claude-mem-lite 2.28.1 → 2.28.2

package/.claude-plugin/marketplace.json

@@ -10,7 +10,7 @@
   "plugins": [
     {
       "name": "claude-mem-lite",
-      "version": "2.28.1",
+      "version": "2.28.2",
       "source": "./",
       "description": "Lightweight persistent memory system for Claude Code — FTS5 search, episode batching, error-triggered recall"
     }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-mem-lite",
-  "version": "2.28.1",
+  "version": "2.28.2",
   "description": "Lightweight persistent memory system for Claude Code — FTS5 search, episode batching, error-triggered recall",
   "author": {
     "name": "sdsrss"

package/cli.mjs

@@ -16,7 +16,19 @@ if (cmd === '--version' || cmd === '-v') {
 } else if (CLI_COMMANDS.has(cmd)) {
   const { run } = await import('./mem-cli.mjs');
   await run(process.argv.slice(2));
-} else if (!cmd || INSTALL_COMMANDS.has(cmd)) {
+} else if (!cmd) {
+  // No command: show CLI help if installed, install help if not
+  const { existsSync } = await import('fs');
+  const { join } = await import('path');
+  const dbPath = join(process.env.HOME || '', '.claude-mem-lite', 'claude-mem-lite.db');
+  if (existsSync(dbPath)) {
+    const { run } = await import('./mem-cli.mjs');
+    await run(['help']);
+  } else {
+    const { main } = await import('./install.mjs');
+    await main([]);
+  }
+} else if (INSTALL_COMMANDS.has(cmd)) {
   const { main } = await import('./install.mjs');
   await main(process.argv.slice(2));
 } else {

package/hook-episode.mjs

@@ -107,7 +107,7 @@ export function readEpisode() {
  */
 export function writeEpisode(episode) {
   const target = episodeFile();
-  const tmp = target + '.tmp';
+  const tmp = target + `.tmp-${process.pid}`;
   const { _fileSet, ...serializable } = episode;
   writeFileSync(tmp, JSON.stringify(serializable));
   try {

package/hook-semaphore.mjs

@@ -2,7 +2,7 @@
 // Limits concurrent claude -p calls to prevent resource contention
 
 import { join } from 'path';
-import { readFileSync, writeFileSync, unlinkSync, readdirSync, openSync, closeSync, writeSync, constants as fsConstants } from 'fs';
+import { readFileSync, unlinkSync, readdirSync, openSync, closeSync, writeSync, constants as fsConstants } from 'fs';
 import { RUNTIME_DIR } from './hook-shared.mjs';
 
 export const LLM_SEM_MAX = 2;
@@ -21,7 +21,7 @@ export async function acquireLLMSlot() {
 
   while (Date.now() < deadline) {
     // Acquire-then-verify: atomically create our slot first, then check total count
-    let created = false;
+    let created;
     try {
       let fd;
       try {
@@ -33,8 +33,9 @@ export async function acquireLLMSlot() {
         if (fd !== undefined) closeSync(fd);
       }
     } catch {
-      // Slot file already exists for this PID — update timestamp
-      try { writeFileSync(slotFile, JSON.stringify({ pid: process.pid, ts: Date.now() })); created = true; } catch {}
+      // Slot file already exists for this PID — stale cleanup should have removed it;
+      // retry and let O_CREAT|O_EXCL succeed on next iteration (avoid non-atomic fallback)
+      continue;
     }
 
     if (!created) { await sleepMs(200 + Math.random() * 800); continue; }

package/hook-update.mjs

@@ -214,7 +214,7 @@ async function downloadAndInstall(tarballUrl) {
 
     // Download tarball via curl (available on all supported platforms)
     // Validate URL to prevent command injection via crafted tarball URLs
-    if (!/^https:\/\/[a-zA-Z0-9./-]+$/.test(tarballUrl)) {
+    if (!/^https:\/\/(?:api\.)?github\.com\/[a-zA-Z0-9./_-]+$/.test(tarballUrl)) {
       debugLog('WARN', 'hook-update', `Rejected suspicious tarball URL: ${tarballUrl}`);
       return false;
     }

package/hook.mjs

@@ -37,7 +37,7 @@ import { getVocabulary } from './tfidf.mjs';
 // Prevent recursive hooks from background claude -p calls
 // Background workers (llm-episode, llm-summary) are exempt — they're ours
 const event = process.argv[2];
-const BG_EVENTS = new Set(['llm-episode', 'llm-summary']);
+const BG_EVENTS = new Set(['llm-episode', 'llm-summary', 'auto-compress']);
 
