supipowers 2.0.2 → 2.2.0

package/src/mempalace/runtime.ts

@@ -19,6 +19,15 @@ export type BridgePathResult =
 
 export interface BridgePathOptions {
   moduleUrl?: string;
+  /**
+   * Installed extension package roots. Used when OMP executes temp-copied TS
+   * modules that do not preserve adjacent non-TypeScript assets.
+   */
+  extensionRoots?: string[];
+}
+
+export interface BridgePathPlatformPaths {
+  agent(...segments: string[]): string;
 }
 
 export interface ProcessRunResult {
@@ -74,6 +83,7 @@ export type RunBridgeRequestResult =
       stdoutPreview: string;
       stderrTail: string;
       durationMs: number;
+      completion?: Promise<void>;
     };
 
 export interface RunBridgeRequestOptions {
@@ -132,21 +142,39 @@ export interface SetupMempalaceRuntimeOptions {
 export function resolveBridgeScriptPath(options: BridgePathOptions = {}): BridgePathResult {
   const moduleUrl = options.moduleUrl ?? import.meta.url;
   const runtimePath = fileURLToPath(moduleUrl);
-  const bridgePath = path.join(path.dirname(runtimePath), "python", "mempalace_bridge.py");
+  const moduleBridgePath = path.join(path.dirname(runtimePath), "python", "mempalace_bridge.py");
+  if (fs.existsSync(moduleBridgePath)) {
+    return { ok: true, path: moduleBridgePath };
+  }
 
-  if (!fs.existsSync(bridgePath)) {
-    return {
-      ok: false,
-      path: bridgePath,
-      error: {
-        code: "bridge_not_found",
-        message: `Bundled MemPalace bridge not found at ${bridgePath}`,
-        remediation: "Reinstall supipowers or verify the package includes src/mempalace/python/mempalace_bridge.py.",
-      },
-    };
+  let missingBridgePath = moduleBridgePath;
+  for (const extensionRoot of options.extensionRoots ?? []) {
+    const extensionBridgePath = path.join(extensionRoot, "src", "mempalace", "python", "mempalace_bridge.py");
+    missingBridgePath = extensionBridgePath;
+    if (fs.existsSync(extensionBridgePath)) {
+      return { ok: true, path: extensionBridgePath };
+    }
   }
 
-  return { ok: true, path: bridgePath };
+  return {
+    ok: false,
+    path: missingBridgePath,
+    error: {
+      code: "bridge_not_found",
+      message: `Bundled MemPalace bridge not found at ${missingBridgePath}`,
+      remediation: "Reinstall supipowers or verify the package includes src/mempalace/python/mempalace_bridge.py.",
+    },
+  };
+}
+
+export function resolveInstalledBridgeScriptPath(
+  paths: BridgePathPlatformPaths,
+  options: BridgePathOptions = {},
+): BridgePathResult {
+  return resolveBridgeScriptPath({
+    ...options,
+    extensionRoots: [paths.agent("extensions", "supipowers"), ...(options.extensionRoots ?? [])],
+  });
 }
 
 export function resolveManagedVenvPaths(
@@ -296,8 +324,14 @@ export async function runBridgeRequest(options: RunBridgeRequestOptions): Promis
   const input = JSON.stringify(options.request);
   const runner = options.runner ?? defaultProcessRunner;
 
+  const runnerPromise = Promise.resolve().then(() =>
+    runner(options.pythonPath, [options.bridgeScriptPath], { input, timeoutMs: options.timeoutMs }),
+  );
+  const completion = runnerPromise.then(() => {}, () => {});
+
+  let timeoutHandle: ReturnType<typeof setTimeout> | undefined;
   const timeout = new Promise<ProcessRunResult>((resolve) => {
-    setTimeout(() => resolve({
+    timeoutHandle = setTimeout(() => resolve({
       code: -1,
       stdout: "",
       stderr: "",
@@ -307,9 +341,9 @@ export async function runBridgeRequest(options: RunBridgeRequestOptions): Promis
   let runResult: ProcessRunResult;
   try {
     runResult = await Promise.race([
-      runner(options.pythonPath, [options.bridgeScriptPath], { input, timeoutMs: options.timeoutMs }),
+      runnerPromise,
       timeout,
-    ]);
+    ]).finally(() => clearTimeout(timeoutHandle));
   } catch (error) {
     return {
       ok: false,
@@ -336,6 +370,7 @@ export async function runBridgeRequest(options: RunBridgeRequestOptions): Promis
       stdoutPreview: "",
       stderrTail: "",
       durationMs,
+      completion,
     };
   }
 
