@oh-my-pi/pi-coding-agent 15.9.1 → 15.9.5

package/src/tools/archive-reader.ts

@@ -1,10 +1,6 @@
-import { ToolError } from "./tool-errors";
+import { inflateSync, strFromU8 } from "fflate";
 
-let fflateModulePromise: Promise<typeof import("fflate")> | undefined;
-async function loadFflate(): Promise<typeof import("fflate")> {
-	if (!fflateModulePromise) fflateModulePromise = import("fflate");
-	return fflateModulePromise;
-}
+import { ToolError } from "./tool-errors";
 
 export type ArchiveFormat = "zip" | "tar" | "tar.gz";
 
@@ -35,7 +31,11 @@ interface TarStorage {
 
 interface ZipStorage {
 	type: "zip";
-	bytes: Uint8Array;
+	archivePath: string;
+	compressedSize: number;
+	compression: number;
+	flags: number;
+	localHeaderOffset: number;
 }
 
 type EntryStorage = TarStorage | ZipStorage;
@@ -123,6 +123,321 @@ function getArchiveFormatFromPath(filePath: string): ArchiveFormat | undefined {
 	return undefined;
 }
 
+const ZIP_LOCAL_FILE_HEADER_SIGNATURE = 0x04034b50;
+const ZIP_CENTRAL_DIRECTORY_HEADER_SIGNATURE = 0x02014b50;
+const ZIP64_EOCD_SIGNATURE = 0x06064b50;
+const ZIP64_EOCD_LOCATOR_SIGNATURE = 0x07064b50;
+const ZIP_EOCD_SIGNATURE = 0x06054b50;
+const ZIP_EOCD_MIN_LENGTH = 22;
+const ZIP_EOCD_MAX_COMMENT_LENGTH = 0xffff;
+const ZIP64_EOCD_LOCATOR_LENGTH = 20;
+const ZIP_STORED_COMPRESSION = 0;
+const ZIP_DEFLATE_COMPRESSION = 8;
+const ZIP_UTF8_FLAG = 0x0800;
+const ZIP_ENCRYPTED_FLAG = 0x0001;
+const ZIP_UINT16_MAX = 0xffff;
+const ZIP_UINT32_MAX = 0xffffffff;
+const ZIP_UINT32_RANGE = 0x100000000;
+
+interface ZipCentralDirectoryInfo {
+	entries: number;
+	offset: number;
+	size: number;
+}
+
+interface Zip64EntryValues {
+	compressedSize: number;
+	uncompressedSize: number;
+	localHeaderOffset: number;
+	diskStart: number;
+}
+
+interface Zip64EntryPlaceholders {
+	compressedSize: boolean;
+	uncompressedSize: boolean;
+	localHeaderOffset: boolean;
+	diskStart: boolean;
+}
+
+function readUInt16LE(bytes: Uint8Array, offset: number): number {
+	return bytes[offset]! | (bytes[offset + 1]! << 8);
+}
+
+function readUInt32LE(bytes: Uint8Array, offset: number): number {
+	return (bytes[offset]! | (bytes[offset + 1]! << 8) | (bytes[offset + 2]! << 16) | (bytes[offset + 3]! << 24)) >>> 0;
+}
+
+function readUInt64LEAsNumber(bytes: Uint8Array, offset: number): number {
+	const value = readUInt32LE(bytes, offset) + readUInt32LE(bytes, offset + 4) * ZIP_UINT32_RANGE;
+	if (!Number.isSafeInteger(value)) {
+		throw new ToolError("ZIP archive uses offsets or sizes too large to read safely");
+	}
+	return value;
+}
+
+async function readZipRange(filePath: string, start: number, end: number): Promise<Uint8Array> {
+	if (!Number.isSafeInteger(start) || !Number.isSafeInteger(end) || start < 0 || end < start) {
+		throw new ToolError("Invalid ZIP archive range");
+	}
+
+	const bytes = await Bun.file(filePath).slice(start, end).bytes();
+	if (bytes.byteLength !== end - start) {
+		throw new ToolError("Invalid ZIP archive: truncated data");
+	}
+	return bytes;
+}
+
+function findEndOfCentralDirectory(tail: Uint8Array): number {
+	for (let offset = tail.byteLength - ZIP_EOCD_MIN_LENGTH; offset >= 0; offset--) {
+		if (readUInt32LE(tail, offset) !== ZIP_EOCD_SIGNATURE) continue;
+		const commentLength = readUInt16LE(tail, offset + 20);
+		if (offset + ZIP_EOCD_MIN_LENGTH + commentLength === tail.byteLength) return offset;
+	}
+
+	throw new ToolError("Invalid ZIP archive: missing end of central directory");
+}
+
+async function readZip64CentralDirectoryInfo(
+	filePath: string,
+	tail: Uint8Array,
+	tailStart: number,
+	eocdOffset: number,
+): Promise<ZipCentralDirectoryInfo | undefined> {
+	const locatorOffset = eocdOffset - ZIP64_EOCD_LOCATOR_LENGTH;
+	if (locatorOffset < 0) return undefined;
+
+	const locator =
+		locatorOffset >= tailStart
+			? tail.subarray(locatorOffset - tailStart, locatorOffset - tailStart + ZIP64_EOCD_LOCATOR_LENGTH)
+			: await readZipRange(filePath, locatorOffset, eocdOffset);
+	if (readUInt32LE(locator, 0) !== ZIP64_EOCD_LOCATOR_SIGNATURE) return undefined;
+
+	const zip64EocdDisk = readUInt32LE(locator, 4);
+	const zip64EocdOffset = readUInt64LEAsNumber(locator, 8);
+	const totalDisks = readUInt32LE(locator, 16);
