chore: update changelog and README for version 4.2.3 release
This commit is contained in:
Alex Newman
@@ -7,7 +7,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
|
||||
## [4.2.3] - 2025-10-23
|
||||
|
||||
### Security
|
||||
- **FTS5 injection vulnerability fix**: Added proper escaping to prevent SQL injection attacks in search functions
|
||||
- Implemented double-quote escaping for FTS5 full-text search queries
|
||||
- Added comprehensive test suite with 332 new tests covering injection scenarios
|
||||
- Affects: `search_observations`, `search_sessions`, `search_user_prompts` MCP tools
|
||||
|
||||
### Fixed
|
||||
- **ESM/CJS compatibility**: Fixed getDirname function to work in both ESM (hooks) and CJS (worker) contexts
|
||||
- Detects context using `typeof __dirname !== 'undefined'`
|
||||
- Falls back to `fileURLToPath(import.meta.url)` for ESM modules
|
||||
- Resolves path resolution issues across different module systems
|
||||
- **Windows PowerShell compatibility**: Fixed SessionStart hook error on Windows systems
|
||||
- Replaced bash-specific test command `[` with standard cross-platform npm install
|
||||
- Simplified hook command to use idempotent npm install (fast when dependencies exist)
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
|
||||
Claude-mem is a persistent memory compression system that preserves context across Claude Code sessions. It automatically captures tool usage observations, processes them through the Claude Agent SDK, and makes summaries available to future sessions.
|
||||
|
||||
**Current Version**: 4.2.0
|
||||
**Current Version**: 4.2.3
|
||||
**License**: AGPL-3.0
|
||||
**Author**: Alex Newman (@thedotmack)
|
||||
|
||||
@@ -210,19 +210,31 @@ npm run build && git commit -a -m "Build and update" && git push && cd ~/.claude
|
||||
|
||||
## Version History
|
||||
|
||||
### v4.2.2 (Upcoming)
|
||||
### v4.2.3 (Current)
|
||||
**Breaking Changes**: None (patch version)
|
||||
|
||||
**Security**:
|
||||
- Fixed FTS5 injection vulnerability in search functions
|
||||
- Implemented proper double-quote escaping for FTS5 queries
|
||||
- Added comprehensive test suite with 332 injection attack tests
|
||||
- Affects: `search_observations`, `search_sessions`, `search_user_prompts` MCP tools
|
||||
|
||||
**Fixes**:
|
||||
- Fixed ESM/CJS compatibility for getDirname function in src/shared/paths.ts
|
||||
- Detects context using `typeof __dirname !== 'undefined'`
|
||||
- Falls back to `fileURLToPath(import.meta.url)` for ESM modules
|
||||
- Resolves path resolution issues across hook (ESM) and worker (CJS) contexts
|
||||
- Fixed Windows PowerShell compatibility issue with SessionStart hook
|
||||
- Replaced bash-specific test command `[` with cross-platform npm install command
|
||||
- Hook now runs `npm install` with quiet flags (fast and idempotent when dependencies exist)
|
||||
- Replaced bash-specific test command `[` with cross-platform npm install command
|
||||
- Hook now runs `npm install` with quiet flags (fast and idempotent when dependencies exist)
|
||||
|
||||
**Technical Details**:
|
||||
- SessionSearch.ts now escapes double quotes in FTS5 queries: `query.replace(/"/g, '""')`
|
||||
- Updated `plugin/hooks/hooks.json` SessionStart command to use standard shell syntax
|
||||
- Changed from: `[ ! -d ... ] && cd ... && npm install && node ... || node ...`
|
||||
- Changed to: `cd ... && npm install --prefer-offline --no-audit --no-fund --loglevel=error && node ...`
|
||||
- Dependencies are installed in marketplace folder (parent of CLAUDE_PLUGIN_ROOT) where root package.json exists
|
||||
- getDirname function now properly handles both CommonJS (__dirname) and ES modules (import.meta.url)
|
||||
|
||||
### v4.2.0
|
||||
**Breaking Changes**: None (minor version)
|
||||
|
||||
@@ -5,11 +5,31 @@
|
||||
Claude-Mem seamlessly preserves context across sessions by automatically capturing tool usage observations, generating semantic summaries, and making them available to future sessions. This enables Claude to maintain continuity of knowledge about projects even after sessions end or reconnect.
|
||||
|
||||
[](LICENSE)
|
||||
[](package.json)
|
||||
[](package.json)
|
||||
[](package.json)
|
||||
|
||||
---
|
||||
|
||||
## Installation
|
||||
|
||||
Install Claude-Mem directly from the plugin marketplace:
|
||||
|
||||
```bash
|
||||
/plugin marketplace add thedotmack/claude-mem
|
||||
/plugin install claude-mem
|
||||
```
|
||||
|
||||
That's it! The plugin will automatically:
|
||||
- Download prebuilt binaries (no compilation needed)
|
||||
- Install all dependencies (including PM2 and SQLite binaries)
|
||||
- Configure hooks for session lifecycle management
|
||||
- Set up the MCP search server
|
||||
- Auto-start the worker service on first session
|
||||
|
||||
Start a new Claude Code session and you'll see context from previous sessions automatically loaded.
|
||||
|
||||
---
|
||||
|
||||
## What's New in v4.0.0
|
||||
|
||||
**BREAKING CHANGES - Please Read:**
|
||||
@@ -26,12 +46,13 @@ See [CHANGELOG.md](CHANGELOG.md) for complete details.
