context-mode 1.0.147 → 1.0.149

package/build/session/db.js

@@ -493,6 +493,87 @@ const S = {
     getEventBytesSummary: "getEventBytesSummary",
 };
 // ─────────────────────────────────────────────────────────
+// Schema migration helpers (shared with the analytics aggregator)
+// ─────────────────────────────────────────────────────────
+/**
+ * Columns that the current `session_events` schema requires but earlier
+ * versions of context-mode did not write. Older DBs on disk are missing
+ * these — the analytics aggregator opens every DB it finds across all
+ * adapters, so without an in-place migration the SUM queries below fail
+ * the entire DB (the catch at the top of the read loop swallows the
+ * "no such column" error and the DB contributes zero to every column,
+ * not just the new ones). v1.0.148 hotfix.
+ */
+const SESSION_EVENTS_REQUIRED_COLUMNS = [
+    ["project_dir", "TEXT NOT NULL DEFAULT ''"],
+    ["attribution_source", "TEXT NOT NULL DEFAULT 'unknown'"],
+    ["attribution_confidence", "REAL NOT NULL DEFAULT 0"],
+    ["bytes_avoided", "INTEGER NOT NULL DEFAULT 0"],
+    ["bytes_returned", "INTEGER NOT NULL DEFAULT 0"],
+];
+/**
+ * Apply any missing post-v1.0.130 `session_events` columns to an already-
+ * open writable database handle. Idempotent — each ALTER is guarded by a
+ * PRAGMA table_xinfo check, and the project_dir index is created only
+ * when a migration actually ran. Returns true if any column was added.
+ *
+ * Used by both the SessionDB constructor (for the active DB) and the
+ * analytics aggregator (for the 100+ historical DBs that never get
+ * opened through SessionDB). ADR-0001 compatible: no EXCLUSIVE pragma,
+ * no acquireDbLock — relies on the SQLite busy_timeout + WAL semantics
+ * already provided by SQLiteBase.
+ */
+export function applyMissingSessionEventsColumns(db) {
+    const colInfo = db.pragma("table_xinfo(session_events)");
+    const cols = new Set(colInfo.map((c) => c.name));
+    let changed = false;
+    for (const [name, spec] of SESSION_EVENTS_REQUIRED_COLUMNS) {
+        if (!cols.has(name)) {
+            db.exec(`ALTER TABLE session_events ADD COLUMN ${name} ${spec}`);
+            changed = true;
+        }
+    }
+    if (changed) {
+        db.exec("CREATE INDEX IF NOT EXISTS idx_session_events_project ON session_events(session_id, project_dir)");
+    }
+    return changed;
+}
+/**
+ * Open a session DB file briefly, run any missing schema migrations,
+ * and close. Best-effort: missing tables, file-locks, corrupt files,
+ * and any DatabaseCtor error are swallowed silently — the caller
+ * (analytics aggregator) handles the readonly query that follows and
+ * will skip the DB if it remains unreadable.
+ *
+ * Lazy migration entry point for the analytics aggregator, which would
+ * otherwise read 100+ historical DBs with the old (pre-v1.0.130) schema
+ * and lose every signal (not just bytes_avoided) because the SELECT
+ * statement references columns that don't exist on legacy schemas.
+ *
+ * Two open/close cycles in the worst case (one readonly probe to detect
+ * legacy schema, one writable to migrate). For already-migrated DBs
+ * (the common case after first read), this opens writable once and
+ * exits without writing — cheaper than always-writable.
+ */
+export function ensureSessionEventsSchema(dbPath, DatabaseCtor) {
+    let db = null;
+    try {
+        db = new DatabaseCtor(dbPath);
+        applyMissingSessionEventsColumns(db);
+    }
+    catch {
+        // best-effort — missing table, file lock, corrupt DB, or DatabaseCtor
+        // load failure. The aggregator's existing skip-on-error handles the
+        // downstream readonly query.
+    }
+    finally {
+        try {
+            db?.close();
+        }
+        catch { /* ignore */ }
+    }
+}
+// ─────────────────────────────────────────────────────────
 // SessionDB
 // ─────────────────────────────────────────────────────────
 export class SessionDB extends SQLiteBase {
@@ -569,25 +650,11 @@ export class SessionDB extends SQLiteBase {
       CREATE INDEX IF NOT EXISTS idx_tool_calls_session ON tool_calls(session_id);
     `);
         // Migration: add per-event attribution columns for existing DBs.
+        // Shared helper — the analytics aggregator (analytics.ts) runs the
+        // SAME migration against every historical DB it scans, so the column
+        // list lives in one place at the top of this module.
         try {
-            const colInfo = this.db.pragma("table_xinfo(session_events)");
-            const cols = new Set(colInfo.map((c) => c.name));
-            if (!cols.has("project_dir")) {
-                this.db.exec("ALTER TABLE session_events ADD COLUMN project_dir TEXT NOT NULL DEFAULT ''");
-            }
-            if (!cols.has("attribution_source")) {
-                this.db.exec("ALTER TABLE session_events ADD COLUMN attribution_source TEXT NOT NULL DEFAULT 'unknown'");
-            }
-            if (!cols.has("attribution_confidence")) {
-                this.db.exec("ALTER TABLE session_events ADD COLUMN attribution_confidence REAL NOT NULL DEFAULT 0");
-            }
-            if (!cols.has("bytes_avoided")) {
-                this.db.exec("ALTER TABLE session_events ADD COLUMN bytes_avoided INTEGER NOT NULL DEFAULT 0");
-            }
-            if (!cols.has("bytes_returned")) {
-                this.db.exec("ALTER TABLE session_events ADD COLUMN bytes_returned INTEGER NOT NULL DEFAULT 0");
-            }
-            this.db.exec("CREATE INDEX IF NOT EXISTS idx_session_events_project ON session_events(session_id, project_dir)");
+            applyMissingSessionEventsColumns(this.db);
         }
         catch {
             // best-effort migration only

