The per-prompt Chroma vector search injection on UserPromptSubmit adds latency
and context noise. Disable by default while we iterate on a more precise
file-context approach. Users can still opt in via CLAUDE_MEM_SEMANTIC_INJECT=true.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tier Routing:
- Inspect pending queue before starting generator
- Summarize messages → CLAUDE_MEM_TIER_SUMMARY_MODEL (e.g., Opus)
- All simple tools (Read, Glob, Grep, LS) → CLAUDE_MEM_TIER_SIMPLE_MODEL (Haiku)
- Mixed/complex → default model (no override)
- session.modelOverride in ActiveSession, used by SDKAgent.getModelId()
- peekPendingTypes() in PendingMessageStore for non-claiming inspection
- Configurable via CLAUDE_MEM_TIER_ROUTING_ENABLED (default: true)
Feedback Collection (schema only):
- New observation_feedback table via MigrationRunner (schema version 24)
- Tracks signal_type (semantic_inject_hit, search_accessed, etc.)
- Indexes on observation_id and signal_type
- Foundation for future Thompson Sampling optimization
Production data (24h tier routing test):
- 36 Haiku observations in 4 min, quality indistinguishable from Sonnet
- Estimated ~52% cost reduction on SDK Agent usage
- 835 → 6,695 feedback signals collected over 13 days
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: semantic context injection via Chroma on every UserPromptSubmit
On each prompt, queries ChromaDB for the top-N most relevant past
observations and injects them as additionalContext. Replaces the
recency-based "last N observations" approach with relevance-based
semantic search.
Changes:
- session-init.ts: After session init, query /api/context/semantic
with user's prompt text. If results found, return as
hookSpecificOutput with hookEventName 'UserPromptSubmit'.
- SearchRoutes.ts: New GET /api/context/semantic endpoint that queries
SearchManager with format='json' and formats results as markdown.
- SettingsDefaultsManager.ts: New settings CLAUDE_MEM_SEMANTIC_INJECT
(default: true) and CLAUDE_MEM_SEMANTIC_INJECT_LIMIT (default: 5).
Key behaviors:
- Fires on every UserPromptSubmit (not just SessionStart)
- Minimum prompt length: 20 chars (skips "ok", "yes", etc.)
- Skips media-only prompts
- Graceful degradation: if worker/Chroma unavailable, no injection
- Survives /clear: re-injects on next prompt (not session-bound)
- Uses workerHttpRequest (v10.6.3 API, not raw fetch)
Production data (23 days, 3,400+ observations):
- Before: 8 most recent observations (often irrelevant to current topic)
- After: 5 most relevant observations (semantic match)
- Token cost: ~1800 → ~800-1200 per injection
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address CodeRabbit review on PR #1568
- session-init: don't skip semantic injection when contextInjected=true
(only skip agent re-init, semantic lookup must run every prompt)
- session-init: normalize SEMANTIC_INJECT toggle via String().toLowerCase()
- semantic endpoint: change from GET to POST to avoid URL-length limits
and prompt exposure in access logs. Handler accepts both body and query
for backwards compatibility.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Alessandro Costa <alessandro@claudio.dev>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
System reminders (CLAUDE.md contents, deferred tool lists) were being
stored in memory observations. Add system-reminder to the tag stripping
pipeline alongside <private> and <system_instruction>, and extract the
duplicated regex into a shared SYSTEM_REMINDER_REGEX constant.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CLAUDE_MEM_MODEL defaulted to the deprecated claude-sonnet-4-5 across source,
installer, tests, and documentation. Updated all references to claude-sonnet-4-6.
Closes#1390
Co-Authored-By: Claude <noreply@anthropic.com>
When CLAUDE_MEM_FOLDER_USE_LOCAL_MD is set to 'true' in settings,
claude-mem writes auto-generated context to CLAUDE.local.md instead
of CLAUDE.md. This separates personal machine-generated context from
shared project instructions, aligning with Claude Code's native
CLAUDE.local.md convention where:
- CLAUDE.md = team-shared project instructions (checked into git)
- CLAUDE.local.md = personal/local context (gitignored)
Changes:
- Add CLAUDE_MEM_FOLDER_USE_LOCAL_MD setting (default: false)
- Add getTargetFilename() helper to resolve target based on settings
- Update writeClaudeMdToFolder() to accept optional target filename
- Update active-file detection to skip folders with either CLAUDE.md
or CLAUDE.local.md being actively read/modified (issue #859 compat)
- Add 8 new tests covering filename selection, write behavior,
content preservation, atomic writes, and active-file detection
Closes#632
Three independent fixes for worker daemon instability:
