claude-mem-lite 2.92.0 → 2.94.0

package/.claude-plugin/marketplace.json

@@ -10,7 +10,7 @@
   "plugins": [
     {
       "name": "claude-mem-lite",
-      "version": "2.92.0",
+      "version": "2.94.0",
       "source": "./",
       "description": "Persistent long-term memory for Claude Code via MCP — captures coding decisions, bugfixes, and context across sessions. Hybrid FTS5 + TF-IDF search with episode batching. Single SQLite DB, no external services. A lighter, lower-cost alternative to claude-mem (episode batching + a smaller model; cost savings are an internal estimate, not a measured benchmark)."
     }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-mem-lite",
-  "version": "2.92.0",
+  "version": "2.94.0",
   "description": "Persistent long-term memory for Claude Code via MCP — captures coding decisions, bugfixes, and context across sessions. Hybrid FTS5 + TF-IDF search with episode batching. Single SQLite DB, no external services. A lighter, lower-cost alternative to claude-mem (episode batching + a smaller model; cost savings are an internal estimate, not a measured benchmark).",
   "author": {
     "name": "sdsrss"

package/adopt-cli.mjs

@@ -15,7 +15,7 @@ import { join } from 'path';
 import {
   memdirPath, writePluginSection, removePluginSection,
   writePluginDoc, removePluginDoc,
-  isAdopted, readMemoryIndex,
+  isAdopted, hasPluginState, readMemoryIndex,
   UserEditedError, BudgetExceededError,
 } from './memdir.mjs';
 import {
@@ -325,6 +325,7 @@ export function cmdUnadopt(args = []) {
 
   const all = hasFlag(args, '--all');
   const dryRun = hasFlag(args, '--dry-run');
+  const force = hasFlag(args, '--force');
   const targets = all
     ? listAllMemdirs().map((m) => m.memdir)
     : [memdirPath(detectCwd())];
@@ -334,23 +335,32 @@ export function cmdUnadopt(args = []) {
     return;
   }
 
-  let removed = 0, absent = 0;
+  let removed = 0, absent = 0, skipped = 0;
   for (const memdir of targets) {
     if (dryRun) {
-      const adopted = isAdopted(memdir, PLUGIN_SLUG);
-      const action = adopted ? 'would-remove' : 'absent';
+      // Mirror the live foreign-content guard: a sentinel with no state sidecar would be
+      // skipped (not removed) unless --force, so dry-run must report it the same way.
+      const action = !isAdopted(memdir, PLUGIN_SLUG) ? 'absent'
+        : (hasPluginState(memdir, PLUGIN_SLUG) || force) ? 'would-remove'
+          : 'would-skip-foreign';
       log(`[unadopt --dry-run] ${memdir} → ${action}`);
-      if (adopted) removed++; else absent++;
+      if (action === 'would-remove') removed++;
+      else if (action === 'would-skip-foreign') skipped++;
+      else absent++;
       continue;
     }
-    const r = removePluginSection(memdir, PLUGIN_SLUG);
-    removePluginDoc(memdir, PLUGIN_SLUG);
-    if (r.action === 'removed') removed++;
+    const r = removePluginSection(memdir, PLUGIN_SLUG, { force });
+    if (r.action === 'removed') { removePluginDoc(memdir, PLUGIN_SLUG); removed++; }
+    else if (r.action === 'skipped-foreign') skipped++;
     else absent++;
     log(`[unadopt] ${memdir} → ${r.action}`);
   }
 
+  if (skipped > 0) {
+    log('[unadopt] skipped-foreign = a sentinel block with no plugin state file (not proven plugin-written).');
+    log('[unadopt] pass --force to remove it anyway.');
+  }
   log('');
   const verb = dryRun ? 'would remove' : 'removed';
-  log(`[unadopt${dryRun ? ' --dry-run' : ''}] ${targets.length} target(s): ${removed} ${verb}, ${absent} absent`);
+  log(`[unadopt${dryRun ? ' --dry-run' : ''}] ${targets.length} target(s): ${removed} ${verb}, ${skipped} skipped-foreign, ${absent} absent`);
 }

package/bash-utils.mjs

@@ -3,6 +3,38 @@
 
 import { basename } from 'path';
 
+// Read/search commands whose output legitimately contains "error"-like keywords without
+// being a failure. Matched against the PRIMARY command (see isReadOnlyCommand).
+const SEARCH_VERBS = new Set([
+  'grep', 'rg', 'ag', 'ack', 'cat', 'head', 'tail', 'less', 'more', 'find', 'locate', 'wc', 'file', 'which', 'type',
+]);
+// Command prefixes that wrap the real command (env-assignments handled separately).
+const CMD_WRAPPERS = new Set(['sudo', 'doas', 'env', 'time', 'command', 'nice', 'nohup', 'stdbuf', 'xargs']);
+// git read subcommands whose output contains commit/log/match text, not failures.
+const GIT_READ_SUBCMDS = new Set(['grep', 'log', 'show', 'diff', 'blame', 'ls-files', 'cat-file', 'whatchanged', 'shortlog', 'reflog', 'status']);
+
+// True when the command's PRIMARY operation (left of the first pipe, past any
+// env-assignments / wrapper like `sudo`/`env`/`time`) is a read/search — including
+// `git grep`/`git log`. Anchoring on the primary command (not "search verb appears
+// anywhere") is what lets `npm run build 2>&1 | tail` stay an error while `sudo grep`,
+// `git grep`, `cat f | head` are correctly exempt.
+function isReadOnlyCommand(cmd) {
+  const primary = cmd.split('|')[0];
+  const toks = primary.trim().split(/\s+/).filter(Boolean);
+  let i = 0;
+  while (i < toks.length && (/^\w+=/.test(toks[i]) || CMD_WRAPPERS.has(toks[i]))) i++;
+  const first = toks[i];
+  if (!first) return false;
+  if (SEARCH_VERBS.has(first)) return true;
+  return first === 'git' && GIT_READ_SUBCMDS.has(toks[i + 1]);
+}
+
+// Paths excluded from observation capture (ephemeral / virtual filesystems) — applied
+// uniformly to both command-parsed paths and direct file_path/path/filePath fields.
+function isExcludedPath(p) {
+  return p.startsWith('/dev/') || p.startsWith('/proc/') || p.startsWith('/tmp/');
+}
+
 /**
  * Detect significance signals in a Bash command and its response.
  * Checks for errors, test runs, builds, git operations, and deployments.
@@ -12,9 +44,12 @@ import { basename } from 'path';
  */
 export function detectBashSignificance(input, response) {
   const cmd = (input.command || '').toLowerCase();
-  // Skip error keyword matching when the command is a read/search operation
-  // (grep output naturally contains matched keywords like "error")
-  const isSearchCmd = /\b(grep|rg|ag|ack|cat|head|tail|less|more|find|locate|wc|file|which|type)\b/i.test(cmd);
+  // Skip error keyword matching only when the PRIMARY command is a read/search op (its
+  // output naturally contains "error"-like keywords that aren't failures). Anchored on the
+  // primary command — NOT "search verb appears anywhere" — so `npm run build 2>&1 | tail`
+  // stays a real failure while `sudo grep`, `git grep`, `git log --grep`, `cat f | head`
+  // remain exempt and `run-cat-tests` doesn't trip a substring match.
+  const isSearchCmd = isReadOnlyCommand(cmd);
   const looksLikeError = !isSearchCmd
     && /\berror\b|\bERR!|fail(ed|ure)?|exception|panic|traceback|errno|enoent|command not found/i.test(response)
     && response.length > 15;
@@ -38,7 +73,9 @@ export function detectBashSignificance(input, response) {
   const isTest = /\b(npm\s+test|npm\s+run\s+test|yarn\s+test|pnpm\s+test|pnpm\s+run\s+test|bun\s+test|go\s+test|cargo\s+test)\b/i.test(cmd)
     || /\b(jest|pytest|vitest|mocha|cypress|playwright)\b/i.test(cmd);
   const isBuild = /\b(build|compile|tsc|webpack|vite|rollup|esbuild|make|cargo)\b/i.test(cmd);
-  const isGit = /\bgit\s+(commit|merge|rebase|cherry-pick|push)\b/i.test(cmd);
+  // Allow intervening global git options (`-C <path>`, `-c k=v`, `--no-pager`, …) between
+  // `git` and the subcommand — `git -C /repo push` is the standard multi-repo/scripted form.
+  const isGit = /\bgit\s+(?:(?:-[cC]\s+\S+|--?[\w-]+(?:=\S+)?)\s+)*(commit|merge|rebase|cherry-pick|push)\b/i.test(cmd);
   const isDeploy = /\b(deploy|docker|kubectl|terraform)\b/i.test(cmd);
   return {
     isError, isTest, isBuild, isGit, isDeploy,
@@ -92,6 +129,9 @@ export function extractErrorKeywords(cmd, response) {
  */
 export function extractFilePaths(input) {
   const paths = [];
+  // Direct fields (Edit/Write file_path) are kept unconditionally — an explicit edit to a
+  // /tmp path is real work the user chose to make, unlike a /tmp path that merely appears as
+  // a transient argument inside a Bash command (excluded as noise in the command branch below).
   if (input.file_path) paths.push(input.file_path);
   if (input.path) paths.push(input.path);
   if (input.filePath) paths.push(input.filePath);
@@ -101,7 +141,7 @@ export function extractFilePaths(input) {
     if (match) {
       for (const m of match) {
         const p = m.trim();
-        if (!p.startsWith('/dev/') && !p.startsWith('/proc/') && !p.startsWith('/tmp/')
+        if (!isExcludedPath(p)
           // Skip single-component paths like /exit, /clear — likely slash commands, not files
           && (p.indexOf('/', 1) !== -1 || /\.\w+$/.test(p))) {
           paths.push(p);

