@gajae-code/coding-agent 0.5.0 → 0.5.2

package/src/sdk.ts

@@ -32,7 +32,7 @@ import {
 	Snowflake,
 } from "@gajae-code/utils";
 
-import { type AsyncJob, AsyncJobManager, isBackgroundJobSupportEnabled } from "./async";
+import { type AsyncJob, AsyncJobManager, isBackgroundJobSupportEnabled, jobElapsedMs } from "./async";
 import { loadCapability } from "./capability";
 import { type Rule, ruleCapability, setActiveRules } from "./capability/rule";
 import { ModelRegistry } from "./config/model-registry";
@@ -50,6 +50,7 @@ import { CursorExecHandlers } from "./cursor";
 import "./discovery";
 import { resolveConfigValue } from "./config/resolve-config-value";
 import { getEmbeddedDefaultGjcSkills } from "./defaults/gjc-defaults";
+import { BUNDLED_GROK_BUILD_EXTENSION_ID, getBundledGrokBuildExtensionFactory } from "./defaults/gjc-grok-cli";
 import { initializeWithSettings } from "./discovery";
 import { disposeAllKernelSessions, disposeKernelSessionsByOwner } from "./eval/py/executor";
 import { TtsrManager } from "./export/ttsr";
@@ -114,6 +115,7 @@ import {
 	FindTool,
 	getSearchTools,
 	HIDDEN_TOOLS,
+	isConfigurableSearchProviderId,
 	isSearchProviderPreference,
 	type LspStartupServerInfo,
 	loadSshTool,
@@ -123,6 +125,7 @@ import {
 	SearchTool,
 	setPreferredImageProvider,
 	setPreferredSearchProvider,
+	setSearchFallbackProviders,
 	type Tool,
 	type ToolSession,
 	WebSearchTool,
@@ -132,6 +135,7 @@ import {
 import { ToolContextStore } from "./tools/context";
 import { getImageGenTools } from "./tools/image-gen";
 import { wrapToolWithMetaNotice } from "./tools/output-meta";
+import { guardToolForUltragoalAsk } from "./tools/ultragoal-ask-guard";
 import { EventBus } from "./utils/event-bus";
 import { buildNamedToolChoice, buildNamedToolChoiceResult } from "./utils/tool-choice";
 import { buildWorkspaceTree, type WorkspaceTree } from "./workspace-tree";
@@ -864,6 +868,12 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 	if (typeof webSearchProvider === "string" && isSearchProviderPreference(webSearchProvider)) {
 		setPreferredSearchProvider(webSearchProvider);
 	}
+	const webSearchFallback = settings.get("web_search.fallback");
+	if (Array.isArray(webSearchFallback)) {
+		setSearchFallbackProviders(
+			webSearchFallback.filter(value => typeof value === "string" && isConfigurableSearchProviderId(value)),
+		);
+	}
 
 	const imageProvider = settings.get("providers.image");
 	if (
@@ -1124,7 +1134,7 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 						const formattedResult = await formatAsyncResultForFollowUp(result);
 						if (asyncJobManager!.isDeliverySuppressed(jobId)) return;
 
-						const durationMs = job ? Math.max(0, Date.now() - job.startTime) : undefined;
+						const durationMs = job ? jobElapsedMs(job) : undefined;
 						session.yieldQueue.enqueue<AsyncResultEntry>("async-result", {
 							jobId,
 							result: formattedResult,
@@ -1341,13 +1351,26 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 		}
 
 		// Extension/module discovery is quarantined; retain only the private
-		// runtime needed for explicitly supplied SDK extensions and custom tools.
+		// runtime needed for bundled product extensions, explicitly supplied SDK
+		// extension factories, and custom tools. Filesystem extension paths remain
+		// ignored here even when options.additionalExtensionPaths is supplied.
 		const extensionsResult: LoadExtensionsResult = options.preloadedExtensions ?? {
 			extensions: [],
 			errors: [],
 			runtime: new ExtensionRuntime(),
 		};
 
