instar 0.28.22 → 0.28.23

package/.claude/skills/setup-wizard/SKILL.md

@@ -142,25 +142,37 @@ If they type something else → interpret conversationally and route.
 
 #### If gh_status="auth-needed"
 
-Walk the user through auth FIRST:
+**MANDATORY — DO THIS BEFORE ASKING FOR AN AGENT NAME.** The discovery scan ran without GitHub access. The user may already have agents backed up to GitHub from another machine. You MUST offer to sign them in BEFORE proceeding to fresh-install prompts. Skipping this step has caused users to create duplicate agents instead of restoring existing ones.
 
-> Let me check if you have agents backed up on GitHub.
-> I need to sign you into GitHub — this opens your browser.
+Say:
+> Before we set up a new agent, let me check GitHub for any agents you've backed up from another machine. I need to sign you in — it takes about 30 seconds.
 
-```bash
-gh auth login --web --git-protocol https
-```
-
-After auth, re-scan and present results.
+Then follow the **GitHub Device-Code Auth Flow** below. After auth completes, re-run discovery (call `runDiscovery` via the setup CLI or re-invoke the wizard) and present the updated agent list. Only proceed to fresh-install if discovery still shows zero agents.
 
 #### If gh_status="unavailable"
 
-Ask:
-> Have you used Instar before on another machine?
+GitHub CLI isn't installed. With instar 0.28.18+ this should be rare — the prerequisite check auto-installs gh. If you somehow get here, ask:
+> Have you used Instar before on another machine? If so, I should install GitHub CLI so I can find your existing agents before we create a new one.
 
-If yes: Show install guidance for the platform. After install → auth → scan.
+If yes: Install gh (brew/apt), then follow the **GitHub Device-Code Auth Flow** below, then re-run discovery.
 If no: Continue to fresh install.
 
+#### GitHub Device-Code Auth Flow (use this everywhere `gh auth login` is needed)
+
+**DO NOT run `gh auth login` synchronously in Bash** — it blocks waiting for the user to visit a URL and the Bash tool buffer hides the prompt. The user will see a frozen command and have no idea what to do.
+
+Instead:
+
+1. Start `gh auth login --web --git-protocol https` with `run_in_background: true`.
+2. Poll the background output every 2 seconds (BashOutput tool) until you see a line matching `! First copy your one-time code: XXXX-XXXX` and a line containing `https://github.com/login/device`.
+3. Extract the code and URL, then present them to the user conversationally — NOT as raw Bash output:
+   > To sign in, visit **https://github.com/login/device** and enter this code: **XXXX-XXXX**
+   > I'll wait here until you're done.
+4. Poll `gh auth status` every 5 seconds (foreground, fast). When it exits 0, the user has finished. Stop polling the background process and let it complete on its own.
+5. Confirm: "You're signed in as <username>. Let me check for your agents now."
+
+If 5 minutes pass with no auth completion, ask the user if they want to keep waiting or skip GitHub for now.
+
 #### Normal fresh install options
 
