context-mode 1.0.131 → 1.0.133

package/build/server.js

@@ -78,6 +78,20 @@ const CM_FS_PRELOAD = join(tmpdir(), `cm-fs-preload-${process.pid}.js`);
 writeFileSync(CM_FS_PRELOAD, `(function(){var __cm_fs=0;process.on('exit',function(){if(__cm_fs>0)try{process.stderr.write('__CM_FS__:'+__cm_fs+'\\n')}catch(e){}});try{var f=require('fs');var ors=f.readFileSync;f.readFileSync=function(){var r=ors.apply(this,arguments);if(Buffer.isBuffer(r))__cm_fs+=r.length;else if(typeof r==='string')__cm_fs+=Buffer.byteLength(r);return r;};}catch(e){}})();\n`);
 // Lazy singleton — no DB overhead unless index/search is used
 let _store = null;
+/**
+ * Build the FK-attribution object passed to every ContentStore.index*() call
+ * in this process. CLAUDE_SESSION_ID is the only MCP-side handle we have on
+ * the current session — eventId stays undefined because MCP tool invocations
+ * are not paired with PostToolUse event rows at index time (the hook fires
+ * AFTER the tool returns). Empty-string fallback inside #insertChunks keeps
+ * legacy unattributed rows readable.
+ */
+function currentAttribution() {
+    const sessionId = process.env.CLAUDE_SESSION_ID;
+    if (!sessionId)
+        return undefined;
+    return { sessionId };
+}
 /**
  * Auto-index session events files written by SessionStart hook.
  * Scans ~/.claude/context-mode/sessions/ for *-events.md files.
@@ -95,7 +109,7 @@ function maybeIndexSessionEvents(store) {
         for (const file of files) {
             const filePath = join(sessionsDir, file);
             try {
-                store.index({ path: filePath, source: "session-events" });
+                store.index({ path: filePath, source: "session-events", attribution: currentAttribution() });
                 unlinkSync(filePath);
             }
             catch { /* best-effort per file */ }
@@ -1153,7 +1167,7 @@ __cm_main().catch(e=>{console.error(e);process.exitCode=1});${background ? '\nse
 function indexStdout(stdout, source) {
     const store = getStore();
     trackIndexed(Buffer.byteLength(stdout));
-    const indexed = store.index({ content: stdout, source });
+    const indexed = store.index({ content: stdout, source, attribution: currentAttribution() });
     return {
         content: [
             {
@@ -1173,7 +1187,7 @@ function intentSearch(stdout, intent, source, maxResults = 5) {
     const totalBytes = Buffer.byteLength(stdout);
     // Index into the PERSISTENT store so user can ctx_search() later
     const persistent = getStore();
-    const indexed = persistent.indexPlainText(stdout, source);
+    const indexed = persistent.indexPlainText(stdout, source, undefined, currentAttribution());
     // Search the persistent store directly (porter → trigram → fuzzy)
     let results = persistent.searchWithFallback(intent, maxResults, source);
     // Extract distinctive terms as vocabulary hints for the LLM
@@ -1407,7 +1421,7 @@ server.registerTool("ctx_index", {
             catch { /* ignore — file read errors handled by store */ }
         }
         const store = getStore();
-        const result = store.index({ content, path: resolvedPath, source: source ?? resolvedPath });
+        const result = store.index({ content, path: resolvedPath, source: source ?? resolvedPath, attribution: currentAttribution() });
         return trackResponse("ctx_index", {
             content: [
                 {
@@ -1687,7 +1701,24 @@ export function buildFetchCode(url, outputPath) {
     // can serve a public IP for the parent's pre-flight ssrfGuard lookup and
     // then a blocked IP (e.g. 169.254.169.254 IMDS) for the subprocess fetch's
     // own lookup — classic DNS rebinding across the parent/child boundary.
-    const classifyIpSrc = classifyIp.toString();
+    //
+    // CRITICAL: bundlers (esbuild) rename top-level identifiers — `classifyIp`
+    // becomes e.g. `_h` in server.bundle.mjs. `classifyIp.toString()` returns
+    // the renamed source `function _h(t){...}`, but the embedded subprocess
+    // template references the literal name `classifyIp` (and the function's
+    // own internal recursion is also `_h(...)`). Result: the subprocess sees
+    // `function _h(t){...; return _h(...)}` injected, then references to
+    // `classifyIp` blow up with `ReferenceError: classifyIp is not defined`.
+    //
+    // Fix: emit `var <fnName> = <fn-expr>; var classifyIp = <fnName>;`. The
+    // named function expression preserves recursion under whatever name the
+    // bundler chose, and the alias re-exposes the canonical `classifyIp`
+    // identifier the rest of the embedded script depends on.
+    const classifyIpInner = classifyIp.toString();
+    const classifyIpFnName = classifyIp.name || "classifyIp";
+    const classifyIpSrc = classifyIpFnName === "classifyIp"
+        ? `var classifyIp = ${classifyIpInner};`
