mover-os 4.7.4 → 4.7.6

package/install.js

@@ -734,7 +734,15 @@ async function activateKey(key) {
   if (!key) return;
   try {
     const https = require("https");
-    const body = JSON.stringify({ key: key.trim(), organization_id: POLAR_ORG_ID, label: os.hostname() });
+    // v4.7.6: label = stable machine_id (hardware-derived), not os.hostname().
+    // Hostnames change (rename a Mac, switch wifi, container restart) and the
+    // server-side activation cap counts each hostname as a different machine.
+    // machine_id is stable across hostname changes and matches what the
+    // server also stores for /api/download X-Machine-Id correlation.
+    const moverDir = path.join(os.homedir(), ".mover");
+    let label = os.hostname();
+    try { label = getMachineId(moverDir) || label; } catch {}
+    const body = JSON.stringify({ key: key.trim(), organization_id: POLAR_ORG_ID, label });
     await new Promise((resolve, reject) => {
       const req = https.request({
         hostname: "api.polar.sh",
@@ -822,11 +830,30 @@ async function downloadPayload(key) {
           method: "GET",
           timeout: 60000,
         }, (res2) => {
-          const chunks = [];
-          res2.on("data", (c) => chunks.push(c));
+          // v4.7.6 (post-audit): stream-and-abort with running byte counter
+          // instead of buffering then checking size. A malicious upstream
+          // could send GBs of data and OOM Node before the post-download
+          // 100MB stat check fires. Now we destroy the connection the
+          // moment the running total exceeds MAX_TARBALL_BYTES.
+          const MAX_TARBALL_BYTES = 100 * 1024 * 1024;
+          let total = 0;
+          const ws = fs.createWriteStream(tarPath);
+          let aborted = false;
+          res2.on("data", (c) => {
+            total += c.length;
+            if (total > MAX_TARBALL_BYTES) {
+              aborted = true;
+              try { res2.destroy(); } catch {}
+              try { ws.destroy(); } catch {}
+              try { fs.unlinkSync(tarPath); } catch {}
+              reject(new Error(`Payload exceeded ${MAX_TARBALL_BYTES} bytes during download`));
+              return;
+            }
+            ws.write(c);
+          });
           res2.on("end", () => {
-            fs.writeFileSync(tarPath, Buffer.concat(chunks));
-            resolve();
+            if (aborted) return;
+            ws.end(() => resolve());
           });
         });
         req2.on("error", reject);
@@ -850,11 +877,26 @@ async function downloadPayload(key) {
         reject(new Error(`Download failed (HTTP ${res.statusCode})`));
         return;
       }
-      const chunks = [];
-      res.on("data", (c) => chunks.push(c));
+      // v4.7.6 (post-audit): same stream-and-abort behavior as the redirect path.
+      const MAX_TARBALL_BYTES = 100 * 1024 * 1024;
+      let total = 0;
+      const ws = fs.createWriteStream(tarPath);
+      let aborted = false;
+      res.on("data", (c) => {
+        total += c.length;
+        if (total > MAX_TARBALL_BYTES) {
+          aborted = true;
+          try { res.destroy(); } catch {}
+          try { ws.destroy(); } catch {}
+          try { fs.unlinkSync(tarPath); } catch {}
+          reject(new Error(`Payload exceeded ${MAX_TARBALL_BYTES} bytes during download`));
+          return;
+        }
+        ws.write(c);
+      });
       res.on("end", () => {
-        fs.writeFileSync(tarPath, Buffer.concat(chunks));
-        resolve();
+        if (aborted) return;
+        ws.end(() => resolve());
       });
     });
     req.on("error", reject);
@@ -862,10 +904,75 @@ async function downloadPayload(key) {
     req.end();
   });
 
