kimaki 0.10.2 → 0.12.0

package/dist/commands/model.js

@@ -11,6 +11,20 @@ import { createLogger, LogPrefix } from '../logger.js';
 import * as errore from 'errore';
 import { buildPaginatedOptions, parsePaginationValue } from './paginated-select.js';
 const modelLogger = createLogger(LogPrefix.MODEL);
+function buildSafeSelectOption({ label, value, description, }) {
+    const trimmedLabel = label?.trim();
+    const trimmedValue = value?.trim();
+    const safeLabel = (trimmedLabel || trimmedValue || 'Unknown').slice(0, 100);
+    const safeValue = trimmedValue || trimmedLabel || '';
+    if (!safeLabel || !safeValue) {
+        return undefined;
+    }
+    return {
+        label: safeLabel,
+        value: safeValue,
+        description: description?.slice(0, 100),
+    };
+}
 // Store context by hash to avoid customId length limits (Discord max: 100 chars).
 // Entries are TTL'd to prevent unbounded growth when users open /model and never
 // interact with the select menu.
@@ -172,7 +186,7 @@ export async function getCurrentModelInfo({ sessionId, channelId, appId, agentPr
 export async function handleModelCommand({ interaction, appId, }) {
     modelLogger.log('[MODEL] handleModelCommand called');
     // Defer reply immediately to avoid 3-second timeout
-    await interaction.deferReply({ flags: MessageFlags.Ephemeral });
+    await interaction.deferReply();
     modelLogger.log('[MODEL] Deferred reply');
     const channel = interaction.channel;
     if (!channel) {
@@ -307,15 +321,16 @@ export async function handleModelCommand({ interaction, appId, }) {
         const contextHash = crypto.randomBytes(8).toString('hex');
         setModelContext(contextHash, context);
         const allProviderOptions = [...availableProviders]
-            .sort((a, b) => a.name.localeCompare(b.name))
+            .sort((a, b) => (a.name || a.id || '').localeCompare(b.name || b.id || ''))
             .map((provider) => {
             const modelCount = Object.keys(provider.models || {}).length;
-            return {
-                label: provider.name.slice(0, 100),
+            return buildSafeSelectOption({
+                label: provider.name,
                 value: provider.id,
-                description: `${modelCount} model${modelCount !== 1 ? 's' : ''} available`.slice(0, 100),
-            };
-        });
+                description: `${modelCount} model${modelCount !== 1 ? 's' : ''} available`,
+            });
+        })
+            .filter((option) => !!option);
         const { options } = buildPaginatedOptions({
             allOptions: allProviderOptions,
             page: 0,
@@ -383,15 +398,16 @@ export async function handleProviderSelectMenu(interaction) {
         const { all: allProviders, connected } = providersResponse.data;
         const availableProviders = allProviders.filter((p) => connected.includes(p.id));
         const allProviderOptions = [...availableProviders]
-            .sort((a, b) => a.name.localeCompare(b.name))
+            .sort((a, b) => (a.name || a.id || '').localeCompare(b.name || b.id || ''))
             .map((p) => {
             const modelCount = Object.keys(p.models || {}).length;
-            return {
-                label: p.name.slice(0, 100),
+            return buildSafeSelectOption({
+                label: p.name,
                 value: p.id,
-                description: `${modelCount} model${modelCount !== 1 ? 's' : ''} available`.slice(0, 100),
-            };
-        });
+                description: `${modelCount} model${modelCount !== 1 ? 's' : ''} available`,
+            });
+        })
+            .filter((option) => !!option);
         const { options } = buildPaginatedOptions({ allOptions: allProviderOptions, page: providerNavPage });
         const selectMenu = new StringSelectMenuBuilder()
             .setCustomId(`model_provider:${contextHash}`)
@@ -434,10 +450,11 @@ export async function handleProviderSelectMenu(interaction) {
         const models = Object.entries(provider.models || {})
             .map(([modelId, model]) => ({
             id: modelId,
-            name: model.name,
+            name: model.name || modelId,
             releaseDate: model.release_date,
         }))
-            .sort((a, b) => a.name.localeCompare(b.name));
+            .filter((model) => model.id && model.name)
+            .sort((a, b) => (a.name || a.id || '').localeCompare(b.name || b.id || ''));
         if (models.length === 0) {
             await interaction.editReply({
                 content: `No models available for ${provider.name}`,
@@ -447,19 +464,21 @@ export async function handleProviderSelectMenu(interaction) {
         }
         // Update context with provider info and reuse the same hash
         context.providerId = selectedProviderId;
-        context.providerName = provider.name;
+        context.providerName = provider.name?.trim() || provider.id;
         context.modelPage = 0;
         setModelContext(contextHash, context);
-        const allModelOptions = models.map((model) => {
+        const allModelOptions = models
+            .map((model) => {
             const dateStr = model.releaseDate
                 ? new Date(model.releaseDate).toLocaleDateString()
                 : 'Unknown date';
-            return {
-                label: model.name.slice(0, 100),
+            return buildSafeSelectOption({
+                label: model.name,
                 value: model.id,
-                description: dateStr.slice(0, 100),
-            };
-        });
+                description: dateStr,
+            });
+        })
+            .filter((option) => !!option);
         const { options } = buildPaginatedOptions({
             allOptions: allModelOptions,
             page: 0,
@@ -527,13 +546,14 @@ export async function handleModelSelectMenu(interaction) {
             return;
         }
         const allModelOptions = Object.entries(provider.models || {})
-            .map(([modelId, model]) => ({
-            label: model.name.slice(0, 100),
+            .map(([modelId, model]) => buildSafeSelectOption({
+            label: model.name || modelId,
             value: modelId,
-            description: (model.release_date
+            description: model.release_date
                 ? new Date(model.release_date).toLocaleDateString()
-                : 'Unknown date').slice(0, 100),
+                : 'Unknown date',
         }))
+            .filter((option) => !!option)
             .sort((a, b) => a.label.localeCompare(b.label));
         const { options } = buildPaginatedOptions({ allOptions: allModelOptions, page: modelNavPage });
         const selectMenu = new StringSelectMenuBuilder()
@@ -708,7 +728,7 @@ export async function handleModelScopeSelectMenu(interaction) {
     const modelDisplay = modelId.split('/')[1] || modelId;
     const variant = context.selectedVariant ?? null;
     const variantSuffix = variant ? ` (${variant})` : '';
-    const agentTip = '\n_Tip: create [agent .md files](https://github.com/remorses/kimaki/blob/main/docs/model-switching.md) in .opencode/agent/ for one-command model switching_';
+    const agentTip = '\n_Tip: create [agent .md files](https://kimaki.dev/model-switching) in .opencode/agent/ for one-command model switching_';
     try {
         if (selectedScope === 'session') {
             if (!context.sessionId) {

