claude-self-reflect 7.1.8 → 7.1.9

package/README.md

@@ -26,7 +26,7 @@ Give Claude perfect memory of all your conversations. Search past discussions in
 
 **100% Local by Default** • **20x Faster** • **Zero Configuration** • **Production Ready**
 
-> **Latest: v7.0 Automated Narratives** - 9.3x better search quality via AI-powered summaries. [Learn more →](#v70-automated-narrative-generation)
+> **Latest: v7.1.9 Cross-Project Iteration Memory** - Ralph loops now share memory across ALL projects automatically. [Learn more →](#ralph-loop-memory-integration-v719)
 
 ## Why This Exists
 
@@ -326,13 +326,13 @@ Claude: [Searches across ALL your projects]
 </details>
 
 <details>
-<summary><b>Ralph Loop Memory Integration (v7.1+)</b></summary>
+<summary><b>Ralph Loop Memory Integration (v7.1.9+)</b></summary>
 
 <div align="center">
 <img src="docs/images/ralph-loop-csr.png" alt="Ralph Loop with CSR Memory - From hamster wheel to upward spiral" width="800"/>
 </div>
 
-Use the [ralph-wiggum plugin](https://github.com/anthropics/claude-code-plugins/tree/main/ralph-wiggum) for long tasks? CSR automatically gives Ralph loops **cross-session memory**:
+Use the [ralph-wiggum plugin](https://github.com/anthropics/claude-code-plugins/tree/main/ralph-wiggum) for long tasks? CSR automatically gives Ralph loops **cross-session AND cross-project memory**:
 
 **Core Features:**
 - **Automatic backup** before context compaction
@@ -340,43 +340,53 @@ Use the [ralph-wiggum plugin](https://github.com/anthropics/claude-code-plugins/
 - **Failed approach tracking** - never repeat the same mistakes
 - **Success pattern learning** - reuse what worked before
 
+**v7.1.9 Cross-Project Iteration Memory (NEW!):**
+- **Global Hook System** - Hooks fire for ALL projects, not just CSR
+- **Stop Hook** - Captures iteration state after every Claude response
+- **PreCompact Hook** - Backs up Ralph state before context compaction
+- **Project Tagging** - Each entry tagged with `project_{name}` for cross-project visibility
+- **Automatic Storage** - No manual protocol needed, hooks capture everything
+
 **v7.1+ Enhanced Features:**
-- **Error Signature Deduplication** - Normalizes errors (removes line numbers, paths, timestamps) to avoid redundant storage
-- **Output Decline Detection** - Circuit breaker pattern that detects >70% drop in output length
-- **Confidence-Based Exit** - 0-100 scoring based on signals (tasks complete, tests passing, no errors)
-- **Anti-Pattern Injection** - "DON'T RETRY THESE" section surfaces failed approaches first
-- **Work Type Tracking** - Categorizes sessions as IMPLEMENTATION/TESTING/DEBUGGING/DOCUMENTATION
-- **Error-Centric Search** - Finds past sessions by error pattern, not just task description
+- **Error Signature Deduplication** - Normalizes errors (removes line numbers, paths, timestamps)
+- **Output Decline Detection** - Circuit breaker pattern detects >70% output drop
+- **Confidence-Based Exit** - 0-100 scoring (tasks complete, tests passing, no errors)
+- **Anti-Pattern Injection** - "DON'T RETRY THESE" surfaces failed approaches first
+- **Work Type Tracking** - IMPLEMENTATION/TESTING/DEBUGGING/DOCUMENTATION
+- **Error-Centric Search** - Find past sessions by error pattern
 
 **Setup (one-time):**
 ```bash
-./scripts/ralph/install_hooks.sh        # Install CSR hooks
+./scripts/ralph/install_hooks.sh        # Install CSR hooks globally
 ./scripts/ralph/install_hooks.sh --check  # Verify installation
 ```
 
 **How it works:**
-1. Start a Ralph loop: `/ralph-wiggum:ralph-loop "Build feature X"`
+1. Start a Ralph loop in ANY project: `/ralph-wiggum:ralph-loop "Build feature X"`
 2. Work naturally - state is tracked in `.claude/ralph-loop.local.md`
-3. When compaction occurs, state is backed up to CSR
-4. New sessions retrieve past learnings from CSR automatically
-5. Anti-patterns and winning strategies are surfaced first
+3. **Stop hook** captures each iteration automatically
+4. **PreCompact hook** backs up state before compaction
+5. All entries stored with project tags for cross-project search
 
