dreamcontext 0.5.0 → 0.5.1

package/README.md

@@ -16,6 +16,8 @@
   <a href="#why">Why</a> &nbsp;&middot;&nbsp;
   <a href="#how-it-works">How It Works</a> &nbsp;&middot;&nbsp;
   <a href="#quick-start">Quick Start</a> &nbsp;&middot;&nbsp;
+  <a href="#skills">Skills</a> &nbsp;&middot;&nbsp;
+  <a href="#staying-up-to-date">Updating</a> &nbsp;&middot;&nbsp;
   <a href="#dashboard">Dashboard</a> &nbsp;&middot;&nbsp;
   <a href="#council">Council</a> &nbsp;&middot;&nbsp;
   <a href="#memory-recall">Memory Recall</a> &nbsp;&middot;&nbsp;
@@ -108,10 +110,10 @@ flowchart LR
 ## Quick Start
 
 ```bash
-curl -fsSL https://raw.githubusercontent.com/meanllbrl/dreamcontext/main/install.sh | sh
+curl -fsSL https://cdn.jsdelivr.net/npm/dreamcontext/install.sh | sh
 ```
 
-> (goes live once published to npm & merged to main)
+> Served from the published npm package via CDN — works with a private repo, no GitHub access needed.
 
 **Manual install (npm):**
 
@@ -134,38 +136,6 @@ dreamcontext install-skill --platforms claude,codex
 
 Two commands. Next session, the hook fires, context loads, and the agent is ready.
 
-### Optional Skill Packs
-
-Beyond the core context management skill, dreamcontext ships with curated skill packs you can install for your team's workflow:
-
-```bash
-# Browse and install interactively (terminal checkbox UI)
-dreamcontext install-skill --packs
-
-# Install specific packs directly
-dreamcontext install-skill --packs engineering design
-
-# Install a single sub-skill
-dreamcontext install-skill --skill firebase-firestore
-
-# See what's available
-dreamcontext install-skill --list
-```
-
-| Pack | What it covers | Sub-skills |
-|------|---------------|------------|
-| **engineering** | Coding standards, security, testing, architecture | backend-principles, web-app-frontend, firebase-cloud-functions, firebase-firestore |
-| **design** | Design systems, typography, colors, accessibility | frontend-principles, design-web, design-mobile, onboarding-design |
-| **growth** | Retention, distribution, monetization, analytics | performance-marketing, lean-analytics-experiments, lean-analytics-metrics |
-| **brand-voice** | Brand enforcement, discovery, guideline generation | discover-brand, guideline-generation |
-| **system-prompts** | Prompt engineering, cognitive architecture, agent design | *(standalone)* |
-
-Packs install to platform-specific paths:
-- Claude: `.claude/skills/{pack-name}/` (+ related agents in `.claude/agents/`)
-- Codex: `.agents/skills/{pack-name}/` (+ related agents in `.codex/agents/`)
-
-Cross-pack dependencies are warned at install time.
-
 ### Interactive mode
 
 Run `dreamcontext` with no arguments to enter interactive mode with a visual menu for all commands.
@@ -176,20 +146,22 @@ Run `dreamcontext` with no arguments to enter interactive mode with a visual men
 your-project/
 ├── _dream_context/              # Structured context (git-tracked)
 │   ├── core/
-│   │   ├── 0.soul.md           # Identity, principles, rules
-│   │   ├── 1.user.md           # Your preferences, project details
-│   │   ├── 2.memory.md         # Decisions, issues, learnings
-│   │   ├── 3.style_guide.md    # Style & branding
-│   │   ├── 4.tech_stack.md     # Tech decisions
+│   │   ├── 0.soul.md                    # Identity, principles, rules
+│   │   ├── 1.user.md                    # Your preferences, project details
+│   │   ├── 2.memory.md                  # Decisions & known issues
+│   │   ├── 3.style_guide_and_branding.md
+│   │   ├── 4.tech_stack.md              # Tech decisions
 │   │   ├── 5.data_structures.sql
-│   │   ├── 6.system_flow.md    # Session lifecycle, data flows
+│   │   ├── 6.system_flow.md             # Session lifecycle, data flows
 │   │   ├── CHANGELOG.json
 │   │   ├── RELEASES.json
-│   │   └── features/           # Feature PRDs
-│   ├── knowledge/              # Tagged docs (index in snapshot)
-│   │   └── *.md                # pinned: true → auto-loaded in full
-│   └── state/                  # Active tasks, sleep state
-│       └── .sleep.json
+│   │   └── features/                    # Feature PRDs
+│   ├── knowledge/                       # Tagged docs (index in snapshot)
+│   │   └── *.md                         # pinned: true → auto-loaded in full
+│   └── state/                           # Active tasks + working state
+│       ├── *.md                         # Active task files
+│       ├── .sleep.json                  # Sleep debt, session history
+│       └── .version-check.json          # Cached update check (24h)
 │
 ├── .claude/
 │   ├── skills/dreamcontext/
@@ -215,6 +187,69 @@ dreamcontext install-instructions --platforms claude,codex
 
 This writes managed fenced blocks into `CLAUDE.md` and/or `AGENTS.md` at the project root, preserving existing non-managed content.
