svamp-cli 0.2.91 → 0.2.93

package/dist/{run-DWr_h85y.mjs → run-CvIUzIMP.mjs}

@@ -6,9 +6,7 @@ import { fileURLToPath } from 'url';
 import { execFile, spawn as spawn$1, execSync as execSync$1 } from 'child_process';
 import { randomUUID as randomUUID$1 } from 'crypto';
 import { existsSync, readFileSync, mkdirSync as mkdirSync$1, readdirSync, writeFileSync as writeFileSync$1, renameSync as renameSync$1, rmSync, appendFileSync, unlinkSync } from 'node:fs';
-import vm from 'node:vm';
 import { exec, spawn, execSync, execFile as execFile$1, execFileSync } from 'node:child_process';
-import { WebSocket } from 'ws';
 import { promisify } from 'util';
 import { randomBytes, randomUUID, createHash } from 'node:crypto';
 import { join as join$1 } from 'node:path';
@@ -380,54 +378,6 @@ function buildSkillsPromptSection(skills) {
   ].join("\n");
 }
 
-function buildSvampApi(deps) {
-  return {
-    bash: (command, opts) => deps.runBash(command, opts),
-    context: () => deps.getContext(),
-    ask: (question) => deps.askSession(question),
-    summarize: (question) => deps.summarizeSession(question),
-    send: (message) => deps.sessionSend(message)
-  };
-}
-async function runJs(code, deps, opts = {}) {
-  return runJsWithApi(code, buildSvampApi(deps), opts);
-}
-async function runJsWithApi(code, api, opts = {}) {
-  const timeoutMs = opts.timeoutMs ?? 5e3;
-  const logs = [];
-  const capture = (...a) => {
-    logs.push(a.map((x) => typeof x === "string" ? x : JSON.stringify(x)).join(" "));
-  };
-  const sandbox = /* @__PURE__ */ Object.create(null);
-  sandbox.svamp = api;
-  sandbox.console = { log: capture, error: capture, warn: capture, info: capture };
-  const context = vm.createContext(sandbox, { name: "wise-run_js" });
-  const wrapped = `(async () => {
-${code}
-})()`;
-  let script;
-  try {
-    script = new vm.Script(wrapped, { filename: "wise-run_js.js" });
-  } catch (e) {
-    return { result: void 0, logs, error: "compile error: " + e.message };
-  }
-  let timer;
-  try {
-    const ran = script.runInContext(context, { timeout: timeoutMs });
-    const result = await Promise.race([
-      Promise.resolve(ran),
-      new Promise((_, reject) => {
-        timer = setTimeout(() => reject(new Error("run_js timed out")), timeoutMs);
-      })
-    ]);
-    return { result, logs };
-  } catch (e) {
-    return { result: void 0, logs, error: e.message };
-  } finally {
-    if (timer) clearTimeout(timer);
-  }
-}
-
 const READ_ONLY_TOOLS = ["get_context", "ask_session", "summarize_session", "use_skill"];
 const str$1 = (v) => v == null ? "" : String(v);
 function buildTools(deps, skills) {
@@ -483,16 +433,6 @@ function buildTools(deps, skills) {
         }
         return "(sent to the coding agent)";
       }
-    },
-    {
-      name: "run_js",
-      readOnly: false,
-      description: "Run JavaScript with an async `svamp` API to read state and compose several steps in one call: svamp.bash(cmd), svamp.context(), svamp.ask(q), svamp.summarize(q), svamp.send(msg). Use `await` and `return` a value; console.log is captured. Sandboxed, ~5s limit.",
-      parameters: { type: "object", properties: { code: { type: "string", description: "JS body; may use await and return." } }, required: ["code"], additionalProperties: false },
-      run: async (a) => {
-        const r = await runJs(str$1(a?.code), deps, { timeoutMs: 5e3 });
-        return JSON.stringify({ result: r.result, logs: r.logs, error: r.error });
-      }
     }
   ];
 }
@@ -619,7 +559,6 @@ You are WISE Agent, a fast, text-mode companion to the deep coding agent (Claude
 - summarize_session \u2014 a cheap subagent that summarizes the deep agent's transcript for a specific question.
 - use_skill \u2014 load a project skill's full steps by name, then carry them out with run_bash.
 - run_bash \u2014 run a shell command on the session's machine (when granted).
