airkjw/claude-mem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Update npm loglevel to silent in SessionStart hook to prevent context injection issues; consolidate hooks architecture and update documentation for v4.3.1

Browse Source
This commit is contained in:
Alex Newman
2025-10-26 00:44:04 -04:00
parent 64dfc0467d
commit 56213ef84a
5 changed files with 45 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
+2 -1
View File
@@ -8,4 +8,5 @@ node_modules/
.claude/settings.local.json .claude/settings.local.json
plugin/data/ plugin/data/
plugin/data.backup/ plugin/data.backup/
package-lock.json package-lock.json
private/
docs/architecture/hooks.mdx
+10 -9
View File
@@ -28,7 +28,7 @@ Hooks are configured in `plugin/hooks/hooks.json`:
"SessionStart": [{ "SessionStart": [{
"hooks": [{ "hooks": [{
"type": "command", "type": "command",
"command": "cd \"${CLAUDE_PLUGIN_ROOT}/..\" && npm install --prefer-offline --no-audit --no-fund --loglevel=error && node ${CLAUDE_PLUGIN_ROOT}/scripts/context-hook.js", "command": "cd \"${CLAUDE_PLUGIN_ROOT}/..\" && npm install --prefer-offline --no-audit --no-fund --loglevel=silent && node ${CLAUDE_PLUGIN_ROOT}/scripts/context-hook.js",
"timeout": 120 "timeout": 120
}] }]
}], }],
@@ -91,7 +91,9 @@ Hooks are configured in `plugin/hooks/hooks.json`:
} }
``` ```
**Implementation**: `src/hooks/context.ts` and `src/bin/hooks/context-hook.ts` **Implementation**: `src/hooks/context-hook.ts`
**v4.3.1 Fix**: Changed npm install to use `--loglevel=silent` instead of `--loglevel=error` to prevent output pollution that was breaking JSON context injection.
## 2. UserPromptSubmit Hook (`new-hook.js`) ## 2. UserPromptSubmit Hook (`new-hook.js`)
@@ -112,7 +114,7 @@ Hooks are configured in `plugin/hooks/hooks.json`:
} }
``` ```
**Implementation**: `src/hooks/new.ts` and `src/bin/hooks/new-hook.ts` **Implementation**: `src/hooks/new-hook.ts`
## 3. PostToolUse Hook (`save-hook.js`) ## 3. PostToolUse Hook (`save-hook.js`)
@@ -136,7 +138,7 @@ Hooks are configured in `plugin/hooks/hooks.json`:
} }
``` ```
**Implementation**: `src/hooks/save.ts` and `src/bin/hooks/save-hook.ts` **Implementation**: `src/hooks/save-hook.ts`
## 4. Stop Hook (`summary-hook.js`) ## 4. Stop Hook (`summary-hook.js`)
@@ -156,7 +158,7 @@ Hooks are configured in `plugin/hooks/hooks.json`:
} }
``` ```
**Implementation**: `src/hooks/summary.ts` and `src/bin/hooks/summary-hook.ts` **Implementation**: `src/hooks/summary-hook.ts`
## 5. SessionEnd Hook (`cleanup-hook.js`) ## 5. SessionEnd Hook (`cleanup-hook.js`)
@@ -177,16 +179,15 @@ Hooks are configured in `plugin/hooks/hooks.json`:
} }
``` ```
**Implementation**: `src/hooks/cleanup.ts` and `src/bin/hooks/cleanup-hook.ts` **Implementation**: `src/hooks/cleanup-hook.ts`
## Hook Development ## Hook Development
### Adding a New Hook ### Adding a New Hook
1. Create hook implementation in `src/hooks/your-hook.ts` 1. Create hook implementation in `src/hooks/your-hook.ts`
2. Create entry point in `src/bin/hooks/your-hook.ts` 2. Add to `plugin/hooks/hooks.json`
3. Add to `plugin/hooks/hooks.json` 3. Rebuild with `npm run build`
4. Rebuild with `npm run build`
### Hook Best Practices ### Hook Best Practices
docs/architecture/overview.mdx
+1 -8
View File
@@ -90,20 +90,13 @@ Claude Request → MCP Server → SessionSearch Service → FTS5 Database → Se
``` ```
claude-mem/ claude-mem/
├── src/ ├── src/
│ ├── bin/hooks/ # Entry point scripts for 5 hooks │ ├── hooks/ # Hook implementations (v4.3.1+ consolidated)
│ │ ├── context-hook.ts # SessionStart │ │ ├── context-hook.ts # SessionStart
│ │ ├── new-hook.ts # UserPromptSubmit │ │ ├── new-hook.ts # UserPromptSubmit
│ │ ├── save-hook.ts # PostToolUse │ │ ├── save-hook.ts # PostToolUse
│ │ ├── summary-hook.ts # Stop │ │ ├── summary-hook.ts # Stop
│ │ └── cleanup-hook.ts # SessionEnd │ │ └── cleanup-hook.ts # SessionEnd
│ │ │ │
│ ├── hooks/ # Hook implementation logic
│ │ ├── context.ts
│ │ ├── new.ts
│ │ ├── save.ts
│ │ ├── summary.ts
│ │ └── cleanup.ts
│ │
│ ├── servers/ # MCP servers │ ├── servers/ # MCP servers
│ │ └── search-server.ts # MCP search tools server │ │ └── search-server.ts # MCP search tools server
│ │ │ │
docs/development.mdx
+19 -23
View File
@@ -61,8 +61,7 @@ Edit TypeScript source files in `src/`:
``` ```
src/ src/
├── bin/hooks/ # Hook entry points ├── hooks/ # Hook implementations (entry points + logic)
├── hooks/ # Hook implementations
├── services/ # Worker service and database ├── services/ # Worker service and database
├── servers/ # MCP search server ├── servers/ # MCP search server
├── sdk/ # Claude Agent SDK integration ├── sdk/ # Claude Agent SDK integration
@@ -118,34 +117,27 @@ Repeat steps 1-4 until your changes work as expected.
1. Create hook implementation in `src/hooks/your-hook.ts`: 1. Create hook implementation in `src/hooks/your-hook.ts`:
```typescript
import { HookInput } from './types';
export async function yourHook(input: HookInput) {
// Hook implementation
return {
hookSpecificOutput: 'Optional output'
};
}
```
2. Create entry point in `src/bin/hooks/your-hook.ts`:
```typescript ```typescript
#!/usr/bin/env node #!/usr/bin/env node
import { readStdin } from '../../shared/stdin'; import { readStdin } from '../shared/stdin';
import { yourHook } from '../../hooks/your-hook';
async function main() { async function main() {
const input = await readStdin(); const input = await readStdin();
const result = await yourHook(input);
// Hook implementation
const result = {
hookSpecificOutput: 'Optional output'
};
console.log(JSON.stringify(result)); console.log(JSON.stringify(result));
} }
main().catch(console.error); main().catch(console.error);
``` ```
3. Add to `plugin/hooks/hooks.json`: **Note**: As of v4.3.1, hooks are self-contained files. The shebang will be added automatically by esbuild during the build process.
2. Add to `plugin/hooks/hooks.json`:
```json ```json
{ {
@@ -424,18 +416,22 @@ The `release` script:
6. Publish to NPM 6. Publish to NPM
```bash ```bash
# Update version # Use the version bump skill (recommended as of v4.3.0)
npm version 4.2.4 # In Claude Code, run: /skill version-bump
# This updates package.json, marketplace.json, and CLAUDE.md
# Or manually:
npm version 4.3.2
# Update changelog # Update changelog
# Edit CHANGELOG.md manually # Edit CHANGELOG.md manually
# Commit # Commit
git add . git add .
git commit -m "chore: Release v4.2.4" git commit -m "chore: Release v4.3.2"
# Tag # Tag
git tag v4.2.4 git tag v4.3.2
# Push # Push
git push origin main --tags git push origin main --tags
docs/introduction.mdx
+13 -8
View File
@@ -67,16 +67,21 @@ See [Architecture Overview](architecture/overview) for details.
- **PM2**: Process manager (bundled - no global install required) - **PM2**: Process manager (bundled - no global install required)
- **SQLite 3**: For persistent storage (bundled) - **SQLite 3**: For persistent storage (bundled)
## What's New in v4.2.3 ## What's New in v4.3.1
**Security:** **Critical Fix:**
- Fixed FTS5 injection vulnerability in search functions - Fixed SessionStart hook context injection (v4.3.1)
- Added comprehensive test suite with 332 injection attack tests - Context wasn't being injected due to npm output pollution
- Changed npm loglevel to `--loglevel=silent` for clean JSON output
**Fixes:** **Code Quality:**
- Fixed ESM/CJS compatibility for getDirname function - Consolidated hooks architecture (removed bin/hooks wrapper layer)
- Fixed Windows PowerShell compatibility in SessionStart hook - Fixed double shebang issues in hook executables
- Cross-platform dependency installation now works on Windows, macOS, and Linux
**Recent Updates (v4.3.0):**
- Progressive disclosure context with observation timelines
- Enhanced session summaries with token cost visibility
- Cross-platform path detection improvements
## Next Steps ## Next Steps