context-mode 1.0.88 → 1.0.90

package/configs/vscode-copilot/copilot-instructions.md

@@ -1,65 +1,59 @@
 # context-mode — MANDATORY routing rules
 
-You have context-mode MCP tools available. These rules are NOT optional — they protect your context window from flooding. A single unrouted command can dump 56 KB into context and waste the entire session.
+context-mode MCP tools available. Rules protect context window from flooding. One unrouted command dumps 56 KB into context.
 
 ## Think in Code — MANDATORY
 
-When you need to analyze, count, filter, compare, search, parse, transform, or process data: **write code** that does the work via `ctx_execute(language, code)` and `console.log()` only the answer. Do NOT read raw data into context to process mentally. Your role is to PROGRAM the analysis, not to COMPUTE it. Write robust, pure JavaScript — no npm dependencies, only Node.js built-ins (`fs`, `path`, `child_process`). Always use `try/catch`, handle `null`/`undefined`, and ensure compatibility with both Node.js and Bun. One script replaces ten tool calls and saves 100x context.
+Analyze/count/filter/compare/search/parse/transform data: **write code** via `ctx_execute(language, code)`, `console.log()` only the answer. Do NOT read raw data into context. PROGRAM the analysis, not COMPUTE it. Pure JavaScript — Node.js built-ins only (`fs`, `path`, `child_process`). `try/catch`, handle `null`/`undefined`. One script replaces ten tool calls.
 
-## BLOCKED commands — do NOT attempt these
+## BLOCKED — do NOT attempt
 
 ### curl / wget — BLOCKED
-Any terminal command containing `curl` or `wget` will be intercepted and blocked. Do NOT retry.
-Instead use:
-- `ctx_fetch_and_index(url, source)` to fetch and index web pages
-- `ctx_execute(language: "javascript", code: "const r = await fetch(...)")` to run HTTP calls in sandbox
+Terminal `curl`/`wget` intercepted and blocked. Do NOT retry.
+Use: `ctx_fetch_and_index(url, source)` or `ctx_execute(language: "javascript", code: "const r = await fetch(...)")`
 
 ### Inline HTTP — BLOCKED
-Any terminal command containing `fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, or `http.request(` will be intercepted and blocked. Do NOT retry with terminal.
-Instead use:
-- `ctx_execute(language, code)` to run HTTP calls in sandbox — only stdout enters context
+`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.
+Use: `ctx_execute(language, code)` — only stdout enters context
 
 ### WebFetch / fetch — BLOCKED
-Direct web fetching tools are blocked. Use the sandbox equivalent.
-Instead use:
-- `ctx_fetch_and_index(url, source)` then `ctx_search(queries)` to query the indexed content
+Use: `ctx_fetch_and_index(url, source)` then `ctx_search(queries)`
 
-## REDIRECTED tools — use sandbox equivalents
+## REDIRECTED — use sandbox
 
 ### Terminal / run_in_terminal (>20 lines output)
-Terminal is ONLY for: `git`, `mkdir`, `rm`, `mv`, `cd`, `ls`, `npm install`, `pip install`, and other short-output commands.
-For everything else, use:
-- `ctx_batch_execute(commands, queries)` — run multiple commands + search in ONE call
-- `ctx_execute(language: "shell", code: "...")` — run in sandbox, only stdout enters context
+Terminal ONLY for: `git`, `mkdir`, `rm`, `mv`, `cd`, `ls`, `npm install`, `pip install`.
+Otherwise: `ctx_batch_execute(commands, queries)` or `ctx_execute(language: "shell", code: "...")`
 
 ### read_file (for analysis)
-If you are reading a file to **edit** it → read_file is correct (edit needs content in context).
-If you are reading to **analyze, explore, or summarize** → use `ctx_execute_file(path, language, code)` instead. Only your printed summary enters context.
+Reading to **edit** → read_file correct. Reading to **analyze/explore/summarize** → `ctx_execute_file(path, language, code)`.
 
