claude-mem-lite 3.9.1 → 3.11.0

package/.claude-plugin/marketplace.json

@@ -10,7 +10,7 @@
   "plugins": [
     {
       "name": "claude-mem-lite",
-      "version": "3.9.1",
+      "version": "3.11.0",
       "source": "./",
       "description": "Persistent long-term memory for Claude Code via MCP — captures coding decisions, bugfixes, and context across sessions. Hybrid FTS5 + TF-IDF search with episode batching. Single SQLite DB, no external services. A lighter, lower-cost alternative to claude-mem (episode batching + a smaller model; cost savings are an internal estimate, not a measured benchmark)."
     }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-mem-lite",
-  "version": "3.9.1",
+  "version": "3.11.0",
   "description": "Persistent long-term memory for Claude Code via MCP — captures coding decisions, bugfixes, and context across sessions. Hybrid FTS5 + TF-IDF search with episode batching. Single SQLite DB, no external services. A lighter, lower-cost alternative to claude-mem (episode batching + a smaller model; cost savings are an internal estimate, not a measured benchmark).",
   "author": {
     "name": "sdsrss"

package/lib/import-jsonl.mjs

@@ -163,6 +163,12 @@ export async function importJsonl(db, path, { project }) {
 
   const pendingToolUse = new Map();
   let prompts = 0, observations = 0, skipped = 0;
+  // Count lines that ARE Claude Code transcript events (user/assistant/tool_result),
+  // independent of whether they produced a new row. Lets the caller tell apart a
+  // genuine wrong-shape file (export output / garbage → recognized 0) from a valid
+  // transcript that was simply already imported (recognized > 0, all deduped) — the
+  // "0 imported, N skipped" warning must not cry "wrong shape" at an idempotent re-run.
+  let recognized = 0;
 
   // Snapshot importToolPair so we can wrap it with a per-run uniqueness
   // check that hits both in-call and cross-call dedup. (Inline because we
@@ -193,6 +199,8 @@ export async function importJsonl(db, path, { project }) {
       if (!line.trim()) continue;
       const ev = parseLine(line);
       if (!ev) { skipped++; continue; }
+      // Transcript-shape signal (incl. embedded + top-level tool_result, #8413).
+      if (ev.type === 'user' || ev.type === 'assistant' || ev.type === 'tool_result') recognized++;
       if (ev.type === 'user') {
         // Real Claude Code transcripts wrap tool_result inside a user-typed
         // event's message.content array (alongside the rare text part). The
@@ -256,5 +264,5 @@ export async function importJsonl(db, path, { project }) {
     tx2();
   }
 
-  return { prompts, observations, skipped, orphans };
+  return { prompts, observations, skipped, orphans, recognized };
 }

package/lib/maintain-core.mjs

@@ -301,7 +301,12 @@ export function maintenanceStats(db, { projectFilter, baseParams, staleAge }) {
   const stats = db.prepare(`
     SELECT
       COUNT(*) as total,
+      -- injection_count=0 MUST mirror decayAndMarkIdle's mark-idle guard (#8614):
+      -- the scan stat previews what decay will mark idle, and decay protects
+      -- injected rows. Omitting it over-counted "stale" by the injected-but-decayed
+      -- rows decay never touches (e.g. demote_pinned's output: imp=1 but inj>0).
       COALESCE(SUM(CASE WHEN COALESCE(importance, 1) = 1 AND COALESCE(access_count, 0) = 0
+                    AND COALESCE(injection_count, 0) = 0
                     AND created_at_epoch < ? THEN 1 ELSE 0 END), 0) as stale,
       COALESCE(SUM(CASE WHEN (title IS NULL OR title = '') AND (narrative IS NULL OR narrative = '')
                THEN 1 ELSE 0 END), 0) as broken,

