@microwiseai/snapshot 0.3.46 → 0.3.57

package/dist/commands/install.js

@@ -5,7 +5,7 @@ import { homedir, platform, arch } from 'os';
 import { join } from 'path';
 import { fetchSnapshotFromRepo, snapshotNameToRepoName } from '../lib/gitlab.js';
 import { saveCurrentSnapshot } from '../lib/snapshot.js';
-import { getLicenseKey, REGISTRY_PROXY_URL, VENDOR_NAME, PACKAGE_NAME, getIstCredentials, LICENSE_API_URL, verifyLicenseKey, PUBLIC_PACKAGES } from '../lib/config.js';
+import { getLicenseKey, getProxyAuthToken, exchangeSessionToken, REGISTRY_PROXY_URL, VENDOR_NAME, PACKAGE_NAME, getIstCredentials, LICENSE_API_URL, verifyLicenseKey, PUBLIC_PACKAGES } from '../lib/config.js';
 import { resolveSnapshotDependencies } from '../lib/package-resolver.js';
 // transitive-resolver removed — npm handles dependency resolution automatically
 import { installSkitPackage } from '../lib/skit-adapter.js';
@@ -79,7 +79,7 @@ const DEFAULT_INSTALLERS = {
 /**
  * Configure .npmrc for registry-proxy with session token
  */
-function configureNpmrcForProxy(scopes, licenseKey) {
+function configureNpmrcForProxy(scopes) {
     const npmrcPath = join(homedir(), '.npmrc');
     let originalContent = null;
     // Backup existing .npmrc
@@ -105,8 +105,8 @@ function configureNpmrcForProxy(scopes, licenseKey) {
     for (const scope of scopes) {
         lines.push(`${scope}:registry=${REGISTRY_PROXY_URL}/`);
     }
-    // Add auth token for proxy
-    lines.push(`//${proxyHost}/:_authToken=${licenseKey}`);
+    // 환경변수 참조 — 토큰 직접 안 넣음 (npm이 ${ENV_VAR} 구문을 해석)
+    lines.push(`//${proxyHost}/:_authToken=\${IST_SESSION_TOKEN}`);
     writeFileSync(npmrcPath, lines.join('\n') + '\n');
     return { path: npmrcPath, content: originalContent };
 }
@@ -324,33 +324,73 @@ async function installPackagesByType(packages, installerName, installers, snapsh
             return result;
         }
     }
-    // Install packages in parallel
+    // Install packages
     const isNpmInstaller = installerName === 'npm-proxy' || installerConfig.command.includes('npm install');
     const entries = recordToEntries(packages);
-    const parallelResult = await parallelInstall(entries, async (entry) => {
-        // Skip if already installed with same version (for npm global packages)
-        if (isNpmInstaller && isNpmGlobalInstalled(entry.name, entry.version)) {
-            return { success: true };
-        }
-        const pkgSpec = `${entry.name}@${entry.version}`;
-        const command = installerConfig.command.replace('{pkg}', pkgSpec);
-        const success = runCommand(command);
-        return { success, error: success ? undefined : `Command failed: ${command}` };
-    }, {
-        concurrency: 4,
-        onProgress: (event) => {
-            const { result: r, current, total: t } = event;
-            const progress = `[${current}/${t}]`;
-            if (r.success) {
-                console.log(`${indent}${chalk.blue(progress)} ${r.spec}...${chalk.green(' ✓')}`);
+    if (isNpmInstaller) {
+        // Batch install: collect all not-yet-installed packages and run a single npm install -g
+        const toInstall = [];
+        for (const entry of entries) {
+            if (isNpmGlobalInstalled(entry.name, entry.version)) {
+                console.log(`${indent}${chalk.gray('skip')} ${entry.name}@${entry.version}${chalk.green(' (already installed)')}`);
+                result.installed.push(`${entry.name}@${entry.version}`);
             }
             else {
-                console.log(`${indent}${chalk.blue(progress)} ${r.spec}...${chalk.red(' ✗')}`);
+                toInstall.push(entry);
             }
-        },
-    });
-    result.installed.push(...parallelResult.installed);
-    result.failed.push(...parallelResult.failed);
+        }
+        if (toInstall.length > 0) {
+            const specs = toInstall.map(e => `${e.name}@${e.version}`);
+            const batchCommand = installerConfig.command.replace('{pkg}', specs.join(' '));
+            console.log(chalk.gray(`${indent}  Running batch: npm install -g (${specs.length} packages)`));
+            const success = runCommand(batchCommand);
