eagle-mem 3.0.0 → 3.0.2

package/db/015_integrity_fixes.sql

@@ -0,0 +1,156 @@
+-- Migration 015: Data integrity fixes
+-- 1. Add CHECK constraints for status fields (claude_tasks, features, command_rules)
+-- 2. Add UNIQUE constraint to feature_smoke_tests to prevent duplicates
+-- 3. Deduplicate any existing smoke test rows before adding constraint
+
+-- ─── 1. CHECK constraints via table rebuild ──────────────────
+
+-- claude_tasks: enforce status values
+CREATE TABLE claude_tasks_new (
+    id                INTEGER PRIMARY KEY AUTOINCREMENT,
+    project           TEXT NOT NULL DEFAULT '',
+    source_session_id TEXT NOT NULL,
+    source_task_id    TEXT NOT NULL,
+    file_path         TEXT UNIQUE,
+    subject           TEXT,
+    description       TEXT,
+    active_form       TEXT,
+    status            TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'in_progress', 'completed', 'cancelled')),
+    blocks            TEXT DEFAULT '[]',
+    blocked_by        TEXT DEFAULT '[]',
+    content_hash      TEXT,
+    captured_at       TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+    updated_at        TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+);
+
+INSERT INTO claude_tasks_new SELECT * FROM claude_tasks;
+DROP TABLE claude_tasks;
+ALTER TABLE claude_tasks_new RENAME TO claude_tasks;
+
+CREATE INDEX IF NOT EXISTS idx_claude_tasks_project ON claude_tasks(project);
+CREATE INDEX IF NOT EXISTS idx_claude_tasks_session ON claude_tasks(source_session_id);
+CREATE INDEX IF NOT EXISTS idx_claude_tasks_status ON claude_tasks(status);
+
+-- Recreate FTS triggers (dropped with table)
+CREATE TRIGGER claude_tasks_ai AFTER INSERT ON claude_tasks BEGIN
+    INSERT INTO claude_tasks_fts(rowid, subject, description)
+    VALUES (new.id, new.subject, new.description);
+END;
+
+CREATE TRIGGER claude_tasks_ad AFTER DELETE ON claude_tasks BEGIN
+    INSERT INTO claude_tasks_fts(claude_tasks_fts, rowid, subject, description)
+    VALUES ('delete', old.id, old.subject, old.description);
+END;
+
+CREATE TRIGGER claude_tasks_au AFTER UPDATE ON claude_tasks BEGIN
+    INSERT INTO claude_tasks_fts(claude_tasks_fts, rowid, subject, description)
+    VALUES ('delete', old.id, old.subject, old.description);
+    INSERT INTO claude_tasks_fts(rowid, subject, description)
+    VALUES (new.id, new.subject, new.description);
+END;
+
+-- features: enforce status values
+CREATE TABLE features_new (
+    id INTEGER PRIMARY KEY,
+    project TEXT NOT NULL,
+    name TEXT NOT NULL,
+    description TEXT,
+    status TEXT DEFAULT 'active' CHECK (status IN ('active', 'archived', 'deprecated')),
+    last_verified_at TIMESTAMP,
+    last_verified_notes TEXT,
+    created_at TIMESTAMP DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+    updated_at TIMESTAMP DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+    UNIQUE(project, name)
+);
+
+INSERT INTO features_new SELECT * FROM features;
+DROP TABLE features;
+ALTER TABLE features_new RENAME TO features;
+
+-- Recreate FTS triggers for features (dropped with table)
+CREATE TRIGGER features_ai AFTER INSERT ON features BEGIN
+    INSERT INTO features_fts(rowid, name, description)
