svamp-cli 0.2.70 → 0.2.72

package/dist/{agentCommands-BaQIO1T2.mjs → agentCommands-C1Q4jqOT.mjs}

@@ -148,7 +148,7 @@ async function sessionBroadcast(action, args) {
   console.log(`Broadcast sent: ${action}`);
 }
 async function connectToMachineService() {
-  const { connectAndGetMachine } = await import('./commands-BMOelGYC.mjs');
+  const { connectAndGetMachine } = await import('./commands-DV0URNXH.mjs');
   return connectAndGetMachine();
 }
 async function inboxSend(targetSessionId, opts) {
@@ -165,7 +165,7 @@ async function inboxSend(targetSessionId, opts) {
   }
   const { server, machine } = await connectToMachineService();
   try {
-    const { resolveSessionId } = await import('./commands-BMOelGYC.mjs');
+    const { resolveSessionId } = await import('./commands-DV0URNXH.mjs');
     const sessions = await machine.listSessions();
     const match = resolveSessionId(sessions, targetSessionId);
     const fullTargetId = match.sessionId;

package/dist/cli.mjs

@@ -1,4 +1,4 @@
-import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-BqAe7GgA.mjs';
+import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-CC-0bNTe.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';
@@ -44,7 +44,7 @@ async function main() {
         console.error(`svamp daemon restart: ${err.message || err}`);
         process.exit(1);
       }
-      const { restartDaemon } = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.u; });
+      const { restartDaemon } = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.u; });
       await restartDaemon();
       process.exit(0);
     }
@@ -280,7 +280,7 @@ async function main() {
       console.error("svamp service: Service commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { handleServiceCommand } = await import('./commands-CdGLuwtQ.mjs');
+    const { handleServiceCommand } = await import('./commands-DJVdDzTe.mjs');
     await handleServiceCommand();
   } else if (subcommand === "serve") {
     const { isSandboxed: isSandboxedServe } = await import('./sandboxDetect-DNTcbgWD.mjs');
@@ -288,7 +288,7 @@ async function main() {
       console.error("svamp serve: Serve commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { handleServeCommand } = await import('./serveCommands-DpKi_PuD.mjs');
+    const { handleServeCommand } = await import('./serveCommands-BeQKrUIn.mjs');
     await handleServeCommand();
     process.exit(0);
   } else if (subcommand === "process" || subcommand === "proc") {
@@ -297,7 +297,7 @@ async function main() {
       console.error("svamp process: Process commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { processCommand } = await import('./commands-CB03m9-Z.mjs');
+    const { processCommand } = await import('./commands-Cyp2k10B.mjs');
     let machineId;
     const processArgs = args.slice(1);
     const mIdx = processArgs.findIndex((a) => a === "--machine" || a === "-m");
@@ -315,7 +315,7 @@ async function main() {
   } else if (!subcommand || subcommand === "start") {
     await handleInteractiveCommand();
   } else if (subcommand === "--version" || subcommand === "-v") {
-    const pkg = await import('./package-Cw40xKCx.mjs').catch(() => ({ default: { version: "unknown" } }));
+    const pkg = await import('./package-hpa4sCE_.mjs').catch(() => ({ default: { version: "unknown" } }));
     console.log(`svamp version: ${pkg.default.version}`);
   } else {
     console.error(`Unknown command: ${subcommand}`);
@@ -324,7 +324,7 @@ async function main() {
   }
 }
 async function handleInteractiveCommand() {
-  const { runInteractive } = await import('./run-Di-48dsY.mjs');
+  const { runInteractive } = await import('./run-D4yrAi1I.mjs');
   const interactiveArgs = subcommand === "start" ? args.slice(1) : args;
   let directory = process.cwd();
   let resumeSessionId;
@@ -369,7 +369,7 @@ async function handleAgentCommand() {
     return;
   }
   if (agentArgs[0] === "list") {
-    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.p; });
+    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.p; });
     console.log("Known agents:");
     for (const [name, config2] of Object.entries(KNOWN_ACP_AGENTS)) {
       console.log(`  ${name.padEnd(12)} ${config2.command} ${config2.args.join(" ")}  (ACP)`);
@@ -381,7 +381,7 @@ async function handleAgentCommand() {
     console.log('Use "svamp agent -- <command> [args]" for a custom ACP agent.');
     return;
   }
-  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.p; });
+  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.p; });
   let cwd = process.cwd();
   const filteredArgs = [];
   for (let i = 0; i < agentArgs.length; i++) {
@@ -405,12 +405,12 @@ async function handleAgentCommand() {
   console.log(`Starting ${config.agentName} agent in ${cwd}...`);
   let backend;
   if (KNOWN_MCP_AGENTS[config.agentName]) {
-    const { CodexMcpBackend } = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.q; });