+        : `var ${classifyIpFnName} = ${classifyIpInner};\nvar classifyIp = ${classifyIpFnName};`;
     const strictMode = process.env.CTX_FETCH_STRICT === "1";
     return `
 const TurndownService = require(${turndownPath});
@@ -2145,15 +2176,16 @@ function indexFetched(f) {
     // `source` label do not overwrite each other (commit 1f1243e). ctx_search()
     // still finds both via LIKE-mode source filter on the `source` substring.
     const storageLabel = composeFetchCacheKey(f.source, f.url);
+    const attribution = currentAttribution();
     let indexed;
     if (f.header === "__CM_CT__:json") {
-        indexed = store.indexJSON(f.markdown, storageLabel);
+        indexed = store.indexJSON(f.markdown, storageLabel, undefined, attribution);
     }
     else if (f.header === "__CM_CT__:text") {
-        indexed = store.indexPlainText(f.markdown, storageLabel);
+        indexed = store.indexPlainText(f.markdown, storageLabel, undefined, attribution);
     }
     else {
-        indexed = store.index({ content: f.markdown, source: storageLabel });
+        indexed = store.index({ content: f.markdown, source: storageLabel, attribution });
     }
     // Track AFTER the FTS5 write succeeds — failed indexes shouldn't inflate the counter.
     trackIndexed(Buffer.byteLength(f.markdown));
@@ -2460,7 +2492,7 @@ server.registerTool("ctx_batch_execute", {
             .map((c) => c.label)
             .join(",")
             .slice(0, 80)}`;
-        const indexed = store.index({ content: stdout, source });
+        const indexed = store.index({ content: stdout, source, attribution: currentAttribution() });
         // Build section inventory — direct query by source_id (no FTS5 MATCH needed)
         const allSections = store.getChunksBySource(indexed.sourceId);
         const inventory = ["## Indexed Sections", ""];
@@ -2582,7 +2614,14 @@ server.registerTool("ctx_stats", {
                     }
                     if (sid) {
                         conversation = getConversationStats({ sessionId: sid, sessionsDir: getSessionDir(), worktreeHash: dbHash });
-                        const convReal = getRealBytesStats({ sessionId: sid, sessionsDir: getSessionDir(), worktreeHash: dbHash });
+                        // v1.0.133 Slice 3: pass contentDbPath so getRealBytesStats can
+                        // join chunks WHERE session_id = sid and fold the indexed
+                        // content bytes into the per-conversation bar. Without this,
+                        // Mert's session showed ~200B (event metadata only) even with
+                        // 49 MB of indexed content sitting in the content DB.
+                        // Render-time read-only — no DB mutation, no backfill.
+                        const contentDbPath = getStorePath();
+                        const convReal = getRealBytesStats({ sessionId: sid, sessionsDir: getSessionDir(), worktreeHash: dbHash, contentDbPath });
                         const lifeReal = getRealBytesStats({ sessionsDir: getSessionDir() });
                         realBytes = { conversation: convReal, lifetime: lifeReal };
                     }
@@ -2865,7 +2904,12 @@ server.registerTool("ctx_upgrade", {
 // files (events.md, FTS5 store file, stats file) are preserved.
 // Passing both sessionId AND scope:"project" is ambiguous (does the
 // caller want a per-session wipe or a project-wide one?) and is
-// rejected by the schema's refine().
+// rejected by an explicit check in the handler body — NOT a schema-level
+// .refine(). MCP SDK's normalizeObjectSchema() reads `.shape` to project
+// inputSchema → JSON Schema for tools/list; a ZodEffects (refine wrapper)
+// has no `.shape`, so the SDK silently emits `properties: {}`, and Claude
+// Code's strict-input-validation gate then rejects EVERY call to this
+// tool with "input_schema does not support fields". Issue #563.
 server.registerTool("ctx_purge", {
     title: "Purge Knowledge Base",
     description: "DESTRUCTIVE — permanently delete indexed content. CANNOT be undone.\n\n" +
@@ -2886,6 +2930,9 @@ server.registerTool("ctx_purge", {
         "Use sessionId when the user asks to clear a specific conversation's data.\n" +
         "Use scope:'project' ONLY when the user explicitly asks to reset everything.\n" +
         "NEVER call with bare {confirm:true} — always specify the scope.",
+    // NOTE: schema MUST be a plain z.object — no .refine()/.transform()/
+    // .superRefine() wrapper. See block comment above & issue #563. The
+    // cross-field ambiguity check lives in the handler body below.
     inputSchema: z.object({
         confirm: z.boolean().describe("MUST be true. Destructive operation; false returns 'purge cancelled'."),
         sessionId: z.string().optional().describe("UUID of a single session. Pairs with confirm:true to wipe only that " +
