@vellumai/assistant 0.6.2 → 0.6.3

package/src/daemon/date-context.ts

@@ -18,14 +18,14 @@ export interface TemporalContextOptions {
   userTimeZone?: string | null;
 }
 
-const WEEKDAY_SHORT = [
-  "Sun",
-  "Mon",
-  "Tue",
-  "Wed",
-  "Thu",
-  "Fri",
-  "Sat",
+const WEEKDAY_LONG = [
+  "Sunday",
+  "Monday",
+  "Tuesday",
+  "Wednesday",
+  "Thursday",
+  "Friday",
+  "Saturday",
 ] as const;
 const UTC_GMT_OFFSET_TOKEN_RE = /^(?:UTC|GMT)([+-])(\d{1,2})(?::?(\d{2}))?$/i;
 
@@ -295,7 +295,7 @@ function formatLocalDate(date: Date, timeZone: string): string {
  * Uses the timezone resolution cascade:
  * explicit override → configured user tz → profile user tz → host fallback.
  *
- * Returns format: `2026-04-02 (Thu) 01:52:33 -05:00 (America/Chicago)`
+ * Returns format: `2026-04-02 (Thursday) 01:52:33 -05:00 (America/Chicago)`
  */
 export function formatTurnTimestamp(
   options: TemporalContextOptions = {},
@@ -322,7 +322,7 @@ export function formatTurnTimestamp(
 
   const dateStr = formatLocalDate(now, timeZone);
   const todayParts = localDateParts(now, timeZone);
-  const dayName = WEEKDAY_SHORT[todayParts.weekday];
+  const dayName = WEEKDAY_LONG[todayParts.weekday];
 
   const fmt = new Intl.DateTimeFormat("en-US", {
     timeZone,

package/src/daemon/first-greeting.ts

@@ -5,10 +5,11 @@ import { getWorkspacePromptPath } from "../util/platform.js";
 /**
  * The canned assistant response for the wake-up greeting on a fresh workspace.
  * Warm, non-presumptuous greeting that communicates "I'm new," "I improve over
- * time," "I'm ready to be useful," and "you're in control."
+ * time," and invites the user to lead with whatever they want — a task, a
+ * question, or getting to know each other.
  */
 export const CANNED_FIRST_GREETING =
-  "Hey, I'm brand new. No name, no memories, nothing yet. Think of me like a new colleague on their first day: I'll get better the more we work together. First things first, let's figure out how we work best. What should I call you?";
+  "Hey — I'm brand new. No name, no memories, no idea who you are yet. I'll get sharper the more we work together. What can I do for you?";
 
 /**
  * Returns `true` when all of the following are true:

package/src/daemon/handlers/conversations.ts

@@ -1,11 +1,5 @@
 import { v4 as uuid } from "uuid";
 
-import {
-  type InterfaceId,
-  parseChannelId,
-  parseInterfaceId,
-  supportsHostProxy,
-} from "../../channels/types.js";
 import { getConfig } from "../../config/loader.js";
 import {
   createCanonicalGuardianRequest,
@@ -14,28 +8,18 @@ import {
 import {
   batchSetDisplayOrders,
   clearAll,
-  createConversation,
   getConversation,
   updateConversationTitle,
 } from "../../memory/conversation-crud.js";
 import { resolveConversationId } from "../../memory/conversation-key-store.js";
-import {
-  GENERATING_TITLE,
-  queueGenerateConversationTitle,
-  UNTITLED_FALLBACK,
-} from "../../memory/conversation-title-service.js";
 import * as pendingInteractions from "../../runtime/pending-interactions.js";
 import { redactSecrets } from "../../security/secret-scanner.js";
 import { getSubagentManager } from "../../subagent/index.js";
 import { summarizeToolInput } from "../../tools/tool-input-summary.js";
 import { truncate } from "../../util/truncate.js";
 import type { Conversation } from "../conversation.js";
-import { HostBashProxy } from "../host-bash-proxy.js";
-import { HostCuProxy } from "../host-cu-proxy.js";
-import { HostFileProxy } from "../host-file-proxy.js";
 import type {
   ConfirmationResponse,
-  ConversationCreateRequest,
   ConversationRenameRequest,
   ConversationSwitchRequest,
   DeleteQueuedMessage,
@@ -132,6 +116,12 @@ export function makeEventSender(params: {
         conversationId,
         kind: "host_bash",
       });
+    } else if (event.type === "host_browser_request") {
+      pendingInteractions.register(event.requestId, {
+        conversation,
+        conversationId,
+        kind: "host_browser",
+      });
     } else if (event.type === "host_file_request") {
       pendingInteractions.register(event.requestId, {
         conversation,
@@ -227,130 +217,6 @@ export function clearAllConversations(ctx: HandlerContext): number {
   return cleared;
 }
 
