Add experimental.cross_project_agents_md_injection config option

[clansty]

Summary

• Add experimental.cross_project_agents_injection config option to allow AGENTS.md discovery beyond the project root when reading files from other projects

Changes

• src/config/schema/experimental.ts: Add cross_project_agents_injection: z.boolean().optional() field
• src/hooks/directory-agents-injector/finder.ts: Add unbounded parameter to findAgentsMdUp that skips the parent.startsWith(rootDir) boundary check
• src/hooks/directory-agents-injector/injector.ts: Detect cross-project files via path.relative, skip in-project files when native OpenCode support handles them, pass unbounded: true for cross-project files
• src/hooks/directory-agents-injector/hook.ts: Accept and forward crossProject/nativeSupport options
• src/plugin/hooks/create-tool-guard-hooks.ts: Read config, override native auto-disable when cross-project is enabled, pass options to hook

Behavior

Scenario	cross_project=false (default)	cross_project=true
Read file inside project	Normal AGENTS.md injection	Same (unchanged)
Read file outside project	No AGENTS.md found	Walks up full directory tree
Native OpenCode support detected	Hook auto-disabled	Hook stays active for cross-project files only

Usage

// .opencode/oh-my-opencode.jsonc
{
  "experimental": {
    "cross_project_agents_injection": true
  }
}

Testing

bun run typecheck

Tested locally by reading files from a sibling project directory - AGENTS.md files from that project are now correctly discovered and injected.

---

Summary by cubic

Adds experimental.cross_project_agents_md_injection to discover and inject AGENTS.md for files read outside the project root. When native OpenCode support exists, the hook runs only for cross‑project files to avoid duplicates.

• New Features

  • experimental.cross_project_agents_md_injection (default: false).
  • Finder can search beyond the project root for cross‑project files when enabled.

• Behavior

  • Inside project: unchanged.
  • Outside project: disabled → no AGENTS.md; enabled → walk up full directory tree.
  • With native OpenCode support: cross_project=false → hook disabled; cross_project=true → hook active only for cross‑project files.

^{Written for commit 998748d. Summary will update on new commits.}

[github-actions]

All contributors have signed the CLA. Thank you! ✅
_{Posted by the CLA Assistant Lite bot.}

[clansty]

I have read the CLA Document and I hereby sign the CLA

[cubic-dev-ai]

1 issue found across 5 files

Confidence score: 3/5

• There is a concrete cross-platform bug risk in src/hooks/directory-agents-injector/injector.ts: the outside-project check relies on path.relative(from, to) behavior that differs on Windows, so absolute-path results may bypass the intended detection.
• Given the issue severity (7/10) and high confidence (10/10), this is more than a minor edge case and could cause incorrect file-boundary handling for Windows users.
• Pay close attention to src/hooks/directory-agents-injector/injector.ts - Windows path handling in the project-directory boundary check may misclassify files.

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/hooks/directory-agents-injector/injector.ts">

<violation number="1" location="src/hooks/directory-agents-injector/injector.ts:34">
P1: Custom agent: **Opencode Compatibility**

The logic used to detect if a file is outside the project directory is flawed on Windows because `path.relative(from, to)` will return an absolute path (which doesn't start with `..`) if `from` and `to` are on different drive letters (e.g., `C:\project` and `D:\other`). This causes `outside` to be `false` when reading cross-drive files on Windows, which breaks the `unbounded` behavior.</violation>
</file>

---

Since this is your first cubic review, here's how it works:

• cubic automatically reviews your code and comments on bugs and improvements
• Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
• Add one-off context when rerunning by tagging @cubic-dev-ai with guidance or docs links (including llms.txt)
• Ask questions if you need clarification on any suggestion

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

4 issues found across 5 files

Confidence score: 2/5

• There is a high-confidence boundary enforcement flaw in src/hooks/directory-agents-injector/finder.ts: checks happen too late and against the parent path, which can allow one outside-workspace AGENTS.md to be injected even when cross-project injection is disabled.
• src/hooks/directory-agents-injector/finder.ts also uses naive prefix-based path checks, so sibling directories with similar prefixes may bypass root constraints; combined with the first finding, this creates concrete cross-boundary behavior risk.
• src/config/schema/experimental.ts has a config key mismatch for cross_project_agents_injection, and src/hooks/directory-agents-injector/injector.ts uses an outside check that can misclassify Windows cross-drive and ..env-style paths, making behavior inconsistent for users.
• Pay close attention to src/hooks/directory-agents-injector/finder.ts, src/config/schema/experimental.ts, src/hooks/directory-agents-injector/injector.ts - boundary enforcement and config recognition need correction to avoid policy bypass and incorrect path classification.