-  // Validate tar contents before extraction (zip-slip prevention)
-  const listing = execSync(`tar -tzf "${tarPath}"`, { encoding: 'utf8' });
-  const entries = listing.split('\n').filter(Boolean);
-  const badPaths = entries.filter(e => e.startsWith('/') || e.includes('..'));
+  // ── Validate tar contents before extraction ────────────────────────────
+  //
+  // SECURITY (v4.7.5 → v4.7.6): zip-slip hardening (commit 2d5cdd2) only
+  // checked path strings (absolute paths, `..` traversal). It did NOT check
+  // entry TYPE. A crafted tarball could embed a symlink (e.g.,
+  // `mover-link -> /etc/passwd`) which `tar -xzf` would happily extract,
+  // creating a file outside the destination dir on first follow.
+  //
+  // Fix: switch to `tar -tvzf` which prints the entry type as the first
+  // character (- regular, d directory, l symlink, h hardlink, c char dev,
+  // b block dev). Reject anything that isn't a regular file, directory, or
+  // long-link metadata (which is followed by a regular entry).
+  //
+  // Also enforce a 100MB hard cap (compressed) post-download — if the file
+  // on disk is bigger than that, refuse before extraction. v4.7.5 had no
+  // size check, so a 2GB tarball would OOM Node before validation.
+  const MAX_TARBALL_BYTES = 100 * 1024 * 1024;
+  const tarStat = fs.statSync(tarPath);
+  if (tarStat.size > MAX_TARBALL_BYTES) {
+    fs.unlinkSync(tarPath);
+    throw new Error(`Payload too large: ${tarStat.size} bytes > ${MAX_TARBALL_BYTES}`);
+  }
+
+  // v4.7.6 (post-audit): use TWO tar listings.
+  //
+  // 1. `tar -tzf` → paths-only output (one path per line, exact). Used to
+  //    validate against absolute paths and `..` traversal. v4.7.5's
+  //    paths-only validation worked here, the regression was the missing
+  //    type check, not the path parser.
+  //
+  // 2. `tar -tvzf` → verbose output. Used ONLY to extract the type
+  //    character (first column). We intentionally do NOT parse the path
+  //    field from verbose output because BSD tar's verbose format is
+  //    fragile when paths contain spaces (e.g., "_Template Project/Chats &
+  //    Resources/...") — last-whitespace-token parsing would silently
+  //    drop the leading parts of a multi-word path.
+  //
+  // The ordering of -tvzf and -tzf output is identical (tar walks the
+  // archive in the same order), so we zip them by line index for the
+  // type/path correlation.
+  const pathsListing = execSync(`tar -tzf "${tarPath}"`, { encoding: 'utf8' });
+  const verboseListing = execSync(`tar -tvzf "${tarPath}"`, { encoding: 'utf8' });
+  const pathLines = pathsListing.split('\n').filter(Boolean);
+  const verboseLines = verboseListing.split('\n').filter(Boolean);
+  const badPaths = [];
+  const badTypes = [];
+  if (pathLines.length !== verboseLines.length) {
+    throw new Error(`Tar listing inconsistency: ${pathLines.length} path lines vs ${verboseLines.length} verbose lines`);
+  }
+  for (let i = 0; i < pathLines.length; i++) {
+    const entryPath = pathLines[i];
+    const typeChar = verboseLines[i].charAt(0);
+    if (!entryPath) continue;
+    // Reject by type: anything except regular file (-), directory (d).
+    // Long-link metadata uses 'L' or 'K'; tar emits these followed by
+    // another entry — we'd reject the link metadata here too which is fine
+    // because we don't ship long names.
+    if (typeChar !== '-' && typeChar !== 'd') {
+      badTypes.push(`${typeChar} ${entryPath}`);
+      continue;
+    }
+    if (entryPath.startsWith('/') || entryPath.includes('..')) {
+      badPaths.push(entryPath);
+    }
+  }
+  if (badTypes.length > 0) {
+    fs.unlinkSync(tarPath);
+    throw new Error('Payload contains non-regular entries (symlinks/hardlinks/devices): ' + badTypes.slice(0, 5).join(', '));
+  }
   if (badPaths.length > 0) {
     fs.unlinkSync(tarPath);
     throw new Error('Payload contains unsafe paths: ' + badPaths.join(', '));
@@ -1605,14 +1712,25 @@ async function runUninstall(vaultPath) {
   const rulesExist = rulesPaths.some(p => fs.existsSync(p.path));
   if (rulesExist) categories.push({ id: "rules", name: "Rules", description: "Global rules files for all agents", items: rulesPaths });
 
-  // Skills
+  // Skills — v4.7.6: cover all agents Mover OS installs into. v4.7.5 only
+  // listed 5 of ~10 paths, leaving orphaned skills behind on uninstall for
+  // Gemini CLI, Cline, Roo Code, Aider, OpenCode, Continue, and the shared
+  // ~/.agents/skills/ pool. Derived from AGENT_REGISTRY, but kept literal
+  // here because uninstall runs after the registry may have changed in
+  // newer bundles. Drift-detection lives in v4.8.0 which moves to a
+  // collectInstallPaths(kind) helper.
   const skillsPaths = [
     { label: "Claude Code skills", path: path.join(home, ".claude", "skills"), dir: true, keepBuiltins: true },
     { label: "Cursor skills", path: path.join(home, ".cursor", "skills"), dir: true },
     { label: "Codex skills", path: path.join(home, ".codex", "skills"), dir: true },
-    { label: "Windsurf skills", path: path.join(home, ".windsurf", "skills"), dir: true },
+    { label: "Gemini CLI skills", path: path.join(home, ".gemini", "skills"), dir: true },
     { label: "Antigravity skills", path: path.join(home, ".gemini", "antigravity", "skills"), dir: true },
-  ];
+    { label: "Windsurf skills (legacy)", path: path.join(home, ".windsurf", "skills"), dir: true },
+    { label: "Windsurf skills", path: path.join(home, ".codeium", "windsurf", "skills"), dir: true },
+    { label: "Cline skills", path: path.join(home, ".cline", "skills"), dir: true },
+    { label: "Roo Code skills (vault-relative)", path: vaultPath && path.join(vaultPath, ".roo", "skills"), dir: true },
+    { label: "Cross-agent shared skills", path: path.join(home, ".agents", "skills"), dir: true },
+  ].filter(p => p.path);
   const skillsExist = skillsPaths.some(p => fs.existsSync(p.path));
   if (skillsExist) categories.push({ id: "skills", name: "Skills", description: "61 curated skill packs", items: skillsPaths });
 
