kimaki 0.4.80 → 0.4.81

package/dist/anthropic-auth-plugin.js

@@ -15,6 +15,7 @@
  * - https://github.com/badlogic/pi-mono/blob/main/packages/ai/src/providers/anthropic.ts
  */
 import { generatePKCE } from "@openauthjs/openauth/pkce";
+import { spawn } from "node:child_process";
 import * as fs from "node:fs/promises";
 import { createServer } from "node:http";
 import { homedir } from "node:os";
@@ -62,37 +63,88 @@ const OPENCODE_TO_CLAUDE_CODE_TOOL_NAME = {
     write: "Write",
 };
 // --- HTTP helpers ---
-const MAX_RETRIES = 3;
-const BASE_DELAY_MS = 2_000;
-async function sleep(ms) {
-    return new Promise((resolve) => { setTimeout(resolve, ms); });
+// Claude OAuth token exchange can 429 when this runs inside the opencode auth
+// process, even with the same payload that succeeds in a plain Node process.
+// Run these OAuth-only HTTP calls in an isolated Node child to avoid whatever
+// parent-process runtime state is affecting the in-process requests.
+async function requestText(urlString, options) {
+    return new Promise((resolve, reject) => {
+        const payload = JSON.stringify({
+            body: options.body,
+            headers: options.headers,
+            method: options.method,
+            url: urlString,
+        });
+        const child = spawn("node", ["-e", `
+const input = JSON.parse(process.argv[1]);
+(async () => {
+  const response = await fetch(input.url, {
+    method: input.method,
+    headers: input.headers,
+    body: input.body,
+  });
+  const text = await response.text();
+  if (!response.ok) {
+    console.error(JSON.stringify({ status: response.status, body: text }));
+    process.exit(1);
+  }
+  process.stdout.write(text);
+})().catch((error) => {
+  console.error(error instanceof Error ? error.stack ?? error.message : String(error));
+  process.exit(1);
+});
+    `.trim(), payload], {
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        const timeout = setTimeout(() => {
+            child.kill();
+            reject(new Error(`Request timed out. url=${urlString}`));
+        }, 30_000);
+        child.stdout.on("data", (chunk) => {
+            stdout += String(chunk);
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr += String(chunk);
+        });
+        child.on("error", (error) => {
+            clearTimeout(timeout);
+            reject(error);
+        });
+        child.on("close", (code) => {
+            clearTimeout(timeout);
+            if (code !== 0) {
+                let details = stderr.trim();
+                try {
+                    const parsed = JSON.parse(details);
+                    if (typeof parsed.status === "number") {
+                        reject(new Error(`HTTP ${parsed.status} from ${urlString}: ${parsed.body ?? ""}`));
+                        return;
+                    }
+                }
+                catch {
+                    // fall back to raw stderr
+                }
+                reject(new Error(details || `Node helper exited with code ${code}`));
+                return;
+            }
+            resolve(stdout);
+        });
+    });
 }
 async function postJson(url, body) {
-    const jsonBody = JSON.stringify(body);
-    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
-        const response = await fetch(url, {
-            method: "POST",
-            headers: { "Content-Type": "application/json", Accept: "application/json" },
-            body: jsonBody,
-            signal: AbortSignal.timeout(30_000),
-        });
-        if (response.status === 429 && attempt < MAX_RETRIES) {
-            // Respect Retry-After header if present, otherwise exponential backoff
-            const retryAfter = response.headers.get("retry-after");
-            const delayMs = retryAfter
-                ? Math.min(Number(retryAfter) * 1000, 60_000)
-                : BASE_DELAY_MS * 2 ** attempt;
-            console.warn(`[anthropic-auth] 429 from ${url}, retrying in ${delayMs}ms (attempt ${attempt + 1}/${MAX_RETRIES})`);
-            await sleep(delayMs);
-            continue;
-        }
-        if (!response.ok) {
-            const text = await response.text().catch(() => "");
-            throw new Error(`HTTP ${response.status} from ${url}: ${text}`);
-        }
-        return response.json();
-    }
-    throw new Error(`Exhausted retries for ${url}`);
+    const requestBody = JSON.stringify(body);
+    const responseText = await requestText(url, {
+        method: "POST",
+        headers: {
+            Accept: "application/json",
+            "Content-Length": String(Buffer.byteLength(requestBody)),
+            "Content-Type": "application/json",
+        },
+        body: requestBody,
+    });
+    return JSON.parse(responseText);
 }
