@cortexkit/opencode-magic-context 0.22.4 → 0.22.5

package/dist/index.js

@@ -287,7 +287,7 @@ __export(exports_util, {
   jsonStringifyReplacer: () => jsonStringifyReplacer,
   joinValues: () => joinValues,
   issue: () => issue,
-  isPlainObject: () => isPlainObject,
+  isPlainObject: () => isPlainObject3,
   isObject: () => isObject,
   hexToUint8Array: () => hexToUint8Array,
   getSizableOrigin: () => getSizableOrigin,
@@ -452,7 +452,7 @@ function slugify(input) {
 function isObject(data) {
   return typeof data === "object" && data !== null && !Array.isArray(data);
 }
-function isPlainObject(o) {
+function isPlainObject3(o) {
   if (isObject(o) === false)
     return false;
   const ctor = o.constructor;
@@ -469,7 +469,7 @@ function isPlainObject(o) {
   return true;
 }
 function shallowClone(o) {
-  if (isPlainObject(o))
+  if (isPlainObject3(o))
     return { ...o };
   if (Array.isArray(o))
     return [...o];
@@ -609,7 +609,7 @@ function omit(schema, mask) {
   return clone(schema, def);
 }
 function extend(schema, shape) {
-  if (!isPlainObject(shape)) {
+  if (!isPlainObject3(shape)) {
     throw new Error("Invalid input to extend: expected a plain object");
   }
   const checks = schema._zod.def.checks;
@@ -632,7 +632,7 @@ function extend(schema, shape) {
   return clone(schema, def);
 }
 function safeExtend(schema, shape) {
-  if (!isPlainObject(shape)) {
+  if (!isPlainObject3(shape)) {
     throw new Error("Invalid input to safeExtend: expected a plain object");
   }
   const def = mergeDefs(schema._zod.def, {
@@ -2115,7 +2115,7 @@ function mergeValues(a, b) {
   if (a instanceof Date && b instanceof Date && +a === +b) {
     return { valid: true, data: a };
   }
-  if (isPlainObject(a) && isPlainObject(b)) {
+  if (isPlainObject3(a) && isPlainObject3(b)) {
     const bKeys = Object.keys(b);
     const sharedKeys = Object.keys(a).filter((key) => bKeys.indexOf(key) !== -1);
     const newObj = { ...a, ...b };
@@ -3372,7 +3372,7 @@ var init_schemas = __esm(() => {
     $ZodType.init(inst, def);
     inst._zod.parse = (payload, ctx) => {
       const input = payload.value;
-      if (!isPlainObject(input)) {
+      if (!isPlainObject3(input)) {
         payload.issues.push({
           expected: "record",
           code: "invalid_type",
@@ -15162,6 +15162,9 @@ function normalizeStoredProjectPath(rawOrStored) {
     return directoryFallback(rawOrStored);
   }
 }
+function storedPathBelongsToIdentity(storedProjectPath, projectIdentity) {
+  return storedProjectPath === projectIdentity || normalizeStoredProjectPath(storedProjectPath) === projectIdentity;
+}
 var GIT_TIMEOUT_MS = 5000, identityCache, directoryFallbackCache, ProjectIdentityError;
 var init_project_identity = __esm(() => {
   identityCache = new Map;
@@ -16118,12 +16121,6 @@ function isCompartmentRow(row) {
   const candidate = row;
   return typeof candidate.id === "number" && typeof candidate.session_id === "string" && typeof candidate.sequence === "number" && typeof candidate.start_message === "number" && typeof candidate.end_message === "number" && typeof candidate.start_message_id === "string" && typeof candidate.end_message_id === "string" && typeof candidate.title === "string" && typeof candidate.content === "string" && isStringOrNullish(candidate.p1) && isStringOrNullish(candidate.p2) && isStringOrNullish(candidate.p3) && isStringOrNullish(candidate.p4) && isNumberOrNullish(candidate.importance) && isStringOrNullish(candidate.episode_type) && isNumberOrNullish(candidate.legacy) && typeof candidate.created_at === "number";
 }
-function isSessionFactRow(row) {
-  if (row === null || typeof row !== "object")
-    return false;
-  const candidate = row;
-  return typeof candidate.id === "number" && typeof candidate.session_id === "string" && typeof candidate.category === "string" && typeof candidate.content === "string" && typeof candidate.created_at === "number" && typeof candidate.updated_at === "number";
-}
 function insertCompartmentRows(db, sessionId, compartments, now) {
   const stmt = getInsertCompartmentStatement(db);
   for (const compartment of compartments) {
@@ -16152,16 +16149,6 @@ function toCompartment(row) {
     createdAt: row.created_at
   };
 }
-function toSessionFact(row) {
-  return {
-    id: row.id,
-    sessionId: row.session_id,
-    category: row.category,
-    content: row.content,
-    createdAt: row.created_at,
-    updatedAt: row.updated_at
-  };
-}
 function getCompartments(db, sessionId) {
   const rows = db.prepare("SELECT * FROM compartments WHERE session_id = ? ORDER BY sequence ASC").all(sessionId).filter(isCompartmentRow);
   return rows.map(toCompartment);
@@ -16170,6 +16157,11 @@ function getLastCompartmentEndMessage(db, sessionId) {
   const row = db.prepare("SELECT MAX(end_message) as max_end FROM compartments WHERE session_id = ?").get(sessionId);
   return row?.max_end ?? -1;
 }
+function getLastCompartmentEndMessageId(db, sessionId) {
+  const row = db.prepare("SELECT end_message_id FROM compartments WHERE session_id = ? ORDER BY sequence DESC LIMIT 1").get(sessionId);
+  const id = row?.end_message_id;
+  return id && id.length > 0 ? id : null;
+}
 function getCompartmentsByEndMessageId(db, sessionId, endMessageId) {
   const rows = db.prepare("SELECT * FROM compartments WHERE session_id = ? AND end_message_id = ? ORDER BY sequence ASC").all(sessionId, endMessageId).filter(isCompartmentRow);
   return rows.map(toCompartment);
@@ -16182,10 +16174,6 @@ function appendCompartments(db, sessionId, compartments) {
     insertCompartmentRows(db, sessionId, compartments, now);
   })();
 }
-function getSessionFacts(db, sessionId) {
-  const rows = db.prepare("SELECT * FROM session_facts WHERE session_id = ? ORDER BY category ASC, id ASC").all(sessionId).filter(isSessionFactRow);
-  return rows.map(toSessionFact);
-}
 function buildCompartmentBlock(compartments, facts, memoryBlock, dateRanges) {
   const lines = [];
   if (memoryBlock) {
@@ -151079,6 +151067,7 @@ CREATE INDEX IF NOT EXISTS idx_dream_queue_pending ON dream_queue(started_at, en
   ensureColumn(db, "session_meta", "system_prompt_hash", "TEXT DEFAULT ''");
   ensureColumn(db, "session_meta", "cleared_reasoning_through_tag", "INTEGER DEFAULT 0");
   ensureColumn(db, "session_meta", "stripped_placeholder_ids", "TEXT DEFAULT ''");
+  ensureColumn(db, "session_meta", "stale_reduce_stripped_ids", "TEXT DEFAULT ''");
   ensureColumn(db, "compartments", "start_message_id", "TEXT DEFAULT ''");
   ensureColumn(db, "compartments", "end_message_id", "TEXT DEFAULT ''");
   ensureColumn(db, "memory_embeddings", "model_id", "TEXT");
@@ -151229,6 +151218,7 @@ function healNullTextColumns(db) {
     ["todo_synthetic_state_json", ""],
     ["system_prompt_hash", ""],
     ["stripped_placeholder_ids", ""],
+    ["stale_reduce_stripped_ids", ""],
     ["memory_block_cache", ""],
     ["memory_block_ids", ""],
     ["compaction_marker_state", ""],
@@ -152199,7 +152189,7 @@ var init_migrations = __esm(async () => {
 
 // src/features/magic-context/project-docs-hash.ts
 import { createHash as createHash4 } from "node:crypto";
-import { readFileSync as readFileSync5, statSync as statSync2 } from "node:fs";
+import { lstatSync, readFileSync as readFileSync5, statSync as statSync2 } from "node:fs";
 import path4 from "node:path";
 function canonicalizeDocContent(raw) {
   return raw.replace(/^\uFEFF/, "").replace(/\r\n/g, `
@@ -152209,9 +152199,10 @@ function canonicalizeDocContent(raw) {
 }
 function fingerprintFile(filePath) {
   try {
-    const stat = statSync2(filePath);
+    const stat = lstatSync(filePath);
+    const isReadableDoc = stat.isFile() && stat.size <= MAX_PROJECT_DOC_BYTES;
     return {
-      exists: stat.isFile(),
+      exists: isReadableDoc,
       mtimeMs: stat.mtimeMs,
       size: stat.size
     };
@@ -152254,6 +152245,16 @@ function readCanonicalPieces(projectDirectory, files) {
     if (!fingerprint?.exists) {
       continue;
     }
+    let safeToRead = false;
+    try {
+      const st = lstatSync(filePath);
+      safeToRead = st.isFile() && st.size <= MAX_PROJECT_DOC_BYTES;
+    } catch {
+      safeToRead = false;
+    }
+    if (!safeToRead) {
+      continue;
+    }
     const canonicalContent = canonicalizeDocContent(readFileSync5(filePath, "utf8"));
     hashPieces.push(`file:${filename}
 ${canonicalContent}`);
@@ -152308,10 +152309,11 @@ var PROJECT_DOC_FILES, PROJECT_DOCS_DELIMITER = `
 
 ---
 
-`, docsCache;
+`, MAX_PROJECT_DOC_BYTES, docsCache;
 var init_project_docs_hash = __esm(() => {
   init_compartment_storage();
   PROJECT_DOC_FILES = ["ARCHITECTURE.md", "STRUCTURE.md"];
+  MAX_PROJECT_DOC_BYTES = 256 * 1024;
   docsCache = new Map;
 });
 