@@ -1754,7 +1872,15 @@ async function runUninstall(vaultPath) {
         barLn(dim("Deactivating license..."));
         try {
           const https = require("https");
-          const body = JSON.stringify({ key: cfg.licenseKey, organization_id: POLAR_ORG_ID, label: os.hostname() });
+          // v4.7.6: match activateKey's label scheme (machine_id) so deactivate
+          // actually frees the activation slot. v4.7.5 deactivated by hostname,
+          // which only worked if the user hadn't renamed their machine since
+          // install. Fallback: if machine_id read fails, try hostname (covers
+          // pre-v4.7.3 activations that stored hostname).
+          const moverDir = path.join(os.homedir(), ".mover");
+          let label = os.hostname();
+          try { label = getMachineId(moverDir) || label; } catch {}
+          const body = JSON.stringify({ key: cfg.licenseKey, organization_id: POLAR_ORG_ID, label });
           await new Promise((resolve, reject) => {
             const req = https.request({
               hostname: "api.polar.sh",
@@ -1923,13 +2049,13 @@ const AGENT_REGISTRY = {
   // ── Enhanced Tier ──────────────────────────────────────────────────────────
   "codex": {
     name: "Codex",
-    tier: "enhanced",
-    tierDesc: "AGENTS.md, skills (skills = commands)",
+    tier: "full",
+    tierDesc: "AGENTS.md, skills (skills = commands), 5 hooks",
     detect: () => cmdExists("codex") || fs.existsSync(path.join(H, ".codex")),
     rules: { type: "agents-md", dest: () => path.join(H, ".codex", "AGENTS.md") },
     skills: { dest: () => path.join(H, ".codex", "skills") },
     commands: null,
-    hooks: null,
+    hooks: { type: "codex-hooks-json", dest: () => path.join(H, ".codex", "hooks.json") },
   },
   "antigravity": {
     name: "Antigravity",
@@ -2137,7 +2263,7 @@ const SKILL_CATEGORIES = {
   "json-canvas": "obsidian",
   // Tools (always installed — core utilities)
   "defuddle": "tools",
-  "skill-creator": "tools",
+  "mover-skill-creator": "tools",
   "find-skills": "tools",
 };
 
@@ -2151,19 +2277,32 @@ const CATEGORY_META = [
   { id: "obsidian", name: "Obsidian", desc: "markdown, bases, canvas, CLI" },
 ];
 
+// Dev/eval artifacts that ship in src/skills/ but must NEVER be installed as
+// runtime skills. Matched as a directory name suffix so e.g.
+// `friction-enforcer-workspace/iteration-1/skill-snapshot/SKILL.md` (an evaluation
+// snapshot of friction-enforcer) does not get installed as a separate skill named
+// `skill-snapshot`. Caused 1+ duplicate skill in v4.7.5 installs which compounded
+// the skill-description budget pressure that drops descriptions at runtime.
+const SKILL_DEV_DIR_SUFFIXES = ["-workspace", "-benchmark", "-sandbox"];
+
+function isDevSkillDir(name) {
+  return SKILL_DEV_DIR_SUFFIXES.some((s) => name.endsWith(s));
+}
+
 function findSkills(bundleDir) {
   const skillsDir = path.join(bundleDir, "src", "skills");
   if (!fs.existsSync(skillsDir)) return [];
   const skills = [];
   const walk = (dir) => {
     for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+      if (!entry.isDirectory()) continue;
+      // Skip dev/eval artifact roots and anything inside them.
+      if (isDevSkillDir(entry.name)) continue;
       const full = path.join(dir, entry.name);
-      if (entry.isDirectory()) {
-        if (fs.existsSync(path.join(full, "SKILL.md"))) {
-          skills.push({ name: entry.name, path: full, category: SKILL_CATEGORIES[entry.name] || "tools" });
-        } else {
-          walk(full);
-        }
+      if (fs.existsSync(path.join(full, "SKILL.md"))) {
+        skills.push({ name: entry.name, path: full, category: SKILL_CATEGORIES[entry.name] || "tools" });
+      } else {
+        walk(full);
       }
     }
   };
@@ -2240,6 +2379,176 @@ Stuck: /debug-resistance
 }
 
