svamp-cli 0.2.30 → 0.2.32

package/dist/{agentCommands-BEKP7D0N.mjs → agentCommands-D8BNPDpb.mjs}

@@ -148,7 +148,7 @@ async function sessionBroadcast(action, args) {
   console.log(`Broadcast sent: ${action}`);
 }
 async function connectToMachineService() {
-  const { connectAndGetMachine } = await import('./commands-BZK0QJdM.mjs');
+  const { connectAndGetMachine } = await import('./commands-mHonwzOC.mjs');
   return connectAndGetMachine();
 }
 async function inboxSend(targetSessionId, opts) {
@@ -165,7 +165,7 @@ async function inboxSend(targetSessionId, opts) {
   }
   const { server, machine } = await connectToMachineService();
   try {
-    const { resolveSessionId } = await import('./commands-BZK0QJdM.mjs');
+    const { resolveSessionId } = await import('./commands-mHonwzOC.mjs');
     const sessions = await machine.listSessions();
     const match = resolveSessionId(sessions, targetSessionId);
     const fullTargetId = match.sessionId;

package/dist/cli.mjs

@@ -1,4 +1,4 @@
-import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-zAG5iduC.mjs';
+import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-WvrS2KIW.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';
@@ -36,7 +36,7 @@ async function main() {
     await logoutFromHypha();
   } else if (subcommand === "daemon") {
     if (daemonSubcommand === "restart") {
-      const { restartDaemon } = await import('./run-zAG5iduC.mjs').then(function (n) { return n.k; });
+      const { restartDaemon } = await import('./run-WvrS2KIW.mjs').then(function (n) { return n.k; });
       await restartDaemon();
       process.exit(0);
     }
@@ -246,7 +246,7 @@ async function main() {
       console.error("svamp serve: Serve commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { handleServeCommand } = await import('./serveCommands-9ZQgXdCA.mjs');
+    const { handleServeCommand } = await import('./serveCommands-DUJyFznA.mjs');
     await handleServeCommand();
     process.exit(0);
   } else if (subcommand === "process" || subcommand === "proc") {
@@ -255,7 +255,7 @@ async function main() {
       console.error("svamp process: Process commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { processCommand } = await import('./commands-bDntDDNU.mjs');
+    const { processCommand } = await import('./commands-kWjJKC9g.mjs');
     let machineId;
     const processArgs = args.slice(1);
     const mIdx = processArgs.findIndex((a) => a === "--machine" || a === "-m");
@@ -273,7 +273,7 @@ async function main() {
   } else if (!subcommand || subcommand === "start") {
     await handleInteractiveCommand();
   } else if (subcommand === "--version" || subcommand === "-v") {
-    const pkg = await import('./package-Ck8FHA97.mjs').catch(() => ({ default: { version: "unknown" } }));
+    const pkg = await import('./package-C4K8R6QY.mjs').catch(() => ({ default: { version: "unknown" } }));
     console.log(`svamp version: ${pkg.default.version}`);
   } else {
     console.error(`Unknown command: ${subcommand}`);
@@ -282,7 +282,7 @@ async function main() {
   }
 }
 async function handleInteractiveCommand() {
-  const { runInteractive } = await import('./run-C6wKZrsx.mjs');
+  const { runInteractive } = await import('./run-CMkzSvIN.mjs');
   const interactiveArgs = subcommand === "start" ? args.slice(1) : args;
   let directory = process.cwd();
   let resumeSessionId;
@@ -327,7 +327,7 @@ async function handleAgentCommand() {
     return;
   }
   if (agentArgs[0] === "list") {
-    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-zAG5iduC.mjs').then(function (n) { return n.i; });
+    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-WvrS2KIW.mjs').then(function (n) { return n.i; });
     console.log("Known agents:");
     for (const [name, config2] of Object.entries(KNOWN_ACP_AGENTS)) {
       console.log(`  ${name.padEnd(12)} ${config2.command} ${config2.args.join(" ")}  (ACP)`);
@@ -339,7 +339,7 @@ async function handleAgentCommand() {
     console.log('Use "svamp agent -- <command> [args]" for a custom ACP agent.');
     return;
   }
-  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-zAG5iduC.mjs').then(function (n) { return n.i; });
