atris 3.5.0 → 3.11.0

package/commands/brainstorm.js

@@ -3,7 +3,7 @@ const path = require('path');
 const readline = require('readline');
 const { getLogPath, ensureLogDirectory, createLogFile } = require('../lib/journal');
 const { loadConfig } = require('../utils/config');
-const { loadCredentials } = require('../utils/auth');
+const { loadCredentials, ensureValidCredentials } = require('../utils/auth');
 const { apiRequestJson } = require('../utils/api');
 const { planAtris, doAtris, reviewAtris } = require('./workflow');
 
@@ -58,8 +58,9 @@ async function brainstormAtris() {
   // Optional: fetch journal context from backend (for hints only)
   let remoteJournalContext = '';
   const config = loadConfig();
-  const credentials = loadCredentials();
-  
+  const ensured1 = await ensureValidCredentials(apiRequestJson);
+  const credentials = ensured1.error ? null : ensured1.credentials;
+
   if (useCloudJournal && config.agent_id && credentials && credentials.token) {
     try {
       console.log('📖 Fetching latest journal entry from AtrisOS...');
@@ -623,8 +624,9 @@ async function autopilotAtris(initialIdea = null) {
   // Try to fetch latest journal entry from backend
   let journalContext = '';
   const config = loadConfig();
-  const credentials = loadCredentials();
-  
+  const ensured2 = await ensureValidCredentials(apiRequestJson);
+  const credentials = ensured2.error ? null : ensured2.credentials;
+
   if (config.agent_id && credentials && credentials.token) {
     try {
       const journalResult = await apiRequestJson(`/agents/${config.agent_id}/journal/today`, {

package/commands/clean.js

@@ -197,6 +197,15 @@ function healBrokenMapRefs(cwd, atrisDir, dryRun = false) {
   // Required delimiter [(,[,—,-] prevents bleeding into adjacent refs on same line
   const refPattern = /(`?)([a-zA-Z0-9_\-./\\]+\.(js|ts|py|go|rs|rb|java|c|cpp|h|hpp|md|json|yaml|yml)):(\d+)(?:-(\d+))?(`?)([^\S\n]*[\(\[—\-][^\S\n]*([^)\]\n]+))?/g;
 
+  // Function Inventory form: `symbolName()` → `file:line[-line]`
+  // Pre-scan to build a (file:line) → symbol map so refs with the symbol BEFORE them still verify.
+  const preRefSymbols = {};
+  const preRefPattern = /`([a-zA-Z_][a-zA-Z0-9_]*)\s*\(?\s*\)?`\s*(?:→|->)\s*`([a-zA-Z0-9_\-./\\]+\.(?:js|ts|py|go|rs|rb|java|c|cpp|h|hpp|md|json|yaml|yml)):(\d+)(?:-\d+)?`/g;
+  let preMatch;
+  while ((preMatch = preRefPattern.exec(mapContent)) !== null) {
+    preRefSymbols[`${preMatch[2]}:${preMatch[3]}`] = preMatch[1];
+  }
+
   // Cache file reads
   const fileCache = {};
   function readFileCached(filePath) {
@@ -228,7 +237,8 @@ function healBrokenMapRefs(cwd, atrisDir, dryRun = false) {
       continue;
     }
 
-    const symbol = extractSymbol(contextPart);
+    let symbol = extractSymbol(contextPart);
+    if (!symbol) symbol = preRefSymbols[`${filePath}:${startLine}`] || null;
 
     // Check if reference is still accurate
     const outOfBounds = startLine > file.lines.length || (endLine && endLine > file.lines.length);
@@ -445,9 +455,15 @@ function checkPageStaleness(cwd, filePath) {
     .map(line => line.replace(/^\s+-\s+/, '').trim())
     .filter(Boolean);
 
