svamp-cli 0.1.64 → 0.1.65

package/dist/agentCommands-C6iGblcL.mjs

@@ -0,0 +1,156 @@
+import { existsSync, readFileSync, mkdirSync, writeFileSync, renameSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import os from 'node:os';
+
+const SVAMP_HOME = process.env.SVAMP_HOME || join(os.homedir(), ".svamp");
+function getConfigPath(sessionId) {
+  const cwd = process.cwd();
+  return join(cwd, ".svamp", sessionId, "config.json");
+}
+function readConfig(configPath) {
+  try {
+    if (existsSync(configPath)) return JSON.parse(readFileSync(configPath, "utf-8"));
+  } catch {
+  }
+  return {};
+}
+function writeConfig(configPath, config) {
+  mkdirSync(dirname(configPath), { recursive: true });
+  const tmp = configPath + ".tmp";
+  writeFileSync(tmp, JSON.stringify(config, null, 2));
+  renameSync(tmp, configPath);
+}
+async function connectAndEmit(event) {
+  const ENV_FILE = join(SVAMP_HOME, ".env");
+  if (existsSync(ENV_FILE)) {
+    const lines = readFileSync(ENV_FILE, "utf-8").split("\n");
+    for (const line of lines) {
+      const m = line.match(/^([A-Z_]+)=(.*)/);
+      if (m && !process.env[m[1]]) process.env[m[1]] = m[2].replace(/^["']|["']$/g, "");
+    }
+  }
+  const serverUrl = process.env.HYPHA_SERVER_URL;
+  const token = process.env.HYPHA_TOKEN;
+  if (!serverUrl || !token) {
+    console.error('No Hypha credentials. Run "svamp login" first.');
+    process.exit(1);
+  }
+  const origLog = console.log;
+  const origWarn = console.warn;
+  const origInfo = console.info;
+  console.log = () => {
+  };
+  console.warn = () => {
+  };
+  console.info = () => {
+  };
+  let server;
+  try {
+    const mod = await import('hypha-rpc');
+    const connectToServer = mod.connectToServer || mod.default?.connectToServer;
+    server = await connectToServer({ server_url: serverUrl, token, name: "svamp-agent-emit" });
+  } catch (err) {
+    console.log = origLog;
+    console.warn = origWarn;
+    console.info = origInfo;
+    console.error(`Failed to connect to Hypha: ${err.message}`);
+    process.exit(1);
+  }
+  console.log = origLog;
+  console.warn = origWarn;
+  console.info = origInfo;
+  await server.emit({ ...event, to: "*" });
+  await server.disconnect();
+}
+async function sessionSetTitle(title) {
+  const sessionId = process.env.SVAMP_SESSION_ID;
+  if (!sessionId) {
+    console.error("SVAMP_SESSION_ID not set. This command must be run inside a Svamp session.");
+    process.exit(1);
+  }
+  const configPath = getConfigPath(sessionId);
+  const config = readConfig(configPath);
+  config.title = title.trim();
+  writeConfig(configPath, config);
+  console.log(`Session title set: "${title.trim()}"`);
+}
+async function sessionSetLink(url, label) {