+    VALUES (new.id, new.name, new.description);
+END;
+
+CREATE TRIGGER features_ad AFTER DELETE ON features BEGIN
+    INSERT INTO features_fts(features_fts, rowid, name, description)
+    VALUES ('delete', old.id, old.name, old.description);
+END;
+
+CREATE TRIGGER features_au AFTER UPDATE ON features BEGIN
+    INSERT INTO features_fts(features_fts, rowid, name, description)
+    VALUES ('delete', old.id, old.name, old.description);
+    INSERT INTO features_fts(rowid, name, description)
+    VALUES (new.id, new.name, new.description);
+END;
+
+-- Rebuild child tables with CASCADE FKs (they reference features.id)
+-- feature_dependencies: recreate to pick up new parent table
+CREATE TABLE feature_dependencies_new (
+    id INTEGER PRIMARY KEY,
+    feature_id INTEGER NOT NULL,
+    kind TEXT NOT NULL,
+    target TEXT NOT NULL,
+    name TEXT NOT NULL,
+    notes TEXT,
+    FOREIGN KEY (feature_id) REFERENCES features(id) ON DELETE CASCADE,
+    UNIQUE(feature_id, kind, target, name)
+);
+INSERT INTO feature_dependencies_new SELECT * FROM feature_dependencies;
+DROP TABLE feature_dependencies;
+ALTER TABLE feature_dependencies_new RENAME TO feature_dependencies;
+
+-- feature_files: recreate to pick up new parent table
+CREATE TABLE feature_files_new (
+    id INTEGER PRIMARY KEY,
+    feature_id INTEGER NOT NULL,
+    file_path TEXT NOT NULL,
+    role TEXT,
+    FOREIGN KEY (feature_id) REFERENCES features(id) ON DELETE CASCADE,
+    UNIQUE(feature_id, file_path)
+);
+INSERT INTO feature_files_new SELECT * FROM feature_files;
+DROP TABLE feature_files;
+ALTER TABLE feature_files_new RENAME TO feature_files;
+
+-- ─── 2. feature_smoke_tests: deduplicate + add UNIQUE constraint ──
+
+-- Remove duplicates, keeping the row with the lowest id per (feature_id, command)
+DELETE FROM feature_smoke_tests WHERE id NOT IN (
+    SELECT MIN(id) FROM feature_smoke_tests GROUP BY feature_id, command
+);
+
+CREATE TABLE feature_smoke_tests_new (
+    id INTEGER PRIMARY KEY,
+    feature_id INTEGER NOT NULL,
+    command TEXT NOT NULL,
+    description TEXT,
+    FOREIGN KEY (feature_id) REFERENCES features(id) ON DELETE CASCADE,
+    UNIQUE(feature_id, command)
+);
+INSERT INTO feature_smoke_tests_new SELECT * FROM feature_smoke_tests;
+DROP TABLE feature_smoke_tests;
+ALTER TABLE feature_smoke_tests_new RENAME TO feature_smoke_tests;
+
+-- ─── 3. command_rules: add CHECK on strategy ─────────────────
+
+CREATE TABLE command_rules_new (
+    id INTEGER PRIMARY KEY,
+    project TEXT,
+    pattern TEXT NOT NULL,
+    strategy TEXT NOT NULL DEFAULT 'summary' CHECK (strategy IN ('summary', 'truncate')),
+    max_lines INTEGER,
+    reason TEXT,
+    times_seen INTEGER DEFAULT 0,
+    avg_output_bytes INTEGER DEFAULT 0,
+    enabled INTEGER DEFAULT 1,
+    created_at TIMESTAMP DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+    updated_at TIMESTAMP DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+    UNIQUE(project, pattern)
+);
+INSERT INTO command_rules_new SELECT * FROM command_rules;
+DROP TABLE command_rules;
+ALTER TABLE command_rules_new RENAME TO command_rules;
+
+CREATE INDEX IF NOT EXISTS idx_command_rules_pattern ON command_rules(pattern);