-- run_js \u2014 JavaScript with an async \`svamp\` API to compose several steps in one call (when granted).
 - send_to_session \u2014 hand a clear, reformulated instruction to the deep coding agent (when granted); pass wait=true to block for its reply.
 
 # Instructions
@@ -733,7 +672,7 @@ async function runWiseAgent(args) {
 }
 
 const MACHINE_READ_ONLY = ["daemon_status", "list_sessions", "read_session", "use_skill"];
-const MACHINE_MUTATING = ["run_bash", "run_js", "send_to_session", "spawn_session"];
+const MACHINE_MUTATING = ["run_bash", "send_to_session", "spawn_session"];
 const ALL_MACHINE_TOOLS = [...MACHINE_READ_ONLY, ...MACHINE_MUTATING];
 const str = (v) => v == null ? "" : String(v);
 function machineToolsForRole(role) {
@@ -741,16 +680,6 @@ function machineToolsForRole(role) {
   if (role === "interact") return [...MACHINE_READ_ONLY, "send_to_session"];
   return [...MACHINE_READ_ONLY];
 }
-function machineSvampApi(deps) {
-  return {
-    bash: (command, opts) => deps.runBash(command, opts),
-    status: () => deps.daemonStatus(),
-    listSessions: () => deps.listSessions(),
-    readSession: (id, opts) => deps.readSession(id, opts),
-    sendToSession: (id, message) => deps.sendToSession(id, message),
-    spawnSession: (directory) => deps.spawnSession(directory)
-  };
-}
 function buildMachineTools(deps, skills) {
   return [
     {
@@ -804,16 +733,6 @@ function buildMachineTools(deps, skills) {
       description: "Start a new agent session in a directory on this machine.",
       parameters: { type: "object", properties: { directory: { type: "string" } }, required: ["directory"], additionalProperties: false },
       run: async (a) => JSON.stringify(await deps.spawnSession(str(a?.directory)))
-    },
-    {
-      name: "run_js",
-      readOnly: false,
-      description: "Run JavaScript with an async `svamp` machine API to compose steps: svamp.bash(cmd), svamp.status(), svamp.listSessions(), svamp.readSession(id), svamp.sendToSession(id,msg), svamp.spawnSession(dir). Use await + return; console.log captured. Sandboxed, ~5s.",
-      parameters: { type: "object", properties: { code: { type: "string" } }, required: ["code"], additionalProperties: false },
-      run: async (a) => {
-        const r = await runJsWithApi(str(a?.code), machineSvampApi(deps), { timeoutMs: 5e3 });
-        return JSON.stringify({ result: r.result, logs: r.logs, error: r.error });
-      }
     }
   ];
 }
@@ -848,7 +767,7 @@ You are WISE in machine-manager (global) mode \u2014 a fast cockpit over the sva
 # Tools
 - daemon_status \u2014 daemon health / version / session count. Use first for machine status.
 - list_sessions / read_session \u2014 see all sessions and inspect any one.
-- run_bash / run_js \u2014 run quick commands / scripts on the machine.
+- run_bash \u2014 run quick commands / scripts on the machine.
 - send_to_session(id, message) \u2014 delegate a task to a specific session's Claude agent.
 - spawn_session(directory) \u2014 start a new session.
 - use_skill \u2014 load a machine-level procedure.