 // ─── Claude Code hooks (settings.json) ──────────────────────────────────────
+// ─── Codex hook config generator ────────────────────────────────────────────
+// v4.7.5: Codex hooks invoked through mover-hook-adapter.js for schema
+// translation. MVP scope: session-start, engine-protection, git-safety,
+// plan-sync-reminder, dirty-tree-guard (no session-log-reminder under Codex
+// — that script is Claude-transcript-specific).
+//
+// IMPORTANT: Codex runs hook commands through cmd.exe on Windows, which does
+// NOT expand $HOME. We resolve absolute paths at install time so the same
+// hooks.json works on macOS/Linux/Windows.
+function generateCodexHooks() {
+  const home = os.homedir();
+  // Forward slashes work on all three OSes when invoking node directly.
+  const fwd = (p) => p.split(path.sep).join("/");
+  const hooksRoot = fwd(path.join(home, ".codex", "hooks"));
+  const adapter = `"${hooksRoot}/mover-hook-adapter.js"`;
+  const hookDir = `"${hooksRoot}`;
+  return JSON.stringify(
+    {
+      hooks: {
+        SessionStart: [
+          {
+            matcher: "startup|resume|clear",
+            hooks: [
+              {
+                // v4.7.6: switched from "full" to "resume" mode. The full primer
+                // is ~12K chars which mover-hook-adapter.js wraps as
+                // additionalContext for Codex, eating the skill-description
+                // budget. Codex sessions only need lightweight context refresh.
+                // Timeout 15s (was 5s): session-start.sh:122 calls `npm view`
+                // on cold cache; 5s killed cold-start under Codex.
+                type: "command",
+                command: `node ${adapter} codex SessionStart ${hookDir}/session-start.sh" resume`,
+                timeout: 15,
+              },
+            ],
+          },
+        ],
+        PreToolUse: [
+          {
+            matcher: "Bash",
+            hooks: [
+              {
+                type: "command",
+                command: `node ${adapter} codex PreToolUse ${hookDir}/git-safety.sh"`,
+                timeout: 5,
+              },
+            ],
+          },
+          {
+            matcher: "Edit|Write|apply_patch",
+            hooks: [
+              {
+                type: "command",
+                command: `node ${adapter} codex PreToolUse ${hookDir}/engine-protection.sh"`,
+                timeout: 5,
+              },
+            ],
+          },
+        ],
+        PostToolUse: [
+          {
+            matcher: "Edit|Write|apply_patch",
+            hooks: [
+              {
+                type: "command",
+                command: `node ${adapter} codex PostToolUse ${hookDir}/plan-sync-reminder.sh"`,
+                timeout: 5,
+              },
+            ],
+          },
+        ],
+        Stop: [
+          {
+            hooks: [
+              {
+                type: "command",
+                command: `node ${adapter} codex Stop ${hookDir}/dirty-tree-guard.sh"`,
+                timeout: 10,
+              },
+            ],
+          },
+        ],
+      },
+    },
+    null,
+    2
+  );
+}
+
+// ─── Gemini hook config generator ───────────────────────────────────────────
+// v4.7.5: Gemini events differ from Claude/Codex — UserPromptSubmit→BeforeAgent,
+// PreToolUse→BeforeTool, PostToolUse→AfterTool, Stop→AfterAgent. Adapter
+// translates schema; we map event names here.
+// Timeouts are in milliseconds per Gemini hook spec (default 60000).
+// Absolute paths used so cmd.exe on Windows can resolve correctly.
+function generateGeminiHooks() {
+  const home = os.homedir();
+  const fwd = (p) => p.split(path.sep).join("/");
+  const hooksRoot = fwd(path.join(home, ".gemini", "hooks"));
+  const adapter = `"${hooksRoot}/mover-hook-adapter.js"`;
+  const hookDir = `"${hooksRoot}`;
+  return {
+    SessionStart: [
+      {
+        matcher: "startup",
+        hooks: [
+          {
+            // v4.7.6: same fix as the Codex hook — switched from "full" to
+            // "resume" to keep mover-hook-adapter additionalContext within
+            // budget. Timeout raised to 15s for cold-cache npm view fallback.
+            name: "mover-session-start",
+            type: "command",
+            command: `node ${adapter} gemini SessionStart ${hookDir}/session-start.sh" resume`,
+            timeout: 15000,
+          },
+        ],
+      },
+    ],
+    BeforeTool: [
+      {
+        matcher: "write_file|replace",
+        hooks: [
+          {
+            name: "mover-engine-protection",
+            type: "command",
+            command: `node ${adapter} gemini BeforeTool ${hookDir}/engine-protection.sh"`,
+            timeout: 5000,
+          },
+        ],
+      },
+      {
+        matcher: "run_shell_command",
+        hooks: [
+          {
+            name: "mover-git-safety",
+            type: "command",
+            command: `node ${adapter} gemini BeforeTool ${hookDir}/git-safety.sh"`,
+            timeout: 5000,
+          },
+        ],
+      },
+    ],
+    AfterTool: [
+      {
+        matcher: "write_file|replace",
+        hooks: [
+          {
+            name: "mover-plan-sync",
+            type: "command",
+            command: `node ${adapter} gemini AfterTool ${hookDir}/plan-sync-reminder.sh"`,
+            timeout: 5000,
+          },
+        ],
+      },
+    ],
+    AfterAgent: [
+      {
+        hooks: [
+          {
+            name: "mover-dirty-tree-guard",
+            type: "command",
+            command: `node ${adapter} gemini AfterAgent ${hookDir}/dirty-tree-guard.sh"`,
+            timeout: 10000,
+          },
+        ],
+      },
+    ],
+  };
+}
+
 function generateClaudeSettings() {
   return JSON.stringify(
     {
@@ -2868,6 +3177,20 @@ function installSkillPacks(bundleDir, destDir, selectedCategories) {
     // Skip unchanged skills
     const sourceHash = computeSkillHash(skill.path);
     if (manifest.skills[skill.name]?.hash === sourceHash && fs.existsSync(dest)) {
+      // v4.7.6 (post-audit): even when skipping, ensure the .mover-installed
+      // stamp exists. Pre-v4.7.6 installs lack the stamp; without this
+      // backfill, the manifest+stamp logic in the orphan cleanup wouldn't
+      // see them as Mover-owned on the first v4.7.6 update if the manifest
+      // entry was lost (rare but possible).
+      try {
+        const stampPath = path.join(dest, ".mover-installed");
+        if (!fs.existsSync(stampPath)) {
+          fs.writeFileSync(
+            stampPath,
+            JSON.stringify({ name: skill.name, version: "v4.7.6", at: new Date().toISOString(), backfilled: true }, null, 2)
+          );
+        }
+      } catch {}
       installedNames.add(skill.name);
       skipped++;
       continue;
@@ -2875,23 +3198,40 @@ function installSkillPacks(bundleDir, destDir, selectedCategories) {
 