@@ -152648,7 +152650,8 @@ function casUpdateJsonArrayColumn(db, sessionId, column, validator, mutate, opti
   }
   for (let attempt = 0;attempt < CAS_RETRY_LIMIT; attempt += 1) {
     const row = db.prepare(`SELECT ${column} FROM session_meta WHERE session_id = ?`).get(sessionId);
-    const currentBlob = row?.[column] ?? "[]";
+    const rawCurrent = row?.[column] ?? null;
+    const currentBlob = rawCurrent ?? "[]";
     const current = parseJsonArray(currentBlob, validator);
     const next = mutate(current);
     if (next === null)
@@ -152656,7 +152659,7 @@ function casUpdateJsonArrayColumn(db, sessionId, column, validator, mutate, opti
     const nextBlob = stableStringify(next);
     if (nextBlob === currentBlob)
       return true;
-    const result = db.prepare(`UPDATE session_meta SET ${column} = ? WHERE session_id = ? AND ${column} = ?`).run(nextBlob, sessionId, currentBlob);
+    const result = db.prepare(`UPDATE session_meta SET ${column} = ? WHERE session_id = ? AND ${column} IS ?`).run(nextBlob, sessionId, rawCurrent);
     if (result.changes > 0)
       return true;
   }
@@ -152803,14 +152806,16 @@ function getHistorianFailureState(db, sessionId) {
   };
 }
 function incrementHistorianFailure(db, sessionId, error51) {
+  let nextCount = 1;
   db.transaction(() => {
     ensureSessionMetaRow(db, sessionId);
     const current = getHistorianFailureState(db, sessionId);
-    const nextCount = current.failureCount + 1;
+    nextCount = current.failureCount + 1;
     db.prepare("UPDATE session_meta SET historian_failure_count = ?, historian_last_error = ?, historian_last_failure_at = ? WHERE session_id = ?").run(nextCount, error51, Date.now(), sessionId);
     const reason = error51.replace(/\s+/g, " ").trim().slice(0, 300);
     sessionLog(sessionId, `historian failure recorded: count=${nextCount} reason="${reason}"`);
   })();
+  return nextCount;
 }
 function clearHistorianFailureState(db, sessionId) {
   db.transaction(() => {
@@ -152887,19 +152892,78 @@ function getStrippedPlaceholderIds(db, sessionId) {
   } catch {}
   return new Set;
 }
-function setStrippedPlaceholderIds(db, sessionId, ids) {
+function applyStrippedPlaceholderDelta(db, sessionId, delta) {
+  const add = delta.add ? [...delta.add] : [];
+  const remove = delta.remove ? [...delta.remove] : [];
+  if (add.length === 0 && remove.length === 0)
+    return true;
   ensureSessionMetaRow(db, sessionId);
-  const json2 = ids.size > 0 ? JSON.stringify([...ids]) : "";
-  db.prepare("UPDATE session_meta SET stripped_placeholder_ids = ? WHERE session_id = ?").run(json2, sessionId);
+  for (let attempt = 0;attempt < CAS_RETRY_LIMIT; attempt += 1) {
+    const row = db.prepare("SELECT stripped_placeholder_ids FROM session_meta WHERE session_id = ?").get(sessionId);
+    const rawStored = row ? row.stripped_placeholder_ids ?? null : null;
+    const current = new Set(parseStrippedBlob(rawStored));
+    for (const id of add)
+      current.add(id);
+    for (const id of remove)
+      current.delete(id);
+    const nextBlob = current.size > 0 ? JSON.stringify([...current]) : "";
+    if (nextBlob === (rawStored ?? ""))
+      return true;
+    const result = db.prepare("UPDATE session_meta SET stripped_placeholder_ids = ? WHERE session_id = ? AND stripped_placeholder_ids IS ?").run(nextBlob, sessionId, rawStored);
+    if (result.changes > 0)
+      return true;
+  }
+  sessionLog(sessionId, `stripped_placeholder_ids CAS: ${CAS_RETRY_LIMIT} retries exhausted`);
+  return false;
+}
+function parseStrippedBlob(raw) {
+  if (!raw || raw.length === 0)
+    return [];
+  try {
+    const parsed = JSON.parse(raw);
+    if (Array.isArray(parsed))
+      return parsed.filter((v) => typeof v === "string");
+  } catch {}
+  return [];
 }
 function removeStrippedPlaceholderId(db, sessionId, messageId) {
-  const ids = getStrippedPlaceholderIds(db, sessionId);
-  if (!ids.delete(messageId)) {
+  const before = getStrippedPlaceholderIds(db, sessionId);
+  if (!before.has(messageId)) {
     return false;
   }
-  setStrippedPlaceholderIds(db, sessionId, ids);
+  applyStrippedPlaceholderDelta(db, sessionId, { remove: [messageId] });
   return true;
 }
+function getStaleReduceStrippedIds(db, sessionId) {
+  const row = db.prepare("SELECT stale_reduce_stripped_ids FROM session_meta WHERE session_id = ?").get(sessionId);
+  return new Set(parseStrippedBlob(row?.stale_reduce_stripped_ids));
+}
+function addStaleReduceStrippedIds(db, sessionId, ids) {
+  const add = [...ids];
+  if (add.length === 0)
+    return true;
+  ensureSessionMetaRow(db, sessionId);
+  for (let attempt = 0;attempt < CAS_RETRY_LIMIT; attempt += 1) {
+    const row = db.prepare("SELECT stale_reduce_stripped_ids FROM session_meta WHERE session_id = ?").get(sessionId);
+    const rawStored = row ? row.stale_reduce_stripped_ids ?? null : null;
+    const current = new Set(parseStrippedBlob(rawStored));
+    let changed = false;
+    for (const id of add) {
+      if (!current.has(id)) {
+        current.add(id);
+        changed = true;
+      }
+    }
+    if (!changed)
+      return true;
+    const nextBlob = JSON.stringify([...current]);
+    const result = db.prepare("UPDATE session_meta SET stale_reduce_stripped_ids = ? WHERE session_id = ? AND stale_reduce_stripped_ids IS ?").run(nextBlob, sessionId, rawStored);
+    if (result.changes > 0)
+      return true;
+  }
+  sessionLog(sessionId, `stale_reduce_stripped_ids CAS: ${CAS_RETRY_LIMIT} retries exhausted`);
+  return false;
+}
 function isPendingCompactionMarker(value) {
   return typeof value === "object" && value !== null && typeof value.ordinal === "number" && typeof value.endMessageId === "string" && typeof value.publishedAt === "number";
 }
@@ -163811,7 +163875,7 @@ function cosineSimilarity(a, b) {
 }
 
 // src/features/magic-context/memory/embedding-identity.ts
-function normalizeEndpoint(endpoint) {
+function normalizeEndpoint2(endpoint) {
   return endpoint?.trim().replace(/\/+$/, "") ?? "";
 }
 function getEmbeddingProviderIdentity(config2) {
@@ -163821,7 +163885,7 @@ function getEmbeddingProviderIdentity(config2) {
   const identityInput = config2.provider === "openai-compatible" ? {
     provider: "openai-compatible",
     model: config2.model.trim(),
-    endpoint: normalizeEndpoint(config2.endpoint),
+    endpoint: normalizeEndpoint2(config2.endpoint),
     apiKeyPresent: Boolean(config2.api_key?.trim()),
     inputType: config2.input_type?.trim() || ""
   } : {
@@ -164182,8 +164246,64 @@ var init_embedding_local = __esm(() => {
   MAX_LOCK_WAIT_MS = 5 * 60000;
 });
 
+// src/features/magic-context/memory/embedding-ssrf.ts
+function isLinkLocalIpv4(host) {
+  return /^169\.254\.\d{1,3}\.\d{1,3}$/.test(host);
+}
+function ipv4FromMappedIpv6(host) {
+  const m = /^::ffff:(.+)$/.exec(host);
+  if (!m)
+    return null;
+  const tail = m[1];
+  if (/^\d{1,3}(\.\d{1,3}){3}$/.test(tail))
+    return tail;
+  const hex3 = /^([0-9a-f]{1,4}):([0-9a-f]{1,4})$/.exec(tail);
+  if (hex3) {
+    const hi = Number.parseInt(hex3[1], 16);
+    const lo = Number.parseInt(hex3[2], 16);
+    if (Number.isNaN(hi) || Number.isNaN(lo))
+      return null;
+    return `${hi >> 8 & 255}.${hi & 255}.${lo >> 8 & 255}.${lo & 255}`;
+  }
+  return null;
+}
+function blockedEmbeddingEndpointReason(endpoint) {
+  const trimmed = endpoint.trim();
+  if (trimmed.length === 0)
+    return null;
+  let url2;
+  try {
+    url2 = new URL(trimmed);
+  } catch {
+    return `embedding endpoint is not a valid URL: ${trimmed}`;
+  }
+  const host = url2.hostname.toLowerCase().replace(/^\[/, "").replace(/\]$/, "");
+  if (METADATA_HOSTNAMES.has(host)) {
+    return `embedding endpoint host ${host} is a cloud metadata service (blocked)`;
+  }
+  if (IPV6_METADATA_HOSTS.has(host)) {
+    return `embedding endpoint host ${host} is the AWS IPv6 metadata service (blocked)`;
+  }
+  if (isLinkLocalIpv4(host)) {
+    return `embedding endpoint host ${host} is link-local / cloud metadata (blocked)`;
+  }
+  const mappedV4 = ipv4FromMappedIpv6(host);
+  if (mappedV4 && isLinkLocalIpv4(mappedV4)) {
+    return `embedding endpoint host ${host} (IPv4-mapped ${mappedV4}) is link-local / cloud metadata (blocked)`;
+  }
+  if (host.startsWith("fe80:")) {
+    return `embedding endpoint host ${host} is link-local / cloud metadata (blocked)`;
+  }
+  return null;
+}
+var METADATA_HOSTNAMES, IPV6_METADATA_HOSTS;
+var init_embedding_ssrf = __esm(() => {
+  METADATA_HOSTNAMES = new Set(["metadata.google.internal", "metadata.goog"]);
+  IPV6_METADATA_HOSTS = new Set(["fd00:ec2::254"]);
+});
+
 // src/features/magic-context/memory/embedding-openai.ts
-function normalizeEndpoint2(endpoint) {
+function normalizeEndpoint3(endpoint) {
   return endpoint?.trim().replace(/\/+$/, "") ?? "";
 }
 
