kimaki 0.4.87 → 0.4.89

package/dist/add-directory.e2e.test.js

@@ -0,0 +1,101 @@
+// E2e tests for thread-scoped external directory preapproval via /add-directory.
+import { describe, expect, test } from 'vitest';
+import { setupQueueAdvancedSuite, TEST_USER_ID, } from './queue-advanced-e2e-setup.js';
+import { waitForBotMessageContaining, waitForFooterMessage, } from './test-utils.js';
+const TEXT_CHANNEL_ID = '200000000000001014';
+describe('/add-directory', () => {
+    const ctx = setupQueueAdvancedSuite({
+        channelId: TEXT_CHANNEL_ID,
+        channelName: 'add-directory-e2e',
+        dirName: 'add-directory-e2e',
+        username: 'add-directory-tester',
+    });
+    test('preapproves external directory access for the current thread', async () => {
+        await ctx.discord.channel(TEXT_CHANNEL_ID).user(TEST_USER_ID).sendMessage({
+            content: 'Reply with exactly: add-directory-setup',
+        });
+        const thread = await ctx.discord.channel(TEXT_CHANNEL_ID).waitForThread({
+            timeout: 4_000,
+            predicate: (candidate) => {
+                return candidate.name === 'Reply with exactly: add-directory-setup';
+            },
+        });
+        const th = ctx.discord.thread(thread.id);
+        await th.waitForBotReply({ timeout: 4_000 });
+        await waitForFooterMessage({
+            discord: ctx.discord,
+            threadId: thread.id,
+            timeout: 4_000,
+        });
+        const slashCommand = await th.user(TEST_USER_ID).runSlashCommand({
+            name: 'add-directory',
+            options: [{ name: 'path', type: 3, value: '/Users/morse' }],
+        });
+        await th.waitForInteractionAck({
+            interactionId: slashCommand.id,
+            timeout: 4_000,
+        });
+        await th.user(TEST_USER_ID).sendMessage({
+            content: 'PERMISSION_TYPING_MARKER add-directory-flow first',
+        });
+        await waitForBotMessageContaining({
+            discord: ctx.discord,
+            threadId: thread.id,
+            userId: TEST_USER_ID,
+            text: 'permission-flow-done',
+            timeout: 8_000,
+        });
+        await waitForFooterMessage({
+            discord: ctx.discord,
+            threadId: thread.id,
+            timeout: 12_000,
+            afterMessageIncludes: 'permission-flow-done',
+            afterAuthorId: ctx.discord.botUserId,
+        });
+        for (let attempt = 0; attempt < 10; attempt++) {
+            const messages = await th.getMessages();
+            const hasPermissionPrompt = messages.some((message) => {
+                return message.content.includes('Permission Required');
+            });
+            expect(hasPermissionPrompt).toBe(false);
+            await new Promise((resolve) => {
+                setTimeout(resolve, 20);
+            });
+        }
+        await th.user(TEST_USER_ID).sendMessage({
+            content: 'PERMISSION_TYPING_MARKER add-directory-flow second',
+        });
+        await waitForBotMessageContaining({
+            discord: ctx.discord,
+            threadId: thread.id,
+            userId: TEST_USER_ID,
+            text: 'Permission Required',
+            timeout: 8_000,
+        });
+        const timeline = await th.text();
+        expect(timeline).toMatchInlineSnapshot(`
+        "--- from: user (add-directory-tester)
+        Reply with exactly: add-directory-setup
+        --- from: assistant (TestBot)
+        ⬥ ok
+        *project ⋅ main ⋅ Ns ⋅ N% ⋅ deterministic-v2*
+        Directory preapproved for the next message in this thread.
+        \`/Users/morse\`
+        Kimaki will auto-accept matching external directory requests for \`/Users/morse/*\` during the next run only.
+        --- from: user (add-directory-tester)
+        PERMISSION_TYPING_MARKER add-directory-flow first
+        --- from: assistant (TestBot)
+        ⬥ requesting external read permission
+        ⬥ permission-flow-done
+        *project ⋅ main ⋅ Ns ⋅ N% ⋅ deterministic-v2*
+        --- from: user (add-directory-tester)
+        PERMISSION_TYPING_MARKER add-directory-flow second
+        --- from: assistant (TestBot)
+        ⚠️ **Permission Required**
+        **Type:** \`external_directory\`
+        Agent is accessing files outside the project. [Learn more](https://opencode.ai/docs/permissions/#external-directories)
+        **Pattern:** \`/Users/morse/*\`
+        ⬥ requesting external read permission"
+      `);
+    }, 20_000);
+});