 ### grep / search (large results)
-Search results can flood context. Use `ctx_execute(language: "shell", code: "grep ...")` to run searches in sandbox. Only your printed summary enters context.
+Use `ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 
-## Tool selection hierarchy
+## Tool selection
 
-1. **GATHER**: `ctx_batch_execute(commands, queries)` — Primary tool. Runs all commands, auto-indexes output, returns search results. ONE call replaces 30+ individual calls. Each command: `{label: "descriptive header", command: "..."}`. Label becomes FTS5 chunk title — descriptive labels improve search.
-2. **FOLLOW-UP**: `ctx_search(queries: ["q1", "q2", ...])` — Query indexed content. Pass ALL questions as array in ONE call.
-3. **PROCESSING**: `ctx_execute(language, code)` | `ctx_execute_file(path, language, code)` — Sandbox execution. Only stdout enters context.
-4. **WEB**: `ctx_fetch_and_index(url, source)` then `ctx_search(queries)` — Fetch, chunk, index, query. Raw HTML never enters context.
-5. **INDEX**: `ctx_index(content, source)` — Store content in FTS5 knowledge base for later search.
+1. **GATHER**: `ctx_batch_execute(commands, queries)` — runs all commands, auto-indexes, returns search. ONE call replaces 30+. Each command: `{label: "header", command: "..."}`.
+2. **FOLLOW-UP**: `ctx_search(queries: ["q1", "q2", ...])` — all questions as array, ONE call.
+3. **PROCESSING**: `ctx_execute(language, code)` | `ctx_execute_file(path, language, code)` — sandbox, only stdout enters context.
+4. **WEB**: `ctx_fetch_and_index(url, source)` then `ctx_search(queries)` — raw HTML never enters context.
+5. **INDEX**: `ctx_index(content, source)` — store in FTS5 for later search.
 
-## Output constraints
+## Output
 
-- Keep responses under 500 words.
-- Write artifacts (code, configs, PRDs) to FILES — never return them as inline text. Return only: file path + 1-line description.
-- When indexing content, use descriptive source labels so others can `ctx_search(source: "label")` later.
+Terse like caveman. Technical substance exact. Only fluff die.
+Drop: articles, filler (just/really/basically), pleasantries, hedging. Fragments OK. Short synonyms. Code unchanged.
+Pattern: [thing] [action] [reason]. [next step]. Auto-expand for: security warnings, irreversible actions, user confusion.
+Write artifacts to FILES — never inline. Return: file path + 1-line description.
+Descriptive source labels for `ctx_search(source: "label")`.
 
 ## ctx commands
 
 | Command | Action |
 |---------|--------|
-| `ctx stats` | Call the `ctx_stats` MCP tool and display the full output verbatim |
-| `ctx doctor` | Call the `ctx_doctor` MCP tool, run the returned shell command, display as checklist |
-| `ctx upgrade` | Call the `ctx_upgrade` MCP tool, run the returned shell command, display as checklist |
-| `ctx purge` | Call the `ctx_purge` MCP tool with confirm: true. Warns before wiping the knowledge base. |
+| `ctx stats` | Call `ctx_stats` MCP tool, display full output verbatim |
+| `ctx doctor` | Call `ctx_doctor` MCP tool, run returned shell command, display as checklist |
+| `ctx upgrade` | Call `ctx_upgrade` MCP tool, run returned shell command, display as checklist |
+| `ctx purge` | Call `ctx_purge` MCP tool with confirm: true. Warns before wiping knowledge base. |
 
-After /clear or /compact: knowledge base and session stats are preserved. Use `ctx purge` if you want to start fresh.
+After /clear or /compact: knowledge base and session stats preserved. Use `ctx purge` to start fresh.

package/configs/zed/AGENTS.md

@@ -1,65 +1,60 @@
 # context-mode — MANDATORY routing rules
 
-You have context-mode MCP tools available. These rules are NOT optional — they protect your context window from flooding. A single unrouted command can dump 56 KB into context and waste the entire session. Zed does NOT have hooks, so these instructions are your ONLY enforcement mechanism. Follow them strictly.
+context-mode MCP tools available. Rules protect context window from flooding. One unrouted command dumps 56 KB into context. Zed has NO hooks — these instructions are ONLY enforcement. Follow strictly.
 
 ## Think in Code — MANDATORY
 
-When you need to analyze, count, filter, compare, search, parse, transform, or process data: **write code** that does the work via `mcp:context-mode:ctx_execute(language, code)` and `console.log()` only the answer. Do NOT read raw data into context to process mentally. Your role is to PROGRAM the analysis, not to COMPUTE it. Write robust, pure JavaScript — no npm dependencies, only Node.js built-ins (`fs`, `path`, `child_process`). Always use `try/catch`, handle `null`/`undefined`, and ensure compatibility with both Node.js and Bun. One script replaces ten tool calls and saves 100x context.
+Analyze/count/filter/compare/search/parse/transform data: **write code** via `mcp:context-mode:ctx_execute(language, code)`, `console.log()` only the answer. Do NOT read raw data into context. PROGRAM the analysis, not COMPUTE it. Pure JavaScript — Node.js built-ins only (`fs`, `path`, `child_process`). `try/catch`, handle `null`/`undefined`. One script replaces ten tool calls.
 