+  const sessionId = process.env.SVAMP_SESSION_ID;
+  if (!sessionId) {
+    console.error("SVAMP_SESSION_ID not set. This command must be run inside a Svamp session.");
+    process.exit(1);
+  }
+  const resolvedLabel = label?.trim() || (() => {
+    try {
+      return new URL(url).hostname;
+    } catch {
+      return "View";
+    }
+  })();
+  const configPath = getConfigPath(sessionId);
+  const config = readConfig(configPath);
+  config.session_link = { url: url.trim(), label: resolvedLabel };
+  writeConfig(configPath, config);
+  console.log(`Session link set: "${resolvedLabel}" \u2192 ${url.trim()}`);
+}
+async function sessionNotify(message, level = "info") {
+  const sessionId = process.env.SVAMP_SESSION_ID;
+  if (!sessionId) {
+    console.error("SVAMP_SESSION_ID not set. This command must be run inside a Svamp session.");
+    process.exit(1);
+  }
+  await connectAndEmit({
+    type: "svamp:session-notify",
+    data: { sessionId, message, level, timestamp: Date.now() }
+  });
+  console.log(`Notification sent [${level}]: ${message}`);
+}
+async function sessionBroadcast(action, args) {
+  const sessionId = process.env.SVAMP_SESSION_ID;
+  if (!sessionId) {
+    console.error("SVAMP_SESSION_ID not set. This command must be run inside a Svamp session.");
+    process.exit(1);
+  }
+  let payload = { action };
+  if (action === "open-canvas") {
+    const url = args[0];
+    if (!url) {
+      console.error("Usage: svamp session broadcast open-canvas <url> [label]");
+      process.exit(1);
+    }
+    const label = args[1] || (() => {
+      try {
+        return new URL(url).hostname;
+      } catch {
+        return "View";
+      }
+    })();
+    payload = { action, url, label };
+  } else if (action === "close-canvas") ; else if (action === "toast") {
+    const message = args[0];
+    if (!message) {
+      console.error("Usage: svamp session broadcast toast <message>");
+      process.exit(1);
+    }
+    payload = { action, message };
+  } else {
+    console.error(`Unknown broadcast action: ${action}`);
+    console.error("Available actions: open-canvas, close-canvas, toast");
+    process.exit(1);
+  }
+  await connectAndEmit({
+    type: "svamp:session-broadcast",
+    data: { sessionId, ...payload }
+  });
+  console.log(`Broadcast sent: ${action}`);
+}
+async function machineNotify(message, level = "info") {
+  const machineId = process.env.SVAMP_MACHINE_ID;
+  await connectAndEmit({
+    type: "svamp:machine-notify",
+    data: { machineId, message, level, timestamp: Date.now() }
+  });
+  console.log(`Machine notification sent [${level}]: ${message}`);
+}
+
+export { machineNotify, sessionBroadcast, sessionNotify, sessionSetLink, sessionSetTitle };