@@ -164200,7 +164320,7 @@ class OpenAICompatibleEmbeddingProvider {
   openLogged = false;
   halfOpenProbeInFlight = false;
   constructor(options) {
-    this.endpoint = normalizeEndpoint2(options.endpoint);
+    this.endpoint = normalizeEndpoint3(options.endpoint);
     this.model = options.model?.trim() ?? "";
     this.apiKey = options.apiKey?.trim() ?? "";
     this.inputType = options.inputType?.trim() ?? "";
@@ -164220,6 +164340,12 @@ class OpenAICompatibleEmbeddingProvider {
       this.initialized = false;
       return false;
     }
+    const blockedReason = blockedEmbeddingEndpointReason(this.endpoint);
+    if (blockedReason) {
+      log(`[magic-context] embedding endpoint blocked: ${blockedReason}`);
+      this.initialized = false;
+      return false;
+    }
     this.initialized = true;
     return true;
   }
@@ -164265,6 +164391,7 @@ class OpenAICompatibleEmbeddingProvider {
           ...this.inputType ? { input_type: this.inputType } : {},
           ...this.truncate ? { truncate: this.truncate } : {}
         }),
+        redirect: "error",
         signal: internalController.signal
       });
       if (!response.ok) {
@@ -164395,6 +164522,7 @@ var FAILURE_THRESHOLD = 3, FAILURE_WINDOW_MS = 60000, OPEN_DURATION_MS, FETCH_TI
 var init_embedding_openai = __esm(() => {
   init_logger();
   init_embedding_identity();
+  init_embedding_ssrf();
   OPEN_DURATION_MS = 5 * 60000;
 });
 