-**Files created:**
-- `.ralph_past_sessions.md` - Injected context from past sessions (auto-generated)
+**Cross-Project Example:**
+```bash
+# In project-a: learned Docker fix
+# In project-b: CSR finds it automatically
+reflect_on_past("docker memory issue")
+# Returns: project_a session with Docker solution
+```
 
-**Verified proof (2026-01-04):**
+**Verified proof (2026-01-05):**
 ```
-# Session start hook injects past sessions:
-INFO: Found 2 relevant results:
-  - Anti-patterns: 0
-  - Winning strategies: 0
-  - Similar tasks: 2
-
-# Sessions stored in Qdrant:
-{
-  "tags": ["ralph_session", "outcome_completed"],
-  "timestamp": "2026-01-04T18:13:03.711262+00:00"
-}
+# Hook collection shows cross-project entries:
+Total entries: 23
+
+1. 05:25:06 📦 PreCompact | 📧 emailmon
+2. 05:22:00 🔄 Iteration  | 🔍 claude-self-reflect
+3. 05:13:51 🔄 Iteration  | 📧 emailmon
+
+# Entries include project tags:
+tags: ['__csr_hook_auto__', 'project_emailmon', 'ralph_iteration']
 ```
 
 [Full documentation →](docs/development/ralph-memory-integration.md)

package/mcp-server/src/reflection_tools.py

@@ -8,6 +8,7 @@ from typing import Optional, List, Dict, Any
 from datetime import datetime, timezone
 from pathlib import Path
 import uuid
+from xml.sax.saxutils import escape as xml_escape
 
 from fastmcp import Context
 from pydantic import Field
@@ -207,13 +208,108 @@ Timestamp: {metadata['timestamp']}"""
 <error>Conversation ID '{conversation_id}' not found in any project.</error>
 <suggestion>The conversation may not have been imported yet, or the ID may be incorrect.</suggestion>
 </conversation_file>"""
-            
+
         except Exception as e:
             logger.error(f"Failed to get conversation file: {e}", exc_info=True)
             return f"""<conversation_file>
 <error>Failed to locate conversation: {str(e)}</error>
 </conversation_file>"""
 
+    async def get_session_learnings(
+        self,
+        ctx: Context,
+        session_id: str,
+        limit: int = 50
+    ) -> str:
+        """Get all learnings from a specific Ralph session.
+
+        This enables iteration-level memory: retrieve what was learned
+        in previous iterations of the SAME Ralph loop session.
+        """
+        from qdrant_client import models
+
+        await ctx.debug(f"Getting learnings for session: {session_id}")
+
+        try:
+            # Check runtime preference from environment
+            prefer_local = os.getenv('PREFER_LOCAL_EMBEDDINGS', 'true').lower() == 'true'
+            embedding_type = "local" if prefer_local else "voyage"
+            collection_name = f"reflections_{embedding_type}"
+
+            # Filter by session tag - matches reflections stored with session_{id} tag
+            session_filter = models.Filter(
+                must=[
+                    models.FieldCondition(
+                        key="tags",
+                        match=models.MatchAny(any=[f"session_{session_id}"])
+                    )
+                ]
+            )
+
+            results, _ = await self.qdrant_client.scroll(
+                collection_name=collection_name,
+                scroll_filter=session_filter,
+                limit=limit,
+                with_payload=True,
+            )
+
+            if not results:
+                await ctx.debug(f"No learnings found for session {session_id}")
+                return f"""<session_learnings>
+<session_id>{session_id}</session_id>
+<count>0</count>
+<message>No learnings stored yet for this session. Use store_reflection() with tags=['session_{session_id}', 'iteration_N', 'ralph_iteration'] to store iteration learnings.</message>
+</session_learnings>"""
+
+            # Format results
+            learnings = []
+            for point in results:
+                payload = point.payload or {}
+                tags = payload.get("tags", [])
+                # Extract iteration number from tags if present
+                iteration = "unknown"
+                for tag in tags:
+                    if tag.startswith("iteration_"):
+                        iteration = tag.replace("iteration_", "")
+                        break
+
+                learnings.append({
+                    "content": payload.get("content", ""),
+                    "iteration": iteration,
+                    "timestamp": payload.get("timestamp", ""),
+                    "tags": tags
+                })
+
+            # Sort by timestamp (oldest first for chronological order)
+            learnings.sort(key=lambda x: x.get("timestamp", ""))
+
+            await ctx.debug(f"Found {len(learnings)} learnings for session {session_id}")
+
+            # Format as XML for structured output (escape special chars for safety)
+            learnings_xml = "\n".join([
+                f"""<learning iteration="{xml_escape(str(l['iteration']))}">
+<timestamp>{xml_escape(str(l['timestamp']))}</timestamp>
+<content>{xml_escape(str(l['content']))}</content>
+<tags>{xml_escape(', '.join(str(t) for t in l['tags']))}</tags>
+</learning>"""
+                for l in learnings
+            ])
+
+            return f"""<session_learnings>
+<session_id>{session_id}</session_id>
+<count>{len(learnings)}</count>
+<learnings>
+{learnings_xml}
+</learnings>
+</session_learnings>"""
+
+        except Exception as e:
+            logger.error(f"Failed to get session learnings: {e}", exc_info=True)
+            return f"""<session_learnings>
+<session_id>{session_id}</session_id>
+<error>Failed to retrieve learnings: {str(e)}</error>
+</session_learnings>"""
+
 