 // --- File lock for token refresh ---
 let pendingRefresh;
@@ -163,33 +215,16 @@ async function refreshAnthropicToken(refreshToken) {
     };
 }
 async function createApiKey(accessToken) {
-    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
-        const response = await fetch(CREATE_API_KEY_URL, {
-            method: "POST",
-            headers: {
-                Accept: "application/json",
-                authorization: `Bearer ${accessToken}`,
-                "Content-Type": "application/json",
-            },
-            signal: AbortSignal.timeout(30_000),
-        });
-        if (response.status === 429 && attempt < MAX_RETRIES) {
-            const retryAfter = response.headers.get("retry-after");
-            const delayMs = retryAfter
-                ? Math.min(Number(retryAfter) * 1000, 60_000)
-                : BASE_DELAY_MS * 2 ** attempt;
-            console.warn(`[anthropic-auth] 429 creating API key, retrying in ${delayMs}ms (attempt ${attempt + 1}/${MAX_RETRIES})`);
-            await sleep(delayMs);
-            continue;
-        }
-        if (!response.ok) {
-            const text = await response.text().catch(() => "");
-            throw new Error(`HTTP ${response.status} creating API key: ${text}`);
-        }
-        const json = (await response.json());
-        return { type: "success", key: json.raw_key };
-    }
-    throw new Error(`Exhausted retries for ${CREATE_API_KEY_URL}`);
+    const responseText = await requestText(CREATE_API_KEY_URL, {
+        method: "POST",
+        headers: {
+            Accept: "application/json",
+            authorization: `Bearer ${accessToken}`,
+            "Content-Type": "application/json",
+        },
+    });
+    const json = JSON.parse(responseText);
+    return { type: "success", key: json.raw_key };
 }
 async function startCallbackServer(expectedState) {
     return new Promise((resolve, reject) => {
@@ -317,6 +352,7 @@ function buildAuthorizeHandler(mode) {
     return async () => {
         const auth = await beginAuthorizationFlow();
         const isRemote = Boolean(process.env.KIMAKI);
+        let pendingAuthResult;
         const finalize = async (result) => {
             const verifier = auth.verifier;
             const creds = await exchangeAuthorizationCode(result.code, result.state || verifier, verifier, REDIRECT_URI);
@@ -331,14 +367,17 @@ function buildAuthorizeHandler(mode) {
                 instructions: "Complete login in your browser on this machine. OpenCode will catch the localhost callback automatically.",
                 method: "auto",
                 callback: async () => {
-                    try {
-                        const result = await waitForCallback(auth.callbackServer);
-                        return finalize(result);
-                    }
-                    catch (error) {
-                        console.error(`[anthropic-auth] ${error}`);
-                        return { type: "failed" };
-                    }
+                    pendingAuthResult ??= (async () => {
+                        try {
+                            const result = await waitForCallback(auth.callbackServer);
+                            return await finalize(result);
+                        }
+                        catch (error) {
+                            console.error(`[anthropic-auth] ${error}`);
+                            return { type: "failed" };
+                        }
+                    })();
+                    return pendingAuthResult;
                 },
             };
         }
@@ -347,14 +386,17 @@ function buildAuthorizeHandler(mode) {
             instructions: "Complete login in your browser, then paste the final redirect URL from the address bar here. Pasting just the authorization code also works.",
             method: "code",
             callback: async (input) => {
-                try {
-                    const result = await waitForCallback(auth.callbackServer, input);
-                    return finalize(result);
-                }
-                catch (error) {
-                    console.error(`[anthropic-auth] ${error}`);
-                    return { type: "failed" };
-                }
+                pendingAuthResult ??= (async () => {
+                    try {
+                        const result = await waitForCallback(auth.callbackServer, input);
+                        return await finalize(result);
+                    }
+                    catch (error) {
+                        console.error(`[anthropic-auth] ${error}`);
+                        return { type: "failed" };
+                    }
+                })();
+                return pendingAuthResult;
             },
         };
     };