package/build/store-directory.d.ts

@@ -0,0 +1,56 @@
+/**
+ * walkDirectory — bounded recursive directory walker for ctx_index (#687).
+ *
+ * Issue: ctx_index refused directory paths via the security gate at
+ * src/store.ts:845 ("refusing to index <path>: not a regular file"). The gate
+ * is a TOCTOU defense from #442 round-3 and MUST be preserved — directory
+ * support is layered as a separate concern here. Each file produced by
+ * walkDirectory is then read via the existing per-file
+ * `openSync + fstatSync.isFile()` invariant in `ContentStore.index()`.
+ *
+ * Reported by @matiasduartee across 4 clients × Windows 11.
+ * https://github.com/anthropic-experimental/context-mode/issues/687
+ *
+ * Design constraints:
+ *   - No new dependencies (avoid the `ignore` package — issue #687 Diagnose).
+ *   - Cross-OS: path.sep / path.join everywhere, never raw "/" string ops.
+ *   - Symlink cycle detection via a resolved-path Set.
+ *   - Symlink-escape rejection: refuse to follow symlinks that resolve outside
+ *     the rootPath (defense-in-depth alongside per-file checkFilePathDenyPolicy).
+ *   - FTS5-blowup guard: hard cap maxFiles (default 200, per Architect).
+ */
+export interface WalkOptions {
+    /** Glob-ish include patterns. Empty/undefined means include all (subject to extensions). */
+    include?: string[];
+    /** Glob-ish exclude patterns. Merged with sensible defaults. */
+    exclude?: string[];
+    /** Max recursion depth from rootPath (0 = root only). Default 5. */
+    maxDepth?: number;
+    /** Hard cap on total files. Default 200 — FTS5 blow-up guard. */
+    maxFiles?: number;
+    /** Allowed file extensions (with leading dot). Empty/undefined means default set. */
+    extensions?: string[];
+    /** Apply nearest .gitignore rules during walk. Default true. */
+    respectGitignore?: boolean;
+    /** Follow directory symlinks. Default false (cycle hazard + escape risk). */
+    followSymlinks?: boolean;
+}
+export interface WalkResult {
+    files: string[];
+    /** True when maxFiles cap was hit and traversal halted early. */
+    capped: boolean;
+    /** Total files discovered before cap (for reporting). */
+    totalSeen: number;
+}
+/**
+ * Walk `rootPath` recursively under the given bounds and return absolute file
+ * paths matching the filters. Pure synchronous traversal — no allocations
+ * beyond the result array. Symlink cycles are detected via a resolved-path
+ * Set; symlink escapes (resolving outside rootPath) are silently skipped.
+ */
+export declare function walkDirectory(rootPath: string, opts?: WalkOptions): string[];
+/**
+ * Same as walkDirectory but returns capped + totalSeen so callers can surface
+ * a "capped at N files" notice in their response.
+ */
+export declare function walkDirectoryDetailed(rootPath: string, opts?: WalkOptions): WalkResult;