1. Remove version mismatch auto-restart from ensureWorkerStarted() (#1435).
The marketplace bundle ships with __DEFAULT_PACKAGE_VERSION__ unbaked,
causing BUILT_IN_VERSION to fall back to "development". This creates a
100% reproducible mismatch on every hook call, killing a healthy worker
and often failing to restart. Same pattern across #566, #665, #667,
#669, #689, #1124, #1145 (8+ releases).
2. Add process.ppid and PID-file PID to aggressiveStartupCleanup()
exclusions (#1426). Without this, a newly spawned daemon SIGKILLs
the hook process that spawned it and any already-running worker
the PID file points to.
3. Increase POST_SPAWN_WAIT from 5s to 15s (#1423). The 5s timeout was
sized for Linux (<1s startup) but macOS ARM64 cold starts take 6-8s
with Chroma enabled.
The USER_MESSAGE_ONLY (exit code 3) constant was used by the old
user-message-hook.js (removed in the hooks refactor). Claude Code only
recognizes exit codes 0 (success) and 2 (blocking error) — any other
non-zero exit code is treated as a hook failure, causing the
"SessionStart:startup hook error" message on every session start for
users still running v8.x.
This removes the dead constant and improves the exit code documentation
to prevent reintroduction.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GeminiAgent sends the full conversation history with every API call,
causing quadratic token growth per session. A 100-observation session
sends ~30M cumulative input tokens. This ports the proven truncateHistory()
sliding window from OpenRouterAgent to GeminiAgent.
- Add CLAUDE_MEM_GEMINI_MAX_CONTEXT_MESSAGES (default: 20) and
CLAUDE_MEM_GEMINI_MAX_TOKENS (default: 100000) settings
- Add truncateHistory() to GeminiAgent using shared estimateTokens()
- Always preserve at least the newest message to avoid empty API requests
- Add settings validation in SettingsRoutes (1-100 messages, 1K-1M tokens)
- Add regression tests for truncation and oversized single-prompt edge case
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add embedded Process Supervisor for unified process lifecycle management
Consolidates scattered process management (ProcessManager, GracefulShutdown,
HealthMonitor, ProcessRegistry) into a unified src/supervisor/ module.
New: ProcessRegistry with JSON persistence, env sanitizer (strips CLAUDECODE_*
vars), graceful shutdown cascade (SIGTERM → 5s wait → SIGKILL with tree-kill
on Windows), PID file liveness validation, and singleton Supervisor API.
Fixes#1352 (worker inherits CLAUDECODE env causing nested sessions)
Fixes#1356 (zombie TCP socket after Windows reboot)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add session-scoped process reaping to supervisor
Adds reapSession(sessionId) to ProcessRegistry for killing session-tagged
processes on session end. SessionManager.deleteSession() now triggers reaping.
Tightens orphan reaper interval from 60s to 30s.
Fixes#1351 (MCP server processes leak on session end)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add Unix domain socket support for worker communication
Introduces socket-manager.ts for UDS-based worker communication, eliminating
port 37777 collisions between concurrent sessions. Worker listens on
~/.claude-mem/sockets/worker.sock by default with TCP fallback.
All hook handlers, MCP server, health checks, and admin commands updated to
use socket-aware workerHttpRequest(). Backwards compatible — settings can
force TCP mode via CLAUDE_MEM_WORKER_TRANSPORT=tcp.
Fixes#1346 (port 37777 collision across concurrent sessions)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: remove in-process worker fallback from hook command
Removes the fallback path where hook scripts started WorkerService in-process,
making the worker a grandchild of Claude Code (killed by sandbox). Hooks now
always delegate to ensureWorkerStarted() which spawns a fully detached daemon.
Fixes#1249 (grandchild process killed by sandbox)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add health checker and /api/admin/doctor endpoint
Adds 30-second periodic health sweep that prunes dead processes from the
supervisor registry and cleans stale socket files. Adds /api/admin/doctor
endpoint exposing supervisor state, process liveness, and environment health.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: add comprehensive supervisor test suite
64 tests covering all supervisor modules: process registry (18 tests),
env sanitizer (8), shutdown cascade (10), socket manager (15), health
checker (5), and supervisor API (6). Includes persistence, isolation,
edge cases, and cross-module integration scenarios.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: revert Unix domain socket transport, restore TCP on port 37777
The socket-manager introduced UDS as default transport, but this broke
the HTTP server's TCP accessibility (viewer UI, curl, external monitoring).
