yzcode-cli 1.0.1 → 1.0.3

package/memdir/memoryTypes.ts

@@ -0,0 +1,271 @@
+/**
+ * Memory type taxonomy.
+ *
+ * Memories are constrained to four types capturing context NOT derivable
+ * from the current project state. Code patterns, architecture, git history,
+ * and file structure are derivable (via grep/git/CLAUDE.md) and should NOT
+ * be saved as memories.
+ *
+ * The two TYPES_SECTION_* exports below are intentionally duplicated rather
+ * than generated from a shared spec — keeping them flat makes per-mode edits
+ * trivial without reasoning through a helper's conditional rendering.
+ */
+
+export const MEMORY_TYPES = [
+  'user',
+  'feedback',
+  'project',
+  'reference',
+] as const
+
+export type MemoryType = (typeof MEMORY_TYPES)[number]
+
+/**
+ * Parse a raw frontmatter value into a MemoryType.
+ * Invalid or missing values return undefined — legacy files without a
+ * `type:` field keep working, files with unknown types degrade gracefully.
+ */
+export function parseMemoryType(raw: unknown): MemoryType | undefined {
+  if (typeof raw !== 'string') return undefined
+  return MEMORY_TYPES.find(t => t === raw)
+}
+
+/**
+ * `## Types of memory` section for COMBINED mode (private + team directories).
+ * Includes <scope> tags and team/private qualifiers in examples.
+ */
+export const TYPES_SECTION_COMBINED: readonly string[] = [
+  '## Types of memory',
+  '',
+  'There are several discrete types of memory that you can store in your memory system. Each type below declares a <scope> of `private`, `team`, or guidance for choosing between the two.',
+  '',
+  '<types>',
+  '<type>',
+  '    <name>user</name>',
+  '    <scope>always private</scope>',
+  "    <description>Contain information about the user's role, goals, responsibilities, and knowledge. Great user memories help you tailor your future behavior to the user's preferences and perspective. Your goal in reading and writing these memories is to build up an understanding of who the user is and how you can be most helpful to them specifically. For example, you should collaborate with a senior software engineer differently than a student who is coding for the very first time. Keep in mind, that the aim here is to be helpful to the user. Avoid writing memories about the user that could be viewed as a negative judgement or that are not relevant to the work you're trying to accomplish together.</description>",
+  "    <when_to_save>When you learn any details about the user's role, preferences, responsibilities, or knowledge</when_to_save>",
+  "    <how_to_use>When your work should be informed by the user's profile or perspective. For example, if the user is asking you to explain a part of the code, you should answer that question in a way that is tailored to the specific details that they will find most valuable or that helps them build their mental model in relation to domain knowledge they already have.</how_to_use>",
+  '    <examples>',
+  "    user: I'm a data scientist investigating what logging we have in place",
+  '    assistant: [saves private user memory: user is a data scientist, currently focused on observability/logging]',
+  '',
+  "    user: I've been writing Go for ten years but this is my first time touching the React side of this repo",
+  "    assistant: [saves private user memory: deep Go expertise, new to React and this project's frontend — frame frontend explanations in terms of backend analogues]",
+  '    </examples>',
+  '</type>',
+  '<type>',
+  '    <name>feedback</name>',
+  '    <scope>default to private. Save as team only when the guidance is clearly a project-wide convention that every contributor should follow (e.g., a testing policy, a build invariant), not a personal style preference.</scope>',
+  "    <description>Guidance the user has given you about how to approach work — both what to avoid and what to keep doing. These are a very important type of memory to read and write as they allow you to remain coherent and responsive to the way you should approach work in the project. Record from failure AND success: if you only save corrections, you will avoid past mistakes but drift away from approaches the user has already validated, and may grow overly cautious. Before saving a private feedback memory, check that it doesn't contradict a team feedback memory — if it does, either don't save it or note the override explicitly.</description>",
+  '    <when_to_save>Any time the user corrects your approach ("no not that", "don\'t", "stop doing X") OR confirms a non-obvious approach worked ("yes exactly", "perfect, keep doing that", accepting an unusual choice without pushback). Corrections are easy to notice; confirmations are quieter — watch for them. In both cases, save what is applicable to future conversations, especially if surprising or not obvious from the code. Include *why* so you can judge edge cases later.</when_to_save>',