 // Respect Claude Code plugin disable state even when legacy settings.json hooks remain.
 // install.mjs writes direct hooks into ~/.claude/settings.json, so disabling the plugin

package/install.mjs

@@ -529,8 +529,9 @@ async function install() {
   }
 
   // 6. Install pre-installed resources (skills + agents)
-  log('Setting up skill/agent registry...');
-  try {
+  if (process.env.CLAUDE_MEM_SKIP_REPOS) {
+    ok('Skill/agent registry: skipped (CLAUDE_MEM_SKIP_REPOS)');
+  } else try {
     const manifestPath = join(INSTALL_DIR, 'registry', 'preinstalled.json');
     if (!existsSync(manifestPath)) {
       // For git-clone mode, check PROJECT_DIR
@@ -565,7 +566,7 @@ async function install() {
         };
 
         for (const [repoUrl, entries] of repos) {
-          const repoName = repoUrl.split('/').slice(-2).join('-');
+          const repoName = repoUrl.split('/').slice(-2).join('-').replace(/[^a-zA-Z0-9._-]/g, '_');
           const clonePath = join(managedDir, 'repos', repoName);
           let repoReady = false;
 
@@ -959,12 +960,8 @@ async function status() {
 
   // CLI
   try {
-    const cliVer = execSync('claude-mem-lite --help 2>/dev/null && echo OK', { encoding: 'utf8', timeout: 5000 });
-    if (cliVer.includes('OK')) {
-      ok('CLI: claude-mem-lite command available');
-    } else {
-      warn('CLI: command not on PATH');
-    }
+    execFileSync('claude-mem-lite', ['--help'], { encoding: 'utf8', timeout: 5000, stdio: 'pipe' });
+    ok('CLI: claude-mem-lite command available');
   } catch {
     warn('CLI: command not on PATH — run install again to create symlink');
   }
@@ -1087,7 +1084,7 @@ async function doctor() {
 
   // Check for stale processes
   try {
-    const procs = execSync('pgrep -af "chroma|claude-mem.*worker" 2>/dev/null', { encoding: 'utf8' }).trim();
+    const procs = execFileSync('pgrep', ['-af', 'chroma|claude-mem.*worker'], { encoding: 'utf8', timeout: 5000, stdio: 'pipe' }).trim();
     // Filter out the pgrep process itself (matches its own pattern)
     const real = procs.split('\n').filter(l => !l.includes('pgrep'));
     if (real.length > 0) {

package/mem-cli.mjs

@@ -52,7 +52,7 @@ function out(text) {
 }
 
 function fail(text) {
-  process.stdout.write(text + '\n');
+  process.stderr.write(text + '\n');
   process.exitCode = 1;
 }
 
@@ -115,13 +115,15 @@ function cmdSearch(db, args) {
     fail(`[mem] Invalid --sort "${sort}". Use: relevance, time, importance`);
     return;
   }
+  const useOr = flags.or === true || flags.or === 'true';
 
   if (source && !['observations', 'sessions', 'prompts'].includes(source)) {
     fail(`[mem] Invalid --source "${source}". Use: observations, sessions, prompts`);
     return;
   }
 