package/dist/agent-model.e2e.test.js

@@ -302,8 +302,7 @@ describe('agent model resolution', () => {
         Reply with exactly: agent-model-check
         --- from: assistant (TestBot)
         ⬥ ok
-        *project ⋅ main ⋅ Ns ⋅ N% ⋅ agent-model-v2 ⋅ **test-agent***
-        ⬥ ok"
+        *project ⋅ main ⋅ Ns ⋅ N% ⋅ agent-model-v2 ⋅ **test-agent***"
       `);
         expect(footerMessage).toBeDefined();
         if (!footerMessage) {
@@ -346,7 +345,7 @@ describe('agent model resolution', () => {
         Reply with exactly: system-context-check
         --- from: assistant (TestBot)
         ⬥ system-context-ok
-        *project ⋅ Ns ⋅ N% ⋅ agent-model-v2 ⋅ **test-agent***"
+        *project ⋅ main ⋅ Ns ⋅ N% ⋅ agent-model-v2 ⋅ **test-agent***"
       `);
     }, 15_000);
     test('new thread uses channel model when channel model preference is set', async () => {

package/dist/cli-send-thread.e2e.test.js

@@ -0,0 +1,280 @@
+// E2e test for `kimaki send --channel` flow.
+// Reproduces the race condition where the bot's MessageCreate GuildText handler
+// tries to call startThread() on the same message that the CLI already created
+// a thread for via REST, causing DiscordAPIError[160004].
+//
+// The test simulates the exact flow: bot posts a starter message with a
+// `start: true` embed marker, then creates a thread on that message via REST.
+// The ThreadCreate handler should pick it up and start a session. The
+// MessageCreate handler must NOT try to startThread() on the same message.
+//
+// Uses opencode-deterministic-provider (no real LLM calls).
+// Poll timeouts: 4s max, 100ms interval.
+import fs from 'node:fs';
+import path from 'node:path';
+import url from 'node:url';
+import { describe, beforeAll, afterAll, test, expect } from 'vitest';
+import { ChannelType, Client, GatewayIntentBits, Partials, Routes, } from 'discord.js';
+import { DigitalDiscord } from 'discord-digital-twin/src';
+import { buildDeterministicOpencodeConfig, } from 'opencode-deterministic-provider';
+import { setDataDir } from './config.js';
+import { store } from './store.js';
+import { startDiscordBot } from './discord-bot.js';
+import { setBotToken, initDatabase, closeDatabase, setChannelDirectory, setChannelVerbosity, } from './database.js';
+import { startHranaServer, stopHranaServer } from './hrana-server.js';
+import { initializeOpencodeForDirectory, stopOpencodeServer, } from './opencode.js';
+import { chooseLockPort, cleanupTestSessions, waitForBotMessageContaining, waitForFooterMessage, } from './test-utils.js';
+import yaml from 'js-yaml';
+const TEST_USER_ID = '200000000000000830';
+const TEXT_CHANNEL_ID = '200000000000000831';
+const BOT_USER_ID = '200000000000000832';
+function createRunDirectories() {
+    const root = path.resolve(process.cwd(), 'tmp', 'cli-send-thread-e2e');
+    fs.mkdirSync(root, { recursive: true });
+    const dataDir = fs.mkdtempSync(path.join(root, 'data-'));
+    const projectDirectory = path.join(root, 'project');
+    fs.mkdirSync(projectDirectory, { recursive: true });
+    return { root, dataDir, projectDirectory };
+}
+function createDiscordJsClient({ restUrl }) {
+    return new Client({
+        intents: [
+            GatewayIntentBits.Guilds,
+            GatewayIntentBits.GuildMessages,
+            GatewayIntentBits.MessageContent,
+            GatewayIntentBits.GuildVoiceStates,
+        ],
+        partials: [
+            Partials.Channel,
+            Partials.Message,
+            Partials.User,
+            Partials.ThreadMember,
+        ],
+        rest: {
+            api: restUrl,
+            version: '10',
+        },
+    });
+}
+function createDeterministicMatchers() {
+    const userReplyMatcher = {
+        id: 'user-reply',
+        priority: 10,
+        when: {
+            lastMessageRole: 'user',
+            latestUserTextIncludes: 'Reply with exactly:',
+        },
+        then: {
+            parts: [
+                { type: 'stream-start', warnings: [] },
+                { type: 'text-start', id: 'default-reply' },
+                { type: 'text-delta', id: 'default-reply', delta: 'ok' },
+                { type: 'text-end', id: 'default-reply' },
+                {
+                    type: 'finish',
+                    finishReason: 'stop',
+                    usage: { inputTokens: 1, outputTokens: 1, totalTokens: 2 },
+                },
+            ],
+            partDelaysMs: [0, 100, 0, 0, 0],
+        },