+    const { CodexMcpBackend } = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.q; });
     backend = new CodexMcpBackend({ cwd, log: logFn });
   } else {
-    const { AcpBackend } = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.o; });
-    const { GeminiTransport } = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.G; });
-    const { DefaultTransport } = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.D; });
+    const { AcpBackend } = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.o; });
+    const { GeminiTransport } = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.G; });
+    const { DefaultTransport } = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.D; });
     const transportHandler = config.agentName === "gemini" ? new GeminiTransport() : new DefaultTransport(config.agentName);
     backend = new AcpBackend({
       agentName: config.agentName,
@@ -537,7 +537,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
   }
-  const { sessionList, sessionSpawn, sessionArchive, sessionResume, sessionDelete, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-BMOelGYC.mjs');
+  const { sessionList, sessionSpawn, sessionArchive, sessionResume, sessionDelete, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-DV0URNXH.mjs');
   const parseFlagStr = (flag, shortFlag) => {
     for (let i = 1; i < sessionArgs.length; i++) {
       if ((sessionArgs[i] === flag || shortFlag) && i + 1 < sessionArgs.length) {
@@ -603,7 +603,7 @@ async function handleSessionCommand() {
         allowDomain.push(sessionArgs[++i]);
       }
     }
-    const { parseShareArg } = await import('./commands-BMOelGYC.mjs');
+    const { parseShareArg } = await import('./commands-DV0URNXH.mjs');
     const shareEntries = share.map((s) => parseShareArg(s));
     await sessionSpawn(agent, dir, targetMachineId, {
       message,
@@ -687,7 +687,7 @@ async function handleSessionCommand() {
       console.error("  Spawns a stateless Claude session in <directory>, sends <prompt>, prints the answer, then deletes the session.");
       process.exit(1);
     }
-    const { sessionQuery } = await import('./commands-BMOelGYC.mjs');
+    const { sessionQuery } = await import('./commands-DV0URNXH.mjs');
     await sessionQuery(dir, prompt, targetMachineId, {
       timeout: parseFlagInt("--timeout"),
       json: hasFlag("--json"),
@@ -720,7 +720,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session approve <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionApprove } = await import('./commands-BMOelGYC.mjs');
+    const { sessionApprove } = await import('./commands-DV0URNXH.mjs');
     const approveReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionApprove(sessionArgs[1], approveReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -730,7 +730,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session deny <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionDeny } = await import('./commands-BMOelGYC.mjs');
+    const { sessionDeny } = await import('./commands-DV0URNXH.mjs');
     const denyReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionDeny(sessionArgs[1], denyReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -766,7 +766,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session set-title <title>");
       process.exit(1);
     }
-    const { sessionSetTitle } = await import('./agentCommands-BaQIO1T2.mjs');
+    const { sessionSetTitle } = await import('./agentCommands-C1Q4jqOT.mjs');
     await sessionSetTitle(title);
   } else if (sessionSubcommand === "set-link") {
     const url = sessionArgs[1];
@@ -775,7 +775,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const label = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
-    const { sessionSetLink } = await import('./agentCommands-BaQIO1T2.mjs');
+    const { sessionSetLink } = await import('./agentCommands-C1Q4jqOT.mjs');
     await sessionSetLink(url, label);
   } else if (sessionSubcommand === "notify") {
     const message = sessionArgs[1];
@@ -784,7 +784,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const level = parseFlagStr("--level") || "info";
-    const { sessionNotify } = await import('./agentCommands-BaQIO1T2.mjs');
+    const { sessionNotify } = await import('./agentCommands-C1Q4jqOT.mjs');
     await sessionNotify(message, level);
   } else if (sessionSubcommand === "broadcast") {
     const action = sessionArgs[1];
@@ -792,7 +792,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session broadcast <action> [args...]\nActions: open-canvas <url> [label], close-canvas, toast <message>");
       process.exit(1);
     }
-    const { sessionBroadcast } = await import('./agentCommands-BaQIO1T2.mjs');
+    const { sessionBroadcast } = await import('./agentCommands-C1Q4jqOT.mjs');
     await sessionBroadcast(action, sessionArgs.slice(2).filter((a) => !a.startsWith("--")));
   } else if (sessionSubcommand === "inbox") {
     const inboxSubcmd = sessionArgs[1];