+            if (success) {
+                for (const spec of specs) {
+                    console.log(`${indent}${chalk.blue('batch')} ${spec}...${chalk.green(' ✓')}`);
+                }
+                result.installed.push(...specs);
+            }
+            else {
+                console.log(chalk.red(`${indent}  Batch install failed, falling back to individual installs...`));
+                for (const entry of toInstall) {
+                    const pkgSpec = `${entry.name}@${entry.version}`;
+                    const command = installerConfig.command.replace('{pkg}', pkgSpec);
+                    const ok = runCommand(command);
+                    if (ok) {
+                        console.log(`${indent}${chalk.blue('fallback')} ${pkgSpec}...${chalk.green(' ✓')}`);
+                        result.installed.push(pkgSpec);
+                    }
+                    else {
+                        console.log(`${indent}${chalk.blue('fallback')} ${pkgSpec}...${chalk.red(' ✗')}`);
+                        result.failed.push(pkgSpec);
+                    }
+                }
+            }
+        }
+    }
+    else {
+        // Non-npm installer: use parallel install as before
+        const parallelResult = await parallelInstall(entries, async (entry) => {
+            const pkgSpec = `${entry.name}@${entry.version}`;
+            const command = installerConfig.command.replace('{pkg}', pkgSpec);
+            const success = runCommand(command);
+            return { success, error: success ? undefined : `Command failed: ${command}` };
+        }, {
+            concurrency: 4,
+            onProgress: (event) => {
+                const { result: r, current, total: t } = event;
+                const progress = `[${current}/${t}]`;
+                if (r.success) {
+                    console.log(`${indent}${chalk.blue(progress)} ${r.spec}...${chalk.green(' ✓')}`);
+                }
+                else {
+                    console.log(`${indent}${chalk.blue(progress)} ${r.spec}...${chalk.red(' ✗')}`);
+                }
+            },
+        });
+        result.installed.push(...parallelResult.installed);
+        result.failed.push(...parallelResult.failed);
+    }
     return result;
 }
 export async function installSnapshot(snapshot, depth = 0, parentInstallers = {}, options = {}) {
@@ -539,29 +579,74 @@ export async function installSnapshot(snapshot, depth = 0, parentInstallers = {}
                     continue;
                 }
             }
-            // Install packages in parallel
+            // Install packages
             const installEntries = recordToEntries(packages);
             const installCfg = installerConfig; // capture for closure
-            const parallelResult = await parallelInstall(installEntries, async (entry) => {
-                const pkgSpec = `${entry.name}@${entry.version}`;
-                const command = installCfg.command.replace('{pkg}', pkgSpec);
-                const success = runCommand(command);
-                return { success, error: success ? undefined : `Command failed: ${command}` };
-            }, {
-                concurrency: 4,
-                onProgress: (event) => {
-                    const { result: r, current, total: t } = event;
-                    const progress = `[${current}/${t}]`;
-                    if (r.success) {
-                        console.log(`${indent}${chalk.blue(progress)} ${r.spec}...${chalk.green(' ✓')}`);
+            const isNpmType = installerName === 'npm-proxy' || installCfg.command.includes('npm install');
+            if (isNpmType) {
+                // Batch install: collect all not-yet-installed packages and run a single npm install -g
+                const toInstall = [];
+                for (const entry of installEntries) {
+                    if (isNpmGlobalInstalled(entry.name, entry.version)) {
+                        console.log(`${indent}${chalk.gray('skip')} ${entry.name}@${entry.version}${chalk.green(' (already installed)')}`);
+                        result.installed.push(`${entry.name}@${entry.version}`);