package/cli/activity.mjs

@@ -10,8 +10,8 @@
 
 import { inferProject } from '../utils.mjs';
 import { resolveProject } from '../project-utils.mjs';
-import { parseArgs, out, fail } from './common.mjs';
-import { parseIntFlag } from '../lib/cli-flags.mjs';
+import { parseArgs, out, fail, rejectBareStringFlags } from './common.mjs';
+import { parseIntFlag, isNumericToken } from '../lib/cli-flags.mjs';
 
 function formatActivityResults(rows) {
   if (!rows || rows.length === 0) return '(no events)';
@@ -31,6 +31,9 @@ export async function cmdActivity(db, args) {
   const project = flags.project ? resolveProject(db, flags.project) : inferProject();
 
   if (sub === 'save') {
+    // Reject value-less string flags before they reach saveEvent as a boolean `true`
+    // (#8470): bare --body / --title crashed with a raw "SQLite3 can only bind ..." error.
+    if (rejectBareStringFlags(flags, ['type', 'title', 'body', 'files', 'file', 'project'])) return;
     const type = flags.type || 'observation';
     if (!VALID_EVENT_TYPES.has(type)) {
       fail(`[mem] activity save: invalid --type "${type}". Valid: ${[...VALID_EVENT_TYPES].join(', ')}`);
@@ -51,7 +54,9 @@ export async function cmdActivity(db, args) {
     const file_paths_merged = [...filesFromSingular, ...filesFromPlural];
     const file_paths = file_paths_merged.length > 0 ? file_paths_merged : null;
     const rawImp = flags.importance !== undefined ? parseInt(flags.importance, 10) : 2;
-    if (flags.importance !== undefined && (isNaN(rawImp) || rawImp < 1 || rawImp > 3)) {
+    // isNumericToken first (mirrors cmdSave): bare parseInt coerces "3xyz"→3 and would
+    // persist a wrong importance that silently skews ranking. Float literals truncate (#8277).
+    if (flags.importance !== undefined && (!isNumericToken(flags.importance) || isNaN(rawImp) || rawImp < 1 || rawImp > 3)) {
       fail(`[mem] Invalid importance "${flags.importance}". Must be 1, 2, or 3.`);
       return;
     }
@@ -112,7 +117,10 @@ export async function cmdActivity(db, args) {
     if (row) {
       out(JSON.stringify(row, null, 2));
     } else {
-      out(`[mem] activity show: event #${id} Not found`);
+      // fail() (stderr + exit 1), matching the not-found contract of sibling commands
+      // (`get`, `activity delete`, `update`); previously stdout + exit 0, so scripts
+      // couldn't detect a missing event from the exit code.
+      fail(`[mem] activity show: event #${id} not found`);
     }
     return;
   }

package/cli/common.mjs

@@ -54,6 +54,29 @@ export function fail(text) {
   process.exitCode = 1;
 }
 
+/**
+ * Reject value-less `--flag` for string-valued flags. A bare trailing flag (or one
+ * immediately followed by another `--flag`) parses to boolean `true` (parseArgs above);
+ * that `true` then slips into code expecting a string and surfaces a raw
+ * `flags.x.split is not a function` / `SQLite3 can only bind ...` stacktrace (#8470).
+ * Returns true (and emits a clean `fail()`) when any listed key is a bare flag — the
+ * caller should `return` on true. Single source of the guard the update/registry paths
+ * previously inlined, so new string-flag commands stay consistent.
+ *
+ * @param {object} flags Parsed flags from parseArgs.
+ * @param {string[]} keys String-valued flag names to guard (without leading dashes).
+ * @returns {boolean} true if a bare flag was found and rejected.
+ */
+export function rejectBareStringFlags(flags, keys) {
+  for (const key of keys) {
+    if (flags[key] === true) {
+      fail(`[mem] --${key} requires a value (received a bare flag with no value).`);
+      return true;
+    }
+  }
+  return false;
+}
+
 // ─── Time Formatting ─────────────────────────────────────────────────────────
 
 /** "just now" / "5m ago" / "3h ago" / "2d ago" relative to now. */

package/format-utils.mjs

@@ -9,8 +9,19 @@
  */
 export function truncate(str, max = 80) {
   if (!str) return '';
+  // Defense-in-depth: a non-string (e.g. an LLM that returned title as an array/number)
+  // would throw `str.replace is not a function` and abort the caller. Coerce to '' rather
+  // than crash; the real type-guarding happens at the call site.
+  if (typeof str !== 'string') return '';
   str = str.replace(/\n/g, ' ').trim();
-  return str.length > max ? str.slice(0, max - 1) + '\u2026' : str;
+  if (str.length <= max) return str;
+  // Never split a UTF-16 surrogate pair: slicing between the high and low half emits a
+  // lone surrogate (invalid UTF-16) that then gets persisted to the DB. If the last kept
+  // code unit is a high surrogate, drop it so we cut on a code-point boundary.
+  let end = max - 1;
+  const last = str.charCodeAt(end - 1);
+  if (last >= 0xD800 && last <= 0xDBFF) end--;
+  return str.slice(0, end) + '\u2026';
 }
 
 /**

package/hook-handoff.mjs

@@ -446,13 +446,31 @@ function renderHandoffFromRow(handoff, db, project) {
 
   lines.push('</session-handoff>');
 
-  // Append session summary if available (long-gap enrichment)
+  // Append session summary if available (long-gap enrichment).
+  // session_summaries is keyed by the mem-internal memory_session_id, but in production
+  // session_handoffs.session_id holds the Claude Code UUID (the scope tag) — the two id
+  // namespaces never match, so the exact lookup returned nothing and this block was always
+  // dropped on a real resume. There is no bridge column (the CC-UUID lives on user_prompts,
+  // not on sdk_sessions/session_summaries), so: try the exact id match first (correct when
+  // ids align — legacy rows + tests), then fall back to the most-recent summary for the
+  // project, which at resume time is the summary from the session that wrote this handoff.
   try {
-    const summary = db.prepare(`
+    let summary = db.prepare(`
       SELECT completed, next_steps, remaining_items FROM session_summaries
       WHERE memory_session_id = ? AND project = ?
       ORDER BY created_at_epoch DESC LIMIT 1
     `).get(handoff.session_id, project);
+    if (!summary) {
+      // Pick the project summary CLOSEST IN TIME to this handoff, not merely the newest:
+      // a handoff and its own session's summary are written within ms of each other at
+      // session end, so nearest-timestamp recovers the right session even when a different
+      // session later wrote a newer summary for the same project (concurrent/interleaved use).
+      summary = db.prepare(`
+        SELECT completed, next_steps, remaining_items FROM session_summaries
+        WHERE project = ?
+        ORDER BY ABS(created_at_epoch - ?) ASC LIMIT 1
+      `).get(project, handoff.created_at_epoch ?? 0);
+    }
     if (summary && (summary.completed || summary.next_steps || summary.remaining_items)) {
       lines.push('');
       lines.push('<session-summary source="haiku">');

