@cortexkit/opencode-magic-context 0.21.4 → 0.21.6

package/README.md

@@ -386,7 +386,7 @@ On startup, Magic Context checks for common configuration problems — OpenCode'
 A companion desktop app for browsing and managing Magic Context state outside of OpenCode.
 
 <p align="center">
-   <a href="https://github.com/cortexkit/magic-context/releases/tag/dashboard-v0.4.5"><strong>⬇️ Download for macOS · Windows · Linux</strong></a></p>
+   <a href="https://github.com/cortexkit/magic-context/releases/tag/dashboard-v0.4.6"><strong>⬇️ Download for macOS · Windows · Linux</strong></a></p>
 
 **Features:**
 - **Memory Browser** — search, filter, and edit project memories with category and project filtering

package/dist/agents/permissions.d.ts

@@ -0,0 +1,142 @@
+/**
+ * Permission rulesets for Magic Context's hidden subagents.
+ *
+ * # Why this exists
+ *
+ * Hidden agents (`historian`, `historian-editor`, `dreamer`, `sidekick`) are
+ * registered with `mode: "subagent"` and `hidden: true`, but those flags
+ * only control visibility in the UI picker — they do NOT restrict which
+ * tools the spawned session can call. By default a registered subagent
+ * inherits the FULL primary-agent tool surface: `task`, `bash`, `edit`,
+ * `webfetch`, `websearch`, `read`, `grep`, `glob`, every MCP tool, etc.
+ *
+ * That default is wrong for our agents:
+ *   - Historian should be a pure XML-emitting summarizer. It must not
+ *     dispatch `task(subagent_type=explore)` to fan out, edit files,
+ *     run bash, or fetch the web — its job is to read offloaded state
+ *     files and emit `<compartment>` blocks.
+ *   - The `task` permission only gets auto-denied when an agent is
+ *     INVOKED via the parent's `task()` tool (see OpenCode's
+ *     `deriveSubagentSessionPermission`). Our hidden agents are spawned
+ *     directly via `client.session.prompt(...)` from the plugin
+ *     runtime, so that auto-deny never fires — they get the same
+ *     `task` permission as a primary `build` agent.
+ *
+ * # Design
+ *
+ * Each hidden agent's `permission` field starts with `{ "*": "deny" }`
+ * and adds explicit `allow` entries for ONLY the tool ids it needs.
+ * OpenCode's `Permission.fromConfig` converts this flat map into a
+ * `Rule[]` ruleset where later entries override earlier ones, so the
+ * named allows always win against the wildcard deny.
+ *
+ * This is the same pattern OpenCode's own `explore` subagent uses
+ * (see `packages/opencode/src/agent/agent.ts:179-201`).
+ *
+ * User-supplied agent overrides (`pluginConfig.historian.permission`,
+ * etc.) still merge on top via OpenCode's `Permission.merge`, so
+ * advanced users can extend the allow-list without us blocking them.
+ *
+ * # What each agent needs
+ *
+ *   - **historian / historian-editor / compressor**: `read` plus the
+ *     read-only AFT navigation tools `aft_outline` and `aft_zoom`.
+ *     The runner offloads large existing-state XML to a temp file
+ *     under `<project>/.opencode/magic-context/historian/` and the
+ *     prompt instructs the model to read that file. AFT navigation
+ *     is allowed so historian can verify a symbol or file structure
+ *     when writing accurate compartment summaries.
+ *
+ *   - **dreamer**: `read`, `grep`, `glob`, `bash`, the read-only AFT
+ *     navigation tools `aft_outline` and `aft_zoom`, plus the Magic
+ *     Context MCP tools `ctx_memory`, `ctx_search`, `ctx_note`.
+ *     Dreamer task prompts in
+ *     `features/magic-context/dreamer/task-prompts.ts` explicitly tell
+ *     the model to grep schema files for defaults, read source to
+ *     confirm claims, run `git log` / `gh` / `curl` for verify and
+ *     smart-note evaluation, and use glob/find for directory
+ *     inventory. Live DB shows >100 bash invocations across all
+ *     dreamer task variants. `task` / `edit` / `write` / `webfetch` /
+ *     `websearch` remain denied — dreamer must not spawn subagents
+ *     or commit changes.
+ *
+ *   - **sidekick**: `ctx_search`, `ctx_memory`, plus the read-only AFT
+ *     navigation tools `aft_outline` and `aft_zoom`. Sidekick's job