+	if (zip64EocdDisk !== 0 || totalDisks > 1) {
+		throw new ToolError("Multi-disk ZIP archives are not supported");
+	}
+
+	const record = await readZipRange(filePath, zip64EocdOffset, zip64EocdOffset + 56);
+	if (readUInt32LE(record, 0) !== ZIP64_EOCD_SIGNATURE) {
+		throw new ToolError("Invalid ZIP archive: missing ZIP64 end of central directory");
+	}
+	if (readUInt32LE(record, 16) !== 0 || readUInt32LE(record, 20) !== 0) {
+		throw new ToolError("Multi-disk ZIP archives are not supported");
+	}
+
+	return {
+		entries: readUInt64LEAsNumber(record, 32),
+		size: readUInt64LEAsNumber(record, 40),
+		offset: readUInt64LEAsNumber(record, 48),
+	};
+}
+
+async function readZipCentralDirectoryInfo(filePath: string, fileSize: number): Promise<ZipCentralDirectoryInfo> {
+	if (fileSize < ZIP_EOCD_MIN_LENGTH) {
+		throw new ToolError("Invalid ZIP archive: missing end of central directory");
+	}
+
+	const tailLength = Math.min(fileSize, ZIP_EOCD_MIN_LENGTH + ZIP_EOCD_MAX_COMMENT_LENGTH);
+	const tailStart = fileSize - tailLength;
+	const tail = await readZipRange(filePath, tailStart, fileSize);
+	const eocdIndex = findEndOfCentralDirectory(tail);
+	const eocdOffset = tailStart + eocdIndex;
+
+	if (readUInt16LE(tail, eocdIndex + 4) !== 0 || readUInt16LE(tail, eocdIndex + 6) !== 0) {
+		throw new ToolError("Multi-disk ZIP archives are not supported");
+	}
+
+	let entries = readUInt16LE(tail, eocdIndex + 10);
+	let size = readUInt32LE(tail, eocdIndex + 12);
+	let offset = readUInt32LE(tail, eocdIndex + 16);
+	const needsZip64 = entries === ZIP_UINT16_MAX || size === ZIP_UINT32_MAX || offset === ZIP_UINT32_MAX;
+	const zip64Info = await readZip64CentralDirectoryInfo(filePath, tail, tailStart, eocdOffset);
+	if (zip64Info) {
+		({ entries, size, offset } = zip64Info);
+	} else if (needsZip64) {
+		throw new ToolError("Invalid ZIP archive: missing ZIP64 central directory metadata");
+	}
+
+	if (offset + size > fileSize) {
+		throw new ToolError("Invalid ZIP archive: central directory exceeds file size");
+	}
+
+	return { entries, offset, size };
+}
+
+function readZip64EntryValues(
+	extra: Uint8Array,
+	placeholders: Zip64EntryPlaceholders,
+	current: Zip64EntryValues,
+): Zip64EntryValues {
+	if (
+		!placeholders.compressedSize &&
+		!placeholders.uncompressedSize &&
+		!placeholders.localHeaderOffset &&
+		!placeholders.diskStart
+	) {
+		return current;
+	}
+
+	let offset = 0;
+	while (offset + 4 <= extra.byteLength) {
+		const headerId = readUInt16LE(extra, offset);
+		const dataSize = readUInt16LE(extra, offset + 2);
+		const dataStart = offset + 4;
+		const dataEnd = dataStart + dataSize;
+		if (dataEnd > extra.byteLength) {
+			throw new ToolError("Invalid ZIP archive: malformed extra field");
+		}
+
+		if (headerId === 0x0001) {
+			let cursor = dataStart;
+			let uncompressedSize = current.uncompressedSize;
+			let compressedSize = current.compressedSize;
+			let localHeaderOffset = current.localHeaderOffset;
+			let diskStart = current.diskStart;
+
+			if (placeholders.uncompressedSize) {
+				if (cursor + 8 > dataEnd) throw new ToolError("Invalid ZIP archive: malformed ZIP64 extra field");
+				uncompressedSize = readUInt64LEAsNumber(extra, cursor);
+				cursor += 8;
+			}
+			if (placeholders.compressedSize) {
+				if (cursor + 8 > dataEnd) throw new ToolError("Invalid ZIP archive: malformed ZIP64 extra field");
+				compressedSize = readUInt64LEAsNumber(extra, cursor);
+				cursor += 8;
+			}
+			if (placeholders.localHeaderOffset) {
+				if (cursor + 8 > dataEnd) throw new ToolError("Invalid ZIP archive: malformed ZIP64 extra field");
+				localHeaderOffset = readUInt64LEAsNumber(extra, cursor);
+				cursor += 8;
+			}
+			if (placeholders.diskStart) {
+				if (cursor + 4 > dataEnd) throw new ToolError("Invalid ZIP archive: malformed ZIP64 extra field");
+				diskStart = readUInt32LE(extra, cursor);
+			}
+
+			return { compressedSize, uncompressedSize, localHeaderOffset, diskStart };
+		}
+
+		offset = dataEnd;
+	}
+
+	throw new ToolError("Invalid ZIP archive: missing ZIP64 extra field");
+}
+
+function parseZipCentralDirectory(
+	filePath: string,
+	centralDirectory: Uint8Array,
+	expectedEntries: number,
+): ArchiveIndexEntry[] {
