mover-os 4.7.5 → 4.7.6

package/install.js

@@ -734,7 +734,15 @@ async function activateKey(key) {
   if (!key) return;
   try {
     const https = require("https");
-    const body = JSON.stringify({ key: key.trim(), organization_id: POLAR_ORG_ID, label: os.hostname() });
+    // v4.7.6: label = stable machine_id (hardware-derived), not os.hostname().
+    // Hostnames change (rename a Mac, switch wifi, container restart) and the
+    // server-side activation cap counts each hostname as a different machine.
+    // machine_id is stable across hostname changes and matches what the
+    // server also stores for /api/download X-Machine-Id correlation.
+    const moverDir = path.join(os.homedir(), ".mover");
+    let label = os.hostname();
+    try { label = getMachineId(moverDir) || label; } catch {}
+    const body = JSON.stringify({ key: key.trim(), organization_id: POLAR_ORG_ID, label });
     await new Promise((resolve, reject) => {
       const req = https.request({
         hostname: "api.polar.sh",
@@ -822,11 +830,30 @@ async function downloadPayload(key) {
           method: "GET",
           timeout: 60000,
         }, (res2) => {
-          const chunks = [];
-          res2.on("data", (c) => chunks.push(c));
+          // v4.7.6 (post-audit): stream-and-abort with running byte counter
+          // instead of buffering then checking size. A malicious upstream
+          // could send GBs of data and OOM Node before the post-download
+          // 100MB stat check fires. Now we destroy the connection the
+          // moment the running total exceeds MAX_TARBALL_BYTES.
+          const MAX_TARBALL_BYTES = 100 * 1024 * 1024;
+          let total = 0;
+          const ws = fs.createWriteStream(tarPath);
+          let aborted = false;
+          res2.on("data", (c) => {
+            total += c.length;
+            if (total > MAX_TARBALL_BYTES) {
+              aborted = true;
+              try { res2.destroy(); } catch {}
+              try { ws.destroy(); } catch {}
+              try { fs.unlinkSync(tarPath); } catch {}
+              reject(new Error(`Payload exceeded ${MAX_TARBALL_BYTES} bytes during download`));
+              return;
+            }
+            ws.write(c);
+          });
           res2.on("end", () => {
-            fs.writeFileSync(tarPath, Buffer.concat(chunks));
-            resolve();
+            if (aborted) return;
+            ws.end(() => resolve());
           });
         });
         req2.on("error", reject);
@@ -850,11 +877,26 @@ async function downloadPayload(key) {
         reject(new Error(`Download failed (HTTP ${res.statusCode})`));
         return;
       }
-      const chunks = [];
-      res.on("data", (c) => chunks.push(c));
+      // v4.7.6 (post-audit): same stream-and-abort behavior as the redirect path.
+      const MAX_TARBALL_BYTES = 100 * 1024 * 1024;
+      let total = 0;
+      const ws = fs.createWriteStream(tarPath);
+      let aborted = false;
+      res.on("data", (c) => {
+        total += c.length;
+        if (total > MAX_TARBALL_BYTES) {
+          aborted = true;
+          try { res.destroy(); } catch {}
+          try { ws.destroy(); } catch {}
+          try { fs.unlinkSync(tarPath); } catch {}
+          reject(new Error(`Payload exceeded ${MAX_TARBALL_BYTES} bytes during download`));
+          return;
+        }
+        ws.write(c);
+      });
       res.on("end", () => {
-        fs.writeFileSync(tarPath, Buffer.concat(chunks));
-        resolve();
+        if (aborted) return;
+        ws.end(() => resolve());
       });
     });
     req.on("error", reject);
@@ -862,10 +904,75 @@ async function downloadPayload(key) {
     req.end();
   });
 