package/dist/commands/unset-model.js

@@ -1,5 +1,5 @@
 // /unset-model-override command - Remove model overrides and use default instead.
-import { ChatInputCommandInteraction, ChannelType, MessageFlags, } from 'discord.js';
+import { ChatInputCommandInteraction, ChannelType, } from 'discord.js';
 import { getChannelModel, getSessionModel, getThreadSession, clearSessionModel, } from '../database.js';
 import { getDb } from '../db.js';
 import * as orm from 'drizzle-orm';
@@ -35,7 +35,7 @@ function formatModelSource(type, agentName) {
  */
 export async function handleUnsetModelCommand({ interaction, appId, }) {
     unsetModelLogger.log('[UNSET-MODEL] handleUnsetModelCommand called');
-    await interaction.deferReply({ flags: MessageFlags.Ephemeral });
+    await interaction.deferReply();
     const channel = interaction.channel;
     if (!channel) {
         await interaction.editReply({

package/dist/commands/verbosity.js

@@ -85,7 +85,6 @@ export async function handleVerbosityCommand({ command, }) {
     await command.reply({
         content: `**Verbosity**\nCurrent: \`${currentLevel}\` (${source})`,
         components: [actionRow],
-        flags: MessageFlags.Ephemeral,
     });
 }
 /**