-  // Check each source's mtime against last_compiled
+  // Check each source's mtime against last_compiled.
+  // Source entries can include a line range and/or a parenthesized annotation,
+  // e.g. "bin/atris.js:199-340 (showHelp function)" — strip both before stat.
   for (const source of sources) {
-    const sourcePath = path.isAbsolute(source) ? source : path.join(cwd, source);
+    const filePart = source
+      .replace(/\s*\([^)]*\)\s*$/, '')   // drop trailing "(annotation)"
+      .replace(/:\d+(-\d+)?$/, '')        // drop trailing ":N" or ":N-M"
+      .trim();
+    const sourcePath = path.isAbsolute(filePart) ? filePart : path.join(cwd, filePart);
     try {
       const stat = fs.statSync(sourcePath);
       if (stat.mtime > compiledDate) {

package/commands/computer.js

@@ -693,6 +693,36 @@ async function resolveBusinessContext(token) {
   return null;
 }
 
+async function resolveBusinessContextBySlug(token, slug) {
+  if (!slug) return null;
+
+  const businesses = loadBusinesses();
+  const list = await apiRequestJson('/business/', { method: 'GET', token });
+  if (list.ok) {
+    const match = (list.data || []).find(
+      (b) => b.slug === slug || (b.name || '').toLowerCase() === slug.toLowerCase()
+    );
+    if (match) {
+      businesses[match.slug || slug] = {
+        business_id: match.id,
+        workspace_id: match.workspace_id,
+        name: match.name,
+        slug: match.slug,
+        added_at: new Date().toISOString(),
+      };
+      saveBusinesses(businesses);
+      return {
+        slug: match.slug,
+        businessId: match.id,
+        workspaceId: match.workspace_id,
+        businessName: match.name || match.slug,
+      };
+    }
+  }
+
+  return null;
+}
+
 function shellQuote(value) {
   return `'${String(value).replace(/'/g, `'\\''`)}'`;
 }
@@ -2288,6 +2318,7 @@ async function runComputer() {
     console.log('  local-byo       Open LOCAL BYO Claude mode; Anthropic tokens, no cloud audit');
     console.log('  --cloud         Open CLOUD workspace mode in the bound business workspace');
     console.log('  cloud           Open CLOUD workspace mode in the bound business workspace');
+    console.log('  codeops         Open Atris CodeOps cloud workspace if your account has access');
     console.log('  --worker        Cloud worker override: claude | openai');
     console.log('  --model         Cloud model override');
     console.log('  claude|codex    Legacy local console backends');
@@ -2319,6 +2350,7 @@ async function runComputer() {
     console.log('  atris computer --cloud');
     console.log('  atris computer --cloud --worker openai --model gpt-5.4');
     console.log('  atris computer cloud');
+    console.log('  atris computer codeops');
     console.log('  atris computer status');
     console.log('  atris computer wake');
     console.log('  atris computer run "ls -la /workspace"');
@@ -2331,6 +2363,17 @@ async function runComputer() {
   const token = getToken();
   const ctx = await resolveBusinessContext(token);
 
+  if (sub === 'codeops') {
+    const codeopsCtx = await resolveBusinessContextBySlug(token, 'atris-codeops');
+    if (!codeopsCtx) {
+      console.error('Atris CodeOps is not available for this account.');
+      console.error('Ask an Atris CodeOps admin to add you to the atris-codeops business.');
+      return;
+    }
+    await computerChat(token, codeopsCtx, { worker: 'claude', ...cloudOptions });
+    return;
+  }
+
   if (sub === '--cloud' || sub === 'cloud') {
     await computerChat(token, ctx, cloudOptions);
     return;

package/commands/integrations.js

@@ -10,20 +10,25 @@
  *   atris slack channels    - List Slack channels
  */
 
-const { loadCredentials } = require('../utils/auth');
+const { loadCredentials, ensureValidCredentials } = require('../utils/auth');
 const { apiRequestJson } = require('../utils/api');
 
-function getAuth() {
-  const creds = loadCredentials();
+async function getAuth() {
+  const ensured = await ensureValidCredentials(apiRequestJson);
+  const creds = ensured.error ? null : ensured.credentials;
   if (!creds || !creds.token) {
-    console.error('Not logged in. Run: atris login');
+    if (ensured.error && ensured.error !== 'not_logged_in') {
+      console.error(`Authentication failed: ${ensured.detail || ensured.error}. Run: atris login`);
+    } else {
+      console.error('Not logged in. Run: atris login');
+    }
     process.exit(1);
   }
   return { token: creds.token, email: creds.email || 'unknown' };
 }
 
 async function getAuthToken() {
-  return getAuth().token;
+  return (await getAuth()).token;
 }
 