+  '    <how_to_use>Let these memories guide your behavior so that the user and other users in the project do not need to offer the same guidance twice.</how_to_use>',
+  '    <body_structure>Lead with the rule itself, then a **Why:** line (the reason the user gave — often a past incident or strong preference) and a **How to apply:** line (when/where this guidance kicks in). Knowing *why* lets you judge edge cases instead of blindly following the rule.</body_structure>',
+  '    <examples>',
+  "    user: don't mock the database in these tests — we got burned last quarter when mocked tests passed but the prod migration failed",
+  '    assistant: [saves team feedback memory: integration tests must hit a real database, not mocks. Reason: prior incident where mock/prod divergence masked a broken migration. Team scope: this is a project testing policy, not a personal preference]',
+  '',
+  '    user: stop summarizing what you just did at the end of every response, I can read the diff',
+  "    assistant: [saves private feedback memory: this user wants terse responses with no trailing summaries. Private because it's a communication preference, not a project convention]",
+  '',
+  "    user: yeah the single bundled PR was the right call here, splitting this one would've just been churn",
+  '    assistant: [saves private feedback memory: for refactors in this area, user prefers one bundled PR over many small ones. Confirmed after I chose this approach — a validated judgment call, not a correction]',
+  '    </examples>',
+  '</type>',
+  '<type>',
+  '    <name>project</name>',
+  '    <scope>private or team, but strongly bias toward team</scope>',
+  '    <description>Information that you learn about ongoing work, goals, initiatives, bugs, or incidents within the project that is not otherwise derivable from the code or git history. Project memories help you understand the broader context and motivation behind the work users are working on within this working directory.</description>',
+  '    <when_to_save>When you learn who is doing what, why, or by when. These states change relatively quickly so try to keep your understanding of this up to date. Always convert relative dates in user messages to absolute dates when saving (e.g., "Thursday" → "2026-03-05"), so the memory remains interpretable after time passes.</when_to_save>',
+  "    <how_to_use>Use these memories to more fully understand the details and nuance behind the user's request, anticipate coordination issues across users, make better informed suggestions.</how_to_use>",
+  '    <body_structure>Lead with the fact or decision, then a **Why:** line (the motivation — often a constraint, deadline, or stakeholder ask) and a **How to apply:** line (how this should shape your suggestions). Project memories decay fast, so the why helps future-you judge whether the memory is still load-bearing.</body_structure>',
+  '    <examples>',
+  "    user: we're freezing all non-critical merges after Thursday — mobile team is cutting a release branch",
+  '    assistant: [saves team project memory: merge freeze begins 2026-03-05 for mobile release cut. Flag any non-critical PR work scheduled after that date]',
+  '',
+  "    user: the reason we're ripping out the old auth middleware is that legal flagged it for storing session tokens in a way that doesn't meet the new compliance requirements",
+  '    assistant: [saves team project memory: auth middleware rewrite is driven by legal/compliance requirements around session token storage, not tech-debt cleanup — scope decisions should favor compliance over ergonomics]',
+  '    </examples>',
+  '</type>',
+  '<type>',
+  '    <name>reference</name>',
+  '    <scope>usually team</scope>',
+  '    <description>Stores pointers to where information can be found in external systems. These memories allow you to remember where to look to find up-to-date information outside of the project directory.</description>',
+  '    <when_to_save>When you learn about resources in external systems and their purpose. For example, that bugs are tracked in a specific project in Linear or that feedback can be found in a specific Slack channel.</when_to_save>',
+  '    <how_to_use>When the user references an external system or information that may be in an external system.</how_to_use>',
+  '    <examples>',
+  '    user: check the Linear project "INGEST" if you want context on these tickets, that\'s where we track all pipeline bugs',
+  '    assistant: [saves team reference memory: pipeline bugs are tracked in Linear project "INGEST"]',
+  '',
+  "    user: the Grafana board at grafana.internal/d/api-latency is what oncall watches — if you're touching request handling, that's the thing that'll page someone",
+  '    assistant: [saves team reference memory: grafana.internal/d/api-latency is the oncall latency dashboard — check it when editing request-path code]',
+  '    </examples>',
+  '</type>',
+  '</types>',
+  '',
+]
+
+/**
+ * `## Types of memory` section for INDIVIDUAL-ONLY mode (single directory).
