clay-server 2.5.0 → 2.6.0

package/lib/project.js

@@ -1,11 +1,15 @@
 var fs = require("fs");
 var path = require("path");
+var os = require("os");
+var crypto = require("crypto");
 var { createSessionManager } = require("./sessions");
 var { createSDKBridge } = require("./sdk-bridge");
 var { createTerminalManager } = require("./terminal-manager");
 var { createNotesManager } = require("./notes");
 var { fetchLatestVersion, isNewer } = require("./updater");
-var { execFileSync } = require("child_process");
+var { execFileSync, spawn } = require("child_process");
+
+var MAX_UPLOAD_BYTES = 50 * 1024 * 1024; // 50 MB
 
 // SDK loaded dynamically (ESM module)
 var sdkModule = null;
@@ -63,6 +67,7 @@ function createProjectContext(opts) {
   var slug = opts.slug;
   var project = path.basename(cwd);
   var title = opts.title || null;
+  var icon = opts.icon || null;
   var pushModule = opts.pushModule || null;
   var debug = opts.debug || false;
   var dangerouslySkipPermissions = opts.dangerouslySkipPermissions || false;
@@ -70,6 +75,7 @@ function createProjectContext(opts) {
   var lanHost = opts.lanHost || null;
   var getProjectCount = opts.getProjectCount || function () { return 1; };
   var getProjectList = opts.getProjectList || function () { return []; };
+  var onProcessingChanged = opts.onProcessingChanged || function () {};
   var latestVersion = null;
 
   // --- Per-project clients ---
@@ -192,8 +198,17 @@ function createProjectContext(opts) {
 
   // --- Session manager ---
   var sm = createSessionManager({ cwd: cwd, send: send });
-  sm.currentPermissionMode = "default";
-  sm.currentEffort = "high";
+  var _projMode = typeof opts.onGetProjectDefaultMode === "function" ? opts.onGetProjectDefaultMode(slug) : null;
+  var _srvMode = typeof opts.onGetServerDefaultMode === "function" ? opts.onGetServerDefaultMode() : null;
+  sm.currentPermissionMode = (_projMode && _projMode.mode) || (_srvMode && _srvMode.mode) || "default";
+
+  var _projEffort = typeof opts.onGetProjectDefaultEffort === "function" ? opts.onGetProjectDefaultEffort(slug) : null;
+  var _srvEffort = typeof opts.onGetServerDefaultEffort === "function" ? opts.onGetServerDefaultEffort() : null;
+  sm.currentEffort = (_projEffort && _projEffort.effort) || (_srvEffort && _srvEffort.effort) || "medium";
+
+  var _projModel = typeof opts.onGetProjectDefaultModel === "function" ? opts.onGetProjectDefaultModel(slug) : null;
+  var _srvModel = typeof opts.onGetServerDefaultModel === "function" ? opts.onGetServerDefaultModel() : null;
+  sm._savedDefaultModel = (_projModel && _projModel.model) || (_srvModel && _srvModel.model) || null;
 
   // --- SDK bridge ---
   var sdk = createSDKBridge({
@@ -204,6 +219,7 @@ function createProjectContext(opts) {
     pushModule: pushModule,
     getSDK: getSDK,
     dangerouslySkipPermissions: dangerouslySkipPermissions,
+    onProcessingChanged: onProcessingChanged,
   });
 
   // --- Terminal manager ---
@@ -234,7 +250,7 @@ function createProjectContext(opts) {
     if (sm.currentModel) {
       sendTo(ws, { type: "model_info", model: sm.currentModel, models: sm.availableModels || [] });
     }
-    sendTo(ws, { type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort || "high", betas: sm.currentBetas || [] });
+    sendTo(ws, { type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
     sendTo(ws, { type: "term_list", terminals: tm.list() });
     sendTo(ws, { type: "notes_list", notes: nm.list() });
 
@@ -489,13 +505,70 @@ function createProjectContext(opts) {
       return;
     }
 