-  // Validate tar contents before extraction (zip-slip prevention)
-  const listing = execSync(`tar -tzf "${tarPath}"`, { encoding: 'utf8' });
-  const entries = listing.split('\n').filter(Boolean);
-  const badPaths = entries.filter(e => e.startsWith('/') || e.includes('..'));
+  // ── Validate tar contents before extraction ────────────────────────────
+  //
+  // SECURITY (v4.7.5 → v4.7.6): zip-slip hardening (commit 2d5cdd2) only
+  // checked path strings (absolute paths, `..` traversal). It did NOT check
+  // entry TYPE. A crafted tarball could embed a symlink (e.g.,
+  // `mover-link -> /etc/passwd`) which `tar -xzf` would happily extract,
+  // creating a file outside the destination dir on first follow.
+  //
+  // Fix: switch to `tar -tvzf` which prints the entry type as the first
+  // character (- regular, d directory, l symlink, h hardlink, c char dev,
+  // b block dev). Reject anything that isn't a regular file, directory, or
+  // long-link metadata (which is followed by a regular entry).
+  //
+  // Also enforce a 100MB hard cap (compressed) post-download — if the file
+  // on disk is bigger than that, refuse before extraction. v4.7.5 had no
+  // size check, so a 2GB tarball would OOM Node before validation.
+  const MAX_TARBALL_BYTES = 100 * 1024 * 1024;
+  const tarStat = fs.statSync(tarPath);
+  if (tarStat.size > MAX_TARBALL_BYTES) {
+    fs.unlinkSync(tarPath);
+    throw new Error(`Payload too large: ${tarStat.size} bytes > ${MAX_TARBALL_BYTES}`);
+  }
+
+  // v4.7.6 (post-audit): use TWO tar listings.
+  //
+  // 1. `tar -tzf` → paths-only output (one path per line, exact). Used to
+  //    validate against absolute paths and `..` traversal. v4.7.5's
+  //    paths-only validation worked here, the regression was the missing
+  //    type check, not the path parser.
+  //
+  // 2. `tar -tvzf` → verbose output. Used ONLY to extract the type
+  //    character (first column). We intentionally do NOT parse the path
+  //    field from verbose output because BSD tar's verbose format is
+  //    fragile when paths contain spaces (e.g., "_Template Project/Chats &
+  //    Resources/...") — last-whitespace-token parsing would silently
+  //    drop the leading parts of a multi-word path.
+  //
+  // The ordering of -tvzf and -tzf output is identical (tar walks the
+  // archive in the same order), so we zip them by line index for the
+  // type/path correlation.
+  const pathsListing = execSync(`tar -tzf "${tarPath}"`, { encoding: 'utf8' });
+  const verboseListing = execSync(`tar -tvzf "${tarPath}"`, { encoding: 'utf8' });
+  const pathLines = pathsListing.split('\n').filter(Boolean);
+  const verboseLines = verboseListing.split('\n').filter(Boolean);
+  const badPaths = [];
+  const badTypes = [];
+  if (pathLines.length !== verboseLines.length) {
+    throw new Error(`Tar listing inconsistency: ${pathLines.length} path lines vs ${verboseLines.length} verbose lines`);
+  }
+  for (let i = 0; i < pathLines.length; i++) {
+    const entryPath = pathLines[i];
+    const typeChar = verboseLines[i].charAt(0);
+    if (!entryPath) continue;
+    // Reject by type: anything except regular file (-), directory (d).
+    // Long-link metadata uses 'L' or 'K'; tar emits these followed by
+    // another entry — we'd reject the link metadata here too which is fine
+    // because we don't ship long names.
+    if (typeChar !== '-' && typeChar !== 'd') {
+      badTypes.push(`${typeChar} ${entryPath}`);
+      continue;
+    }
+    if (entryPath.startsWith('/') || entryPath.includes('..')) {
+      badPaths.push(entryPath);
+    }
+  }
+  if (badTypes.length > 0) {
+    fs.unlinkSync(tarPath);
+    throw new Error('Payload contains non-regular entries (symlinks/hardlinks/devices): ' + badTypes.slice(0, 5).join(', '));
+  }
   if (badPaths.length > 0) {
     fs.unlinkSync(tarPath);
     throw new Error('Payload contains unsafe paths: ' + badPaths.join(', '));
@@ -1605,14 +1712,25 @@ async function runUninstall(vaultPath) {
   const rulesExist = rulesPaths.some(p => fs.existsSync(p.path));
   if (rulesExist) categories.push({ id: "rules", name: "Rules", description: "Global rules files for all agents", items: rulesPaths });
 