Since there's only ever one worker process handling all sessions, the
port collision rationale for UDS doesn't apply. Reverts to TCP-only,
removing ~900 lines of unnecessary complexity.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: remove dead code found in pre-landing review
Remove unused `acceptingSpawns` field from Supervisor class (written but
never read — assertCanSpawn uses stopPromise instead) and unused
`buildWorkerUrl` import from context handler.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* updated gitignore
* fix: address PR review feedback - downgrade HTTP logging, clean up gitignore, harden supervisor
- Downgrade request/response HTTP logging from info to debug to reduce noise
- Remove unused getWorkerPort imports, use buildWorkerUrl helper
- Export ENV_PREFIXES/ENV_EXACT_MATCHES from env-sanitizer, reuse in Server.ts
- Fix isPidAlive(0) returning true (should be false)
- Add shutdownInitiated flag to prevent signal handler race condition
- Make validateWorkerPidFile testable with pidFilePath option
- Remove unused dataDir from ShutdownCascadeOptions
- Upgrade reapSession log from debug to warn
- Rename zombiePidFiles to deadProcessPids (returns actual PIDs)
- Clean up gitignore: remove duplicate datasets/, stale ~*/ and http*/ patterns
- Fix tests to use temp directories instead of relying on real PID file
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When Claude Code runs in a worktree (via Agent tool with isolation: "worktree"),
the transcript path points to the worktree's project directory. After the
worktree is cleaned up, the Stop hook fires but the transcript file no longer
exists, causing extractLastMessage() to throw. This error triggers Claude to
respond, which fires another Stop hook, creating an infinite error loop.
Changed throws to warn-and-return-empty so the summarize hook exits cleanly
with exit 0 instead of cascading errors.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
SettingsDefaultsManager.get() returned only the hardcoded default,
ignoring both environment variables and settings.json overrides. This
meant CLAUDE_MEM_DATA_DIR set via env or settings file had no effect
on paths.ts (and other callers using get()).
Two changes:
- get() now checks process.env before falling back to the default
- paths.ts resolves DATA_DIR with full priority: env var > settings.json
at the default location > hardcoded default
The settings file read uses a synchronous bootstrap pattern to avoid
circular dependencies (DATA_DIR is needed to locate the settings file,
so we check the default path only).
Fixes#1303
Signed-off-by: umut-polat <52835619+umut-polat@users.noreply.github.com>
* fix: unify mode type/concept loading to always use mode definition
Code mode previously read observation types/concepts from settings.json
while non-code modes read from their mode JSON definition. This caused
stale filters to persist when switching between modes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: remove dead observation type/concept settings constants
CLAUDE_MEM_CONTEXT_OBSERVATION_TYPES and OBSERVATION_CONCEPTS are no
longer read by ContextConfigLoader since all modes now use their mode
definition. Removes the constants, defaults, UI controls, and the
now-empty observation-metadata.ts file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add terminal output control for SessionStart context
Add CLAUDE_MEM_CONTEXT_SHOW_TERMINAL_OUTPUT setting to control whether
context is displayed in the terminal at SessionStart.
When set to "false", the terminal remains clean at startup while
context is still injected into Claude's system prompt. This allows
users who find the context output verbose to disable it without
losing the automatic context injection.
Defaults to "true" for backward compatibility.