@@ -550,13 +585,15 @@ export function buildMempalaceCliArgs(
   const args: string[] = [action];
   if (action === "split") {
     if (params.source_file) args.push(params.source_file);
-  } else if (params.dir) {
+  } else if (action !== "repair" && params.dir) {
     args.push(params.dir);
   }
 
   if (typeof params.limit === "number") args.push("--limit", String(params.limit));
   if (params.mode) args.push("--mode", params.mode);
+  if (action === "repair" && params.source) args.push("--source", params.source);
   if (params.extract) args.push("--extract");
+  if (action === "repair" && params.archive_existing) args.push("--archive-existing");
   if (params.dry_run) args.push("--dry-run");
   if (params.include_ignored) args.push("--include-ignored");
   if (params.no_gitignore) args.push("--no-gitignore");

package/src/mempalace/schema.ts

@@ -1,3 +1,11 @@
+import {
+  MEMPALACE_MAX_CONTENT_LENGTH,
+  MEMPALACE_MAX_HOPS,
+  MEMPALACE_MAX_NAME_LENGTH,
+  MEMPALACE_MAX_QUERY_LENGTH,
+  MEMPALACE_MAX_RESULTS,
+} from "./upstream-limits.js";
+
 export const MEMPALACE_ACTIONS = [
   "status",
   "list_wings",
@@ -35,6 +43,7 @@ export const MEMPALACE_ACTIONS = [
   "split",
   "repair",
   "wake_up",
+  "wake_up_and_search",
 ] as const;
 
 export type MempalaceAction = typeof MEMPALACE_ACTIONS[number];
@@ -50,13 +59,14 @@ export interface MempalaceParams {
   drawer_id?: string;
   content?: string;
   source_file?: string;
+  source_drawer_id?: string;
   added_by?: string;
   subject?: string;
   predicate?: string;
   object?: string;
   valid_from?: string;
   valid_to?: string;
-  ended?: boolean;
+  ended?: string;
   as_of?: string;
   direction?: string;
   start_room?: string;
@@ -72,8 +82,10 @@ export interface MempalaceParams {
   topic?: string;
   dir?: string;
   mode?: string;
+  source?: string;
   extract?: boolean;
   dry_run?: boolean;
+  archive_existing?: boolean;
   include_ignored?: boolean;
   no_gitignore?: boolean;
   yes?: boolean;
@@ -94,12 +106,14 @@ const STRING_FIELDS = [
   "drawer_id",
   "content",
   "source_file",
+  "source_drawer_id",
   "added_by",
   "subject",
   "predicate",
   "object",
   "valid_from",
   "valid_to",
+  "ended",
   "as_of",
   "direction",
   "start_room",
@@ -114,34 +128,65 @@ const STRING_FIELDS = [
   "topic",
   "dir",
   "mode",
+  "source",
 ] as const;
 