                     }
                     else {
-                        console.log(`${indent}${chalk.blue(progress)} ${r.spec}...${chalk.red(' ✗')}`);
+                        toInstall.push(entry);
                     }
-                },
-            });
-            result.installed.push(...parallelResult.installed);
-            result.failed.push(...parallelResult.failed);
+                }
+                if (toInstall.length > 0) {
+                    const specs = toInstall.map(e => `${e.name}@${e.version}`);
+                    const batchCommand = installCfg.command.replace('{pkg}', specs.join(' '));
+                    console.log(chalk.gray(`${indent}  Running batch: npm install -g (${specs.length} packages)`));
+                    const success = runCommand(batchCommand);
+                    if (success) {
+                        for (const spec of specs) {
+                            console.log(`${indent}${chalk.blue('batch')} ${spec}...${chalk.green(' ✓')}`);
+                        }
+                        result.installed.push(...specs);
+                    }
+                    else {
+                        console.log(chalk.red(`${indent}  Batch install failed, falling back to individual installs...`));
+                        for (const entry of toInstall) {
+                            const pkgSpec = `${entry.name}@${entry.version}`;
+                            const command = installCfg.command.replace('{pkg}', pkgSpec);
+                            const ok = runCommand(command);
+                            if (ok) {
+                                console.log(`${indent}${chalk.blue('fallback')} ${pkgSpec}...${chalk.green(' ✓')}`);
+                                result.installed.push(pkgSpec);
+                            }
+                            else {
+                                console.log(`${indent}${chalk.blue('fallback')} ${pkgSpec}...${chalk.red(' ✗')}`);
+                                result.failed.push(pkgSpec);
+                            }
+                        }
+                    }
+                }
+            }
+            else {
+                // Non-npm installer: use parallel install as before
+                const parallelResult = await parallelInstall(installEntries, async (entry) => {
+                    const pkgSpec = `${entry.name}@${entry.version}`;
+                    const command = installCfg.command.replace('{pkg}', pkgSpec);
+                    const success = runCommand(command);
+                    return { success, error: success ? undefined : `Command failed: ${command}` };
+                }, {
+                    concurrency: 4,
+                    onProgress: (event) => {
+                        const { result: r, current, total: t } = event;
+                        const progress = `[${current}/${t}]`;
+                        if (r.success) {
+                            console.log(`${indent}${chalk.blue(progress)} ${r.spec}...${chalk.green(' ✓')}`);
+                        }
+                        else {
+                            console.log(`${indent}${chalk.blue(progress)} ${r.spec}...${chalk.red(' ✗')}`);
+                        }
+                    },
+                });
+                result.installed.push(...parallelResult.installed);
+                result.failed.push(...parallelResult.failed);
+            }
         }
     }
     // Legacy: packages (use glpkg) - parallel
@@ -619,6 +704,55 @@ export async function installSnapshot(snapshot, depth = 0, parentInstallers = {}
     }
     return { result, installers };
 }
+/**
+ * Recursively collect all npm-type packages from snapshot and its extends chain.
+ * npm-type = installer is 'npm-proxy' OR command contains 'npm install'.
+ * When useProxy=true, glpkg/gitlab-install are also treated as npm (effectiveInstallers override).
+ * Skips skit packages. Returns Record<name, version>.
+ */
+async function collectAllNpmPackages(snapshot, useProxy = true) {
+    const npmPackages = {};
+    // Helper: is this installer name npm-type?