Changes:
- Add CLAUDE_MEM_CONTEXT_SHOW_TERMINAL_OUTPUT to SettingsDefaultsManager
- Check setting in context handler before setting systemMessage
- Update settings file format to include new option
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: use USER_SETTINGS_PATH and skip color fetch when disabled
Address PR feedback from automated review:
1. Use shared USER_SETTINGS_PATH constant instead of hardcoded path
- Respects custom CLAUDE_MEM_DATA_DIR override
- Consistent with other handlers (session-init, observation)
2. Skip color fetch when terminal output disabled
- Check setting before making HTTP requests
- Saves network round-trip on every session start
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Alan Dong <adong@Alans-MacBook-Pro.local>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* MAESTRO: fix ChromaDB core issues — Python pinning, Windows paths, disable toggle, metadata sanitization, transport errors
- Add --python version pinning to uvx args in both local and remote mode (fixes#1196, #1206, #1208)
- Convert backslash paths to forward slashes for --data-dir on Windows (fixes#1199)
- Add CLAUDE_MEM_CHROMA_ENABLED setting for SQLite-only fallback mode (fixes#707)
- Sanitize metadata in addDocuments() to filter null/undefined/empty values (fixes#1183, #1188)
- Wrap callTool() in try/catch for transport errors with auto-reconnect (fixes#1162)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix data integrity — content-hash deduplication, project name collision, empty project guard, stuck isProcessing
- Add SHA-256 content-hash deduplication to observations INSERT (store.ts, transactions.ts, SessionStore.ts)
- Add content_hash column via migration 22 with backfill and index
- Fix project name collision: getCurrentProjectName() now returns parent/basename
- Guard against empty project string with cwd-derived fallback
- Fix stuck isProcessing: hasAnyPendingWork() resets processing messages older than 5 minutes
- Add 12 new tests covering all four fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix hook lifecycle — stderr suppression, output isolation, conversation pollution prevention
- Suppress process.stderr.write in hookCommand() to prevent Claude Code showing diagnostic
output as error UI (#1181). Restores stderr in finally block for worker-continues case.
- Convert console.error() to logger.warn()/error() in hook-command.ts and handlers/index.ts
so all diagnostics route to log file instead of stderr.
- Verified all 7 handlers return suppressOutput: true (prevents conversation pollution #598, #784).
- Verified session-complete is a recognized event type (fixes#984).
- Verified unknown event types return no-op handler with exit 0 (graceful degradation).
- Added 10 new tests in tests/hook-lifecycle.test.ts covering event dispatch, adapter defaults,
stderr suppression, and standard response constants.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix worker lifecycle — restart loop coordination, stale transport retry, ENOENT shutdown race
- Add PID file mtime guard to prevent concurrent restart storms (#1145):
isPidFileRecent() + touchPidFile() coordinate across sessions
- Add transparent retry in ChromaMcpManager.callTool() on transport
error — reconnects and retries once instead of failing (#1131)
- Wrap getInstalledPluginVersion() with ENOENT/EBUSY handling (#1042)
- Verified ChromaMcpManager.stop() already called on all shutdown paths
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix Windows platform support — uvx.cmd spawn, PowerShell $_ elimination, windowsHide, FTS5 fallback
- Route uvx spawn through cmd.exe /c on Windows since MCP SDK lacks shell:true (#1190, #1192, #1199)
- Replace all PowerShell Where-Object {$_} pipelines with WQL -Filter server-side filtering (#1024, #1062)
- Add windowsHide: true to all exec/spawn calls missing it to prevent console popups (#1048)
- Add FTS5 runtime probe with graceful fallback when unavailable on Windows (#791)
- Guard FTS5 table creation in migrations, SessionSearch, and SessionStore with try/catch
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix skills/ distribution — build-time verification and regression tests (#1187)
Add post-build verification in build-hooks.js that fails if critical
distribution files (skills, hooks, plugin manifest) are missing. Add
10 regression tests covering skill file presence, YAML frontmatter,
hooks.json integrity, and package.json files field.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix MigrationRunner schema initialization (#979) — version conflict between parallel migration systems
Root cause: old DatabaseManager migrations 1-7 shared schema_versions table with
MigrationRunner's 4-22, causing version number collisions (5=drop tables vs add column,
6=FTS5 vs prompt tracking, 7=discovery_tokens vs remove UNIQUE). initializeSchema()
was gated behind maxApplied===0, so core tables were never created when old versions
were present.