+    };
+    return [userReplyMatcher];
+}
+describe('kimaki send --channel thread creation', () => {
+    let directories;
+    let discord;
+    let botClient;
+    let previousDefaultVerbosity = null;
+    let testStartTime = Date.now();
+    beforeAll(async () => {
+        testStartTime = Date.now();
+        directories = createRunDirectories();
+        const lockPort = chooseLockPort({ key: TEXT_CHANNEL_ID });
+        process.env['KIMAKI_LOCK_PORT'] = String(lockPort);
+        setDataDir(directories.dataDir);
+        previousDefaultVerbosity = store.getState().defaultVerbosity;
+        store.setState({ defaultVerbosity: 'tools_and_text' });
+        const digitalDiscordDbPath = path.join(directories.dataDir, 'digital-discord.db');
+        discord = new DigitalDiscord({
+            botUser: { id: BOT_USER_ID },
+            guild: {
+                name: 'CLI Send E2E Guild',
+                // Use bot as guild owner so bot-authored messages pass
+                // hasKimakiBotPermission (owner check). This matches production where
+                // the bot typically has admin or is the app owner. Without this, the
+                // MessageCreate handler drops bot messages before reaching the GuildText
+                // path, hiding the race condition we're testing.
+                ownerId: BOT_USER_ID,
+            },
+            channels: [
+                {
+                    id: TEXT_CHANNEL_ID,
+                    name: 'cli-send-e2e',
+                    type: ChannelType.GuildText,
+                },
+            ],
+            users: [
+                {
+                    id: TEST_USER_ID,
+                    username: 'cli-send-tester',
+                },
+            ],
+            dbUrl: `file:${digitalDiscordDbPath}`,
+        });
+        await discord.start();
+        const providerNpm = url
+            .pathToFileURL(path.resolve(process.cwd(), '..', 'opencode-deterministic-provider', 'src', 'index.ts'))
+            .toString();
+        const opencodeConfig = buildDeterministicOpencodeConfig({
+            providerName: 'deterministic-provider',
+            providerNpm,
+            model: 'deterministic-v2',
+            smallModel: 'deterministic-v2',
+            settings: {
+                strict: false,
+                matchers: createDeterministicMatchers(),
+            },
+        });
+        fs.writeFileSync(path.join(directories.projectDirectory, 'opencode.json'), JSON.stringify(opencodeConfig, null, 2));
+        const dbPath = path.join(directories.dataDir, 'discord-sessions.db');
+        const hranaResult = await startHranaServer({ dbPath });
+        if (hranaResult instanceof Error) {
+            throw hranaResult;
+        }
+        process.env['KIMAKI_DB_URL'] = hranaResult;
+        await initDatabase();
+        await setBotToken(discord.botUserId, discord.botToken);
+        await setChannelDirectory({
+            channelId: TEXT_CHANNEL_ID,
+            directory: directories.projectDirectory,
+            channelType: 'text',
+        });
+        await setChannelVerbosity(TEXT_CHANNEL_ID, 'tools_and_text');
+        botClient = createDiscordJsClient({ restUrl: discord.restUrl });
+        await startDiscordBot({
+            token: discord.botToken,
+            appId: discord.botUserId,
+            discordClient: botClient,
+        });
+        // Pre-warm the opencode server
+        const warmup = await initializeOpencodeForDirectory(directories.projectDirectory);
+        if (warmup instanceof Error) {
+            throw warmup;
+        }
+    }, 60_000);
+    afterAll(async () => {
+        if (directories) {
+            await cleanupTestSessions({
+                projectDirectory: directories.projectDirectory,
+                testStartTime,
+            });
+        }
+        if (botClient) {
+            botClient.destroy();
+        }
+        await stopOpencodeServer();
+        await Promise.all([
+            closeDatabase().catch(() => {
+                return;
+            }),
+            stopHranaServer().catch(() => {
+                return;
+            }),
+            discord?.stop().catch(() => {
+                return;
+            }),
+        ]);
+        delete process.env['KIMAKI_LOCK_PORT'];
+        delete process.env['KIMAKI_DB_URL'];
+        if (previousDefaultVerbosity) {
+            store.setState({ defaultVerbosity: previousDefaultVerbosity });
+        }