-export async function handleConversationCreate(
-  msg: ConversationCreateRequest,
-  ctx: HandlerContext,
-): Promise<void> {
-  const conversationType = normalizeConversationType(msg.conversationType);
-  const title =
-    msg.title ?? (msg.initialMessage ? GENERATING_TITLE : "New Conversation");
-  const conversation = createConversation({
-    title,
-    conversationType,
-  });
-  const conversationObj = await ctx.getOrCreateConversation(conversation.id, {
-    systemPromptOverride: msg.systemPromptOverride,
-    maxResponseTokens: msg.maxResponseTokens,
-    transport: msg.transport,
-  });
-
-  // Pre-activate skills before sending conversation_info so they're available
-  // for the initial message processing.
-  if (msg.preactivatedSkillIds?.length) {
-    conversationObj.setPreactivatedSkillIds(msg.preactivatedSkillIds);
-  }
-
-  ctx.send({
-    type: "conversation_info",
-    conversationId: conversation.id,
-    title: conversation.title ?? "New Conversation",
-    ...(msg.correlationId ? { correlationId: msg.correlationId } : {}),
-    conversationType: normalizeConversationType(conversation.conversationType),
-  });
-
-  // Auto-send the initial message if provided, kick-starting the skill.
-  if (msg.initialMessage) {
-    // Queue title generation eagerly — some processMessage paths (guardian
-    // replies, unknown slash commands) bypass the agent loop entirely, so
-    // we can't rely on the agent loop's early title generation alone.
-    // The agent loop also queues title generation, but isReplaceableTitle
-    // prevents double-writes since the first to complete sets a real title.
-    if (title === GENERATING_TITLE) {
-      queueGenerateConversationTitle({
-        conversationId: conversation.id,
-        context: { origin: "local" },
-        userMessage: msg.initialMessage,
-        onTitleUpdated: (newTitle) => {
-          ctx.send({
-            type: "conversation_title_updated",
-            conversationId: conversation.id,
-            title: newTitle,
-          });
-        },
-      });
-    }
-
-    const requestId = uuid();
-    const transportChannel =
-      parseChannelId(msg.transport?.channelId) ?? "vellum";
-    const sendEvent = makeEventSender({
-      ctx,
-      conversation: conversationObj,
-      conversationId: conversation.id,
-      sourceChannel: transportChannel,
-    });
-    conversationObj.setTurnChannelContext({
-      userMessageChannel: transportChannel,
-      assistantMessageChannel: transportChannel,
-    });
-    const transportInterface: InterfaceId =
-      parseInterfaceId(msg.transport?.interfaceId) ?? "vellum";
-    conversationObj.setTurnInterfaceContext({
-      userMessageInterface: transportInterface,
-      assistantMessageInterface: transportInterface,
-    });
-    // Only create the host bash proxy for desktop client interfaces that can
-    // execute commands on the user's machine. Set before updateClient so
-    // updateClient's call to hostBashProxy.updateSender targets the new proxy.
-    if (supportsHostProxy(transportInterface)) {
-      const proxy = new HostBashProxy(sendEvent, (requestId) => {
-        pendingInteractions.resolve(requestId);
-      });
-      conversationObj.setHostBashProxy(proxy);
-      const fileProxy = new HostFileProxy(sendEvent, (requestId) => {
-        pendingInteractions.resolve(requestId);
-      });
-      conversationObj.setHostFileProxy(fileProxy);
-      const cuProxy = new HostCuProxy(sendEvent, (requestId) => {
-        pendingInteractions.resolve(requestId);
-      });
-      conversationObj.setHostCuProxy(cuProxy);
-      conversationObj.addPreactivatedSkillId("computer-use");
-    }
-    conversationObj.updateClient(sendEvent, false);
-    conversationObj
-      .processMessage(msg.initialMessage, [], sendEvent, requestId)
-      .catch((err) => {
-        const message = err instanceof Error ? err.message : String(err);
-        log.error(
-          { err, conversationId: conversation.id },
-          "Error processing initial message",
-        );
-        ctx.send({
-          type: "error",
-          message: `Failed to process initial message: ${message}`,
-        });
-
-        // Replace stuck loading placeholder with a stable fallback title
-        // if title generation hasn't already completed or been renamed.
-        try {
-          const current = getConversation(conversation.id);
-          if (current && current.title === GENERATING_TITLE) {
-            const fallback = UNTITLED_FALLBACK;
-            updateConversationTitle(conversation.id, fallback);
-            ctx.send({
-              type: "conversation_title_updated",
-              conversationId: conversation.id,
-              title: fallback,
-            });
-          }
-        } catch {
-          // Best-effort fallback
-        }
-      });
-  }
-}
-
 /**
  * Switch to an existing conversation. Returns conversation info on success,
  * or throws/returns an error result when the conversation is not found.
@@ -362,6 +228,7 @@ export async function switchConversation(
   conversationId: string;
   title: string;
   conversationType: ReturnType<typeof normalizeConversationType>;
+  hostAccess: boolean;
 } | null> {
   const conversation = getConversation(conversationId);
   if (!conversation) {
@@ -384,6 +251,7 @@ export async function switchConversation(
     conversationId: conversation.id,
     title: conversation.title ?? "Untitled",
     conversationType: normalizeConversationType(conversation.conversationType),
+    hostAccess: conversation.hostAccess === 1,
   };
 }
 
