address copilot R2: guard against cross-root cache reuse + fix test wording

R2 caught a remaining footgun: a cache populated against rootA could
short-circuit a later call against rootB via known.has(sid), returning
silently-wrong results. AutoReply doesn't do this (fresh Set per make
call), but future ACP/TUI callers might.

Fix: at call entry, if opts.cache is non-empty AND does not already
contain the supplied root, die with a clear error message naming the
expected root and the cache size. JSDoc updated to spell out the
not-shared-across-roots invariant.

Also tightened the auto-seed-empty-cache test comment: the failure mode
without the auto-seed is walking PAST root (root.has(root) is false in
an empty cache) and bottoming out, not necessarily a NotFoundError.

New regression test: 'dies if cache is non-empty but missing root'
populates a cache under rootA then asserts a subsequent rootB call
dies.

PR feedback: #16
- comment 3163694330 (cross-root cache aliasing)
- comment 3163694378 (test wording nit)

Author: tesdal

packages/opencode/src/session/session.ts

@@ -383,9 +383,12 @@ export interface Interface {
    * accumulator: every confirmed descendant in the walked chain is added to
    * the set. The cache is auto-seeded with `root` on every call, so callers
    * can pass a fresh `new Set()` and reuse it across calls without seeding.
-   * Callers that issue many `isDescendantOf` calls against the same root
-   * (e.g. SessionAutoReply) should reuse one cache so the parent chain is
-   * traversed at most once per node.
+   * Caches MUST NOT be shared across different roots — if a non-empty cache
+   * is passed that does not already contain `root`, the call dies with a
+   * clear error instead of returning silently-wrong results from another
+   * lineage's accumulated entries. Callers that issue many `isDescendantOf`
+   * calls against the same root (e.g. SessionAutoReply) should reuse one
+   * cache so the parent chain is traversed at most once per node.
    */
   readonly isDescendantOf: (
     sid: SessionID,
@@ -695,11 +698,20 @@ export const layer: Layer.Layer<Service, never, Bus.Service | Storage.Service> =
     ) {
       const maxDepth = opts?.maxDepth ?? 64
       const known = opts?.cache ?? new Set<SessionID>()
+      // Defend against accidental cache sharing across different roots: if a
+      // caller passes a non-empty cache that lacks `root`, those entries were
+      // populated under a different lineage and `known.has(sid)` could
+      // short-circuit to true with the wrong answer. Fail loudly instead of
+      // returning a silently wrong result.
+      if (known.size > 0 && !known.has(root)) {
+        return yield* Effect.die(
+          new Error(
+            `Session.isDescendantOf: opts.cache appears to belong to a different root (size=${known.size}, missing root=${root}). Caches must not be shared across roots.`,
+          ),
+        )
+      }
       // Always seed `root` into the working set so the parent walk has a
-      // termination anchor regardless of whether the caller pre-seeded the
-      // cache. Without this, a caller-provided cache that happens to omit
-      // `root` would cause the walk to bottom out at a not-found parent and
-      // return false even for true descendants — a silent footgun.
+      // termination anchor and the next cross-root reuse check still works.
       known.add(root)
       if (sid === root) return true
       if (known.has(sid)) return true

packages/opencode/test/session/session.test.ts

@@ -305,13 +305,38 @@ describe("Session.isDescendantOf", () => {
         const root = await create({ title: "root" })
         const child = await create({ title: "child", parentID: root.id })
         // Caller passes a fresh empty Set — root must still be reachable.
-        // Without the auto-seed in isDescendantOf this would walk past root,
-        // hit a not-found parent, and return false.
+        // Without the auto-seed in isDescendantOf this would walk past root
+        // (since `known.has(root)` would be false), bottom out at the
+        // not-found parent of root, and return false.
         const cache = new Set<SessionID>()
         expect(await isDescendantOf(child.id, root.id, { cache })).toBe(true)
         expect(cache.has(root.id)).toBe(true)
         await remove(root.id)
       },
     })
   })
+
+  test("dies if cache is non-empty but missing root (cross-root reuse guard)", async () => {
+    await using tmp = await tmpdir({ git: true })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const rootA = await create({ title: "rootA" })
+        const rootB = await create({ title: "rootB" })
+        const childA = await create({ title: "childA", parentID: rootA.id })
+        // Populate a cache under rootA, then incorrectly try to reuse it
+        // against rootB. The guard must reject this loudly.
+        const cache = new Set<SessionID>()
+        expect(await isDescendantOf(childA.id, rootA.id, { cache })).toBe(true)
+        // cache now contains {rootA, childA} but not rootB.
+        let died = false
+        await isDescendantOf(rootA.id, rootB.id, { cache }).catch(() => {
+          died = true
+        })
+        expect(died).toBe(true)
+        await remove(rootA.id)
+        await remove(rootB.id)
+      },
+    })
+  })
 })