sessionmem 1.0.5 → 1.1.0

package/dist/cli/commands/config.js

@@ -20,6 +20,13 @@ function coerceRetentionDays(raw) {
     }
     return n;
 }
+function coerceInjectionCap(raw) {
+    const n = coerceInt(raw);
+    if (n < 100 || n > 10000) {
+        throw new Error(`injectionCap must be an integer between 100 and 10000, got "${raw}"`);
+    }
+    return n;
+}
 function coerceBool(raw) {
     const v = raw.trim().toLowerCase();
     if (v === "true")
@@ -34,6 +41,7 @@ const CONFIG_KEYS = {
     "retention.days": { field: "retentionDays", coerce: coerceRetentionDays },
     retentionDays: { field: "retentionDays", coerce: coerceRetentionDays },
     redactionEnabled: { field: "redactionEnabled", coerce: coerceBool },
+    injectionCap: { field: "injectionCap", coerce: coerceInjectionCap },
 };
 function resolvePath(options) {
     return options?.configPath ?? configFilePath();
@@ -50,7 +58,8 @@ export function configGetCommand(key, options) {
         return;
     }
     const config = readPolicyConfig(resolvePath(options));
-    console.log(String(config[def.field]));
+    const val = config[def.field];
+    console.log(val === undefined ? "(not set)" : String(val));
 }
 /**
  * `sessionmem config set <key> <value>` — coerce and persist to config.json.

package/dist/cli/commands/import.js

@@ -73,7 +73,9 @@ export async function importCommand(pathArg, options, ctx) {
             invalidCount += 1;
             continue;
         }
-        validMemories.push(mapped[i]);
+        // Use the parsed/transformed record so `kind` is narrowed to the
+        // canonical enum (memoryKindSchema maps legacy values like `architecture`).
+        validMemories.push(check.data);
     }
     if (validMemories.length === 0) {
         if (invalidCount > 0) {
@@ -100,6 +102,9 @@ export async function importCommand(pathArg, options, ctx) {
     let suffix = result.skippedCrossProject > 0
         ? ` (${result.skippedCrossProject} skipped: id belongs to another project)`
         : "";
+    if (result.skippedExisting > 0) {
+        suffix += ` (${result.skippedExisting} skipped: id already exists in this project)`;
+    }
     if (invalidCount > 0) {
         suffix += ` (${invalidCount} invalid record(s) skipped)`;
     }

