fix: Claude Code 2.1.1 compatibility + log-level audit + path validation fixes (#614)

* Refactor CLAUDE.md and related files for December 2025 updates

- Updated CLAUDE.md in src/services/worker with new entries for December 2025, including changes to Search.ts, GeminiAgent.ts, SDKAgent.ts, and SessionManager.ts.
- Revised CLAUDE.md in src/shared to reflect updates and new entries for December 2025, including paths.ts and worker-utils.ts.
- Modified hook-constants.ts to clarify exit codes and their behaviors.
- Added comprehensive hooks reference documentation for Claude Code, detailing usage, events, and examples.
- Created initial CLAUDE.md files in various directories to track recent activity.

* fix: Merge user-message-hook output into context-hook hookSpecificOutput

- Add footer message to additionalContext in context-hook.ts
- Remove user-message-hook from SessionStart hooks array
- Fixes issue where stderr+exit(1) approach was silently discarded

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Update logs and documentation for recent plugin and worker service changes

- Added detailed logs for worker service activities from Dec 10, 2025 to Jan 7, 2026, including initialization patterns, cleanup confirmations, and diagnostic logging.
- Updated plugin documentation with recent activities, including plugin synchronization and configuration changes from Dec 3, 2025 to Jan 7, 2026.
- Enhanced the context hook and worker service logs to reflect improvements and fixes in the plugin architecture.
- Documented the migration and verification processes for the Claude memory system and its integration with the marketplace.

* Refactor hooks architecture and remove deprecated user-message-hook

- Updated hook configurations in CLAUDE.md and hooks.json to reflect changes in session start behavior.
- Removed user-message-hook functionality as it is no longer utilized in Claude Code 2.1.0; context is now injected silently.
- Enhanced context-hook to handle session context injection without user-visible messages.
- Cleaned up documentation across multiple files to align with the new hook structure and removed references to obsolete hooks.
- Adjusted timing and command execution for hooks to improve performance and reliability.

* fix: Address PR #610 review issues

- Replace USER_MESSAGE_ONLY test with BLOCKING_ERROR test in hook-constants.test.ts
- Standardize Claude Code 2.1.0 note wording across all three documentation files
- Exclude deprecated user-message-hook.ts from logger-usage-standards test

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: Remove hardcoded fake token counts from context injection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Address PR #610 review issues by fixing test files, standardizing documentation notes, and verifying code quality improvements.

* fix: Add path validation to CLAUDE.md distribution to prevent invalid directory creation

- Add isValidPathForClaudeMd() function to reject invalid paths:
  - Tilde paths (~) that Node.js doesn't expand
  - URLs (http://, https://)
  - Paths with spaces (likely command text or PR references)
  - Paths with # (GitHub issue/PR references)
  - Relative paths that escape project boundary

- Integrate validation in updateFolderClaudeMdFiles loop
- Add 6 unit tests for path validation
- Update .gitignore to prevent accidental commit of malformed directories
- Clean up existing invalid directories (~/, PR #610..., git diff..., https:)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: Implement path validation in CLAUDE.md generation to prevent invalid directory creation

- Added `isValidPathForClaudeMd()` function to validate file paths in `src/utils/claude-md-utils.ts`.
- Integrated path validation in `updateFolderClaudeMdFiles` to skip invalid paths.
- Added 6 new unit tests in `tests/utils/claude-md-utils.test.ts` to cover various rejection cases.
- Updated `.gitignore` to prevent tracking of invalid directories.
- Cleaned up existing invalid directories in the repository.

* feat: Promote critical WARN logs to ERROR level across codebase

Comprehensive log-level audit promoting 38+ WARN messages to ERROR for
improved debugging and incident response:

- Parser: observation type errors, data contamination
- SDK/Agents: empty init responses (Gemini, OpenRouter)
- Worker/Queue: session recovery, auto-recovery failures
- Chroma: sync failures, search failures (now treated as critical)
- SQLite: search failures (primary data store)
- Session/Generator: failures, missing context
- Infrastructure: shutdown, process management failures
- File Operations: CLAUDE.md updates, config reads
- Branch Management: recovery checkout failures

