claudemesh-cli 1.24.0 → 1.25.0

package/dist/entrypoints/cli.js

@@ -103,7 +103,7 @@ __export(exports_urls, {
   VERSION: () => VERSION,
   URLS: () => URLS
 });
-var URLS, VERSION = "1.24.0", env;
+var URLS, VERSION = "1.25.0", env;
 var init_urls = __esm(() => {
   URLS = {
     BROKER: process.env.CLAUDEMESH_BROKER_URL ?? "wss://ic.claudemesh.com/ws",
@@ -1026,6 +1026,12 @@ var init_file_crypto = __esm(() => {
 });
 
 // src/services/crypto/box.ts
+var exports_box = {};
+__export(exports_box, {
+  isDirectTarget: () => isDirectTarget,
+  encryptDirect: () => encryptDirect,
+  decryptDirect: () => decryptDirect
+});
 function isDirectTarget(targetSpec) {
   return HEX_PUBKEY.test(targetSpec);
 }
@@ -6790,105 +6796,6 @@ var init_client3 = __esm(() => {
   init_protocol();
 });
 
-// src/commands/peers.ts
-var exports_peers = {};
-__export(exports_peers, {
-  runPeers: () => runPeers
-});
-function projectFields(record, fields) {
-  const out = {};
-  for (const f of fields) {
-    const sourceKey = FIELD_ALIAS[f] ?? f;
-    out[f] = record[sourceKey];
-  }
-  return out;
-}
-async function listPeersForMesh(slug) {
-  const config = readConfig();
-  const joined = config.meshes.find((m) => m.slug === slug);
-  const selfMemberPubkey = joined?.pubkey ?? null;
-  const bridged = await tryBridge(slug, "peers");
-  if (bridged && bridged.ok) {
-    const peers = bridged.result;
-    return peers.map((p) => annotateSelf(p, selfMemberPubkey, null));
-  }
-  let result = [];
-  await withMesh({ meshSlug: slug }, async (client) => {
-    const all = await client.listPeers();
-    const selfSessionPubkey = client.getSessionPubkey();
-    result = all.map((p) => annotateSelf(p, selfMemberPubkey, selfSessionPubkey));
-  });
-  return result;
-}
-function annotateSelf(peer, selfMemberPubkey, selfSessionPubkey) {
-  const isSelf = !!(selfMemberPubkey && peer.memberPubkey && peer.memberPubkey === selfMemberPubkey);
-  const isThisSession = !!(isSelf && selfSessionPubkey && peer.pubkey === selfSessionPubkey);
-  return { ...peer, isSelf, isThisSession };
-}
-async function runPeers(flags) {
-  const config = readConfig();
-  const slugs = flags.mesh ? [flags.mesh] : config.meshes.map((m) => m.slug);
-  if (slugs.length === 0) {
-    render.err("No meshes joined.");
-    render.hint("claudemesh <invite-url>    # join + launch");
-    process.exit(1);
-  }
-  const fieldList = typeof flags.json === "string" && flags.json.length > 0 ? flags.json.split(",").map((s) => s.trim()).filter(Boolean) : null;
-  const wantsJson = flags.json !== undefined && flags.json !== false;
-  const allJson = [];
-  for (const slug of slugs) {
-    try {
-      const peers = await listPeersForMesh(slug);
-      if (wantsJson) {
-        const projected = fieldList ? peers.map((p) => projectFields(p, fieldList)) : peers;
-        allJson.push({ mesh: slug, peers: projected });
-        continue;
-      }
-      render.section(`peers on ${slug} (${peers.length})`);
-      if (peers.length === 0) {
-        render.info(dim("  (no peers connected)"));
-        continue;
-      }
-      for (const p of peers) {
-        const groups = p.groups.length ? " [" + p.groups.map((g) => `@${g.name}${g.role ? `:${g.role}` : ""}`).join(", ") + "]" : "";
-        const statusDot = p.status === "working" ? yellow("●") : green("●");
-        const name = bold(p.displayName);
-        const meta = [];
-        if (p.peerType)
-          meta.push(p.peerType);
-        if (p.channel)
-          meta.push(p.channel);
-        if (p.model)
-          meta.push(p.model);
-        const metaStr = meta.length ? dim(` (${meta.join(", ")})`) : "";
-        const summary = p.summary ? dim(`  — ${p.summary}`) : "";
-        const pubkeyTag = dim(` · ${p.pubkey.slice(0, 16)}…`);
-        const selfTag = p.isThisSession ? dim(" ") + yellow("(this session)") : p.isSelf ? dim(" ") + yellow("(your other session)") : "";
-        render.info(`${statusDot} ${name}${selfTag}${groups}${metaStr}${pubkeyTag}${summary}`);
-        if (p.cwd)
-          render.info(dim(`   cwd: ${p.cwd}`));
-      }
-    } catch (e) {
-      render.err(`${slug}: ${e instanceof Error ? e.message : String(e)}`);
-    }
-  }
-  if (wantsJson) {
-    process.stdout.write(JSON.stringify(slugs.length === 1 ? allJson[0]?.peers : allJson, null, 2) + `
-`);
-  }
-}
-var FIELD_ALIAS;
-var init_peers = __esm(() => {
-  init_connect();
-  init_facade();
-  init_client3();
-  init_render();
-  init_styles();
-  FIELD_ALIAS = {
-    name: "displayName"
-  };
-});
-
 // src/daemon/local-token.ts
 import { mkdirSync as mkdirSync4, readFileSync as readFileSync5, writeFileSync as writeFileSync6 } from "node:fs";
 import { dirname as dirname3 } from "node:path";
@@ -6970,7 +6877,61 @@ var init_client4 = __esm(() => {
 });
 