     if (fs.existsSync(dest)) fs.rmSync(dest, { recursive: true, force: true });
     copyDirRecursive(skill.path, dest);
+    // v4.7.6: stamp file proves Mover OS owns this skill. Used by orphan
+    // cleanup below — only stamped skills are deletable on update. User-
+    // created skills (e.g., a skill the user wrote and dropped into the
+    // skills dir) survive even if their SKILL.md happens to contain
+    // "## Activation" or "## When to Use" headings.
+    try {
+      fs.writeFileSync(
+        path.join(dest, ".mover-installed"),
+        JSON.stringify({ name: skill.name, version: "v4.7.6", at: new Date().toISOString() }, null, 2)
+      );
+    } catch {}
     manifest.skills[skill.name] = { hash: sourceHash, installedAt: new Date().toISOString() };
     installedNames.add(skill.name);
     count++;
   }
 
-  // Clean orphaned skills (renamed/removed in updates)
-  // Only removes dirs that contain SKILL.md — preserves user-created skills
+  // Clean orphaned skills (renamed/removed in updates).
+  // v4.7.6: ONLY remove skills that have a `.mover-installed` stamp from a
+  // prior install OR appear in the manifest. User-created skills (no stamp,
+  // not in manifest) are preserved regardless of their SKILL.md contents.
+  // Pre-v4.7.6 installs lack the stamp; the manifest entry covers those
+  // (manifest is written for every prior install). After one cycle of v4.7.6
+  // install/update, every shipped skill has both stamp and manifest entry.
   for (const dir of fs.readdirSync(destDir)) {
     if (installedNames.has(dir)) continue;
     const dirPath = path.join(destDir, dir);
     try {
-      if (fs.statSync(dirPath).isDirectory() && fs.existsSync(path.join(dirPath, "SKILL.md"))) {
-        const content = fs.readFileSync(path.join(dirPath, "SKILL.md"), "utf8");
-        if (content.includes("## Activation") || content.includes("## When to Use")) {
-          fs.rmSync(dirPath, { recursive: true, force: true });
-          ln(`  ${dim("Removed orphan skill:")} ${dir}`);
-        }
+      if (!fs.statSync(dirPath).isDirectory()) continue;
+      if (!fs.existsSync(path.join(dirPath, "SKILL.md"))) continue;
+      const hasStamp = fs.existsSync(path.join(dirPath, ".mover-installed"));
+      const inManifest = Boolean(manifest.skills[dir]);
+      if (hasStamp || inManifest) {
+        fs.rmSync(dirPath, { recursive: true, force: true });
+        ln(`  ${dim("Removed orphan skill:")} ${dir}`);
       }
     } catch (e) { /* skip */ }
   }
@@ -2944,10 +3284,15 @@ function installHooksForClaude(bundleDir, vaultPath) {
         if (!existing.hooks[event]) {
           existing.hooks[event] = entries;
         } else {
-          // Check if our hooks are already registered (by command substring)
+          // Check if our hooks are already registered (by command substring).
+          // v4.7.6: split on both / and \\ so the basename extraction works on
+          // Windows where command paths use backslashes. The forward-slash-only
+          // split returned the entire command string on Windows, which never
+          // matched the substring check, leading to duplicate hooks accumulating
+          // on every install.
           const existingCmds = JSON.stringify(existing.hooks[event]);
           const alreadyHas = entries[0].hooks.every(
-            (h) => existingCmds.includes(h.command.split("/").pop().replace('"', ""))
+            (h) => existingCmds.includes(h.command.split(/[\\/]/).pop().replace('"', ""))
           );
           if (!alreadyHas) {
             existing.hooks[event].push(...entries);
@@ -2969,6 +3314,252 @@ function installHooksForClaude(bundleDir, vaultPath) {
   return count;
 }
 