-  const ftsQuery = sanitizeFtsQuery(query);
+  let ftsQuery = sanitizeFtsQuery(query);
+  if (ftsQuery && useOr) ftsQuery = relaxFtsQueryToOr(ftsQuery) || ftsQuery;
   if (!ftsQuery) {
     fail(`[mem] No valid search terms in "${query}"`);
     return;
@@ -449,7 +451,7 @@ function searchFts(db, ftsQuery, { type, project, limit, dateFrom, dateTo, minIm
 function cmdRecent(db, args) {
   const { positional, flags } = parseArgs(args);
   const rawLimit = parseInt(positional[0], 10);
-  const limit = Math.max(1, Number.isFinite(rawLimit) ? rawLimit : 10);
+  const limit = (Number.isInteger(rawLimit) && rawLimit > 0) ? rawLimit : 10;
   const project = flags.project ? resolveProject(db, flags.project) : inferProject();
 
   const params = [];
@@ -511,7 +513,9 @@ function cmdRecall(db, args) {
   // Update access_count for recalled observations (aligned with MCP mem_recall)
   const recalledIds = rows.map(r => r.id);
   const recallPh = recalledIds.map(() => '?').join(',');
-  db.prepare(`UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id IN (${recallPh})`).run(Date.now(), ...recalledIds);
+  try {
+    db.prepare(`UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id IN (${recallPh})`).run(Date.now(), ...recalledIds);
+  } catch { /* non-critical: FTS5 trigger may fail on corrupted index */ }
 
   out(`[mem] History for ${filename} (${rows.length}):`);
   for (const r of rows) {
@@ -588,8 +592,10 @@ function cmdGet(db, args) {
   }
 
   // Update access_count + auto-boost (aligned with MCP mem_get)
-  db.prepare(`UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id IN (${placeholders})`).run(Date.now(), ...ids);
-  autoBoostIfNeeded(db, ids);
+  try {
+    db.prepare(`UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id IN (${placeholders})`).run(Date.now(), ...ids);
+    autoBoostIfNeeded(db, ids);
+  } catch { /* non-critical: FTS5 trigger may fail on corrupted index */ }
 
   const rows = db.prepare(`
     SELECT * FROM observations
@@ -680,7 +686,9 @@ function cmdTimeline(db, args) {
   }
 
   // Update access_count for anchor (aligned with MCP mem_timeline)
-  db.prepare('UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id = ?').run(Date.now(), anchorId);
+  try {
+    db.prepare('UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id = ?').run(Date.now(), anchorId);
+  } catch { /* non-critical: FTS5 trigger may fail on corrupted index */ }
 
   // Get anchor epoch
   const anchorRow = db.prepare('SELECT created_at_epoch, project FROM observations WHERE id = ?').get(anchorId);
@@ -1786,6 +1794,7 @@ Commands:
     --offset N          Skip first N results (pagination)
     --tier T            Filter by tier (working|active|archive, observations only)
     --sort S            Sort: relevance (default), time, importance
+    --or                Use OR instead of AND between search terms
 
   recent [N]            Show N most recent observations (default 10)
     --project P         Filter by project
@@ -1869,7 +1878,7 @@ DB: ${DB_PATH}`);
 
 // ─── Import (GitHub) ────────────────────────────────────────────────────────
 
-async function cmdImport(db, argv) {
+async function cmdImport(argv) {
   const { positional, flags } = parseArgs(argv);
   const url = positional[0];
 
@@ -1923,7 +1932,7 @@ async function cmdImport(db, argv) {
 
 // ─── Enrich ─────────────────────────────────────────────────────────────────
 
-async function cmdEnrich(db, argv) {
+async function cmdEnrich(argv) {
   const { positional, flags } = parseArgs(argv);
   const name = positional[0];
 