+    const isNpmInstaller = (installerName) => {
+        if (installerName === 'skit')
+            return false;
+        if (installerName === 'npm-proxy')
+            return true;
+        if (useProxy && (installerName === 'glpkg' || installerName === 'gitlab-install'))
+            return true;
+        const cfg = snapshot.installers?.[installerName] || DEFAULT_INSTALLERS[installerName];
+        return cfg ? cfg.command.includes('npm install') : false;
+    };
+    // Collect from snapshot.install
+    if (snapshot.install) {
+        for (const [installerName, packages] of Object.entries(snapshot.install)) {
+            if (isNpmInstaller(installerName)) {
+                Object.assign(npmPackages, packages);
+            }
+        }
+    }
+    // Legacy: snapshot.packages uses glpkg → npm when useProxy
+    if (useProxy && snapshot.packages) {
+        Object.assign(npmPackages, snapshot.packages);
+    }
+    // Recurse into extends chain
+    if (snapshot.extends) {
+        try {
+            const baseSnapshot = await fetchSnapshotFromRepo(snapshot.extends);
+            const baseNpmPackages = await collectAllNpmPackages(baseSnapshot, useProxy);
+            // Base packages: don't override current snapshot's versions
+            for (const [name, version] of Object.entries(baseNpmPackages)) {
+                if (!(name in npmPackages)) {
+                    npmPackages[name] = version;
+                }
+            }
+        }
+        catch {
+            // If base snapshot fetch fails, continue with what we have.
+        }
+    }
+    return npmPackages;
+}
 /**
  * Recursively collect all packages from snapshot and its extends chain.
  * This ensures .npmrc is configured with ALL scopes before installation begins,
@@ -658,51 +792,6 @@ export async function installCommand(name) {
 ║                    Snapshot Installer                        ║
 ╚══════════════════════════════════════════════════════════════╝
 `));
-    // ========== IST Login Check ==========
-    // Public packages can be installed without login (defined in config.ts)
-    // Strip version from name for comparison (e.g., @ist/minimal@0.6.9 -> @ist/minimal)
-    const packageNameOnly = name.includes('@', 1) ? name.substring(0, name.lastIndexOf('@')) : name;
-    const isPublicPackage = PUBLIC_PACKAGES.includes(packageNameOnly);
-    const istCredentials = getIstCredentials();
-    if (istCredentials?.userId) {
-        console.log(chalk.green('✓') + ' IST login verified');
-    }
-    else if (isPublicPackage) {
-        console.log(chalk.yellow('⚠') + ' No IST login - installing public package');
-    }
-    else {
-        console.log(chalk.red('⛔ IST login required for non-public packages'));
-        console.log(chalk.gray('   Run: ist auth login'));
-        console.log(chalk.gray('   Or install @ist/minimal first (no login required)'));
-        process.exit(1);
-    }
-    // ======================================
-    // ========== License Check ==========
-    // Use local license key storage (from 'snapshot license activate')
-    const storedLicenseKey = getLicenseKey();
-    let licenseValid = false;
-    if (storedLicenseKey) {
-        try {
-            const verifyResult = await verifyLicenseKey(storedLicenseKey);
-            if (verifyResult.valid) {
-                licenseValid = true;
-                markLicenseChecked(PACKAGE_NAME);
-                console.log(chalk.green('✓') + ' License verified');
-            }
-            else {
-                console.log(chalk.yellow('⚠') + ' License invalid - trying anonymous access...');
-            }
-        }
-        catch {
-            console.log(chalk.yellow('⚠') + ' License check failed - trying anonymous access...');
-        }
-    }
-    else {
-        // No license key - try anonymous access (public packages will work via registry-proxy)
-        console.log(chalk.yellow('⚠') + ' No license - trying anonymous access...');
-        console.log(chalk.gray('  (Public packages will install without license)'));
-    }
-    // ====================================
     // Validate name
     let repoName;
     try {
@@ -719,16 +808,32 @@ export async function installCommand(name) {
     }
     console.log(chalk.gray(`Snapshot: ${name}`));
     console.log(chalk.gray(`Repo: ${repoName}`));
-    // Check auth: license key for registry-proxy