+ *     is augmenting user prompts via memory retrieval — see
+ *     `features/magic-context/sidekick/agent.ts`. AFT navigation lets
+ *     it pull symbol-scoped structural context for prompts that
+ *     reference a specific file or symbol.
+ */
+/**
+ * Build a `permission` map suitable for `AgentConfig.permission`. Starts
+ * with a wildcard deny, then layers in the named tool allows on top.
+ * OpenCode's `Permission.fromConfig` preserves insertion order and its
+ * `evaluate` uses `findLast`, so named allows defeat the wildcard deny.
+ *
+ * Returns `Record<string, "deny" | "allow">` which the SDK's
+ * `AgentConfig.permission` type accepts via its `[key: string]: unknown`
+ * index signature. The same pattern is used by OpenCode's built-in
+ * `explore`/`scout`/`general` agents and by Alfonso for its static
+ * agent profiles.
+ */
+export declare function buildAllowOnlyPermission(allowedTools: readonly string[]): Record<string, "deny" | "allow">;
+/**
+ * Tools the historian + historian-editor + compressor agents need.
+ *
+ * Historian runners offload large `<existing_state>` XML to disk and
+ * tell the model to `read` it before emitting the summary XML. The
+ * core need is `read`; we also allow the read-only AFT navigation
+ * tools `aft_outline` and `aft_zoom` so that if a historian/compressor
+ * ever needs to verify a symbol or skim a file's structure to write
+ * an accurate compartment summary, it can do so token-efficiently
+ * instead of pulling whole files via `read`.
+ *
+ * Still denied: bash, edit, write, task, grep/glob, webfetch/
+ * websearch. Historian's job is summarizing the input it was given,
+ * not exploring the repo.
+ */
+export declare const HISTORIAN_ALLOWED_TOOLS: readonly ["read", "aft_outline", "aft_zoom"];
+/**
+ * Tools the dreamer agent needs. This is the broadest hidden-agent
+ * surface because dreamer's tasks legitimately require local-repo
+ * exploration plus external command execution:
+ *
+ *   - `ctx_memory` / `ctx_search` / `ctx_note` — the canonical memory
+ *     CRUD and retrieval path for consolidate / verify / archive /
+ *     improve and smart-note dismissal.
+ *   - `read` / `grep` / `glob` — the verify task prompt
+ *     (`task-prompts.ts`) explicitly tells the model to grep schema
+ *     files for default values, read source to confirm claimed
+ *     behavior, and use glob for project structure inventory.
+ *   - `bash` — required for smart-note condition evaluation (the
+ *     prompt explicitly mentions `gh` / `git` / `curl` / file reads),
+ *     for the verify task's `git log --oneline --since=...` step, and
+ *     for the improve task's `find` / `grep` directory inventory. The
+ *     live OpenCode DB shows over 100 `bash` invocations across
+ *     consolidate / verify / improve / archive-stale / smart-notes
+ *     dreamer child sessions, so removing it would regress real,
+ *     documented dreamer behavior.
+ *
+ * Deliberately NOT allowed:
+ *   - `task` — no subagent fanout from dreamer
+ *   - `edit` / `write` — dreamer must not modify project files;
+ *     `task-prompts.ts` explicitly states "Do not commit changes"
+ *   - `webfetch` / `websearch` — out of scope; smart-note URL fetches
+ *     go through `bash` + `curl` instead
+ */
+export declare const DREAMER_ALLOWED_TOOLS: readonly ["read", "grep", "glob", "bash", "aft_outline", "aft_zoom", "ctx_memory", "ctx_search", "ctx_note"];
+/**
+ * Tools the sidekick agent needs. Sidekick is a read-only memory
+ * retriever for `/ctx-aug` — it queries the project's memory store
+ * via `ctx_search` and (rarely) reads specific memories with
+ * `ctx_memory(action="list")`.
+ *
+ * Also allow `aft_outline` and `aft_zoom` so sidekick can pull
+ * lightweight structural context about a file or symbol when the
+ * user's prompt references it directly — token-efficient navigation
+ * without dragging in whole files.
+ *
+ * Still denied: spawning subagents, edits, bash, web fetches.
+ */
+export declare const SIDEKICK_ALLOWED_TOOLS: readonly ["ctx_search", "ctx_memory", "aft_outline", "aft_zoom"];
+//# sourceMappingURL=permissions.d.ts.map