@@ -2016,8 +2025,8 @@ export async function run(argv) {
       case 'context':   cmdContext(db, cmdArgs); break;
       case 'browse':    cmdBrowse(db, cmdArgs); break;
       case 'registry':  cmdRegistry(db, cmdArgs); break;
-      case 'import':    await cmdImport(db, cmdArgs); break;
-      case 'enrich':    await cmdEnrich(db, cmdArgs); break;
+      case 'import':    await cmdImport(cmdArgs); break;
+      case 'enrich':    await cmdEnrich(cmdArgs); break;
       default:
         out(`[mem] Unknown command: ${cmd}`);
         out('[mem] Run "claude-mem-lite help" for usage');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-mem-lite",
-  "version": "2.28.1",
+  "version": "2.28.2",
   "description": "Lightweight persistent memory system for Claude Code",
   "type": "module",
   "engines": {

package/registry-importer.mjs

@@ -4,7 +4,7 @@
 
 import { parseGitHubUrl, buildTreeUrl, buildContentUrl, buildRepoUrl, buildHeaders } from './registry-github.mjs';
 import { upsertResource } from './registry.mjs';
-import { debugLog } from './utils.mjs';
+import { debugLog, isPathConfined } from './utils.mjs';
 import { createHash } from 'crypto';
 import { mkdirSync, writeFileSync } from 'fs';
 import { join } from 'path';
@@ -276,7 +276,14 @@ export async function importFromGitHub(db, url, opts = {}) {
       const { frontmatter, body } = parseFrontmatter(content);
 
       // Root skill naming: use frontmatter name if present, else repo name for root, else discovered name
-      const name = frontmatter.name || (item.name === 'root' ? repo : item.name);
+      const rawName = frontmatter.name || (item.name === 'root' ? repo : item.name);
+      const name = rawName.replace(/[^a-zA-Z0-9._-]/g, '_');
+      // Path traversal guard: reject names that would escape managed directory
+      const typeDir = item.type === 'agent' ? 'agents' : 'skills';
+      if (!isPathConfined(join(managedDir, typeDir, name), managedDir)) {
+        debugLog('WARN', 'importer', `Rejected path-traversal name: ${rawName}`);
+        continue;
+      }
       const description = frontmatter.description || '';
       const fullText = `${name} ${description} ${body}`;
 
@@ -294,7 +301,6 @@ export async function importFromGitHub(db, url, opts = {}) {
       }
 
       // 5e. Download to managed directory
-      const typeDir = item.type === 'agent' ? 'agents' : 'skills';
       const destDir = join(managedDir, typeDir, name);
       mkdirSync(destDir, { recursive: true });
       const fileName = item.type === 'agent' ? 'AGENT.md' : 'SKILL.md';

package/registry.mjs

@@ -200,23 +200,26 @@ export function ensureRegistryDb(dbPath) {
     const resSchema = db.prepare(`SELECT sql FROM sqlite_master WHERE type='table' AND name='resources'`).get();
     if (resSchema?.sql && !resSchema.sql.includes("'github'")) {
       db.pragma('foreign_keys = OFF');
-      db.transaction(() => {
-        const hasOld = db.prepare(`SELECT 1 FROM sqlite_master WHERE type='table' AND name='resources_old'`).get();
-        if (hasOld) db.exec(`DROP TABLE resources_old`);
-        // Drop FTS triggers first (reference resources table)
-        db.exec(`DROP TRIGGER IF EXISTS res_fts_insert`);
-        db.exec(`DROP TRIGGER IF EXISTS res_fts_update`);
-        db.exec(`DROP TRIGGER IF EXISTS res_fts_delete`);
-        db.exec(`ALTER TABLE resources RENAME TO resources_old`);
-        db.exec(RESOURCES_SCHEMA);
-        // Copy all existing data
-        const cols = db.prepare("PRAGMA table_info(resources_old)").all().map(c => c.name);
-        const newCols = new Set(db.prepare("PRAGMA table_info(resources)").all().map(c => c.name));
-        const common = cols.filter(c => newCols.has(c)).join(', ');
-        db.exec(`INSERT INTO resources (${common}) SELECT ${common} FROM resources_old`);
-        db.exec(`DROP TABLE resources_old`);
-      })();
-      db.pragma('foreign_keys = ON');
+      try {
+        db.transaction(() => {
+          const hasOld = db.prepare(`SELECT 1 FROM sqlite_master WHERE type='table' AND name='resources_old'`).get();
+          if (hasOld) db.exec(`DROP TABLE resources_old`);
+          // Drop FTS triggers first (reference resources table)
+          db.exec(`DROP TRIGGER IF EXISTS res_fts_insert`);
+          db.exec(`DROP TRIGGER IF EXISTS res_fts_update`);
+          db.exec(`DROP TRIGGER IF EXISTS res_fts_delete`);
+          db.exec(`ALTER TABLE resources RENAME TO resources_old`);
+          db.exec(RESOURCES_SCHEMA);
+          // Copy all existing data
+          const cols = db.prepare("PRAGMA table_info(resources_old)").all().map(c => c.name);
+          const newCols = new Set(db.prepare("PRAGMA table_info(resources)").all().map(c => c.name));
+          const common = cols.filter(c => newCols.has(c)).join(', ');
+          db.exec(`INSERT INTO resources (${common}) SELECT ${common} FROM resources_old`);
+          db.exec(`DROP TABLE resources_old`);
+        })();
+      } finally {
+        db.pragma('foreign_keys = ON');
+      }
     }
   } catch (e) { debugCatch(e, 'resources-source-check-migration'); }
 

