context-mode 1.0.89 → 1.0.91

package/build/opencode-plugin.js

@@ -1,12 +1,16 @@
 /**
- * OpenCode TypeScript plugin entry point for context-mode.
+ * OpenCode / KiloCode TypeScript plugin entry point for context-mode.
  *
  * Provides three hooks:
  *   - tool.execute.before  — Routing enforcement (deny/modify/passthrough)
  *   - tool.execute.after   — Session event capture
  *   - experimental.session.compacting — Compaction snapshot generation
  *
- * Loaded by OpenCode via: import("context-mode/plugin").ContextModePlugin(ctx)
+ * KiloCode loads this via: import("context-mode") → expects default export
+ * with shape { server: (input) => Promise<Hooks> } (PluginModule).
+ *
+ * OpenCode loads this via: import("context-mode/plugin") → also supports
+ * the named export ContextModePlugin for backward compat.
  *
  * Constraints:
  *   - No SessionStart hook (OpenCode doesn't support it — #14808, #5409)
@@ -27,10 +31,13 @@ function getPlatform() {
 }
 // ── Plugin Factory ────────────────────────────────────────
 /**
- * OpenCode plugin factory. Called once when OpenCode loads the plugin.
+ * Plugin factory. Called once when KiloCode/OpenCode loads the plugin.
  * Returns an object mapping hook event names to async handler functions.
-*/
-export const ContextModePlugin = async (ctx) => {
+ *
+ * KiloCode expects: export default { server: (input) => Promise<Hooks> }
+ * OpenCode expects: export const ContextModePlugin = (ctx) => Promise<Hooks>
+ */
+async function createContextModePlugin(ctx) {
     // Resolve build dir from compiled JS location
     const adapter = new OpenCodeAdapter(getPlatform());
     const buildDir = dirname(fileURLToPath(import.meta.url));
@@ -52,7 +59,7 @@ export const ContextModePlugin = async (ctx) => {
             const toolInput = output.args ?? {};
             let decision;
             try {
-                decision = routing.routePreToolUse(toolName, toolInput, projectDir, "opencode");
+                decision = routing.routePreToolUse(toolName, toolInput, projectDir, getPlatform());
             }
             catch {
                 return; // Routing failure → allow passthrough
@@ -109,4 +116,9 @@ export const ContextModePlugin = async (ctx) => {
             }
         },
     };
-};
+}
+// ── Exports ──────────────────────────────────────────────
+// KiloCode PluginModule: default export with { server } shape
+// OpenCode compat: named export for direct import("context-mode/plugin")
+export default { server: createContextModePlugin };
+export { createContextModePlugin as ContextModePlugin };

package/build/runtime.js

@@ -1,4 +1,4 @@
-import { execSync } from "node:child_process";
+import { execFileSync, execSync } from "node:child_process";
 import { existsSync } from "node:fs";
 const isWindows = process.platform === "win32";
 function commandExists(cmd) {
@@ -14,10 +14,8 @@ function commandExists(cmd) {
 function bunExists() {
     if (commandExists("bun"))
         return true;
-    // Bun installs to ~/.bun/bin which may not be in PATH in MCP server environments
-    if (!isWindows) {
-        const home = process.env.HOME ?? process.env.USERPROFILE ?? "";
-        if (home && existsSync(`${home}/.bun/bin/bun`))
+    for (const p of bunFallbackPaths()) {
+        if (existsSync(p))
             return true;
     }
     return false;
@@ -25,8 +23,24 @@ function bunExists() {
 function bunCommand() {
     if (commandExists("bun"))
         return "bun";
+    for (const p of bunFallbackPaths()) {
+        if (existsSync(p))
+            return p;
+    }
     const home = process.env.HOME ?? process.env.USERPROFILE ?? "";
-    return `${home}/.bun/bin/bun`;
+    return isWindows ? `${home}\\.bun\\bin\\bun.exe` : `${home}/.bun/bin/bun`;
+}
+/** Fallback paths where Bun may be installed but not on PATH. */
+function bunFallbackPaths() {
+    const home = process.env.HOME ?? process.env.USERPROFILE ?? "";
+    if (isWindows) {
+        const localAppData = process.env.LOCALAPPDATA ?? "";
+        return [
+            ...(home ? [`${home}\\.bun\\bin\\bun.exe`] : []),
+            ...(localAppData ? [`${localAppData}\\bun\\bin\\bun.exe`] : []),
+        ];
+    }
+    return home ? [`${home}/.bun/bin/bun`] : [];
 }
 /**
  * On Windows, resolve the first non-WSL bash in PATH.
@@ -61,10 +75,11 @@ function resolveWindowsBash() {
         return null;
     }
 }
-function getVersion(cmd) {
+function getVersion(cmd, args = ["--version"]) {
     try {
-        return execSync(`${cmd} --version`, {
+        return execFileSync(cmd, args, {
             encoding: "utf-8",
+            shell: process.platform === "win32",
             stdio: ["pipe", "pipe", "pipe"],
             timeout: 5000,
         })
@@ -132,7 +147,7 @@ export function getRuntimeSummary(runtimes) {
     if (runtimes.ruby)
         lines.push(`  Ruby:       ${runtimes.ruby} (${getVersion(runtimes.ruby)})`);
     if (runtimes.go)
-        lines.push(`  Go:         ${runtimes.go} (${getVersion(runtimes.go)})`);
+        lines.push(`  Go:         ${runtimes.go} (${getVersion(runtimes.go, ["version"])})`);
     if (runtimes.rust)
         lines.push(`  Rust:       ${runtimes.rust} (${getVersion(runtimes.rust)})`);
     if (runtimes.php)