@@ -405,6 +273,7 @@ export async function handleConversationSwitch(
     conversationId: result.conversationId,
     title: result.title,
     conversationType: result.conversationType,
+    hostAccess: result.hostAccess,
   });
 }
 

package/src/daemon/handlers/shared.ts

@@ -110,6 +110,11 @@ export interface ConversationCreateOptions {
   transport?: ConversationTransportMetadata;
   assistantId?: string;
   trustContext?: TrustContext;
+  /**
+   * Active task-run scope for this turn. Cleared when omitted so background
+   * task permissions do not leak into later turns on a reused conversation.
+   */
+  taskRunId?: string;
   /** Normalized auth context for the conversation. */
   authContext?: AuthContext;
   /** Whether this turn can block on interactive approval prompts. */
@@ -344,6 +349,59 @@ export function renderHistoryContent(content: unknown): RenderedHistoryContent {
       }
       continue;
     }
+    if (block.type === "server_tool_use") {
+      finalizeSegment();
+      const name = typeof block.name === "string" ? block.name : "unknown";
+      const input = isRecord(block.input)
+        ? (block.input as Record<string, unknown>)
+        : {};
+      const id = typeof block.id === "string" ? block.id : "";
+      const entry: HistoryToolCall = { name, input };
+      toolCalls.push(entry);
+      if (id) pendingToolUses.set(id, entry);
+      contentOrder.push(`tool:${toolCalls.length - 1}`);
+      if (!seenToolUse) {
+        seenToolUse = true;
+        if (!seenText) toolCallsBeforeText = true;
+      }
+      continue;
+    }
+    if (block.type === "web_search_tool_result") {
+      const toolUseId =
+        typeof block.tool_use_id === "string" ? block.tool_use_id : "";
+      const isError =
+        isRecord(block.content) &&
+        (block.content as { type?: string }).type ===
+          "web_search_tool_result_error";
+
+      // Format search results into readable text.
+      let resultContent = "";
+      if (Array.isArray(block.content)) {
+        resultContent = (block.content as unknown[])
+          .filter(
+            (r): r is { type: string; title: string; url: string } =>
+              typeof r === "object" &&
+              r != null &&
+              (r as { type?: string }).type === "web_search_result",
+          )
+          .map((r) => `${r.title}\n${r.url}`)
+          .join("\n\n");
+      }
+
+      const matched = toolUseId ? pendingToolUses.get(toolUseId) : null;
+      if (matched) {
+        matched.result = resultContent;
+        matched.isError = isError;
+      } else {
+        toolCalls.push({
+          name: "web_search",
+          input: {},
+          result: resultContent,
+          isError,
+        });
+      }
+      continue;
+    }
     if (block.type === "tool_result") {
       const toolUseId =
         typeof block.tool_use_id === "string" ? block.tool_use_id : "";

