kimaki 0.13.0 → 0.14.0

package/dist/commands/permissions.js

@@ -4,6 +4,7 @@
 import { ButtonBuilder, ButtonStyle, ActionRowBuilder, MessageFlags, } from 'discord.js';
 import crypto from 'node:crypto';
 import { getOpencodeClient } from '../opencode.js';
+import { getPermissionTimeoutMs } from '../config.js';
 import { NOTIFY_MESSAGE_FLAGS } from '../discord-utils.js';
 import { createLogger, LogPrefix } from '../logger.js';
 const logger = createLogger(LogPrefix.PERMISSIONS);
@@ -59,7 +60,7 @@ export function compactPermissionPatterns(patterns) {
 }
 // Store pending permission contexts by hash.
 // TTL prevents unbounded growth if user never clicks a permission button.
-const PERMISSION_CONTEXT_TTL_MS = 10 * 60 * 1000;
+// Configurable via --permission-timeout-minutes CLI flag (default: 10 minutes).
 export const pendingPermissionContexts = new Map();
 // Atomic take: removes context from Map and returns it. Only the first caller
 // (TTL expiry or button click) wins, preventing duplicate permission replies.
@@ -90,6 +91,9 @@ export async function showPermissionButtons({ thread, permission, directory, per
     // Auto-reject on TTL expiry so the OpenCode session doesn't hang forever
     // waiting for a permission reply that will never come. Uses atomic take
     // so only one of TTL-expiry or button-click can win.
+    // With continue_loop_on_deny enabled in opencode config, the model sees
+    // this as a tool error and continues (tries alternatives or explains).
+    const ttlMs = getPermissionTimeoutMs();
     setTimeout(async () => {
         const ctx = takePendingPermissionContext(contextHash);
         if (!ctx) {
@@ -100,21 +104,27 @@ export async function showPermissionButtons({ thread, permission, directory, per
             const requestIds = ctx.requestIds.length > 0
                 ? ctx.requestIds
                 : [ctx.permission.id];
+            const userId = ctx.thread.ownerId;
+            const timeoutFeedback = `Permission timed out — the user did not respond. They are probably away and not watching the session. ` +
+                `If this tool call is necessary for the core goal of this session, stop and mention the user with <@${userId}> asking them to grant permission. ` +
+                `If not, continue normally — work around it, skip the tool, or use an alternative approach.`;
             await Promise.all(requestIds.map((requestId) => {
                 return client.permission.reply({
                     requestID: requestId,
                     directory: ctx.permissionDirectory,
                     reply: 'reject',
+                    message: timeoutFeedback,
                 });
             })).catch((error) => {
                 logger.error('Failed to auto-reject expired permission:', error);
             });
+            const minutes = Math.round(ttlMs / 60_000);
             updatePermissionMessage({
                 context: ctx,
-                status: '_Permission expired after 10 minutes and was rejected._',
+                status: `_Permission expired after ${minutes} minute${minutes !== 1 ? 's' : ''} and was rejected._`,
             });
         }
-    }, PERMISSION_CONTEXT_TTL_MS).unref();
+    }, ttlMs).unref();
     const patternStr = compactPermissionPatterns(permission.patterns).join(', ');
     // Build 3 buttons for permission actions
     const acceptButton = new ButtonBuilder()

package/dist/config.js

@@ -62,6 +62,14 @@ export function setProjectsDir(dir) {
     }
     store.setState({ projectsDir: resolvedDir });
 }
+/**
+ * Get the permission button timeout in milliseconds.
+ * How long permission buttons remain active before auto-rejecting.
+ * Defaults to 10 minutes (600000ms).
+ */
+export function getPermissionTimeoutMs() {
+    return store.getState().permissionTimeoutMs;
+}
 const DEFAULT_LOCK_PORT = 29988;
 /**
  * Derive a lock port from the data directory path.

