claude-mem-lite 2.3.1 → 2.3.3

package/.claude-plugin/marketplace.json

@@ -10,7 +10,7 @@
   "plugins": [
     {
       "name": "claude-mem-lite",
-      "version": "2.1.6",
+      "version": "2.3.2",
       "source": "./",
       "description": "Lightweight persistent memory system for Claude Code — FTS5 search, episode batching, error-triggered recall"
     }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-mem-lite",
-  "version": "2.2.0",
+  "version": "2.3.3",
   "description": "Lightweight persistent memory system for Claude Code — FTS5 search, episode batching, error-triggered recall",
   "author": {
     "name": "sdsrss"

package/.mcp.json

@@ -1,8 +1,3 @@
 {
-  "mcpServers": {
-    "mem": {
-      "command": "node",
-      "args": ["${CLAUDE_PLUGIN_ROOT}/scripts/launch.mjs"]
-    }
-  }
-}
+  "mcpServers": {}
+}

package/commands/mem.md

@@ -1,4 +1,5 @@
 ---
+name: mem
 description: Search and manage project memory (observations, sessions, prompts)
 ---
 
@@ -13,6 +14,9 @@ Search and browse your project memory efficiently.
 - `/mem save <text>` — Save a manual memory/note
 - `/mem stats` — Show memory statistics
 - `/mem timeline <query>` — Browse timeline around a matching observation
+- `/mem cleanup` — Scan and interactively purge stale data
+- `/mem cleanup [N]d` — Purge stale data older than N days (e.g. `cleanup 60d`)
+- `/mem cleanup keep [N]d` — Purge stale data but retain last N days (e.g. `cleanup keep 14d`)
 
 ## Efficient Search Workflow (3 steps, saves 10x tokens)
 
@@ -29,6 +33,9 @@ When the user invokes `/mem`, parse their intent:
 - `/mem save <text>` → call `mem_save` with the text as content
 - `/mem stats` → call `mem_stats`
 - `/mem timeline <query>` → call `mem_timeline` with the query
+- `/mem cleanup` → run `mem_maintain(action="scan")`, report pending purge count and stale items to user, ask for confirmation, then run `mem_maintain(action="execute", operations=["purge_stale"])` if confirmed
+- `/mem cleanup Nd` (e.g. `60d`) → same as above but use `retain_days=N` to only purge items older than N days
+- `/mem cleanup keep Nd` (e.g. `keep 14d`) → same as above with `retain_days=N`
 - `/mem <query>` (no subcommand) → treat as search, call `mem_search`
 
 Always use the compact index from mem_search first, then mem_get for details only when needed. This minimizes token usage.

package/commands/update.md

@@ -18,10 +18,11 @@ When the user invokes `/mem:update`, perform the following maintenance cycle:
 ### Phase 1: Memory Maintenance
 
 1. Call `mem_maintain(action="scan")` to analyze maintenance candidates
-2. Report scan results to the user (duplicates, stale items, broken items, boostable items)
+2. Report scan results to the user (duplicates, stale items, broken items, boostable items, **pending purge** items)
 3. Call `mem_maintain(action="execute", operations=["cleanup","decay","boost"])` to apply safe automatic changes
 4. If duplicates were found in scan, review them and call `mem_maintain(action="execute", operations=["dedup"], merge_ids=[[keepId, removeId1, ...], ...])` — keep the more important/recent observation in each pair
 5. Run `mem_compress(preview=false)` for old low-value observations
+6. **If pending purge items > 0**: Report the count to the user and ask for confirmation. If confirmed, call `mem_maintain(action="execute", operations=["purge_stale"])`. User may optionally specify `retain_days` (default 30) to control how many days of data to keep. Do NOT purge without explicit user confirmation.
 
 ### Phase 2: Registry Maintenance
 

package/dispatch-inject.mjs

@@ -2,7 +2,7 @@
 // Formats resource recommendations for Claude Code's additionalContext
 
 import { existsSync, readFileSync } from 'fs';
-import { join } from 'path';
+import { join, resolve } from 'path';
 import { homedir } from 'os';
 import { truncate } from './utils.mjs';
 import { DB_DIR } from './schema.mjs';
@@ -18,13 +18,14 @@ function truncateContent(str, max) {
 
 // Allowed base directories for resource file reads (defense-in-depth)
 const ALLOWED_BASES = [
-  join(homedir(), '.claude'),
-  join(DB_DIR, 'managed'),
+  resolve(join(homedir(), '.claude')),
+  resolve(join(DB_DIR, 'managed')),
 ];
 
 function isAllowedPath(filePath) {
   if (!filePath) return false;
-  return ALLOWED_BASES.some(base => filePath === base || filePath.startsWith(base + '/'));
+  const resolved = resolve(filePath);
+  return ALLOWED_BASES.some(base => resolved === base || resolved.startsWith(base + '/'));
 }
 
