context-mode 1.0.103 → 1.0.105

package/configs/antigravity/GEMINI.md

@@ -40,6 +40,17 @@ Use `mcp__context-mode__ctx_execute(language: "shell", code: "grep ...")` in san
 4. **WEB**: `mcp__context-mode__ctx_fetch_and_index(url, source)` then `mcp__context-mode__ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `mcp__context-mode__ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `mcp__context-mode__ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `mcp__context-mode__ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/claude-code/CLAUDE.md

@@ -40,6 +40,17 @@ Use `ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 4. **WEB**: `ctx_fetch_and_index(url, source)` then `ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Subagent routing
 
 Routing block auto-injected into subagent prompts. Bash-type subagents upgraded to general-purpose. No manual instruction needed.

package/configs/codex/AGENTS.md

@@ -41,6 +41,17 @@ Use `ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 4. **WEB**: `ctx_fetch_and_index(url, source)` then `ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/cursor/context-mode.mdc

@@ -20,6 +20,17 @@ Analyze/count/filter/compare/search/parse/transform data: **write code** via `ct
 4. **WEB**: `ctx_fetch_and_index(url)` then `ctx_search(queries)` — never dump raw HTML.
 5. **INDEX**: `ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Forbidden Actions
 
 - DO NOT use Bash for >20 lines output — use `ctx_execute` or `ctx_batch_execute`.

package/configs/gemini-cli/GEMINI.md

@@ -40,6 +40,17 @@ Use `mcp__context-mode__ctx_execute(language: "shell", code: "grep ...")` in san
 4. **WEB**: `mcp__context-mode__ctx_fetch_and_index(url, source)` then `mcp__context-mode__ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `mcp__context-mode__ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `mcp__context-mode__ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `mcp__context-mode__ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/jetbrains-copilot/copilot-instructions.md

@@ -40,6 +40,9 @@ Use `ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 4. **WEB**: `ctx_fetch_and_index(url, source)` then `ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `ctx_index(content, source)` — store in FTS5 for later search.
 
+### Parallel I/O batches
+Pass `concurrency: 4-8` to `ctx_batch_execute` and `ctx_fetch_and_index` for network/API batches. Keep `concurrency: 1` for CPU-bound work (test, build, lint). GitHub gh: cap at 4.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/kilo/AGENTS.md

@@ -40,6 +40,17 @@ Use `context-mode_ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 4. **WEB**: `context-mode_ctx_fetch_and_index(url, source)` then `context-mode_ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `context-mode_ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `context-mode_ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `context-mode_ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/kiro/KIRO.md

@@ -40,6 +40,17 @@ Use `@context-mode/ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 4. **WEB**: `@context-mode/ctx_fetch_and_index(url, source)` then `@context-mode/ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `@context-mode/ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `@context-mode/ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `@context-mode/ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/openclaw/AGENTS.md

@@ -40,6 +40,17 @@ Use `context-mode__ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 4. **WEB**: `context-mode__ctx_fetch_and_index(url, source)` then `context-mode__ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `context-mode__ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `context-mode__ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `context-mode__ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/opencode/AGENTS.md

@@ -40,6 +40,17 @@ Use `context-mode_ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 4. **WEB**: `context-mode_ctx_fetch_and_index(url, source)` then `context-mode_ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `context-mode_ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `context-mode_ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `context-mode_ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/pi/AGENTS.md

@@ -41,6 +41,17 @@ Use `ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 4. **WEB**: `ctx_fetch_and_index(url, source)` then `ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/qwen-code/QWEN.md

@@ -40,6 +40,17 @@ Use `mcp__context-mode__ctx_execute(language: "shell", code: "grep ...")` in san
 4. **WEB**: `mcp__context-mode__ctx_fetch_and_index(url, source)` then `mcp__context-mode__ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `mcp__context-mode__ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `mcp__context-mode__ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `mcp__context-mode__ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Subagent routing
 
 Routing block auto-injected into subagent prompts. Bash-type subagents upgraded to general-purpose. No manual instruction needed.

package/configs/vscode-copilot/copilot-instructions.md

@@ -40,6 +40,9 @@ Use `ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 4. **WEB**: `ctx_fetch_and_index(url, source)` then `ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `ctx_index(content, source)` — store in FTS5 for later search.
 