+		if (!extensionsResult.extensions.some(extension => extension.path === BUNDLED_GROK_BUILD_EXTENSION_ID)) {
+			const bundledGrokExtension = await loadExtensionFromFactory(
+				getBundledGrokBuildExtensionFactory(),
+				cwd,
+				eventBus,
+				extensionsResult.runtime,
+				BUNDLED_GROK_BUILD_EXTENSION_ID,
+			);
+			extensionsResult.extensions.push(bundledGrokExtension);
+		}
+
 		// Load inline extensions from factories
 		if (inlineExtensions.length > 0) {
 			for (let i = 0; i < inlineExtensions.length; i++) {
@@ -1792,7 +1815,9 @@ export async function createAgentSession(options: CreateAgentSessionOptions = {}
 
 		const initialTools = initialToolNames
 			.map(name => toolRegistry.get(name))
-			.filter((tool): tool is AgentTool => tool !== undefined);
+			.filter((tool): tool is AgentTool => tool !== undefined)
+			// AgentSession tool wrapping is not installed until after Agent construction.
+			.map(tool => guardToolForUltragoalAsk(tool, () => sessionManager.getCwd()));
 
 		const openaiWebsocketSetting = settings.get("providers.openaiWebsockets") ?? "off";
 		const preferOpenAICodexWebsockets =

package/src/session/agent-session.ts

@@ -240,6 +240,7 @@ import { normalizeLocalScheme, resolveToCwd } from "../tools/path-utils";
 import { getLatestTodoPhasesFromEntries, type TodoItem, type TodoPhase } from "../tools/todo-write";
 import { ToolAbortError, ToolError } from "../tools/tool-errors";
 import { clampTimeout } from "../tools/tool-timeouts";
+import { guardToolForUltragoalAsk } from "../tools/ultragoal-ask-guard";
 import { parseCommandArgs } from "../utils/command-args";
 import { type EditMode, resolveEditMode } from "../utils/edit-mode";
 import { resolveFileDisplayMode } from "../utils/file-display-mode";
@@ -322,7 +323,10 @@ function isUnderProjectGjc(cwd: string, targetPath: string): boolean {
 
 /** Listener function for agent session events */
 export type AgentSessionEventListener = (event: AgentSessionEvent) => void;
-export type AsyncJobSnapshotItem = Pick<AsyncJob, "id" | "type" | "status" | "label" | "startTime" | "metadata">;
+export type AsyncJobSnapshotItem = Pick<
+	AsyncJob,
+	"id" | "type" | "status" | "label" | "startTime" | "endTime" | "metadata"
+>;
 
 export interface AsyncJobSnapshot {
 	running: AsyncJobSnapshotItem[];
@@ -903,6 +907,7 @@ export class AgentSession {
 	// Compaction state
 	#compactionAbortController: AbortController | undefined = undefined;
 	#autoCompactionAbortController: AbortController | undefined = undefined;
+	#prePromptContextCheckPromise: Promise<void> | undefined = undefined;
 
 	// Branch summarization state
 	#branchSummaryAbortController: AbortController | undefined = undefined;
@@ -1182,6 +1187,7 @@ export class AgentSession {
 				};
 		this.agent.setProviderResponseInterceptor(this.#onResponse);
 		this.agent.setRawSseEventInterceptor(this.#onSseEvent);
+		this.#setGuardedAgentTools(this.agent.state.tools);
 		this.yieldQueue = new YieldQueue({
 			isStreaming: () => this.isStreaming,
 			injectStreaming: message => this.agent.followUp(message),
@@ -1563,6 +1569,7 @@ export class AgentSession {
 			status: job.status,
 			label: job.label,
 			startTime: job.startTime,
+			endTime: job.endTime,
 			metadata: job.metadata,
 		}));
 		const recent = manager.getRecentJobs(options?.recentLimit ?? 5, ownerFilter).map(job => ({
@@ -1571,6 +1578,7 @@ export class AgentSession {
 			status: job.status,
 			label: job.label,
 			startTime: job.startTime,
+			endTime: job.endTime,
 			metadata: job.metadata,
 		}));
 		const delivery = manager.getDeliveryState(ownerFilter);
@@ -3684,6 +3692,16 @@ export class AgentSession {
 		}) as T;
 	}
 