 const POSITIVE_INTEGER_FIELDS = ["limit", "max_hops", "timeout"] as const;
+const MAX_INTEGER_FIELDS: ReadonlyArray<readonly [keyof MempalaceParams, number]> = [
+  ["limit", MEMPALACE_MAX_RESULTS],
+  ["max_hops", MEMPALACE_MAX_HOPS],
+];
 const NON_NEGATIVE_INTEGER_FIELDS = ["offset"] as const;
-const BOOLEAN_FIELDS = ["ended", "extract", "dry_run", "include_ignored", "no_gitignore", "yes"] as const;
+const BOOLEAN_FIELDS = ["extract", "dry_run", "archive_existing", "include_ignored", "no_gitignore", "yes"] as const;
+
+// Per-field maximum string lengths. Each entry mirrors the JSON schema
+// `maxLength` and corresponds to an upstream MemPalace sanitizer bound:
+//   - sanitize_query (tool_search) silently truncates anything beyond
+//     MAX_QUERY_LENGTH, so callers can't tell their long query was clipped.
+//   - sanitize_name / sanitize_kg_value / sanitize_content all raise
+//     ValueError beyond their limits, which surfaces as a domain error
+//     from the python bridge instead of at the TS boundary.
+// Enforcing here gives every overlong field the same `field exceeds <N>
+// characters` error path before the python child is spawned.
+const MAX_LENGTH_FIELDS: ReadonlyArray<readonly [keyof MempalaceParams, number]> = [
+  ["query", MEMPALACE_MAX_QUERY_LENGTH],
+  ["content", MEMPALACE_MAX_CONTENT_LENGTH],
+  ["entry", MEMPALACE_MAX_CONTENT_LENGTH],
+  ["wing", MEMPALACE_MAX_NAME_LENGTH],
+  ["room", MEMPALACE_MAX_NAME_LENGTH],
+  ["subject", MEMPALACE_MAX_NAME_LENGTH],
+  ["predicate", MEMPALACE_MAX_NAME_LENGTH],
+  ["object", MEMPALACE_MAX_NAME_LENGTH],
+  ["start_room", MEMPALACE_MAX_NAME_LENGTH],
+  ["source_wing", MEMPALACE_MAX_NAME_LENGTH],
+  ["source_room", MEMPALACE_MAX_NAME_LENGTH],
+  ["target_wing", MEMPALACE_MAX_NAME_LENGTH],
+  ["target_room", MEMPALACE_MAX_NAME_LENGTH],
+  ["agent_name", MEMPALACE_MAX_NAME_LENGTH],
+  ["topic", MEMPALACE_MAX_NAME_LENGTH],
+] as const;
 
-const REQUIRED_FIELDS: Partial<Record<MempalaceAction, readonly (keyof MempalaceParams)[]>> = {
+export const REQUIRED_FIELDS: Partial<Record<MempalaceAction, readonly (keyof MempalaceParams)[]>> = {
   search: ["query"],
   check_duplicate: ["content"],
   get_drawer: ["drawer_id"],
   list_drawers: ["wing"],
-  add_drawer: ["content"],
+  add_drawer: ["wing", "room", "content"],
   update_drawer: ["drawer_id", "content"],
   delete_drawer: ["drawer_id"],
   kg_query: ["subject"],
   kg_add: ["subject", "predicate", "object"],
-  kg_invalidate: ["subject", "predicate"],
+  kg_invalidate: ["subject", "predicate", "object"],
   kg_timeline: ["subject"],
   traverse: ["start_room"],
-  find_tunnels: ["source_wing", "source_room"],
   create_tunnel: ["source_wing", "source_room", "target_wing", "target_room", "label"],
   delete_tunnel: ["tunnel_id"],
   follow_tunnels: ["source_wing", "source_room"],
-  diary_write: ["entry"],
+  diary_write: ["entry", "agent_name"],
+  diary_read: ["agent_name"],
   init: ["dir"],
   mine: ["dir"],
   split: ["source_file"],
-  repair: ["dir"],
 };
 
 function isRecord(value: unknown): value is Record<string, unknown> {
@@ -156,6 +201,44 @@ function isNonEmptyString(value: unknown): value is string {
   return typeof value === "string" && value.trim().length > 0;
 }
 
