context-mode 1.0.88 → 1.0.90

package/build/lifecycle.d.ts

@@ -17,6 +17,29 @@ export interface LifecycleGuardOptions {
     /** Injectable parent-alive check (for testing). Default: ppid-based check. */
     isParentAlive?: () => boolean;
 }
+/** Injectable dependencies for {@link makeDefaultIsParentAlive}. */
+export interface IsParentAliveDeps {
+    /** Read the current ppid. Default: `() => process.ppid`. */
+    getPpid?: () => number;
+    /** Read the grandparent ppid. Default: ps-based POSIX probe, NaN on Windows. */
+    readGrandparentPpid?: () => number;
+}
+/**
+ * Build a parent-liveness check that handles the npm-exec wrapper case (#311).
+ *
+ * A plain ppid comparison misses Claude Code sessions launched via
+ * `start.mjs → npm exec → context-mode server`: when Claude Code dies,
+ * `start.mjs` reparents to init but `npm exec` stays alive, so the server's
+ * direct ppid never changes. We additionally check whether the grandparent
+ * process has been reparented to init (PID 1). When the original grandparent
+ * was already 1 (daemonized startup) the check is skipped, and on Windows
+ * where there's no cheap `ps` equivalent we also skip — so this change is
+ * strictly additive to the previous behavior.
+ *
+ * Exported for unit-testing with injected readers. Production code uses
+ * {@link defaultIsParentAlive} (captured once at module load).
+ */
+export declare function makeDefaultIsParentAlive(deps?: IsParentAliveDeps): () => boolean;
 /**
  * Start the lifecycle guard. Returns a cleanup function.
  * Skipped automatically when stdin is a TTY (e.g. OpenCode ts-plugin).

package/build/lifecycle.js

@@ -9,23 +9,64 @@
  *
  * Cross-platform: macOS, Linux, Windows.
  */
+import { execFileSync } from "node:child_process";
+/** Read grandparent PID via `ps -o ppid= -p $PPID`. Returns NaN on failure or Windows. */
+function readGrandparentPpidImpl() {
+    if (process.platform === "win32")
+        return NaN;
+    const ppid = process.ppid;
+    if (!ppid || ppid <= 1)
+        return NaN;
+    try {
+        const out = execFileSync("ps", ["-o", "ppid=", "-p", String(ppid)], {
+            encoding: "utf-8",
+            timeout: 2000,
+            stdio: ["ignore", "pipe", "ignore"],
+        }).trim();
+        const n = parseInt(out, 10);
+        return Number.isFinite(n) ? n : NaN;
+    }
+    catch {
+        return NaN;
+    }
+}
 /**
- * Default parent liveness check.
- * Compares current ppid against the original — if it changed (reparented to
- * init/launchd/systemd), parent is dead. This is more reliable than
- * kill(ppid, 0) which succeeds for PID 1 on all platforms.
+ * Build a parent-liveness check that handles the npm-exec wrapper case (#311).
+ *
+ * A plain ppid comparison misses Claude Code sessions launched via
+ * `start.mjs → npm exec → context-mode server`: when Claude Code dies,
+ * `start.mjs` reparents to init but `npm exec` stays alive, so the server's
+ * direct ppid never changes. We additionally check whether the grandparent
+ * process has been reparented to init (PID 1). When the original grandparent
+ * was already 1 (daemonized startup) the check is skipped, and on Windows
+ * where there's no cheap `ps` equivalent we also skip — so this change is
+ * strictly additive to the previous behavior.
  *
- * On Windows, ppid becomes 0 when parent exits.
+ * Exported for unit-testing with injected readers. Production code uses
+ * {@link defaultIsParentAlive} (captured once at module load).
  */
-const originalPpid = process.ppid;
-function defaultIsParentAlive() {
-    const ppid = process.ppid;
-    if (ppid !== originalPpid)
-        return false;
-    if (ppid === 0 || ppid === 1)
-        return false;
-    return true;
+export function makeDefaultIsParentAlive(deps = {}) {
+    const getPpid = deps.getPpid ?? (() => process.ppid);
+    const readGp = deps.readGrandparentPpid ?? readGrandparentPpidImpl;
+    const originalPpid = getPpid();
+    const originalGrandparentPpid = readGp();
+    return () => {
+        const ppid = getPpid();
+        if (ppid !== originalPpid)
+            return false;
+        if (ppid === 0 || ppid === 1)
+            return false;
+        // Grandparent orphan check (#311): npm-exec wrappers stay alive past the
+        // session owner. If our grandparent is now PID 1 but wasn't at startup,
+        // the wrapping chain is orphaned and we should shut down.
+        if (!Number.isNaN(originalGrandparentPpid) && originalGrandparentPpid > 1) {
+            if (readGp() === 1)
+                return false;
+        }
+        return true;
+    };
 }
+const defaultIsParentAlive = makeDefaultIsParentAlive();
 /**
  * Start the lifecycle guard. Returns a cleanup function.
  * Skipped automatically when stdin is a TTY (e.g. OpenCode ts-plugin).