@@ -803,7 +803,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId) {
-        const { inboxSend } = await import('./agentCommands-BaQIO1T2.mjs');
+        const { inboxSend } = await import('./agentCommands-C1Q4jqOT.mjs');
         await inboxSend(sessionArgs[2], {
           body: sessionArgs[3],
           subject: parseFlagStr("--subject"),
@@ -818,7 +818,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "list" || inboxSubcmd === "ls") {
       if (agentSessionId && !sessionArgs[2]) {
-        const { inboxList } = await import('./agentCommands-BaQIO1T2.mjs');
+        const { inboxList } = await import('./agentCommands-C1Q4jqOT.mjs');
         await inboxList({
           unread: hasFlag("--unread"),
           limit: parseFlagInt("--limit"),
@@ -840,7 +840,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId && !sessionArgs[3]) {
-        const { inboxList } = await import('./agentCommands-BaQIO1T2.mjs');
+        const { inboxList } = await import('./agentCommands-C1Q4jqOT.mjs');
         await sessionInboxRead(agentSessionId, sessionArgs[2], targetMachineId);
       } else if (sessionArgs[3]) {
         await sessionInboxRead(sessionArgs[2], sessionArgs[3], targetMachineId);
@@ -850,7 +850,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "reply") {
       if (agentSessionId && sessionArgs[2] && sessionArgs[3] && !sessionArgs[4]) {
-        const { inboxReply } = await import('./agentCommands-BaQIO1T2.mjs');
+        const { inboxReply } = await import('./agentCommands-C1Q4jqOT.mjs');
         await inboxReply(sessionArgs[2], sessionArgs[3]);
       } else if (sessionArgs[2] && sessionArgs[3] && sessionArgs[4]) {
         await sessionInboxReply(sessionArgs[2], sessionArgs[3], sessionArgs[4], targetMachineId);
@@ -886,7 +886,7 @@ async function handleMachineCommand() {
     return;
   }
   if (machineSubcommand === "share") {
-    const { machineShare } = await import('./commands-BMOelGYC.mjs');
+    const { machineShare } = await import('./commands-DV0URNXH.mjs');
     let machineId;
     const shareArgs = [];
     for (let i = 1; i < machineArgs.length; i++) {
@@ -916,7 +916,7 @@ async function handleMachineCommand() {
     }
     await machineShare(machineId, { add, remove, list, configPath, showConfig });
   } else if (machineSubcommand === "exec") {
-    const { machineExec } = await import('./commands-BMOelGYC.mjs');
+    const { machineExec } = await import('./commands-DV0URNXH.mjs');
     let machineId;
     let cwd;
     const cmdParts = [];
@@ -936,7 +936,7 @@ async function handleMachineCommand() {
     }
     await machineExec(machineId, command, cwd);
   } else if (machineSubcommand === "info") {
-    const { machineInfo } = await import('./commands-BMOelGYC.mjs');
+    const { machineInfo } = await import('./commands-DV0URNXH.mjs');
     let machineId;
     for (let i = 1; i < machineArgs.length; i++) {
       if ((machineArgs[i] === "--machine" || machineArgs[i] === "-m") && i + 1 < machineArgs.length) {
@@ -956,10 +956,10 @@ async function handleMachineCommand() {
         level = machineArgs[++i];
       }
     }
-    const { machineNotify } = await import('./agentCommands-BaQIO1T2.mjs');
+    const { machineNotify } = await import('./agentCommands-C1Q4jqOT.mjs');
     await machineNotify(message, level);
   } else if (machineSubcommand === "ls") {
-    const { machineLs } = await import('./commands-BMOelGYC.mjs');
+    const { machineLs } = await import('./commands-DV0URNXH.mjs');
     let machineId;
     let showHidden = false;
     let path;
@@ -1429,7 +1429,7 @@ async function applyClaudeAuthFlags(argv) {
       "--use-hypha-proxy, --use-claude-login, and --anthropic-base-url/--anthropic-api-key are mutually exclusive"
     );
   }
-  const mod = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.t; });
+  const mod = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.t; });
   if (hasHypha) {
     mod.setClaudeAuthHyphaProxy();
     console.log("Claude auth configured: hypha-proxy (uses HYPHA_TOKEN live at each spawn).");
@@ -1467,7 +1467,7 @@ async function applyDaemonShareFlag(argv) {
     }
   }
   if (collected.length === 0) return;
-  const { updateEnvFile } = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.t; });
+  const { updateEnvFile } = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.t; });
   const seen = /* @__PURE__ */ new Set();
   const deduped = collected.filter((e) => {
     const k = e.toLowerCase();
@@ -1480,7 +1480,7 @@ async function applyDaemonShareFlag(argv) {
 }
 async function handleDaemonAuthCommand(argv) {
   const sub = (argv[0] || "status").toLowerCase();
-  const mod = await import('./run-BqAe7GgA.mjs').then(function (n) { return n.t; });
+  const mod = await import('./run-CC-0bNTe.mjs').then(function (n) { return n.t; });
   if (sub === "--help" || sub === "-h" || sub === "help") {
     console.log(`
 svamp daemon auth \u2014 Configure how Claude subprocesses authenticate

