mixdog 0.7.8 → 0.7.12

package/scripts/mutation-io-smoke.mjs

@@ -70,7 +70,23 @@ async function warmRead(path, scope, offset = 0, limit = 20) {
 }
 
 async function rmTree(path) {
-  await rm(path, { recursive: true, force: true, maxRetries: 5, retryDelay: 50 });
+  // Windows CI occasionally keeps a just-used temp file locked briefly after the
+  // owning JS/native subprocess exits (EACCES/EBUSY/EPERM). Cleanup is not part
+  // of the smoke invariant, so retry with backoff and make final teardown
+  // best-effort instead of turning a passed mutation suite red.
+  const delays = [50, 100, 200, 400, 800];
+  let lastErr = null;
+  for (let i = 0; i <= delays.length; i++) {
+    try {
+      await rm(path, { recursive: true, force: true, maxRetries: 3, retryDelay: 50 });
+      return;
+    } catch (err) {
+      lastErr = err;
+      if (!['EACCES', 'EBUSY', 'EPERM', 'ENOTEMPTY'].includes(err?.code)) break;
+      if (i < delays.length) await new Promise((resolve) => setTimeout(resolve, delays[i]));
+    }
+  }
+  console.warn(`mutation-io smoke cleanup warning: failed to remove ${path}: ${lastErr?.code || ''} ${lastErr?.message || lastErr}`);
 }
 
 try {

package/scripts/openai-oauth-catalog-smoke.mjs

@@ -0,0 +1,53 @@
+import assert from 'node:assert/strict';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+
+const tmpData = mkdtempSync(join(tmpdir(), 'mixdog-openai-oauth-catalog-'));
+process.env.CLAUDE_PLUGIN_DATA = tmpData;
+
+globalThis.fetch = async (url) => {
+  const text = String(url);
+  if (text.includes('model_prices_and_context_window')) {
+    return {
+      ok: true,
+      json: async () => ({
+        'openai/gpt-5.5': {
+          litellm_provider: 'openai',
+          max_input_tokens: 1050000,
+          max_output_tokens: 128000,
+          input_cost_per_token: 1e-6,
+          output_cost_per_token: 2e-6,
+          supports_prompt_caching: true,
+        },
+      }),
+    };
+  }
+  if (text.includes('models.dev')) {
+    return { ok: true, json: async () => ({}) };
+  }
+  throw new Error(`unexpected fetch: ${text}`);
+};
+
+try {
+  const { enrichModels } = await import('../src/agent/orchestrator/providers/model-catalog.mjs');
+  const [model] = await enrichModels([{
+    id: 'gpt-5.5',
+    provider: 'openai-oauth',
+    contextWindow: 272000,
+    outputTokens: 32768,
+    serviceTiers: [{ id: 'priority', name: 'Fast', description: '1.5x speed' }],
+    additionalSpeedTiers: ['fast'],
+  }]);
+
+  assert.equal(model.contextWindow, 272000);
+  assert.equal(model.outputTokens, 32768);
+  assert.deepEqual(model.serviceTiers, [{ id: 'priority', name: 'Fast', description: '1.5x speed' }]);
+  assert.deepEqual(model.additionalSpeedTiers, ['fast']);
+  assert.equal(model.inputCostPerM, 1);
+  assert.equal(model.outputCostPerM, 2);
+
+  console.log('openai-oauth catalog smoke: ok');
+} finally {
+  rmSync(tmpData, { recursive: true, force: true });
+}

package/scripts/permission-eval-smoke.mjs

@@ -10,6 +10,23 @@ import path from 'path';
 import { createRequire } from 'module';
 import { fileURLToPath } from 'url';
 