+    if (msg.type === "set_server_default_model" && msg.model) {
+      if (typeof opts.onSetServerDefaultModel === "function") {
+        opts.onSetServerDefaultModel(msg.model);
+      }
+      var session = sm.getActiveSession();
+      if (session) {
+        sdk.setModel(session, msg.model);
+      }
+      return;
+    }
+
+    if (msg.type === "set_project_default_model" && msg.model) {
+      if (typeof opts.onSetProjectDefaultModel === "function") {
+        opts.onSetProjectDefaultModel(slug, msg.model);
+      }
+      var session = sm.getActiveSession();
+      if (session) {
+        sdk.setModel(session, msg.model);
+      }
+      return;
+    }
+
     if (msg.type === "set_permission_mode" && msg.mode) {
+      // When dangerouslySkipPermissions is active, don't allow UI to change mode
+      if (dangerouslySkipPermissions) {
+        send({ type: "config_state", model: sm.currentModel || "", mode: "bypassPermissions", effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
+        return;
+      }
       sm.currentPermissionMode = msg.mode;
       var session = sm.getActiveSession();
       if (session) {
         sdk.setPermissionMode(session, msg.mode);
       }
-      send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "high", betas: sm.currentBetas || [] });
+      send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
+      return;
+    }
+
+    if (msg.type === "set_server_default_mode" && msg.mode) {
+      if (typeof opts.onSetServerDefaultMode === "function") {
+        opts.onSetServerDefaultMode(msg.mode);
+      }
+      if (!dangerouslySkipPermissions) {
+        sm.currentPermissionMode = msg.mode;
+        var session = sm.getActiveSession();
+        if (session) {
+          sdk.setPermissionMode(session, msg.mode);
+        }
+        send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
+      }
+      return;
+    }
+
+    if (msg.type === "set_project_default_mode" && msg.mode) {
+      if (typeof opts.onSetProjectDefaultMode === "function") {
+        opts.onSetProjectDefaultMode(slug, msg.mode);
+      }
+      if (!dangerouslySkipPermissions) {
+        sm.currentPermissionMode = msg.mode;
+        var session = sm.getActiveSession();
+        if (session) {
+          sdk.setPermissionMode(session, msg.mode);
+        }
+        send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
+      }
       return;
     }
 
@@ -505,9 +578,27 @@ function createProjectContext(opts) {
       return;
     }
 
+    if (msg.type === "set_server_default_effort" && msg.effort) {
+      if (typeof opts.onSetServerDefaultEffort === "function") {
+        opts.onSetServerDefaultEffort(msg.effort);
+      }
+      sm.currentEffort = msg.effort;
+      send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort, betas: sm.currentBetas || [] });
+      return;
+    }
+
+    if (msg.type === "set_project_default_effort" && msg.effort) {
+      if (typeof opts.onSetProjectDefaultEffort === "function") {
+        opts.onSetProjectDefaultEffort(slug, msg.effort);
+      }
+      sm.currentEffort = msg.effort;
+      send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort, betas: sm.currentBetas || [] });
+      return;
+    }
+
     if (msg.type === "set_betas") {
       sm.currentBetas = msg.betas || [];
-      send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort || "high", betas: sm.currentBetas });
+      send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort || "medium", betas: sm.currentBetas });
       return;
     }
 
@@ -593,6 +684,7 @@ function createProjectContext(opts) {
           session.pendingPermissions = {};
           session.pendingAskUser = {};
           session.isProcessing = false;
+          onProcessingChanged();
 
           sm.saveSessionFile(session);
           sm.switchSession(session.localId);
@@ -641,7 +733,7 @@ function createProjectContext(opts) {
       if (decision === "allow_accept_edits") {
         sdk.setPermissionMode(session, "acceptEdits");
         sm.currentPermissionMode = "acceptEdits";
-        send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "high", betas: sm.currentBetas || [] });
+        send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
         pending.resolve({ behavior: "allow", updatedInput: pending.toolInput });
         sm.sendAndRecord(session, { type: "permission_resolved", requestId: requestId, decision: decision });
         return;
@@ -653,14 +745,24 @@ function createProjectContext(opts) {
         pending.resolve({ behavior: "deny", message: "User chose to clear context and restart" });
         sm.sendAndRecord(session, { type: "permission_resolved", requestId: requestId, decision: decision });
 
-        // Abort the old session's query so it stops processing immediately
-        if (session.abortController) {
-          session.abortController.abort();
-        }
+        // Abort the old session's query — but defer to next tick so the SDK's
+        // deny write (scheduled as microtask by pending.resolve) completes first.
+        // Aborting synchronously would kill the subprocess before the write,
+        // causing an "Operation aborted" crash in the SDK.
         session.isProcessing = false;
+        onProcessingChanged();
         session.pendingPermissions = {};
         session.pendingAskUser = {};
         sm.broadcastSessionList();
+        setImmediate(function () {
+          if (session.abortController) {
+            session.abortController.abort();
+          }
+        });
+
+        // Update permission mode for the new session
+        sm.currentPermissionMode = "acceptEdits";
+        send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
 
