svamp-cli 0.2.77 → 0.2.79

package/dist/{agentCommands-OplcUdhk.mjs → agentCommands-CDr8wjR0.mjs}

@@ -148,7 +148,7 @@ async function sessionBroadcast(action, args) {
   console.log(`Broadcast sent: ${action}`);
 }
 async function connectToMachineService() {
-  const { connectAndGetMachine } = await import('./commands-k2E3EJFY.mjs');
+  const { connectAndGetMachine } = await import('./commands-fDM-vliz.mjs');
   return connectAndGetMachine();
 }
 async function inboxSend(targetSessionId, opts) {
@@ -165,7 +165,7 @@ async function inboxSend(targetSessionId, opts) {
   }
   const { server, machine } = await connectToMachineService();
   try {
-    const { resolveSessionId } = await import('./commands-k2E3EJFY.mjs');
+    const { resolveSessionId } = await import('./commands-fDM-vliz.mjs');
     const sessions = await machine.listSessions();
     const match = resolveSessionId(sessions, targetSessionId);
     const fullTargetId = match.sessionId;

package/dist/cli.mjs

@@ -1,4 +1,4 @@
-import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-DDKJ85DU.mjs';
+import { s as startDaemon, b as stopDaemon, d as daemonStatus } from './run-B8H-qZH6.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';
@@ -44,7 +44,7 @@ async function main() {
         console.error(`svamp daemon restart: ${err.message || err}`);
         process.exit(1);
       }
-      const { restartDaemon } = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.u; });
+      const { restartDaemon } = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.u; });
       await restartDaemon();
       process.exit(0);
     }
@@ -287,7 +287,7 @@ async function main() {
       console.error("svamp service: Service commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { handleServiceCommand } = await import('./commands-CZWJawtg.mjs');
+    const { handleServiceCommand } = await import('./commands-DBzx8p4a.mjs');
     await handleServiceCommand();
   } else if (subcommand === "serve") {
     const { isSandboxed: isSandboxedServe } = await import('./sandboxDetect-DNTcbgWD.mjs');
@@ -295,7 +295,7 @@ async function main() {
       console.error("svamp serve: Serve commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { handleServeCommand } = await import('./serveCommands-j7Igsr-W.mjs');
+    const { handleServeCommand } = await import('./serveCommands-Bm6-KRVS.mjs');
     await handleServeCommand();
     process.exit(0);
   } else if (subcommand === "process" || subcommand === "proc") {
@@ -304,7 +304,7 @@ async function main() {
       console.error("svamp process: Process commands are not available in sandboxed sessions.");
       process.exit(1);
     }
-    const { processCommand } = await import('./commands-GILVenvg.mjs');
+    const { processCommand } = await import('./commands-BxyD6EGp.mjs');
     let machineId;
     const processArgs = args.slice(1);
     const mIdx = processArgs.findIndex((a) => a === "--machine" || a === "-m");
@@ -322,7 +322,7 @@ async function main() {
   } else if (!subcommand || subcommand === "start") {
     await handleInteractiveCommand();
   } else if (subcommand === "--version" || subcommand === "-v") {
-    const pkg = await import('./package-BfVgObNX.mjs').catch(() => ({ default: { version: "unknown" } }));
+    const pkg = await import('./package-D7b87vtl.mjs').catch(() => ({ default: { version: "unknown" } }));
     console.log(`svamp version: ${pkg.default.version}`);
   } else {
     console.error(`Unknown command: ${subcommand}`);
@@ -331,7 +331,7 @@ async function main() {
   }
 }
 async function handleInteractiveCommand() {
-  const { runInteractive } = await import('./run-CZEFZgIV.mjs');
+  const { runInteractive } = await import('./run-B4Fm5EI5.mjs');
   const interactiveArgs = subcommand === "start" ? args.slice(1) : args;
   let directory = process.cwd();
   let resumeSessionId;
@@ -376,7 +376,7 @@ async function handleAgentCommand() {
     return;
   }
   if (agentArgs[0] === "list") {
-    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.p; });
+    const { KNOWN_ACP_AGENTS, KNOWN_MCP_AGENTS: KNOWN_MCP_AGENTS2 } = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.p; });
     console.log("Known agents:");
     for (const [name, config2] of Object.entries(KNOWN_ACP_AGENTS)) {
       console.log(`  ${name.padEnd(12)} ${config2.command} ${config2.args.join(" ")}  (ACP)`);
@@ -388,7 +388,7 @@ async function handleAgentCommand() {
     console.log('Use "svamp agent -- <command> [args]" for a custom ACP agent.');
     return;
   }
-  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.p; });
+  const { resolveAcpAgentConfig, KNOWN_MCP_AGENTS } = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.p; });
   let cwd = process.cwd();
   const filteredArgs = [];
   for (let i = 0; i < agentArgs.length; i++) {
@@ -412,12 +412,12 @@ async function handleAgentCommand() {
   console.log(`Starting ${config.agentName} agent in ${cwd}...`);
   let backend;