package/dist/cli.mjs

@@ -1,4 +1,4 @@
-import { b as stopDaemon, s as startDaemon, d as daemonStatus } from './run-BImPgXHd.mjs';
+import { b as stopDaemon, s as startDaemon, d as daemonStatus } from './run-DPhSmbr1.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';
@@ -109,7 +109,7 @@ async function main() {
     const { handleServiceCommand } = await import('./commands-CF32XIau.mjs');
     await handleServiceCommand();
   } else if (subcommand === "process" || subcommand === "proc") {
-    const { processCommand } = await import('./commands-BfMlD9o4.mjs');
+    const { processCommand } = await import('./commands-Dc_6JdE_.mjs');
     let machineId;
     const processArgs = args.slice(1);
     const mIdx = processArgs.findIndex((a) => a === "--machine" || a === "-m");
@@ -127,7 +127,7 @@ async function main() {
   } else if (!subcommand || subcommand === "start") {
     await handleInteractiveCommand();
   } else if (subcommand === "--version" || subcommand === "-v") {
-    const pkg = await import('./package-Dg0hQJRC.mjs').catch(() => ({ default: { version: "unknown" } }));
+    const pkg = await import('./package-CvCDrFPH.mjs').catch(() => ({ default: { version: "unknown" } }));
     console.log(`svamp version: ${pkg.default.version}`);
   } else {
     console.error(`Unknown command: ${subcommand}`);
@@ -136,7 +136,7 @@ async function main() {
   }
 }
 async function handleInteractiveCommand() {
-  const { runInteractive } = await import('./run-C7VxH4X8.mjs');
+  const { runInteractive } = await import('./run-DTwMJ7dx.mjs');
   const interactiveArgs = subcommand === "start" ? args.slice(1) : args;
   let directory = process.cwd();
   let resumeSessionId;
@@ -181,7 +181,7 @@ async function handleAgentCommand() {
     return;
   }
   if (agentArgs[0] === "list") {
-    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-BImPgXHd.mjs').then(function (n) { return n.i; });
+    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-DPhSmbr1.mjs').then(function (n) { return n.i; });
     console.log("Known agents:");
     for (const [name, config2] of Object.entries(KNOWN_ACP_AGENTS)) {
       console.log(`  ${name.padEnd(12)} ${config2.command} ${config2.args.join(" ")}  (ACP)`);
@@ -193,7 +193,7 @@ async function handleAgentCommand() {
     console.log('Use "svamp agent -- <command> [args]" for a custom ACP agent.');
     return;
   }
-  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-BImPgXHd.mjs').then(function (n) { return n.i; });
+  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-DPhSmbr1.mjs').then(function (n) { return n.i; });
   let cwd = process.cwd();
   const filteredArgs = [];
   for (let i = 0; i < agentArgs.length; i++) {
@@ -217,12 +217,12 @@ async function handleAgentCommand() {
   console.log(`Starting ${config.agentName} agent in ${cwd}...`);
   let backend;
   if (KNOWN_MCP_AGENTS[config.agentName]) {
-    const { CodexMcpBackend } = await import('./run-BImPgXHd.mjs').then(function (n) { return n.j; });
+    const { CodexMcpBackend } = await import('./run-DPhSmbr1.mjs').then(function (n) { return n.j; });
     backend = new CodexMcpBackend({ cwd, log: logFn });
   } else {
-    const { AcpBackend } = await import('./run-BImPgXHd.mjs').then(function (n) { return n.h; });
-    const { GeminiTransport } = await import('./run-BImPgXHd.mjs').then(function (n) { return n.G; });
-    const { DefaultTransport } = await import('./run-BImPgXHd.mjs').then(function (n) { return n.D; });
+    const { AcpBackend } = await import('./run-DPhSmbr1.mjs').then(function (n) { return n.h; });
+    const { GeminiTransport } = await import('./run-DPhSmbr1.mjs').then(function (n) { return n.G; });
+    const { DefaultTransport } = await import('./run-DPhSmbr1.mjs').then(function (n) { return n.D; });
     const transportHandler = config.agentName === "gemini" ? new GeminiTransport() : new DefaultTransport(config.agentName);
     backend = new AcpBackend({
       agentName: config.agentName,
@@ -340,7 +340,7 @@ async function handleSessionCommand() {
     printSessionHelp();
     return;
   }
-  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionQueueAdd, sessionQueueList, sessionQueueClear } = await import('./commands-Brx7D-77.mjs');
+  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionQueueAdd, sessionQueueList, sessionQueueClear } = await import('./commands-FAWhkKtz.mjs');
   const parseFlagStr = (flag, shortFlag) => {
     for (let i = 1; i < sessionArgs.length; i++) {
       if ((sessionArgs[i] === flag || shortFlag) && i + 1 < sessionArgs.length) {
@@ -400,7 +400,7 @@ async function handleSessionCommand() {
         allowDomain.push(sessionArgs[++i]);
       }
     }
-    const { parseShareArg } = await import('./commands-Brx7D-77.mjs');
+    const { parseShareArg } = await import('./commands-FAWhkKtz.mjs');
     const shareEntries = share.map((s) => parseShareArg(s));
