context-mode 1.0.105 → 1.0.107

package/build/opencode-plugin.js

@@ -1,10 +1,12 @@
 /**
  * OpenCode / KiloCode TypeScript plugin entry point for context-mode.
  *
- * Provides three hooks:
+ * Provides five hooks (v1.0.107 — Mickey OC-1..OC-4 follow-up):
  *   - tool.execute.before  — Routing enforcement (deny/modify/passthrough)
- *   - tool.execute.after   — Session event capture
- *   - experimental.session.compacting — Compaction snapshot generation
+ *   - tool.execute.after   — Session event capture + first-fire AGENTS.md scan (OC-4)
+ *   - experimental.session.compacting — Compaction snapshot + budget-capped auto-injection (OC-3)
+ *   - experimental.chat.system.transform — ROUTING_BLOCK + resume snapshot injection (OC-1)
+ *   - chat.message         — User-prompt capture w/ CCv2 inline filter (OC-2)
  *
  * KiloCode loads this via: import("context-mode") → expects default export
  * with shape { server: (input) => Promise<Hooks> } (PluginModule).
@@ -14,17 +16,46 @@
  *
  * Constraints:
  *   - No SessionStart hook (OpenCode doesn't support it — #14808, #5409)
- *   - No context injection (canInjectSessionContext: false)
+ *   - context injection now via chat.system.transform surrogate (OC-1)
  *   - No routing file auto-write (avoid dirtying project trees)
  *   - Session cleanup happens at plugin init (no SessionStart)
  */
-import { dirname, resolve } from "node:path";
+import { dirname, resolve, join } from "node:path";
 import { fileURLToPath, pathToFileURL } from "node:url";
+import { existsSync, readFileSync } from "node:fs";
 import { SessionDB } from "./session/db.js";
-import { extractEvents } from "./session/extract.js";
+import { extractEvents, extractUserEvents } from "./session/extract.js";
 import { buildResumeSnapshot } from "./session/snapshot.js";
 import { OpenCodeAdapter } from "./adapters/opencode/index.js";
 import { PLATFORM_ENV_VARS } from "./adapters/detect.js";
+// Read package.json version once at module load (not on every hook call).
+// Used in the resume-injection visible signal so users can confirm in
+// OPENCODE_DEBUG logs which plugin version actually injected.
+const VERSION = (() => {
+    try {
+        const pkgRoot = dirname(fileURLToPath(import.meta.url));
+        for (const rel of ["../package.json", "./package.json"]) {
+            const p = resolve(pkgRoot, rel);
+            if (existsSync(p))
+                return JSON.parse(readFileSync(p, "utf8")).version ?? "unknown";
+        }
+    }
+    catch { /* fall through */ }
+    return "unknown";
+})();
+// Synthetic message tags emitted by harnesses (CCv2 inline filter). When the
+// user "message" is actually a system-generated nudge (e.g. tool-result, system
+// reminder), capturing it as user_prompt would flood the DB with noise.
+const SYNTHETIC_MESSAGE_PREFIXES = [
+    "<task-notification>",
+    "<system-reminder>",
+    "<context_guidance>",
+    "<tool-result>",
+];
+function isSyntheticMessage(text) {
+    const trimmed = text.trim();
+    return SYNTHETIC_MESSAGE_PREFIXES.some((p) => trimmed.startsWith(p));
+}
 // ── Helpers ───────────────────────────────────────────────
 /**
  * Detect whether the plugin is running under KiloCode or OpenCode.
@@ -63,12 +94,27 @@ function getPlatform() {
  */
 async function createContextModePlugin(ctx) {
     // Resolve build dir from compiled JS location
-    const adapter = new OpenCodeAdapter(getPlatform());
+    const platform = getPlatform();
+    const adapter = new OpenCodeAdapter(platform);
     const buildDir = dirname(fileURLToPath(import.meta.url));
     // Load routing module (ESM .mjs, lives outside build/ in hooks/)
     const routingPath = resolve(buildDir, "..", "hooks", "core", "routing.mjs");
     const routing = await import(pathToFileURL(routingPath).href);
     await routing.initSecurity(buildDir);
+    // OC-1 / OC-3: Load hook helpers once at plugin init. Dynamic import keeps
+    // the .mjs ESM islands isolated from the .ts compile graph.
+    const routingBlockPath = resolve(buildDir, "..", "hooks", "routing-block.mjs");
+    const routingBlockMod = await import(pathToFileURL(routingBlockPath).href);
+    const toolNamingPath = resolve(buildDir, "..", "hooks", "core", "tool-naming.mjs");
+    const toolNamingMod = await import(pathToFileURL(toolNamingPath).href);
+    const autoInjectionPath = resolve(buildDir, "..", "hooks", "auto-injection.mjs");
+    const autoInjectionMod = await import(pathToFileURL(autoInjectionPath).href);
+    // Pre-build the routing block once per process — it is platform-specific
+    // (tool naming differs between opencode and kilo) but does NOT depend on
+    // sessionID, so we cache it. createToolNamer accepts both "opencode" and
+    // "kilo" per hooks/core/tool-naming.mjs:25-26.
+    const toolNamer = toolNamingMod.createToolNamer(platform);
+    const routingBlock = routingBlockMod.createRoutingBlock(toolNamer);
     // Initialize per-process state. We do NOT fabricate a sessionId here —