package/dist/cli.js

@@ -768,6 +768,11 @@ async function registerCommands({ token, appId, guildIds, userCommands = [], age
             .setDescription(truncateCommandDescription('Show current session ID and opencode attach command for this thread'))
             .setDMPermission(false)
             .toJSON(),
+        new SlashCommandBuilder()
+            .setName('memory-snapshot')
+            .setDescription(truncateCommandDescription('Write a V8 heap snapshot to disk for memory debugging'))
+            .setDMPermission(false)
+            .toJSON(),
         new SlashCommandBuilder()
             .setName('upgrade-and-restart')
             .setDescription(truncateCommandDescription('Upgrade kimaki to the latest version and restart the bot'))

package/dist/commands/memory-snapshot.js

@@ -0,0 +1,24 @@
+// /memory-snapshot command - Write a V8 heap snapshot and show the file path.
+// Reuses writeHeapSnapshot() from heap-monitor.ts which writes gzip-compressed
+// .heapsnapshot.gz files to ~/.kimaki/heap-snapshots/.
+import { MessageFlags } from 'discord.js';
+import { writeHeapSnapshot } from '../heap-monitor.js';
+import { SILENT_MESSAGE_FLAGS } from '../discord-utils.js';
+import { createLogger, LogPrefix } from '../logger.js';
+const logger = createLogger(LogPrefix.HEAP);
+export async function handleMemorySnapshotCommand({ command, }) {
+    await command.deferReply({ flags: SILENT_MESSAGE_FLAGS });
+    try {
+        const filepath = await writeHeapSnapshot();
+        await command.editReply({
+            content: `Heap snapshot written:\n\`${filepath}\``,
+        });
+        logger.log(`Memory snapshot requested via /memory-snapshot: ${filepath}`);
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        await command.editReply({
+            content: `Failed to write heap snapshot: ${msg}`,
+        });
+    }
+}

package/dist/discord-bot.js

@@ -336,12 +336,19 @@ export async function startDiscordBot({ token, appId, discordClient, useWorktree
             if (isThread) {
                 const thread = channel;
                 discordLogger.log(`Message in thread ${thread.name} (${thread.id})`);
-                // Only respond in threads kimaki knows about (has a session row in DB)
-                // or where the bot is explicitly @mentioned. This prevents the bot from
-                // hijacking user-created threads in project channels. (GitHub #84)
+                // Only respond in threads kimaki knows about (has a session row in DB),
+                // where the bot is explicitly @mentioned, or where the bot created the
+                // thread itself (e.g. /new-worktree, /fork, kimaki send). This prevents
+                // the bot from hijacking user-created threads in project channels while
+                // still responding to bot-created threads that may not yet have a session
+                // row with a non-empty session_id (createPendingWorktree sets ''). (GitHub #84)
                 const hasExistingSession = await getThreadSession(thread.id);
                 const botMentioned = discordClient.user && message.mentions.has(discordClient.user.id);
-                if (!hasExistingSession && !botMentioned && !isCliInjectedPrompt) {
+                const botCreatedThread = discordClient.user && thread.ownerId === discordClient.user.id;
+                if (!hasExistingSession &&
+                    !botMentioned &&
+                    !isCliInjectedPrompt &&
+                    !botCreatedThread) {
                     discordLogger.log(`Ignoring thread ${thread.id}: no existing session and bot not mentioned`);
                     return;
                 }

package/dist/interaction-handler.js

@@ -36,6 +36,7 @@ import { handleRestartOpencodeServerCommand } from './commands/restart-opencode-
 import { handleRunCommand } from './commands/run-command.js';
 import { handleContextUsageCommand } from './commands/context-usage.js';
 import { handleSessionIdCommand } from './commands/session-id.js';
+import { handleMemorySnapshotCommand } from './commands/memory-snapshot.js';
 import { handleUpgradeAndRestartCommand } from './commands/upgrade.js';
 import { handleMcpCommand, handleMcpSelectMenu } from './commands/mcp.js';
 import { handleScreenshareCommand, handleScreenshareStopCommand, } from './commands/screenshare.js';
@@ -204,6 +205,12 @@ export function registerInteractionHandler({ discordClient, appId, }) {
                     case 'session-id':
                         await handleSessionIdCommand({ command: interaction, appId });
                         return;
+                    case 'memory-snapshot':
+                        await handleMemorySnapshotCommand({
+                            command: interaction,
+                            appId,
+                        });
+                        return;
                     case 'upgrade-and-restart':
                         await handleUpgradeAndRestartCommand({
                             command: interaction,