-## BLOCKED commands — do NOT use these
+## BLOCKED — do NOT use
 
 ### curl / wget — FORBIDDEN
-Do NOT use `curl` or `wget` in any shell command. They dump raw HTTP responses directly into your context window.
-Instead use:
-- `mcp:context-mode:ctx_fetch_and_index(url, source)` to fetch and index web pages
-- `mcp:context-mode:ctx_execute(language: "javascript", code: "const r = await fetch(...)")` to run HTTP calls in sandbox
+Do NOT use `curl`/`wget` in shell. Dumps raw HTTP into context.
+Use: `mcp:context-mode:ctx_fetch_and_index(url, source)` or `mcp:context-mode:ctx_execute(language: "javascript", code: "const r = await fetch(...)")`
 
 ### Inline HTTP — FORBIDDEN
-Do NOT run inline HTTP calls via `node -e "fetch(..."`, `python -c "requests.get(..."`, or similar patterns. They bypass the sandbox and flood context.
-Instead use:
-- `mcp:context-mode:ctx_execute(language, code)` to run HTTP calls in sandbox — only stdout enters context
+No `node -e "fetch(..."`, `python -c "requests.get(..."`. Bypasses sandbox.
+Use: `mcp:context-mode:ctx_execute(language, code)` — only stdout enters context
 
 ### Direct web fetching — FORBIDDEN
-Do NOT use any direct URL fetching tool. Raw HTML can exceed 100 KB.
-Instead use:
-- `mcp:context-mode:ctx_fetch_and_index(url, source)` then `mcp:context-mode:ctx_search(queries)` to query the indexed content
+Raw HTML can exceed 100 KB.
+Use: `mcp:context-mode:ctx_fetch_and_index(url, source)` then `mcp:context-mode:ctx_search(queries)`
 
-## REDIRECTED tools — use sandbox equivalents
+## REDIRECTED — use sandbox
 
 ### Shell (>20 lines output)
-Shell is ONLY for: `git`, `mkdir`, `rm`, `mv`, `cd`, `ls`, `npm install`, `pip install`, and other short-output commands.
-For everything else, use:
-- `mcp:context-mode:ctx_batch_execute(commands, queries)` — run multiple commands + search in ONE call
-- `mcp:context-mode:ctx_execute(language: "shell", code: "...")` — run in sandbox, only stdout enters context
+Shell ONLY for: `git`, `mkdir`, `rm`, `mv`, `cd`, `ls`, `npm install`, `pip install`.
+Otherwise: `mcp:context-mode:ctx_batch_execute(commands, queries)` or `mcp:context-mode:ctx_execute(language: "shell", code: "...")`
 
 ### File reading (for analysis)
-If you are reading a file to **edit** it → reading is correct (edit needs content in context).
-If you are reading to **analyze, explore, or summarize** → use `mcp:context-mode:ctx_execute_file(path, language, code)` instead. Only your printed summary enters context. The raw file stays in the sandbox.
+Reading to **edit** → reading correct. Reading to **analyze/explore/summarize** → `mcp:context-mode:ctx_execute_file(path, language, code)`.
 
 ### grep / search (large results)
-Search results can flood context. Use `mcp:context-mode:ctx_execute(language: "shell", code: "grep ...")` to run searches in sandbox. Only your printed summary enters context.
+Use `mcp:context-mode:ctx_execute(language: "shell", code: "grep ...")` in sandbox.
 