   if (KNOWN_MCP_AGENTS[config.agentName]) {
-    const { CodexMcpBackend } = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.q; });
+    const { CodexMcpBackend } = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.q; });
     backend = new CodexMcpBackend({ cwd, log: logFn });
   } else {
-    const { AcpBackend } = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.o; });
-    const { GeminiTransport } = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.G; });
-    const { DefaultTransport } = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.D; });
+    const { AcpBackend } = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.o; });
+    const { GeminiTransport } = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.G; });
+    const { DefaultTransport } = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.D; });
     const transportHandler = config.agentName === "gemini" ? new GeminiTransport() : new DefaultTransport(config.agentName);
     backend = new AcpBackend({
       agentName: config.agentName,
@@ -544,7 +544,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
   }
-  const { sessionList, sessionSpawn, sessionArchive, sessionResume, sessionDelete, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-k2E3EJFY.mjs');
+  const { sessionList, sessionSpawn, sessionArchive, sessionResume, sessionDelete, sessionInfo, sessionMessages, sessionAttach, sessionMachines, sessionSend, sessionWait, sessionShare, sessionRalphStart, sessionRalphCancel, sessionRalphStatus, sessionInboxSend, sessionInboxList, sessionInboxRead, sessionInboxReply, sessionInboxClear } = await import('./commands-fDM-vliz.mjs');
   const parseFlagStr = (flag, shortFlag) => {
     for (let i = 1; i < sessionArgs.length; i++) {
       if ((sessionArgs[i] === flag || shortFlag) && i + 1 < sessionArgs.length) {
@@ -610,7 +610,7 @@ async function handleSessionCommand() {
         allowDomain.push(sessionArgs[++i]);
       }
     }
-    const { parseShareArg } = await import('./commands-k2E3EJFY.mjs');
+    const { parseShareArg } = await import('./commands-fDM-vliz.mjs');
     const shareEntries = share.map((s) => parseShareArg(s));
     await sessionSpawn(agent, dir, targetMachineId, {
       message,
@@ -696,7 +696,7 @@ async function handleSessionCommand() {
       console.error("  Spawns a stateless Claude session in <directory>, sends <prompt>, prints the answer, then deletes the session.");
       process.exit(1);
     }
-    const { sessionQuery } = await import('./commands-k2E3EJFY.mjs');
+    const { sessionQuery } = await import('./commands-fDM-vliz.mjs');
     await sessionQuery(dir, prompt, targetMachineId, {
       timeout: parseFlagInt("--timeout"),
       json: hasFlag("--json"),
@@ -729,7 +729,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session approve <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionApprove } = await import('./commands-k2E3EJFY.mjs');
+    const { sessionApprove } = await import('./commands-fDM-vliz.mjs');
     const approveReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionApprove(sessionArgs[1], approveReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -739,7 +739,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session deny <session-id> [request-id] [--json]");
       process.exit(1);
     }
-    const { sessionDeny } = await import('./commands-k2E3EJFY.mjs');
+    const { sessionDeny } = await import('./commands-fDM-vliz.mjs');
     const denyReqId = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
     await sessionDeny(sessionArgs[1], denyReqId, targetMachineId, {
       json: hasFlag("--json")
@@ -775,7 +775,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session set-title <title>");
       process.exit(1);
     }
-    const { sessionSetTitle } = await import('./agentCommands-OplcUdhk.mjs');
+    const { sessionSetTitle } = await import('./agentCommands-CDr8wjR0.mjs');
     await sessionSetTitle(title);
   } else if (sessionSubcommand === "set-link") {
     const url = sessionArgs[1];
@@ -784,7 +784,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const label = sessionArgs[2] && !sessionArgs[2].startsWith("--") ? sessionArgs[2] : void 0;
-    const { sessionSetLink } = await import('./agentCommands-OplcUdhk.mjs');
+    const { sessionSetLink } = await import('./agentCommands-CDr8wjR0.mjs');
     await sessionSetLink(url, label);
   } else if (sessionSubcommand === "notify") {
     const message = sessionArgs[1];
@@ -793,7 +793,7 @@ async function handleSessionCommand() {
       process.exit(1);
     }
     const level = parseFlagStr("--level") || "info";
-    const { sessionNotify } = await import('./agentCommands-OplcUdhk.mjs');
+    const { sessionNotify } = await import('./agentCommands-CDr8wjR0.mjs');
     await sessionNotify(message, level);
   } else if (sessionSubcommand === "broadcast") {
     const action = sessionArgs[1];
@@ -801,7 +801,7 @@ async function handleSessionCommand() {