     await sessionSpawn(agent, dir, targetMachineId, {
       message,
@@ -484,7 +484,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session approve <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionApprove } = await import('./commands-Brx7D-77.mjs');
+    const { sessionApprove } = await import('./commands-FAWhkKtz.mjs');
     const approveReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionApprove(sessionArgs[1], approveReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -494,7 +494,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session deny <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionDeny } = await import('./commands-Brx7D-77.mjs');
+    const { sessionDeny } = await import('./commands-FAWhkKtz.mjs');
     const denyReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionDeny(sessionArgs[1], denyReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -524,6 +524,40 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     await sessionRalphStatus(sessionArgs[1], targetMachineId);
+  } else if (sessionSubcommand === "set-title") {
+    const title = sessionArgs[1];
+    if (!title) {
+      console.error("Usage: svamp session set-title <title>");
+      process.exit(1);
+    }
+    const { sessionSetTitle } = await import('./agentCommands-C6iGblcL.mjs');
+    await sessionSetTitle(title);
+  } else if (sessionSubcommand === "set-link") {
+    const url = sessionArgs[1];
+    if (!url) {
+      console.error("Usage: svamp session set-link <url> [label]");
+      process.exit(1);
+    }
+    const label = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
+    const { sessionSetLink } = await import('./agentCommands-C6iGblcL.mjs');
+    await sessionSetLink(url, label);
+  } else if (sessionSubcommand === "notify") {
+    const message = sessionArgs[1];
+    if (!message) {
+      console.error("Usage: svamp session notify <message> [--level info|warning|error]");
+      process.exit(1);
+    }
+    const level = parseFlagStr("--level") || "info";
+    const { sessionNotify } = await import('./agentCommands-C6iGblcL.mjs');
+    await sessionNotify(message, level);
+  } else if (sessionSubcommand === "broadcast") {
+    const action = sessionArgs[1];
+    if (!action) {
+      console.error("Usage: svamp session broadcast <action> [args...]\nActions: open-canvas <url> [label], close-canvas, toast <message>");
+      process.exit(1);
+    }
+    const { sessionBroadcast } = await import('./agentCommands-C6iGblcL.mjs');
+    await sessionBroadcast(action, sessionArgs.slice(2).filter((a) => !a.startsWith("--")));
   } else if (sessionSubcommand === "queue") {
     const queueSubcmd = sessionArgs[1];
     if (queueSubcmd === "add") {
@@ -563,7 +597,7 @@ async function handleMachineCommand() {
     return;
   }
   if (machineSubcommand === "share") {
-    const { machineShare } = await import('./commands-Brx7D-77.mjs');
+    const { machineShare } = await import('./commands-FAWhkKtz.mjs');
     let machineId;
     const shareArgs = [];
     for (let i = 1; i < machineArgs.length; i++) {
@@ -593,7 +627,7 @@ async function handleMachineCommand() {
     }
     await machineShare(machineId, { add, remove, list, configPath, showConfig });
   } else if (machineSubcommand === "exec") {
-    const { machineExec } = await import('./commands-Brx7D-77.mjs');
+    const { machineExec } = await import('./commands-FAWhkKtz.mjs');
     let machineId;
     let cwd;
     const cmdParts = [];
@@ -613,7 +647,7 @@ async function handleMachineCommand() {
     }
     await machineExec(machineId, command, cwd);
   } else if (machineSubcommand === "info") {
-    const { machineInfo } = await import('./commands-Brx7D-77.mjs');
+    const { machineInfo } = await import('./commands-FAWhkKtz.mjs');
     let machineId;
     for (let i = 1; i < machineArgs.length; i++) {
       if ((machineArgs[i] === "--machine" || machineArgs[i] === "-m") && i + 1 < machineArgs.length) {
@@ -621,8 +655,22 @@ async function handleMachineCommand() {
       }
     }
     await machineInfo(machineId);
+  } else if (machineSubcommand === "notify") {
+    const message = machineArgs[1];
+    if (!message) {
+      console.error("Usage: svamp machine notify <message> [--level info|warning|error]");
+      process.exit(1);
+    }
+    let level = "info";
+    for (let i = 2; i < machineArgs.length; i++) {
+      if (machineArgs[i] === "--level" && i + 1 < machineArgs.length) {
+        level = machineArgs[++i];
+      }
+    }
+    const { machineNotify } = await import('./agentCommands-C6iGblcL.mjs');
+    await machineNotify(message, level);
   } else if (machineSubcommand === "ls") {
-    const { machineLs } = await import('./commands-Brx7D-77.mjs');
+    const { machineLs } = await import('./commands-FAWhkKtz.mjs');
     let machineId;
     let showHidden = false;
     let path;