-## Tool selection hierarchy
+## Tool selection
 
-1. **GATHER**: `mcp:context-mode:ctx_batch_execute(commands, queries)` — Primary tool. Runs all commands, auto-indexes output, returns search results. ONE call replaces 30+ individual calls. Each command: `{label: "descriptive header", command: "..."}`. Label becomes FTS5 chunk title — descriptive labels improve search.
-2. **FOLLOW-UP**: `mcp:context-mode:ctx_search(queries: ["q1", "q2", ...])` — Query indexed content. Pass ALL questions as array in ONE call.
-3. **PROCESSING**: `mcp:context-mode:ctx_execute(language, code)` | `mcp:context-mode:ctx_execute_file(path, language, code)` — Sandbox execution. Only stdout enters context.
-4. **WEB**: `mcp:context-mode:ctx_fetch_and_index(url, source)` then `mcp:context-mode:ctx_search(queries)` — Fetch, chunk, index, query. Raw HTML never enters context.
-5. **INDEX**: `mcp:context-mode:ctx_index(content, source)` — Store content in FTS5 knowledge base for later search.
+1. **GATHER**: `mcp:context-mode:ctx_batch_execute(commands, queries)` — runs all commands, auto-indexes, returns search. ONE call replaces 30+. Each command: `{label: "header", command: "..."}`.
+2. **FOLLOW-UP**: `mcp:context-mode:ctx_search(queries: ["q1", "q2", ...])` — all questions as array, ONE call.
+3. **PROCESSING**: `mcp:context-mode:ctx_execute(language, code)` | `mcp:context-mode:ctx_execute_file(path, language, code)` — sandbox, only stdout enters context.
+4. **WEB**: `mcp:context-mode:ctx_fetch_and_index(url, source)` then `mcp:context-mode:ctx_search(queries)` — raw HTML never enters context.
+5. **INDEX**: `mcp:context-mode:ctx_index(content, source)` — store in FTS5 for later search.
 
-## Output constraints
+## Output
 
-- Keep responses under 500 words.
-- Write artifacts (code, configs, PRDs) to FILES — never return them as inline text. Return only: file path + 1-line description.
-- When indexing content, use descriptive source labels so others can `search(source: "label")` later.
+Terse like caveman. Technical substance exact. Only fluff die.
+Drop: articles, filler (just/really/basically), pleasantries, hedging. Fragments OK. Short synonyms. Code unchanged.
+Pattern: [thing] [action] [reason]. [next step]. Auto-expand for: security warnings, irreversible actions, user confusion.
+Write artifacts to FILES — never inline. Return: file path + 1-line description.
+Descriptive source labels for `search(source: "label")`.
 
 ## ctx commands
 
 | Command | Action |
 |---------|--------|
-| `ctx stats` | Call the `stats` MCP tool and display the full output verbatim |
-| `ctx doctor` | Call the `doctor` MCP tool, run the returned shell command, display as checklist |
-| `ctx upgrade` | Call the `upgrade` MCP tool, run the returned shell command, display as checklist |
-| `ctx purge` | Call the `mcp:context-mode:purge` MCP tool with confirm: true. Warns before wiping the knowledge base. |
+| `ctx stats` | Call `stats` MCP tool, display full output verbatim |
+| `ctx doctor` | Call `doctor` MCP tool, run returned shell command, display as checklist |
+| `ctx upgrade` | Call `upgrade` MCP tool, run returned shell command, display as checklist |
+| `ctx purge` | Call `mcp:context-mode:purge` MCP tool with confirm: true. Warns before wiping knowledge base. |
 
-After /clear or /compact: knowledge base and session stats are preserved. Use `ctx purge` if you want to start fresh.
+After /clear or /compact: knowledge base and session stats preserved. Use `ctx purge` to start fresh.

package/hooks/codex/posttooluse.mjs

@@ -5,13 +5,13 @@ import "../ensure-deps.mjs";
  * Codex CLI postToolUse hook — session event capture.
  */
 
-import { readStdin, getSessionId, getSessionDBPath, getInputProjectDir, CODEX_OPTS } from "../session-helpers.mjs";
-import { createSessionLoaders } from "../session-loaders.mjs";
+import { readStdin, parseStdin, getSessionId, getSessionDBPath, getInputProjectDir, CODEX_OPTS } from "../session-helpers.mjs";
+import { createSessionLoaders, attributeAndInsertEvents } from "../session-loaders.mjs";
 import { dirname } from "node:path";
 import { fileURLToPath } from "node:url";
 
 const HOOK_DIR = dirname(fileURLToPath(import.meta.url));
-const { loadSessionDB, loadExtract } = createSessionLoaders(HOOK_DIR);
+const { loadSessionDB, loadExtract, loadProjectAttribution } = createSessionLoaders(HOOK_DIR);
 const OPTS = CODEX_OPTS;
 
 function normalizeToolName(toolName) {
@@ -22,10 +22,11 @@ function normalizeToolName(toolName) {
 