package/dist/agents/permissions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../src/agents/permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoEG;AAEH;;;;;;;;;;;GAWG;AACH,wBAAgB,wBAAwB,CACpC,YAAY,EAAE,SAAS,MAAM,EAAE,GAChC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,CAMlC;AAED;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,uBAAuB,8CAA+C,CAAC;AAEpF;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,eAAO,MAAM,qBAAqB,8GAUxB,CAAC;AAEX;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,sBAAsB,kEAKzB,CAAC"}

package/dist/config/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,KAAK,kBAAkB,EAA4B,MAAM,wBAAwB,CAAC;AAG3F,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAChE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CACZ,MAAM,EACN;QACI,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,OAAO,CAAC;KACrB,CACJ,CAAC;CACL;AAmBD,MAAM,MAAM,WAAW,GACjB,IAAI,GACJ,0BAA0B,GAC1B,uBAAuB,GACvB,iBAAiB,GACjB,sBAAsB,CAAC;AAE7B,MAAM,WAAW,kBAAkB;IAC/B,MAAM,EAAE,wBAAwB,GAAG;QAAE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACjE,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE;QACL,UAAU,EAAE,WAAW,CAAC;QACxB,aAAa,EAAE,WAAW,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9F,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACnC;AA0VD,wBAAgB,gBAAgB,CAC5B,SAAS,EAAE,MAAM,GAClB,wBAAwB,GAAG;IAAE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,CA2E1D;AAgDD,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,MAAM,GAAG,kBAAkB,CAuE9E"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,KAAK,kBAAkB,EAA4B,MAAM,wBAAwB,CAAC;AAG3F,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAChE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CACZ,MAAM,EACN;QACI,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,OAAO,CAAC;KACrB,CACJ,CAAC;CACL;AAmBD,MAAM,MAAM,WAAW,GACjB,IAAI,GACJ,0BAA0B,GAC1B,uBAAuB,GACvB,iBAAiB,GACjB,sBAAsB,CAAC;AAE7B,MAAM,WAAW,kBAAkB;IAC/B,MAAM,EAAE,wBAAwB,GAAG;QAAE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACjE,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE;QACL,UAAU,EAAE,WAAW,CAAC;QACxB,aAAa,EAAE,WAAW,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9F,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACnC;AAkWD,wBAAgB,gBAAgB,CAC5B,SAAS,EAAE,MAAM,GAClB,wBAAwB,GAAG;IAAE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,CA2E1D;AAgDD,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,MAAM,GAAG,kBAAkB,CAuE9E"}

package/dist/config/schema/agent-overrides.d.ts

@@ -18,33 +18,33 @@ export declare const AgentOverrideConfigSchema: z.ZodObject<{
     maxSteps: z.ZodOptional<z.ZodNumber>;
     permission: z.ZodOptional<z.ZodObject<{
         edit: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         bash: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
-        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
-            ask: "ask";
             allow: "allow";
+            ask: "ask";
+        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>]>>;
         webfetch: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         doom_loop: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         external_directory: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
     }, z.core.$strip>>;
     maxTokens: z.ZodOptional<z.ZodNumber>;