+// The evaluator intentionally merges user-global Claude settings. Local dev
+// machines commonly have defaultMode=bypassPermissions, which made this smoke
+// pass locally while CI's empty user config exercised stricter defaults. Pin
+// the user tier to a throwaway Claude config dir so the smoke is hermetic and
+// still verifies the intended invariant: hard-deny and explicit list rules win
+// before bypass mode.
+const smokeHome = fs.realpathSync(fs.mkdtempSync(path.join(os.tmpdir(), 'perm-smoke-home-')));
+const smokeConfigDir = path.join(smokeHome, '.claude');
+fs.mkdirSync(smokeConfigDir, { recursive: true });
+fs.writeFileSync(
+  path.join(smokeConfigDir, 'settings.json'),
+  JSON.stringify({ permissions: { defaultMode: 'bypassPermissions' } }),
+);
+process.env.HOME = smokeHome;
+process.env.USERPROFILE = smokeHome;
+process.env.CLAUDE_CONFIG_DIR = smokeConfigDir;
+
 const _require = createRequire(import.meta.url);
 const evalPath = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '../hooks/lib/permission-evaluator.cjs');
 const { evaluatePermission } = _require(evalPath);
@@ -21,7 +38,7 @@ const { loadPermissions, clearSettingsCache } = _require(loaderPath);
 let pass = 0, fail = 0;
 
 function makeProject(settings = {}) {
-  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'perm-smoke-'));
+  const dir = fs.realpathSync(fs.mkdtempSync(path.join(os.tmpdir(), 'perm-smoke-')));
   fs.mkdirSync(path.join(dir, '.claude'), { recursive: true });
   if (Object.keys(settings).length) {
     fs.writeFileSync(

package/scripts/statusline-launcher-smoke.mjs

@@ -27,7 +27,7 @@ const tmp = mkdtempSync(join(tmpdir(), 'mixdog-sl-launcher-'));
 function run(homeDir) {
   return spawnSync(process.execPath, [LAUNCHER], {
     input: SAMPLE,
-    env: { ...process.env, HOME: homeDir, USERPROFILE: homeDir },
+    env: { ...process.env, HOME: homeDir, USERPROFILE: homeDir, CLAUDE_CONFIG_DIR: join(homeDir, '.claude') },
     encoding: 'utf8',
   });
 }
@@ -60,7 +60,7 @@ try {
     + "process.stdout.write(await renderStatusLine(i));\n"
   );
   const directRun = spawnSync(process.execPath, [driver],
-    { input: SAMPLE, env: { ...process.env, HOME: tmp, USERPROFILE: tmp }, encoding: 'utf8' });
+    { input: SAMPLE, env: { ...process.env, HOME: tmp, USERPROFILE: tmp, CLAUDE_CONFIG_DIR: join(tmp, '.claude') }, encoding: 'utf8' });
   const direct = directRun.stdout || '';
 
   const ok = run(tmp);

package/scripts/webhook-selfheal-smoke.mjs

@@ -5,9 +5,7 @@
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 
-if (!process.env.CLAUDE_PLUGIN_DATA) {
-  process.env.CLAUDE_PLUGIN_DATA = join(tmpdir(), `mixdog-webhook-selfheal-smoke-${process.pid}`);
-}
+process.env.CLAUDE_PLUGIN_DATA = join(tmpdir(), `mixdog-webhook-selfheal-smoke-${process.pid}`);
 
 const { decidePortReclaimAction } = await import('../src/channels/lib/webhook.mjs');
 

package/server-main.mjs

@@ -1040,10 +1040,62 @@ async function _getBridgeLlmFactory() {
 // completion after the worker stopped waiting for the result.
 const AGENT_IPC_MAX_CONCURRENT = 2
 const _agentIpcInflight = new Map()
-/** @type {Array<{ msg: object, worker: string, proc: import('child_process').ChildProcess }>} */
+/** @type {Array<{ msg: object, worker: string, proc: import('child_process').ChildProcess, lane?: string }>} */
 const _agentIpcQueue = []
 let _agentIpcRunning = 0
 