package/dist/commands/worktree-settings.js

@@ -37,6 +37,5 @@ export async function handleToggleWorktreesCommand({ command, }) {
         content: nextEnabled
             ? `Worktrees **enabled** for this channel.\n\nNew sessions started from messages in **#${channel.name}** will now automatically create git worktrees.\n\nNew setting for **#${channel.name}**: **enabled**.`
             : `Worktrees **disabled** for this channel.\n\nNew sessions started from messages in **#${channel.name}** will use the main project directory.\n\nNew setting for **#${channel.name}**: **disabled**.`,
-        flags: MessageFlags.Ephemeral,
     });
 }

package/dist/database.js

@@ -500,6 +500,22 @@ export async function getTranscriptionApiKey(appId) {
         return { provider: 'gemini', apiKey: row.gemini_api_key };
     return null;
 }
+/**
+ * Get any stored audio API key (OpenAI or Gemini) without requiring a specific appId.
+ * Used by the plugin process which doesn't have direct access to the bot's appId.
+ * Returns the first available key found, preferring OpenAI.
+ */
+export async function getAnyAudioApiKey() {
+    const db = await getDb();
+    const row = await db.query.bot_api_keys.findFirst();
+    if (!row)
+        return null;
+    if (row.openai_api_key)
+        return { provider: 'openai', apiKey: row.openai_api_key, appId: row.app_id };
+    if (row.gemini_api_key)
+        return { provider: 'gemini', apiKey: row.gemini_api_key, appId: row.app_id };
+    return null;
+}
 export async function setChannelDirectory({ channelId, directory, channelType, skipIfExists = false }) {
     const db = await getDb();
     if (skipIfExists) {

package/dist/discord-bot.js

@@ -6,7 +6,7 @@ import { stopOpencodeServer, } from './opencode.js';
 import { formatAutoWorktreeName, createWorktreeInBackground, worktreeCreatingMessage } from './commands/new-worktree.js';
 import { resolveSessionWorkingDirectory, git, isGitRepositoryRoot } from './worktrees.js';
 import { WORKTREE_PREFIX } from './commands/merge-worktree.js';
-import { escapeBackticksInCodeBlocks, splitMarkdownForDiscord, sendThreadMessage, SILENT_MESSAGE_FLAGS, NOTIFY_MESSAGE_FLAGS, reactToThread, stripMentions, hasKimakiBotPermission, hasNoKimakiRole, } from './discord-utils.js';
+import { escapeBackticksInCodeBlocks, splitMarkdownForDiscord, sendThreadMessage, SILENT_MESSAGE_FLAGS, NOTIFY_MESSAGE_FLAGS, reactToThread, stripMentions, hasKimakiBotPermission, hasNoKimakiRole, resolveGuildMessageMember, } from './discord-utils.js';
 import { getOpencodeSystemMessage, isInjectedPromptMarker, } from './system-message.js';
 import YAML from 'yaml';
 import { getTextAttachments, resolveMentions, } from './message-formatting.js';
@@ -304,7 +304,8 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
             // still need Kimaki permission so multi-agent orchestration stays opt-in.
             const isInjectedSelfBotMessage = isCliInjectedPrompt && message.author?.id === discordClient.user?.id;
             if (message.author?.bot && !isInjectedSelfBotMessage) {
-                if (!hasKimakiBotPermission(message.member)) {
+                const member = await resolveGuildMessageMember(message);
+                if (!hasKimakiBotPermission(member, message.guild)) {
                     return;
                 }
             }
@@ -343,15 +344,19 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
                     }
                 }
             }
-            if (!isCliInjectedPrompt && message.guild && message.member) {
-                if (hasNoKimakiRole(message.member)) {
+            if (!isCliInjectedPrompt && message.guild) {
+                const member = await resolveGuildMessageMember(message);
+                if (!member) {
+                    return;
+                }
+                if (hasNoKimakiRole(member)) {
                     await message.reply({
                         content: `You have the **no-kimaki** role which blocks bot access.\nRemove this role to use Kimaki.`,
                         flags: SILENT_MESSAGE_FLAGS,
                     });
                     return;
                 }
-                if (!hasKimakiBotPermission(message.member)) {
+                if (!hasKimakiBotPermission(member, message.guild)) {
                     await message.reply({
                         content: `You don't have permission to start sessions.\nTo use Kimaki, ask a server admin to give you the **Kimaki** role.`,
                         flags: SILENT_MESSAGE_FLAGS,