package/dist/{commands-CB03m9-Z.mjs → commands-Cyp2k10B.mjs}

@@ -1,11 +1,11 @@
 import { writeFileSync, readFileSync } from 'fs';
 import { resolve } from 'path';
-import { connectAndGetMachine } from './commands-BMOelGYC.mjs';
+import { connectAndGetMachine } from './commands-DV0URNXH.mjs';
 import 'node:fs';
 import 'node:child_process';
 import 'node:path';
 import 'node:os';
-import './run-BqAe7GgA.mjs';
+import './run-CC-0bNTe.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';

package/dist/{commands-CdGLuwtQ.mjs → commands-DJVdDzTe.mjs}

@@ -68,7 +68,7 @@ async function serviceExpose(args) {
     });
     return;
   }
-  const { connectAndGetMachine } = await import('./commands-BMOelGYC.mjs');
+  const { connectAndGetMachine } = await import('./commands-DV0URNXH.mjs');
   const { server, machine } = await connectAndGetMachine();
   try {
     const status = await machine.tunnelStart({
@@ -132,7 +132,7 @@ async function serviceServe(args) {
 }
 async function serviceList(_args) {
   try {
-    const { connectAndGetMachine } = await import('./commands-BMOelGYC.mjs');
+    const { connectAndGetMachine } = await import('./commands-DV0URNXH.mjs');
     const { server, machine } = await connectAndGetMachine();
     try {
       const tunnels = await machine.tunnelList({});
@@ -161,7 +161,7 @@ async function serviceDelete(args) {
     process.exit(1);
   }
   try {
-    const { connectAndGetMachine } = await import('./commands-BMOelGYC.mjs');
+    const { connectAndGetMachine } = await import('./commands-DV0URNXH.mjs');
     const { server, machine } = await connectAndGetMachine();
     try {
       await machine.tunnelStop({ name });

package/dist/{commands-BMOelGYC.mjs → commands-DV0URNXH.mjs}

@@ -2,7 +2,7 @@ import { existsSync, readFileSync } from 'node:fs';
 import { execSync } from 'node:child_process';
 import { resolve, join } from 'node:path';
 import os from 'node:os';
-import { n as normalizeAllowedUser, l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha, i as buildSessionShareUrl, j as buildMachineShareUrl } from './run-BqAe7GgA.mjs';
+import { n as normalizeAllowedUser, l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha, i as buildSessionShareUrl, j as buildMachineShareUrl } from './run-CC-0bNTe.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';
@@ -1464,12 +1464,14 @@ async function sendCore(machine, fullId, message, opts) {
   }
   const preSeq = wantResponse ? await snapshotLatestSeq(machine, fullId) : 0;
   const { randomUUID } = await import('node:crypto');
+  const callerSessionId = process.env.SVAMP_SESSION_ID;
   const inboxMessage = {
     messageId: randomUUID(),
     body: message,
     timestamp: Date.now(),
     read: false,
-    from: `cli:${os.userInfo().username}`,
+    from: callerSessionId ? `agent:${callerSessionId}` : `cli:${os.userInfo().username}`,
+    ...callerSessionId ? { fromSession: callerSessionId } : {},
     to: fullId,
     subject: opts?.subject,
     urgency: opts?.urgency || "urgent"
@@ -2100,12 +2102,14 @@ async function sessionInboxSend(sessionIdPartial, body, machineId, opts) {
   const { server, machine, fullId } = await connectAndResolveSession(sessionIdPartial, machineId);
   try {
     const { randomUUID } = await import('node:crypto');
+    const callerSessionId = process.env.SVAMP_SESSION_ID;
     const message = {
       messageId: randomUUID(),
       body,
       timestamp: Date.now(),
       read: false,
-      from: `cli:${os.userInfo().username}`,
+      from: callerSessionId ? `agent:${callerSessionId}` : `cli:${os.userInfo().username}`,
+      ...callerSessionId ? { fromSession: callerSessionId } : {},
       to: fullId,
       subject: opts?.subject,
       urgency: opts?.urgency || "normal",

