kairos-chain 2.9.0 → 2.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f00cda5bb11b581435b296790b3cac3b49a1919f7280897b545b23ed2ead72a9
-  data.tar.gz: cb213562d6fa26ee5cec11ee68f2242bff54ae72e23d51457a9beee11ece5fbd
+  metadata.gz: 22a10126d8c47cb81f6bf99b4c223d6458031d8af00192a25a90d150b05d514d
+  data.tar.gz: c36cae83262c20b11e32d226a8129ad8adbcc23da2f5ddecbb31b088db4029fd
 SHA512:
-  metadata.gz: 7b53f2bde852c3a0476509819b31cea297904c9515cddf438b0922d1efcf8c7f4eaa2a9b1762d39ba2e8b2f9057287354e946bca8bc9654459b92ef0389a8323
-  data.tar.gz: 832dcf7703ce7cbfcf035684841e7922370430725e412044b4427e87353459e87984b122717966b3c1aca1e5b874b2cf1fffc2b391844b3e9636ff6a0267e7c8
+  metadata.gz: 7ff3830bd7d998a9cbc35e97da26aeed80028836705872a1bedbb5d73dcff5feaae64e193cb1a56d7f54f25e6b0bd546984f73a50594138368f1e29539a356e2
+  data.tar.gz: 9d0db4ba9b32462a7aa6c66f5bc1bc15e35e3816573e1a4f39911738b48c0845894acd3ebae1cb3d4d5dcbfd08d55733d9eebe6d3d2372fbf036ef84f208afc6

data/CHANGELOG.md

@@ -4,6 +4,39 @@ All notable changes to the `kairos-chain` gem will be documented in this file.
 
 This project follows [Semantic Versioning](https://semver.org/).
 
+## [2.10.0] - 2026-03-18
+
+### Added
+
+- **Autonomos SkillSet** (`autonomos` v0.1.0): New opt-in SkillSet for autonomous project execution via OODA cycles with human-in-the-loop safety.
+  - `autonomos_cycle`: Single-cycle observe → orient → decide pass. Returns structured proposal with gap analysis, autoexec-compatible task JSON, and complexity-driven deliberation hints.
+  - `autonomos_reflect`: Post-execution reflection with L2 context save and two-phase chain recording (intent + outcome). Regex-based evaluation with human feedback correction.
+  - `autonomos_status`: Cycle history viewer for mandate and cycle state inspection.
+  - `autonomos_loop`: Continuous mode via mandate-based pre-authorization. Multi-cycle execution with risk budget gates (`low`/`medium`), goal hash verification, checkpoint system (1-3 cycle intervals), loop detection (number-normalized string comparison), and error threshold (2 consecutive).
+  - **L2-first goal loading**: Goals loaded from L2 context (newest session first) with L1 knowledge fallback. Supports `type: autonomos_goal` frontmatter and checklist-based gap identification.
+  - **Complexity-driven deliberation**: Proposals include `complexity_hint` (`low`/`medium`/`high`) with signals (`high_risk`, `many_gaps`, `design_scope`) to guide LLM escalation to persona assembly review.
+  - **Safety model**: PID-based cycle lock, inherited autoexec safety (risk classification, L0 deny-list, hash-locked plans), goal hash verification per cycle, no L0 modification capability.
+  - **Chain recording**: Two-phase commit (intent at decide, outcome at reflect) — constitutive, not evidential (Proposition 5).
+  - Bundled L1 knowledge: `autonomos_guide` (usage guide with goal convention, cycle states, continuous mode, related L1 knowledge references)
+  - Hard dependency on `autoexec` SkillSet
+  - 90 unit tests, 203 assertions
+
+- **Review Discipline L1 Knowledge** (`review_discipline`): Codified countermeasures for LLM-common cognitive biases discovered during 6 rounds of multi-LLM review triangulation.
+  - 3 bias patterns: Caller-side bias, Fix-what-was-flagged bias, Mock fidelity bias
+  - Per-bias checklists for systematic review
+  - Multi-LLM review workflow (v0.1 manual)
+
+### Fixed
+
+- **Autonomos checkpoint resume infinite loop**: `checkpoint_due?` re-evaluated immediately on resume when `cycles_completed % checkpoint_every == 0` still true. Fixed with `resuming_from_pause` flag that skips checkpoint evaluation once after resume.
+- **Autonomos storage_path API mismatch**: `KairosMcp.kairos_dir` (nonexistent) → `KairosMcp.data_dir` (correct API). Previously fell back to `Dir.pwd/.kairos` accidentally.
+- **Autonomos save_context return unchecked**: `Reflector.save_to_l2` now checks `save_context` return value for `{ success: false }` and returns nil on failure.
+- **Autonomos load_l2_context key/order**: Fixed to use `sessions.first[:session_id]` (newest-first from ContextManager).
+- **Autonomos loop detection number bypass**: Gap descriptions now number-normalized (`gsub(/\d+/, 'N')`) before comparison to prevent interpolated counts from defeating detection.
+- **Autonomos orphan cycle on loop termination**: Mandate state (last_cycle_id, recent_gaps) saved BEFORE loop detection check so terminate_loop sees correct state.
+
+---
+
 ## [2.9.0] - 2026-03-14
 