+  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-WvrS2KIW.mjs').then(function (n) { return n.i; });
   let cwd = process.cwd();
   const filteredArgs = [];
   for (let i = 0; i < agentArgs.length; i++) {
@@ -363,12 +363,12 @@ async function handleAgentCommand() {
   console.log(`Starting ${config.agentName} agent in ${cwd}...`);
   let backend;
   if (KNOWN_MCP_AGENTS[config.agentName]) {
-    const { CodexMcpBackend } = await import('./run-zAG5iduC.mjs').then(function (n) { return n.j; });
+    const { CodexMcpBackend } = await import('./run-WvrS2KIW.mjs').then(function (n) { return n.j; });
     backend = new CodexMcpBackend({ cwd, log: logFn });
   } else {
-    const { AcpBackend } = await import('./run-zAG5iduC.mjs').then(function (n) { return n.h; });
-    const { GeminiTransport } = await import('./run-zAG5iduC.mjs').then(function (n) { return n.G; });
-    const { DefaultTransport } = await import('./run-zAG5iduC.mjs').then(function (n) { return n.D; });
+    const { AcpBackend } = await import('./run-WvrS2KIW.mjs').then(function (n) { return n.h; });
+    const { GeminiTransport } = await import('./run-WvrS2KIW.mjs').then(function (n) { return n.G; });
+    const { DefaultTransport } = await import('./run-WvrS2KIW.mjs').then(function (n) { return n.D; });
     const transportHandler = config.agentName === "gemini" ? new GeminiTransport() : new DefaultTransport(config.agentName);
     backend = new AcpBackend({
       agentName: config.agentName,
@@ -495,7 +495,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
   }
-  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-BZK0QJdM.mjs');
+  const { sessionList, sessionSpawn, sessionStop, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-mHonwzOC.mjs');
   const parseFlagStr = (flag, shortFlag) => {
     for (let i = 1; i < sessionArgs.length; i++) {
       if ((sessionArgs[i] === flag || shortFlag) && i + 1 < sessionArgs.length) {
@@ -555,7 +555,7 @@ async function handleSessionCommand() {
         allowDomain.push(sessionArgs[++i]);
       }
     }
-    const { parseShareArg } = await import('./commands-BZK0QJdM.mjs');
+    const { parseShareArg } = await import('./commands-mHonwzOC.mjs');
     const shareEntries = share.map((s) => parseShareArg(s));
     await sessionSpawn(agent, dir, targetMachineId, {
       message,
@@ -641,7 +641,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session approve <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionApprove } = await import('./commands-BZK0QJdM.mjs');
+    const { sessionApprove } = await import('./commands-mHonwzOC.mjs');
     const approveReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionApprove(sessionArgs[1], approveReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -651,7 +651,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session deny <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionDeny } = await import('./commands-BZK0QJdM.mjs');
+    const { sessionDeny } = await import('./commands-mHonwzOC.mjs');
     const denyReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionDeny(sessionArgs[1], denyReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -687,7 +687,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session set-title <title>");
       process.exit(1);
     }
-    const { sessionSetTitle } = await import('./agentCommands-BEKP7D0N.mjs');
+    const { sessionSetTitle } = await import('./agentCommands-D8BNPDpb.mjs');
     await sessionSetTitle(title);
   } else if (sessionSubcommand === "set-link") {
     const url = sessionArgs[1];
@@ -696,7 +696,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const label = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
-    const { sessionSetLink } = await import('./agentCommands-BEKP7D0N.mjs');
+    const { sessionSetLink } = await import('./agentCommands-D8BNPDpb.mjs');
     await sessionSetLink(url, label);
   } else if (sessionSubcommand === "notify") {
     const message = sessionArgs[1];
@@ -705,7 +705,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const level = parseFlagStr("--level") || "info";
-    const { sessionNotify } = await import('./agentCommands-BEKP7D0N.mjs');
+    const { sessionNotify } = await import('./agentCommands-D8BNPDpb.mjs');