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: Address PR #614 review issues

- Remove incorrectly tracked tilde-prefixed files from git
- Fix absolute path validation to check projectRoot boundaries
- Add test coverage for absolute path validation edge cases

Closes review issues:
- Issue 1: ~/ prefixed files removed from tracking
- Issue 3: Absolute paths now validated against projectRoot
- Issue 4: Added 3 new test cases for absolute path scenarios

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* build assets and context

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

src/utils/CLAUDE.md

@@ -3,81 +3,5 @@
 
 <!-- This section is auto-generated by claude-mem. Edit content outside the tags. -->
 
-### Jan 5, 2026
-
-**claude-md-utils.ts**
-| ID | Time | T | Title | Read |
-|----|------|---|-------|------|
-| #38086 | 10:42 PM | ✅ | Merged PR with comprehensive CLAUDE.md documentation system | ~478 |
-| #38080 | 9:55 PM | 🔴 | Critical Date Preservation Fix for Folder CLAUDE.md Timeline Accuracy | ~534 |
-| #38049 | 9:46 PM | 🔵 | Live Context Core Implementation in claude-md-utils.ts | ~585 |
-| #38047 | 9:45 PM | 🔴 | PR #556 Review Items - Worker Host Configuration and Path Resolution | ~389 |
-| #38025 | 9:15 PM | 🔴 | Fixed PR #556 review items and committed changes | ~344 |
-| #38024 | " | ✅ | Git status shows modified source files and auto-updated CLAUDE.md files | ~295 |
-| #38022 | " | ✅ | Phase 3 complete: Worktree detection test coverage verified by agent | ~391 |
-| #38015 | 9:13 PM | 🔴 | Enhanced error logging with message and stack trace details | ~313 |
-| #38014 | " | ✅ | Enhanced error logging with message and stack details | ~309 |
-| #38013 | 9:12 PM | ✅ | Verified removal of hard-coded localhost from claude-md-utils.ts | ~209 |
-| #38012 | " | ✅ | Completed Phase 1: Added getWorkerHost() import and replaced hard-coded localhost | ~319 |
-| #38011 | " | 🔴 | Fixed hard-coded localhost in claude-md-utils.ts | ~281 |
-| #38010 | " | ✅ | Replaced hard-coded 127.0.0.1 with getWorkerHost() in claude-md-utils.ts | ~270 |
-| #38009 | " | 🔴 | Added getWorkerHost import to claude-md-utils.ts | ~246 |
-| #38005 | 9:03 PM | 🔵 | Comprehensive exploration of PR review items completed | ~438 |
-| #37993 | 9:01 PM | 🔵 | Identified hard-coded localhost in claude-md-utils.ts line 260 | ~352 |
-| #37992 | 9:00 PM | 🔵 | Located claude-md-utils.ts for fixing hard-coded host | ~182 |
-| #37979 | 8:33 PM | 🔴 | Fixed date parsing to use API date headers instead of "today" | ~315 |
-| #37978 | " | 🔵 | Regenerated CLAUDE.md files across entire repository | ~268 |
-| #37971 | 8:32 PM | 🔴 | Fixed Date Parsing in CLAUDE.md Generator to Use API Date Headers | ~388 |
-| #37966 | 8:21 PM | 🔵 | Date Parsing Bug Located in claude-md-utils.ts | ~383 |
-
-**CLAUDE.md**
-| ID | Time | T | Title | Read |
-|----|------|---|-------|------|
-| #38082 | 10:13 PM | ✅ | Merge Conflict Resolution - Kept Feature Branch Versions | ~431 |
