pinokiod 6.0.95 → 6.0.97

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pinokiod",
-  "version": "6.0.95",
+  "version": "6.0.97",
   "description": "",
   "main": "index.js",
   "scripts": {

package/prototype/system/SKILL_PINOKIO.md

@@ -19,7 +19,21 @@ If running outside Pinokio's own shell, do not assume `pterm` is on `PATH`.
 1. Resolve `pterm` via `GET http://127.0.0.1:42000/pinokio/path/pterm`.
 2. Read `path` from the response.
 3. Use that absolute binary path for all `pterm` commands in this skill.
-4. If lookup fails, report `pterm` unavailable and stop.
+4. If lookup fails, do not immediately conclude that Pinokio is not running.
+5. Distinguish failure modes before stopping:
+   - `EPERM` / `EACCES` / sandbox denial to `127.0.0.1:42000`:
+     - treat this as a local permission problem, not a missing runtime
+     - ask for permission first if the client supports permission prompts, escalation, or tool approval
+     - rerun the same probe after permission is granted
+     - if permission prompts are unavailable, report that loopback access is blocked by the client/sandbox
+   - timeout / connection refused / DNS failure:
+     - report that the control plane is unreachable rather than claiming `pterm` is uninstalled
+   - HTTP success with missing/empty `path`:
+     - continue with fallback path checks below before concluding `pterm` is unavailable
+6. If the control-plane probe is blocked or returns an empty path, check common local `pterm` locations:
+   - `which pterm` or `where pterm`
+7. If a local `pterm` binary exists, use it and continue. If later `pterm` commands fail against `127.0.0.1:42000` with permission errors, report a loopback permission issue explicitly.
+8. Only report "`pterm` unavailable" when both the control-plane probe and fallback local path checks fail.
 
 Use direct `pterm` commands for control-plane operations:
 
@@ -31,11 +45,16 @@ Use direct `pterm` commands for control-plane operations:
 6. `pterm star <app_id>` / `pterm unstar <app_id>` (only when user explicitly asks to change preference)
 
 Do not run install/update commands from this skill.
+Do not execute bundled app binaries or internal app CLIs from the app repo unless the user explicitly asks for CLI mode.
+Once a Pinokio-managed app is selected, treat the launcher and its exposed interfaces as the source of truth for lifecycle and execution.
+Do not switch to alternate repo-local execution paths unless the user explicitly requests that mode.
 
 Permission handling:
-- If a `pterm` command fails with loopback permission errors (`EPERM`/`EACCES` to `127.0.0.1:42000`), rerun the same command with required escalation/approval.
+- If a probe or `pterm` command fails with loopback permission errors (`EPERM`/`EACCES` to `127.0.0.1:42000`), ask for permission first when the client supports permission prompts or escalation.
+- After permission is granted, rerun the same command.
 - Continue normal flow if rerun succeeds.
-- Fail only if escalation is denied or rerun still cannot reach Pinokio.
+- Fail only if permission/escalation is denied, unavailable, or rerun still cannot reach Pinokio.
+- When failing after those retries, say "Pinokio may be running, but this client cannot reach the local control plane" rather than "Pinokio is not installed/running" unless you have confirmed both conditions.
 
 ## Workflow
 
@@ -57,14 +76,20 @@ Permission handling:
    - If no useful hits, run one fallback:
      - `pterm search "<query>" --mode broad --limit 8`
    - Deterministic ranking:
-     - exact `app_id`/title match (for explicit app requests)
-     - `starred=true` (user preference)
-     - `ready=true`
-     - higher `matched_terms_count` (if available)
-     - higher `launch_count_total` (if available)
-     - more recent `last_launch_at` (if available)
-     - higher `score`
-     - `running=true`
+     - First, rank by runtime tier:
+       - relevant apps with `ready=true`
+       - otherwise relevant apps with `running=true`
+       - otherwise relevant offline apps
+     - Within the selected runtime tier, rank by user preference:
+       - exact `app_id`/title match (for explicit app requests)
+       - `starred=true`
+     - Within that same tier, use the remaining tiebreakers:
+       - higher `matched_terms_count` (if available)
+       - higher `launch_count_total` (if available)
+       - more recent `last_launch_at` (if available)
+       - higher `score`
+     - Do not choose an offline app over a relevant `ready` or `running` app.
+     - Do not choose a non-starred app over a relevant starred app in the same runtime tier unless the starred app is clearly not a useful match.
    - If the top candidate is not clearly better than alternatives, ask user once with top 3 candidates.
 
 2. Check runtime state with `pterm status`.
@@ -90,6 +115,7 @@ Permission handling:
 4. Success criteria.
    - `state=online` and `ready=true`.
    - If `ready_url` exists, use it as API base URL.
+   - Treat `ready_url` plus a generated or reused client as the default execution path for app functionality.
 
 5. Failure criteria.
    - Timeout before success.
@@ -111,6 +137,9 @@ Permission handling:
      - 404/405 endpoint mismatch
      - 400/422 payload/schema mismatch
      - auth/header mismatch
+   - Prefer documented/public app APIs exposed by the running launcher.
+   - Do not execute the app's internal Python/Node/bundled CLI as a fallback when `pterm` has already selected a launcher-managed app.
+   - If no automatable API exists after the app is running, report that clearly instead of bypassing the launcher with an internal CLI.
 
 ## Behavior Rules
 
@@ -120,6 +149,13 @@ Permission handling:
 - Prefer returning full logs over brittle deterministic error parsing.
 - REST endpoints may be used for diagnostics only when pterm is unavailable; do not claim full install/launch lifecycle completion without compatible pterm commands.
 - Do not keep searching after app selection; move to status/run.
+- Do not conflate loopback access failure, sandbox denial, or missing permission with "Pinokio is not running" or "`pterm` is not installed."
+- On localhost permission failure, prefer asking for permission over asking the user to manually run commands.
+- If `127.0.0.1:42000` is blocked but local `pterm` exists, explicitly tell the user this looks like a client permission/sandbox issue.
+- After app selection, do not execute `python`, `node`, shell entrypoints, or repo-local binaries inside the selected app unless the user explicitly asks for CLI mode.
+- Do not inspect bundled CLI help or probe repo-local executables as an alternative execution path when the task is to operate the Pinokio-managed app.
+- "Launch the app server and run it" means `pterm status` -> `pterm run` -> wait for `ready=true` -> use `ready_url` with a generated/reused client.
+- If `ready_url` is absent, use `pterm` only for lifecycle control and ask one targeted question or report that the app lacks a clear automatable API. Do not silently fall back to internal CLI execution.
 
 ## Example A (Capability Only)