package/dist/session-handler/thread-session-runtime.js

@@ -574,9 +574,53 @@ export class ThreadSessionRuntime {
         }
         return `${text.slice(0, ThreadSessionRuntime.EVENT_BUFFER_TEXT_MAX_CHARS)}…`;
     }
+    isDefinedEventBufferValue(value) {
+        return value !== undefined;
+    }
+    pruneLargeStringsForEventBuffer(value, seen) {
+        if (typeof value !== 'object' || value === null) {
+            return;
+        }
+        if (seen.has(value)) {
+            return;
+        }
+        seen.add(value);
+        if (Array.isArray(value)) {
+            const compactedItems = value
+                .map((item) => {
+                if (typeof item === 'string') {
+                    if (item.length > ThreadSessionRuntime.EVENT_BUFFER_TEXT_MAX_CHARS) {
+                        return undefined;
+                    }
+                    return item;
+                }
+                this.pruneLargeStringsForEventBuffer(item, seen);
+                return item;
+            })
+                .filter((item) => {
+                return this.isDefinedEventBufferValue(item);
+            });
+            value.splice(0, value.length, ...compactedItems);
+            return;
+        }
+        const objectValue = value;
+        for (const [key, nestedValue] of Object.entries(objectValue)) {
+            if (typeof nestedValue === 'string') {
+                if (nestedValue.length > ThreadSessionRuntime.EVENT_BUFFER_TEXT_MAX_CHARS) {
+                    delete objectValue[key];
+                }
+                continue;
+            }
+            this.pruneLargeStringsForEventBuffer(nestedValue, seen);
+        }
+    }
+    finalizeCompactedEventForEventBuffer(event) {
+        this.pruneLargeStringsForEventBuffer(event, new WeakSet());
+        return event;
+    }
     compactEventForEventBuffer(event) {
-        if (event.type !== 'message.updated' && event.type !== 'message.part.updated') {
-            return event;
+        if (event.type === 'session.diff') {
+            return undefined;
         }
         const compacted = structuredClone(event);
         if (compacted.type === 'message.updated') {
@@ -590,27 +634,30 @@ export class ThreadSessionRuntime {
             delete info.summary;
             delete info.tools;
             delete info.parts;
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
+        }
+        if (compacted.type !== 'message.part.updated') {
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
         const part = compacted.properties.part;
         if (part.type === 'text') {
             part.text = this.compactTextForEventBuffer(part.text);
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
         if (part.type === 'reasoning') {
             part.text = this.compactTextForEventBuffer(part.text);
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
         if (part.type === 'snapshot') {
             part.snapshot = this.compactTextForEventBuffer(part.snapshot);
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
         if (part.type === 'step-start' && part.snapshot) {
             part.snapshot = this.compactTextForEventBuffer(part.snapshot);
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
         if (part.type !== 'tool') {
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
         const state = part.state;
         // Preserve subagent_type for task tools so derivation can build labels
@@ -622,28 +669,32 @@ export class ThreadSessionRuntime {
         }
         if (state.status === 'pending') {
             state.raw = this.compactTextForEventBuffer(state.raw);
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
         if (state.status === 'running') {
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
         if (state.status === 'completed') {
             state.output = this.compactTextForEventBuffer(state.output);
             delete state.attachments;
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
         if (state.status === 'error') {
             state.error = this.compactTextForEventBuffer(state.error);
-            return compacted;
+            return this.finalizeCompactedEventForEventBuffer(compacted);
         }
-        return compacted;
+        return this.finalizeCompactedEventForEventBuffer(compacted);
     }
     appendEventToBuffer(event) {
+        const compactedEvent = this.compactEventForEventBuffer(event);
+        if (!compactedEvent) {
+            return;
+        }
         const timestamp = Date.now();
         const eventIndex = this.nextEventIndex;
         this.nextEventIndex += 1;
         this.eventBuffer.push({
-            event: this.compactEventForEventBuffer(event),
+            event: compactedEvent,
             timestamp,
             eventIndex,
         });
@@ -791,6 +842,12 @@ export class ThreadSessionRuntime {
     // Global events (tui.toast.show) bypass the guard.
     // Subtask sessions also bypass — they're tracked in subtaskSessions.
     async handleEvent(event) {
+        // session.diff can carry repeated full-file before/after snapshots and is
+        // not used by event-derived runtime state, queueing, typing, or UI routing.
+        // Drop it at ingress so large diff payloads never hit memory buffers.
+        if (event.type === 'session.diff') {
+            return;
+        }
         // Skip message.part.delta from the event buffer — no derivation function
         // (isSessionBusy, doesLatestUserTurnHaveNaturalCompletion, waitForEvent,
         // etc.) uses them. During long streaming responses they flood the 1000-slot

package/package.json

@@ -2,7 +2,7 @@
   "name": "kimaki",
   "module": "index.ts",
   "type": "module",
-  "version": "0.4.80",
+  "version": "0.4.81",
   "repository": "https://github.com/remorses/kimaki",
   "bin": "bin.js",
   "files": [