-| #37976 | 8:33 PM | 🔵 | CLAUDE.md shows recent entries with correct January 2026 dates | ~287 |
-
-**worktree.ts**
-| ID | Time | T | Title | Read |
-|----|------|---|-------|------|
-| #38076 | 9:53 PM | 🟣 | Worktree-Aware Project Filtering for Unified Timeline Context | ~578 |
-
-**logger.ts**
-| ID | Time | T | Title | Read |
-|----|------|---|-------|------|
-| #38048 | 9:45 PM | 🔴 | PR #558 - Comprehensive Bug Fix and Test Quality Improvement | ~585 |
-| #37890 | 7:32 PM | ✅ | Committed DEFAULT_DATA_DIR Cross-Reference Documentation | ~326 |
-| #37888 | " | ✅ | Logger DEFAULT_DATA_DIR Comment Updated to Cross-Reference SettingsDefaultsManager | ~311 |
-| #37887 | " | ✅ | Added Cross-Reference Comment for DEFAULT_DATA_DIR Constant | ~361 |
-| #37885 | " | ✅ | Added Cross-Reference Comment to Prevent DEFAULT_DATA_DIR Drift | ~344 |
-| #37880 | 7:31 PM | 🔵 | Logger Implementation Uses Inline DEFAULT_DATA_DIR to Avoid Circular Dependency | ~354 |
-| #37808 | 6:43 PM | 🔵 | Logger Module Only References SettingsDefaultsManager in Comments | ~357 |
-| #37804 | 6:42 PM | 🔴 | Added readFileSync Import to Logger Module | ~257 |
-| #37803 | " | 🔴 | Eliminated SettingsDefaultsManager Dependency from Logger Completely | ~375 |
-| #37791 | 6:39 PM | 🔵 | Logger Module Exports formatTool Correctly in Direct Import | ~318 |
-| #37781 | 6:36 PM | 🔴 | Added Lazy Log File Initialization to Logger Log Method | ~291 |
-| #37780 | " | 🔴 | Fixed Circular Dependency Between Logger and SettingsDefaultsManager | ~426 |
-| #37779 | " | 🔵 | SettingsDefaultsManager Uses Logger Methods | ~375 |
-| #37778 | " | 🔵 | Logger Module Implementation Has formatTool Method | ~393 |
-| #37774 | 6:35 PM | 🔵 | Circular Dependency Between Logger and SettingsDefaultsManager | ~326 |
-| #37689 | 5:55 PM | 🔵 | Logger constructor immediately calls initializeLogFile which accesses SettingsDefaultsManager | ~409 |
-| #37645 | 5:49 PM | 🔵 | Logger imports SettingsDefaultsManager for data directory and log level configuration | ~449 |
-| #37642 | 5:41 PM | 🟣 | Second Task Agent Independently Created and Verified FormatTool Tests | ~544 |
-| #37628 | 5:36 PM | 🔴 | Test Execution Shows Logger Circular Dependency Error | ~596 |
-| #37627 | 5:35 PM | 🔵 | FormatTool Function Implementation and Fix Details | ~600 |
-| #37626 | " | 🔵 | FormatTool Function Usage Across Codebase | ~493 |
-| #37617 | 5:32 PM | ⚖️ | PR #558 Review Requirements Categorized by Priority | ~637 |
-| #37613 | 5:31 PM | 🔵 | PR #558 Review Feedback Analysis | ~544 |
-| #37575 | 4:52 PM | 🔴 | Phase 1 Committed - formatTool JSON.parse Fix | ~364 |
-
-**tag-stripping.ts**
-| ID | Time | T | Title | Read |
-|----|------|---|-------|------|
-| #37758 | 6:25 PM | ⚖️ | Integration Test Design for Four Critical Testing Gaps | ~729 |
-
-### Jan 6, 2026
-
-**bun-path.ts**
-| ID | Time | T | Title | Read |
-|----|------|---|-------|------|
-| #38104 | 12:14 AM | 🔵 | Windows Compatibility Issues Documented Across 56 Memory Entries | ~509 |
+*No recent activity*
 </claude-mem-context>