package/dist/index.mjs

@@ -1,4 +1,4 @@
-export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-BqAe7GgA.mjs';
+export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-CC-0bNTe.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/{package-Cw40xKCx.mjs → package-hpa4sCE_.mjs}

@@ -1,5 +1,5 @@
 var name = "svamp-cli";
-var version = "0.2.70";
+var version = "0.2.72";
 var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
 var author = "Amun AI AB";
 var license = "SEE LICENSE IN LICENSE";
@@ -19,7 +19,7 @@ var exports$1 = {
 var scripts = {
 	build: "rm -rf dist bin/skills && mkdir -p bin/skills && cp -r ../../skills/artifact bin/skills/artifact && tsc --noEmit && pkgroll",
 	typecheck: "tsc --noEmit",
-	test: "npx tsx test/test-context-window.mjs && npx tsx test/test-authorize.mjs && npx tsx test/test-normalize-allowed-user.mjs && npx tsx test/test-share-url.mjs && npx tsx test/test-update-sharing-normalization.mjs && npx tsx test/test-staged-homes-sweep.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-claude-auth.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-session-send-query.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
+	test: "npx tsx test/test-context-window.mjs && npx tsx test/test-authorize.mjs && npx tsx test/test-normalize-allowed-user.mjs && npx tsx test/test-share-url.mjs && npx tsx test/test-update-sharing-normalization.mjs && npx tsx test/test-staged-homes-sweep.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-claude-auth.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-session-send-query.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only && node test/pinnedClaudeCode.test.mjs",
 	"test:hypha": "node --no-warnings test/test-hypha-service.mjs",
 	dev: "tsx src/cli.ts",
 	"dev:daemon": "tsx src/cli.ts daemon start-sync",

package/dist/pinnedClaudeCode-HydRNEt7.mjs

@@ -0,0 +1,58 @@
+import { spawn, exec as exec$1 } from 'node:child_process';
+import { promisify } from 'node:util';
+
+const PINNED_CLAUDE_CODE_VERSION = "2.1.168";
+const exec = promisify(exec$1);
+async function readClaudeVersion() {
+  try {
+    const { stdout } = await exec("claude --version", { timeout: 1e4 });
+    const m = stdout.trim().match(/(\d+\.\d+\.\d+(?:[-.][\w]+)?)/);
+    return m ? m[1] : null;
+  } catch {
+    return null;
+  }
+}
+function runInstaller(version, log) {
+  return new Promise((resolve) => {
+    const proc = spawn("claude", ["install", version], { stdio: ["ignore", "pipe", "pipe"] });
+    let stderr = "";
+    proc.stdout?.on("data", (b) => log(`[claude install] ${b.toString().trimEnd()}`));
+    proc.stderr?.on("data", (b) => {
+      const s = b.toString();
+      stderr += s;
+      log(`[claude install] ${s.trimEnd()}`);
+    });
+    proc.on("error", (e) => {
+      stderr += String(e);
+      resolve({ ok: false, stderr });
+    });
+    proc.on("exit", (code) => resolve({ ok: code === 0, stderr }));
+  });
+}
+async function ensureClaudeCodeVersion(log, pinned = PINNED_CLAUDE_CODE_VERSION, opts) {
+  const autoInstall = opts?.allowAutoInstall !== false;
+  const current = await readClaudeVersion();
+  if (!current) {
+    log(`[claude-version] 'claude' not on PATH \u2014 please run the Anthropic installer once: curl -fsSL https://claude.ai/install.sh | sh`);
+    return { kind: "not-installed", want: pinned };
+  }
+  if (current === pinned) {
+    log(`[claude-version] OK \u2014 claude ${current} matches pinned ${pinned}`);
+    return { kind: "ok", version: current };
+  }
+  if (!autoInstall) {
+    log(`[claude-version] DRIFT \u2014 installed ${current} \u2260 pinned ${pinned} (auto-install disabled)`);
+    return { kind: "skipped", reason: `installed=${current} pinned=${pinned}` };
+  }
+  log(`[claude-version] DRIFT \u2014 installed ${current} \u2260 pinned ${pinned}; running 'claude install ${pinned}'`);
+  const { ok, stderr } = await runInstaller(pinned, log);
+  if (!ok) {
+    log(`[claude-version] install failed for ${pinned}: ${stderr.trim().slice(0, 400)}`);
+    return { kind: "install-failed", from: current, want: pinned, error: stderr.slice(0, 400) };
+  }
+  const after = await readClaudeVersion();
+  log(`[claude-version] installer finished; now reports ${after ?? "unknown"}`);
+  return { kind: "installed", from: current, to: after ?? pinned };
+}
+
+export { PINNED_CLAUDE_CODE_VERSION, ensureClaudeCodeVersion };

