feat(cwd): track PSDrive cwd via home-thread cache, bail on user-cd drift

The DLL was capturing process cwd via Directory.GetCurrentDirectory() — but
PowerShell's Set-Location updates only $PWD/PSDrive, not process cwd. AI cwd
tracking was silently lying: LastAiCwd was pinned to startup dir forever,
drift detection compared startup dir against process cwd, and busy-route /
auto-start spawned new consoles at HOME instead of resuming AI's workspace.

Capture $PWD on the polling engine's home thread (timer Action + before
NotifyResultReady) into ExecutionState.CurrentAiCwd. NamedPipeServer reads
the cache for every cwd-emitting response — busy / mcp_command / get_status /
post-execution success, timeout, completed.

Drift policy is now safety-first bail instead of silent auto-cd: if the user
typed cd in the visible console between AI calls, the proxy returns a
"Pipeline NOT executed" notice with prev → new cwd, a Set-Location revert
hint (single-quote-escaped), and updates LastAiCwd to liveCwd to clear the
state. AI re-issues to accept the new cwd, or prepends the revert.

Auto-start path also gains a session-scoped LastAiCwd so a console death
doesn't pin the new console at HOME — it resumes where AI was working.

Tests: 270 unit tests including drift bail + re-issue + session fallback +
auto-start preservation. Smoke-tested end-to-end against PowerShell.MCP and
ripple (parallel fix in C:/MyProj/ripple).

Author: yotsuda

PowerShell.MCP.Proxy/Services/ConsoleSessionManager.cs

@@ -65,6 +65,38 @@ private class AgentSessionState
     /// </summary>
     private readonly Dictionary<int, string> _pidToTitle = new();
 
+    /// <summary>
+    /// Maps pwsh PIDs to the cwd the AI's most recent successful (or
+    /// timeout / cached) <c>invoke_expression</c> ended at. Captured from
+    /// the DLL's response header (which now carries <c>cwd</c>) so the
+    /// proxy never has to re-query a busy / dead pipe to know "where the
+    /// AI thinks it is". Used to:
+    ///  - inject a <c>Set-Location</c> preamble when the live cwd has
+    ///    drifted (user typed <c>cd</c> in the visible console between
+    ///    AI calls);
+    ///  - choose <c>start_location</c> for busy-auto-route's spawn so
+    ///    the new console picks up at AI's intended cwd, not the
+    ///    user-touched live cwd of the busy source;
+    ///  - resume at the right place after the active console died and
+    ///    we had to switch to a sibling owned pipe.
+    /// Cleared with <see cref="ClearDeadPipe"/> so a recycled PID can't
+    /// pull a stale entry.
+    /// </summary>
+    private readonly Dictionary<int, string> _pidToLastAiCwd = new();
+
+    /// <summary>
+    /// Session-scoped fallback for the agent's most recently observed AI
+    /// cwd, surviving the death of the per-pid <c>_pidToLastAiCwd</c>
+    /// entry. Updated alongside the per-pid entry whenever a pipe reports
+    /// a successful invoke_expression cwd. Used as the
+    /// <c>start_location</c> when invoke_expression auto-starts a console
+    /// (no surviving pipe means no per-pid entry to fall back to, but the
+    /// AI was still working *somewhere* and that somewhere is the right
+    /// place for the new console to land — same rationale as busy-route).
+    /// Cleared only when the agent's session is evicted entirely.
+    /// </summary>
+    private readonly Dictionary<string, string> _agentToLastAiCwd = new();
+
     /// <summary>
     /// Prefix for server-generated sub-agent IDs
     /// </summary>
@@ -247,13 +279,15 @@ public void ClearDeadPipe(string agentId, string pipeName)
             {
                 state.KnownBusyPids.Remove(pid.Value);
                 _pidToTitle.Remove(pid.Value);
+                _pidToLastAiCwd.Remove(pid.Value);
             }
             Console.Error.WriteLine($"[INFO] ConsoleSessionManager: Cleared dead pipe '{pipeName}' (agent={agentId})");
 
             // Remove empty agent session to prevent memory accumulation
             if (agentId != "default" && state.ActivePipeName == null && state.KnownBusyPids.Count == 0)
             {
                 _agentSessions.Remove(agentId);
+                _agentToLastAiCwd.Remove(agentId);
             }
         }
     }
@@ -378,6 +412,58 @@ public IEnumerable<string> EnumerateUnownedPipes()
         }
     }
 