package/dist/cli/commands/install.js

@@ -1,6 +1,26 @@
 import { existsSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
 import { AdapterFactory } from "../../adapters/factory.js";
+import { injectGuidanceBlock } from "../../adapters/claudeMdInjector.js";
 import { createCliContext } from "../context.js";
+/**
+ * Resolve the adapter to install into: an explicit `--adapter` flag wins, then
+ * the SESSIONMEM_ADAPTER env override, else auto-detection from the host env.
+ * Throws (via AdapterFactory.forName) on an unknown explicit name so the CLI
+ * surfaces a clear error rather than silently installing the generic adapter.
+ */
+function resolveAdapter(options) {
+    const explicit = options?.adapter && options.adapter.trim() !== ""
+        ? options.adapter.trim()
+        : process.env.SESSIONMEM_ADAPTER && process.env.SESSIONMEM_ADAPTER.trim() !== ""
+            ? process.env.SESSIONMEM_ADAPTER.trim()
+            : undefined;
+    if (explicit) {
+        return { adapter: AdapterFactory.forName(explicit), forced: true };
+    }
+    return { adapter: AdapterFactory.detectAdapter(), forced: false };
+}
 import { configFilePath, writePolicyConfig, DEFAULT_POLICY_CONFIG, } from "../../core/config/policyConfig.js";
 export const MANUAL_CONFIG_BLOCK = JSON.stringify({
     mcpServers: {
@@ -14,7 +34,18 @@ export function printManualFallback(adapterName) {
     console.error(`Auto-config for ${adapterName} failed. Add this block to your MCP config manually:`);
     console.log(MANUAL_CONFIG_BLOCK);
 }
-export async function installCommand(_options, contextOverrides) {
+export async function installCommand(options, contextOverrides) {
+    // Resolve the target adapter up front so an invalid `--adapter` fails before
+    // any filesystem work (DB init, config write).
+    let adapter;
+    let forced;
+    try {
+        ({ adapter, forced } = resolveAdapter(options));
+    }
+    catch (err) {
+        console.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
     // Step 1: DB init — run migrations and confirm DB init
     let dbPath;
     try {
@@ -38,8 +69,12 @@ export async function installCommand(_options, contextOverrides) {
         writePolicyConfig(configPath, { ...DEFAULT_POLICY_CONFIG });
         console.log(`✓ config.json initialized (${configPath})`);
     }
-    // Step 2: Adapter config — detect adapter and install
-    const adapter = AdapterFactory.detectAdapter();
+    // Step 2: Adapter config — install into the resolved adapter. Print which
+    // adapter was selected and how, so the user can see whether auto-detection
+    // picked the host they expected (and re-run with `--adapter` if not).
+    console.log(forced
+        ? `→ Installing for adapter: ${adapter.name} (forced)`
+        : `→ Detected host: ${adapter.name} (override with --adapter <name>)`);
     if (!adapter.install) {
         console.error(`✗ ${adapter.name} config update failed`);
         printManualFallback(adapter.name);
@@ -52,6 +87,29 @@ export async function installCommand(_options, contextOverrides) {
         process.exit(1);
     }
     console.log(`✓ ${adapter.name} config updated`);
-    // Step 3: Full success checklist
-    console.log("✓ sessionmem ready");
+    // Step 3: Guidance injection — non-fatal. Inject the sessionmem instruction
+    // block into the file(s) the detected host actually reads at session start so
+    // the agent automatically knows the MCP exists and how to use it. Adapters
+    // declare their own target(s); when none are declared (e.g. a minimal mock or
+    // an unknown host) fall back to the global Claude Code memory file.
+    const guidanceTargets = adapter.guidanceTargets?.() ?? [join(homedir(), ".claude", "CLAUDE.md")];
+    for (const target of guidanceTargets) {
+        try {
+            const injected = injectGuidanceBlock(target);
+            if (injected) {
+                console.log(`✓ Agent guidance injected (${target})`);
+            }
+            else {
+                console.error(`✗ Agent guidance injection failed (non-fatal): ${target}`);
+            }
+        }
+        catch {
+            console.error(`✗ Agent guidance injection failed (non-fatal): ${target}`);
+        }
+    }
+    // Step 4: Full success checklist
+    if (adapter.name === "Claude Code") {
+        console.log("✓ Auto-injection hook installed (~/.claude/settings.json) — prior memories load automatically at the start of every Claude Code session");
+    }
+    console.log("✓ sessionmem ready — restart your editor/agent so it picks up the MCP server");
 }

package/dist/cli/commands/ping.js

@@ -1,12 +1,46 @@
 import { pingTool } from "../../adapters/tools/ping.js";
-export async function pingCommand() {
-    const result = await pingTool.execute();
-    console.log(`status: ${result.status}`);
-    console.log(`version: ${result.version}`);
-    console.log(`message: ${result.message}`);
-    if (result.status !== "ok") {
-        console.error(`sessionmem ping failed: ${result.message}`);
+import { createCliContext } from "../context.js";
+/**
+ * `sessionmem ping` — report the local version AND verify the memory store is
+ * actually reachable.
+ *
+ * The previous implementation only echoed the package version and always
+ * printed "ok", so a broken/locked database still reported healthy. This opens
+ * the DB (running migrations) and executes a trivial query; a failure is
+ * surfaced as a non-ok status and a non-zero exit code.
+ */
+export async function pingCommand(ctx) {
+    const versionResult = await pingTool.execute();
+    console.log(`version: ${versionResult.version}`);
+    let context;
+    try {
+        context = ctx ?? createCliContext();
+    }
+    catch (err) {
+        console.log("status: error");
+        console.log(`message: database could not be opened: ${err instanceof Error ? err.message : String(err)}`);
+        console.error("sessionmem ping failed: database unreachable");
+        process.exit(1);
+    }
+    try {
+        // Trivial round-trip through the service layer proves migrations ran and
+        // the DB answers queries for the current project.
+        const result = await context.service.call("stats", {
+            projectId: context.projectId,
+        });
+        if (!result.ok) {
+            console.log("status: error");
+            console.log(`message: database query failed: ${result.error.message}`);
+            console.error("sessionmem ping failed: database query failed");
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        console.log("status: error");
+        console.log(`message: database query failed: ${err instanceof Error ? err.message : String(err)}`);
+        console.error("sessionmem ping failed: database query failed");
         process.exit(1);
     }
-    // exit 0 on success (implicit)
+    console.log("status: ok");
+    console.log("message: sessionmem is operational (database reachable).");
 }