+### Parallel I/O batches
+Pass `concurrency: 4-8` to `ctx_batch_execute` and `ctx_fetch_and_index` for network/API batches. Keep `concurrency: 1` for CPU-bound work (test, build, lint). GitHub gh: cap at 4.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/configs/zed/AGENTS.md

@@ -40,6 +40,17 @@ Use `mcp:context-mode:ctx_execute(language: "shell", code: "grep ...")` in sandb
 4. **WEB**: `mcp:context-mode:ctx_fetch_and_index(url, source)` then `mcp:context-mode:ctx_search(queries)` — raw HTML never enters context.
 5. **INDEX**: `mcp:context-mode:ctx_index(content, source)` — store in FTS5 for later search.
 
+## Parallel I/O batches
+
+For multi-URL fetches or multi-API calls, **always** include `concurrency: N` (1-8):
+
+- `mcp:context-mode:ctx_batch_execute(commands: [3+ network commands], concurrency: 5)` — gh, curl, dig, docker inspect, multi-region cloud queries
+- `mcp:context-mode:ctx_fetch_and_index(requests: [{url, source}, ...], concurrency: 5)` — multi-URL batch fetch
+
+**Use concurrency 4-8** for I/O-bound work (network calls, API queries). **Keep concurrency 1** for CPU-bound (npm test, build, lint) or commands sharing state (ports, lock files, same-repo writes).
+
+GitHub API rate-limit: cap at 4 for `gh` calls.
+
 ## Output
 
 Terse like caveman. Technical substance exact. Only fluff die.

package/hooks/auto-injection.mjs

@@ -28,19 +28,47 @@ export function estimateTokens(text) {
  * @returns {string} XML block or empty string
  */
 export function buildAutoInjection(events) {
+  // Single O(N) pass instead of 4× O(N) Array.filter() loops. UserPromptSubmit
+  // fires this on every prompt; with N up to 100 events the prior implementation
+  // walked the array 4 times per prompt — wasteful on macOS, painful on Windows
+  // where V8 cold paths cost more.
+  let role;
+  const decisionsAll = [];
+  const skillsSeen = new Set();
+  const skillsOrdered = [];
+  let intent;
+  for (const e of events) {
+    switch (e.category) {
+      case "role":
+        role = e;
+        break;
+      case "decision":
+        decisionsAll.push(e);
+        break;
+      case "skill":
+        if (!skillsSeen.has(e.data)) {
+          skillsSeen.add(e.data);
+          skillsOrdered.push(e.data);
+        }
+        break;
+      case "intent":
+        intent = e;
+        break;
+    }
+  }
+
   const parts = [];
   let budget = 500; // hard cap in tokens
 
   // P1: Role (always first, never truncated from output)
-  const roleEvent = events.filter(e => e.category === "role").pop(); // latest
-  if (roleEvent) {
-    const text = `<behavioral_directive>\n${roleEvent.data.slice(0, 400)}\n</behavioral_directive>`;
+  if (role) {
+    const text = `<behavioral_directive>\n${role.data.slice(0, 400)}\n</behavioral_directive>`;
     parts.push(text);
     budget -= estimateTokens(text);
   }
 
   // P2: Decisions (latest 5)
-  const decisions = events.filter(e => e.category === "decision").slice(-5);
+  const decisions = decisionsAll.slice(-5);
   if (decisions.length > 0) {
     const lines = decisions.map(d => `- ${d.data.slice(0, 100)}`).join("\n");
     const text = `<rules>\nFollow these decisions:\n${lines}\n</rules>`;
@@ -58,17 +86,15 @@ export function buildAutoInjection(events) {
   }
 
   // P3: Skills (unique names, latest 10)
-  const skills = [...new Set(events.filter(e => e.category === "skill").map(e => e.data))];
-  if (skills.length > 0 && budget > 50) {
-    const text = `<active_skills>\nRe-invoke if relevant: ${skills.slice(-10).join(", ")}\nTo reload: call the Skill tool with the skill name.\n</active_skills>`;
+  if (skillsOrdered.length > 0 && budget > 50) {
+    const text = `<active_skills>\nRe-invoke if relevant: ${skillsOrdered.slice(-10).join(", ")}\nTo reload: call the Skill tool with the skill name.\n</active_skills>`;
     parts.push(text);
     budget -= estimateTokens(text);
   }
 