+	const entries: ArchiveIndexEntry[] = [];
+	let offset = 0;
+
+	for (let index = 0; index < expectedEntries; index++) {
+		if (offset + 46 > centralDirectory.byteLength) {
+			throw new ToolError("Invalid ZIP archive: truncated central directory");
+		}
+		if (readUInt32LE(centralDirectory, offset) !== ZIP_CENTRAL_DIRECTORY_HEADER_SIGNATURE) {
+			throw new ToolError("Invalid ZIP archive: malformed central directory");
+		}
+
+		const flags = readUInt16LE(centralDirectory, offset + 8);
+		const compression = readUInt16LE(centralDirectory, offset + 10);
+		const compressedSizeRaw = readUInt32LE(centralDirectory, offset + 20);
+		const uncompressedSizeRaw = readUInt32LE(centralDirectory, offset + 24);
+		const fileNameLength = readUInt16LE(centralDirectory, offset + 28);
+		const extraLength = readUInt16LE(centralDirectory, offset + 30);
+		const commentLength = readUInt16LE(centralDirectory, offset + 32);
+		const diskStartRaw = readUInt16LE(centralDirectory, offset + 34);
+		const localHeaderOffsetRaw = readUInt32LE(centralDirectory, offset + 42);
+		const nameStart = offset + 46;
+		const extraStart = nameStart + fileNameLength;
+		const entryEnd = extraStart + extraLength + commentLength;
+		if (entryEnd > centralDirectory.byteLength) {
+			throw new ToolError("Invalid ZIP archive: truncated central directory entry");
+		}
+
+		const rawPath = strFromU8(centralDirectory.subarray(nameStart, extraStart), (flags & ZIP_UTF8_FLAG) === 0);
+		const normalizedPath = normalizeArchiveEntryPath(rawPath);
+		if (normalizedPath) {
+			const values = readZip64EntryValues(
+				centralDirectory.subarray(extraStart, extraStart + extraLength),
+				{
+					compressedSize: compressedSizeRaw === ZIP_UINT32_MAX,
+					uncompressedSize: uncompressedSizeRaw === ZIP_UINT32_MAX,
+					localHeaderOffset: localHeaderOffsetRaw === ZIP_UINT32_MAX,
+					diskStart: diskStartRaw === ZIP_UINT16_MAX,
+				},
+				{
+					compressedSize: compressedSizeRaw,
+					uncompressedSize: uncompressedSizeRaw,
+					localHeaderOffset: localHeaderOffsetRaw,
+					diskStart: diskStartRaw,
+				},
+			);
+			if (values.diskStart !== 0) {
+				throw new ToolError("Multi-disk ZIP archives are not supported");
+			}
+
+			const isDirectory = isArchiveDirectoryName(rawPath);
+			entries.push({
+				path: normalizedPath,
+				isDirectory,
+				size: isDirectory ? 0 : values.uncompressedSize,
+				storage: isDirectory
+					? undefined
+					: {
+							type: "zip",
+							archivePath: filePath,
+							compressedSize: values.compressedSize,
+							compression,
+							flags,
+							localHeaderOffset: values.localHeaderOffset,
+						},
+			});
+		}
+
+		offset = entryEnd;
+	}
+
+	return entries;
+}
+
+async function readZipFileBytes(storage: ZipStorage, uncompressedSize: number): Promise<Uint8Array> {
+	if ((storage.flags & ZIP_ENCRYPTED_FLAG) !== 0) {
+		throw new ToolError("Encrypted ZIP entries are not supported");
+	}
+
+	const localHeader = await readZipRange(
+		storage.archivePath,
+		storage.localHeaderOffset,
+		storage.localHeaderOffset + 30,
+	);
+	if (readUInt32LE(localHeader, 0) !== ZIP_LOCAL_FILE_HEADER_SIGNATURE) {
+		throw new ToolError("Invalid ZIP archive: malformed local file header");
+	}
+
+	const fileNameLength = readUInt16LE(localHeader, 26);
+	const extraLength = readUInt16LE(localHeader, 28);
+	const dataStart = storage.localHeaderOffset + 30 + fileNameLength + extraLength;
+	const compressedBytes = await readZipRange(storage.archivePath, dataStart, dataStart + storage.compressedSize);
+
+	if (storage.compression === ZIP_STORED_COMPRESSION) {
+		return compressedBytes;
+	}
+	if (storage.compression !== ZIP_DEFLATE_COMPRESSION) {
+		throw new ToolError(`Unsupported ZIP compression method: ${storage.compression}`);
+	}
+
+	try {
+		return inflateSync(compressedBytes, { out: new Uint8Array(uncompressedSize) });
+	} catch (error) {
+		throw new ToolError(error instanceof Error ? error.message : String(error));
+	}
+}
+
 async function readTarEntries(bytes: Uint8Array): Promise<ArchiveIndexEntry[]> {
 	let archive: Bun.Archive;
 	try {
@@ -155,29 +470,19 @@ async function readTarEntries(bytes: Uint8Array): Promise<ArchiveIndexEntry[]> {
 	return entries;
 }
 