       console.error("Usage: svamp session broadcast <action> [args...]\nActions: open-canvas <url> [label], close-canvas, toast <message>");
       process.exit(1);
     }
-    const { sessionBroadcast } = await import('./agentCommands-OplcUdhk.mjs');
+    const { sessionBroadcast } = await import('./agentCommands-CDr8wjR0.mjs');
     await sessionBroadcast(action, sessionArgs.slice(2).filter((a) => !a.startsWith("--")));
   } else if (sessionSubcommand === "inbox") {
     const inboxSubcmd = sessionArgs[1];
@@ -812,7 +812,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId) {
-        const { inboxSend } = await import('./agentCommands-OplcUdhk.mjs');
+        const { inboxSend } = await import('./agentCommands-CDr8wjR0.mjs');
         await inboxSend(sessionArgs[2], {
           body: sessionArgs[3],
           subject: parseFlagStr("--subject"),
@@ -827,7 +827,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "list" || inboxSubcmd === "ls") {
       if (agentSessionId && !sessionArgs[2]) {
-        const { inboxList } = await import('./agentCommands-OplcUdhk.mjs');
+        const { inboxList } = await import('./agentCommands-CDr8wjR0.mjs');
         await inboxList({
           unread: hasFlag("--unread"),
           limit: parseFlagInt("--limit"),
@@ -849,7 +849,7 @@ async function handleSessionCommand() {
         process.exit(1);
       }
       if (agentSessionId && !sessionArgs[3]) {
-        const { inboxList } = await import('./agentCommands-OplcUdhk.mjs');
+        const { inboxList } = await import('./agentCommands-CDr8wjR0.mjs');
         await sessionInboxRead(agentSessionId, sessionArgs[2], targetMachineId);
       } else if (sessionArgs[3]) {
         await sessionInboxRead(sessionArgs[2], sessionArgs[3], targetMachineId);
@@ -859,7 +859,7 @@ async function handleSessionCommand() {
       }
     } else if (inboxSubcmd === "reply") {
       if (agentSessionId && sessionArgs[2] && sessionArgs[3] && !sessionArgs[4]) {
-        const { inboxReply } = await import('./agentCommands-OplcUdhk.mjs');
+        const { inboxReply } = await import('./agentCommands-CDr8wjR0.mjs');
         await inboxReply(sessionArgs[2], sessionArgs[3]);
       } else if (sessionArgs[2] && sessionArgs[3] && sessionArgs[4]) {
         await sessionInboxReply(sessionArgs[2], sessionArgs[3], sessionArgs[4], targetMachineId);
@@ -895,7 +895,7 @@ async function handleMachineCommand() {
     return;
   }
   if (machineSubcommand === "share") {
-    const { machineShare } = await import('./commands-k2E3EJFY.mjs');
+    const { machineShare } = await import('./commands-fDM-vliz.mjs');
     let machineId;
     const shareArgs = [];
     for (let i = 1; i < machineArgs.length; i++) {
@@ -925,7 +925,7 @@ async function handleMachineCommand() {
     }
     await machineShare(machineId, { add, remove, list, configPath, showConfig });
   } else if (machineSubcommand === "exec") {
-    const { machineExec } = await import('./commands-k2E3EJFY.mjs');
+    const { machineExec } = await import('./commands-fDM-vliz.mjs');
     let machineId;
     let cwd;
     const cmdParts = [];
@@ -945,7 +945,7 @@ async function handleMachineCommand() {
     }
     await machineExec(machineId, command, cwd);
   } else if (machineSubcommand === "info") {
-    const { machineInfo } = await import('./commands-k2E3EJFY.mjs');
+    const { machineInfo } = await import('./commands-fDM-vliz.mjs');
     let machineId;
     for (let i = 1; i < machineArgs.length; i++) {
       if ((machineArgs[i] === "--machine" || machineArgs[i] === "-m") && i + 1 < machineArgs.length) {
@@ -965,10 +965,10 @@ async function handleMachineCommand() {
         level = machineArgs[++i];
       }
     }
-    const { machineNotify } = await import('./agentCommands-OplcUdhk.mjs');
+    const { machineNotify } = await import('./agentCommands-CDr8wjR0.mjs');
     await machineNotify(message, level);
   } else if (machineSubcommand === "ls") {
-    const { machineLs } = await import('./commands-k2E3EJFY.mjs');
+    const { machineLs } = await import('./commands-fDM-vliz.mjs');
     let machineId;
     let showHidden = false;
     let path;
@@ -999,7 +999,10 @@ Subcommands (fan out across every machine in your workspace):
   status                    Show svamp + claude-code version per machine
   exec "<command>"          Run a shell command on every machine
   upgrade-claude [-v X]     Install Claude Code (defaults to svamp-cli's pinned version)
-  upgrade-svamp [-v X]      npm install -g svamp-cli@X + svamp daemon restart
+  upgrade-svamp [-v X] [--exclude-self]
+                            npm install -g svamp-cli@X + svamp daemon restart
+                            (--exclude-self skips this machine to avoid
+                             interrupting the current session)
   daemon-restart [--cleanup]  Restart daemons (default graceful)
   push-skill <name>         Install/force-refresh a skill on all machines
 