package/dist/{commands-BfMlD9o4.mjs → commands-Dc_6JdE_.mjs}

@@ -1,11 +1,11 @@
 import { writeFileSync, readFileSync } from 'fs';
 import { resolve } from 'path';
-import { connectAndGetMachine } from './commands-Brx7D-77.mjs';
+import { connectAndGetMachine } from './commands-FAWhkKtz.mjs';
 import 'node:fs';
 import 'node:child_process';
 import 'node:path';
 import 'node:os';
-import './run-BImPgXHd.mjs';
+import './run-DPhSmbr1.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';

package/dist/{commands-Brx7D-77.mjs → commands-FAWhkKtz.mjs}

@@ -2,7 +2,7 @@ import { existsSync, readFileSync } from 'node:fs';
 import { execSync } from 'node:child_process';
 import { resolve, join } from 'node:path';
 import os from 'node:os';
-import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-BImPgXHd.mjs';
+import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-DPhSmbr1.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/index.mjs

@@ -1,4 +1,4 @@
-export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-BImPgXHd.mjs';
+export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-DPhSmbr1.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/{package-Dg0hQJRC.mjs → package-CvCDrFPH.mjs}

@@ -1,5 +1,5 @@
 var name = "svamp-cli";
-var version = "0.1.64";
+var version = "0.1.65";
 var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
 var author = "Amun AI AB";
 var license = "SEE LICENSE IN LICENSE";

package/dist/{run-BImPgXHd.mjs → run-DPhSmbr1.mjs}

@@ -385,21 +385,22 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         const machineOwner = currentMetadata.sharing?.owner;
         const isSharedUser = callerEmail && machineOwner && callerEmail.toLowerCase() !== machineOwner.toLowerCase();
         if (isSharedUser) {
-          const machineUser = currentMetadata.sharing?.allowedUsers?.find(
-            (u) => u.email.toLowerCase() === callerEmail.toLowerCase()
-          );
-          const callerRole = machineUser?.role || "interact";
           const sharing = {
             enabled: true,
-            owner: machineOwner,
+            owner: callerEmail,
+            // spawning user owns their session
             allowedUsers: [
-              ...options.sharing?.allowedUsers || [],
+              // Machine owner gets admin access (can monitor/control sessions on their machine)
               {
-                email: callerEmail,
-                role: callerRole,
+                email: machineOwner,
+                role: "admin",
                 addedAt: Date.now(),
                 addedBy: "machine-auto"
-              }
+              },
+              // Preserve any explicitly requested allowedUsers (e.g. additional collaborators)
+              ...(options.sharing?.allowedUsers || []).filter(
+                (u) => u.email.toLowerCase() !== machineOwner.toLowerCase()
+              )
             ]
           };
           options = { ...options, sharing };
@@ -419,16 +420,11 @@ async function registerMachineService(server, machineId, metadata, daemonState,
               ...options,
               securityContext: mergeSecurityContexts(machineCtx, options.securityContext)
             };
-            if (machineCtx.role && options.sharing?.enabled) {
-              const user = options.sharing.allowedUsers?.find(
-                (u) => u.email.toLowerCase() === callerEmail.toLowerCase()
-              );
-              if (user && !user.role) {
-                user.role = machineCtx.role;
-              }
-            }
           }
         }
+        if (options.injectPlatformGuidance === void 0 && currentMetadata.injectPlatformGuidance !== void 0) {
+          options = { ...options, injectPlatformGuidance: currentMetadata.injectPlatformGuidance };
+        }
         const result = await handlers.spawnSession({
           ...options,
           machineId
@@ -486,7 +482,8 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         metadataVersion++;
         savePersistedMachineMetadata(metadata.svampHomeDir, {
           sharing: currentMetadata.sharing,
-          securityContextConfig: currentMetadata.securityContextConfig
+          securityContextConfig: currentMetadata.securityContextConfig,
+          injectPlatformGuidance: currentMetadata.injectPlatformGuidance
         });
         notifyListeners({
           type: "update-machine",
@@ -546,7 +543,8 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         metadataVersion++;
         savePersistedMachineMetadata(metadata.svampHomeDir, {
           sharing: currentMetadata.sharing,
-          securityContextConfig: currentMetadata.securityContextConfig
+          securityContextConfig: currentMetadata.securityContextConfig,
+          injectPlatformGuidance: currentMetadata.injectPlatformGuidance
         });
         notifyListeners({
           type: "update-machine",
@@ -567,7 +565,8 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         metadataVersion++;
         savePersistedMachineMetadata(metadata.svampHomeDir, {
           sharing: currentMetadata.sharing,
-          securityContextConfig: currentMetadata.securityContextConfig
+          securityContextConfig: currentMetadata.securityContextConfig,
+          injectPlatformGuidance: currentMetadata.injectPlatformGuidance
         });
         notifyListeners({
           type: "update-machine",
@@ -3754,13 +3753,17 @@ async function verifyNonoIsolation(binaryPath) {
       "-s",
       "--allow",
       workDir,
-      "--allow-cwd",
+      // NOTE: Do NOT add --allow-cwd here. If the daemon's CWD happens to be
+      // $HOME (common when started interactively), --allow-cwd would grant
+      // access to $HOME, allowing the probe file write to succeed and making
+      // verification incorrectly fail ("file leaked to host filesystem").
+      // We already grant --allow workDir explicitly, so --allow-cwd is redundant.
       "--trust-override",
       "--",
       "sh",
       "-c",
       testScript
-    ], { timeout: 15e3 });
+    ], { timeout: 15e3, cwd: workDir });
     return parseIsolationTestOutput(stdout, probeFile);
   } catch (e) {
     return { passed: false, error: e.message };
@@ -4408,6 +4411,83 @@ class ProcessSupervisor {
 