 
+## Skills
+
+The core `dreamcontext` skill (installed by `install-skill`) teaches your agent the context system itself. On top of that, dreamcontext ships **curated skill packs and standalone skills** that give your agent domain expertise — loaded on demand, only when the work calls for it, so they cost nothing the rest of the time.
+
+```bash
+# Browse and install interactively (terminal checkbox UI)
+dreamcontext install-skill --packs
+
+# Install specific packs directly
+dreamcontext install-skill --packs engineering design
+
+# Install one orchestration pack (council, multi-review, goal-skill)
+dreamcontext install-skill --packs goal-skill
+
+# Install a single sub-skill or standalone skill
+dreamcontext install-skill --skill firebase-firestore
+dreamcontext install-skill --skill system-prompts
+
+# See everything available
+dreamcontext install-skill --list
+```
+
+**Skill packs** (a base skill + on-demand sub-skills or sub-agents):
+
+| Pack | What it covers | Inside |
+|------|---------------|--------|
+| **engineering** _(always-on)_ | Coding standards, security, testing, architecture | backend-principles, web-app-frontend, firebase-cloud-functions, firebase-firestore |
+| **design** _(always-on)_ | Design systems, typography, color, accessibility | frontend-principles, design-web, design-mobile, onboarding-design |
+| **growth** | Retention, distribution, monetization, analytics | performance-marketing, lean-analytics-experiments, lean-analytics-metrics |
+| **brand-voice** | Brand enforcement, discovery, guideline generation | discover-brand, guideline-generation |
+| **council** | Multi-persona debate for hard decisions | `council-persona`, `council-synthesizer` agents |
+| **multi-review** | Multi-agent code review (router + niche specialists) | `review-router` + security / cloud-functions / frontend / edge-cases agents |
+| **goal-skill** | Sub-agent-orchestrated execution: plan → review → implement → validate | `goal-planner`, `goal-plan-reviewer`, `goal-implementer`, `goal-validator` agents |
+
+**Standalone skills** (install individually with `--skill <name>`):
+
+| Skill | What it covers |
+|-------|----------------|
+| **business-idea-discovery** | Market selection, trend validation, competitor intel, pain-point mining, MVP scoping |
+| **business-idea-validation** | Demand testing via landing page + waitlist, quick validation loops |
+| **meta-marketing** | Meta / Facebook / Instagram ad campaigns end to end |
+| **system-prompts** | Prompt engineering, cognitive architecture, agent design |
+
+_Always-on_ packs apply their base principles to every relevant task; the rest load only when the work matches. Packs install to platform-specific paths — Claude: `.claude/skills/{pack}/` (+ agents in `.claude/agents/`); Codex: `.agents/skills/{pack}/` (+ agents in `.codex/agents/`). Cross-pack dependencies are warned at install time.
+
+## Staying Up to Date
+
+dreamcontext tells you when a new version ships, and updating is one command. There are two distinct things to update: the **CLI** (the `dreamcontext` binary) and your **project's installed files** (the skill, agents, and hooks copied into `.claude/` or `.agents/`).