 def register_reflection_tools(
     mcp,
@@ -249,5 +345,21 @@ def register_reflection_tools(
         """Get the full JSONL conversation file path for a conversation ID.
         This allows agents to read complete conversations instead of truncated excerpts."""
         return await tools.get_full_conversation(ctx, conversation_id, project)
-    
+
+    @mcp.tool()
+    async def get_session_learnings(
+        ctx: Context,
+        session_id: str = Field(description="Ralph session ID to get learnings from (e.g., 'ralph_20260104_224757_iter1')"),
+        limit: int = Field(default=50, description="Maximum number of learnings to return")
+    ) -> str:
+        """Get all learnings from a specific Ralph session.
+
+        This enables iteration-level memory: retrieve what was learned
+        in previous iterations of the SAME Ralph loop session.
+
+        Use this at the START of each Ralph iteration to see what previous
+        iterations learned. Then use store_reflection() with session tags
+        to save learnings at the END of each iteration."""
+        return await tools.get_session_learnings(ctx, session_id, limit)
+
     logger.info("Reflection tools registered successfully")

package/mcp-server/src/standalone_client.py

@@ -188,13 +188,15 @@ class CSRStandaloneClient:
     def store_reflection(
         self,
         content: str,
-        tags: List[str] = None
+        tags: List[str] = None,
+        collection: str = None
     ) -> str:
         """Store a reflection/insight.
 
         Args:
             content: The reflection content
             tags: Optional tags for categorization
+            collection: Optional custom collection name (for hooks to use separate storage)
 
         Returns:
             ID of stored reflection
@@ -204,7 +206,11 @@ class CSRStandaloneClient:
         embeddings = self._get_embedding_manager()
 
         # Determine collection name
-        collection_name = f"reflections_{'local' if self.prefer_local else 'voyage'}"
+        # Hooks can specify a custom collection to keep their data separate
+        if collection:
+            collection_name = collection
+        else:
+            collection_name = f"reflections_{'local' if self.prefer_local else 'voyage'}"
 
         # Ensure collection exists
         try:
@@ -271,6 +277,66 @@ class CSRStandaloneClient:
         normalized = re.sub(r'_+', '_', normalized)
         return normalized.strip('_')
 
+    def get_session_learnings(
+        self,
+        session_id: str,
+        limit: int = 50,
+        collection: str = None
+    ) -> List[Dict[str, Any]]:
+        """Get all learnings from a specific Ralph session.
+
+        This enables iteration-level memory: retrieve what was learned
+        in previous iterations of the SAME Ralph loop session.
+
+        Args:
+            session_id: The session ID (e.g., "ralph_20260104_224757_iter1")
+            limit: Maximum number of reflections to return
+            collection: Optional custom collection (for hook-stored data)
+
+        Returns:
+            List of reflection payloads from this session, each containing:
+            - content: The reflection text
+            - tags: List of tags (includes iteration info)
+            - timestamp: When it was stored
+        """
+        from qdrant_client import models
+
+        client = self._get_client()
+        if collection:
+            collection_name = collection
+        else:
+            collection_name = f"reflections_{'local' if self.prefer_local else 'voyage'}"
+
+        # Filter by session tag - matches reflections stored with session_{id} tag
+        session_filter = models.Filter(
+            must=[
+                models.FieldCondition(
+                    key="tags",
+                    match=models.MatchAny(any=[f"session_{session_id}"])
+                )
+            ]
+        )
+
+        try:
+            results, _ = client.scroll(
+                collection_name=collection_name,
+                scroll_filter=session_filter,
+                limit=limit,
+                with_payload=True,
+            )
+
+            return [
+                {
+                    "content": point.payload.get("content", ""),
+                    "tags": point.payload.get("tags", []),
+                    "timestamp": point.payload.get("timestamp", ""),
+                }
+                for point in results
+            ]
+        except Exception as e:
+            logger.error(f"Error getting session learnings: {e}")
+            return []
+
     def test_connection(self) -> bool:
         """Test if CSR is accessible.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-self-reflect",
-  "version": "7.1.8",
+  "version": "7.1.9",
   "description": "Give Claude perfect memory of all your conversations - Installation wizard for Python MCP server",
   "keywords": [
     "claude",