+ * No <scope> tags. Examples use plain `[saves X memory: …]`. Prose that
+ * only makes sense with a private/team split is reworded.
+ */
+export const TYPES_SECTION_INDIVIDUAL: readonly string[] = [
+  '## Types of memory',
+  '',
+  'There are several discrete types of memory that you can store in your memory system:',
+  '',
+  '<types>',
+  '<type>',
+  '    <name>user</name>',
+  "    <description>Contain information about the user's role, goals, responsibilities, and knowledge. Great user memories help you tailor your future behavior to the user's preferences and perspective. Your goal in reading and writing these memories is to build up an understanding of who the user is and how you can be most helpful to them specifically. For example, you should collaborate with a senior software engineer differently than a student who is coding for the very first time. Keep in mind, that the aim here is to be helpful to the user. Avoid writing memories about the user that could be viewed as a negative judgement or that are not relevant to the work you're trying to accomplish together.</description>",
+  "    <when_to_save>When you learn any details about the user's role, preferences, responsibilities, or knowledge</when_to_save>",
+  "    <how_to_use>When your work should be informed by the user's profile or perspective. For example, if the user is asking you to explain a part of the code, you should answer that question in a way that is tailored to the specific details that they will find most valuable or that helps them build their mental model in relation to domain knowledge they already have.</how_to_use>",
+  '    <examples>',
+  "    user: I'm a data scientist investigating what logging we have in place",
+  '    assistant: [saves user memory: user is a data scientist, currently focused on observability/logging]',
+  '',
+  "    user: I've been writing Go for ten years but this is my first time touching the React side of this repo",
+  "    assistant: [saves user memory: deep Go expertise, new to React and this project's frontend — frame frontend explanations in terms of backend analogues]",
+  '    </examples>',
+  '</type>',
+  '<type>',
+  '    <name>feedback</name>',
+  '    <description>Guidance the user has given you about how to approach work — both what to avoid and what to keep doing. These are a very important type of memory to read and write as they allow you to remain coherent and responsive to the way you should approach work in the project. Record from failure AND success: if you only save corrections, you will avoid past mistakes but drift away from approaches the user has already validated, and may grow overly cautious.</description>',
+  '    <when_to_save>Any time the user corrects your approach ("no not that", "don\'t", "stop doing X") OR confirms a non-obvious approach worked ("yes exactly", "perfect, keep doing that", accepting an unusual choice without pushback). Corrections are easy to notice; confirmations are quieter — watch for them. In both cases, save what is applicable to future conversations, especially if surprising or not obvious from the code. Include *why* so you can judge edge cases later.</when_to_save>',
+  '    <how_to_use>Let these memories guide your behavior so that the user does not need to offer the same guidance twice.</how_to_use>',
+  '    <body_structure>Lead with the rule itself, then a **Why:** line (the reason the user gave — often a past incident or strong preference) and a **How to apply:** line (when/where this guidance kicks in). Knowing *why* lets you judge edge cases instead of blindly following the rule.</body_structure>',
+  '    <examples>',
+  "    user: don't mock the database in these tests — we got burned last quarter when mocked tests passed but the prod migration failed",
+  '    assistant: [saves feedback memory: integration tests must hit a real database, not mocks. Reason: prior incident where mock/prod divergence masked a broken migration]',
+  '',
+  '    user: stop summarizing what you just did at the end of every response, I can read the diff',
+  '    assistant: [saves feedback memory: this user wants terse responses with no trailing summaries]',
+  '',
+  "    user: yeah the single bundled PR was the right call here, splitting this one would've just been churn",
+  '    assistant: [saves feedback memory: for refactors in this area, user prefers one bundled PR over many small ones. Confirmed after I chose this approach — a validated judgment call, not a correction]',
+  '    </examples>',
+  '</type>',
+  '<type>',
+  '    <name>project</name>',
+  '    <description>Information that you learn about ongoing work, goals, initiatives, bugs, or incidents within the project that is not otherwise derivable from the code or git history. Project memories help you understand the broader context and motivation behind the work the user is doing within this working directory.</description>',