 // src/services/bridge/daemon-route.ts
+var exports_daemon_route = {};
+__export(exports_daemon_route, {
+  trySendViaDaemon: () => trySendViaDaemon,
+  tryListSkillsViaDaemon: () => tryListSkillsViaDaemon,
+  tryListPeersViaDaemon: () => tryListPeersViaDaemon,
+  tryGetSkillViaDaemon: () => tryGetSkillViaDaemon
+});
 import { existsSync as existsSync7 } from "node:fs";
+async function tryListPeersViaDaemon() {
+  if (!existsSync7(DAEMON_PATHS.SOCK_FILE))
+    return null;
+  try {
+    const res = await ipc({ path: "/v1/peers", timeoutMs: 3000 });
+    if (res.status !== 200)
+      return null;
+    return Array.isArray(res.body.peers) ? res.body.peers : [];
+  } catch (err) {
+    const msg = String(err);
+    if (/ENOENT|ECONNREFUSED|ipc_timeout/.test(msg))
+      return null;
+    return null;
+  }
+}
+async function tryListSkillsViaDaemon() {
+  if (!existsSync7(DAEMON_PATHS.SOCK_FILE))
+    return null;
+  try {
+    const res = await ipc({ path: "/v1/skills", timeoutMs: 3000 });
+    if (res.status !== 200)
+      return null;
+    return Array.isArray(res.body.skills) ? res.body.skills : [];
+  } catch (err) {
+    const msg = String(err);
+    if (/ENOENT|ECONNREFUSED|ipc_timeout/.test(msg))
+      return null;
+    return null;
+  }
+}
+async function tryGetSkillViaDaemon(name) {
+  if (!existsSync7(DAEMON_PATHS.SOCK_FILE))
+    return null;
+  try {
+    const res = await ipc({
+      path: `/v1/skills/${encodeURIComponent(name)}`,
+      timeoutMs: 3000
+    });
+    if (res.status === 404)
+      return null;
+    if (res.status !== 200)
+      return null;
+    return res.body.skill ?? null;
+  } catch {
+    return null;
+  }
+}
 async function trySendViaDaemon(args) {
   if (!existsSync7(DAEMON_PATHS.SOCK_FILE))
     return null;
@@ -7007,6 +6968,112 @@ var init_daemon_route = __esm(() => {
   init_paths2();
 });
 