   // P4: Intent (latest)
-  const intentEvent = events.filter(e => e.category === "intent").pop();
-  if (intentEvent && budget > 20) {
-    parts.push(`<session_mode>${intentEvent.data}</session_mode>`);
+  if (intent && budget > 20) {
+    parts.push(`<session_mode>${intent.data}</session_mode>`);
   }
 
   if (parts.length === 0) return "";

package/hooks/cache-heal-utils.mjs

@@ -0,0 +1,231 @@
+// cache-heal-utils.mjs — fixes Brew-node-upgrade stale path bug
+//
+// Problem: start.mjs writes process.execPath into ~/.claude/settings.json
+// when registering the cache-heal hook. On Brew, process.execPath returns
+// the *versioned* Cellar snapshot:
+//
+//   /opt/homebrew/Cellar/node/25.9.0_2/bin/node
+//
+// When Brew upgrades Node, that path disappears and Claude fails to spawn
+// the hook ("session start" error). The stable symlink is:
+//
+//   /opt/homebrew/bin/node
+//
+// Fix is two layered:
+//   A) New installs on Unix: write hook script with `#!/usr/bin/env node`
+//      shebang + chmod +x, register hook command as the bare script path.
+//      `env` resolves node from PATH at runtime — survives any Node upgrade.
+//      Windows keeps the explicit-execPath form (no shebang support).
+//   B) Self-heal: every MCP boot, scan ~/.claude/settings.json for an
+//      existing cache-heal hook command whose leading node path no longer
+//      exists. If stale, rewrite using pattern (A).
+//
+// This module is pure (no global state) and side-effect free except for
+// the explicit selfHealCacheHealHook() entry point that touches disk.
+
+import {
+  existsSync,
+  readFileSync,
+  writeFileSync,
+  chmodSync,
+  statSync,
+} from "node:fs";
+
+/**
+ * Convert any path string to forward slashes (matches normalize-hooks style,
+ * keeps round-trips on Windows safe).
+ */
+function fwd(p) {
+  return String(p).replace(/\\/g, "/");
+}
+
+/**
+ * Extract the leading executable path from a hook command string IF it
+ * looks like a node binary. Returns null when the command is shebang-style
+ * (bare script path) or when the leading executable isn't node.
+ *
+ * Accepted shapes:
+ *   '"/abs/path/to/node" "/abs/path/script.mjs"'
+ *   '/abs/path/to/node "/abs/path/script.mjs"' (unquoted node)
+ *
+ * Returns null for:
+ *   '"/abs/path/script.mjs"'                    (shebang form)
+ *   '"/usr/bin/python3" "/abs/path/script.py"'  (not node)
+ */
+export function extractNodePath(cmd) {
+  if (!cmd || typeof cmd !== "string") return null;
+  const trimmed = cmd.trim();
+  if (!trimmed) return null;
+
+  // Match: optional quote, capture path until matching quote or whitespace.
+  let leading;
+  if (trimmed.startsWith('"')) {
+    const end = trimmed.indexOf('"', 1);
+    if (end === -1) return null;
+    leading = trimmed.slice(1, end);
+  } else {
+    const end = trimmed.search(/\s/);
+    leading = end === -1 ? trimmed : trimmed.slice(0, end);
+  }
+
+  if (!leading) return null;
+
+  // Only treat as a node path if the basename is a node binary.
+  // Match: "node", "node.exe" (case-insensitive on Windows-style names).
+  const base = leading.split(/[\\/]/).pop() ?? "";
+  if (!/^node(\.exe)?$/i.test(base)) return null;
+
+  return leading;
+}
+
+/**
+ * True when the hook command's leading node path no longer exists on disk.
+ * Returns false for shebang-style commands (no node prefix to validate).
+ */
+export function isStaleNodePath(cmd) {
+  const nodePath = extractNodePath(cmd);
+  if (!nodePath) return false;
+  try {
+    return !existsSync(nodePath);
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Build a cross-platform hook command for the cache-heal script.
+ *
+ * On Unix (anything except win32):
+ *   - Returns just the script path (double-quoted), e.g. '"/path/to/script.mjs"'
+ *   - Caller MUST ensure the script has `#!/usr/bin/env node` shebang and
