kimaki 0.4.78 → 0.4.80

package/dist/context-awareness-plugin.js

@@ -0,0 +1,347 @@
+// OpenCode plugin that injects synthetic message parts for context awareness:
+// - Git branch / detached HEAD changes
+// - Working directory (pwd) changes (e.g. after /new-worktree mid-session)
+// - MEMORY.md table of contents on first message
+// - Idle time gap detection with timestamps
+// - Onboarding tutorial instructions (when TUTORIAL_WELCOME_TEXT detected)
+//
+// Synthetic parts are hidden from the TUI but sent to the model, keeping it
+// aware of context changes without cluttering the UI.
+//
+// State design: all per-session mutable state is encapsulated in a single
+// SessionState object per session ID. One Map, one delete() on cleanup.
+// Decision logic is extracted into pure functions that take state + input
+// and return whether to inject — making them testable without mocking.
+//
+// Exported from opencode-plugin.ts — each export is treated as a separate
+// plugin by OpenCode's plugin loader.
+import crypto from 'node:crypto';
+import fs from 'node:fs';
+import path from 'node:path';
+import * as errore from 'errore';
+import { createLogger, formatErrorWithStack, LogPrefix, setLogFilePath, } from './logger.js';
+import { setDataDir } from './config.js';
+import { initSentry, notifyError } from './sentry.js';
+import { execAsync } from './worktrees.js';
+import { condenseMemoryMd } from './condense-memory.js';
+import { ONBOARDING_TUTORIAL_INSTRUCTIONS, TUTORIAL_WELCOME_TEXT, } from './onboarding-tutorial.js';
+const logger = createLogger(LogPrefix.OPENCODE);
+function createSessionState() {
+    return {
+        gitState: undefined,
+        lastMessageTime: undefined,
+        memoryInjected: false,
+        tutorialInjected: false,
+        resolvedDirectory: undefined,
+        announcedDirectory: undefined,
+    };
+}
+// ── Pure derivation functions ────────────────────────────────────
+// These take state + fresh input and return whether to inject.
+// No side effects, no mutations — easy to test with fixtures.
+export function shouldInjectBranch({ previousGitState, currentGitState, }) {
+    if (!currentGitState) {
+        return { inject: false };
+    }
+    if (previousGitState && previousGitState.key === currentGitState.key) {
+        return { inject: false };
+    }
+    const text = currentGitState.warning || `\n[current git branch is ${currentGitState.label}]`;
+    return { inject: true, text };
+}
+export function shouldInjectPwd({ sessionDir, projectDir, announcedDir, }) {
+    if (!sessionDir || sessionDir === projectDir) {
+        return { inject: false };
+    }
+    if (announcedDir === sessionDir) {
+        return { inject: false };
+    }
+    return {
+        inject: true,
+        text: `\n[working directory is ${sessionDir} (git worktree of ${projectDir}). ` +
+            `All file reads, writes, and edits must use paths under ${sessionDir}, ` +
+            `not ${projectDir}.]`,
+    };
+}
+const TEN_MINUTES = 10 * 60 * 1000;
+export function shouldInjectTimeGap({ lastMessageTime, now, }) {
+    if (!lastMessageTime) {
+        return { inject: false };
+    }
+    const elapsed = now - lastMessageTime;
+    if (elapsed < TEN_MINUTES) {
+        return { inject: false };
+    }
+    const totalMinutes = Math.floor(elapsed / 60_000);
+    const hours = Math.floor(totalMinutes / 60);
+    const minutes = totalMinutes % 60;
+    const elapsedStr = hours > 0 ? `${hours}h ${minutes}m` : `${totalMinutes}m`;
+    const utcStr = new Date(now)
+        .toISOString()
+        .replace('T', ' ')
+        .replace(/\.\d+Z$/, ' UTC');
+    const localTz = Intl.DateTimeFormat().resolvedOptions().timeZone;
+    const localStr = new Date(now).toLocaleString('en-US', {
+        timeZone: localTz,
+        year: 'numeric',
+        month: '2-digit',
+        day: '2-digit',
+        hour: '2-digit',
+        minute: '2-digit',
+        hour12: false,
+    });
+    return { inject: true, elapsedStr, utcStr, localStr, localTz };
+}
+export function shouldInjectTutorial({ alreadyInjected, parts, }) {
+    if (alreadyInjected) {
+        return false;
+    }
+    return parts.some((part) => {
+        return part.type === 'text' && part.text?.includes(TUTORIAL_WELCOME_TEXT);
+    });
+}
+// ── Impure helpers (I/O) ─────────────────────────────────────────
+async function resolveGitState({ directory, }) {
+    const branchResult = await errore.tryAsync(() => {
+        return execAsync('git symbolic-ref --short HEAD', { cwd: directory });
+    });
+    if (!(branchResult instanceof Error)) {