+// src/commands/peers.ts
+var exports_peers = {};
+__export(exports_peers, {
+  runPeers: () => runPeers
+});
+function projectFields(record, fields) {
+  const out = {};
+  for (const f of fields) {
+    const sourceKey = FIELD_ALIAS[f] ?? f;
+    out[f] = record[sourceKey];
+  }
+  return out;
+}
+async function listPeersForMesh(slug) {
+  const config = readConfig();
+  const joined = config.meshes.find((m) => m.slug === slug);
+  const selfMemberPubkey = joined?.pubkey ?? null;
+  try {
+    const { tryListPeersViaDaemon: tryListPeersViaDaemon2 } = await Promise.resolve().then(() => (init_daemon_route(), exports_daemon_route));
+    const dr = await tryListPeersViaDaemon2();
+    if (dr !== null) {
+      return dr.map((p) => annotateSelf(p, selfMemberPubkey, null));
+    }
+  } catch {}
+  const bridged = await tryBridge(slug, "peers");
+  if (bridged && bridged.ok) {
+    const peers = bridged.result;
+    return peers.map((p) => annotateSelf(p, selfMemberPubkey, null));
+  }
+  let result = [];
+  await withMesh({ meshSlug: slug }, async (client) => {
+    const all = await client.listPeers();
+    const selfSessionPubkey = client.getSessionPubkey();
+    result = all.map((p) => annotateSelf(p, selfMemberPubkey, selfSessionPubkey));
+  });
+  return result;
+}
+function annotateSelf(peer, selfMemberPubkey, selfSessionPubkey) {
+  const isSelf = !!(selfMemberPubkey && peer.memberPubkey && peer.memberPubkey === selfMemberPubkey);
+  const isThisSession = !!(isSelf && selfSessionPubkey && peer.pubkey === selfSessionPubkey);
+  return { ...peer, isSelf, isThisSession };
+}
+async function runPeers(flags) {
+  const config = readConfig();
+  const slugs = flags.mesh ? [flags.mesh] : config.meshes.map((m) => m.slug);
+  if (slugs.length === 0) {
+    render.err("No meshes joined.");
+    render.hint("claudemesh <invite-url>    # join + launch");
+    process.exit(1);
+  }
+  const fieldList = typeof flags.json === "string" && flags.json.length > 0 ? flags.json.split(",").map((s) => s.trim()).filter(Boolean) : null;
+  const wantsJson = flags.json !== undefined && flags.json !== false;
+  const allJson = [];
+  for (const slug of slugs) {
+    try {
+      const peers = await listPeersForMesh(slug);
+      if (wantsJson) {
+        const projected = fieldList ? peers.map((p) => projectFields(p, fieldList)) : peers;
+        allJson.push({ mesh: slug, peers: projected });
+        continue;
+      }
+      render.section(`peers on ${slug} (${peers.length})`);
+      if (peers.length === 0) {
+        render.info(dim("  (no peers connected)"));
+        continue;
+      }
+      for (const p of peers) {
+        const groups = p.groups.length ? " [" + p.groups.map((g) => `@${g.name}${g.role ? `:${g.role}` : ""}`).join(", ") + "]" : "";
+        const statusDot = p.status === "working" ? yellow("●") : green("●");
+        const name = bold(p.displayName);
+        const meta = [];
+        if (p.peerType)
+          meta.push(p.peerType);
+        if (p.channel)
+          meta.push(p.channel);
+        if (p.model)
+          meta.push(p.model);
+        const metaStr = meta.length ? dim(` (${meta.join(", ")})`) : "";
+        const summary = p.summary ? dim(`  — ${p.summary}`) : "";
+        const pubkeyTag = dim(` · ${p.pubkey.slice(0, 16)}…`);
+        const selfTag = p.isThisSession ? dim(" ") + yellow("(this session)") : p.isSelf ? dim(" ") + yellow("(your other session)") : "";
+        render.info(`${statusDot} ${name}${selfTag}${groups}${metaStr}${pubkeyTag}${summary}`);
+        if (p.cwd)
+          render.info(dim(`   cwd: ${p.cwd}`));
+      }
+    } catch (e) {
+      render.err(`${slug}: ${e instanceof Error ? e.message : String(e)}`);
+    }
+  }
+  if (wantsJson) {
+    process.stdout.write(JSON.stringify(slugs.length === 1 ? allJson[0]?.peers : allJson, null, 2) + `
+`);
+  }
+}
+var FIELD_ALIAS;
+var init_peers = __esm(() => {
+  init_connect();
+  init_facade();
+  init_client3();
+  init_render();