src/utils/claude-md-utils.ts

@@ -16,6 +16,43 @@ import { getWorkerHost } from '../shared/worker-utils.js';
 
 const SETTINGS_PATH = path.join(os.homedir(), '.claude-mem', 'settings.json');
 
+/**
+ * Validate that a file path is safe for CLAUDE.md generation.
+ * Rejects tilde paths, URLs, command-like strings, and paths with invalid chars.
+ *
+ * @param filePath - The file path to validate
+ * @param projectRoot - Optional project root for boundary checking
+ * @returns true if path is valid for CLAUDE.md processing
+ */
+function isValidPathForClaudeMd(filePath: string, projectRoot?: string): boolean {
+  // Reject empty or whitespace-only
+  if (!filePath || !filePath.trim()) return false;
+
+  // Reject tilde paths (Node.js doesn't expand ~)
+  if (filePath.startsWith('~')) return false;
+
+  // Reject URLs
+  if (filePath.startsWith('http://') || filePath.startsWith('https://')) return false;
+
+  // Reject paths with spaces (likely command text or PR references)
+  if (filePath.includes(' ')) return false;
+
+  // Reject paths with # (GitHub issue/PR references)
+  if (filePath.includes('#')) return false;
+
+  // If projectRoot provided, ensure path stays within project boundaries
+  if (projectRoot) {
+    // For relative paths, resolve against projectRoot; for absolute paths, use directly
+    const resolved = path.isAbsolute(filePath) ? filePath : path.resolve(projectRoot, filePath);
+    const normalizedRoot = path.resolve(projectRoot);
+    if (!resolved.startsWith(normalizedRoot + path.sep) && resolved !== normalizedRoot) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
 /**
  * Replace tagged content in existing file, preserving content outside tags.
  *
@@ -231,6 +268,14 @@ export async function updateFolderClaudeMdFiles(
   const folderPaths = new Set<string>();
   for (const filePath of filePaths) {
     if (!filePath || filePath === '') continue;
+    // VALIDATE PATH BEFORE PROCESSING
+    if (!isValidPathForClaudeMd(filePath, projectRoot)) {
+      logger.debug('FOLDER_INDEX', 'Skipping invalid file path', {
+        filePath,
+        reason: 'Failed path validation'
+      });
+      continue;
+    }
     // Resolve relative paths to absolute using projectRoot
     let absoluteFilePath = filePath;
     if (projectRoot && !path.isAbsolute(filePath)) {
@@ -264,7 +309,7 @@ export async function updateFolderClaudeMdFiles(
       );
 
       if (!response.ok) {
-        logger.warn('FOLDER_INDEX', 'Failed to fetch timeline', { folderPath, status: response.status });
+        logger.error('FOLDER_INDEX', 'Failed to fetch timeline', { folderPath, status: response.status });
         continue;
       }
 
@@ -281,7 +326,7 @@ export async function updateFolderClaudeMdFiles(
     } catch (error) {
       // Fire-and-forget: log warning but don't fail
       const err = error as Error;
-      logger.warn('FOLDER_INDEX', 'Failed to update CLAUDE.md', {
+      logger.error('FOLDER_INDEX', 'Failed to update CLAUDE.md', {
         folderPath,
         errorMessage: err.message,
         errorStack: err.stack

src/utils/cursor-utils.ts

@@ -42,7 +42,7 @@ export function readCursorRegistry(registryFile: string): CursorProjectRegistry
     if (!existsSync(registryFile)) return {};
     return JSON.parse(readFileSync(registryFile, 'utf-8'));
   } catch (error) {
-    logger.warn('CONFIG', 'Failed to read Cursor registry, using empty registry', {
+    logger.error('CONFIG', 'Failed to read Cursor registry, using empty registry', {
       file: registryFile,
       error: error instanceof Error ? error.message : String(error)
     });
@@ -151,7 +151,7 @@ export function configureCursorMcp(mcpJsonPath: string, mcpServerScriptPath: str
         config.mcpServers = {};
       }
     } catch (error) {
-      logger.warn('CONFIG', 'Failed to read MCP config, starting fresh', {
+      logger.error('CONFIG', 'Failed to read MCP config, starting fresh', {
         file: mcpJsonPath,
         error: error instanceof Error ? error.message : String(error)
       });

src/utils/transcript-parser.ts

@@ -53,7 +53,7 @@ export class TranscriptParser {
 
     // Log summary if there were parse errors
     if (this.parseErrors.length > 0) {
-      logger.warn('PARSER', `Failed to parse ${this.parseErrors.length} lines`, {
+      logger.error('PARSER', `Failed to parse ${this.parseErrors.length} lines`, {
         path: transcriptPath,
         totalLines: lines.length,
         errorCount: this.parseErrors.length