claude-memory-layer 1.0.37 → 1.0.39

package/dist/core/index.js

@@ -1132,6 +1132,10 @@ var MemoryQueryService = class {
     await this.initialize();
     return this.getMaintenanceStore("recoverStuckOutboxItems").recoverStuckOutboxItems(options);
   }
+  async repairLegacyProjectScope(options) {
+    await this.initialize();
+    return this.getMaintenanceStore("repairLegacyProjectScope").repairLegacyProjectScope(options);
+  }
   async getStats() {
     await this.initialize();
     const deps = this.getStatsDeps();
@@ -1926,6 +1930,9 @@ function parseEntityCanonicalKey(canonicalKey) {
   return null;
 }
 
+// src/core/sqlite-event-store.ts
+import * as nodePath2 from "path";
+
 // src/core/sqlite-wrapper.ts
 import Database from "better-sqlite3";
 import * as fs4 from "fs";
@@ -2058,6 +2065,135 @@ function emptyOutboxRecoveryResult() {
     vector: { recoveredProcessing: 0, retriedFailed: 0 }
   };
 }
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function getNestedRecord(root, path8) {
+  let cursor = root;
+  for (const key of path8) {
+    if (!isRecord(cursor))
+      return void 0;
+    cursor = cursor[key];
+  }
+  return isRecord(cursor) ? cursor : void 0;
+}
+function getNestedString(root, path8) {
+  let cursor = root;
+  for (const key of path8) {
+    if (!isRecord(cursor))
+      return void 0;
+    cursor = cursor[key];
+  }
+  return typeof cursor === "string" && cursor.length > 0 ? cursor : void 0;
+}
+function metadataProjectHash(metadata) {
+  return getNestedString(metadata, ["scope", "project", "hash"]);
+}
+function metadataProjectPaths(metadata) {
+  const candidates = [
+    getNestedString(metadata, ["projectPath"]),
+    getNestedString(metadata, ["sourceProjectPath"]),
+    getNestedString(metadata, ["scope", "project", "path"])
+  ];
+  const paths = [];
+  for (const value of candidates) {
+    if (value && !paths.includes(value))
+      paths.push(value);
+  }
+  return paths;
+}
+function metadataProjectPath(metadata) {
+  return metadataProjectPaths(metadata)[0];
+}
+function isActiveQuarantinedMetadata(metadata) {
+  const quarantine = getNestedRecord(metadata, ["quarantine"]);
+  return quarantine?.status === "active";
+}
+function activeQuarantineStatusExpression(column = "metadata") {
+  return `COALESCE(json_extract(CASE WHEN json_valid(${column}) THEN ${column} ELSE '{}' END, '$.quarantine.status'), '')`;
+}
+function notActiveQuarantinedSql(column = "metadata") {
+  return `${activeQuarantineStatusExpression(column)} != 'active'`;
+}
+function maybeQuarantinePredicate(options, column = "metadata") {
+  return options?.includeQuarantined ? "1=1" : notActiveQuarantinedSql(column);
+}
+function safeParseMetadataValue(value) {
+  if (!value)
+    return void 0;
+  if (typeof value === "object")
+    return isRecord(value) ? value : void 0;
+  if (typeof value !== "string")
+    return void 0;
+  try {
+    const parsed = JSON.parse(value);
+    return isRecord(parsed) ? parsed : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function isImportedOrLegacyScopedMetadata(metadata) {
+  if (!metadata)
+    return false;
+  return Boolean(
+    metadata.importedFrom || metadata.sourceSessionId || metadata.sourceSessionHash || metadata.hermesSource || metadata.projectPath || metadata.sourceProjectPath || metadata.source === "hermes" || metadata.source === "claude" || metadata.source === "codex"
+  );
+}
+function addMetadataTag(metadata, tag) {
+  const current = Array.isArray(metadata.tags) ? metadata.tags.filter((value) => typeof value === "string") : [];
+  if (!current.includes(tag))
+    metadata.tags = [...current, tag];
+}
+function buildRepairResult(projectHash, dryRun) {
+  return {
+    dryRun,
+    projectHash,
+    scanned: 0,
+    repaired: 0,
+    quarantined: 0,
+    alreadyScoped: 0,
+    skipped: 0,
+    samples: []