package/build/opencode-plugin.d.ts

@@ -1,12 +1,16 @@
 /**
- * OpenCode TypeScript plugin entry point for context-mode.
+ * OpenCode / KiloCode TypeScript plugin entry point for context-mode.
  *
  * Provides three hooks:
  *   - tool.execute.before  — Routing enforcement (deny/modify/passthrough)
  *   - tool.execute.after   — Session event capture
  *   - experimental.session.compacting — Compaction snapshot generation
  *
- * Loaded by OpenCode via: import("context-mode/plugin").ContextModePlugin(ctx)
+ * KiloCode loads this via: import("context-mode") → expects default export
+ * with shape { server: (input) => Promise<Hooks> } (PluginModule).
+ *
+ * OpenCode loads this via: import("context-mode/plugin") → also supports
+ * the named export ContextModePlugin for backward compat.
  *
  * Constraints:
  *   - No SessionStart hook (OpenCode doesn't support it — #14808, #5409)
@@ -14,9 +18,10 @@
  *   - No routing file auto-write (avoid dirtying project trees)
  *   - Session cleanup happens at plugin init (no SessionStart)
  */
-/** OpenCode plugin context passed to the factory function. */
+/** KiloCode/OpenCode plugin input — both platforms pass at least `directory`. */
 interface PluginContext {
     directory: string;
+    [key: string]: unknown;
 }
 /** OpenCode tool.execute.before — first parameter */
 interface BeforeHookInput {
@@ -51,12 +56,19 @@ interface CompactingHookOutput {
     prompt?: string;
 }
 /**
- * OpenCode plugin factory. Called once when OpenCode loads the plugin.
+ * Plugin factory. Called once when KiloCode/OpenCode loads the plugin.
  * Returns an object mapping hook event names to async handler functions.
-*/
-export declare const ContextModePlugin: (ctx: PluginContext) => Promise<{
+ *
+ * KiloCode expects: export default { server: (input) => Promise<Hooks> }
+ * OpenCode expects: export const ContextModePlugin = (ctx) => Promise<Hooks>
+ */
+declare function createContextModePlugin(ctx: PluginContext): Promise<{
     "tool.execute.before": (input: BeforeHookInput, output: BeforeHookOutput) => Promise<void>;
     "tool.execute.after": (input: AfterHookInput, output: AfterHookOutput) => Promise<void>;
     "experimental.session.compacting": (input: CompactingHookInput, output: CompactingHookOutput) => Promise<string>;
 }>;
-export {};
+declare const _default: {
+    server: typeof createContextModePlugin;
+};
+export default _default;
+export { createContextModePlugin as ContextModePlugin };