 try {
   const raw = await readStdin();
-  const input = JSON.parse(raw);
+  const input = parseStdin(raw);
   const projectDir = getInputProjectDir(input, OPTS);
 
   const { extractEvents } = await loadExtract();
+  const { resolveProjectAttributions } = await loadProjectAttribution();
   const { SessionDB } = await loadSessionDB();
 
   const dbPath = getSessionDBPath(OPTS);
@@ -43,9 +44,8 @@ try {
   };
 
   const events = extractEvents(normalizedInput);
-  for (const event of events) {
-    db.insertEvent(sessionId, event, "PostToolUse");
-  }
+
+  attributeAndInsertEvents(db, sessionId, events, input, projectDir, "PostToolUse", resolveProjectAttributions);
 
   db.close();
 } catch {

package/hooks/codex/pretooluse.mjs

@@ -10,7 +10,7 @@ import "../suppress-stderr.mjs";
 
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
-import { readStdin, getInputProjectDir, CODEX_OPTS } from "../session-helpers.mjs";
+import { readStdin, parseStdin, getInputProjectDir, getSessionId, CODEX_OPTS } from "../session-helpers.mjs";
 import { routePreToolUse, initSecurity } from "../core/routing.mjs";
 import { formatDecision } from "../core/formatters.mjs";
 
@@ -18,12 +18,12 @@ const __hookDir = dirname(fileURLToPath(import.meta.url));
 await initSecurity(resolve(__hookDir, "..", "..", "build"));
 
 const raw = await readStdin();
-const input = JSON.parse(raw);
+const input = parseStdin(raw);
 const tool = input.tool_name ?? "";
 const toolInput = input.tool_input ?? {};
 const projectDir = getInputProjectDir(input, CODEX_OPTS);
 
-const decision = routePreToolUse(tool, toolInput, projectDir, "codex");
+const decision = routePreToolUse(tool, toolInput, projectDir, "codex", getSessionId(input, CODEX_OPTS));
 const response = formatDecision("codex", decision);
 const output = response ?? {
   hookSpecificOutput: { hookEventName: "PreToolUse" },

package/hooks/codex/sessionstart.mjs

@@ -18,6 +18,7 @@ import {
 } from "../session-directive.mjs";
 import {
   readStdin,
+  parseStdin,
   getSessionId,
   getSessionDBPath,
   getSessionEventsPath,
@@ -37,7 +38,7 @@ let additionalContext = ROUTING_BLOCK;
 
 try {
   const raw = await readStdin();
-  const input = JSON.parse(raw);
+  const input = parseStdin(raw);
   const source = input.source ?? "startup";
   const projectDir = getInputProjectDir(input, CODEX_OPTS);
 

package/hooks/core/formatters.mjs

@@ -69,6 +69,30 @@ export const formatters = {
     }),
   },
 
+  "jetbrains-copilot": {
+    deny: (reason) => ({
+      permissionDecision: "deny",
+      permissionDecisionReason: reason,
+    }),
+    ask: () => ({
+      permissionDecision: "ask",
+    }),
+    modify: (updatedInput) => ({
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: "allow",
+        permissionDecisionReason: "Routed to context-mode sandbox",
+        updatedInput,
+      },
+    }),
+    context: (additionalContext) => ({
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        additionalContext,
+      },
+    }),
+  },
+
   "codex": {
     deny: (reason) => ({
       hookSpecificOutput: {

package/hooks/core/routing.mjs

@@ -36,23 +36,41 @@ import { resolve } from "node:path";
 //   - In-memory Set for same-process (OpenCode ts-plugin, vitest)
 //   - File-based markers with O_EXCL for cross-process atomicity
 //     (Claude Code, Gemini, Cursor, VS Code Copilot)
-// Session scoped via process.ppid (= host PID, constant for session lifetime).
+//
+// Session identity is resolved in this order:
+//   1. sessionId passed in by the caller (stable across hook invocations)
+//   2. process.ppid fallback (works on macOS/Linux — host PID is stable)
+//
+// The ppid fallback is unreliable on Windows + Git Bash, where each hook
+// invocation spawns a fresh bash.exe with a different PID (#298). Callers
+// that have a stable session identifier (e.g. from the hook payload) should
+// pass it to routePreToolUse so the marker directory stays consistent across
+// invocations of the same logical session.
 const _guidanceShown = new Set();
-const _guidanceId = process.env.VITEST_WORKER_ID
-  ? `${process.ppid}-w${process.env.VITEST_WORKER_ID}`
-  : String(process.ppid);
-const _guidanceDir = resolve(tmpdir(), `context-mode-guidance-${_guidanceId}`);
 