+	#prepareToolForExecution<T extends AgentTool>(tool: T): T {
+		return this.#wrapToolForDeepInterviewMutationGuard(
+			this.#wrapToolForAcpPermission(guardToolForUltragoalAsk(tool, () => this.sessionManager.getCwd())),
+		);
+	}
+
+	#setGuardedAgentTools(tools: AgentTool[]): void {
+		this.agent.setTools(tools.map(tool => this.#prepareToolForExecution(tool)));
+	}
+
 	async #applyActiveToolsByName(
 		toolNames: string[],
 		options?: { persistMCPSelection?: boolean; previousSelectedMCPToolNames?: string[] },
@@ -3695,7 +3713,7 @@ export class AgentSession {
 		for (const name of toolNames) {
 			const tool = this.#toolRegistry.get(name);
 			if (tool) {
-				tools.push(this.#wrapToolForDeepInterviewMutationGuard(this.#wrapToolForAcpPermission(tool)));
+				tools.push(tool);
 				validToolNames.push(name);
 			}
 		}
@@ -3712,7 +3730,7 @@ export class AgentSession {
 				this.#selectedDiscoveredToolNames.delete(name);
 			}
 		}
-		this.agent.setTools(tools);
+		this.#setGuardedAgentTools(tools);
 
 		// Active tool set changed → discoverable tool list (which excludes already-active tools)
 		// is now stale. Invalidate before any prompt-template hook reads the discovery list.
@@ -3970,6 +3988,9 @@ export class AgentSession {
 		if (uniqueToolNames.size !== nextToolNames.length) {
 			throw new Error("RPC host tool names must be unique");
 		}
+		if (uniqueToolNames.has("ask")) {
+			throw new Error('RPC host tool "ask" is reserved and cannot be supplied by the host');
+		}
 
 		for (const name of uniqueToolNames) {
 			if (this.#toolRegistry.has(name) && !this.#rpcHostToolNames.has(name)) {
@@ -4297,11 +4318,8 @@ export class AgentSession {
 		this.#toolRegistry.set(finalTool.name, finalTool);
 
 		if (!this.getActiveToolNames().includes(finalTool.name)) {
-			const activeTools = [
-				...this.agent.state.tools,
-				this.#wrapToolForDeepInterviewMutationGuard(this.#wrapToolForAcpPermission(finalTool)),
-			];
-			this.agent.setTools(activeTools);
+			const activeTools = [...this.agent.state.tools, finalTool];
+			this.#setGuardedAgentTools(activeTools);
 			this.#invalidateDiscoveryCaches();
 			void this.refreshBaseSystemPrompt().catch(error => {
 				logger.warn("Failed to refresh system prompt after workflow gate ask tool registration", {
@@ -4333,9 +4351,8 @@ export class AgentSession {
 		const activeToolNames = this.getActiveToolNames();
 		const activeTools = activeToolNames
 			.map(name => this.#toolRegistry.get(name))
-			.filter((tool): tool is AgentTool => tool !== undefined)
-			.map(tool => this.#wrapToolForAcpPermission(tool));
-		this.agent.setTools(activeTools);
+			.filter((tool): tool is AgentTool => tool !== undefined);
+		this.#setGuardedAgentTools(activeTools);
 	}
 
 	getCheckpointState(): CheckpointState | undefined {
@@ -4754,7 +4771,11 @@ export class AgentSession {
 				await this.#checkCompaction(lastAssistant, false);
 			}
 			if (!options?.skipCompactionCheck) {
-				await this.#checkEstimatedContextBeforePrompt();
+				await this.#checkEstimatedContextBeforePrompt([
+					...(options?.prependMessages ?? []),
+					message,
+					...this.#pendingNextTurnMessages,
+				]);
 			}
 
 			// Build messages array (session context, eager todo prelude, then active prompt message)
@@ -5219,7 +5240,9 @@ export class AgentSession {
 				}
 				await this.#syncSkillPromptActiveStateSafely(appMessage, true);
 				try {
-					await this.agent.prompt(appMessage);
+					await this.#promptWithMessage(appMessage, this.#getCustomMessageTextContent(appMessage), {
+						skipPostPromptRecoveryWait: true,
+					});
 				} finally {
 					await this.#syncSkillPromptActiveStateSafely(appMessage, false);
 				}
@@ -5243,7 +5266,9 @@ export class AgentSession {
 			}
 			await this.#syncSkillPromptActiveStateSafely(appMessage, true);
 			try {
-				await this.agent.prompt(appMessage);
+				await this.#promptWithMessage(appMessage, this.#getCustomMessageTextContent(appMessage), {
+					skipPostPromptRecoveryWait: true,
+				});
 			} finally {
 				await this.#syncSkillPromptActiveStateSafely(appMessage, false);
 			}
@@ -6546,7 +6571,23 @@ export class AgentSession {
 		}
 	}
 