package/dist/cli/commands/reEmbed.js

@@ -0,0 +1,48 @@
+import { createCliContext } from "../context.js";
+import { deterministicEmbed } from "../../core/embed/deterministicEmbed.js";
+import { EMBEDDING_VERSION } from "../../core/embed/embeddingVersion.js";
+const DEFAULT_EMBEDDING_DIMENSION = 32;
+/**
+ * `sessionmem re-embed`
+ *
+ * Bulk-update embeddings for all memories whose embedding_version does not
+ * match the current EMBEDDING_VERSION. Recomputes each embedding with
+ * deterministicEmbed and writes the new vector + version back to the row.
+ */
+export async function reEmbedCommand(ctx) {
+    const context = ctx ?? createCliContext();
+    const { db, projectId } = context;
+    const stale = db
+        .prepare(`
+      SELECT id, content, embedding_dim
+      FROM memories
+      WHERE project_id = ?
+        AND (embedding_version IS NULL OR embedding_version != ?)
+    `)
+        .all(projectId, EMBEDDING_VERSION);
+    const total = stale.length;
+    if (total === 0) {
+        console.log("All embeddings are up to date.");
+        return;
+    }
+    console.log(`Found ${total} memories with stale embeddings. Re-embedding...`);
+    const updateStmt = db.prepare(`
+    UPDATE memories
+    SET embedding = ?, embedding_dim = ?, embedding_version = ?
+    WHERE id = ?
+  `);
+    let count = 0;
+    const runAll = db.transaction(() => {
+        for (const row of stale) {
+            const dim = row.embedding_dim ?? DEFAULT_EMBEDDING_DIMENSION;
+            const result = deterministicEmbed(row.content, dim);
+            updateStmt.run(JSON.stringify(result.vector), result.dimension, EMBEDDING_VERSION, row.id);
+            count += 1;
+            if (count % 100 === 0 || count === total) {
+                console.log(`  ${count}/${total}`);
+            }
+        }
+    });
+    runAll();
+    console.log(`Re-embedded ${count} memories to version ${EMBEDDING_VERSION}.`);
+}

package/dist/cli/commands/run.js

@@ -2,12 +2,24 @@ import { AdapterFactory } from "../../adapters/factory.js";
 import { mkdirSync, writeFileSync } from "fs";
 import { join } from "path";
 import { homedir } from "os";
+import { deriveProjectId } from "../projectId.js";
+import { expandTilde } from "../context.js";
 export async function runMcpServer() {
     const adapter = AdapterFactory.detectAdapter();
-    // Setup rudimentary log for debugging manual configs
+    // Startup diagnostics: written to ~/.sessionmem/logs/mcp.log
     const logDir = join(homedir(), ".sessionmem", "logs");
     const logPath = join(logDir, "mcp.log");
-    const logMessage = `[${new Date().toISOString()}] Started sessionmem via ${adapter.name}\n`;
+    // Derive db path for diagnostics (mirrors context.ts defaultDbPath)
+    const envDbPath = process.env.SESSIONMEM_DB_PATH;
+    const dbPath = envDbPath && envDbPath.trim() !== ""
+        ? expandTilde(envDbPath)
+        : join(homedir(), ".sessionmem", "memories.db");
+    // Derive project ID for diagnostics. Shares the exact derivation the server
+    // uses (createCliContext → deriveProjectId) so the logged id never diverges
+    // from the bucket the server actually serves.
+    const projectId = deriveProjectId();
+    const adapterName = adapter.name;
+    const logMessage = `[${new Date().toISOString()}] Started sessionmem | adapter=${adapterName} db=${dbPath} project=${projectId}\n`;
     try {
         mkdirSync(logDir, { recursive: true });
         writeFileSync(logPath, logMessage, { flag: "a" });
@@ -15,6 +27,10 @@ export async function runMcpServer() {
     catch {
         // best-effort logging; ignore failures
     }
+    // Debug output to stderr (never stdout — that's the MCP protocol channel)
+    if (process.env.SESSIONMEM_DEBUG === "1") {
+        process.stderr.write(`[sessionmem] db=${dbPath} project=${projectId} adapter=${adapterName}\n`);
+    }
     // Start the server
     if (adapter.startMcpServer) {
         await adapter.startMcpServer();