+
+```bash
+dreamcontext upgrade            # Upgrade the CLI to the latest published version
+dreamcontext upgrade --check    # Just print "current: X  latest: Y" and exit
+dreamcontext update             # Refresh this project's skill/agent/hook files to match the CLI
+```
+
+Or re-run the one-command installer — it detects an existing `_dream_context/` and updates in place:
+
+```bash
+curl -fsSL https://cdn.jsdelivr.net/npm/dreamcontext/install.sh | sh
+```
+
+**In-session update nudge.** When a newer version is published, your agent sees a single-line nudge at the top of its loaded context — so you find out while you're working, not months later. The version check is deliberately unobtrusive: it runs **at most once every 24 hours**, never during the context-loading hot path (so session start is never slowed or blocked), and fails silent if npm is unreachable. Opt out entirely with `DREAMCONTEXT_VERSION_CHECK=0`.
+
 ## Dashboard
 
 ```bash
@@ -487,6 +522,9 @@ dreamcontext hook pre-compact            # PreCompact hook: save state before co
 dreamcontext snapshot                    # Snapshot only (no hook processing)
 dreamcontext snapshot --tokens           # Estimated token count
 dreamcontext doctor                      # Validate structure
+dreamcontext upgrade                     # Upgrade the CLI to the latest published version
+dreamcontext upgrade --check             # Print current vs latest version, no install
+dreamcontext update                      # Refresh installed skill/agent/hook files to match the CLI
 dreamcontext install-skill               # Install core integration for selected platforms
 dreamcontext install-skill --platforms claude,codex  # Explicit platform selection
 dreamcontext install-skill --packs       # Interactive skill pack browser

package/dist/index.js

@@ -1369,8 +1369,8 @@ async function installInstructions(projectRoot, platform, requestedMode) {
     writeFileSync5(target, block, "utf-8");
     return { action: "replaced", target, platform, backup };
   }
-  const sep5 = existing.endsWith("\n") ? "\n" : "\n\n";
-  writeFileSync5(target, existing + sep5 + block, "utf-8");
+  const sep6 = existing.endsWith("\n") ? "\n" : "\n\n";
+  writeFileSync5(target, existing + sep6 + block, "utf-8");
   return { action: "appended", target, platform };
 }
 async function installClaudeMd(projectRoot, requestedMode) {
@@ -6481,21 +6481,10 @@ function registerHookCommand(program) {
       try {
         const prompt = String(input9.prompt ?? "");
         if (prompt.trim().length >= 8) {
-          const projectRoot = process.cwd();
-          const skillsRoot = join25(projectRoot, ".claude", "skills");
+          const skillsRoot = join25(process.cwd(), ".claude", "skills");
           const docs = loadSkillDocs(skillsRoot);
-          if (docs.length > 0) {
-            const hits = bm25Search(prompt, docs, MAX_RELATED_SKILLS).filter((h) => h.score >= SKILL_SCORE_THRESHOLD);
-            if (hits.length > 0) {
-              const lines = ["", `\u2014 Related skills (top ${hits.length}) \u2014`];
-              lines.push("  Invoke these via the Skill tool BEFORE acting if they fit the task:");
-              for (const h of hits) {
-                const desc = h.doc.description.length > 120 ? h.doc.description.slice(0, 120) + "\u2026" : h.doc.description;
-                lines.push(`  \u2022 ${h.doc.slug}${desc ? ` \u2014 ${desc}` : ""}`);
-              }
-              console.log(lines.join("\n"));
-              gatedSkills = true;
-            }
+          if (docs.length > 0 && bm25Search(prompt, docs, 5).some((h) => h.score >= SKILL_SCORE_THRESHOLD)) {
+            gatedSkills = true;
           }
         }
       } catch (skillErr) {
@@ -6504,9 +6493,11 @@ function registerHookCommand(program) {
     }
     if (hadRecallHits || gatedSkills) {