+ *     chmod 0o755.
+ *   - `env` resolves node from PATH at runtime → survives Brew/asdf/nvm
+ *     upgrades.
+ *
+ * On Windows:
+ *   - Returns '"<nodePath>" "<scriptPath>"' (forward slashes, both quoted).
+ *   - Windows has no shebang support; we must invoke node explicitly.
+ */
+export function buildHookCommand({ scriptPath, platform, nodePath }) {
+  if (!scriptPath || typeof scriptPath !== "string") {
+    throw new TypeError("buildHookCommand: scriptPath is required");
+  }
+  const safeScript = fwd(scriptPath);
+  if (platform === "win32") {
+    if (!nodePath || typeof nodePath !== "string") {
+      throw new TypeError(
+        "buildHookCommand: nodePath is required on win32",
+      );
+    }
+    const safeNode = fwd(nodePath);
+    return `"${safeNode}" "${safeScript}"`;
+  }
+  return `"${safeScript}"`;
+}
+
+/**
+ * Self-heal step for ~/.claude/settings.json.
+ *
+ * - Looks at SessionStart hooks for any registered cache-heal hook.
+ * - If its command has a stale node path (Brew upgrade scenario),
+ *   rewrites the command using buildHookCommand() — Unix gets shebang
+ *   form, Windows gets explicit nodePath form.
+ * - No-op when:
+ *     * settings.json doesn't exist
+ *     * no cache-heal hook is registered
+ *     * the hook command is already valid (path exists or shebang form)
+ * - On Unix, also re-asserts the script's shebang + chmod +x so a healed
+ *   command actually works.
+ *
+ * Returns: one of "noop" | "healed" | "missing-settings" — useful for
+ * tests and telemetry.
+ *
+ * Best-effort — all I/O is wrapped; never throws.
+ */
+export function selfHealCacheHealHook({
+  settingsPath,
+  scriptPath,
+  platform,
+  nodePath,
+}) {
+  if (!settingsPath || !existsSync(settingsPath)) return "missing-settings";
+
+  let raw;
+  try {
+    raw = readFileSync(settingsPath, "utf-8");
+  } catch {
+    return "noop";
+  }
+
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return "noop";
+  }
+
+  const hooks = parsed?.hooks;
+  if (!hooks || typeof hooks !== "object") return "noop";
+  const sessionStart = Array.isArray(hooks.SessionStart)
+    ? hooks.SessionStart
+    : null;
+  if (!sessionStart) return "noop";
+
+  let healed = false;
+  for (const matcher of sessionStart) {
+    const inner = matcher?.hooks;
+    if (!Array.isArray(inner)) continue;
+    for (const h of inner) {
+      if (typeof h?.command !== "string") continue;
+      if (!h.command.includes("context-mode-cache-heal")) continue;
+      if (!isStaleNodePath(h.command)) continue;
+
+      // Stale → rewrite.
+      h.command = buildHookCommand({ scriptPath, platform, nodePath });
+      healed = true;
+    }
+  }
+
+  if (!healed) return "noop";
+
+  // Unix: re-assert shebang + chmod so the bare-script command works.
+  if (platform !== "win32" && scriptPath && existsSync(scriptPath)) {
+    try {
+      ensureShebangAndExecBit(scriptPath);
+    } catch {
+      /* best effort */
+    }
+  }
+
+  try {
+    writeFileSync(
+      settingsPath,
+      JSON.stringify(parsed, null, 2) + "\n",
+      "utf-8",
+    );
+  } catch {
+    return "noop";
+  }
+  return "healed";
+}
+
+/**
+ * Ensure a script starts with `#!/usr/bin/env node` and has 0o755 mode.
+ * Idempotent — leaves correctly-shebanged scripts unchanged.
+ */
+export function ensureShebangAndExecBit(scriptPath) {
+  if (!scriptPath || !existsSync(scriptPath)) return;
+  try {
+    const content = readFileSync(scriptPath, "utf-8");
+    if (!content.startsWith("#!")) {
+      writeFileSync(scriptPath, `#!/usr/bin/env node\n${content}`, "utf-8");
+    }
+    // statSync().mode lower 9 bits = perms.
+    const mode = statSync(scriptPath).mode & 0o777;
+    if (mode !== 0o755) {
+      chmodSync(scriptPath, 0o755);
+    }
+  } catch {
+    /* best effort */
+  }
+}