package/dist/cli/commands/savings.js

@@ -0,0 +1,91 @@
+import { createCliContext } from "../context.js";
+import { countTokens } from "../../core/injection/tokenBudget.js";
+import { listMemoryContentsByProject } from "../../core/storage/memoryRepo.js";
+import { countDistinctSessions, listEventPayloads, } from "../../core/storage/tokenSavingsRepo.js";
+import { readPolicyConfig, configFilePath, } from "../../core/config/policyConfig.js";
+/** Default injection token cap, mirroring formatStartupInjection.ts. */
+const DEFAULT_INJECTION_CAP = 450;
+export function savingsCommand(ctx, options) {
+    const context = ctx ?? createCliContext();
+    const { db, projectId } = context;
+    // --- gather raw numbers ---
+    const memoryTokens = listMemoryContentsByProject(db, projectId).reduce((sum, content) => sum + countTokens(content), 0);
+    const rawEventTokens = listEventPayloads(db, projectId).reduce((sum, p) => sum + countTokens(p), 0);
+    const sessions = countDistinctSessions(db, projectId);
+    // Read the injection cap from policy config if it exists; fall back to 450.
+    const policyConfig = readPolicyConfig(options?.configPath ?? configFilePath());
+    const injectionCap = policyConfig.injectionCap ?? DEFAULT_INJECTION_CAP;
+    // --- calculations ---
+    const tokensSaved = rawEventTokens - memoryTokens;
+    // Clamp for display. When memories exist but no session events were ingested
+    // (rawEventTokens === 0), the raw subtraction goes negative, which is
+    // misleading. Never present a negative "tokens saved" to the user.
+    const displayedTokensSaved = Math.max(0, tokensSaved);
+    const savingsPct = rawEventTokens > 0 ? (tokensSaved / rawEventTokens) * 100 : 0;
+    const estimatedReexplainTokens = memoryTokens * 3;
+    const injectionSavings = estimatedReexplainTokens - sessions * injectionCap;
+    const overallSaved = tokensSaved + Math.max(0, injectionSavings);
+    const displayedOverallSaved = Math.max(0, overallSaved);
+    const overallPct = rawEventTokens + estimatedReexplainTokens > 0
+        ? (overallSaved / (rawEventTokens + estimatedReexplainTokens)) * 100
+        : 0;
+    const displayedOverallPct = displayedOverallSaved > 0 ? overallPct : 0;
+    // per-session injection overhead (fixed cap, not a measured average)
+    const avgInjectionCost = sessions > 0 ? injectionCap : 0;
+    // --- JSON output ---
+    if (options?.json) {
+        const payload = {
+            memoryTokens,
+            rawEventTokens,
+            tokensSaved: displayedTokensSaved,
+            savingsPct: Math.round(savingsPct * 10) / 10,
+            sessions,
+            injectionCap,
+            estimatedReexplainTokens,
+            injectionSavings,
+            overallSaved: displayedOverallSaved,
+            overallPct: Math.round(displayedOverallPct * 10) / 10,
+        };
+        process.stdout.write(JSON.stringify(payload, null, 2) + "\n");
+        return;
+    }
+    // --- empty state ---
+    if (rawEventTokens === 0 && memoryTokens === 0) {
+        process.stdout.write("No session data yet. Token savings will appear after your first session.\n");
+        return;
+    }
+    // --- formatted report ---
+    const fmt = (n) => n.toLocaleString("en-US");
+    // When no session events have been ingested, the storage-compression numbers
+    // are meaningless (and "tokens saved" would be negative). Show a helpful note
+    // instead of misleading figures.
+    const storageLines = rawEventTokens === 0
+        ? [
+            "Storage compression:",
+            "  No session data ingested yet.",
+            "  Tip: call ingestSessionEvents during sessions to track token usage.",
+        ]
+        : [
+            "Storage compression:",
+            `  Raw session tokens:  ${fmt(rawEventTokens).padStart(10)}`,
+            `  Memory tokens:       ${fmt(memoryTokens).padStart(10)}`,
+            `  Tokens saved:        ${fmt(displayedTokensSaved).padStart(10)} (${(Math.round(savingsPct * 10) / 10).toFixed(1)}%)`,
+        ];
+    const lines = [
+        "sessionmem token savings",
+        "",
+        ...storageLines,
+        "",
+        "Session injection:",
+        `  Total sessions:      ${fmt(sessions).padStart(10)}`,
+        `  Avg injection cost:  ${fmt(avgInjectionCost).padStart(10)} tokens/session`,
+        `  Est. re-explain cost:${fmt(estimatedReexplainTokens).padStart(10)} tokens (without sessionmem)`,
+        `  Injection savings:   ${fmt(Math.max(0, injectionSavings)).padStart(10)} tokens across ${fmt(sessions)} sessions`,
+        "",
+        "Overall:",
+        `  Total tokens saved:  ${fmt(displayedOverallSaved).padStart(10)}`,
+        `  Efficiency:          ${(Math.round(displayedOverallPct * 10) / 10).toFixed(1)}%`,
+        "",
+    ];
+    process.stdout.write(lines.join("\n"));
+}