package/lib/search-core.mjs

@@ -59,9 +59,26 @@ export function parseDateBounds(fromRaw, toRaw) {
  * per-source SQL double-applied it and gapped/overlapped pages, because the
  * obs hybrid path (AND→OR fallback / vector / concept stages) re-adds rows the
  * SQL OFFSET already skipped (#8217/#8638).
+ *
+ * D#30 re-audit (reopened): perSourceLimit MUST be offset-independent. The old
+ * `offset + limit + 10` term grew the pool for deeper pages, and because RRF
+ * fusion of FTS + vector ranks is candidate-pool-sensitive (an item present in
+ * BOTH lists outranks one in a single list), a larger pool RE-RANKS the prefix —
+ * so page(offset=0) and page(offset=N) sliced DIFFERENT orderings and overlapped
+ * /gapped on the real (vector-populated) DB. #8642 missed this because its guard
+ * test seeds no vectors (FTS-only is prefix-stable). The fix makes the pool a
+ * function of `limit` only:
+ *   - MIN_FUSION_POOL floor (= default limit 20 × the 3× buffer): every limit ≤ 20
+ *     fuses ONE 60-candidate pool, so same-limit --offset pages are disjoint/stable
+ *     and top-N is limit-stable (top-5 ⊂ top-10 ⊂ top-20). limit=20 offset=0 stays
+ *     byte-identical to before (60) → no change on the benchmarked single-page path.
+ *   - limit > 20 keeps limit*3 (the over-fetch buffer the fallback stages need).
+ * Trade-off: pages beyond the pool now return empty instead of the (overlapping,
+ * wrong) rows the offset-scaling used to surface — stability over deep reach.
  */
-export function computePerSourceWindow(limit, offset) {
-  return { perSourceLimit: Math.max(limit * 3, offset + limit + 10), perSourceOffset: 0 };
+export const MIN_FUSION_POOL = 60;
+export function computePerSourceWindow(limit, offset) { // eslint-disable-line no-unused-vars
+  return { perSourceLimit: Math.max(limit * 3, MIN_FUSION_POOL), perSourceOffset: 0 };
 }
 
 /** obs-side total query: when the AND→OR fallback fired, count the OR set. */

package/mem-cli.mjs

@@ -133,7 +133,15 @@ async function cmdSearch(db, args, { llm } = {}) {
   // --deep proceeds even when the literal query sanitizes to nothing — its LLM
   // rewrite may still produce searchable variants (F3, parity with server.mjs).
   if (!ftsQuery && deepMode === 'normal') {
-    fail(`[mem] No valid search terms in "${query}"`);
+    // A query that sanitizes to an empty FTS expression (only operators/punctuation/
+    // sub-min-length tokens) is a zero-result search, not a malformed one. In --json
+    // mode emit the same empty envelope as the no-match path below so programmatic
+    // consumers always get parseable stdout (the human path keeps the stderr hint).
+    if (jsonOutput) {
+      out(JSON.stringify({ query, total: 0, returned: 0, offset, limit, deep: false, results: [] }));
+    } else {
+      fail(`[mem] No valid search terms in "${query}"`);
+    }
     return;
   }
   // --deep ignores --or: each variant runs AND + the engine's built-in
@@ -300,18 +308,26 @@ function cmdRecent(db, args) {
   const { positional, flags } = parseArgs(args);
   const rawArg = positional[0];
   const rawLimit = parseInt(rawArg, 10);
+  // Single source of the upper bound for BOTH the positional [N] and the --limit
+  // flag (help: "alias for [N] (max 1000)"). Pre-fix the positional path skipped
+  // this cap, so `recent 999999` issued an uncapped `LIMIT 999999` full-table dump
+  // while `recent --limit 999999` correctly rejected → default — exactly the
+  // "none capped --limit dumps the whole set" footgun parseIntFlag was extracted
+  // to close (lib/cli-flags.mjs). Keep the literal in one place so the two paths
+  // can't drift apart again.
+  const RECENT_MAX = 1000;
   // isNumericToken first: "2abc"→2 / "1e2"→1 are positive integers that the bare check
   // accepted silently; the positional path must reject garbage like the --limit flag does.
-  const isValid = rawArg !== undefined && isNumericToken(rawArg) && Number.isInteger(rawLimit) && rawLimit > 0;
+  const isValid = rawArg !== undefined && isNumericToken(rawArg) && Number.isInteger(rawLimit) && rawLimit > 0 && rawLimit <= RECENT_MAX;
   if (rawArg !== undefined && !isValid) {
-    process.stderr.write(`[mem] Invalid count "${rawArg}" (must be a positive integer); using default 10\n`);
+    process.stderr.write(`[mem] Invalid count "${rawArg}" (must be an integer between 1 and ${RECENT_MAX}); using default 10\n`);
   }
   // Positional [N] wins for backward-compat; --limit is sibling-parity alias
   // (search/recall/browse/stats all accept --limit). Pre-2.69 `recent --limit N`
   // was silently ignored — surprising users extrapolating from siblings.
   const limit = isValid
     ? rawLimit
-    : parseIntFlag(flags.limit, { name: '--limit', defaultValue: 10, max: 1000 });
+    : parseIntFlag(flags.limit, { name: '--limit', defaultValue: 10, max: RECENT_MAX });
   const project = flags.project ? resolveProject(db, flags.project) : inferProject();
   const jsonOutput = flags.json === true || flags.json === 'true';
 