-	async #checkEstimatedContextBeforePrompt(): Promise<void> {
+	async #checkEstimatedContextBeforePrompt(pendingMessages: readonly AgentMessage[] = []): Promise<void> {
+		if (this.#prePromptContextCheckPromise) {
+			await this.#prePromptContextCheckPromise;
+		}
+
+		const checkPromise = this.#checkEstimatedContextBeforePromptOnce(pendingMessages);
+		this.#prePromptContextCheckPromise = checkPromise;
+		try {
+			await checkPromise;
+		} finally {
+			if (this.#prePromptContextCheckPromise === checkPromise) {
+				this.#prePromptContextCheckPromise = undefined;
+			}
+		}
+	}
+
+	async #checkEstimatedContextBeforePromptOnce(pendingMessages: readonly AgentMessage[]): Promise<void> {
 		const model = this.model;
 		if (!model) return;
 		const contextWindow = model.contextWindow ?? 0;
@@ -6554,7 +6595,7 @@ export class AgentSession {
 		const compactionSettings = this.settings.getGroup("compaction");
 		if (!compactionSettings.enabled || compactionSettings.strategy === "off") return;
 
-		let contextTokens = this.#estimateContextTokens().tokens;
+		let contextTokens = this.#estimateContextTokensForCompaction(pendingMessages).tokens;
 		const maxOutputTokens = model.maxTokens ?? 0;
 		if (!shouldCompact(contextTokens, contextWindow, compactionSettings, maxOutputTokens)) return;
 
@@ -9144,7 +9185,7 @@ export class AgentSession {
 					error: String(mcpError),
 				});
 				this.#selectedMCPToolNames = new Set(previousSelectedMCPToolNames);
-				this.agent.setTools(previousTools);
+				this.#setGuardedAgentTools(previousTools);
 				this.#baseSystemPrompt = previousBaseSystemPrompt;
 				this.agent.setSystemPrompt(previousSystemPrompt);
 			}
@@ -9597,6 +9638,21 @@ export class AgentSession {
 	 */
 	#estimateContextTokens(): {
 		tokens: number;
+	} {
+		return this.#estimateContextTokensWith(message => this.#estimateMessageDisplayTokens(message));
+	}
+
+	#estimateContextTokensForCompaction(pendingMessages: readonly AgentMessage[]): {
+		tokens: number;
+	} {
+		const estimate = this.#estimateContextTokensWith(message => this.#estimateMessageNativeContextTokens(message));
+		return {
+			tokens: estimate.tokens + this.#estimateMessagesNativeContextTokens(pendingMessages),
+		};
+	}
+
+	#estimateContextTokensWith(estimateMessage: (message: AgentMessage) => number): {
+		tokens: number;
 	} {
 		const messages = this.messages;
 
@@ -9619,7 +9675,7 @@ export class AgentSession {
 			// No usage data - estimate all messages
 			let estimated = 0;
 			for (const message of messages) {
-				estimated += estimateMessageTokensHeuristic(message);
+				estimated += estimateMessage(message);
 			}
 			return {
 				tokens: estimated,
@@ -9629,7 +9685,7 @@ export class AgentSession {
 		const usageTokens = calculatePromptTokens(lastUsage);
 		let trailingTokens = 0;
 		for (let i = lastUsageIndex + 1; i < messages.length; i++) {
-			trailingTokens += estimateMessageTokensHeuristic(messages[i]);
+			trailingTokens += estimateMessage(messages[i]);
 		}
 