package/build/store-directory.js

@@ -0,0 +1,254 @@
+/**
+ * walkDirectory — bounded recursive directory walker for ctx_index (#687).
+ *
+ * Issue: ctx_index refused directory paths via the security gate at
+ * src/store.ts:845 ("refusing to index <path>: not a regular file"). The gate
+ * is a TOCTOU defense from #442 round-3 and MUST be preserved — directory
+ * support is layered as a separate concern here. Each file produced by
+ * walkDirectory is then read via the existing per-file
+ * `openSync + fstatSync.isFile()` invariant in `ContentStore.index()`.
+ *
+ * Reported by @matiasduartee across 4 clients × Windows 11.
+ * https://github.com/anthropic-experimental/context-mode/issues/687
+ *
+ * Design constraints:
+ *   - No new dependencies (avoid the `ignore` package — issue #687 Diagnose).
+ *   - Cross-OS: path.sep / path.join everywhere, never raw "/" string ops.
+ *   - Symlink cycle detection via a resolved-path Set.
+ *   - Symlink-escape rejection: refuse to follow symlinks that resolve outside
+ *     the rootPath (defense-in-depth alongside per-file checkFilePathDenyPolicy).
+ *   - FTS5-blowup guard: hard cap maxFiles (default 200, per Architect).
+ */
+import { readdirSync, statSync, lstatSync, realpathSync, existsSync, readFileSync, } from "node:fs";
+import { join, extname, relative, sep, resolve } from "node:path";
+const DEFAULT_EXCLUDES = [
+    "node_modules",
+    ".git",
+    "dist",
+    "build",
+    ".next",
+    "coverage",
+    ".venv",
+    "__pycache__",
+    ".DS_Store",
+];
+const DEFAULT_EXTENSIONS = [
+    ".md",
+    ".mdx",
+    ".txt",
+    ".json",
+    ".yaml",
+    ".yml",
+    ".ts",
+    ".tsx",
+    ".js",
+    ".jsx",
+    ".py",
+    ".rs",
+    ".go",
+    ".sh",
+];
+const DEFAULT_MAX_DEPTH = 5;
+const DEFAULT_MAX_FILES = 200;
+/**
+ * Convert a simple glob pattern (`*`, `**`, `?`) to a RegExp. Anchors at
+ * boundaries so `node_modules` matches `node_modules` AND `node_modules/pkg`.
+ * Patterns are matched against POSIX-style relative paths (forward slashes)
+ * to give consistent behavior across macOS / Windows.
+ */
+function globToRegExp(pattern) {
+    // Escape regex metachars except glob ones.
+    let re = "";
+    for (let i = 0; i < pattern.length; i++) {
+        const c = pattern[i];
+        if (c === "*") {
+            if (pattern[i + 1] === "*") {
+                re += ".*";
+                i++;
+            }
+            else {
+                re += "[^/]*";
+            }
+        }
+        else if (c === "?") {
+            re += "[^/]";
+        }
+        else if ("\\^$.|+()[]{}".includes(c)) {
+            re += "\\" + c;
+        }
+        else {
+            re += c;
+        }
+    }
+    return new RegExp(`^${re}$`);
+}
+/** Match a posix-style relative path against any of the patterns. */
+function matchesAny(relPosix, patterns) {
+    if (patterns.length === 0)
+        return false;
+    const basename = relPosix.split("/").pop() ?? relPosix;
+    for (const p of patterns) {
+        // Bare names match basename OR any path segment.
+        if (!p.includes("/") && !p.includes("*")) {
+            if (basename === p)
+                return true;
+            if (relPosix.split("/").includes(p))
+                return true;
+            continue;
+        }
+        const re = globToRegExp(p);
+        if (re.test(relPosix))
+            return true;
+        if (re.test(basename))
+            return true;
+    }
+    return false;
+}
+/**
+ * Parse a .gitignore file into a list of patterns. Comments and blank lines
+ * are stripped. Negation (`!`) is not supported — kept conservative.
+ */
+function parseGitignore(rootPath) {
+    const giPath = join(rootPath, ".gitignore");
+    if (!existsSync(giPath))
+        return [];
+    try {
+        const text = readFileSync(giPath, "utf-8");
+        return text
+            .split(/\r?\n/)
+            .map(l => l.trim())
+            .filter(l => l.length > 0 && !l.startsWith("#") && !l.startsWith("!"))
+            .map(l => l.replace(/^\//, "").replace(/\/$/, ""));
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Convert an absolute path under rootPath to a POSIX-style relative path
+ * so glob matching is identical across macOS/Linux/Windows.
+ */
+function toPosixRel(rootPath, absPath) {
+    const rel = relative(rootPath, absPath);
+    return rel.split(sep).join("/");
+}
+/**
+ * Walk `rootPath` recursively under the given bounds and return absolute file