@@ -164635,11 +164763,15 @@ function resolveEmbeddingConfig(config2) {
   }
   if (config2.provider === "openai-compatible") {
     const apiKey = config2.api_key?.trim();
+    const inputType = config2.input_type?.trim();
+    const truncate = config2.truncate?.trim();
     return {
       provider: "openai-compatible",
       model: config2.model.trim(),
       endpoint: config2.endpoint.trim(),
-      ...apiKey ? { api_key: apiKey } : {}
+      ...apiKey ? { api_key: apiKey } : {},
+      ...inputType ? { input_type: inputType } : {},
+      ...truncate ? { truncate } : {}
     };
   }
   return { provider: "off" };
@@ -164655,7 +164787,9 @@ function createProvider(config2) {
     return new OpenAICompatibleEmbeddingProvider({
       endpoint: config2.endpoint,
       model: config2.model,
-      apiKey: config2.api_key
+      apiKey: config2.api_key,
+      inputType: config2.input_type,
+      truncate: config2.truncate
     });
   }
   return new LocalEmbeddingProvider(config2.model);
@@ -165433,15 +165567,15 @@ function updateCompactionMarkerAfterPublication(db, sessionId, lastCompartmentEn
   const existing = getPersistedCompactionMarkerState(db, sessionId);
   if (existing) {
     if (existing.boundaryOrdinal === lastCompartmentEnd) {
-      return;
+      return true;
     }
-    try {
-      removeCompactionMarker(existing);
-      setPersistedCompactionMarkerState(db, sessionId, null);
-      sessionLog(sessionId, `compaction-marker: removed old boundary at ordinal ${existing.boundaryOrdinal}, moving to ${lastCompartmentEnd}`);
-    } catch (error51) {
-      sessionLog(sessionId, `compaction-marker: failed to remove old boundary at ordinal ${existing.boundaryOrdinal}, proceeding with new injection:`, error51);
+    const removed = removeCompactionMarker(existing);
+    if (!removed) {
+      sessionLog(sessionId, `compaction-marker: failed to remove old boundary at ordinal ${existing.boundaryOrdinal}; preserving persisted state for retry (not injecting new marker this pass)`);
+      return false;
     }
+    setPersistedCompactionMarkerState(db, sessionId, null);
+    sessionLog(sessionId, `compaction-marker: removed old boundary at ordinal ${existing.boundaryOrdinal}, moving to ${lastCompartmentEnd}`);
   }
   const result = injectCompactionMarker({
     sessionId,
@@ -165455,7 +165589,9 @@ function updateCompactionMarkerAfterPublication(db, sessionId, lastCompartmentEn
       boundaryOrdinal: lastCompartmentEnd
     });
     sessionLog(sessionId, `compaction-marker: injected at ordinal ${lastCompartmentEnd}, boundary user msg ${result.boundaryMessageId}`);
+    return true;
   }
+  return false;
 }
 function removeCompactionMarkerForSession(db, sessionId) {
   const existing = getPersistedCompactionMarkerState(db, sessionId);
@@ -165490,10 +165626,10 @@ function checkCompactionMarkerConsistency(db) {
       const state = getPersistedCompactionMarkerState(db, row.session_id);
       if (!state)
         continue;
-      const boundaryExists = checkMessage.get(state.boundaryMessageId) !== null;
-      const summaryMessageExists = checkMessage.get(state.summaryMessageId) !== null;
-      const compactionPartExists = checkPart.get(state.compactionPartId) !== null;
-      const summaryPartExists = checkPart.get(state.summaryPartId) !== null;
+      const boundaryExists = checkMessage.get(state.boundaryMessageId) != null;
+      const summaryMessageExists = checkMessage.get(state.summaryMessageId) != null;
+      const compactionPartExists = checkPart.get(state.compactionPartId) != null;
+      const summaryPartExists = checkPart.get(state.summaryPartId) != null;
       const allPresent = boundaryExists && summaryMessageExists && compactionPartExists && summaryPartExists;
       if (allPresent)
         continue;
@@ -165753,6 +165889,26 @@ function validateHistorianOutput(text, _sessionId, chunk, _priorCompartments, se
     events: parsed.events.length > 0 ? parsed.events : undefined
   };
 }
+function buildHistorianFailureNotice(failureCount, lastError) {
+  if (failureCount >= HISTORIAN_PERSISTENT_FAILURE_THRESHOLD) {
+    return [
+      "## Magic Context — history comparting needs attention",
+      "",
+      `Magic Context has been unable to compart this session's history ${failureCount} times in a row. This usually means the configured historian model is misconfigured or unreachable (Magic Context already retried every fallback model automatically).`,
+      "",
+      `Last error: ${lastError}`,
+      "",
+      "Check your historian model in magic-context.jsonc, then restart. Your conversation keeps working normally in the meantime — this only affects how older history is summarized."
+    ].join(`
+`);
+  }
+  return [
+    "## Magic Context",
+    "",
+    "Hit a transient issue comparting history this turn — Magic Context will retry automatically on the next turn. Nothing is lost and your conversation continues normally. You'll only be alerted again if this keeps happening."
+  ].join(`
+`);
+}
 function buildHistorianRepairPrompt(originalPrompt, previousOutput, validationError) {
   return [
     originalPrompt,
@@ -165841,7 +165997,7 @@ function getReducedRecompTokenBudget(currentBudget) {
   const reducedBudget = Math.max(MIN_RECOMP_CHUNK_TOKEN_BUDGET, Math.floor(currentBudget / 2));
   return reducedBudget < currentBudget ? reducedBudget : null;
 }
-var MIN_RECOMP_CHUNK_TOKEN_BUDGET = 20;
+var MIN_RECOMP_CHUNK_TOKEN_BUDGET = 20, HISTORIAN_PERSISTENT_FAILURE_THRESHOLD = 3;
 var init_compartment_runner_validation = __esm(async () => {
   init_compartment_parser();
   await init_compartment_runner_mapping();
@@ -166544,6 +166700,9 @@ function escapeXmlAttr2(s) {
 function escapeXmlContent2(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
+function isTieredRow(c) {
+  return typeof c.p1 === "string" && c.p1.length > 0;
+}
 function tierBody(c, tier2) {
   const tiers = [c.p1, c.p2, c.p3, c.p4];
   const requested = tiers[tier2 - 1];
@@ -166573,12 +166732,13 @@ function renderOneCompartment(c, tier2) {
   const baseAttrs = `start="${c.startMessage}" end="${c.endMessage}" title="${escapeXmlAttr2(c.title)}"`;
   if (tier2 >= 5)
     return "";
-  if (c.legacy === 1) {
-    if (tier2 >= 4)
+  if (c.legacy === 1 || !isTieredRow(c)) {
+    const flat = (c.content ?? "").trim();
+    if (tier2 >= 4 || flat.length === 0)
       return `<compartment ${baseAttrs} />`;
     return [
       `<compartment ${baseAttrs}>`,
-      escapeXmlContent2(legacyBodyForTier(c.content, tier2)),
+      escapeXmlContent2(legacyBodyForTier(flat, tier2)),
       "</compartment>"
     ].join(`
 `);
@@ -167041,7 +167201,18 @@ function prepareCompartmentInjection(db, sessionId, messages, isCacheBusting, pr
   const lastCompartment = compartments[compartments.length - 1];
   const lastEnd = lastCompartment.endMessage;
   const lastEndMessageId = lastCompartment.endMessageId;
-  if (lastEndMessageId.length === 0) {
+  let trimEndMessageId = lastEndMessageId;
+  if (!isCacheBusting) {
+    const baseline = readCachedBaselineState(db, sessionId);
+    if (baseline.hasCachedM0) {
+      if (baseline.boundary) {
+        trimEndMessageId = baseline.boundary;
+      } else {
+        trimEndMessageId = "";
+      }
+    }
+  }
+  if (trimEndMessageId.length === 0) {
     sessionLog(sessionId, "injecting legacy compartments without visible-prefix trimming because latest stored compartment has no end_message_id", {
       compartmentCount: compartments.length,
       compartmentEndMessage: lastEnd
@@ -167060,18 +167231,18 @@ function prepareCompartmentInjection(db, sessionId, messages, isCacheBusting, pr
     return result2;
   }
   let skippedVisibleMessages = 0;
-  const cutoffIndex = messages.findIndex((message) => message.info.id === lastEndMessageId);
+  const cutoffIndex = messages.findIndex((message) => message.info.id === trimEndMessageId);
   if (cutoffIndex >= 0) {
     skippedVisibleMessages = cutoffIndex + 1;
     const remaining = messages.slice(cutoffIndex + 1);
     messages.splice(0, messages.length, ...remaining);
   } else {
-    sessionLog(sessionId, `compartment injection entering degraded mode: boundary ${lastEndMessageId} not in visible messages`);
+    sessionLog(sessionId, `compartment injection entering degraded mode: boundary ${trimEndMessageId} not in visible messages`);
   }
   const result = {
     block,
     compartmentEndMessage: lastEnd,
-    compartmentEndMessageId: cutoffIndex >= 0 ? lastEndMessageId : null,
+    compartmentEndMessageId: cutoffIndex >= 0 ? trimEndMessageId : null,
     compartmentCount: compartments.length,
     skippedVisibleMessages,
     factCount: facts.length,
@@ -167081,6 +167252,14 @@ function prepareCompartmentInjection(db, sessionId, messages, isCacheBusting, pr
   injectionCache.set(sessionId, { kind: "populated", injection: result });
   return result;
 }
+function readCachedBaselineState(db, sessionId) {
+  const row = db.prepare("SELECT cached_m0_bytes AS m0, cached_m0_last_baseline_end_message_id AS boundary FROM session_meta WHERE session_id = ?").get(sessionId);
+  const boundary = row?.boundary;
+  return {
+    hasCachedM0: row?.m0 != null,
+    boundary: boundary && boundary.length > 0 ? boundary : null
+  };
+}
 function renderCompartmentInjection(sessionId, messages, prepared) {
   const historyBlock = `<session-history>
 ${prepared.block}
@@ -167124,6 +167303,10 @@ function findFirstTextPart(parts) {
 function isDroppedPlaceholder(text) {
   return /^\[dropped §\d+§\]$/.test(text.trim());
 }
+function lastCompartmentBoundaryId(compartments) {
+  const last = compartments.at(-1);
+  return last?.endMessageId && last.endMessageId.length > 0 ? last.endMessageId : null;
+}
 function cachedStatement(cache, db, sql) {
   let stmt = cache.get(db);
   if (!stmt) {
@@ -167549,6 +167732,8 @@ function materializeM0(options) {
       modelKey: snapshotMarkers.modelKey
     });
     options.db.prepare("UPDATE session_meta SET memory_block_count = ?, memory_block_ids = ? WHERE session_id = ?").run(renderedMemoryIds.length, JSON.stringify(renderedMemoryIds), options.sessionId);
+    const baselineEndMessageId = lastCompartmentBoundaryId(compartments);
+    options.db.prepare("UPDATE session_meta SET cached_m0_last_baseline_end_message_id = ? WHERE session_id = ?").run(baselineEndMessageId, options.sessionId);
     options.db.exec("COMMIT");
   } catch (error51) {
     try {
@@ -167795,7 +167980,8 @@ function softRefreshCachedM1(options) {
     const renderedMemoryIds = parseMemoryBlockIds(row.memory_block_ids);
     const rendered = renderM1WithMetadata({ ...options, preRenderedKeyFilesBlock }, markers, renderedMemoryIds);
     const m1Bytes = Buffer4.from(rendered.text, "utf8");
-    options.db.prepare("UPDATE session_meta SET cached_m1_bytes = ? WHERE session_id = ?").run(m1Bytes, options.sessionId);
+    const baselineEndMessageId = getLastCompartmentEndMessageId(options.db, options.sessionId);
+    options.db.prepare("UPDATE session_meta SET cached_m1_bytes = ?, cached_m0_last_baseline_end_message_id = ? WHERE session_id = ?").run(m1Bytes, baselineEndMessageId, options.sessionId);
     options.db.exec("COMMIT");
     options.state.cachedM1Bytes = m1Bytes;
     options.state.snapshotMarkers = markers;
@@ -167942,11 +168128,15 @@ function injectM0M1(options) {
   } else {
     m1Text = replayCachedM1(options.state);
   }
-  const M0_DRIFT_RATIO_FLOOR = 2000;
+  const M0_DRIFT_RATIO_FLOOR_TOKENS = 500;
+  const M1_DRIFT_RATIO = 0.15;
   const M1_ABSOLUTE_CAP_RATIO = 0.2;
   const m1AbsoluteBudget = (options.historyBudgetTokens ?? DEFAULT_HISTORY_BUDGET_TOKENS) * M1_ABSOLUTE_CAP_RATIO;
-  const m1OverAbsoluteCap = m1Text !== M1_EMPTY_PLACEHOLDER && estimateTokens(m1Text) > m1AbsoluteBudget;
-  if (!rematerialized && !contentionExhausted && m1Recomputed && options.isCacheBustingPass && (memoryUpdateCount > 40 || m1OverAbsoluteCap || m1Text !== M1_EMPTY_PLACEHOLDER && m0Text.length >= M0_DRIFT_RATIO_FLOOR && m1Text.length > m0Text.length * 0.15)) {
+  const m1HasContent = m1Text !== M1_EMPTY_PLACEHOLDER;
+  const m1Tokens = m1HasContent ? estimateTokens(m1Text) : 0;
+  const m0Tokens = estimateTokens(m0Text);
+  const m1OverAbsoluteCap = m1HasContent && m1Tokens > m1AbsoluteBudget;
+  if (!rematerialized && !contentionExhausted && m1Recomputed && options.isCacheBustingPass && (memoryUpdateCount > 40 || m1OverAbsoluteCap || m1HasContent && m0Tokens >= M0_DRIFT_RATIO_FLOOR_TOKENS && m1Tokens > m0Tokens * M1_DRIFT_RATIO)) {
     try {
       const refolded = materializeWithRetry(options);
       applyMarkersToState(options.state, refolded.m0Bytes, refolded.snapshotMarkers, refolded.m1Bytes);
@@ -169857,7 +170047,7 @@ ${body}
 function renderSessionRefCompartment(c) {
   const importance = c.importance ?? 50;
   const attrs = `start="${c.startMessage}" end="${c.endMessage}" title="${escapeXmlAttr(c.title)}"` + (c.episodeType ? ` episode_type="${escapeXmlAttr(c.episodeType)}"` : "") + ` importance="${importance}"`;
-  if (c.p1 != null) {
+  if (typeof c.p1 === "string" && c.p1.length > 0) {
     const p4 = c.p4 && c.p4.length > 0 ? `<p4>
 ${escapeXmlContent(c.p4)}
 </p4>` : "<p4/>";
@@ -170108,13 +170298,9 @@ async function runCompartmentAgent(deps) {
     const existingValidationError = validateStoredCompartments(priorCompartments);
     if (existingValidationError) {
       sessionLog(sessionId, `historian failure: source=existing-validation reason="${existingValidationError}"`);
-      incrementHistorianFailure(db, sessionId, existingValidationError);
+      const failCount = incrementHistorianFailure(db, sessionId, existingValidationError);
       telemetry.failureReason = `existing-validation: ${existingValidationError}`;
-      await notifyHistorianIssue(`## Historian alert
-
-Historian skipped this session because existing stored compartments are invalid: ${existingValidationError}
-
-No new compartments or facts were written. Rebuild or clear the broken compartments before continuing.`);
+      await notifyHistorianIssue(buildHistorianFailureNotice(failCount, existingValidationError));
       return;
     }
     const offset = priorCompartments.length > 0 ? priorCompartments[priorCompartments.length - 1].endMessage + 1 : 1;
@@ -170140,12 +170326,8 @@ No new compartments or facts were written. Rebuild or clear the broken compartme
     if (chunkCoverageError) {
       telemetry.failureReason = `chunk-coverage: ${chunkCoverageError}`;
       sessionLog(sessionId, `historian failure: source=chunk-coverage reason="${chunkCoverageError}" chunkRange=${chunk.startIndex}-${chunk.endIndex}`);
-      incrementHistorianFailure(db, sessionId, chunkCoverageError);
-      await notifyHistorianIssue(`## Historian alert
-
-Historian skipped this session because the raw chunk could not be represented safely: ${chunkCoverageError}
-
-No new compartments or facts were written.`);
+      const failCount = incrementHistorianFailure(db, sessionId, chunkCoverageError);
+      await notifyHistorianIssue(buildHistorianFailureNotice(failCount, chunkCoverageError));
       return;
     }
     const projectPath = resolveProjectIdentity(directory ?? process.cwd());
@@ -170186,13 +170368,9 @@ ${chunk.text}`,
     });
     if (!validatedPass.ok) {
       sessionLog(sessionId, `historian failure: source=validation reason="${validatedPass.error}" chunkRange=${chunk.startIndex}-${chunk.endIndex} fallbackModel=${deps.fallbackModelId ?? "<none>"} twoPass=${deps.historianTwoPass ? "true" : "false"}`);
-      incrementHistorianFailure(db, sessionId, validatedPass.error);
+      const failCount = incrementHistorianFailure(db, sessionId, validatedPass.error);
       telemetry.failureReason = `validation: ${validatedPass.error}`;
-      await notifyHistorianIssue(`## Historian alert
-
-${validatedPass.error}
-
-No new compartments or facts were written. Check the historian model/output and try again.`);
+      await notifyHistorianIssue(buildHistorianFailureNotice(failCount, validatedPass.error));
       return;
     }
     const emittedCompartments = validatedPass.compartments;
@@ -170213,12 +170391,8 @@ No new compartments or facts were written. Check the historian model/output and
     if (lastNewEnd + 1 <= offset) {
       telemetry.failureReason = `no forward progress beyond raw message ${offset - 1}`;
       sessionLog(sessionId, `historian failure: source=no-progress reason="historian returned compartments that did not advance past raw message ${offset - 1}" newCompartmentCount=${newCompartments.length} lastNewEnd=${lastNewEnd} priorEnd=${offset - 1}`);
-      incrementHistorianFailure(db, sessionId, `no forward progress beyond raw message ${offset - 1}`);
-      await notifyHistorianIssue(`## Historian alert
-
-Historian returned compartments that made no forward progress beyond raw message ${offset - 1}.
-
-No new compartments or facts were written. Check the historian model/output and try again.`);
+      const failCount = incrementHistorianFailure(db, sessionId, `no forward progress beyond raw message ${offset - 1}`);
+      await notifyHistorianIssue(buildHistorianFailureNotice(failCount, `historian made no forward progress beyond raw message ${offset - 1}`));
       return;
     }
     const deferMarkerApplication = deps.preserveInjectionCacheUntilConsumed === true;
@@ -170259,7 +170433,6 @@ No new compartments or facts were written. Check the historian model/output and
     if (deps.preserveInjectionCacheUntilConsumed !== true) {
       clearInjectionCache(sessionId);
     }
-    deps.onCompartmentStatePublished?.(sessionId);
     const promotionDirectory = sessionDirectory || deps.directory;
     const discardedLast = persistedCompartments.length < emittedCompartments.length;
     const embeddingActive = !!promotionDirectory && deps.memoryEnabled !== false;
@@ -170286,6 +170459,7 @@ No new compartments or facts were written. Check the historian model/output and
       embedAndStoreCompartments(db, sessionId, projectIdentity, toEmbed);
     }
     queueDropsForCompartmentalizedMessages(db, sessionId, lastCompartmentEnd);
+    deps.onCompartmentStatePublished?.(sessionId);
     if (deferMarkerApplication) {
       deps.onDeferredMarkerPending?.(sessionId);
     } else {
@@ -170330,12 +170504,8 @@ No new compartments or facts were written. Check the historian model/output and
     telemetry.failureReason = `exception: ${desc.brief}`;
     sessionLog(sessionId, `historian failure: source=exception ${desc.brief}${desc.stackHead ? ` stackHead="${desc.stackHead}"` : ""}`);
     if (!issueNotified) {
-      incrementHistorianFailure(db, sessionId, desc.brief);
-      await notifyHistorianIssue(`## Historian alert
-
-Historian failed unexpectedly: ${desc.brief}
-
-No new compartments or facts were written. Check the historian model/output and try again.`);
+      const failCount = incrementHistorianFailure(db, sessionId, desc.brief);
+      await notifyHistorianIssue(buildHistorianFailureNotice(failCount, desc.brief));
     }
   } finally {
     if (!completedSuccessfully) {
@@ -170499,7 +170669,6 @@ Found ${existingStaging.compartments.length} staged compartment(s) from ${existi
       if (deps.preserveInjectionCacheUntilConsumed !== true) {
         clearInjectionCache(sessionId);
       }
-      deps.onCompartmentStatePublished?.(sessionId);
       promoted2.facts;
       if (deps.memoryEnabled !== false) {
         const projectIdentity = resolveProjectIdentity(sessionDirectory);
@@ -170512,11 +170681,14 @@ Found ${existingStaging.compartments.length} staged compartment(s) from ${existi
       if (lastCompartmentEnd2 > 0) {
         queueDropsForCompartmentalizedMessages(db, sessionId, lastCompartmentEnd2);
       }
+      deps.onCompartmentStatePublished?.(sessionId);
       if (lastCompartmentEnd2 > 0) {
-        updateCompactionMarkerAfterPublication(db, sessionId, lastCompartmentEnd2, deps.directory);
-        const stalePending = getPendingCompactionMarkerState(db, sessionId);
-        if (stalePending) {
-          clearPendingCompactionMarkerStateIf(db, sessionId, stalePending);
+        const markerUpdated = updateCompactionMarkerAfterPublication(db, sessionId, lastCompartmentEnd2, deps.directory);
+        if (markerUpdated) {
+          const stalePending = getPendingCompactionMarkerState(db, sessionId);
+          if (stalePending) {
+            clearPendingCompactionMarkerStateIf(db, sessionId, stalePending);
+          }
         }
       }
       return [
@@ -170705,13 +170877,13 @@ Another process acquired the compartment-state lease before recomp could publish
     if (deps.preserveInjectionCacheUntilConsumed !== true) {
       clearInjectionCache(sessionId);
     }
-    deps.onCompartmentStatePublished?.(sessionId);
     const finalCompartments = promoted?.compartments ?? candidateCompartments;
     const finalFacts = promoted?.facts ?? candidateFacts;
     const lastCompartmentEnd = finalCompartments[finalCompartments.length - 1]?.endMessage ?? 0;
     if (lastCompartmentEnd > 0) {
       queueDropsForCompartmentalizedMessages(db, sessionId, lastCompartmentEnd);
     }
+    deps.onCompartmentStatePublished?.(sessionId);
     if (deps.memoryEnabled !== false) {
       const projectIdentity = resolveProjectIdentity(sessionDirectory);
       await deps.ensureProjectRegistered?.(sessionDirectory, db);
@@ -170720,10 +170892,12 @@ Another process acquired the compartment-state lease before recomp could publish
       embedAndStoreCompartments(db, sessionId, projectIdentity, toEmbed);
     }
     if (lastCompartmentEnd > 0) {
-      updateCompactionMarkerAfterPublication(db, sessionId, lastCompartmentEnd, deps.directory);
-      const stalePending = getPendingCompactionMarkerState(db, sessionId);
-      if (stalePending) {
-        clearPendingCompactionMarkerStateIf(db, sessionId, stalePending);
+      const markerUpdated = updateCompactionMarkerAfterPublication(db, sessionId, lastCompartmentEnd, deps.directory);
+      if (markerUpdated) {
+        const stalePending = getPendingCompactionMarkerState(db, sessionId);
+        if (stalePending) {
+          clearPendingCompactionMarkerStateIf(db, sessionId, stalePending);
+        }
       }
     }
     return [
@@ -170880,7 +171054,7 @@ Could not acquire the compartment-state lease for this session.`;
         log(`[magic-context] partial recomp merged validation failed: ${mergedError}`);
         return null;
       }
-      saveRecompStagingPass(db, sessionId, passCount + 1, merged, currentFacts);
+      saveRecompStagingPass(db, sessionId, passCount + 1, merged, stagedFacts);
       const promoted = promoteRecompStagingWithM0Mutation(db, sessionId, leaseHolderId);
       if (!promoted) {
         log("[magic-context] partial recomp promote returned null");
@@ -170900,10 +171074,12 @@ Could not acquire the compartment-state lease for this session.`;
       }
       const lastEnd = merged[merged.length - 1]?.endMessage ?? snapEnd;
       if (lastEnd > 0) {
-        updateCompactionMarkerAfterPublication(db, sessionId, lastEnd, deps.directory);
-        const stalePending = getPendingCompactionMarkerState(db, sessionId);
-        if (stalePending) {
-          clearPendingCompactionMarkerStateIf(db, sessionId, stalePending);
+        const markerUpdated = updateCompactionMarkerAfterPublication(db, sessionId, lastEnd, deps.directory);
+        if (markerUpdated) {
+          const stalePending = getPendingCompactionMarkerState(db, sessionId);
+          if (stalePending) {
+            clearPendingCompactionMarkerStateIf(db, sessionId, stalePending);
+          }
         }
       }
       return { compartmentCount: merged.length, lastEndMessage: lastEnd };
@@ -170945,10 +171121,7 @@ Snapped range ${snapStart}-${snapEnd} would cross into the protected tail (start
       ].join(`
 `);
     }
-    const currentFacts = getSessionFacts(db, sessionId).map((f) => ({
-      category: f.category,
-      content: f.content
-    }));
+    const stagedFacts = [];
     const parentSessionResponse = await client.session.get({ path: { id: sessionId } }).catch(() => null);
     const parentSession = normalizeSDKResponse(parentSessionResponse, null, { preferResponseOnMissingData: true });
     const sessionDirectory = parentSession?.directory ?? directory;
@@ -170965,7 +171138,7 @@ Snapped range ${snapStart}-${snapEnd} would cross into the protected tail (start
       candidateCompartments = priorCompartments.map((c, idx) => compartmentToInput(c, idx));
       passCount = 0;
       offset = snapStart;
-      saveRecompStagingPass(db, sessionId, 0, candidateCompartments, currentFacts);
+      saveRecompStagingPass(db, sessionId, 0, candidateCompartments, stagedFacts);
       setRecompPartialRange(db, sessionId, { start: snapStart, end: snapEnd });
     }
     let currentTokenBudget = historianChunkTokens;
@@ -171058,7 +171231,7 @@ Original state preserved (staging kept for retry).`;
       passCount += 1;
       currentTokenBudget = historianChunkTokens;
       passAttempt = 1;
-      saveRecompStagingPass(db, sessionId, passCount, candidateCompartments, currentFacts);
+      saveRecompStagingPass(db, sessionId, passCount, candidateCompartments, stagedFacts);
       const nextOffset = (validatedPass.compartments?.[validatedPass.compartments.length - 1]?.endMessage ?? chunk.endIndex) + 1;
       if (nextOffset <= offset) {
         return `## Magic Recomp — Failed
@@ -171079,7 +171252,6 @@ Partial recomp completed historian passes but the final compartment set failed v
       ...resumed ? ["Resumed from previous interrupted partial run."] : [],
       `Rebuilt compartments covering messages ${snapStart}-${snapEnd} using ${passCount} historian pass${passCount === 1 ? "" : "es"}.`,
       `Preserved ${priorCompartments.length} prior compartment(s) and ${tailCompartments.length} tail compartment(s) unchanged.`,
-      `Facts unchanged (${currentFacts.length} entr${currentFacts.length === 1 ? "y" : "ies"}).`,
       `Total compartments: ${finalResult.compartmentCount}.`
     ].join(`
 `);
@@ -172073,6 +172245,95 @@ function migrateLegacyExperimental(rawConfig, warnings) {
   return patched;
 }
 