+    // Check auth: exchange fresh session token
     const licenseKey = getLicenseKey();
-    const useProxy = true; // Always use registry-proxy
+    let sessionToken = null;
     if (licenseKey) {
-        console.log(chalk.green('✓') + ' Using registry-proxy with license key');
+        sessionToken = licenseKey;
+        console.log(chalk.green('✓') + ' Using license key');
     }
     else {
-        console.log(chalk.yellow('⚠') + ' No license key - trying anonymous access');
+        // Fresh token 교환 시도
+        sessionToken = await exchangeSessionToken();
+        if (sessionToken) {
+            console.log(chalk.green('✓') + ' Session token acquired');
+        }
+        else {
+            // 기존 토큰 폴백
+            sessionToken = getProxyAuthToken();
+            if (sessionToken) {
+                console.log(chalk.green('✓') + ' Using existing session token');
+            }
+            else {
+                console.log(chalk.yellow('⚠') + ' No auth token - trying anonymous access');
+            }
+        }
     }
-    // Fetch snapshot
+    const useProxy = true;
+    // Fetch snapshot first — access check depends on snapshot.json content
     console.log(chalk.gray('Fetching snapshot...'));
     let snapshot;
     try {
@@ -744,15 +849,64 @@ export async function installCommand(name) {
     if (snapshot.description) {
         console.log(chalk.gray(`  ${snapshot.description}`));
     }
-    // ========== Transitive Resolution REMOVED ==========
-    // npm install -g handles dependency resolution automatically.
-    // Transitive resolution was incorrectly installing internal deps
-    // as separate global packages (e.g., 7 CLI packages → 37 packages).
-    // Now we only install the packages explicitly listed in snapshot.json.
-    // =====================================================
-    // ========== Snapshot Access Check ==========
-    if (snapshot.access && typeof snapshot.access === 'object' && snapshot.access.type === 'licensed') {
-        const productId = snapshot.access.productId;
+    // ========== Access Check (based on snapshot.json access field) ==========
+    // Determine access type from snapshot.json:
+    //   - access: "public"                      → no login/license required
+    //   - access: "authenticated"               → IST login required, no license needed
+    //   - access: { type: "licensed", productId } → license required
+    //   - access field absent                    → fallback to PUBLIC_PACKAGES for backward compat
+    const packageNameOnly = name.includes('@', 1) ? name.substring(0, name.lastIndexOf('@')) : name;
+    const accessField = snapshot.access;
+    const isPublicAccess = accessField === 'public'
+        || (!accessField && PUBLIC_PACKAGES.includes(packageNameOnly)); // fallback for old snapshots without access field
+    const isAuthenticatedAccess = accessField === 'authenticated';
+    const isLicensedAccess = !!accessField && typeof accessField === 'object' && accessField.type === 'licensed';
+    // --- IST Login Check ---
+    const istCredentials = getIstCredentials();
+    if (istCredentials?.userId) {
+        console.log(chalk.green('✓') + ' IST login verified');
+    }
+    else if (isPublicAccess) {
+        console.log(chalk.yellow('⚠') + ' No IST login - installing public package');
+    }
+    else {
+        console.log(chalk.red('⛔ IST login required for non-public packages'));
+        console.log(chalk.gray('   Run: ist auth login'));
+        console.log(chalk.gray('   Or install a public snapshot first (no login required)'));
+        process.exit(1);
+    }
+    // --- License Check ---
+    const storedLicenseKey = getLicenseKey();
+    let licenseValid = false;
+    if (isPublicAccess || isAuthenticatedAccess) {
+        // Public and authenticated snapshots — skip license check entirely
+        const label = isAuthenticatedAccess ? 'Authenticated' : 'Public';
+        console.log(chalk.green('✓') + ` ${label} snapshot - no license required`);
+    }
+    else if (storedLicenseKey) {
+        try {
+            const verifyResult = await verifyLicenseKey(storedLicenseKey);
+            if (verifyResult.valid) {
+                licenseValid = true;
+                markLicenseChecked(PACKAGE_NAME);
+                console.log(chalk.green('✓') + ' License verified');
+            }
+            else {