+        const branch = branchResult.stdout.trim();
+        if (branch) {
+            return {
+                key: `branch:${branch}`,
+                kind: 'branch',
+                label: branch,
+                warning: null,
+            };
+        }
+    }
+    const shaResult = await errore.tryAsync(() => {
+        return execAsync('git rev-parse --short HEAD', { cwd: directory });
+    });
+    if (shaResult instanceof Error) {
+        return null;
+    }
+    const shortSha = shaResult.stdout.trim();
+    if (!shortSha) {
+        return null;
+    }
+    const superprojectResult = await errore.tryAsync(() => {
+        return execAsync('git rev-parse --show-superproject-working-tree', {
+            cwd: directory,
+        });
+    });
+    const superproject = superprojectResult instanceof Error ? '' : superprojectResult.stdout.trim();
+    if (superproject) {
+        return {
+            key: `detached-submodule:${shortSha}`,
+            kind: 'detached-submodule',
+            label: `detached submodule @ ${shortSha}`,
+            warning: `\n[warning: submodule is in detached HEAD at ${shortSha}. ` +
+                'create or switch to a branch before committing.]',
+        };
+    }
+    return {
+        key: `detached-head:${shortSha}`,
+        kind: 'detached-head',
+        label: `detached HEAD @ ${shortSha}`,
+        warning: `\n[warning: repository is in detached HEAD at ${shortSha}. ` +
+            'create or switch to a branch before committing.]',
+    };
+}
+// Resolve the session's actual working directory via the SDK.
+// Cached in SessionState.resolvedDirectory to avoid repeated HTTP calls.
+async function resolveSessionDirectory({ client, sessionID, state, }) {
+    if (state.resolvedDirectory) {
+        return state.resolvedDirectory;
+    }
+    const result = await errore.tryAsync(() => {
+        return client.session.get({ path: { id: sessionID } });
+    });
+    if (result instanceof Error || !result.data?.directory) {
+        return null;
+    }
+    state.resolvedDirectory = result.data.directory;
+    return result.data.directory;
+}
+// ── Plugin ───────────────────────────────────────────────────────
+const contextAwarenessPlugin = async ({ directory, client }) => {
+    initSentry();
+    const dataDir = process.env.KIMAKI_DATA_DIR;
+    if (dataDir) {
+        setDataDir(dataDir);
+        setLogFilePath(dataDir);
+    }
+    // Single Map for all per-session state. One entry per session, one
+    // delete on cleanup — no parallel Maps that can drift out of sync.
+    const sessions = new Map();
+    function getOrCreateSession(sessionID) {
+        const existing = sessions.get(sessionID);
+        if (existing) {
+            return existing;
+        }
+        const state = createSessionState();
+        sessions.set(sessionID, state);
+        return state;
+    }
+    return {
+        'chat.message': async (input, output) => {
+            const hookResult = await errore.tryAsync({
+                try: async () => {
+                    const { sessionID } = input;
+                    const state = getOrCreateSession(sessionID);
+                    // -- Onboarding tutorial injection --
+                    // Runs before the non-synthetic text guard because the tutorial
+                    // marker (TUTORIAL_WELCOME_TEXT) can appear in synthetic/system
+                    // parts prepended by message-preprocessing.ts. The old separate
+                    // plugin had no such guard, so this preserves that behavior.
+                    const firstTextPart = output.parts.find((part) => {
+                        return part.type === 'text';
+                    });
+                    if (firstTextPart && shouldInjectTutorial({ alreadyInjected: state.tutorialInjected, parts: output.parts })) {
+                        state.tutorialInjected = true;
+                        output.parts.push({
+                            id: `prt_${crypto.randomUUID()}`,
+                            sessionID,
+                            messageID: firstTextPart.messageID,
+                            type: 'text',
+                            text: `<system-reminder>\n${ONBOARDING_TUTORIAL_INSTRUCTIONS}\n</system-reminder>`,
+                            synthetic: true,
+                        });
+                    }
+                    // -- Find first non-synthetic user text part --
+                    // All remaining injections (branch, pwd, memory, time gap) only
+                    // apply to real user messages, not empty or synthetic-only messages.
