npm - claude-brain - Versions diffs - 0.30.2 → 0.30.3 - Mend

claude-brain 0.30.2 → 0.30.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (236) hide show

package/README.md +241 -191
package/VERSION +1 -1
package/assets/CLAUDE-unified.md +11 -11
package/assets/CLAUDE.md +29 -29
package/package.json +7 -3
package/packs/backend/node.json +173 -173
package/packs/core/javascript.json +176 -176
package/packs/core/typescript.json +222 -222
package/packs/frontend/react.json +254 -254
package/packs/meta/testing.json +172 -172
package/scripts/postinstall.mjs +531 -531
package/src/automation/decision-detector.ts +452 -452
package/src/automation/phase12-manager.ts +456 -456
package/src/automation/proactive-recall.ts +373 -373
package/src/automation/project-detector.ts +310 -310
package/src/automation/repo-scanner.ts +210 -205
package/src/cli/auto-setup.ts +75 -75
package/src/cli/auto-start.ts +266 -266
package/src/cli/bin.ts +264 -264
package/src/cli/commands/autostart.ts +90 -90
package/src/cli/commands/chroma.ts +578 -577
package/src/cli/commands/export-training.ts +70 -70
package/src/cli/commands/export.ts +130 -130
package/src/cli/commands/git-hook.ts +183 -183
package/src/cli/commands/hooks.ts +217 -217
package/src/cli/commands/init.ts +123 -123
package/src/cli/commands/install-mcp.ts +122 -111
package/src/cli/commands/models.ts +979 -979
package/src/cli/commands/pack.ts +200 -200
package/src/cli/commands/refresh.ts +344 -339
package/src/cli/commands/reindex.ts +120 -120
package/src/cli/commands/serve.ts +466 -463
package/src/cli/commands/start.ts +44 -44
package/src/cli/commands/status.ts +220 -203
package/src/cli/commands/uninstall-mcp.ts +45 -41
package/src/cli/commands/update.ts +130 -124
package/src/cli/migrate-chroma.ts +106 -106
package/src/cli/ui/animations.ts +80 -80
package/src/cli/ui/components.ts +82 -82
package/src/cli/ui/index.ts +4 -4
package/src/cli/ui/logo.ts +36 -36
package/src/cli/ui/theme.ts +55 -55
package/src/code-intelligence/indexer.ts +352 -352
package/src/code-intelligence/linker.ts +178 -178
package/src/code-intelligence/parser.ts +484 -484
package/src/code-intelligence/query.ts +291 -291
package/src/code-intelligence/schema.ts +83 -83
package/src/code-intelligence/types.ts +95 -95
package/src/config/defaults.ts +52 -52
package/src/config/home.ts +56 -56
package/src/config/index.ts +5 -5
package/src/config/loader.ts +192 -192
package/src/config/schema.ts +446 -415
package/src/config/validator.ts +182 -182
package/src/context/assembler.ts +407 -400
package/src/context/index.ts +79 -79
package/src/context/progress-tracker.ts +174 -174
package/src/context/standards-manager.ts +287 -287
package/src/context/validator.ts +58 -58
package/src/diagnostics/index.ts +122 -121
package/src/health/index.ts +233 -232
package/src/hooks/brain-hook.ts +134 -131
package/src/hooks/capture.ts +168 -168
package/src/hooks/claude-code-mastery.md +112 -112
package/src/hooks/context-hook.ts +260 -245
package/src/hooks/deduplicator.ts +72 -72
package/src/hooks/git-capture.ts +109 -109
package/src/hooks/git-hook-installer.ts +211 -207
package/src/hooks/index.ts +20 -20
package/src/hooks/installer.ts +306 -288
package/src/hooks/interceptor-hook.ts +204 -201
package/src/hooks/passive-classifier.ts +397 -397
package/src/hooks/queue.ts +160 -129
package/src/hooks/session-tracker.ts +312 -312
package/src/hooks/types.ts +52 -52
package/src/index.ts +7 -7
package/src/intelligence/cross-project/generalizer.ts +283 -283
package/src/intelligence/cross-project/index.ts +7 -7
package/src/intelligence/hf-downloader.ts +222 -222
package/src/intelligence/hf-manifest.json +78 -78
package/src/intelligence/index.ts +24 -24
package/src/intelligence/inference-router.ts +762 -762