package/build/security.d.ts

@@ -104,8 +104,24 @@ export declare function evaluateCommandDenyOnly(command: string, policies: Secur
  *
  * Normalizes backslashes to forward slashes before matching so that
  * Windows paths work with Unix-style glob patterns.
+ *
+ * When `projectRoot` is supplied, the path is also matched in its
+ * fully-resolved absolute form **and** — when the file exists — in
+ * its canonical form (`fs.realpathSync`). This prevents two classes
+ * of bypass:
+ *
+ *   1. `..` traversal: a relative path like `../../.ssh/id_rsa` no
+ *      longer evades absolute-path deny rules.
+ *   2. Symlink escape: a project-local path whose realpath points
+ *      outside the project (e.g. `safe.log -> ~/.ssh/id_rsa`) no
+ *      longer evades absolute-path deny rules.
+ *
+ * realpath is best-effort: if the file does not exist yet (ENOENT)
+ * or the syscall fails for any reason, the lexical resolved form is
+ * still checked. This keeps the function usable for paths that will
+ * be created during execution.
  */
-export declare function evaluateFilePath(filePath: string, denyGlobs: string[][], caseInsensitive?: boolean): {
+export declare function evaluateFilePath(filePath: string, denyGlobs: string[][], caseInsensitive?: boolean, projectRoot?: string): {
     denied: boolean;
     matchedPattern?: string;
 };

package/build/security.js

@@ -1,4 +1,4 @@
-import { readFileSync } from "node:fs";
+import { readFileSync, realpathSync } from "node:fs";
 import { resolve } from "node:path";
 import { homedir } from "node:os";
 // ==============================================================================
@@ -358,14 +358,48 @@ export function evaluateCommandDenyOnly(command, policies, caseInsensitive = pro
  *
  * Normalizes backslashes to forward slashes before matching so that
  * Windows paths work with Unix-style glob patterns.
+ *
+ * When `projectRoot` is supplied, the path is also matched in its
+ * fully-resolved absolute form **and** — when the file exists — in
+ * its canonical form (`fs.realpathSync`). This prevents two classes
+ * of bypass:
+ *
+ *   1. `..` traversal: a relative path like `../../.ssh/id_rsa` no
+ *      longer evades absolute-path deny rules.
+ *   2. Symlink escape: a project-local path whose realpath points
+ *      outside the project (e.g. `safe.log -> ~/.ssh/id_rsa`) no
+ *      longer evades absolute-path deny rules.
+ *
+ * realpath is best-effort: if the file does not exist yet (ENOENT)
+ * or the syscall fails for any reason, the lexical resolved form is
+ * still checked. This keeps the function usable for paths that will
+ * be created during execution.
  */
-export function evaluateFilePath(filePath, denyGlobs, caseInsensitive = process.platform === "win32") {
-    // Normalize backslashes to forward slashes for cross-platform matching
-    const normalized = filePath.replace(/\\/g, "/");
+export function evaluateFilePath(filePath, denyGlobs, caseInsensitive = process.platform === "win32", projectRoot) {
+    const toForward = (path) => path.replace(/\\/g, "/");
+    // Match against the raw input, the lexically-resolved absolute path,
+    // and the canonical (symlink-resolved) path when the file exists.
+    // Deduplicated so absolute inputs and paths that don't cross symlinks
+    // don't pay the matching cost multiple times.
+    const candidates = new Set();
+    candidates.add(toForward(filePath));
+    if (projectRoot) {
+        const lexical = resolve(projectRoot, filePath);
+        candidates.add(toForward(lexical));
+        try {
+            candidates.add(toForward(realpathSync(lexical)));
+        }
+        catch {
+            // File does not exist yet, or realpath failed — rely on lexical form.
+        }
+    }
     for (const globs of denyGlobs) {
         for (const glob of globs) {
-            if (fileGlobToRegex(glob, caseInsensitive).test(normalized)) {
-                return { denied: true, matchedPattern: glob };
+            const regex = fileGlobToRegex(glob, caseInsensitive);
+            for (const candidate of candidates) {
+                if (regex.test(candidate)) {
+                    return { denied: true, matchedPattern: glob };
+                }
             }
         }
     }