+                    const now = Date.now();
+                    const first = output.parts.find((part) => {
+                        if (part.type !== 'text') {
+                            return true;
+                        }
+                        return part.synthetic !== true;
+                    });
+                    if (!first || first.type !== 'text' || first.text.trim().length === 0) {
+                        return;
+                    }
+                    const messageID = first.messageID;
+                    // -- Resolve session working directory --
+                    const sessionDir = await resolveSessionDirectory({
+                        client,
+                        sessionID,
+                        state,
+                    });
+                    const effectiveDirectory = sessionDir || directory;
+                    // -- Branch / detached HEAD detection --
+                    // Resolved early but injected last so it appears at the end of parts.
+                    const gitState = await resolveGitState({ directory: effectiveDirectory });
+                    // -- Working directory change detection --
+                    const pwdResult = shouldInjectPwd({
+                        sessionDir,
+                        projectDir: directory,
+                        announcedDir: state.announcedDirectory,
+                    });
+                    if (pwdResult.inject) {
+                        state.announcedDirectory = sessionDir;
+                        output.parts.push({
+                            id: `prt_${crypto.randomUUID()}`,
+                            sessionID,
+                            messageID,
+                            type: 'text',
+                            text: pwdResult.text,
+                            synthetic: true,
+                        });
+                    }
+                    // -- MEMORY.md injection --
+                    if (!state.memoryInjected) {
+                        state.memoryInjected = true;
+                        const memoryPath = path.join(effectiveDirectory, 'MEMORY.md');
+                        const memoryContent = await fs.promises
+                            .readFile(memoryPath, 'utf-8')
+                            .catch(() => null);
+                        if (memoryContent) {
+                            const condensed = condenseMemoryMd(memoryContent);
+                            output.parts.push({
+                                id: `prt_${crypto.randomUUID()}`,
+                                sessionID,
+                                messageID,
+                                type: 'text',
+                                text: `<system-reminder>Project memory from MEMORY.md (condensed table of contents, line numbers shown):\n${condensed}\nOnly headings are shown above — section bodies are hidden. Use Grep to search MEMORY.md for specific topics, or Read with offset and limit to read a section's content. When writing to MEMORY.md, make headings detailed and descriptive since they are the only thing visible in this prompt. You can update MEMORY.md to store learnings, tips, insights that will help prevent same mistakes, and context worth preserving across sessions.</system-reminder>`,
+                                synthetic: true,
+                            });
+                        }
+                    }
+                    // -- Time since last message --
+                    const timeGapResult = shouldInjectTimeGap({
+                        lastMessageTime: state.lastMessageTime,
+                        now,
+                    });
+                    state.lastMessageTime = now;
+                    if (timeGapResult.inject) {
+                        output.parts.push({
+                            id: `prt_${crypto.randomUUID()}`,
+                            sessionID,
+                            messageID,
+                            type: 'text',
+                            text: `[${timeGapResult.elapsedStr} since last message | UTC: ${timeGapResult.utcStr} | Local (${timeGapResult.localTz}): ${timeGapResult.localStr}]`,
+                            synthetic: true,
+                        });
+                        output.parts.push({
+                            id: `prt_${crypto.randomUUID()}`,
+                            sessionID,
+                            messageID,
+                            type: 'text',
+                            text: '<system-reminder>Long gap since last message. If the previous conversation had important learnings, tips, insights that will help prevent same mistakes, or context worth preserving, update MEMORY.md before starting the new task.</system-reminder>',
+                            synthetic: true,
+                        });
+                    }
+                    // -- Branch injection (last synthetic part) --
+                    const branchResult = shouldInjectBranch({
+                        previousGitState: state.gitState,
+                        currentGitState: gitState,
+                    });
+                    if (branchResult.inject) {
+                        state.gitState = gitState;
+                        output.parts.push({
+                            id: `prt_${crypto.randomUUID()}`,
+                            sessionID,
+                            messageID,
+                            type: 'text',
+                            text: branchResult.text,
+                            synthetic: true,
+                        });
+                    }
+                },
+                catch: (error) => {
+                    return new Error('context-awareness chat.message hook failed', { cause: error });
+                },
+            });
+            if (hookResult instanceof Error) {
+                logger.warn(`[context-awareness-plugin] ${formatErrorWithStack(hookResult)}`);
+                void notifyError(hookResult, 'context-awareness plugin chat.message hook failed');
+            }
+        },
+        // Clean up per-session state when sessions are deleted.
+        // Single delete instead of 5 parallel Map/Set deletes.