package/src/intelligence/model-manager.ts +263 -245
package/src/intelligence/optimization/index.ts +10 -10
package/src/intelligence/optimization/precompute.ts +202 -202
package/src/intelligence/optimization/semantic-cache.ts +213 -207
package/src/intelligence/prediction/index.ts +7 -7
package/src/intelligence/prediction/recommender.ts +276 -268
package/src/intelligence/reasoning/chain-retrieval.ts +243 -247
package/src/intelligence/reasoning/index.ts +7 -7
package/src/intelligence/temporal/evolution.ts +193 -197
package/src/intelligence/temporal/index.ts +16 -16
package/src/intelligence/temporal/query-processor.ts +190 -190
package/src/intelligence/temporal/timeline.ts +272 -259
package/src/intelligence/temporal/trends.ts +263 -263
package/src/intelligence/tokenizer.ts +118 -118
package/src/knowledge/entity-extractor.ts +447 -443
package/src/knowledge/graph/builder.ts +185 -185
package/src/knowledge/graph/linker.ts +201 -201
package/src/knowledge/graph/memory-graph.ts +359 -359
package/src/knowledge/graph/schema.ts +99 -99
package/src/knowledge/graph/search.ts +166 -166
package/src/knowledge/relationship-extractor.ts +108 -108
package/src/memory/chroma/client.ts +211 -192
package/src/memory/chroma/collection-manager.ts +92 -92
package/src/memory/chroma/config.ts +57 -57
package/src/memory/chroma/embeddings.ts +177 -175
package/src/memory/chroma/index.ts +82 -82
package/src/memory/chroma/migration.ts +270 -270
package/src/memory/chroma/schemas.ts +69 -69
package/src/memory/chroma/search.ts +319 -315
package/src/memory/chroma/store.ts +755 -747
package/src/memory/compression.ts +121 -121
package/src/memory/consolidation/archiver.ts +162 -165
package/src/memory/consolidation/merger.ts +182 -186
package/src/memory/consolidation/scorer.ts +136 -136
package/src/memory/database.ts +9 -0
package/src/memory/dual-write.ts +145 -0
package/src/memory/embeddings.ts +226 -226
package/src/memory/episodic/detector.ts +108 -108
package/src/memory/episodic/manager.ts +347 -351
package/src/memory/episodic/summarizer.ts +179 -179
package/src/memory/episodic/types.ts +52 -52
package/src/memory/fts5-search.ts +692 -633
package/src/memory/index.ts +943 -1060
package/src/memory/migrations/add-fts5.ts +118 -108
package/src/memory/patterns.ts +438 -438
package/src/memory/pruning.ts +60 -60
package/src/memory/schema.ts +88 -88
package/src/memory/store.ts +911 -787
package/src/orchestrator/handlers/decision-handler.ts +204 -204
package/src/packs/index.ts +9 -9
package/src/packs/loader.ts +134 -134
package/src/packs/manager.ts +204 -204
package/src/packs/ranker.ts +78 -78
package/src/packs/types.ts +81 -81
package/src/phase12/index.ts +5 -5
package/src/retrieval/bm25/index.ts +300 -297
package/src/retrieval/bm25/tokenizer.ts +184 -184
package/src/retrieval/feedback/adaptive.ts +221 -221
package/src/retrieval/feedback/index.ts +16 -16
package/src/retrieval/feedback/metrics.ts +221 -221
package/src/retrieval/feedback/store.ts +283 -283
package/src/retrieval/fusion/index.ts +194 -194
package/src/retrieval/fusion/rrf.ts +165 -165
package/src/retrieval/index.ts +12 -12
package/src/retrieval/pipeline.ts +375 -375
package/src/retrieval/query/expander.ts +203 -203
package/src/retrieval/query/index.ts +27 -27
package/src/retrieval/query/intent-classifier.ts +252 -252
package/src/retrieval/query/temporal-parser.ts +295 -295
package/src/retrieval/reranker/index.ts +189 -188
package/src/retrieval/reranker/model.ts +99 -95
package/src/retrieval/service.ts +125 -125
package/src/retrieval/types.ts +162 -162
package/src/routing/entity-extractor.ts +454 -454
package/src/routing/handlers/exploration-handler.ts +369 -0
package/src/routing/handlers/index.ts +19 -0
package/src/routing/handlers/memory-handler.ts +273 -0