+const ISO_DATE_PART_PATTERN = "\\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12]\\d|3[01])";
+const ISO_UTC_DATETIME_PATTERN = `${ISO_DATE_PART_PATTERN}T(?:[01]\\d|2[0-3]):[0-5]\\d:[0-5]\\d(?:Z|\\+00:00)`;
+const ISO_TEMPORAL_PATTERN = `^(?:${ISO_DATE_PART_PATTERN}|${ISO_UTC_DATETIME_PATTERN})$`;
+const ISO_TEMPORAL_DESCRIPTION =
+  "ISO temporal string accepted by MemPalace: YYYY-MM-DD, YYYY-MM-DDTHH:MM:SSZ, or YYYY-MM-DDTHH:MM:SS+00:00.";
+const ISO_TEMPORAL_SCHEMA = {
+  type: "string",
+  pattern: ISO_TEMPORAL_PATTERN,
+  description: ISO_TEMPORAL_DESCRIPTION,
+} as const;
+const ISO_TEMPORAL_REGEX = new RegExp(ISO_TEMPORAL_PATTERN);
+const ISO_TEMPORAL_FIELDS = ["as_of", "valid_from", "valid_to", "ended"] as const;
+const DAYS_IN_MONTH = [31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31] as const;
+
+function fixedInt(value: string, start: number, end: number): number {
+  let out = 0;
+  for (let i = start; i < end; i += 1) {
+    out = out * 10 + value.charCodeAt(i) - 48;
+  }
+  return out;
+}
+
+function isLeapYear(year: number): boolean {
+  return year % 4 === 0 && (year % 100 !== 0 || year % 400 === 0);
+}
+
+function isValidIsoTemporal(value: string): boolean {
+  if (!ISO_TEMPORAL_REGEX.test(value)) return false;
+
+  const year = fixedInt(value, 0, 4);
+  const month = fixedInt(value, 5, 7);
+  const day = fixedInt(value, 8, 10);
+  if (year < 1) return false;
+
+  const daysInMonth = month === 2 ? (isLeapYear(year) ? 29 : 28) : DAYS_IN_MONTH[month - 1];
+  return day <= daysInMonth;
+}
+
 export const mempalaceToolParameters = {
   type: "object",
   additionalProperties: false,
@@ -166,38 +249,45 @@ export const mempalaceToolParameters = {
       description: "Action to dispatch.",
     },
     palace: { type: "string" },
-    wing: { type: "string" },
-    room: { type: "string" },
-    query: { type: "string" },
-    limit: { type: "integer", minimum: 1 },
-    offset: { type: "integer", minimum: 0 },
+    wing: {
+      type: "string",
+      maxLength: MEMPALACE_MAX_NAME_LENGTH,
+      description: "Wing name. Required for list_drawers to scope the query and avoid an accidental full-palace dump.",
+    },
+    room: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
+    query: { type: "string", maxLength: MEMPALACE_MAX_QUERY_LENGTH },
+    limit: { type: "integer", minimum: 1, maximum: MEMPALACE_MAX_RESULTS },
+    offset: { type: "integer", minimum: 0, description: "Zero-based pagination offset (use with limit for list_drawers and similar listing actions)." },
     drawer_id: { type: "string" },
-    content: { type: "string" },
+    content: { type: "string", maxLength: MEMPALACE_MAX_CONTENT_LENGTH },
     source_file: { type: "string" },
+    source_drawer_id: { type: "string" },
     added_by: { type: "string" },
-    subject: { type: "string" },
-    predicate: { type: "string" },
-    object: { type: "string" },
-    valid_from: { type: "string" },
-    valid_to: { type: "string" },
-    ended: { type: "boolean" },
-    as_of: { type: "string" },
+    subject: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
+    predicate: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
+    object: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
+    valid_from: ISO_TEMPORAL_SCHEMA,
+    valid_to: ISO_TEMPORAL_SCHEMA,
+    ended: ISO_TEMPORAL_SCHEMA,
+    as_of: ISO_TEMPORAL_SCHEMA,
     direction: { type: "string" },
-    start_room: { type: "string" },
-    max_hops: { type: "integer", minimum: 1 },
-    source_wing: { type: "string" },
-    source_room: { type: "string" },
-    target_wing: { type: "string" },
-    target_room: { type: "string" },
+    start_room: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
+    max_hops: { type: "integer", minimum: 1, maximum: MEMPALACE_MAX_HOPS },
+    source_wing: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
+    source_room: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
+    target_wing: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
+    target_room: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
     label: { type: "string" },
     tunnel_id: { type: "string" },
-    agent_name: { type: "string" },
-    entry: { type: "string" },
-    topic: { type: "string" },
+    agent_name: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
+    entry: { type: "string", maxLength: MEMPALACE_MAX_CONTENT_LENGTH },
+    topic: { type: "string", maxLength: MEMPALACE_MAX_NAME_LENGTH },
     dir: { type: "string" },
     mode: { type: "string" },
+    source: { type: "string" },
     extract: { type: "boolean" },
     dry_run: { type: "boolean" },
+    archive_existing: { type: "boolean" },
     include_ignored: { type: "boolean" },
     no_gitignore: { type: "boolean" },
     yes: { type: "boolean" },
@@ -254,6 +344,37 @@ export function validateMempalaceParams(params: unknown): MempalaceValidationRes
     }
   }
 