+// ─── Multi-agent hook installer (v4.7.5) ────────────────────────────────────
+// Copies the MVP hook set (5 enforcement hooks + adapter + shared lib) to the
+// agent's hook directory and writes its hook config. Used by Codex and Gemini.
+const MVP_HOOK_SCRIPTS = [
+  "session-start.sh",
+  "engine-protection.sh",
+  "git-safety.sh",
+  "plan-sync-reminder.sh",
+  "dirty-tree-guard.sh",
+  "mover-lib.sh", // sourced by the others
+];
+
+// Section-aware TOML upsert. Sets [section] key = value, preserving comments,
+// existing keys, and other sections. If section exists with the key set to a
+// different value, the value is REPLACED (not duplicated). If the section
+// header has whitespace variants like `[ features ]`, treat as the same section.
+function upsertTomlKey(filePath, section, key, value) {
+  let content = "";
+  if (fs.existsSync(filePath)) {
+    content = fs.readFileSync(filePath, "utf8");
+  }
+
+  // Match table header in any whitespace variant: [section], [ section ], etc.
+  // Also tolerate trailing comment after header: [section] # ...
+  const headerRe = (name) =>
+    new RegExp(
+      `^\\s*\\[\\s*${name.replace(/[.*+?^${}()|[\\]\\\\]/g, "\\$&")}\\s*\\](?:[^\\n]*)$`,
+      "m"
+    );
+  // Any section header (used to find section boundaries)
+  const anyHeaderRe = /^\s*\[\s*[^\]]+\s*\](?:[^\n]*)$/m;
+
+  const lines = content.split("\n");
+  let inSection = false;
+  let sectionStart = -1;
+  let sectionEnd = lines.length;
+  for (let i = 0; i < lines.length; i++) {
+    if (headerRe(section).test(lines[i])) {
+      inSection = true;
+      sectionStart = i;
+      // Find next header (or EOF) — that's section end
+      for (let j = i + 1; j < lines.length; j++) {
+        if (anyHeaderRe.test(lines[j])) {
+          sectionEnd = j;
+          break;
+        }
+      }
+      break;
+    }
+  }
+
+  const newKv = `${key} = ${value}`;
+  // Match existing key in this section: tolerates whitespace + comment
+  const keyRe = new RegExp(
+    `^\\s*${key.replace(/[.*+?^${}()|[\\]\\\\]/g, "\\$&")}\\s*=.*$`
+  );
+
+  if (inSection) {
+    let replaced = false;
+    for (let i = sectionStart + 1; i < sectionEnd; i++) {
+      if (keyRe.test(lines[i])) {
+        lines[i] = newKv;
+        replaced = true;
+        break;
+      }
+    }
+    if (!replaced) {
+      // Insert key right after section header
+      lines.splice(sectionStart + 1, 0, newKv);
+    }
+  } else {
+    // Section absent — append fresh section at EOF
+    if (lines.length > 0 && lines[lines.length - 1].trim() !== "") {
+      lines.push("");
+    }
+    lines.push(`[${section}]`);
+    lines.push(newKv);
+  }
+
+  fs.writeFileSync(filePath, lines.join("\n"), "utf8");
+}
+
+function copyMvpHooks(bundleDir, destDir) {
+  const hooksSrc = path.join(bundleDir, "src", "hooks");
+  if (!fs.existsSync(hooksSrc)) return 0;
+  fs.mkdirSync(destDir, { recursive: true });
+  let count = 0;
+  for (const file of MVP_HOOK_SCRIPTS) {
+    const src = path.join(hooksSrc, file);
+    if (!fs.existsSync(src)) continue;
+    const dst = path.join(destDir, file);
+    const content = fs
+      .readFileSync(src, "utf8")
+      .replace(/\r\n/g, "\n")
+      .replace(/\r/g, "\n");
+    fs.writeFileSync(dst, content, { mode: 0o755 });
+    count++;
+  }
+  // Adapter (Node script — copy preserving binary mode)
+  const adapterSrc = path.join(hooksSrc, "mover-hook-adapter.js");
+  if (fs.existsSync(adapterSrc)) {
+    const dst = path.join(destDir, "mover-hook-adapter.js");
+    const content = fs
+      .readFileSync(adapterSrc, "utf8")
+      .replace(/\r\n/g, "\n")
+      .replace(/\r/g, "\n");
+    fs.writeFileSync(dst, content, { mode: 0o755 });
+    count++;
+  }
+  return count;
+}
+
+function installHooksForCodex(bundleDir) {
+  const home = os.homedir();
+  const codexDir = path.join(home, ".codex");
+  const hooksDst = path.join(codexDir, "hooks");
+
+  // Detect Codex install
+  if (!fs.existsSync(codexDir) && !cmdExists("codex")) return 0;
+
+  fs.mkdirSync(codexDir, { recursive: true });
+  const count = copyMvpHooks(bundleDir, hooksDst);
+  if (count === 0) return 0;
+
+  // Write hooks.json (deep-merge if existing).
+  // v4.7.5 fix: per-entry idempotency, not per-event. Previous coarse check
+  // skipped sibling entries when one Mover hook was already registered.
+  const hooksJsonPath = path.join(codexDir, "hooks.json");
+  const newConfig = JSON.parse(generateCodexHooks());
+  if (fs.existsSync(hooksJsonPath)) {
+    try {
+      const existing = JSON.parse(fs.readFileSync(hooksJsonPath, "utf8"));
+      mergeHooksConfig(existing, newConfig);
+      fs.writeFileSync(hooksJsonPath, JSON.stringify(existing, null, 2), "utf8");
+    } catch {