 **If inside a git repo:**
@@ -1909,15 +1921,7 @@ Wait for user to install, then re-check.
 gh auth status 2>&1
 ```
 
-If not authenticated, walk them through it:
-
-> I need to connect to your GitHub account. This opens your browser for a secure sign-in.
-
-```bash
-gh auth login --web --git-protocol https
-```
-
-This is an interactive command that opens the browser — run it with `stdio: 'inherit'` so the user sees the auth flow. Wait for it to complete.
+If not authenticated, use the **GitHub Device-Code Auth Flow** described in Entry Point B (above). DO NOT run `gh auth login` synchronously — it blocks the Bash tool and the user will see a frozen command. Run in background, parse the device code and URL from output, present them conversationally, and poll `gh auth status` until success.
 
 **Step 3: Create private repo**
 

package/dist/commands/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA2PH,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA6zCD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAipItE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA2PH,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA81CD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAkpItE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}

package/dist/commands/server.js

@@ -7,7 +7,7 @@
  * When Telegram is configured, wires up message routing:
  *   topic message → find/spawn session → inject message → session replies via [telegram:N]
  */
-import { execFileSync, execSync } from 'node:child_process';
+import { execFileSync } from 'node:child_process';
 import fs from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
@@ -1221,6 +1221,34 @@ async function ensureAgentUpdatesTopic(telegram, state) {
         console.error(`  Failed to create Agent Updates topic: ${err}`);
     }
 }
+/**
+ * Find npm's CLI entry point (npm-cli.js) so we can run npm via
+ * `execFileSync(process.execPath, [npmCli, ...args])` — no shell required.
+ * This avoids "/bin/sh ENOENT" failures in minimal/containerized environments.
+ */
+function findNpmCli() {
+    // npm ships alongside node — look for it relative to process.execPath
+    const nodeDir = path.dirname(process.execPath);
+    // Standard layout: node is in bin/, npm-cli.js is in lib/node_modules/npm/bin/npm-cli.js
+    const libNpmCli = path.resolve(nodeDir, '..', 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js');
+    if (fs.existsSync(libNpmCli))
+        return libNpmCli;
+    // Homebrew on macOS: node in /opt/homebrew/bin, npm-cli in /opt/homebrew/lib/node_modules/npm/bin/npm-cli.js
+    // (same layout, but verify explicitly for clarity)
+    for (const candidate of [
+        '/opt/homebrew/lib/node_modules/npm/bin/npm-cli.js',
+        '/usr/local/lib/node_modules/npm/bin/npm-cli.js',
+        '/usr/lib/node_modules/npm/bin/npm-cli.js',
+    ]) {
+        if (fs.existsSync(candidate))
+            return candidate;
+    }
+    // Last resort: use the npm shell wrapper (requires shell, but at least we tried)
+    const npmBin = path.join(nodeDir, 'npm');
+    if (fs.existsSync(npmBin))
+        return npmBin;
+    throw new Error('Cannot find npm CLI — native module rebuild unavailable');
+}
 /**
  * Pre-flight check: ensure better-sqlite3 native bindings are compiled for the current Node.js version.
  *
@@ -1271,10 +1299,13 @@ async function ensureSqliteBindings() {
             else {
                 // Fallback: npm rebuild in the directory containing better-sqlite3.
                 // Shadow installs have their own node_modules — try that first, then global.
+                // IMPORTANT: Use execFileSync (no shell) instead of execSync to avoid
+                // "/bin/sh ENOENT" failures in minimal/containerized environments.
+                const npmCli = findNpmCli();
                 const instarDir = new URL('../../..', import.meta.url).pathname;
                 const shadowBs3 = path.join(instarDir, 'node_modules', 'better-sqlite3');
                 if (fs.existsSync(shadowBs3)) {
-                    execSync('npm rebuild better-sqlite3', {
+                    execFileSync(process.execPath, [npmCli, 'rebuild', 'better-sqlite3'], {
                         cwd: instarDir,
                         encoding: 'utf-8',
                         timeout: 60000,
@@ -1282,8 +1313,8 @@ async function ensureSqliteBindings() {
                     });
                 }
                 else {
-                    const globalInstarDir = execSync('npm root -g', { encoding: 'utf-8', timeout: 10000 }).trim() + '/instar';
-                    execSync('npm rebuild better-sqlite3', {
+                    const globalInstarDir = execFileSync(process.execPath, [npmCli, 'root', '-g'], { encoding: 'utf-8', timeout: 10000 }).toString().trim() + '/instar';
+                    execFileSync(process.execPath, [npmCli, 'rebuild', 'better-sqlite3'], {
                         cwd: globalInstarDir,
                         encoding: 'utf-8',
                         timeout: 60000,
@@ -2295,8 +2326,9 @@ export async function startServer(options) {
                         execFileSync(process.execPath, [fixScript], { encoding: 'utf-8', timeout: 60000, stdio: 'pipe' });
                     }
                     else {
-                        const globalInstarDir = execSync('npm root -g', { encoding: 'utf-8', timeout: 10000 }).trim() + '/instar';
-                        execSync('npm rebuild better-sqlite3', {
+                        const npmCli = findNpmCli();
+                        const globalInstarDir = execFileSync(process.execPath, [npmCli, 'root', '-g'], { encoding: 'utf-8', timeout: 10000 }).toString().trim() + '/instar';
+                        execFileSync(process.execPath, [npmCli, 'rebuild', 'better-sqlite3'], {
                             cwd: globalInstarDir,
                             encoding: 'utf-8',
                             timeout: 60000,