 ### Added

data/bin/kairos-chain

@@ -119,6 +119,30 @@ when 'skillset'
       exit 1
     end
 
+  when 'upgrade'
+    apply = ARGV.delete('--apply')
+    upgrades = manager.upgrade_check
+
+    if upgrades.empty?
+      puts "All SkillSets are up to date."
+    elsif apply
+      results = manager.upgrade_apply
+      results.each do |r|
+        puts "Updated #{r[:name]}: v#{r[:from]} -> v#{r[:to]} (#{r[:files_updated]} files)"
+      end
+      puts "Done. #{results.size} SkillSet(s) upgraded."
+    else
+      puts "SkillSet upgrades available:"
+      puts ""
+      upgrades.each do |u|
+        label = u[:version_bump] ? "v#{u[:installed_version]} -> v#{u[:available_version]}" : "files changed"
+        puts "  #{u[:name]}: #{label}"
+        u[:changed_files].each { |f| puts "    Modified: #{f}" }
+        puts ""
+      end
+      puts "Run 'kairos-chain skillset upgrade --apply' to apply updates."
+    end
+
   when 'remove'
     name = ARGV.shift
     unless name
@@ -316,6 +340,14 @@ OptionParser.new do |opts|
     options[:init_admin] = true
   end
 
+  opts.on('--quiet', 'Suppress token output (for scripted/Docker usage)') do
+    options[:quiet] = true
+  end
+
+  opts.on('--token-output-file PATH', 'Write raw admin token to file (mode 0600)') do |path|
+    options[:token_output_file] = path
+  end
+
   opts.on('--token-store PATH', 'Path to token store file') do |path|
     options[:token_store] = path
   end
@@ -374,8 +406,26 @@ end
 # Handle --init-admin
 if options[:init_admin]
   require 'kairos_mcp/auth/token_store'
+  require 'kairos_mcp/skills_config'
+
+  # Load SkillSets first so registered backends (e.g. Multiuser/PostgreSQL) are available
+  begin
+    require 'kairos_mcp/skillset_manager'
+    KairosMcp::SkillSetManager.new.enabled_skillsets.each(&:load!)
+  rescue StandardError => e
+    $stderr.puts "[init-admin] SkillSet load: #{e.message}"
+  end
+
+  http_config = KairosMcp::SkillsConfig.load['http'] || {}
+  store_path = options[:token_store] || http_config['token_store']
+  if store_path && !File.absolute_path?(store_path)
+    store_path = File.join(KairosMcp.data_dir, store_path)
+  end
 
-  store = KairosMcp::Auth::TokenStore.new(options[:token_store])
+  store = KairosMcp::Auth::TokenStore.create(
+    backend: http_config['token_backend'],
+    store_path: store_path
+  )
 
   if !store.empty?
     $stderr.puts "[WARNING] Active tokens already exist."
@@ -385,40 +435,58 @@ if options[:init_admin]
     store.list.each do |t|
       $stderr.puts "  - #{t[:user]} (#{t[:role]}, expires: #{t[:expires_at] || 'never'})"
     end
-    $stderr.puts ""
-    $stderr.puts "Proceed anyway? (y/N)"
-    answer = $stdin.gets&.strip
-    exit unless answer&.downcase == 'y'
+
+    if $stdin.tty?
+      $stderr.puts ""
+      $stderr.puts "Proceed anyway? (y/N)"
+      answer = $stdin.gets&.strip
+      exit unless answer&.downcase == 'y'
+    else
+      $stderr.puts ""
+      $stderr.puts "[init-admin] Non-interactive mode: skipping confirmation."
+    end
   end
 
   result = store.create(user: 'admin', role: 'owner', issued_by: 'system')
 