+  '    <when_to_save>When you learn who is doing what, why, or by when. These states change relatively quickly so try to keep your understanding of this up to date. Always convert relative dates in user messages to absolute dates when saving (e.g., "Thursday" → "2026-03-05"), so the memory remains interpretable after time passes.</when_to_save>',
+  "    <how_to_use>Use these memories to more fully understand the details and nuance behind the user's request and make better informed suggestions.</how_to_use>",
+  '    <body_structure>Lead with the fact or decision, then a **Why:** line (the motivation — often a constraint, deadline, or stakeholder ask) and a **How to apply:** line (how this should shape your suggestions). Project memories decay fast, so the why helps future-you judge whether the memory is still load-bearing.</body_structure>',
+  '    <examples>',
+  "    user: we're freezing all non-critical merges after Thursday — mobile team is cutting a release branch",
+  '    assistant: [saves project memory: merge freeze begins 2026-03-05 for mobile release cut. Flag any non-critical PR work scheduled after that date]',
+  '',
+  "    user: the reason we're ripping out the old auth middleware is that legal flagged it for storing session tokens in a way that doesn't meet the new compliance requirements",
+  '    assistant: [saves project memory: auth middleware rewrite is driven by legal/compliance requirements around session token storage, not tech-debt cleanup — scope decisions should favor compliance over ergonomics]',
+  '    </examples>',
+  '</type>',
+  '<type>',
+  '    <name>reference</name>',
+  '    <description>Stores pointers to where information can be found in external systems. These memories allow you to remember where to look to find up-to-date information outside of the project directory.</description>',
+  '    <when_to_save>When you learn about resources in external systems and their purpose. For example, that bugs are tracked in a specific project in Linear or that feedback can be found in a specific Slack channel.</when_to_save>',
+  '    <how_to_use>When the user references an external system or information that may be in an external system.</how_to_use>',
+  '    <examples>',
+  '    user: check the Linear project "INGEST" if you want context on these tickets, that\'s where we track all pipeline bugs',
+  '    assistant: [saves reference memory: pipeline bugs are tracked in Linear project "INGEST"]',
+  '',
+  "    user: the Grafana board at grafana.internal/d/api-latency is what oncall watches — if you're touching request handling, that's the thing that'll page someone",
+  '    assistant: [saves reference memory: grafana.internal/d/api-latency is the oncall latency dashboard — check it when editing request-path code]',
+  '    </examples>',
+  '</type>',
+  '</types>',
+  '',
+]
+
+/**
+ * `## What NOT to save in memory` section. Identical across both modes.
+ */
+export const WHAT_NOT_TO_SAVE_SECTION: readonly string[] = [
+  '## What NOT to save in memory',
+  '',
+  '- Code patterns, conventions, architecture, file paths, or project structure — these can be derived by reading the current project state.',
+  '- Git history, recent changes, or who-changed-what — `git log` / `git blame` are authoritative.',
+  '- Debugging solutions or fix recipes — the fix is in the code; the commit message has the context.',
+  '- Anything already documented in CLAUDE.md files.',
+  '- Ephemeral task details: in-progress work, temporary state, current conversation context.',
+  '',
+  // H2: explicit-save gate. Eval-validated (memory-prompt-iteration case 3,
+  // 0/2 → 3/3): prevents "save this week's PR list" → activity-log noise.
+  'These exclusions apply even when the user explicitly asks you to save. If they ask you to save a PR list or activity summary, ask what was *surprising* or *non-obvious* about it — that is the part worth keeping.',
+]
+
+/**
+ * Recall-side drift caveat. Single bullet under `## When to access memories`.
+ * Proactive: verify memory against current state before answering.
+ */
+export const MEMORY_DRIFT_CAVEAT =
+  '- Memory records can become stale over time. Use memory as context for what was true at a given point in time. Before answering the user or building assumptions based solely on information in memory records, verify that the memory is still correct and up-to-date by reading the current state of the files or resources. If a recalled memory conflicts with current information, trust what you observe now — and update or remove the stale memory rather than acting on it.'