-async function readZipEntries(bytes: Uint8Array): Promise<ArchiveIndexEntry[]> {
-	const { unzipSync } = await loadFflate();
-	let files: Record<string, Uint8Array>;
-	try {
-		files = unzipSync(bytes);
-	} catch (error) {
-		throw new ToolError(error instanceof Error ? error.message : String(error));
+async function readZipEntries(filePath: string): Promise<ArchiveIndexEntry[]> {
+	const fileSize = Bun.file(filePath).size;
+	if (!Number.isSafeInteger(fileSize)) {
+		throw new ToolError("ZIP archive is too large to read safely");
 	}
 
-	const entries: ArchiveIndexEntry[] = [];
-	for (const [rawPath, fileBytes] of Object.entries(files)) {
-		const normalizedPath = normalizeArchiveEntryPath(rawPath);
-		if (!normalizedPath) continue;
-		const isDirectory = isArchiveDirectoryName(rawPath);
-		entries.push({
-			path: normalizedPath,
-			isDirectory,
-			size: isDirectory ? 0 : fileBytes.byteLength,
-			storage: isDirectory ? undefined : { type: "zip", bytes: fileBytes },
-		});
-	}
-
-	return entries;
+	const directoryInfo = await readZipCentralDirectoryInfo(filePath, fileSize);
+	const centralDirectory = await readZipRange(
+		filePath,
+		directoryInfo.offset,
+		directoryInfo.offset + directoryInfo.size,
+	);
+	return parseZipCentralDirectory(filePath, centralDirectory, directoryInfo.entries);
 }
 