package/hook-llm.mjs

@@ -657,7 +657,12 @@ ${actionList}`;
       releaseLLMSlot();
     }
 
-    if (parsed && parsed.title) {
+    // Require a STRING title: a truthy non-string (LLM returned title as an array/number/
+    // object) would pass a bare `parsed.title` check, then crash truncate() downstream,
+    // aborting the worker before tmpFile cleanup (leak) and leaving the obs degraded.
+    if (parsed && typeof parsed.title === 'string' && parsed.title) {
+      // Normalize narrative to a string too — same non-string crash risk in truncate().
+      if (typeof parsed.narrative !== 'string') parsed.narrative = '';
       // Discard if LLM judges observation has no learning value
       if (parsed.importance === 0 || parsed.importance === '0') {
         debugLog('DEBUG', 'llm-episode', `Discarded low-value observation: ${parsed.title}`);

package/hook-optimize.mjs

@@ -262,7 +262,7 @@ Rules:
   }
 }
 
-export function applyNormalization(db, groups) {
+export function applyNormalization(db, groups, { project = null } = {}) {
   if (!groups || groups.length === 0) return { updated: 0 };
 
   const aliasMap = new Map();
@@ -272,11 +272,17 @@ export function applyNormalization(db, groups) {
     }
   }
 
+  // Scope the mutation to `project` when normalize was scoped (v2.72.0 --project).
+  // Without this, synonym groups derived from ONE project's concepts rewrote the
+  // concepts/search_aliases of EVERY project's observations — the exact cross-project
+  // contamination the --project flag was added to prevent. NULL → all projects (legacy
+  // unscoped run), matching the search-engine `(? IS NULL OR project = ?)` idiom.
   const rows = db.prepare(`
     SELECT id, concepts, search_aliases FROM observations
     WHERE COALESCE(compressed_into, 0) = 0
       AND concepts IS NOT NULL AND concepts != ''
-  `).all();
+      AND (? IS NULL OR project = ?)
+  `).all(project, project);
 
   let updated = 0;
   const updateStmt = db.prepare(`
@@ -322,7 +328,7 @@ export async function executeNormalize(db, force = false, { project } = {}) {
   const groups = await identifySynonymGroups(concepts);
   if (groups.length === 0) return { processed: 0, groups: 0 };
 
-  const result = applyNormalization(db, groups);
+  const result = applyNormalization(db, groups, { project });
 
   try { writeFileSync(NORMALIZE_GATE_FILE, JSON.stringify({ epoch: Date.now() })); } catch {}
 
@@ -340,7 +346,7 @@ export function findMergeCandidates(db, maxClusters = 5, { project } = {}) {
   const cutoff = Date.now() - MERGE_TIME_WINDOW_MS;
   const projectClause = project ? 'AND project = ?' : '';
   const stmt = db.prepare(`
-    SELECT id, title, narrative, project, type, access_count, created_at_epoch, minhash_sig
+    SELECT id, title, narrative, project, type, access_count, importance, created_at_epoch, minhash_sig
     FROM observations
     WHERE COALESCE(compressed_into, 0) = 0
       AND optimized_at IS NULL
@@ -410,10 +416,19 @@ Return ONLY valid JSON:
     const parsed = await callModelJSON(prompt, 'sonnet', { timeout: 20000, maxTokens: 1000 });
     if (!parsed || !parsed.should_merge) return { merged: false };
 
-    const keeper = cluster.reduce((best, o) =>
-      (o.access_count || 0) > (best.access_count || 0) ? o : best
-    , cluster[0]);
+    // Keeper = highest importance, then highest access_count. Previously access_count
+    // alone, so a critical (importance=3) but never-accessed observation lost the keeper
+    // role to a trivial (importance=1) accessed one and was compressed away.
+    const keeper = cluster.reduce((best, o) => {
+      const oi = o.importance || 1, bi = best.importance || 1;
+      if (oi !== bi) return oi > bi ? o : best;
+      return (o.access_count || 0) > (best.access_count || 0) ? o : best;
+    }, cluster[0]);
     const others = cluster.filter(o => o.id !== keeper.id);
+    // Floor the merged importance at the cluster max — merging must never silently
+    // downgrade the ranking of the most-important member (the LLM default is 2). The keeper
+    // is selected by importance-first, so keeper.importance IS the cluster max by construction.
+    const maxClusterImportance = keeper.importance || 1;
 
     const concepts = Array.isArray(parsed.merged_concepts) ? parsed.merged_concepts.slice(0, 10) : [];
     const facts = Array.isArray(parsed.merged_facts) ? parsed.merged_facts.slice(0, 10) : [];
@@ -428,7 +443,7 @@ Return ONLY valid JSON:
     const bigramText = cjkBigrams((title || '') + ' ' + (narrative || ''));
     const textField = [conceptsText, factsText, bigramText].filter(Boolean).join(' ');
     const minhashSig = computeMinHash((title || '') + ' ' + (narrative || ''));
-    const importance = clampImportance(parsed.importance || 2);
+    const importance = Math.max(clampImportance(parsed.importance || 2), maxClusterImportance);
 
     // Scrub LLM-output cluster-merge text fields at the UPDATE boundary.
     // importance is numeric; minhash_sig is hash bytes.

package/hook-update.mjs

@@ -27,7 +27,10 @@ const STATE_DIR = DB_DIR;
 const STATE_FILE = join(STATE_DIR, 'runtime', 'update-state.json');
 const CHECK_INTERVAL_MS = 24 * 60 * 60 * 1000;       // 24 hours
 const FETCH_TIMEOUT_MS = 3000;                         // 3s network timeout
-const RATE_LIMIT_INTERVAL_MS = 6 * 60 * 60 * 1000;   // 6h if rate-limited
+// When rate-limited we got NO release data, so re-check sooner than the normal 24h
+// cadence (GitHub's unauthenticated rate-limit window resets within the hour). 6h × ≤2
+// requests = 4 polls/day, far under the 60/hr limit, so this is a faster retry, not a hammer.
+const RATE_LIMIT_INTERVAL_MS = 6 * 60 * 60 * 1000;   // 6h retry when rate-limited
 const NPM_INSTALL_CMD = 'npm install --omit=dev --no-audit --no-fund';
 
 // ── Main Entry ─────────────────────────────────────────────
@@ -57,7 +60,12 @@ export async function checkForUpdate(options = {}) {
 
     const latest = await fetchLatestRelease();
     if (!latest) {
-      saveState({ ...state, lastCheck: new Date().toISOString() });
+      // Re-read from disk: a 403 inside fetchWithTimeout just persisted rateLimited:true.
+      // Spreading the stale in-memory `state` (captured above with rateLimited:false) would
+      // clobber that flag back to false, so shouldCheck never honors the backoff and the
+      // rate-limit mechanism is dead. Re-reading preserves the freshly-written flag.
+      const fresh = readState();
+      saveState({ ...fresh, lastCheck: new Date().toISOString() });
       return null;
     }
 
@@ -174,7 +182,10 @@ async function fetchLatestRelease() {
     headers,
   );
   if (result === 'rate-limited') return null;
-  if (result) {
+  // Guard tag_name: a 200-OK with a malformed body ({} / {tag_name:null}) would throw
+  // `Cannot read properties of undefined (reading 'replace')`. Caught upstream, but it
+  // poisons lastError and blocks the tags fallback below — fall through instead.
+  if (result && typeof result.tag_name === 'string') {
     return {
       version: result.tag_name.replace(/^v/, ''),
       tarballUrl: result.tarball_url,
@@ -188,7 +199,7 @@ async function fetchLatestRelease() {
     headers,
   );
   if (tags === 'rate-limited') return null;
-  if (Array.isArray(tags) && tags.length > 0) {
+  if (Array.isArray(tags) && tags.length > 0 && typeof tags[0]?.name === 'string') {
     const tag = tags[0];
     return {
       version: tag.name.replace(/^v/, ''),
@@ -208,7 +219,7 @@ async function fetchWithTimeout(url, headers) {
     if (res.status === 403) {
       const state = readState();
       saveState({ ...state, rateLimited: true });
-      debugLog('DEBUG', 'hook-update', 'GitHub API rate limited, extending interval');
+      debugLog('DEBUG', 'hook-update', 'GitHub API rate limited; will retry on the 6h rate-limit cadence');
       return 'rate-limited';
     }
     if (!res.ok) return null;