       const g = ["", "\u26D4 Before you act, get the full picture from project memory \u2014 not optional:"];
-      g.push("  \u2022 READ the related knowledge/feature file(s) for this task in full (Read tool) \u2014 the relevant ones recalled above plus anything in your knowledge index. The source code will NOT show the decisions and constraints they hold.");
-      if (gatedSkills) {
-        g.push('  \u2022 INVOKE the related skill(s) above via the Skill tool if they fit \u2014 required, not "if you like".');
+      if (hadRecallHits) {
+        g.push("  \u2022 READ the related knowledge/feature file(s) recalled above in full (Read tool) \u2014 plus anything relevant in your knowledge index. The source code will NOT show the decisions and constraints they hold.");
+      }
+      if (process.env.DREAMCONTEXT_SKILLS_HOOK !== "0") {
+        g.push("  \u2022 REVIEW the skills available to you (the full list is already in your context) and INVOKE any that fit this task via the Skill tool \u2014 do NOT limit yourself to a pre-selected few; scan them all and decide.");
       }
       g.push('  \u2022 For depth, RECALL more: dreamcontext memory recall "<your keywords>" [--types knowledge,feature,task,memory] \u2014 try a few keyword sets and read the relevant hits in full.');
       g.push('  \u2022 CHECK whether a task already exists for this work: dreamcontext memory recall "<keywords>" --types task (or look in _dream_context/state/). If one exists, follow it; if the work is untracked and non-trivial, create one.');
@@ -6564,7 +6555,7 @@ function registerHookCommand(program) {
     writeSleepState(root, state);
   });
 }
-var MAX_TRANSCRIPT_BYTES, SKILL_SCORE_THRESHOLD, MAX_RELATED_SKILLS, ZERO_ANALYSIS, JS_TS_EXTENSIONS, MAX_WALK_LEVELS, BIOME_CONFIGS, PRETTIER_CONFIGS;
+var MAX_TRANSCRIPT_BYTES, SKILL_SCORE_THRESHOLD, ZERO_ANALYSIS, JS_TS_EXTENSIONS, MAX_WALK_LEVELS, BIOME_CONFIGS, PRETTIER_CONFIGS;
 var init_hook = __esm({
   "src/cli/commands/hook.ts"() {
     "use strict";
@@ -6579,7 +6570,6 @@ var init_hook = __esm({
     init_install_skill();
     MAX_TRANSCRIPT_BYTES = 50 * 1024 * 1024;
     SKILL_SCORE_THRESHOLD = 1;
-    MAX_RELATED_SKILLS = 3;
     ZERO_ANALYSIS = { changeCount: 0, toolCount: 0, taskSlugs: [] };
     JS_TS_EXTENSIONS = /* @__PURE__ */ new Set([".js", ".jsx", ".ts", ".tsx", ".mjs", ".cjs", ".mts", ".cts"]);
     MAX_WALK_LEVELS = 10;
@@ -6826,49 +6816,59 @@ var init_router = __esm({
 
 // src/server/middleware.ts
 async function parseJsonBody(req) {
-  return new Promise((resolve9) => {
+  return new Promise((resolve10) => {
     const chunks = [];
     let size = 0;
     req.on("data", (chunk) => {
       size += chunk.length;
       if (size > MAX_BODY_SIZE) {
         req.destroy();
-        resolve9(null);
+        resolve10(null);
         return;
       }
       chunks.push(chunk);
     });
     req.on("end", () => {
       if (chunks.length === 0) {
-        resolve9(null);
+        resolve10(null);
         return;
       }
       try {
         const body = Buffer.concat(chunks).toString("utf-8");
-        resolve9(JSON.parse(body));
+        resolve10(JSON.parse(body));
       } catch {
-        resolve9(null);
+        resolve10(null);
       }
     });
-    req.on("error", () => resolve9(null));
+    req.on("error", () => resolve10(null));
   });
 }
 function sendJson(res, statusCode, data) {
   const body = JSON.stringify(data);
   res.writeHead(statusCode, {
     "Content-Type": "application/json",
-    "Content-Length": Buffer.byteLength(body),
-    "Access-Control-Allow-Origin": "*"
+    "Content-Length": Buffer.byteLength(body)
   });
   res.end(body);
 }
 function sendError(res, statusCode, error2, message) {
   sendJson(res, statusCode, { error: error2, message });
 }
+function isCrossSiteWrite(req) {
+  const method = (req.method || "GET").toUpperCase();