@@ -1021,126 +940,6 @@ function buildSessionDeps(rpc, opts = {}) {
   };
 }
 
-function toolsForRole(role) {
-  if (role === "admin") return [...READ_ONLY_TOOLS, "run_bash", "send_to_session", "run_js"];
-  if (role === "interact") return [...READ_ONLY_TOOLS, "send_to_session"];
-  return [...READ_ONLY_TOOLS];
-}
-function toRealtimeTools(tools) {
-  return tools.map((t) => ({ type: "function", name: t.name, description: t.description, parameters: t.parameters }));
-}
-function buildVoiceSessionUpdate(instructions, tools, opts) {
-  return {
-    type: "session.update",
-    session: {
-      instructions,
-      tools: toRealtimeTools(tools),
-      tool_choice: "auto",
-      ...opts?.voice ? { audio: { output: { voice: opts.voice } } } : {}
-    }
-  };
-}
-async function handleRealtimeEvent(ev, tools, send, nameByCallId) {
-  if (ev?.type === "response.output_item.added" && ev.item?.type === "function_call") {
-    if (nameByCallId && ev.item.call_id) nameByCallId.set(ev.item.call_id, ev.item.name);
-    return null;
-  }
-  if (!ev || ev.type !== "response.function_call_arguments.done") return null;
-  const callId = ev.call_id;
-  const name = ev.name || nameByCallId && nameByCallId.get(callId) || "";
-  let args = {};
-  try {
-    args = ev.arguments ? JSON.parse(ev.arguments) : {};
-  } catch {
-  }
-  const tool = tools.find((t) => t.name === name);
-  let output;
-  if (!tool) {
-    output = `error: tool "${name}" is not available to this caller`;
-  } else {
-    try {
-      output = await tool.run(args);
-    } catch (e) {
-      output = `error: ${e?.message || e}`;
-    }
-  }
-  send({ type: "conversation.item.create", item: { type: "function_call_output", call_id: callId, output } });
-  send({ type: "response.create" });
-  return { name, output };
-}
-async function initVoiceSession(init) {
-  const ctx = await loadWiseAgentContext(init.deps, init.config);
-  const instructions = buildWiseAgentInstructions(ctx, init.config);
-  const granted = gateTools(buildTools(init.deps, ctx.skills), init.config, init.sender.name);
-  return { tools: granted, sessionUpdate: buildVoiceSessionUpdate(instructions, granted, { voice: init.voice }) };
-}
-async function initMachineVoiceSession(init) {
-  const ctx = await loadMachineContext(init.deps);
-  const instructions = buildMachineInstructions(ctx);
-  const allow = new Set(machineToolsForRole(init.role ?? "admin"));
-  const granted = buildMachineTools(init.deps, ctx.skills).filter((t) => allow.has(t.name));
-  return { tools: granted, sessionUpdate: buildVoiceSessionUpdate(instructions, granted, { voice: init.voice }) };
-}
-
-var sideband = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    buildVoiceSessionUpdate: buildVoiceSessionUpdate,
-    handleRealtimeEvent: handleRealtimeEvent,
-    initMachineVoiceSession: initMachineVoiceSession,
-    initVoiceSession: initVoiceSession,
-    toRealtimeTools: toRealtimeTools,
-    toolsForRole: toolsForRole
-});
-
-const realFactory = (url, headers) => new WebSocket(url, { headers });
-let _testFactory;
-async function openSideband(opts) {
-  const base = (opts.baseUrl || "https://api.openai.com").replace(/^http/, "ws").replace(/\/+$/, "");
-  const url = `${base}/v1/realtime?call_id=${encodeURIComponent(opts.callId)}`;
-  const { tools, sessionUpdate } = opts.prepared ?? await initVoiceSession(opts.init);
-  const ws = (opts.wsFactory || _testFactory || realFactory)(url, { Authorization: `Bearer ${opts.apiKey}` });
-  const send = (e) => {
-    try {
-      ws.send(JSON.stringify(e));
-    } catch {
-    }
-  };
-  const nameByCallId = /* @__PURE__ */ new Map();
-  ws.on("open", () => send(sessionUpdate));
-  const wantTools = new Set(tools.map((t) => t.name));
-  let reasserts = 0;
-  ws.on("message", async (data) => {
-    let ev;
-    try {
-      ev = JSON.parse(typeof data === "string" ? data : data?.toString?.() ?? "");
-    } catch {
-      return;
-    }
-    if (ev?.type === "session.updated" && wantTools.size) {
-      const have = new Set((ev.session?.tools || []).map((t) => t?.name));
-      const missing = [...wantTools].some((n) => !have.has(n));
-      if (missing && reasserts < 10) {
-        reasserts++;
-        send(sessionUpdate);
-        return;
-      }
-    }
-    try {
-      await handleRealtimeEvent(ev, tools, send, nameByCallId);
-    } catch (e) {
-      opts.onError?.(e instanceof Error ? e : new Error(String(e)));
-    }
-  });
-  ws.on("close", () => opts.onClose?.());
-  ws.on("error", (e) => opts.onError?.(e instanceof Error ? e : new Error(String(e))));