Fixes:
- initializeSchema() always creates core tables via CREATE TABLE IF NOT EXISTS
- Migrations 5-7 check actual DB state (columns/constraints) not just version tracking
- Crash-safe temp table rebuilds (DROP IF EXISTS _new before CREATE)
- Added missing migration 21 (ON UPDATE CASCADE) to MigrationRunner
- Added ON UPDATE CASCADE to FK definitions in initializeSchema()
- All changes applied to both runner.ts and SessionStore.ts
Tests: 13 new tests in migration-runner.test.ts covering fresh DB, idempotency,
version conflicts, crash recovery, FK constraints, and data integrity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix 21 test failures — stale mocks, outdated assertions, missing OpenClaw guards
Server tests (12): Added missing workerPath and getAiStatus to ServerOptions
mocks after interface expansion. ChromaSync tests (3): Updated to verify
transport cleanup in ChromaMcpManager after architecture refactor. OpenClaw (2):
Added memory_ tool skipping and response truncation to prevent recursive loops
and oversized payloads. MarkdownFormatter (2): Updated assertions to match
current output. SettingsDefaultsManager (1): Used correct default key for
getBool test. Logger standards (1): Excluded CLI transcript command from
background service check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix Codex CLI compatibility (#744) — session_id fallbacks, unknown platform tolerance, undefined guard
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix Cursor IDE integration (#838, #1049) — adapter field fallbacks, tolerant session-init validation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix /api/logs OOM (#1203) — tail-read replaces full-file readFileSync
Replace readFileSync (loads entire file into memory) with readLastLines()
that reads only from the end of the file in expanding chunks (64KB → 10MB cap).
Prevents OOM on large log files while preserving the same API response shape.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix Settings CORS error (#1029) — explicit methods and allowedHeaders in CORS config
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: add session custom_title for agent attribution (#1213) — migration 23, endpoint + store support
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: prevent CLAUDE.md/AGENTS.md writes inside .git/ directories (#1165)
Add .git path guard to all 4 write sites to prevent ref corruption when
paths resolve inside .git internals.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix plugin disabled state not respected (#781) — early exit check in all hook entry points
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix UserPromptSubmit context re-injection on every turn (#1079) — contextInjected session flag
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* MAESTRO: fix stale AbortController queue stall (#1099) — lastGeneratorActivity tracking + 30s timeout
Three-layer fix:
1. Added lastGeneratorActivity timestamp to ActiveSession, updated by
processAgentResponse (all agents), getMessageIterator (queue yields),
and startGeneratorWithProvider (generator launch)
2. Added stale generator detection in ensureGeneratorRunning — if no
activity for >30s, aborts stale controller, resets state, restarts
3. Added AbortSignal.timeout(30000) in deleteSession to prevent
indefinite hang when awaiting a stuck generator promise
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: rename save_memory to save_observation and fix MCP search instructions
Stop the primary agent from proactively saving memories by renaming
save_memory to save_observation with a neutral description. Remove
"Saving Memories" section from SKILL.md. Update context formatters
and output styles to reference the mem-search skill instead of raw
MCP tool names.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: split SessionStart hooks so smart-install failure doesn't block worker start
smart-install.js and worker-start were in the same hook group, so if
smart-install exited non-zero the worker never started. Split into
separate hook groups so they run independently.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: worker startup waits for readiness before hooks fire
Move initializationCompleteFlag to set after DB/search init (not MCP),
add waitForReadiness() polling /api/readiness, and extract shared
pollEndpointUntilOk helper to DRY up health/readiness checks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: replace WASM embeddings with persistent chroma-mcp MCP connection
Replace ChromaServerManager (npx chroma run + chromadb npm + ONNX/WASM)
with ChromaMcpManager, a singleton stdio MCP client that communicates with
chroma-mcp via uvx. This eliminates native binary issues, segfaults, and
WASM embedding failures that plagued cross-platform installs.
Key changes:
- Add ChromaMcpManager: singleton MCP client with lazy connect, auto-reconnect,
connection lock, and Zscaler SSL cert support
- Rewrite ChromaSync to use MCP tool calls instead of chromadb npm client
- Handle chroma-mcp's non-JSON responses (plain text success/error messages)
- Treat "collection already exists" as idempotent success
- Wire ChromaMcpManager into GracefulShutdown for clean subprocess teardown
- Delete ChromaServerManager (no longer needed)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address PR review — connection guard leak, timer leak, async reset
- Clear connecting guard in finally block to prevent permanent reconnection block
- Clear timeout after successful connection to prevent timer leak
- Make reset() async to await stop() before nullifying instance
- Delete obsolete chroma-server-manager test (imports deleted class)
- Update graceful-shutdown test to use chromaMcpManager property name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: prevent chroma-mcp spawn storm — zombie cleanup, stale onclose guard, reconnect backoff
Three bugs caused chroma-mcp processes to accumulate (92+ observed):
1. Zombie on timeout: failed connections left subprocess alive because
only the timer was cleared, not the transport. Now catch block
explicitly closes transport+client before rethrowing.