         // Build prompt from plan content (sent from client) or plan file path
         var clientPlanContent = msg.planContent || "";
@@ -672,24 +774,34 @@ function createProjectContext(opts) {
           planPrompt = "Execute the plan in " + planFilePath + ". Do NOT re-enter plan mode — read the plan file and implement it step by step.";
         }
 
-        // Wait a tick for the deny to propagate, then create new session + send plan
-        setTimeout(function () {
-          var newSession = sm.createSession();
-          // Send the plan as the first user message (with planContent for UI rendering)
-          var userMsg = { type: "user_message", text: planPrompt, planContent: clientPlanContent || null };
-          newSession.history.push(userMsg);
-          sm.appendToSessionFile(newSession, userMsg);
-          newSession.title = "Plan execution (cleared context)";
-          sm.saveSessionFile(newSession);
-          sm.broadcastSessionList();
-          send(userMsg);
+        // Wait for old query stream to fully terminate, then create new session + send plan
+        var oldStreamPromise = session.streamPromise || Promise.resolve();
+        Promise.race([
+          oldStreamPromise,
+          new Promise(function (resolve) { setTimeout(resolve, 3000); }),
+        ]).then(function () {
+          try {
+            var newSession = sm.createSession();
+            // Send the plan as the first user message (with planContent for UI rendering)
+            var userMsg = { type: "user_message", text: planPrompt, planContent: clientPlanContent || null };
+            newSession.history.push(userMsg);
+            sm.appendToSessionFile(newSession, userMsg);
+            newSession.title = "Plan execution (cleared context)";
+            sm.saveSessionFile(newSession);
+            sm.broadcastSessionList();
+            send(userMsg);
 
-          newSession.isProcessing = true;
-          newSession.sentToolResults = {};
-          send({ type: "status", status: "processing" });
-          newSession.acceptEditsAfterStart = true;
-          sdk.startQuery(newSession, planPrompt);
-        }, 200);
+            newSession.isProcessing = true;
+            onProcessingChanged();
+            newSession.sentToolResults = {};
+            send({ type: "status", status: "processing" });
+            newSession.acceptEditsAfterStart = true;
+            sdk.startQuery(newSession, planPrompt);
+          } catch (e) {
+            console.error("[project] Error starting plan execution:", e);
+            send({ type: "error", text: "Failed to start plan execution: " + (e.message || e) });
+          }
+        });
         return;
       }
 
@@ -709,6 +821,7 @@ function createProjectContext(opts) {
 
             if (!session.isProcessing) {
               session.isProcessing = true;
+              onProcessingChanged();
               session.sentToolResults = {};
               send({ type: "status", status: "processing" });
               if (!session.queryInstance) {
@@ -820,6 +933,52 @@ function createProjectContext(opts) {
       return;
     }
 
+    // --- Reorder projects ---
+    if (msg.type === "reorder_projects") {
+      var slugs = msg.slugs;
+      if (!Array.isArray(slugs) || slugs.length === 0) {
+        sendTo(ws, { type: "reorder_projects_result", ok: false, error: "Missing slugs" });
+        return;
+      }
+      if (typeof opts.onReorderProjects === "function") {
+        var reorderResult = opts.onReorderProjects(slugs);
+        sendTo(ws, { type: "reorder_projects_result", ok: reorderResult.ok, error: reorderResult.error });
+      } else {
+        sendTo(ws, { type: "reorder_projects_result", ok: false, error: "Not supported" });
+      }
+      return;
+    }
+
+    // --- Set project title (rename) ---
+    if (msg.type === "set_project_title") {
+      if (!msg.slug) {
+        sendTo(ws, { type: "set_project_title_result", ok: false, error: "Missing slug" });
+        return;
+      }
+      if (typeof opts.onSetProjectTitle === "function") {
+        var titleResult = opts.onSetProjectTitle(msg.slug, msg.title || null);
+        sendTo(ws, { type: "set_project_title_result", ok: titleResult.ok, slug: msg.slug, error: titleResult.error });
+      } else {
+        sendTo(ws, { type: "set_project_title_result", ok: false, error: "Not supported" });
+      }
+      return;
+    }
+
+    // --- Set project icon (emoji) ---
+    if (msg.type === "set_project_icon") {
+      if (!msg.slug) {
+        sendTo(ws, { type: "set_project_icon_result", ok: false, error: "Missing slug" });
+        return;
+      }
+      if (typeof opts.onSetProjectIcon === "function") {
+        var iconResult = opts.onSetProjectIcon(msg.slug, msg.icon || null);
+        sendTo(ws, { type: "set_project_icon_result", ok: iconResult.ok, slug: msg.slug, error: iconResult.error });
+      } else {
+        sendTo(ws, { type: "set_project_icon_result", ok: false, error: "Not supported" });
+      }
+      return;
+    }
+
     // --- Daemon config (server settings) ---
     if (msg.type === "get_daemon_config") {
       if (typeof opts.onGetDaemonConfig === "function") {
@@ -915,6 +1074,98 @@ function createProjectContext(opts) {
       return;
     }
 