@@ -2894,12 +2941,22 @@ server.registerTool("ctx_purge", {
         scope: z.enum(["session", "project"]).optional().describe("Explicit scope selector. 'session' REQUIRES sessionId. 'project' wipes " +
             "the entire project (FTS5 + every session + stats). Omit only for the " +
             "deprecated bare-{confirm:true} back-compat path."),
-    }).refine((v) => !(v.sessionId && v.scope === "project"), {
-        message: "Ambiguous purge: sessionId implies scope:'session', cannot combine with scope:'project'. " +
-            "Use scope:'project' WITHOUT sessionId for the legacy whole-project wipe.",
-        path: ["scope"],
     }),
 }, async ({ confirm, sessionId, scope }) => {
+    // Cross-field ambiguity check — formerly a schema .refine(), moved
+    // into the handler so the inputSchema stays a plain ZodObject and
+    // the MCP SDK can serialize `.shape` into JSON Schema (issue #563).
+    // Same human-readable message as the original refine() preserved.
+    if (sessionId && scope === "project") {
+        return trackResponse("ctx_purge", {
+            content: [{
+                    type: "text",
+                    text: "Ambiguous purge: sessionId implies scope:'session', cannot combine with scope:'project'. " +
+                        "Use scope:'project' WITHOUT sessionId for the legacy whole-project wipe.",
+                }],
+            isError: true,
+        });
+    }
     if (!confirm) {
         return trackResponse("ctx_purge", {
             content: [{
@@ -3365,6 +3422,20 @@ server.registerTool("ctx_insight", {
 // Server startup
 // ─────────────────────────────────────────────────────────
 async function main() {
+    // Startup sibling sweep (#565). OpenCode/KiloCode spawn one MCP child
+    // per session/subagent and never reap them. When a new MCP child boots
+    // under a host that already has N stale idle siblings (sharing OUR
+    // ppid), reclaim them before opening our own DB / sentinel / stdio.
+    // Best effort — never blocks startup.
+    try {
+        const { startupSiblingSweep } = await import("./util/sibling-mcp.js");
+        const report = await startupSiblingSweep();
+        if (report.totalKilled > 0) {
+            console.error(`Reaped ${report.totalKilled} stale sibling MCP server(s) ` +
+                `(SIGTERM: ${report.terminatedBySigterm}, SIGKILL: ${report.terminatedBySigkill})`);
+        }
+    }
+    catch { /* best effort */ }
     // Clean up stale DB files from previous sessions
     const cleaned = cleanupStaleDBs();
     if (cleaned > 0) {
@@ -3414,7 +3485,38 @@ async function main() {
     process.on("SIGINT", () => { gracefulShutdown(); });
     process.on("SIGTERM", () => { gracefulShutdown(); });
     // Lifecycle guard: detect parent death + stdin close to prevent orphaned processes (#103)
-    startLifecycleGuard({ onShutdown: () => gracefulShutdown() });
+    // Also: idle self-shutdown (#565) — OpenCode/KiloCode open one MCP child per
+    // session AND per subagent and never tear them down for the host's lifetime,
+    // accumulating one stdio child per session (observed: 26 children / 1.6 GB
+    // RSS under a single `opencode serve` parent). Idle timeout reaps quiescent
+    // servers; live ones bump `recordActivity()` on every JSON-RPC request via
+    // the MCP SDK's `_onrequest` hook wrapped below.
+    const lifecycle = startLifecycleGuard({ onShutdown: () => gracefulShutdown() });
+    // Wrap the SDK's internal request entry so every JSON-RPC `tools/call`,
+    // `tools/list`, etc. resets the idle timer. We intercept at this layer
+    // rather than per-tool because (a) it covers ALL requests, including
+    // listTools / listPrompts / listResources / ping, and (b) it survives
+    // future tool additions without each handler needing to remember to opt in.
+    //
+    // The cast is necessary because `_onrequest` is intentionally undocumented
+    // in the SDK's public types. Best effort — if the field shape changes in
+    // a future SDK release the lifecycle still works, idle reset just degrades
+    // to "untriggered" which simply means the server lives until the next
+    // ppid/signal-based exit path fires. We never block the request path.
+    try {
+        const inner = server.server;
+        const origOnRequest = inner._onrequest;
+        if (typeof origOnRequest === "function") {
+            inner._onrequest = function (...args) {
+                try {
+                    lifecycle.recordActivity();
+                }
+                catch { /* never break request path */ }
+                return origOnRequest.apply(this, args);
+            };
+        }
+    }
+    catch { /* best effort — see comment above */ }
     const transport = new StdioServerTransport();
     await server.connect(transport);
     // Write MCP readiness sentinel (#230)