package/hooks/codex/sessionstart.mjs

@@ -14,7 +14,6 @@ import {
   writeSessionEventsFile,
   buildSessionDirective,
   getSessionEvents,
-  getLatestSessionEvents,
 } from "../session-directive.mjs";
 import {
   readStdin,
@@ -57,9 +56,13 @@ try {
       try { unlinkSync(getCleanupFlagPath(OPTS)); } catch { /* no flag */ }
     }
 
-    const events = source === "compact"
-      ? getSessionEvents(db, getSessionId(input, OPTS))
-      : getLatestSessionEvents(db);
+    // Filter events to the session being resumed/compacted. Falling back to
+    // getLatestSessionEvents(db) for resume leaks events from any other
+    // session whose session_meta.started_at is more recent — observed
+    // cross-session bleed when a different session started after this one
+    // and before the resume.
+    const sessionId = getSessionId(input, OPTS);
+    const events = sessionId ? getSessionEvents(db, sessionId) : [];
     if (events.length > 0) {
       const eventMeta = writeSessionEventsFile(events, getSessionEventsPath(OPTS));
       additionalContext += buildSessionDirective(source, eventMeta, toolNamer);

package/hooks/core/routing.mjs

@@ -153,6 +153,11 @@ const TOOL_ALIASES = {
   "container.exec": "Bash",
   "local_shell": "Bash",
   "grep_files": "Grep",
+  // OpenClaw native tools
+  "exec": "Bash",
+  "read": "Read",
+  "grep": "Grep",
+  "search": "Grep",
   // Cursor
   "mcp_web_fetch": "WebFetch",
   "mcp_fetch_tool": "WebFetch",
@@ -284,9 +289,10 @@ export function routePreToolUse(toolName, toolInput, projectDir, platform, sessi
       });
     }
 
-    // Build tools (gradle, maven) → redirect to execute sandbox (Issue #38).
+    // Build tools (gradle, maven, sbt) → redirect to execute sandbox (Issue #38, #406).
     // These produce extremely verbose output that should stay in sandbox.
-    if (/(^|\s|&&|\||\;)(\.\/gradlew|gradlew|gradle|\.\/mvnw|mvnw|mvn)\s/i.test(stripped)) {
+    // Word-boundary guard prevents matching `gradle-wrapper-config`, `mvnDocker`, etc.
+    if (/(^|\s|&&|\||\;)(\.\/gradlew|gradlew|gradle|\.\/mvnw|mvnw|mvn|\.\/sbt|sbt)(\s|$)/i.test(stripped)) {
       const safeCmd = command.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
       return mcpRedirect({
         action: "modify",

package/hooks/cursor/sessionstart.mjs

@@ -14,7 +14,6 @@ import {
   writeSessionEventsFile,
   buildSessionDirective,
   getSessionEvents,
-  getLatestSessionEvents,
 } from "../session-directive.mjs";
 import {
   readStdin,
@@ -61,9 +60,13 @@ try {
       try { unlinkSync(getCleanupFlagPath(OPTS)); } catch { /* no flag */ }
     }
 
-    const events = source === "compact"
-      ? getSessionEvents(db, getSessionId(input, OPTS))
-      : getLatestSessionEvents(db);
+    // Filter events to the session being resumed/compacted. Falling back to
+    // getLatestSessionEvents(db) for resume leaks events from any other
+    // session whose session_meta.started_at is more recent — observed
+    // cross-session bleed when a different session started after this one
+    // and before the resume.
+    const sessionId = getSessionId(input, OPTS);
+    const events = sessionId ? getSessionEvents(db, sessionId) : [];
     if (events.length > 0) {
       const eventMeta = writeSessionEventsFile(events, getSessionEventsPath(OPTS));
       additionalContext += buildSessionDirective(source, eventMeta, toolNamer);