-  puts ""
-  puts "=" * 60
-  puts "  KairosChain Admin Token Generated"
-  puts "=" * 60
-  puts ""
-  puts "  Token: #{result['raw_token']}"
-  puts "  User:  #{result['user']}"
-  puts "  Role:  #{result['role']}"
-  puts "  Expires: #{result['expires_at'] || 'never'}"
-  puts ""
-  puts "  IMPORTANT: Store this token securely."
-  puts "  It will NOT be shown again."
-  puts ""
-  puts "  Configure in Cursor mcp.json:"
-  puts "  {"
-  puts "    \"mcpServers\": {"
-  puts "      \"kairos\": {"
-  puts "        \"url\": \"http://localhost:#{options[:port] || 8080}/mcp\","
-  puts "        \"headers\": {"
-  puts "          \"Authorization\": \"Bearer #{result['raw_token']}\""
-  puts "        }"
-  puts "      }"
-  puts "    }"
-  puts "  }"
-  puts ""
-  puts "=" * 60
+  if options[:token_output_file]
+    require 'fileutils'
+    FileUtils.mkdir_p(File.dirname(options[:token_output_file]))
+    File.write(options[:token_output_file], result[:raw_token] || result['raw_token'])
+    File.chmod(0600, options[:token_output_file])
+    $stderr.puts "[init-admin] Token written to: #{options[:token_output_file]}"
+  end
+
+  if options[:quiet]
+    exit
+  end
+
+  $stderr.puts ""
+  $stderr.puts "=" * 60
+  $stderr.puts "  KairosChain Admin Token Generated"
+  $stderr.puts "=" * 60
+  $stderr.puts ""
+  $stderr.puts "  Token: #{result[:raw_token] || result['raw_token']}"
+  $stderr.puts "  User:  #{result[:user] || result['user']}"
+  $stderr.puts "  Role:  #{result[:role] || result['role']}"
+  $stderr.puts "  Expires: #{result[:expires_at] || result['expires_at'] || 'never'}"
+  $stderr.puts ""
+  $stderr.puts "  IMPORTANT: Store this token securely."
+  $stderr.puts "  It will NOT be shown again."
+  $stderr.puts ""
+  $stderr.puts "  Configure in Cursor mcp.json:"
+  $stderr.puts "  {"
+  $stderr.puts "    \"mcpServers\": {"
+  $stderr.puts "      \"kairos\": {"
+  $stderr.puts "        \"url\": \"http://localhost:#{options[:port] || 8080}/mcp\","
+  $stderr.puts "        \"headers\": {"
+  $stderr.puts "          \"Authorization\": \"Bearer #{result['raw_token']}\""
+  $stderr.puts "        }"
+  $stderr.puts "      }"
+  $stderr.puts "    }"
+  $stderr.puts "  }"
+  $stderr.puts ""
+  $stderr.puts "=" * 60
   exit
 end
 

data/lib/kairos_mcp/admin/router.rb

@@ -3,6 +3,7 @@
 require 'json'
 require 'uri'
 require_relative 'helpers'
+require_relative '../protocol'
 
 module KairosMcp
   module Admin
@@ -75,7 +76,7 @@ module KairosMcp
           return redirect_with_flash('/admin/login', 'Admin access requires owner role.')
         end
 
-        @current_user = user_info
+        @current_user = Protocol.apply_all_filters(user_info)
         @csrf_token = session[:csrf_token]
 
         # CSRF check for POST requests
@@ -83,12 +84,15 @@ module KairosMcp
           return html_response(403, render('layout', content: '<p>CSRF validation failed. Please try again.</p>'))
         end
 
-        # Authenticated routes
+        # Authenticated routes — set thread-scoped user context for PgBackend
+        Thread.current[:kairos_user_context] = @current_user
         route(method, path, env)
       rescue StandardError => e
         $stderr.puts "[ADMIN ERROR] #{e.message}"
         $stderr.puts e.backtrace.first(5).join("\n")
         html_response(500, render('_error', layout: true, error: e.message))
+      ensure
+        Thread.current[:kairos_user_context] = nil
       end
 
       private
@@ -407,7 +411,7 @@ module KairosMcp
 
       def handle_knowledge_detail_partial(name)
         require_relative '../knowledge_provider'
-        provider = KnowledgeProvider.new
+        provider = KnowledgeProvider.new(nil, user_context: @current_user)
         entry = provider.get(name)
 