package/dist/config/schema/magic-context.d.ts

@@ -58,33 +58,33 @@ export declare const DreamerConfigSchema: z.ZodObject<{
     maxSteps: z.ZodOptional<z.ZodNumber>;
     permission: z.ZodOptional<z.ZodObject<{
         edit: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         bash: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
-        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
-            ask: "ask";
             allow: "allow";
+            ask: "ask";
+        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>]>>;
         webfetch: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         doom_loop: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         external_directory: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
     }, z.core.$strip>>;
     maxTokens: z.ZodOptional<z.ZodNumber>;
@@ -138,33 +138,33 @@ export declare const SidekickConfigSchema: z.ZodOptional<z.ZodObject<{
     maxSteps: z.ZodOptional<z.ZodNumber>;
     permission: z.ZodOptional<z.ZodObject<{
         edit: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         bash: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
-        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
-            ask: "ask";
             allow: "allow";
+            ask: "ask";
+        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>]>>;
         webfetch: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         doom_loop: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         external_directory: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
     }, z.core.$strip>>;
     maxTokens: z.ZodOptional<z.ZodNumber>;
@@ -205,33 +205,33 @@ export declare const HistorianConfigSchema: z.ZodOptional<z.ZodObject<{
     maxSteps: z.ZodOptional<z.ZodNumber>;
     permission: z.ZodOptional<z.ZodObject<{
         edit: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         bash: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
-        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
-            ask: "ask";
             allow: "allow";
+            ask: "ask";
+        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>]>>;
         webfetch: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         doom_loop: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
         external_directory: z.ZodOptional<z.ZodEnum<{
-            ask: "ask";
-            allow: "allow";
             deny: "deny";
+            allow: "allow";
+            ask: "ask";
         }>>;
     }, z.core.$strip>>;
     maxTokens: z.ZodOptional<z.ZodNumber>;
@@ -416,33 +416,33 @@ export declare const MagicContextConfigSchema: z.ZodPipe<z.ZodObject<{
         maxSteps: z.ZodOptional<z.ZodNumber>;
         permission: z.ZodOptional<z.ZodObject<{
             edit: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
             bash: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
-            }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
-                ask: "ask";
                 allow: "allow";
+                ask: "ask";
+            }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>]>>;
             webfetch: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
             doom_loop: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
             external_directory: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
         }, z.core.$strip>>;
         maxTokens: z.ZodOptional<z.ZodNumber>;
@@ -475,33 +475,33 @@ export declare const MagicContextConfigSchema: z.ZodPipe<z.ZodObject<{
         maxSteps: z.ZodOptional<z.ZodNumber>;
         permission: z.ZodOptional<z.ZodObject<{
             edit: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
             bash: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
-            }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
-                ask: "ask";
                 allow: "allow";
+                ask: "ask";
+            }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>]>>;
             webfetch: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
             doom_loop: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
             external_directory: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
         }, z.core.$strip>>;
         maxTokens: z.ZodOptional<z.ZodNumber>;
@@ -636,33 +636,33 @@ export declare const MagicContextConfigSchema: z.ZodPipe<z.ZodObject<{
         maxSteps: z.ZodOptional<z.ZodNumber>;
         permission: z.ZodOptional<z.ZodObject<{
             edit: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
             bash: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
-            }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
-                ask: "ask";
                 allow: "allow";
+                ask: "ask";
+            }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>]>>;
             webfetch: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
             doom_loop: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
             external_directory: z.ZodOptional<z.ZodEnum<{
-                ask: "ask";
-                allow: "allow";
                 deny: "deny";
+                allow: "allow";
+                ask: "ask";
             }>>;
         }, z.core.$strip>>;
         maxTokens: z.ZodOptional<z.ZodNumber>;
@@ -763,11 +763,11 @@ export declare const MagicContextConfigSchema: z.ZodPipe<z.ZodObject<{
         color?: string | undefined;
         maxSteps?: number | undefined;
         permission?: {
-            edit?: "ask" | "allow" | "deny" | undefined;
-            bash?: "ask" | "allow" | "deny" | Record<string, "ask" | "allow" | "deny"> | undefined;
-            webfetch?: "ask" | "allow" | "deny" | undefined;
-            doom_loop?: "ask" | "allow" | "deny" | undefined;
-            external_directory?: "ask" | "allow" | "deny" | undefined;
+            edit?: "deny" | "allow" | "ask" | undefined;
+            bash?: "deny" | "allow" | "ask" | Record<string, "deny" | "allow" | "ask"> | undefined;
+            webfetch?: "deny" | "allow" | "ask" | undefined;
+            doom_loop?: "deny" | "allow" | "ask" | undefined;
+            external_directory?: "deny" | "allow" | "ask" | undefined;
         } | undefined;
         maxTokens?: number | undefined;
         variant?: string | undefined;
@@ -801,11 +801,11 @@ export declare const MagicContextConfigSchema: z.ZodPipe<z.ZodObject<{
         color?: string | undefined;
         maxSteps?: number | undefined;
         permission?: {
-            edit?: "ask" | "allow" | "deny" | undefined;
-            bash?: "ask" | "allow" | "deny" | Record<string, "ask" | "allow" | "deny"> | undefined;
-            webfetch?: "ask" | "allow" | "deny" | undefined;
-            doom_loop?: "ask" | "allow" | "deny" | undefined;
-            external_directory?: "ask" | "allow" | "deny" | undefined;
+            edit?: "deny" | "allow" | "ask" | undefined;
+            bash?: "deny" | "allow" | "ask" | Record<string, "deny" | "allow" | "ask"> | undefined;
+            webfetch?: "deny" | "allow" | "ask" | undefined;
+            doom_loop?: "deny" | "allow" | "ask" | undefined;
+            external_directory?: "deny" | "allow" | "ask" | undefined;
         } | undefined;
         maxTokens?: number | undefined;
         variant?: string | undefined;
@@ -831,11 +831,11 @@ export declare const MagicContextConfigSchema: z.ZodPipe<z.ZodObject<{
         color?: string | undefined;
         maxSteps?: number | undefined;
         permission?: {
-            edit?: "ask" | "allow" | "deny" | undefined;
-            bash?: "ask" | "allow" | "deny" | Record<string, "ask" | "allow" | "deny"> | undefined;
-            webfetch?: "ask" | "allow" | "deny" | undefined;
-            doom_loop?: "ask" | "allow" | "deny" | undefined;
-            external_directory?: "ask" | "allow" | "deny" | undefined;
+            edit?: "deny" | "allow" | "ask" | undefined;
+            bash?: "deny" | "allow" | "ask" | Record<string, "deny" | "allow" | "ask"> | undefined;
+            webfetch?: "deny" | "allow" | "ask" | undefined;
+            doom_loop?: "deny" | "allow" | "ask" | undefined;
+            external_directory?: "deny" | "allow" | "ask" | undefined;
         } | undefined;
         maxTokens?: number | undefined;
         variant?: string | undefined;

