claude-mem-lite 2.70.0 → 2.71.0

package/.claude-plugin/marketplace.json

@@ -10,7 +10,7 @@
   "plugins": [
     {
       "name": "claude-mem-lite",
-      "version": "2.70.0",
+      "version": "2.71.0",
       "source": "./",
       "description": "Lightweight persistent memory system for Claude Code — FTS5 search, episode batching, error-triggered recall"
     }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-mem-lite",
-  "version": "2.70.0",
+  "version": "2.71.0",
   "description": "Lightweight persistent memory system for Claude Code — FTS5 search, episode batching, error-triggered recall",
   "author": {
     "name": "sdsrss"

package/hook-handoff.mjs

@@ -2,7 +2,8 @@
 // Extracted for testability — hook.mjs has module-level side effects
 
 import { basename } from 'path';
-import { truncate, extractMatchKeywords, tokenizeHandoff, isSpecificTerm, LOW_SIGNAL_TITLE, EDIT_TOOLS, isMetaTriggerPrompt, notLowSignalTitleClause } from './utils.mjs';
+import { truncate, extractMatchKeywords, tokenizeHandoff, isSpecificTerm, scrubSecrets, LOW_SIGNAL_TITLE, EDIT_TOOLS, isMetaTriggerPrompt, notLowSignalTitleClause } from './utils.mjs';
+import { scrubRecord } from './lib/scrub-record.mjs';
 import {
   HANDOFF_EXPIRY_CLEAR, HANDOFF_EXPIRY_EXIT, HANDOFF_ANCHOR_MAX_AGE,
   HANDOFF_MATCH_THRESHOLD, CONTINUE_KEYWORDS,
@@ -161,6 +162,23 @@ export function buildAndSaveHandoff(db, sessionId, project, type, episodeSnapsho
   // `scopeSessionId` (CC UUID) tags the row for parallel scoping; falls back to
   // the mem-internal `sessionId` when the caller didn't supply one (tests + legacy).
   const storedSessionId = scopeSessionId || sessionId;
+  // Defense-in-depth: aggregates are built from already-stored rows + raw
+  // session memory; scrub at the persistence boundary regardless of source.
+  // Order matters: scrub raw values BEFORE truncation, so a secret straddling
+  // the truncation boundary doesn't fall below scrubSecrets's regex length
+  // floors. JSON-stringified fields (key_files) are pre-scrubbed at the
+  // element level before stringify — letting scrubSecrets rewrite the JSON
+  // string would risk breaking downstream JSON.parse.
+  const safe = scrubRecord('session_handoffs', {
+    working_on: workingOn,
+    completed: completed.map(c => `[${c.type}] ${c.title}`).join('\n'),
+    unfinished,
+    key_decisions: decisions.map(d => d.title).join('\n'),
+    match_keywords: keywords,
+  });
+  const safeKeyFiles = JSON.stringify(
+    [...fileSet].slice(0, 20).map(f => scrubSecrets(String(f)))
+  );
   db.prepare(`
     INSERT INTO session_handoffs (project, type, session_id, working_on, completed, unfinished, key_files, key_decisions, match_keywords, created_at_epoch, git_sha_at_handoff)
     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
@@ -175,12 +193,12 @@ export function buildAndSaveHandoff(db, sessionId, project, type, episodeSnapsho
       git_sha_at_handoff = excluded.git_sha_at_handoff
   `).run(
     project, type, storedSessionId,
-    truncate(workingOn, 1000),
-    completed.map(c => `[${c.type}] ${c.title}`).join('\n'),
-    unfinished.length > 3000 ? unfinished.slice(0, 2999) + '…' : unfinished,
-    JSON.stringify([...fileSet].slice(0, 20)),
-    decisions.map(d => d.title).join('\n'),
-    keywords,
+    truncate(safe.working_on, 1000),
+    safe.completed,
+    safe.unfinished.length > 3000 ? safe.unfinished.slice(0, 2999) + '…' : safe.unfinished,
+    safeKeyFiles,
+    safe.key_decisions,
+    safe.match_keywords,
     Date.now(),
     gitShaAtHandoff,
   );

package/hook-llm.mjs

@@ -10,6 +10,7 @@ import {
   getCurrentBranch, notLowSignalTitleClause,
 } from './utils.mjs';
 import { acquireLLMSlot, releaseLLMSlot } from './hook-semaphore.mjs';
+import { scrubRecord } from './lib/scrub-record.mjs';
 import { getVocabulary, computeVector } from './tfidf.mjs';
 import {
   RUNTIME_DIR, DEDUP_WINDOW_MS, RELATED_OBS_WINDOW_MS,
@@ -194,6 +195,19 @@ export function saveObservation(obs, projectOverride, sessionIdOverride, externa
 
     const { conceptsText, factsText, textField } = buildFtsTextField(obs);
 