package/db/migrate.sh

@@ -9,6 +9,9 @@ EAGLE_MEM_DIR="${EAGLE_MEM_DIR:-$HOME/.eagle-mem}"
 DB="$EAGLE_MEM_DIR/memory.db"
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 
+# Restrict permissions: DB and config contain session data and may contain
+# residual secrets despite redaction. Owner-only access (700 dir, 600 files).
+umask 077
 mkdir -p "$EAGLE_MEM_DIR"
 
 run_migration() {

package/hooks/post-tool-use.sh

@@ -2,7 +2,7 @@
 # ═══════════════════════════════════════════════════════════
 # Eagle Mem — PostToolUse hook
 # Fires after every tool use
-# Captures file read/write operations as lightweight observations
+# Captures observations + dispatches to extracted responsibilities
 # ═══════════════════════════════════════════════════════════
 set +e
 
@@ -11,6 +11,7 @@ LIB_DIR="$SCRIPT_DIR/../lib"
 
 . "$LIB_DIR/common.sh"
 . "$LIB_DIR/db.sh"
+. "$LIB_DIR/hooks-posttool.sh"
 
 input=$(eagle_read_stdin)
 [ -z "$input" ] && exit 0
@@ -31,6 +32,13 @@ esac
 
 project=$(eagle_project_from_cwd "$cwd")
 
+# Ensure session row exists before inserting observations (FK constraint).
+# PostToolUse can race SessionStart — the session row might not exist yet.
+eagle_upsert_session "$session_id" "$project" "$cwd" "" ""
+
+# ─── Extract observation data from tool call ──────────────
+
+fp=""
 files_read="[]"
 files_modified="[]"
 tool_summary=""
@@ -59,14 +67,12 @@ case "$tool_name" in
         cmd=$(echo "$cmd" | eagle_redact)
         tool_summary="Bash: $cmd"
 
-        # Output metrics
         tool_output=$(echo "$input" | jq -r '.tool_result.stdout // empty' 2>/dev/null)
         if [ -n "$tool_output" ]; then
             output_bytes=${#tool_output}
             output_lines=$(echo "$tool_output" | wc -l | tr -d ' ')
         fi
 
-        # Command category extraction
         first_word=$(echo "$cmd" | awk '{print $1}' | sed 's|.*/||')
         case "$first_word" in
             git|gh) command_category="git" ;;
@@ -91,152 +97,17 @@ case "$tool_name" in
         ;;
 esac
 
-# ─── Claude memory + plan mirror ─────────────────────────
-# Intercept writes to Claude Code's auto-memory and plan files
-case "$tool_name" in
-    Write|Edit)
-        if [ -n "$fp" ]; then
-            # Reject path traversal: bash case `*` matches `/`, so
-            # patterns like projects/*/memory/*.md would match paths
-            # containing /../ segments. Block any path with `..` first.
-            case "$fp" in
-                *..*) ;; # path traversal — skip
-                "$HOME/.claude/projects"/*/memory/*.md)
-                    mem_base=$(basename "$fp")
-                    if [ "$mem_base" != "MEMORY.md" ] && [ -f "$fp" ]; then
-                        eagle_capture_claude_memory "$fp" "$session_id" "$project"
-                    fi
-                    ;;
-                "$HOME/.claude/plans/"*.md)
-                    if [ -f "$fp" ]; then
-                        eagle_capture_claude_plan "$fp" "$session_id" "$project"
-                    fi
-                    ;;
-            esac
-        fi
-        ;;
-esac
+# ─── Dispatch to extracted responsibilities ───────────────
 
-# ─── Claude task mirror ─────────────────────────────────
-# Intercept TaskCreate/TaskUpdate and capture the resulting JSON files
-case "$tool_name" in
-    TaskCreate|TaskUpdate)
-        if eagle_validate_session_id "$session_id"; then
-            task_dir="$HOME/.claude/tasks/$session_id"
-            if [ -d "$task_dir" ]; then
-                task_id=$(echo "$input" | jq -r '.tool_input.id // empty')
-                if [ -z "$task_id" ]; then
-                    newest=$(ls -t "$task_dir"/*.json 2>/dev/null | head -1)
-                    [ -n "$newest" ] && [ -f "$newest" ] && eagle_capture_claude_task "$newest" "$session_id" "$project"
-                elif eagle_validate_session_id "$task_id"; then
-                    task_json="$task_dir/$task_id.json"
-                    [ -f "$task_json" ] && eagle_capture_claude_task "$task_json" "$session_id" "$project"
-                fi
-            fi
-        fi
-        ;;
-esac
+eagle_posttool_mirror_writes "$tool_name" "$fp" "$session_id" "$project"
+eagle_posttool_mirror_tasks "$tool_name" "$session_id" "$project" "$input"
+eagle_posttool_stale_hint "$tool_name" "$fp" "$project"
+eagle_posttool_decision_surface "$tool_name" "$fp" "$project"
 