     // OpenCode/Kilo provide the real `input.sessionID` on every hook, and a
     // process-global UUID would (a) never match prior-session resume rows and
@@ -81,6 +127,51 @@ async function createContextModePlugin(ctx) {
     // many sessions, so the gate must be keyed by sessionID — NOT a single
     // boolean closure flag (Mickey #2 root cause).
     const resumeInjected = new Set();
+    // OC-1: Routing block first-fire gate per session. Distinct from
+    // resumeInjected because routing block must always inject (regardless of
+    // whether a resume row exists), but resume only on rows present.
+    const routingInjected = new Set();
+    // OC-4: AGENTS.md/CLAUDE.md captured-once-per-projectDir gate. Idempotent
+    // across many sessions reusing the same plugin process + project tree.
+    const agentsCaptured = new Set();
+    /**
+     * OC-4: Read AGENTS.md (and CLAUDE.md fallback if both exist) from the
+     * project directory and persist as `rule` + `rule_content` events. Mirrors
+     * the CC SessionStart pattern at hooks/sessionstart.mjs:121-132. Idempotent
+     * via `agentsCaptured` Set keyed by projectDir.
+     */
+    function captureAgentsMd(sessionId) {
+        if (agentsCaptured.has(projectDir))
+            return;
+        agentsCaptured.add(projectDir);
+        // Mirror OpenCode's instruction.ts FILES order: AGENTS.md, CLAUDE.md, CONTEXT.md.
+        const candidates = ["AGENTS.md", "CLAUDE.md", "CONTEXT.md"];
+        for (const name of candidates) {
+            try {
+                const p = join(projectDir, name);
+                if (!existsSync(p))
+                    continue;
+                const content = readFileSync(p, "utf-8");
+                if (!content.trim())
+                    continue;
+                db.insertEvent(sessionId, {
+                    type: "rule",
+                    category: "rule",
+                    data: p,
+                    priority: 1,
+                }, "PluginInit");
+                db.insertEvent(sessionId, {
+                    type: "rule_content",
+                    category: "rule",
+                    data: content,
+                    priority: 1,
+                }, "PluginInit");
+            }
+            catch {
+                // file missing or unreadable — skip silently
+            }
+        }
+    }
     return {
         // ── PreToolUse: Routing enforcement ─────────────────
         "tool.execute.before": async (input, output) => {
@@ -112,6 +203,9 @@ async function createContextModePlugin(ctx) {
                 return;
             try {
                 db.ensureSession(sessionId, projectDir);
+                // OC-4: Capture AGENTS.md/CLAUDE.md as rule events on first hook
+                // fire per projectDir. Idempotent via `agentsCaptured` Set.
+                captureAgentsMd(sessionId);
                 const hookInput = {
                     tool_name: input.tool ?? "",
                     tool_input: input.args ?? {},
@@ -128,6 +222,43 @@ async function createContextModePlugin(ctx) {
                 // Silent — session capture must never break the tool call
             }
         },
+        // ── chat.message: User-prompt capture (OC-2 / Z2) ───
+        // SDK signature verified at refs/platforms/opencode/packages/plugin/src/
+        // index.ts:233. Orchestrator reference at refs/plugin-examples/opencode/
+        // opencode-orchestrator/src/plugin-handlers/chat-message-handler.ts:41-65.
+        // CCv2 inline filter: skip synthetic harness messages (system reminders,
+        // tool results, etc.) so we don't pollute the user-prompt event stream.
+        "chat.message": async (input, output) => {
+            const sessionId = input?.sessionID;
+            if (!sessionId)
+                return;
+            try {
+                const parts = Array.isArray(output?.parts) ? output.parts : [];
+                const textPart = parts.find((p) => p && p.type === "text" && typeof p.text === "string" && p.text.length > 0);
+                if (!textPart || !textPart.text)
+                    return;
+                const message = textPart.text;
+                if (isSyntheticMessage(message))
+                    return;
+                db.ensureSession(sessionId, projectDir);
+                captureAgentsMd(sessionId);
+                // 1. Always save the raw prompt
+                db.insertEvent(sessionId, {
+                    type: "user_prompt",
+                    category: "user-prompt",
+                    data: message,
+                    priority: 1,
+                }, "UserPromptSubmit");
+                // 2. Extract role/decision/intent/skill events from the prompt body
+                const userEvents = extractUserEvents(message);
+                for (const ev of userEvents) {
+                    db.insertEvent(sessionId, ev, "UserPromptSubmit");
+                }
+            }
+            catch {