+  if (method === "GET" || method === "HEAD" || method === "OPTIONS") return false;
+  const origin = req.headers.origin;
+  if (!origin) return false;
+  return !LOCAL_ORIGIN_RE.test(origin);
+}
 function handleCors(req, res) {
-  res.setHeader("Access-Control-Allow-Origin", "*");
-  res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS");
-  res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+  const origin = req.headers.origin;
+  if (origin && LOCAL_ORIGIN_RE.test(origin)) {
+    res.setHeader("Access-Control-Allow-Origin", origin);
+    res.setHeader("Vary", "Origin");
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+  }
   if (req.method === "OPTIONS") {
     res.writeHead(204);
     res.end();
@@ -6876,11 +6876,12 @@ function handleCors(req, res) {
   }
   return false;
 }
-var MAX_BODY_SIZE;
+var MAX_BODY_SIZE, LOCAL_ORIGIN_RE;
 var init_middleware = __esm({
   "src/server/middleware.ts"() {
     "use strict";
     MAX_BODY_SIZE = 1048576;
+    LOCAL_ORIGIN_RE = /^https?:\/\/(localhost|127\.0\.0\.1|\[::1\])(:\d+)?$/i;
   }
 });
 
@@ -7480,6 +7481,21 @@ var init_sleep2 = __esm({
   }
 });
 
+// src/server/safe-path.ts
+import { resolve as resolve4, sep as sep2 } from "path";
+function safeChildPath(baseDir, child) {
+  if (!child || child.includes("\0")) return null;
+  const base = resolve4(baseDir);
+  const target = resolve4(base, child);
+  if (target !== base && !target.startsWith(base + sep2)) return null;
+  return target;
+}
+var init_safe_path = __esm({
+  "src/server/safe-path.ts"() {
+    "use strict";
+  }
+});
+
 // src/server/routes/core.ts
 import { existsSync as existsSync31, readdirSync as readdirSync8 } from "fs";
 import { join as join29 } from "path";
@@ -7513,7 +7529,11 @@ async function handleCoreList(_req, res, _params, contextRoot) {
 }
 async function handleCoreGet(_req, res, params, contextRoot) {
   const { filename } = params;
-  const filePath = join29(getCoreDir(contextRoot), filename);
+  const filePath = safeChildPath(getCoreDir(contextRoot), filename);
+  if (!filePath) {
+    sendError(res, 400, "invalid_path", "Invalid filename.");
+    return;
+  }
   if (!existsSync31(filePath)) {
     sendError(res, 404, "not_found", `Core file not found: ${filename}`);
     return;
@@ -7560,7 +7580,11 @@ async function handleCoreGet(_req, res, params, contextRoot) {
 }
 async function handleCoreUpdate(req, res, params, contextRoot) {
   const { filename } = params;
-  const filePath = join29(getCoreDir(contextRoot), filename);
+  const filePath = safeChildPath(getCoreDir(contextRoot), filename);
+  if (!filePath) {
+    sendError(res, 400, "invalid_path", "Invalid filename.");
+    return;
+  }
   if (!existsSync31(filePath)) {
     sendError(res, 404, "not_found", `Core file not found: ${filename}`);
     return;
@@ -7619,6 +7643,7 @@ var init_core2 = __esm({
     init_frontmatter();
     init_markdown();
     init_middleware();
+    init_safe_path();
     init_change_tracker();
   }
 });
@@ -8190,7 +8215,7 @@ var init_graph = __esm({
 
 // src/server/routes/graph.ts
 import { existsSync as existsSync36, readFileSync as readFileSync23 } from "fs";
-import { normalize, resolve as resolve4, sep as sep2 } from "path";
+import { normalize, resolve as resolve5, sep as sep3 } from "path";
 async function handleGraphGet(_req, res, _params, contextRoot) {
   try {
     const graph = buildGraph(contextRoot);
@@ -8207,9 +8232,9 @@ async function handleGraphContentGet(req, res, _params, contextRoot) {
     sendError(res, 400, "missing_path", 'Query parameter "path" is required.');
     return;
   }
-  const absRoot = resolve4(contextRoot);
-  const absTarget = resolve4(absRoot, normalize(rawPath));
-  if (!absTarget.startsWith(absRoot + sep2) && absTarget !== absRoot) {
+  const absRoot = resolve5(contextRoot);
+  const absTarget = resolve5(absRoot, normalize(rawPath));