-  // Skills
+  // Skills — v4.7.6: cover all agents Mover OS installs into. v4.7.5 only
+  // listed 5 of ~10 paths, leaving orphaned skills behind on uninstall for
+  // Gemini CLI, Cline, Roo Code, Aider, OpenCode, Continue, and the shared
+  // ~/.agents/skills/ pool. Derived from AGENT_REGISTRY, but kept literal
+  // here because uninstall runs after the registry may have changed in
+  // newer bundles. Drift-detection lives in v4.8.0 which moves to a
+  // collectInstallPaths(kind) helper.
   const skillsPaths = [
     { label: "Claude Code skills", path: path.join(home, ".claude", "skills"), dir: true, keepBuiltins: true },
     { label: "Cursor skills", path: path.join(home, ".cursor", "skills"), dir: true },
     { label: "Codex skills", path: path.join(home, ".codex", "skills"), dir: true },
-    { label: "Windsurf skills", path: path.join(home, ".windsurf", "skills"), dir: true },
+    { label: "Gemini CLI skills", path: path.join(home, ".gemini", "skills"), dir: true },
     { label: "Antigravity skills", path: path.join(home, ".gemini", "antigravity", "skills"), dir: true },
-  ];
+    { label: "Windsurf skills (legacy)", path: path.join(home, ".windsurf", "skills"), dir: true },
+    { label: "Windsurf skills", path: path.join(home, ".codeium", "windsurf", "skills"), dir: true },
+    { label: "Cline skills", path: path.join(home, ".cline", "skills"), dir: true },
+    { label: "Roo Code skills (vault-relative)", path: vaultPath && path.join(vaultPath, ".roo", "skills"), dir: true },
+    { label: "Cross-agent shared skills", path: path.join(home, ".agents", "skills"), dir: true },
+  ].filter(p => p.path);
   const skillsExist = skillsPaths.some(p => fs.existsSync(p.path));
   if (skillsExist) categories.push({ id: "skills", name: "Skills", description: "61 curated skill packs", items: skillsPaths });
 
@@ -1754,7 +1872,15 @@ async function runUninstall(vaultPath) {
         barLn(dim("Deactivating license..."));
         try {
           const https = require("https");
-          const body = JSON.stringify({ key: cfg.licenseKey, organization_id: POLAR_ORG_ID, label: os.hostname() });
+          // v4.7.6: match activateKey's label scheme (machine_id) so deactivate
+          // actually frees the activation slot. v4.7.5 deactivated by hostname,
+          // which only worked if the user hadn't renamed their machine since
+          // install. Fallback: if machine_id read fails, try hostname (covers
+          // pre-v4.7.3 activations that stored hostname).
+          const moverDir = path.join(os.homedir(), ".mover");
+          let label = os.hostname();
+          try { label = getMachineId(moverDir) || label; } catch {}
+          const body = JSON.stringify({ key: cfg.licenseKey, organization_id: POLAR_ORG_ID, label });
           await new Promise((resolve, reject) => {
             const req = https.request({
               hostname: "api.polar.sh",
@@ -2137,7 +2263,7 @@ const SKILL_CATEGORIES = {
   "json-canvas": "obsidian",
   // Tools (always installed — core utilities)
   "defuddle": "tools",
-  "skill-creator": "tools",
+  "mover-skill-creator": "tools",
   "find-skills": "tools",
 };
 
@@ -2151,19 +2277,32 @@ const CATEGORY_META = [
   { id: "obsidian", name: "Obsidian", desc: "markdown, bases, canvas, CLI" },
 ];
 