@@ -607,7 +623,20 @@ function cmdTimeline(db, args) {
   if (flags.anchor !== undefined && flags.anchor !== true) {
     const resolved = resolveAnchorToken(db, flags.anchor, { project });
     if (!resolved.ok) {
-      fail(formatAnchorError(resolved.error, 'cli'));
+      // --json must always emit a parseable envelope. An explicit-but-missing anchor is
+      // a direct-lookup miss (like `get` on a bad id) → anchor:null + error code, rc=1.
+      if (jsonOutput) {
+        process.exitCode = 1;
+        out(JSON.stringify({
+          anchor: null,
+          anchor_note: formatAnchorError(resolved.error, 'mcp'),
+          before: [],
+          after: [],
+          error: resolved.error.code || 'anchor_resolution_failed',
+        }));
+      } else {
+        fail(formatAnchorError(resolved.error, 'cli'));
+      }
       return;
     }
     anchorId = resolved.anchorId;
@@ -663,7 +692,20 @@ function cmdTimeline(db, args) {
   // Window fetch (access-count bump + project auto-scope) shared with MCP.
   const win = fetchTimelineWindow(db, anchorId, { before, after, project });
   if (!win) {
-    fail(`[mem] Observation #${anchorId} not found`);
+    // Anchor resolved to a real id but the window fetch found no row (e.g. project
+    // mismatch). Same --json contract as the resolution-miss path above.
+    if (jsonOutput) {
+      process.exitCode = 1;
+      out(JSON.stringify({
+        anchor: null,
+        anchor_note: `Observation #${anchorId} not found.`,
+        before: [],
+        after: [],
+        error: 'id-not-found',
+      }));
+    } else {
+      fail(`[mem] Observation #${anchorId} not found`);
+    }
     return;
   }
   const { anchor, beforeRows, afterRows } = win;
@@ -1734,7 +1776,7 @@ function cmdMaintain(db, args) {
     out(`[mem] Maintenance scan:`);
     out(`  Total active: ${stats.total}`);
     out(`  Near-duplicate pairs: ${duplicates.length}`);
-    out(`  Stale (>30d, imp=1, no access): ${stats.stale}`);
+    out(`  Stale (>30d, imp=1, no access, never injected): ${stats.stale}`);
     out(`  Broken (no title/narrative): ${stats.broken}`);
     out(`  Boostable (accessed>3, imp<3): ${stats.boostable}`);
     out(`  Pinned-but-uncited (inj>=${PINNED_INJ_THRESHOLD}, cited=0, imp>1): ${stats.pinned} — run: maintain execute --ops demote_pinned`);
@@ -2334,6 +2376,8 @@ Commands:
       --project P       Filter by project
     drop <D#N|ordinal>[,...]  Drop one or more deferred items (no fix needed)
       --reason "..."    Required audit trail
+      --project P       Project for ordinal resolution (default: current; must
+                        match the "defer list --project P" you read ordinals from)
 
   delete <id1,id2,...>  Delete observations by ID
     --confirm           Execute deletion (preview by default)
@@ -2549,7 +2593,7 @@ async function cmdImportJsonl(db, argv) {
   if (files.length === 0) { out('[mem] No .jsonl files found.'); return; }
 