package/dist/config/variable.d.ts

@@ -9,6 +9,11 @@ export interface SubstituteInput {
      * so callers should prefer passing a real path when one exists.
      */
     configPath?: string;
+    /**
+     * Project-level config files are untrusted repository input. Do not expand
+     * secret-bearing tokens there; leave them literal and warn instead.
+     */
+    isProjectConfig?: boolean;
 }
 export interface SubstituteResult {
     /** Config text with all `{env:X}` and `{file:path}` tokens replaced. */
@@ -25,7 +30,7 @@ export interface SubstituteResult {
  *
  * Mirrors OpenCode's `ConfigVariable.substitute` semantics so users can share
  * the same patterns across `opencode.json(c)` and `magic-context.jsonc`:
- *   - `{env:VAR}` → `process.env.VAR` (trimmed key), empty string when missing
+ *   - `{env:VAR}` → `process.env.VAR` (trimmed key), JSON-escaped for safe inlining, empty string when missing
  *   - `{file:~/path}` → contents of `~/path`, JSON-escaped for safe inlining
  *   - `{file:./rel}` or `{file:rel}` → resolved against the config file's dir
  *   - `{file:/abs}` → resolved as absolute
@@ -35,12 +40,9 @@ export interface SubstituteResult {
  * typo in an optional embedding key should not prevent the plugin from loading
  * with other (valid) settings.
  *
- * File content substitution is JSON-escaped (wrapped then unwrapped through
- * `JSON.stringify`) so line breaks, quotes, and backslashes in file contents
- * survive the subsequent JSONC parse. Env value substitution is NOT escaped,
- * matching OpenCode — env values are typically API keys without JSON-special
- * characters. Users who need to embed a value with quotes or newlines should
- * use `{file:...}`.
+ * File and env value substitution is JSON-escaped (wrapped then unwrapped
+ * through `JSON.stringify`) so line breaks, quotes, and backslashes survive
+ * the subsequent JSONC parse.
  */
 export declare function substituteConfigVariables(input: SubstituteInput): SubstituteResult;
 //# sourceMappingURL=variable.d.ts.map

package/dist/config/variable.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"variable.d.ts","sourceRoot":"","sources":["../../src/config/variable.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,eAAe;IAC5B,4CAA4C;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,gBAAgB;IAC7B,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,QAAQ,EAAE,MAAM,EAAE,CAAC;CACtB;AAKD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,eAAe,GAAG,gBAAgB,CA6ElF"}
+{"version":3,"file":"variable.d.ts","sourceRoot":"","sources":["../../src/config/variable.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,eAAe;IAC5B,4CAA4C;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC7B,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,QAAQ,EAAE,MAAM,EAAE,CAAC;CACtB;AAKD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,eAAe,GAAG,gBAAgB,CAqGlF"}