+// Dev/eval artifacts that ship in src/skills/ but must NEVER be installed as
+// runtime skills. Matched as a directory name suffix so e.g.
+// `friction-enforcer-workspace/iteration-1/skill-snapshot/SKILL.md` (an evaluation
+// snapshot of friction-enforcer) does not get installed as a separate skill named
+// `skill-snapshot`. Caused 1+ duplicate skill in v4.7.5 installs which compounded
+// the skill-description budget pressure that drops descriptions at runtime.
+const SKILL_DEV_DIR_SUFFIXES = ["-workspace", "-benchmark", "-sandbox"];
+
+function isDevSkillDir(name) {
+  return SKILL_DEV_DIR_SUFFIXES.some((s) => name.endsWith(s));
+}
+
 function findSkills(bundleDir) {
   const skillsDir = path.join(bundleDir, "src", "skills");
   if (!fs.existsSync(skillsDir)) return [];
   const skills = [];
   const walk = (dir) => {
     for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+      if (!entry.isDirectory()) continue;
+      // Skip dev/eval artifact roots and anything inside them.
+      if (isDevSkillDir(entry.name)) continue;
       const full = path.join(dir, entry.name);
-      if (entry.isDirectory()) {
-        if (fs.existsSync(path.join(full, "SKILL.md"))) {
-          skills.push({ name: entry.name, path: full, category: SKILL_CATEGORIES[entry.name] || "tools" });
-        } else {
-          walk(full);
-        }
+      if (fs.existsSync(path.join(full, "SKILL.md"))) {
+        skills.push({ name: entry.name, path: full, category: SKILL_CATEGORIES[entry.name] || "tools" });
+      } else {
+        walk(full);
       }
     }
   };
@@ -2264,9 +2403,15 @@ function generateCodexHooks() {
             matcher: "startup|resume|clear",
             hooks: [
               {
+                // v4.7.6: switched from "full" to "resume" mode. The full primer
+                // is ~12K chars which mover-hook-adapter.js wraps as
+                // additionalContext for Codex, eating the skill-description
+                // budget. Codex sessions only need lightweight context refresh.
+                // Timeout 15s (was 5s): session-start.sh:122 calls `npm view`
+                // on cold cache; 5s killed cold-start under Codex.
                 type: "command",
-                command: `node ${adapter} codex SessionStart ${hookDir}/session-start.sh" full`,
-                timeout: 5,
+                command: `node ${adapter} codex SessionStart ${hookDir}/session-start.sh" resume`,
+                timeout: 15,
               },
             ],
           },
@@ -2341,10 +2486,13 @@ function generateGeminiHooks() {
         matcher: "startup",
         hooks: [
           {
+            // v4.7.6: same fix as the Codex hook — switched from "full" to
+            // "resume" to keep mover-hook-adapter additionalContext within
+            // budget. Timeout raised to 15s for cold-cache npm view fallback.
             name: "mover-session-start",
             type: "command",
-            command: `node ${adapter} gemini SessionStart ${hookDir}/session-start.sh" full`,
-            timeout: 5000,
+            command: `node ${adapter} gemini SessionStart ${hookDir}/session-start.sh" resume`,
+            timeout: 15000,
           },
         ],
       },
@@ -3029,6 +3177,20 @@ function installSkillPacks(bundleDir, destDir, selectedCategories) {
     // Skip unchanged skills
     const sourceHash = computeSkillHash(skill.path);
     if (manifest.skills[skill.name]?.hash === sourceHash && fs.existsSync(dest)) {
+      // v4.7.6 (post-audit): even when skipping, ensure the .mover-installed
+      // stamp exists. Pre-v4.7.6 installs lack the stamp; without this
+      // backfill, the manifest+stamp logic in the orphan cleanup wouldn't
+      // see them as Mover-owned on the first v4.7.6 update if the manifest
+      // entry was lost (rare but possible).
+      try {
+        const stampPath = path.join(dest, ".mover-installed");
+        if (!fs.existsSync(stampPath)) {
+          fs.writeFileSync(
+            stampPath,
+            JSON.stringify({ name: skill.name, version: "v4.7.6", at: new Date().toISOString(), backfilled: true }, null, 2)
+          );
+        }
+      } catch {}
       installedNames.add(skill.name);
       skipped++;
       continue;
@@ -3036,23 +3198,40 @@ function installSkillPacks(bundleDir, destDir, selectedCategories) {
 