package/dist/context-awareness-plugin.js

@@ -18,6 +18,7 @@ import crypto from 'node:crypto';
 import * as errore from 'errore';
 import { createPluginLogger, formatPluginErrorWithStack, setPluginLogFilePath, } from './plugin-logger.js';
 import { setDataDir } from './config.js';
+import { createPluginClient } from './plugin-opencode-client.js';
 import { initSentry, notifyError } from './sentry.js';
 import { execAsync } from './exec-async.js';
 import { ONBOARDING_TUTORIAL_INSTRUCTIONS, TUTORIAL_WELCOME_TEXT, } from './onboarding-tutorial.js';
@@ -145,7 +146,7 @@ async function resolveGitState({ directory, }) {
 async function resolveSessionDirectory({ client, sessionID, state, }) {
     const previousDirectory = state.resolvedDirectory;
     const result = await errore.tryAsync(() => {
-        return client.session.get({ path: { id: sessionID } });
+        return client.session.get({ sessionID });
     });
     if (result instanceof Error || !result.data?.directory) {
         return {
@@ -160,13 +161,16 @@ async function resolveSessionDirectory({ client, sessionID, state, }) {
     };
 }
 // ── Plugin ───────────────────────────────────────────────────────
-const contextAwarenessPlugin = async ({ directory, client }) => {
+const contextAwarenessPlugin = async ({ directory, serverUrl }) => {
     initSentry();
     const dataDir = process.env.KIMAKI_DATA_DIR;
     if (dataDir) {
         setDataDir(dataDir);
         setPluginLogFilePath(dataDir);
     }
+    // Build our own v2 client. The plugin-provided ctx.client (v1) does not
+    // reliably make REST calls from inside the plugin process.
+    const client = createPluginClient({ serverUrl, directory });
     // Single Map for all per-session state. One entry per session, one
     // delete on cleanup — no parallel Maps that can drift out of sync.
     const sessions = new Map();
@@ -225,8 +229,9 @@ const contextAwarenessPlugin = async ({ directory, client }) => {
                     const messageID = first.messageID;
                     const latestAssistantMessageResult = await errore.tryAsync(() => {
                         return client.session.messages({
-                            path: { id: sessionID },
-                            query: { directory, limit: 20 },
+                            sessionID,
+                            directory,
+                            limit: 20,
                         });
                     });
                     const latestAssistantMessage = latestAssistantMessageResult instanceof Error