@@ -1011,6 +1014,7 @@ Examples:
   svamp fleet exec "uptime"
   svamp fleet upgrade-claude
   svamp fleet upgrade-svamp -v 0.2.73
+  svamp fleet upgrade-svamp --exclude-self
   svamp fleet push-skill hypha`);
     process.exit(0);
   }
@@ -1022,24 +1026,24 @@ Examples:
   };
   const hasFlag = (name) => fleetArgs.includes(`--${name}`);
   if (sub === "status") {
-    const { fleetStatus } = await import('./fleet-BzK_BkIA.mjs');
+    const { fleetStatus } = await import('./fleet-CQNb2lQG.mjs');
     await fleetStatus();
   } else if (sub === "exec") {
     const command = fleetArgs.slice(1).filter((a) => !a.startsWith("--")).join(" ");
-    const { fleetExec } = await import('./fleet-BzK_BkIA.mjs');
+    const { fleetExec } = await import('./fleet-CQNb2lQG.mjs');
     await fleetExec(command, { cwd: flag("cwd") });
   } else if (sub === "upgrade-claude") {
-    const { fleetUpgradeClaude } = await import('./fleet-BzK_BkIA.mjs');
+    const { fleetUpgradeClaude } = await import('./fleet-CQNb2lQG.mjs');
     await fleetUpgradeClaude({ version: flag("version", "-v") });
   } else if (sub === "upgrade-svamp") {
-    const { fleetUpgradeSvamp } = await import('./fleet-BzK_BkIA.mjs');
-    await fleetUpgradeSvamp({ version: flag("version", "-v") });
+    const { fleetUpgradeSvamp } = await import('./fleet-CQNb2lQG.mjs');
+    await fleetUpgradeSvamp({ version: flag("version", "-v"), excludeSelf: hasFlag("exclude-self") });
   } else if (sub === "daemon-restart") {
-    const { fleetDaemonRestart } = await import('./fleet-BzK_BkIA.mjs');
+    const { fleetDaemonRestart } = await import('./fleet-CQNb2lQG.mjs');
     await fleetDaemonRestart({ graceful: !hasFlag("cleanup") });
   } else if (sub === "push-skill") {
     const name = fleetArgs[1];
-    const { fleetPushSkill } = await import('./fleet-BzK_BkIA.mjs');
+    const { fleetPushSkill } = await import('./fleet-CQNb2lQG.mjs');
     await fleetPushSkill(name);
   } else {
     console.error(`Unknown fleet subcommand: ${sub}`);
@@ -1498,7 +1502,7 @@ async function applyClaudeAuthFlags(argv) {
       "--use-hypha-proxy, --use-claude-login, and --anthropic-base-url/--anthropic-api-key are mutually exclusive"
     );
   }
-  const mod = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.t; });
+  const mod = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.t; });
   if (hasHypha) {
     mod.setClaudeAuthHyphaProxy();
     console.log("Claude auth configured: hypha-proxy (uses HYPHA_TOKEN live at each spawn).");
@@ -1536,7 +1540,7 @@ async function applyDaemonShareFlag(argv) {
     }
   }
   if (collected.length === 0) return;
-  const { updateEnvFile } = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.t; });
+  const { updateEnvFile } = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.t; });
   const seen = /* @__PURE__ */ new Set();
   const deduped = collected.filter((e) => {
     const k = e.toLowerCase();
@@ -1549,7 +1553,7 @@ async function applyDaemonShareFlag(argv) {
 }
 async function handleDaemonAuthCommand(argv) {
   const sub = (argv[0] || "status").toLowerCase();
-  const mod = await import('./run-DDKJ85DU.mjs').then(function (n) { return n.t; });
+  const mod = await import('./run-B8H-qZH6.mjs').then(function (n) { return n.t; });
   if (sub === "--help" || sub === "-h" || sub === "help") {
     console.log(`
 svamp daemon auth \u2014 Configure how Claude subprocesses authenticate