package/build/session/analytics.d.ts

@@ -358,8 +358,39 @@ export interface RealBytesStats {
     bytesAvoided: number;
     bytesReturned: number;
     snapshotBytes: number;
+    /**
+     * v1.0.133 Slice 3: bytes attributed to this session in the FTS5 content
+     * DB — `SUM(LENGTH(title) + LENGTH(content)) FROM chunks WHERE session_id = ?`.
+     *
+     * Read-only, render-time computation. Populated only when
+     * `getRealBytesStats` is called with both `sessionId` AND `contentDbPath`
+     * (i.e. the conversation tier from ctx_stats). Lifetime / project tiers
+     * leave this at 0 — aggregating across every adapter's content DB is a
+     * separate concern.
+     *
+     * Legacy chunks with empty `session_id` (pre-Slice-1) are NOT backfilled:
+     * the architect rejected the time-window join as unsafe. Old conversations
+     * stay low; new conversations populate honestly.
+     */
+    contentBytes: number;
     totalSavedTokens: number;
 }
+/**
+ * v1.0.133 Slice 3: Sum the bytes attributed to one session in the FTS5
+ * content DB.
+ *
+ * Returns `LENGTH(title) + LENGTH(content)` summed across every chunk
+ * whose `session_id` column matches `sessionId`. Best-effort — returns 0
+ * when the DB file is missing, the schema lacks the `session_id` column
+ * (pre-Slice-1 content DBs), or the query fails. Never throws.
+ *
+ * Render-time only. Does NOT mutate the content DB. Architect-approved
+ * because the read-only join carries no risk of cross-session attribution
+ * (the FK was set at chunk insert time by Slice 1).
+ */
+export declare function getContentBytesForSession(sessionId: string, contentDbPath: string, opts?: {
+    loadDatabase?: () => unknown;
+}): number;
 /**
  * Compute real-bytes stats across one session, one project (worktree
  * filter), or every session on disk (lifetime).
@@ -378,6 +409,13 @@ export declare function getRealBytesStats(opts: {
     sessionId?: string;
     sessionsDir?: string;
     worktreeHash?: string;
+    /**
+     * v1.0.133 Slice 3: when set alongside `sessionId`, the function joins
+     * the FTS5 content DB at this path and folds chunk bytes into
+     * `bytesAvoided` + `totalSavedTokens` + `contentBytes`. Render-time
+     * only — no DB writes.
+     */
+    contentDbPath?: string;
     loadDatabase?: () => unknown;
 }): RealBytesStats;
 /**