 // ============================================================================
@@ -31,7 +36,7 @@ async function getAuthToken() {
 // ============================================================================
 
 async function gmailInbox(options = {}) {
-  const { token, email } = getAuth();
+  const { token, email } = await getAuth();
   const limit = options.limit || 10;
 
   console.log('📬 Fetching inbox...\n');
@@ -129,7 +134,7 @@ async function gmailCommand(subcommand, ...args) {
 // ============================================================================
 
 async function calendarToday() {
-  const { token, email } = getAuth();
+  const { token, email } = await getAuth();
 
   console.log('📅 Today\'s events:\n');
 
@@ -224,7 +229,7 @@ async function twitterPost(text) {
 
   if (!result.ok) {
     if (result.status === 400 || result.status === 401) {
-      const { email } = getAuth();
+      const { email } = await getAuth();
       console.error(`Twitter not connected for ${email}.`);
       console.error('Connect at: https://atris.ai/dashboard/settings');
       console.error(`Make sure you're signed in as ${email} on the web.`);
@@ -268,7 +273,7 @@ async function slackChannels() {
 
   if (!result.ok) {
     if (result.status === 400 || result.status === 401) {
-      const { email } = getAuth();
+      const { email } = await getAuth();
       console.error(`Slack not connected for ${email}.`);
       console.error('Connect at: https://atris.ai/dashboard/settings');
       console.error(`Make sure you're signed in as ${email} on the web.`);

package/commands/pull.js

@@ -10,6 +10,7 @@ const { loadBusinesses } = require('./business');
 const { loadManifest, saveManifest, computeFileHash, buildManifest, computeLocalHashes, threeWayCompare } = require('../lib/manifest');
 const { normalizeWikiOnlyPrefix } = require('../lib/wiki');
 const { emitSyncEvent, startTimer } = require('../lib/sync-telemetry');
+const { resolveSafeOutputDir } = require('../lib/workspace-safety');
 
 function pruneEmptyParentDirs(filePath, stopDir) {
   let current = path.dirname(filePath);
@@ -163,22 +164,44 @@ async function pullBusiness(slug) {
   }
   const timeoutMs = timeoutSec * 1000;
 
-  // Determine output directory
+  // Determine output directory.
+  //
+  // We only reuse the current working directory when we can prove it's the
+  // correct workspace for THIS business — i.e. it has a `.atris/business.json`
+  // whose slug matches `slug`. Any other signal (a stray `atris/` folder, a
+  // business.json for a different business, etc.) is NOT enough: pulling
+  // atris-labs-1 on top of a pallet workspace would mix two businesses into
+  // one directory and write pallet's manifest over atris-labs-1's (or vice
+  // versa), causing the next sync to do strange things.
+  //
+  // Fallback: create a fresh ./{slug}/ subdir. Always safe — even if cwd is
+  // $HOME or /tmp, we land in a dedicated subfolder.
   const intoIdx = process.argv.indexOf('--into');
   let outputDir;
   if (intoIdx !== -1 && process.argv[intoIdx + 1]) {
     outputDir = path.resolve(process.argv[intoIdx + 1]);
-  } else if (fs.existsSync(path.join(process.cwd(), '.atris', 'business.json'))) {
-    // Inside a pulled workspace — pull into current dir (no nesting)
-    outputDir = process.cwd();
-  } else if (fs.existsSync(path.join(process.cwd(), 'atris')) && fs.statSync(path.join(process.cwd(), 'atris')).isDirectory()) {
-    // Inside an atris init'd workspace — merge business into current dir
-    outputDir = process.cwd();
   } else {
-    // Default: ./{slug}/ in current directory
-    outputDir = path.join(process.cwd(), slug);
+    const bizFile = path.join(process.cwd(), '.atris', 'business.json');
+    let cwdMatchesSlug = false;
+    if (fs.existsSync(bizFile)) {
+      try {
+        const biz = JSON.parse(fs.readFileSync(bizFile, 'utf8'));
+        const cwdSlug = biz.slug || biz.name;
+        cwdMatchesSlug = cwdSlug === slug;
+      } catch {
+        // Corrupt business.json — ignore, treat as no match.
+      }
+    }
+    outputDir = cwdMatchesSlug ? process.cwd() : path.join(process.cwd(), slug);
   }
 