+                // Silent — chat.message must never break the turn
+            }
+        },
         // ── PreCompact: Snapshot generation ─────────────────
         "experimental.session.compacting": async (input, output) => {
             const sessionId = input.sessionID;
@@ -146,6 +277,19 @@ async function createContextModePlugin(ctx) {
                 db.incrementCompactCount(sessionId);
                 // Mutate output.context to inject the snapshot
                 output.context.push(snapshot);
+                // OC-3 / Z3: Add budget-capped auto-injection (P1 role / P2 rules /
+                // P3 skills / P4 intent — ≤500 tokens / ~2000 chars per
+                // hooks/auto-injection.mjs). Pushed as a separate context entry so
+                // OpenCode can fold it independently from the verbose snapshot.
+                try {
+                    const autoBlock = autoInjectionMod.buildAutoInjection(events);
+                    if (autoBlock && autoBlock.length > 0) {
+                        output.context.push(autoBlock);
+                    }
+                }
+                catch {
+                    // Auto-injection failure must NOT break the snapshot path.
+                }
                 return snapshot;
             }
             catch {
@@ -164,14 +308,42 @@ async function createContextModePlugin(ctx) {
             const sessionId = input?.sessionID;
             if (!sessionId)
                 return;
+            // ── OC-1 / CCv1: ROUTING_BLOCK injection ──────────────
+            // Inject the <context_window_protection> XML block on the first
+            // chat.system.transform per session. This is INDEPENDENT of the
+            // resume snapshot path below — routing block must fire even when
+            // no prior session row exists. Splice at index 1 (NOT unshift) for
+            // the same OpenCode llm.ts:117-128 cache-fold reason as resume.
+            if (!routingInjected.has(sessionId) && Array.isArray(output?.system)) {
+                try {
+                    // Visible marker — mirror the resume-snapshot pattern below so
+                    // users can grep OPENCODE_DEBUG logs to confirm the routing block
+                    // reached the model (Mickey-class verification path).
+                    const marker = `<!-- context-mode v${VERSION}: routing block injected (sessionID=${sessionId.slice(0, 8)}) -->\n`;
+                    output.system.splice(1, 0, marker + routingBlock);
+                    routingInjected.add(sessionId);
+                }
+                catch {
+                    // Never break the chat turn on routing-block injection failure.
+                }
+            }
             if (resumeInjected.has(sessionId))
                 return;
-            resumeInjected.add(sessionId);
             try {
-                const row = db.claimLatestUnconsumedResume();
+                // Pass current sessionId so SQL excludes self-injection (v1.0.106 — Mickey #376
+                // follow-up): if Session B compacts mid-flight and produces its own row,
+                // B's next system.transform must NOT claim that row back into B's prompt.
+                const row = db.claimLatestUnconsumedResume(sessionId);
                 if (!row || !row.snapshot)
-                    return;
+                    return; // no row → leave `resumeInjected` unset → retry on next turn
                 if (Array.isArray(output?.system)) {
+                    // Visible signal — without this, the injection is silent and users
+                    // cannot tell the feature is active (Mickey: "I can't find use case
+                    // for it"). The XML comment is harmless to the model and shows up in
+                    // OPENCODE_DEBUG logs as proof the snapshot landed.
+                    const eventCount = row.snapshot.match(/events="(\d+)"/)?.[1] ?? "?";
+                    const marker = `<!-- context-mode v${VERSION}: resumed prior session ${row.sessionId.slice(0, 8)} ` +
+                        `(${eventCount} events, ${row.snapshot.length} chars) -->\n`;
                     // Insert at index 1 (after the header) — NOT unshift.
                     // OpenCode's llm.ts:117-128 saves `header = system[0]` BEFORE this
                     // hook runs and then folds the rest into a 2-part structure
@@ -182,7 +354,9 @@ async function createContextModePlugin(ctx) {
                     // provider prompt cache is invalidated on every resume injection.
                     // Inserting at index 1 keeps the header invariant and lets the
                     // snapshot ride along inside the cached body block.
-                    output.system.splice(1, 0, row.snapshot);
+                    output.system.splice(1, 0, marker + row.snapshot);
+                    // Mark consumed only AFTER successful splice so failed paths can retry
+                    resumeInjected.add(sessionId);
                 }
             }
             catch {