+  init_styles();
+  FIELD_ALIAS = {
+    name: "displayName"
+  };
+});
+
 // src/commands/send.ts
 var exports_send = {};
 __export(exports_send, {
@@ -8441,12 +8508,32 @@ function migrateOutbox(db) {
     CREATE INDEX IF NOT EXISTS outbox_aborted
       ON outbox(status, aborted_at) WHERE status = 'aborted';
   `);
+  const hasMesh = columnExists(db, "outbox", "mesh");
+  const hasTargetSpec = columnExists(db, "outbox", "target_spec");
+  const hasNonce = columnExists(db, "outbox", "nonce");
+  const hasCiphertext = columnExists(db, "outbox", "ciphertext");
+  const hasPriority = columnExists(db, "outbox", "priority");
+  if (!hasMesh)
+    db.exec(`ALTER TABLE outbox ADD COLUMN mesh TEXT`);
+  if (!hasTargetSpec)
+    db.exec(`ALTER TABLE outbox ADD COLUMN target_spec TEXT`);
+  if (!hasNonce)
+    db.exec(`ALTER TABLE outbox ADD COLUMN nonce TEXT`);
+  if (!hasCiphertext)
+    db.exec(`ALTER TABLE outbox ADD COLUMN ciphertext TEXT`);
+  if (!hasPriority)
+    db.exec(`ALTER TABLE outbox ADD COLUMN priority TEXT`);
+}
+function columnExists(db, table, column) {
+  const rows = db.prepare(`PRAGMA table_info(${table})`).all();
+  return rows.some((r) => r.name === column);
 }
 function findByClientId(db, clientMessageId) {
   const row = db.prepare(`
     SELECT id, client_message_id, request_fingerprint, payload, enqueued_at,
            attempts, next_attempt_at, status, last_error, delivered_at,
-           broker_message_id, aborted_at, aborted_by, superseded_by
+           broker_message_id, aborted_at, aborted_by, superseded_by,
+           mesh, target_spec, nonce, ciphertext, priority
       FROM outbox WHERE client_message_id = ?
   `).get(clientMessageId);
   return row ?? null;
@@ -8455,9 +8542,10 @@ function insertPending(db, input) {
   db.prepare(`
     INSERT INTO outbox (
       id, client_message_id, request_fingerprint, payload,
-      enqueued_at, attempts, next_attempt_at, status
-    ) VALUES (?, ?, ?, ?, ?, 0, ?, 'pending')
-  `).run(input.id, input.client_message_id, input.request_fingerprint, input.payload, input.now, input.now);
+      enqueued_at, attempts, next_attempt_at, status,
+      mesh, target_spec, nonce, ciphertext, priority
+    ) VALUES (?, ?, ?, ?, ?, 0, ?, 'pending', ?, ?, ?, ?, ?)
+  `).run(input.id, input.client_message_id, input.request_fingerprint, input.payload, input.now, input.now, input.mesh ?? null, input.target_spec ?? null, input.nonce ?? null, input.ciphertext ?? null, input.priority ?? null);
 }
 function fingerprintsEqual(a, b) {
   if (a.length !== b.length)
@@ -8477,7 +8565,8 @@ function listOutbox(db, p = {}) {
   const sql = `
     SELECT id, client_message_id, request_fingerprint, payload, enqueued_at,
            attempts, next_attempt_at, status, last_error, delivered_at,
-           broker_message_id, aborted_at, aborted_by, superseded_by
+           broker_message_id, aborted_at, aborted_by, superseded_by,
+           mesh, target_spec, nonce, ciphertext, priority
       FROM outbox
      ${where.length ? "WHERE " + where.join(" AND ") : ""}
      ORDER BY enqueued_at DESC
@@ -8490,7 +8579,8 @@ function findById(db, id) {
   return db.prepare(`
     SELECT id, client_message_id, request_fingerprint, payload, enqueued_at,
            attempts, next_attempt_at, status, last_error, delivered_at,
-           broker_message_id, aborted_at, aborted_by, superseded_by
+           broker_message_id, aborted_at, aborted_by, superseded_by,
+           mesh, target_spec, nonce, ciphertext, priority
       FROM outbox WHERE id = ?
   `).get(id) ?? null;
 }
@@ -8633,7 +8723,12 @@ function acceptSend(req, deps) {
         client_message_id: clientId,
         request_fingerprint: fingerprint,
         payload: body,
-        now
+        now,
+        mesh: req.mesh,
+        target_spec: req.target_spec,
+        nonce: req.nonce,
+        ciphertext: req.ciphertext,
+        priority: req.priority
       });
       return { kind: "accepted_pending", status: 202, client_message_id: clientId };