-# ─── Stale memory hint ──────────────────────────────────
-# After editing a project file, FTS5-search memories for the filename.
-# If a memory mentions this file, remind Claude to check for staleness.
-case "$tool_name" in
-    Write|Edit)
-        if [ -n "$fp" ]; then
-            fname=$(basename "$fp")
-            fname_stem="${fname%.*}"
-            case "$fp" in
-                "$HOME/.claude/"*) ;; # skip Claude config files
-                *)
-                    if [ ${#fname_stem} -ge 3 ]; then
-                        fts_query=$(eagle_fts_sanitize "$fname_stem")
-                        if [ -n "$fts_query" ]; then
-                            fts_esc=$(eagle_sql_escape "$fts_query")
-                            p_esc=$(eagle_sql_escape "$project")
-                            stale_hit=$(eagle_db "SELECT m.memory_name
-                                FROM claude_memories m
-                                JOIN claude_memories_fts f ON f.rowid = m.id
-                                WHERE claude_memories_fts MATCH '$fts_esc'
-                                AND m.project = '$p_esc'
-                                LIMIT 1;")
-                            if [ -n "$stale_hit" ]; then
-                                stale_msg="Eagle Mem: Memory '${stale_hit}' may reference '${fname}'. If your edit contradicts it, update the memory."
-                                jq -nc --arg ctx "$stale_msg" '{"hookSpecificOutput":{"hookEventName":"PostToolUse","additionalContext":$ctx}}'
-                            fi
-                        fi
-                    fi
-                    ;;
-            esac
-        fi
-        ;;
-esac
-
-# ─── Decision + feature surfacing on Read ──────────────────
-# When Claude reads a file, surface past decisions and feature pipeline context.
-case "$tool_name" in
-    Read)
-        if [ -n "$fp" ]; then
-            fname=$(basename "$fp")
-            fname_stem="${fname%.*}"
-            read_context=""
-            case "$fp" in
-                "$HOME/.claude/"*) ;; # skip Claude config files
-                *)
-                    p_esc=$(eagle_sql_escape "$project")
-
-                    # Decision history from summaries
-                    if [ ${#fname_stem} -ge 3 ]; then
-                        fts_query=$(eagle_fts_sanitize "$fname_stem")
-                        if [ -n "$fts_query" ]; then
-                            fts_esc=$(eagle_sql_escape "$fts_query")
-                            decision_hit=$(eagle_db "SELECT s.decisions
-                                FROM summaries s
-                                JOIN summaries_fts f ON f.rowid = s.id
-                                WHERE summaries_fts MATCH '$fts_esc'
-                                AND s.project = '$p_esc'
-                                AND s.decisions IS NOT NULL
-                                AND s.decisions != ''
-                                ORDER BY s.created_at DESC
-                                LIMIT 1;")
-                            if [ -n "$decision_hit" ]; then
-                                read_context+="Eagle Mem decision history for '${fname}': ${decision_hit} — Do not revert without explicit user request. "
-                            fi
-                        fi
-                    fi
-
-                    # Feature pipeline context
-                    feature_hit=$(eagle_find_features_for_file "$project" "$fp")
-                    if [ -n "$feature_hit" ]; then
-                        while IFS='|' read -r feat_name feat_desc feat_verified _role feat_deps feat_other_files feat_smoke; do
-                            [ -z "$feat_name" ] && continue
-                            read_context+="Eagle Mem: '${fname}' is part of feature '${feat_name}'"
-                            [ -n "$feat_desc" ] && read_context+=" ($feat_desc)"
-                            read_context+="."
-                            if [ -n "$feat_verified" ]; then
-                                read_context+=" Last verified: ${feat_verified}."
-                            fi
-                            if [ -n "$feat_deps" ]; then
-                                read_context+=" Dependencies: ${feat_deps}."
-                            fi
-                            if [ -n "$feat_other_files" ]; then
-                                read_context+=" Other files in pipeline: ${feat_other_files}."
-                            fi
-                            if [ -n "$feat_smoke" ]; then
-                                read_context+=" Smoke tests: ${feat_smoke}."
-                            fi
-                            read_context+=" Changes require re-testing after deploy. "
-                        done <<< "$feature_hit"
-                    fi
-
-                    if [ -n "$read_context" ]; then
-                        jq -nc --arg ctx "$read_context" '{"hookSpecificOutput":{"hookEventName":"PostToolUse","additionalContext":$ctx}}'
-                    fi
-                    ;;
-            esac
-        fi
-        ;;
-esac
+# ─── Record observation ──────────────────────────────────
 