+    /// <summary>
+    /// Records the cwd the AI's most recent <c>invoke_expression</c> ended at
+    /// for the given pwsh PID. Called after a successful (or timeout / cached)
+    /// pipe call by the proxy, with the cwd field the DLL emits in its
+    /// response header. Also updates the agent-scoped fallback so a later
+    /// invoke_expression that has to auto-start a console can resume at
+    /// the same place even after the pipe (and its per-pid entry) has died.
+    /// Pass null to clear (e.g., on switch to a fresh console with no
+    /// prior AI history) — only the per-pid entry is cleared; the
+    /// agent-level fallback is preserved.
+    /// </summary>
+    public void SetLastAiCwd(string agentId, int pwshPid, string? cwd)
+    {
+        lock (_lock)
+        {
+            if (string.IsNullOrEmpty(cwd))
+            {
+                _pidToLastAiCwd.Remove(pwshPid);
+            }
+            else
+            {
+                _pidToLastAiCwd[pwshPid] = cwd;
+                _agentToLastAiCwd[agentId] = cwd;
+            }
+        }
+    }
+
+    /// <summary>
+    /// Returns the cwd recorded by the most recent successful AI command on
+    /// this PID, or null if no AI command has executed there yet (newly
+    /// claimed unowned pipe, freshly auto-started console where the AI's
+    /// pipeline was redirected mid-busy, etc.). Callers should fall back
+    /// to the live cwd from get_status when null.
+    /// </summary>
+    public string? GetLastAiCwd(int pwshPid)
+    {
+        lock (_lock) return _pidToLastAiCwd.TryGetValue(pwshPid, out var cwd) ? cwd : null;
+    }
+
+    /// <summary>
+    /// Returns the agent-scoped cwd fallback used when no per-pid entry
+    /// exists — typically because the pipe the AI was working on died
+    /// before the next tool call and we now need to spawn a fresh console.
+    /// Returns null when this agent has never recorded an AI cwd
+    /// (brand-new agent, unowned-claim only history, etc.); callers should
+    /// fall back to <c>UserProfile</c>.
+    /// </summary>
+    public string? GetSessionLastAiCwd(string agentId)
+    {
+        lock (_lock) return _agentToLastAiCwd.TryGetValue(agentId, out var cwd) ? cwd : null;
+    }
+
     /// <summary>
     /// Gets the console title for a PID, or a fallback "PID #xxx" string if not titled.
     /// </summary>

PowerShell.MCP.Proxy/Services/IPipeDiscoveryService.cs

@@ -3,11 +3,21 @@ namespace PowerShell.MCP.Proxy.Services;
 /// <summary>
 /// Result of pipe discovery operation
 /// </summary>
+/// <param name="LiveCwd">
+/// The cwd reported by get_status on the chosen ReadyPipeName, or null if
+/// the pipe didn't reply with a cwd (older DLL, network drive disconnected,
+/// or the discovery path that landed here didn't probe). Used by
+/// invoke_expression's drift check to compare against
+/// <c>ConsoleSessionManager.GetLastAiCwd</c> and inject a Set-Location
+/// preamble when the user has typed <c>cd</c> in the visible console
+/// between AI calls.
+/// </param>
 public record PipeDiscoveryResult(
     string? ReadyPipeName,
     bool ConsoleSwitched,
     IReadOnlyList<string> ClosedConsoleMessages,
-    string? AllPipesStatusInfo
+    string? AllPipesStatusInfo,
+    string? LiveCwd = null
 );
 
 /// <summary>
@@ -24,9 +34,22 @@ string BusyStatusInfo
 public interface IPipeDiscoveryService
 {
     /// <summary>
-    /// Find a ready pipe for command execution
+    /// Find a ready pipe for command execution.
     /// </summary>
-    Task<PipeDiscoveryResult> FindReadyPipeAsync(string agentId, CancellationToken cancellationToken);
+    /// <param name="includeUnowned">
+    /// When true (default), Step 3 of discovery scans unowned pipes — pwsh
+    /// processes the user spawned manually and ran <c>Import-Module
+    /// PowerShell.MCP</c> on. The first ready unowned pipe is claimed.
+    /// When false, unowned pipes are skipped and the method returns null
+    /// instead of claiming. Used by <c>start_console</c> without an
+    /// explicit <c>start_location</c>: the AI hasn't pinned its intended
+    /// cwd, so claiming an arbitrary user-set cwd would mislead it. A
+    /// fresh console at the proxy's default home is the predictable
+    /// baseline. <c>invoke_expression</c> and <c>get_current_location</c>
+    /// keep the default <c>true</c> because the AI is actively working
+    /// and benefits from the user's existing module-loaded environment.
+    /// </param>
+    Task<PipeDiscoveryResult> FindReadyPipeAsync(string agentId, CancellationToken cancellationToken, bool includeUnowned = true);
 