package/build/pi-extension.js

@@ -14,7 +14,7 @@ import { createHash } from "node:crypto";
 import { existsSync, mkdirSync } from "node:fs";
 import { homedir } from "node:os";
 import { join, resolve, dirname } from "node:path";
-import { fileURLToPath } from "node:url";
+import { fileURLToPath, pathToFileURL } from "node:url";
 import { SessionDB } from "./session/db.js";
 import { extractEvents, extractUserEvents } from "./session/extract.js";
 import { buildResumeSnapshot } from "./session/snapshot.js";
@@ -45,6 +45,38 @@ const BLOCKED_BASH_PATTERNS = [
 // ── Module-level DB singleton ────────────────────────────
 let _db = null;
 let _sessionId = "";
+// Per-session gate: routing block injected at most once per session_id.
+const _routingInjected = new Set();
+// Cached routing-block string (built once per process from hooks/routing-block.mjs).
+let _routingBlock = null;
+async function getRoutingBlock(pluginRoot) {
+    if (_routingBlock !== null)
+        return _routingBlock;
+    try {
+        const routingMod = await import(pathToFileURL(join(pluginRoot, "hooks", "routing-block.mjs")).href);
+        const namingMod = await import(pathToFileURL(join(pluginRoot, "hooks", "core", "tool-naming.mjs")).href);
+        const t = namingMod.createToolNamer("pi");
+        _routingBlock = String(routingMod.createRoutingBlock(t));
+    }
+    catch {
+        _routingBlock = "";
+    }
+    return _routingBlock;
+}
+// Cached buildAutoInjection (500-token cap, prioritized).
+let _buildAutoInjection = undefined;
+async function getAutoInjection(pluginRoot) {
+    if (_buildAutoInjection !== undefined)
+        return _buildAutoInjection;
+    try {
+        const mod = await import(pathToFileURL(join(pluginRoot, "hooks", "auto-injection.mjs")).href);
+        _buildAutoInjection = mod.buildAutoInjection;
+    }
+    catch {
+        _buildAutoInjection = null;
+    }
+    return _buildAutoInjection ?? null;
+}
 // ── Helpers ──────────────────────────────────────────────
 function getSessionDir() {
     const dir = join(homedir(), ".pi", "context-mode", "sessions");
@@ -218,8 +250,8 @@ export default function piExtension(pi) {
             // Silent — session capture must never break the tool call
         }
     });
-    // ── 4. before_agent_start — Resume injection + user events ─
-    pi.on("before_agent_start", (event) => {
+    // ── 4. before_agent_start — Routing + active_memory + resume injection ─
+    pi.on("before_agent_start", async (event) => {
         try {
             if (!_sessionId)
                 return;
@@ -231,37 +263,64 @@ export default function piExtension(pi) {
                     db.insertEvent(_sessionId, ev, "UserPromptSubmit");
                 }
             }
-            // Check for unconsumed resume snapshot
-            const resume = db.getResume(_sessionId);
-            if (!resume || resume.consumed)
-                return;
-            // Build FTS5 active memory from the current prompt
-            const stats = db.getSessionStats(_sessionId);
-            if ((stats?.compact_count ?? 0) === 0)
-                return;
-            // Mark resume as consumed so it is not re-injected
-            db.markResumeConsumed(_sessionId);
-            // Build memory context from recent high-priority events
-            const allEvents = db.getEvents(_sessionId, { minPriority: 3, limit: 50 });
-            let memoryContext = "";
-            if (allEvents.length > 0) {
-                const memoryLines = ["<active_memory>"];
-                for (const ev of allEvents) {
-                    memoryLines.push(`  <event type="${ev.type}" category="${ev.category}">${ev.data}</event>`);
-                }
-                memoryLines.push("</active_memory>");
-                memoryContext = memoryLines.join("\n");
-            }
-            // Compose the augmented system prompt
             const existingPrompt = String(event?.systemPrompt ?? "");
             const parts = [];
             if (existingPrompt)
                 parts.push(existingPrompt);
-            if (resume.snapshot)
+            // Pi-1: Inject routing block once per session (gated by _routingInjected).
+            // v1.0.107 — visible marker so Pi users can verify the routing block
+            // reached the model (Mickey-class verification path; mirrors OpenCode).
+            if (!_routingInjected.has(_sessionId)) {
+                const routingBlock = await getRoutingBlock(pluginRoot);
+                if (routingBlock) {