-  return { callId: opts.callId, close: () => {
-    try {
-      ws.close();
-    } catch {
-    }
-  } };
-}
-
 const execFileAsync$1 = promisify(execFile);
 function parseEtime(s) {
   if (!s) return 0;
@@ -1265,6 +1064,31 @@ function filterTerminalResponses(data) {
 function getMachineMetadataPath(svampHomeDir) {
   return join(svampHomeDir, "machine-metadata.json");
 }
+async function mintRealtimeEphemeralKey(baseUrl, apiKey, opts) {
+  const realtimeBase = baseUrl || "https://api.openai.com";
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), 15e3);
+  try {
+    const response = await fetch(`${realtimeBase}/v1/realtime/client_secrets`, {
+      method: "POST",
+      headers: { "Authorization": `Bearer ${apiKey}`, "Content-Type": "application/json" },
+      body: JSON.stringify({
+        session: {
+          type: "realtime",
+          model: opts.model || "gpt-realtime-mini",
+          ...opts.voice ? { audio: { output: { voice: opts.voice } } } : {}
+        }
+      }),
+      signal: ctrl.signal
+    });
+    if (!response.ok) throw new Error(`OpenAI client_secrets error: ${response.status}`);
+    const result = await response.json();
+    if (!result.value) throw new Error("client_secrets returned no value");
+    return result.value;
+  } finally {
+    clearTimeout(timer);
+  }
+}
 function loadPersistedMachineMetadata(svampHomeDir) {
   try {
     const data = readFileSync$1(getMachineMetadataPath(svampHomeDir), "utf-8");
@@ -1294,7 +1118,6 @@ async function registerMachineService(server, machineId, metadata, daemonState,
     lastInboundRpcAt = Date.now();
   };
   const listeners = [];
-  const voiceSidebands = /* @__PURE__ */ new Map();
   const removeListener = (listener, reason) => {
     const idx = listeners.indexOf(listener);
     if (idx >= 0) {
@@ -2230,7 +2053,7 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         const tunnels = handlers.tunnels;
         if (!tunnels) throw new Error("Tunnel management not available");
         if (tunnels.has(params.name)) throw new Error(`Tunnel '${params.name}' already running`);
-        const { FrpcTunnel } = await import('./frpc-BBNWJChC.mjs');
+        const { FrpcTunnel } = await import('./frpc-glQKHUBu.mjs');
         const tunnel = new FrpcTunnel({
           name: params.name,
           ports: params.ports,
@@ -2380,123 +2203,13 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         if (misconfig || !resolved.apiKey) {
           return { success: false, error: misconfig || "WISE voice is not configured: no OpenAI API key on this machine. Run `svamp wise-agent auth use-openai <KEY>` (or set OPENAI_API_KEY), then `svamp daemon restart`." };
         }
-        const realtimeBase = resolved.baseUrl || "https://api.openai.com";
         try {
-          const wisCtrl = new AbortController();
-          const wisTimer = setTimeout(() => wisCtrl.abort(), 15e3);
-          let response;
-          try {
-            response = await fetch(`${realtimeBase}/v1/realtime/client_secrets`, {
-              method: "POST",
-              headers: {
-                "Authorization": `Bearer ${resolved.apiKey}`,
-                "Content-Type": "application/json"
-              },
-              body: JSON.stringify({
-                session: {
-                  type: "realtime",
-                  model: params.model || "gpt-realtime-mini",
-                  ...params.voice ? { audio: { output: { voice: params.voice } } } : {}
-                }
-              }),
-              signal: wisCtrl.signal
-            });
-          } finally {
-            clearTimeout(wisTimer);
-          }
-          if (!response.ok) {
-            return { success: false, error: `OpenAI API error: ${response.status}` };
-          }
-          const result = await response.json();
-          return { success: true, clientSecret: result.value };
+          const clientSecret = await mintRealtimeEphemeralKey(resolved.baseUrl, resolved.apiKey, { model: params.model, voice: params.voice });
+          return { success: true, clientSecret };
         } catch (error) {
           return { success: false, error: error instanceof Error ? error.message : "Failed to create token" };
         }
       },
-      // Attach the daemon's server-side control to an in-flight Realtime voice
-      // session (browser holds the WebRTC audio leg). The browser passes the
-      // `call_id` it got from OpenAI's SDP answer; the daemon opens the sideband
-      // WS and runs WISE tools server-side, gated by the caller's session role.