 		return {
@@ -9637,6 +9693,30 @@ export class AgentSession {
 		};
 	}
 
+	#estimateMessagesNativeContextTokens(messages: readonly AgentMessage[]): number {
+		let tokens = 0;
+		for (const message of messages) {
+			tokens += this.#estimateMessageNativeContextTokens(message);
+		}
+		return tokens;
+	}
+
+	#estimateMessageDisplayTokens(message: AgentMessage): number {
+		let tokens = 0;
+		for (const llmMessage of convertToLlm([message])) {
+			tokens += estimateMessageTokensHeuristic(llmMessage);
+		}
+		return tokens;
+	}
+
+	#estimateMessageNativeContextTokens(message: AgentMessage): number {
+		let tokens = 0;
+		for (const llmMessage of convertToLlm([message])) {
+			tokens += estimateTokens(llmMessage);
+		}
+		return tokens;
+	}
+
 	/**
 	 * Export session to HTML.
 	 * @param outputPath Optional output path (defaults to session directory)

package/src/session/blob-store.ts

@@ -267,7 +267,13 @@ export function externalizeImageDataSync(blobStore: BlobStore, base64Data: strin
 /**
  * Resolve an externalized provider image data URL back to its original string.
  * If the data is not a blob reference, returns it unchanged.
- * If the blob is missing, logs a warning and returns the reference as-is.
+ *
+ * LEGACY PERSISTED-IMAGE COMPATIBILITY BOUNDARY: when the persisted blob is missing
+ * (e.g. resuming an old session whose image blob was pruned), this warns and returns
+ * the reference as-is rather than throwing, so legacy resume degrades gracefully.
+ * New resident byte-sensitive TEXT uses the fail-closed path instead
+ * (`resolveTextBlobSync` -> `ResidentBlobMissingError`). Do NOT route new byte-sensitive
+ * resident data through this warn-and-return path.
  */
 export async function resolveImageDataUrl(blobStore: BlobStore, data: string): Promise<string> {
 	const hash = parseBlobRef(data);
@@ -284,7 +290,11 @@ export async function resolveImageDataUrl(blobStore: BlobStore, data: string): P
 /**
  * Resolve a blob reference back to base64 data.
  * If the data is not a blob reference, returns it unchanged.
- * If the blob is missing, logs a warning and returns a placeholder.
+ *
+ * LEGACY PERSISTED-IMAGE COMPATIBILITY BOUNDARY: when the blob is missing this warns
+ * and returns the reference as-is (downstream sees an invalid base64 ref but does not
+ * crash), preserving legacy-session resume. Byte-sensitive resident TEXT is fail-closed
+ * via `resolveTextBlobSync`; do NOT route new byte-sensitive resident data here.
  */
 export async function resolveImageData(blobStore: BlobStore, data: string): Promise<string> {
 	const hash = parseBlobRef(data);
@@ -322,7 +332,14 @@ export function resolveImageDataSync(blobStore: BlobStore, data: string): string
 	return buffer.toString("base64");
 }
 
-/** Synchronously resolve a blob reference back to utf8 text. */
+/**
+ * Synchronously resolve a blob reference back to utf8 text.
+ *
+ * FAIL-CLOSED byte-sensitive path: a missing resident blob throws
+ * `ResidentBlobMissingError` rather than degrading, so a missing resident text blob can
+ * never silently leak a `blob:sha256:` ref into provider payloads, UI, or exports.
+ * (Contrast the legacy persisted-image warn-and-return resolvers above.)
+ */
 export function resolveTextBlobSync(
 	blobStore: BlobStore,
 	data: string,
@@ -336,3 +353,42 @@ export function resolveTextBlobSync(
 	}
 	return buffer.toString("utf8");
 }
+
+/**
+ * FAIL-CLOSED resident variant of {@link resolveImageDataUrlSync}: a missing resident
+ * image-data-url blob throws `ResidentBlobMissingError` ("imageUrl") instead of warn-returning,
+ * so resident byte-sensitive provider image data can never leak a `blob:sha256:` ref into
+ * materialized entries, context, or provider payloads. The warn-and-return `resolveImageDataUrl*`
+ * resolvers remain ONLY for legacy persisted-image resume.
+ */
+export function resolveResidentImageDataUrlSync(
+	blobStore: BlobStore,
+	data: string,
+	context?: { sessionId?: string; sessionFile?: string },
+): string {
+	const hash = parseBlobRef(data);
+	if (!hash) return data;
+	const buffer = blobStore.getSync(hash);
+	if (!buffer) {
+		throw new ResidentBlobMissingError(hash, "imageUrl", context?.sessionId, context?.sessionFile);
+	}
+	return buffer.toString("utf8");
+}
+
+/**
+ * FAIL-CLOSED resident variant of {@link resolveImageDataSync}: a missing resident image blob
+ * throws `ResidentBlobMissingError` ("imageData") instead of warn-returning a placeholder.
+ */
+export function resolveResidentImageDataSync(
+	blobStore: BlobStore,
+	data: string,
+	context?: { sessionId?: string; sessionFile?: string },
+): string {
+	const hash = parseBlobRef(data);
+	if (!hash) return data;
+	const buffer = blobStore.getSync(hash);
+	if (!buffer) {
+		throw new ResidentBlobMissingError(hash, "imageData", context?.sessionId, context?.sessionFile);
+	}
+	return buffer.toString("base64");
+}