-function guidanceOnce(type, content) {
+function defaultGuidanceId() {
+  return process.env.VITEST_WORKER_ID
+    ? `${process.ppid}-w${process.env.VITEST_WORKER_ID}`
+    : String(process.ppid);
+}
+
+function guidanceDirFor(sessionId) {
+  const id = sessionId ? `s-${sessionId}` : defaultGuidanceId();
+  return resolve(tmpdir(), `context-mode-guidance-${id}`);
+}
+
+function guidanceOnce(type, content, sessionId) {
   // Fast path: in-memory (same process)
   if (_guidanceShown.has(type)) return null;
 
-  // Ensure marker directory exists
-  try { mkdirSync(_guidanceDir, { recursive: true }); } catch {}
+  // Resolve marker directory for this session (stable even on Windows/Git Bash
+  // where process.ppid shifts every invocation — see #298).
+  const dir = guidanceDirFor(sessionId);
+  try { mkdirSync(dir, { recursive: true }); } catch {}
 
   // Atomic create-or-fail: O_CREAT | O_EXCL | O_WRONLY
   // First process to create the file wins; others get EEXIST.
-  const marker = resolve(_guidanceDir, type);
+  const marker = resolve(dir, type);
   try {
     const fd = openSync(marker, fsConstants.O_CREAT | fsConstants.O_EXCL | fsConstants.O_WRONLY);
     closeSync(fd);
@@ -66,9 +84,13 @@ function guidanceOnce(type, content) {
   return { action: "context", additionalContext: content };
 }
 
-export function resetGuidanceThrottle() {
+export function resetGuidanceThrottle(sessionId) {
   _guidanceShown.clear();
-  try { rmSync(_guidanceDir, { recursive: true, force: true }); } catch {}
+  // Clear ppid-based dir (legacy / fallback callers) and the sessionId dir if given
+  try { rmSync(guidanceDirFor(), { recursive: true, force: true }); } catch {}
+  if (sessionId) {
+    try { rmSync(guidanceDirFor(sessionId), { recursive: true, force: true }); } catch {}
+  }
 }
 
 /**
@@ -150,8 +172,11 @@ const TOOL_ALIASES = {
  * @param {object} toolInput - The tool input/parameters
  * @param {string} [projectDir] - Project directory for security policy lookup
  * @param {string} [platform="claude-code"] - Platform ID for tool name formatting
+ * @param {string} [sessionId] - Stable session identifier from hook payload. When
+ *   provided, the guidance throttle uses it to scope marker files across hook
+ *   invocations even when process.ppid shifts (Windows/Git Bash — see #298).
  */
-export function routePreToolUse(toolName, toolInput, projectDir, platform) {
+export function routePreToolUse(toolName, toolInput, projectDir, platform, sessionId) {
   // Build platform-specific tool namer (defaults to claude-code for backward compat)
   const t = createToolNamer(platform || "claude-code");
 
@@ -272,17 +297,17 @@ export function routePreToolUse(toolName, toolInput, projectDir, platform) {
     }
 
     // allow all other Bash commands, but inject routing nudge (once per session)
-    return guidanceOnce("bash", bashGuidance);
+    return guidanceOnce("bash", bashGuidance, sessionId);
   }
 
   // ─── Read: nudge toward execute_file (once per session) ───
   if (canonical === "Read") {
-    return guidanceOnce("read", readGuidance);
+    return guidanceOnce("read", readGuidance, sessionId);
   }
 
   // ─── Grep: nudge toward execute (once per session) ───
   if (canonical === "Grep") {
-    return guidanceOnce("grep", grepGuidance);
+    return guidanceOnce("grep", grepGuidance, sessionId);
   }
 
   // ─── WebFetch: deny + redirect to sandbox ───

package/hooks/core/tool-naming.mjs

@@ -22,12 +22,14 @@ const TOOL_PREFIXES = {
   "opencode":       (tool) => `context-mode_${tool}`,
   "kilo":           (tool) => `context-mode_${tool}`,
   "vscode-copilot": (tool) => `context-mode_${tool}`,
+  "jetbrains-copilot": (tool) => `context-mode_${tool}`,
   "kiro":           (tool) => `@context-mode/${tool}`,
   "zed":            (tool) => `mcp:context-mode:${tool}`,
   "cursor":         (tool) => tool,
   "codex":          (tool) => tool,
   "openclaw":       (tool) => tool,
   "pi":             (tool) => tool,
+  "qwen-code":      (tool) => `mcp__context-mode__${tool}`,
 };
 