+      try {
+        fs.copyFileSync(hooksJsonPath, hooksJsonPath + ".bak");
+      } catch {}
+      fs.writeFileSync(hooksJsonPath, JSON.stringify(newConfig, null, 2), "utf8");
+    }
+  } else {
+    fs.writeFileSync(hooksJsonPath, JSON.stringify(newConfig, null, 2), "utf8");
+  }
+
+  // Enable codex_hooks feature in config.toml (section-aware upsert).
+  // Handles edge cases the prior regex approach missed:
+  //   [features] # comment        — replacement misses the table header
+  //   codex_hooks = false         — would create duplicate key
+  //   [ features ]                — bare-line regex misses whitespace variant
+  // Strategy: parse file into sections, locate or create [features],
+  // upsert codex_hooks=true within that section, reassemble.
+  const configToml = path.join(codexDir, "config.toml");
+  upsertTomlKey(configToml, "features", "codex_hooks", "true");
+
+  return count;
+}
+
+function installHooksForGemini(bundleDir) {
+  const home = os.homedir();
+  const geminiDir = path.join(home, ".gemini");
+  const hooksDst = path.join(geminiDir, "hooks");
+
+  // Detect Gemini install
+  if (
+    !fs.existsSync(geminiDir) &&
+    !cmdExists("gemini") &&
+    !fs.existsSync(path.join(geminiDir, "settings.json"))
+  )
+    return 0;
+
+  fs.mkdirSync(geminiDir, { recursive: true });
+  const count = copyMvpHooks(bundleDir, hooksDst);
+  if (count === 0) return 0;
+
+  // Deep-merge into settings.json
+  const settingsPath = path.join(geminiDir, "settings.json");
+  const newHooks = generateGeminiHooks();
+  let existing = {};
+  if (fs.existsSync(settingsPath)) {
+    try {
+      existing = JSON.parse(fs.readFileSync(settingsPath, "utf8"));
+    } catch {
+      try {
+        fs.copyFileSync(settingsPath, settingsPath + ".bak");
+      } catch {}
+      existing = {};
+    }
+  }
+  if (!existing.hooks) existing.hooks = {};
+  mergeHooksConfig(existing, { hooks: newHooks });
+  fs.writeFileSync(settingsPath, JSON.stringify(existing, null, 2), "utf8");
+
+  return count;
+}
+
+// Per-entry hook merge.
+//
+// v4.7.5 strategy was: skip if an entry with same matcher + same exact commands
+// exists. That prevented duplicates on re-run BUT also meant existing v4.7.5
+// installs with broken commands (e.g. `session-start.sh full` instead of the
+// v4.7.6 `session-start.sh resume`) never got upgraded — the merge saw a Mover
+// entry and skipped, leaving the old broken hook in place.
+//
+// v4.7.6 strategy: identify Mover entries by command containing
+// "mover-hook-adapter.js" or "src/hooks/" path. For those, REPLACE the existing
+// entry with the new one. For non-Mover entries (user customizations), leave
+// untouched and append the new Mover entry alongside.
+function mergeHooksConfig(existing, newConfig) {
+  if (!existing.hooks) existing.hooks = {};
+  for (const [event, newEntries] of Object.entries(newConfig.hooks || {})) {
+    if (!existing.hooks[event]) {
+      existing.hooks[event] = newEntries;
+      continue;
+    }
+    for (const newEntry of newEntries) {
+      const matcher = newEntry.matcher; // may be undefined
+      // v4.7.6 (post-audit): we identify the matching matcher entry and
+      // replace ONLY the Mover-owned commands inside it. Non-Mover commands
+      // a user has added at the same matcher level are preserved. The prior
+      // approach replaced the whole entry, wiping user customizations.
+      const isMoverCmd = (c) =>
+        typeof c === "string" &&
+        (c.includes("mover-hook-adapter.js") || c.includes("src/hooks/"));
+      const matcherIdx = existing.hooks[event].findIndex(
+        (e) => (e.matcher || "") === (matcher || "")
+      );
+      if (matcherIdx < 0) {
+        // No entry at this matcher — append cleanly.
+        existing.hooks[event].push(newEntry);
+        continue;
+      }
+      const matcherEntry = existing.hooks[event][matcherIdx];
+      if (!Array.isArray(matcherEntry.hooks)) matcherEntry.hooks = [];
+      // Drop existing Mover-owned hooks (we will re-add the new versions).
+      // Keep every user-owned hook untouched.
+      matcherEntry.hooks = matcherEntry.hooks.filter(
+        (h) => !isMoverCmd(h && h.command)
+      );
+      // Append the fresh Mover hooks for this matcher.
+      for (const h of newEntry.hooks || []) {
+        if (isMoverCmd(h && h.command)) matcherEntry.hooks.push(h);
+      }
+    }
+  }
+}
+
 // ─── Per-agent install orchestrators ────────────────────────────────────────
 function installClaudeCode(bundleDir, vaultPath, skillOpts) {
   const home = os.homedir();
@@ -3122,6 +3713,12 @@ function installCodex(bundleDir, vaultPath, skillOpts) {
     if (skCount > 0) steps.push(`${skCount} skills`);
   }
 