package/src/daemon/handlers/skills.ts

@@ -9,7 +9,7 @@ import {
   statSync,
 } from "node:fs";
 import { homedir } from "node:os";
-import { join, relative } from "node:path";
+import { basename, join, relative, sep } from "node:path";
 
 import { isAssistantFeatureFlagEnabled } from "../../config/assistant-feature-flags.js";
 import {
@@ -31,9 +31,21 @@ import {
   getConfiguredProvider,
   userMessage,
 } from "../../providers/provider-send-message.js";
-import { isTextMimeType as isTextMime } from "../../runtime/routes/workspace-utils.js";
+import {
+  isTextMimeType as isTextMime,
+  MAX_INLINE_TEXT_SIZE,
+} from "../../runtime/routes/workspace-utils.js";
 import { getCatalog } from "../../skills/catalog-cache.js";
 import {
+  hasHiddenOrSkippedSegment,
+  readCatalogSkillFileContent,
+  readCatalogSkillFiles,
+  sanitizeRelativePath,
+  type SkillFileEntry,
+  SKIP_DIRS,
+} from "../../skills/catalog-files.js";
+import {
+  type CatalogSkill,
   installSkillLocally,
   upsertSkillsIndex,
 } from "../../skills/catalog-install.js";
@@ -64,6 +76,7 @@ import {
 import { getWorkspaceSkillsDir } from "../../util/platform.js";
 import type {
   SkillDetailResponse,
+  SkillFileContentResponse,
   SlimSkillResponse,
 } from "../message-types/skills.js";
 import {
@@ -73,10 +86,6 @@ import {
   log,
 } from "./shared.js";
 
-// ─── MIME detection helpers ───────────────────────────────────────────────────
-
-const MAX_INLINE_SIZE = 2 * 1024 * 1024; // 2 MB
-
 // ─── Shared context for standalone functions ─────────────────────────────────
 
 /**
@@ -364,7 +373,7 @@ export async function listSkillsWithCatalog(
   const installed = listSkills(ctx);
   const installedIds = new Set(installed.map((s) => s.id));
 
-  let catalogSkills: import("../../skills/catalog-install.js").CatalogSkill[];
+  let catalogSkills: CatalogSkill[];
   try {
     catalogSkills = await getCatalog();
   } catch {
@@ -376,15 +385,7 @@ export async function listSkillsWithCatalog(
   // Create SlimSkillResponses for catalog skills not already installed.
   const available: SlimSkillResponse[] = catalogSkills
     .filter((cs) => !installedIds.has(cs.id))
-    .map((cs) => ({
-      id: cs.id,
-      name: cs.metadata?.vellum?.["display-name"] ?? cs.name,
-      description: cs.description,
-      emoji: cs.emoji,
-      kind: "catalog" as const,
-      origin: "vellum" as const,
-      status: "available" as const,
-    }));
+    .map((cs) => catalogSkillToSlim(cs));
 
   const merged = [...installed, ...available];
 
@@ -494,16 +495,12 @@ export async function getSkill(
 
 // ─── Skill file listing ──────────────────────────────────────────────────────
 
-export interface SkillFileEntry {
-  path: string; // relative to skill directory root (e.g. "SKILL.md", "tools/foo.ts")
-  name: string; // basename
-  size: number;
-  mimeType: string;
-  isBinary: boolean;
-  content: string | null; // inline text if ≤ 2 MB and text MIME, else null
-}
-
-const SKIP_DIRS = new Set(["node_modules", "__pycache__", ".git"]);
+// `SkillFileEntry` lives in `../../skills/catalog-files.ts` to keep a single
+// source of truth for the shape and avoid a circular import (catalog-files
+// depends on `catalog-cache.ts`, which would otherwise be reachable via this
+// handler module). Re-exported here so handlers can import it alongside
+// the other skill handler exports.
+export type { SkillFileEntry } from "../../skills/catalog-files.js";
 
 /**
  * Returns true if `filePath` is a symlink whose resolved real path escapes
@@ -550,7 +547,7 @@ function readDirRecursive(dir: string, rootDir: string): SkillFileEntry[] {
       const mimeType = Bun.file(fullPath).type;
       const isText = isTextMime(mimeType, dirent.name);
       let content: string | null = null;
-      if (isText && stat.size <= MAX_INLINE_SIZE) {
+      if (isText && stat.size <= MAX_INLINE_TEXT_SIZE) {
         content = readFileSync(fullPath, "utf-8");
       }
       entries.push({
@@ -568,26 +565,224 @@ function readDirRecursive(dir: string, rootDir: string): SkillFileEntry[] {
   return entries;
 }
 