+  // Auto-relocate if the resolved outputDir is dangerous ($HOME, /, /Users,
+  // system dirs, reserved home folders). Non-technical users shouldn't have
+  // to know about mkdir/cd — atris picks a safe subdir and tells them.
+  // Paired with the manifest-scoped sweep below, this makes it impossible
+  // for a stray cwd to cause atris to delete user files.
+  ({ dir: outputDir } = resolveSafeOutputDir(outputDir, { slug, op: 'pull into' }));
+
   // Resolve business ID — always refresh from API to avoid stale workspace_id
   let businessId, workspaceId, businessName, resolvedSlug;
   const businesses = loadBusinesses();
@@ -564,14 +587,27 @@ async function pullBusiness(slug) {
   }
   if (force) {
     const remotePathSet = new Set(Object.keys(remoteFiles));
+
+    // SAFETY: only sweep files atris previously wrote (recorded in the
+    // manifest). Local-only files that were never on cloud are the user's
+    // own — atris didn't put them there, atris doesn't delete them. This
+    // makes it impossible for a stray cwd (e.g. $HOME) to cause atris to
+    // wipe ~/Library, ~/Downloads, etc.
+    //
+    // If there's no prior manifest (first pull), there's nothing to sweep —
+    // threeWayCompare already handled newRemote/conflicts/newLocal, and we
+    // have no basis for claiming ownership of any local-only file.
+    const managedPaths = manifest && manifest.files ? Object.keys(manifest.files) : [];
+    const sweepCandidates = managedPaths.filter(isInScope).filter((p) => localFiles[p]);
     const inScopeLocal = Object.keys(localFiles).filter(isInScope);
+
     if (remotePathSet.size === 0 && inScopeLocal.length > 0) {
       console.log('');
       console.log('  ⚠ Cloud reported zero files but local has in-scope content. Refusing to sweep.');
       console.log('    This usually means the snapshot endpoint glitched. Try again,');
       console.log('    or run `atris align --hard` if you really want to nuke local.');
     } else {
-      for (const p of inScopeLocal) {
+      for (const p of sweepCandidates) {
         if (remotePathSet.has(p)) continue;
         if (SERVER_HIDDEN_BASENAMES.has(basename(p))) continue;
         const localPath = path.join(outputDir, p.replace(/^\//, ''));

package/commands/push.js

@@ -7,6 +7,7 @@ const { loadBusinesses, saveBusinesses } = require('./business');
 const { loadManifest, saveManifest, buildManifest, computeLocalHashes } = require('../lib/manifest');
 const { normalizeWikiOnlyPrefix } = require('../lib/wiki');
 const { emitSyncEvent, startTimer } = require('../lib/sync-telemetry');
+const { assertSafeWorkspaceRoot } = require('../lib/workspace-safety');
 
 async function pushAtris() {
   const elapsedMs = startTimer();
@@ -83,6 +84,9 @@ async function pushAtris() {
 
   if (!fs.existsSync(sourceDir)) { console.error(`Source not found: ${sourceDir}`); process.exit(1); }
 
+  // Refuse to walk/upload dangerous paths ($HOME, /, /Users, system dirs).
+  assertSafeWorkspaceRoot(sourceDir, { slug, op: 'push from' });
+
   // Resolve business — always refresh from API
   let businessId, workspaceId, businessName, resolvedSlug;
   const businesses = loadBusinesses();
@@ -292,13 +296,73 @@ async function pushAtris() {
   let pushed = 0;
   let deleted = 0;
   let skipped = [];
+  // Files we sent that the server did not confirm as written/unchanged.
+  // The /sync endpoint can silently drop files (role-based filters on the
+  // business workspace route, path-rejection inside the warm runner, etc.)
+  // and still return HTTP 200. If we don't cross-check per-file results,
+  // the CLI prints "Pushed" for files that never actually landed — and
+  // the manifest records a hash that makes the next push skip them too,
+  // losing them permanently. `failedToLand` collects those casualties so
+  // we can warn the user AND keep them out of the manifest update.
+  let failedToLand = [];
+  const landedPaths = new Set();
   let result = { ok: true };
 