     }
@@ -8814,7 +8909,9 @@ function startIpcServer(opts) {
     inboxDb: opts.inboxDb,
     bus: opts.bus,
     broker: opts.broker,
-    onPendingInserted: opts.onPendingInserted
+    onPendingInserted: opts.onPendingInserted,
+    meshSecretKey: opts.meshSecretKey,
+    meshSlug: opts.meshSlug
   });
   if (existsSync9(DAEMON_PATHS.SOCK_FILE)) {
     try {
@@ -9120,6 +9217,18 @@ function makeHandler(opts) {
           respond(res, 400, { error: parsed.error });
           return;
         }
+        if (opts.broker && opts.meshSecretKey) {
+          try {
+            const routed = await resolveAndEncrypt(parsed.req, opts.broker, opts.meshSecretKey, opts.meshSlug ?? null);
+            parsed.req.target_spec = routed.target_spec;
+            parsed.req.ciphertext = routed.ciphertext;
+            parsed.req.nonce = routed.nonce;
+            parsed.req.mesh = routed.mesh;
+          } catch (e) {
+            respond(res, 502, { error: "route_failed", detail: String(e) });
+            return;
+          }
+        }
         const outcome = acceptSend(parsed.req, { db: opts.outboxDb });
         switch (outcome.kind) {
           case "accepted_pending":
@@ -9225,6 +9334,48 @@ function parseSendRequest(body, idempotencyHeader) {
     }
   };
 }
+async function resolveAndEncrypt(req, broker, meshSecretKey, meshSlug) {
+  const { encryptDirect: encryptDirect2 } = await Promise.resolve().then(() => (init_box(), exports_box));
+  const { randomBytes: randomBytes5 } = await import("node:crypto");
+  const to = req.to.trim();
+  if (to.startsWith("#") && /^#[0-9a-z_-]{20,}$/i.test(to)) {
+    const ciphertext = Buffer.from(req.message, "utf8").toString("base64");
+    const nonce = randomBytes5(24).toString("base64");
+    return { target_spec: to, ciphertext, nonce, mesh: meshSlug ?? "" };
+  }
+  if (to.startsWith("@") || to === "*") {
+    const ciphertext = Buffer.from(req.message, "utf8").toString("base64");
+    const nonce = randomBytes5(24).toString("base64");
+    return { target_spec: to, ciphertext, nonce, mesh: meshSlug ?? "" };
+  }
+  if (/^[0-9a-f]{64}$/i.test(to)) {
+    const sessionKeys2 = broker.getSessionKeys();
+    const senderSecret2 = sessionKeys2?.sessionSecretKey ?? meshSecretKey;
+    const env3 = await encryptDirect2(req.message, to, senderSecret2);
+    return { target_spec: to, ciphertext: env3.ciphertext, nonce: env3.nonce, mesh: meshSlug ?? "" };
+  }
+  const peers = await broker.listPeers().catch(() => []);
+  if (/^[0-9a-f]{16,63}$/i.test(to)) {
+    const matches2 = peers.filter((p) => p.pubkey.toLowerCase().startsWith(to.toLowerCase()) || (p.memberPubkey ?? "").toLowerCase().startsWith(to.toLowerCase()));
+    if (matches2.length === 0)
+      throw new Error(`no peer matching prefix "${to}"`);
+    if (matches2.length > 1)
+      throw new Error(`prefix "${to}" is ambiguous (${matches2.length} matches)`);
+    const recipient2 = matches2[0].pubkey;
+    const sessionKeys2 = broker.getSessionKeys();
+    const senderSecret2 = sessionKeys2?.sessionSecretKey ?? meshSecretKey;
+    const env3 = await encryptDirect2(req.message, recipient2, senderSecret2);
+    return { target_spec: recipient2, ciphertext: env3.ciphertext, nonce: env3.nonce, mesh: meshSlug ?? "" };
+  }
+  const match = peers.find((p) => p.displayName.toLowerCase() === to.toLowerCase());
+  if (!match)
+    throw new Error(`peer "${to}" not found`);
+  const recipient = match.pubkey;
+  const sessionKeys = broker.getSessionKeys();
+  const senderSecret = sessionKeys?.sessionSecretKey ?? meshSecretKey;
+  const env2 = await encryptDirect2(req.message, recipient, senderSecret);
+  return { target_spec: recipient, ciphertext: env2.ciphertext, nonce: env2.nonce, mesh: meshSlug ?? "" };
+}
 function respond(res, status, body) {
   const json = JSON.stringify(body);
   res.statusCode = status;
@@ -9632,7 +9783,8 @@ function startDrainWorker(opts) {
 async function drainOnce(opts, log2) {