 export function parseArchivePathCandidates(filePath: string): ArchivePathCandidate[] {
@@ -297,7 +602,10 @@ export class ArchiveReader {
 			throw new ToolError(`Archive file '${normalizedPath}' has no readable storage`);
 		}
 
-		const bytes = entry.storage.type === "tar" ? await entry.storage.file.bytes() : entry.storage.bytes;
+		const bytes =
+			entry.storage.type === "tar"
+				? await entry.storage.file.bytes()
+				: await readZipFileBytes(entry.storage, entry.size);
 
 		return {
 			path: entry.path,
@@ -315,7 +623,7 @@ export async function openArchive(filePath: string): Promise<ArchiveReader> {
 		throw new ToolError(`Unsupported archive format: ${filePath}`);
 	}
 
-	const bytes = await Bun.file(filePath).bytes();
-	const entries = format === "zip" ? await readZipEntries(bytes) : await readTarEntries(bytes);
+	const entries =
+		format === "zip" ? await readZipEntries(filePath) : await readTarEntries(await Bun.file(filePath).bytes());
 	return new ArchiveReader(format, entries);
 }

package/src/tools/bash.ts

@@ -10,7 +10,6 @@ import type { Component } from "@oh-my-pi/pi-tui";
 import { ImageProtocol, TERMINAL } from "@oh-my-pi/pi-tui";
 import { getProjectDir, isEnoent, logger, prompt } from "@oh-my-pi/pi-utils";
 import * as z from "zod/v4";
-import { AsyncJobManager } from "../async";
 import { type BashResult, executeBash } from "../exec/bash-executor";
 import type { RenderResultOptions } from "../extensibility/custom-tools/types";
 import { InternalUrlRouter } from "../internal-urls";
@@ -489,7 +488,7 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 		onUpdate?: AgentToolUpdateCallback<BashToolDetails>;
 		startBackgrounded: boolean;
 	}): ManagedBashJobHandle {
-		const manager = AsyncJobManager.instance();
+		const manager = this.session.asyncJobManager;
 		if (!manager) {
 			throw new ToolError("Background job manager unavailable for this session.");
 		}
@@ -716,7 +715,7 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 		if (timeoutClampNotice) pendingNotices.push(timeoutClampNotice);
 