 /**

package/hooks/cursor/posttooluse.mjs

@@ -5,13 +5,13 @@ import "../ensure-deps.mjs";
  * Cursor postToolUse hook — session event capture.
  */
 
-import { readStdin, getSessionId, getSessionDBPath, getInputProjectDir, CURSOR_OPTS } from "../session-helpers.mjs";
+import { readStdin, parseStdin, getSessionId, getSessionDBPath, getInputProjectDir, CURSOR_OPTS } from "../session-helpers.mjs";
 import { dirname } from "node:path";
 import { fileURLToPath } from "node:url";
-import { createSessionLoaders } from "../session-loaders.mjs";
+import { createSessionLoaders, attributeAndInsertEvents } from "../session-loaders.mjs";
 
 const HOOK_DIR = dirname(fileURLToPath(import.meta.url));
-const { loadSessionDB, loadExtract } = createSessionLoaders(HOOK_DIR);
+const { loadSessionDB, loadExtract, loadProjectAttribution } = createSessionLoaders(HOOK_DIR);
 const OPTS = CURSOR_OPTS;
 
 function normalizeToolName(toolName) {
@@ -30,7 +30,7 @@ function normalizeToolName(toolName) {
 
 try {
   const raw = await readStdin();
-  const input = JSON.parse(raw);
+  const input = parseStdin(raw);
   const projectDir = getInputProjectDir(input, CURSOR_OPTS);
 
   if (projectDir && !process.env.CURSOR_CWD) {
@@ -38,6 +38,7 @@ try {
   }
 
   const { extractEvents } = await loadExtract();
+  const { resolveProjectAttributions } = await loadProjectAttribution();
   const { SessionDB } = await loadSessionDB();
 
   const dbPath = getSessionDBPath(OPTS);
@@ -58,9 +59,8 @@ try {
   };
 
   const events = extractEvents(normalizedInput);
-  for (const event of events) {
-    db.insertEvent(sessionId, event, "PostToolUse");
-  }
+
+  attributeAndInsertEvents(db, sessionId, events, input, projectDir, "PostToolUse", resolveProjectAttributions);
 
   db.close();
 } catch {

package/hooks/cursor/pretooluse.mjs

@@ -6,7 +6,7 @@ import "../suppress-stderr.mjs";
 
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
-import { readStdin, getInputProjectDir, CURSOR_OPTS } from "../session-helpers.mjs";
+import { readStdin, parseStdin, getInputProjectDir, getSessionId, CURSOR_OPTS } from "../session-helpers.mjs";
 import { routePreToolUse, initSecurity } from "../core/routing.mjs";
 import { formatDecision } from "../core/formatters.mjs";
 
@@ -14,12 +14,12 @@ const __hookDir = dirname(fileURLToPath(import.meta.url));
 await initSecurity(resolve(__hookDir, "..", "..", "build"));
 
 const raw = await readStdin();
-const input = JSON.parse(raw);
+const input = parseStdin(raw);
 const tool = input.tool_name ?? "";
 const toolInput = input.tool_input ?? {};
 const projectDir = getInputProjectDir(input, CURSOR_OPTS);
 
-const decision = routePreToolUse(tool, toolInput, projectDir, "cursor");
+const decision = routePreToolUse(tool, toolInput, projectDir, "cursor", getSessionId(input, CURSOR_OPTS));
 const response = formatDecision("cursor", decision);
 // Cursor treats empty stdout as an invalid hook response,
 // so even passthrough decisions must emit a syntactically valid no-op payload.

package/hooks/cursor/sessionstart.mjs

@@ -18,6 +18,7 @@ import {
 } from "../session-directive.mjs";
 import {
   readStdin,
+  parseStdin,
   getSessionId,
   getSessionDBPath,
   getSessionEventsPath,
@@ -37,7 +38,7 @@ let additionalContext = ROUTING_BLOCK;
 
 try {
   const raw = await readStdin();
-  const input = JSON.parse(raw);
+  const input = parseStdin(raw);
   const source = input.source ?? input.trigger ?? "startup";
   const projectDir = getInputProjectDir(input, CURSOR_OPTS);
 

package/hooks/cursor/stop.mjs

@@ -8,7 +8,7 @@ import "../ensure-deps.mjs";
  * Output: { "followup_message": "" }  (empty = don't continue the loop)
  */
 