+        event: async ({ event }) => {
+            const cleanupResult = await errore.tryAsync({
+                try: async () => {
+                    if (event.type !== 'session.deleted') {
+                        return;
+                    }
+                    const id = event.properties?.info?.id;
+                    if (!id) {
+                        return;
+                    }
+                    sessions.delete(id);
+                },
+                catch: (error) => {
+                    return new Error('context-awareness event hook failed', { cause: error });
+                },
+            });
+            if (cleanupResult instanceof Error) {
+                logger.warn(`[context-awareness-plugin] ${formatErrorWithStack(cleanupResult)}`);
+                void notifyError(cleanupResult, 'context-awareness plugin event hook failed');
+            }
+        },
+    };
+};
+export { contextAwarenessPlugin };

package/dist/database.js

@@ -2,6 +2,7 @@
 // Stores thread-session mappings, bot tokens, channel directories,
 // API keys, and model preferences in <dataDir>/discord-sessions.db.
 import { getPrisma, closePrisma } from './db.js';
+import crypto from 'node:crypto';
 import { store } from './store.js';
 import { createLogger, LogPrefix } from './logger.js';
 const dbLogger = createLogger(LogPrefix.DB);
@@ -88,6 +89,43 @@ export async function listScheduledTasks({ statuses, } = {}) {
     });
     return rows.map((row) => toScheduledTask(row));
 }
+export async function getScheduledTask(taskId) {
+    const prisma = await getPrisma();
+    const row = await prisma.scheduled_tasks.findUnique({
+        where: { id: taskId },
+    });
+    return row ? toScheduledTask(row) : null;
+}
+export async function updateScheduledTask({ taskId, payloadJson, promptPreview, scheduleKind, runAt, cronExpr, timezone, nextRunAt, }) {
+    const prisma = await getPrisma();
+    const data = {
+        payload_json: payloadJson,
+        prompt_preview: promptPreview,
+    };
+    if (scheduleKind !== undefined) {
+        data.schedule_kind = scheduleKind;
+    }
+    if (runAt !== undefined) {
+        data.run_at = runAt;
+    }
+    if (cronExpr !== undefined) {
+        data.cron_expr = cronExpr;
+    }
+    if (timezone !== undefined) {
+        data.timezone = timezone;
+    }
+    if (nextRunAt !== undefined) {
+        data.next_run_at = nextRunAt;
+    }
+    const result = await prisma.scheduled_tasks.updateMany({
+        where: {
+            id: taskId,
+            status: 'planned',
+        },
+        data,
+    });
+    return result.count > 0;
+}
 export async function cancelScheduledTask(taskId) {
     const prisma = await getPrisma();
     const result = await prisma.scheduled_tasks.updateMany({
@@ -812,9 +850,11 @@ export async function getBotTokenWithMode() {
     if (!row) {
         return undefined;
     }
+    const gatewayToken = await ensureServiceAuthToken({ appId: row.app_id });
+    const serviceParts = splitServiceAuthToken({ token: gatewayToken });
     const mode = row.bot_mode === 'gateway' ? 'gateway' : 'self_hosted';
-    const token = (mode === 'gateway' && row.client_id && row.client_secret)
-        ? `${row.client_id}:${row.client_secret}`
+    const token = (mode === 'gateway' && serviceParts)
+        ? gatewayToken
         : row.token;
     // Always reset discordBaseUrl on every read so a mode switch within
     // the same process (e.g. DB has gateway row but user proceeds self-hosted)
@@ -822,26 +862,77 @@ export async function getBotTokenWithMode() {
     const discordBaseUrl = (mode === 'gateway' && row.proxy_url)
         ? row.proxy_url
         : 'https://discord.com';
-    store.setState({ discordBaseUrl });
+    store.setState({ discordBaseUrl, gatewayToken });
     return {
         appId: row.app_id,
         token,
+        gatewayToken,
         mode,
-        clientId: row.client_id,
-        clientSecret: row.client_secret,
+        clientId: serviceParts?.clientId || row.client_id,
+        clientSecret: serviceParts?.clientSecret || row.client_secret,
         proxyUrl: row.proxy_url,
     };
 }
+function splitServiceAuthToken({ token }) {
+    const separatorIndex = token.indexOf(':');
+    if (separatorIndex <= 0 || separatorIndex >= token.length - 1) {
+        return null;
+    }
+    return {
+        clientId: token.slice(0, separatorIndex),
+        clientSecret: token.slice(separatorIndex + 1),
+    };
+}
+function createServiceCredentials() {
+    return {
+        clientId: crypto.randomUUID(),
+        clientSecret: crypto.randomBytes(32).toString('hex'),
+    };
+}
+export async function ensureServiceAuthToken({ appId, preferredGatewayToken, }) {
+    const prisma = await getPrisma();
+    const row = await prisma.bot_tokens.findUnique({
+        where: { app_id: appId },
+    });
+    if (!row) {
+        throw new Error(`Bot token row not found for app_id ${appId}`);
+    }
+    const preferred = preferredGatewayToken
+        ? splitServiceAuthToken({ token: preferredGatewayToken })
+        : null;
+    const existing = (row.client_id && row.client_secret)
+        ? { clientId: row.client_id, clientSecret: row.client_secret }
+        : null;
+    const fromStoredToken = splitServiceAuthToken({ token: row.token });
+    const resolved = preferred || existing || fromStoredToken || createServiceCredentials();
+    if (row.client_id !== resolved.clientId || row.client_secret !== resolved.clientSecret) {
+        await prisma.bot_tokens.update({
+            where: { app_id: appId },
+            data: {
+                client_id: resolved.clientId,
+                client_secret: resolved.clientSecret,
+            },
+        });
+    }
+    return `${resolved.clientId}:${resolved.clientSecret}`;
+}
 /**
  * Store a bot token.