package/dist/discord-command-registration.js

@@ -19,46 +19,13 @@ function getDiscordCommandSuffix(command) {
     }
     return '-cmd';
 }
-function isDiscordCommandSummary(value) {
-    if (typeof value !== 'object' || value === null) {
-        return false;
-    }
-    const id = Reflect.get(value, 'id');
-    const name = Reflect.get(value, 'name');
-    return typeof id === 'string' && typeof name === 'string';
-}
-async function deleteLegacyGlobalCommands({ rest, appId, commandNames, }) {
+async function clearGlobalCommands({ rest, appId, }) {
     try {
-        const response = await rest.get(Routes.applicationCommands(appId));
-        if (!Array.isArray(response)) {
-            cliLogger.warn('COMMANDS: Unexpected global command payload while cleaning legacy global commands');
-            return;
-        }
-        const legacyGlobalCommands = response
-            .filter(isDiscordCommandSummary)
-            .filter((command) => {
-            return commandNames.has(command.name);
-        });
-        if (legacyGlobalCommands.length === 0) {
-            return;
-        }
-        const deletionResults = await Promise.allSettled(legacyGlobalCommands.map(async (command) => {
-            await rest.delete(Routes.applicationCommand(appId, command.id));
-            return command;
-        }));
-        const failedDeletions = deletionResults.filter((result) => {
-            return result.status === 'rejected';
-        });
-        if (failedDeletions.length > 0) {
-            cliLogger.warn(`COMMANDS: Failed to delete ${failedDeletions.length} legacy global command(s)`);
-        }
-        const deletedCount = deletionResults.length - failedDeletions.length;
-        if (deletedCount > 0) {
-            cliLogger.info(`COMMANDS: Deleted ${deletedCount} legacy global command(s) to avoid guild/global duplicates`);
-        }
+        await rest.put(Routes.applicationCommands(appId), { body: [] });
+        cliLogger.info('COMMANDS: Cleared global slash commands');
     }
     catch (error) {
-        cliLogger.warn(`COMMANDS: Could not clean legacy global commands: ${error instanceof Error ? error.stack : String(error)}`);
+        cliLogger.warn(`COMMANDS: Could not clear global slash commands: ${error instanceof Error ? error.stack : String(error)}`);
     }
 }
 // Discord slash command descriptions must be 1-100 chars.
@@ -426,6 +393,10 @@ export async function registerCommands({ token, appId, guildIds, userCommands =
             .setName(commandName)
             .setDescription(truncateCommandDescription(description))
             .setDMPermission(false)
+            .addStringOption((opt) => opt
+            .setName('prompt')
+            .setDescription('Send a prompt with this agent')
+            .setRequired(false))
             .toJSON());
     }
     // 2. User-defined commands, skills, and MCP prompts (ordered by priority)
@@ -488,13 +459,6 @@ export async function registerCommands({ token, appId, guildIds, userCommands =
     }
     const rest = createDiscordRest(token);
     const uniqueGuildIds = Array.from(new Set(guildIds.filter((guildId) => guildId)));
-    const guildCommandNames = new Set(commands
-        .map((command) => {
-        return command.name;
-    })
-        .filter((name) => {
-        return typeof name === 'string';
-    }));
     if (uniqueGuildIds.length === 0) {
         cliLogger.warn('COMMANDS: No guilds available, skipping slash command registration');
         return;
@@ -543,10 +507,9 @@ export async function registerCommands({ token, appId, guildIds, userCommands =
         // exist for self-hosted bots that previously registered commands globally.
         const isGateway = store.getState().discordBaseUrl !== 'https://discord.com';
         if (!isGateway) {
-            await deleteLegacyGlobalCommands({
+            await clearGlobalCommands({
                 rest,
                 appId,
-                commandNames: guildCommandNames,
             });
         }
         cliLogger.info(`COMMANDS: Successfully registered ${registeredCommandCount} slash commands for ${successfulGuilds} guild(s)`);