package/dist/{commands-GILVenvg.mjs → commands-BxyD6EGp.mjs}

@@ -1,11 +1,11 @@
 import { writeFileSync, readFileSync } from 'fs';
 import { resolve } from 'path';
-import { connectAndGetMachine } from './commands-k2E3EJFY.mjs';
+import { connectAndGetMachine } from './commands-fDM-vliz.mjs';
 import 'node:fs';
 import 'node:child_process';
 import 'node:path';
 import 'node:os';
-import './run-DDKJ85DU.mjs';
+import './run-B8H-qZH6.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';

package/dist/{commands-CZWJawtg.mjs → commands-DBzx8p4a.mjs}

@@ -68,7 +68,7 @@ async function serviceExpose(args) {
     });
     return;
   }
-  const { connectAndGetMachine } = await import('./commands-k2E3EJFY.mjs');
+  const { connectAndGetMachine } = await import('./commands-fDM-vliz.mjs');
   const { server, machine } = await connectAndGetMachine();
   try {
     const status = await machine.tunnelStart({
@@ -132,7 +132,7 @@ async function serviceServe(args) {
 }
 async function serviceList(_args) {
   try {
-    const { connectAndGetMachine } = await import('./commands-k2E3EJFY.mjs');
+    const { connectAndGetMachine } = await import('./commands-fDM-vliz.mjs');
     const { server, machine } = await connectAndGetMachine();
     try {
       const tunnels = await machine.tunnelList({});
@@ -161,7 +161,7 @@ async function serviceDelete(args) {
     process.exit(1);
   }
   try {
-    const { connectAndGetMachine } = await import('./commands-k2E3EJFY.mjs');
+    const { connectAndGetMachine } = await import('./commands-fDM-vliz.mjs');
     const { server, machine } = await connectAndGetMachine();
     try {
       await machine.tunnelStop({ name });

package/dist/{commands-k2E3EJFY.mjs → commands-fDM-vliz.mjs}

@@ -2,7 +2,7 @@ import { existsSync, readFileSync } from 'node:fs';
 import { execSync } from 'node:child_process';
 import { resolve, join } from 'node:path';
 import os from 'node:os';
-import { n as normalizeAllowedUser, l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha, i as buildSessionShareUrl, j as buildMachineShareUrl } from './run-DDKJ85DU.mjs';
+import { n as normalizeAllowedUser, l as loadSecurityContextConfig, e as resolveSecurityContext, f as buildSecurityContextFromFlags, m as mergeSecurityContexts, c as connectToHypha, i as buildSessionShareUrl, j as buildMachineShareUrl } from './run-B8H-qZH6.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/{fleet-BzK_BkIA.mjs → fleet-CQNb2lQG.mjs}