package/build/opencode-plugin.js

@@ -1,12 +1,16 @@
 /**
- * OpenCode TypeScript plugin entry point for context-mode.
+ * OpenCode / KiloCode TypeScript plugin entry point for context-mode.
  *
  * Provides three hooks:
  *   - tool.execute.before  — Routing enforcement (deny/modify/passthrough)
  *   - tool.execute.after   — Session event capture
  *   - experimental.session.compacting — Compaction snapshot generation
  *
- * Loaded by OpenCode via: import("context-mode/plugin").ContextModePlugin(ctx)
+ * KiloCode loads this via: import("context-mode") → expects default export
+ * with shape { server: (input) => Promise<Hooks> } (PluginModule).
+ *
+ * OpenCode loads this via: import("context-mode/plugin") → also supports
+ * the named export ContextModePlugin for backward compat.
  *
  * Constraints:
  *   - No SessionStart hook (OpenCode doesn't support it — #14808, #5409)
@@ -27,10 +31,13 @@ function getPlatform() {
 }
 // ── Plugin Factory ────────────────────────────────────────
 /**
- * OpenCode plugin factory. Called once when OpenCode loads the plugin.
+ * Plugin factory. Called once when KiloCode/OpenCode loads the plugin.
  * Returns an object mapping hook event names to async handler functions.
-*/
-export const ContextModePlugin = async (ctx) => {
+ *
+ * KiloCode expects: export default { server: (input) => Promise<Hooks> }
+ * OpenCode expects: export const ContextModePlugin = (ctx) => Promise<Hooks>
+ */
+async function createContextModePlugin(ctx) {
     // Resolve build dir from compiled JS location
     const adapter = new OpenCodeAdapter(getPlatform());
     const buildDir = dirname(fileURLToPath(import.meta.url));
@@ -52,7 +59,7 @@ export const ContextModePlugin = async (ctx) => {
             const toolInput = output.args ?? {};
             let decision;
             try {
-                decision = routing.routePreToolUse(toolName, toolInput, projectDir, "opencode");
+                decision = routing.routePreToolUse(toolName, toolInput, projectDir, getPlatform());
             }
             catch {
                 return; // Routing failure → allow passthrough
@@ -109,4 +116,9 @@ export const ContextModePlugin = async (ctx) => {
             }
         },
     };
-};
+}
+// ── Exports ──────────────────────────────────────────────
+// KiloCode PluginModule: default export with { server } shape
+// OpenCode compat: named export for direct import("context-mode/plugin")
+export default { server: createContextModePlugin };
+export { createContextModePlugin as ContextModePlugin };

package/build/pi-extension.js

@@ -110,6 +110,20 @@ function buildStatsText(db, sessionId) {
         return "context-mode stats unavailable (session DB error)";
     }
 }
+function resolveCommandContext(argsOrCtx, ctx) {
+    if (ctx !== undefined)
+        return ctx;
+    if (argsOrCtx && typeof argsOrCtx === "object")
+        return argsOrCtx;
+    return undefined;
+}
+function handleCommandText(text, ctx) {
+    if (ctx?.hasUI) {
+        ctx.ui.notify(text, "info");
+        return;
+    }
+    return { text };
+}
 // ── Extension entry point ────────────────────────────────
 /** Pi extension default export. Called once by Pi runtime with the extension API. */
 export default function piExtension(pi) {
@@ -300,16 +314,18 @@ export default function piExtension(pi) {
     // ── 8. Slash commands ──────────────────────────────────
     pi.registerCommand("ctx-stats", {
         description: "Show context-mode session statistics",
-        handler: () => {
-            if (!_db || !_sessionId) {
-                return { text: "context-mode: no active session" };
-            }
-            return { text: buildStatsText(_db, _sessionId) };
+        handler: async (argsOrCtx, maybeCtx) => {
+            const ctx = resolveCommandContext(argsOrCtx, maybeCtx);
+            const text = !_db || !_sessionId
+                ? "context-mode: no active session"
+                : buildStatsText(_db, _sessionId);
+            return handleCommandText(text, ctx);
         },
     });
     pi.registerCommand("ctx-doctor", {
         description: "Run context-mode diagnostics",
-        handler: () => {
+        handler: async (argsOrCtx, maybeCtx) => {
+            const ctx = resolveCommandContext(argsOrCtx, maybeCtx);
             const dbPath = getDBPath();
             const dbExists = existsSync(dbPath);
             const lines = [
@@ -334,7 +350,8 @@ export default function piExtension(pi) {
                     lines.push("- DB query error");
                 }
             }
-            return { text: lines.join("\n") };
+            const text = lines.join("\n");
+            return handleCommandText(text, ctx);
         },
     });
 }

