sanook-cli 0.4.0 → 0.5.0

package/dist/search/index-core.js

@@ -0,0 +1,187 @@
+// ============================================================================
+// src/search/index-core.ts — the zero-dependency search FLOOR.
+//
+// A pure-TS inverted index with REAL BM25 (k1=1.2, b=0.75, genuine corpus-stat
+// IDF via df/N). No SQLite, no Bun, no native binary, no network — it works the
+// instant a corpus exists, on any OS Node 22 runs on. This is deliberately NOT
+// node:sqlite FTS5: that is experimental, its FTS5 build is not guaranteed across
+// platforms, and it reintroduces a quasi-native dependency that fights the
+// zero-config/portability contract. A few hundred lines of TS give us a real
+// ranking model that FTS5's bm25() only approximates without true global IDF.
+//
+// Tokenization REUSES memory-store.ts normalize() (the canonical, Thai-safe,
+// stopword-aware tokenizer) so memory matching and search matching never drift.
+//
+// addDoc/removeDoc MUTATE the index in place and return it — an index over a
+// large vault must not deep-copy its postings map on every chunk (that is the
+// one place we diverge from memory-store's small-array immutability). bm25Search
+// is pure and read-only. Re-adding the same doc id replaces its postings, so the
+// index can never accumulate duplicate postings the way arra's FTS5
+// delete-then-insert can drift.
+// ============================================================================
+import { normalize } from '../memory-store.js';
+export const SEARCH_SOURCES = ['memory', 'vault', 'session', 'skill'];
+/** BM25 params — Robertson/Spärck-Jones defaults; title terms get weighted tf. */
+const K1 = 1.2;
+const B = 0.75;
+const TITLE_BOOST = 2; // a term in a doc's title counts this many times toward tf
+const WORD_SEG = new Intl.Segmenter(undefined, { granularity: 'word' });
+export const INDEX_VERSION = 1;
+export function emptyIndex() {
+    return { version: INDEX_VERSION, postings: new Map(), docs: new Map(), totalDl: 0 };
+}
+/**
+ * Ordered tokens WITH repeats — BM25 needs term frequencies, so unlike
+ * memory-store's tokens() (a deduped Set) we keep counts. Builds on the SAME
+ * canonical normalize() (lowercase, punctuation→space, Thai preserved), then
+ * segments with Intl.Segmenter at word granularity so Thai (which has no spaces)
+ * splits into real words instead of one coarse blob, giving BM25 genuine Thai
+ * term frequencies while preserving repeats.
+ */
+export function termList(text) {
+    const out = [];
+    for (const seg of WORD_SEG.segment(normalize(text))) {
+        if (!seg.isWordLike)
+            continue;
+        const token = seg.segment.trim();
+        if (token.length > 1)
+            out.push(token);
+    }
+    return out;
+}
+/** combined term-frequency map for a doc, with title terms weighted, + the token length. */
+function termFreqs(title, text) {
+    const tf = new Map();
+    const body = termList(text);
+    const head = termList(title);
+    for (const t of body)
+        tf.set(t, (tf.get(t) ?? 0) + 1);
+    for (const t of head)
+        tf.set(t, (tf.get(t) ?? 0) + TITLE_BOOST);
+    return { tf, dl: body.length + head.length };
+}
+/** add (or REPLACE, if id already present) a document. Mutates + returns idx. */
+export function addDoc(idx, doc) {
+    if (idx.docs.has(doc.id))
+        removeDoc(idx, doc.id); // replace → no posting creep
+    const { tf, dl } = termFreqs(doc.title, doc.text);
+    const meta = {
+        id: doc.id,
+        source: doc.source,
+        title: doc.title,
+        text: doc.text,
+        path: doc.path,
+        noteType: doc.noteType,
+        tags: doc.tags ?? [],
+        links: doc.links ?? [],
+        importance: doc.importance,
+        updatedMs: doc.updatedMs,
+        dl,
+    };
+    idx.docs.set(doc.id, meta);
+    idx.totalDl += dl;
+    for (const [term, freq] of tf) {