+        if (directories) {
+            fs.rmSync(directories.dataDir, { recursive: true, force: true });
+        }
+    }, 10_000);
+    test('bot-posted starter message with start marker creates thread without DiscordAPIError[160004]', async () => {
+        // Simulate what `kimaki send --channel` does:
+        // 1. Bot posts a starter message with `start: true` embed marker
+        // 2. Bot creates a thread on that message via REST
+        // The ThreadCreate handler should pick it up. The MessageCreate GuildText
+        // handler must NOT try to startThread() on the same message (race).
+        const prompt = 'Reply with exactly: cli-send-test';
+        const embedMarker = {
+            start: true,
+            username: 'cli-send-tester',
+            userId: TEST_USER_ID,
+        };
+        // Step 1: Bot posts the starter message (same as CLI's sendDiscordMessageWithOptionalAttachment)
+        const starterMessage = (await botClient.rest.post(Routes.channelMessages(TEXT_CHANNEL_ID), {
+            body: {
+                content: prompt,
+                embeds: [
+                    { color: 0x2b2d31, footer: { text: yaml.dump(embedMarker) } },
+                ],
+            },
+        }));
+        // Give the bot's MessageCreate handler time to process the starter
+        // message. Without the fix, the handler enters the GuildText path and
+        // tries to startThread() on this message, which races the CLI's thread
+        // creation below. The digital twin enforces Discord's 160004 uniqueness
+        // constraint, so the second startThread call fails.
+        await new Promise((resolve) => {
+            setTimeout(resolve, 200);
+        });
+        // Verify the MessageCreate handler did NOT create a thread on this
+        // message. If the handler ignored the start marker (correct behavior),
+        // no thread exists yet and the REST call below succeeds.
+        const threadsBeforeCliCreate = await discord
+            .channel(TEXT_CHANNEL_ID)
+            .getThreads();
+        const preExistingThread = threadsBeforeCliCreate.find((t) => {
+            return t.name?.includes('cli-send-test');
+        });
+        // This is the core regression assertion: without the fix in discord-bot.ts
+        // (skipping start markers in the GuildText handler), the MessageCreate
+        // handler would create a thread here, and the CLI's REST call below would
+        // fail with 160004.
+        expect(preExistingThread).toBeUndefined();
+        // Step 2: Bot creates a thread on the starter message (same as CLI's Routes.threads call)
+        const threadData = (await botClient.rest.post(Routes.threads(TEXT_CHANNEL_ID, starterMessage.id), {
+            body: {
+                name: 'cli-send-test',
+                auto_archive_duration: 1440,
+            },
+        }));
+        // Add test user to thread
+        await botClient.rest.put(Routes.threadMembers(threadData.id, TEST_USER_ID));
+        // Wait for the bot to reply with the ⬥ prefix (proves ThreadCreate
+        // handler picked up the starter message and started a session)
+        await waitForBotMessageContaining({
+            discord,
+            threadId: threadData.id,
+            userId: discord.botUserId,
+            text: '⬥',
+            timeout: 4_000,
+        });
+        // Wait for footer message (proves session completed successfully)
+        await waitForFooterMessage({
+            discord,
+            threadId: threadData.id,
+            timeout: 4_000,
+            afterMessageIncludes: '⬥',
+            afterAuthorId: discord.botUserId,
+        });
+        // Verify no DiscordAPIError[160004] or other errors in the thread.
+        // Before the fix, the MessageCreate GuildText handler would race the
+        // CLI's thread creation and produce an error message here.
+        const messages = await discord.thread(threadData.id).getMessages();
+        const errorMessages = messages.filter((m) => {
+            return m.content.includes('Error:') || m.content.includes('160004');
+        });
+        expect(errorMessages).toHaveLength(0);
+        // Verify at least one ⬥ reply exists (session produced output)
+        const botReplies = messages.filter((m) => {
+            return (m.author.id === discord.botUserId && m.content.startsWith('⬥'));
+        });
+        expect(botReplies.length).toBeGreaterThanOrEqual(1);
+    }, 15_000);
+});