-      wiseAttachSideband: async (params, context) => {
-        trackInbound();
-        if (context && (!context.user || context.user.is_anonymous)) {
-          return { success: false, error: "Sign in to use WISE voice." };
-        }
-        if (!params?.callId) return { success: false, error: "callId is required" };
-        const resolved = resolveModel({ provider: "openai" }, process.env);
-        const misconfig = describeMisconfiguration(resolved);
-        if (misconfig || !resolved.apiKey) {
-          return { success: false, error: misconfig || "WISE voice is not configured on this machine." };
-        }
-        const userKey = (context?.user?.email || context?.user?.id || "anon").toLowerCase();
-        const senderName = context?.user?.email || context?.user?.id || "user";
-        let prepared;
-        let role;
-        if (params.sessionId) {
-          const rpc = handlers.getSessionRPCHandlers?.(params.sessionId);
-          if (!rpc) return { success: false, error: "Session not found on this machine" };
-          let cwd;
-          let owner;
-          try {
-            role = (await rpc.getEffectiveRole(context))?.role ?? null;
-            if (!role) return { success: false, error: "Not authorized for this session" };
-            const metaRes = await rpc.getMetadata(context);
-            cwd = metaRes?.metadata?.path;
-            owner = metaRes?.metadata?.sharing?.owner;
-          } catch {
-            return { success: false, error: "Not authorized for this session" };
-          }
-          try {
-            const deps = buildSessionDeps(rpc, { cwd, ownerEmail: owner });
-            prepared = await initVoiceSession({ deps, config: { tools: toolsForRole(role) }, sender: { name: senderName, kind: "user", verified: true }, voice: params.voice });
-          } catch (e) {
-            return { success: false, error: e?.message || "Failed to prepare voice session" };
-          }
-        } else {
-          role = getEffectiveRole(context, currentMetadata.sharing);
-          if (!role) return { success: false, error: "Not authorized on this machine" };
-          try {
-            const machineDeps = buildMachineDeps(
-              {
-                getSessionIds: handlers.getSessionIds,
-                getSessionRPCHandlers: handlers.getSessionRPCHandlers,
-                getTrackedSessions: handlers.getTrackedSessions,
-                spawnSession: handlers.spawnSession,
-                getDaemonStatus: () => ({ status: currentDaemonState.status, machineId, pid: currentDaemonState.pid })
-              },
-              { cwd: process.env.HOME, ownerEmail: currentMetadata.sharing?.owner }
-            );
-            prepared = await initMachineVoiceSession({ deps: machineDeps, role, voice: params.voice });
-          } catch (e) {
-            return { success: false, error: e?.message || "Failed to prepare voice session" };
-          }
-        }
-        voiceSidebands.get(userKey)?.close();
-        voiceSidebands.delete(userKey);
-        try {
-          const handle = await openSideband({
-            callId: params.callId,
-            apiKey: resolved.apiKey,
-            baseUrl: resolved.baseUrl,
-            prepared,
-            onClose: () => {
-              if (voiceSidebands.get(userKey)?.callId === params.callId) voiceSidebands.delete(userKey);
-            }
-          });
-          voiceSidebands.set(userKey, handle);
-          return { success: true, role, scope: params.sessionId ? "session" : "machine" };
-        } catch (e) {
-          return { success: false, error: e?.message || "Failed to attach voice sideband" };
-        }
-      },
-      // Explicit teardown of the caller's active voice sideband (e.g. on hang-up).
-      wiseReleaseVoice: async (_params, context) => {
-        trackInbound();
-        const userKey = (context?.user?.email || context?.user?.id || "anon").toLowerCase();
-        voiceSidebands.get(userKey)?.close();
-        voiceSidebands.delete(userKey);
-        return { success: true };
-      },
       // Text WISE turn. GLOBAL (machine-manager) by default; pass sessionId to
       // scope to a session. Runs server-side and returns the reply synchronously.