package/dist/{run-BqAe7GgA.mjs → run-CC-0bNTe.mjs}

@@ -1597,7 +1597,7 @@ async function registerMachineService(server, machineId, metadata, daemonState,
 }
 
 function isStructuredMessage(msg) {
-  return !!(msg.from && msg.subject);
+  return !!(msg.from || msg.fromSession || msg.subject || msg.replyTo || msg.threadId);
 }
 function escapeXml(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
@@ -5703,10 +5703,16 @@ class ServeAuth {
     return access.some((e) => e.toLowerCase() === email.toLowerCase());
   }
   /**
-   * Generate the login page HTML. Loads the `hypha-rpc` JS SDK from CDN and
-   * calls `hyphaWebsocketClient.login({ server_url, login_callback })`, which
-   * handles opening the login URL, polling, and token retrieval internally.
-   * Matches the pattern used by bioimage.io — proven to work.
+   * Generate the login page HTML.
+   *
+   * Uses the Hypha-Login HTTP endpoints directly (no SDK / no WebSocket):
+   *   1. GET  /public/services/hypha-login/start          → { login_url, key }
+   *   2. open popup to login_url so the user signs in
+   *   3. GET  /public/services/hypha-login/check?key=…    → token (long-polled)
+   *
+   * This matches the proven pattern in svamp-app/.../share/[id].tsx and
+   * removes a class of hangs we previously saw when the JS SDK never
+   * invoked its `login_callback` (button-stuck-after-click symptom).
    */
   getLoginPageHtml(redirectUrl) {
     return `<!DOCTYPE html>
@@ -5729,7 +5735,6 @@ button:disabled{background:#94d3a2;cursor:wait}
 a{color:#0969da;text-decoration:none}
 a:hover{text-decoration:underline}
 </style>
-<script src="https://cdn.jsdelivr.net/npm/hypha-rpc@0.21.28/dist/hypha-rpc-websocket.min.js"><\/script>
 </head><body>
 <div class="card">
   <h1>Sign in required</h1>
@@ -5751,17 +5756,10 @@ function setError(msg) {
 }
 
 btn.addEventListener('click', async () => {
-    if (typeof hyphaWebsocketClient === 'undefined' || !hyphaWebsocketClient.login) {
-        setError('Hypha SDK failed to load. Check your network connection and retry.');
-        return;
-    }
-
     // Open the popup SYNCHRONOUSLY inside the click handler so the browser's
-    // popup blocker treats it as user-initiated. The hypha SDK awaits a
-    // network round-trip before invoking login_callback, by which time the
-    // user-gesture flag has cleared and any window.open() call is silently
-    // blocked \u2014 especially inside sandboxed iframes (canvas, artifact view).
-    // We point it at about:blank first and rewrite the URL once we have it.
+    // popup blocker treats it as user-initiated. The HTTP request below is
+    // awaited, by which time the user-gesture flag has cleared and any
+    // window.open() call would be silently blocked.
     const popup = window.open('about:blank', '_blank');
     if (!popup) {
         setError('Popup was blocked by the browser. Please allow popups for this site and retry.');
@@ -5770,21 +5768,42 @@ btn.addEventListener('click', async () => {
     try { popup.document.write('<html><body style="font-family:system-ui;padding:24px;color:#656d76">Opening Hypha sign-in\u2026</body></html>'); } catch (e) {}
 
     btn.disabled = true;
-    statusEl.textContent = 'Opening Hypha sign-in\u2026';
+    statusEl.textContent = 'Contacting Hypha\u2026';
 
     try {
-        const token = await hyphaWebsocketClient.login({
-            server_url: hyphaServer,
-            login_callback: (context) => {
-                statusEl.textContent = 'Waiting for you to sign in\u2026';
-                try { popup.location.href = context.login_url; }
-                catch (e) { window.open(context.login_url, '_blank'); }
-            },
-        });
+        // 1. Ask the Hypha-Login service for a login URL + polling key.
+        const startResp = await fetch(hyphaServer + '/public/services/hypha-login/start');
+        if (!startResp.ok) throw new Error('Login start failed: HTTP ' + startResp.status);
+        const ctx = await startResp.json();
+        if (!ctx || !ctx.login_url || !ctx.key) throw new Error('Login start returned no URL/key');
 