package/dist/cli/commands/sessionEnd.js

@@ -0,0 +1,124 @@
+import { createCliContext } from "../context.js";
+import { handleSessionEndConfigSchema } from "../../core/api/contracts.js";
+/**
+ * Read the Claude Code hook JSON payload from stdin, if any. The `SessionEnd`
+ * hook pipes a JSON object that includes `session_id`, `cwd`, and `reason`. When
+ * the command is run interactively (TTY) or no payload arrives, returns `{}`.
+ *
+ * A short timeout guards against a non-TTY stdin that never reaches EOF so the
+ * hook can never hang and block the session from ending.
+ */
+async function readHookPayload() {
+    if (process.stdin.isTTY) {
+        return {};
+    }
+    const raw = await new Promise((resolve) => {
+        let data = "";
+        let settled = false;
+        const finish = () => {
+            if (settled)
+                return;
+            settled = true;
+            resolve(data);
+        };
+        const timer = setTimeout(() => {
+            // The non-TTY stdin never reached EOF. Detach our listeners and pause the
+            // stream so the dangling read can't keep the event loop alive (which would
+            // hang the hook), then resolve with whatever was buffered.
+            process.stdin.removeAllListeners();
+            process.stdin.pause();
+            finish();
+        }, 500);
+        timer.unref?.();
+        process.stdin.setEncoding("utf8");
+        process.stdin.on("data", (chunk) => {
+            data += chunk;
+        });
+        process.stdin.on("end", () => {
+            clearTimeout(timer);
+            finish();
+        });
+        process.stdin.on("error", () => {
+            clearTimeout(timer);
+            finish();
+        });
+    });
+    if (raw.trim() === "") {
+        return {};
+    }
+    try {
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === "object"
+            ? parsed
+            : {};
+    }
+    catch {
+        return {};
+    }
+}
+/**
+ * Resolve the session id for the session-end pipeline. Prefers the hook
+ * payload's `session_id`, then the Claude Code `CLAUDE_CODE_SESSION_ID` env var
+ * (set inside a Claude Code session), and finally a stable per-day fallback so
+ * the retention prune still runs even with no session context.
+ */
+function resolveSessionId(payload) {
+    const fromPayload = payload.session_id;
+    if (typeof fromPayload === "string" && fromPayload.trim() !== "") {
+        return fromPayload.trim();
+    }
+    const fromEnv = process.env.CLAUDE_CODE_SESSION_ID;
+    if (fromEnv && fromEnv.trim() !== "") {
+        return fromEnv.trim();
+    }
+    return `session-end-${new Date().toISOString().slice(0, 10)}`;
+}
+/**
+ * `sessionmem session-end` — the deterministic write-side counterpart to
+ * `session-start`. Installed as a Claude Code `SessionEnd` hook so the
+ * session-end pipeline runs automatically once per session:
+ *  1. Auto-summarize any ingested session events into a durable memory.
+ *  2. Run a light retention prune of memories older than the retention window.
+ *
+ * Then prints a one-line human summary of what happened. Every error is
+ * swallowed so a session can never be blocked from ending.
+ */
+export async function sessionEndCommand(ctx) {
+    try {
+        const payload = ctx ? {} : await readHookPayload();
+        const context = ctx ?? createCliContext();
+        const sessionId = resolveSessionId(payload);
+        const result = await context.service.call("handleSessionEnd", {
+            projectId: context.projectId,
+            sessionId,
+            sourceAdapter: "sessionmem-cli",
+            // Resolve the default config (autoSummarize on, threshold 3 events, local