package/dist/cli.js

@@ -1662,6 +1662,8 @@ cli
     .option('--model <model>', 'Model to use (format: provider/model)')
     .option('--permission <rule>', z.array(z.string()).describe('Session permission rule (repeatable). Format: "tool:action" or "tool:pattern:action". ' +
     'Actions: allow, deny, ask. Examples: --permission "bash:deny" --permission "edit:deny"'))
+    .option('--injection-guard <pattern>', z.array(z.string()).describe('Injection guard scan pattern (repeatable). Enables prompt injection detection for this session. ' +
+    'Format: "tool:argsGlob". Examples: --injection-guard "bash:*" --injection-guard "webfetch:*"'))
     .option('--send-at <schedule>', 'Schedule send for future (UTC ISO date/time ending in Z, or cron expression)')
     .option('--thread <threadId>', 'Post prompt to an existing thread')
     .option('--session <sessionId>', 'Post prompt to thread mapped to an existing session')
@@ -1892,6 +1894,7 @@ cli
                     username: null,
                     userId: null,
                     permissions: options.permission?.length ? options.permission : null,
+                    injectionGuardPatterns: options.injectionGuard?.length ? options.injectionGuard : null,
                 };
                 const taskId = await createScheduledTask({
                     scheduleKind: parsedSchedule.scheduleKind,
@@ -1912,8 +1915,9 @@ cli
                 process.exit(0);
             }
             const threadPromptMarker = {
-                cliThreadPrompt: true,
+                start: true,
                 ...(options.permission?.length ? { permissions: options.permission } : {}),
+                ...(options.injectionGuard?.length ? { injectionGuardPatterns: options.injectionGuard } : {}),
             };
             const promptEmbed = [
                 {
@@ -2005,6 +2009,7 @@ cli
                 username: resolvedUser?.username || null,
                 userId: resolvedUser?.id || null,
                 permissions: options.permission?.length ? options.permission : null,
+                injectionGuardPatterns: options.injectionGuard?.length ? options.injectionGuard : null,
             };
             const taskId = await createScheduledTask({
                 scheduleKind: parsedSchedule.scheduleKind,
@@ -2036,6 +2041,7 @@ cli
                 ...(options.agent && { agent: options.agent }),
                 ...(options.model && { model: options.model }),
                 ...(options.permission?.length && { permissions: options.permission }),
+                ...(options.injectionGuard?.length && { injectionGuardPatterns: options.injectionGuard }),
             };
         const autoStartEmbed = embedMarker
             ? [{ color: 0x2b2d31, footer: { text: yaml.dump(embedMarker) } }]

package/dist/commands/add-directory.js

@@ -0,0 +1,67 @@
+// /add-directory command - Preapprove an external directory for this thread.
+import { ChannelType, MessageFlags, } from 'discord.js';
+import { getThreadSession } from '../database.js';
+import { normalizeAllowedDirectoryPath } from '../directory-permissions.js';
+import { resolveWorkingDirectory, SILENT_MESSAGE_FLAGS, } from '../discord-utils.js';
+import { createLogger } from '../logger.js';
+import { getOrCreateRuntime } from '../session-handler/thread-session-runtime.js';
+const logger = createLogger('ADD_DIR');
+export async function handleAddDirectoryCommand({ command, appId, }) {
+    const inputPath = command.options.getString('path', true);
+    const channel = command.channel;
+    if (!channel) {
+        await command.reply({
+            content: 'This command can only be used in a channel',
+            flags: MessageFlags.Ephemeral | SILENT_MESSAGE_FLAGS,
+        });
+        return;
+    }
+    const isThread = [
+        ChannelType.PublicThread,
+        ChannelType.PrivateThread,
+        ChannelType.AnnouncementThread,
+    ].includes(channel.type);
+    if (!isThread) {
+        await command.reply({
+            content: 'This command can only be used in a thread with an active session',
+            flags: MessageFlags.Ephemeral | SILENT_MESSAGE_FLAGS,
+        });
+        return;
+    }
+    await command.deferReply({
+        flags: MessageFlags.Ephemeral | SILENT_MESSAGE_FLAGS,
+    });
+    const sessionId = await getThreadSession(channel.id);
+    if (!sessionId) {
+        await command.editReply('No active session in this thread');
+        return;
+    }
+    const resolved = await resolveWorkingDirectory({
+        channel: channel,
+    });
+    if (!resolved) {
+        await command.editReply('Could not determine project directory for this channel');
+        return;
+    }
+    const normalizedPath = normalizeAllowedDirectoryPath({
+        input: inputPath,
+        workingDirectory: resolved.workingDirectory,
+    });
+    if (normalizedPath instanceof Error) {
+        await command.editReply(normalizedPath.message);
+        return;
+    }
+    const runtime = getOrCreateRuntime({
+        threadId: channel.id,
+        thread: channel,
+        projectDirectory: resolved.projectDirectory,
+        sdkDirectory: resolved.workingDirectory,
+        channelId: channel.parentId || channel.id,
+        appId,
+    });
+    runtime.primeNextExternalDirectoryAccess({
+        directory: normalizedPath,
+    });
+    await command.editReply(`Directory preapproved for the next message in this thread.\n\`${normalizedPath}\`\nKimaki will auto-accept matching external directory requests for \`${normalizedPath}/*\` during the next run only.`);
+    logger.log(`Thread ${channel.id} primed one-shot directory ${normalizedPath}`);
+}

