolveIdentity()'s final fallback. */
 export const DEFAULT_IDENTITY = "user@localhost";
 
 /**
  * G2 — warn when the resolved identity is the unset-placeholder default. Two Krimto processes
  * on the same data dir (e.g. Cursor's stdio launch + a separate `serve` in her terminal) often
  * resolve to different identities — the MCP config sets one, the bare shell doesn't. The result
- * is scope mismatch: she writes facts under one identity and sees a different scope in /ui.
- * Returns an empty string when the identity was explicitly set.
+ * is scope mismatch: facts saved under one identity, viewed under another in /ui. After the
+ * smoke-6 fix, `resolveIdentity()` falls back to global git user.email before this placeholder,
+ * so the warning only fires when both sources are missing.
+ * Returns an empty string when a real identity was resolved.
  */
 export function identityWarning(identity: string): string {
   if (identity !== DEFAULT_IDENTITY) return "";

package/src/server/index.ts

@@ -8,6 +8,11 @@ import { fileURLToPath } from "node:url";
 import { homedir } from "node:os";
 import * as path from "node:path";
 import { promises as fs } from "node:fs";
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+
+const execFileAsync = promisify(execFile);
+const IDENTITY_EMAIL_RE = /^[^@\s]+@[^@\s]+$/;
 
 import { ApiKeyStore } from "../access/auth";
 import { bootstrapAdmin, reissueKey } from "./bootstrap";
@@ -49,14 +54,36 @@ import { type Requester } from "../access/scope";
 
 export type RequesterResolver = (extra: { authInfo?: AuthInfo }) => Requester;
 
-export const KRIMTO_VERSION = "0.2.35";
+export const KRIMTO_VERSION = "0.2.37";
 
 export function resolveDataDir(): string {
   return process.env.KRIMTO_DATA ?? path.join(homedir(), ".krimto");
 }
 
-export function resolveIdentity(): string {
-  return process.env.KRIMTO_IDENTITY ?? "user@localhost";
+/**
+ * Resolve the caller's identity in three steps: explicit env override, then the user's global
+ * git identity, then a last-resort placeholder.
+ *
+ * The git fallback closes the smoke-6 UX gap. The wizard sets `KRIMTO_IDENTITY` in editor MCP
+ * configs and the service plist — but not in the user's shell rc. Without the git fallback,
+ * a plain-terminal `krimto notes` ran as `user@localhost` and couldn't see facts the editor
+ * had saved under the wizard-configured identity — same data dir, two answers depending on
+ * shell env. The CLI now infers the same identity the wizard would have captured.
+ *
+ * Stays async because the git lookup shells out; every call site is already inside an async
+ * handler. Malformed env values fall through (we never persist a non-email as an identity).
+ */
+export async function resolveIdentity(): Promise<string> {
+  const env = process.env.KRIMTO_IDENTITY;
+  if (env && IDENTITY_EMAIL_RE.test(env)) return env;
+  try {
+    const { stdout } = await execFileAsync("git", ["config", "--global", "user.email"]);
+    const email = stdout.trim();
+    if (IDENTITY_EMAIL_RE.test(email)) return email;
+  } catch {
+    /* git missing, no global user.email — fall through to the placeholder */
+  }
+  return "user@localhost";
 }
 
 function ok(data: unknown): CallToolResult {
@@ -94,7 +121,9 @@ export function buildServer(ctx: ToolContext, resolveRequester?: RequesterResolv
         "durable fact, or when correcting a mistake you should not repeat. For the user's personal " +
         "scope use `user/me` (the server resolves it to their identity) — do not guess an email. The " +
         "write is rejected (with the list of scopes you may write to) if you target a scope you couldn't " +
-        "read back. Call krimto_recall first to avoid duplicates.",
+        "read back. Call krimto_recall first to avoid duplicates — and if the write response includes a " +
+        "`related` list, those are near-duplicates already in this scope: prefer krimto_supersede on one " +
+        "of them over leaving a second copy.",
       inputSchema: {
         scope: z
           .string()
@@ -281,7 +310,7 @@ export async function main(): Promise<void> {
 
   // Load membership AFTER bootstrap so the new admin is present.
   let membership = await loadMembership(dataDir);
-  const identity = resolveIdentity();
+  const identity = await resolveIdentity();
   const embedCfg = embeddingConfigFromEnv();
   const embeddingProvider = createEmbeddingProvider(embedCfg);
   const indexConfig: IndexConfig = {