package/build/server.js

@@ -97,6 +97,9 @@ function maybeIndexSessionEvents(store) {
 // platform-specific paths. All session DB paths go through it — no
 // hardcoded configDir detection in tool handlers.
 let _detectedAdapter = null;
+// Tracks the ctx_insight dashboard child so shutdown can terminate it.
+// See ctx_insight handler + shutdown() in main().
+let _insightChild = null;
 /**
  * Get the platform-specific sessions directory from the detected adapter.
  * Falls back to ~/.claude/context-mode/sessions/ before adapter detection.
@@ -228,10 +231,21 @@ function getUpgradeHint() {
         return "npm run build";
     return "npm update -g context-mode";
 }
+function semverNewer(a, b) {
+    const pa = a.split(".").map(Number);
+    const pb = b.split(".").map(Number);
+    for (let i = 0; i < 3; i++) {
+        if ((pa[i] ?? 0) > (pb[i] ?? 0))
+            return true;
+        if ((pa[i] ?? 0) < (pb[i] ?? 0))
+            return false;
+    }
+    return false;
+}
 function isOutdated() {
     if (!_latestVersion || _latestVersion === "unknown")
         return false;
-    return _latestVersion !== VERSION;
+    return semverNewer(_latestVersion, VERSION);
 }
 function shouldShowVersionWarning() {
     if (!isOutdated())
@@ -325,8 +339,9 @@ function checkNonShellDenyPolicy(code, language, toolName) {
  */
 function checkFilePathDenyPolicy(filePath, toolName) {
     try {
-        const denyGlobs = readToolDenyPatterns("Read", process.env.CLAUDE_PROJECT_DIR);
-        const result = evaluateFilePath(filePath, denyGlobs);
+        const projectDir = process.env.CLAUDE_PROJECT_DIR ?? process.cwd();
+        const denyGlobs = readToolDenyPatterns("Read", projectDir);
+        const result = evaluateFilePath(filePath, denyGlobs, process.platform === "win32", projectDir);
         if (result.denied) {
             return trackResponse(toolName, {
                 content: [{
@@ -481,7 +496,7 @@ export function formatBatchQueryResults(store, queries, source, maxOutput = 80 *
 // ─────────────────────────────────────────────────────────
 server.registerTool("ctx_execute", {
     title: "Execute Code",
-    description: `MANDATORY: Use for any command where output exceeds 20 lines. Execute code in a sandboxed subprocess. Only stdout enters context — raw data stays in the subprocess.${bunNote} Available: ${langList}.\n\nPREFER THIS OVER BASH for: API calls (gh, curl, aws), test runners (npm test, pytest), git queries (git log, git diff), data processing, and ANY CLI command that may produce large output. Bash should only be used for file mutations, git writes, and navigation.\n\nTHINK IN CODE: When you need to analyze, count, filter, compare, or process data — write code that does the work and console.log() only the answer. Do NOT read raw data into context to process mentally. Program the analysis, don't compute it in your reasoning. Write robust, pure JavaScript (no npm dependencies). Use only Node.js built-ins (fs, path, child_process). Always wrap in try/catch. Handle null/undefined. Works on both Node.js and Bun.`,
+    description: `MANDATORY: Use for any command where output exceeds 20 lines. Execute code in a sandboxed subprocess. Only stdout enters context — raw data stays in the subprocess.${bunNote} Available: ${langList}.\n\nPREFER THIS OVER BASH for: API calls (gh, curl, aws), test runners (npm test, pytest), git queries (git log, git diff), data processing, and ANY CLI command that may produce large output. Bash should only be used for file mutations, git writes, and navigation.\n\nTHINK IN CODE: When you need to analyze, count, filter, compare, or process data — write code that does the work and console.log() only the answer. Do NOT read raw data into context to process mentally. Program the analysis, don't compute it in your reasoning. Write robust, pure JavaScript (no npm dependencies). Use only Node.js built-ins (fs, path, child_process). Always wrap in try/catch. Handle null/undefined. Works on both Node.js and Bun.\n\nWhen reporting results — terse like caveman. Technical substance exact. Only fluff die. Pattern: [thing] [action] [reason]. [next step].`,
     inputSchema: z.object({
         language: z
             .enum([
@@ -774,7 +789,7 @@ function intentSearch(stdout, intent, source, maxResults = 5) {
 // ─────────────────────────────────────────────────────────
 server.registerTool("ctx_execute_file", {