package/build/session/analytics.js

@@ -706,6 +706,50 @@ export function getConversationStats(opts) {
         byDay,
     };
 }
+/**
+ * v1.0.133 Slice 3: Sum the bytes attributed to one session in the FTS5
+ * content DB.
+ *
+ * Returns `LENGTH(title) + LENGTH(content)` summed across every chunk
+ * whose `session_id` column matches `sessionId`. Best-effort — returns 0
+ * when the DB file is missing, the schema lacks the `session_id` column
+ * (pre-Slice-1 content DBs), or the query fails. Never throws.
+ *
+ * Render-time only. Does NOT mutate the content DB. Architect-approved
+ * because the read-only join carries no risk of cross-session attribution
+ * (the FK was set at chunk insert time by Slice 1).
+ */
+export function getContentBytesForSession(sessionId, contentDbPath, opts) {
+    if (!sessionId || !contentDbPath)
+        return 0;
+    if (!existsSync(contentDbPath))
+        return 0;
+    let DatabaseCtor = null;
+    try {
+        DatabaseCtor = opts?.loadDatabase
+            ? opts.loadDatabase()
+            : loadDatabaseImpl();
+    }
+    catch {
+        return 0;
+    }
+    if (!DatabaseCtor)
+        return 0;
+    try {
+        const db = new DatabaseCtor(contentDbPath, { readonly: true });
+        try {
+            const row = db.prepare(`SELECT COALESCE(SUM(LENGTH(content) + LENGTH(title)), 0) AS bytes
+         FROM chunks WHERE session_id = ?`).get(sessionId);
+            return Number(row?.bytes ?? 0);
+        }
+        finally {
+            db.close();
+        }
+    }
+    catch {
+        return 0;
+    }
+}
 /**
  * Compute real-bytes stats across one session, one project (worktree
  * filter), or every session on disk (lifetime).
@@ -726,6 +770,7 @@ export function getRealBytesStats(opts) {
         bytesAvoided: 0,
         bytesReturned: 0,
         snapshotBytes: 0,
+        contentBytes: 0,
         totalSavedTokens: 0,
     };
     const sessionsDir = opts.sessionsDir
@@ -812,8 +857,19 @@ export function getRealBytesStats(opts) {
         }
         catch { /* missing tables / corrupt — skip */ }
     }
+    // v1.0.133 Slice 3: fold content DB chunk bytes for this session into
+    // bytesAvoided. Skipped silently when caller didn't pass contentDbPath
+    // (lifetime / project tiers, or pre-Slice-3 callers). Treated as
+    // "avoided" because indexed chunks are bytes that would have been
+    // re-inflated into context on every search if the model had to
+    // re-read raw files.
+    let contentBytes = 0;
+    if (opts.sessionId && opts.contentDbPath) {
+        contentBytes = getContentBytesForSession(opts.sessionId, opts.contentDbPath, { loadDatabase: opts.loadDatabase });
+        bytesAvoided += contentBytes;
+    }
     const totalSavedTokens = Math.floor((eventDataBytes + bytesAvoided + snapshotBytes) / 4);
-    return { eventDataBytes, bytesAvoided, bytesReturned, snapshotBytes, totalSavedTokens };
+    return { eventDataBytes, bytesAvoided, bytesReturned, snapshotBytes, contentBytes, totalSavedTokens };
 }
 const DEFAULT_REAL_USAGE_FILTER = {
     minEvents: 100,
@@ -975,6 +1031,7 @@ export function getMultiAdapterRealBytesStats(opts) {
         bytesAvoided: 0,
         bytesReturned: 0,
         snapshotBytes: 0,
+        contentBytes: 0,
         totalSavedTokens: 0,
     };
     const perAdapter = [];