     if (fs.existsSync(dest)) fs.rmSync(dest, { recursive: true, force: true });
     copyDirRecursive(skill.path, dest);
+    // v4.7.6: stamp file proves Mover OS owns this skill. Used by orphan
+    // cleanup below — only stamped skills are deletable on update. User-
+    // created skills (e.g., a skill the user wrote and dropped into the
+    // skills dir) survive even if their SKILL.md happens to contain
+    // "## Activation" or "## When to Use" headings.
+    try {
+      fs.writeFileSync(
+        path.join(dest, ".mover-installed"),
+        JSON.stringify({ name: skill.name, version: "v4.7.6", at: new Date().toISOString() }, null, 2)
+      );
+    } catch {}
     manifest.skills[skill.name] = { hash: sourceHash, installedAt: new Date().toISOString() };
     installedNames.add(skill.name);
     count++;
   }
 
-  // Clean orphaned skills (renamed/removed in updates)
-  // Only removes dirs that contain SKILL.md — preserves user-created skills
+  // Clean orphaned skills (renamed/removed in updates).
+  // v4.7.6: ONLY remove skills that have a `.mover-installed` stamp from a
+  // prior install OR appear in the manifest. User-created skills (no stamp,
+  // not in manifest) are preserved regardless of their SKILL.md contents.
+  // Pre-v4.7.6 installs lack the stamp; the manifest entry covers those
+  // (manifest is written for every prior install). After one cycle of v4.7.6
+  // install/update, every shipped skill has both stamp and manifest entry.
   for (const dir of fs.readdirSync(destDir)) {
     if (installedNames.has(dir)) continue;
     const dirPath = path.join(destDir, dir);
     try {
-      if (fs.statSync(dirPath).isDirectory() && fs.existsSync(path.join(dirPath, "SKILL.md"))) {
-        const content = fs.readFileSync(path.join(dirPath, "SKILL.md"), "utf8");
-        if (content.includes("## Activation") || content.includes("## When to Use")) {
-          fs.rmSync(dirPath, { recursive: true, force: true });
-          ln(`  ${dim("Removed orphan skill:")} ${dir}`);
-        }
+      if (!fs.statSync(dirPath).isDirectory()) continue;
+      if (!fs.existsSync(path.join(dirPath, "SKILL.md"))) continue;
+      const hasStamp = fs.existsSync(path.join(dirPath, ".mover-installed"));
+      const inManifest = Boolean(manifest.skills[dir]);
+      if (hasStamp || inManifest) {
+        fs.rmSync(dirPath, { recursive: true, force: true });
+        ln(`  ${dim("Removed orphan skill:")} ${dir}`);
       }
     } catch (e) { /* skip */ }
   }
@@ -3105,10 +3284,15 @@ function installHooksForClaude(bundleDir, vaultPath) {
         if (!existing.hooks[event]) {
           existing.hooks[event] = entries;
         } else {
-          // Check if our hooks are already registered (by command substring)
+          // Check if our hooks are already registered (by command substring).
+          // v4.7.6: split on both / and \\ so the basename extraction works on
+          // Windows where command paths use backslashes. The forward-slash-only
+          // split returned the entire command string on Windows, which never
+          // matched the substring check, leading to duplicate hooks accumulating
+          // on every install.
           const existingCmds = JSON.stringify(existing.hooks[event]);
           const alreadyHas = entries[0].hooks.every(
-            (h) => existingCmds.includes(h.command.split("/").pop().replace('"', ""))
+            (h) => existingCmds.includes(h.command.split(/[\\/]/).pop().replace('"', ""))
           );
           if (!alreadyHas) {
             existing.hooks[event].push(...entries);
@@ -3325,10 +3509,18 @@ function installHooksForGemini(bundleDir) {
   return count;
 }
 