+                    const marker = `<!-- context-mode: routing block injected (sessionID=${String(_sessionId).slice(0, 8)}) -->`;
+                    parts.push(marker + "\n" + routingBlock);
+                    _routingInjected.add(_sessionId);
+                }
+            }
+            // Pi-3 + Pi-4: Always build active_memory (not just post-compact),
+            // capped at 500 tokens via buildAutoInjection. Falls back to inline
+            // budget loop if the helper is unavailable.
+            const activeEvents = db.getEvents(_sessionId, {
+                minPriority: 3,
+                limit: 50,
+            });
+            if (activeEvents.length > 0) {
+                const buildAuto = await getAutoInjection(pluginRoot);
+                let memoryContext = "";
+                if (buildAuto) {
+                    memoryContext = buildAuto(activeEvents.map((e) => ({
+                        category: String(e.category ?? ""),
+                        data: String(e.data ?? ""),
+                    })));
+                }
+                // Fallback (or if helper produced empty output): inline 500-token cap.
+                if (!memoryContext) {
+                    const memoryLines = ["<active_memory>"];
+                    let budget = 2000; // ~500 tokens at 4 chars/token
+                    for (const ev of activeEvents) {
+                        const line = `  <event type="${ev.type}" category="${ev.category}">${ev.data}</event>`;
+                        if (line.length > budget)
+                            break;
+                        memoryLines.push(line);
+                        budget -= line.length;
+                    }
+                    memoryLines.push("</active_memory>");
+                    if (memoryLines.length > 2)
+                        memoryContext = memoryLines.join("\n");
+                }
+                if (memoryContext)
+                    parts.push(memoryContext);
+            }
+            // Resume snapshot (only when present and unconsumed).
+            const resume = db.getResume(_sessionId);
+            if (resume && !resume.consumed && resume.snapshot) {
                 parts.push(resume.snapshot);
-            if (memoryContext)
-                parts.push(memoryContext);
-            if (parts.length > (existingPrompt ? 1 : 0)) {
+                db.markResumeConsumed(_sessionId);
+            }
+            // Return modified systemPrompt only if we added something beyond existing.
+            const baseLen = existingPrompt ? 1 : 0;
+            if (parts.length > baseLen) {
                 return { systemPrompt: parts.join("\n\n") };
             }
         }
@@ -269,6 +328,40 @@ export default function piExtension(pi) {
             // best effort — never break agent start
         }
     });
+    // ── 4b. before_provider_response — capture response metadata ───
+    // Pi-2: Register the missing event so providers can record latency,
+    // model, and token usage when Pi exposes them. Best-effort only;
+    // the handler must never throw or modify the response.
+    pi.on("before_provider_response", (event) => {
+        try {
+            if (!_sessionId)
+                return;
+            const meta = {
+                model: event?.model ?? event?.providerModel,
+                provider: event?.provider,
+                latencyMs: event?.latencyMs ?? event?.latency,
+                tokens: event?.usage ?? event?.tokens,
+            };
+            // Skip when Pi gives us nothing useful — avoids noise in the DB.
+            if (meta.model == null &&
+                meta.provider == null &&
+                meta.latencyMs == null &&
+                meta.tokens == null) {
+                return;
+            }
+            const data = JSON.stringify(meta);
+            db.insertEvent(_sessionId, {
+                type: "provider_response",
+                category: "pi",
+                data,
+                priority: 1,
+                data_hash: createHash("sha256").update(data).digest("hex").slice(0, 16),
+            }, "PostToolUse");
+        }
+        catch {
+            // best effort — never break provider response
+        }
+    });
     // ── 5. session_before_compact — Build resume snapshot ──
     pi.on("session_before_compact", () => {
         try {
@@ -305,6 +398,7 @@ export default function piExtension(pi) {
                 _db.cleanupOldSessions(7);
             }
             _db = null;
+            _routingInjected.clear();
             _sessionId = "";
         }
         catch {