     await sessionNotify(message, level);
   } else if (sessionSubcommand === "broadcast") {
     const action = sessionArgs[1];
@@ -713,7 +713,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session broadcast <action> [args...]\nActions: open-canvas <url> [label], close-canvas, toast <message>");
       process.exit(1);
     }
-    const { sessionBroadcast } = await import('./agentCommands-BEKP7D0N.mjs');
+    const { sessionBroadcast } = await import('./agentCommands-D8BNPDpb.mjs');
     await sessionBroadcast(action, sessionArgs.slice(2).filter((a) => !a.startsWith("--")));
   } else if (sessionSubcommand === "inbox") {
     const inboxSubcmd = sessionArgs[1];
@@ -724,7 +724,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId) {
-        const { inboxSend } = await import('./agentCommands-BEKP7D0N.mjs');
+        const { inboxSend } = await import('./agentCommands-D8BNPDpb.mjs');
         await inboxSend(sessionArgs[2], {
           body: sessionArgs[3],
           subject: parseFlagStr("--subject"),
@@ -739,7 +739,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "list" || inboxSubcmd === "ls") {
       if (agentSessionId && !sessionArgs[2]) {
-        const { inboxList } = await import('./agentCommands-BEKP7D0N.mjs');
+        const { inboxList } = await import('./agentCommands-D8BNPDpb.mjs');
         await inboxList({
           unread: hasFlag("--unread"),
           limit: parseFlagInt("--limit"),
@@ -761,7 +761,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId && !sessionArgs[3]) {
-        const { inboxList } = await import('./agentCommands-BEKP7D0N.mjs');
+        const { inboxList } = await import('./agentCommands-D8BNPDpb.mjs');
         await sessionInboxRead(agentSessionId, sessionArgs[2], targetMachineId);
       } else if (sessionArgs[3]) {
         await sessionInboxRead(sessionArgs[2], sessionArgs[3], targetMachineId);
@@ -771,7 +771,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "reply") {
       if (agentSessionId && sessionArgs[2] && sessionArgs[3] && !sessionArgs[4]) {
-        const { inboxReply } = await import('./agentCommands-BEKP7D0N.mjs');
+        const { inboxReply } = await import('./agentCommands-D8BNPDpb.mjs');
         await inboxReply(sessionArgs[2], sessionArgs[3]);
       } else if (sessionArgs[2] && sessionArgs[3] && sessionArgs[4]) {
         await sessionInboxReply(sessionArgs[2], sessionArgs[3], sessionArgs[4], targetMachineId);
@@ -807,7 +807,7 @@ async function handleMachineCommand() {
     return;
   }
   if (machineSubcommand === "share") {
-    const { machineShare } = await import('./commands-BZK0QJdM.mjs');
+    const { machineShare } = await import('./commands-mHonwzOC.mjs');
     let machineId;
     const shareArgs = [];
     for (let i = 1; i < machineArgs.length; i++) {
@@ -837,7 +837,7 @@ async function handleMachineCommand() {
     }
     await machineShare(machineId, { add, remove, list, configPath, showConfig });
   } else if (machineSubcommand === "exec") {
-    const { machineExec } = await import('./commands-BZK0QJdM.mjs');
+    const { machineExec } = await import('./commands-mHonwzOC.mjs');
     let machineId;
     let cwd;
     const cmdParts = [];
@@ -857,7 +857,7 @@ async function handleMachineCommand() {
     }
     await machineExec(machineId, command, cwd);
   } else if (machineSubcommand === "info") {
-    const { machineInfo } = await import('./commands-BZK0QJdM.mjs');
+    const { machineInfo } = await import('./commands-mHonwzOC.mjs');
     let machineId;
     for (let i = 1; i < machineArgs.length; i++) {
       if ((machineArgs[i] === "--machine" || machineArgs[i] === "-m") && i + 1 < machineArgs.length) {
@@ -877,10 +877,10 @@ async function handleMachineCommand() {
         level = machineArgs[++i];
       }
     }
-    const { machineNotify } = await import('./agentCommands-BEKP7D0N.mjs');
+    const { machineNotify } = await import('./agentCommands-D8BNPDpb.mjs');
     await machineNotify(message, level);
   } else if (machineSubcommand === "ls") {
-    const { machineLs } = await import('./commands-BZK0QJdM.mjs');
+    const { machineLs } = await import('./commands-mHonwzOC.mjs');
     let machineId;
     let showHidden = false;
     let path;