package/build/session/extract.d.ts

@@ -15,6 +15,13 @@ export interface SessionEvent {
     data: string;
     /** 1=critical (rules, files, tasks) … 5=low */
     priority: number;
+    /**
+     * Optional — bytes context-mode prevented from entering the model context
+     * window for this event. Currently populated by external_ref when a
+     * ctx_fetch_and_index tool_response carries the
+     * `Fetched and indexed N sections (XKB)` preamble.
+     */
+    bytes_avoided?: number;
 }
 export interface ToolCall {
     toolName: string;

package/build/session/extract.js

@@ -678,12 +678,28 @@ function extractExternalRef(input) {
     }
     if (refs.size === 0)
         return [];
-    return [{
-            type: "external_ref",
-            category: "external-ref",
-            data: safeString(Array.from(refs).join(", ")),
-            priority: 3,
-        }];
+    // ctx_fetch_and_index returns a preamble like
+    //   "Fetched and indexed **5 sections** (47.50KB) from: <label>"
+    // Parse the size to credit bytes_avoided on the event so per-session
+    // honest-savings stats reflect what was kept out of the context window.
+    // KB literal in the preamble is decimal (KB = 1024 bytes per the formatter).
+    let bytesAvoided;
+    const preambleMatch = safeString(input.tool_response).match(/Fetched and indexed[^\(]*\(([\d.]+)\s*KB\)/i);
+    if (preambleMatch) {
+        const kb = Number(preambleMatch[1]);
+        if (Number.isFinite(kb) && kb > 0) {
+            bytesAvoided = Math.round(kb * 1024);
+        }
+    }
+    const event = {
+        type: "external_ref",
+        category: "external-ref",
+        data: safeString(Array.from(refs).join(", ")),
+        priority: 3,
+    };
+    if (bytesAvoided !== undefined)
+        event.bytes_avoided = bytesAvoided;
+    return [event];
 }
 /**
  * Category 8: env (worktree)

package/build/store.d.ts

@@ -41,13 +41,25 @@ export declare class ContentStore {
         content?: string;
         path?: string;
         source?: string;
+        /**
+         * Optional FK metadata recorded on each indexed chunk so per-session
+         * honest-savings stats can join chunks → session_events. When omitted,
+         * chunks fall back to empty-string columns (legacy behaviour).
+         */
+        attribution?: {
+            sessionId?: string;
+            eventId?: string;
+        };
     }): IndexResult;
     /**
      * Index plain-text output (logs, build output, test results) by splitting
      * into fixed-size line groups. Unlike markdown indexing, this does not
      * look for headings — it chunks by line count with overlap.
      */
-    indexPlainText(content: string, source: string, linesPerChunk?: number): IndexResult;
+    indexPlainText(content: string, source: string, linesPerChunk?: number, attribution?: {
+        sessionId?: string;
+        eventId?: string;
+    }): IndexResult;
     /**
      * Index JSON content by walking the object tree and using key paths
      * as chunk titles (analogous to heading hierarchy in markdown). Objects
@@ -55,7 +67,10 @@ export declare class ContentStore {
      *
      * Falls back to `indexPlainText` if the content is not valid JSON.
      */
-    indexJSON(content: string, source: string, maxChunkBytes?: number): IndexResult;
+    indexJSON(content: string, source: string, maxChunkBytes?: number, attribution?: {
+        sessionId?: string;
+        eventId?: string;
+    }): IndexResult;
     search(query: string, limit?: number, source?: string, mode?: "AND" | "OR", contentType?: "code" | "prose", sourceMatchMode?: SourceMatchMode): SearchResult[];
     searchTrigram(query: string, limit?: number, source?: string, mode?: "AND" | "OR", contentType?: "code" | "prose", sourceMatchMode?: SourceMatchMode): SearchResult[];
     fuzzyCorrect(query: string): string | null;