+const AGENT_IPC_LANE_USER = 'user'
+const AGENT_IPC_LANE_MAINTENANCE = 'maintenance'
+/** @type {Set<string>} */
+const AGENT_IPC_MAINTENANCE_WORKERS = new Set(['memory'])
+
+function _normalizeAgentIpcLaneToken(v) {
+  return typeof v === 'string' ? v.trim().toLowerCase() : ''
+}
+
+function _isMaintenanceBridgeRole(role) {
+  const r = _normalizeAgentIpcLaneToken(role)
+  if (!r) return false
+  if (r === 'maintenance' || r === 'scheduler-task' || r === 'webhook-handler' || r === 'memory-classification') {
+    return true
+  }
+  if (r.startsWith('cycle')) return true
+  return false
+}
+
+/** @returns {'user'|'maintenance'} */
+function _classifyAgentIpcJobLane(msg, worker) {
+  const lane = _normalizeAgentIpcLaneToken(msg?.lane)
+  if (lane === AGENT_IPC_LANE_MAINTENANCE || lane === 'maint') return AGENT_IPC_LANE_MAINTENANCE
+  if (lane === AGENT_IPC_LANE_USER) return AGENT_IPC_LANE_USER
+
+  const priority = _normalizeAgentIpcLaneToken(msg?.priority)
+  if (priority === AGENT_IPC_LANE_MAINTENANCE || priority === 'maint') return AGENT_IPC_LANE_MAINTENANCE
+  if (priority === AGENT_IPC_LANE_USER) return AGENT_IPC_LANE_USER
+
+  if (msg?.maintenance === true || msg?.isMaintenance === true) return AGENT_IPC_LANE_MAINTENANCE
+
+  const params = msg?.params && typeof msg.params === 'object' ? msg.params : {}
+  if (_isMaintenanceBridgeRole(params.role)) return AGENT_IPC_LANE_MAINTENANCE
+
+  const w = _normalizeAgentIpcLaneToken(worker)
+  if (AGENT_IPC_MAINTENANCE_WORKERS.has(w)) return AGENT_IPC_LANE_MAINTENANCE
+
+  return AGENT_IPC_LANE_USER
+}
+
+function _dequeueHighestPriorityAgentIpcJob() {
+  if (_agentIpcQueue.length === 0) return null
+  for (let i = 0; i < _agentIpcQueue.length; i++) {
+    const job = _agentIpcQueue[i]
+    const lane = job.lane || _classifyAgentIpcJobLane(job.msg, job.worker)
+    if (lane !== AGENT_IPC_LANE_MAINTENANCE) {
+      return _agentIpcQueue.splice(i, 1)[0]
+    }
+  }
+  return _agentIpcQueue.shift()
+}
+
 function _sendAgentIpcResponse(proc, callId, body) {
   try { proc.send({ type: 'agent_ipc_response', callId, ...body }) } catch {}
 }
@@ -1066,14 +1118,16 @@ function _startAgentIpcJob(job) {
 
 function _drainAgentIpcQueue() {
   while (_agentIpcRunning < AGENT_IPC_MAX_CONCURRENT && _agentIpcQueue.length > 0) {
-    const job = _agentIpcQueue.shift()
+    const job = _dequeueHighestPriorityAgentIpcJob()
+    if (!job) break
     _agentIpcRunning++
     _startAgentIpcJob(job)
   }
 }
 
 function _enqueueAgentIpcRequest(msg, worker, proc) {
-  _agentIpcQueue.push({ msg, worker, proc })
+  const lane = _classifyAgentIpcJobLane(msg, worker)
+  _agentIpcQueue.push({ msg, worker, proc, lane })
   _drainAgentIpcQueue()
 }
 

package/setup/config-merge.mjs

@@ -25,7 +25,6 @@ const AGENT_PROVIDER_ENV = Object.freeze({
   gemini: 'GEMINI_API_KEY',
   deepseek: 'DEEPSEEK_API_KEY',
   xai: 'XAI_API_KEY',
-  nvidia: 'NVIDIA_API_KEY',
 });
 