+  for (const [field, max] of MAX_INTEGER_FIELDS) {
+    const value = params[field];
+    if (typeof value === "number" && Number.isInteger(value) && value > max) {
+      errors.push(`${field} exceeds maximum of ${max}`);
+    }
+  }
+
+  for (const [field, max] of MAX_LENGTH_FIELDS) {
+    const value = params[field];
+    if (typeof value === "string" && value.length > max) {
+      errors.push(`${field} exceeds maximum length of ${max} characters`);
+    }
+  }
+
+  // ISO temporal fields: callers commonly pass `" 2026-05-13 "` from logs or
+  // env vars — strip surrounding whitespace before validating so we accept
+  // the same shape MemPalace's downstream sqlite comparison would. Empty
+  // strings are still rejected (semantically not a date, and would be stored
+  // as garbage in the kg.triples valid_from/valid_to columns).
+  for (const field of ISO_TEMPORAL_FIELDS) {
+    const value = params[field];
+    if (typeof value !== "string") continue;
+    const trimmed = value.trim();
+    if (trimmed !== value) {
+      (params as Record<string, unknown>)[field] = trimmed;
+    }
+    if (!isValidIsoTemporal(trimmed)) {
+      errors.push(`${field} must be an ISO temporal string accepted by MemPalace`);
+    }
+  }
+
   for (const field of REQUIRED_FIELDS[action] ?? []) {
     if (!isNonEmptyString(params[field])) {
       errors.push(`${field} is required for action ${action}`);

package/src/mempalace/session-summary.ts

@@ -185,6 +185,11 @@ export function buildCompactionCheckpoint(options: SessionSummaryOptions): Compa
 
 export function buildShutdownDiary(options: SessionSummaryOptions): ShutdownDiary {
   const { body, now } = buildBody("MemPalace shutdown diary", "shutdown", options);
+  // source_file convention: the bridge's Python layer (mempalace_bridge.py) embeds
+  // the source_file value as a deterministic first-line prefix in the entry text:
+  //   "[source: <source_file>]\n<entry>"
+  // tool_diary_write does not accept source_file natively; the prefix is how the
+  // round-trip proves the linkage (diary_read returns the full document text).
   return {
     entry: body,
     metadata: {

package/src/mempalace/tool.ts

@@ -5,7 +5,7 @@ import { resolveMempalaceConfig, type ResolvedMempalaceConfig } from "./config.j
 import { formatMempalaceError, formatMempalaceResult } from "./format.js";
 import { mempalaceToolParameters, validateMempalaceParams, type MempalaceParams } from "./schema.js";
 import {
-  resolveBridgeScriptPath,
+  resolveInstalledBridgeScriptPath,
   setupMempalaceRuntime,
   type BridgePathResult,
   type SetupMempalaceRuntimeOptions,
@@ -55,10 +55,11 @@ async function executeSetup(
   resolved: ResolvedMempalaceConfig,
   cwd: string,
   managedBinDir: string,
+  defaultResolveBridgeScriptPath: () => BridgePathResult,
   deps: MempalaceToolDeps,
   onUpdate: unknown,
 ): Promise<{ content: Array<{ type: "text"; text: string }>; details: Record<string, unknown> }> {
-  const bridgePath = (deps.resolveBridgeScriptPath ?? resolveBridgeScriptPath)();
+  const bridgePath = (deps.resolveBridgeScriptPath ?? defaultResolveBridgeScriptPath)();
   if (!bridgePath.ok) {
     const formatted = formatMempalaceError(bridgePath.error, {
       ok: false,
@@ -121,6 +122,10 @@ export function registerMempalaceTool(
     return;
   }
   if (!snapshot.ready) return;
+  const bridgeRuntime = {
+    resolveBridgeScriptPath: () => resolveInstalledBridgeScriptPath(platform.paths),
+  };
+
 
   platform.registerTool({
     name: "mempalace",
@@ -143,12 +148,20 @@ export function registerMempalaceTool(
         const params = validation.params;
 
         if (params.action === "setup") {
-          return await executeSetup(params, resolved, cwd, platform.paths.global("bin"), deps, onUpdate);
+          return await executeSetup(
+            params,
+            resolved,
+            cwd,
+            platform.paths.global("bin"),
+            bridgeRuntime.resolveBridgeScriptPath,
+            deps,
+            onUpdate,
+          );
         }
 
         const bridge = deps.createBridge
           ? deps.createBridge(resolved, cwd)
-          : createMempalaceBridge({ cwd, config: resolved });
+          : createMempalaceBridge({ cwd, config: resolved, runtime: bridgeRuntime });
         const result = await bridge.execute(params);
 