package/build/store.js

@@ -714,7 +714,7 @@ export class ContentStore {
     }
     // ── Index ──
     index(options) {
-        const { content, path, source } = options;
+        const { content, path, source, attribution } = options;
         // Treat empty string as "no content" so an empty `content` paired with a
         // valid `path` falls back to reading the file. Some MCP clients
         // materialize optional string fields as `""` and the previous
@@ -754,7 +754,7 @@ export class ContentStore {
         // Stale detection: store file_path + SHA-256 for file-backed sources
         const filePath = path ?? undefined;
         const contentHash = filePath ? createHash("sha256").update(text).digest("hex") : undefined;
-        return withRetry(() => this.#insertChunks(chunks, label, text, filePath, contentHash));
+        return withRetry(() => this.#insertChunks(chunks, label, text, filePath, contentHash, attribution));
     }
     // ── Index Plain Text ──
     /**
@@ -762,12 +762,12 @@ export class ContentStore {
      * into fixed-size line groups. Unlike markdown indexing, this does not
      * look for headings — it chunks by line count with overlap.
      */
-    indexPlainText(content, source, linesPerChunk = 20) {
+    indexPlainText(content, source, linesPerChunk = 20, attribution) {
         if (!content || content.trim().length === 0) {
-            return this.#insertChunks([], source, "");
+            return this.#insertChunks([], source, "", undefined, undefined, attribution);
         }
         const chunks = this.#chunkPlainText(content, linesPerChunk);
-        return withRetry(() => this.#insertChunks(chunks.map((c) => ({ ...c, hasCode: false })), source, content));
+        return withRetry(() => this.#insertChunks(chunks.map((c) => ({ ...c, hasCode: false })), source, content, undefined, undefined, attribution));
     }
     // ── Index JSON ──
     /**
@@ -777,23 +777,23 @@ export class ContentStore {
      *
      * Falls back to `indexPlainText` if the content is not valid JSON.
      */
-    indexJSON(content, source, maxChunkBytes = MAX_CHUNK_BYTES) {
+    indexJSON(content, source, maxChunkBytes = MAX_CHUNK_BYTES, attribution) {
         if (!content || content.trim().length === 0) {
-            return this.indexPlainText("", source);
+            return this.indexPlainText("", source, undefined, attribution);
         }
         let parsed;
         try {
             parsed = JSON.parse(content);
         }
         catch {
-            return this.indexPlainText(content, source);
+            return this.indexPlainText(content, source, undefined, attribution);
         }
         const chunks = [];
         this.#walkJSON(parsed, [], chunks, maxChunkBytes);
         if (chunks.length === 0) {
-            return this.indexPlainText(content, source);
+            return this.indexPlainText(content, source, undefined, attribution);
         }
-        return withRetry(() => this.#insertChunks(chunks, source, content));
+        return withRetry(() => this.#insertChunks(chunks, source, content, undefined, undefined, attribution));
     }
     // ── Shared DB Insertion ──
     /**
@@ -801,8 +801,12 @@ export class ContentStore {
      * into both FTS5 tables within a transaction and extracts vocabulary.
      * Uses cached prepared statements from #prepareStatements().
      */
-    #insertChunks(chunks, label, text, filePath, contentHash) {
+    #insertChunks(chunks, label, text, filePath, contentHash, attribution) {
         const codeChunks = chunks.filter((c) => c.hasCode).length;
+        // FK columns on chunks. Empty-string fallback preserves the FTS5-friendly
+        // "not-null but unattributed" sentinel used by legacy rows.
+        const sessionIdCol = attribution?.sessionId ?? "";
+        const eventIdCol = attribution?.eventId ?? "";
         // Atomic dedup + insert: delete previous source with same label,
         // then insert new content — all within a single transaction.
         // Prevents stale results in iterative workflows. (See: GitHub issue #67)
@@ -819,8 +823,8 @@ export class ContentStore {
             const now = new Date().toISOString();
             for (const chunk of chunks) {
                 const ct = chunk.hasCode ? "code" : "prose";
-                this.#stmtInsertChunk.run(chunk.title, chunk.content, sourceId, ct, null, null, null, now);
-                this.#stmtInsertChunkTrigram.run(chunk.title, chunk.content, sourceId, ct, null, null, null, now);
+                this.#stmtInsertChunk.run(chunk.title, chunk.content, sourceId, ct, null, sessionIdCol, eventIdCol, now);
+                this.#stmtInsertChunkTrigram.run(chunk.title, chunk.content, sourceId, ct, null, sessionIdCol, eventIdCol, now);
             }
             return sourceId;
         });