package/src/routing/handlers/mutation-handler.ts +241 -0
package/src/routing/handlers/recall-handler.ts +642 -0
package/src/routing/handlers/shared.ts +515 -0
package/src/routing/handlers/types.ts +48 -0
package/src/routing/intent-classifier.ts +552 -552
package/src/routing/response-filter.ts +399 -391
package/src/routing/router.ts +245 -2193
package/src/routing/search-engine.ts +521 -514
package/src/routing/types.ts +104 -94
package/src/scripts/health-check.ts +118 -118
package/src/scripts/setup.ts +122 -122
package/src/server/auto-updater.ts +283 -276
package/src/server/handlers/call-tool.ts +159 -159
package/src/server/handlers/list-tools.ts +35 -35
package/src/server/handlers/tools/auto-remember.ts +165 -165
package/src/server/handlers/tools/brain.ts +86 -86
package/src/server/handlers/tools/create-project.ts +135 -135
package/src/server/handlers/tools/get-code-standards.ts +123 -123
package/src/server/handlers/tools/get-corrections.ts +152 -152
package/src/server/handlers/tools/get-patterns.ts +156 -156
package/src/server/handlers/tools/get-project-context.ts +75 -75
package/src/server/handlers/tools/index.ts +30 -30
package/src/server/handlers/tools/init-project.ts +756 -756
package/src/server/handlers/tools/list-projects.ts +126 -126
package/src/server/handlers/tools/recall-similar.ts +87 -87
package/src/server/handlers/tools/recognize-pattern.ts +132 -132
package/src/server/handlers/tools/record-correction.ts +131 -131
package/src/server/handlers/tools/remember-decision.ts +168 -168
package/src/server/handlers/tools/schemas.ts +179 -179
package/src/server/handlers/tools/search-code.ts +122 -122
package/src/server/handlers/tools/smart-context.ts +146 -146
package/src/server/handlers/tools/update-progress.ts +131 -131
package/src/server/http-api.ts +215 -1229
package/src/server/mcp-proxy.ts +85 -84
package/src/server/mcp-server.ts +285 -284
package/src/server/middleware/auth.ts +39 -0
package/src/server/middleware/error-handler.ts +37 -0
package/src/server/middleware/rate-limit.ts +53 -0
package/src/server/middleware/validate.ts +42 -0
package/src/server/pid-manager.ts +137 -136
package/src/server/providers/resources.ts +581 -581
package/src/server/routes/code.ts +228 -0
package/src/server/routes/context.ts +26 -0
package/src/server/routes/health.ts +19 -0
package/src/server/routes/helpers.ts +100 -0
package/src/server/routes/hooks.ts +197 -0
package/src/server/routes/mcp.ts +47 -0
package/src/server/routes/memory.ts +397 -0
package/src/server/routes/models.ts +96 -0
package/src/server/routes/projects.ts +89 -0
package/src/server/routes/types.ts +21 -0
package/src/server/schemas/api-schemas.ts +202 -0
package/src/server/services.ts +720 -720
package/src/server/utils/memory-indicator.ts +84 -84
package/src/server/utils/response-formatter.ts +129 -129
package/src/server/web-viewer.ts +1145 -1115
package/src/setup/index.ts +38 -38
package/src/tools/registry.ts +115 -115
package/src/tools/schemas.ts +666 -666
package/src/tools/types.ts +412 -412
package/src/training/data-store.ts +320 -298
package/src/training/retrain-pipeline.ts +399 -394
package/src/utils/error-handler.ts +136 -136
package/src/utils/index.ts +58 -58
package/src/utils/kill-port.ts +55 -53
package/src/utils/phase12-helper.ts +56 -56
package/src/utils/safe-path.ts +43 -0
package/src/utils/timing.ts +47 -47
package/src/utils/transaction.ts +63 -63
package/src/vault/index.ts +4 -3
package/src/vault/paths.ts +106 -106
package/src/vault/query.ts +4 -1
package/src/vault/reader.ts +44 -1
package/src/vault/watcher.ts +24 -1
package/src/vault/writer.ts +487 -413
package/skills/persistent-memory/SKILL.md +0 -148
package/skills/persistent-memory/references/tool-reference.md +0 -90