+ * paths matching the filters. Pure synchronous traversal — no allocations
+ * beyond the result array. Symlink cycles are detected via a resolved-path
+ * Set; symlink escapes (resolving outside rootPath) are silently skipped.
+ */
+export function walkDirectory(rootPath, opts = {}) {
+    return walkDirectoryDetailed(rootPath, opts).files;
+}
+/**
+ * Same as walkDirectory but returns capped + totalSeen so callers can surface
+ * a "capped at N files" notice in their response.
+ */
+export function walkDirectoryDetailed(rootPath, opts = {}) {
+    const { include, exclude, maxDepth = DEFAULT_MAX_DEPTH, maxFiles = DEFAULT_MAX_FILES, extensions, respectGitignore = true, followSymlinks = false, } = opts;
+    // Normalize rootPath to its real path so symlink-escape detection is sound.
+    let rootReal;
+    try {
+        rootReal = realpathSync(rootPath);
+    }
+    catch {
+        return { files: [], capped: false, totalSeen: 0 };
+    }
+    const exts = (extensions && extensions.length > 0 ? extensions : DEFAULT_EXTENSIONS)
+        .map(e => (e.startsWith(".") ? e : "." + e).toLowerCase());
+    const excludes = [
+        ...DEFAULT_EXCLUDES,
+        ...(exclude ?? []),
+        ...(respectGitignore ? parseGitignore(rootReal) : []),
+    ];
+    const includes = include ?? [];
+    const out = [];
+    const visited = new Set([rootReal]);
+    let totalSeen = 0;
+    let capped = false;
+    function walk(absDir, depth) {
+        if (capped)
+            return;
+        if (depth > maxDepth)
+            return;
+        let entries;
+        try {
+            entries = readdirSync(absDir, { withFileTypes: true });
+        }
+        catch {
+            return; // unreadable directory — skip silently
+        }
+        for (const ent of entries) {
+            if (capped)
+                return;
+            const absChild = join(absDir, ent.name);
+            const relPosix = toPosixRel(rootReal, absChild);
+            // Exclude check applies to both files and dirs — early prune.
+            if (matchesAny(relPosix, excludes))
+                continue;
+            // Include filter applies to files only — see below.
+            // Resolve symlinks once; reject escapes; track for cycle detection.
+            let isDirChild = ent.isDirectory();
+            let isFileChild = ent.isFile();
+            let isSymlink = false;
+            try {
+                const lst = lstatSync(absChild);
+                isSymlink = lst.isSymbolicLink();
+            }
+            catch {
+                continue;
+            }
+            if (isSymlink) {
+                if (!followSymlinks)
+                    continue;
+                let resolved;
+                try {
+                    resolved = realpathSync(absChild);
+                }
+                catch {
+                    continue; // dangling
+                }
+                // Symlink-escape: refuse to follow if the resolved target leaves rootReal.
+                const escapeRel = relative(rootReal, resolved);
+                if (escapeRel.startsWith("..") || resolve(escapeRel) === resolved) {
+                    // resolve(absolute) === absolute → target is absolute outside root
+                    if (escapeRel.startsWith(".."))
+                        continue;
+                }
+                if (visited.has(resolved))
+                    continue;
+                visited.add(resolved);
+                try {
+                    const st = statSync(resolved);
+                    isDirChild = st.isDirectory();
+                    isFileChild = st.isFile();
+                }
+                catch {
+                    continue;
+                }
+            }
+            if (isDirChild) {
+                walk(absChild, depth + 1);
+                continue;
+            }
+            if (!isFileChild)
+                continue;
+            // Extension filter.
+            const ext = extname(absChild).toLowerCase();
+            if (!exts.includes(ext))
+                continue;
+            // Include filter (if any): file must match at least one include pattern.
+            if (includes.length > 0 && !matchesAny(relPosix, includes))
+                continue;
+            totalSeen++;
+            if (out.length >= maxFiles) {
+                capped = true;
+                return;
+            }
+            out.push(absChild);
+        }
+    }
+    walk(rootReal, 0);
+    return { files: out, capped, totalSeen };
+}