+// src/config/project-security.ts
+var HIDDEN_AGENT_KEYS = ["historian", "dreamer", "sidekick"];
+var AGENT_ESCALATION_FIELDS = ["prompt", "permission", "tools", "system_prompt"];
+function isPlainObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function stripUnsafeProjectConfigFields(projectRaw) {
+  const warnings = [];
+  if ("auto_update" in projectRaw) {
+    delete projectRaw.auto_update;
+    warnings.push("Ignoring auto_update from project config (security: this setting only honors user-level config).");
+  }
+  for (const agentKey of HIDDEN_AGENT_KEYS) {
+    const block = projectRaw[agentKey];
+    if (!isPlainObject(block))
+      continue;
+    const removed = [];
+    for (const field of AGENT_ESCALATION_FIELDS) {
+      if (field in block) {
+        delete block[field];
+        removed.push(field);
+      }
+    }
+    if (removed.length > 0) {
+      warnings.push(`Ignoring ${agentKey}.${removed.join("/")} from project config ` + "(security: a repository cannot reprogram or re-permission hidden agents).");
+    }
+  }
+  return warnings;
+}
+function normalizeEndpoint(value) {
+  if (typeof value !== "string")
+    return;
+  const trimmed = value.trim().replace(/\/+$/, "");
+  return trimmed.length > 0 ? trimmed.toLowerCase() : undefined;
+}
+function dropInheritedEmbeddingKeyOnRedirect(projectRaw, mergedRaw, userRaw) {
+  const projectEmbedding = projectRaw.embedding;
+  if (!isPlainObject(projectEmbedding))
+    return [];
+  const redirectsEndpoint = "endpoint" in projectEmbedding;
+  if (!redirectsEndpoint)
+    return [];
+  const userEmbedding = userRaw?.embedding;
+  if (isPlainObject(userEmbedding)) {
+    const projectEndpoint = normalizeEndpoint(projectEmbedding.endpoint);
+    const userEndpoint = normalizeEndpoint(userEmbedding.endpoint);
+    if (projectEndpoint !== undefined && projectEndpoint === userEndpoint) {
+      return [];
+    }
+  }
+  const providesOwnKey = typeof projectEmbedding.api_key === "string" && projectEmbedding.api_key.length > 0;
+  if (providesOwnKey)
+    return [];
+  const mergedEmbedding = mergedRaw.embedding;
+  if (!isPlainObject(mergedEmbedding))
+    return [];
+  if (!("api_key" in mergedEmbedding))
+    return [];
+  delete mergedEmbedding.api_key;
+  return [
+    "Dropped inherited user embedding api_key because project config redirected " + "embedding.endpoint without supplying its own key (security: prevents key " + "exfiltration to a repository-chosen endpoint)."
+  ];
+}
+
+// src/config/prune-config-leaf.ts
+function isPlainObject2(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function pruneNestedConfigLeaf(block, relativePath) {
+  if (relativePath.length === 0)
+    return null;
+  const result = { ...block };
+  let cursor = result;
+  for (let i = 0;i < relativePath.length - 1; i++) {
+    const seg = String(relativePath[i]);
+    const child = cursor[seg];
+    if (!isPlainObject2(child))
+      return null;
+    const clonedChild = { ...child };
+    cursor[seg] = clonedChild;
+    cursor = clonedChild;
+  }
+  const leaf = String(relativePath[relativePath.length - 1]);
+  if (!(leaf in cursor))
+    return null;
+  delete cursor[leaf];
+  return { block: result, removed: relativePath.map(String).join(".") };
+}
+
 // src/config/index.ts
 init_magic_context();
 