+  if (!absTarget.startsWith(absRoot + sep3) && absTarget !== absRoot) {
     sendError(res, 400, "invalid_path", "Path escapes context root.");
     return;
   }
@@ -8265,7 +8290,7 @@ var init_graph2 = __esm({
 
 // src/lib/council.ts
 import { existsSync as existsSync37, mkdirSync as mkdirSync9, readFileSync as readFileSync24 } from "fs";
-import { join as join34, resolve as resolve5, sep as sep3 } from "path";
+import { join as join34, resolve as resolve6, sep as sep4 } from "path";
 import { fileURLToPath as fileURLToPath5 } from "url";
 function getCouncilDir() {
   const root = ensureContextRoot();
@@ -8283,9 +8308,9 @@ function assertSafeSegment(kind, id) {
   }
 }
 function assertWithinCouncil(target) {
-  const council = resolve5(getCouncilDir());
-  const resolved = resolve5(target);
-  if (resolved !== council && !resolved.startsWith(council + sep3)) {
+  const council = resolve6(getCouncilDir());
+  const resolved = resolve6(target);
+  if (resolved !== council && !resolved.startsWith(council + sep4)) {
     throw new Error(`Path escapes council directory: ${target}`);
   }
   return resolved;
@@ -8472,7 +8497,7 @@ var init_council = __esm({
 
 // src/server/routes/council.ts
 import { existsSync as existsSync38 } from "fs";
-import { join as join35, resolve as resolve6, sep as sep4 } from "path";
+import { join as join35, resolve as resolve7, sep as sep5 } from "path";
 function getCouncilDir2(contextRoot) {
   return join35(contextRoot, "council");
 }
@@ -8483,9 +8508,9 @@ function assertSafeSegment2(id) {
   return true;
 }
 function assertWithin(root, target) {
-  const r = resolve6(root);
-  const t = resolve6(target);
-  if (t !== r && !t.startsWith(r + sep4)) return null;
+  const r = resolve7(root);
+  const t = resolve7(target);
+  if (t !== r && !t.startsWith(r + sep5)) return null;
   return t;
 }
 function extractNamedSubsection(body, heading) {
@@ -8673,7 +8698,7 @@ var init_council2 = __esm({
 
 // src/server/index.ts
 import { createServer } from "http";
-import { resolve as resolve7 } from "path";
+import { resolve as resolve8 } from "path";
 import { fileURLToPath as fileURLToPath6 } from "url";
 import { exec } from "child_process";
 function buildRouter() {
@@ -8710,20 +8735,24 @@ function buildRouter() {
 }
 function getDashboardDir() {
   const __dirname7 = fileURLToPath6(new URL(".", import.meta.url));
-  return resolve7(__dirname7, "dashboard");
+  return resolve8(__dirname7, "dashboard");
 }
 function openBrowser(url) {
   const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
   exec(`${cmd} ${url}`);
 }
 function startDashboardServer(options) {
-  const { port, contextRoot, open } = options;
+  const { port, contextRoot, open, host = "127.0.0.1" } = options;
   const router = buildRouter();
   const dashboardDir = getDashboardDir();
   return new Promise((resolvePromise, reject) => {
     const server = createServer(async (req, res) => {
       try {
         if (handleCors(req, res)) return;
+        if (isCrossSiteWrite(req)) {
+          sendError(res, 403, "forbidden", "Cross-site request blocked.");
+          return;
+        }
         const url = new URL(req.url || "/", `http://${req.headers.host}`);
         const method = req.method || "GET";
         if (url.pathname.startsWith("/api/")) {
@@ -8749,11 +8778,16 @@ function startDashboardServer(options) {
       }
     });
     server.setTimeout(3e4);
-    server.listen(port, () => {
-      const url = `http://localhost:${port}`;
+    server.listen(port, host, () => {
+      const shownHost = host === "127.0.0.1" ? "localhost" : host;
+      const url = `http://${shownHost}:${port}`;
       console.log(`
   Dashboard: ${url}
 `);
+      if (host !== "127.0.0.1") {
+        console.log(`  WARNING: bound to ${host} \u2014 the dashboard API is reachable from your network.