package/src/runtime/hooks/iteration_hook.py

@@ -0,0 +1,196 @@
+#!/usr/bin/env python3
+"""
+Ralph Iteration Hook - Fires at EACH iteration boundary via Stop hook.
+
+This is the ONLY viable hook for iteration-level memory because:
+- Stop hook fires after EACH Claude response (iteration boundary)
+- SessionStart/SessionEnd fire once per terminal session (useless)
+
+When triggered:
+1. Store learnings from THIS iteration (with session_id + iteration tag)
+2. Retrieve learnings from PREVIOUS iterations of same session
+3. Output context for next iteration
+
+Input (stdin): JSON with transcript, etc.
+Output (stdout): Context message injected into next iteration
+"""
+
+import sys
+import json
+import logging
+import re
+from pathlib import Path
+from datetime import datetime
+
+# Add project root to path
+sys.path.insert(0, str(Path(__file__).parent.parent.parent.parent))
+
+from src.runtime.hooks.ralph_state import (
+    is_ralph_session,
+    load_ralph_session_state,
+)
+
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+
+def get_project_root() -> Path:
+    return Path(__file__).parent.parent.parent.parent
+
+
+def store_iteration_learnings(state, iteration: int) -> bool:
+    """Store learnings from current iteration to CSR."""
+    try:
+        project_root = get_project_root()
+        mcp_server_path = project_root / "mcp-server" / "src"
+        if str(mcp_server_path) not in sys.path:
+            sys.path.insert(0, str(mcp_server_path))
+        from standalone_client import CSRStandaloneClient
+        client = CSRStandaloneClient()
+
+        # Get working directory (project name)
+        cwd = Path.cwd()
+        # SECURITY: Sanitize project name to prevent injection
+        project_name = re.sub(r'[^a-zA-Z0-9_-]', '_', cwd.name)
+
+        # Get learnings (may be empty)
+        learnings = getattr(state, 'learnings', [])
+
+        # Create iteration-specific content (store even if no learnings to track hook fired)
+        content = f"""# Iteration {iteration} (Session: {state.session_id})
+
+## Project
+{project_name} ({cwd})
+
+## Task
+{state.task[:200] if state.task else '(no task)'}
+
+## Learnings
+{chr(10).join(f'- {l}' for l in learnings) if learnings else '(none this iteration)'}
+
+## Current Approach
+{state.current_approach or '(not set)'}
+
+## Files Modified
+{chr(10).join(f'- {f}' for f in state.files_modified) if state.files_modified else '(none)'}
+"""
+
+        # Store with iteration-specific tags including project
+        tags = [
+            "__csr_hook_auto__",  # Hook signature
+            f"project_{project_name}",
+            f"session_{state.session_id}",
+            f"iteration_{iteration}",
+            "ralph_iteration"
+        ]
+
+        client.store_reflection(
+            content=content,
+            tags=tags,
+            collection="csr_hook_sessions_local"
+        )
+
+        logger.info(f"Stored iteration {iteration} for {project_name} session {state.session_id}")
+        return True
+
+    except Exception as e:
+        logger.error(f"Error storing iteration learnings: {e}")
+        return False
+
+
+def retrieve_iteration_learnings(session_id: str, current_iteration: int) -> list:
+    """Retrieve learnings from PREVIOUS iterations of this session."""
+    try:
+        project_root = get_project_root()
+        mcp_server_path = project_root / "mcp-server" / "src"
+        if str(mcp_server_path) not in sys.path:
+            sys.path.insert(0, str(mcp_server_path))
+        from standalone_client import CSRStandaloneClient
+        client = CSRStandaloneClient()
+
+        # Get learnings from this session (use hook collection)
+        learnings = client.get_session_learnings(
+            session_id,
+            limit=20,
+            collection="csr_hook_sessions_local"
+        )
+
+        # Filter to only previous iterations
+        previous = [
+            l for l in learnings
+            if any(f"iteration_{i}" in l.get('tags', [])
+                   for i in range(1, current_iteration))
+        ]
+
+        return previous
+
+    except Exception as e:
+        logger.error(f"Error retrieving iteration learnings: {e}")
+        return []
+
+
+def format_iteration_context(learnings: list, current_iteration: int) -> str:
+    """Format previous iteration learnings for injection."""
+    if not learnings:
+        return ""
+
+    output = [f"# Previous Iteration Learnings (for Iteration {current_iteration})"]
+    output.append("")
+
+    for l in learnings[:5]:  # Max 5 previous iterations
+        content = l.get('content', '')[:500]
+        tags = l.get('tags', [])
+        iter_tag = [t for t in tags if t.startswith('iteration_')]
+        iter_num = iter_tag[0].split('_')[1] if iter_tag else '?'
+        output.append(f"## From Iteration {iter_num}")
+        output.append(content)
+        output.append("")
+
+    return "\n".join(output)
+
+
+def main():
+    """Main hook entry point - fires at each iteration boundary."""
+    # Read hook input (required by Claude Code hook framework, but we use Ralph state file instead)
+    # The stdin contains transcript data, but Ralph state file is the authoritative source
+    try:
+        _ = json.load(sys.stdin)  # Consume stdin as required by hook protocol
+    except (json.JSONDecodeError, EOFError):
+        pass  # No input is fine - we get state from .ralph_state.md
+
+    # Check if Ralph loop active
+    if not is_ralph_session():
+        logger.info("No Ralph session - iteration hook skipped")
+        sys.exit(0)
+
+    # Load state
+    state = load_ralph_session_state()
+    if not state:
+        logger.warning("Could not load Ralph state")
+        sys.exit(0)
+
+    iteration = state.iteration
+    session_id = state.session_id
+
+    logger.info(f"Iteration hook: session={session_id}, iteration={iteration}")
+
+    # 1. Store learnings from THIS iteration
+    store_iteration_learnings(state, iteration)
+
+    # 2. Retrieve learnings from PREVIOUS iterations
+    previous_learnings = retrieve_iteration_learnings(session_id, iteration)
+
+    # 3. Output context for NEXT iteration
+    if previous_learnings:
+        context = format_iteration_context(previous_learnings, iteration + 1)
+        # Write to file for Claude to read
+        context_path = Path('.ralph_iteration_context.md')
+        context_path.write_text(context)
+        print(f"# Loaded {len(previous_learnings)} learnings from previous iterations")
+        print(f"# See .ralph_iteration_context.md for details")
+    else:
+        logger.info("No previous iteration learnings found")
+
+
+if __name__ == "__main__":
+    main()