     title: "Execute File Processing",
-    description: "Read a file and process it without loading contents into context. The file is read into a FILE_CONTENT variable inside the sandbox. Only your printed summary enters context.\n\nPREFER THIS OVER Read/cat for: log files, data files (CSV, JSON, XML), large source files for analysis, and any file where you need to extract specific information rather than read the entire content.\n\nTHINK IN CODE: Write code that processes FILE_CONTENT and console.log() only the answer. Don't read files into context to analyze mentally. Write robust, pure JavaScript — no npm deps, try/catch, null-safe. Node.js + Bun compatible.",
+    description: "Read a file and process it without loading contents into context. The file is read into a FILE_CONTENT variable inside the sandbox. Only your printed summary enters context.\n\nPREFER THIS OVER Read/cat for: log files, data files (CSV, JSON, XML), large source files for analysis, and any file where you need to extract specific information rather than read the entire content.\n\nTHINK IN CODE: Write code that processes FILE_CONTENT and console.log() only the answer. Don't read files into context to analyze mentally. Write robust, pure JavaScript — no npm deps, try/catch, null-safe. Node.js + Bun compatible.\n\nWhen reporting results — terse like caveman. Technical substance exact. Only fluff die. Pattern: [thing] [action] [reason]. [next step].",
     inputSchema: z.object({
         path: z
             .string()
@@ -917,6 +932,7 @@ server.registerTool("ctx_index", {
         "- README files, migration guides, changelog entries\n" +
         "- Any content with code examples you may need to reference precisely\n\n" +
         "After indexing, use 'search' to retrieve specific sections on-demand.\n" +
+        "When `path` is provided, a content hash is stored for automatic stale detection in search results.\n" +
         "Do NOT use for: log files, test output, CSV, build output — use 'execute_file' for those.",
     inputSchema: z.object({
         content: z
@@ -1016,8 +1032,10 @@ function coerceCommandsArray(val) {
 server.registerTool("ctx_search", {
     title: "Search Indexed Content",
     description: "Search indexed content. Requires prior indexing via ctx_batch_execute, ctx_index, or ctx_fetch_and_index. " +
-        "Pass ALL search questions as queries array in ONE call.\n\n" +
-        "TIPS: 2-4 specific terms per query. Use 'source' to scope results.",
+        "Pass ALL search questions as queries array in ONE call. " +
+        "File-backed sources are auto-refreshed when the source file changes.\n\n" +
+        "TIPS: 2-4 specific terms per query. Use 'source' to scope results.\n\n" +
+        "When reporting results — terse like caveman. Technical substance exact. Only fluff die. Pattern: [thing] [action] [reason]. [next step].",
     inputSchema: z.object({
         queries: z.preprocess(coerceJsonArray, z
             .array(z.string())
@@ -1121,6 +1139,10 @@ server.registerTool("ctx_search", {
             totalSize += formatted.length;
         }
         let output = sections.join("\n\n---\n\n");
+        // Report auto-refreshed stale sources
+        if (store.lastRefreshCount > 0) {
+            output = `> Auto-refreshed ${store.lastRefreshCount} stale source${store.lastRefreshCount > 1 ? "s" : ""} (file changed since indexing).\n\n` + output;
+        }
         // Add throttle warning after threshold
         if (searchCallCount >= SEARCH_MAX_RESULTS_AFTER) {
             output += `\n\n⚠ search call #${searchCallCount}/${SEARCH_BLOCK_AFTER} in this window. ` +
@@ -1230,7 +1252,8 @@ server.registerTool("ctx_fetch_and_index", {
     description: "Fetches URL content, converts HTML to markdown, indexes into searchable knowledge base, " +
         "and returns a ~3KB preview. Full content stays in sandbox — use search() for deeper lookups.\n\n" +
         "Better than WebFetch: preview is immediate, full content is searchable, raw HTML never enters context.\n\n" +
-        "Content-type aware: HTML is converted to markdown, JSON is chunked by key paths, plain text is indexed directly.",
+        "Content-type aware: HTML is converted to markdown, JSON is chunked by key paths, plain text is indexed directly.\n\n" +
+        "When reporting results — terse like caveman. Technical substance exact. Only fluff die. Pattern: [thing] [action] [reason]. [next step].",