package/dist/discord-bot.js

@@ -569,7 +569,7 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
                 });
                 // Notify when a voice message was queued instead of sent immediately
                 if (enqueueResult.queued && enqueueResult.position) {
-                    await sendThreadMessage(thread, `Queued at position ${enqueueResult.position}`);
+                    await sendThreadMessage(thread, `Queued at position ${enqueueResult.position}. Edit your message to update it in queue`);
                 }
             }
             if (channel.type === ChannelType.GuildText) {
@@ -687,11 +687,21 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
                         rest: discordClient.rest,
                     });
                 }
+                const sessionDirectory = await (async () => {
+                    if (!worktreePromise) {
+                        return projectDirectory;
+                    }
+                    const result = await worktreePromise;
+                    if (result instanceof Error) {
+                        return projectDirectory;
+                    }
+                    return result;
+                })();
                 const channelRuntime = getOrCreateRuntime({
                     threadId: thread.id,
                     thread,
                     projectDirectory,
-                    sdkDirectory: projectDirectory,
+                    sdkDirectory: sessionDirectory,
                     channelId: channel.id,
                     appId: currentAppId,
                 });
@@ -703,19 +713,6 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
                     sourceThreadId: thread.id,
                     appId: currentAppId,
                     preprocess: async () => {
-                        // Wait for worktree creation + install before preprocessing.
-                        // Follow-up messages queue behind this in the preprocess chain.
-                        let sessionDirectory = projectDirectory;
-                        if (worktreePromise) {
-                            const result = await worktreePromise;
-                            if (!(result instanceof Error)) {
-                                sessionDirectory = result;
-                                channelRuntime.handleDirectoryChanged({
-                                    oldDirectory: projectDirectory,
-                                    newDirectory: sessionDirectory,
-                                });
-                            }
-                        }
                         return preprocessNewThreadMessage({
                             message,
                             thread,
@@ -780,8 +777,16 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
             // If the edit removed the queue suffix, remove the item from the queue.
             // If the suffix is still present, update the prompt.
             const result = runtime.updateQueuedMessage(message.id, forceQueue ? prompt : '');
-            if (result.found) {
-                discordLogger.log(`[MESSAGE_EDIT] ${result.removed ? 'Removed' : 'Updated'} queued message ${message.id} in thread ${channel.id}`);
+            if (result.found && channel.isThread()) {
+                const displayName = message.member?.displayName ?? message.author.displayName;
+                if (result.removed) {
+                    discordLogger.log(`[MESSAGE_EDIT] Removed queued message ${message.id} in thread ${channel.id}`);
+                    await sendThreadMessage(channel, `⬦ **${displayName}** removed message from queue`);
+                }
+                else {
+                    discordLogger.log(`[MESSAGE_EDIT] Updated queued message ${message.id} in thread ${channel.id}`);
+                    await sendThreadMessage(channel, `⬦ **${displayName}** edited queued message`);
+                }
             }
         }
         catch (error) {
@@ -925,11 +930,24 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
             }
             discordLogger.log(`[BOT_SESSION] Starting session for thread ${thread.id} with prompt: "${prompt.slice(0, 50)}..."`);
             const botThreadStartSource = parseSessionStartSourceFromMarker(marker);
+            const sessionDirectory = await (async () => {
+                if (cwdDirectory) {
+                    return cwdDirectory;
+                }
+                if (!worktreePromise) {
+                    return projectDirectory;
+                }
+                const result = await worktreePromise;
+                if (result instanceof Error) {
+                    return projectDirectory;
+                }
+                return result;
+            })();
             const runtime = getOrCreateRuntime({
                 threadId: thread.id,
                 thread,
                 projectDirectory,
-                sdkDirectory: projectDirectory,
+                sdkDirectory: sessionDirectory,
                 channelId: parent.id,
                 appId: currentAppId,
             });
@@ -950,23 +968,6 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
                     }
                     : undefined,
                 preprocess: async () => {
-                    // Wait for worktree creation + install before starting session.
-                    if (worktreePromise) {
-                        const result = await worktreePromise;
-                        if (!(result instanceof Error)) {
-                            runtime.handleDirectoryChanged({
-                                oldDirectory: projectDirectory,
-                                newDirectory: result,
-                            });
-                        }
-                    }
-                    // --cwd: switch sdkDirectory to the existing worktree path
-                    if (cwdDirectory) {
-                        runtime.handleDirectoryChanged({
-                            oldDirectory: projectDirectory,
-                            newDirectory: cwdDirectory,
-                        });
-                    }
                     const permissionRules = await getChannelReferencePermissionRules({
                         message: starterMessage,
                     });
@@ -1017,6 +1018,20 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
     startHeapMonitor();
     const stopTaskRunner = startTaskRunner({ token });
     const stopRuntimeIdleSweeper = startRuntimeIdleSweeper();
+    // Prevent discord.js from permanently killing the REST token on 401.
+    // @discordjs/rest calls setToken(null) whenever it receives a 401 response.
+    // The gateway proxy now returns 503 for stale-DB rejections (not 401), but
+    // this guard stays as defense-in-depth for any other transient 401 source.
+    // Allows null through when Client.destroy() is running (it sets client.token
+    // = null before calling rest.setToken(null)).
+    const originalSetToken = discordClient.rest.setToken.bind(discordClient.rest);
+    discordClient.rest.setToken = (newToken) => {
+        if (!newToken && discordClient.token !== null) {
+            discordLogger.warn('[REST] Blocked token nullification from 401 response');
+            return discordClient.rest;
+        }
+        return originalSetToken(newToken);
+    };
     const handleShutdown = async (signal, { skipExit = false } = {}) => {
         discordLogger.log(`Received ${signal}, cleaning up...`);
         if (global.shuttingDown) {

package/dist/message-finish-field.e2e.test.js

@@ -150,6 +150,7 @@ test('tool-call step has finish="tool-calls", follow-up has finish="stop"', asyn
         "partTypes": [
           "step-start",
           "text",
+          "tool",
           "step-finish",
         ],
       },