-eagle_insert_observation "$session_id" "$project" "$tool_name" "$tool_summary" "$files_read" "$files_modified" "$output_bytes" "$output_lines" "$command_category"
+if ! eagle_insert_observation "$session_id" "$project" "$tool_name" "$tool_summary" "$files_read" "$files_modified" "$output_bytes" "$output_lines" "$command_category"; then
+    eagle_log "ERROR" "PostToolUse: observation insert failed for session=$session_id tool=$tool_name"
+fi
 
 exit 0

package/hooks/pre-tool-use.sh

@@ -27,7 +27,6 @@ cmd=$(echo "$input" | jq -r '.tool_input.command // empty')
 session_id=$(echo "$input" | jq -r '.session_id // empty')
 cwd=$(echo "$input" | jq -r '.cwd // empty')
 project=$(eagle_project_from_cwd "$cwd")
-p_esc=$(eagle_sql_escape "$project")
 
 context=""
 
@@ -35,7 +34,7 @@ context=""
 
 case "$cmd" in
     *"git push"*|*"gh pr create"*)
-        has_features=$(eagle_db "SELECT COUNT(*) FROM features WHERE project = '$p_esc' AND status = 'active';")
+        has_features=$(eagle_count_active_features "$project")
         if [ "${has_features:-0}" -gt 0 ]; then
             changed_files=""
             if [ -n "$cwd" ] && [ -d "$cwd" ]; then
@@ -50,17 +49,7 @@ case "$cmd" in
                     fname=$(basename "$changed_file")
                     fname_esc=$(eagle_sql_escape "$fname")
 
-                    feature_hits=$(eagle_db "SELECT DISTINCT f.name,
-                        (SELECT GROUP_CONCAT(fst.command, '; ')
-                         FROM feature_smoke_tests fst WHERE fst.feature_id = f.id) as smoke,
-                        (SELECT GROUP_CONCAT(fd.target || ':' || fd.name, ', ')
-                         FROM feature_dependencies fd WHERE fd.feature_id = f.id) as deps,
-                        f.last_verified_at
-                        FROM features f
-                        JOIN feature_files ff ON ff.feature_id = f.id
-                        WHERE f.project = '$p_esc'
-                        AND f.status = 'active'
-                        AND (ff.file_path LIKE '%$fname_esc' OR ff.file_path LIKE '%$fname_esc%');")
+                    feature_hits=$(eagle_find_feature_for_push "$project" "$fname_esc")
 
                     while IFS='|' read -r feat_name feat_smoke feat_deps feat_verified; do
                         [ -z "$feat_name" ] && continue
@@ -92,16 +81,8 @@ esac
 
 # Extract the base command for rule matching
 base_cmd=$(echo "$cmd" | awk '{print $1}' | sed 's|.*/||')
-cmd_esc=$(eagle_sql_escape "$base_cmd")
-
-rule=$(eagle_db "SELECT strategy, max_lines, reason
-    FROM command_rules
-    WHERE enabled = 1
-    AND (project = '$p_esc' OR project IS NULL)
-    AND ('$cmd_esc' LIKE pattern OR '$cmd_esc' = pattern)
-    ORDER BY
-        CASE WHEN project IS NOT NULL THEN 0 ELSE 1 END
-    LIMIT 1;")
+
+rule=$(eagle_get_command_rule "$project" "$base_cmd")
 
 if [ -n "$rule" ]; then
     IFS='|' read -r strategy max_lines reason <<< "$rule"

package/hooks/session-end.sh

@@ -25,7 +25,7 @@ project=$(eagle_project_from_cwd "$cwd")
 # Final sweep: re-capture all task files to catch status changes
 # Claude Code may update task status without triggering PostToolUse
 if eagle_validate_session_id "$session_id"; then
-    task_dir="$HOME/.claude/tasks/$session_id"
+    task_dir="$EAGLE_CLAUDE_TASKS_DIR/$session_id"
     if [ -d "$task_dir" ]; then
         for task_file in "$task_dir"/*.json; do
             [ ! -f "$task_file" ] && continue
@@ -38,4 +38,7 @@ fi
 eagle_end_session "$session_id"
 eagle_log "INFO" "SessionEnd: session=$session_id marked completed"
 