+  };
+}
+function normalizeRepoName(value) {
+  return value.replace(/\.git$/i, "").trim().toLowerCase();
+}
+function projectBasename(projectPath) {
+  if (!projectPath)
+    return void 0;
+  const trimmed = projectPath.replace(/[\\/]+$/, "");
+  const basename2 = nodePath2.basename(trimmed);
+  return basename2 ? normalizeRepoName(basename2) : void 0;
+}
+function isProjectScopeRepairExplanation(content) {
+  const normalized = content.toLowerCase();
+  const hasRepairContext = /project[- ]scope|mis[- ]scoped|quarantine|contamination|legacy|오염|격리|repair/.test(normalized);
+  const hasExplanationContext = /example|detector|trap|not a .*project task|기억|메모리|설명|수정|검증/.test(normalized);
+  return hasRepairContext && hasExplanationContext;
+}
+function hasConflictingContentProjectHint(content, projectPath) {
+  const currentName = projectBasename(projectPath);
+  if (!currentName)
+    return false;
+  if (isProjectScopeRepairExplanation(content))
+    return false;
+  const githubRepoPattern = /github\.com[:/]([^/\s`'"#)]+)\/([^/\s`'"#)]+)(?:\.git)?/gi;
+  let githubMatch;
+  while ((githubMatch = githubRepoPattern.exec(content)) !== null) {
+    const repo = normalizeRepoName(githubMatch[2] || "");
+    if (repo && repo !== currentName)
+      return true;
+  }
+  const workspacePathPattern = /\/workspace\/([^/\s`'"#)]+)/gi;
+  let workspaceMatch;
+  while ((workspaceMatch = workspacePathPattern.exec(content)) !== null) {
+    const repo = normalizeRepoName(workspaceMatch[1] || "");
+    if (repo && repo !== currentName)
+      return true;
+  }
+  return false;
+}
 var SQLiteEventStore = class {
   db;
   initialized = false;
@@ -2556,11 +2692,11 @@ var SQLiteEventStore = class {
   /**
    * Get events by session ID
    */
-  async getSessionEvents(sessionId) {
+  async getSessionEvents(sessionId, options) {
     await this.initialize();
     const rows = sqliteAll(
       this.db,
-      `SELECT * FROM events WHERE session_id = ? ORDER BY timestamp ASC`,
+      `SELECT * FROM events WHERE session_id = ? AND ${maybeQuarantinePredicate(options)} ORDER BY timestamp ASC`,
       [sessionId]
     );
     return rows.map(this.rowToEvent);
@@ -2568,11 +2704,11 @@ var SQLiteEventStore = class {
   /**
    * Get recent events
    */
-  async getRecentEvents(limit = 100) {
+  async getRecentEvents(limit = 100, options) {
     await this.initialize();
     const rows = sqliteAll(
       this.db,
-      `SELECT * FROM events ORDER BY timestamp DESC LIMIT ?`,
+      `SELECT * FROM events WHERE ${maybeQuarantinePredicate(options)} ORDER BY timestamp DESC LIMIT ?`,
       [limit]
     );
     return rows.map(this.rowToEvent);
@@ -2580,11 +2716,11 @@ var SQLiteEventStore = class {
   /**
    * Get event by ID
    */
-  async getEvent(id) {
+  async getEvent(id, options) {
     await this.initialize();
     const row = sqliteGet(
       this.db,
-      `SELECT * FROM events WHERE id = ?`,
+      `SELECT * FROM events WHERE id = ? AND ${maybeQuarantinePredicate(options)}`,
       [id]
     );
     if (!row)
@@ -2594,11 +2730,11 @@ var SQLiteEventStore = class {
   /**
    * Get events since a timestamp (for sync)
    */
-  async getEventsSince(timestamp, limit = 1e3) {
+  async getEventsSince(timestamp, limit = 1e3, options) {
     await this.initialize();
     const rows = sqliteAll(
       this.db,
-      `SELECT * FROM events WHERE timestamp > ? ORDER BY timestamp ASC LIMIT ?`,
+      `SELECT * FROM events WHERE timestamp > ? AND ${maybeQuarantinePredicate(options)} ORDER BY timestamp ASC LIMIT ?`,
       [timestamp, limit]
     );
     return rows.map(this.rowToEvent);
@@ -2607,11 +2743,11 @@ var SQLiteEventStore = class {
    * Get events since a SQLite rowid (for robust incremental replication).
    * Rowid is monotonic for append-only tables, independent of client timestamps.