 const __filename$1 = fileURLToPath(import.meta.url);
 const __dirname$1 = dirname(__filename$1);
+const CLAUDE_SKILLS_DIR = join(os__default.homedir(), ".claude", "skills");
+async function installSkillFromEndpoint(name, baseUrl) {
+  const resp = await fetch(baseUrl, { signal: AbortSignal.timeout(15e3) });
+  if (!resp.ok) throw new Error(`HTTP ${resp.status} from ${baseUrl}`);
+  const index = await resp.json();
+  const files = index.files || [];
+  if (files.length === 0) throw new Error(`Skill index at ${baseUrl} has no files`);
+  const targetDir = join(CLAUDE_SKILLS_DIR, name);
+  mkdirSync(targetDir, { recursive: true });
+  for (const filePath of files) {
+    if (!filePath) continue;
+    const url = `${baseUrl}${filePath}`;
+    const fileResp = await fetch(url, { signal: AbortSignal.timeout(3e4) });
+    if (!fileResp.ok) throw new Error(`Failed to download ${filePath}: HTTP ${fileResp.status}`);
+    const content = await fileResp.text();
+    const localPath = join(targetDir, filePath);
+    if (!localPath.startsWith(targetDir + "/")) continue;
+    mkdirSync(dirname(localPath), { recursive: true });
+    writeFileSync(localPath, content, "utf-8");
+  }
+}
+async function installSkillFromMarketplace(name) {
+  const BASE = `https://hypha.aicell.io/hypha-cloud/artifacts/${name}`;
+  async function collectFiles(dir = "") {
+    const url = dir ? `${BASE}/files/${dir}` : `${BASE}/files/`;
+    const resp = await fetch(url, { signal: AbortSignal.timeout(15e3) });
+    if (!resp.ok) throw new Error(`HTTP ${resp.status} listing files`);
+    const data = await resp.json();
+    const items = Array.isArray(data) ? data : data.items || [];
+    const result = [];
+    for (const item of items) {
+      const itemPath = dir ? `${dir}/${item.name}` : item.name;
+      if (item.type === "directory") {
+        result.push(...await collectFiles(itemPath));
+      } else {
+        result.push(itemPath);
+      }
+    }
+    return result;
+  }
+  const files = await collectFiles();
+  if (files.length === 0) throw new Error(`Skill ${name} has no files in marketplace`);
+  const targetDir = join(CLAUDE_SKILLS_DIR, name);
+  mkdirSync(targetDir, { recursive: true });
+  for (const filePath of files) {
+    const url = `${BASE}/files/${filePath}`;
+    const resp = await fetch(url, { signal: AbortSignal.timeout(3e4) });
+    if (!resp.ok) throw new Error(`Failed to download ${filePath}: HTTP ${resp.status}`);
+    const content = await resp.text();
+    const localPath = join(targetDir, filePath);
+    if (!localPath.startsWith(targetDir + "/")) continue;
+    mkdirSync(dirname(localPath), { recursive: true });
+    writeFileSync(localPath, content, "utf-8");
+  }
+}
+async function ensureAutoInstalledSkills(logger) {
+  const tasks = [
+    {
+      name: "svamp",
+      install: () => installSkillFromMarketplace("svamp")
+    },
+    {
+      name: "hypha",
+      install: () => installSkillFromEndpoint("hypha", "https://hypha.aicell.io/ws/agent-skills/")
+    }
+  ];
+  for (const task of tasks) {
+    const targetDir = join(CLAUDE_SKILLS_DIR, task.name);
+    if (existsSync$1(targetDir)) continue;
+    try {
+      await task.install();
+      logger.log(`[skills] Auto-installed: ${task.name}`);
+    } catch (err) {
+      logger.log(`[skills] Auto-install of "${task.name}" failed (non-fatal): ${err.message}`);
+    }
+  }
+}
 function loadEnvFile(path) {
   if (!existsSync$1(path)) return false;
   const lines = readFileSync$1(path, "utf-8").split("\n");
@@ -5172,6 +5252,8 @@ async function startDaemon(options) {
   let server = null;
   const supervisor = new ProcessSupervisor(join(SVAMP_HOME, "processes"));
   await supervisor.init();
+  ensureAutoInstalledSkills(logger).catch(() => {
+  });
   try {
     logger.log("Connecting to Hypha server...");
     server = await connectToHypha({
@@ -5328,7 +5410,8 @@ async function startDaemon(options) {