package/dist/discord-utils.js

@@ -14,6 +14,7 @@ import { limitHeadingDepth } from './limit-heading-depth.js';
 import { unnestCodeBlocksFromLists } from './unnest-code-blocks.js';
 import { createLogger, LogPrefix } from './logger.js';
 import * as errore from 'errore';
+import { store } from './store.js';
 import mime from 'mime';
 import fs from 'node:fs';
 import path from 'node:path';
@@ -32,6 +33,9 @@ export function hasKimakiBotPermission(member, guild) {
     if (hasNoKimakiRole) {
         return false;
     }
+    if (store.getState().allowAllUsers) {
+        return true;
+    }
     const memberPermissions = member instanceof GuildMember
         ? member.permissions
         : new PermissionsBitField(BigInt(member.permissions));
@@ -43,6 +47,45 @@ export function hasKimakiBotPermission(member, guild) {
     const hasKimakiRole = hasRoleByName(member, 'kimaki', guild);
     return isOwner || isAdmin || canManageServer || hasKimakiRole;
 }
+/**
+ * Stricter permission check that ignores allowAllUsers.
+ * Use for admin-only commands like /login and /transcription-key that
+ * configure shared credentials. Always requires owner, admin, manage
+ * server, or Kimaki role regardless of --allow-all-users flag.
+ */
+export function hasKimakiAdminPermission(member, guild) {
+    if (!member) {
+        return false;
+    }
+    const hasNoKimaki = hasRoleByName(member, 'no-kimaki', guild);
+    if (hasNoKimaki) {
+        return false;
+    }
+    const memberPermissions = member instanceof GuildMember
+        ? member.permissions
+        : new PermissionsBitField(BigInt(member.permissions));
+    const ownerId = member instanceof GuildMember ? member.guild.ownerId : guild?.ownerId;
+    const memberId = member instanceof GuildMember ? member.id : member.user.id;
+    const isOwner = ownerId ? memberId === ownerId : false;
+    const isAdmin = memberPermissions.has(PermissionsBitField.Flags.Administrator);
+    const canManageServer = memberPermissions.has(PermissionsBitField.Flags.ManageGuild);
+    const hasKimakiRole = hasRoleByName(member, 'kimaki', guild);
+    return isOwner || isAdmin || canManageServer || hasKimakiRole;
+}
+export async function resolveGuildMessageMember(message) {
+    if (!message.guild)
+        return null;
+    if (message.member)
+        return message.member;
+    const fetchedMember = await message.guild.members
+        .fetch(message.author.id)
+        .catch((e) => new Error('Failed to fetch guild member', { cause: e }));
+    if (fetchedMember instanceof Error) {
+        discordLogger.warn(`[PERMISSION] Denying message ${message.id}: ${fetchedMember.message}`);
+        return null;
+    }
+    return fetchedMember;
+}
 function hasRoleByName(member, roleName, guild) {
     const target = roleName.toLowerCase();
     if (member instanceof GuildMember) {