+    // Defense-in-depth: scrub text fields before INSERT. Source is LLM output
+    // (Haiku occasionally regurgitates input verbatim — error logs, hashes).
+    const safe = scrubRecord('observations', {
+      text: textField,
+      title: obs.title || '',
+      subtitle: obs.subtitle || '',
+      narrative: obs.narrative || '',
+      concepts: conceptsText,
+      facts: factsText,
+      lesson_learned: obs.lessonLearned || null,
+      search_aliases: obs.searchAliases || null,
+    });
+
     // Atomic: observation INSERT + observation_files + vector in one transaction
     const savedId = db.transaction(() => {
       const result = db.prepare(`
@@ -201,16 +215,16 @@ export function saveObservation(obs, projectOverride, sessionIdOverride, externa
         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
       `).run(
         sessionId, project,
-        textField, obs.type, obs.title, obs.subtitle || '',
-        obs.narrative || '',
-        conceptsText,
-        factsText,
+        safe.text, obs.type, safe.title, safe.subtitle,
+        safe.narrative,
+        safe.concepts,
+        safe.facts,
         JSON.stringify(obs.filesRead || []),
         JSON.stringify(obs.files || []),
         obs.importance ?? 1,
         minhashSig,
-        obs.lessonLearned || null,
-        obs.searchAliases || null,
+        safe.lesson_learned,
+        safe.search_aliases,
         getCurrentBranch(),
         now.toISOString(), now.getTime()
       );
@@ -823,19 +837,32 @@ ${actionList}`;
         // so the enriched FTS text field + minhash + vector are refreshed atomically.
         const { conceptsText, factsText, textField } = buildFtsTextField(obs);
         const minhashSig = computeMinHash((obs.title || '') + ' ' + (obs.narrative || ''));
+        // Scrub LLM-output text fields at the UPDATE boundary, mirroring the
+        // INSERT path. type is an enum, importance is numeric, files_read is a
+        // JSON array (already scrubbed upstream), minhash_sig is hash bytes.
+        const safe = scrubRecord('observations', {
+          title: truncate(obs.title, 120),
+          subtitle: obs.subtitle || '',
+          narrative: truncate(obs.narrative || '', 500),
+          concepts: conceptsText,
+          facts: factsText,
+          text: textField,
+          lesson_learned: obs.lessonLearned || null,
+          search_aliases: obs.searchAliases || null,
+        });
         db.prepare(`
           UPDATE observations SET type=?, title=?, subtitle=?, narrative=?, concepts=?, facts=?,
             text=?, importance=?, files_read=?, minhash_sig=?, lesson_learned=?, search_aliases=?
           WHERE id = ?
         `).run(
-          obs.type, truncate(obs.title, 120), obs.subtitle || '',
-          truncate(obs.narrative || '', 500),
-          conceptsText, factsText, textField,
+          obs.type, safe.title, safe.subtitle,
+          safe.narrative,
+          safe.concepts, safe.facts, safe.text,
           obs.importance,
           JSON.stringify(obs.filesRead || []),
           minhashSig,
-          obs.lessonLearned || null,
-          obs.searchAliases || null,
+          safe.lesson_learned,
+          safe.search_aliases,
           episode.savedId
         );
         savedId = episode.savedId;
@@ -973,6 +1000,23 @@ ${obsList}`;
         // empty for that field. Without COALESCE, a degraded Haiku pass would erase
         // the deterministic floor — the exact regression that made 72% of prod
         // session_summaries ship with empty remaining_items.
+        //
+        // Scrub LLM-output text fields at the UPDATE boundary. lessons /
+        // key_decisions are JSON.stringify(array<string>); we scrub the JSON
+        // string here to match the sibling INSERT path. scrubSecrets uses
+        // opaque placeholders that preserve JSON structure; element-level
+        // pre-scrub remains safer in principle but would diverge from the
+        // merged INSERT contract.
+        const safe = scrubRecord('session_summaries', {
+          request: llmParsed.request || '',
+          investigated: llmParsed.investigated || '',
+          learned: llmParsed.learned || '',
+          completed: llmParsed.completed || '',
+          next_steps: llmParsed.next_steps || '',
+          remaining_items: llmParsed.remaining_items || '',
+          lessons: lessonsJson,
+          key_decisions: decisionsJson,
+        });
         db.prepare(`
           UPDATE session_summaries
           SET request = COALESCE(NULLIF(?, ''), request),
@@ -988,23 +1032,33 @@ ${obsList}`;
               created_at_epoch = ?
           WHERE id = ?
         `).run(
-          llmParsed.request || '', llmParsed.investigated || '', llmParsed.learned || '',
-          llmParsed.completed || '', llmParsed.next_steps || '',
-          llmParsed.remaining_items || '',
-          lessonsJson, decisionsJson,
+          safe.request, safe.investigated, safe.learned,
+          safe.completed, safe.next_steps,
+          safe.remaining_items,
+          safe.lessons, safe.key_decisions,
           now.toISOString(), now.getTime(),
           existingFast.id
         );
       } else {
+        const safe = scrubRecord('session_summaries', {
+          request: llmParsed.request || '',
+          investigated: llmParsed.investigated || '',
+          learned: llmParsed.learned || '',
+          completed: llmParsed.completed || '',
+          next_steps: llmParsed.next_steps || '',
+          remaining_items: llmParsed.remaining_items || '',
+          lessons: lessonsJson,
+          key_decisions: decisionsJson,
+        });
         db.prepare(`
           INSERT INTO session_summaries (memory_session_id, project, request, investigated, learned, completed, next_steps, remaining_items, files_read, files_edited, notes, lessons, key_decisions, created_at, created_at_epoch)
           VALUES (?, ?, ?, ?, ?, ?, ?, ?, '[]', '[]', '', ?, ?, ?, ?)
         `).run(
           sessionId, project,
-          llmParsed.request || '', llmParsed.investigated || '', llmParsed.learned || '',
-          llmParsed.completed || '', llmParsed.next_steps || '',
-          llmParsed.remaining_items || '',
-          lessonsJson, decisionsJson,
+          safe.request, safe.investigated, safe.learned,
+          safe.completed, safe.next_steps,
+          safe.remaining_items,
+          safe.lessons, safe.key_decisions,
           now.toISOString(), now.getTime()
         );
       }
@@ -1013,3 +1067,25 @@ ${obsList}`;
     db.close();
   }
 }
+
+// Test-only — DO NOT import outside tests/. Underscore prefix is a
+// convention; the plugin has no `main`/`exports` field so external imports
+// are blocked at the package level, but a misguided sibling import inside
+// this repo could drag this into prod by accident. If that ever needs
+// enforcing, move the helper to a tests/_helpers/ module that takes a
+// db-insert callback.
+//
+// Exercises the same scrubRecord path used by saveObservation without
+// spinning up the full LLM dispatcher. Lets the e2e leak test verify that
+// the observations INSERT path scrubs all configured text fields.
+export const __insertObservationForTest = (db, obs) => {
+  const safe = scrubRecord('observations', obs);
+  db.prepare(`INSERT INTO observations (memory_session_id, project, text, type, title, subtitle, narrative, concepts, facts, files_read, files_modified, importance, minhash_sig, lesson_learned, search_aliases, branch, created_at, created_at_epoch)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(
+    obs.session_id, obs.project, safe.text, 'change',
+    safe.title, safe.subtitle, safe.narrative,
+    safe.concepts, safe.facts, obs.files_read, obs.files_modified,
+    obs.importance, obs.minhash_sig, safe.lesson_learned, safe.search_aliases,
+    obs.branch, new Date().toISOString(), Date.now(),
+  );
+};

package/hook-optimize.mjs

@@ -11,6 +11,7 @@ import {
 } from './utils.mjs';
 import { callModelJSON } from './haiku-client.mjs';
 import { acquireLLMSlot, releaseLLMSlot } from './hook-semaphore.mjs';
+import { scrubRecord } from './lib/scrub-record.mjs';
 import { getVocabulary, computeVector, cosineSimilarity } from './tfidf.mjs';
 import { DB_DIR } from './schema.mjs';
 
@@ -159,12 +160,22 @@ search_aliases: 2-6 alternative search terms (include CJK if applicable).`;
       const textField = [conceptsText, factsText, searchAliases || '', bigramText].filter(Boolean).join(' ');
       const minhashSig = computeMinHash((title || '') + ' ' + (narrative || ''));
 