 function envSecretPresent(account) {

package/setup/install.mjs

@@ -30,7 +30,8 @@ import { createInterface } from 'node:readline';
 import { spawn, spawnSync } from 'node:child_process';
 import { DEFAULT_MARKETPLACE, DEFAULT_PLUGIN } from '../src/shared/plugin-paths.mjs';
 import { resolveClaudeExecutable } from './locate-claude.mjs';
-import { createSpinner } from './tui.mjs';
+import { confirm, createSpinner, outro } from './tui.mjs';
+import { openInBrowser } from '../src/shared/open-url.mjs';
 
 const MARKETPLACE = DEFAULT_MARKETPLACE;
 const PLUGIN_REF = `${DEFAULT_PLUGIN}@${DEFAULT_MARKETPLACE}`;
@@ -64,6 +65,21 @@ function loadSettings(file) {
   return JSON.parse(raw);
 }
 
+/** True when user settings already enable the published plugin ref (deterministic read). */
+export function isPluginRegistered() {
+  const file = join(claudeConfigBaseDir(), 'settings.json');
+  if (!existsSync(file)) return false;
+  try {
+    const raw = readFileSync(file, 'utf8');
+    if (raw.trim() === '') return false;
+    const settings = JSON.parse(raw);
+    if (!isPlainObject(settings)) return false;
+    return settings?.enabledPlugins?.[PLUGIN_REF] === true;
+  } catch {
+    return false;
+  }
+}
+
 function isPlainObject(value) {
   return value !== null && typeof value === 'object' && !Array.isArray(value);
 }
@@ -196,26 +212,91 @@ async function ensureClaudeInstalled(dryRun = false) {
   console.log(CLAUDE_SETUP_GUIDANCE);
 }
 
-const WIZARD_STEP_LABELS = [
-  'Address form',
-  'Discord bot token',
-  'Voice transcription',
-  'Webhook receiver',
-  'Provider API keys',
-  'Model presets',
-  'Role → preset mapping',
-  'Search backend',
-  'Explorer maintenance preset',
+// OAuth logins for the agent runtime. Claude (anthropic-oauth) powers every
+// default preset so it is recommended; Codex (openai-oauth) is an optional
+// extra. Both complete a browser-PKCE login via a localhost callback, so an
+// inline login works (`offerLogin: true`).
+//
+// Grok Build (grok-oauth) is DETECT-ONLY (`offerLogin: false`): xAI's consent
+// page shows a code to copy instead of redirecting to our localhost callback,
+// so an inline login here would dead-end (the user gets a key with nowhere to
+// put it). Its real login is the official `grok` CLI, which handles that paste
+// and writes ~/.grok/auth.json — mixdog reads that file (and its own store),
+// so we only DETECT Grok and point at the CLI when it is missing.
+//
+// Each provider module exposes the same shape — a `has…Credentials` detector
+// and (for offerLogin providers) a browser-PKCE `loginOAuth` resolving a truthy
+// token object on success or null on failure. Already authenticated →
+// auto-skip. All branches are invariant-gated (creds present? · offerLogin? ·
+// TTY? · login result?) — no heuristic fallback.
+const OAUTH_PROVIDERS = [
+  {
+    label: 'Claude',
+    module: '../src/agent/orchestrator/providers/anthropic-oauth.mjs',
+    has: 'hasAnthropicOAuthCredentials',
+    offerLogin: true,
+    recommended: true,
+  },
+  {
+    label: 'Codex (ChatGPT)',
+    module: '../src/agent/orchestrator/providers/openai-oauth.mjs',
+    has: 'hasOpenAIOAuthCredentials',
+    offerLogin: true,
+    recommended: false,
+  },
+  {
+    label: 'Grok Build',
+    module: '../src/agent/orchestrator/providers/grok-oauth.mjs',
+    has: 'hasGrokOAuthCredentials',
+    offerLogin: false,
+    hint: 'log in with the `grok` CLI — mixdog reads ~/.grok/auth.json automatically',
+  },
 ];
 