package/build/util/sibling-mcp.d.ts

@@ -38,6 +38,21 @@ export interface DiscoverOptions {
     platform?: NodeJS.Platform;
     /** Test injection point — defaults to `child_process.execFileSync`. */
     runCommand?: RunCommand;
+    /**
+     * When true, only return pids whose parent (ppid) is the SAME as the
+     * caller's own ppid (i.e. siblings under the same host process).
+     *
+     * Used by the startup sweep (#565) so an opencode-spawned MCP child
+     * only reaps OTHER opencode-spawned MCP children, never the children
+     * of a different opencode/Claude host running in parallel.
+     *
+     * Requires a way to read each pid's ppid. Defaults to a `ps -o ppid=`
+     * probe on POSIX and PowerShell `Get-CimInstance` on Windows. Set
+     * `readPpid` to inject in tests.
+     */
+    sameParentOnly?: boolean;
+    /** Test injection — read ppid for a given pid. Defaults to platform probe. */
+    readPpid?: (pid: number) => number;
 }
 export interface KillOptions {
     pids: readonly number[];
@@ -77,3 +92,28 @@ export declare function discoverSiblingMcpPids(opts: DiscoverOptions): number[];
  *      counted — they were not ours to kill.
  */
 export declare function killSiblingMcpServers(opts: KillOptions): Promise<KillReport>;
+/**
+ * Startup-time sibling sweep (#565).
+ *
+ * Discovers any context-mode MCP server pids that share OUR parent process
+ * (i.e. other MCP children of the same host like `opencode serve`) and
+ * terminates them. The intent is "exactly one MCP child per host" — when a
+ * new MCP client spawns inside an opencode host that already has 25 stale
+ * idle siblings, this sweep reclaims them at boot rather than waiting for
+ * the idle timeout to fire on each one independently.
+ *
+ * Gated by env (default-on but easy to disable):
+ *
+ *   CONTEXT_MODE_STARTUP_SWEEP=0   → disabled
+ *   CONTEXT_MODE_STARTUP_SWEEP=1   → enabled (default)
+ *
+ * Safety:
+ *   - `sameParentOnly: true` — never touches MCP children of a different host.
+ *   - Best-effort throughout: failures never block server startup.
+ *   - Composes with the idle-timeout path: if a sibling is actively in use
+ *     by another session, the parent process will simply spawn a new MCP
+ *     child on its next request. The cost is one cold-start (~1–3 s) for
+ *     that session, which is identical to opencode's existing behaviour
+ *     of spawning a fresh MCP child per session anyway.
+ */
+export declare function startupSiblingSweep(env?: NodeJS.ProcessEnv): Promise<KillReport>;