package/build/server.d.ts

@@ -37,6 +37,7 @@ interface BatchExecutor {
         timedOut?: boolean;
     }>;
 }
+export declare function buildBatchNodeOptionsPrefix(shellPath: string, preloadPath: string): string;
 /**
  * Execute batch commands. concurrency=1 preserves the legacy serial path
  * (shared timeout budget + cascading skip-on-timeout). concurrency>1 runs

package/build/server.js

@@ -675,6 +675,24 @@ export function formatBatchQueryResults(store, queries, source, maxOutput = 80 *
     sections.push(`\n> **Tip:** Results are scoped to this batch only. To search across all indexed sources, use \`ctx_search(queries: [...])\`.`);
     return sections;
 }
+function quotePosixSingle(value) {
+    return `'${value.replace(/'/g, "'\\''")}'`;
+}
+function quotePowerShellSingle(value) {
+    return `'${value.replace(/'/g, "''")}'`;
+}
+export function buildBatchNodeOptionsPrefix(shellPath, preloadPath) {
+    const option = `--require ${preloadPath}`;
+    const shell = shellPath.toLowerCase();
+    const base = shell.split(/[\\/]/).pop() ?? shell;
+    if (shell.includes("powershell") || shell.includes("pwsh")) {
+        return `$env:NODE_OPTIONS=${quotePowerShellSingle(option)}; `;
+    }
+    if (base === "cmd" || base === "cmd.exe") {
+        return `set "NODE_OPTIONS=${option.replace(/"/g, '""')}" && `;
+    }
+    return `NODE_OPTIONS=${quotePosixSingle(option)} `;
+}
 function formatCommandOutput(label, raw, onFsBytes) {
     let output = raw || "(no output)";
     const fsMatches = output.matchAll(/__CM_FS__:(\d+)/g);
@@ -2070,7 +2088,7 @@ server.registerTool("ctx_batch_execute", {
         // Inject NODE_OPTIONS for FS read tracking in spawned Node processes.
         // The executor denies NODE_OPTIONS in its env (security), so we set it
         // as an inline shell prefix. This only affects child `node` invocations.
-        const nodeOptsPrefix = `NODE_OPTIONS="--require ${CM_FS_PRELOAD}" `;
+        const nodeOptsPrefix = buildBatchNodeOptionsPrefix(runtimes.shell, CM_FS_PRELOAD);
         // Full stdout is preserved per-command and indexed into FTS5 (Issue #61, #197).
         // Concurrency>1 switches to a worker pool with per-command timeouts.
         const { outputs: perCommandOutputs, timedOut } = await runBatchCommands(commands, {
@@ -2805,9 +2823,17 @@ async function main() {
         }
     }
     catch { /* best effort — _detectedAdapter stays null, falls back to .claude */ }
-    // Non-blocking version check — result stored for trackResponse warnings
+    // Non-blocking version check — result stored for trackResponse warnings.
+    // First fetch at startup, then refresh every hour so long-running sessions
+    // (some users keep the MCP server alive 24h+) catch new releases without a
+    // restart. `.unref()` lets the process exit normally on SIGTERM regardless
+    // of pending intervals.
     fetchLatestVersion().then(v => { if (v !== "unknown")
         _latestVersion = v; });
+    setInterval(() => {
+        fetchLatestVersion().then(v => { if (v !== "unknown")
+            _latestVersion = v; });
+    }, 60 * 60 * 1000).unref();
     console.error(`Context Mode MCP server v${VERSION} running on stdio`);
     console.error(`Detected runtimes:\n${getRuntimeSummary(runtimes)}`);
     if (!hasBunRuntime()) {