+                console.log(chalk.yellow('⚠') + ' License invalid - trying anonymous access...');
+            }
+        }
+        catch {
+            console.log(chalk.yellow('⚠') + ' License check failed - trying anonymous access...');
+        }
+    }
+    else {
+        // No license key - try anonymous access
+        console.log(chalk.yellow('⚠') + ' No license - trying anonymous access...');
+        console.log(chalk.gray('  (Public packages will install without license)'));
+    }
+    // --- Licensed Snapshot Gate ---
+    if (isLicensedAccess) {
+        const productId = accessField.productId;
         if (!licenseValid) {
             console.log('');
             console.log(chalk.red('⛔ This snapshot requires a license'));
@@ -762,11 +916,10 @@ export async function installCommand(name) {
         }
         console.log(chalk.green('✓') + ` License verified for ${productId}`);
     }
-    // access가 없거나 'public'이면 그냥 통과
-    // ============================================
+    // =======================================================================
     // ========== Authorize Session with Registry Proxy ==========
     let sessionId;
-    if (licenseKey) {
+    if (licenseKey || sessionToken) {
         // Collect all packages for session authorization
         const sessionPackages = [];
         // From snapshot.install
@@ -785,17 +938,20 @@ export async function installCommand(name) {
         }
         // Transitive deps removed — npm handles dependency resolution automatically
         if (sessionPackages.length > 0) {
+            // Determine auth token: licenseKey takes priority, fallback to sessionToken
+            const authToken = licenseKey || sessionToken;
             console.log(chalk.gray(`Authorizing session for ${sessionPackages.length} packages...`));
             console.log(chalk.gray(`  Packages: ${sessionPackages.join(', ')}`));
+            console.log(chalk.gray(`  Auth type: ${licenseKey ? 'license key' : 'session token'}`));
             try {
-                sessionId = await authorizeSession(licenseKey, name, sessionPackages);
+                sessionId = await authorizeSession(authToken, name, sessionPackages);
                 console.log(chalk.green('✓') + ' Session authorized: ' + sessionId);
             }
             catch (error) {
                 const errMsg = error instanceof Error ? error.message : String(error);
-                // Session authorization failure is not fatal - fallback to license key auth
+                // Session authorization failure is not fatal - fallback to token auth
                 console.log(chalk.yellow('⚠') + ` Session authorization failed: ${errMsg}`);
-                console.log(chalk.gray('  Falling back to license key authentication...'));
+                console.log(chalk.gray('  Falling back to token authentication...'));
             }
         }
     }
@@ -807,12 +963,14 @@ export async function installCommand(name) {
     if (useProxy) {
         const scopes = extractScopes(allPackages);
         if (scopes.length > 0) {
-            if (licenseKey) {
+            if (sessionToken) {
+                // 환경변수에 설정 (npm이 .npmrc의 ${IST_SESSION_TOKEN}을 해석)
+                process.env.IST_SESSION_TOKEN = sessionToken;
                 console.log(chalk.gray(`Configuring registry-proxy for scopes: ${scopes.join(', ')}`));
-                npmrcBackup = configureNpmrcForProxy(scopes, licenseKey);
+                npmrcBackup = configureNpmrcForProxy(scopes);
             }
             else {
-                // Anonymous mode - configure proxy without auth token
+                // No auth token at all — anonymous mode (public packages only)
                 console.log(chalk.gray(`Configuring registry-proxy (anonymous) for scopes: ${scopes.join(', ')}`));
                 npmrcBackup = configureNpmrcForProxyAnonymous(scopes);
             }
@@ -825,7 +983,58 @@ export async function installCommand(name) {
         effectiveInstallers['glpkg'] = DEFAULT_INSTALLERS['npm-proxy'];
         effectiveInstallers['gitlab-install'] = DEFAULT_INSTALLERS['npm-proxy'];
     }
+    // ========== Pre-install: batch all npm packages from extends chain ==========
+    // Collect all npm-type packages across the entire extends chain and install
+    // them in a single `npm install -g` call, instead of one per snapshot layer.