+    // --- File write ---
+    if (msg.type === "fs_write") {
+      var fsWriteFile = safePath(cwd, msg.path);
+      if (!fsWriteFile) {
+        sendTo(ws, { type: "fs_write_result", path: msg.path, ok: false, error: "Access denied" });
+        return;
+      }
+      try {
+        fs.writeFileSync(fsWriteFile, msg.content || "", "utf8");
+        sendTo(ws, { type: "fs_write_result", path: msg.path, ok: true });
+      } catch (e) {
+        sendTo(ws, { type: "fs_write_result", path: msg.path, ok: false, error: e.message });
+      }
+      return;
+    }
+
+    // --- Project environment variables ---
+    if (msg.type === "get_project_env") {
+      var envrc = "";
+      var hasEnvrc = false;
+      if (typeof opts.onGetProjectEnv === "function") {
+        var envResult = opts.onGetProjectEnv(msg.slug);
+        envrc = envResult.envrc || "";
+      }
+      try {
+        var envrcPath = path.join(cwd, ".envrc");
+        hasEnvrc = fs.existsSync(envrcPath);
+      } catch (e) {}
+      sendTo(ws, { type: "project_env_result", slug: msg.slug, envrc: envrc, hasEnvrc: hasEnvrc });
+      return;
+    }
+
+    if (msg.type === "set_project_env") {
+      if (typeof opts.onSetProjectEnv === "function") {
+        var setResult = opts.onSetProjectEnv(msg.slug, msg.envrc || "");
+        sendTo(ws, { type: "set_project_env_result", ok: setResult.ok, slug: msg.slug, error: setResult.error });
+      } else {
+        sendTo(ws, { type: "set_project_env_result", ok: false, error: "Not supported" });
+      }
+      return;
+    }
+
+    // --- Global CLAUDE.md ---
+    if (msg.type === "read_global_claude_md") {
+      var os = require("os");
+      var globalMdPath = path.join(os.homedir(), ".claude", "CLAUDE.md");
+      try {
+        var globalMdContent = fs.readFileSync(globalMdPath, "utf8");
+        sendTo(ws, { type: "global_claude_md_result", content: globalMdContent });
+      } catch (e) {
+        sendTo(ws, { type: "global_claude_md_result", error: e.message });
+      }
+      return;
+    }
+
+    if (msg.type === "write_global_claude_md") {
+      var os2 = require("os");
+      var globalMdDir = path.join(os2.homedir(), ".claude");
+      var globalMdWritePath = path.join(globalMdDir, "CLAUDE.md");
+      try {
+        if (!fs.existsSync(globalMdDir)) {
+          fs.mkdirSync(globalMdDir, { recursive: true });
+        }
+        fs.writeFileSync(globalMdWritePath, msg.content || "", "utf8");
+        sendTo(ws, { type: "write_global_claude_md_result", ok: true });
+      } catch (e) {
+        sendTo(ws, { type: "write_global_claude_md_result", ok: false, error: e.message });
+      }
+      return;
+    }
+
+    // --- Shared environment variables ---
+    if (msg.type === "get_shared_env") {
+      var sharedEnvrc = "";
+      if (typeof opts.onGetSharedEnv === "function") {
+        var sharedResult = opts.onGetSharedEnv();
+        sharedEnvrc = sharedResult.envrc || "";
+      }
+      sendTo(ws, { type: "shared_env_result", envrc: sharedEnvrc });
+      return;
+    }
+
+    if (msg.type === "set_shared_env") {
+      if (typeof opts.onSetSharedEnv === "function") {
+        var sharedSetResult = opts.onSetSharedEnv(msg.envrc || "");
+        sendTo(ws, { type: "set_shared_env_result", ok: sharedSetResult.ok, error: sharedSetResult.error });
+      } else {
+        sendTo(ws, { type: "set_shared_env_result", ok: false, error: "Not supported" });
+      }
+      return;
+    }
+
     // --- File watcher ---
     if (msg.type === "fs_watch") {
       if (msg.path) startFileWatch(msg.path);
@@ -1228,6 +1479,7 @@ function createProjectContext(opts) {
 