 		if (asyncRequested) {
-			if (!AsyncJobManager.instance()) {
+			if (!this.session.asyncJobManager) {
 				throw new ToolError("Async job manager unavailable for this session.");
 			}
 			const job = this.#startManagedBashJob({
@@ -737,7 +736,7 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 			});
 		}
 
-		const autoBgManager = AsyncJobManager.instance();
+		const autoBgManager = this.session.asyncJobManager;
 		if (this.#autoBackgroundEnabled && !pty && autoBgManager) {
 			const autoBackgroundWaitMs = this.#resolveAutoBackgroundWaitMs(timeoutMs);
 			const startBackgrounded = autoBackgroundWaitMs === 0;

package/src/tools/fetch.ts

@@ -13,7 +13,7 @@ import { type Theme, theme } from "../modes/theme/theme";
 import type { ToolSession } from "../sdk";
 import type { AgentStorage } from "../session/agent-storage";
 import { DEFAULT_MAX_BYTES, truncateHead } from "../session/streaming-output";
-import { renderStatusLine } from "../tui";
+import { renderStatusLine, urlHyperlink } from "../tui";
 import { CachedOutputBlock } from "../tui/output-block";
 import { formatDimensionNote, resizeImage } from "../utils/image-resize";
 import { ensureTool } from "../utils/tools-manager";
@@ -1437,6 +1437,27 @@ function countNonEmptyLines(text: string): number {
 	return text.split("\n").filter(l => l.trim()).length;
 }
 
+function readUrlLinkTarget(input: string): string {
+	try {
+		return parseReadUrlTarget(input)?.path ?? input;
+	} catch {
+		return input;
+	}
+}
+
+function formatReadUrlDescription(input: string): string {
+	const target = readUrlLinkTarget(input);
+	const displayUrl = target.match(/^www\./i) ? `https://${target}` : target;
+	const domain = getDomain(displayUrl);
+	const urlPath = truncate(displayUrl.replace(/^https?:\/\/[^/]+/, ""), 50, "…");
+	const label = `${domain}${urlPath ? ` ${urlPath}` : ""}`.trim();
+	return urlHyperlink(target, label);
+}
+
+function formatReadUrlMetadataValue(url: string, uiTheme: Theme): string {
+	return urlHyperlink(url, uiTheme.fg("mdLinkUrl", url));
+}
+
 /** Render URL read call (URL preview) */
 export function renderReadUrlCall(
 	args: { path?: string; url?: string; raw?: boolean },
@@ -1444,9 +1465,7 @@ export function renderReadUrlCall(
 	uiTheme: Theme = theme,
 ): Component {
 	const url = args.path ?? args.url ?? "";
-	const domain = getDomain(url);
-	const path = truncate(url.replace(/^https?:\/\/[^/]+/, ""), 50, "…");
-	const description = `${domain}${path ? ` ${path}` : ""}`.trim();
+	const description = formatReadUrlDescription(url);
 	const meta: string[] = [];
 	if (args.raw) meta.push("raw");
 	const text = renderStatusLine({ icon: "pending", title: "Read", description, meta }, uiTheme);
@@ -1465,7 +1484,7 @@ export function renderReadUrlResult(
 		const rawErrorText = result.content?.find(c => c.type === "text")?.text ?? "";
 		const errorText = (rawErrorText || "No response data").replace(/^Error:\s*/, "");
 		const urlText = details?.finalUrl ?? details?.url ?? "";
-		const description = urlText ? `${getDomain(urlText)}${urlText.replace(/^https?:\/\/[^/]+/, "")}` : undefined;
+		const description = urlText ? formatReadUrlDescription(urlText) : undefined;
 		const header = renderStatusLine({ icon: "error", title: "Read", description }, uiTheme);
 		const errorLines = errorText.split("\n").map(line => uiTheme.fg("error", replaceTabs(line)));
 		const outputBlock = new CachedOutputBlock();
@@ -1476,8 +1495,7 @@ export function renderReadUrlResult(
 		};
 	}
 