    */
-  async getEventsSinceRowid(lastRowid, limit = 1e3) {
+  async getEventsSinceRowid(lastRowid, limit = 1e3, options) {
     await this.initialize();
     const rows = sqliteAll(
       this.db,
-      `SELECT rowid as _rowid, * FROM events WHERE rowid > ? ORDER BY rowid ASC LIMIT ?`,
+      `SELECT rowid as _rowid, * FROM events WHERE rowid > ? AND ${maybeQuarantinePredicate(options)} ORDER BY rowid ASC LIMIT ?`,
       [lastRowid, limit]
     );
     return rows.map((row) => ({
@@ -2846,19 +2982,19 @@ var SQLiteEventStore = class {
   /**
    * Count total events
    */
-  async countEvents() {
+  async countEvents(options) {
     await this.initialize();
-    const row = sqliteGet(this.db, `SELECT COUNT(*) as count FROM events`);
+    const row = sqliteGet(this.db, `SELECT COUNT(*) as count FROM events WHERE ${maybeQuarantinePredicate(options)}`);
     return row?.count || 0;
   }
   /**
    * Get events page in timestamp ascending order (stable migration/reindex scans)
    */
-  async getEventsPage(limit = 1e3, offset = 0) {
+  async getEventsPage(limit = 1e3, offset = 0, options) {
     await this.initialize();
     const rows = sqliteAll(
       this.db,
-      `SELECT * FROM events ORDER BY timestamp ASC LIMIT ? OFFSET ?`,
+      `SELECT * FROM events WHERE ${maybeQuarantinePredicate(options)} ORDER BY timestamp ASC LIMIT ? OFFSET ?`,
       [limit, offset]
     );
     return rows.map(this.rowToEvent);
@@ -2932,6 +3068,145 @@ var SQLiteEventStore = class {
     result.vector.retriedFailed = Number(vectorRetried.changes ?? 0);
     return result;
   }
+  /**
+   * Repair legacy imported events that predate canonical project scope metadata.
+   *
+   * Same-project legacy rows are tagged with scope.project.hash. Rows that look
+   * imported but cannot be proven to belong to this project are quarantined so
+   * dashboard default reads/search do not surface cross-project contamination.
+   */
+  async repairLegacyProjectScope(options = {}) {
+    await this.initialize();
+    const projectHash = options.projectHash || (options.projectPath ? hashProjectPath(options.projectPath) : void 0);
+    if (!projectHash) {
+      throw new Error("repairLegacyProjectScope requires projectPath or projectHash");
+    }
+    if (options.projectPath && options.projectHash && hashProjectPath(options.projectPath) !== options.projectHash) {
+      throw new Error("repairLegacyProjectScope projectPath and projectHash refer to different project stores");
+    }
+    const dryRun = options.dryRun === true;
+    const nowIso = (options.now || /* @__PURE__ */ new Date()).toISOString();
+    const result = buildRepairResult(projectHash, dryRun);
+    const rows = sqliteAll(
+      this.db,
+      `SELECT e.id, e.content, e.metadata, s.project_path as session_project_path
+       FROM events e
+       LEFT JOIN sessions s ON s.id = e.session_id
+       ORDER BY e.timestamp ASC`,
+      []
+    );
+    const sample = (entry) => {
+      if (result.samples.length < 20)
+        result.samples.push(entry);
+    };
+    for (const row of rows) {
+      result.scanned++;
+      let metadata = {};
+      let metadataParseInvalid = false;
+      if (row.metadata) {
+        const parsed = safeParseMetadataValue(row.metadata);
+        if (parsed) {
+          metadata = parsed;
+        } else {
+          metadataParseInvalid = true;
+        }
+      }
+      if (isActiveQuarantinedMetadata(metadata)) {
+        result.skipped++;
+        continue;
+      }
+      const currentHash = metadataProjectHash(metadata);
+      const explicitPath = metadataProjectPath(metadata);
+      const sessionProjectPath = typeof row.session_project_path === "string" && row.session_project_path.length > 0 ? row.session_project_path : void 0;
+      const candidatePaths = metadataProjectPaths(metadata);
+      if (sessionProjectPath && !candidatePaths.includes(sessionProjectPath)) {
+        candidatePaths.push(sessionProjectPath);
+      }