     inputSchema: z.object({
         url: z.string().describe("The URL to fetch and index"),
         source: z
@@ -1379,7 +1402,8 @@ server.registerTool("ctx_batch_execute", {
         "THIS IS THE PRIMARY TOOL. Use this instead of multiple execute() calls.\n\n" +
         "One batch_execute call replaces 30+ execute calls + 10+ search calls.\n" +
         "Provide all commands to run and all queries to search — everything happens in one round trip.\n\n" +
-        "THINK IN CODE: When commands produce data you need to analyze, add processing commands that filter and summarize. Don't pull raw output into context — let the sandbox do the work.",
+        "THINK IN CODE: When commands produce data you need to analyze, add processing commands that filter and summarize. Don't pull raw output into context — let the sandbox do the work.\n\n" +
+        "When reporting results — terse like caveman. Technical substance exact. Only fluff die. Pattern: [thing] [action] [reason]. [next step].",
     inputSchema: z.object({
         commands: z.preprocess(coerceCommandsArray, z
             .array(z.object({
@@ -1958,7 +1982,17 @@ server.registerTool("ctx_insight", {
         catch {
             // Port is free, proceed with spawn
         }
-        // Start server in background
+        // Kill any previous insight child this MCP spawned (e.g. re-invocation).
+        if (_insightChild && _insightChild.pid && !_insightChild.killed) {
+            try {
+                _insightChild.kill("SIGTERM");
+            }
+            catch { /* best effort */ }
+        }
+        // Start server in background. `detached: true` keeps MCP stdio free, but
+        // we track the handle and kill it in shutdown() so the dashboard does
+        // not orphan when Claude closes. The child also watches INSIGHT_PARENT_PID
+        // as a fallback for SIGKILL/crash paths.
         const { spawn } = await import("node:child_process");
         const child = spawn("node", [join(cacheDir, "server.mjs")], {
             cwd: cacheDir,
@@ -1967,12 +2001,14 @@ server.registerTool("ctx_insight", {
                 PORT: String(port),
                 INSIGHT_SESSION_DIR: getSessionDir(),
                 INSIGHT_CONTENT_DIR: join(dirname(getSessionDir()), "content"),
+                INSIGHT_PARENT_PID: String(process.pid),
             },
             detached: true,
             stdio: "ignore",
         });
         child.on("error", () => { }); // prevent unhandled error crash
         child.unref();
+        _insightChild = child;
         // Wait for server to be ready
         await new Promise(r => setTimeout(r, 1500));
         // Verify server is actually running
@@ -2049,6 +2085,13 @@ async function main() {
             unlinkSync(mcpSentinel);
         }
         catch { /* best effort */ }
+        // Stop ctx_insight dashboard so it does not outlive Claude.
+        if (_insightChild && _insightChild.pid && !_insightChild.killed) {
+            try {
+                _insightChild.kill("SIGTERM");
+            }
+            catch { /* best effort */ }
+        }
     };
     const gracefulShutdown = async () => {
         shutdown();

package/build/session/analytics.d.ts

@@ -149,13 +149,14 @@ export declare class AnalyticsEngine {
     queryAll(runtimeStats: RuntimeStats): FullReport;
 }
 /**
- * Render a FullReport as a before/after comparison developers instantly understand.
+ * Render a FullReport as a visual savings dashboard designed for screenshotting.
  *
- * Design rules:
- * - If no savings, show "fresh session" format (no fake percentages)
- * - Active session shows BEFORE vs AFTER -- what would have flooded your conversation vs what actually did
- * - Per-tool table only if 2+ different tools were called
- * - Time gained is the hero metric
- * - Under 15 lines for typical sessions
+ * Design principles:
+ * - Before/After comparison bar is the HERO — one glance = "wow"
+ * - "tokens saved" is the number people share
+ * - Per-tool breakdown shows what each tool SAVED, sorted by impact
+ * - Session memory: one line, reframed as value
+ * - No: Pct column, category tables, tips, jargon
+ * - Under 22 lines for heavy sessions, under 10 for fresh
  */
 export declare function formatReport(report: FullReport, version?: string, latestVersion?: string | null): string;