+  // Server-canonical path format for the /sync endpoint: NO leading slash.
+  // The warm runner's _safe_path rejects `/atris/...` with "Absolute path
+  // outside workspace" (it only accepts paths under `/workspace/...`). All
+  // our internal bookkeeping uses a leading slash (manifest keys, localFiles
+  // keys, snapshot response paths), so we strip only at the wire.
+  const toWirePath = (p) => (p || '').replace(/^\/+/, '');
+  const fromWirePath = (p) => {
+    const s = String(p || '');
+    return s.startsWith('/') ? s : `/${s}`;
+  };
+  const wireFiles = (files) => files.map((f) => ({ path: toWirePath(f.path), content: f.content }));
+
+  // Inspect per-file results from a /sync response. Treat "written" and
+  // "unchanged" as success; everything else (including missing-from-results,
+  // which is how silent server-side drops look) is a failure.
+  const recordSyncResults = (sentFiles, response) => {
+    const resultsArr = response && response.data && Array.isArray(response.data.results)
+      ? response.data.results
+      : null;
+    const seen = new Set();
+    if (resultsArr) {
+      for (const r of resultsArr) {
+        if (!r || !r.path) continue;
+        const status = String(r.status || '').toLowerCase();
+        const canonical = fromWirePath(r.path);
+        if (status === 'written' || status === 'unchanged') {
+          landedPaths.add(canonical);
+          seen.add(canonical);
+        } else {
+          failedToLand.push({ path: canonical, status: status || 'error', error: r.error || '' });
+          seen.add(canonical);
+        }
+      }
+    } else {
+      // No results array in response — old server. Best-effort: assume
+      // everything sent landed. This preserves existing behavior when
+      // talking to a server that doesn't return per-file status.
+      for (const f of sentFiles) {
+        landedPaths.add(f.path);
+        seen.add(f.path);
+      }
+    }
+    // Any file we sent that the server didn't mention = silently dropped.
+    for (const f of sentFiles) {
+      if (!seen.has(f.path)) {
+        failedToLand.push({ path: f.path, status: 'dropped', error: 'server did not confirm write' });
+      }
+    }
+  };
+
   if (filesToPush.length > 0) {
-    // Push files to server
+    // Push files to server (strip leading slash — server requires workspace-relative paths)
     result = await apiRequestJson(
       `/business/${businessId}/workspaces/${workspaceId}/sync`,
-      { method: 'POST', token: creds.token, body: { files: filesToPush }, headers: { 'X-Atris-Actor-Source': 'cli' } }
+      { method: 'POST', token: creds.token, body: { files: wireFiles(filesToPush) }, headers: { 'X-Atris-Actor-Source': 'cli' } }
     );
 
     if (!result.ok) {
@@ -310,10 +374,11 @@ async function pushAtris() {
         if (allowed.length > 0) {
           const retry = await apiRequestJson(
             `/business/${businessId}/workspaces/${workspaceId}/sync`,
-            { method: 'POST', token: creds.token, body: { files: allowed }, headers: { 'X-Atris-Actor-Source': 'cli' } }
+            { method: 'POST', token: creds.token, body: { files: wireFiles(allowed) }, headers: { 'X-Atris-Actor-Source': 'cli' } }
           );
           if (retry.ok) {
-            pushed = allowed.length;
+            recordSyncResults(allowed, retry);
+            pushed = landedPaths.size;
           } else {
             console.error(`\n  Push failed: ${retry.errorMessage || retry.error || retry.status}`);
             await emit('access_denied', { error_detail: `403 retry failed: ${retry.status}` });
@@ -334,7 +399,8 @@ async function pushAtris() {
         process.exit(1);
       }
     } else {
-      pushed = filesToPush.length;
+      recordSyncResults(filesToPush, result);
+      pushed = landedPaths.size;
     }
   }
 