+            // summarizer; cloud summarization stays opt-in) so the call matches the
+            // request type without relying on the schema default at the call site.
+            config: handleSessionEndConfigSchema.parse({}),
+        });
+        if (!result.ok) {
+            // Never block session end — report quietly to stderr only.
+            process.stderr.write(`[sessionmem] session-end: ${result.error.message}\n`);
+            return;
+        }
+        switch (result.status) {
+            case "stored":
+                console.log(`sessionmem: session summary stored (${result.usedMode}); retention prune applied.`);
+                break;
+            case "skipped_threshold":
+                console.log("sessionmem: not enough session events to summarize; retention prune applied.");
+                break;
+            case "skipped_disabled":
+                console.log("sessionmem: auto-summarization disabled; retention prune applied.");
+                break;
+            case "failed":
+                console.log("sessionmem: session summarization failed (recorded); retention prune applied.");
+                break;
+        }
+    }
+    catch (err) {
+        // Best-effort: a failure here must never fail the session-end hook.
+        process.stderr.write(`[sessionmem] session-end skipped: ${err instanceof Error ? err.message : String(err)}\n`);
+    }
+}

package/dist/cli/commands/sessionStart.js

@@ -0,0 +1,52 @@
+import { createCliContext } from "../context.js";
+/**
+ * Generic startup query. When few memories contain these literal tokens the
+ * FTS pre-filter falls back to the importance/recency candidate set
+ * (searchMemoryCandidatesFTS → searchMemoryCandidates), so the injection
+ * surfaces the most important and recent memories rather than nothing.
+ */
+const STARTUP_QUERY = "session startup context recent decisions architecture warnings preferences";
+/**
+ * Emit prior project memories as Claude Code SessionStart hook output.
+ *
+ * This is the deterministic auto-injection path the user was missing: the
+ * installed `SessionStart` hook runs `sessionmem session-start` at the start of
+ * every Claude Code session and Claude Code adds this command's
+ * `additionalContext` to the conversation — with zero reliance on the agent
+ * choosing to call the `startup_inject_memories` tool.
+ *
+ * Contract notes:
+ *  - ONLY the JSON envelope is written to stdout; diagnostics never touch
+ *    stdout (Claude Code parses stdout as the hook result).
+ *  - The command must never fail a session start: every error is swallowed and
+ *    results in empty output (the session simply starts without injected
+ *    context).
+ *  - When there are no memories yet, nothing is emitted so a fresh project
+ *    starts clean.
+ */
+export async function sessionStartCommand(ctx) {
+    try {
+        const context = ctx ?? createCliContext();
+        const result = await context.service.call("retrieveMemories", {
+            projectId: context.projectId,
+            query: STARTUP_QUERY,
+            limit: 20,
+            mode: "auto",
+            depth: "default",
+        });
+        if (result.ok &&
+            result.total > 0 &&
+            result.startupInjection.trim() !== "") {
+            const payload = {
+                hookSpecificOutput: {
+                    hookEventName: "SessionStart",
+                    additionalContext: result.startupInjection,
+                },
+            };
+            process.stdout.write(JSON.stringify(payload));
+        }
+    }
+    catch {
+        // Never block session start — emit nothing on any failure.
+    }
+}