@@ -1,7 +1,7 @@
 import { existsSync, readFileSync } from 'node:fs';
 import { join } from 'node:path';
 import os from 'node:os';
-import { c as connectToHypha } from './run-DDKJ85DU.mjs';
+import { c as connectToHypha } from './run-B8H-qZH6.mjs';
 import { PINNED_CLAUDE_CODE_VERSION } from './pinnedClaudeCode-HydRNEt7.mjs';
 import 'os';
 import 'fs/promises';
@@ -44,6 +44,16 @@ function readDaemonState() {
     return null;
   }
 }
+function getSelfMachineId() {
+  return readDaemonState()?.machineId || null;
+}
+function partitionSelf(machines, selfId) {
+  if (!selfId) return { targets: machines, skipped: [] };
+  return {
+    targets: machines.filter((m) => m.machineId !== selfId),
+    skipped: machines.filter((m) => m.machineId === selfId)
+  };
+}
 function suppressHyphaLogs() {
   const ol = console.log, ow = console.warn, oi = console.info, oe = console.error;
   const sw = process.stdout.write.bind(process.stdout);
@@ -243,12 +253,18 @@ async function fleetUpgradeSvamp(opts) {
     await server.disconnect();
     return;
   }
-  console.log(`Upgrading svamp-cli to ${version} on ${machines.length} machine(s)...
+  const selfId = opts?.excludeSelf ? getSelfMachineId() : null;
+  if (opts?.excludeSelf && !selfId) {
+    console.log("\u26A0 --exclude-self: could not determine this machine's ID (no local daemon state) \u2014 nothing excluded.");
+  }
+  const { targets, skipped } = partitionSelf(machines, selfId);
+  console.log(`Upgrading svamp-cli to ${version} on ${targets.length} machine(s)${selfId ? ` (excluding self: ${selfId})` : ""}...
 `);
   try {
     printHeader(["MACHINE ID", "LABEL", "STATE", "DETAIL"], [20, 24, 6, 60]);
+    for (const m of skipped) printResultRow(m, "SKIP", 'self \u2014 restart separately with "svamp daemon restart"');
     const cmd = `bash -lc 'npm install -g svamp-cli@${version} 2>&1 | tail -5 && svamp daemon restart 2>&1 | tail -5'`;
-    const rows = await fanOut(machines, async (m) => await m.rpc.bash(cmd, void 0));
+    const rows = await fanOut(targets, async (m) => await m.rpc.bash(cmd, void 0));
     let failures = 0;
     for (const r of rows) {
       if (!r.ok) {
@@ -336,4 +352,4 @@ ${rows.length - failures}/${rows.length} updated.`);
   }
 }
 
-export { fleetDaemonRestart, fleetExec, fleetPushSkill, fleetStatus, fleetUpgradeClaude, fleetUpgradeSvamp };
+export { fleetDaemonRestart, fleetExec, fleetPushSkill, fleetStatus, fleetUpgradeClaude, fleetUpgradeSvamp, partitionSelf };

package/dist/index.mjs

@@ -1,4 +1,4 @@
-export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-DDKJ85DU.mjs';
+export { c as connectToHypha, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, a as registerSessionService, s as startDaemon, b as stopDaemon } from './run-B8H-qZH6.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';

package/dist/{package-BfVgObNX.mjs → package-D7b87vtl.mjs}

@@ -1,5 +1,5 @@
 var name = "svamp-cli";
-var version = "0.2.77";
+var version = "0.2.79";
 var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
 var author = "Amun AI AB";
 var license = "SEE LICENSE IN LICENSE";

package/dist/{run-CZEFZgIV.mjs → run-B4Fm5EI5.mjs}

@@ -2,7 +2,7 @@ import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(im
 import os from 'node:os';
 import { resolve, join } from 'node:path';
 import { existsSync, readFileSync, watch } from 'node:fs';
-import { c as connectToHypha, a as registerSessionService, k as generateHookSettings } from './run-DDKJ85DU.mjs';
+import { c as connectToHypha, a as registerSessionService, k as generateHookSettings } from './run-B8H-qZH6.mjs';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { createInterface } from 'node:readline';