+
+/**
+ * `## When to access memories` section. Includes MEMORY_DRIFT_CAVEAT.
+ *
+ * H6 (branch-pollution evals #22856, case 5 1/3 on capy): the "ignore" bullet
+ * is the delta. Failure mode: user says "ignore memory about X" → Claude reads
+ * code correctly but adds "not Y as noted in memory" — treats "ignore" as
+ * "acknowledge then override" rather than "don't reference at all." The bullet
+ * names that anti-pattern explicitly.
+ *
+ * Token budget (H6a): merged old bullets 1+2, tightened both. Old 4 lines
+ * were ~70 tokens; new 4 lines are ~73 tokens. Net ~+3.
+ */
+export const WHEN_TO_ACCESS_SECTION: readonly string[] = [
+  '## When to access memories',
+  '- When memories seem relevant, or the user references prior-conversation work.',
+  '- You MUST access memory when the user explicitly asks you to check, recall, or remember.',
+  '- If the user says to *ignore* or *not use* memory: proceed as if MEMORY.md were empty. Do not apply remembered facts, cite, compare against, or mention memory content.',
+  MEMORY_DRIFT_CAVEAT,
+]
+
+/**
+ * `## Trusting what you recall` section. Heavier-weight guidance on HOW to
+ * treat a memory once you've recalled it — separate from WHEN to access.
+ *
+ * Eval-validated (memory-prompt-iteration.eval.ts, 2026-03-17):
+ *   H1 (verify function/file claims): 0/2 → 3/3 via appendSystemPrompt. When
+ *      buried as a bullet under "When to access", dropped to 0/3 — position
+ *      matters. The H1 cue is about what to DO with a memory, not when to
+ *      look, so it needs its own section-level trigger context.
+ *   H5 (read-side noise rejection): 0/2 → 3/3 via appendSystemPrompt, 2/3
+ *      in-place as a bullet. Partial because "snapshot" is intuitively closer
+ *      to "when to access" than H1 is.
+ *
+ * Known gap: H1 doesn't cover slash-command claims (0/3 on the /fork case —
+ * slash commands aren't files or functions in the model's ontology).
+ */
+export const TRUSTING_RECALL_SECTION: readonly string[] = [
+  // Header wording matters: "Before recommending" (action cue at the decision
+  // point) tested better than "Trusting what you recall" (abstract). The
+  // appendSystemPrompt variant with this header went 3/3; the abstract header
+  // went 0/3 in-place. Same body text — only the header differed.
+  '## Before recommending from memory',
+  '',
+  'A memory that names a specific function, file, or flag is a claim that it existed *when the memory was written*. It may have been renamed, removed, or never merged. Before recommending it:',
+  '',
+  '- If the memory names a file path: check the file exists.',
+  '- If the memory names a function or flag: grep for it.',
+  '- If the user is about to act on your recommendation (not just asking about history), verify first.',
+  '',
+  '"The memory says X exists" is not the same as "X exists now."',
+  '',
+  'A memory that summarizes repo state (activity logs, architecture snapshots) is frozen in time. If the user asks about *recent* or *current* state, prefer `git log` or reading the code over recalling the snapshot.',
+]
+
+/**
+ * Frontmatter format example with the `type` field.
+ */
+export const MEMORY_FRONTMATTER_EXAMPLE: readonly string[] = [
+  '```markdown',
+  '---',
+  'name: {{memory name}}',
+  'description: {{one-line description — used to decide relevance in future conversations, so be specific}}',
+  `type: {{${MEMORY_TYPES.join(', ')}}}`,
+  '---',
+  '',
+  '{{memory content — for feedback/project types, structure as: rule/fact, then **Why:** and **How to apply:** lines}}',
+  '```',
+]

package/memdir/paths.ts

@@ -0,0 +1,278 @@
+import memoize from 'lodash-es/memoize.js'
+import { homedir } from 'os'
+import { isAbsolute, join, normalize, sep } from 'path'
+import {
+  getIsNonInteractiveSession,
+  getProjectRoot,
+} from '../bootstrap/state.js'
+import { getFeatureValue_CACHED_MAY_BE_STALE } from '../services/analytics/growthbook.js'
+import {
+  getClaudeConfigHomeDir,
+  isEnvDefinedFalsy,
+  isEnvTruthy,
+} from '../utils/envUtils.js'
+import { findCanonicalGitRoot } from '../utils/git.js'
+import { sanitizePath } from '../utils/path.js'
+import {
+  getInitialSettings,
+  getSettingsForSource,
+} from '../utils/settings/settings.js'
+
+/**
+ * Whether auto-memory features are enabled (memdir, agent memory, past session search).