     if (!session.isProcessing) {
       session.isProcessing = true;
+      onProcessingChanged();
       session.sentToolResults = {};
       send({ type: "status", status: "processing" });
       if (!session.queryInstance) {
@@ -1254,6 +1506,54 @@ function createProjectContext(opts) {
 
   // --- Handle project-scoped HTTP requests ---
   function handleHTTP(req, res, urlPath) {
+    // File upload
+    if (req.method === "POST" && urlPath === "/api/upload") {
+      parseJsonBody(req).then(function (body) {
+        var fileName = body.name;
+        var fileData = body.data; // base64
+        if (!fileName || !fileData) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"missing name or data"}');
+          return;
+        }
+        // Sanitize filename — strip path separators
+        var safeName = path.basename(fileName).replace(/[^a-zA-Z0-9._\-\(\)\[\] ]/g, "_");
+        if (!safeName) safeName = "upload";
+
+        // Check size
+        var estimatedBytes = fileData.length * 0.75;
+        if (estimatedBytes > MAX_UPLOAD_BYTES) {
+          res.writeHead(413, { "Content-Type": "application/json" });
+          res.end('{"error":"file too large (max 50MB)"}');
+          return;
+        }
+
+        // Create tmp dir: os.tmpdir()/clay-{hash}/
+        var cwdHash = crypto.createHash("sha256").update(cwd).digest("hex").substring(0, 12);
+        var tmpDir = path.join(os.tmpdir(), "clay-" + cwdHash);
+        try { fs.mkdirSync(tmpDir, { recursive: true }); } catch (e) {}
+
+        // Add timestamp prefix to avoid collisions
+        var ts = Date.now();
+        var destName = ts + "-" + safeName;
+        var destPath = path.join(tmpDir, destName);
+
+        try {
+          var buf = Buffer.from(fileData, "base64");
+          fs.writeFileSync(destPath, buf);
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ path: destPath, name: safeName }));
+        } catch (e) {
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "failed to save: " + (e.message || e) }));
+        }
+      }).catch(function () {
+        res.writeHead(400);
+        res.end("Bad request");
+      });
+      return true;
+    }
+
     // Push subscribe
     if (req.method === "POST" && urlPath === "/api/push-subscribe") {
       parseJsonBody(req).then(function (body) {
@@ -1342,6 +1642,131 @@ function createProjectContext(opts) {
       return true;
     }
 