package/dist/{commands-bDntDDNU.mjs → commands-kWjJKC9g.mjs}

@@ -1,11 +1,11 @@
 import { writeFileSync, readFileSync } from 'fs';
 import { resolve } from 'path';
-import { connectAndGetMachine } from './commands-BZK0QJdM.mjs';
+import { connectAndGetMachine } from './commands-mHonwzOC.mjs';
 import 'node:fs';
 import 'node:child_process';
 import 'node:path';
 import 'node:os';
-import './run-zAG5iduC.mjs';
+import './run-WvrS2KIW.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';

package/dist/{commands-BZK0QJdM.mjs → commands-mHonwzOC.mjs}

@@ -2,7 +2,7 @@ import { existsSync, readFileSync } from 'node:fs';
 import { execSync } from 'node:child_process';
 import { resolve, join } from 'node:path';
 import os from 'node:os';
-import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-zAG5iduC.mjs';
+import { l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha } from './run-WvrS2KIW.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/index.mjs

@@ -1,4 +1,4 @@
-export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-zAG5iduC.mjs';
+export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-WvrS2KIW.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/{package-Ck8FHA97.mjs → package-C4K8R6QY.mjs}

@@ -1,5 +1,5 @@
 var name = "svamp-cli";
-var version = "0.2.30";
+var version = "0.2.32";
 var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
 var author = "Amun AI AB";
 var license = "SEE LICENSE IN LICENSE";

package/dist/{run-C6wKZrsx.mjs → run-CMkzSvIN.mjs}

@@ -2,7 +2,7 @@ import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(im
 import os from 'node:os';
 import { join, resolve } from 'node:path';
 import { mkdirSync, writeFileSync, existsSync, unlinkSync, readFileSync, watch } from 'node:fs';
-import { c as connectToHypha, a as registerSessionService } from './run-zAG5iduC.mjs';
+import { c as connectToHypha, a as registerSessionService } from './run-WvrS2KIW.mjs';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { createInterface } from 'node:readline';

package/dist/{run-zAG5iduC.mjs → run-WvrS2KIW.mjs}

@@ -5497,6 +5497,22 @@ async function checkAndRefreshOAuthToken(force = false, logger) {
   }
 }
 
+function buildBaselineSystemPrompt(sessionId) {
+  return `# Svamp Session
+
+You are running inside a Svamp session (id: ${sessionId}) on Hypha Cloud. Use the \`svamp\` CLI to manage session state (title, link, notify) and the \`hypha\` CLI for artifacts, tokens, and RPC services. Installed skills live in \`~/.claude/skills/\` \u2014 read them for full references.
+
+**Session state:**
+- \`svamp session set-title "<title>"\` \u2014 set a concise 3-8 word title after the first response
+- \`svamp session set-link "<url>" "<label>"\` \u2014 surface any viewable artifact as a button
+- \`svamp session notify "<msg>" [--level info|warning|error]\` \u2014 send a user notification
+
+## Parallel Agents
+
+You may be running in parallel with other agents \u2014 possibly sharing the same working directory. Stay aware of peers: if files change unexpectedly, or you want to initiate collaboration or coordinate to avoid edit conflicts, discover peers with \`svamp session list\` and inspect their activity with \`svamp session info <id>\` / \`svamp session messages <id>\`. Reach out via \`svamp session send <id> "<msg>"\` when coordination is genuinely useful. Keep cross-agent chatter minimal and purposeful: never reply reflexively, avoid ping-pong loops (especially across restarts where queued messages may re-fire), and only initiate contact with a concrete reason. Treat peer messages as informational unless they clearly require action.
+`;
+}
+
 const __filename$1 = fileURLToPath(import.meta.url);
 const __dirname$1 = dirname(__filename$1);
 const CLAUDE_SKILLS_DIR = join(os.homedir(), ".claude", "skills");
@@ -6424,7 +6440,7 @@ async function startDaemon(options) {
   const supervisor = new ProcessSupervisor(join(SVAMP_HOME, "processes"));
   await supervisor.init();
   const tunnels = /* @__PURE__ */ new Map();
-  const { ServeManager } = await import('./serveManager-C6exOzqc.mjs');
+  const { ServeManager } = await import('./serveManager-D4AOV7CW.mjs');
   const serveManager = new ServeManager(SVAMP_HOME, (msg) => logger.log(`[SERVE] ${msg}`), hyphaServerUrl);
   ensureAutoInstalledSkills(logger).catch(() => {
   });
@@ -6742,7 +6758,7 @@ async function startDaemon(options) {
           const permissionMode = toClaudePermissionMode(rawPermissionMode);
           currentPermissionMode = permissionMode;
           const model = effectiveMeta.model || agentConfig.default_model || void 0;
-          const appendSystemPrompt = effectiveMeta.appendSystemPrompt || agentConfig.append_system_prompt || void 0;
+          const appendSystemPrompt = effectiveMeta.appendSystemPrompt || agentConfig.append_system_prompt || buildBaselineSystemPrompt(sessionId);
           const args = [
             "--output-format",
             "stream-json",

package/dist/{serveCommands-9ZQgXdCA.mjs → serveCommands-DUJyFznA.mjs}

@@ -52,7 +52,7 @@ async function handleServeCommand() {
   }
 }
 async function serveAdd(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-BZK0QJdM.mjs');
+  const { connectAndGetMachine } = await import('./commands-mHonwzOC.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -84,7 +84,7 @@ async function serveAdd(args, machineId) {
   }
 }
 async function serveRemove(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-BZK0QJdM.mjs');
+  const { connectAndGetMachine } = await import('./commands-mHonwzOC.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -104,7 +104,7 @@ async function serveRemove(args, machineId) {
   }
 }
 async function serveList(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-BZK0QJdM.mjs');
+  const { connectAndGetMachine } = await import('./commands-mHonwzOC.mjs');
   const all = hasFlag(args, "--all", "-a");
   const json = hasFlag(args, "--json");
   const sessionId = getFlag(args, "--session");
@@ -137,7 +137,7 @@ async function serveList(args, machineId) {
   }
 }
 async function serveInfo(machineId) {
-  const { connectAndGetMachine } = await import('./commands-BZK0QJdM.mjs');
+  const { connectAndGetMachine } = await import('./commands-mHonwzOC.mjs');
   const { machine, server } = await connectAndGetMachine(machineId);
   try {
     const info = await machine.serveInfo();

package/dist/{serveManager-C6exOzqc.mjs → serveManager-D4AOV7CW.mjs}

@@ -142,11 +142,10 @@ class ServeAuth {
     return access.some((e) => e.toLowerCase() === email.toLowerCase());
   }
   /**
-   * Generate the login page HTML. This page:
-   * 1. Calls hypha-login.start() to get a login URL
-   * 2. Redirects to the login URL
-   * 3. Polls hypha-login.check() for the token
-   * 4. Sets a cookie and redirects back
+   * Generate the login page HTML. Loads the `hypha-rpc` JS SDK from CDN and
+   * calls `hyphaWebsocketClient.login({ server_url, login_callback })`, which
+   * handles opening the login URL, polling, and token retrieval internally.
+   * Matches the pattern used by bioimage.io — proven to work.
    */
   getLoginPageHtml(redirectUrl) {
     return `<!DOCTYPE html>
@@ -169,6 +168,7 @@ button:disabled{background:#94d3a2;cursor:wait}
 a{color:#0969da;text-decoration:none}
 a:hover{text-decoration:underline}
 </style>
+<script src="https://cdn.jsdelivr.net/npm/hypha-rpc@0.21.28/dist/hypha-rpc-websocket.min.js"><\/script>
 </head><body>
 <div class="card">
   <h1>Sign in required</h1>
@@ -182,94 +182,46 @@ const redirectUrl = ${JSON.stringify(redirectUrl)};
 const cookieName = ${JSON.stringify(COOKIE_NAME)};
 
 const btn = document.getElementById('login-btn');
-const status = document.getElementById('status');
+const statusEl = document.getElementById('status');
 
-function setError(msg, linkUrl) {
-    if (linkUrl) {
-        status.innerHTML = '<span class="error">' + msg + '</span><br><a href="' + linkUrl + '" target="_blank" rel="noopener">Open login in new tab</a>';
-    } else {
-        status.innerHTML = '<span class="error">' + msg + '</span>';
-    }
+function setError(msg) {
+    statusEl.innerHTML = '<span class="error">' + msg + '</span>';
     btn.disabled = false;
 }
 
-btn.addEventListener('click', () => {
-    // IMPORTANT: open the popup SYNCHRONOUSLY inside the click handler so
-    // browsers do not flag it as a blocked popup. We then navigate it once
-    // the login URL comes back from the server.
-    const popup = window.open('about:blank', 'hypha-login', 'width=560,height=720');
-    if (!popup || popup.closed) {
-        setError('Popup blocked. Please allow popups for this site and try again.');
+btn.addEventListener('click', async () => {
+    if (typeof hyphaWebsocketClient === 'undefined' || !hyphaWebsocketClient.login) {
+        setError('Hypha SDK failed to load. Check your network connection and retry.');
         return;
     }
-    startLogin(popup);
-});
 