+# Prune observations older than 90 days (keeps DB size bounded)
+eagle_prune_observations 90 "$project"
+
 exit 0

package/hooks/session-start.sh

@@ -33,10 +33,7 @@ eagle_upsert_session "$session_id" "$project" "$cwd" "$model" "$source_type"
 # ─── Sweep stuck sessions (no activity for 7 days) ─────────
 # Uses last_activity_at (updated by trigger on every observation insert)
 # so long-lived sessions with regular compactions aren't falsely abandoned
-eagle_db "UPDATE sessions SET status = 'abandoned'
-    WHERE status = 'active'
-    AND id != '$(eagle_sql_escape "$session_id")'
-    AND COALESCE(last_activity_at, started_at) < strftime('%Y-%m-%dT%H:%M:%fZ', 'now', '-7 days');"
+eagle_abandon_stale_sessions "$session_id"
 
 # ─── Version check (non-blocking) ────────────────────────────
 
@@ -68,30 +65,27 @@ fi
 
 # ─── Gather stats ───────────────────────────────────────────
 
-p_esc=$(eagle_sql_escape "$project")
-
-stat_sessions=$(eagle_db "SELECT COUNT(*) FROM sessions WHERE project = '$p_esc';")
-stat_summaries=$(eagle_db "SELECT COUNT(*) FROM summaries WHERE project = '$p_esc';")
-stat_memories=$(eagle_db "SELECT COUNT(*) FROM claude_memories WHERE project = '$p_esc';")
-stat_tasks_pending=$(eagle_db "SELECT COUNT(*) FROM claude_tasks WHERE project = '$p_esc' AND status = 'pending';")
-stat_tasks_progress=$(eagle_db "SELECT COUNT(*) FROM claude_tasks WHERE project = '$p_esc' AND status = 'in_progress';")
-stat_tasks_done=$(eagle_db "SELECT COUNT(*) FROM claude_tasks WHERE project = '$p_esc' AND status = 'completed';")
-stat_chunks=$(eagle_db "SELECT COUNT(*) FROM code_chunks WHERE project = '$p_esc';")
-stat_observations=$(eagle_db "SELECT COUNT(*) FROM observations WHERE session_id IN (SELECT id FROM sessions WHERE project = '$p_esc');")
-stat_plans=$(eagle_db "SELECT COUNT(*) FROM claude_plans WHERE project = '$p_esc';")
-stat_last_active=$(eagle_db "SELECT COALESCE(MAX(date(COALESCE(last_activity_at, started_at))), 'never') FROM sessions WHERE project = '$p_esc';")
-stat_last_summary=$(eagle_db "SELECT request FROM summaries WHERE project = '$p_esc' ORDER BY created_at DESC LIMIT 1;")
-
-# Trim to defaults
-stat_sessions="${stat_sessions:-0}"
-stat_summaries="${stat_summaries:-0}"
-stat_memories="${stat_memories:-0}"
-stat_tasks_pending="${stat_tasks_pending:-0}"
-stat_tasks_progress="${stat_tasks_progress:-0}"
-stat_tasks_done="${stat_tasks_done:-0}"
-stat_chunks="${stat_chunks:-0}"
-stat_observations="${stat_observations:-0}"
-stat_plans="${stat_plans:-0}"
+stat_sessions=0; stat_summaries=0; stat_with_summaries=0; stat_memories=0
+stat_tasks_pending=0; stat_tasks_progress=0; stat_tasks_done=0
+stat_chunks=0; stat_observations=0; stat_plans=0
+stat_last_active="never"; stat_last_summary=""
+
+while IFS='|' read -r key val; do
+    case "$key" in
+        sessions)        stat_sessions="$val" ;;
+        summaries)       stat_summaries="$val" ;;
+        with_summaries)  stat_with_summaries="$val" ;;
+        memories)        stat_memories="$val" ;;
+        plans)           stat_plans="$val" ;;
+        tasks_pending)   stat_tasks_pending="$val" ;;
+        tasks_progress)  stat_tasks_progress="$val" ;;
+        tasks_done)      stat_tasks_done="$val" ;;
+        chunks)          stat_chunks="$val" ;;
+        observations)    stat_observations="$val" ;;
+        last_active)     stat_last_active="$val" ;;
+        last_summary)    stat_last_summary="$val" ;;
+    esac
+done <<< "$(eagle_get_project_stats "$project")"
 