 // ─── Template Detection ──────────────────────────────────────────────────────

package/dispatch.mjs

@@ -32,22 +32,28 @@ export const BM25_MIN_THRESHOLD = 1.5;
 // ─── Haiku Circuit Breaker ──────────────────────────────────────────────────
 // Prevents cascading latency when Haiku API is down or slow.
 // After BREAKER_THRESHOLD consecutive failures, disable for BREAKER_RESET_MS.
+// KNOWN LIMITATION: File-based state has a TOCTOU race under concurrent hook
+// processes. Worst case: breaker trips on failure N+1 instead of N. This is
+// acceptable — the breaker is a latency guard, not a correctness mechanism.
 
 const BREAKER_THRESHOLD = 3;
 const BREAKER_RESET_MS = 5 * 60 * 1000; // 5 minutes
-const BREAKER_FILE = join(RUNTIME_DIR, 'haiku-breaker.json');
+let breakerFile = join(RUNTIME_DIR, 'haiku-breaker.json');
 
 function _readBreakerState() {
   try {
-    if (!existsSync(BREAKER_FILE)) return { failures: 0, openUntil: 0 };
-    return JSON.parse(readFileSync(BREAKER_FILE, 'utf8'));
+    if (!existsSync(breakerFile)) return { failures: 0, openUntil: 0 };
+    return JSON.parse(readFileSync(breakerFile, 'utf8'));
   } catch { return { failures: 0, openUntil: 0 }; }
 }
 
 function _writeBreakerState(state) {
-  try { writeFileSync(BREAKER_FILE, JSON.stringify(state)); } catch {}
+  try { writeFileSync(breakerFile, JSON.stringify(state)); } catch {}
 }
 
+/** Override breaker file path (for testing isolation). */
+export function _setBreakerFile(path) { breakerFile = path; }
+
 function isHaikuCircuitOpen() {
   const state = _readBreakerState();
   if (state.openUntil > 0 && Date.now() < state.openUntil) return true;
@@ -636,15 +642,27 @@ JSON: {"query":"search keywords for finding the right skill or agent","type":"sk
 
 // ─── Cooldown & Dedup (DB-persisted, survives process restarts) ─────────────
 
+/**
+ * Check if session has hit the recommendation cap.
+ * Separated from per-resource check so callers in filter loops can hoist this.
+ * @param {Database} db Registry database
+ * @param {string} sessionId Session identifier
+ * @returns {boolean} true if session cap is reached
+ */
+export function isSessionCapped(db, sessionId) {
+  if (!sessionId) return false;
+  const sessionCount = db.prepare(
+    'SELECT COUNT(*) as cnt FROM invocations WHERE session_id = ? AND recommended = 1'
+  ).get(sessionId);
+  return sessionCount.cnt >= SESSION_RECOMMEND_CAP;
+}
+
 export function isRecentlyRecommended(db, resourceId, sessionId) {
-  // Check 1 & 2: Session-scoped checks (cap + dedup) — only when sessionId is available
+  // Check 1: Session cap (loop-invariant — callers should prefer isSessionCapped for filter loops)
   if (sessionId) {
-    const sessionCount = db.prepare(
-      'SELECT COUNT(*) as cnt FROM invocations WHERE session_id = ? AND recommended = 1'
-    ).get(sessionId);
-    if (sessionCount.cnt >= SESSION_RECOMMEND_CAP) return true;
+    if (isSessionCapped(db, sessionId)) return true;
 
-    // Already recommended in this session (session dedup)
+    // Check 2: Already recommended in this session (session dedup)
     const sessionHit = db.prepare(
       'SELECT 1 FROM invocations WHERE resource_id = ? AND session_id = ? AND recommended = 1 LIMIT 1'
     ).get(resourceId, sessionId);
@@ -857,7 +875,8 @@ export async function dispatchOnSessionStart(db, userPrompt, sessionId, { hasHan
 
     if (results.length === 0) return null;
 