2. Stale onclose race: old transport's onclose handler captured `this`
and overwrote the current connection reference after reconnect,
orphaning the new subprocess. Now guarded with reference check.
3. No backoff: every failure triggered immediate reconnect. With
backfill doing hundreds of MCP calls, this created rapid-fire
spawning. Added 10s backoff on both connection failure and
unexpected process death.
Also includes ChromaSync fixes from PR review:
- queryChroma deduplication now preserves index-aligned arrays
- SQL injection guard on backfill ID exclusion lists
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: configurable subprocess pool limit for SDK agents
Prevents runaway accumulation of Claude SDK agent subprocesses by
enforcing a configurable concurrency limit.
- New CLAUDE_MEM_MAX_CONCURRENT_AGENTS setting (default: 2)
- Promise-based waitForSlot() in ProcessRegistry (not polling per
review feedback on #830)
- Waiters are notified via unregisterProcess when a slot frees up
- SDKAgent.startSession() waits for a slot before spawning
- 60s timeout prevents indefinite waits
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
* fix: remove unused originalUnregister const and getActiveCount import
Cleanup from Greptile review:
- Remove dead `originalUnregister` variable in ProcessRegistry
- Remove unused `getActiveCount` import in SDKAgent
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Happy <yesreply@happy.engineering>
Add systemMessage field to HookResult so SessionStart can display a
colored timeline directly to the user in the CLI. The handler now
parallel-fetches both markdown (for Claude context) and ANSI-colored
(for user display) timelines, appending a viewer URL link.
Also update default settings to hide verbose token columns (read/work
tokens, savings amount) and disable full observation expansion, keeping
the cleaner index-only view by default.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Strip CLAUDECODE env var from SDK subprocesses to prevent "cannot be
launched inside another Claude Code session" error (Claude Code 2.1.42+)
- Lazy-load @chroma-core/default-embed to avoid eagerly pulling in
sharp native binaries at bundle startup (fixes ERR_DLOPEN_FAILED)
- Add stderr capture to SDK spawn for diagnosing future process failures
- Exclude lockfiles from marketplace rsync and delete stale lockfiles
before npm install to prevent native dep version mismatches
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resolve conflicts between Chroma HTTP server PR and main branch changes
(folder CLAUDE.md, exclusion settings, Zscaler SSL, transport cleanup).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Three fixes to make OpenClaw agent observations work end-to-end:
1. Session init in before_agent_start — the worker's privacy check
requires a stored user prompt; without calling /api/sessions/init,
all observations were skipped as "private"
2. Race condition fix in agent_end — await summarize before sending
complete, preventing session deletion before in-flight observation
POSTs arrive
3. OAuth token pass-through in buildIsolatedEnv — spawned Claude CLI
processes now receive CLAUDE_CODE_OAUTH_TOKEN from the worker's
env when no explicit API key is configured
Also adds agent-specific emoji mapping and dynamic project naming
for the Telegram observation feed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reduce timeouts to eliminate 10-30s startup delay when worker is dead
(common on WSL2 after hibernate). Add stale PID detection, graceful
error handling across all handlers, and error classification that
distinguishes worker unavailability from handler bugs.
- HEALTH_CHECK 30s→3s, new POST_SPAWN_WAIT (5s), PORT_IN_USE_WAIT (3s)
- isProcessAlive() with EPERM handling, cleanStalePidFile()
- getPluginVersion() try-catch for shutdown race (#1042)
- isWorkerUnavailableError: transport+5xx+429→exit 0, 4xx→exit 2
- No-op handler for unknown event types (#984)
- Wrap all handler fetch calls in try-catch for graceful degradation
- CLAUDE_MEM_HEALTH_TIMEOUT_MS env var override with validation
1. ProcessManager: Migrate spawnDaemon() from WMIC to PowerShell Start-Process
- WMIC deprecated in Windows 11, PowerShell inherits env vars properly
- Use -WindowStyle Hidden to prevent console popups
- Fix redundant backslash escaping in PowerShell $_ variables
2. ChromaSync: Re-enable vector search on Windows
- Remove overly defensive platform check that disabled all semantic search
- Worker daemon starts with -WindowStyle Hidden; child processes inherit
- MCP SDK's StdioClientTransport uses shell:false, no new console created
3. worker-service: Unified DB-ready gate middleware
- Replace single-endpoint /api/sessions/init wait with global middleware
- Hold all DB-dependent requests until database is initialized (30s timeout)
- Whitelist static assets, /health, and viewer page for immediate response
- Separate dbReadyPromise (DB only) from initializationComplete (full init)
- Fixes "Database not initialized" errors on /stream, /summarize, /init
4. EnvManager: Switch from allowlist to blocklist for subprocess env
- Only strip ANTHROPIC_API_KEY to prevent Issue #733 billing hijack
- Pass through all other vars (ANTHROPIC_AUTH_TOKEN, ANTHROPIC_BASE_URL, etc.)