+      // Scrub LLM-output text fields at the UPDATE boundary. type is an
+      // enum, importance is numeric, minhash_sig is hash bytes.
+      const safe = scrubRecord('observations', {
+        title, narrative,
+        concepts: conceptsText,
+        facts: factsText,
+        text: textField,
+        lesson_learned: lessonLearned,
+        search_aliases: searchAliases,
+      });
       db.prepare(`
         UPDATE observations SET type=?, title=?, narrative=?, concepts=?, facts=?,
           text=?, importance=?, lesson_learned=?, search_aliases=?, minhash_sig=?, optimized_at=?
         WHERE id = ?
-      `).run(type, title, narrative, conceptsText, factsText, textField,
-        importance, lessonLearned, searchAliases, minhashSig, Date.now(), cand.id);
+      `).run(type, safe.title, safe.narrative, safe.concepts, safe.facts, safe.text,
+        importance, safe.lesson_learned, safe.search_aliases, minhashSig, Date.now(), cand.id);
 
       rebuildVector(db, cand.id, [title, narrative, conceptsText]);
 
@@ -277,7 +288,14 @@ export function applyNormalization(db, groups) {
       const existingAliases = row.search_aliases || '';
       const originalTerms = terms.filter(t => aliasMap.has(t.toLowerCase()) && aliasMap.get(t.toLowerCase()) !== t);
       const newAliases = [existingAliases, ...originalTerms].filter(Boolean).join(' ');
-      updateStmt.run(uniqueConcepts, newAliases, Date.now(), row.id);
+      // Defense-in-depth scrub. Canonical concept names come from LLM output
+      // (identifySynonymGroups via Sonnet); existing values are already
+      // scrubbed but free LLM tokens can re-introduce secret-shaped strings.
+      const safe = scrubRecord('observations', {
+        concepts: uniqueConcepts,
+        search_aliases: newAliases,
+      });
+      updateStmt.run(safe.concepts, safe.search_aliases, Date.now(), row.id);
       updated++;
     }
   }
@@ -397,13 +415,22 @@ Return ONLY valid JSON:
     const minhashSig = computeMinHash((title || '') + ' ' + (narrative || ''));
     const importance = clampImportance(parsed.importance || 2);
 
+    // Scrub LLM-output cluster-merge text fields at the UPDATE boundary.
+    // importance is numeric; minhash_sig is hash bytes.
+    const safe = scrubRecord('observations', {
+      title, narrative,
+      concepts: conceptsText,
+      facts: factsText,
+      text: textField,
+      lesson_learned: lessonLearned,
+    });
     db.transaction(() => {
       db.prepare(`
         UPDATE observations SET title=?, narrative=?, concepts=?, facts=?, text=?,
           importance=?, lesson_learned=?, minhash_sig=?, optimized_at=?
         WHERE id = ?
-      `).run(title, narrative, conceptsText, factsText, textField,
-        importance, lessonLearned, minhashSig, Date.now(), keeper.id);
+      `).run(safe.title, safe.narrative, safe.concepts, safe.facts, safe.text,
+        importance, safe.lesson_learned, minhashSig, Date.now(), keeper.id);
 
       const otherIds = others.map(o => o.id);
       const ph = otherIds.map(() => '?').join(',');
@@ -573,13 +600,24 @@ JSON: {"title":"descriptive summary ≤120 chars","narrative":"comprehensive sum
         VALUES (?,?,?,?,?,'active')`
       ).run(sessionId, sessionId, project, now.toISOString(), now.getTime());
 
+      // Defense-in-depth: title/narrative/etc. are LLM-generated compression
+      // output; scrub at the persistence boundary regardless of upstream trust.
+      const safe = scrubRecord('observations', {
+        text: textField,
+        title,
+        narrative,
+        concepts: conceptsText,
+        facts: factsText,
+        lesson_learned: lessonLearned,
+        search_aliases: searchAliases,
+      });
       const result = db.prepare(`INSERT INTO observations
         (memory_session_id, project, text, type, title, subtitle, narrative, concepts, facts,
          files_read, files_modified, importance, lesson_learned, search_aliases, optimized_at,
          created_at, created_at_epoch)
         VALUES (?,?,?,?,?,'',?,?,?,'[]','[]',2,?,?,?,?,?)`
-      ).run(sessionId, project, textField, 'discovery', title, narrative,
-        conceptsText, factsText, lessonLearned, searchAliases, Date.now(),
+      ).run(sessionId, project, safe.text, 'discovery', safe.title, safe.narrative,
+        safe.concepts, safe.facts, safe.lesson_learned, safe.search_aliases, Date.now(),
         new Date(medianEpoch).toISOString(), medianEpoch);
 
       const sId = Number(result.lastInsertRowid);

package/hook-precompact.mjs

@@ -0,0 +1,44 @@
+// claude-mem-lite: PreCompact hook handler.
+// Fires immediately before Claude Code auto-compaction begins. Emits a
+// fresh <claude-mem-context> block on stdout so the summarizer that
+// produces the compacted context has the most relevant memory in scope.
+// Differs from SessionStart-on-compact (which fires AFTER compaction):
+// PreCompact ensures memory survives the compaction step itself.
+
+import { buildSessionContextLines } from './hook-context.mjs';
+import { inferProject, debugCatch, debugLog } from './utils.mjs';
+
+/**
+ * Build + emit the memory context block on stdout. Pure read; no DB writes.
+ *
+ * @param {object} ctx
+ * @param {import('better-sqlite3').Database} ctx.db
+ * @param {string} ctx.project
+ * @param {string} [ctx.sessionId]
+ * @returns {void}
+ */
+export function handlePreCompact({ db, project, sessionId }) {
+  try {
+    const body = buildSessionContextLines(db, project, new Date(), sessionId || null);
+    if (!body || String(body).trim() === '') return;
+    process.stdout.write(`<claude-mem-context>\n${body}\n</claude-mem-context>\n`);
+  } catch (e) {
+    debugCatch(e, 'handlePreCompact');
+  }
+}
+
+/**
+ * Default-export entry for hook.mjs dispatcher. Caller passes an opened DB
+ * and the parsed stdin payload — no I/O performed inside this function
+ * beyond what handlePreCompact does.
+ *
+ * @param {import('better-sqlite3').Database} db
+ * @param {object} hookData Parsed JSON from hook stdin
+ * @returns {Promise<void>}
+ */
+export async function entry(db, hookData) {
+  const project = inferProject();
+  const sessionId = hookData?.session_id;
+  debugLog('DEBUG', 'pre-compact', `project=${project} sessionId=${sessionId || 'none'}`);
+  handlePreCompact({ db, project, sessionId });
+}