package/src/runtime/hooks/ralph_state.py

@@ -119,6 +119,11 @@ class RalphState:
             score += 10
         self.exit_confidence = min(100, score)
 
+    def increment_iteration(self) -> None:
+        """Increment iteration count and update timestamp."""
+        self.iteration += 1
+        self.updated_at = datetime.now().isoformat()
+
     def to_markdown(self) -> str:
         """Convert state to markdown format for .ralph_state.md"""
         # Format error signatures for display

package/src/runtime/hooks/session_end_hook.py

@@ -141,7 +141,10 @@ Promise Met: {state.completion_promise_met}
 """
 
         # Store with outcome-aware tags
+        # IMPORTANT: __csr_hook_auto__ is a distinct signature that identifies
+        # hook-stored reflections vs manually-stored ones during development
         tags = [
+            "__csr_hook_auto__",  # Hook signature - don't manually use this tag!
             "ralph_session",
             f"session_{state.session_id}",
             f"outcome_{outcome.lower()}",
@@ -165,7 +168,12 @@ Promise Met: {state.completion_promise_met}
 
         # Note: CSR store_reflection may not support metadata yet,
         # but we include the rich info in the narrative for searchability
-        client.store_reflection(content=narrative, tags=tags)
+        # Use hook-specific collection so random agents don't pollute it
+        client.store_reflection(
+            content=narrative,
+            tags=tags,
+            collection="csr_hook_sessions_local"  # Separate from user reflections
+        )
 
         logger.info(f"Stored session narrative: {outcome}, {state.iteration} iterations, confidence={exit_confidence}%")
 