- Simpler, less fragile than maintaining an exhaustive system vars allowlist
Cherry-picked both PRs to main (both had merge conflicts with current main).
PR #920 (@Spunky84): CLAUDE_MEM_EXCLUDED_PROJECTS setting with glob patterns
to exclude entire projects from memory tracking (privacy/confidentiality).
Early-exit in session-init and observation handlers. 11 unit tests.
PR #699 (@leepokai): CLAUDE_MEM_FOLDER_MD_EXCLUDE setting with JSON array
of paths to exclude from CLAUDE.md file generation (fixes SwiftUI/Xcode
build conflicts and drizzle kit migration failures). Closes#620.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds applyEnvOverrides() method to SettingsDefaultsManager ensuring
env vars take highest priority over file and default settings.
Configuration priority is now: env > file > defaults.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add MARKETPLACE_ROOT constant to paths.ts and update 5 source files to use
centralized path constants instead of hardcoded ~/.claude paths. Preserves
backwards compatibility when CLAUDE_CONFIG_DIR is not set.
Based on PR #634 by @Kuroakira, cherry-picked onto main due to build artifact
merge conflicts (source changes applied cleanly).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Gemini API requires the -preview suffix for the Gemini 3 Flash model.
gemini-3-flash does not exist - only gemini-3-flash-preview is available.
This was causing 404 errors when users selected this model option.
Closes#831
Co-Authored-By: Glucksberg <markuscontasul@gmail.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a user exits Claude Code before any assistant response is generated,
the summarize Stop hook would crash with:
"No message found for role 'assistant' in transcript"
This happened because extractLastMessage() threw an error when no message
of the requested role was found. The fix returns an empty string instead,
which the summarize handler already handles gracefully (it logs
hasLastAssistantMessage: false and continues).
This is consistent with the function's existing behavior - it already
returns '' in other edge cases (line 64).
Fixes sessions that exit early before assistant responds.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
JSON.parse preserves native types, so boolean true/false stay as
booleans rather than strings. The previous check only handled string
'true', meaning users who set `"ENABLED": true` (boolean) wouldn't
have the feature work.
Now both `getBool()` helper and ResponseProcessor check handle:
- String 'true' → enabled
- Boolean true → enabled
- Any other value → disabled
Tested: Confirmed feature stays disabled with string "false" and
no new CLAUDE.md files are created when accessing directories.
The CLAUDE_MEM_FOLDER_CLAUDEMD_ENABLED setting was documented but never
actually checked in code. The folder CLAUDE.md generation ran
unconditionally whenever files were touched.
Changes:
- Add CLAUDE_MEM_FOLDER_CLAUDEMD_ENABLED to SettingsDefaults interface
- Add default value 'false' to DEFAULTS object
- Check setting in ResponseProcessor before calling updateFolderClaudeMdFiles
Fixes the issue identified in issue-600-documentation-audit-features-not-implemented.md:
"The setting CLAUDE_MEM_FOLDER_CLAUDEMD_ENABLED is never read."
Replace Promise.race with new Promise wrapper so timeoutId is assigned
as const before fetch starts. Timer is now cleared on both fetch success
and fetch rejection, not just success.
Replace bare fetch() calls with fetchWithTimeout() using Promise.race
instead of AbortSignal.timeout() which causes libuv assertion crashes
in Bun on Windows.
Applies the already-defined HEALTH_CHECK_TIMEOUT_MS (30s/45s) to
isWorkerHealthy() and getWorkerVersion(), and HOOK_TIMEOUTS.DEFAULT
to the summarize POST. Previously these fetches had no timeout at all,
causing the Stop hook to hang for the full hook timeout (120s) when
the worker was unreachable.