-	const domain = getDomain(details.finalUrl);
-	const path = truncate(details.finalUrl.replace(/^https?:\/\/[^/]+/, ""), 50, "…");
+	const description = formatReadUrlDescription(details.finalUrl);
 	const hasRedirect = details.url !== details.finalUrl;
 	const hasNotes = details.notes.length > 0;
 	const truncation = details.meta?.truncation;
@@ -1487,7 +1505,7 @@ export function renderReadUrlResult(
 		{
 			icon: truncated ? "warning" : "success",
 			title: "Read",
-			description: `${domain}${path ? ` ${path}` : ""}`,
+			description,
 		},
 		uiTheme,
 	);
@@ -1505,7 +1523,9 @@ export function renderReadUrlResult(
 		`${uiTheme.fg("muted", "Method:")} ${details.method}`,
 	];
 	if (hasRedirect) {
-		metadataLines.push(`${uiTheme.fg("muted", "Final URL:")} ${uiTheme.fg("mdLinkUrl", details.finalUrl)}`);
+		metadataLines.push(
+			`${uiTheme.fg("muted", "Final URL:")} ${formatReadUrlMetadataValue(details.finalUrl, uiTheme)}`,
+		);
 	}
 	const lineLabel = `${lineCount} line${lineCount === 1 ? "" : "s"}`;
 	metadataLines.push(`${uiTheme.fg("muted", "Lines:")} ${lineLabel}`);

package/src/tools/gh.ts

@@ -792,6 +792,18 @@ function repoFromRepositoryUrl(value: string | undefined): string | undefined {
 	return value.slice(REPO_API_URL_PREFIX.length);
 }
 
+function githubRepoSlugEquals(left: string | undefined, right: string): boolean {
+	if (left === undefined || left.length !== right.length) return false;
+	for (let idx = 0; idx < left.length; idx += 1) {
+		let leftCode = left.charCodeAt(idx);
+		let rightCode = right.charCodeAt(idx);
+		if (leftCode >= 65 && leftCode <= 90) leftCode += 32;
+		if (rightCode >= 65 && rightCode <= 90) rightCode += 32;
+		if (leftCode !== rightCode) return false;
+	}
+	return true;
+}
+
 function apiUserToGhUser(user: GhApiUser | null | undefined): GhUser | undefined {
 	if (!user) return undefined;
 	const login = user.login ?? undefined;
@@ -1646,7 +1658,7 @@ async function resolveGitHubRepo(
 	runRepo: string | undefined,
 	signal?: AbortSignal,
 ): Promise<string> {
-	if (repo && runRepo && repo !== runRepo) {
+	if (repo && runRepo && !githubRepoSlugEquals(repo, runRepo)) {
 		throw new ToolError("run URL repository does not match the provided repo");
 	}
 
@@ -1712,6 +1724,33 @@ export async function resolveDefaultRepoMemoized(cwd: string, signal?: AbortSign
 	return untilAborted(signal, pending);
 }
 