package/schema.mjs

@@ -13,7 +13,7 @@ export const DB_PATH = join(DB_DIR, 'claude-mem-lite.db');
 export const REGISTRY_DB_PATH = join(DB_DIR, 'resource-registry.db');
 
 // Increment when schema changes (tables, columns, indexes, FTS, migrations)
-export const CURRENT_SCHEMA_VERSION = 19;
+export const CURRENT_SCHEMA_VERSION = 20;
 
 const CORE_SCHEMA = `
   CREATE TABLE IF NOT EXISTS sdk_sessions (
@@ -173,11 +173,11 @@ export function initSchema(db) {
   db.exec(`CREATE INDEX IF NOT EXISTS idx_sessions_project ON sdk_sessions(project)`);
   db.exec(`CREATE INDEX IF NOT EXISTS idx_obs_not_compressed ON observations(created_at_epoch DESC) WHERE COALESCE(compressed_into, 0) = 0`);
 
-  // FTS5 migration: add lesson_learned column to observations_fts (one-time)
-  // Detect old FTS5 table missing lesson_learned and recreate with full column set
+  // FTS5 migration: recreate observations_fts when columns are missing (one-time)
+  // Detect old FTS5 table missing lesson_learned or search_aliases and recreate with full column set
   try {
     const ftsDdl = db.prepare(`SELECT sql FROM sqlite_master WHERE type='table' AND name='observations_fts'`).get();
-    if (ftsDdl && !ftsDdl.sql.includes('lesson_learned')) {
+    if (ftsDdl && (!ftsDdl.sql.includes('lesson_learned') || !ftsDdl.sql.includes('search_aliases'))) {
       db.exec(`DROP TRIGGER IF EXISTS observations_ai`);
       db.exec(`DROP TRIGGER IF EXISTS observations_ad`);
       db.exec(`DROP TRIGGER IF EXISTS observations_au`);
@@ -284,7 +284,7 @@ export function initSchema(db) {
           // Strategy 2: substring match for aliases (e.g., "claude-mem-lite" → match project containing "mem")
           // Extract the most distinctive token from the short name for fuzzy matching
           if (!canonical) {
-            const tokens = shortName.split(/[-_.]/).filter(t => t.length >= 3);
+            const tokens = shortName.split(/[-_.]/).filter(t => t.length >= 5);
             for (const token of tokens) {
               canonical = db.prepare(
                 `SELECT project FROM observations WHERE project LIKE ? AND project LIKE '%--_%'

package/scoring-sql.mjs

@@ -18,14 +18,14 @@ export const DEFAULT_DECAY_HALF_LIFE_MS = 14 * 86400000;
 // Single source of truth for FTS5 BM25 weight expressions.
 // Column order must match ensureFTS() calls in schema.mjs.
 