-async function startLogin(popup) {
     btn.disabled = true;
-    status.textContent = 'Starting login\u2026';
+    statusEl.textContent = 'Opening Hypha sign-in\u2026';
 
-    let key, loginUrl;
     try {
-        const startResp = await fetch(hyphaServer + '/public/services/hypha-login/start');
-        if (!startResp.ok) throw new Error('HTTP ' + startResp.status + ' from hypha-login/start');
-        const data = await startResp.json();
-        key = data.key;
-        loginUrl = data.login_url;
-        if (!key || !loginUrl) throw new Error('Invalid response from hypha-login/start');
-    } catch (err) {
-        try { popup.close(); } catch {}
-        setError('Failed to contact Hypha: ' + (err && err.message ? err.message : err));
-        return;
-    }
-
-    // Navigate the already-opened popup to the login URL.
-    try { popup.location.href = loginUrl; } catch {
-        setError('Could not open login window.', loginUrl);
-        return;
-    }
-
-    status.textContent = 'Waiting for you to sign in\u2026';
+        const token = await hyphaWebsocketClient.login({
+            server_url: hyphaServer,
+            login_callback: (context) => {
+                statusEl.textContent = 'Waiting for you to sign in\u2026';
+                // Open the login URL in a new tab. Called synchronously from
+                // inside the SDK's login() after the user's button click, so
+                // popup blockers generally allow it.
+                window.open(context.login_url, '_blank');
+            },
+        });
 
-    // Poll hypha-login/check for the token. Pass key and timeout as plain
-    // query-string values (the HTTP proxy does NOT JSON-decode query params
-    // for hypha-login \u2014 wrapping the key in quotes breaks the lookup).
-    const checkUrl = hyphaServer
-        + '/public/services/hypha-login/check?key=' + encodeURIComponent(key)
-        + '&timeout=0';
+        if (!token) throw new Error('No token returned from login');
 
-    const deadline = Date.now() + 5 * 60 * 1000; // 5 minutes
-    let lastErr = null;
+        // Set the cookie so subsequent requests to this origin are authenticated.
+        const secure = location.protocol === 'https:' ? '; Secure' : '';
+        document.cookie = cookieName + '=' + token + '; path=/; SameSite=Lax' + secure;
 
-    // Intentionally do NOT bail out when popup.closed \u2014 the Hypha login popup
-    // closes itself immediately after posting the token, and the token often
-    // arrives on the *next* poll. Just keep polling until the deadline.
-    while (Date.now() < deadline) {
-        try {
-            const resp = await fetch(checkUrl, { cache: 'no-store' });
-            if (resp.ok) {
-                const result = await resp.json();
-                if (result && typeof result === 'object' && result.token) {
-                    try { if (!popup.closed) popup.close(); } catch {}
-                    // Session cookie \u2014 cleared when browser closes.
-                    const secure = location.protocol === 'https:' ? '; Secure' : '';
-                    document.cookie = cookieName + '=' + result.token + '; path=/; SameSite=Lax' + secure;
-                    status.innerHTML = '<span class="ok">Signed in. Redirecting\u2026</span>';
-                    setTimeout(() => { window.location.replace(redirectUrl); }, 300);
-                    return;
-                }
-            } else {
-                lastErr = 'HTTP ' + resp.status;
-            }
-        } catch (err) {
-            lastErr = err && err.message ? err.message : String(err);
-        }
-        await new Promise(r => setTimeout(r, 1200));
+        statusEl.innerHTML = '<span class="ok">Signed in. Redirecting\u2026</span>';
+        setTimeout(() => { window.location.replace(redirectUrl); }, 300);
+    } catch (err) {
+        setError('Login failed: ' + (err && err.message ? err.message : err));
     }
-
-    try { if (!popup.closed) popup.close(); } catch {}
-    setError('Login timed out' + (lastErr ? ' (' + lastErr + ')' : '') + '. Please try again.');
-}
+});
 <\/script>
 </body></html>`;
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svamp-cli",
-  "version": "0.2.30",
+  "version": "0.2.32",
   "description": "Svamp CLI — AI workspace daemon on Hypha Cloud",
   "author": "Amun AI AB",
   "license": "SEE LICENSE IN LICENSE",