package/src/utils/timing.ts CHANGED Viewed

@@ -1,47 +1,47 @@
-/**
- * Timing Utility
- * Phase 22: Wraps async operations with performance timing.
- * Logs warnings for operations exceeding 200ms.
- */
-const SLOW_THRESHOLD_MS = 200
-/**
- * Wrap an async operation with timing instrumentation.
- * Logs a warning if the operation exceeds 200ms.
- */
-export async function timed<T>(label: string, fn: () => Promise<T>): Promise<T> {
-  const start = performance.now()
-  try {
-    const result = await fn()
-    const elapsed = performance.now() - start
-    if (elapsed > SLOW_THRESHOLD_MS) {
-      // Use console.error to avoid interfering with MCP stdio
-      console.error(`[SLOW] ${label}: ${Math.round(elapsed)}ms (budget: ${SLOW_THRESHOLD_MS}ms)`)
-    }
-    return result
-  } catch (error) {
-    const elapsed = performance.now() - start
-    console.error(`[ERROR] ${label}: ${Math.round(elapsed)}ms — ${error instanceof Error ? error.message : 'unknown'}`)
-    throw error
-  }
-}
-/**
- * Synchronous version for non-async operations.
- */
-export function timedSync<T>(label: string, fn: () => T): T {
-  const start = performance.now()
-  try {
-    const result = fn()
-    const elapsed = performance.now() - start
-    if (elapsed > SLOW_THRESHOLD_MS) {
-      console.error(`[SLOW] ${label}: ${Math.round(elapsed)}ms (budget: ${SLOW_THRESHOLD_MS}ms)`)
-    }
-    return result
-  } catch (error) {
-    const elapsed = performance.now() - start
-    console.error(`[ERROR] ${label}: ${Math.round(elapsed)}ms — ${error instanceof Error ? error.message : 'unknown'}`)
-    throw error
-  }
-}
+/**
+ * Timing Utility
+ * Phase 22: Wraps async operations with performance timing.
+ * Logs warnings for operations exceeding 200ms.
+ */
+const SLOW_THRESHOLD_MS = 200
+/**
+ * Wrap an async operation with timing instrumentation.
+ * Logs a warning if the operation exceeds 200ms.
+ */
+export async function timed<T>(label: string, fn: () => Promise<T>): Promise<T> {
+  const start = performance.now()
+  try {
+    const result = await fn()
+    const elapsed = performance.now() - start
+    if (elapsed > SLOW_THRESHOLD_MS) {
+      // Use console.error to avoid interfering with MCP stdio
+      console.error(`[SLOW] ${label}: ${Math.round(elapsed)}ms (budget: ${SLOW_THRESHOLD_MS}ms)`)
+    }
+    return result
+  } catch (error) {
+    const elapsed = performance.now() - start
+    console.error(`[ERROR] ${label}: ${Math.round(elapsed)}ms — ${error instanceof Error ? error.message : 'unknown'}`)
+    throw error
+  }
+}
+/**
+ * Synchronous version for non-async operations.
+ */
+export function timedSync<T>(label: string, fn: () => T): T {
+  const start = performance.now()
+  try {
+    const result = fn()
+    const elapsed = performance.now() - start
+    if (elapsed > SLOW_THRESHOLD_MS) {
+      console.error(`[SLOW] ${label}: ${Math.round(elapsed)}ms (budget: ${SLOW_THRESHOLD_MS}ms)`)
+    }
+    return result
+  } catch (error) {
+    const elapsed = performance.now() - start
+    console.error(`[ERROR] ${label}: ${Math.round(elapsed)}ms — ${error instanceof Error ? error.message : 'unknown'}`)
+    throw error
+  }
+}

