feat: add PrivacyCheckValidator to centralize user prompt privacy checks

- Introduced PrivacyCheckValidator class to encapsulate logic for checking if user prompts are private.
- Updated SessionRoutes to utilize PrivacyCheckValidator for determining prompt privacy during observation and summarization operations.
- Removed duplicate privacy check logic from SessionRoutes, improving code maintainability and readability.

src/services/worker/validation/PrivacyCheckValidator.ts

@@ -0,0 +1,41 @@
+import { SessionStore } from '../../sqlite/SessionStore.js';
+import { logger } from '../../../utils/logger.js';
+
+/**
+ * Validates user prompt privacy for session operations
+ *
+ * Centralizes privacy checks to avoid duplicate validation logic across route handlers.
+ * If user prompt was entirely private (stripped to empty string), we skip processing.
+ */
+export class PrivacyCheckValidator {
+  /**
+   * Check if user prompt is public (not entirely private)
+   *
+   * @param store - SessionStore instance
+   * @param claudeSessionId - Claude session ID
+   * @param promptNumber - Prompt number within session
+   * @param operationType - Type of operation being validated ('observation' or 'summarize')
+   * @returns User prompt text if public, null if private
+   */
+  static checkUserPromptPrivacy(
+    store: SessionStore,
+    claudeSessionId: string,
+    promptNumber: number,
+    operationType: 'observation' | 'summarize',
+    sessionDbId: number,
+    additionalContext?: Record<string, any>
+  ): string | null {
+    const userPrompt = store.getUserPrompt(claudeSessionId, promptNumber);
+
+    if (!userPrompt || userPrompt.trim() === '') {
+      logger.debug('HOOK', `Skipping ${operationType} - user prompt was entirely private`, {
+        sessionId: sessionDbId,
+        promptNumber,
+        ...additionalContext
+      });
+      return null;
+    }
+
+    return userPrompt;
+  }
+}