+  // v4.7.5: Native Codex hook support via mover-hook-adapter.js
+  if (!skillOpts?.skipHooks) {
+    const hkCount = installHooksForCodex(bundleDir);
+    if (hkCount > 0) steps.push(`${hkCount} hooks`);
+  }
+
   return steps;
 }
 
@@ -3149,9 +3746,40 @@ function installWindsurf(bundleDir, vaultPath, skillOpts) {
   }
 
   if (skillOpts && skillOpts.install) {
-    const skillsDir = path.join(home, ".windsurf", "skills");
+    // v4.7.6: standardize on the registry-canonical Windsurf path
+    // (~/.codeium/windsurf/skills). v4.7.5 wrote to ~/.windsurf/skills which
+    // conflicted with the registry entry and meant skills were duplicated
+    // across both paths on machines that had been installed pre-v4.7.5.
+    const skillsDir = AGENT_REGISTRY.windsurf.skills.dest();
+    const legacySkillsDir = path.join(home, ".windsurf", "skills");
     const skCount = installSkillPacks(bundleDir, skillsDir, skillOpts.categories);
     if (skCount > 0) steps.push(`${skCount} skills`);
+
+    // Migrate from legacy ~/.windsurf/skills.
+    // v4.7.6 (post-audit): only delete legacy entries that have a
+    // .mover-installed stamp file (proving Mover OS owns them). Same-name
+    // user-created skills in the legacy path that lack the stamp are
+    // preserved. The prior "same-name = delete" logic risked nuking
+    // divergent user skills.
+    if (fs.existsSync(legacySkillsDir) && legacySkillsDir !== skillsDir) {
+      try {
+        for (const entry of fs.readdirSync(legacySkillsDir)) {
+          const legacyEntry = path.join(legacySkillsDir, entry);
+          const canonicalEntry = path.join(skillsDir, entry);
+          if (!fs.statSync(legacyEntry).isDirectory()) continue;
+          if (!fs.existsSync(canonicalEntry)) continue;
+          // Require a .mover-installed stamp at the legacy path for delete.
+          const legacyStamp = path.join(legacyEntry, ".mover-installed");
+          if (fs.existsSync(legacyStamp)) {
+            fs.rmSync(legacyEntry, { recursive: true, force: true });
+          }
+        }
+        // Remove empty legacy parent dir.
+        try {
+          if (fs.readdirSync(legacySkillsDir).length === 0) fs.rmdirSync(legacySkillsDir);
+        } catch {}
+      } catch {}
+    }
   }
 
   return steps;
@@ -3179,8 +3807,46 @@ function installGeminiCli(bundleDir, vaultPath, skillOpts, writtenFiles) {
   if (wfCount > 0) steps.push(`${wfCount} commands`);
 
   if (skillOpts && skillOpts.install) {
-    const skCount = installSkillPacks(bundleDir, path.join(geminiDir, "skills"), skillOpts.categories);
+    const geminiSkillsDir = path.join(geminiDir, "skills");
+    const skCount = installSkillPacks(bundleDir, geminiSkillsDir, skillOpts.categories);
     if (skCount > 0) steps.push(`${skCount} skills`);
+
+    // v4.7.6: clean up duplicate Mover skills in ~/.agents/skills/.
+    //
+    // Gemini CLI scans both ~/.gemini/skills/ (canonical) AND
+    // ~/.agents/skills/ (cross-agent shared pool) at session start. If a Mover
+    // install has populated both, Gemini emits a wall of "Skill conflict
+    // detected: ... is overriding ..." warnings. Worse, every shipped skill
+    // takes a budget slot twice in the agent's effective skill manifest.
+    //
+    // Fix: after writing to the canonical path, scan ~/.agents/skills/ for
+    // entries that we just installed (same name as a directory we own at the
+    // canonical path) and remove only those. User skills in ~/.agents/skills/
+    // (Amp/etc.) stay untouched.
+    // v4.7.6 (post-audit): require a `.mover-installed` stamp on the shared
+    // entry before deleting. Prior "same-name = delete" risked nuking
+    // user-created divergent skills with the same folder name.
+    const sharedSkillsDir = path.join(home, ".agents", "skills");
+    if (fs.existsSync(sharedSkillsDir) && sharedSkillsDir !== geminiSkillsDir) {
+      try {
+        for (const entry of fs.readdirSync(sharedSkillsDir)) {
+          const sharedEntry = path.join(sharedSkillsDir, entry);
+          const canonicalEntry = path.join(geminiSkillsDir, entry);
+          if (!fs.statSync(sharedEntry).isDirectory()) continue;
+          if (!fs.existsSync(canonicalEntry)) continue;
+          const sharedStamp = path.join(sharedEntry, ".mover-installed");
+          if (fs.existsSync(sharedStamp)) {
+            fs.rmSync(sharedEntry, { recursive: true, force: true });
+          }
+        }
+      } catch {}
+    }
+  }
+
+  // v4.7.5: Native Gemini hook support via mover-hook-adapter.js
+  if (!skillOpts?.skipHooks) {
+    const hkCount = installHooksForGemini(bundleDir);
+    if (hkCount > 0) steps.push(`${hkCount} hooks`);
   }
 
   return steps;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mover-os",
-  "version": "4.7.4",
+  "version": "4.7.6",
   "description": "Your AI co-founder. Remembers your goals, pushes back when you drift. Works with 15 AI agents.",
   "bin": {
     "moveros": "install.js"