package/src/session/history-storage.ts

@@ -67,10 +67,14 @@ export class HistoryStorage {
 	// Prepared statements
 	#insertRowStmt: Statement;
 	#recentStmt: Statement;
+	#recentByCwdStmt: Statement;
 	#searchStmt: Statement;
+	#searchByCwdStmt: Statement;
 	#lastPromptStmt: Statement;
 	// Cache substring-fallback prepared statements keyed by token count.
 	#substringStmts = new Map<number, Statement>();
+	// Cache cwd-filtered substring-fallback statements keyed by token count.
+	#substringCwdStmts = new Map<number, Statement>();
 
 	// In-memory cache of last prompt to avoid sync DB reads on add
 	#lastPromptCache: string | null = null;
@@ -94,6 +98,7 @@ CREATE TABLE IF NOT EXISTS history (
 	cwd TEXT
 );
 CREATE INDEX IF NOT EXISTS idx_history_created_at ON history(created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_history_cwd_created_at ON history(cwd, created_at DESC);
 
 CREATE VIRTUAL TABLE IF NOT EXISTS history_fts USING fts5(prompt, content='history', content_rowid='id');
 
@@ -117,9 +122,15 @@ CREATE TRIGGER IF NOT EXISTS history_ai AFTER INSERT ON history BEGIN
 		this.#recentStmt = this.#db.prepare(
 			"SELECT id, prompt, created_at, cwd FROM history ORDER BY created_at DESC, id DESC LIMIT ?",
 		);
+		this.#recentByCwdStmt = this.#db.prepare(
+			"SELECT id, prompt, created_at, cwd FROM history WHERE cwd = ? ORDER BY created_at DESC, id DESC LIMIT ?",
+		);
 		this.#searchStmt = this.#db.prepare(
 			"SELECT h.id, h.prompt, h.created_at, h.cwd FROM history_fts f JOIN history h ON h.id = f.rowid WHERE history_fts MATCH ? ORDER BY h.created_at DESC, h.id DESC LIMIT ?",
 		);
+		this.#searchByCwdStmt = this.#db.prepare(
+			"SELECT h.id, h.prompt, h.created_at, h.cwd FROM history_fts f JOIN history h ON h.id = f.rowid WHERE history_fts MATCH ? AND h.cwd = ? ORDER BY h.created_at DESC, h.id DESC LIMIT ?",
+		);
 		this.#lastPromptStmt = this.#db.prepare("SELECT prompt FROM history ORDER BY id DESC LIMIT 1");
 
 		this.#insertRowStmt = this.#db.prepare("INSERT INTO history (prompt, cwd) VALUES (?, ?)");
@@ -158,12 +169,14 @@ CREATE TRIGGER IF NOT EXISTS history_ai AFTER INSERT ON history BEGIN
 		});
 	}
 
-	getRecent(limit: number): HistoryEntry[] {
+	getRecent(limit: number, cwd?: string): HistoryEntry[] {
 		const safeLimit = this.#normalizeLimit(limit);
 		if (safeLimit === 0) return [];
 
 		try {
-			const rows = this.#recentStmt.all(safeLimit) as HistoryRow[];
+			const rows = (
+				cwd === undefined ? this.#recentStmt.all(safeLimit) : this.#recentByCwdStmt.all(cwd, safeLimit)
+			) as HistoryRow[];
 			return rows.map(row => this.#toEntry(row));
 		} catch (error) {
 			logger.error("HistoryStorage getRecent failed", { error: String(error) });
@@ -171,7 +184,7 @@ CREATE TRIGGER IF NOT EXISTS history_ai AFTER INSERT ON history BEGIN
 		}
 	}
 
