Refactor new-hook to initialize sessions via HTTP and improve privacy handling

- Removed direct database operations in new-hook.ts and replaced them with an HTTP call to initialize sessions.
- Added error handling for HTTP requests and improved logging for session initialization.
- Updated SessionRoutes to handle new session initialization and privacy checks.
- Enhanced privacy tag stripping logic to prevent saving fully private prompts.
- Improved overall error handling and debugging messages throughout the session management process.

src/services/worker/http/routes/SessionRoutes.ts

@@ -8,7 +8,7 @@
 import express, { Request, Response } from 'express';
 import { getWorkerPort } from '../../../../shared/worker-utils.js';
 import { logger } from '../../../../utils/logger.js';
-import { stripMemoryTagsFromJson } from '../../../../utils/tag-stripping.js';
+import { stripMemoryTagsFromJson, stripMemoryTagsFromPrompt } from '../../../../utils/tag-stripping.js';
 import { SessionManager } from '../../SessionManager.js';
 import { DatabaseManager } from '../../DatabaseManager.js';
 import { SDKAgent } from '../../SDKAgent.js';
@@ -70,6 +70,7 @@ export class SessionRoutes extends BaseRouteHandler {
     app.post('/sessions/:sessionDbId/complete', this.handleSessionComplete.bind(this));
 
     // New session endpoints (use claudeSessionId)
+    app.post('/api/sessions/init', this.handleSessionInitByClaudeId.bind(this));
     app.post('/api/sessions/observations', this.handleObservationsByClaudeId.bind(this));
     app.post('/api/sessions/summarize', this.handleSummarizeByClaudeId.bind(this));
     app.post('/api/sessions/complete', this.handleSessionCompleteByClaudeId.bind(this));
@@ -387,4 +388,68 @@ export class SessionRoutes extends BaseRouteHandler {
 
     res.json({ success: true });
   });
+
+  /**
+   * Initialize session by claudeSessionId (new-hook uses this)
+   * POST /api/sessions/init
+   * Body: { claudeSessionId, project, prompt }
+   *
+   * Performs all session initialization DB operations:
+   * - Creates/gets SDK session (idempotent)
+   * - Increments prompt counter
+   * - Saves user prompt (with privacy tag stripping)
+   *
+   * Returns: { sessionDbId, promptNumber, skipped: boolean, reason?: string }
+   */
+  private handleSessionInitByClaudeId = this.wrapHandler((req: Request, res: Response): void => {
+    const { claudeSessionId, project, prompt } = req.body;
+
+    // Validate required parameters
+    if (!this.validateRequired(req, res, ['claudeSessionId', 'project', 'prompt'])) {
+      return;
+    }
+
+    const store = this.dbManager.getSessionStore();
+
+    // Step 1: Create/get SDK session (idempotent INSERT OR IGNORE)
+    const sessionDbId = store.createSDKSession(claudeSessionId, project, prompt);
+
+    // Step 2: Increment prompt counter
+    const promptNumber = store.incrementPromptCounter(sessionDbId);
+
+    // Step 3: Strip privacy tags from prompt
+    const cleanedPrompt = stripMemoryTagsFromPrompt(prompt);
+
+    // Step 4: Check if prompt is entirely private
+    if (!cleanedPrompt || cleanedPrompt.trim() === '') {
+      logger.debug('HOOK', 'Session init - prompt entirely private', {
+        sessionId: sessionDbId,
+        promptNumber,
+        originalLength: prompt.length
+      });
+
+      res.json({
+        sessionDbId,
+        promptNumber,
+        skipped: true,
+        reason: 'private'
+      });
+      return;
+    }
+
+    // Step 5: Save cleaned user prompt
+    store.saveUserPrompt(claudeSessionId, promptNumber, cleanedPrompt);
+
+    logger.info('SESSION', 'Session initialized via HTTP', {
+      sessionId: sessionDbId,
+      promptNumber,
+      project
+    });
+
+    res.json({
+      sessionDbId,
+      promptNumber,
+      skipped: false
+    });
+  });
 }