-function logDryRunWizard() {
-  console.log('[dry-run] would run the setup wizard (9 steps):');
-  for (let i = 0; i < WIZARD_STEP_LABELS.length; i += 1) {
-    console.log(`[dry-run]   ${i + 1}. ${WIZARD_STEP_LABELS[i]}`);
+async function ensureOAuthLogins(dryRun = false) {
+  const interactive = process.stdin.isTTY && !process.env.CI;
+  for (const p of OAUTH_PROVIDERS) {
+    const mod = await import(p.module);
+    if (mod[p.has]()) {
+      console.log(dryRun ? `[dry-run] ${p.label} login detected` : `✓ ${p.label} login detected.`);
+      continue;
+    }
+    // Detect-only providers (Grok): never open an inline login — point at the
+    // provider's own CLI, which mixdog auto-detects via its credential file.
+    if (!p.offerLogin) {
+      console.log(
+        dryRun
+          ? `[dry-run] no ${p.label} login — would point to: ${p.hint}`
+          : `${p.label}: not logged in — ${p.hint}.`,
+      );
+      continue;
+    }
+    if (dryRun) {
+      console.log(`[dry-run] no ${p.label} login — would offer to log in via the browser`);
+      continue;
+    }
+    if (!interactive) {
+      console.log(`${p.label}: not logged in — log in anytime via /setup.`);
+      continue;
+    }
+    const yes = await confirm(`Log in to ${p.label} now? (opens your browser)`, {
+      initial: p.recommended,
+    });
+    if (!yes) {
+      console.log(`Skipped ${p.label} — log in anytime via /setup.`);
+      continue;
+    }
+    const result = await mod.loginOAuth();
+    console.log(
+      result
+        ? `✓ ${p.label} login complete.`
+        : `${p.label} login did not complete — retry anytime via /setup.`,
+    );
   }
 }
 
 async function runInstallDemo() {
+  process.env.MIXDOG_SETUP_QUIET = '1';
   const tmpRoot = mkdtempSync(join(tmpdir(), 'mixdog-demo-'));
   const configDir = join(tmpRoot, 'config');
   const dataDir = join(tmpRoot, 'data');
@@ -230,7 +311,7 @@ async function runInstallDemo() {
     } catch {}
   });
 
-  console.log('\n🎬 mixdog demo — real wizard UI, nothing saved (isolated temp, auto-cleaned).\n');
+  console.log('\n🎬 mixdog demo — install preview, nothing saved (isolated temp, auto-cleaned).\n');
 
   const claudePath = resolveClaudeExecutable();
   if (claudePath) {
@@ -241,18 +322,27 @@ async function runInstallDemo() {
 
   console.log('[demo] skipping plugin registration');
 
-  const { runSetupWizard } = await import('./wizard.mjs');
-  await runSetupWizard();
+  for (const p of OAUTH_PROVIDERS) {
+    const mod = await import(p.module);
+    console.log(
+      mod[p.has]()
+        ? `[demo] ${p.label} login detected`
+        : `[demo] no ${p.label} login — ${p.offerLogin ? 'would offer a browser login' : `would point to: ${p.hint}`}`,
+    );
+  }
 
   console.log('[demo] skipping runtime dependency install');
 
+  await runFinale({ demo: true });
+
   console.log('\n✓ Demo complete — nothing was saved to your real config.');
+  console.log('Run `mixdog install` to set up for real.');
   try {
     rmSync(tmpRoot, { recursive: true, force: true });
   } catch {}
 }
 
-export async function runInstall() {
+export async function runInstall({ launchAfter = false } = {}) {
   const demo =
     process.argv.includes('--demo') || process.env.MIXDOG_SETUP_DEMO === '1';
   if (demo) {
@@ -260,6 +350,8 @@ export async function runInstall() {
     return;
   }
 
+  process.env.MIXDOG_SETUP_QUIET = '1';
+
   const dryRun =
     process.argv.includes('--dry-run') || process.env.MIXDOG_SETUP_DRY_RUN === '1';
 
@@ -270,24 +362,29 @@ export async function runInstall() {
   await ensureClaudeInstalled(dryRun);
   registerPluginInSettings(dryRun);
 