  */
 export async function setBotToken(appId, token) {
     const prisma = await getPrisma();
+    const generated = createServiceCredentials();
     await prisma.bot_tokens.upsert({
         where: { app_id: appId },
-        create: { app_id: appId, token },
+        create: {
+            app_id: appId,
+            token,
+            client_id: generated.clientId,
+            client_secret: generated.clientSecret,
+        },
         update: { token },
     });
+    await ensureServiceAuthToken({ appId });
 }
 /**
  * Persist gateway bot mode credentials.
@@ -855,11 +946,16 @@ export async function setBotMode({ appId, mode, clientId, clientSecret, proxyUrl
         client_secret: clientSecret ?? null,
         proxy_url: proxyUrl ?? null,
     };
+    const createToken = (clientId && clientSecret) ? `${clientId}:${clientSecret}` : '';
     await prisma.bot_tokens.upsert({
         where: { app_id: appId },
-        create: { app_id: appId, token: `${clientId}:${clientSecret}`, ...data },
+        create: { app_id: appId, token: createToken, ...data },
         update: data,
     });
+    await ensureServiceAuthToken({
+        appId,
+        preferredGatewayToken: (clientId && clientSecret) ? `${clientId}:${clientSecret}` : undefined,
+    });
 }
 // ============================================================================
 // Bot API Keys Functions

package/dist/db.js

@@ -3,6 +3,7 @@
 // otherwise falls back to direct file: access (bot process, CLI subcommands).
 import fs from 'node:fs';
 import path from 'node:path';
+import crypto from 'node:crypto';
 import { PrismaLibSql } from '@prisma/adapter-libsql';
 import { PrismaClient, Prisma } from './generated/client.js';
 import { getDataDir } from './config.js';
@@ -50,6 +51,13 @@ function getDbUrl() {
     const dbPath = path.join(dataDir, 'discord-sessions.db');
     return `file:${dbPath}`;
 }
+function getDbAuthToken() {
+    const token = process.env.KIMAKI_DB_AUTH_TOKEN;
+    if (!token) {
+        return undefined;
+    }
+    return token;
+}
 async function initializePrisma() {
     const dbUrl = getDbUrl();
     const isFileMode = dbUrl.startsWith('file:');
@@ -63,7 +71,11 @@ async function initializePrisma() {
         }
     }
     dbLogger.log(`Opening database via: ${dbUrl}`);
-    const adapter = new PrismaLibSql({ url: dbUrl });
+    const dbAuthToken = getDbAuthToken();
+    const adapter = new PrismaLibSql({
+        url: dbUrl,
+        ...(dbAuthToken && { authToken: dbAuthToken }),
+    });
     const prisma = new PrismaClient({ adapter });
     try {
         if (isFileMode) {
@@ -193,6 +205,32 @@ async function migrateSchema(prisma) {
             // Table may not exist on first run
         }
     }
+    // Migration: ensure every bot row has service auth credentials.
+    // These credentials are used for local/internet control-plane auth.
+    try {
+        const botRows = await prisma.bot_tokens.findMany({
+            select: {
+                app_id: true,
+                client_id: true,
+                client_secret: true,
+            },
+        });
+        for (const botRow of botRows) {
+            if (botRow.client_id && botRow.client_secret) {
+                continue;
+            }
+            await prisma.bot_tokens.update({
+                where: { app_id: botRow.app_id },
+                data: {
+                    client_id: crypto.randomUUID(),
+                    client_secret: crypto.randomBytes(32).toString('hex'),
+                },
+            });
+        }
+    }
+    catch {
+        // Defensive migration only; ignore if table shape is not ready yet.
+    }
 }
 /**
  * Close the Prisma connection.