-// Per-entry hook merge. For each new entry, check if an entry with the SAME
-// matcher AND a Mover adapter command already exists. Skip only that exact
-// duplicate. Sibling entries (different matchers, or non-Mover entries) are
-// left intact.
+// Per-entry hook merge.
+//
+// v4.7.5 strategy was: skip if an entry with same matcher + same exact commands
+// exists. That prevented duplicates on re-run BUT also meant existing v4.7.5
+// installs with broken commands (e.g. `session-start.sh full` instead of the
+// v4.7.6 `session-start.sh resume`) never got upgraded — the merge saw a Mover
+// entry and skipped, leaving the old broken hook in place.
+//
+// v4.7.6 strategy: identify Mover entries by command containing
+// "mover-hook-adapter.js" or "src/hooks/" path. For those, REPLACE the existing
+// entry with the new one. For non-Mover entries (user customizations), leave
+// untouched and append the new Mover entry alongside.
 function mergeHooksConfig(existing, newConfig) {
   if (!existing.hooks) existing.hooks = {};
   for (const [event, newEntries] of Object.entries(newConfig.hooks || {})) {
@@ -3338,15 +3530,32 @@ function mergeHooksConfig(existing, newConfig) {
     }
     for (const newEntry of newEntries) {
       const matcher = newEntry.matcher; // may be undefined
-      const newCmds = (newEntry.hooks || []).map((h) => h.command || "");
-      const isDup = existing.hooks[event].some((existingEntry) => {
-        if ((existingEntry.matcher || "") !== (matcher || "")) return false;
-        const existingCmds = (existingEntry.hooks || []).map(
-          (h) => h.command || ""
-        );
-        return newCmds.every((c) => existingCmds.includes(c));
-      });
-      if (!isDup) existing.hooks[event].push(newEntry);
+      // v4.7.6 (post-audit): we identify the matching matcher entry and
+      // replace ONLY the Mover-owned commands inside it. Non-Mover commands
+      // a user has added at the same matcher level are preserved. The prior
+      // approach replaced the whole entry, wiping user customizations.
+      const isMoverCmd = (c) =>
+        typeof c === "string" &&
+        (c.includes("mover-hook-adapter.js") || c.includes("src/hooks/"));
+      const matcherIdx = existing.hooks[event].findIndex(
+        (e) => (e.matcher || "") === (matcher || "")
+      );
+      if (matcherIdx < 0) {
+        // No entry at this matcher — append cleanly.
+        existing.hooks[event].push(newEntry);
+        continue;
+      }
+      const matcherEntry = existing.hooks[event][matcherIdx];
+      if (!Array.isArray(matcherEntry.hooks)) matcherEntry.hooks = [];
+      // Drop existing Mover-owned hooks (we will re-add the new versions).
+      // Keep every user-owned hook untouched.
+      matcherEntry.hooks = matcherEntry.hooks.filter(
+        (h) => !isMoverCmd(h && h.command)
+      );
+      // Append the fresh Mover hooks for this matcher.
+      for (const h of newEntry.hooks || []) {
+        if (isMoverCmd(h && h.command)) matcherEntry.hooks.push(h);
+      }
     }
   }
 }
@@ -3537,9 +3746,40 @@ function installWindsurf(bundleDir, vaultPath, skillOpts) {
   }
 