         if (!result.ok) {

package/src/mempalace/upstream-limits.ts

@@ -0,0 +1,69 @@
+/**
+ * Upstream MemPalace pin.
+ *
+ * Single source of truth for the `mempalace` PyPI package version and
+ * the parameter limits the upstream package enforces. Keeping these in
+ * one place — instead of sprinkling `"3.3.4"` / `500` / `100` / `128`
+ * magic literals across the config defaults, schema, hooks, and tests —
+ * makes a version bump a one-line edit and guarantees our tool surface
+ * advertises the same bounds the upstream MCP server enforces.
+ *
+ * # Bump procedure
+ * 1. Update `MEMPALACE_PACKAGE_VERSION` below.
+ * 2. Re-verify each `MEMPALACE_MAX_*` constant against the cited
+ *    upstream source path. Update any that drifted.
+ * 3. If the upstream MCP API surface (function names, parameter names)
+ *    changed, update the dispatch table in
+ *    `src/mempalace/python/mempalace_bridge.py` and its header comment.
+ * 4. Run `bun ci`. All consumers — including tests — read from these
+ *    constants, so a mismatch surfaces as a test failure rather than
+ *    silent runtime drift.
+ */
+
+/**
+ * Exact PyPI version installed by the managed setup pipeline. Flows into
+ * `DEFAULT_CONFIG.mempalace.packageVersion` and, from there, into the
+ * `mempalace==<version>` argument handed to `uv pip install`.
+ */
+export const MEMPALACE_PACKAGE_VERSION = "3.3.5";
+
+/**
+ * Upper bound applied internally by `tool_search` and `tool_list_drawers`
+ * to the `limit` argument. Any value above this is silently clamped.
+ *
+ * Source: `mempalace/mcp_server.py` `_MAX_RESULTS = 100`.
+ */
+export const MEMPALACE_MAX_RESULTS = 100;
+
+/**
+ * Maximum search-query length. `tool_search` runs `sanitize_query`, which
+ * truncates anything over this threshold (worst case: keeps only the
+ * trailing N characters). Above this, prompt-contamination patterns
+ * start dominating the embedding signal — see upstream Issue #333.
+ *
+ * Source: `mempalace/query_sanitizer.py` `MAX_QUERY_LENGTH = 250`.
+ */
+export const MEMPALACE_MAX_QUERY_LENGTH = 250;
+
+/**
+ * Maximum length for wing / room / predicate / entity-style identifiers.
+ * `sanitize_name` and `sanitize_kg_value` raise `ValueError` above this.
+ *
+ * Source: `mempalace/config.py` `MAX_NAME_LENGTH = 128`.
+ */
+export const MEMPALACE_MAX_NAME_LENGTH = 128;
+
+/**
+ * Maximum drawer / diary content length. `sanitize_content` defaults
+ * to this when no explicit override is passed.
+ *
+ * Source: `mempalace/config.py` `sanitize_content(..., max_length: int = 100_000)`.
+ */
+export const MEMPALACE_MAX_CONTENT_LENGTH = 100_000;
+
+/**
+ * Upper bound applied internally by `tool_traverse_graph` to `max_hops`.
+ *
+ * Source: `mempalace/mcp_server.py` `tool_traverse_graph` — `max(1, min(max_hops, 10))`.
+ */
+export const MEMPALACE_MAX_HOPS = 10;

package/src/planning/approval-flow.ts

@@ -186,7 +186,7 @@ export function buildTodoWriteOpsForPlan(plan: Plan): { ops: TodoWriteOp[] } {
  * When `plan` is provided and has tasks, the prompt also embeds the
  * exact `todo_write` payload the agent must call before doing any work.
  */
-function buildExecutionPrompt(
+export function buildExecutionPrompt(
   planContent: string,
   planPath: string,
   plan?: Plan,
@@ -313,7 +313,7 @@ async function executeApproveFlow(
  */
 export function registerPlanApprovalHook(platform: Platform): void {
   platform.on("agent_end", async (_event: any, ctx: any) => {
-    if (!planningActive || !ctx?.hasUI || approvalPending) return;
+    if (!planningActive || approvalPending) return;
 