-import { readStdin, getSessionId, getSessionDBPath, getInputProjectDir, CURSOR_OPTS } from "../session-helpers.mjs";
+import { readStdin, parseStdin, getSessionId, getSessionDBPath, getInputProjectDir, CURSOR_OPTS } from "../session-helpers.mjs";
 import { dirname } from "node:path";
 import { fileURLToPath } from "node:url";
 import { createSessionLoaders } from "../session-loaders.mjs";
@@ -19,7 +19,7 @@ const OPTS = CURSOR_OPTS;
 
 try {
   const raw = await readStdin();
-  const input = JSON.parse(raw);
+  const input = parseStdin(raw);
   const projectDir = getInputProjectDir(input, CURSOR_OPTS);
 
   if (projectDir && !process.env.CURSOR_CWD) {

package/hooks/ensure-deps.mjs

@@ -28,8 +28,24 @@ const __dirname = dirname(fileURLToPath(import.meta.url));
 const root = resolve(__dirname, "..");
 
 const NATIVE_DEPS = ["better-sqlite3"];
+const NATIVE_BINARIES = {
+  "better-sqlite3": ["build", "Release", "better_sqlite3.node"],
+};
+
+/**
+ * Check if the current runtime has built-in SQLite support, making
+ * better-sqlite3 unnecessary. Bun has bun:sqlite, Node >= 22.5 has node:sqlite.
+ * When true, skip the entire better-sqlite3 bootstrap to avoid SIGSEGV
+ * coredumps on Node v24 (#331) and unnecessary install overhead.
+ */
+function hasModernSqlite() {
+  if (typeof globalThis.Bun !== "undefined") return true;
+  const [major, minor] = process.versions.node.split(".").map(Number);
+  return major > 22 || (major === 22 && minor >= 5);
+}
 
 export function ensureDeps() {
+  if (hasModernSqlite()) return;
   for (const pkg of NATIVE_DEPS) {
     const pkgDir = resolve(root, "node_modules", pkg);
     if (!existsSync(pkgDir)) {
@@ -41,10 +57,7 @@ export function ensureDeps() {
           timeout: 120000,
         });
       } catch { /* best effort — hook degrades gracefully without DB */ }
-    } else if (
-      !existsSync(resolve(pkgDir, "build", "Release")) &&
-      !existsSync(resolve(pkgDir, "prebuilds"))
-    ) {
+    } else if (!existsSync(resolve(pkgDir, ...NATIVE_BINARIES[pkg]))) {
       // Package installed but native binary missing (e.g., npm ignore-scripts=true)
       try {
         execSync(`npm rebuild ${pkg} --ignore-scripts=false`, {
@@ -81,6 +94,7 @@ function probeNativeInChildProcess(pluginRoot) {
 }
 
 export function ensureNativeCompat(pluginRoot) {
+  if (hasModernSqlite()) return;
   try {
     const abi = process.versions.modules;
     const nativeDir = resolve(pluginRoot, "node_modules", "better-sqlite3", "build", "Release");
@@ -101,21 +115,19 @@ export function ensureNativeCompat(pluginRoot) {
       // Cached binary is stale/corrupt — fall through to rebuild
     }
 
-    if (!existsSync(binaryPath)) return;
-
     // Probe: try loading better-sqlite3 with current Node
-    if (probeNativeInChildProcess(pluginRoot)) {
+    if (existsSync(binaryPath) && probeNativeInChildProcess(pluginRoot)) {
       // Load succeeded — cache the working binary for this ABI
       copyFileSync(binaryPath, abiCachePath);
     } else {
-      // ABI mismatch — rebuild for current Node version
-      execSync("npm rebuild better-sqlite3", {
+      // ABI mismatch or missing native binary — rebuild for current Node version
+      execSync("npm rebuild better-sqlite3 --ignore-scripts=false", {
         cwd: pluginRoot,
         stdio: "pipe",
         timeout: 60000,
       });
       codesignBinary(binaryPath);
-      if (existsSync(binaryPath)) {
+      if (existsSync(binaryPath) && probeNativeInChildProcess(pluginRoot)) {
         copyFileSync(binaryPath, abiCachePath);
       }
     }