   if (skillOpts && skillOpts.install) {
-    const skillsDir = path.join(home, ".windsurf", "skills");
+    // v4.7.6: standardize on the registry-canonical Windsurf path
+    // (~/.codeium/windsurf/skills). v4.7.5 wrote to ~/.windsurf/skills which
+    // conflicted with the registry entry and meant skills were duplicated
+    // across both paths on machines that had been installed pre-v4.7.5.
+    const skillsDir = AGENT_REGISTRY.windsurf.skills.dest();
+    const legacySkillsDir = path.join(home, ".windsurf", "skills");
     const skCount = installSkillPacks(bundleDir, skillsDir, skillOpts.categories);
     if (skCount > 0) steps.push(`${skCount} skills`);
+
+    // Migrate from legacy ~/.windsurf/skills.
+    // v4.7.6 (post-audit): only delete legacy entries that have a
+    // .mover-installed stamp file (proving Mover OS owns them). Same-name
+    // user-created skills in the legacy path that lack the stamp are
+    // preserved. The prior "same-name = delete" logic risked nuking
+    // divergent user skills.
+    if (fs.existsSync(legacySkillsDir) && legacySkillsDir !== skillsDir) {
+      try {
+        for (const entry of fs.readdirSync(legacySkillsDir)) {
+          const legacyEntry = path.join(legacySkillsDir, entry);
+          const canonicalEntry = path.join(skillsDir, entry);
+          if (!fs.statSync(legacyEntry).isDirectory()) continue;
+          if (!fs.existsSync(canonicalEntry)) continue;
+          // Require a .mover-installed stamp at the legacy path for delete.
+          const legacyStamp = path.join(legacyEntry, ".mover-installed");
+          if (fs.existsSync(legacyStamp)) {
+            fs.rmSync(legacyEntry, { recursive: true, force: true });
+          }
+        }
+        // Remove empty legacy parent dir.
+        try {
+          if (fs.readdirSync(legacySkillsDir).length === 0) fs.rmdirSync(legacySkillsDir);
+        } catch {}
+      } catch {}
+    }
   }
 
   return steps;
@@ -3567,8 +3807,40 @@ function installGeminiCli(bundleDir, vaultPath, skillOpts, writtenFiles) {
   if (wfCount > 0) steps.push(`${wfCount} commands`);
 
   if (skillOpts && skillOpts.install) {
-    const skCount = installSkillPacks(bundleDir, path.join(geminiDir, "skills"), skillOpts.categories);
+    const geminiSkillsDir = path.join(geminiDir, "skills");
+    const skCount = installSkillPacks(bundleDir, geminiSkillsDir, skillOpts.categories);
     if (skCount > 0) steps.push(`${skCount} skills`);
+
+    // v4.7.6: clean up duplicate Mover skills in ~/.agents/skills/.
+    //
+    // Gemini CLI scans both ~/.gemini/skills/ (canonical) AND
+    // ~/.agents/skills/ (cross-agent shared pool) at session start. If a Mover
+    // install has populated both, Gemini emits a wall of "Skill conflict
+    // detected: ... is overriding ..." warnings. Worse, every shipped skill
+    // takes a budget slot twice in the agent's effective skill manifest.
+    //
+    // Fix: after writing to the canonical path, scan ~/.agents/skills/ for
+    // entries that we just installed (same name as a directory we own at the
+    // canonical path) and remove only those. User skills in ~/.agents/skills/
+    // (Amp/etc.) stay untouched.
+    // v4.7.6 (post-audit): require a `.mover-installed` stamp on the shared
+    // entry before deleting. Prior "same-name = delete" risked nuking
+    // user-created divergent skills with the same folder name.
+    const sharedSkillsDir = path.join(home, ".agents", "skills");
+    if (fs.existsSync(sharedSkillsDir) && sharedSkillsDir !== geminiSkillsDir) {
+      try {
+        for (const entry of fs.readdirSync(sharedSkillsDir)) {
+          const sharedEntry = path.join(sharedSkillsDir, entry);
+          const canonicalEntry = path.join(geminiSkillsDir, entry);
+          if (!fs.statSync(sharedEntry).isDirectory()) continue;
+          if (!fs.existsSync(canonicalEntry)) continue;
+          const sharedStamp = path.join(sharedEntry, ".mover-installed");
+          if (fs.existsSync(sharedStamp)) {
+            fs.rmSync(sharedEntry, { recursive: true, force: true });
+          }
+        }
+      } catch {}
+    }
   }
 
   // v4.7.5: Native Gemini hook support via mover-hook-adapter.js

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mover-os",
-  "version": "4.7.5",
+  "version": "4.7.6",
   "description": "Your AI co-founder. Remembers your goals, pushes back when you drift. Works with 15 AI agents.",
   "bin": {
     "moveros": "install.js"