package/dist/openai-auth-plugin.js

@@ -14,6 +14,7 @@
  * Account management is done via `kimaki multioauth openai` CLI commands.
  */
 import { createPluginLogger, appendToastSessionMarker } from './plugin-logger.js';
+import { createPluginClient } from './plugin-opencode-client.js';
 import { isRateLimitRetryMessage, isTokenRefreshError, isOAuthStored, readJson, authFilePath } from './oauth-rotation-shared.js';
 import { detectAndRememberNewOpenAIAccount, loadOpenAIAccountStore, rotateOpenAIAccount, } from './openai-auth-state.js';
 const log = createPluginLogger('openai-rotation');
@@ -30,7 +31,7 @@ function isRetryStatusEvent(event) {
 // the last message in the session to find the model.
 async function isOpenAISession(client, sessionID) {
     try {
-        const res = await client.session.messages({ path: { id: sessionID } });
+        const res = await client.session.messages({ sessionID });
         const lastMessage = res.data?.filter((m) => m.info).at(-1)?.info;
         if (!lastMessage)
             return false;
@@ -45,8 +46,11 @@ async function isOpenAISession(client, sessionID) {
 // Throttle login detection to avoid spamming auth.json reads
 let lastLoginCheckMs = 0;
 const LOGIN_CHECK_INTERVAL_MS = 30_000;
-const openaiRotationPlugin = async ({ client }) => {
+const openaiRotationPlugin = async ({ serverUrl, directory }) => {
     log.info('OpenAI rotation plugin loaded');
+    // Build our own v2 client. The plugin-provided ctx.client (v1) does not
+    // reliably make REST calls from inside the plugin process.
+    const client = createPluginClient({ serverUrl, directory });
     return {
         'chat.headers': async (input, output) => {
             if (input.model.providerID !== 'openai')
@@ -69,13 +73,11 @@ const openaiRotationPlugin = async ({ client }) => {
                         const count = store?.accounts.length ?? 1;
                         client.tui
                             .showToast({
-                            body: {
-                                message: appendToastSessionMarker({
-                                    message: `OpenAI account ${label} added to rotation pool (${count} account${count === 1 ? '' : 's'})`,
-                                    sessionId: event.properties.sessionID,
-                                }),
-                                variant: 'info',
-                            },
+                            message: appendToastSessionMarker({
+                                message: `OpenAI account ${label} added to rotation pool (${count} account${count === 1 ? '' : 's'})`,
+                                sessionId: event.properties.sessionID,
+                            }),
+                            variant: 'info',
                         })
                             .catch(() => { });
                     }
@@ -106,13 +108,11 @@ const openaiRotationPlugin = async ({ client }) => {
                 if (result) {
                     client.tui
                         .showToast({
-                        body: {
-                            message: appendToastSessionMarker({
-                                message: `Switching OpenAI from ${result.fromLabel} to ${result.toLabel}`,
-                                sessionId: sessionID,
-                            }),
-                            variant: 'info',
-                        },
+                        message: appendToastSessionMarker({
+                            message: `Switching OpenAI from ${result.fromLabel} to ${result.toLabel}`,
+                            sessionId: sessionID,
+                        }),
+                        variant: 'info',
                     })
                         .catch(() => { });
                 }

package/dist/openai-auth-state.js

@@ -92,7 +92,7 @@ async function writeOpenAIAuthFile(auth) {
 }
 export async function setOpenAIAuth(auth, client) {
     await writeOpenAIAuthFile(auth);
-    await client.auth.set({ path: { id: 'openai' }, body: auth });
+    await client.auth.set({ providerID: 'openai', auth });
 }
 // --- Remember new login ---
 export async function rememberOpenAIOAuth(auth, identity) {

package/dist/opencode-command.js

@@ -62,12 +62,36 @@ export function getSpawnCommandAndArgs({ resolvedCommand, baseArgs, platform, })
         windowsVerbatimArguments: true,
     };
 }
+// Remove flags from the parent process's execArgv that must not leak into the
+// relocatable kimaki shim. The shim runs from arbitrary working directories
+// (it is on PATH for opencode child processes), so a relative `--env-file=.env`
+// would make node abort with ".env: not found" whenever the cwd has no .env.
+// The shim does not need to re-load env files at all: the env vars the bot
+// cares about are already in the inherited process environment. We strip both
+// `--env-file`/`--env-file-if-exists` forms: `--env-file=value` (single arg)
+// and `--env-file value` (two args).
+export function sanitizeShimExecArgv(execArgv) {
+    const sanitized = [];
+    for (let index = 0; index < execArgv.length; index++) {
+        const arg = execArgv[index];
+        if (arg === '--env-file' || arg === '--env-file-if-exists') {
+            // Skip this flag and its separate value argument, if present.
+            index++;
+            continue;
+        }
+        if (arg.startsWith('--env-file=') || arg.startsWith('--env-file-if-exists=')) {
+            continue;
+        }
+        sanitized.push(arg);
+    }
+    return sanitized;
+}
 export function ensureKimakiCommandShim({ dataDir, execPath, execArgv, entryScript, platform, }) {
     const effectivePlatform = platform || process.platform;
     const shimDirectory = path.join(dataDir, 'bin');
     try {
         fs.mkdirSync(shimDirectory, { recursive: true });
-        const launcherArgs = [...execArgv, entryScript];
+        const launcherArgs = [...sanitizeShimExecArgv(execArgv), entryScript];
         if (effectivePlatform === 'win32') {
             const shimPath = path.join(shimDirectory, 'kimaki.cmd');
             const shimContent = [