package/src/utils/transaction.ts CHANGED Viewed

@@ -1,63 +1,63 @@
-import type { Logger } from 'pino'
-export class TransactionManager {
-  private logger: Logger
-  private operations: Array<() => Promise<void>> = []
-  private rollbacks: Array<() => Promise<void>> = []
-  constructor(logger: Logger) {
-    this.logger = logger.child({ component: 'transaction-manager' })
-  }
-  add(
-    operation: () => Promise<void>,
-    rollback: () => Promise<void>
-  ): void {
-    this.operations.push(operation)
-    this.rollbacks.unshift(rollback)
-  }
-  async execute(): Promise<void> {
-    const executedCount = 0
-    try {
-      for (let i = 0; i < this.operations.length; i++) {
-        await this.operations[i]!()
-      }
-      this.logger.info(
-        { operationCount: this.operations.length },
-        'Transaction completed successfully'
-      )
-    } catch (error) {
-      this.logger.error(
-        { error, executedCount },
-        'Transaction failed, rolling back'
-      )
-      await this.rollback()
-      throw error
-    }
-  }
-  private async rollback(): Promise<void> {
-    for (const rollback of this.rollbacks) {
-      try {
-        await rollback()
-      } catch (error) {
-        this.logger.error(
-          { error },
-          'Rollback operation failed'
-        )
-      }
-    }
-    this.logger.info('Rollback completed')
-  }
-  clear(): void {
-    this.operations = []
-    this.rollbacks = []
-  }
-}
+import type { Logger } from 'pino'
+export class TransactionManager {
+  private logger: Logger
+  private operations: Array<() => Promise<void>> = []
+  private rollbacks: Array<() => Promise<void>> = []
+  constructor(logger: Logger) {
+    this.logger = logger.child({ component: 'transaction-manager' })
+  }
+  add(
+    operation: () => Promise<void>,
+    rollback: () => Promise<void>
+  ): void {
+    this.operations.push(operation)
+    this.rollbacks.unshift(rollback)
+  }
+  async execute(): Promise<void> {
+    const executedCount = 0
+    try {
+      for (let i = 0; i < this.operations.length; i++) {
+        await this.operations[i]!()
+      }
+      this.logger.info(
+        { operationCount: this.operations.length },
+        'Transaction completed successfully'
+      )
+    } catch (error) {
+      this.logger.error(
+        { error, executedCount },
+        'Transaction failed, rolling back'
+      )
+      await this.rollback()
+      throw error
+    }
+  }
+  private async rollback(): Promise<void> {
+    for (const rollback of this.rollbacks) {
+      try {
+        await rollback()
+      } catch (error) {
+        this.logger.error(
+          { error },
+          'Rollback operation failed'
+        )
+      }
+    }
+    this.logger.info('Rollback completed')
+  }
+  clear(): void {
+    this.operations = []
+    this.rollbacks = []
+  }
+}

package/src/vault/index.ts CHANGED Viewed

@@ -52,10 +52,11 @@ export class VaultManager {
     this.paths = VaultPathUtils.getVaultPaths(vaultRoot)
     this.reader = new VaultReader(logger, {
       maxCacheSize: 100,
-      cacheMaxAge: 5 * 60 * 1000
+      cacheMaxAge: 5 * 60 * 1000,
+      baseDir: vaultRoot
     })
-    this.writer = new VaultWriter(logger, this.config.backupDir)
-    this.watcher = new VaultWatcher(logger, this.config.debounceMs)
+    this.writer = new VaultWriter(logger, this.config.backupDir, vaultRoot)
+    this.watcher = new VaultWatcher(logger, this.config.debounceMs, vaultRoot)
     this.query = new VaultQuery(this.reader, logger)
     // Wire up watcher to invalidate cache on file changes