+        const plist = idx.postings.get(term);
+        if (plist)
+            plist.push({ docId: doc.id, tf: freq });
+        else
+            idx.postings.set(term, [{ docId: doc.id, tf: freq }]);
+    }
+    return idx;
+}
+/** remove a document and all its postings. Mutates + returns idx. No-op if absent. */
+export function removeDoc(idx, id) {
+    const meta = idx.docs.get(id);
+    if (!meta)
+        return idx;
+    const { tf } = termFreqs(meta.title, meta.text);
+    for (const term of tf.keys()) {
+        const plist = idx.postings.get(term);
+        if (!plist)
+            continue;
+        const next = plist.filter((p) => p.docId !== id);
+        if (next.length)
+            idx.postings.set(term, next);
+        else
+            idx.postings.delete(term);
+    }
+    idx.totalDl -= meta.dl;
+    idx.docs.delete(id);
+    return idx;
+}
+/**
+ * BM25 ranking — pure, read-only. Genuine IDF from df/N (the always-positive
+ * BM25+ form ln(1 + (N-df+0.5)/(df+0.5))), length-normalized by avgdl. Optional
+ * source allow-list keeps cross-corpus queries cheap. Deterministic tie-break by id.
+ */
+export function bm25Search(idx, query, limit = 50, sources) {
+    const n = idx.docs.size;
+    if (!n)
+        return [];
+    const avgdl = idx.totalDl / n || 1;
+    const qTerms = [...new Set(termList(query))];
+    if (!qTerms.length)
+        return [];
+    const scores = new Map();
+    for (const term of qTerms) {
+        const plist = idx.postings.get(term);
+        if (!plist)
+            continue;
+        const df = plist.length;
+        const idf = Math.log(1 + (n - df + 0.5) / (df + 0.5));
+        for (const p of plist) {
+            const meta = idx.docs.get(p.docId);
+            if (!meta)
+                continue;
+            if (sources && !sources.has(meta.source))
+                continue;
+            const denom = p.tf + K1 * (1 - B + B * (meta.dl / avgdl));
+            const contrib = idf * ((p.tf * (K1 + 1)) / denom);
+            scores.set(p.docId, (scores.get(p.docId) ?? 0) + contrib);
+        }
+    }
+    return [...scores.entries()]
+        .map(([id, score]) => ({ id, score }))
+        .sort((a, b) => b.score - a.score || (a.id < b.id ? -1 : a.id > b.id ? 1 : 0))
+        .slice(0, limit);
+}
+/** remove every doc of a given source (used to refresh the live memory/session/skill corpora). Returns count removed. */
+export function removeSource(idx, source) {
+    const ids = [];
+    for (const m of idx.docs.values())
+        if (m.source === source)
+            ids.push(m.id);
+    for (const id of ids)
+        removeDoc(idx, id);
+    return ids.length;
+}
+export function indexStats(idx) {
+    const bySource = {};
+    for (const m of idx.docs.values())
+        bySource[m.source] = (bySource[m.source] ?? 0) + 1;
+    return {
+        docs: idx.docs.size,
+        terms: idx.postings.size,
+        bySource,
+        avgdl: idx.docs.size ? idx.totalDl / idx.docs.size : 0,
+    };
+}
+export function indexToJSON(idx) {
+    const postings = {};
+    for (const [term, plist] of idx.postings)
+        postings[term] = plist;
+    return { version: idx.version, totalDl: idx.totalDl, postings, docs: [...idx.docs.values()] };
+}
+export function indexFromJSON(raw) {
+    const obj = raw;
+    if (!obj || obj.version !== INDEX_VERSION || !obj.postings || !Array.isArray(obj.docs)) {
+        return emptyIndex(); // unknown/old shape degrades to empty rather than throwing
+    }
+    const idx = emptyIndex();
+    idx.totalDl = obj.totalDl ?? 0;
+    for (const [term, plist] of Object.entries(obj.postings))
+        idx.postings.set(term, plist);
+    for (const m of obj.docs)
+        idx.docs.set(m.id, m);
+    return idx;
+}

package/dist/search/indexer.js

@@ -0,0 +1,241 @@
+// ============================================================================
+// src/search/indexer.ts — incremental, O(delta) vault indexer.