         if entry
@@ -428,7 +432,7 @@ module KairosMcp
 
       def handle_context_list_partial(session_id)
         require_relative '../context_manager'
-        manager = ContextManager.new
+        manager = ContextManager.new(nil, user_context: @current_user)
         contexts = manager.list_contexts_in_session(session_id)
         html_response(200, render_partial('_context_list',
                                           session_id: session_id,
@@ -437,7 +441,7 @@ module KairosMcp
 
       def handle_context_detail_partial(session_id, name)
         require_relative '../context_manager'
-        manager = ContextManager.new
+        manager = ContextManager.new(nil, user_context: @current_user)
         entry = manager.get_context(session_id, name)
 
         if entry
@@ -486,7 +490,7 @@ module KairosMcp
 
       def fetch_knowledge_list(search: nil)
         require_relative '../knowledge_provider'
-        provider = KnowledgeProvider.new
+        provider = KnowledgeProvider.new(nil, user_context: @current_user)
         if search && !search.empty?
           provider.search(search)
         else
@@ -506,7 +510,7 @@ module KairosMcp
 
       def fetch_state_status
         require_relative '../state_commit/commit_service'
-        service = StateCommit::CommitService.new
+        service = StateCommit::CommitService.new(user_context: @current_user)
         service.status
       rescue StandardError
         { enabled: false, has_changes: false,
@@ -515,7 +519,7 @@ module KairosMcp
 
       def fetch_context_sessions
         require_relative '../context_manager'
-        manager = ContextManager.new
+        manager = ContextManager.new(nil, user_context: @current_user)
         manager.list_sessions
       rescue StandardError
         []

data/lib/kairos_mcp/auth/authenticator.rb

@@ -36,6 +36,15 @@ module KairosMcp
       # @param env [Hash] Rack environment hash
       # @return [AuthResult] Result with success/failure details
       def authenticate!(env)
+        # Local dev mode: when no tokens are configured, allow unauthenticated
+        # access with a default owner context. This makes local testing seamless.
+        if @token_store.empty?
+          return AuthResult.new(
+            success: true,
+            user_context: { user: 'local', role: 'owner', local_dev: true }
+          )
+        end
+
         raw_token = extract_bearer_token(env)
 
         unless raw_token

data/lib/kairos_mcp/auth/token_store.rb

@@ -40,6 +40,34 @@ module KairosMcp
       TOKEN_PREFIX = 'kc_'
       DEFAULT_EXPIRY_DAYS = 90
 
+      # =====================================================================
+      # SkillSet TokenStore Registry
+      # =====================================================================
+
+      @registry = {}
+
+      # Register a named TokenStore backend (e.g. 'postgresql')
+      def self.register(name, klass)
+        @registry[name.to_s] = klass
+      end
+
+      def self.unregister(name)
+        @registry.delete(name.to_s)
+      end
+
+      # Factory: create a TokenStore based on config.
+      # If a SkillSet has registered a backend matching config[:backend],
+      # use that; otherwise fall back to file-based store.
+      def self.create(config = {})
+        backend = config[:backend]&.to_s
+        if backend && @registry.key?(backend)
+          return @registry[backend].new(config[backend.to_sym] || {})
+        end
+        new(config[:store_path])
+      end
+
+      # =====================================================================
+
       attr_reader :store_path
 
       def initialize(store_path = nil)

data/lib/kairos_mcp/context_manager.rb

@@ -13,9 +13,10 @@ module KairosMcp
   # - Session-based organization
   #
   class ContextManager
-    def initialize(context_dir = nil)
-      context_dir ||= KairosMcp.context_dir
+    def initialize(context_dir = nil, user_context: nil)
+      context_dir ||= KairosMcp.context_dir(user_context: user_context)
       @context_dir = context_dir
+      @user_context = user_context
       FileUtils.mkdir_p(@context_dir)
     end
 

data/lib/kairos_mcp/http_server.rb

@@ -45,17 +45,24 @@ module KairosMcp
 
       @port = port || http_config['port'] || DEFAULT_PORT
       @host = host || http_config['host'] || DEFAULT_HOST
+
+      # SkillSets must load BEFORE TokenStore.create so that plugins
+      # (e.g. Multiuser) can register alternative backends first.
+      eager_load_skillsets
+
       store_path = token_store_path || http_config['token_store']
       if store_path && !File.absolute_path?(store_path)
         store_path = File.join(KairosMcp.data_dir, store_path)
       end
-      @token_store = Auth::TokenStore.new(store_path)
+
+      @token_store = Auth::TokenStore.create(
+        backend: http_config['token_backend'],
+        store_path: store_path
+      )
       @authenticator = Auth::Authenticator.new(@token_store)
       @admin_router = Admin::Router.new(token_store: @token_store, authenticator: @authenticator)
       @meeting_router = MeetingRouter.new
-      @place_router = nil  # Initialized lazily via meeting_place_start tool
-
-      eager_load_skillsets
+      @place_router = nil
     end
 