   const { importJsonl } = await import('./lib/import-jsonl.mjs');
-  let totalPrompts = 0, totalObs = 0, totalSkip = 0, totalOrphans = 0, errorCount = 0;
+  let totalPrompts = 0, totalObs = 0, totalSkip = 0, totalOrphans = 0, totalRecognized = 0, errorCount = 0;
   for (const f of files) {
     // Per-file isolation: one unreadable file (EACCES, EBUSY, mid-batch IO error)
     // shouldn't crash the whole import — readFileSync inside importJsonl would
@@ -2569,18 +2613,29 @@ async function cmdImportJsonl(db, argv) {
     totalObs += r.observations;
     totalSkip += r.skipped;
     totalOrphans += r.orphans || 0;
+    totalRecognized += r.recognized || 0;
     out(`[mem] ${f}: +${r.prompts} prompts, +${r.observations} observations, ${r.orphans || 0} orphan tool_use, ${r.skipped} skipped`);
   }
   const errorTail = errorCount > 0 ? `, ${errorCount} file(s) errored` : '';
   out(`[mem] Total: ${totalPrompts} prompts, ${totalObs} observations, ${totalOrphans} orphan tool_use, ${totalSkip} skipped from ${files.length} file(s)${errorTail}.`);
-  if (totalPrompts > 0 || totalObs > 0) {
+  if (totalPrompts > 0 || totalObs > 0 || totalOrphans > 0) {
+    // Orphan tool_use events persist as (truncated) observations, so they count as
+    // "something was imported" — otherwise an orphan-only first import would wrongly
+    // fall through to the "already imported" no-op branch below.
     out(`[mem] Try: claude-mem-lite recent 5 --project ${project}`);
+  } else if (totalRecognized > 0) {
+    // Lines WERE Claude Code transcript events but produced no new rows — the file
+    // was already imported (idempotent re-run) or carried no extractable content.
+    // Distinct from the wrong-shape case below: do NOT cry "wrong shape" at a valid
+    // transcript the user successfully imported earlier (cold-start backfill re-runs
+    // hit this on every already-ingested file).
+    out(`[mem] Nothing new: ${totalRecognized} transcript event(s) already imported (re-running import-jsonl on the same transcript is a safe no-op).`);
   } else if (totalSkip > 0 && errorCount === 0) {
-    // Nothing imported but every line was skipped — almost always the wrong file
-    // format (import-jsonl ingests Claude Code transcript JSONL, not `export` output,
-    // which is observation-shaped). Pre-fix this exited 0 with no signal, so pointing
-    // it at the wrong file looked like success. Make the no-op explicit (stdout, like
-    // the summary lines above).
+    // No transcript event recognized at all — almost always the wrong file format
+    // (import-jsonl ingests Claude Code transcript JSONL, not `export` output, which
+    // is observation-shaped). Pre-fix this exited 0 with no signal, so pointing it at
+    // the wrong file looked like success. Make the no-op explicit (stdout, like the
+    // summary lines above).
     out(`[mem] Warning: 0 imported, ${totalSkip} line(s) skipped — none matched the expected Claude Code transcript JSONL shape (user/assistant/tool_result). 'export' output is NOT re-importable via import-jsonl.`);
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-mem-lite",
-  "version": "3.9.1",
+  "version": "3.11.0",
   "description": "Persistent long-term memory for Claude Code via MCP — captures coding decisions, bugfixes, and context across sessions. Hybrid FTS5 + TF-IDF search with episode batching. Single SQLite DB, no external services. A lighter, lower-cost alternative to claude-mem (episode batching + a smaller model; cost savings are an internal estimate, not a measured benchmark).",
   "type": "module",
   "packageManager": "npm@10.9.2",