package/hook.mjs

@@ -202,13 +202,20 @@ function flushEpisode(episode, hookEventName = 'PostToolUse') {
         // bugfix-shape nudge above and may co-fire.
         const citeBack = loadCiteBackForEpisode(episode, RUNTIME_DIR);
         if (citeBack) lines.push(citeBack);
+        // Trailing newline is REQUIRED: when this receipt flushes at SessionStart
+        // (leftover episode after /clear or /compact), the startup dashboard writes a
+        // second hookSpecificOutput object right after. Without the '\n' the two land
+        // back-to-back as `}{` on one line and Claude Code's line-based JSON parser
+        // drops both — losing the episode-flush / cite-back context exactly at the
+        // session boundary. Every other hookSpecificOutput write appends '\n'; this
+        // was the lone exception.
         process.stdout.write(JSON.stringify({
           suppressOutput: true,
           hookSpecificOutput: {
             hookEventName,
             additionalContext: lines.join('\n'),
           },
-        }));
+        }) + '\n');
       } catch { /* never block on receipt */ }
     }
   } else {

package/lib/maintain-core.mjs

@@ -33,11 +33,18 @@ export const PINNED_INJ_THRESHOLD = 8;
 // compressed_into = <keeperId>; deleting that keeper (compressed_into has no FK) would
 // leave the child dangling behind a now-missing parent — hidden from every
 // COALESCE(compressed_into,0)=0 view and unrecoverable. Recovery = resurface the child
-// as live (NULL) rather than lose it silently. Shared by both hard-delete paths.
-function recoverChildrenOf(db, ids) {
+// as live (NULL) rather than lose it silently. Shared by every hard-delete path:
+// maintain (cleanupBroken/purgeStale) AND the interactive `delete` / MCP mem_delete.
+export function recoverChildrenOf(db, ids) {
   if (!ids.length) return 0;
   const ph = ids.map(() => '?').join(',');
-  return db.prepare(`UPDATE observations SET compressed_into = NULL WHERE compressed_into IN (${ph})`).run(...ids).changes;
+  // `AND id NOT IN (...)`: never "recover" a row that is itself being deleted in the same
+  // call (e.g. `delete 1,2` where #2 was merged into #1). Without it, #2 is un-hidden and
+  // then immediately deleted, inflating the reported recovery count with a row that did not
+  // survive. Recovery should count only children that actually stay live.
+  return db.prepare(
+    `UPDATE observations SET compressed_into = NULL WHERE compressed_into IN (${ph}) AND id NOT IN (${ph})`
+  ).run(...ids, ...ids).changes;
 }
 
 export function cleanupBroken(db, { projectFilter, baseParams, opCap = OP_CAP }) {

package/mem-cli.mjs

@@ -18,6 +18,7 @@ import { selectCompressionCandidates, groupByProjectWeek, compressGroup } from '
 import {
   cleanupBroken, decayAndMarkIdle, boostAccessed, demotePinned, mergeDuplicates,
   purgeStale, purgeStalePreview, findDuplicates, maintenanceStats, rebuildVectors, vacuum,
+  recoverChildrenOf,
   OP_CAP, STALE_AGE_MS, PINNED_INJ_THRESHOLD,
 } from './lib/maintain-core.mjs';
 import { optimizePreview, optimizeRun } from './hook-optimize.mjs';
@@ -32,7 +33,7 @@ import { readFileSync, existsSync, readdirSync } from 'fs';
 // v2.41: shared CLI helpers extracted to cli/common.mjs. Keep this file as the
 // router + remaining-command bodies during the incremental split. Future work:
 // move each cmdXxx into its own cli/<cmd>.mjs; mem-cli.mjs becomes pure dispatch.
-import { parseArgs, out, fail, relativeTime, fmtDateShort, parseIdToken, formatProbeHints } from './cli/common.mjs';
+import { parseArgs, out, fail, relativeTime, fmtDateShort, parseIdToken, formatProbeHints, rejectBareStringFlags } from './cli/common.mjs';
 import { saveObservation } from './lib/save-observation.mjs';
 import { AUTO_MERGE_THRESHOLD } from './lib/dedup-constants.mjs';
 import { countRecentHookErrors } from './lib/hook-telemetry.mjs';
@@ -667,6 +668,7 @@ function cmdGet(db, args) {
   }
 
   // Validate --fields against obs schema (only meaningful for obs rows).
+  if (rejectBareStringFlags(flags, ['fields', 'source'])) return;
   let requestedFields = null;
   if (flags.fields) {
     const allRequested = flags.fields.split(',').map(s => s.trim());
@@ -713,6 +715,10 @@ function cmdGet(db, args) {
 
 function cmdTimeline(db, args) {
   const { positional, flags } = parseArgs(args);
+  // Bare `--query` parses to boolean true and crashed downstream in sanitizeFtsQuery
+  // (nlp.mjs string ops on a boolean). No sensible default for a search anchor — reject
+  // cleanly (#8470). (`--project` bare is absorbed by resolveProject's non-string guard.)
+  if (rejectBareStringFlags(flags, ['query'])) return;
   // parseInt('-5') === -5 is truthy, so `|| 5` doesn't rescue negative input.
   // Match cmdSearch's warn-then-default pattern for consistency across CLI flags.
   const parseWindow = (label, raw) => {
@@ -944,6 +950,10 @@ function cmdSave(db, args) {
     return;
   }
 
+  // Reject value-less string flags before they reach .split()/saveObservation as a
+  // boolean `true` (#8470): bare --files/--title/--lesson crashed with a raw stacktrace.
+  if (rejectBareStringFlags(flags, ['title', 'files', 'lesson', 'lesson-learned', 'project', 'type'])) return;
+
   const type = flags.type || 'discovery';
   const validTypes = new Set(['decision', 'bugfix', 'feature', 'refactor', 'discovery', 'change']);
   if (!validTypes.has(type)) {
@@ -1070,6 +1080,8 @@ function cmdDeferAdd(db, args) {
     fail(`[mem] defer add: title too long (${title.length} chars, max 200). Move detail to --detail "<text>".`);
     return;
   }
+  // Reject bare --files/--detail/--project before .split()/bind sees a boolean true (#8470).
+  if (rejectBareStringFlags(flags, ['files', 'detail', 'project'])) return;
   const priority = flags.priority !== undefined ? parseInt(flags.priority, 10) : 2;
   // isNumericToken first: bare parseInt would coerce "3xyz"→3 and silently escalate a
   // deferred item's urgency. Float literals still truncate (#8277).
@@ -1614,11 +1626,19 @@ function cmdDelete(db, args) {
         db.prepare('UPDATE observations SET related_ids = ? WHERE id = ?').run(JSON.stringify(filtered), r.id);
       }
     }
-    return db.prepare(`DELETE FROM observations WHERE id IN (${placeholders})`).run(...ids);
+    // Resurface any rows merged/compressed INTO the doomed keepers before deleting,
+    // else they dangle behind a missing parent (compressed_into has no FK) — invisible
+    // to every COALESCE(compressed_into,0)=0 view and unrecoverable. Same guard the
+    // maintain hard-delete paths use (recoverChildrenOf); the interactive delete path
+    // was missing it. Returned in the result so the user sees the recovery count.
+    const recovered = recoverChildrenOf(db, ids);
+    const deleted = db.prepare(`DELETE FROM observations WHERE id IN (${placeholders})`).run(...ids);
+    return { changes: deleted.changes, recovered };
   });
   const result = deleteTx();
   const missing = ids.filter(id => !rows.some(r => r.id === id));
-  out(`[mem] Deleted ${result.changes} observation(s).${missing.length > 0 ? ` Note: ID(s) ${missing.join(', ')} not found.` : ''}`);
+  const recoveredNote = result.recovered > 0 ? ` Recovered ${result.recovered} merged/compressed child observation(s) to live.` : '';
+  out(`[mem] Deleted ${result.changes} observation(s).${recoveredNote}${missing.length > 0 ? ` Note: ID(s) ${missing.join(', ')} not found.` : ''}`);
 }
 
 // ─── Update ──────────────────────────────────────────────────────────────────
@@ -1644,18 +1664,10 @@ function cmdUpdate(db, args) {
     return;
   }
 