+//
+// Beats arra-oracle's indexer on three axes:
+//   1. NO directory convention. arra requires a `ψ/memory/…` tree; we index the
+//      user's EXISTING second-brain vault via getBrainPath(), any layout.
+//   2. TRUE incremental. arra full-re-indexes every pass (guarded only by a >50%
+//      delete abort). We diff a per-file manifest: an unchanged file costs ONE
+//      stat(); only changed files are read+sha256+re-chunked; deleted files have
+//      their chunks evicted precisely (manifest stores each file's chunk ids).
+//   3. ONE unified surface. Vault chunks, active memory Facts, recent session
+//      turns, and skills all land in the SAME ranked index — the unification arra
+//      never did (its memory store and search index use divorced formats).
+//
+// The file-walk is injected (VaultFS) so the core logic unit-tests against an
+// in-memory fs + clock with zero disk, exactly like memory-store.ts.
+// ============================================================================
+import { createHash } from 'node:crypto';
+import { readFile, readdir, stat } from 'node:fs/promises';
+import { join } from 'node:path';
+import { appHomePath } from '../brand.js';
+import { getBrainPath } from '../memory.js';
+import { loadSkills } from '../skills.js';
+import { activeFacts, effImportance, loadStore } from '../memory-store.js';
+import { chunkMarkdown } from './chunk.js';
+import { addDoc, removeDoc, removeSource } from './index-core.js';
+import { loadIndex, saveIndex } from './store.js';
+/** strip a .md path to a human title fallback when a chunk has no heading. */
+function fileTitle(rel) {
+    return (rel.split('/').pop() ?? rel).replace(/\.md$/i, '');
+}
+/**
+ * Incremental vault pass. Mutates `index`, returns the NEXT manifest + a diff.
+ * Pure w.r.t. the injected fs/clock — no disk access of its own.
+ */
+export async function indexVaultFiles(index, manifest, fs) {
+    const next = {};
+    const diff = { added: 0, updated: 0, removed: 0, skipped: 0 };
+    const paths = await fs.listMarkdown();
+    const seenExisting = new Set();
+    for (const rel of paths) {
+        const fp = await fs.fingerprint(rel);
+        if (!fp)
+            continue; // vanished between listing and stat → treat as deletion below
+        seenExisting.add(rel);
+        const prev = manifest[rel];
+        // cheap path: mtime + size unchanged ⇒ skip without reading the file
+        if (prev && prev.mtimeMs === fp.mtimeMs && prev.size === fp.size) {
+            next[rel] = prev;
+            diff.skipped++;
+            continue;
+        }
+        const content = await fs.read(rel);
+        const sha = fs.hash(content);
+        // touched but content identical (mtime bumped by a sync) ⇒ refresh fingerprint, keep chunks
+        if (prev && prev.sha === sha) {
+            next[rel] = { ...prev, mtimeMs: fp.mtimeMs, size: fp.size };
+            diff.skipped++;
+            continue;
+        }
+        // changed or new ⇒ evict old chunks, re-chunk, re-add
+        if (prev)
+            for (const id of prev.ids)
+                removeDoc(index, id);
+        const parsed = chunkMarkdown(rel, content);
+        const title0 = fileTitle(rel);
+        const ids = [];
+        for (const c of parsed.chunks) {
+            const doc = {
+                id: c.id,
+                source: 'vault',
+                title: c.heading || title0,
+                text: c.text,
+                path: rel,
+                noteType: parsed.frontmatter.noteType,
+                tags: parsed.frontmatter.tags,
+                links: parsed.links,
+                updatedMs: fp.mtimeMs,
+            };
+            addDoc(index, doc);
+            ids.push(c.id);
+        }
+        next[rel] = { mtimeMs: fp.mtimeMs, size: fp.size, sha, ids };
+        if (prev)
+            diff.updated++;
+        else
+            diff.added++;
+    }
+    // deletions: present last time, absent now ⇒ evict their chunks
+    for (const rel of Object.keys(manifest)) {
+        if (seenExisting.has(rel))
+            continue;
+        for (const id of manifest[rel].ids)
+            removeDoc(index, id);
+        diff.removed++;
+    }
+    return { manifest: next, diff };
+}
+/** refresh the live memory corpus: drop old memory docs, re-add active Facts with an importance prior. */
+export function foldFacts(index, facts, now) {