Fixes#963
The user-message handler references HOOK_EXIT_CODES.USER_MESSAGE_ONLY
but the constant was missing from hook-constants.ts, causing it to
return exitCode: undefined. The handler is still registered for Cursor's
afterFileEdit flow.
Fixes the "Worker did not become ready within 15 seconds" timeout issue.
Root cause: isWorkerHealthy() and waitForHealth() were checking /api/readiness
which returns 503 until full initialization completes (including MCP connection
which can take 5+ minutes). Hooks only have 15 seconds timeout.
Solution: Use /api/health (liveness check) which returns 200 as soon as the
HTTP server is listening. This is sufficient for hook communication since
the worker can accept requests while background initialization continues.
Changes:
- src/shared/worker-utils.ts: Change /api/readiness to /api/health in isWorkerHealthy()
- src/services/infrastructure/HealthMonitor.ts: Change /api/readiness to /api/health in waitForHealth()
- tests/infrastructure/health-monitor.test.ts: Update test to expect /api/health
Fixes#811, #772, #729
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replaced console.warn/error with logger.warn/error calls per project standards
- Test suite enforces no console.* in background services (logs are invisible)
- Build verified: worker-service, mcp-server, context-generator, viewer UI all built
- All 797 tests pass (0 fail)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This fixes Issue #733 where claude-mem would incorrectly use ANTHROPIC_API_KEY from
random project .env files instead of the user's configured Claude Code CLI subscription.
Root cause: The SDK's `query()` function inherits from `process.env` when no `env`
option is passed. When users work in projects with their own .env files containing
API keys, the SDK would discover and use those keys, billing the wrong account.
Solution: Centralized credential management via ~/.claude-mem/.env
Changes:
- Add EnvManager.ts: Centralized credential storage and isolated env builder
- SDKAgent: Pass isolated env to SDK query() that only includes credentials from
~/.claude-mem/.env, not random keys from process.env inheritance
- GeminiAgent/OpenRouterAgent: Use getCredential() instead of process.env fallback
- SettingsDefaultsManager: Add CLAUDE_MEM_CLAUDE_AUTH_METHOD setting ('cli' | 'api')
How it works:
1. buildIsolatedEnv() creates a clean environment with only essential system vars
(PATH, HOME, etc.) and credentials explicitly configured in ~/.claude-mem/.env
2. SDK subprocess runs with this isolated env, never seeing random API keys
3. If no ANTHROPIC_API_KEY is in ~/.claude-mem/.env, Claude Code CLI billing is used
4. Same pattern applied to Gemini/OpenRouter agents for consistency
This ensures claude-mem always uses the user's intended billing method, regardless
of what .env files exist in their working directory.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The previous approach (PR #837) set CLAUDE_CONFIG_DIR to isolate observer
sessions from `claude --resume`. However, this broke authentication because
Claude Code stores credentials in the config directory.
This fix uses the SDK's `cwd` option instead:
- Observer sessions run with cwd=~/.claude-mem/observer-sessions/
- Project name = path.basename(cwd) = "observer-sessions"
- Sessions won't appear when running `claude --resume` from actual projects
- Authentication works because ~/.claude/ config is preserved
Changes:
- ProcessRegistry.ts: Remove CLAUDE_CONFIG_DIR override from spawn
- SDKAgent.ts: Add cwd option to query() pointing to observer dir
- paths.ts: Rename OBSERVER_CONFIG_DIR to OBSERVER_SESSIONS_DIR
Fixes regression from #837
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Observer sessions created by claude-mem were appearing in the main Claude Code
session picker (`claude --resume`), cluttering the list with internal plugin
sessions that users never intend to resume.
In one user's case: 74 observer sessions out of ~220 total (34% noise).
## Solution
Set `CLAUDE_CONFIG_DIR` to `~/.claude-mem/observer-config/` when spawning
observer Claude processes. This stores observer session files in a separate
location, isolating them from user sessions.
## Changes
1. Added `OBSERVER_CONFIG_DIR` to paths.ts
2. Modified `createPidCapturingSpawn()` in ProcessRegistry.ts to inject
`CLAUDE_CONFIG_DIR` environment variable
Observer sessions now write their `.jsonl` files to:
`~/.claude-mem/observer-config/projects/*/`
Instead of the user's:
`~/.claude/projects/*/`
Fixes#832
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Alex Newman