+ * Enabled by default. Priority chain (first defined wins):
+ *   1. CLAUDE_CODE_DISABLE_AUTO_MEMORY env var (1/true → OFF, 0/false → ON)
+ *   2. CLAUDE_CODE_SIMPLE (--bare) → OFF
+ *   3. CCR without persistent storage → OFF (no CLAUDE_CODE_REMOTE_MEMORY_DIR)
+ *   4. autoMemoryEnabled in settings.json (supports project-level opt-out)
+ *   5. Default: enabled
+ */
+export function isAutoMemoryEnabled(): boolean {
+  const envVal = process.env.CLAUDE_CODE_DISABLE_AUTO_MEMORY
+  if (isEnvTruthy(envVal)) {
+    return false
+  }
+  if (isEnvDefinedFalsy(envVal)) {
+    return true
+  }
+  // --bare / SIMPLE: prompts.ts already drops the memory section from the
+  // system prompt via its SIMPLE early-return; this gate stops the other half
+  // (extractMemories turn-end fork, autoDream, /remember, /dream, team sync).
+  if (isEnvTruthy(process.env.CLAUDE_CODE_SIMPLE)) {
+    return false
+  }
+  if (
+    isEnvTruthy(process.env.CLAUDE_CODE_REMOTE) &&
+    !process.env.CLAUDE_CODE_REMOTE_MEMORY_DIR
+  ) {
+    return false
+  }
+  const settings = getInitialSettings()
+  if (settings.autoMemoryEnabled !== undefined) {
+    return settings.autoMemoryEnabled
+  }
+  return true
+}
+
+/**
+ * Whether the extract-memories background agent will run this session.
+ *
+ * The main agent's prompt always has full save instructions regardless of
+ * this gate — when the main agent writes memories, the background agent
+ * skips that range (hasMemoryWritesSince in extractMemories.ts); when it
+ * doesn't, the background agent catches anything missed.
+ *
+ * Callers must also gate on feature('EXTRACT_MEMORIES') — that check cannot
+ * live inside this helper because feature() only tree-shakes when used
+ * directly in an `if` condition.
+ */
+export function isExtractModeActive(): boolean {
+  if (!getFeatureValue_CACHED_MAY_BE_STALE('tengu_passport_quail', false)) {
+    return false
+  }
+  return (
+    !getIsNonInteractiveSession() ||
+    getFeatureValue_CACHED_MAY_BE_STALE('tengu_slate_thimble', false)
+  )
+}
+
+/**
+ * Returns the base directory for persistent memory storage.
+ * Resolution order:
+ *   1. CLAUDE_CODE_REMOTE_MEMORY_DIR env var (explicit override, set in CCR)
+ *   2. ~/.claude (default config home)
+ */
+export function getMemoryBaseDir(): string {
+  if (process.env.CLAUDE_CODE_REMOTE_MEMORY_DIR) {
+    return process.env.CLAUDE_CODE_REMOTE_MEMORY_DIR
+  }
+  return getClaudeConfigHomeDir()
+}
+
+const AUTO_MEM_DIRNAME = 'memory'
+const AUTO_MEM_ENTRYPOINT_NAME = 'MEMORY.md'
+
+/**
+ * Normalize and validate a candidate auto-memory directory path.
+ *
+ * SECURITY: Rejects paths that would be dangerous as a read-allowlist root
+ * or that normalize() doesn't fully resolve:
+ * - relative (!isAbsolute): "../foo" — would be interpreted relative to CWD
+ * - root/near-root (length < 3): "/" → "" after strip; "/a" too short
+ * - Windows drive-root (C: regex): "C:\" → "C:" after strip
+ * - UNC paths (\\server\share): network paths — opaque trust boundary
+ * - null byte: survives normalize(), can truncate in syscalls
+ *
+ * Returns the normalized path with exactly one trailing separator,
+ * or undefined if the path is unset/empty/rejected.
+ */
+function validateMemoryPath(
+  raw: string | undefined,
+  expandTilde: boolean,
+): string | undefined {
+  if (!raw) {
+    return undefined
+  }
+  let candidate = raw
+  // Settings.json paths support ~/ expansion (user-friendly). The env var
+  // override does not (it's set programmatically by Cowork/SDK, which should
+  // always pass absolute paths). Bare "~", "~/", "~/.", "~/..", etc. are NOT
+  // expanded — they would make isAutoMemPath() match all of $HOME or its
+  // parent (same class of danger as "/" or "C:\").
+  if (
+    expandTilde &&
+    (candidate.startsWith('~/') || candidate.startsWith('~\\'))
+  ) {
+    const rest = candidate.slice(2)
+    // Reject trivial remainders that would expand to $HOME or an ancestor.
+    // normalize('') = '.', normalize('.') = '.', normalize('foo/..') = '.',
+    // normalize('..') = '..', normalize('foo/../..') = '..'
+    const restNorm = normalize(rest || '.')
+    if (restNorm === '.' || restNorm === '..') {
+      return undefined
+    }
+    candidate = join(homedir(), rest)
+  }
+  // normalize() may preserve a trailing separator; strip before adding
+  // exactly one to match the trailing-sep contract of getAutoMemPath()
+  const normalized = normalize(candidate).replace(/[/\\]+$/, '')
+  if (
+    !isAbsolute(normalized) ||
+    normalized.length < 3 ||
+    /^[A-Za-z]:$/.test(normalized) ||
+    normalized.startsWith('\\\\') ||
+    normalized.startsWith('//') ||
+    normalized.includes('\0')
+  ) {
+    return undefined
+  }
+  return (normalized + sep).normalize('NFC')
+}
+
+/**
+ * Direct override for the full auto-memory directory path via env var.
+ * When set, getAutoMemPath()/getAutoMemEntrypoint() return this path directly
+ * instead of computing `{base}/projects/{sanitized-cwd}/memory/`.
+ *
+ * Used by Cowork to redirect memory to a space-scoped mount where the
+ * per-session cwd (which contains the VM process name) would otherwise
+ * produce a different project-key for every session.
+ */
+function getAutoMemPathOverride(): string | undefined {
+  return validateMemoryPath(
+    process.env.CLAUDE_COWORK_MEMORY_PATH_OVERRIDE,
+    false,
+  )
+}
+
+/**
+ * Settings.json override for the full auto-memory directory path.
+ * Supports ~/ expansion for user convenience.
+ *
+ * SECURITY: projectSettings (.claude/settings.json committed to the repo) is
+ * intentionally excluded — a malicious repo could otherwise set
+ * autoMemoryDirectory: "~/.ssh" and gain silent write access to sensitive
+ * directories via the filesystem.ts write carve-out (which fires when
+ * isAutoMemPath() matches and hasAutoMemPathOverride() is false). This follows
+ * the same pattern as hasSkipDangerousModePermissionPrompt() etc.
+ */
+function getAutoMemPathSetting(): string | undefined {
+  const dir =
+    getSettingsForSource('policySettings')?.autoMemoryDirectory ??
+    getSettingsForSource('flagSettings')?.autoMemoryDirectory ??
+    getSettingsForSource('localSettings')?.autoMemoryDirectory ??
+    getSettingsForSource('userSettings')?.autoMemoryDirectory
+  return validateMemoryPath(dir, true)
+}
+
+/**
+ * Check if CLAUDE_COWORK_MEMORY_PATH_OVERRIDE is set to a valid override.
+ * Use this as a signal that the SDK caller has explicitly opted into
+ * the auto-memory mechanics — e.g. to decide whether to inject the
+ * memory prompt when a custom system prompt replaces the default.