+    const allNpmPackages = await collectAllNpmPackages(snapshot, useProxy);
+    const npmEntries = Object.entries(allNpmPackages);
+    if (npmEntries.length > 0) {
+        console.log('');
+        console.log(chalk.cyan(`► Pre-installing ${npmEntries.length} npm packages from entire extends chain...`));
+        // Filter out already-installed packages
+        const toInstall = [];
+        for (const [name, version] of npmEntries) {
+            if (isNpmGlobalInstalled(name, version)) {
+                console.log(`  ${chalk.gray('skip')} ${name}@${version}${chalk.green(' (already installed)')}`);
+            }
+            else {
+                toInstall.push({ name, version });
+            }
+        }
+        if (toInstall.length > 0) {
+            const specs = toInstall.map(e => `${e.name}@${e.version}`);
+            const npmCommand = DEFAULT_INSTALLERS['npm-proxy'].command.replace('{pkg}', specs.join(' '));
+            console.log(chalk.gray(`  Running single batch: npm install -g (${specs.length} packages)`));
+            const batchSuccess = runCommand(npmCommand);
+            if (batchSuccess) {
+                for (const spec of specs) {
+                    console.log(`  ${chalk.blue('batch')} ${spec}...${chalk.green(' ✓')}`);
+                }
+                console.log(chalk.green(`✓ Pre-installed ${specs.length} npm packages in one batch`));
+            }
+            else {
+                // Batch failed - fall back to individual installs
+                console.log(chalk.yellow('  Batch install failed, falling back to individual installs...'));
+                for (const entry of toInstall) {
+                    const pkgSpec = `${entry.name}@${entry.version}`;
+                    const cmd = DEFAULT_INSTALLERS['npm-proxy'].command.replace('{pkg}', pkgSpec);
+                    const ok = runCommand(cmd);
+                    if (ok) {
+                        console.log(`  ${chalk.blue('fallback')} ${pkgSpec}...${chalk.green(' ✓')}`);
+                    }
+                    else {
+                        console.log(`  ${chalk.blue('fallback')} ${pkgSpec}...${chalk.red(' ✗')}`);
+                    }
+                }
+            }
+        }
+        else {
+            console.log(chalk.green('✓ All npm packages already installed'));
+        }
+    }
+    // =============================================================================
     // Install (handles extends recursively)
+    // installSnapshot's internal isNpmGlobalInstalled checks will skip already-installed packages
     let installError = null;
     let result = { installed: [], failed: [] };
     try {
@@ -847,6 +1056,8 @@ export async function installCommand(name) {
             restoreNpmrc(npmrcBackup);
             console.log(chalk.gray('Restored .npmrc'));
         }
+        // 환경변수 정리
+        delete process.env.IST_SESSION_TOKEN;
     }
     if (installError) {
         console.log(chalk.red(`Error during installation: ${installError.message}`));
@@ -879,6 +1090,18 @@ export async function installCommand(name) {
         console.log('');
         console.log(chalk.green('✓') + ' Snapshot info saved');
     }
+    // Post-install: run doctor to check prerequisites
+    console.log('');
+    const { checkPrerequisites, MINIMAL_PREREQUISITES } = await import('../lib/prerequisites.js');
+    const prereqResults = checkPrerequisites(MINIMAL_PREREQUISITES);
+    const missingPrereqs = prereqResults.filter(r => !r.installed);
+    if (missingPrereqs.length > 0) {
+        console.log(chalk.yellow(`\n⚠ ${missingPrereqs.length} prerequisite(s) not satisfied:`));
+        for (const r of missingPrereqs) {
+            console.log(`  ${chalk.red('❌')} ${r.name} — required by ${r.requiredBy.join(', ')}`);
+        }
+        console.log(chalk.gray(`\nRun 'snapshot setup' to install, or 'snapshot doctor' for details.`));
+    }
     // Send telemetry (fire and forget)
     sendInstallTelemetry({
         package: snapshot.name,