+/**
+ * Best-effort cached cwd → `owner/repo` resolution that swallows any failure
+ * (not a git checkout, no GitHub remote, `gh` unauthenticated, …) into
+ * `undefined`. Use where the cwd repo is a convenience fallback, not a safety
+ * check.
+ */
+async function tryResolveCurrentRepo(cwd: string, signal: AbortSignal | undefined): Promise<string | undefined> {
+	try {
+		return await resolveDefaultRepoMemoized(cwd, signal);
+	} catch {
+		return undefined;
+	}
+}
+
+/**
+ * Best-effort fresh cwd → `owner/repo` resolution for safety checks that must
+ * reflect the repository currently mounted at `cwd`, not the process-lifetime
+ * default-repo cache.
+ */
+async function tryResolveCurrentRepoFresh(cwd: string, signal: AbortSignal | undefined): Promise<string | undefined> {
+	try {
+		return await resolveGitHubRepo(cwd, undefined, undefined, signal);
+	} catch {
+		return undefined;
+	}
+}
+
 /**
  * Matches search-query qualifiers that already scope to a repository, org, or
  * user. When present, callers should avoid layering a default `repo:<current>`
@@ -1738,11 +1777,7 @@ async function resolveSearchRepoScope(
 ): Promise<string | undefined> {
 	if (repo) return repo;
 	if (query && REPO_SCOPE_QUALIFIER_PATTERN.test(query)) return undefined;
-	try {
-		return await resolveDefaultRepoMemoized(cwd, signal);
-	} catch {
-		return undefined;
-	}
+	return tryResolveCurrentRepo(cwd, signal);
 }
 
 async function resolveGitHubBranchHead(
@@ -3338,8 +3373,9 @@ async function executeRunWatch(
 	onUpdate: AgentToolUpdateCallback<GhToolDetails> | undefined,
 ): Promise<AgentToolResult<GhToolDetails>> {
 	const branchInput = normalizeOptionalString(params.branch);
+	const explicitRepo = normalizeOptionalString(params.repo);
 	const runReference = parseRunReference(params.run);
-	const repo = await resolveGitHubRepo(session.cwd, undefined, runReference.repo, signal);
+	const repo = await resolveGitHubRepo(session.cwd, explicitRepo, runReference.repo, signal);
 	const intervalSeconds = RUN_WATCH_INTERVAL_DEFAULT;
 	const graceSeconds = RUN_WATCH_GRACE_DEFAULT;
 	const tail = resolveTailLimit(params.tail);
@@ -3419,10 +3455,28 @@ async function executeRunWatch(
 		}
 	}
 
-	const branch = branchInput ?? (await requireCurrentGitBranch(session.cwd, signal));
-	const headSha = branchInput
-		? await resolveGitHubBranchHead(session.cwd, repo, branch, signal)
-		: await requireCurrentGitHead(session.cwd, signal);
+	let branch: string;
+	let headSha: string;
+	if (branchInput) {
+		branch = branchInput;
+		headSha = await resolveGitHubBranchHead(session.cwd, repo, branch, signal);
+	} else {
+		// No branch/run selector — derive the commit from the current checkout,
+		// but only when cwd actually points at `repo`. Otherwise we'd watch an
+		// unrelated commit SHA against the explicit repo and silently stream a
+		// confident wrong-repo status (issue #1949). GitHub `owner/repo` slugs
+		// are case-insensitive — `gh repo view` returns the canonical casing
+		// while callers may pass any casing — so the equality check normalizes
+		// both sides before deciding the cwd is a different repo (PR #1951).
+		const cwdRepo = await tryResolveCurrentRepoFresh(session.cwd, signal);
+		if (!githubRepoSlugEquals(cwdRepo, repo)) {
+			throw new ToolError(
+				`Cannot infer the watched commit for ${repo}: current checkout is ${cwdRepo ?? "not a GitHub repository"}. Pass \`branch\` or \`run\` to scope the watch.`,
+			);
+		}
+		branch = await requireCurrentGitBranch(session.cwd, signal);
+		headSha = await requireCurrentGitHead(session.cwd, signal);
+	}
 	let pollCount = 0;
 	let settledSuccessSignature: string | undefined;