     # Load SkillSets at startup so /meeting/* endpoints work immediately.
@@ -69,9 +76,11 @@ module KairosMcp
 
     # Start the HTTP server with Puma
     def run
+      KairosMcp.http_server = self
       check_dependencies!
       check_tokens!
       check_version_mismatch
+      auto_start_meeting_place
 
       app = build_rack_app
       server = self
@@ -82,6 +91,7 @@ module KairosMcp
       log "Health check: GET /health"
       log "Admin UI:     GET /admin"
       log "MMP P2P:      /meeting/v1/*"
+      log "Place API:    /place/v1/*" if @place_router
 
       require 'puma'
       require 'puma/configuration'
@@ -162,7 +172,8 @@ module KairosMcp
         server: 'kairos-chain',
         version: KairosMcp::VERSION,
         transport: 'streamable-http',
-        tokens_configured: !@token_store.empty?
+        tokens_configured: !@token_store.empty?,
+        place_started: !@place_router.nil?
       }
 
       [200, JSON_HEADERS, [body.to_json]]
@@ -216,15 +227,20 @@ module KairosMcp
       @place_router.call(env)
     end
 
-    # Start the Meeting Place (called by meeting_place_start tool)
-    def start_place(identity:, trust_anchor_client: nil)
+    # Start the Meeting Place (called by meeting_place_start tool or auto-start)
+    #
+    # @param hestia_config [Hash, nil] Full Hestia config hash. PlaceRouter
+    #   expects the full config (it accesses config['meeting_place'] internally).
+    #   When nil, PlaceRouter falls back to ::Hestia.load_config.
+    def start_place(identity:, trust_anchor_client: nil, hestia_config: nil)
       require 'hestia'
-      @place_router = ::Hestia::PlaceRouter.new
-      @place_router.start(
+      router = ::Hestia::PlaceRouter.new(config: hestia_config)
+      router.start(
         identity: identity,
         session_store: @meeting_router.session_store,
         trust_anchor_client: trust_anchor_client
       )
+      @place_router = router
     end
 
     # -----------------------------------------------------------------------
@@ -237,6 +253,29 @@ module KairosMcp
 
     private
 
+    # Auto-start Meeting Place if hestia.yml has meeting_place.enabled: true
+    def auto_start_meeting_place
+      require 'hestia'
+      hestia_config = ::Hestia.load_config
+      return unless hestia_config.dig('meeting_place', 'enabled')
+
+      mmp_config = ::MMP.load_config rescue nil
+      return unless mmp_config&.dig('enabled')
+
+      identity = ::MMP::Identity.new(config: mmp_config)
+      trust_anchor = nil
+      if hestia_config.dig('trust_anchor', 'record_registrations')
+        trust_anchor = ::Hestia.chain_client(config: hestia_config.dig('chain'))
+      end
+
+      start_place(identity: identity, trust_anchor_client: trust_anchor, hestia_config: hestia_config)
+      log "Meeting Place auto-started (config: meeting_place.enabled = true)"
+    rescue LoadError => e
+      $stderr.puts "[HttpServer] Meeting Place auto-start skipped: Hestia SkillSet not available (#{e.message})"
+    rescue StandardError => e
+      $stderr.puts "[HttpServer] Meeting Place auto-start failed: #{e.message}"
+    end
+
     def check_dependencies!
       begin
         require 'puma'
@@ -261,11 +300,9 @@ module KairosMcp
     def check_tokens!
       if @token_store.empty?
         $stderr.puts <<~MSG
-          [WARNING] No active tokens found.
-          No clients will be able to connect without a valid token.
-
-          Generate an admin token with:
-            kairos-chain --init-admin
+          [INFO] Local dev mode: no tokens configured.
+          MCP endpoint accepts unauthenticated requests as local owner.
+          For production, generate a token with: kairos-chain --init-admin
 