package/build/store.d.ts

@@ -7,6 +7,7 @@
  * Use for documentation, API references, and any content where
  * you need EXACT text later — not summaries.
  */
+import { type WalkOptions } from "./store-directory.js";
 type SourceMatchMode = "like" | "exact";
 import type { IndexResult, SearchResult, StoreStats } from "./types.js";
 export type { IndexResult, SearchResult, StoreStats } from "./types.js";
@@ -51,6 +52,34 @@ export declare class ContentStore {
             eventId?: string;
         };
     }): IndexResult;
+    /**
+     * Index every file under a directory by walking it with `walkDirectory` and
+     * delegating each discovered file to `this.index({ path })`. The per-file
+     * `openSync + fstatSync.isFile()` security gate at line ~845 stays active
+     * for every file — directory support never bypasses the TOCTOU defense
+     * from #442 round-3.
+     *
+     * Reported by @matiasduartee in #687.
+     */
+    indexDirectory(opts: {
+        path: string;
+        source?: string;
+        attribution?: {
+            sessionId?: string;
+            eventId?: string;
+        };
+        /** Optional per-file deny check — runs INSIDE the walk loop so a denied
+         *  file does not even open a fd. Returns true to deny. */
+        perFileDeny?: (absPath: string) => boolean;
+    } & WalkOptions): {
+        filesIndexed: number;
+        totalChunks: number;
+        capped: boolean;
+        totalSeen: number;
+        denied: number;
+        failed: number;
+        label: string;
+    };
     /**
      * Index plain-text output (logs, build output, test results) by splitting
      * into fixed-size line groups. Unlike markdown indexing, this does not

package/build/store.js

@@ -13,6 +13,7 @@ import { readFileSync, readdirSync, unlinkSync, existsSync, statSync, openSync,
 import { createHash } from "node:crypto";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
+import { walkDirectoryDetailed } from "./store-directory.js";
 // ─────────────────────────────────────────────────────────
 // Constants
 // ─────────────────────────────────────────────────────────
@@ -756,6 +757,51 @@ export class ContentStore {
         const contentHash = filePath ? createHash("sha256").update(text).digest("hex") : undefined;
         return withRetry(() => this.#insertChunks(chunks, label, text, filePath, contentHash, attribution));
     }
+    // ── Index Directory (#687) ──
+    /**
+     * Index every file under a directory by walking it with `walkDirectory` and
+     * delegating each discovered file to `this.index({ path })`. The per-file
+     * `openSync + fstatSync.isFile()` security gate at line ~845 stays active
+     * for every file — directory support never bypasses the TOCTOU defense
+     * from #442 round-3.
+     *
+     * Reported by @matiasduartee in #687.
+     */
+    indexDirectory(opts) {
+        const { path: rootPath, source, attribution, perFileDeny, ...walkOpts } = opts;
+        const walked = walkDirectoryDetailed(rootPath, walkOpts);
+        let filesIndexed = 0;
+        let totalChunks = 0;
+        let denied = 0;
+        let failed = 0;
+        for (const file of walked.files) {
+            if (perFileDeny && perFileDeny(file)) {
+                denied++;
+                continue;
+            }
+            try {
+                // Per-file source label so ctx_search(source: "<file>") still works.
+                const fileSource = source ? `${source}:${file}` : file;
+                const r = this.index({ path: file, source: fileSource, attribution });
+                filesIndexed++;
+                totalChunks += r.totalChunks;
+            }
+            catch {
+                // Per-file failure (e.g. fd-bound fstat rejection of a non-regular
+                // file that races between walk and read) — count + continue.
+                failed++;
+            }
+        }
+        return {
+            filesIndexed,
+            totalChunks,
+            capped: walked.capped,
+            totalSeen: walked.totalSeen,
+            denied,
+            failed,
+            label: source ?? rootPath,
+        };
+    }
     // ── Index Plain Text ──
     /**
      * Index plain-text output (logs, build output, test results) by splitting