@@ -387,10 +453,15 @@ async function pushAtris() {
     if (deleteFailed.length > 10) console.log(`    ... +${deleteFailed.length - 10} more`);
   }
 
-  // Display results
+  // Display results — only for files the server confirmed as landed.
+  // A non-technical user seeing "+ atris/ideas/foo.md new file" naturally
+  // assumes foo.md is on cloud. So we only print that line when the server
+  // actually confirmed it via per-file status. Anything else goes into the
+  // loud failure block below.
   console.log('');
   for (const f of filesToPush) {
     if (skipped.includes(f)) continue;
+    if (!landedPaths.has(f.path)) continue;
     const isNew = !baseFiles[f.path];
     console.log(`  ${isNew ? '+' : '\u2191'} ${f.path.replace(/^\//, '')}  ${isNew ? 'new file' : 'updated'}`);
   }
@@ -402,6 +473,26 @@ async function pushAtris() {
     console.log(`  x ${filePath.replace(/^\//, '')}  deleted`);
   }
 
+  // Loud failure block — files the server silently dropped or rejected.
+  // These did NOT land on cloud even though the HTTP call returned 200.
+  if (failedToLand.length > 0) {
+    console.log('');
+    console.log(`  ⚠ ${failedToLand.length} file(s) did NOT land on cloud (server returned 200 but`);
+    console.log(`     dropped or rejected these files):`);
+    const shown = failedToLand.slice(0, 15);
+    for (const f of shown) {
+      const detail = f.error ? ` — ${f.error}` : ` (${f.status})`;
+      console.log(`    ✗ ${f.path.replace(/^\//, '')}${detail}`);
+    }
+    if (failedToLand.length > shown.length) {
+      console.log(`    ... +${failedToLand.length - shown.length} more`);
+    }
+    console.log('');
+    console.log('  Common causes: path is outside the workspace (e.g. absolute /Users/... path),');
+    console.log('  your role lacks write permission for that folder, or warm runner returned an error.');
+    console.log('  These files will appear as drift on your next push so you can retry.');
+  }
+
   // Summary
   console.log('');
   const parts = [];
@@ -414,11 +505,17 @@ async function pushAtris() {
 
   // Update manifest — mark pushed files with their new hash, drop ONLY confirmed deletes.
   // Failed deletes stay in the manifest so the next push will retry them.
+  //
+  // CRITICAL: only record manifest entries for files the server confirmed as
+  // landed (landedPaths). If we recorded the local hash for a file that the
+  // server silently dropped, the next push would compare local==manifest and
+  // skip it — the file would never land. Keeping it OUT of the manifest means
+  // the next push sees it as new/changed and retries automatically.
   const updatedFiles = { ...baseFiles };
   for (const f of filesToPush) {
-    if (!skipped.includes(f)) {
-      updatedFiles[f.path] = localFiles[f.path];
-    }
+    if (skipped.includes(f)) continue;
+    if (!landedPaths.has(f.path)) continue;
+    updatedFiles[f.path] = localFiles[f.path];
   }
   for (const filePath of deletedConfirmed) {
     delete updatedFiles[filePath];
@@ -431,7 +528,10 @@ async function pushAtris() {
   const bytesChanged = filesToPush.reduce((acc, f) => acc + (f.content ? Buffer.byteLength(f.content, 'utf8') : 0), 0);
   let finalOutcome;
   let finalDetail;
-  if (deleteFailed.length > 0) {
+  if (failedToLand.length > 0) {
+    finalOutcome = 'status_unknown';
+    finalDetail = `${failedToLand.length} file(s) silently dropped by server (statuses: ${[...new Set(failedToLand.map(f => f.status))].join(',')})`;
+  } else if (deleteFailed.length > 0) {
     finalOutcome = 'status_unknown';
     finalDetail = `${deleteFailed.length} delete(s) failed (statuses: ${[...new Set(deleteFailed.map(f => f.status))].join(',')})`;
   } else if (_rateLimitedDeletes > 0) {