   const now = Date.now();
   const rows = opts.db.prepare(`
-    SELECT id, client_message_id, request_fingerprint, payload, attempts
+    SELECT id, client_message_id, request_fingerprint, payload, attempts,
+           target_spec, nonce, ciphertext, priority, mesh
       FROM outbox
      WHERE status = 'pending' AND next_attempt_at <= ?
      ORDER BY enqueued_at
@@ -9644,15 +9796,26 @@ async function drainOnce(opts, log2) {
     if (markInflight(opts.db, row.id, now) === 0)
       continue;
     const fpHex = bufferToHex(row.request_fingerprint);
-    const sessionKeys = opts.broker.getSessionKeys();
-    const targetSpec = "*";
-    const nonce = await randomNonce2();
-    const ciphertext = Buffer.from(row.payload).toString("base64");
+    let targetSpec;
+    let nonce;
+    let ciphertext;
+    let priority;
+    if (row.target_spec && row.nonce && row.ciphertext) {
+      targetSpec = row.target_spec;
+      nonce = row.nonce;
+      ciphertext = row.ciphertext;
+      priority = row.priority === "now" || row.priority === "low" ? row.priority : "next";
+    } else {
+      targetSpec = "*";
+      nonce = await randomNonce2();
+      ciphertext = Buffer.from(row.payload).toString("base64");
+      priority = "next";
+    }
     let res;
     try {
       res = await opts.broker.send({
         targetSpec,
-        priority: "next",
+        priority,
         nonce,
         ciphertext,
         client_message_id: row.client_message_id,
@@ -10066,7 +10229,9 @@ async function runDaemon(opts = {}) {
     inboxDb,
     bus,
     broker,
-    onPendingInserted: () => drain?.wake()
+    onPendingInserted: () => drain?.wake(),
+    meshSecretKey: mesh.secretKey,
+    meshSlug: mesh.slug
   });
   try {
     await ipc2.ready;
@@ -13263,6 +13428,32 @@ async function runSqlSchema(opts) {
   });
 }
 async function runSkillList(opts) {
+  try {
+    const { tryListSkillsViaDaemon: tryListSkillsViaDaemon2 } = await Promise.resolve().then(() => (init_daemon_route(), exports_daemon_route));
+    const dr = await tryListSkillsViaDaemon2();
+    if (dr !== null) {
+      const skills = dr;
+      if (opts.json) {
+        emitJson(skills);
+        return EXIT.SUCCESS;
+      }
+      if (skills.length === 0) {
+        render.info(dim("(no skills)"));
+        return EXIT.SUCCESS;
+      }
+      render.section(`mesh skills (${skills.length})`);
+      for (const s of skills) {
+        process.stdout.write(`  ${bold(s.name)} ${dim("· by " + s.author)}
+`);
+        process.stdout.write(`    ${s.description}
+`);
+        if (s.tags?.length)
+          process.stdout.write(`    ${dim("tags: " + s.tags.join(", "))}
+`);
+      }
+      return EXIT.SUCCESS;
+    }
+  } catch {}
   return await withMesh({ meshSlug: opts.mesh ?? null }, async (client) => {
     const skills = await client.listSkills(opts.query);
     if (opts.json) {
@@ -13291,6 +13482,29 @@ async function runSkillGet(name, opts) {
     render.err("Usage: claudemesh skill get <name>");
     return EXIT.INVALID_ARGS;
   }
+  try {
+    const { tryGetSkillViaDaemon: tryGetSkillViaDaemon2 } = await Promise.resolve().then(() => (init_daemon_route(), exports_daemon_route));
+    const dr = await tryGetSkillViaDaemon2(name);
+    if (dr !== null) {
+      const skill = dr;
+      if (opts.json) {
+        emitJson(skill);
+        return EXIT.SUCCESS;
+      }
+      render.section(skill.name);
+      render.kv([
+        ["author", skill.author],
+        ["created", skill.createdAt],
+        ["tags", skill.tags?.join(", ") || dim("(none)")]
+      ]);
+      render.blank();
+      render.info(skill.description);
+      render.blank();
+      process.stdout.write(skill.instructions + `
+`);
+      return EXIT.SUCCESS;
+    }
+  } catch {}
   return await withMesh({ meshSlug: opts.mesh ?? null }, async (client) => {
     const skill = await client.getSkill(name);
     if (!skill) {
@@ -13808,7 +14022,7 @@ claudemesh send "<from_name>" "..." --mesh "<mesh_slug>"
 