package/dist/discord-utils.test.js

@@ -1,6 +1,7 @@
 import { PermissionsBitField } from 'discord.js';
-import { describe, expect, test } from 'vitest';
-import { hasKimakiBotPermission, splitMarkdownForDiscord } from './discord-utils.js';
+import { afterEach, describe, expect, test } from 'vitest';
+import { hasKimakiAdminPermission, hasKimakiBotPermission, resolveGuildMessageMember, splitMarkdownForDiscord, } from './discord-utils.js';
+import { store } from './store.js';
 describe('splitMarkdownForDiscord', () => {
     test('never returns chunks over the max length with code fences', () => {
         const maxLength = 2000;
@@ -90,6 +91,40 @@ describe('splitMarkdownForDiscord', () => {
     });
 });
 describe('hasKimakiBotPermission', () => {
+    afterEach(() => {
+        store.setState({ allowAllUsers: false });
+    });
+    test('allows any member when allowAllUsers is enabled', () => {
+        store.setState({ allowAllUsers: true });
+        const guild = {
+            ownerId: 'owner-id',
+            roles: { cache: new Map() },
+        };
+        const member = {
+            user: { id: 'member-id' },
+            permissions: '0',
+            roles: [],
+        };
+        expect(hasKimakiBotPermission(member, guild)).toBe(true);
+    });
+    test('still blocks no-kimaki role even when allowAllUsers is enabled', () => {
+        store.setState({ allowAllUsers: true });
+        const noKimakiRoleId = '222';
+        const guild = {
+            ownerId: 'owner-id',
+            roles: {
+                cache: new Map([
+                    [noKimakiRoleId, { id: noKimakiRoleId, name: 'no-kimaki' }],
+                ]),
+            },
+        };
+        const member = {
+            user: { id: 'member-id' },
+            permissions: '0',
+            roles: [noKimakiRoleId],
+        };
+        expect(hasKimakiBotPermission(member, guild)).toBe(false);
+    });
     test('allows API interaction member when kimaki role exists', () => {
         const kimakiRoleId = '111';
         const guild = {
@@ -132,3 +167,84 @@ describe('hasKimakiBotPermission', () => {
         expect(hasKimakiBotPermission(member, guild)).toBe(false);
     });
 });
+describe('hasKimakiAdminPermission', () => {
+    afterEach(() => {
+        store.setState({ allowAllUsers: false });
+    });
+    test('denies unprivileged member even when allowAllUsers is enabled', () => {
+        store.setState({ allowAllUsers: true });
+        const guild = {
+            ownerId: 'owner-id',
+            roles: { cache: new Map() },
+        };
+        const member = {
+            user: { id: 'member-id' },
+            permissions: '0',
+            roles: [],
+        };
+        expect(hasKimakiAdminPermission(member, guild)).toBe(false);
+    });
+    test('allows admin even when allowAllUsers is enabled', () => {
+        store.setState({ allowAllUsers: true });
+        const guild = {
+            ownerId: 'owner-id',
+            roles: { cache: new Map() },
+        };
+        const member = {
+            user: { id: 'member-id' },
+            permissions: PermissionsBitField.Flags.Administrator.toString(),
+            roles: [],
+        };
+        expect(hasKimakiAdminPermission(member, guild)).toBe(true);
+    });
+});
+describe('resolveGuildMessageMember', () => {
+    test('uses hydrated message member without fetching', async () => {
+        const member = { id: 'member-id' };
+        const message = {
+            guild: {
+                members: {
+                    fetch() {
+                        throw new Error('should not fetch');
+                    },
+                },
+            },
+            member,
+            author: { id: 'member-id' },
+            id: 'message-id',
+        };
+        await expect(resolveGuildMessageMember(message)).resolves.toBe(member);
+    });
+    test('fetches missing guild message member', async () => {
+        const member = { id: 'member-id' };
+        const message = {
+            guild: {
+                members: {
+                    fetch(id) {
+                        expect(id).toBe('member-id');
+                        return Promise.resolve(member);
+                    },
+                },
+            },
+            member: null,
+            author: { id: 'member-id' },
+            id: 'message-id',
+        };
+        await expect(resolveGuildMessageMember(message)).resolves.toBe(member);
+    });
+    test('denies when missing guild message member cannot be fetched', async () => {
+        const message = {
+            guild: {
+                members: {
+                    fetch() {
+                        return Promise.reject(new Error('missing member'));
+                    },
+                },
+            },
+            member: null,
+            author: { id: 'member-id' },
+            id: 'message-id',
+        };
+        await expect(resolveGuildMessageMember(message)).resolves.toBe(null);
+    });
+});

package/dist/errors.js

@@ -58,6 +58,11 @@ export class TranscriptionError extends createTaggedError({
     message: 'Transcription failed: $reason',
 }) {
 }
+export class SpeechGenerationError extends createTaggedError({
+    name: 'SpeechGenerationError',
+    message: 'Speech generation failed: $reason',
+}) {
+}
 export class GrepSearchError extends createTaggedError({
     name: 'GrepSearchError',
     message: 'Grep search failed for pattern: $pattern',