-	search(query: string, limit: number): HistoryEntry[] {
+	search(query: string, limit: number, cwd?: string): HistoryEntry[] {
 		const safeLimit = this.#normalizeLimit(limit);
 		if (safeLimit === 0) return [];
 
@@ -184,7 +197,11 @@ CREATE TRIGGER IF NOT EXISTS history_ai AFTER INSERT ON history BEGIN
 		const ftsQuery = tokens.map(tok => `"${tok.replace(/"/g, '""')}"*`).join(" ");
 		let ftsRows: HistoryRow[] = [];
 		try {
-			ftsRows = this.#searchStmt.all(ftsQuery, safeLimit) as HistoryRow[];
+			ftsRows = (
+				cwd === undefined
+					? this.#searchStmt.all(ftsQuery, safeLimit)
+					: this.#searchByCwdStmt.all(ftsQuery, cwd, safeLimit)
+			) as HistoryRow[];
 		} catch (error) {
 			// Malformed FTS expression - fall through to substring path.
 			logger.debug("HistoryStorage FTS query failed, using substring only", { error: String(error) });
@@ -199,7 +216,7 @@ CREATE TRIGGER IF NOT EXISTS history_ai AFTER INSERT ON history BEGIN
 		//    by safeLimit, ordered by recency - no full-table load into JS.
 		let subRows: HistoryRow[] = [];
 		try {
-			subRows = this.#searchSubstring(tokens, safeLimit);
+			subRows = this.#searchSubstring(tokens, safeLimit, cwd);
 		} catch (error) {
 			logger.error("HistoryStorage substring search failed", { error: String(error) });
 		}
@@ -250,6 +267,7 @@ CREATE TABLE history (
 	cwd TEXT
 );
 CREATE INDEX IF NOT EXISTS idx_history_created_at ON history(created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_history_cwd_created_at ON history(cwd, created_at DESC);
 INSERT INTO history (id, prompt, created_at, cwd)
 SELECT id, prompt, created_at, cwd
 FROM history_legacy;
@@ -282,21 +300,24 @@ END;
 			.filter(tok => tok.length > 0);
 	}
 
-	#searchSubstring(tokens: string[], limit: number): HistoryRow[] {
-		const stmt = this.#getSubstringStmt(tokens.length);
+	#searchSubstring(tokens: string[], limit: number, cwd?: string): HistoryRow[] {
+		const stmt = this.#getSubstringStmt(tokens.length, cwd !== undefined);
 		const params: unknown[] = tokens.map(tok => `%${escapeLikePattern(tok)}%`);
+		if (cwd !== undefined) params.push(cwd);
 		params.push(limit);
 		return stmt.all(...(params as [string, ...unknown[]])) as HistoryRow[];
 	}
 
-	#getSubstringStmt(tokenCount: number): Statement {
-		let stmt = this.#substringStmts.get(tokenCount);
+	#getSubstringStmt(tokenCount: number, withCwd: boolean): Statement {
+		const cache = withCwd ? this.#substringCwdStmts : this.#substringStmts;
+		let stmt = cache.get(tokenCount);
 		if (stmt) return stmt;
 		const whereClause = Array(tokenCount).fill("prompt LIKE ? ESCAPE '\\' COLLATE NOCASE").join(" AND ");
+		const cwdClause = withCwd ? " AND cwd = ?" : "";
 		stmt = this.#db.prepare(
-			`SELECT id, prompt, created_at, cwd FROM history WHERE ${whereClause} ORDER BY created_at DESC, id DESC LIMIT ?`,
+			`SELECT id, prompt, created_at, cwd FROM history WHERE ${whereClause}${cwdClause} ORDER BY created_at DESC, id DESC LIMIT ?`,
 		);
-		this.#substringStmts.set(tokenCount, stmt);
+		cache.set(tokenCount, stmt);
 		return stmt;
 	}