 # Build task summary line
 task_parts=""
@@ -117,7 +111,7 @@ eagle_banner="======================================
        Eagle Mem Loaded
 ======================================
  Project      | $project
- Sessions     | $stat_sessions total ($stat_summaries with summaries)
+ Sessions     | $stat_sessions total ($stat_with_summaries with summaries)
  Memories     | $stat_memories stored
  Plans        | $stat_plans saved
  Tasks        | $task_parts

package/hooks/stop.sh

@@ -116,7 +116,7 @@ fi
 if [ -z "$request" ] && [ -n "$transcript_path" ] && [ -f "$transcript_path" ]; then
     # Skip heuristic if we already have a summary for this session.
     # Stop fires every turn -- without this guard, each turn creates a duplicate row.
-    existing_count=$(eagle_db "SELECT COUNT(*) FROM summaries WHERE session_id = '$(eagle_sql_escape "$session_id")';")
+    existing_count=$(eagle_count_session_summaries "$session_id")
     if [ "${existing_count:-0}" -gt 0 ]; then
         eagle_log "INFO" "Stop: skipping heuristic — summary already exists for session=$session_id (count=$existing_count)"
     else
@@ -154,8 +154,11 @@ key_files=$(echo "$key_files" | eagle_redact)
 # ─── Write to database ─────────────────────────────────────
 
 if [ -n "$request" ] || [ -n "$completed" ] || [ -n "$learned" ]; then
-    eagle_insert_summary "$session_id" "$project" "$request" "$investigated" "$learned" "$completed" "$next_steps" "$files_read" "$files_modified" "$notes" "$decisions" "$gotchas" "$key_files"
-    eagle_log "INFO" "Stop: summary saved for session=$session_id"
+    if eagle_insert_summary "$session_id" "$project" "$request" "$investigated" "$learned" "$completed" "$next_steps" "$files_read" "$files_modified" "$notes" "$decisions" "$gotchas" "$key_files"; then
+        eagle_log "INFO" "Stop: summary saved for session=$session_id"
+    else
+        eagle_log "ERROR" "Stop: summary insert FAILED for session=$session_id — check DB constraints"
+    fi
 fi
 
 exit 0

package/lib/common.sh

@@ -9,10 +9,17 @@ EAGLE_MEM_DB="$EAGLE_MEM_DIR/memory.db"
 EAGLE_MEM_LOG="$EAGLE_MEM_DIR/eagle-mem.log"
 EAGLE_SETTINGS="${EAGLE_SETTINGS:-$HOME/.claude/settings.json}"
 EAGLE_SKILLS_DIR="$HOME/.claude/skills"
+EAGLE_CLAUDE_PROJECTS_DIR="$HOME/.claude/projects"
+EAGLE_CLAUDE_PLANS_DIR="$HOME/.claude/plans"
+EAGLE_CLAUDE_TASKS_DIR="$HOME/.claude/tasks"
 
 eagle_log() {
     local level="$1"
     shift
+    # Ensure log file is owner-only (may contain debug data)
+    if [ ! -f "$EAGLE_MEM_LOG" ]; then
+        touch "$EAGLE_MEM_LOG" 2>/dev/null && chmod 600 "$EAGLE_MEM_LOG" 2>/dev/null
+    fi
     echo "[$(date -u +%Y-%m-%dT%H:%M:%SZ)] [$level] $*" >> "$EAGLE_MEM_LOG" 2>/dev/null || true
 }
 