package/src/vault/paths.ts CHANGED Viewed

@@ -1,106 +1,106 @@
-/**
- * Vault Path Utilities
- * Utilities for working with vault directory structure and paths
- */
-import path from 'path'
-import type { VaultPaths, ProjectPaths } from './types'
-export class VaultPathUtils {
-  /**
-   * Get all vault paths from root
-   */
-  static getVaultPaths(vaultRoot: string): VaultPaths {
-    return {
-      root: vaultRoot,
-      projects: path.join(vaultRoot, 'Projects'),
-      global: path.join(vaultRoot, 'Global'),
-      templates: path.join(vaultRoot, 'Templates'),
-      memory: path.join(vaultRoot, 'Memory')
-    }
-  }
-  /**
-   * Get all paths for a specific project
-   */
-  static getProjectPaths(
-    vaultRoot: string,
-    projectName: string
-  ): ProjectPaths {
-    const projectRoot = path.join(vaultRoot, 'Projects', projectName)
-    return {
-      root: projectRoot,
-      context: path.join(projectRoot, 'context.md'),
-      decisions: path.join(projectRoot, 'decisions.md'),
-      progress: path.join(projectRoot, 'progress.md'),
-      standards: path.join(projectRoot, 'standards.md'),
-      patterns: path.join(projectRoot, 'patterns.md'),
-      corrections: path.join(projectRoot, 'corrections.md')
-    }
-  }
-  /**
-   * Validate project name (kebab-case, no special chars)
-   */
-  static isValidProjectName(name: string): boolean {
-    return /^[a-z0-9]+(-[a-z0-9]+)*$/.test(name)
-  }
-  /**
-   * Normalize project name to kebab-case
-   */
-  static normalizeProjectName(name: string): string {
-    return name
-      .toLowerCase()
-      .replace(/[^a-z0-9]+/g, '-')
-      .replace(/^-+|-+$/g, '')
-  }
-  /**
-   * Extract project name from a file path
-   */
-  static extractProjectName(filePath: string, vaultRoot: string): string | null {
-    const projectsPath = path.join(vaultRoot, 'Projects')
-    const relativePath = path.relative(projectsPath, filePath)
-    if (relativePath.startsWith('..')) {
-      return null // File is not inside Projects directory
-    }
-    const parts = relativePath.split(path.sep)
-    const projectName = parts[0]
-    return projectName !== undefined && projectName !== '' ? projectName : null
-  }
-  /**
-   * Check if a path is inside the vault
-   */
-  static isInsideVault(filePath: string, vaultRoot: string): boolean {
-    const resolvedPath = path.resolve(filePath)
-    const resolvedRoot = path.resolve(vaultRoot)
-    // Ensure the vault root ends with separator for proper prefix matching
-    // This prevents /vault matching /vaultx
-    const normalizedRoot = resolvedRoot.endsWith(path.sep)
-      ? resolvedRoot
-      : resolvedRoot + path.sep
-    return resolvedPath === resolvedRoot || resolvedPath.startsWith(normalizedRoot)
-  }
-  /**
-   * Get the relative path from vault root
-   */
-  static getRelativePath(filePath: string, vaultRoot: string): string {
-    return path.relative(vaultRoot, filePath)
-  }
-  /**
-   * Join paths safely within the vault
-   */
-  static joinVaultPath(vaultRoot: string, ...segments: string[]): string {
-    const joined = path.join(vaultRoot, ...segments)
-    if (!VaultPathUtils.isInsideVault(joined, vaultRoot)) {
-      throw new Error('Path traversal detected: path escapes vault root')