package/build/runtime.js

@@ -1,4 +1,4 @@
-import { execSync } from "node:child_process";
+import { execFileSync, execSync } from "node:child_process";
 import { existsSync } from "node:fs";
 const isWindows = process.platform === "win32";
 function commandExists(cmd) {
@@ -14,10 +14,8 @@ function commandExists(cmd) {
 function bunExists() {
     if (commandExists("bun"))
         return true;
-    // Bun installs to ~/.bun/bin which may not be in PATH in MCP server environments
-    if (!isWindows) {
-        const home = process.env.HOME ?? process.env.USERPROFILE ?? "";
-        if (home && existsSync(`${home}/.bun/bin/bun`))
+    for (const p of bunFallbackPaths()) {
+        if (existsSync(p))
             return true;
     }
     return false;
@@ -25,8 +23,24 @@ function bunExists() {
 function bunCommand() {
     if (commandExists("bun"))
         return "bun";
+    for (const p of bunFallbackPaths()) {
+        if (existsSync(p))
+            return p;
+    }
     const home = process.env.HOME ?? process.env.USERPROFILE ?? "";
-    return `${home}/.bun/bin/bun`;
+    return isWindows ? `${home}\\.bun\\bin\\bun.exe` : `${home}/.bun/bin/bun`;
+}
+/** Fallback paths where Bun may be installed but not on PATH. */
+function bunFallbackPaths() {
+    const home = process.env.HOME ?? process.env.USERPROFILE ?? "";
+    if (isWindows) {
+        const localAppData = process.env.LOCALAPPDATA ?? "";
+        return [
+            ...(home ? [`${home}\\.bun\\bin\\bun.exe`] : []),
+            ...(localAppData ? [`${localAppData}\\bun\\bin\\bun.exe`] : []),
+        ];
+    }
+    return home ? [`${home}/.bun/bin/bun`] : [];
 }
 /**
  * On Windows, resolve the first non-WSL bash in PATH.
@@ -61,10 +75,11 @@ function resolveWindowsBash() {
         return null;
     }
 }
-function getVersion(cmd) {
+function getVersion(cmd, args = ["--version"]) {
     try {
-        return execSync(`${cmd} --version`, {
+        return execFileSync(cmd, args, {
             encoding: "utf-8",
+            shell: process.platform === "win32",
             stdio: ["pipe", "pipe", "pipe"],
             timeout: 5000,
         })
@@ -132,7 +147,7 @@ export function getRuntimeSummary(runtimes) {
     if (runtimes.ruby)
         lines.push(`  Ruby:       ${runtimes.ruby} (${getVersion(runtimes.ruby)})`);
     if (runtimes.go)
-        lines.push(`  Go:         ${runtimes.go} (${getVersion(runtimes.go)})`);
+        lines.push(`  Go:         ${runtimes.go} (${getVersion(runtimes.go, ["version"])})`);
     if (runtimes.rust)
         lines.push(`  Rust:       ${runtimes.rust} (${getVersion(runtimes.rust)})`);
     if (runtimes.php)