@@ -172083,6 +172344,21 @@ import { homedir } from "node:os";
 import { dirname, isAbsolute, resolve } from "node:path";
 var ENV_PATTERN = /\{env:([^}]+)\}/g;
 var FILE_PATTERN = /\{file:([^}]+)\}/g;
+function sensitiveFilePathReason(resolvedPath) {
+  const home = homedir();
+  const sensitiveDirs = [
+    { dir: resolve(home, ".ssh"), label: "SSH keys" },
+    { dir: resolve(home, ".aws"), label: "AWS credentials" },
+    { dir: resolve(home, ".gnupg"), label: "GnuPG keyring" },
+    { dir: resolve(home, ".config", "gh"), label: "GitHub CLI auth" }
+  ];
+  for (const { dir, label } of sensitiveDirs) {
+    if (resolvedPath === dir || resolvedPath.startsWith(`${dir}/`)) {
+      return label;
+    }
+  }
+  return null;
+}
 function substituteConfigVariables(input) {
   const warnings = [];
   let text = input.text;
@@ -172136,6 +172412,10 @@ function substituteConfigVariables(input) {
     } else if (!isAbsolute(filePath)) {
       filePath = resolve(configDir, filePath);
     }
+    const sensitiveReason = sensitiveFilePathReason(filePath);
+    if (sensitiveReason) {
+      warnings.push(`${token} resolves to a sensitive path (${sensitiveReason}: ${filePath}); ` + "inlining its contents into config — make sure this is intentional.");
+    }
     if (!existsSync2(filePath)) {
       warnings.push(`File not found for ${token} (resolved to ${filePath}); using empty string`);
       continue;
@@ -172238,9 +172518,6 @@ function deepMergeRawConfig(base, override) {
   }
   return result;
 }
-function getProjectUserOnlyFields(config2) {
-  return "auto_update" in config2 ? ["auto_update"] : [];
-}
 function redactConfigValue(value) {
   if (value === undefined)
     return "<missing>";
@@ -172279,12 +172556,16 @@ function parsePluginConfig(rawConfig, recoveredTopLevelKeys = []) {
   const warnings = [];
   const errorPaths = new Set;
   const customMessagesByKey = new Map;
+  const issuePathsByKey = new Map;
   const GENERIC_ZOD_PREFIXES = ["Too big", "Too small", "Invalid input", "Invalid", "Expected"];
   for (const issue2 of parsed.error.issues) {
     const topKey = issue2.path[0];
     if (topKey !== undefined) {
       const key = String(topKey);
       errorPaths.add(key);
+      const paths = issuePathsByKey.get(key) ?? [];
+      paths.push([...issue2.path]);
+      issuePathsByKey.set(key, paths);
       const msg = issue2.message;
       if (msg && !GENERIC_ZOD_PREFIXES.some((p) => msg.startsWith(p))) {
         if (!customMessagesByKey.has(key)) {
@@ -172300,12 +172581,33 @@ function parsePluginConfig(rawConfig, recoveredTopLevelKeys = []) {
     if (isAgentConfig) {
       delete patched[key];
       warnings.push(`"${key}": invalid agent configuration, ignoring. Check your magic-context.jsonc.`);
-    } else {
-      delete patched[key];
-      const defaultVal = defaults[key];
-      const reason = customMessagesByKey.get(key);
-      warnings.push(`"${key}": invalid value (${redactConfigValue(rawConfig[key])}), using default ${JSON.stringify(defaultVal)}.${reason ? ` ${reason}` : ""}`);
+      continue;
+    }
+    const issuePaths = issuePathsByKey.get(key) ?? [];
+    const rawValue = rawConfig[key];
+    const allNested = issuePaths.length > 0 && issuePaths.every((p) => p.length >= 2) && typeof rawValue === "object" && rawValue !== null && !Array.isArray(rawValue);
+    if (allNested) {
+      let prunedBlock = {
+        ...rawValue
+      };
+      const prunedLeaves = [];
+      for (const p of issuePaths) {
+        const relative = p.slice(1);
+        const result = pruneNestedConfigLeaf(prunedBlock, relative);
+        if (result) {
+          prunedBlock = result.block;
+          prunedLeaves.push(result.removed);
+        }
+      }
+      patched[key] = prunedBlock;
+      const reason2 = customMessagesByKey.get(key);
+      warnings.push(`"${key}": invalid nested field(s) ${prunedLeaves.map((l) => `"${l}"`).join(", ")}, using defaults for those.${reason2 ? ` ${reason2}` : ""}`);
+      continue;
     }
+    delete patched[key];
+    const defaultVal = defaults[key];
+    const reason = customMessagesByKey.get(key);
+    warnings.push(`"${key}": invalid value (${redactConfigValue(rawConfig[key])}), using default ${JSON.stringify(defaultVal)}.${reason ? ` ${reason}` : ""}`);
   }
   const retryMigrated = migrateLegacyExperimental(patched, preMigrationWarnings);
   const retryParsed = MagicContextConfigSchema.safeParse(retryMigrated);
@@ -172341,14 +172643,13 @@ function loadPluginConfig(directory) {
   if (projectLoaded) {
     allWarnings.push(...projectLoaded.warnings.map((w) => `[project config] ${w}`));
     const projectRaw = { ...projectLoaded.config };
-    const strippedUserOnlyFields = getProjectUserOnlyFields(projectRaw);
-    if (strippedUserOnlyFields.length > 0) {
-      for (const key of strippedUserOnlyFields) {
-        delete projectRaw[key];
-      }
-      allWarnings.push(`[project config] Ignoring ${strippedUserOnlyFields.join(", ")} from project config (security: these settings only honor user-level config)`);
+    for (const warning of stripUnsafeProjectConfigFields(projectRaw)) {
+      allWarnings.push(`[project config] ${warning}`);
     }
     mergedRaw = deepMergeRawConfig(mergedRaw, projectRaw);
+    for (const warning of dropInheritedEmbeddingKeyOnRedirect(projectRaw, mergedRaw, userLoaded?.config)) {
+      allWarnings.push(`[project config] ${warning}`);
+    }
   }
   const config2 = parsePluginConfig(mergedRaw);
   if (config2.configWarnings?.length) {
@@ -172422,14 +172723,13 @@ function loadPluginConfigDetailed(directory) {
   if (projectLoaded) {
     allWarnings.push(...projectLoaded.warnings.map((w) => `[project config] ${w}`));
     const projectRaw = { ...projectLoaded.config };
-    const strippedUserOnlyFields = getProjectUserOnlyFields(projectRaw);
-    if (strippedUserOnlyFields.length > 0) {
-      for (const key of strippedUserOnlyFields) {
-        delete projectRaw[key];
-      }
-      allWarnings.push(`[project config] Ignoring ${strippedUserOnlyFields.join(", ")} from project config (security: these settings only honor user-level config)`);
+    for (const warning of stripUnsafeProjectConfigFields(projectRaw)) {
+      allWarnings.push(`[project config] ${warning}`);
     }
     mergedRaw = deepMergeRawConfig(mergedRaw, projectRaw);
+    for (const warning of dropInheritedEmbeddingKeyOnRedirect(projectRaw, mergedRaw, userLoaded?.config)) {
+      allWarnings.push(`[project config] ${warning}`);
+    }
   }
   const recoveredTopLevelKeys = [];
   const config2 = parsePluginConfig(mergedRaw, recoveredTopLevelKeys);
@@ -173244,6 +173544,11 @@ var CACHE_DIR = join7(getOpenCodeCacheRoot(), "packages");
 var USER_OPENCODE_CONFIG = join7(getOpenCodeConfigRoot(), "opencode.json");
 var USER_OPENCODE_CONFIG_JSONC = join7(getOpenCodeConfigRoot(), "opencode.jsonc");
 