+ */
+export function hasAutoMemPathOverride(): boolean {
+  return getAutoMemPathOverride() !== undefined
+}
+
+/**
+ * Returns the canonical git repo root if available, otherwise falls back to
+ * the stable project root. Uses findCanonicalGitRoot so all worktrees of the
+ * same repo share one auto-memory directory (anthropics/claude-code#24382).
+ */
+function getAutoMemBase(): string {
+  return findCanonicalGitRoot(getProjectRoot()) ?? getProjectRoot()
+}
+
+/**
+ * Returns the auto-memory directory path.
+ *
+ * Resolution order:
+ *   1. CLAUDE_COWORK_MEMORY_PATH_OVERRIDE env var (full-path override, used by Cowork)
+ *   2. autoMemoryDirectory in settings.json (trusted sources only: policy/local/user)
+ *   3. <memoryBase>/projects/<sanitized-git-root>/memory/
+ *      where memoryBase is resolved by getMemoryBaseDir()
+ *
+ * Memoized: render-path callers (collapseReadSearchGroups → isAutoManagedMemoryFile)
+ * fire per tool-use message per Messages re-render; each miss costs
+ * getSettingsForSource × 4 → parseSettingsFile (realpathSync + readFileSync).
+ * Keyed on projectRoot so tests that change its mock mid-block recompute;
+ * env vars / settings.json / CLAUDE_CONFIG_DIR are session-stable in
+ * production and covered by per-test cache.clear.
+ */
+export const getAutoMemPath = memoize(
+  (): string => {
+    const override = getAutoMemPathOverride() ?? getAutoMemPathSetting()
+    if (override) {
+      return override
+    }
+    const projectsDir = join(getMemoryBaseDir(), 'projects')
+    return (
+      join(projectsDir, sanitizePath(getAutoMemBase()), AUTO_MEM_DIRNAME) + sep
+    ).normalize('NFC')
+  },
+  () => getProjectRoot(),
+)
+
+/**
+ * Returns the daily log file path for the given date (defaults to today).
+ * Shape: <autoMemPath>/logs/YYYY/MM/YYYY-MM-DD.md
+ *
+ * Used by assistant mode (feature('KAIROS')): rather than maintaining
+ * MEMORY.md as a live index, the agent appends to a date-named log file
+ * as it works. A separate nightly /dream skill distills these logs into
+ * topic files + MEMORY.md.
+ */
+export function getAutoMemDailyLogPath(date: Date = new Date()): string {
+  const yyyy = date.getFullYear().toString()
+  const mm = (date.getMonth() + 1).toString().padStart(2, '0')
+  const dd = date.getDate().toString().padStart(2, '0')
+  return join(getAutoMemPath(), 'logs', yyyy, mm, `${yyyy}-${mm}-${dd}.md`)
+}
+
+/**
+ * Returns the auto-memory entrypoint (MEMORY.md inside the auto-memory dir).
+ * Follows the same resolution order as getAutoMemPath().
+ */
+export function getAutoMemEntrypoint(): string {
+  return join(getAutoMemPath(), AUTO_MEM_ENTRYPOINT_NAME)
+}
+
+/**
+ * Check if an absolute path is within the auto-memory directory.
+ *
+ * When CLAUDE_COWORK_MEMORY_PATH_OVERRIDE is set, this matches against the
+ * env-var override directory. Note that a true return here does NOT imply
+ * write permission in that case — the filesystem.ts write carve-out is gated
+ * on !hasAutoMemPathOverride() (it exists to bypass DANGEROUS_DIRECTORIES).
+ *
+ * The settings.json autoMemoryDirectory DOES get the write carve-out: it's the
+ * user's explicit choice from a trusted settings source (projectSettings is
+ * excluded — see getAutoMemPathSetting), and hasAutoMemPathOverride() remains
+ * false for it.
+ */
+export function isAutoMemPath(absolutePath: string): boolean {
+  // SECURITY: Normalize to prevent path traversal bypasses via .. segments
+  const normalizedPath = normalize(absolutePath)
+  return normalizedPath.startsWith(getAutoMemPath())
+}