package/dist/opencode-command.test.js

@@ -1,6 +1,9 @@
 // Regression tests for Windows OpenCode command resolution and spawn args.
-import { describe, expect, test } from 'vitest';
-import { getSpawnCommandAndArgs, selectResolvedCommand, splitCommandLookupOutput, } from './opencode-command.js';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { afterEach, beforeEach, describe, expect, test } from 'vitest';
+import { ensureKimakiCommandShim, getSpawnCommandAndArgs, sanitizeShimExecArgv, selectResolvedCommand, splitCommandLookupOutput, } from './opencode-command.js';
 describe('splitCommandLookupOutput', () => {
     test('splits windows command lookup output into trimmed lines', () => {
         expect(splitCommandLookupOutput('C:\\Program Files\\nodejs\\opencode\r\nC:\\Program Files\\nodejs\\opencode.cmd\r\n')).toEqual([
@@ -46,3 +49,62 @@ describe('getSpawnCommandAndArgs', () => {
         });
     });
 });
+describe('sanitizeShimExecArgv', () => {
+    test('strips --env-file=value single-arg form', () => {
+        expect(sanitizeShimExecArgv([
+            '--require',
+            '/abs/tsx/preflight.cjs',
+            '--env-file=.env',
+            '--import',
+            'file:///abs/tsx/loader.mjs',
+        ])).toEqual([
+            '--require',
+            '/abs/tsx/preflight.cjs',
+            '--import',
+            'file:///abs/tsx/loader.mjs',
+        ]);
+    });
+    test('strips --env-file value two-arg form and its value', () => {
+        expect(sanitizeShimExecArgv(['--env-file', '.env', '--require', '/abs/preflight.cjs'])).toEqual(['--require', '/abs/preflight.cjs']);
+    });
+    test('strips --env-file-if-exists in both forms', () => {
+        expect(sanitizeShimExecArgv([
+            '--env-file-if-exists=.env',
+            '--env-file-if-exists',
+            '/abs/.env',
+            '--enable-source-maps',
+        ])).toEqual(['--enable-source-maps']);
+    });
+    test('leaves unrelated flags untouched', () => {
+        expect(sanitizeShimExecArgv(['--enable-source-maps', '--max-old-space-size=4096'])).toEqual(['--enable-source-maps', '--max-old-space-size=4096']);
+    });
+});
+describe('ensureKimakiCommandShim', () => {
+    let tempDir;
+    beforeEach(() => {
+        tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'kimaki-shim-test-'));
+    });
+    afterEach(() => {
+        fs.rmSync(tempDir, { recursive: true, force: true });
+    });
+    test('generated posix shim does not contain a relative --env-file flag', () => {
+        const result = ensureKimakiCommandShim({
+            dataDir: tempDir,
+            execPath: '/usr/bin/node',
+            execArgv: [
+                '--require',
+                '/abs/tsx/preflight.cjs',
+                '--env-file=.env',
+                '--import',
+                'file:///abs/tsx/loader.mjs',
+            ],
+            entryScript: '/abs/cli/src/cli',
+            platform: 'linux',
+        });
+        expect(result).not.toBeInstanceOf(Error);
+        const shimContent = fs.readFileSync(path.join(tempDir, 'bin', 'kimaki'), 'utf8');
+        expect(shimContent).not.toContain('--env-file');
+        expect(shimContent).toContain('/abs/tsx/preflight.cjs');
+        expect(shimContent).toContain('/abs/cli/src/cli');
+    });
+});