+    removeSource(index, 'memory');
+    const searchable = facts.filter((f) => f.status === 'active' && f.tier !== 'inbox');
+    for (const f of searchable) {
+        addDoc(index, {
+            id: f.id, // memory-store deriveId — stable, dedups against itself
+            source: 'memory',
+            title: '',
+            text: f.text,
+            noteType: f.noteType,
+            tags: f.tags,
+            importance: effImportance(f, now),
+            updatedMs: f.updated,
+        });
+    }
+    return searchable.length;
+}
+/** refresh the session corpus (first-user-message per recent session). */
+export function foldSessions(index, sessions) {
+    removeSource(index, 'session');
+    for (const s of sessions) {
+        addDoc(index, { id: s.id, source: 'session', title: '', text: s.text, updatedMs: s.updatedMs });
+    }
+    return sessions.length;
+}
+/** refresh the skill corpus (name + description + whenToUse). */
+export function foldSkills(index, skills) {
+    removeSource(index, 'skill');
+    for (const s of skills) {
+        addDoc(index, { id: s.id, source: 'skill', title: s.name, text: s.text });
+    }
+    return skills.length;
+}
+// ---- real-filesystem wiring ------------------------------------------------
+const IGNORE_DIRS = new Set([
+    'node_modules', 'dist', 'build', 'coverage', '.next', '.cache', '.git',
+    '.obsidian', 'vendor', '.turbo', '.vercel',
+]);
+/** node:fs implementation of VaultFS — recursive .md walk with the default-ignore set. */
+export function nodeVaultFS(root) {
+    async function walk(dir, rel, out) {
+        let entries;
+        try {
+            entries = await readdir(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const e of entries) {
+            if (e.isDirectory()) {
+                if (IGNORE_DIRS.has(e.name) || e.name.startsWith('.'))
+                    continue;
+                await walk(join(dir, e.name), rel ? `${rel}/${e.name}` : e.name, out);
+            }
+            else if (e.isFile() && e.name.toLowerCase().endsWith('.md')) {
+                out.push(rel ? `${rel}/${e.name}` : e.name);
+            }
+        }
+    }
+    return {
+        async listMarkdown() {
+            const out = [];
+            await walk(root, '', out);
+            return out.sort();
+        },
+        async fingerprint(relPath) {
+            try {
+                const s = await stat(join(root, relPath));
+                return { mtimeMs: s.mtimeMs, size: s.size };
+            }
+            catch {
+                return null;
+            }
+        },
+        read: (relPath) => readFile(join(root, relPath), 'utf8'),
+        hash: (content) => createHash('sha256').update(content).digest('hex'),
+    };
+}
+const SESSIONS_DIR = appHomePath('sessions');
+/** load first-user-message of the most recent sessions (bounded) for the session corpus. */
+export async function loadRecentSessions(limit = 60) {
+    const out = [];
+    let candidates;
+    try {
+        const files = (await readdir(SESSIONS_DIR)).filter((f) => f.endsWith('.json'));
+        const withStats = await Promise.all(files.map(async (file) => {
+            const full = join(SESSIONS_DIR, file);
+            try {
+                return { file, full, mtimeMs: (await stat(full)).mtimeMs };
+            }
+            catch {
+                return null;
+            }
+        }));
+        candidates = withStats
+            .filter((c) => c !== null)
+            .sort((a, b) => b.mtimeMs - a.mtimeMs || b.file.localeCompare(a.file))
+            .slice(0, limit);
+    }
+    catch {
+        return out;
+    }
+    for (const { file, full, mtimeMs } of candidates) {
+        try {
+            const s = JSON.parse(await readFile(full, 'utf8'));
+            const firstUser = (s.messages ?? []).find((m) => m.role === 'user');
+            const text = typeof firstUser?.content === 'string' ? firstUser.content : '';
+            if (!text.trim())
+                continue;
+            out.push({ id: `sess:${s.id ?? file}`, text: text.slice(0, 2000), updatedMs: mtimeMs });
+        }
+        catch {
+            /* skip a corrupt session file */
+        }
+    }
+    return out;
+}
+/**
+ * Full incremental reindex: vault (via getBrainPath) + memory + sessions + skills,
+ * persisted atomically. Returns a change report. This is what `sanook index` and
+ * the MCP `sanook_index` tool call.