-  // A value-less `--flag` (last arg, or immediately followed by another --flag)
-  // parses to boolean `true` (cli/common.mjs parseArgs). For string-valued fields
-  // that boolean would slip past the string-only empty guards below and reach the
-  // SQLite bind, surfacing a raw "TypeError: SQLite3 can only bind ..." stacktrace
-  // — the same accidental shell-strip class the empty-title guard (#8470) catches.
-  // Reject it cleanly for every string-valued update flag.
-  for (const key of ['title', 'narrative', 'lesson', 'lesson-learned', 'concepts']) {
-    if (flags[key] === true) {
-      fail(`[mem] --${key} requires a value (received a bare flag with no value).`);
-      return;
-    }
-  }
+  // A value-less `--flag` parses to boolean `true` (cli/common.mjs parseArgs); for string
+  // fields that would reach the SQLite bind as a raw "TypeError: SQLite3 can only bind ..."
+  // (#8470). Reject cleanly via the shared guard — single source with the other commands.
+  if (rejectBareStringFlags(flags, ['title', 'narrative', 'lesson', 'lesson-learned', 'concepts'])) return;
 
   const updates = [];
   const params = [];
@@ -2172,6 +2184,9 @@ function cmdRegistry(_memDb, args) {
 
   try {
     if (action === 'search') {
+      // Bare `--query` parses to boolean true; `true || ...` would search for the literal
+      // string "true". Reject it cleanly (#8470) before it becomes a confusing no-match.
+      if (rejectBareStringFlags(flags, ['query', 'category', 'quality'])) return;
       const query = flags.query || positional.slice(1).join(' ');
       if (!query) { fail('[mem] Usage: claude-mem-lite registry search <query> [--type skill|agent] [--category C] [--quality Q]'); return; }
       let results = searchResources(rdb, query, {
@@ -2260,12 +2275,9 @@ function cmdRegistry(_memDb, args) {
     }
 
     if (action === 'import') {
-      // A bare value-less flag parses to boolean `true` (parseArgs); for these string
-      // fields that boolean reaches the SQLite bind in upsertResource and throws a raw
-      // TypeError — same class as the `update` guard above (#8470). Reject up front.
-      for (const key of ['name', 'resource-type', 'invocation-name', 'source', 'repo-url', 'local-path', 'intent-tags', 'domain-tags', 'trigger-patterns', 'capability-summary', 'keywords', 'tech-stack', 'use-cases']) {
-        if (flags[key] === true) { fail(`[mem] --${key} requires a value (received a bare flag with no value).`); return; }
-      }
+      // Bare value-less flags → boolean true → SQLite-bind crash in upsertResource (#8470).
+      // Shared guard — single source with update/remove/the other commands.
+      if (rejectBareStringFlags(flags, ['name', 'resource-type', 'invocation-name', 'source', 'repo-url', 'local-path', 'intent-tags', 'domain-tags', 'trigger-patterns', 'capability-summary', 'keywords', 'tech-stack', 'use-cases'])) return;
       const name = flags.name;
       const resourceType = flags['resource-type'];
       if (!name || !resourceType) { fail('[mem] Usage: claude-mem-lite registry import --name N --resource-type skill|agent [--invocation-name I] [--capability-summary S]'); return; }
@@ -2287,11 +2299,9 @@ function cmdRegistry(_memDb, args) {
     }
 
     if (action === 'remove') {
-      // Bare value-less --name / --resource-type → boolean true → SQLite-bind crash
-      // on the DELETE below; reject like the import branch and the `update` guard.
-      for (const key of ['name', 'resource-type']) {
-        if (flags[key] === true) { fail(`[mem] --${key} requires a value (received a bare flag with no value).`); return; }
-      }
+      // Bare value-less --name / --resource-type → boolean true → SQLite-bind crash on
+      // the DELETE below; shared guard, single source with import/update.
+      if (rejectBareStringFlags(flags, ['name', 'resource-type'])) return;
       const name = flags.name;
       const resourceType = flags['resource-type'];
       if (!name || !resourceType) { fail('[mem] Usage: claude-mem-lite registry remove --name N --resource-type skill|agent'); return; }

package/memdir.mjs

@@ -219,33 +219,58 @@ export function writePluginSection(memdir, { slug, version, contentLine, force =
 /**
  * Remove the plugin's sentinel block plus its state sidecar. External content
  * in MEMORY.md is preserved.
- * @returns {{action: 'removed'|'absent'}}
+ *
+ * Foreign-content guard (symmetric with writePluginSection): a sentinel block with
+ * NO state sidecar is content we cannot prove the plugin authored — the user may have
+ * pasted plugin docs or quoted a sentinel example. Without `force`, such a block is
+ * LEFT IN PLACE (action 'skipped-foreign') instead of being silently deleted. The
+ * adopt side already throws UserEditedError on the same condition; unadopt lacked the
+ * mirror, so it could delete user-authored text that merely resembled the sentinel.
+ *
+ * @param {string} memdir
+ * @param {string} slug
+ * @param {{force?: boolean}} [opts] force=true removes even a no-state (foreign) block.
+ * @returns {{action: 'removed'|'absent'|'skipped-foreign'}}
  */
-export function removePluginSection(memdir, slug) {
-  clearState(memdir, slug);
+export function removePluginSection(memdir, slug, { force = false } = {}) {
   const path = memoryFile(memdir);
-  if (!existsSync(path)) return { action: 'absent' };
+  if (!existsSync(path)) { clearState(memdir, slug); return { action: 'absent' }; }
   const raw = readFileSync(path, 'utf8');
   const match = raw.match(sentinelRegex(slug));
-  if (!match) return { action: 'absent' };
+  if (!match) { clearState(memdir, slug); return { action: 'absent' }; }
+
+  // Only remove a block we have a state sidecar for (proof we wrote it), unless forced.
+  if (!readState(memdir, slug) && !force) {
+    return { action: 'skipped-foreign' };
+  }
+  clearState(memdir, slug);
 
   // Delete the match plus a trailing newline + a preceding blank line so we
   // don't leave a stranded paragraph gap.
+  const blockAtStart = match.index === 0;
   let start = match.index;
   let end = match.index + match[0].length;
   if (raw[end] === '\n') end++;
   if (start > 0 && raw.slice(0, start).endsWith('\n\n')) start--;
   let next = raw.slice(0, start) + raw.slice(end);
-  // Edge case (code review v2.32.3): when the sentinel was the first content
-  // (e.g. two invited-memory plugins coexist and we remove the earlier one),
-  // the tail can still start with a stranded blank line / doubled newlines.
-  // Normalize leading whitespace and collapse any ≥3 consecutive newlines
-  // so the remaining content looks hand-authored.
-  next = next.replace(/^\s+/, '').replace(/\n{3,}/g, '\n\n');
+  // Collapse any ≥3 consecutive newlines left at the removal seam so the remaining
+  // content looks hand-authored. Only strip leading whitespace when OUR block was the
+  // file's first content — otherwise an unconditional `/^\s+/` deleted user-authored
+  // leading blank lines / structure that sat far above our (end-of-file) block.
+  next = next.replace(/\n{3,}/g, '\n\n');
+  if (blockAtStart) next = next.replace(/^\s+/, '');
   atomicWrite(path, next);
   return { action: 'removed' };
 }
 
+/**
+ * Whether a plugin state sidecar exists for this memdir — i.e. the plugin can prove it
+ * wrote the sentinel. Used by unadopt's dry-run to predict the foreign-content skip.
+ */
+export function hasPluginState(memdir, slug) {
+  return readState(memdir, slug) !== null;
+}
+
 /**
  * Whether this memdir has our sentinel. Body edits don't demote the adoption —
  * users who hand-tweak the contract line still count as adopted.

package/nlp.mjs

@@ -11,6 +11,23 @@ export { SYNONYM_MAP, CJK_COMPOUNDS };
 
 const FTS5_KEYWORDS = new Set(['AND', 'OR', 'NOT', 'NEAR']);
 