package/dist/commands/user-command.js

@@ -2,12 +2,14 @@
 // Handles slash commands that map to user-configured commands in opencode.json.
 import { ChannelType, MessageFlags, } from 'discord.js';
 import { getOrCreateRuntime } from '../session-handler/thread-session-runtime.js';
-import { sendThreadMessage, SILENT_MESSAGE_FLAGS } from '../discord-utils.js';
+import { SILENT_MESSAGE_FLAGS } from '../discord-utils.js';
 import { createLogger, LogPrefix } from '../logger.js';
 import { getChannelDirectory, getThreadSession } from '../database.js';
 import { store } from '../store.js';
 import fs from 'node:fs';
 const userCommandLogger = createLogger(LogPrefix.USER_CMD);
+const DISCORD_MESSAGE_LIMIT = 2000;
+const DISCORD_THREAD_NAME_LIMIT = 100;
 export const handleUserCommand = async ({ command, appId, }) => {
     const discordCommandName = command.commandName;
     // Look up the original OpenCode command name from the mapping populated at registration.
@@ -17,6 +19,10 @@ export const handleUserCommand = async ({ command, appId, }) => {
     const fallbackBase = discordCommandName.replace(/-(cmd|skill|mcp-prompt)$/, '');
     const commandName = registered?.name || fallbackBase;
     const args = command.options.getString('arguments') || '';
+    const commandInvocation = args ? `/${commandName} ${args}` : `/${commandName}`;
+    const threadOpeningMessage = commandInvocation.length <= DISCORD_MESSAGE_LIMIT
+        ? commandInvocation
+        : `${commandInvocation.slice(0, DISCORD_MESSAGE_LIMIT - 14)}... truncated`;
     userCommandLogger.log(`Executing /${commandName} (from /${discordCommandName}) argsLength=${args.length}`);
     const channel = command.channel;
     userCommandLogger.log(`Channel info: type=${channel?.type}, id=${channel?.id}, isNull=${channel === null}`);
@@ -81,7 +87,7 @@ export const handleUserCommand = async ({ command, appId, }) => {
         const commandPayload = { name: commandName, arguments: args };
         if (isThread && thread) {
             // Running in existing thread - just send the command
-            await command.editReply(`Running /${commandName}...`);
+            await command.editReply(`Running ${commandInvocation}...`);
             const runtime = getOrCreateRuntime({
                 threadId: thread.id,
                 thread,
@@ -102,21 +108,16 @@ export const handleUserCommand = async ({ command, appId, }) => {
         else if (textChannel) {
             // Running in text channel - create a new thread
             const starterMessage = await textChannel.send({
-                content: `**/${commandName}**`,
+                content: threadOpeningMessage,
                 flags: SILENT_MESSAGE_FLAGS,
             });
-            const threadName = `/${commandName}`;
             const newThread = await starterMessage.startThread({
-                name: threadName.slice(0, 100),
+                name: commandInvocation.slice(0, DISCORD_THREAD_NAME_LIMIT),
                 autoArchiveDuration: 1440,
                 reason: `OpenCode command: ${commandName}`,
             });
             // Add user to thread so it appears in their sidebar
             await newThread.members.add(command.user.id);
-            if (args) {
-                const argsPreview = args.length > 1800 ? `${args.slice(0, 1800)}\n... truncated` : args;
-                await sendThreadMessage(newThread, `Args: ${argsPreview}`);
-            }
             await command.editReply(`Started /${commandName} in ${newThread.toString()}`);
             const runtime = getOrCreateRuntime({
                 threadId: newThread.id,