+ */
+export async function reindex(now = Date.now()) {
+    const { index, manifest } = await loadIndex();
+    let diff = { added: 0, updated: 0, removed: 0, skipped: 0 };
+    let nextManifest = manifest;
+    const brain = await getBrainPath();
+    if (brain) {
+        const r = await indexVaultFiles(index, manifest, nodeVaultFS(brain));
+        nextManifest = r.manifest;
+        diff = r.diff;
+    }
+    const memory = foldFacts(index, activeFacts(await loadStore(now)), now);
+    const sessions = foldSessions(index, await loadRecentSessions());
+    const skills = foldSkills(index, (await loadSkills()).map((s) => ({
+        id: `skill:${s.name}`,
+        name: s.name,
+        text: `${s.description} ${s.whenToUse ?? ''}`.trim(),
+    })));
+    await saveIndex(index, nextManifest);
+    return { ...diff, memory, sessions, skills, vaultPath: brain ?? null };
+}

package/dist/search/store.js

@@ -0,0 +1,77 @@
+// ============================================================================
+// src/search/store.ts — the ONLY disk-touching module of the search subsystem.
+//
+// Mirrors memory-store.ts's FS discipline exactly: atomic tmp+rename writes,
+// 0o600 permissions, honors persistenceEnabled(), and loadIndex() NEVER writes
+// (read paths stay pure). The persisted payload is one JSON file next to
+// memory.json under ~/.sanook/search/index.json — no SQLite file, no native db.
+// Vectors live in their own sidecar (embed-store.ts) so the BM25 floor never
+// pays to read them.
+// ============================================================================
+import { chmod, mkdir, readFile, rename, rm, stat, writeFile } from 'node:fs/promises';
+import { randomUUID } from 'node:crypto';
+import { join } from 'node:path';
+import { appHomePath, persistenceEnabled } from '../brand.js';
+import { emptyIndex, indexFromJSON, indexToJSON, } from './index-core.js';
+export const SEARCH_DIR = appHomePath('search');
+export const INDEX_PATH = join(SEARCH_DIR, 'index.json');
+const FILE_VERSION = 1;
+async function pathExists(p) {
+    try {
+        await stat(p);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/** mtime of the on-disk index (ms) or 0 if absent — lets the engine cache-invalidate cheaply. */
+export async function indexMtimeMs() {
+    try {
+        return (await stat(INDEX_PATH)).mtimeMs;
+    }
+    catch {
+        return 0;
+    }
+}
+/**
+ * Load the persisted index + manifest. Pure read: a missing or malformed file
+ * degrades to an empty index rather than throwing, so a corrupt cache never
+ * bricks search — the next index() rebuilds it.
+ */
+export async function loadIndex() {
+    try {
+        const raw = JSON.parse(await readFile(INDEX_PATH, 'utf8'));
+        if (raw && raw.v === FILE_VERSION) {
+            return { index: indexFromJSON(raw.index), manifest: raw.manifest ?? {} };
+        }
+    }
+    catch {
+        /* no file yet, or malformed → fall through to empty */
+    }
+    return { index: emptyIndex(), manifest: {} };
+}
+/**
+ * Persist index + manifest atomically (tmp+rename), 0o600. No-op when persistence
+ * is disabled (the in-memory index still works for the process, just uncached).