-/** observations_fts BM25 weights: title=10, subtitle=5, narrative=5, text=3, facts=3, concepts=2, lesson_learned=8 */
-export const OBS_BM25 = 'bm25(observations_fts, 10, 5, 5, 3, 3, 2, 8)';
+/** observations_fts BM25 weights: title=10, subtitle=5, narrative=5, text=3, facts=3, concepts=2, lesson_learned=8, search_aliases=5 */
+export const OBS_BM25 = 'bm25(observations_fts, 10, 5, 5, 3, 3, 2, 8, 5)';
 
 /** session_summaries_fts BM25 weights: request=5, investigated=3, learned=3, completed=3, next_steps=2, notes=1, remaining_items=1 */
 export const SESS_BM25 = 'bm25(session_summaries_fts, 5, 3, 3, 3, 2, 1, 1)';
 
 /** FTS5 columns for observations (must match BM25 weight order) */
-export const OBS_FTS_COLUMNS = ['title', 'subtitle', 'narrative', 'text', 'facts', 'concepts', 'lesson_learned'];
+export const OBS_FTS_COLUMNS = ['title', 'subtitle', 'narrative', 'text', 'facts', 'concepts', 'lesson_learned', 'search_aliases'];
 
 /** SQL CASE for type-differentiated recency decay half-lives (milliseconds) */
 export const TYPE_DECAY_CASE = `(

package/scripts/post-tool-use.sh

@@ -8,7 +8,7 @@
 [[ -n "$CLAUDE_MEM_HOOK_RUNNING" ]] && exit 0
 
 # Read stdin (tool hook JSON)
-input=$(cat)
+input=$(head -c 262144)
 
 # Extract tool_name via bash regex — no subprocess
 if [[ "$input" =~ \"tool_name\"[[:space:]]*:[[:space:]]*\"([^\"]+)\" ]]; then

package/scripts/pre-skill-bridge.js

@@ -4,10 +4,11 @@
 // Lightweight standalone (~30ms): only imports better-sqlite3, fs, path, os
 
 import { existsSync, readFileSync } from 'fs';
-import { join } from 'path';
+import { join, resolve, sep } from 'path';
 import { homedir } from 'os';
 
 const REGISTRY_DB_PATH = join(homedir(), '.claude-mem-lite', 'resource-registry.db');
+const MANAGED_BASE = join(homedir(), '.claude-mem-lite');
 const MANAGED_MARKER = '/.claude-mem-lite/managed/';
 
 try {
@@ -59,6 +60,10 @@ try {
 
     if (!existsSync(skillPath)) process.exit(0);
 
+    // Path confinement check — prevent LIKE bypass via '../' in local_path
+    const resolvedPath = resolve(skillPath);
+    if (resolvedPath !== MANAGED_BASE && !resolvedPath.startsWith(MANAGED_BASE + sep)) process.exit(0);
+
     // Read and output
     const content = readFileSync(skillPath, 'utf8');
     // Token budget: ~4 chars per token, 4000 token limit = 16000 chars

package/scripts/user-prompt-search.js

@@ -4,8 +4,8 @@
 // Lightweight: only imports schema.mjs and utils.mjs, no MCP SDK
 
 import { ensureDb, DB_DIR, REGISTRY_DB_PATH } from '../schema.mjs';
-import { sanitizeFtsQuery, relaxFtsQueryToOr, truncate, typeIcon, inferProject, OBS_BM25, TYPE_DECAY_CASE, TYPE_QUALITY_CASE } from '../utils.mjs';
-import { writeFileSync, readFileSync, existsSync } from 'fs';
+import { sanitizeFtsQuery, relaxFtsQueryToOr, truncate, typeIcon, inferProject, OBS_BM25, TYPE_DECAY_CASE, TYPE_QUALITY_CASE, isPathConfined } from '../utils.mjs';
+import { writeFileSync, readFileSync, existsSync, renameSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
 import Database from 'better-sqlite3';
@@ -198,10 +198,12 @@ function loadSkillContent(skillName) {
 