package/dist/features/magic-context/key-files/project-key-files.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"project-key-files.d.ts","sourceRoot":"","sources":["../../../../src/features/magic-context/key-files/project-key-files.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAEvD,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,eAAe,CAAC;AAE7D,MAAM,WAAW,iBAAiB;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,WAAW,EAAE,kBAAkB,GAAG,IAAI,CAAC;CAC1C;AAED,MAAM,WAAW,kBAAkB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,oBAAoB,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,aAAa;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,qBAAsB,SAAQ,aAAa;IACxD,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,kBAAkB,GAAG,IAAI,CAAC;CAC1C;AAED,QAAA,MAAM,oBAAoB,cAAc,CAAC;AAGzC,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAErD;AAED,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAO/E;AAiBD,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAY1F;AAED,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,CAM5E;AAED,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,CAQ7E;AAED,wBAAgB,kBAAkB,CAC9B,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,aAAa,EAAE,GACvB,qBAAqB,EAAE,CAiBzB;AAED,wBAAgB,sBAAsB,CAClC,EAAE,EAAE,QAAQ,EACZ,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,kBAAkB,EAAE,EAC3B,WAAW,SAAa,GACzB,MAAM,CAsCR;AAED,wBAAgB,sBAAsB,CAClC,EAAE,EAAE,QAAQ,EACZ,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,qBAAqB,EAAE,EAC9B,WAAW,EAAE,MAAM,EACnB,gBAAgB,EAAE,MAAM,GAAG,IAAI,EAC/B,oBAAoB,EAAE,MAAM,GAC7B,IAAI,CAoBN;AAED,wBAAgB,2BAA2B,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,SAAa,GAAG,MAAM,CAyBlF;AAED,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAUxF;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAC"}
+{"version":3,"file":"project-key-files.d.ts","sourceRoot":"","sources":["../../../../src/features/magic-context/key-files/project-key-files.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAEvD,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,eAAe,CAAC;AAE7D,MAAM,WAAW,iBAAiB;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,WAAW,EAAE,kBAAkB,GAAG,IAAI,CAAC;CAC1C;AAED,MAAM,WAAW,kBAAkB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,oBAAoB,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,aAAa;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,qBAAsB,SAAQ,aAAa;IACxD,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,kBAAkB,GAAG,IAAI,CAAC;CAC1C;AAED,QAAA,MAAM,oBAAoB,cAAc,CAAC;AAGzC,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAErD;AAED,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAO/E;AAiBD,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAY1F;AAED,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,CAM5E;AAED,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,CAQ7E;AAED,wBAAgB,kBAAkB,CAC9B,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,aAAa,EAAE,GACvB,qBAAqB,EAAE,CAiBzB;AAED,wBAAgB,sBAAsB,CAClC,EAAE,EAAE,QAAQ,EACZ,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,kBAAkB,EAAE,EAC3B,WAAW,SAAa,GACzB,MAAM,CAsCR;AAED,wBAAgB,sBAAsB,CAClC,EAAE,EAAE,QAAQ,EACZ,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,qBAAqB,EAAE,EAC9B,WAAW,EAAE,MAAM,EACnB,gBAAgB,EAAE,MAAM,GAAG,IAAI,EAC/B,oBAAoB,EAAE,MAAM,GAC7B,IAAI,CAoBN;AAED,wBAAgB,2BAA2B,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,SAAa,GAAG,MAAM,CA6BlF;AAED,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAUxF;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAC"}

package/dist/features/magic-context/migrations.d.ts

@@ -1,4 +1,22 @@
 import type { Database } from "../../shared/sqlite";
+/**
+ * Detect the specific case where a sibling process already committed the
+ * same `schema_migrations` row we're about to insert. Two OpenCode/Pi
+ * instances starting concurrently can both read `MAX(version)=N` before
+ * either commits. The first commits v(N+1); the second's transaction body
+ * runs `migration.up()` (a no-op now that the schema change already
+ * landed), then hits PRIMARY KEY conflict on the
+ * `INSERT INTO schema_migrations` row.
+ *
+ * Without this guard the plugin fail-closes and the second instance
+ * refuses to start. With it, we recognize "sibling beat us to it",
+ * re-read the version, and continue from the next pending migration.
+ *
+ * Important: only PRIMARY KEY conflicts on `schema_migrations` are
+ * swallowed. Any other failure (CREATE TABLE, ALTER TABLE, data heal,
+ * etc.) surfaces normally and fail-closes per contract.
+ */
+export declare function isSiblingMigrationConflict(db: Database, error: unknown, version: number): boolean;
 /**
  * Run all pending migrations sequentially.
  * Each migration runs in its own transaction — if it fails, only that migration rolls back.