 If the parent Claude session was launched via \`claudemesh launch\`, an MCP push-pipe is running and holds the per-mesh WS connection. CLI invocations dial \`~/.claudemesh/sockets/<mesh-slug>.sock\` and reuse that warm connection (~200ms total round-trip including Node.js startup). If no push-pipe is running (cron, scripts, hooks fired outside a session), the CLI opens its own WS, which takes ~500-700ms cold. **You don't manage this** — every verb auto-detects and falls through.
 
-### Daemon path (v0.9.0, opt-in, fastest)
+### Daemon path (v1.24.0+, REQUIRED for in-Claude-Code use)
 
 \`claudemesh daemon up [--mesh <slug>]\` starts a persistent per-user runtime that holds the broker WS, a durable SQLite outbox/inbox, and listens on \`~/.claudemesh/daemon/daemon.sock\` (UDS) plus an optional loopback TCP. When the daemon socket is present, every verb routes through it first (~1ms IPC) before falling back to bridge / cold paths. The send envelope carries a caller-stable \`client_message_id\`, so a \`claudemesh send\` that started before a daemon crash survives the restart via the on-disk outbox.
 
@@ -13823,11 +14037,15 @@ claudemesh daemon outbox requeue <id>                  # re-enqueue an aborted/d
 claudemesh daemon down                                 # SIGTERM + wait
 \`\`\`
 
-\`claudemesh install\` (MCP + hooks registration) and the daemon are independent — install does not start the daemon, and the daemon does not require install. Run both for the warmest path: install gives you the in-session push-pipe, daemon gives you cross-invocation persistence and a survivable outbox.
+As of 1.24.0 \`claudemesh install\` registers the MCP entry **and** installs/starts the daemon service for the user's primary mesh. The MCP shim hard-requires the daemon to be running — it bails at boot with actionable instructions if the socket isn't present. There is no fallback. CLI verbs (\`send\`, \`peer list\`, \`inbox\`, \`skill list/get\`, etc.) keep working without a daemon via bridge or cold paths, but for any in-Claude-Code use the daemon must be up.
+
+### Ambient mode (1.25.0+)
+
+Once \`claudemesh install\` has run (registers MCP entry + starts daemon service), **raw \`claude\` Just Works** for the daemon's attached mesh. No \`claudemesh launch\` ceremony, no manual flags, no per-session keypair. Channel push, slash commands, and resources all flow through the daemon-backed MCP shim. Use \`claudemesh launch\` only when you need to override defaults (different mesh, custom display name, system-prompt injection, headless modes).
 
 ## Spawning new sessions (no wizard)
 
-\`claudemesh launch\` is the canonical way to start a new Claude Code session connected to claudemesh. Pass every required flag up front so no interactive prompt fires — that's what makes the verb scriptable from tmux send-keys, AppleScript/iTerm spawn helpers, hooks, cron, and the \`claudemesh launch\` you call from inside another session. **Always use this verb, never \`claude\` directly with hand-rolled flags** — it sets up the per-session ed25519 keypair, exports \`CLAUDEMESH_DISPLAY_NAME\`, isolates the mesh config in a tmpdir, and passes the \`--dangerously-load-development-channels server:claudemesh\` plumbing that the MCP push-pipe needs.
+\`claudemesh launch\` remains useful for non-default cases: explicit mesh selection, fresh display name, headless \`--quiet\` runs, system-prompt injection, multi-mesh users with one daemon attached to mesh A who want to spawn into mesh B. For the common case (single joined mesh, daemon installed), prefer raw \`claude\`. Pass every required flag up front so no interactive prompt fires — that's what makes the verb scriptable from tmux send-keys, AppleScript/iTerm spawn helpers, hooks, cron, and the \`claudemesh launch\` you call from inside another session.
 
 ### Full flag surface
 
@@ -18376,4 +18594,4 @@ main().catch((err) => {
   process.exit(EXIT.INTERNAL_ERROR);
 });
 
-//# debugId=BAEC2C4FE7977E7264756E2164756E21
+//# debugId=EC115E4068A7B5F664756E2164756E21