package/dist/{run-DDKJ85DU.mjs → run-B8H-qZH6.mjs}

@@ -5836,12 +5836,62 @@ btn.addEventListener('click', async () => {
     }
 });
 <\/script>
+</body></html>`;
+  }
+  /**
+   * Render an "access denied" page for a request that IS authenticated (valid
+   * Hypha token) but whose email is not authorized for the mount — or for a
+   * misconfigured owner mount with no resolvable owner. This is served as a
+   * 403; it deliberately does NOT redirect to the login page, which would
+   * loop forever and tell the user nothing about why they were rejected.
+   */
+  getAccessDeniedHtml(opts) {
+    const { email, access, ownerEmail, misconfigured } = opts;
+    const loginHref = `/__login__?return=${encodeURIComponent(opts.returnUrl || "/")}`;
+    let requirement;
+    if (misconfigured) {
+      requirement = `This resource is set to <b>owner-only</b> access, but the server never resolved an owner email (the daemon authenticated with a token that has no email claim). No account can satisfy this \u2014 it is a server-side misconfiguration, not a problem with your account. Fix it by re-creating the mount with an explicit email allowlist, e.g. <code>access: ["${escapeHtml(email || "you@example.com")}"]</code>.`;
+    } else if (access === "owner") {
+      requirement = `This resource is restricted to its owner${ownerEmail ? ` (<code>${escapeHtml(ownerEmail)}</code>)` : ""}.`;
+    } else if (Array.isArray(access)) {
+      const list = access.map((e) => `<code>${escapeHtml(e)}</code>`).join(", ");
+      requirement = `This resource is restricted to: ${list}.`;
+    } else {
+      requirement = "This resource is restricted.";
+    }
+    const signedInLine = email ? `You are signed in as <code>${escapeHtml(email)}</code>, which is not on the allow list.` : `You are not signed in.`;
+    return `<!DOCTYPE html>
+<html><head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<title>Access denied \u2014 Svamp File Server</title>
+<style>
+*{box-sizing:border-box;margin:0;padding:0}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;display:flex;align-items:center;justify-content:center;min-height:100vh;background:#f6f8fa;color:#24292f;padding:16px}
+.card{background:#fff;border:1px solid #d0d7de;border-radius:12px;padding:32px;max-width:480px;width:100%;box-shadow:0 4px 12px rgba(31,35,40,0.06)}
+h1{font-size:1.25rem;margin-bottom:8px}
+.lead{color:#cf222e;font-weight:600;margin-bottom:16px}
+p{color:#3d444d;font-size:0.92rem;line-height:1.5;margin-bottom:14px}
+code{background:#f6f8fa;border:1px solid #d0d7de;border-radius:6px;padding:1px 6px;font-size:0.85em}
+a.btn{display:inline-block;background:#0969da;color:#fff;border-radius:8px;padding:10px 20px;font-weight:500;text-decoration:none;margin-top:4px}
+a.btn:hover{background:#0860c4}
+</style>
+</head><body>
+<div class="card">
+  <h1>${misconfigured ? "\u26D4 Access not possible" : "\u26D4 Access denied"}</h1>
+  <p class="lead">${signedInLine}</p>
+  <p>${requirement}</p>
+  ${misconfigured ? "" : `<a class="btn" href="${loginHref}">Sign in with a different account</a>`}
+</div>
 </body></html>`;
   }
   destroy() {
     this.cache.clear();
   }
 }
+function escapeHtml(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
 
 const DEFAULT_PROBE_INTERVAL_S = 10;
 const DEFAULT_PROBE_TIMEOUT_S = 5;
@@ -7926,7 +7976,7 @@ async function startDaemon(options) {
     const list = loadExposedTunnels().filter((t) => t.name !== name);
     saveExposedTunnels(list);
   }
-  const { ServeManager } = await import('./serveManager-Ba-VINC7.mjs');
+  const { ServeManager } = await import('./serveManager-D58o1Gom.mjs');
   const serveManager = new ServeManager(SVAMP_HOME, (msg) => logger.log(`[SERVE] ${msg}`), hyphaServerUrl);
   ensureAutoInstalledSkills(logger).catch(() => {
   });

package/dist/{serveCommands-j7Igsr-W.mjs → serveCommands-Bm6-KRVS.mjs}

@@ -54,7 +54,7 @@ async function handleServeCommand() {
   }
 }
 async function serveAdd(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-k2E3EJFY.mjs');
+  const { connectAndGetMachine } = await import('./commands-fDM-vliz.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -93,7 +93,7 @@ async function serveAdd(args, machineId) {
   }
 }
 async function serveApply(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-k2E3EJFY.mjs');
+  const { connectAndGetMachine } = await import('./commands-fDM-vliz.mjs');
   const fs = await import('fs');
   const yaml = await import('yaml');
   const file = positionalArgs(args)[0];
@@ -182,7 +182,7 @@ async function serveApply(args, machineId) {
   }
 }
 async function serveRemove(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-k2E3EJFY.mjs');
+  const { connectAndGetMachine } = await import('./commands-fDM-vliz.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -202,7 +202,7 @@ async function serveRemove(args, machineId) {
   }
 }
 async function serveList(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-k2E3EJFY.mjs');
+  const { connectAndGetMachine } = await import('./commands-fDM-vliz.mjs');
   const all = hasFlag(args, "--all", "-a");
   const json = hasFlag(args, "--json");
   const sessionId = getFlag(args, "--session");
@@ -235,7 +235,7 @@ async function serveList(args, machineId) {
   }
 }
 async function serveInfo(machineId) {
-  const { connectAndGetMachine } = await import('./commands-k2E3EJFY.mjs');
+  const { connectAndGetMachine } = await import('./commands-fDM-vliz.mjs');
   const { machine, server } = await connectAndGetMachine(machineId);
   try {
     const info = await machine.serveInfo();