-    // Filter by DB-persisted cooldown + session dedup
+    // Filter by DB-persisted cooldown + session dedup (hoisted cap check avoids N queries)
+    if (sessionId && isSessionCapped(db, sessionId)) return null;
     const viable = sessionId
       ? results.filter(r => !isRecentlyRecommended(db, r.id, sessionId))
       : results;
@@ -895,12 +914,13 @@ export async function dispatchOnUserPrompt(db, userPrompt, sessionId, { sessionE
   if (!userPrompt || !db) return null;
 
   try {
-    // 1. Explicit request → highest priority, bypass all restrictions
+    // 1. Explicit request → highest priority, bypass cooldown but apply adoption decay
     const explicit = detectExplicitRequest(userPrompt);
     if (explicit.isExplicit) {
       const textQuery = buildQueryFromText(explicit.searchTerm);
       if (textQuery) {
-        const explicitResults = retrieveResources(db, textQuery, { limit: 3, projectDomains: detectProjectDomains() });
+        let explicitResults = retrieveResources(db, textQuery, { limit: 3, projectDomains: detectProjectDomains() });
+        explicitResults = applyAdoptionDecay(explicitResults, db);
         if (explicitResults.length > 0) {
           const best = explicitResults[0];
           if (!sessionId || !isRecentlyRecommended(db, best.id, sessionId)) {
@@ -960,7 +980,8 @@ export async function dispatchOnUserPrompt(db, userPrompt, sessionId, { sessionE
     // Low confidence → skip (no Haiku in user_prompt path — stay fast)
     if (needsHaikuDispatch(results)) return null;
 
-    // Filter by cooldown + session dedup (prevents double-recommend with SessionStart)
+    // Filter by cooldown + session dedup (hoisted cap check avoids N queries)
+    if (sessionId && isSessionCapped(db, sessionId)) return null;
     const viable = sessionId
       ? results.filter(r => !isRecentlyRecommended(db, r.id, sessionId))
       : results;
@@ -1028,8 +1049,9 @@ export async function dispatchOnPreToolUse(db, event, sessionCtx = {}) {
     // Low-confidence results: skip recommendation rather than suggest unreliable match
     if (needsHaikuDispatch(results)) return null;
 
-    // Apply DB-persisted cooldown and session dedup (filter all, not just top)
+    // Apply DB-persisted cooldown and session dedup (hoisted cap check avoids N queries)
     const sid = sessionCtx.sessionId || null;
+    if (sid && isSessionCapped(db, sid)) return null;
     const viable = sid
       ? results.filter(r => !isRecentlyRecommended(db, r.id, sid))
       : results;

package/hook-shared.mjs

@@ -6,7 +6,7 @@ import { randomUUID } from 'crypto';
 import { join } from 'path';
 import { existsSync, readFileSync, writeFileSync, appendFileSync, mkdirSync, renameSync, unlinkSync } from 'fs';
 import { inferProject, debugCatch } from './utils.mjs';
-import { ensureDb, DB_DIR } from './schema.mjs';
+import { ensureDb, DB_DIR, REGISTRY_DB_PATH } from './schema.mjs';
 import { ensureRegistryDb } from './registry.mjs';
 import { getClaudePath as getClaudePathShared, resolveModel as resolveModelShared } from './haiku-client.mjs';
 
@@ -23,14 +23,14 @@ export const STALE_SESSION_MS = 24 * 60 * 60 * 1000;     // 24h
 export const STALE_LOCK_MS = 30000;                       // 30s
 export const DEDUP_WINDOW_MS = 5 * 60 * 1000;            // 5 min (title dedup)
 export const RELATED_OBS_WINDOW_MS = 7 * 86400000;       // 7 days
-export const FALLBACK_OBS_WINDOW_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+export const FALLBACK_OBS_WINDOW_MS = RELATED_OBS_WINDOW_MS; // same window
 export const RESOURCE_RESCAN_INTERVAL_MS = 60 * 60 * 1000;    // 1 hour
 
 // Handoff system constants
 export const HANDOFF_EXPIRY_CLEAR = 3600000;                   // 1 hour
 export const HANDOFF_EXPIRY_EXIT = 7 * 24 * 60 * 60 * 1000;   // 7 days
 export const HANDOFF_MATCH_THRESHOLD = 3;                       // min weighted score
-export const CONTINUE_KEYWORDS = /继续|接着|上次|之前的|前面的|刚才|\bcontinue\b|\bresume\b|\bwhere[\s\-]+we[\s\-]+left\b|\bpick[\s\-]+up\b|\bcarry[\s\-]+on\b/i;
+export const CONTINUE_KEYWORDS = /继续|接着|上次|之前的|前面的|刚才|\bcontinue\b|\bresume\b|\bwhere[\s-]+we[\s-]+left\b|\bpick[\s-]+up\b|\bcarry[\s-]+on\b/i;
 