+ */
+export async function saveIndex(index, manifest) {
+    if (!persistenceEnabled())
+        return;
+    await mkdir(SEARCH_DIR, { recursive: true });
+    const payload = { v: FILE_VERSION, index: indexToJSON(index), manifest };
+    const tmp = join(SEARCH_DIR, `index.${randomUUID()}.tmp`);
+    try {
+        await writeFile(tmp, `${JSON.stringify(payload)}\n`, { mode: 0o600 });
+        await chmod(tmp, 0o600).catch(() => { });
+        await rename(tmp, INDEX_PATH);
+    }
+    catch (e) {
+        await rm(tmp, { force: true }).catch(() => { });
+        throw e;
+    }
+}
+/** true if a persisted index already exists on disk. */
+export function hasIndex() {
+    return pathExists(INDEX_PATH);
+}

package/dist/session.js

@@ -1,16 +1,45 @@
-import { readFile, writeFile, mkdir, readdir } from 'node:fs/promises';
-import { homedir } from 'node:os';
-import { join } from 'node:path';
+import { chmod, readFile, writeFile, mkdir, readdir, realpath } from 'node:fs/promises';
+import { join, resolve } from 'node:path';
+import { appHomePath, persistenceEnabled } from './brand.js';
+import { redactKey } from './providers/keys.js';
 // session store — จำ conversation + ความคืบหน้า เพื่อ "ทำงานต่อได้" ไม่ลืมว่าทำถึงไหน
-const SESSION_DIR = join(homedir(), '.sanook', 'sessions');
+const SESSION_DIR = appHomePath('sessions');
 export function newSessionId() {
     // CLI runtime — ใช้ Date/random ได้ (ไม่ใช่ workflow context)
     const ts = new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19);
     return `${ts}-${Math.random().toString(36).slice(2, 8)}`;
 }
+function redactUnknown(value) {
+    if (typeof value === 'string')
+        return redactKey(value);
+    if (Array.isArray(value))
+        return value.map(redactUnknown);
+    if (value && typeof value === 'object') {
+        return Object.fromEntries(Object.entries(value).map(([k, v]) => [k, redactUnknown(v)]));
+    }
+    return value;
+}
+function sanitizeSession(s) {
+    return {
+        ...s,
+        messages: redactUnknown(s.messages),
+    };
+}
+async function canonicalPath(path) {
+    try {
+        return await realpath(path);
+    }
+    catch {
+        return resolve(path);
+    }
+}
 export async function saveSession(s) {
+    if (!persistenceEnabled())
+        return;
     await mkdir(SESSION_DIR, { recursive: true });
-    await writeFile(join(SESSION_DIR, `${s.id}.json`), `${JSON.stringify(s, null, 2)}\n`);
+    const path = join(SESSION_DIR, `${s.id}.json`);
+    await writeFile(path, `${JSON.stringify(sanitizeSession(s), null, 2)}\n`, { mode: 0o600 });
+    await chmod(path, 0o600).catch(() => { });
 }
 export async function loadSession(id) {
     try {
@@ -20,13 +49,18 @@ export async function loadSession(id) {
         return null;
     }
 }
-/** session ล่าสุด (สำหรับ --continue) */
-export async function latestSession() {
+/** session ล่าสุด (สำหรับ --continue). ค่า default จำกัดเฉพาะ cwd ปัจจุบัน กัน context ข้าม project */
+export async function latestSession(cwd = process.cwd()) {
     try {
         const ids = (await readdir(SESSION_DIR)).filter((f) => f.endsWith('.json')).map((f) => f.slice(0, -5));
         if (!ids.length)
             return null;
-        const sessions = (await Promise.all(ids.map(loadSession))).filter((s) => s !== null);
+        let sessions = (await Promise.all(ids.map(loadSession))).filter((s) => s !== null);