|
||||
|
||||
## Table of Contents
|
||||
|
||||
- [Installation](#installation)
|
||||
- [Overview](#overview)
|
||||
- [How It Works](#how-it-works)
|
||||
- [Installation](#installation)
|
||||
- [Usage](#usage)
|
||||
- [MCP Search Tools](#mcp-search-tools)
|
||||
- [Architecture](#architecture)
|
||||
- [Advanced Installation](#advanced-installation)
|
||||
- [Configuration](#configuration)
|
||||
- [Development](#development)
|
||||
- [Troubleshooting](#troubleshooting)
|
||||
@@ -175,53 +196,9 @@ SQLite database (`${CLAUDE_PLUGIN_ROOT}/data/claude-mem.db`) with tables:
|
||||
|
||||
---
|
||||
|
||||
## Installation
|
||||
## Advanced Installation
|
||||
|
||||
### Prerequisites
|
||||
|
||||
```bash
|
||||
# Ensure Node.js 18+ is installed
|
||||
node --version # Should be >= 18.0.0
|
||||
```
|
||||
|
||||
### Method 1: GitHub Marketplace (Recommended)
|
||||
|
||||
Install directly from GitHub:
|
||||
|
||||
```bash
|
||||
# Add the marketplace
|
||||
/plugin marketplace add https://github.com/thedotmack/claude-mem
|
||||
|
||||
# Install the plugin
|
||||
/plugin install claude-mem
|
||||
```
|
||||
|
||||
The plugin will:
|
||||
- Automatically download prebuilt binaries (no compilation needed)
|
||||
- Install all dependencies (including PM2 and SQLite binaries)
|
||||
- Configure hooks for session lifecycle management
|
||||
- Set up the MCP search server
|
||||
- Auto-start the worker service on first session
|
||||
|
||||
**That's it!** The plugin is ready to use. Start a new Claude Code session and you'll see context from previous sessions automatically loaded.
|
||||
|
||||
### Method 2: Local Marketplace Installation
|
||||
|
||||
Install using the local marketplace file (useful for development or testing):
|
||||
|
||||
```bash
|
||||
# Clone the repository
|
||||
git clone https://github.com/thedotmack/claude-mem.git
|
||||
cd claude-mem
|
||||
|
||||
# Add the local marketplace to Claude Code
|
||||
/plugin marketplace add .claude-plugin/marketplace.json
|
||||
|
||||
# Install the plugin
|
||||
/plugin install claude-mem
|
||||
```
|
||||
|
||||
### Method 3: Clone and Build (For Development)
|
||||
For development or testing, you can clone and build from source:
|
||||
|
||||
```bash
|
||||
# Clone the repository
|
||||
@@ -242,16 +219,7 @@ npm run worker:start
|
||||
npm run worker:status
|
||||
```
|
||||
|
||||
### Method 4: NPM Package (Coming Soon)
|
||||
|
||||
```bash
|
||||
# Install from NPM (when published)
|
||||
npm install -g claude-mem
|
||||
|
||||
# Worker service auto-starts on first hook execution
|
||||
```
|
||||
|
||||
### Post-Installation
|
||||
### Post-Installation Notes
|
||||
|
||||
1. **Automatic Dependency Installation**
|
||||
|
||||
@@ -794,7 +762,33 @@ For more information about AGPL-3.0, see: https://www.gnu.org/licenses/agpl-3.0.
|
||||
|
||||
## Changelog
|
||||
|
||||
### v4.0.0 (Current)
|
||||
### v4.2.3 (Current)
|
||||
|
||||
- **SECURITY**: Fixed FTS5 injection vulnerability with proper escaping
|
||||
- **FIX**: ESM/CJS compatibility for getDirname function
|
||||
- **FIX**: Windows PowerShell compatibility in SessionStart hook
|
||||
- Added comprehensive test suite with 332 injection attack tests
|
||||
- Cross-platform dependency installation now works on Windows, macOS, and Linux
|
||||
|
||||
### v4.2.1
|
||||
|
||||
- **NEW**: Summary skip logic to prevent duplicate summaries
|
||||
- **FIX**: Observation type validation for all 6 types
|
||||
- Enhanced chronological summary guidance
|
||||
|
||||
### v4.1.1
|
||||
|
||||
- **REMOVED**: Redundant advanced_search MCP tool
|
||||
- **FIX**: MCP search limit bugs and type contamination
|
||||
- Improved search prompts and token limit guidance
|
||||
|
||||
### v4.1.0
|
||||
|
||||
- **NEW**: Graceful session cleanup
|
||||
- **RESTORED**: MCP search server from backup
|
||||
- Natural worker shutdown for pending operations
|
||||
|
||||
### v4.0.0
|
||||
|
||||
- **NEW**: MCP Search Server with 6 specialized search tools
|
||||
- **NEW**: FTS5 full-text search across observations and session summaries
|
||||
@@ -805,17 +799,6 @@ For more information about AGPL-3.0, see: https://www.gnu.org/licenses/agpl-3.0.
|
||||
- Implemented structured logging across the application
|
||||
- Improved error handling and graceful degradation
|
||||
|
||||
### v3.9.17
|
||||
|
||||
- **FIX**: Context hook now uses proper `hookSpecificOutput` JSON format
|
||||
- MCP Search Server with 6 specialized search tools
|
||||
- FTS5 full-text search across observations and session summaries
|
||||
- Refactored summary and context handling in hooks
|
||||
- Implemented structured logging across the application
|
||||
- Fixed race condition in summary generation
|
||||
- Added missing process.exit(0) calls in hook entry points
|
||||
- Improved error handling and graceful degradation
|
||||
|
||||
---
|
||||
|
||||
**Built with Claude Agent SDK** | **Powered by Claude Code** | **Made with TypeScript**
|
||||
|
||||
Reference in New Issue
Block a user