       let path = row.local_path;
       if (!path.endsWith('.md')) {
-        // Only skills can be directory paths (9 cases); agents always have full .md paths
         const candidate = join(path, 'SKILL.md');
         if (existsSync(candidate)) path = candidate;
       }
+      // Path confinement check — prevent LIKE bypass via '../' in local_path
+      const managedBase = join(homedir(), '.claude-mem-lite');
+      if (!isPathConfined(path, managedBase)) return null;
       if (!existsSync(path)) return null;
 
       const portablePath = toPortablePath(path);
@@ -232,7 +234,9 @@ function setSkillCooldown(name) {
   try {
     const data = getSkillCooldown();
     data[name] = Date.now();
-    writeFileSync(SKILL_COOLDOWN_FILE, JSON.stringify(data));
+    const tmp = SKILL_COOLDOWN_FILE + `.tmp-${process.pid}`;
+    writeFileSync(tmp, JSON.stringify(data));
+    renameSync(tmp, SKILL_COOLDOWN_FILE);
   } catch { /* silent */ }
 }
 

package/server.mjs

@@ -4,7 +4,7 @@
 
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
-import { jaccardSimilarity, truncate, typeIcon, sanitizeFtsQuery, relaxFtsQueryToOr, inferProject, computeMinHash, estimateJaccardFromMinHash, scrubSecrets, cjkBigrams, fmtDate, isoWeekKey, debugLog, debugCatch, COMPRESSED_PENDING_PURGE, OBS_BM25, SESS_BM25, TYPE_DECAY_CASE, TYPE_QUALITY_CASE, getCurrentBranch, DEFAULT_DECAY_HALF_LIFE_MS } from './utils.mjs';
+import { jaccardSimilarity, truncate, typeIcon, sanitizeFtsQuery, relaxFtsQueryToOr, inferProject, computeMinHash, estimateJaccardFromMinHash, scrubSecrets, cjkBigrams, fmtDate, isoWeekKey, debugLog, debugCatch, COMPRESSED_PENDING_PURGE, OBS_BM25, SESS_BM25, TYPE_DECAY_CASE, TYPE_QUALITY_CASE, getCurrentBranch, DEFAULT_DECAY_HALF_LIFE_MS, isPathConfined } from './utils.mjs';
 import { resolveProject as _resolveProjectShared } from './project-utils.mjs';
 import { ensureDb, DB_PATH, REGISTRY_DB_PATH, checkFTSIntegrity, rebuildFTS } from './schema.mjs';
 import { reRankWithContext, markSuperseded, extractPRFTerms, expandQueryByConcepts, autoBoostIfNeeded, runIdleCleanup } from './server-internals.mjs';
@@ -758,7 +758,9 @@ server.registerTool(
     }
 
     // Update access_count for anchor (aligned with CLI timeline)
-    db.prepare('UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id = ?').run(Date.now(), anchorId);
+    try {
+      db.prepare('UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id = ?').run(Date.now(), anchorId);
+    } catch { /* non-critical: FTS5 trigger may fail on corrupted index */ }
 
     const projectFilter = args.project ? 'AND project = ?' : '';
     const baseParams = args.project ? [args.project] : [];
@@ -818,11 +820,12 @@ server.registerTool(
       prefix = 'P#';
     } else {
       // Increment access_count for retrieved observations (batch UPDATE)
-      db.prepare(
-        `UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id IN (${placeholders})`
-      ).run(Date.now(), ...args.ids);
-      // Auto-boost importance for frequently accessed observations
-      autoBoostIfNeeded(db, args.ids);
+      try {
+        db.prepare(
+          `UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id IN (${placeholders})`
+        ).run(Date.now(), ...args.ids);
+        autoBoostIfNeeded(db, args.ids);
+      } catch { /* non-critical: FTS5 trigger may fail on corrupted index */ }
       rows = db.prepare(`SELECT * FROM observations WHERE id IN (${placeholders}) ORDER BY created_at_epoch ASC`).all(...args.ids);
       allFields = ['id', 'type', 'title', 'subtitle', 'narrative', 'text', 'facts', 'concepts', 'lesson_learned', 'search_aliases', 'files_read', 'files_modified', 'project', 'created_at', 'memory_session_id', 'prompt_number', 'importance', 'related_ids', 'access_count', 'branch', 'superseded_at', 'superseded_by', 'last_accessed_at'];
       prefix = '#';
@@ -1668,6 +1671,10 @@ server.registerTool(
       if (!row.local_path) {
         return { content: [{ type: 'text', text: `No local_path for ${args.name}` }], isError: true };
       }
+      const enrichBase = join(homedir(), '.claude-mem-lite');
+      if (!isPathConfined(row.local_path, enrichBase)) {
+        return { content: [{ type: 'text', text: `Access denied: path outside managed directory` }], isError: true };
+      }
 