 // Ensure runtime directory exists
 try { if (!existsSync(RUNTIME_DIR)) mkdirSync(RUNTIME_DIR, { recursive: true }); } catch {}
@@ -70,8 +70,6 @@ export function openDb() {
 }
 
 // ─── Registry Database (dispatch system) ─────────────────────────────────────
-
-const REGISTRY_DB_PATH = join(DB_DIR, 'resource-registry.db');
 let _registryDb = null;
 
 export function getRegistryDb() {
@@ -101,6 +99,7 @@ export function callLLM(prompt, timeoutMs = 15000) {
   } catch (e) {
     const out = _extractResponseFromError(e);
     if (out) return out;
+    debugCatch(e, 'callLLM');
     return null;
   }
 }
@@ -201,7 +200,12 @@ export function peekToolEvents() {
 export function _extractResponseFromError(error) {
   const out = error.stdout?.toString?.()?.trim() || error.output?.[1]?.toString?.()?.trim() || '';
   if (out && out.startsWith('{') && out.endsWith('}')) {
-    try { JSON.parse(out); return out; } catch { return null; }
+    try {
+      const parsed = JSON.parse(out);
+      // Reject structurally incomplete responses (e.g. truncated mid-output)
+      if (typeof parsed !== 'object' || parsed === null || Object.keys(parsed).length === 0) return null;
+      return out;
+    } catch { return null; }
   }
   return null;
 }

package/hook.mjs

@@ -11,6 +11,7 @@ import {
   truncate, typeIcon, inferProject, detectBashSignificance,
   extractErrorKeywords, extractFilePaths, isRelatedToEpisode,
   makeEntryDesc, scrubSecrets, EDIT_TOOLS, debugCatch, debugLog, fmtTime,
+  COMPRESSED_AUTO,
 } from './utils.mjs';
 import {
   readEpisodeRaw, episodeFile,
@@ -256,7 +257,7 @@ async function handlePostToolUse() {
       appendToolEvent({
         tool_name,
         tool_input: toolInput,
-        tool_response: (tool_name === 'Bash' && bashSig?.isError) ? resp.slice(0, 500) : '',
+        tool_response: (tool_name === 'Bash' && bashSig?.isError) ? scrubSecrets(resp.slice(0, 500)) : '',
       });
     }
   } finally {
@@ -457,7 +458,7 @@ async function handleSessionStart() {
       // Auto-compress: mark old low-importance observations as compressed (30+ days, importance=1)
       // Lightweight: only marks rows, doesn't create summaries (full compression via mem_compress)
       const compressed = db.prepare(`
-        UPDATE observations SET compressed_into = -1
+        UPDATE observations SET compressed_into = ${COMPRESSED_AUTO}
         WHERE COALESCE(compressed_into, 0) = 0
           AND importance = 1
           AND created_at_epoch < ?
@@ -883,7 +884,7 @@ async function handleResourceScan() {
     }
 
     // Upsert changed resources with fallback metadata (no Haiku)
-    let firstErr = true;
+    let upsertErrors = 0;
     for (const res of toIndex) {
       try {
         upsertResource(rdb, {
@@ -898,7 +899,7 @@ async function handleResourceScan() {
           trigger_patterns: `when user needs ${res.name.replace(/-/g, ' ').replace(/\//g, ' ')}`,
           capability_summary: `${res.type}: ${res.name.replace(/-/g, ' ')}`,
         });
-      } catch (e) { if (firstErr) { debugCatch(e, 'handleResourceScan-upsert'); firstErr = false; } }
+      } catch (e) { upsertErrors++; if (upsertErrors <= 3) debugCatch(e, `handleResourceScan-upsert[${upsertErrors}]`); }
     }
 
     // Disable resources no longer on filesystem
@@ -921,7 +922,7 @@ function readStdin() {
   const MAX_STDIN = 256 * 1024; // 256KB — large tool responses are truncated
   return new Promise((resolve, reject) => {
     let data = '';
-    const timeout = setTimeout(() => { process.stdin.destroy(); reject(new Error('timeout')); }, 3000);
+    const timeout = setTimeout(() => { debugLog('WARN', 'readStdin', 'stdin timeout after 3s — event dropped'); process.stdin.destroy(); reject(new Error('timeout')); }, 3000);
     process.stdin.setEncoding('utf8');
     process.stdin.on('data', chunk => {
       data += chunk;

package/hooks/hooks.json

@@ -13,7 +13,7 @@
           {
             "type": "command",
             "command": "node \"${CLAUDE_PLUGIN_ROOT}/hook.mjs\" session-start",
-            "timeout": 10
+            "timeout": 15
           }
         ]
       }