-        if (!token) throw new Error('No token returned from login');
+        // 2. Redirect the popup to the actual login UI.
+        statusEl.textContent = 'Waiting for you to sign in\u2026';
+        try { popup.location.href = ctx.login_url; }
+        catch (e) { window.open(ctx.login_url, '_blank'); }
 
-        // Set the cookie so subsequent requests to this origin are authenticated.
+        // 3. Long-poll the check endpoint until the user finishes signing in.
+        //    Each request waits up to 3 s server-side; we retry for ~3 minutes total.
+        const checkBase = ctx.check_url || (hyphaServer + '/public/services/hypha-login/check');
+        let token = null;
+        for (let i = 0; i < 60; i++) {
+            if (popup.closed) {
+                // User dismissed the popup before completing \u2014 keep polling briefly
+                // (the report endpoint may still fire even if window is gone).
+            }
+            try {
+                const r = await fetch(checkBase + '?key=' + encodeURIComponent(ctx.key) + '&timeout=3');
+                if (r.ok) {
+                    const body = await r.json();
+                    const t = typeof body === 'string' ? body : (body && (body.token || body));
+                    if (typeof t === 'string' && t.length > 20) { token = t; break; }
+                }
+            } catch (e) { /* transient \u2014 retry */ }
+        }
+
+        if (!token) throw new Error('Timed out waiting for sign-in. Please try again.');
+
+        // 4. Set the cookie so subsequent requests to this origin are authenticated.
         const secure = location.protocol === 'https:' ? '; Secure' : '';
         document.cookie = cookieName + '=' + token + '; path=/; SameSite=Lax' + secure;
 
@@ -6458,6 +6477,8 @@ You are running inside a Svamp session (id: ${sessionId}) on Hypha Cloud. Use th
 ## Parallel Agents
 
 You may be running in parallel with other agents \u2014 possibly sharing the same working directory. Stay aware of peers: if files change unexpectedly, or you want to initiate collaboration or coordinate to avoid edit conflicts, discover peers with \`svamp session list\` and inspect their activity with \`svamp session info <id>\` / \`svamp session messages <id>\`. Reach out via \`svamp session send <id> "<msg>"\` when coordination is genuinely useful. Keep cross-agent chatter minimal and purposeful: never reply reflexively, avoid ping-pong loops (especially across restarts where queued messages may re-fire), and only initiate contact with a concrete reason. Treat peer messages as informational unless they clearly require action.
+
+**Inbox messages between agents** arrive wrapped as \`<svamp-message message-id="\u2026" from="agent:\u2026" from-session="\u2026" \u2026>BODY</svamp-message>\`. A plain user turn has no such wrapper \u2014 that's how you tell them apart. To reply to the sender, use \`svamp session inbox reply <message-id> "<body>"\` (auto-routes to \`from-session\`, preserves \`thread-id\`). Replying is optional \u2014 only when it's useful for the work.
 `;
 }
 
@@ -7848,10 +7869,18 @@ async function startDaemon(options) {
     const list = loadExposedTunnels().filter((t) => t.name !== name);
     saveExposedTunnels(list);
   }
-  const { ServeManager } = await import('./serveManager-Dy4afaLH.mjs');
+  const { ServeManager } = await import('./serveManager-B9cemdRt.mjs');
   const serveManager = new ServeManager(SVAMP_HOME, (msg) => logger.log(`[SERVE] ${msg}`), hyphaServerUrl);
   ensureAutoInstalledSkills(logger).catch(() => {
   });
+  (async () => {
+    try {
+      const { ensureClaudeCodeVersion } = await import('./pinnedClaudeCode-HydRNEt7.mjs');
+      await ensureClaudeCodeVersion((msg) => logger.log(msg));
+    } catch (e) {
+      logger.log(`[claude-version] check failed: ${e?.message || e}`);
+    }
+  })();
   preventMachineSleep(logger);
   try {
     logger.log("Connecting to Hypha server...");