package/build/security.d.ts

@@ -104,8 +104,24 @@ export declare function evaluateCommandDenyOnly(command: string, policies: Secur
  *
  * Normalizes backslashes to forward slashes before matching so that
  * Windows paths work with Unix-style glob patterns.
+ *
+ * When `projectRoot` is supplied, the path is also matched in its
+ * fully-resolved absolute form **and** — when the file exists — in
+ * its canonical form (`fs.realpathSync`). This prevents two classes
+ * of bypass:
+ *
+ *   1. `..` traversal: a relative path like `../../.ssh/id_rsa` no
+ *      longer evades absolute-path deny rules.
+ *   2. Symlink escape: a project-local path whose realpath points
+ *      outside the project (e.g. `safe.log -> ~/.ssh/id_rsa`) no
+ *      longer evades absolute-path deny rules.
+ *
+ * realpath is best-effort: if the file does not exist yet (ENOENT)
+ * or the syscall fails for any reason, the lexical resolved form is
+ * still checked. This keeps the function usable for paths that will
+ * be created during execution.
  */
-export declare function evaluateFilePath(filePath: string, denyGlobs: string[][], caseInsensitive?: boolean): {
+export declare function evaluateFilePath(filePath: string, denyGlobs: string[][], caseInsensitive?: boolean, projectRoot?: string): {
     denied: boolean;
     matchedPattern?: string;
 };

package/build/security.js

@@ -1,4 +1,4 @@
-import { readFileSync } from "node:fs";
+import { readFileSync, realpathSync } from "node:fs";
 import { resolve } from "node:path";
 import { homedir } from "node:os";
 // ==============================================================================
@@ -358,14 +358,48 @@ export function evaluateCommandDenyOnly(command, policies, caseInsensitive = pro
  *
  * Normalizes backslashes to forward slashes before matching so that
  * Windows paths work with Unix-style glob patterns.
+ *
+ * When `projectRoot` is supplied, the path is also matched in its
+ * fully-resolved absolute form **and** — when the file exists — in
+ * its canonical form (`fs.realpathSync`). This prevents two classes
+ * of bypass:
+ *
+ *   1. `..` traversal: a relative path like `../../.ssh/id_rsa` no
+ *      longer evades absolute-path deny rules.
+ *   2. Symlink escape: a project-local path whose realpath points
+ *      outside the project (e.g. `safe.log -> ~/.ssh/id_rsa`) no
+ *      longer evades absolute-path deny rules.
+ *
+ * realpath is best-effort: if the file does not exist yet (ENOENT)
+ * or the syscall fails for any reason, the lexical resolved form is
+ * still checked. This keeps the function usable for paths that will
+ * be created during execution.
  */
-export function evaluateFilePath(filePath, denyGlobs, caseInsensitive = process.platform === "win32") {
-    // Normalize backslashes to forward slashes for cross-platform matching
-    const normalized = filePath.replace(/\\/g, "/");
+export function evaluateFilePath(filePath, denyGlobs, caseInsensitive = process.platform === "win32", projectRoot) {
+    const toForward = (path) => path.replace(/\\/g, "/");
+    // Match against the raw input, the lexically-resolved absolute path,
+    // and the canonical (symlink-resolved) path when the file exists.
+    // Deduplicated so absolute inputs and paths that don't cross symlinks
+    // don't pay the matching cost multiple times.
+    const candidates = new Set();
+    candidates.add(toForward(filePath));
+    if (projectRoot) {
+        const lexical = resolve(projectRoot, filePath);
+        candidates.add(toForward(lexical));
+        try {
+            candidates.add(toForward(realpathSync(lexical)));
+        }
+        catch {
+            // File does not exist yet, or realpath failed — rely on lexical form.
+        }
+    }
     for (const globs of denyGlobs) {
         for (const glob of globs) {
-            if (fileGlobToRegex(glob, caseInsensitive).test(normalized)) {
-                return { denied: true, matchedPattern: glob };
+            const regex = fileGlobToRegex(glob, caseInsensitive);
+            for (const candidate of candidates) {
+                if (regex.test(candidate)) {
+                    return { denied: true, matchedPattern: glob };
+                }
             }
         }
     }