-    }
-    return joined
-  }
-}
+/**
+ * Vault Path Utilities
+ * Utilities for working with vault directory structure and paths
+ */
+import path from 'path'
+import type { VaultPaths, ProjectPaths } from './types'
+export class VaultPathUtils {
+  /**
+   * Get all vault paths from root
+   */
+  static getVaultPaths(vaultRoot: string): VaultPaths {
+    return {
+      root: vaultRoot,
+      projects: path.join(vaultRoot, 'Projects'),
+      global: path.join(vaultRoot, 'Global'),
+      templates: path.join(vaultRoot, 'Templates'),
+      memory: path.join(vaultRoot, 'Memory')
+    }
+  }
+  /**
+   * Get all paths for a specific project
+   */
+  static getProjectPaths(
+    vaultRoot: string,
+    projectName: string
+  ): ProjectPaths {
+    const projectRoot = path.join(vaultRoot, 'Projects', projectName)
+    return {
+      root: projectRoot,
+      context: path.join(projectRoot, 'context.md'),
+      decisions: path.join(projectRoot, 'decisions.md'),
+      progress: path.join(projectRoot, 'progress.md'),
+      standards: path.join(projectRoot, 'standards.md'),
+      patterns: path.join(projectRoot, 'patterns.md'),
+      corrections: path.join(projectRoot, 'corrections.md')
+    }
+  }
+  /**
+   * Validate project name (kebab-case, no special chars)
+   */
+  static isValidProjectName(name: string): boolean {
+    return /^[a-z0-9]+(-[a-z0-9]+)*$/.test(name)
+  }
+  /**
+   * Normalize project name to kebab-case
+   */
+  static normalizeProjectName(name: string): string {
+    return name
+      .toLowerCase()
+      .replace(/[^a-z0-9]+/g, '-')
+      .replace(/^-+|-+$/g, '')
+  }
+  /**
+   * Extract project name from a file path
+   */
+  static extractProjectName(filePath: string, vaultRoot: string): string | null {
+    const projectsPath = path.join(vaultRoot, 'Projects')
+    const relativePath = path.relative(projectsPath, filePath)
+    if (relativePath.startsWith('..')) {
+      return null // File is not inside Projects directory
+    }
+    const parts = relativePath.split(path.sep)
+    const projectName = parts[0]
+    return projectName !== undefined && projectName !== '' ? projectName : null
+  }
+  /**
+   * Check if a path is inside the vault
+   */
+  static isInsideVault(filePath: string, vaultRoot: string): boolean {
+    const resolvedPath = path.resolve(filePath)
+    const resolvedRoot = path.resolve(vaultRoot)
+    // Ensure the vault root ends with separator for proper prefix matching
+    // This prevents /vault matching /vaultx
+    const normalizedRoot = resolvedRoot.endsWith(path.sep)
+      ? resolvedRoot
+      : resolvedRoot + path.sep
+    return resolvedPath === resolvedRoot || resolvedPath.startsWith(normalizedRoot)
+  }
+  /**
+   * Get the relative path from vault root
+   */
+  static getRelativePath(filePath: string, vaultRoot: string): string {
+    return path.relative(vaultRoot, filePath)
+  }
+  /**
+   * Join paths safely within the vault
+   */
+  static joinVaultPath(vaultRoot: string, ...segments: string[]): string {
+    const joined = path.join(vaultRoot, ...segments)
+    if (!VaultPathUtils.isInsideVault(joined, vaultRoot)) {
+      throw new Error('Path traversal detected: path escapes vault root')
+    }
+    return joined
+  }
+}