package/dist/features/magic-context/migrations.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../../../src/features/magic-context/migrations.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAyqBpD;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,QAAQ,GAAG,IAAI,CAgEhD"}
+{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../../../src/features/magic-context/migrations.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAspBpD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,0BAA0B,CAAC,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAkBjG;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,QAAQ,GAAG,IAAI,CAgEhD"}

package/dist/features/magic-context/storage-db.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"storage-db.d.ts","sourceRoot":"","sources":["../../../src/features/magic-context/storage-db.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAyE/C,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,QAAQ,GAAG,IAAI,CA0arD;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,QAAQ,GAAG,IAAI,CAIrD;AAgGD,wBAAgB,YAAY,CACxB,EAAE,EAAE,QAAQ,EACZ,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GACnB,IAAI,CAqBN;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,YAAY,IAAI,QAAQ,CA4DvC;AAED,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,QAAQ,GAAG,OAAO,CAEzD;AAED,wBAAgB,2BAA2B,CAAC,EAAE,EAAE,QAAQ,GAAG,MAAM,GAAG,IAAI,CAEvE;AAED,wBAAgB,aAAa,IAAI,IAAI,CAUpC;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC"}
+{"version":3,"file":"storage-db.d.ts","sourceRoot":"","sources":["../../../src/features/magic-context/storage-db.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAyE/C,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,QAAQ,GAAG,IAAI,CAmbrD;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,QAAQ,GAAG,IAAI,CAIrD;AAgGD,wBAAgB,YAAY,CACxB,EAAE,EAAE,QAAQ,EACZ,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GACnB,IAAI,CAqBN;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,YAAY,IAAI,QAAQ,CA4DvC;AAED,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,QAAQ,GAAG,OAAO,CAEzD;AAED,wBAAgB,2BAA2B,CAAC,EAAE,EAAE,QAAQ,GAAG,MAAM,GAAG,IAAI,CAEvE;AAED,wBAAgB,aAAa,IAAI,IAAI,CAUpC;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC"}

package/dist/features/magic-context/storage-meta-persisted.d.ts

@@ -206,6 +206,23 @@ export declare function setPendingCompactionMarkerState(db: Database, sessionId:
  * pending stays intact for B's own next consuming pass.
  */
 export declare function clearPendingCompactionMarkerStateIf(db: Database, sessionId: string, expected: PendingCompactionMarker): boolean;
+/**
+ * Payload stored in `session_meta.pending_pi_compaction_marker_state` between
+ * a Pi historian/recomp publication and the next materializing Pi context pass.
+ * Stored with `stableStringify` so CAS clear can compare byte-for-byte.
+ */
+export interface PendingPiCompactionMarker {
+    firstKeptEntryId: string;
+    endMessageId: string;
+    ordinal: number;
+    tokensBefore: number;
+    summary: string;
+    publishedAt: number;
+}
+export declare function getPendingPiCompactionMarkerState(db: Database, sessionId: string): PendingPiCompactionMarker | null;
+export declare function setPendingPiCompactionMarkerState(db: Database, sessionId: string, state: PendingPiCompactionMarker | null): void;
+export declare function clearPendingPiCompactionMarkerStateIf(db: Database, sessionId: string, expected: PendingPiCompactionMarker): boolean;
+export declare function getSessionsWithPendingPiMarker(db: Database): string[];
 export declare function peekDeferredExecutePending(db: Database, sessionId: string): DeferredExecutePayload | null;
 export declare function setDeferredExecutePendingIfAbsent(db: Database, sessionId: string, payload: DeferredExecutePayload): boolean;
 export declare function clearDeferredExecutePendingIfMatches(db: Database, sessionId: string, expected: DeferredExecutePayload): boolean;