package/dist/{run-Di-48dsY.mjs → run-D4yrAi1I.mjs}

@@ -2,7 +2,7 @@ import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(im
 import os from 'node:os';
 import { resolve, join } from 'node:path';
 import { existsSync, readFileSync, watch } from 'node:fs';
-import { c as connectToHypha, a as registerSessionService, k as generateHookSettings } from './run-BqAe7GgA.mjs';
+import { c as connectToHypha, a as registerSessionService, k as generateHookSettings } from './run-CC-0bNTe.mjs';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { createInterface } from 'node:readline';

package/dist/{serveCommands-DpKi_PuD.mjs → serveCommands-BeQKrUIn.mjs}

@@ -54,7 +54,7 @@ async function handleServeCommand() {
   }
 }
 async function serveAdd(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-BMOelGYC.mjs');
+  const { connectAndGetMachine } = await import('./commands-DV0URNXH.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -93,7 +93,7 @@ async function serveAdd(args, machineId) {
   }
 }
 async function serveApply(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-BMOelGYC.mjs');
+  const { connectAndGetMachine } = await import('./commands-DV0URNXH.mjs');
   const fs = await import('fs');
   const yaml = await import('yaml');
   const file = positionalArgs(args)[0];
@@ -182,7 +182,7 @@ async function serveApply(args, machineId) {
   }
 }
 async function serveRemove(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-BMOelGYC.mjs');
+  const { connectAndGetMachine } = await import('./commands-DV0URNXH.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -202,7 +202,7 @@ async function serveRemove(args, machineId) {
   }
 }
 async function serveList(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-BMOelGYC.mjs');
+  const { connectAndGetMachine } = await import('./commands-DV0URNXH.mjs');
   const all = hasFlag(args, "--all", "-a");
   const json = hasFlag(args, "--json");
   const sessionId = getFlag(args, "--session");
@@ -235,7 +235,7 @@ async function serveList(args, machineId) {
   }
 }
 async function serveInfo(machineId) {
-  const { connectAndGetMachine } = await import('./commands-BMOelGYC.mjs');
+  const { connectAndGetMachine } = await import('./commands-DV0URNXH.mjs');
   const { machine, server } = await connectAndGetMachine(machineId);
   try {
     const info = await machine.serveInfo();

package/dist/{serveManager-Dy4afaLH.mjs → serveManager-B9cemdRt.mjs}

@@ -4,7 +4,7 @@ import * as fs from 'fs';
 import * as http from 'http';
 import * as net from 'net';
 import * as path from 'path';
-import { S as ServeAuth, h as hasCookieToken } from './run-BqAe7GgA.mjs';
+import { S as ServeAuth, h as hasCookieToken } from './run-CC-0bNTe.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svamp-cli",
-  "version": "0.2.70",
+  "version": "0.2.72",
   "description": "Svamp CLI — AI workspace daemon on Hypha Cloud",
   "author": "Amun AI AB",
   "license": "SEE LICENSE IN LICENSE",
@@ -20,7 +20,7 @@
   "scripts": {
     "build": "rm -rf dist bin/skills && mkdir -p bin/skills && cp -r ../../skills/artifact bin/skills/artifact && tsc --noEmit && pkgroll",
     "typecheck": "tsc --noEmit",
-    "test": "npx tsx test/test-context-window.mjs && npx tsx test/test-authorize.mjs && npx tsx test/test-normalize-allowed-user.mjs && npx tsx test/test-share-url.mjs && npx tsx test/test-update-sharing-normalization.mjs && npx tsx test/test-staged-homes-sweep.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-claude-auth.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-session-send-query.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only",
+    "test": "npx tsx test/test-context-window.mjs && npx tsx test/test-authorize.mjs && npx tsx test/test-normalize-allowed-user.mjs && npx tsx test/test-share-url.mjs && npx tsx test/test-update-sharing-normalization.mjs && npx tsx test/test-staged-homes-sweep.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-ralph-loop.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-claude-auth.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-session-send-query.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-ralph-loop-integration.mjs && npx tsx test/test-ralph-loop-modes.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only && node test/pinnedClaudeCode.test.mjs",
     "test:hypha": "node --no-warnings test/test-hypha-service.mjs",
     "dev": "tsx src/cli.ts",
     "dev:daemon": "tsx src/cli.ts daemon start-sync",