+/**
+ * True if a CJK bigram is pure grammatical noise that should not enter an FTS query
+ * or the precision gate's `required` set. CJK_STOP_WORDS holds single-char particles
+ * (的/了/是…) plus a few whole multi-char fillers (什么/怎么…); callers used to test a
+ * 2-char bigram with a bare `CJK_STOP_WORDS.has(bg)`, which only caught the whole-filler
+ * case — so a particle-pair bigram like `的了` / `了是` slipped through and (a) forced an
+ * unsatisfiable AND term and (b) made an all-particle query's `required` set non-empty,
+ * wrongly rejecting every candidate. We reject a bigram when it IS a known filler OR when
+ * BOTH characters are single-char stop words. A bigram with only ONE stop char (有效, 目的)
+ * is deliberately kept — those are real compounds, and distinguishing a boundary-straddle
+ * (的全) from a genuine compound needs a dictionary/recall benchmark (deferred).
+ */
+function isCjkNoiseBigram(bg) {
+  if (CJK_STOP_WORDS.has(bg)) return true;
+  return bg.length === 2 && CJK_STOP_WORDS.has(bg[0]) && CJK_STOP_WORDS.has(bg[1]);
+}
+
 // Sort by length descending for greedy matching
 const CJK_SORTED = [...CJK_COMPOUNDS].sort((a, b) => b.length - a.length);
 
@@ -177,7 +194,7 @@ export function cjkPrecisionOk(query, text, threshold) {
   const keywords = extractCjkKeywords(query);
   const required = keywords.length > 0
     ? keywords
-    : cjkBigrams(query).split(' ').filter(b => b && !CJK_STOP_WORDS.has(b));
+    : cjkBigrams(query).split(' ').filter(b => b && !isCjkNoiseBigram(b));
   if (required.length === 0) return true;
   const hit = required.filter(w => text.includes(w)).length;
   return (hit / required.length) >= threshold;
@@ -254,7 +271,7 @@ export function sanitizeFtsQuery(query) {
         const gapBigrams = cjkBigrams(remainder);
         if (gapBigrams) {
           for (const bg of gapBigrams.split(' ')) {
-            if (bg && !CJK_STOP_WORDS.has(bg) && !matched.has(bg)) expandedTokens.push(bg);
+            if (bg && !isCjkNoiseBigram(bg) && !matched.has(bg)) expandedTokens.push(bg);
           }
         }
         continue;
@@ -278,7 +295,7 @@ export function sanitizeFtsQuery(query) {
     );
     if (pureCjkTokens.length > 0) bigrams = cjkBigrams(pureCjkTokens.join(' '));
   }
-  const bigramSet = new Set(bigrams ? bigrams.split(' ').filter(b => b && !CJK_STOP_WORDS.has(b)) : []);
+  const bigramSet = new Set(bigrams ? bigrams.split(' ').filter(b => b && !isCjkNoiseBigram(b)) : []);
   const hasBigrams = bigramSet.size > 0;
   const finalTokens = [];
   const seen = new Set();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-mem-lite",
-  "version": "2.92.0",
+  "version": "2.94.0",
   "description": "Persistent long-term memory for Claude Code via MCP — captures coding decisions, bugfixes, and context across sessions. Hybrid FTS5 + TF-IDF search with episode batching. Single SQLite DB, no external services. A lighter, lower-cost alternative to claude-mem (episode batching + a smaller model; cost savings are an internal estimate, not a measured benchmark).",
   "type": "module",
   "packageManager": "npm@10.9.2",

package/project-utils.mjs

@@ -14,6 +14,12 @@ const _cache = new Map();
  */
 export function resolveProject(db, name) {
   if (!name) return name;
+  // Defense-in-depth: a bare `--project` CLI flag parses to boolean `true` (and a
+  // malformed MCP/hook caller could pass any non-string). `true.includes('--')` below
+  // throws a raw TypeError that crashed search/recent/timeline/stats/export/defer-list.
+  // Treat any non-string as "no project filter" (null) — the degradation every caller
+  // already handles for an absent --project — instead of crashing at the root helper.
+  if (typeof name !== 'string') return null;
   if (_cache.has(name)) return _cache.get(name);
   // Already a canonical name (contains "--")? Use as-is.
   if (name.includes('--')) { _cache.set(name, name); return name; }

package/registry-importer.mjs

@@ -336,10 +336,15 @@ export async function importFromGitHub(db, url, opts = {}) {
         indexed_at: new Date().toISOString(),
       });
 
-      // 5g. Update repo_forks and repo_updated_at (not in upsert SQL)
+      // 5g. Update repo_forks and repo_updated_at (not in upsert SQL).
+      // Do NOT touch quality_tier here: UPSERT_SQL never writes it, so a first insert
+      // gets the column DEFAULT 'community' and a re-import preserves whatever tier the
+      // row reached. Re-stamping 'community' downgraded enrichment-promoted tiers
+      // (verified/installed → community) on every content re-import, silently lowering
+      // the resource's BM25 composite rank (tier is a 1.0/2.0/3.0 multiplier).
       db.prepare(
-        'UPDATE resources SET repo_forks = ?, repo_updated_at = ?, quality_tier = ? WHERE id = ?'
-      ).run(repoForks, repoUpdatedAt, 'community', resourceId);
+        'UPDATE resources SET repo_forks = ?, repo_updated_at = ? WHERE id = ?'
+      ).run(repoForks, repoUpdatedAt, resourceId);
 
       results.push({ name, type: item.type, id: resourceId });
       debugLog('INFO', 'importer', `Imported ${item.type}:${name} (id=${resourceId})`);

package/registry-retriever.mjs

@@ -284,6 +284,10 @@ export function filterByProjectDomain(results, projectDomains) {
 //
 // Composite ranking formula:
 //   40% BM25 text relevance
+//   Quality-tier bonus: bounded additive (installed -0.15, verified -0.075). Was a
+//     MULTIPLIER on the BM25 term, which scaled the magnitude of a variable, unbounded,
+//     NEGATIVE signal — letting a weakly-matching installed resource (×3) outrank a
+//     strongly-matching community one. Additive keeps tier a promotion, not an override.
 //   15% Star popularity (saturation normalization — diminishing returns after ~500 stars)
 //   15% Success rate (Laplace smoothing — Beta prior α=1, β=1 for small-sample robustness)
 //   10% Adoption rate (Laplace smoothing)
@@ -301,10 +305,10 @@ export function filterByProjectDomain(results, projectDomains) {
 // Sign convention: more negative = better. BM25 is negative, behavioral signals are subtracted.
 const COMPOSITE_EXPR = `(
     bm25(resources_fts, 3.0, 3.0, 3.0, 2.0, 2.0, 1.0, 1.0, 1.0) * 0.4
-    * CASE COALESCE(r.quality_tier, 'community')
-        WHEN 'installed' THEN 3.0
-        WHEN 'verified' THEN 2.0
-        ELSE 1.0
+    - CASE COALESCE(r.quality_tier, 'community')
+        WHEN 'installed' THEN 0.15
+        WHEN 'verified' THEN 0.075
+        ELSE 0
       END
     - COALESCE(r.repo_stars * 1.0 / (r.repo_stars + 100.0), 0) * 0.15
     - (
@@ -347,7 +351,7 @@ const SEARCH_SQL = `
     WHERE resources_fts MATCH ?
       AND r.status = 'active'
   ) sub
-  ORDER BY composite_score ASC
+  ORDER BY composite_score ASC, id ASC
   LIMIT ?
 `;
 
@@ -362,7 +366,7 @@ const SEARCH_BY_TYPE_SQL = `
       AND r.status = 'active'
       AND r.type = ?
   ) sub
-  ORDER BY composite_score ASC
+  ORDER BY composite_score ASC, id ASC
   LIMIT ?
 `;
 

package/schema.mjs

@@ -382,6 +382,7 @@ export function initSchema(db) {
 
   // FTS5 migration: recreate observations_fts when columns are missing (one-time)
   // Detect old FTS5 table missing lesson_learned or search_aliases and recreate with full column set
+  let obsFtsRecreated = false;
   try {
     const ftsDdl = db.prepare(`SELECT sql FROM sqlite_master WHERE type='table' AND name='observations_fts'`).get();
     if (ftsDdl && (!ftsDdl.sql.includes('lesson_learned') || !ftsDdl.sql.includes('search_aliases'))) {
@@ -389,6 +390,7 @@ export function initSchema(db) {
       db.exec(`DROP TRIGGER IF EXISTS observations_ad`);
       db.exec(`DROP TRIGGER IF EXISTS observations_au`);
       db.exec(`DROP TABLE IF EXISTS observations_fts`);
+      obsFtsRecreated = true;
     }
   } catch { /* non-critical — ensureFTS will create if missing */ }
 