+    // Install a skill (background spawn)
+    if (req.method === "POST" && urlPath === "/api/install-skill") {
+      parseJsonBody(req).then(function (body) {
+        var url = body.url;
+        var skill = body.skill;
+        var scope = body.scope; // "global" or "project"
+        if (!url || !skill || !scope) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"missing url, skill, or scope"}');
+          return;
+        }
+        var spawnCwd = scope === "global" ? os.homedir() : cwd;
+        var child = spawn("npx", ["skills", "add", url, "--skill", skill], {
+          cwd: spawnCwd,
+          stdio: "ignore",
+          detached: false,
+        });
+        child.on("close", function (code) {
+          var success = code === 0;
+          send({
+            type: "skill_installed",
+            skill: skill,
+            scope: scope,
+            success: success,
+            error: success ? null : "Process exited with code " + code,
+          });
+        });
+        child.on("error", function (err) {
+          send({
+            type: "skill_installed",
+            skill: skill,
+            scope: scope,
+            success: false,
+            error: err.message,
+          });
+        });
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end('{"ok":true}');
+      }).catch(function () {
+        res.writeHead(400);
+        res.end("Bad request");
+      });
+      return true;
+    }
+
+    // Uninstall a skill (remove directory)
+    if (req.method === "POST" && urlPath === "/api/uninstall-skill") {
+      parseJsonBody(req).then(function (body) {
+        var skill = body.skill;
+        var scope = body.scope; // "global" or "project"
+        if (!skill || !scope) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"missing skill or scope"}');
+          return;
+        }
+        var baseDir = scope === "global" ? os.homedir() : cwd;
+        var skillDir = path.join(baseDir, ".claude", "skills", skill);
+        // Safety: ensure skillDir is inside the expected .claude/skills directory
+        var expectedParent = path.join(baseDir, ".claude", "skills");
+        var resolved = path.resolve(skillDir);
+        if (!resolved.startsWith(expectedParent + path.sep)) {
+          res.writeHead(403, { "Content-Type": "application/json" });
+          res.end('{"error":"invalid skill path"}');
+          return;
+        }
+        try {
+          fs.rmSync(resolved, { recursive: true, force: true });
+          send({
+            type: "skill_uninstalled",
+            skill: skill,
+            scope: scope,
+            success: true,
+          });
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end('{"ok":true}');
+        } catch (err) {
+          send({
+            type: "skill_uninstalled",
+            skill: skill,
+            scope: scope,
+            success: false,
+            error: err.message,
+          });
+          res.writeHead(500, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: err.message }));
+        }
+      }).catch(function () {
+        res.writeHead(400);
+        res.end("Bad request");
+      });
+      return true;
+    }
+
+    // Installed skills (global + project)
+    if (req.method === "GET" && urlPath === "/api/installed-skills") {
+      var installed = {};
+      var globalDir = path.join(os.homedir(), ".claude", "skills");
+      var projectDir = path.join(cwd, ".claude", "skills");
+      var scanDirs = [
+        { dir: globalDir, scope: "global" },
+        { dir: projectDir, scope: "project" },
+      ];
+      for (var sd = 0; sd < scanDirs.length; sd++) {
+        var entries;
+        try { entries = fs.readdirSync(scanDirs[sd].dir, { withFileTypes: true }); } catch (e) { continue; }
+        for (var si = 0; si < entries.length; si++) {
+          var ent = entries[si];
+          if (!ent.isDirectory() && !ent.isSymbolicLink()) continue;
+          var mdPath = path.join(scanDirs[sd].dir, ent.name, "SKILL.md");
+          try {
+            fs.accessSync(mdPath, fs.constants.R_OK);
+            if (!installed[ent.name]) {
+              installed[ent.name] = { scope: scanDirs[sd].scope };
+            } else {
+              // project-level adds to existing global entry
+              installed[ent.name].scope = "both";
+            }
+          } catch (e) {}
+        }
+      }
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ installed: installed }));
+      return true;
+    }
+
     // Info endpoint
     if (req.method === "GET" && urlPath === "/info") {
       res.writeHead(200, {
@@ -1374,6 +1799,12 @@ function createProjectContext(opts) {
       try { ws.close(); } catch (e) {}
     }
     clients.clear();
+    // Cleanup tmp upload directory
+    try {
+      var cwdHash = crypto.createHash("sha256").update(cwd).digest("hex").substring(0, 12);
+      var tmpDir = path.join(os.tmpdir(), "clay-" + cwdHash);
+      fs.rmSync(tmpDir, { recursive: true, force: true });
+    } catch (e) {}
   }
 
   // --- Status info ---
@@ -1388,6 +1819,7 @@ function createProjectContext(opts) {
       path: cwd,
       project: project,
       title: title,
+      icon: icon,
       clients: clients.size,
       sessions: sessionCount,
       isProcessing: hasProcessing,
@@ -1399,6 +1831,10 @@ function createProjectContext(opts) {
     send({ type: "info", cwd: cwd, slug: slug, project: title || project, version: currentVersion, debug: !!debug, lanHost: lanHost, projectCount: getProjectCount(), projects: getProjectList() });
   }
 
+  function setIcon(newIcon) {
+    icon = newIcon || null;
+  }
+
   return {
     cwd: cwd,
     slug: slug,
@@ -1414,6 +1850,7 @@ function createProjectContext(opts) {
     handleHTTP: handleHTTP,
     getStatus: getStatus,
     setTitle: setTitle,
+    setIcon: setIcon,
     warmup: function () { sdk.warmup(); },
     destroy: destroy,
   };