package/src/vault/query.ts CHANGED Viewed

@@ -71,7 +71,10 @@ export class VaultQuery {
       // Read all files
       const markdownFiles = await Promise.all(
         allFiles.map(f =>
-          this.reader.readMarkdownFile(f).catch(() => null)
+          this.reader.readMarkdownFile(f).catch((error) => {
+            this.logger.warn({ error, file: f }, 'Failed to read markdown file')
+            return null
+          })
         )
       )

package/src/vault/reader.ts CHANGED Viewed

@@ -8,6 +8,7 @@ import path from 'path'
 import matter from 'gray-matter'
 import type { Logger } from 'pino'
 import type { MarkdownFile, Frontmatter } from './types'
+import { validatePath } from '@/utils/safe-path'
 export interface CacheStats {
   size: number
@@ -20,16 +21,18 @@ export class VaultReader {
   private logger: Logger
   private maxCacheSize: number
   private cacheMaxAge: number // milliseconds
+  private baseDir: string
   constructor(
     logger: Logger,
-    options: { maxCacheSize?: number; cacheMaxAge?: number } = {}
+    options: { maxCacheSize?: number; cacheMaxAge?: number; baseDir?: string } = {}
   ) {
     this.logger = logger.child({ component: 'vault-reader' })
     this.cache = new Map()
     this.cacheTimestamps = new Map()
     this.maxCacheSize = options.maxCacheSize ?? 100
     this.cacheMaxAge = options.cacheMaxAge ?? 5 * 60 * 1000 // 5 minutes default
+    this.baseDir = options.baseDir ?? ''
   }
   /**
@@ -39,6 +42,16 @@ export class VaultReader {
     filePath: string,
     useCache: boolean = true
   ): Promise<MarkdownFile> {
+    // Validate path against base directory
+    if (this.baseDir) {
+      try {
+        validatePath(filePath, this.baseDir)
+      } catch (error) {
+        this.logger.error({ error, filePath, baseDir: this.baseDir }, 'Path traversal blocked in readMarkdownFile')
+        throw new Error(`Path validation failed for ${filePath}: ${error}`)
+      }
+    }
     // Check cache first
     if (useCache && this.isCacheValid(filePath)) {
       this.logger.debug({ filePath }, 'Cache hit')
@@ -104,6 +117,16 @@ export class VaultReader {
     dirPath: string,
     recursive: boolean = false
   ): Promise<string[]> {
+    // Validate path against base directory
+    if (this.baseDir) {
+      try {
+        validatePath(dirPath, this.baseDir)
+      } catch (error) {
+        this.logger.error({ error, dirPath, baseDir: this.baseDir }, 'Path traversal blocked in readDirectory')
+        throw new Error(`Path validation failed for ${dirPath}: ${error}`)
+      }
+    }
     try {
       const entries = await fs.readdir(dirPath, { withFileTypes: true })
       let files: string[] = []
@@ -130,6 +153,16 @@ export class VaultReader {
    * Get all project directories
    */
   async getProjectDirectories(projectsPath: string): Promise<string[]> {
+    // Validate path against base directory
+    if (this.baseDir) {
+      try {
+        validatePath(projectsPath, this.baseDir)
+      } catch (error) {
+        this.logger.error({ error, projectsPath, baseDir: this.baseDir }, 'Path traversal blocked in getProjectDirectories')
+        throw new Error(`Path validation failed for ${projectsPath}: ${error}`)
+      }
+    }
     try {
       const entries = await fs.readdir(projectsPath, { withFileTypes: true })
       return entries
@@ -149,6 +182,16 @@ export class VaultReader {
     created: Date
     modified: Date
   } | null> {
+    // Validate path against base directory
+    if (this.baseDir) {
+      try {
+        validatePath(filePath, this.baseDir)
+      } catch (error) {
+        this.logger.error({ error, filePath, baseDir: this.baseDir }, 'Path traversal blocked in getFileStats')
+        throw new Error(`Path validation failed for ${filePath}: ${error}`)
+      }
+    }
     try {
       const stats = await fs.stat(filePath)
       return {

package/src/vault/watcher.ts CHANGED Viewed

@@ -8,6 +8,7 @@ import fs from 'fs/promises'
 import path from 'path'
 import { EventEmitter } from 'events'
 import type { Logger } from 'pino'
+import { validatePath } from '@/utils/safe-path'
 export type FileChangeType = 'created' | 'modified' | 'deleted'
@@ -36,14 +37,16 @@ export class VaultWatcher extends EventEmitter {
   private debounceTimers: Map<string, NodeJS.Timeout>
   private debounceMs: number
   private fileStates: Map<string, boolean> // Track if file exists
+  private baseDir: string
-  constructor(logger: Logger, debounceMs: number = 500) {
+  constructor(logger: Logger, debounceMs: number = 500, baseDir: string = '') {
     super()
     this.logger = logger.child({ component: 'vault-watcher' })
     this.watchers = new Map()
     this.debounceTimers = new Map()
     this.debounceMs = debounceMs
     this.fileStates = new Map()
+    this.baseDir = baseDir
   }
   /**
@@ -70,6 +73,16 @@ export class VaultWatcher extends EventEmitter {
    * Start watching a directory
    */
   watch(dirPath: string, recursive: boolean = true): void {
+    // Validate path against base directory
+    if (this.baseDir) {
+      try {
+        validatePath(dirPath, this.baseDir)
+      } catch (error) {
+        this.logger.error({ error, dirPath, baseDir: this.baseDir }, 'Path traversal blocked in watch')
+        throw new Error(`Path validation failed for ${dirPath}: ${error}`)
+      }
+    }
     if (this.watchers.has(dirPath)) {
       this.logger.warn({ dirPath }, 'Already watching directory')
       return
@@ -105,6 +118,16 @@ export class VaultWatcher extends EventEmitter {
    * Stop watching a directory
    */
   unwatch(dirPath: string): void {
+    // Validate path against base directory
+    if (this.baseDir) {
+      try {
+        validatePath(dirPath, this.baseDir)
+      } catch (error) {
+        this.logger.error({ error, dirPath, baseDir: this.baseDir }, 'Path traversal blocked in unwatch')
+        throw new Error(`Path validation failed for ${dirPath}: ${error}`)
+      }
+    }
     const watcher = this.watchers.get(dirPath)
     if (watcher) {
       watcher.close()