package/dist/context-awareness-plugin.js

@@ -49,18 +49,20 @@ export function shouldInjectBranch({ previousGitState, currentGitState, }) {
     const text = currentGitState.warning || `\n[current git branch is ${currentGitState.label}]`;
     return { inject: true, text };
 }
-export function shouldInjectPwd({ sessionDir, projectDir, announcedDir, }) {
-    if (!sessionDir || sessionDir === projectDir) {
+export function shouldInjectPwd({ currentDir, previousDir, announcedDir, }) {
+    if (announcedDir === currentDir) {
         return { inject: false };
     }
-    if (announcedDir === sessionDir) {
+    const priorDirectory = announcedDir || previousDir;
+    if (!priorDirectory || priorDirectory === currentDir) {
         return { inject: false };
     }
     return {
         inject: true,
-        text: `\n[working directory is ${sessionDir} (git worktree of ${projectDir}). ` +
-            `All file reads, writes, and edits must use paths under ${sessionDir}, ` +
-            `not ${projectDir}.]`,
+        text: `\n[working directory changed. Previous working directory: ${priorDirectory}. ` +
+            `Current working directory: ${currentDir}. ` +
+            `You MUST read, write, and edit files only under ${currentDir}. ` +
+            `Do NOT read, write, or edit files under ${priorDirectory}.]`,
     };
 }
 const TEN_MINUTES = 10 * 60 * 1000;
@@ -149,20 +151,25 @@ async function resolveGitState({ directory, }) {
             'create or switch to a branch before committing.]',
     };
 }
-// Resolve the session's actual working directory via the SDK.
-// Cached in SessionState.resolvedDirectory to avoid repeated HTTP calls.
+// Resolve the last observed session directory via the SDK.
+// Refreshed on every real user message because sessions can switch directories
+// mid-thread and the pwd reminder must compare old vs new accurately.
 async function resolveSessionDirectory({ client, sessionID, state, }) {
-    if (state.resolvedDirectory) {
-        return state.resolvedDirectory;
-    }
+    const previousDirectory = state.resolvedDirectory;
     const result = await errore.tryAsync(() => {
         return client.session.get({ path: { id: sessionID } });
     });
     if (result instanceof Error || !result.data?.directory) {
-        return null;
+        return {
+            currentDirectory: previousDirectory || null,
+            previousDirectory,
+        };
     }
     state.resolvedDirectory = result.data.directory;
-    return result.data.directory;
+    return {
+        currentDirectory: result.data.directory,
+        previousDirectory,
+    };
 }
 // ── Plugin ───────────────────────────────────────────────────────
 const contextAwarenessPlugin = async ({ directory, client }) => {
@@ -224,23 +231,30 @@ const contextAwarenessPlugin = async ({ directory, client }) => {
                     }
                     const messageID = first.messageID;
                     // -- Resolve session working directory --
-                    const sessionDir = await resolveSessionDirectory({
+                    const sessionDirectory = await resolveSessionDirectory({
                         client,
                         sessionID,
                         state,
                     });
-                    const effectiveDirectory = sessionDir || directory;
+                    // The plugin request directory is the current directory Kimaki asked
+                    // OpenCode to operate on for this message. Prefer it over session.get()
+                    // when they disagree so reminders and MEMORY/branch context follow the
+                    // new worktree immediately after a folder switch.
+                    const effectiveDirectory = directory;
                     // -- Branch / detached HEAD detection --
                     // Resolved early but injected last so it appears at the end of parts.
                     const gitState = await resolveGitState({ directory: effectiveDirectory });
                     // -- Working directory change detection --
                     const pwdResult = shouldInjectPwd({
-                        sessionDir,
-                        projectDir: directory,
+                        currentDir: effectiveDirectory,
+                        previousDir: sessionDirectory.previousDirectory ||
+                            (sessionDirectory.currentDirectory !== effectiveDirectory
+                                ? sessionDirectory.currentDirectory || undefined
+                                : undefined),
                         announcedDir: state.announcedDirectory,
                     });
                     if (pwdResult.inject) {
-                        state.announcedDirectory = sessionDir;
+                        state.announcedDirectory = effectiveDirectory;
                         output.parts.push({
                             id: `prt_${crypto.randomUUID()}`,
                             sessionID,