+// src/hooks/auto-update-checker/semver.ts
+function isValidSemver(version2) {
+  return /^\d+\.\d+\.\d+(?:-[0-9A-Za-z.-]+)?(?:\+[0-9A-Za-z.-]+)?$/.test(version2);
+}
+
 // src/hooks/auto-update-checker/types.ts
 init_zod();
 var NpmPackageEnvelopeSchema = exports_external.object({
@@ -173579,6 +173884,10 @@ function resolveInstallContext(runtimePackageJsonPath = getCurrentRuntimePackage
 }
 function preparePackageUpdate(version2, packageName = PACKAGE_NAME, runtimePackageJsonPath = getCurrentRuntimePackageJsonPath()) {
   try {
+    if (!isValidSemver(version2)) {
+      warn2(`[auto-update-checker] Refusing to prepare update for invalid version "${version2}"`);
+      return null;
+    }
     const installContext = resolveInstallContext(runtimePackageJsonPath);
     if (!installContext) {
       warn2("[auto-update-checker] No install context found for auto-update");
@@ -174864,7 +175173,7 @@ async function runDream(args) {
     }
   }
   const deadline = startedAt + args.maxRuntimeMinutes * 60 * 1000;
-  const lastDreamAt = getDreamState(args.db, `last_dream_at:${args.projectIdentity}`) ?? getDreamState(args.db, "last_dream_at");
+  const lastDreamAt = getDreamState(args.db, `last_dream_at:${args.projectIdentity}`);
   log(`[dreamer] last dream at: ${lastDreamAt ?? "never"} (project=${args.projectIdentity})`);
   let lastErrorSignature = null;
   let consecutiveSameErrorFailures = 0;
@@ -175246,7 +175555,6 @@ async function runDream(args) {
   const hasSuccessfulTask = result.tasks.some((t) => !t.error && !POST_TASK_NAMES.has(t.name));
   if (hasSuccessfulTask && !lostLease) {
     setDreamState(args.db, `last_dream_at:${args.projectIdentity}`, String(result.finishedAt));
-    setDreamState(args.db, "last_dream_at", String(result.finishedAt));
   }
   const totalDuration = ((result.finishedAt - startedAt) / 1000).toFixed(1);
   const succeeded = result.tasks.filter((t) => !t.error).length;
@@ -175523,8 +175831,7 @@ function findProjectsNeedingDream(db) {
   const now = new Date;
   for (const row of projectRows) {
     const lastDreamAtStr = getDreamState(db, `last_dream_at:${row.project_path}`);
-    const fallbackStr = !lastDreamAtStr ? getDreamState(db, "last_dream_at") : null;
-    const lastDreamAt = Number(lastDreamAtStr ?? fallbackStr ?? "0") || 0;
+    const lastDreamAt = Number(lastDreamAtStr ?? "0") || 0;
     if (lastDreamAt > 0 && isDreamFromCurrentWindow(lastDreamAt, now)) {
       continue;
     }
@@ -176174,10 +176481,20 @@ var EMBEDDING_AFFECTING_KEYS = new Set([
   "embedding.api_key",
   "embedding.endpoint",
   "embedding.model",
-  "embedding.provider"
+  "embedding.provider",
+  "embedding.input_type",
+  "embedding.truncate"
 ]);
 var EMBEDDING_AFFECTING_TOP_LEVEL_KEYS = new Set(["embedding", "memory", "experimental"]);
-var EMBEDDING_WARNING_TERMS = ["api_key", "endpoint", "model", "provider", "embedding"];
+var EMBEDDING_WARNING_TERMS = [
+  "api_key",
+  "endpoint",
+  "model",
+  "provider",
+  "embedding",
+  "input_type",
+  "truncate"
+];
 var loggedFailureSignatures = new Map;
 function sha256Prefix2(value, length = 16) {
   return createHash8("sha256").update(value).digest("hex").slice(0, length);
@@ -179192,32 +179509,53 @@ function hasAnyMeaningfulPart(parts) {
   }
   return false;
 }
-function dropStaleReduceCalls(messages, protectedCount = 0) {
-  let didDrop = false;
+function messageHasReducePart(message) {
+  for (const part of message.parts) {
+    if (isSentinel(part))
+      continue;
+    if (isReduceToolPart(part))
+      return true;
+  }
+  return false;
+}
+function sentinelizeReduceParts(message) {
+  let touched = false;
+  for (let j = 0;j < message.parts.length; j++) {
+    const part = message.parts[j];
+    if (isSentinel(part))
+      continue;
+    if (isReduceToolPart(part)) {
+      message.parts[j] = makeSentinel(part);
+      touched = true;
+    }
+  }
+  if (touched && !hasAnyMeaningfulPart(message.parts)) {
+    message.parts.length = 0;
+    message.parts.push(makeSentinel(undefined));
+  }
+  return touched;
+}
+function dropStaleReduceCalls(messages, frozenIds, options = {}) {
+  const detect = options.detect ?? false;
+  const protectedCount = options.protectedCount ?? 0;
   const protectedStart = messages.length - protectedCount;
+  const newlyStrippedIds = [];
+  let didDrop = false;
   for (let i = 0;i < messages.length; i++) {
-    if (i >= protectedStart)
-      break;
     const message = messages[i];
-    let touched = false;
-    for (let j = 0;j < message.parts.length; j++) {
-      const part = message.parts[j];
-      if (isSentinel(part))
-        continue;
-      if (isReduceToolPart(part)) {
-        message.parts[j] = makeSentinel(part);
-        touched = true;
-      }
-    }
+    const id = typeof message.info.id === "string" ? message.info.id : undefined;
+    const inFrozen = id !== undefined && frozenIds.has(id);
+    const isNewDetection = !inFrozen && detect && i < protectedStart && id !== undefined && messageHasReducePart(message);
+    if (!inFrozen && !isNewDetection)
+      continue;
+    const touched = sentinelizeReduceParts(message);
     if (touched) {
       didDrop = true;
-      if (!hasAnyMeaningfulPart(message.parts)) {
-        message.parts.length = 0;
-        message.parts.push(makeSentinel(undefined));
-      }
+      if (isNewDetection && id !== undefined)
+        newlyStrippedIds.push(id);
     }
   }
-  return didDrop;
+  return { didDrop, newlyStrippedIds };
 }
 
 // src/hooks/magic-context/tag-messages.ts
@@ -180803,7 +181141,7 @@ function isTodoItem(value) {
 