       wiseAsk: async (params, context) => {
@@ -2528,8 +2241,8 @@ async function registerMachineService(server, machineId, metadata, daemonState,
           }
           const deps = buildSessionDeps(rpc, { cwd, ownerEmail: owner });
           const sender = { name: context?.user?.email || context?.user?.id || "user", kind: "user", verified: true };
-          const { toolsForRole: toolsForRole2 } = await Promise.resolve().then(function () { return sideband; });
-          const r2 = await runWiseAgent({ message: params.message, sender, config: { tools: toolsForRole2(role2) }, deps, transport, model: resolved.model });
+          const { toolsForRole } = await import('./sideband-7glSvpTW.mjs');
+          const r2 = await runWiseAgent({ message: params.message, sender, config: { tools: toolsForRole(role2) }, deps, transport, model: resolved.model });
           return fmt(r2);
         }
         const role = getEffectiveRole(context, currentMetadata.sharing);
@@ -2587,6 +2300,19 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         if (!rpc?.channelDescribe) return { error: "channel not found" };
         return rpc.channelDescribe(kwargs.channel);
       },
+      // Clean GET endpoint for the self-contained skill markdown. Param is
+      // named `channel` (not `kwargs`) so the Hypha HTTP gateway maps a plain
+      // `?channel=<id>` query → a tidy, shareable SKILL.md URL.
+      skill: async (channel) => {
+        const id = channel;
+        if (!id) return "# error\nMissing ?channel=<id>";
+        const rpc = await findChannelOwner(id);
+        if (!rpc?.channelDescribe) return `# error
+channel "${id}" not found`;
+        const d = await rpc.channelDescribe(id);
+        return d?.skill?.body || `# error
+${d?.error || "not found"}`;
+      },
       send: async (kwargs = {}, context) => {
         trackInbound();
         const rpc = await findChannelOwner(kwargs.channel);
@@ -2624,13 +2350,6 @@ async function registerMachineService(server, machineId, metadata, daemonState,
       for (const listener of toRemove) {
         removeListener(listener, "disconnect");
       }
-      for (const h of voiceSidebands.values()) {
-        try {
-          h.close();
-        } catch {
-        }
-      }
-      voiceSidebands.clear();
       await server.unregisterService(serviceInfo.id);
       await server.unregisterService(channelsServiceInfo.id).catch(() => {
       });
@@ -2955,7 +2674,7 @@ function validateChannel(c) {
   if (c.action?.kind === "loop" && m === "caller-supplied" && !c.identity?.shared_key)
     errs.push("a caller-supplied channel without a shared_key may not use a loop action (unauthenticated task injection)");
   if (c.action?.kind === "agent" && m === "caller-supplied" && !c.identity?.shared_key) {
-    const MUTATING = ["run_bash", "send_to_session", "run_js"];
+    const MUTATING = ["run_bash", "send_to_session"];
     const ag = c.action.agent || {};
     const grantsMutating = (ag.tools || []).some((t) => MUTATING.includes(t)) || Object.values(ag.per_caller || {}).some((p) => (p?.tools || []).some((t) => MUTATING.includes(t)));
     if (grantsMutating) errs.push("a caller-supplied agent channel without a shared_key may not grant run_bash/send_to_session");
@@ -3041,25 +2760,53 @@ class ChannelStore {
     return caller;
   }
 }
-function generateSkillBody(channel, urlBase) {
-  const url = `${"https://<svamp-tunnel>"}/channel/${channel.id}`;
+function gatewayBase(channelsServiceId, baseUrl) {
+  const slash = channelsServiceId.indexOf("/");
+  if (slash < 0) return `${baseUrl.replace(/\/$/, "")}/services/${channelsServiceId}`;
+  const ws = channelsServiceId.slice(0, slash);
+  const clientSvc = channelsServiceId.slice(slash + 1);
+  return `${baseUrl.replace(/\/$/, "")}/${ws}/services/${clientSvc}`;
+}
+function generateSkillBody(channel, ctx) {
+  const svc = ctx?.channelsServiceId || "<workspace>/<machine>:channels";
+  const base = ctx?.baseUrl || "https://hypha.aicell.io";
+  const gw = ctx?.channelsServiceId ? gatewayBase(svc, base) : `${base}/<workspace>/services/<machine>:channels`;
+  const skillUrl = `${gw}/skill?channel=${channel.id}`;
+  const sendUrl = `${gw}/send`;
+  const key = ctx?.key || "<your-key>";
   const isAgent = channel.action?.kind === "agent";
-  const replyNote = isAgent ? `
-This is a WISE Agent channel: send() runs a fast assistant against the session's tools/skills and **returns its answer synchronously** in the result \`reply\`.` : `
-Delivery is fire-and-forget; the message lands in the agent's inbox tagged with your identity (from/verified).`;
+  const hyphaOpen = (channel.identity?.hypha_allow || []).length > 0;
+  const name = channel.skill?.name || channel.name;
+  const desc = channel.skill?.description || channel.description || `Send a message to the "${channel.name}" channel.`;
+  const replyNote = isAgent ? `This is a **WISE Agent** channel: \`send()\` runs a fast assistant against the session's tools/skills and returns its answer synchronously in the result \`reply\`.` : `Delivery is fire-and-forget \u2014 the message lands in the agent's inbox, tagged with your verified identity (\`from\`).`;
+  const rpcLine = hyphaOpen ? `**Hypha RPC** \u2014 preferred. Your verified Hypha identity is accepted, no key needed:` : `**Hypha RPC** \u2014 verified identity:`;
   return `---
-name: ${channel.skill?.name || channel.name}
-description: ${channel.skill?.description || channel.description || `Send a message to the "${channel.name}" channel.`}
+name: ${name}
+description: ${desc}
 ---
-# ${channel.name}
+# ${name}
 ${channel.description || ""}
 
-Self-contained guide for messaging another agent \u2014 share this (or its URL,
-${url}/skill.md) with an agent so it knows how to reach me.