package/src/server/tools.ts

@@ -9,7 +9,7 @@ import { isValidScope, type Requester } from "../access/scope";
 import { canRead, canWrite, isOrgAdmin, type Membership } from "../access/membership";
 import { FactIndex } from "../index/factIndex";
 import { Serializer } from "../index/serialize";
-import { rankCandidates } from "../retrieval/pipeline";
+import { lexicalSimilarity, rankCandidates } from "../retrieval/pipeline";
 import { type CommitBatcher } from "../storage/batcher";
 import { type ActivityLog } from "./activity";
 import { KrimtoError } from "./errors";
@@ -47,6 +47,12 @@ export interface WriteInput {
   source?: string;
   supersedes?: string[];
 }
+export interface RelatedFact {
+  id: string;
+  title: string;
+  /** Hybrid-retrieval score of the existing fact against the new one's title+body. */
+  score: number;
+}
 export interface WriteResult {
   id: string;
   scope: string;
@@ -56,6 +62,12 @@ export interface WriteResult {
   /** Human-readable hint for the agent to relay back. Teaches "this is just a file you can open." */
   hint: string;
   commit_sha: string | null;
+  /**
+   * Existing facts in the same scope that closely resemble the one just written. Surfaced so a
+   * weak agent that skipped krimto_recall still gets a chance to krimto_supersede instead of
+   * duplicating. Omitted when nothing similar was found.
+   */
+  related?: RelatedFact[];
 }
 
 export interface RecallInput {
@@ -148,6 +160,39 @@ function writableScopesFor(ctx: ToolContext): string[] {
   return scopes;
 }
 
+/**
+ * Token-cosine bar above which an existing fact is "the same thing, said again" rather than
+ * merely sharing a word. Tuned from the smoke-6 cases: a near-duplicate (pizza vs pizza+sushi)
+ * scores ~0.8 and a same-topic update (pizza vs tacos) ~0.7, while two facts that only share a
+ * generic qualifier (favorite FOOD vs favorite COLOR) score ~0.38. 0.5 sits cleanly between.
+ */
+const DUPLICATE_SIMILARITY_THRESHOLD = 0.5;
+
+/**
+ * Existing facts in `scope` that closely resemble `${title} ${body}` — the server-side backstop
+ * for the "call krimto_recall first" rule. FTS narrows the candidate set; token cosine then
+ * filters out facts that merely share a generic word. Excludes anything the new write already
+ * supersedes (no point nagging about a fact it's replacing). Top 3, most-similar first.
+ */
+async function findRelatedFacts(
+  ctx: ToolContext,
+  scope: string,
+  title: string,
+  body: string,
+  supersedes: string[] | undefined,
+  now: Date,
+): Promise<RelatedFact[]> {
+  const text = `${title} ${body}`;
+  const candidates = await ctx.index.searchCandidates(text, { readableScopes: [scope], now });
+  const excluded = new Set(supersedes ?? []);
+  return candidates
+    .filter((c) => !excluded.has(c.id))
+    .map((c) => ({ id: c.id, title: c.title, score: lexicalSimilarity(text, `${c.title} ${c.body}`) }))
+    .filter((r) => r.score >= DUPLICATE_SIMILARITY_THRESHOLD)
+    .sort((a, b) => b.score - a.score)
+    .slice(0, 3);
+}
+
 /** Create a new fact. Author comes from the requester identity; scope is required. */
 export async function krimtoWrite(ctx: ToolContext, input: WriteInput): Promise<WriteResult> {
   // "user/me"/"user/self" (and bare "me"/"self") mean the caller's own personal scope. An agent
@@ -179,6 +224,14 @@ export async function krimtoWrite(ctx: ToolContext, input: WriteInput): Promise<
     });
   }
   return ctx.writeQueue.run(async () => {
+    // Run the near-duplicate check BEFORE the new fact is indexed, so it can't match itself.
+    // Best-effort: a failure here must never block a write — the hint is observational.
+    let related: RelatedFact[] = [];
+    try {
+      related = await findRelatedFacts(ctx, scope, input.title, input.body, input.supersedes, clock(ctx));
+    } catch {
+      /* dedup hint is advisory — never let it break the write path */
+    }
     const fact = createFact({
       scope,
       title: input.title,
@@ -224,6 +277,12 @@ export async function krimtoWrite(ctx: ToolContext, input: WriteInput): Promise<
         `git auto-commits every 30s, run \`npx @krimto-labs/krimto --help\` for the full CLI surface, ` +
         `or \`npx @krimto-labs/krimto storage\` for the storage model.)`;
     }
+    if (related.length > 0) {
+      const list = related.map((r) => `"${r.title}" (${r.id})`).join(", ");
+      hint +=
+        `\n⚠ Similar existing fact${related.length > 1 ? "s" : ""} in this scope: ${list}. ` +
+        `If this updates ${related.length > 1 ? "one of them" : "it"}, call krimto_supersede instead of leaving a duplicate.`;
+    }
     return {
       id: fact.frontmatter.id,
       scope: fact.frontmatter.scope,
@@ -231,6 +290,7 @@ export async function krimtoWrite(ctx: ToolContext, input: WriteInput): Promise<
       absolute_path: absolutePath,
       hint,
       commit_sha: null,
+      ...(related.length > 0 ? { related } : {}),
     };
   });
 }