-export function getSkillFiles(
+/**
+ * Map a `CatalogSkill` (from the Vellum platform API) to a `SlimSkillResponse`
+ * shaped for the "available catalog skill" case. Shared between
+ * `listSkillsWithCatalog` (merging catalog entries into the installed list)
+ * and `getSkillFiles` (catalog fallback for preview listings). Keeping the
+ * mapping in one place avoids divergence between the list and detail paths.
+ */
+function catalogSkillToSlim(cs: CatalogSkill): SlimSkillResponse {
+  return {
+    id: cs.id,
+    name: cs.metadata?.vellum?.["display-name"] ?? cs.name,
+    description: cs.description,
+    emoji: cs.emoji,
+    kind: "catalog",
+    origin: "vellum",
+    status: "available",
+  };
+}
+
+/**
+ * Read a single file's content from an installed or catalog skill.
+ *
+ * Installed-skill path (eager): reads the file directly from the skill's
+ * on-disk directory. Applies lexical containment, symlink rejection, and
+ * realpath containment checks for defense in depth.
+ *
+ * Catalog fallback: when the skill id is not backed by a local directory
+ * (e.g. an uninstalled Vellum catalog skill), delegates to
+ * `readCatalogSkillFileContent`, which handles both the dev-mode repo
+ * checkout path and the platform preview API path internally.
+ */
+export async function getSkillFileContent(
   skillId: string,
+  relativePath: string,
   _ctx: SkillOperationContext,
-):
+): Promise<SkillFileContentResponse | { error: string; status: number }> {
+  const sanitized = sanitizeRelativePath(relativePath);
+  if (!sanitized) {
+    return { error: "Invalid path", status: 400 };
+  }
+
+  // Reject any sanitized path that references a hidden segment (dotfiles
+  // like `.env`, dot-dirs like `.git`) or a SKIP_DIRS segment (e.g.
+  // `node_modules`, `__pycache__`). Both file-listing endpoints (installed
+  // and catalog) intentionally omit these entries, so allowing the content
+  // endpoint to read them would create a data-exposure path and break
+  // parity with the visible file list. This check runs BEFORE both the
+  // installed-skill disk read and the catalog fallback so the rejection
+  // is uniform regardless of source.
+  if (hasHiddenOrSkippedSegment(sanitized)) {
+    return { error: "Invalid path", status: 400 };
+  }
+
+  const found = findSkillById(skillId);
+  if (found) {
+    if (!existsSync(found.summary.directoryPath)) {
+      // Resolver lists the skill as installed but the directory is missing
+      // on disk (corrupted install, mid-delete race, external unmount, etc.).
+      // Return a distinct 404 instead of falling through to the catalog path
+      // so the content response stays consistent with `listSkillsWithCatalog`
+      // and `getSkillFiles`, which classify the same id as `kind: "installed"`.
+      return {
+        error: `Skill directory missing for "${skillId}"`,
+        status: 404,
+      };
+    }
+    const dir = found.summary.directoryPath;
+    const abs = join(dir, sanitized);
+
+    // Lexical containment: the resolved absolute path must stay inside the
+    // skill directory even after `join` normalization. Cheap short-circuit
+    // before any fs calls.
+    if (!(abs === dir || abs.startsWith(dir + sep))) {
+      return { error: "Invalid path", status: 400 };
+    }
+
+    // Defense-in-depth symlink rejection: refuse to follow a symlinked file
+    // inside the skill dir that could point outside the root. Also catches
+    // symlinked parent directories via a realpath containment check.
+    let lstat;
+    try {
+      lstat = lstatSync(abs);
+    } catch {
+      return { error: "File not found", status: 404 };
+    }
+    if (lstat.isSymbolicLink()) {
+      return { error: "File not found", status: 404 };
+    }
+    if (!lstat.isFile()) {
+      return { error: "File not found", status: 404 };
+    }
+
+    let realAbs: string;
+    let realDir: string;
+    try {
+      realAbs = realpathSync(abs);
+      realDir = realpathSync(dir);
+    } catch {
+      return { error: "File not found", status: 404 };