       const { enrichResource } = await import('./registry-enricher.mjs');
       try {
@@ -1735,7 +1742,13 @@ server.registerTool(
       }
     }
 
-    // 4. Read content
+    // 4. Path confinement check — prevent reading arbitrary files via crafted local_path
+    const managedBase = join(homedir(), '.claude-mem-lite');
+    if (skillPath && !isPathConfined(skillPath, managedBase)) {
+      return { content: [{ type: 'text', text: `Access denied: path "${skillPath}" is outside managed directory` }], isError: true };
+    }
+
+    // 5. Read content
     let content;
     try {
       content = readFileSync(skillPath, 'utf8');
@@ -1885,7 +1898,9 @@ server.registerTool(
     // Update access_count for recalled observations
     const recalledIds = rows.map(r => r.id);
     const ph = recalledIds.map(() => '?').join(',');
-    db.prepare(`UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id IN (${ph})`).run(Date.now(), ...recalledIds);
+    try {
+      db.prepare(`UPDATE observations SET access_count = COALESCE(access_count, 0) + 1, last_accessed_at = ? WHERE id IN (${ph})`).run(Date.now(), ...recalledIds);
+    } catch { /* non-critical: FTS5 trigger may fail on corrupted index */ }
 
     const lines = [`History for ${filename} (${rows.length} observation${rows.length !== 1 ? 's' : ''}):\n`];
     for (const r of rows) {

package/tfidf.mjs

@@ -381,7 +381,7 @@ export function vectorSearch(db, queryVec, { project, type, vocabVersion, limit
 
   // Fallback: if time-window yields too few, scan without time constraint
   if (rows.length < VECTOR_MIN_RESULTS) {
-    params.push(limit);
+    const fallbackParams = [...params, limit];
     rows = db.prepare(`
       SELECT ov.observation_id, ov.vector
       FROM observation_vectors ov
@@ -389,7 +389,7 @@ export function vectorSearch(db, queryVec, { project, type, vocabVersion, limit
       WHERE ${wheres.join(' AND ')}
       ORDER BY o.created_at_epoch DESC
       LIMIT ?
-    `).all(...params);
+    `).all(...fallbackParams);
   }
 
   const results = [];

package/utils.mjs

@@ -2,7 +2,7 @@
 // Used by server.mjs, hook.mjs, and tests
 
 
-import { basename, dirname } from 'path';
+import { basename, dirname, resolve, sep } from 'path';
 import { execSync } from 'child_process';
 
 // ─── Re-exports from extracted modules ──────────────────────────────────────
@@ -27,6 +27,21 @@ export const COMPRESSED_AUTO = -1;
 /** compressed_into sentinel: pending user-confirmed purge (marked by idle cleanup) */
 export const COMPRESSED_PENDING_PURGE = -2;
 
+// ─── Path Safety ──────────────────────────────────────────────────────────
+
+/**
+ * Check if a resolved path is confined within an allowed base directory.
+ * Prevents path traversal attacks via '../' sequences.
+ * @param {string} candidate Path to check
+ * @param {string} allowedBase Base directory the path must stay within
+ * @returns {boolean} true if safe
+ */
+export function isPathConfined(candidate, allowedBase) {
+  const resolved = resolve(candidate);
+  const base = resolve(allowedBase);
+  return resolved === base || resolved.startsWith(base + sep);
+}
+
 // ─── Token Estimation ─────────────────────────────────────────────────────
 
 /**