-${replyNote}
+Self-contained guide for messaging the **${channel.name}** channel. ${replyNote}
+This skill (with every value below already filled in) is served at:
+${skillUrl}
+
+${rpcLine}
+\`\`\`js
+await get_service("${svc}").send({
+  channel: "${channel.id}",
+  message: "your message here",
+  from:    "your-name",
+});
+\`\`\`
+
+**HTTP** \u2014 any client, no Hypha SDK needed (Hypha gateway wraps args under \`kwargs\`):
+\`\`\`
+POST ${sendUrl}
+Content-Type: application/json
 
-Hypha RPC (preferred, verified identity, no key): get_service("<ws>/<machine>:channels").send({ channel: "${channel.id}", message: "..." })
-HTTP: POST ${url} with header Authorization: Bearer <your-key>, body { "message": "...", "from": "..." }`;
+{"kwargs": {"channel": "${channel.id}", "message": "your message here", "from": "your-name", "key": "${key}"}}
+\`\`\``;
 }
 
 function resolveSender(channel, input = {}) {
@@ -3337,6 +3084,19 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
     callbacks.onMetadataUpdate?.(metadata);
   };
   const channelStore = new ChannelStore(initialMetadata.path);
+  const cfg = server?.config || {};
+  const channelsServiceId = cfg.workspace && cfg.client_id ? `${cfg.workspace}/${cfg.client_id}:channels` : void 0;
+  const channelsBaseUrl = cfg.public_base_url || process.env.HYPHA_SERVER_URL || "https://hypha.aicell.io";
+  const skillCtxFor = (c) => ({
+    channelsServiceId,
+    baseUrl: channelsBaseUrl,
+    key: c.identity?.shared_key || c.identity?.callers?.[0]?.key
+  });
+  const skillUrlsFor = (c) => {
+    if (!channelsServiceId) return { skillUrl: void 0, sendUrl: void 0 };
+    const gw = gatewayBase(channelsServiceId, channelsBaseUrl);
+    return { skillUrl: `${gw}/describe?channel=${c.id}`, sendUrl: `${gw}/send` };
+  };
   const syncChannelsToMetadata = () => {
     metadata.channels = channelStore.list();
     metadataVersion++;
@@ -3550,7 +3310,17 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
       authorizeRequest(context, metadata.sharing, "view");
       const c = channelStore.get(id);
       if (!c) return { error: "not found" };
-      return { skill: generateSkillBody(c) };
+      const { skillUrl, sendUrl } = skillUrlsFor(c);
+      return {
+        skill: generateSkillBody(c, skillCtxFor(c)),
+        channelsServiceId,
+        channelId: c.id,
+        name: c.name,
+        skillUrl,
+        sendUrl,
+        key: c.identity?.shared_key || c.identity?.callers?.[0]?.key,
+        hyphaKeyless: (c.identity?.hypha_allow || []).length > 0
+      };
     },
     // Public channel discovery (no session authz — channels are deliberately
     // published endpoints; each send() is gated by the channel's OWN identity).