package/dist/cli/commands/sync.js

@@ -1,8 +1,22 @@
 import { join } from "path";
-import { mkdirSync, readFileSync, readdirSync, renameSync, writeFileSync, } from "fs";
+import { mkdirSync, readFileSync, readdirSync, renameSync, statSync, writeFileSync, } from "fs";
 import { configFilePath, readPolicyConfig, } from "../../core/config/policyConfig.js";
 import { importMemoryRecordSchema } from "../../core/api/contracts.js";
 import { createCliContext } from "../context.js";
+/**
+ * Skip any teammate file larger than this. A network/shared drive can host an
+ * arbitrarily large (or maliciously huge) file; reading it whole with
+ * `readFileSync` would balloon memory. Skip-and-warn instead, matching the
+ * resilient pull semantics for unreadable/non-array files.
+ */
+const MAX_TEAMMATE_FILE_BYTES = 10 * 1024 * 1024; // 10MB
+/**
+ * `pullMemoriesRequestSchema` rejects any batch over MAX_IMPORT_SIZE (1000)
+ * records, so accumulating every teammate's memories into one array would let a
+ * large team blow the cap and discard the whole pull. Send in chunks of this
+ * size instead.
+ */
+const MAX_BATCH = 1000;
 /**
  * `sessionmem sync` — push a full snapshot of local project memories to the
  * shared path and pull every teammate's snapshot back into the local DB.
@@ -70,14 +84,27 @@ export async function syncCommand(ctx, options) {
     }
     const memories = [];
     for (const file of teammateFiles) {
+        // file comes from readdirSync(dir) filtered to *.json entries, so it is a
+        // plain filename with no path separators, not user input.
+        // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
+        const filePath = join(dir, file);
+        // Guard against an oversized teammate file before reading it whole.
+        try {
+            const stat = statSync(filePath);
+            if (stat.size > MAX_TEAMMATE_FILE_BYTES) {
+                console.warn(`sessionmem: skipping ${file} (${stat.size} bytes exceeds 10MB limit)`);
+                continue;
+            }
+        }
+        catch {
+            console.error(`Skipping unreadable teammate file: ${file}`);
+            continue;
+        }
         let parsed;
         try {
             // A truncated/corrupt teammate file is skipped-and-warned, never
             // aborting the rest of the pull.
-            // file comes from readdirSync(dir) filtered to *.json entries, so it is
-            // a plain filename with no path separators, not user input.
-            // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
-            parsed = JSON.parse(readFileSync(join(dir, file), "utf8"));
+            parsed = JSON.parse(readFileSync(filePath, "utf8"));
         }
         catch {
             console.error(`Skipping unreadable teammate file: ${file}`);
@@ -100,18 +127,21 @@ export async function syncCommand(ctx, options) {
     }
     let pulledNew = 0;
     let pulledUpdated = 0;
-    if (memories.length > 0) {
+    // Split into batches of MAX_BATCH (1000) so a large team never trips
+    // pullMemoriesRequestSchema's max(MAX_IMPORT_SIZE) and discards the whole pull.
+    for (let i = 0; i < memories.length; i += MAX_BATCH) {
+        const batch = memories.slice(i, i + MAX_BATCH);
         const pullRes = await context.service.call("pullMemories", {
             projectId: context.projectId,
-            memories,
+            memories: batch,
         });
         if (!pullRes.ok) {
             console.error(pullRes.error.message);
             process.exit(1);
             return;
         }
-        pulledNew = pullRes.pulledNew;
-        pulledUpdated = pullRes.pulledUpdated;
+        pulledNew += pullRes.pulledNew;
+        pulledUpdated += pullRes.pulledUpdated;
     }
     // The exact summary string.
     console.log(`Pushed ${pushed} memories, pulled ${pulledNew} new + updated ${pulledUpdated} from teammates.`);