package/build/util/project-dir.d.ts

@@ -60,6 +60,42 @@ export declare function resolveProjectDirFromTranscript(opts: {
     /** Test seam for maxAgeMs. Defaults to Date.now(). */
     nowMs?: number;
 }): string | undefined;
+/**
+ * Issue #45 / c4529042182 — recover the project-cwd from a Codex CLI
+ * session log when the spawned MCP child inherits a non-project cwd
+ * (e.g. $HOME when Codex was launched from anywhere outside the project).
+ *
+ * Codex writes its session transcripts to
+ * `${CODEX_HOME ?? ~/.codex}/sessions/<uuid>.jsonl`. The first line is a
+ * `SessionMeta` JSON struct whose `meta.cwd` field carries the literal
+ * project directory the CLI was launched from (see refs/platforms/codex/
+ * codex-rs SessionMeta). Codex publishes NO workspace env var to its child
+ * MCP processes — so unlike Claude/Pi/Cursor, we have no env signal at all.
+ * The session log is the strongest available signal.
+ *
+ * Mirror of `resolveProjectDirFromTranscript` for Claude Code; differences:
+ *   • Sessions live flat in `${codexHome}/sessions/*.jsonl` (no per-project
+ *     encoded subdir like Claude's `~/.claude/projects/<encoded>/`).
+ *   • The cwd is on `meta.cwd` (nested), not top-level `cwd`.
+ *
+ * Returns `null` when:
+ *   • `codexHome` or its `sessions/` subdir does not exist.
+ *   • No `.jsonl` files exist or none has a parseable `meta.cwd` string.
+ *   • The newest log is older than `transcriptMaxAgeMs` (multi-window guard).
+ *   • The resolved `meta.cwd` points at a plugin install path (poisoned).
+ */
+export declare function resolveCodexSessionCwd(opts?: {
+    /** Defaults to `process.env.CODEX_HOME ?? path.join(os.homedir(), ".codex")`. */
+    codexHome?: string;
+    /**
+     * Optional freshness guard — Codex appends to the active log while the
+     * session is running, so a stale log from days ago must not become a
+     * global project-dir signal.
+     */
+    transcriptMaxAgeMs?: number;
+    /** Test seam for transcriptMaxAgeMs. Defaults to Date.now(). */
+    now?: number;
+}): string | null;
 /**
  * Pure project-dir resolver. Mirror of the env-var chain inside
  * `src/server.ts getProjectDir()`, but takes its inputs explicitly so the
@@ -100,4 +136,11 @@ export declare function resolveProjectDir(opts: {
      * for `start.mjs` and any non-strict consumer).
      */
     strictPlatform?: PlatformId;
+    /**
+     * Issue #45 — override `${CODEX_HOME ?? ~/.codex}` for tests. When
+     * `strictPlatform === "codex"` and the env cascade yields nothing, the
+     * resolver reads `meta.cwd` from the newest session.jsonl under
+     * `${codexHome}/sessions/`.
+     */
+    codexHome?: string;
 }): string;