           sharing: options2.sharing,
           securityContext: options2.securityContext,
           tags: options2.tags,
-          parentSessionId: options2.parentSessionId
+          parentSessionId: options2.parentSessionId,
+          ...options2.injectPlatformGuidance !== void 0 && { injectPlatformGuidance: options2.injectPlatformGuidance }
         };
         let claudeProcess = null;
         const allPersisted = loadPersistedSessions();
@@ -5343,6 +5426,9 @@ async function startDaemon(options) {
           const newState = processing ? "running" : "idle";
           if (sessionMetadata.lifecycleState !== newState) {
             sessionMetadata = { ...sessionMetadata, lifecycleState: newState };
+            if (!processing) {
+              sessionMetadata = { ...sessionMetadata, unread: true };
+            }
             sessionService.updateMetadata(sessionMetadata);
           }
         };
@@ -5957,7 +6043,7 @@ The automated loop has finished. Review the progress above and let me know if yo
             isRestartingClaude = false;
           }
         };
-        if (sessionMetadata.sharing?.enabled && isolationCapabilities.preferred) {
+        if (sessionMetadata.sharing?.enabled) {
           try {
             stagedCredentials = await stageCredentialsForSharing(sessionId);
             logger.log(`[Session ${sessionId}] Credentials staged at ${stagedCredentials.homePath}`);
@@ -6954,7 +7040,7 @@ The automated loop has finished. Review the progress above and let me know if yo
     const defaultHomeDir = existsSync$1("/data") ? "/data" : os__default.homedir();
     const persistedMachineMeta = loadPersistedMachineMetadata(SVAMP_HOME);
     if (persistedMachineMeta) {
-      logger.log(`Restored machine metadata (sharing=${!!persistedMachineMeta.sharing}, securityContextConfig=${!!persistedMachineMeta.securityContextConfig})`);
+      logger.log(`Restored machine metadata (sharing=${!!persistedMachineMeta.sharing}, securityContextConfig=${!!persistedMachineMeta.securityContextConfig}, injectPlatformGuidance=${persistedMachineMeta.injectPlatformGuidance})`);
     }
     const machineMetadata = {
       host: os__default.hostname(),
@@ -6965,9 +7051,10 @@ The automated loop has finished. Review the progress above and let me know if yo
       svampLibDir: join(__dirname$1, ".."),
       displayName: process.env.SVAMP_DISPLAY_NAME || void 0,
       isolationCapabilities,
-      // Restore persisted sharing & security context config
+      // Restore persisted sharing, security context config, and platform guidance flag
       ...persistedMachineMeta?.sharing && { sharing: persistedMachineMeta.sharing },
-      ...persistedMachineMeta?.securityContextConfig && { securityContextConfig: persistedMachineMeta.securityContextConfig }
+      ...persistedMachineMeta?.securityContextConfig && { securityContextConfig: persistedMachineMeta.securityContextConfig },
+      ...persistedMachineMeta?.injectPlatformGuidance !== void 0 && { injectPlatformGuidance: persistedMachineMeta.injectPlatformGuidance }
     };
     const initialDaemonState = {
       status: "running",

package/dist/{run-C7VxH4X8.mjs → run-DTwMJ7dx.mjs}

@@ -2,7 +2,7 @@ import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(im
 import os from 'node:os';
 import { join, resolve } from 'node:path';
 import { mkdirSync, writeFileSync, existsSync, unlinkSync, readFileSync, watch } from 'node:fs';
-import { c as connectToHypha, a as registerSessionService } from './run-BImPgXHd.mjs';
+import { c as connectToHypha, a as registerSessionService } from './run-DPhSmbr1.mjs';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { createInterface } from 'node:readline';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svamp-cli",
-  "version": "0.1.64",
+  "version": "0.1.65",
   "description": "Svamp CLI — AI workspace daemon on Hypha Cloud",
   "author": "Amun AI AB",
   "license": "SEE LICENSE IN LICENSE",