+`);
+      }
       console.log("  Press Ctrl+C to stop.\n");
       if (open) {
         openBrowser(url);
@@ -8788,13 +8822,13 @@ var init_server = __esm({
 
 // src/cli/commands/dashboard.ts
 function registerDashboardCommand(program) {
-  program.command("dashboard").description("Open the web dashboard in your browser").option("-p, --port <port>", "Port number", "4173").option("--no-open", "Do not open browser automatically").action(async (opts) => {
+  program.command("dashboard").description("Open the web dashboard in your browser").option("-p, --port <port>", "Port number", "4173").option("--host <host>", "Interface to bind (default loopback). Use 0.0.0.0 to expose on your network.", "127.0.0.1").option("--no-open", "Do not open browser automatically").action(async (opts) => {
     const contextRoot = ensureContextRoot();
     const port = parseInt(opts.port, 10);
     if (isNaN(port) || port < 1 || port > 65535) {
       throw new Error("Invalid port number. Must be between 1 and 65535.");
     }
-    await startDashboardServer({ port, contextRoot, open: opts.open });
+    await startDashboardServer({ port, contextRoot, open: opts.open, host: opts.host });
   });
 }
 var init_dashboard = __esm({
@@ -10120,14 +10154,14 @@ REINFLUENCE_BIN=           # optional override; default uses .venv
 import { spawn, spawnSync } from "child_process";
 import { existsSync as existsSync42, mkdirSync as mkdirSync12, cpSync as cpSync2 } from "fs";
 import { fileURLToPath as fileURLToPath7 } from "url";
-import { dirname as dirname13, resolve as resolve8, join as join37 } from "path";
+import { dirname as dirname13, resolve as resolve9, join as join37 } from "path";
 function findBundledReinfluence() {
   const candidates = [
     // Installed npm package: dist/<chunk>.js -> ../tools/reinfluence
-    resolve8(__dirname6, "..", "tools", "reinfluence"),
-    resolve8(__dirname6, "..", "..", "tools", "reinfluence"),
+    resolve9(__dirname6, "..", "tools", "reinfluence"),
+    resolve9(__dirname6, "..", "..", "tools", "reinfluence"),
     // Dev tree: src/lib/marketing -> ../../../tools/reinfluence
-    resolve8(__dirname6, "..", "..", "..", "tools", "reinfluence")
+    resolve9(__dirname6, "..", "..", "..", "tools", "reinfluence")
   ];
   for (const c of candidates) {
     if (existsSync42(join37(c, "__main__.py"))) return c;
@@ -11024,7 +11058,7 @@ function getQueue(accountId) {
 async function withWriteSlot(accountId, fn) {
   const q = getQueue(accountId);
   if (q.active >= PER_ACCOUNT_WRITE_CONCURRENCY) {
-    await new Promise((resolve9) => q.waiting.push(resolve9));
+    await new Promise((resolve10) => q.waiting.push(resolve10));
   }
   q.active += 1;
   try {
@@ -14110,13 +14144,13 @@ async function resolveBody(body, bodyFile) {
   return null;
 }
 function readStdin3() {
-  return new Promise((resolve9, reject) => {
+  return new Promise((resolve10, reject) => {
     let data = "";
     process.stdin.setEncoding("utf8");
     process.stdin.on("data", (chunk) => {
       data += chunk;
     });
-    process.stdin.on("end", () => resolve9(data));
+    process.stdin.on("end", () => resolve10(data));
     process.stdin.on("error", reject);
   });
 }
@@ -15761,12 +15795,12 @@ import chalk40 from "chalk";
 function getBanner() {
   const logo = renderBanner();
   const title = `${chalk40.bold.cyan("D R E A M")}${chalk40.bold.cyanBright("   C O N T E X T")}`;
-  const sep5 = chalk40.dim("\u2501".repeat(25));
+  const sep6 = chalk40.dim("\u2501".repeat(25));
   const tagline = chalk40.dim("persistent memory for AI agents");
   const text = [
     "",
     `       ${title}`,
-    `       ${sep5}`,
+    `       ${sep6}`,
     `    ${tagline}`
   ].join("\n");
   return "\n" + logo + text + "\n";

package/install.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 # dreamcontext install script
-# Review this script before piping it to sh: https://github.com/meanllbrl/dreamcontext
+# Review this script before piping it to sh: https://www.npmjs.com/package/dreamcontext
 set -e
 
 say() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dreamcontext",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "description": "dreamcontext — the persistent brain for your AI agents. Remembers what you built, knows how your project works.",
   "type": "module",
   "bin": {