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/hooks/directory-agents-injector/finder.ts">

<violation number="1" location="src/hooks/directory-agents-injector/finder.ts:34">
P1: Boundary check occurs too late (and against parent), allowing one outside-workspace AGENTS.md to be injected when cross-project injection is disabled.</violation>

<violation number="2" location="src/hooks/directory-agents-injector/finder.ts:34">
P1: Path boundary enforcement uses naive string prefix matching, allowing sibling directories with matching prefixes to bypass the root constraint.</violation>
</file>

<file name="src/config/schema/experimental.ts">

<violation number="1" location="src/config/schema/experimental.ts:25">
P2: Config schema key does not match the declared option name (`cross_project_agents_injection`), so expected user config will not be recognized.</violation>
</file>

<file name="src/hooks/directory-agents-injector/injector.ts">

<violation number="1" location="src/hooks/directory-agents-injector/injector.ts:34">
P2: The new outside check uses relative(...).startsWith(".."), which misclassifies Windows cross-drive paths (relative returns an absolute path) and in-project directories named "..env" as outside. This breaks cross-project detection and can trigger unbounded search incorrectly.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P2: The new outside check uses relative(...).startsWith(".."), which misclassifies Windows cross-drive paths (relative returns an absolute path) and in-project directories named "..env" as outside. This breaks cross-project detection and can trigger unbounded search incorrectly.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At src/hooks/directory-agents-injector/injector.ts, line 34:

<comment>The new outside check uses relative(...).startsWith(".."), which misclassifies Windows cross-drive paths (relative returns an absolute path) and in-project directories named "..env" as outside. This breaks cross-project detection and can trigger unbounded search incorrectly.</comment>

<file context>
@@ -25,13 +25,23 @@ export async function processFilePathForAgentsInjection(input: {
   const resolved = resolveFilePath(input.ctx.directory, input.filePath);
   if (!resolved) return;
 
+  const outside = relative(input.ctx.directory, resolved).startsWith("..");
+
+  if (input.nativeSupport && !outside) return;
</file context>

[clansty]

Regarding the cubic reviews:

Cross-drive path.relative (Issue 1 & 4): Acknowledged as a theoretical edge case, but not worth fixing. OpenCode's read tool resolves file paths relative to the project directory — cross-drive reads don't happen in practice. This feature targets sibling project directories on the same drive (e.g., D:\Projects\A reading from D:\Projects\B).

"Boundary check too late" (Issue 2): Invalid. The first-iteration behavior (checking startDir before the parent.startsWith guard) is pre-existing code, not introduced by this PR. The unbounded parameter only affects the parent walk — it doesn't change the first iteration at all.

"Naive prefix matching" (Issue 3): Invalid. The bot doesn't understand that dirname walks UP the tree. From a sibling /a/bc/file.ts, parent = /a, and "/a".startsWith("/a/b") is false — it breaks immediately. You can never walk from a sibling directory into the root because parents only get shorter.

"Config key mismatch" (Issue 5): Invalid. The bot compared the first commit's key name (cross_project_agents_injection) against the second commit's renamed key (cross_project_agents_md_injection). The final code is fully consistent — schema and consumer both use cross_project_agents_md_injection.

"..env directory" (Issue 6): A directory literally named ..env would break virtually every path-handling tool in existence. Not a real concern.

Score: 1 valid edge case out of 6 issues, and even that one is not actionable. The bot appears to lack understanding of upward directory traversal semantics and cross-commit context.

[code-yeongyu]

Clean implementation. The unbounded walk-up for cross-project files is well-guarded behind the experimental flag, and skipping in-project files when native support is detected avoids duplicates. A few notes:

• Config field name is cross_project_agents_md_injection (matching the PR body) but the PR title says cross_project_agents_injection -- minor inconsistency, no code impact
• The relative().startsWith('..') check is a solid way to detect outside-project paths
• Nice that it defaults to false so zero behavior change for existing users

APPROVED but has merge conflicts with dev -- needs a rebase before merge. @clansty could you rebase on dev?