package/build/session/db.d.ts

@@ -149,16 +149,25 @@ export declare class SessionDB extends SQLiteBase {
      */
     markResumeConsumed(sessionId: string): void;
     /**
-     * Atomically claim the most recent unconsumed resume snapshot in this DB.
+     * Atomically claim the most recent unconsumed resume snapshot in this DB,
+     * EXCLUDING any row that belongs to `currentSessionId`.
      *
      * `SessionDB` is sharded per project (see `getSessionDBPath` — SHA-256 of
      * project dir), so "this DB" already implies "this project". The atomic
      * `UPDATE … RETURNING` ensures concurrent processes for the same project
      * cannot both inject the same snapshot (Mickey / PR #376 race).
      *
-     * Returns null when no unconsumed snapshot exists.
+     * The `currentSessionId` parameter prevents self-injection: when a session
+     * compacts mid-flight and produces its own row, that session's next chat
+     * turn must NOT claim that row back (wasted tokens AND it would consume
+     * the snapshot meant for the next fresh session).
+     *
+     * Pass an empty string to allow self-claim (legacy behaviour, only useful
+     * in tests or one-off harnesses).
+     *
+     * Returns null when no unconsumed snapshot exists for any other session.
      */
-    claimLatestUnconsumedResume(): {
+    claimLatestUnconsumedResume(currentSessionId: string): {
         sessionId: string;
         snapshot: string;
     } | null;

package/build/session/db.js

@@ -256,11 +256,17 @@ export class SessionDB extends SQLiteBase {
         // statement". Required for race-safe cross-session resume injection
         // (Mickey / PR #376) — two parallel chat-turn hooks must not both read
         // the same row before either one writes consumed=1.
+        //
+        // The `session_id != ?` clause prevents self-injection (v1.0.106): when
+        // Session B compacts mid-flight and produces its own row, B's next chat
+        // turn must NOT claim that row back into its own prompt — that's wasted
+        // tokens and steals the snapshot meant for the next fresh session.
         p(S.claimLatestUnconsumedResume, `UPDATE session_resume
        SET consumed = 1
        WHERE id = (
          SELECT id FROM session_resume
          WHERE consumed = 0
+           AND session_id != ?
          ORDER BY created_at DESC, id DESC
          LIMIT 1
        )
@@ -493,17 +499,26 @@ export class SessionDB extends SQLiteBase {
         this.stmt(S.markResumeConsumed).run(sessionId);
     }
     /**
-     * Atomically claim the most recent unconsumed resume snapshot in this DB.
+     * Atomically claim the most recent unconsumed resume snapshot in this DB,
+     * EXCLUDING any row that belongs to `currentSessionId`.
      *
      * `SessionDB` is sharded per project (see `getSessionDBPath` — SHA-256 of
      * project dir), so "this DB" already implies "this project". The atomic
      * `UPDATE … RETURNING` ensures concurrent processes for the same project
      * cannot both inject the same snapshot (Mickey / PR #376 race).
      *
-     * Returns null when no unconsumed snapshot exists.
+     * The `currentSessionId` parameter prevents self-injection: when a session
+     * compacts mid-flight and produces its own row, that session's next chat
+     * turn must NOT claim that row back (wasted tokens AND it would consume
+     * the snapshot meant for the next fresh session).
+     *
+     * Pass an empty string to allow self-claim (legacy behaviour, only useful
+     * in tests or one-off harnesses).
+     *
+     * Returns null when no unconsumed snapshot exists for any other session.
      */
-    claimLatestUnconsumedResume() {
-        const row = this.stmt(S.claimLatestUnconsumedResume).get();
+    claimLatestUnconsumedResume(currentSessionId) {
+        const row = this.stmt(S.claimLatestUnconsumedResume).get(currentSessionId);
         if (!row)
             return null;
         return { sessionId: row.session_id, snapshot: row.snapshot };

package/build/session/extract.d.ts

@@ -45,7 +45,7 @@ export declare function resetIterationLoopState(): void;
  * Accepts the raw hook JSON shape (snake_case keys) as received from stdin.
  * Returns an array of zero or more SessionEvents. Never throws.
  */
-export declare function extractEvents(input: HookInput): SessionEvent[];
+export declare function extractEvents(rawInput: HookInput): SessionEvent[];
 /**
  * Extract session events from a UserPromptSubmit hook input (user message text).
  *