+      const importedOrLegacy = metadataParseInvalid || isImportedOrLegacyScopedMetadata(metadata) || Boolean(sessionProjectPath);
+      const pathHashes = candidatePaths.map((candidate) => {
+        try {
+          return { path: candidate, hash: hashProjectPath(candidate) };
+        } catch {
+          return { path: candidate, hash: void 0 };
+        }
+      });
+      const matchingPath = pathHashes.find((candidate) => candidate.hash === projectHash);
+      const foreignPath = pathHashes.find((candidate) => candidate.hash && candidate.hash !== projectHash);
+      let action = "skipped";
+      let reason;
+      let observedProjectHash;
+      if (foreignPath) {
+        action = "quarantined";
+        reason = "project-path-mismatch";
+        observedProjectHash = foreignPath.hash;
+      } else if (currentHash === projectHash && importedOrLegacy && hasConflictingContentProjectHint(row.content, options.projectPath)) {
+        action = "quarantined";
+        reason = "content-project-mismatch";
+      } else if (currentHash === projectHash) {
+        result.alreadyScoped++;
+        continue;
+      } else if (currentHash && currentHash !== projectHash) {
+        action = "quarantined";
+        reason = "scope-hash-mismatch";
+        observedProjectHash = currentHash;
+      } else if (matchingPath) {
+        action = "repaired";
+        reason = matchingPath.path === sessionProjectPath && matchingPath.path !== explicitPath ? "session-project-path" : "same-project-path";
+      } else if (candidatePaths.length > 0) {
+        action = "quarantined";
+        reason = "project-path-mismatch";
+      } else if (importedOrLegacy) {
+        action = "quarantined";
+        reason = "missing-project-scope";
+      }
+      if (action === "skipped" || !reason) {
+        result.skipped++;
+        continue;
+      }
+      if (action === "repaired") {
+        const scope = isRecord(metadata.scope) ? { ...metadata.scope } : {};
+        const project = isRecord(scope.project) ? { ...scope.project } : {};
+        project.hash = projectHash;
+        scope.project = project;
+        metadata.scope = scope;
+        metadata.repair = {
+          ...isRecord(metadata.repair) ? metadata.repair : {},
+          legacyProjectScope: {
+            action,
+            reason,
+            repairedAt: nowIso
+          }
+        };
+        addMetadataTag(metadata, `proj:${projectHash}`);
+        result.repaired++;
+      } else {
+        metadata.quarantine = {
+          ...isRecord(metadata.quarantine) ? metadata.quarantine : {},
+          status: "active",
+          category: "project-scope",
+          reason,
+          detectedAt: nowIso,
+          expectedProjectHash: projectHash,
+          ...observedProjectHash ? { observedProjectHash } : {}
+        };
+        metadata.repair = {
+          ...isRecord(metadata.repair) ? metadata.repair : {},
+          legacyProjectScope: {
+            action,
+            reason,
+            repairedAt: nowIso
+          }
+        };
+        addMetadataTag(metadata, "quarantine:project-scope");
+        result.quarantined++;
+      }
+      sample({ eventId: row.id, action, reason });
+      if (!dryRun) {
+        sqliteRun(this.db, `UPDATE events SET metadata = ? WHERE id = ?`, [JSON.stringify(metadata), row.id]);
+      }
+    }
+    return result;
+  }
   /**
    * Get embedding/vector outbox health statistics
    */
@@ -2979,7 +3254,11 @@ var SQLiteEventStore = class {
     await this.initialize();
     const rows = sqliteAll(
       this.db,
-      `SELECT level, COUNT(*) as count FROM memory_levels GROUP BY level`
+      `SELECT ml.level, COUNT(*) as count
+       FROM memory_levels ml
+       INNER JOIN events e ON e.id = ml.event_id
+       WHERE ${notActiveQuarantinedSql("e.metadata")}
+       GROUP BY ml.level`
     );
     return rows;
   }
@@ -2995,6 +3274,7 @@ var SQLiteEventStore = class {
       `SELECT e.* FROM events e
        INNER JOIN memory_levels ml ON e.id = ml.event_id
        WHERE ml.level = ?