package/dist/{serveManager-Ba-VINC7.mjs → serveManager-D58o1Gom.mjs}

@@ -4,7 +4,7 @@ import * as fs from 'fs';
 import * as http from 'http';
 import * as net from 'net';
 import * as path from 'path';
-import { S as ServeAuth, h as hasCookieToken } from './run-DDKJ85DU.mjs';
+import { S as ServeAuth, h as hasCookieToken } from './run-B8H-qZH6.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';
@@ -128,6 +128,9 @@ class ServeManager {
       await this.removeMount(spec.name);
     }
     const access = spec.access ?? "link";
+    if (access === "owner" && !spec.ownerEmail) {
+      this.log(`\u26A0 Mount '${spec.name}': access='owner' but no owner email could be resolved \u2014 NO ONE will be able to sign in. Use an explicit email allowlist instead, e.g. access: ["you@example.com"].`);
+    }
     const mount = {
       name: spec.name,
       directory: resolvedDir,
@@ -542,17 +545,34 @@ class ServeManager {
         }
         if (mount && mount.access !== "public" && mount.access !== "link") {
           const userEmail = this.auth ? await this.auth.authenticate(req).catch(() => null) : null;
+          if (mount.access === "owner" && !mount.ownerEmail) {
+            this.log(`Auth DENY '${mountName}': owner-only mount but ownerEmail is empty (misconfigured \u2014 the daemon's token has no email claim). Set access to an explicit email allowlist. requester=${userEmail || "anonymous"}`);
+            const html = this.auth ? this.auth.getAccessDeniedHtml({ email: userEmail, access: mount.access, ownerEmail: mount.ownerEmail, misconfigured: true, returnUrl: req.url || "/" }) : "Access denied (misconfigured owner mount).";
+            res.writeHead(403, { "Content-Type": "text/html; charset=utf-8", "Cache-Control": "no-store" });
+            res.end(html);
+            return;
+          }
           const allowed = this.auth ? this.auth.isAuthorized(userEmail, mount.access, mount.ownerEmail) : false;
           if (!allowed) {
-            const loginUrl = `/__login__?return=${encodeURIComponent(req.url || "/")}`;
-            const headers = { Location: loginUrl };
-            if (hasCookieToken(req)) {
-              headers["Set-Cookie"] = "svamp_serve_token=; Path=/; Max-Age=0; SameSite=Lax";
+            if (!userEmail) {
+              this.log(`Auth: '${mountName}' requires sign-in (no valid token) \u2014 redirecting to /__login__`);
+              const loginUrl = `/__login__?return=${encodeURIComponent(req.url || "/")}`;
+              const headers = { Location: loginUrl };
+              if (hasCookieToken(req)) {
+                headers["Set-Cookie"] = "svamp_serve_token=; Path=/; Max-Age=0; SameSite=Lax";
+              }
+              res.writeHead(302, headers);
+              res.end();
+              return;
             }
-            res.writeHead(302, headers);
-            res.end();
+            const need = mount.access === "owner" ? `owner (${mount.ownerEmail || "unset"})` : `one of [${mount.access.join(", ")}]`;
+            this.log(`Auth DENY '${mountName}': '${userEmail}' is not authorized (requires ${need})`);
+            const html = this.auth ? this.auth.getAccessDeniedHtml({ email: userEmail, access: mount.access, ownerEmail: mount.ownerEmail, returnUrl: req.url || "/" }) : `Access denied for ${userEmail}.`;
+            res.writeHead(403, { "Content-Type": "text/html; charset=utf-8", "Cache-Control": "no-store" });
+            res.end(html);
             return;
           }
+          this.log(`Auth OK '${mountName}': ${userEmail}`);
         }
         if (req.method === "PUT" && mount && mount.directory) {
           const filePath = path.join(mount.directory, basePath);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svamp-cli",
-  "version": "0.2.77",
+  "version": "0.2.79",
   "description": "Svamp CLI — AI workspace daemon on Hypha Cloud",
   "author": "Amun AI AB",
   "license": "SEE LICENSE IN LICENSE",