     /// <summary>
     /// Collect cached outputs from all pipes except the specified one

PowerShell.MCP.Proxy/Services/PipeDiscoveryService.cs

@@ -43,7 +43,7 @@ public IReadOnlyList<string> DetectClosedConsoles(string agentId, int? excludePi
     }
 
     /// <inheritdoc />
-    public async Task<PipeDiscoveryResult> FindReadyPipeAsync(string agentId, CancellationToken cancellationToken)
+    public async Task<PipeDiscoveryResult> FindReadyPipeAsync(string agentId, CancellationToken cancellationToken, bool includeUnowned = true)
     {
         // Fast path: check active pipe before any expensive operations (EnumeratePipes, DetectClosedConsoles)
         var activePipe = _sessionManager.GetActivePipeName(agentId);
@@ -54,7 +54,7 @@ public async Task<PipeDiscoveryResult> FindReadyPipeAsync(string agentId, Cancel
             if (activePipeStatus != null && activePipeStatus.IsReady())
             {
                 if (activePipeStatus.Pid > 0) _sessionManager.UnmarkPipeBusy(agentId, activePipeStatus.Pid);
-                return new PipeDiscoveryResult(activePipe, false, [], null);
+                return new PipeDiscoveryResult(activePipe, false, [], null, activePipeStatus.Cwd);
             }
         }
 
@@ -79,7 +79,7 @@ public async Task<PipeDiscoveryResult> FindReadyPipeAsync(string agentId, Cancel
             {
                 // Became ready between fast path and slow path (after DetectClosedConsoles)
                 if (activePipeStatus.Pid > 0) _sessionManager.UnmarkPipeBusy(agentId, activePipeStatus.Pid);
-                return new PipeDiscoveryResult(activePipe, false, closedMessages, BuildClosedConsoleInfo(closedMessages));
+                return new PipeDiscoveryResult(activePipe, false, closedMessages, BuildClosedConsoleInfo(closedMessages), activePipeStatus.Cwd);
             }
             else // busy
             {
@@ -108,14 +108,21 @@ public async Task<PipeDiscoveryResult> FindReadyPipeAsync(string agentId, Cancel
             {
                 if (status.Pid > 0) _sessionManager.UnmarkPipeBusy(agentId, status.Pid);
                 _sessionManager.SetActivePipeName(agentId, pipeName);
-                return new PipeDiscoveryResult(pipeName, true, closedMessages, BuildClosedConsoleInfo(closedMessages));
+                return new PipeDiscoveryResult(pipeName, true, closedMessages, BuildClosedConsoleInfo(closedMessages), status.Cwd);
             }
 
             if (status.Pid > 0) _sessionManager.MarkPipeBusy(agentId, status.Pid);
             allPipesStatus.Add($"  - {pipeName}: {status.Status} (pipeline: {status.Pipeline ?? "unknown"}, duration: {status.Duration:F1}s)");
         }
 
-        // Step 3: Check unowned pipes (user-started consoles not yet claimed by any proxy)
+        // Step 3: Check unowned pipes (user-started consoles not yet claimed
+        // by any proxy). Caller can opt out via includeUnowned=false — see
+        // start_console's no-start_location branch for the rationale.
+        if (!includeUnowned)
+        {
+            return new PipeDiscoveryResult(null, false, closedMessages, BuildClosedConsoleInfo(closedMessages));
+        }
+
         foreach (var pipeName in _sessionManager.EnumerateUnownedPipes())
         {
             var status = await _powerShellService.GetStatusFromPipeAsync(pipeName, cancellationToken);
@@ -153,7 +160,7 @@ public async Task<PipeDiscoveryResult> FindReadyPipeAsync(string agentId, Cancel
                     if (newStatus != null)
                     {
                         _sessionManager.SetActivePipeName(agentId, newPipeName);
-                        return new PipeDiscoveryResult(newPipeName, true, closedMessages, BuildClosedConsoleInfo(closedMessages));
+                        return new PipeDiscoveryResult(newPipeName, true, closedMessages, BuildClosedConsoleInfo(closedMessages), newStatus.Cwd);
                     }
                 }
             }