         MSG
       end

data/lib/kairos_mcp/knowledge_provider.rb

@@ -31,9 +31,10 @@ module KairosMcp
     # @param knowledge_dir [String] Path to knowledge directory
     # @param vector_search_enabled [Boolean] Enable vector search
     # @param storage_backend [Storage::Backend, nil] Storage backend to use
-    def initialize(knowledge_dir = nil, vector_search_enabled: true, storage_backend: nil)
-      knowledge_dir ||= KairosMcp.knowledge_dir
+    def initialize(knowledge_dir = nil, vector_search_enabled: true, storage_backend: nil, user_context: nil)
+      knowledge_dir ||= KairosMcp.knowledge_dir(user_context: user_context)
       @knowledge_dir = knowledge_dir
+      @user_context = user_context
       @vector_search_enabled = vector_search_enabled
       @storage_backend = storage_backend
       @vector_search = nil
@@ -658,7 +659,7 @@ module KairosMcp
 
       # Check if auto-commit should be triggered
       if SkillsConfig.state_commit_auto_enabled?
-        service = StateCommit::CommitService.new
+        service = StateCommit::CommitService.new(user_context: @user_context)
         service.check_and_auto_commit
       end
     rescue StandardError => e

data/lib/kairos_mcp/protocol.rb

@@ -10,11 +10,42 @@ module KairosMcp
     STDIO_PROTOCOL_VERSION = '2024-11-05'
     HTTP_PROTOCOL_VERSION = '2025-03-26'
 
+    # =========================================================================
+    # SkillSet Filter Registry
+    # =========================================================================
+
+    @filters = {}
+    @filter_mutex = Mutex.new
+
+    # Register a named request filter.
+    # Filters transform user_context before it reaches ToolRegistry.
+    def self.register_filter(name, &block)
+      @filter_mutex.synchronize { @filters[name.to_sym] = block }
+    end
+
+    def self.unregister_filter(name)
+      @filter_mutex.synchronize { @filters.delete(name.to_sym) }
+    end
+
+    # Apply all registered filters to user_context in registration order
+    def self.apply_all_filters(user_context)
+      @filter_mutex.synchronize { @filters.values.dup }.reduce(user_context) do |ctx, filter|
+        filter.call(ctx)
+      end
+    end
+
+    # For testing only
+    def self.clear_filters!
+      @filter_mutex.synchronize { @filters = {} }
+    end
+
+    # =========================================================================
+
     # @param user_context [Hash, nil] Authenticated user info from HTTP mode
     #   { user: "name", role: "owner"|"member"|"guest", ... }
     def initialize(user_context: nil)
-      @user_context = user_context
-      @tool_registry = ToolRegistry.new(user_context: user_context)
+      @user_context = self.class.apply_all_filters(user_context)
+      @tool_registry = ToolRegistry.new(user_context: @user_context)
       @initialized = false
     end
 
@@ -145,12 +176,15 @@ module KairosMcp
     def handle_tools_call(params)
       name = params['name']
       arguments = params['arguments'] || {}
-      
+
+      Thread.current[:kairos_user_context] = @user_context
       content = @tool_registry.call_tool(name, arguments)
-      
+
       {
         content: content
       }
+    ensure
+      Thread.current[:kairos_user_context] = nil
     end
 
     def format_response(id, result)

data/lib/kairos_mcp/resource_registry.rb

@@ -39,12 +39,12 @@ module KairosMcp
       '.pdf' => 'application/pdf'
     }.freeze
 
-    def initialize
+    def initialize(user_context: nil)
       @skills_dir = KairosMcp.skills_dir
-      @knowledge_dir = KairosMcp.knowledge_dir
-      @context_dir = KairosMcp.context_dir
-      @knowledge_provider = KnowledgeProvider.new(@knowledge_dir, vector_search_enabled: false)
-      @context_manager = ContextManager.new(@context_dir)
+      @knowledge_dir = KairosMcp.knowledge_dir(user_context: user_context)
+      @context_dir = KairosMcp.context_dir(user_context: user_context)
+      @knowledge_provider = KnowledgeProvider.new(@knowledge_dir, vector_search_enabled: false, user_context: user_context)
+      @context_manager = ContextManager.new(@context_dir, user_context: user_context)
     end
 
     # List all resources with optional filtering

data/lib/kairos_mcp/safe_evolver.rb

@@ -334,7 +334,7 @@ module KairosMcp
 
       # Check if auto-commit should be triggered
       if SkillsConfig.state_commit_auto_enabled?
-        service = StateCommit::CommitService.new
+        service = StateCommit::CommitService.new(user_context: Thread.current[:kairos_user_context])
         service.check_and_auto_commit
       end
     rescue StandardError => e