+         AND ${notActiveQuarantinedSql("e.metadata")}
        ORDER BY e.timestamp DESC
        LIMIT ? OFFSET ?`,
       [level, limit, offset]
@@ -3087,12 +3367,13 @@ var SQLiteEventStore = class {
   /**
    * Get most accessed memories (falls back to recent events if none accessed)
    */
-  async getMostAccessed(limit = 10) {
+  async getMostAccessed(limit = 10, options) {
     await this.initialize();
     let rows = sqliteAll(
       this.db,
       `SELECT * FROM events
        WHERE access_count > 0
+         AND ${maybeQuarantinePredicate(options)}
        ORDER BY access_count DESC, last_accessed_at DESC
        LIMIT ?`,
       [limit]
@@ -3101,6 +3382,7 @@ var SQLiteEventStore = class {
       rows = sqliteAll(
         this.db,
         `SELECT * FROM events
+         WHERE ${maybeQuarantinePredicate(options)}
          ORDER BY timestamp DESC
          LIMIT ?`,
         [limit]
@@ -3231,6 +3513,7 @@ var SQLiteEventStore = class {
        FROM memory_helpfulness mh
        JOIN events e ON e.id = mh.event_id
        WHERE mh.measured_at IS NOT NULL
+         AND ${notActiveQuarantinedSql("e.metadata")}
        GROUP BY mh.event_id
        ORDER BY avg_score DESC
        LIMIT ?`,
@@ -3295,6 +3578,7 @@ var SQLiteEventStore = class {
          FROM events_fts fts
          JOIN events e ON e.id = fts.event_id
          WHERE events_fts MATCH ?
+           AND ${notActiveQuarantinedSql("e.metadata")}
          ORDER BY fts.rank
          LIMIT ?`,
         [searchTerms, limit]
@@ -3309,6 +3593,7 @@ var SQLiteEventStore = class {
         this.db,
         `SELECT *, 0 as rank FROM events
          WHERE content LIKE ?
+           AND ${notActiveQuarantinedSql()}
          ORDER BY timestamp DESC
          LIMIT ?`,
         [likePattern, limit]
@@ -3515,6 +3800,7 @@ var SQLiteEventStore = class {
       `SELECT turn_id, MIN(timestamp) as min_ts
        FROM events
        WHERE session_id = ? AND turn_id IS NOT NULL
+         AND ${maybeQuarantinePredicate(options)}
        GROUP BY turn_id
        ORDER BY min_ts DESC
        LIMIT ? OFFSET ?`,
@@ -3522,7 +3808,7 @@ var SQLiteEventStore = class {
     );
     const turns = [];
     for (const turnRow of turnRows) {
-      const events = await this.getEventsByTurn(turnRow.turn_id);
+      const events = await this.getEventsByTurn(turnRow.turn_id, options);
       const promptEvent = events.find((e) => e.eventType === "user_prompt");
       const toolEvents = events.filter((e) => e.eventType === "tool_observation");
       const hasResponse = events.some((e) => e.eventType === "agent_response");
@@ -3541,11 +3827,11 @@ var SQLiteEventStore = class {
   /**
    * Get all events for a specific turn_id
    */
-  async getEventsByTurn(turnId) {
+  async getEventsByTurn(turnId, options) {
     await this.initialize();
     const rows = sqliteAll(
       this.db,
-      `SELECT * FROM events WHERE turn_id = ? ORDER BY timestamp ASC`,
+      `SELECT * FROM events WHERE turn_id = ? AND ${maybeQuarantinePredicate(options)} ORDER BY timestamp ASC`,
       [turnId]
     );
     return rows.map(this.rowToEvent);
@@ -3553,13 +3839,14 @@ var SQLiteEventStore = class {
   /**
    * Count total turns for a session
    */
-  async countSessionTurns(sessionId) {
+  async countSessionTurns(sessionId, options) {
     await this.initialize();
     const row = sqliteGet(
       this.db,
       `SELECT COUNT(DISTINCT turn_id) as count
        FROM events
-       WHERE session_id = ? AND turn_id IS NOT NULL`,
+       WHERE session_id = ? AND turn_id IS NOT NULL
+         AND ${maybeQuarantinePredicate(options)}`,
       [sessionId]
     );
     return row?.count || 0;
@@ -3651,7 +3938,7 @@ var SQLiteEventStore = class {
       content: row.content,
       canonicalKey: row.canonical_key,
       dedupeKey: row.dedupe_key,
-      metadata: row.metadata ? JSON.parse(row.metadata) : void 0
+      metadata: safeParseMetadataValue(row.metadata)
     };
     if (row.access_count !== void 0) {
       event.access_count = row.access_count;