     // Detect newly written plan files
     const plansNow = listPlans(platform.paths, planCwd);
@@ -407,6 +407,29 @@ export function registerPlanApprovalHook(platform: Platform): void {
         cwd: planCwd,
       });
     } catch {}
+    if (!ctx?.hasUI) {
+      const message = [
+        `Plan saved to \`${planPath}\`.`,
+        "Interactive approval is unavailable in this runtime, so no execution was started.",
+        `To continue manually, explicitly send: \`Execute the saved plan at ${planPath} step by step; verify each step before proceeding.\``,
+      ].join("\n");
+      debugLogger?.log("approval_flow_no_ui", {
+        planName,
+        planPath,
+      });
+      ctx?.ui?.notify?.("Plan saved; interactive approval is required before execution.", "warning");
+      platform.sendMessage(
+        {
+          customType: "supi-plan-awaiting-interactive-approval",
+          content: [{ type: "text", text: message }],
+          display: true,
+        },
+        { deliverAs: "steer", triggerTurn: false },
+      );
+      cancelPlanTracking();
+      return;
+    }
+
     const approvalOptions = [
       "Approve and execute",
       "Refine plan",

package/src/planning/planning-ask-tool.ts

@@ -4,10 +4,16 @@ import { isUiDesignActive, recordUiDesignReviewApproval } from "../ui-design/ses
 
 /**
  * Register a `planning_ask` tool — identical to the built-in `ask` tool
- * but with **no timeout**. OMP's built-in ask tool applies the user's
- * `ask.timeout` setting (default 30s) and only disables it for OMP's
- * native plan mode. Since `/supi:plan` is not native plan mode, planning
- * questions would auto-dismiss. This tool bypasses that limitation.
+ * but with **no timeout**, regardless of the user's `ask.timeout` setting.
+ * OMP 14.9.5 changed the `ask.timeout` default from 30s to 0 (wait
+ * indefinitely), but a user-configured non-zero value still applies to the
+ * generic `ask` tool; this wrapper keeps planning-mode questions blocking
+ * for any such configuration.
+ *
+ * Also records the chosen option into the ui-design session ledger via
+ * `recordUiDesignReviewApproval` and pairs with
+ * `registerPlanningAskToolGuard`, which redirects generic `ask` calls back
+ * to this tool during planning / ui-design sessions.
  *
  * The tool is always registered (lightweight) but the planning system
  * prompt directs the model to use it only during planning sessions.
@@ -62,6 +68,22 @@ export function registerPlanningAskTool(platform: Platform): void {
         };
       }
 
+      if (ctx?.hasUI === false || typeof ctx?.ui?.select !== "function") {
+        const result = {
+          error: "interactive_planning_question_unavailable",
+          message: "Interactive planning questions cannot be answered in this runtime. Present this question and its options to the user instead of choosing a default.",
+          question: params.question,
+          options: labels,
+          recommended: params.recommended ?? null,
+        };
+        return {
+          content: [{ type: "text", text: JSON.stringify(result) }],
+          details: result,
+          error: true,
+        };
+      }
+
+
       const choice = await ctx.ui.select(params.question, labels, {
         initialIndex: params.recommended,
         // No timeout — planning decisions need unlimited time
@@ -107,6 +129,14 @@ function getAskRedirectReason(): string | null {
  */
 export function registerPlanningAskToolGuard(platform: Platform): void {
   platform.on("tool_call", (event) => {
+    if (event.toolName === "exit_plan_mode" && isPlanningActive()) {
+      return {
+        block: true,
+        reason:
+          "Planning mode: /supi:plan uses a file-based approval hook. Do not call exit_plan_mode because it is OMP's native approval path and bypasses supipowers plan tracking.",
+      };
+    }
+
     if (event.toolName !== "ask") return;
 
     const reason = getAskRedirectReason();

package/src/planning/system-prompt.ts

@@ -233,7 +233,7 @@ function buildPlanningCriticalBlock(options: PlanningSystemPromptOptions): strin
     "## Plan submission",
     "",
     "This is NOT native OMP plan mode.",
-    "You **MUST NOT** call `exit_plan_mode` or `ExitPlanMode` — it will fail.",
+    "You **MUST NOT** call `exit_plan_mode` or `ExitPlanMode` — that is OMP's native approval path and bypasses supipowers' file-based approval hook.",
     `You **MUST NOT** write plans to \`local://PLAN.md\` — that is OMP's native plan location and will not trigger the approval flow.`,
     `You **MUST** save the plan to \`${options.plansDir}/YYYY-MM-DD-<feature-name>.md\` using the Write tool.`,
     "After saving, tell the user the plan path, then **stop and yield your turn**.",