package/hook.mjs

@@ -36,6 +36,7 @@ import {
   writePendingEntry, mergePendingEntries, episodeHasSignificantContent,
 } from './hook-episode.mjs';
 import { cleanupClaudeMdLegacyBlock, buildSessionContextLines } from './hook-context.mjs';
+import { entry as preCompactEntry } from './hook-precompact.mjs';
 import {
   RUNTIME_DIR, EPISODE_BUFFER_SIZE, EPISODE_TIME_GAP_MS,
   SESSION_EXPIRY_MS, STALE_SESSION_MS, STALE_LOCK_MS,
@@ -43,6 +44,7 @@ import {
   spawnBackground, sweepOrphanEpisodeFiles,
 } from './hook-shared.mjs';
 import { handleLLMEpisode, handleLLMSummary, saveObservation, buildImmediateObservation } from './hook-llm.mjs';
+import { scrubRecord } from './lib/scrub-record.mjs';
 import { extractCitationsFromTranscript, bumpCitationAccess, computeCiteRecall } from './lib/citation-tracker.mjs';
 import { extractTailAssistantText, extractStructuredSummary } from './lib/summary-extractor.mjs';
 import { searchRelevantMemories, formatMemoryLine } from './hook-memory.mjs';
@@ -445,7 +447,10 @@ async function handleStop() {
             WHERE memory_session_id = ? AND COALESCE(compressed_into, 0) = 0
             ORDER BY created_at_epoch DESC LIMIT 5
           `).all(sessionId);
-          const fastRequest = truncate(firstPrompt?.prompt_text || '', 200);
+          // Raw values flow into scrubRecord below; truncation at .run() site
+          // so secrets straddling the boundary still match scrubSecrets's
+          // length floors.
+          const fastRequestRaw = firstPrompt?.prompt_text || '';
           const obsCompleted = recentObs.map(o => o.title).filter(Boolean).join('; ');
 
           // Structural extraction from the assistant's tail message.
@@ -473,17 +478,23 @@ async function handleStop() {
           const finalRemaining = structuredNotDone;
           const finalNotes = structuredNotes || 'fast';
 
-          if (fastRequest || finalCompleted || finalRemaining) {
+          if (fastRequestRaw || finalCompleted || finalRemaining) {
             const now = new Date();
+            const safe = scrubRecord('session_summaries', {
+              request: fastRequestRaw,
+              completed: finalCompleted,
+              remaining_items: finalRemaining,
+              notes: finalNotes,
+            });
             db.prepare(`
               INSERT INTO session_summaries
               (memory_session_id, project, request, investigated, learned, completed, next_steps, remaining_items, files_read, files_edited, notes, created_at, created_at_epoch)
               VALUES (?, ?, ?, '', '', ?, '', ?, '[]', '[]', ?, ?, ?)
             `).run(
-              sessionId, project, fastRequest,
-              truncate(finalCompleted, 600),
-              truncate(finalRemaining, 600),
-              truncate(finalNotes, 400),
+              sessionId, project, truncate(safe.request, 200),
+              truncate(safe.completed, 600),
+              truncate(safe.remaining_items, 600),
+              truncate(safe.notes, 400),
               now.toISOString(), now.getTime()
             );
           }
@@ -947,26 +958,34 @@ async function handleSessionStart() {
           ORDER BY created_at_epoch DESC LIMIT 5
         `).all(prevSessionId);
 
-        const fastRequest = truncate(firstPrompt?.prompt_text || '', 200);
-        const fastCompleted = prevObs.map(o => o.title).filter(Boolean).join('; ');
+        // Raw values flow into scrubRecord; truncation deferred to .run() so
+        // secrets straddling the truncation boundary still match scrubSecrets
+        // regex length floors.
+        const fastRequestRaw = firstPrompt?.prompt_text || '';
+        const fastCompletedRaw = prevObs.map(o => o.title).filter(Boolean).join('; ');
 
         // Infer remaining_items from handoff unfinished (already built above at line 476)
-        let fastRemaining = '';
+        let fastRemainingRaw = '';
         if (prevClearHandoff?.unfinished) {
-          fastRemaining = truncate(extractUnfinishedSummary(prevClearHandoff.unfinished, 0), 200);
+          fastRemainingRaw = extractUnfinishedSummary(prevClearHandoff.unfinished, 0);
         }
         // Fallback: episode errors
-        if (!fastRemaining && episodeSnapshot?.entries) {
+        if (!fastRemainingRaw && episodeSnapshot?.entries) {
           const errors = episodeSnapshot.entries.filter(e => e.isError).map(e => e.desc).filter(Boolean);
-          if (errors.length > 0) fastRemaining = truncate(errors.join('; '), 200);
+          if (errors.length > 0) fastRemainingRaw = errors.join('; ');
         }
 
-        if (fastRequest || fastCompleted) {
+        if (fastRequestRaw || fastCompletedRaw) {
+          const safe = scrubRecord('session_summaries', {
+            request: fastRequestRaw,
+            completed: fastCompletedRaw,
+            remaining_items: fastRemainingRaw,
+          });
           db.prepare(`
             INSERT INTO session_summaries
             (memory_session_id, project, request, investigated, learned, completed, next_steps, remaining_items, files_read, files_edited, notes, created_at, created_at_epoch)
             VALUES (?, ?, ?, '', '', ?, '', ?, '[]', '[]', 'fast', ?, ?)
-          `).run(prevSessionId, prevProject || project, fastRequest, truncate(fastCompleted, 300), fastRemaining, now.toISOString(), now.getTime());
+          `).run(prevSessionId, prevProject || project, truncate(safe.request, 200), truncate(safe.completed, 300), truncate(safe.remaining_items, 200), now.toISOString(), now.getTime());
         }
       } catch (e) { debugCatch(e, 'session-start-fast-summary'); }
     }
@@ -1023,14 +1042,20 @@ async function handleSessionStart() {
               ORDER BY created_at_epoch DESC LIMIT 5
             `).all(recentSession.content_session_id);
 
-            const fr = truncate(fp?.prompt_text || '', 200);
-            const fc = po.map(o => o.title).filter(Boolean).join('; ');
-            if (fr || fc) {
+            // Raw values into scrubRecord; truncation at .run() preserves
+            // straddling-secret detection (per privacy review).
+            const frRaw = fp?.prompt_text || '';
+            const fcRaw = po.map(o => o.title).filter(Boolean).join('; ');
+            if (frRaw || fcRaw) {
+              const safe = scrubRecord('session_summaries', {
+                request: frRaw,
+                completed: fcRaw,
+              });
               db.prepare(`
                 INSERT INTO session_summaries
                 (memory_session_id, project, request, investigated, learned, completed, next_steps, remaining_items, files_read, files_edited, notes, created_at, created_at_epoch)
                 VALUES (?, ?, ?, '', '', ?, '', '', '[]', '[]', 'fast', ?, ?)
-              `).run(recentSession.content_session_id, project, fr, truncate(fc, 300), now.toISOString(), now.getTime());
+              `).run(recentSession.content_session_id, project, truncate(safe.request, 200), truncate(safe.completed, 300), now.toISOString(), now.getTime());
             }
           }
         }
@@ -1103,6 +1128,28 @@ async function handleSessionStart() {
   }
 }
 
+// ─── PreCompact Handler ──────────────────────────────────────────────────────
+// Fires immediately before Claude Code auto-compaction begins. Re-emits the
+// memory context block on stdout so the summarizer sees it during compaction.
+// SessionStart's "compact" matcher fires AFTER compaction — by then the
+// previous-turn injection has already been collapsed. Pure read; no DB writes.
+
+async function handlePreCompactDispatch() {
+  let hookData = {};
+  try {
+    const raw = await readStdin();
+    hookData = JSON.parse(raw.text);
+  } catch { /* stdin unavailable — emit anyway with whatever we can infer */ }
+
+  const db = openDb();
+  if (!db) return;
+  try {
+    await preCompactEntry(db, hookData);
+  } finally {
+    try { db.close(); } catch {}
+  }
+}
+
 // ─── UserPromptSubmit Handler ────────────────────────────────────────────────
 
 async function handleUserPrompt() {
@@ -1272,11 +1319,15 @@ function handleAutoCompress() {
         (content_session_id, memory_session_id, project, started_at, started_at_epoch, status)
         VALUES (?,?,?,?,?,'active')`
       ).run(sessionId, sessionId, proj, now.toISOString(), now.getTime());
+      // Defense-in-depth: title/narrative are derived from already-stored
+      // obs.title, but those rows pre-date the central scrub policy in some
+      // cases. Re-scrub at the persistence boundary.
+      const safe = scrubRecord('observations', { text: narrative, title, narrative });
       const summaryResult = db.prepare(`INSERT INTO observations
         (memory_session_id, project, text, type, title, subtitle, narrative, concepts, facts,
          files_read, files_modified, importance, created_at, created_at_epoch)
         VALUES (?,?,?,?,?,'',?,'','','[]','[]',2,?,?)`
-      ).run(sessionId, proj, narrative, dominantType, title, narrative, new Date(medianEpoch).toISOString(), medianEpoch);
+      ).run(sessionId, proj, safe.text, dominantType, safe.title, safe.narrative, new Date(medianEpoch).toISOString(), medianEpoch);
       const summaryId = Number(summaryResult.lastInsertRowid);
       const obsIds = obs.map(o => o.id);
       db.prepare(`UPDATE observations SET compressed_into = ? WHERE id IN (${obsIds.map(() => '?').join(',')})`)
@@ -1366,6 +1417,7 @@ try {
   switch (event) {
     case 'post-tool-use':    await handlePostToolUse(); break;
     case 'session-start':    await handleSessionStart(); break;
+    case 'pre-compact':      await handlePreCompactDispatch(); break;
     case 'stop':             await handleStop(); break;
     case 'user-prompt':      await handleUserPrompt(); break;
     case 'llm-episode':      await handleLLMEpisode(); break;

package/hooks/hooks.json

@@ -18,6 +18,18 @@
         ]
       }
     ],
+    "PreCompact": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hook.mjs\" pre-compact",
+            "timeout": 5
+          }
+        ]
+      }
+    ],
     "PreToolUse": [
       {
         "matcher": "Edit|Write|NotebookEdit|Read",

package/lib/import-jsonl.mjs

@@ -0,0 +1,225 @@
+// claude-mem-lite: import a Claude Code JSONL transcript file into the
+// memory DB. One transcript ≈ one Claude Code session; we map:
+//   user line       -> user_prompts row
+//   tool_use+result -> observations row (matched by tool_use_id)
+//   anything else   -> ignored
+//
+// Idempotent: re-running on the same file does not duplicate. Dedup keys
+// are derived from full SHA-256 of the joined components. \x1f (ASCII unit
+// separator) as join glue so adjacent components can't collide via inputs
+// containing the separator. Truncating prompt_text would collapse rapid
+// same-session "yes / next / 继续" replies into one observation.
+//
+// Orphan tool_use (truncated transcript: tool_use without matching
+// tool_result) gets a fallback observation marked '[tool_use without
+// result — transcript truncated]' so retrieval surfaces the truncation.
+
+import { readFileSync, statSync } from 'fs';
+import { createHash } from 'crypto';
+import { scrubSecrets } from '../secret-scrub.mjs';
+import { scrubRecord } from './scrub-record.mjs';
+
+const TOOL_TO_TYPE = {
+  Edit: 'change', Write: 'change', NotebookEdit: 'change',
+  Read: 'discovery', Grep: 'discovery', Glob: 'discovery',
+  Bash: 'change', Task: 'discovery', Agent: 'discovery',
+  Skill: 'discovery', WebFetch: 'discovery', WebSearch: 'discovery',
+};
+
+function dedupKey(parts) {
+  return createHash('sha256').update(parts.join('\x1f')).digest('hex');
+}
+
+function parseLine(line) {
+  try { return JSON.parse(line); } catch { return null; }
+}
+
+function ensureSession(db, sessionId, project, ts) {
+  db.prepare(`
+    INSERT OR IGNORE INTO sdk_sessions
+      (content_session_id, memory_session_id, project, started_at, started_at_epoch, status)
+    VALUES (?, ?, ?, ?, ?, 'completed')
+  `).run(sessionId, sessionId, project, ts, Date.parse(ts) || Date.now());
+}
+
+function importPrompt(db, ev, project, seenPrompts) {
+  const text = typeof ev?.message?.content === 'string'
+    ? ev.message.content
+    : (Array.isArray(ev?.message?.content)
+        ? ev.message.content.filter(c => c?.type === 'text').map(c => c.text).join('\n')
+        : '');
+  if (!text) return false;
+  const sessionId = ev.sessionId || 'imported';
+  const ts = ev.timestamp || new Date().toISOString();
+  const safe = scrubSecrets(text.slice(0, 10000));
+  // Dedup key uses the scrubbed text so a re-run computes the same key as the
+  // first run (which persisted the scrubbed text). Keying on raw input would
+  // make idempotency fragile if the scrub policy changes.
+  const key = dedupKey([sessionId, ts, safe]);
+  if (seenPrompts.has(key)) return false;
+  seenPrompts.add(key);
+
+  ensureSession(db, sessionId, project, ts);
+  const bumped = db.prepare(
+    'UPDATE sdk_sessions SET prompt_counter = COALESCE(prompt_counter, 0) + 1 WHERE content_session_id = ? RETURNING prompt_counter'
+  ).get(sessionId);
+  const promptNumber = bumped?.prompt_counter || 1;
+
+  db.prepare(`
+    INSERT OR IGNORE INTO user_prompts
+      (content_session_id, prompt_text, prompt_number, created_at, created_at_epoch)
+    VALUES (?, ?, ?, ?, ?)
+  `).run(sessionId, safe, promptNumber, ts, Date.parse(ts) || Date.now());
+  return true;
+}
+
+function importToolPair(db, toolUse, toolResult, project) {
+  const sessionId = toolUse.sessionId || 'imported';
+  const ts = toolUse.timestamp || new Date().toISOString();
+  ensureSession(db, sessionId, project, ts);
+
+  const toolName = toolUse.name || 'unknown';
+  const type = TOOL_TO_TYPE[toolName] || 'change';
+  const inputJson = typeof toolUse.input === 'object'
+    ? JSON.stringify(toolUse.input).slice(0, 4000)
+    : String(toolUse.input ?? '').slice(0, 4000);
+  const resultText = typeof toolResult?.content === 'string'
+    ? toolResult.content
+    : JSON.stringify(toolResult?.content ?? '').slice(0, 4000);
+
+  const filesModified = (toolName === 'Edit' || toolName === 'Write' || toolName === 'NotebookEdit')
+    && toolUse.input?.file_path
+      ? [toolUse.input.file_path] : [];
+  const filesRead = toolName === 'Read' && toolUse.input?.file_path
+      ? [toolUse.input.file_path] : [];
+
+  const safe = scrubRecord('observations', {
+    title: `${toolName}: ${(toolUse.input?.command || toolUse.input?.file_path || '').slice(0, 80)}`,
+    subtitle: '',
+    text: `${inputJson}\n---\n${resultText}`,
+    narrative: '',
+    concepts: '',
+    facts: '',
+    lesson_learned: null,
+    search_aliases: null,
+  });
+
+  db.prepare(`
+    INSERT INTO observations
+      (memory_session_id, project, text, type, title, subtitle, narrative, concepts, facts, files_read, files_modified, importance, created_at, created_at_epoch)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(
+    sessionId, project, safe.text, type, safe.title, safe.subtitle,
+    safe.narrative, safe.concepts, safe.facts,
+    JSON.stringify(filesRead), JSON.stringify(filesModified),
+    1, ts, Date.parse(ts) || Date.now(),
+  );
+  return true;
+}
+
+/**
+ * Import a single Claude Code JSONL transcript into the DB.
+ *
+ * @param {import('better-sqlite3').Database} db
+ * @param {string} path  Absolute path to the .jsonl file
+ * @param {{project: string}} opts
+ * @returns {Promise<{prompts:number, observations:number, skipped:number, orphans:number}>}
+ */
+export async function importJsonl(db, path, { project }) {
+  statSync(path);
+  const lines = readFileSync(path, 'utf8').split('\n');
+  const seenPrompts = new Set();
+  const seenObs = new Set();
+  // Pre-seed dedup sets from existing rows so a second run on the same file
+  // is a no-op even when the in-memory `seen*` Sets start empty.
+  for (const r of db.prepare('SELECT content_session_id, prompt_text, created_at FROM user_prompts').all()) {
+    seenPrompts.add(dedupKey([r.content_session_id, r.created_at, r.prompt_text]));
+  }
+  // Observations carry no tool_use_id column, so the only durable dedup
+  // signal we have is the per-process `seenObs` Set inside one importJsonl
+  // call. Across calls we rely on the second importToolPair attempting an
+  // INSERT that would land — we guard re-runs by also checking for an
+  // existing (memory_session_id, created_at, title) match below.
+  //
+  // Dual-key layering: `seenObs` tracks the `existing:<title>:<ts>` form
+  // (cross-call idempotency, seeded from the DB). Per-call dedup uses
+  // `seenToolUseIds` keyed on `(sessionId, tool_use_id)` at the gate. The
+  // two key shapes never share a value — both checks must run.
+  for (const r of db.prepare('SELECT memory_session_id, title, created_at FROM observations').all()) {
+    // Use the stored title as a stand-in for tool_use_id when the prior run
+    // came from this importer. Title format `${toolName}: ${command|path}` is
+    // stable across re-runs of the same fixture.
+    seenObs.add(dedupKey([r.memory_session_id, `existing:${r.title}:${r.created_at}`]));
+  }
+
+  const pendingToolUse = new Map();
+  let prompts = 0, observations = 0, skipped = 0;
+
+  // Snapshot importToolPair so we can wrap it with a per-run uniqueness
+  // check that hits both in-call and cross-call dedup. (Inline because we
+  // only need it in this function.)
+  const seenToolUseIds = new Set();
+  const tryImportToolPair = (useEv, resultEv) => {
+    const sessionId = useEv.sessionId || 'imported';
+    const useId = useEv.tool_use_id || useEv.id || '';
+    const callKey = dedupKey([sessionId, useId]);
+    if (seenToolUseIds.has(callKey)) return false;
+    seenToolUseIds.add(callKey);
+
+    // Cross-call dedup: synthesize the title the previous run would have
+    // written and check the seenObs set seeded from the DB.
+    const toolName = useEv.name || 'unknown';
+    const titlePreview = `${toolName}: ${(useEv.input?.command || useEv.input?.file_path || '').slice(0, 80)}`;
+    const ts = useEv.timestamp || new Date().toISOString();
+    const crossKey = dedupKey([sessionId, `existing:${titlePreview}:${ts}`]);
+    if (seenObs.has(crossKey)) return false;
+
+    return importToolPair(db, useEv, resultEv, project);
+  };
+
+  const tx = db.transaction(() => {
+    for (const line of lines) {
+      if (!line.trim()) continue;
+      const ev = parseLine(line);
+      if (!ev) { skipped++; continue; }
+      if (ev.type === 'user') {
+        if (importPrompt(db, ev, project, seenPrompts)) prompts++; else skipped++;
+      } else if (ev.type === 'assistant' && Array.isArray(ev.message?.content)) {
+        for (const part of ev.message.content) {
+          if (part.type === 'tool_use') {
+            pendingToolUse.set(part.id, { ...ev, ...part });
+          }
+        }
+      } else if (ev.type === 'tool_result') {
+        const useEv = pendingToolUse.get(ev.tool_use_id);
+        if (useEv) {
+          if (tryImportToolPair(useEv, ev)) observations++;
+          pendingToolUse.delete(ev.tool_use_id);
+        } else {
+          skipped++;
+        }
+      } else {
+        skipped++;
+      }
+    }
+  });
+  tx();
+
+  // Orphan tool_use fallback: persist tool_use events that never paired with
+  // a tool_result (truncated transcript / killed Claude Code session).
+  let orphans = 0;
+  if (pendingToolUse.size > 0) {
+    const tx2 = db.transaction(() => {
+      for (const [, useEv] of pendingToolUse) {
+        const fauxResult = {
+          content: '[tool_use without result — transcript truncated]',
+          timestamp: useEv.timestamp,
+        };
+        if (tryImportToolPair(useEv, fauxResult)) orphans++;
+      }
+    });
+    tx2();
+  }
+
+  return { prompts, observations, skipped, orphans };
+}

package/lib/scrub-record.mjs

@@ -0,0 +1,63 @@
+// claude-mem-lite: per-table scrub helper. Applies scrubSecrets to the known
+// text fields of a table row. Numeric / JSON-blob / id fields are passed
+// through untouched.
+//
+// Failsafe policy: when the table is unknown, scrub every string field by
+// default. Newly added tables stay safe even before TEXT_FIELDS_BY_TABLE is
+// updated — over-scrubbing is the safe direction; under-scrubbing leaks.
+//
+// JSON-stringified array fields (e.g. session_handoffs.key_files,
+// session_handoffs.match_keywords-when-array) are NOT listed here — running
+// scrubSecrets over the JSON string can rewrite quoted values and break
+// downstream JSON.parse. Pre-scrub each element upstream of the
+// JSON.stringify call instead.
+
+import { scrubSecrets } from '../secret-scrub.mjs';
+
+export const TEXT_FIELDS_BY_TABLE = {
+  observations: [
+    'title', 'subtitle', 'text', 'narrative',
+    'concepts', 'facts', 'lesson_learned', 'search_aliases',
+  ],
+  session_summaries: [
+    'request', 'investigated', 'learned',
+    'completed', 'next_steps', 'remaining_items', 'notes',
+    'lessons', 'key_decisions',
+  ],
+  session_handoffs: [
+    'working_on', 'completed', 'unfinished',
+    // Excluded:
+    //   key_files       — JSON.stringify(array); pre-scrub elements at call site
+    //   match_keywords  — currently a space-joined plain string; keeping it
+    //                     here would scrub safely, but the value is built from
+    //                     tokenizeHandoff() output (alphanumeric tokens only),
+    //                     so secrets cannot survive the upstream tokenizer.
+    //                     Excluded to avoid double-work + future-proof against
+    //                     a refactor that switches to JSON.stringify.
+    // key_decisions is kept: call site uses '\n'.join (plain string), and
+    // decision titles can carry secrets verbatim (LLM output).
+    'key_decisions',
+  ],
+};
+
+/**
+ * Scrub the text fields of a record before INSERT.
+ * Returns a shallow copy with string text-fields scrubbed; the input object
+ * is left untouched. Non-string values (numbers, null, JSON blobs the caller
+ * has already stringified) flow through unchanged.
+ */
+export function scrubRecord(table, row) {
+  if (!row || typeof row !== 'object') return row;
+  const fields = TEXT_FIELDS_BY_TABLE[table];
+  const out = { ...row };
+  if (fields) {
+    for (const f of fields) {
+      if (typeof out[f] === 'string') out[f] = scrubSecrets(out[f]);
+    }
+  } else {
+    for (const k of Object.keys(out)) {
+      if (typeof out[k] === 'string') out[k] = scrubSecrets(out[k]);
+    }
+  }
+  return out;
+}

package/mem-cli.mjs

@@ -14,6 +14,7 @@ import { autoBoostIfNeeded, reRankWithContext, markSuperseded } from './server-i
 import { searchObservationsHybrid, findFtsAnchor } from './search-engine.mjs';
 import { ensureRegistryDb, upsertResource } from './registry.mjs';
 import { searchResources } from './registry-retriever.mjs';
+import { scrubRecord } from './lib/scrub-record.mjs';
 import { optimizePreview, optimizeRun } from './hook-optimize.mjs';
 import { buildSessionContextLines } from './hook-context.mjs';
 import { cmdAdopt, cmdUnadopt } from './adopt-cli.mjs';
@@ -1765,8 +1766,11 @@ function cmdCompress(db, args) {
         VALUES (?, ?, ?, ?, ?, 'active')
       `).run(sessionId, sessionId, proj, now.toISOString(), now.getTime());
 
+      // Defense-in-depth: source rows already scrubbed at original ingest, but
+      // the new compressed narrative is constructed here and re-persisted.
+      const safe = scrubRecord('observations', { text: narrative, title, narrative });
       const summaryResult = insertSummary.run(
-        sessionId, proj, narrative, dominantType, title, narrative,
+        sessionId, proj, safe.text, dominantType, safe.title, safe.narrative,
         medianDate.toISOString(), medianEpoch
       );
       const summaryId = Number(summaryResult.lastInsertRowid);
@@ -2414,6 +2418,9 @@ Commands:
     remove              Remove resource --name N --resource-type T
     reindex             Rebuild FTS5 index
 
+  import-jsonl <file-or-dir>      Import Claude Code JSONL transcripts (cold-start backfill)
+    --project P         Project name (default: inferred from cwd)
+
   activity <action>     Non-memdir event log (v2.31) — bugfix/lesson/bug/discovery/etc.
     save --type T "<title>" [--body "<text>"] [--files f1,f2] [--file path] [--importance 1-3] [--project P]
     search "<query>"    Search events [--type T] [--limit N] [--project P]
@@ -2499,6 +2506,57 @@ async function cmdImport(argv) {
   }
 }
 
+// ─── Import (Claude Code JSONL transcript — cold-start backfill) ─────────────
+
+async function cmdImportJsonl(db, argv) {
+  const { positional, flags } = parseArgs(argv);
+  const target = positional[0];
+  if (!target) {
+    fail('[mem] Usage: claude-mem-lite import-jsonl <file-or-dir> [--project <name>]');
+    return;
+  }
+
+  const project = flags.project || inferProject();
+  const fs = await import('fs');
+  const { join: pjoin, resolve } = await import('path');
+  const abs = resolve(target);
+
+  let files = [];
+  let st;
+  try { st = fs.statSync(abs); }
+  catch (e) { fail(`[mem] Cannot stat ${abs}: ${e.message}`); return; }
+
+  if (st.isDirectory()) {
+    const walk = (dir) => {
+      for (const e of fs.readdirSync(dir, { withFileTypes: true })) {
+        const p = pjoin(dir, e.name);
+        if (e.isDirectory()) walk(p);
+        else if (e.isFile() && p.endsWith('.jsonl')) files.push(p);
+      }
+    };
+    walk(abs);
+  } else {
+    files = [abs];
+  }
+
+  if (files.length === 0) { out('[mem] No .jsonl files found.'); return; }
+
+  const { importJsonl } = await import('./lib/import-jsonl.mjs');
+  let totalPrompts = 0, totalObs = 0, totalSkip = 0, totalOrphans = 0;
+  for (const f of files) {
+    const r = await importJsonl(db, f, { project });
+    totalPrompts += r.prompts;
+    totalObs += r.observations;
+    totalSkip += r.skipped;
+    totalOrphans += r.orphans || 0;
+    out(`[mem] ${f}: +${r.prompts} prompts, +${r.observations} observations, ${r.orphans || 0} orphan tool_use, ${r.skipped} skipped`);
+  }
+  out(`[mem] Total: ${totalPrompts} prompts, ${totalObs} observations, ${totalOrphans} orphan tool_use, ${totalSkip} skipped from ${files.length} file(s).`);
+  if (totalPrompts > 0 || totalObs > 0) {
+    out(`[mem] Try: claude-mem-lite recent 5 --project ${project}`);
+  }
+}
+
 // ─── Enrich ─────────────────────────────────────────────────────────────────
 
 async function cmdEnrich(argv) {
@@ -2682,6 +2740,7 @@ export async function run(argv) {
       case 'browse':    cmdBrowse(db, cmdArgs); break;
       case 'registry':  cmdRegistry(db, cmdArgs); break;
       case 'import':    await cmdImport(cmdArgs); break;
+      case 'import-jsonl': await cmdImportJsonl(db, cmdArgs); break;
       case 'enrich':    await cmdEnrich(cmdArgs); break;
       case 'doctor':    await cmdDoctor(db, cmdArgs); break;
       case 'activity':  await cmdActivity(db, cmdArgs); break;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-mem-lite",
-  "version": "2.70.0",
+  "version": "2.71.0",
   "description": "Lightweight persistent memory system for Claude Code",
   "type": "module",
   "packageManager": "npm@10.9.2",
@@ -39,6 +39,7 @@
     "hook-handoff.mjs",
     "hook-update.mjs",
     "hook-optimize.mjs",
+    "hook-precompact.mjs",
     "plugin-cache-guard.mjs",
     "memdir.mjs",
     "adopt-content.mjs",
@@ -64,6 +65,8 @@
     "lib/save-observation.mjs",
     "lib/deferred-work.mjs",
     "lib/upgrade-banner.mjs",
+    "lib/scrub-record.mjs",
+    "lib/import-jsonl.mjs",
     "cli/common.mjs",
     "cli/fts-check.mjs",
     "cli/doctor.mjs",

package/server.mjs

@@ -11,6 +11,7 @@ import { resolveProject as _resolveProjectShared } from './project-utils.mjs';
 import { ensureDb, DB_PATH, REGISTRY_DB_PATH } from './schema.mjs';
 import { reRankWithContext, markSuperseded, autoBoostIfNeeded, runIdleCleanup, buildServerInstructions } from './server-internals.mjs';
 import { searchObservationsHybrid, findFtsAnchor } from './search-engine.mjs';
+import { scrubRecord } from './lib/scrub-record.mjs';
 import { effectiveQuiet } from './hook-shared.mjs';
 import { computeTier, TIER_CASE_SQL, tierSqlParams } from './tier.mjs';
 import { memSearchSchema, memRecentSchema, memTimelineSchema, memGetSchema, memDeleteSchema, memSaveSchema, memStatsSchema, memCompressSchema, memMaintainSchema, memOptimizeSchema, memUpdateSchema, memExportSchema, memRecallSchema, memFtsCheckSchema, memRegistrySchema, memBrowseSchema, memUseSchema, memDeferSchema, memDeferListSchema, memDeferDropSchema, tools as TOOL_DEFS } from './tool-schemas.mjs';
@@ -1248,8 +1249,11 @@ server.registerTool(
           VALUES (?, ?, ?, ?, ?, 'active')
         `).run(sessionId, sessionId, proj, now.toISOString(), now.getTime());
 
+        // Defense-in-depth: source rows already scrubbed at original ingest,
+        // but the new compressed narrative is constructed here and re-persisted.
+        const safe = scrubRecord('observations', { text: narrative, title, narrative });
         const summaryResult = insertSummary.run(
-          sessionId, proj, narrative, dominantType, title, narrative,
+          sessionId, proj, safe.text, dominantType, safe.title, safe.narrative,
           medianDate.toISOString(), medianEpoch
         );
         const summaryId = Number(summaryResult.lastInsertRowid);

package/source-files.mjs

@@ -9,7 +9,7 @@ export const SOURCE_FILES = [
   'cli.mjs', 'server.mjs', 'server-internals.mjs', 'search-engine.mjs', 'tool-schemas.mjs',
   'hook.mjs', 'hook-shared.mjs', 'hook-llm.mjs', 'hook-memory.mjs', 'skip-tools.mjs',
   'hook-semaphore.mjs', 'hook-episode.mjs', 'hook-context.mjs', 'hook-handoff.mjs',
-  'hook-update.mjs', 'hook-optimize.mjs',
+  'hook-update.mjs', 'hook-optimize.mjs', 'hook-precompact.mjs',
   'plugin-cache-guard.mjs',
   'haiku-client.mjs', 'utils.mjs', 'schema.mjs',
   'package.json', 'package-lock.json', 'skill.md',
@@ -70,6 +70,15 @@ export const SOURCE_FILES = [
   // module-level `process.exit(0)` side effects that abort vitest workers on
   // direct import. Statically imported by hook.mjs SessionStart handler.
   'lib/upgrade-banner.mjs',
+  // Per-table scrub helper for defense-in-depth at text-write INSERT paths.
+  // Statically imported by hook-llm, hook-handoff, hook-optimize, hook,
+  // mem-cli; reached transitively from server.mjs and cli.mjs.
+  'lib/scrub-record.mjs',
+  // Cold-start backfill: parses ~/.claude/projects/<encoded>/<uuid>.jsonl
+  // transcripts into user_prompts + observations. Dynamic-imported by
+  // mem-cli.mjs::cmdImportJsonl; listed here so source-files-sync.test.mjs
+  // and the npm tarball ship it on every release.
+  'lib/import-jsonl.mjs',
 ];
 
 /**