package/commands/workflow.js

@@ -43,7 +43,8 @@ function printWorkflowBrief(lines) {
 
 async function planAtris(userInput = null) {
   const { loadConfig } = require('../utils/config');
-  const { loadCredentials } = require('../utils/auth');
+  const { loadCredentials, ensureValidCredentials } = require('../utils/auth');
+  const { apiRequestJson } = require('../utils/api');
   const { executeCodeExecution } = require('../utils/claude_sdk');
   const args = process.argv.slice(3);
   const executeFlag = args.includes('--execute');
@@ -243,10 +244,14 @@ async function planAtris(userInput = null) {
     if (!config.agent_id) {
       throw new Error('No agent selected. Run "atris agent" first.');
     }
-    const credentials = loadCredentials();
-    if (!credentials || !credentials.token) {
+    const ensured = await ensureValidCredentials(apiRequestJson);
+    if (ensured.error === 'not_logged_in' || !ensured.credentials?.token) {
       throw new Error('Not logged in. Run "atris login" first.');
     }
+    if (ensured.error) {
+      throw new Error(`Authentication failed: ${ensured.detail || ensured.error}. Run "atris login" to re-authenticate.`);
+    }
+    const credentials = ensured.credentials;
 
     // Build system prompt
     let systemPrompt = '';
@@ -362,7 +367,8 @@ async function planAtris(userInput = null) {
 
 async function doAtris() {
   const { loadConfig } = require('../utils/config');
-  const { loadCredentials } = require('../utils/auth');
+  const { loadCredentials, ensureValidCredentials } = require('../utils/auth');
+  const { apiRequestJson } = require('../utils/api');
   const { executeCodeExecution } = require('../utils/claude_sdk');
   const args = process.argv.slice(3);
   const executeFlag = args.includes('--execute');
@@ -603,10 +609,14 @@ async function doAtris() {
     if (!config.agent_id) {
       throw new Error('No agent selected. Run "atris agent" first.');
     }
-    const credentials = loadCredentials();
-    if (!credentials || !credentials.token) {
+    const ensured = await ensureValidCredentials(apiRequestJson);
+    if (ensured.error === 'not_logged_in' || !ensured.credentials?.token) {
       throw new Error('Not logged in. Run "atris login" first.');
     }
+    if (ensured.error) {
+      throw new Error(`Authentication failed: ${ensured.detail || ensured.error}. Run "atris login" to re-authenticate.`);
+    }
+    const credentials = ensured.credentials;
 
     // Build system prompt
     let systemPrompt = '';
@@ -704,7 +714,8 @@ async function doAtris() {
 
 async function reviewAtris() {
   const { loadConfig } = require('../utils/config');
-  const { loadCredentials } = require('../utils/auth');
+  const { loadCredentials, ensureValidCredentials } = require('../utils/auth');
+  const { apiRequestJson } = require('../utils/api');
   const { executeCodeExecution } = require('../utils/claude_sdk');
   const args = process.argv.slice(3);
   const executeFlag = args.includes('--execute');
@@ -959,10 +970,14 @@ async function reviewAtris() {
     if (!config.agent_id) {
       throw new Error('No agent selected. Run "atris agent" first.');
     }
-    const credentials = loadCredentials();
-    if (!credentials || !credentials.token) {
+    const ensured = await ensureValidCredentials(apiRequestJson);
+    if (ensured.error === 'not_logged_in' || !ensured.credentials?.token) {
       throw new Error('Not logged in. Run "atris login" first.');
     }
+    if (ensured.error) {
+      throw new Error(`Authentication failed: ${ensured.detail || ensured.error}. Run "atris login" to re-authenticate.`);
+    }
+    const credentials = ensured.credentials;
 
     // Build system prompt
     let systemPrompt = '';

package/lib/manifest.js

@@ -62,6 +62,9 @@ function buildManifest(files, commitHash) {
 const SKIP_DIRS = new Set([
   'node_modules', '__pycache__', '.git', 'venv', '.venv',
   'lost+found', '.cache', '.atris',
+  // Defense-in-depth: macOS/system dirs that should never be scanned as
+  // part of any atris workspace, even if outputDir is accidentally wide.
+  'Library', 'Applications', 'System',
 ]);
 
 function computeLocalHashes(localDir) {