@@ -3560,7 +3330,7 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
     channelDescribe: async (id) => {
       const c = channelStore.get(id);
       if (!c || c.enabled === false) return { error: "not found" };
-      return { ...channelPublicView(c), skill: { body: generateSkillBody(c) } };
+      return { ...channelPublicView(c), skill: { body: generateSkillBody(c, skillCtxFor(c)) } };
     },
     channelSend: async (params, context) => {
       const c = channelStore.get(params.channel);
@@ -10207,7 +9977,7 @@ async function startDaemon(options) {
     const list = loadExposedTunnels().filter((t) => t.name !== name);
     saveExposedTunnels(list);
   }
-  const { ServeManager } = await import('./serveManager-Dn9GyzAG.mjs');
+  const { ServeManager } = await import('./serveManager-CoVwgYS_.mjs');
   const serveManager = new ServeManager(SVAMP_HOME, (msg) => logger.log(`[SERVE] ${msg}`), hyphaServerUrl);
   ensureAutoInstalledSkills(logger).catch(() => {
   });
@@ -12835,7 +12605,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
       const specs = loadExposedTunnels();
       if (specs.length === 0) return;
       logger.log(`[exposed-tunnels] Restoring ${specs.length} tunnel(s) from ${EXPOSED_TUNNELS_FILE}`);
-      const { FrpcTunnel } = await import('./frpc-BBNWJChC.mjs');
+      const { FrpcTunnel } = await import('./frpc-glQKHUBu.mjs');
       for (const spec of specs) {
         if (tunnels.has(spec.name)) continue;
         try {
@@ -13607,4 +13377,4 @@ var run = /*#__PURE__*/Object.freeze({
     writeStopMarker: writeStopMarker
 });
 
-export { normalizeAllowedUser as A, loadSecurityContextConfig as B, resolveSecurityContext as C, buildSecurityContextFromFlags as D, mergeSecurityContexts as E, buildSessionShareUrl as F, computeOutboundHop as G, buildMachineShareUrl as H, generateHookSettings as I, DefaultTransport$1 as J, acpBackend as K, acpAgentConfig as L, codexMcpBackend as M, GeminiTransport$1 as N, claudeAuth as O, instanceConfig as P, api as Q, RoutineStore as R, ServeAuth as S, run as T, registerSessionService as a, stopDaemon as b, connectToHypha as c, daemonStatus as d, clearStopMarker as e, stopMarkerExists as f, getHyphaServerUrl$1 as g, getFrpsSubdomainHost as h, getFrpsServerPort as i, getFrpsServerAddr as j, getHyphaServerUrl as k, hasCookieToken as l, RoutineRunner as m, getSkillsServer as n, getSkillsWorkspaceName as o, parseFrontmatter as p, getSkillsCollectionName as q, registerMachineService as r, startDaemon as s, fetchWithTimeout as t, searchSkills as u, SKILLS_DIR as v, getSkillInfo as w, downloadSkillFile as x, listSkillFiles as y, resolveModel as z };
+export { loadMachineContext as A, buildMachineInstructions as B, machineToolsForRole as C, buildMachineTools as D, resolveModel as E, normalizeAllowedUser as F, loadSecurityContextConfig as G, resolveSecurityContext as H, buildSecurityContextFromFlags as I, mergeSecurityContexts as J, buildSessionShareUrl as K, computeOutboundHop as L, buildMachineShareUrl as M, describeMisconfiguration as N, buildMachineDeps as O, generateHookSettings as P, DefaultTransport$1 as Q, RoutineStore as R, ServeAuth as S, acpBackend as T, acpAgentConfig as U, codexMcpBackend as V, GeminiTransport$1 as W, claudeAuth as X, instanceConfig as Y, api as Z, run as _, registerSessionService as a, stopDaemon as b, connectToHypha as c, daemonStatus as d, clearStopMarker as e, stopMarkerExists as f, getHyphaServerUrl$1 as g, getFrpsSubdomainHost as h, getFrpsServerPort as i, getFrpsServerAddr as j, getHyphaServerUrl as k, hasCookieToken as l, RoutineRunner as m, getSkillsServer as n, getSkillsWorkspaceName as o, parseFrontmatter as p, getSkillsCollectionName as q, registerMachineService as r, startDaemon as s, fetchWithTimeout as t, searchSkills as u, SKILLS_DIR as v, getSkillInfo as w, downloadSkillFile as x, listSkillFiles as y, READ_ONLY_TOOLS as z };