-  // npx / node setup/install.mjs runs outside Claude Code — config.mjs needs a data dir.
+  // npx / node setup/install.mjs runs outside Claude Code. The provider modules
+  // imported by ensureOAuthLogins (below) pull in config.mjs, which resolves
+  // plugin-data AT IMPORT TIME and throws if neither CLAUDE_PLUGIN_DATA nor
+  // CLAUDE_PLUGIN_ROOT is set. Export it before any provider import — in
+  // --dry-run too: this only sets a process env var, no files are written.
   const pluginData = process.env.CLAUDE_PLUGIN_DATA;
   const dataDir =
     pluginData && String(pluginData).trim() ? String(pluginData).trim() : defaultPluginDataDir();
-  if (!dryRun && (!pluginData || !String(pluginData).trim())) {
-    process.env.CLAUDE_PLUGIN_DATA = defaultPluginDataDir();
+  if (!pluginData || !String(pluginData).trim()) {
+    process.env.CLAUDE_PLUGIN_DATA = dataDir;
   }
 
-  if (dryRun) {
-    logDryRunWizard();
-  } else {
-    const { runSetupWizard } = await import('./wizard.mjs');
-    await runSetupWizard();
-  }
+  // No interactive wizard. The full default config (presets, role→preset
+  // mapping, search backend, maintenance) is seeded on first launch by the
+  // agent boot + setup server; per-feature config (Discord, voice, webhooks,
+  // address, provider keys) lives in the /setup UI. Install only secures the
+  // OAuth logins (Claude / Codex / Grok Build) so agents work the moment
+  // mixdog launches.
+  await ensureOAuthLogins(dryRun);
 
   await prewarmRuntimeDepsBestEffort(dryRun, dataDir);
 
-  if (!dryRun) maybeStarNudge();
+  if (!dryRun) await runFinale({ launchAfter });
 }
 
 async function prewarmRuntimeDepsBestEffort(dryRun = false, dataDirOverride = null) {
@@ -339,31 +436,120 @@ async function prewarmRuntimeDepsBestEffort(dryRun = false, dataDirOverride = nu
   }
 }
 
-// Non-blocking, opt-in star nudge. Only on a real interactive terminal — never
-// in CI or piped/non-TTY installs, so it can never break an automated setup.
-function maybeStarNudge() {
-  if (!process.stdin.isTTY || process.env.CI) return;
-  const rl = createInterface({ input: process.stdin, output: process.stdout });
-  rl.question('\n⭐ Found this useful? Star the repo on GitHub? (y/N) ', (answer) => {
-    const a = answer.trim().toLowerCase();
-    if (a === 'y' || a === 'yes') openRepo();
-    else console.log(`No problem — you can star it anytime at ${REPO_URL}`);
-    rl.close();
-  });
+async function runFinale({ demo = false, launchAfter = false } = {}) {
+  console.log('\n── All set ──');
+  console.log('🎉  mixdog is configured.');
+
+  const interactive = process.stdin.isTTY && !process.env.CI;
+  if (interactive) {
+    const star = await confirm('Star mixdog on GitHub?', { initial: true });
+    if (star) {
+      if (demo) {
+        console.log(`[demo] would star ${REPO} via GH_TOKEN/gh (or open ${REPO_URL} as a fallback)`);
+      } else if (await starRepo()) {
+        console.log(`⭐  Starred ${REPO} — thank you! 🙏`);
+      } else {
+        // No usable local GitHub credential (env token / gh) — hand off to the
+        // browser, where the user is already signed in to github.com.
+        openRepo();
+      }
+    } else {
+      console.log(`No problem — you can star it anytime at ${REPO_URL}`);
+    }
+  }
+
+  if (demo) {
+    outro('Demo finished — no changes were saved.');
+    releaseInstallerStdin();
+    return;
+  }
+  outro(
+    launchAfter
+      ? 'Setup complete — launching Claude Code with mixdog…'
+      : 'Setup complete — run `mixdog` to launch Claude Code with mixdog (or restart it if already open).',
+  );
+  releaseInstallerStdin();
 }
 
