claude-mem-lite 2.93.0 → 2.94.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +1 -1
- package/.claude-plugin/plugin.json +1 -1
- package/package.json +1 -1
- package/secret-scrub.mjs +21 -0
- package/synonyms.mjs +7 -0
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
"plugins": [
|
|
11
11
|
{
|
|
12
12
|
"name": "claude-mem-lite",
|
|
13
|
-
"version": "2.
|
|
13
|
+
"version": "2.94.0",
|
|
14
14
|
"source": "./",
|
|
15
15
|
"description": "Persistent long-term memory for Claude Code via MCP — captures coding decisions, bugfixes, and context across sessions. Hybrid FTS5 + TF-IDF search with episode batching. Single SQLite DB, no external services. A lighter, lower-cost alternative to claude-mem (episode batching + a smaller model; cost savings are an internal estimate, not a measured benchmark)."
|
|
16
16
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claude-mem-lite",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.94.0",
|
|
4
4
|
"description": "Persistent long-term memory for Claude Code via MCP — captures coding decisions, bugfixes, and context across sessions. Hybrid FTS5 + TF-IDF search with episode batching. Single SQLite DB, no external services. A lighter, lower-cost alternative to claude-mem (episode batching + a smaller model; cost savings are an internal estimate, not a measured benchmark).",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "sdsrss"
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claude-mem-lite",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.94.0",
|
|
4
4
|
"description": "Persistent long-term memory for Claude Code via MCP — captures coding decisions, bugfixes, and context across sessions. Hybrid FTS5 + TF-IDF search with episode batching. Single SQLite DB, no external services. A lighter, lower-cost alternative to claude-mem (episode batching + a smaller model; cost savings are an internal estimate, not a measured benchmark).",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"packageManager": "npm@10.9.2",
|
package/secret-scrub.mjs
CHANGED
|
@@ -61,6 +61,18 @@ export const SECRET_PATTERNS = [
|
|
|
61
61
|
[/\bnpm_[a-zA-Z0-9]{36,}\b/g, '***'],
|
|
62
62
|
// Stripe keys (sk_live_, rk_live_, pk_live_, sk_test_, pk_test_)
|
|
63
63
|
[/\b[srp]k_(?:live|test)_[a-zA-Z0-9]{20,}\b/g, '***'],
|
|
64
|
+
// SendGrid API keys: SG.<22>.<43> — two dots at fixed offsets make this
|
|
65
|
+
// structurally unmistakable; near-zero false-positive risk.
|
|
66
|
+
[/\bSG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}\b/g, '***'],
|
|
67
|
+
// Twilio identifiers: Account SID (AC…) + API Key SID (SK…), each = prefix
|
|
68
|
+
// + exactly 32 hex. The 2-letter prefix + 32-hex shape is specific: an MD5
|
|
69
|
+
// is 32 hex (no AC/SK prefix → no match) and a 40-hex git SHA has no internal
|
|
70
|
+
// \b so the trailing \b can't land mid-string. We deliberately do NOT scrub
|
|
71
|
+
// the bare-hex Twilio *auth token* — see comment block at end re: SHA collision.
|
|
72
|
+
[/\b(?:AC|SK)[0-9a-f]{32}\b/g, '***'],
|
|
73
|
+
// Mailgun private API keys: key-<32 hex>. Prefix-anchored for the same reason;
|
|
74
|
+
// bare 32-hex (no `key-`) is intentionally left alone to avoid hashing FPs.
|
|
75
|
+
[/\bkey-[0-9a-f]{32}\b/g, '***'],
|
|
64
76
|
// JSON-quoted secrets — error payloads / API responses commonly carry creds
|
|
65
77
|
// as `{"api_key": "..."}`. The base key=value pattern stops at quotes, so
|
|
66
78
|
// these slip through. Match the value-quoted form explicitly. Length floor
|
|
@@ -69,6 +81,15 @@ export const SECRET_PATTERNS = [
|
|
|
69
81
|
// Session cookies in headers / urlencoded bodies (sessionid=, session_id=, JSESSIONID=, PHPSESSID=).
|
|
70
82
|
// 16+ chars filters out short test fixtures like sessionid=abc.
|
|
71
83
|
[/\b((?:session[_-]?id|sessionid|jsessionid|phpsessid)\s*[=:]\s*)[^\s,;'"}\]]{16,}/gi, '$1***'],
|
|
84
|
+
// ── DELIBERATELY NOT COVERED: bare high-entropy / "raw N-char" tokens ──────
|
|
85
|
+
// A generic `[A-Fa-f0-9]{40}` / high-entropy regex would scrub this repo's own
|
|
86
|
+
// legitimate data: 40-hex git SHAs, 32-hex MD5s, 64-hex SHA256s, and stored
|
|
87
|
+
// `minhash_sig` values. In a hash-heavy codebase the false-positive cost
|
|
88
|
+
// (silent `***` over real content, lost recall) exceeds the marginal catch —
|
|
89
|
+
// and an entropy gate doesn't help because git SHAs are themselves high-entropy.
|
|
90
|
+
// The contextual forms (token=…, Authorization: Bearer …, "api_key":"…") above
|
|
91
|
+
// already cover the dangerous *labelled* shapes. If you are tempted to add a
|
|
92
|
+
// bare-token pattern here: don't — anchor it to a provider prefix instead.
|
|
72
93
|
];
|
|
73
94
|
|
|
74
95
|
/**
|
package/synonyms.mjs
CHANGED
|
@@ -265,6 +265,13 @@ export const CJK_COMPOUNDS = new Set([
|
|
|
265
265
|
// architecture
|
|
266
266
|
'架构', '设计', '方案', '规划', '文档', '注释', '版本', '分支', '依赖',
|
|
267
267
|
'性能', '安全', '漏洞', '补丁', '系统', '算法',
|
|
268
|
+
// common task/dev vocab — mined from the zero-dict-keyword prompt slice
|
|
269
|
+
// (benchmark/cjk-straddle-prevalence.mjs). These ubiquitous words were absent
|
|
270
|
+
// from the dictionary, so ~15% of real CJK queries fell through to all-bigram
|
|
271
|
+
// noise. Adding real words is monotonically safe: greedy longest-match only
|
|
272
|
+
// improves, and real compounds cannot create boundary-straddle bigrams.
|
|
273
|
+
'工作', '用户', '完成', '计划', '命令', '工具', '插件', '实施', '处理',
|
|
274
|
+
'清理', '显示', '本地', '改动', '确认', '直接', '开始',
|
|
268
275
|
]);
|
|
269
276
|
|
|
270
277
|
// ─── Dispatch Synonyms (unidirectional, broader groupings) ──────────────────
|