 // src/hooks/magic-context/transform-postprocess-phase.ts
 var DEGRADE_CACHE_WARNING_THRESHOLD = 10;
-var degradedCacheCountBySession = new Map;
+var degradedCacheCountBySession = new BoundedSessionMap(100);
 function resetDegradedCacheCount(sessionId) {
   degradedCacheCountBySession.delete(sessionId);
 }
@@ -180938,14 +181276,19 @@ async function runPostTransformPhase(args) {
   if (didMutateFromPendingOperations && isCacheBustingPass) {
     args.nudgePlacements.clear(args.sessionId);
   }
-  if (shouldRunHeuristics && (args.didMutateFromFlushedStatuses || didMutateFromPendingOperations)) {
-    try {
-      const t8 = performance.now();
-      dropStaleReduceCalls(args.messages, args.protectedTags);
-      logTransformTiming(args.sessionId, "dropStaleReduceCalls", t8);
-    } catch (error51) {
-      sessionLog(args.sessionId, "transform failed dropping stale ctx_reduce calls:", error51);
+  try {
+    const t8 = performance.now();
+    const frozenStaleReduceIds = getStaleReduceStrippedIds(args.db, args.sessionId);
+    const staleReduceResult = dropStaleReduceCalls(args.messages, frozenStaleReduceIds, {
+      detect: isCacheBustingPass,
+      protectedCount: args.protectedTags
+    });
+    if (isCacheBustingPass && staleReduceResult.newlyStrippedIds.length > 0) {
+      addStaleReduceStrippedIds(args.db, args.sessionId, staleReduceResult.newlyStrippedIds);
     }
+    logTransformTiming(args.sessionId, "dropStaleReduceCalls", t8);
+  } catch (error51) {
+    sessionLog(args.sessionId, "transform failed dropping stale ctx_reduce calls:", error51);
   }
   const m0M1Enabled = args.fullFeatureMode && args.m0M1 !== undefined && (!!args.m0M1.projectPath || !!args.m0M1.projectDirectory);
   if (m0M1Enabled && args.m0M1) {
@@ -180977,6 +181320,7 @@ async function runPostTransformPhase(args) {
           sessionLog(args.sessionId, "transform: legacy fallback injection also failed:", getErrorMessage(fallbackError));
         }
       }
+      clearInjectionCache(args.sessionId);
     }
     logTransformTiming(args.sessionId, "pp.injectM0M1", tInjectM0M1);
   } else if (args.fullFeatureMode && args.pendingCompartmentInjection) {
@@ -181000,7 +181344,7 @@ async function runPostTransformPhase(args) {
       if (missingIds.length > 0) {
         for (const id of missingIds)
           persistedIds.delete(id);
-        setStrippedPlaceholderIds(args.db, args.sessionId, persistedIds);
+        applyStrippedPlaceholderDelta(args.db, args.sessionId, { remove: missingIds });
       }
     }
     if (isCacheBustingPass) {
@@ -181009,11 +181353,13 @@ async function runPostTransformPhase(args) {
       const systemInjectedResult = stripSystemInjectedMessages(args.messages, protectedTailStart, args.liveProviderID);
       const newlyNeutralized = droppedResult.sentineledIds.length + systemInjectedResult.sentineledIds.length;
       if (newlyNeutralized > 0) {
-        for (const id of droppedResult.sentineledIds)
+        const addedIds = [
+          ...droppedResult.sentineledIds,
+          ...systemInjectedResult.sentineledIds
+        ];
+        for (const id of addedIds)
           persistedIds.add(id);
-        for (const id of systemInjectedResult.sentineledIds)
-          persistedIds.add(id);
-        setStrippedPlaceholderIds(args.db, args.sessionId, persistedIds);
+        applyStrippedPlaceholderDelta(args.db, args.sessionId, { add: addedIds });
         sessionLog(args.sessionId, `neutralized ${droppedResult.stripped} dropped + ${systemInjectedResult.stripped} system-injected messages (${newlyNeutralized} new, ${persistedIds.size} total persisted)`);
       }
     }
@@ -181532,7 +181878,11 @@ function createTransform(deps) {
         lastEmergencyNotificationCount.set(sessionId, historianFailureState.failureCount);
         sendIgnoredMessage(deps.client, sessionId, `⚠️ Context Emergency — Context is at ${emergencyPercentage}% and historian has failed ${historianFailureState.failureCount} times (last error: ${truncateHistorianEmergencyError(historianFailureState.lastError)}). Aborting this message to prevent context overflow. Historian will retry automatically. If this persists, change your historian model in magic-context.jsonc and restart OpenCode.`, notificationParams);
       }
-      startRecoveryRun();
+      const recoveryStarted = startRecoveryRun();
+      if (!recoveryStarted && !getEligibleHistoryForCompartment()) {
+        clearEmergencyRecovery(db, sessionId);
+        sessionLog(sessionId, "transform: disarming emergency recovery — no eligible pre-tail history to compact (would otherwise loop at 95%)");
+      }
       sessionLog(sessionId, `EMERGENCY: aborting session at ${emergencyPercentage}%, historian failures: ${historianFailureState.failureCount}`);
     } else if (fullFeatureMode && isFirstTransformPassForSession && historianFailureState.failureCount > 0 && getEligibleHistoryForCompartment() && startRecoveryRun()) {
       sessionLog(sessionId, `transform: historian recovery triggered on session load after ${historianFailureState.failureCount} failure(s)`);
@@ -182575,6 +182925,8 @@ function createEventHook(args) {
           sessionLog(assistantInfo.sessionID, `model changed (${previous.providerID}/${previous.modelID} -> ${assistantInfo.providerID}/${assistantInfo.modelID}), clearing historian failure state and reasoning watermark`);
           clearHistorianFailureState(args.db, assistantInfo.sessionID);
           clearPersistedReasoningWatermark(args.db, assistantInfo.sessionID);
+          clearDetectedContextLimit(args.db, assistantInfo.sessionID);
+          clearEmergencyRecovery(args.db, assistantInfo.sessionID);
           updateSessionMeta(args.db, assistantInfo.sessionID, {
             clearedReasoningThroughTag: 0,
             observedSafeInputTokens: 0,
@@ -182678,6 +183030,7 @@ var PARTNER_FRAME_CLOSER_REDUCE = `
 Reduction prompts are routine housekeeping to keep the session fast and cheap — act on them as light maintenance, never as scarcity warnings. Keep individual operations efficient, but never let context size change *what* work you take on or *how thoroughly* you do it.`;
 var PARTNER_FRAME_CLOSER_NO_REDUCE = `
 Context is managed for you entirely automatically — there's nothing to prune and no warnings to act on. Stay reasonably concise per operation, and never let context size change *what* work you take on or *how thoroughly* you do it.`;
+var CTX_NOTE_GUIDANCE = `Use \`ctx_note\` ONLY for genuinely future concerns — something to revisit much later, not work coming up in the next few turns (that's already in your active context) and not active multi-step work (use todos for that). Magic Context preserves your full context across both compaction and restarts, so an upcoming restart or "let's come back to this later" is never a reason to take a note — nothing is lost either way. Notes you do take survive compression and resurface at natural work boundaries (after commits, historian runs, todo completion).`;
 function getToolHistoryGuidance(dropToolStructure) {
   if (dropToolStructure) {
     return `Compressed history intentionally omits tool calls and their outputs — summaries like "I edited file X" are historian records, not patterns to replicate. In the live conversation, older tool calls and their results are cleaned up to save context — you may see your own past messages referencing actions without the corresponding tool call or result visible. This is normal context management. ALWAYS use real tool calls; never simulate, fabricate, or inline tool outputs in your text. If there is no tool result message, the action did not happen. NEVER simulate, hallucinate or claim tool calls, command output, search results, file edits, or diffs in plain text as if they actually occurred.`;
@@ -182688,7 +183041,8 @@ var BASE_INTRO = (protectedTags, dropToolStructure) => `Messages and tool output
 Use \`ctx_reduce\` to manage context size. It supports one operation:
 - \`drop\`: Remove entirely (best for tool outputs you already acted on).
 Syntax: "3-5", "1,2,9", or "1-5,8,12-15". Last ${protectedTags} tags are protected.
-Use \`ctx_note\` for deferred intentions — things to tackle later, not right now. NOT for task tracking (use todos). Notes survive context compression and you'll be reminded at natural work boundaries (after commits, historian runs, todo completion).
+Do not announce or narrate \`ctx_reduce\` drops — just call the tool silently. Saying "I'll drop these outputs" wastes tokens the user does not care about.
+${CTX_NOTE_GUIDANCE}
 Use \`ctx_memory\` to manage cross-session project memories. Write new memories or delete stale ones. Memories persist across sessions and are automatically injected into new sessions.
 **Save to memory proactively**: If you spent multiple turns finding something (a file path, a DB location, a config pattern, a workaround), save it with \`ctx_memory\` so future sessions don't repeat the search. Examples:
 - Found a project's source code path after searching → \`ctx_memory(action="write", category="ENVIRONMENT", content="OpenCode source is at ~/Work/OSS/opencode")\`
@@ -182708,7 +183062,7 @@ NEVER drop large ranges blindly (e.g., "1-50"). Review each tag before deciding.
 NEVER drop user messages — they are short and will be summarized by compartmentalization automatically. Dropping them loses context the historian needs.
 NEVER drop assistant text messages unless they are exceptionally large. Your conversation messages are lightweight; only large tool outputs are worth dropping.
 Before your turn finishes, consider using \`ctx_reduce\` to drop large tool outputs you no longer need.`;
-var BASE_INTRO_NO_REDUCE = (dropToolStructure) => `Use \`ctx_note\` for deferred intentions — things to tackle later, not right now. NOT for task tracking (use todos). Notes survive context compression and you'll be reminded at natural work boundaries (after commits, historian runs, todo completion).
+var BASE_INTRO_NO_REDUCE = (dropToolStructure) => `${CTX_NOTE_GUIDANCE}
 Use \`ctx_memory\` to manage cross-session project memories. Write new memories or delete stale ones. Memories persist across sessions and are automatically injected into new sessions.
 **Save to memory proactively**: If you spent multiple turns finding something (a file path, a DB location, a config pattern, a workaround), save it with \`ctx_memory\` so future sessions don't repeat the search. Examples:
 - Found a project's source code path after searching → \`ctx_memory(action="write", category="ENVIRONMENT", content="OpenCode source is at ~/Work/OSS/opencode")\`
@@ -184552,7 +184906,7 @@ function projectIdentityForStoredPath(rawProjectPath) {
   return normalizeStoredProjectPath(rawProjectPath);
 }
 function memoryBelongsToProject(memory, projectPath) {
-  return memory.projectPath === projectPath || projectIdentityForStoredPath(memory.projectPath) === projectPath;
+  return storedPathBelongsToIdentity(memory.projectPath, projectPath);
 }
 function updateMemoryContentInCurrentTransaction(db, memory, content, normalizedHash) {
   db.prepare("UPDATE memories SET content = ?, normalized_hash = ?, updated_at = ? WHERE id = ?").run(content, normalizedHash, Date.now(), memory.id);
@@ -185045,7 +185399,7 @@ import { tool as tool4 } from "@opencode-ai/plugin";
 // src/features/magic-context/range-parser.ts
 function parseRangeString(input) {
   const maxRangeElements = 1000;
-  const trimmed = input.trim();
+  const trimmed = input.replace(/§/g, "").trim();
   if (trimmed === "") {
     throw new Error("Range string must not be empty");
   }
@@ -185291,6 +185645,7 @@ function createCtxSearchTool(deps) {
         return "Error: 'query' is required.";
       }
       const lastCompartmentEnd = getLastCompartmentEndMessage(deps.db, toolContext.sessionID);
+      const messageOrdinalCutoff = lastCompartmentEnd >= 0 ? lastCompartmentEnd : 0;
       const visibleMemoryIds = getVisibleMemoryIds(deps.db, toolContext.sessionID);
       const projectPath = deps.resolveProjectPath(toolContext.directory);
       await deps.ensureProjectRegistered?.(toolContext.directory, deps.db);
@@ -185308,7 +185663,7 @@ function createCtxSearchTool(deps) {
         },
         isEmbeddingRuntimeEnabled: () => embeddingEnabled === true,
         readMessages: deps.readMessages,
-        maxMessageOrdinal: lastCompartmentEnd >= 0 ? lastCompartmentEnd : undefined,
+        maxMessageOrdinal: messageOrdinalCutoff,
         gitCommitsEnabled,
         sources: normalizeSources(args.sources),
         visibleMemoryIds,
@@ -185411,7 +185766,7 @@ init_models_dev_cache();
 
 // src/shared/rpc-server.ts
 init_logger();
-import { randomBytes } from "node:crypto";
+import { randomBytes, timingSafeEqual } from "node:crypto";
 import {
   mkdirSync as mkdirSync9,
   readdirSync,
@@ -185478,6 +185833,14 @@ function isValidPort(port) {
 }
 
 // src/shared/rpc-server.ts
+function tokensMatch(presented, expected) {
+  const a = Buffer.from(presented, "utf8");
+  const b = Buffer.from(expected, "utf8");
+  if (a.length !== b.length)
+    return false;
+  return timingSafeEqual(a, b);
+}
+
 class MagicContextRpcServer {
   server = null;
   port = 0;
@@ -185565,7 +185928,7 @@ class MagicContextRpcServer {
     }
     const auth = req.headers.authorization;
     const presented = typeof auth === "string" ? auth.replace(/^Bearer\s+/i, "") : "";
-    if (presented !== this.token) {
+    if (!tokensMatch(presented, this.token)) {
       res.writeHead(401, { "Content-Type": "application/json" });
       res.end(JSON.stringify({ error: "Unauthorized" }));
       req.resume();