-function openRepo() {
-  const platform = process.platform;
-  const cmd = platform === 'win32' ? 'cmd' : platform === 'darwin' ? 'open' : 'xdg-open';
-  const args = platform === 'win32' ? ['/c', 'start', '', REPO_URL] : [REPO_URL];
+/** Belt-and-suspenders after TUI prompts so direct `node setup/install.mjs` can exit. */
+function releaseInstallerStdin() {
+  const stdin = process.stdin;
+  try {
+    if (stdin.isTTY) stdin.setRawMode(false);
+  } catch {
+    /* ignore */
+  }
+  stdin.removeAllListeners('keypress');
+  stdin.removeAllListeners('data');
+  stdin.pause();
+}
+
+/**
+ * Star the repo without a browser when a local GitHub credential is available,
+ * following the standard CLI pattern (gh primary, GITHUB_TOKEN secondary —
+ * confirmed against GitHub docs / gh manual). Order: an explicitly-set env
+ * token first (deliberate, e.g. CI), then the authenticated `gh` CLI. Returns
+ * true once one succeeds; false when none is usable, so the caller opens the
+ * browser. Starring needs the user's GitHub identity — there is no
+ * unauthenticated path.
+ */
+async function starRepo() {
+  const envToken = process.env.GH_TOKEN || process.env.GITHUB_TOKEN;
+  if (envToken && (await starViaToken(envToken))) return true;
+  return starRepoViaGh();
+}
+
+/**
+ * Star via the REST API with a bearer token (PUT /user/starred/:owner/:repo →
+ * HTTP 204). `public_repo` scope suffices for a public repo, `repo` for a
+ * private one. Returns true on 204, false on any non-204 / network error.
+ */
+async function starViaToken(token) {
+  try {
+    const res = await fetch(`https://api.github.com/user/starred/${REPO}`, {
+      method: 'PUT',
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: 'application/vnd.github+json',
+        'X-GitHub-Api-Version': '2022-11-28',
+        'Content-Length': '0',
+        'User-Agent': 'mixdog-installer',
+      },
+    });
+    return res.status === 204;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Star the repo directly via the authenticated `gh` CLI
+ * (PUT /user/starred/:owner/:repo → HTTP 204). Returns true on success.
+ * Returns false when gh is absent / not logged in / the call fails, so the
+ * caller falls back to opening the browser — starring requires the user's
+ * GitHub identity, which only gh provides here. Path has no leading slash so
+ * a shell never rewrites it; shell:true lets Windows resolve gh.exe on PATH.
+ */
+function starRepoViaGh() {
   try {
-    spawn(cmd, args, { stdio: 'ignore', detached: true }).unref();
-    console.log('Opening the repo in your browser — thank you! 🙏');
+    const r = spawnSync(
+      'gh',
+      ['api', '--method', 'PUT', `user/starred/${REPO}`, '--silent'],
+      { stdio: 'ignore', timeout: 15000, shell: true },
+    );
+    return r.status === 0;
   } catch {
-    console.log(`Please visit ${REPO_URL} to star. Thank you! 🙏`);
+    return false;
   }
 }
 
+function openRepo() {
+  // Shared opener: rundll32 on Windows (the old `cmd start "" url` worked only
+  // because REPO_URL has no query string; the helper is correct regardless).
+  openInBrowser(REPO_URL);
+  console.log(`Opening the repo in your browser — thank you! 🙏 (if it didn't open: ${REPO_URL})`);
+}
+
 function isInstallerEntry() {
   const entry = process.argv[1];
   if (!entry) return false;
@@ -377,8 +563,12 @@ function isInstallerEntry() {
 }
 
 if (isInstallerEntry()) {
-  runInstall().catch((err) => {
-    console.error(err?.stack || err?.message || String(err));
-    process.exit(1);
-  });
+  runInstall()
+    .then(() => {
+      process.stdout.write('', () => process.exit(0));
+    })
+    .catch((err) => {
+      console.error(err?.stack || err?.message || String(err));
+      process.exit(1);
+    });
 }