@@ -42,6 +49,12 @@ eagle_fts_sanitize() {
     printf '%s' "$1" | sed 's/[*"(){}^~:]/  /g' | sed 's/  */ /g; s/^ //; s/ $//'
 }
 
+# Escape SQL LIKE wildcards (% and _) so literal filenames match exactly.
+# Apply AFTER eagle_sql_escape, since this only handles LIKE metacharacters.
+eagle_like_escape() {
+    printf '%s' "$1" | sed 's/%/\\%/g; s/_/\\_/g'
+}
+
 # Validate a session ID is safe for use in file paths (no traversal).
 # Claude Code session IDs are UUIDs or hex strings — reject anything else.
 eagle_validate_session_id() {
@@ -64,21 +77,34 @@ eagle_read_stdin() {
 # Stripe/AWS/GitHub/Anthropic/OpenAI key patterns, named env vars.
 eagle_redact() {
     sed -E \
-        -e 's/(Bearer )[^ ]*/\1[REDACTED]/gi' \
-        -e 's/(api[_-]?key[= :])[^ ]*/\1[REDACTED]/gi' \
-        -e 's/(password[= :])[^ ]*/\1[REDACTED]/gi' \
-        -e 's/(secret[= :])[^ ]*/\1[REDACTED]/gi' \
-        -e 's/(token[= :])[^ ]*/\1[REDACTED]/gi' \
-        -e 's/(Authorization: )[^ ]*/\1[REDACTED]/gi' \
+        -e 's/(Bearer )[^[:space:],;"'"'"']*/\1[REDACTED]/gi' \
+        -e 's/(api[_-]?key[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/gi' \
+        -e 's/(password[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/gi' \
+        -e 's/(secret[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/gi' \
+        -e 's/(token[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/gi' \
+        -e 's/(Authorization: )[^[:space:],;"'"'"']*/\1[REDACTED]/gi' \
+        -e 's/(client_secret[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/gi' \
+        -e 's/(private_key[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/gi' \
+        -e 's/(access_token[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/gi' \
         -e 's/sk_live_[A-Za-z0-9]+/[REDACTED]/g' \
         -e 's/sk_test_[A-Za-z0-9]+/[REDACTED]/g' \
+        -e 's/whsec_[A-Za-z0-9]+/[REDACTED]/g' \
         -e 's/AKIA[A-Z0-9]{16}/[REDACTED]/g' \
         -e 's/ghp_[A-Za-z0-9]{36}/[REDACTED]/g' \
         -e 's/gho_[A-Za-z0-9]{36}/[REDACTED]/g' \
+        -e 's/glpat-[A-Za-z0-9_-]{20,}/[REDACTED]/g' \
         -e 's/sk-ant-[A-Za-z0-9_-]+/[REDACTED]/g' \
         -e 's/sk-[A-Za-z0-9]{20,}/[REDACTED]/g' \
-        -e 's/(ANTHROPIC_API_KEY[= :])[^ ]*/\1[REDACTED]/g' \
-        -e 's/(OPENAI_API_KEY[= :])[^ ]*/\1[REDACTED]/g'
+        -e 's/AIza[0-9A-Za-z_-]{35}/[REDACTED]/g' \
+        -e 's/xox[abps]-[A-Za-z0-9-]+/[REDACTED]/g' \
+        -e 's/eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/[REDACTED_JWT]/g' \
+        -e 's|(https?://[^/:]+:)[^@]+(@)|\1[REDACTED]\2|g' \
+        -e 's/-----BEGIN [A-Z ]*PRIVATE KEY-----/[REDACTED_PRIVATE_KEY]/g' \
+        -e 's/(ANTHROPIC_API_KEY[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/g' \
+        -e 's/(OPENAI_API_KEY[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/g' \
+        -e 's/(GOOGLE_API_KEY[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/g' \
+        -e 's/(SLACK_TOKEN[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/g' \
+        -e 's/(DATABASE_URL[= :])[^[:space:],;"'"'"']*/\1[REDACTED]/g'
 }
 
 # Collect project files into a destination file.