@@ -416,14 +418,19 @@ export function initSchema(db) {
   ensureFTS(db, 'session_summaries_fts', 'session_summaries', ['request', 'investigated', 'learned', 'completed', 'next_steps', 'notes', 'remaining_items']);
   ensureFTS(db, 'user_prompts_fts', 'user_prompts', ['prompt_text']);
 
-  // Rebuild FTS5 if we just recreated it (migration populates from content table)
-  try {
-    const needsRebuild = db.prepare(`SELECT COUNT(*) as cnt FROM observations`).get();
-    const ftsCount = db.prepare(`SELECT COUNT(*) as cnt FROM observations_fts`).get();
-    if (needsRebuild.cnt > 0 && ftsCount.cnt === 0) {
-      db.exec(`INSERT INTO observations_fts(observations_fts) VALUES('rebuild')`);
-    }
-  } catch { /* non-critical */ }
+  // Rebuild FTS5 if we just recreated it above (the new index is empty and must be
+  // populated from the content table). The old emptiness probe — `SELECT COUNT(*) FROM
+  // observations_fts` — was DEAD: for an external-content FTS5 table, COUNT reads the
+  // CONTENT table (observations), not the index, so `ftsCount === 0` was only ever true
+  // on an empty DB (where needsRebuild>0 is false). The rebuild therefore never fired and
+  // full-text search silently returned 0 rows after the column-mismatch migration. Gate
+  // on the recreation flag instead, which is the only path that leaves the index empty.
+  if (obsFtsRecreated) {
+    try {
+      const cnt = db.prepare(`SELECT COUNT(*) as cnt FROM observations`).get();
+      if (cnt.cnt > 0) db.exec(`INSERT INTO observations_fts(observations_fts) VALUES('rebuild')`);
+    } catch { /* non-critical */ }
+  }
 
   // v36 migration: narrow events_fts_au like the v27 fix above. The events FTS
   // triggers were hand-written inline (below) rather than via ensureFTS, so

package/search-engine.mjs

@@ -179,7 +179,11 @@ export function countSearchTotal(db, {
 export function ftsRowToResult(r, { scoreMultiplier, snippet } = {}) {
   return {
     source: 'obs', id: r.id, type: r.type, title: r.title, subtitle: r.subtitle,
-    project: r.project, date: r.created_at, created_at_epoch: r.created_at_epoch,
+    // `date` is the legacy key the MCP paired-search path reads; `created_at` aligns the
+    // obs row shape with the session/prompt rows the CLI interleaves in the same results
+    // array (cmdSearch reads r.created_at uniformly) and with recent/recall output. Both
+    // hold the same ISO string — keep both so neither consumer breaks.
+    project: r.project, date: r.created_at, created_at: r.created_at, created_at_epoch: r.created_at_epoch,
     score: scoreMultiplier ? r.score * scoreMultiplier : r.score,
     files_modified: r.files_modified, importance: r.importance, lesson_learned: r.lesson_learned,
     snippet: snippet ? (r.match_snippet || '') : '',

package/secret-scrub.mjs

@@ -18,8 +18,17 @@ export const SECRET_PATTERNS = [
   //   2. Structured keys (api_key, auth_token, …) keep the original behavior —
   //      a separator/compound key is unambiguous config syntax even when
   //      preceded by prose ("see auth_token: shhhhhh").
-  [/((?<![A-Za-z][ \t])\b(?:password|passwd|token|bearer)\s*[=:]\s*)(?!process\.env\.)(?!new\s)(?!\w+\()(?!(?:null|undefined|true|false|None|nil|empty|""|''|0)\b)[^\s,;'"}\]]{6,}/gi, '$1***'],
-  [/(\b(?:api[_-]?key|api[_-]?secret|secret[_-]?key|access[_-]?key|private[_-]?key|client[_-]?secret|auth[_-]?token)\s*[=:]\s*)(?!process\.env\.)(?!new\s)(?!\w+\()(?!(?:null|undefined|true|false|None|nil|empty|""|''|0)\b)[^\s,;'"}\]]{6,}/gi, '$1***'],
+  // `(?:\b|_)` before the keyword: a plain word-boundary misses the single most
+  // common credential shape — underscore-cased env vars (DB_PASSWORD, GH_TOKEN,
+  // MY_AUTH_TOKEN) — because `_` is a \w char, so there is NO \b between it and the
+  // keyword. Allowing a leading `_` catches those while the prose lookbehind still
+  // excludes "Marker token: …". `secret` added so a bare SECRET=… with a mixed-alnum
+  // value is covered (the hex-only assignment pattern below misses non-hex values).
+  [/((?<![A-Za-z][ \t])(?:\b|_)(?:password|passwd|token|bearer|secret)\s*[=:]\s*)(?!process\.env\.)(?!new\s)(?!\w+\()(?!(?:null|undefined|true|false|None|nil|empty|""|''|0)\b)[^\s,;'"}\]]{6,}/gi, '$1***'],
+  // access_token / refresh_token are the canonical OAuth2 field names — they were
+  // missing from this KV list (drift vs the JSON list below). `(?:\b|_)` for the same
+  // underscore-prefix reason.
+  [/((?:\b|_)(?:api[_-]?key|api[_-]?secret|secret[_-]?key|access[_-]?key|private[_-]?key|client[_-]?secret|auth[_-]?token|access[_-]?token|refresh[_-]?token)\s*[=:]\s*)(?!process\.env\.)(?!new\s)(?!\w+\()(?!(?:null|undefined|true|false|None|nil|empty|""|''|0)\b)[^\s,;'"}\]]{6,}/gi, '$1***'],
   // AWS access keys (AKIA...)
   [/\bAKIA[A-Z0-9]{16}\b/g, '***'],
   // OpenAI / Anthropic keys (sk-...) — specific prefixes have lower length threshold
@@ -52,14 +61,35 @@ export const SECRET_PATTERNS = [
   [/\bnpm_[a-zA-Z0-9]{36,}\b/g, '***'],
   // Stripe keys (sk_live_, rk_live_, pk_live_, sk_test_, pk_test_)
   [/\b[srp]k_(?:live|test)_[a-zA-Z0-9]{20,}\b/g, '***'],
+  // SendGrid API keys: SG.<22>.<43> — two dots at fixed offsets make this
+  // structurally unmistakable; near-zero false-positive risk.
+  [/\bSG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}\b/g, '***'],
+  // Twilio identifiers: Account SID (AC…) + API Key SID (SK…), each = prefix
+  // + exactly 32 hex. The 2-letter prefix + 32-hex shape is specific: an MD5
+  // is 32 hex (no AC/SK prefix → no match) and a 40-hex git SHA has no internal
+  // \b so the trailing \b can't land mid-string. We deliberately do NOT scrub
+  // the bare-hex Twilio *auth token* — see comment block at end re: SHA collision.
+  [/\b(?:AC|SK)[0-9a-f]{32}\b/g, '***'],
+  // Mailgun private API keys: key-<32 hex>. Prefix-anchored for the same reason;
+  // bare 32-hex (no `key-`) is intentionally left alone to avoid hashing FPs.
+  [/\bkey-[0-9a-f]{32}\b/g, '***'],
   // JSON-quoted secrets — error payloads / API responses commonly carry creds
   // as `{"api_key": "..."}`. The base key=value pattern stops at quotes, so
   // these slip through. Match the value-quoted form explicitly. Length floor
   // (6) avoids tripping on intentional placeholder shorts ("...", "secret").
-  [/("(?:password|passwd|token|api[_-]?key|api[_-]?secret|secret[_-]?key|access[_-]?key|private[_-]?key|client[_-]?secret|auth[_-]?token|bearer|refresh[_-]?token|session[_-]?id|sessionid)"\s*:\s*")[^"]{6,}(")/gi, '$1***$2'],
+  [/("(?:password|passwd|token|api[_-]?key|api[_-]?secret|secret[_-]?key|access[_-]?key|access[_-]?token|private[_-]?key|client[_-]?secret|auth[_-]?token|bearer|refresh[_-]?token|session[_-]?id|sessionid)"\s*:\s*")[^"]{6,}(")/gi, '$1***$2'],
   // Session cookies in headers / urlencoded bodies (sessionid=, session_id=, JSESSIONID=, PHPSESSID=).
   // 16+ chars filters out short test fixtures like sessionid=abc.
   [/\b((?:session[_-]?id|sessionid|jsessionid|phpsessid)\s*[=:]\s*)[^\s,;'"}\]]{16,}/gi, '$1***'],
+  // ── DELIBERATELY NOT COVERED: bare high-entropy / "raw N-char" tokens ──────
+  // A generic `[A-Fa-f0-9]{40}` / high-entropy regex would scrub this repo's own
+  // legitimate data: 40-hex git SHAs, 32-hex MD5s, 64-hex SHA256s, and stored
+  // `minhash_sig` values. In a hash-heavy codebase the false-positive cost
+  // (silent `***` over real content, lost recall) exceeds the marginal catch —
+  // and an entropy gate doesn't help because git SHAs are themselves high-entropy.
+  // The contextual forms (token=…, Authorization: Bearer …, "api_key":"…") above
+  // already cover the dangerous *labelled* shapes. If you are tempted to add a
+  // bare-token pattern here: don't — anchor it to a provider prefix instead.
 ];
 
 /**

package/server.mjs

@@ -15,6 +15,7 @@ import { selectCompressionCandidates, groupByProjectWeek, compressGroup } from '
 import {
   cleanupBroken, decayAndMarkIdle, boostAccessed, demotePinned, mergeDuplicates,
   purgeStale, purgeStalePreview, findDuplicates, maintenanceStats, rebuildVectors, vacuum,
+  recoverChildrenOf,
   OP_CAP, STALE_AGE_MS,
 } from './lib/maintain-core.mjs';
 import { effectiveQuiet, RUNTIME_DIR } from './hook-shared.mjs';
@@ -926,13 +927,20 @@ server.registerTool(
           db.prepare('UPDATE observations SET related_ids = ? WHERE id = ?').run(JSON.stringify(filtered), r.id);
         }
       }
+      // Resurface rows merged/compressed INTO the doomed keepers before deleting, else
+      // they dangle behind a now-missing parent (compressed_into has no FK) — invisible
+      // to every COALESCE(compressed_into,0)=0 view and unrecoverable. Mirrors the CLI
+      // delete path + the maintain hard-delete guard (recoverChildrenOf).
+      const recovered = recoverChildrenOf(db, args.ids);
       // Execute deletion (FTS5 cleanup handled by observations_ad trigger)
-      return db.prepare(`DELETE FROM observations WHERE id IN (${placeholders})`).run(...args.ids);
+      const deleted = db.prepare(`DELETE FROM observations WHERE id IN (${placeholders})`).run(...args.ids);
+      return { changes: deleted.changes, recovered };
     });
     const result = deleteTx();
 
     const missing = args.ids.filter(id => !rows.some(r => r.id === id));
     const msg = [`Deleted ${result.changes} observation(s).`];
+    if (result.recovered > 0) msg.push(`Recovered ${result.recovered} merged/compressed child observation(s) to live.`);
     if (missing.length > 0) msg.push(`Note: ID(s) ${missing.join(', ')} not found.`);
     return { content: [{ type: 'text', text: msg.join(' ') }] };
   })

package/synonyms.mjs

@@ -265,6 +265,13 @@ export const CJK_COMPOUNDS = new Set([
   // architecture
   '架构', '设计', '方案', '规划', '文档', '注释', '版本', '分支', '依赖',
   '性能', '安全', '漏洞', '补丁', '系统', '算法',
+  // common task/dev vocab — mined from the zero-dict-keyword prompt slice
+  // (benchmark/cjk-straddle-prevalence.mjs). These ubiquitous words were absent
+  // from the dictionary, so ~15% of real CJK queries fell through to all-bigram
+  // noise. Adding real words is monotonically safe: greedy longest-match only
+  // improves, and real compounds cannot create boundary-straddle bigrams.
+  '工作', '用户', '完成', '计划', '命令', '工具', '插件', '实施', '处理',
+  '清理', '显示', '本地', '改动', '确认', '直接', '开始',
 ]);
 
 // ─── Dispatch Synonyms (unidirectional, broader groupings) ──────────────────

package/tier.mjs

@@ -44,9 +44,12 @@ export function computeTier(obs, ctx) {
     return 'working';
   }
 
-  // Rule 5: Active if within type-specific window
+  // Rule 5: Active if within type-specific window. Use `<=` so the exact-millisecond
+  // window edge matches TIER_CASE_SQL (`created_at_epoch >= now - window`, i.e. inclusive).
+  // The strict `<` here disagreed with the SQL classifier by one tier at the boundary,
+  // despite both being documented as the same classifier.
   const activeWindow = ACTIVE_WINDOWS[obs.type] ?? DEFAULT_ACTIVE_WINDOW_MS;
-  if (now - obs.created_at_epoch < activeWindow) return 'active';
+  if (now - obs.created_at_epoch <= activeWindow) return 'active';
 
   // Rule 6: Archive (fallback)
   return 'archive';

package/utils.mjs

@@ -77,8 +77,11 @@ export function estimateTokens(text) {
  * @returns {number} Clamped integer importance (1, 2, or 3)
  */
 export function clampImportance(val) {
-  if (typeof val !== 'number' || isNaN(val)) return 1;
-  return Math.max(1, Math.min(3, Math.round(val)));
+  // Coerce numeric strings: an LLM emitting "importance":"2" (quoted) would otherwise
+  // collapse to 1, silently dropping its signal. Non-numeric strings → NaN → 1.
+  const n = typeof val === 'number' ? val : (typeof val === 'string' ? Number(val) : NaN);
+  if (!Number.isFinite(n)) return 1;
+  return Math.max(1, Math.min(3, Math.round(n)));
 }
 
 /**
@@ -267,9 +270,39 @@ export function debugCatch(e, context) {
 
 // ─── JSON Parsing ────────────────────────────────────────────────────────────
 
+/**
+ * Extract the first brace-balanced JSON object substring from text, honoring strings
+ * and escapes so braces inside string values don't throw off the depth count. Returns
+ * null when there's no `{` or no balanced close. Used to recover a valid leading object
+ * when the LLM wrapped it in prose that ALSO contains braces — the greedy `{[\s\S]*}`
+ * fallback spans first-`{` to last-`}` and is defeated by an unrelated trailing `{…}`.
+ */
+function firstBalancedJsonObject(text) {
+  // Anchor on whichever structural opener comes first — `{` (object) or `[` (array) —
+  // so a prose-wrapped top-level array isn't truncated to its first inner object.
+  const braceAt = text.indexOf('{');
+  const brackAt = text.indexOf('[');
+  let start, open, close;
+  if (braceAt === -1 && brackAt === -1) return null;
+  if (brackAt !== -1 && (braceAt === -1 || brackAt < braceAt)) { start = brackAt; open = '['; close = ']'; }
+  else { start = braceAt; open = '{'; close = '}'; }
+  let depth = 0, inStr = false, esc = false;
+  for (let i = start; i < text.length; i++) {
+    const c = text[i];
+    if (inStr) {
+      if (esc) esc = false;
+      else if (c === '\\') esc = true;
+      else if (c === '"') inStr = false;
+    } else if (c === '"') inStr = true;
+    else if (c === open) depth++;
+    else if (c === close && --depth === 0) return text.slice(start, i + 1);
+  }
+  return null;
+}
+
 /**
  * Parse JSON from LLM output, handling markdown fences and embedded objects.
- * Tries: direct parse → fenced code block → regex object extraction.
+ * Tries: direct parse → fenced code block → first balanced object → greedy regex.
  * @param {string} text Raw LLM output text
  * @returns {object|null} Parsed JSON object or null on failure
  */
@@ -278,6 +311,10 @@ export function parseJsonFromLLM(text) {
   try { return JSON.parse(text); } catch {}
   const fenced = text.match(/```(?:json)?\s*([\s\S]*?)\s*```/);
   if (fenced) try { return JSON.parse(fenced[1]); } catch {}
+  // First balanced object — survives unfenced output wrapped in brace-containing prose.
+  const balanced = firstBalancedJsonObject(text);
+  if (balanced) try { return JSON.parse(balanced); } catch {}
+  // Last-resort greedy span (handles a payload that isn't the FIRST balanced object).
   const obj = text.match(/\{[\s\S]*\}/);
   if (obj) try { return JSON.parse(obj[0]); } catch {}
   return null;