+        if (cwd) {
+            const current = await canonicalPath(cwd);
+            const pairs = await Promise.all(sessions.map(async (s) => ({ session: s, cwd: await canonicalPath(s.cwd) })));
+            sessions = pairs.filter((p) => p.cwd === current).map((p) => p.session);
+        }
         sessions.sort((a, b) => b.updated.localeCompare(a.updated));
         return sessions[0] ?? null;
     }

package/dist/skill-install.js

@@ -1,5 +1,5 @@
 import { readFile, writeFile, mkdir, readdir, rm, stat, lstat, copyFile } from 'node:fs/promises';
-import { homedir, tmpdir } from 'node:os';
+import { tmpdir } from 'node:os';
 import { join, basename, resolve, sep, dirname } from 'node:path';
 import { execFile } from 'node:child_process';
 import { promisify } from 'node:util';
@@ -7,8 +7,9 @@ import { randomUUID } from 'node:crypto';
 import { lookup } from 'node:dns/promises';
 import { isIP } from 'node:net';
 import { parseFrontmatter, isValidSkillName } from './skills.js';
+import { appHomePath, BRAND } from './brand.js';
 const execFileAsync = promisify(execFile);
-const USER_SKILLS = join(homedir(), '.sanook', 'skills');
+const USER_SKILLS = appHomePath('skills');
 const MAX_FILES = 300;
 const MAX_BYTES = 20 * 1024 * 1024; // 20MB ต่อ skill
 const MAX_MD = 2 * 1024 * 1024; // 2MB ต่อ SKILL.md จาก URL
@@ -75,6 +76,7 @@ async function installFromContent(content, fallbackName) {
     if (!isValidSkillName(name))
         throw new Error(`ชื่อ skill ไม่ถูกต้อง: "${name}"`);
     const dest = join(USER_SKILLS, name);
+    await rm(dest, { recursive: true, force: true });
     await mkdir(dest, { recursive: true });
     await writeFile(join(dest, 'SKILL.md'), content);
     return { name, path: dest };
@@ -109,7 +111,7 @@ async function installFromLocal(path, onLog) {
 }
 /** clone GitHub repo (shallow) → ติดตั้ง skill — subPath ต้องอยู่ใต้ clone dir (กัน traversal escape) */
 async function installFromGitHub(repoUrl, subPath, onLog) {
-    const tmp = join(tmpdir(), `sanook-skill-${randomUUID().slice(0, 8)}`);
+    const tmp = join(tmpdir(), `${BRAND.skillTempPrefix}${randomUUID().slice(0, 8)}`);
     try {
         onLog?.(`clone ${repoUrl} …`);
         // execFile (no shell) + '--' กัน url ขึ้นต้น '-' ถูกตีเป็น git option + timeout
@@ -138,14 +140,12 @@ async function fetchSkillMd(url) {
     if (u.protocol !== 'https:')
         throw new Error('รองรับเฉพาะ https สำหรับ URL ของ SKILL.md');
     // resolve hostname → block private/loopback IP (กัน SSRF ยิง internal/cloud-metadata)
-    let ip = u.hostname;
-    if (!isIP(u.hostname)) {
-        const res = await lookup(u.hostname).catch(() => null);
-        ip = res?.address ?? '';
-    }
-    if (!ip || PRIVATE_IP.test(ip))
+    const host = u.hostname.replace(/^\[|\]$/g, '');
+    const ips = isIP(host) ? [host] : (await lookup(host, { all: true }).catch(() => [])).map((r) => r.address);
+    if (!ips.length || ips.some((ip) => PRIVATE_IP.test(ip))) {
         throw new Error(`URL ชี้ไป internal/private address — ปฏิเสธ (${u.hostname})`);
-    const r = await fetch(url, { signal: AbortSignal.timeout(30_000) });
+    }
+    const r = await fetch(url, { redirect: 'error', signal: AbortSignal.timeout(30_000) });
     if (!r.ok)
         throw new Error(`fetch ไม่สำเร็จ: HTTP ${r.status}`);
     if (Number(r.headers.get('content-length') ?? 0) > MAX_MD)