+    }
+    if (!(realAbs === realDir || realAbs.startsWith(realDir + sep))) {
+      return { error: "File not found", status: 404 };
+    }
+
+    let stat;
+    try {
+      stat = statSync(abs);
+    } catch {
+      return { error: "File not found", status: 404 };
+    }
+    if (!stat.isFile()) {
+      return { error: "File not found", status: 404 };
+    }
+
+    const name = basename(sanitized);
+    const mimeType = Bun.file(abs).type;
+    const isText = isTextMime(mimeType, name);
+    const isBinary = !isText;
+    let content: string | null = null;
+    if (isText && stat.size <= MAX_INLINE_TEXT_SIZE) {
+      try {
+        content = readFileSync(abs, "utf-8");
+      } catch {
+        content = null;
+      }
+    }
+    return {
+      path: sanitized,
+      name,
+      size: stat.size,
+      mimeType,
+      isBinary,
+      content,
+    };
+  }
+
+  // Catalog fallback: skill is not installed locally. Try the catalog
+  // preview helper, which handles both dev-mode repo checkouts and the
+  // platform preview API.
+  let catalog: Awaited<ReturnType<typeof getCatalog>> = [];
+  try {
+    catalog = await getCatalog();
+  } catch {
+    catalog = [];
+  }
+  const inCatalog = catalog.some((s) => s.id === skillId);
+  if (!inCatalog) {
+    return { error: "Skill not found", status: 404 };
+  }
+
+  const result = await readCatalogSkillFileContent(skillId, sanitized);
+  if (!result) {
+    return { error: "File not found", status: 404 };
+  }
+  return {
+    path: result.path,
+    name: result.name,
+    size: result.size,
+    mimeType: result.mimeType,
+    isBinary: result.isBinary,
+    content: result.content,
+  };
+}
+
+export async function getSkillFiles(
+  skillId: string,
+  _ctx: SkillOperationContext,
+): Promise<
   | { skill: SlimSkillResponse; files: SkillFileEntry[] }
-  | { error: string; status: number } {
+  | { error: string; status: number }
+> {
+  // Preferred path: the skill is resolved locally (bundled, managed,
+  // workspace, or extra) AND its directory exists on disk. Read files
+  // eagerly with inline content.
   const found = findSkillById(skillId);
-  if (!found) {
+  if (found) {
+    if (existsSync(found.summary.directoryPath)) {
+      const dirPath = found.summary.directoryPath;
+      const files = readDirRecursive(dirPath, dirPath);
+      files.sort((a, b) => a.path.localeCompare(b.path));
+      return { skill: found.item, files };
+    }
+    // Resolver lists the skill as installed but the directory is missing
+    // on disk (corrupted install, mid-delete race, external unmount, etc.).
+    // Return a distinct 404 instead of falling through to the catalog path
+    // so the detail response stays consistent with `listSkillsWithCatalog`,
+    // which classifies the same id as `kind: "installed"`.
+    return {
+      error: `Skill directory missing for "${skillId}"`,
+      status: 404,
+    };
+  }
+
+  // Fallback: skill is not installed. Try the Vellum catalog — this covers
+  // previewing files for an uninstalled catalog skill without touching the
+  // install flow.
+  let catalog: CatalogSkill[];
+  try {
+    catalog = await getCatalog();
+  } catch {
+    return { error: `Skill "${skillId}" not found`, status: 404 };
+  }
+  const cs = catalog.find((c) => c.id === skillId);
+  if (!cs) {
     return { error: `Skill "${skillId}" not found`, status: 404 };
   }
 
-  const dirPath = found.summary.directoryPath;
-  if (!existsSync(dirPath)) {
-    return { error: `Skill directory not found for "${skillId}"`, status: 404 };
+  const files = await readCatalogSkillFiles(skillId);
+  if (files === null) {
+    return {
+      error: `Skill files unavailable for "${skillId}"`,
+      status: 404,
+    };
   }
 
-  const files = readDirRecursive(dirPath, dirPath);
+  const skill = catalogSkillToSlim(cs);
   files.sort((a, b) => a.path.localeCompare(b.path));
-
-  return { skill: found.item, files };
+  return { skill, files };
 }
 
 export function enableSkill(