package/secret-scrub.mjs

@@ -11,12 +11,14 @@ export const SECRET_PATTERNS = [
   // and short values (<6 chars) that are typically variable names not secrets.
   //
   // Split into two patterns so prose mentions don't get scrubbed:
-  //   1. Bare credential nouns (password|passwd|token|bearer) commonly appear in
-  //      English prose — "Marker token: xyzpdq", "the bearer: alice". We require
-  //      the keyword NOT to be preceded by an English-word + horizontal-space
-  //      (the prose mention shape). Code/config has the keyword at start-of-line,
-  //      after a separator, or in object-literal context — none of which match
-  //      "letter-then-space" preceding the keyword.
+  //   1. Bare credential nouns (password|passwd|token|bearer|secret) commonly appear
+  //      in English prose — "Marker token: xyzpdq", "the bearer: alice". The prose
+  //      mention shape is the `:` form, so the prose lookbehind (NOT preceded by
+  //      English-word + horizontal-space) guards ONLY the `:` separator. An `=` is
+  //      config-assignment syntax, never prose, so `<word> password=<secret>` ALWAYS
+  //      scrubs — without this split that leaked (the lookbehind skipped any noun
+  //      after "word ", regardless of separator). No pinned prose case uses `=` (all
+  //      are `:`), so the `=` arm is leak-closing with no FP shift on the protected set.
   //   2. Structured keys (api_key, auth_token, …) keep the original behavior —
   //      a separator/compound key is unambiguous config syntax even when
   //      preceded by prose ("see auth_token: shhhhhh").
@@ -26,7 +28,10 @@ export const SECRET_PATTERNS = [
   // keyword. Allowing a leading `_` catches those while the prose lookbehind still
   // excludes "Marker token: …". `secret` added so a bare SECRET=… with a mixed-alnum
   // value is covered (the hex-only assignment pattern below misses non-hex values).
-  [/((?<![A-Za-z][ \t])(?:\b|_)(?:password|passwd|token|bearer|secret)\s*[=:]\s*)(?!process\.env\.)(?!new\s)(?!\w+\()(?!(?:null|undefined|true|false|None|nil|empty|""|''|0)\b)[^\s,;'"}\]]{6,}/gi, '$1***'],
+  //   1a. `=` assignment → ALWAYS scrub (config syntax, never prose):
+  [/((?:\b|_)(?:password|passwd|token|bearer|secret)\s*=\s*)(?!process\.env\.)(?!new\s)(?!\w+\()(?!(?:null|undefined|true|false|None|nil|empty|""|''|0)\b)[^\s,;'"}\]]{6,}/gi, '$1***'],
+  //   1b. `:` separator → keep the prose lookbehind ("the token: alice" is prose):
+  [/((?<![A-Za-z][ \t])(?:\b|_)(?:password|passwd|token|bearer|secret)\s*:\s*)(?!process\.env\.)(?!new\s)(?!\w+\()(?!(?:null|undefined|true|false|None|nil|empty|""|''|0)\b)[^\s,;'"}\]]{6,}/gi, '$1***'],
   // access_token / refresh_token are the canonical OAuth2 field names — they were
   // missing from this KV list (drift vs the JSON list below). `(?:\b|_)` for the same
   // underscore-prefix reason.
@@ -47,8 +52,11 @@ export const SECRET_PATTERNS = [
   // object-literal / YAML / quoted-.env shapes. Split into the SAME two patterns as the
   // unquoted KV pairs above so prose survives — a quoted value does not turn prose into
   // config (`the token: "x"` is still prose, must NOT scrub; #8283 / utils.test.mjs:1090).
-  //   (a) bare credential nouns keep the prose lookbehind:
-  [/((?<![A-Za-z][ \t])(?:\b|_)(?:password|passwd|token|bearer|secret)\s*[=:]\s*)(['"])[^'"]{6,}\2/gi, '$1$2***$2'],
+  //   (a) bare credential nouns: `=` always scrubs; `:` keeps the prose lookbehind
+  //       (mirrors the unquoted 1a/1b split — a quoted value doesn't turn `:` prose
+  //       into config, but `<word> password="x"` is still a leak):
+  [/((?:\b|_)(?:password|passwd|token|bearer|secret)\s*=\s*)(['"])[^'"]{6,}\2/gi, '$1$2***$2'],
+  [/((?<![A-Za-z][ \t])(?:\b|_)(?:password|passwd|token|bearer|secret)\s*:\s*)(['"])[^'"]{6,}\2/gi, '$1$2***$2'],
   //   (b) structured keys + named env vars are unambiguous config even after a word
   //       (`see api_key: "x"` DOES scrub, mirroring the unquoted structured-key path):
   [/((?:\b|_)(?:pgpassword|pgpass|mysql_pwd|api[_-]?key|api[_-]?secret|secret[_-]?key|access[_-]?key|private[_-]?key|client[_-]?secret|auth[_-]?token|access[_-]?token|refresh[_-]?token)\s*[=:]\s*)(['"])[^'"]{6,}\2/gi, '$1$2***$2'],

package/server.mjs

@@ -997,7 +997,7 @@ server.registerTool(
         `Memory maintenance scan:`,
         `  Total active observations: ${stats.total}`,
         `  Near-duplicate pairs: ${duplicates.length}`,
-        `  Stale (>30d, imp=1, no access): ${stats.stale}`,
+        `  Stale (>30d, imp=1, no access, never injected): ${stats.stale}`,
         `  Broken (no title/narrative): ${stats.broken}`,
         `  Boostable (accessed>3, imp<3): ${stats.boostable}`,
         `  Pending purge (idle-marked): ${stats.pendingPurge}`,