@@ -179,7 +187,8 @@ Iterations: {state.iteration}
 """
             client.store_reflection(
                 content=success_summary,
-                tags=["ralph_success", "winning_strategy", f"work_type_{work_type.lower()}"]
+                tags=["__csr_hook_auto__", "ralph_success", "winning_strategy", f"work_type_{work_type.lower()}"],
+                collection="csr_hook_sessions_local"
             )
 
         return True

package/src/runtime/precompact-hook.sh

@@ -9,6 +9,13 @@ DEFAULT_PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
 
 # Configuration (allows override via environment)
 CLAUDE_REFLECT_DIR="${CLAUDE_REFLECT_DIR:-$DEFAULT_PROJECT_ROOT}"
+
+# SECURITY: Validate CLAUDE_REFLECT_DIR to prevent directory traversal
+if [[ "$CLAUDE_REFLECT_DIR" =~ \.\. ]]; then
+    echo "Error: CLAUDE_REFLECT_DIR contains directory traversal" >&2
+    exit 0  # Exit gracefully, don't block compacting
+fi
+
 # Support both .venv and venv directories
 if [ -d "$CLAUDE_REFLECT_DIR/.venv" ]; then
     VENV_PATH="${VENV_PATH:-$CLAUDE_REFLECT_DIR/.venv}"
@@ -31,6 +38,17 @@ if [ ! -d "$VENV_PATH" ]; then
     exit 0  # Exit gracefully
 fi
 
+# SECURITY: Validate VENV_PATH to prevent command injection
+if [[ ! "$VENV_PATH" =~ ^[a-zA-Z0-9/_.-]+$ ]]; then
+    echo "Error: Invalid VENV_PATH contains unsafe characters" >&2
+    exit 0  # Exit gracefully, don't block compacting
+fi
+
+if [ ! -x "$VENV_PATH/bin/python3" ]; then
+    echo "Error: Python not found at $VENV_PATH/bin/python3" >&2
+    exit 0  # Exit gracefully
+fi
+
 # Run quick import with timeout
 echo "Updating conversation memory..." >&2
 timeout $IMPORT_TIMEOUT bash -c "
@@ -57,7 +75,7 @@ fi
 if [ -n "$RALPH_STATE_FILE" ]; then
     echo "📝 Backing up Ralph state to CSR..." >&2
 
-    RALPH_STATE_FILE="$RALPH_STATE_FILE" CLAUDE_REFLECT_DIR="$CLAUDE_REFLECT_DIR" python3 << 'PYTHON' 2>/dev/null || echo "Warning: Could not backup Ralph state" >&2
+    RALPH_STATE_FILE="$RALPH_STATE_FILE" CLAUDE_REFLECT_DIR="$CLAUDE_REFLECT_DIR" "$VENV_PATH/bin/python3" << 'PYTHON' || echo "Warning: Could not backup Ralph state" >&2
 import sys
 import os
 from pathlib import Path
@@ -68,17 +86,21 @@ project_root = os.environ.get('CLAUDE_REFLECT_DIR', str(Path.home() / 'claude-se
 sys.path.insert(0, str(Path(project_root) / 'mcp-server' / 'src'))
 
 try:
+    import re
     from standalone_client import CSRStandaloneClient
 
     ralph_state_file = os.environ.get('RALPH_STATE_FILE', '.ralph_state.md')
     state_content = Path(ralph_state_file).read_text()
+    # SECURITY: Sanitize project name to prevent injection
+    project_name = re.sub(r'[^a-zA-Z0-9_-]', '_', Path.cwd().name)
     client = CSRStandaloneClient()
 
     client.store_reflection(
-        content=f"Pre-compaction Ralph state backup ({datetime.now().isoformat()}):\n\n{state_content}",
-        tags=["ralph_state", "pre_compact_backup"]
+        content=f"Pre-compaction Ralph state backup ({datetime.now().isoformat()}):\n\nProject: {project_name}\n\n{state_content}",
+        tags=["__csr_hook_auto__", f"project_{project_name}", "ralph_state", "pre_compact_backup"],
+        collection="csr_hook_sessions_local"
     )
-    print("✅ Ralph state backed up to CSR", file=sys.stderr)
+    print(f"✅ Ralph state ({project_name}) backed up to CSR", file=sys.stderr)
 except ImportError:
     print("CSR client not available, skipping backup", file=sys.stderr)
 except Exception as e: