The startup cleanupOrphanedProcesses() only targeted chroma-mcp, leaving
orphaned mcp-server.cjs and worker-service.cjs processes undetected after
daemon crashes. Expanded to target all claude-mem process types with
30-minute age filtering and current PID exclusion. Closes PR #687 (which
had a spawnDaemon regression removing Windows WMIC support).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PR #738's QueryWrapper/QueryWrapperManager introduces a separate process tracking
system alongside the existing ProcessRegistry. Its orphan cleanup duplicates
killSystemOrphans() and killIdleDaemonChildren() already in main.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All changes from the comprehensive PR were merged incrementally:
- PR #845 (v9.0.12): cwd isolation replacing CLAUDE_CONFIG_DIR
- PR #733: EnvManager.ts with buildIsolatedEnv() for credential isolation
- CLAUDE_MEM_CLAUDE_AUTH_METHOD setting already in SettingsDefaultsManager
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PR #879 adds killIdleDaemonChildren() to ProcessRegistry, targeting idle
Claude SDK processes that are children of the worker-service daemon but
weren't caught by the existing registry-based or ppid=1 cleanup paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add killIdleDaemonChildren() to clean up SDK-spawned claude processes
that don't terminate after completing their work.
Problem:
- Worker-service daemon spawns Claude SDK processes
- These processes remain alive after work completes
- They accumulate over time, consuming significant memory
- Existing killSystemOrphans() only handles PPID=1 orphans
Solution:
- Add killIdleDaemonChildren() that finds claude processes where:
- Parent PID = daemon's PID (children of worker-service)
- CPU = 0% (idle, not actively working)
- Running > 2 minutes (completed their work)
- Call it from reapOrphanedProcesses() (runs every 5 minutes)
Testing:
- Verified locally: 15+ zombie processes cleaned up
- Memory saved: ~2GB
- Normal processes (MCP server, Chroma) unaffected
Co-Authored-By: Claude <noreply@anthropic.com>
Both features proposed by PR #867 are already addressed:
1. Zombie observer idle timeout: fully implemented in SessionQueueProcessor.ts
2. Startup batching: 100ms stagger + idle timeout makes it unnecessary
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds file-based cooldown lock in ensureWorkerStarted() so failed worker
spawn attempts on Windows don't produce repeated bun.exe terminal popups.
Based on the approach from PR #931, integrated into the refactored code.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Removed shell: IS_WINDOWS from bun-runner.js spawn() call to prevent
cmd.exe from splitting paths at spaces. Added windowsHide: true to
prevent visible console windows on Windows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On Windows, when the username contains spaces (e.g., "Tafari Higgs"),
bun-runner.js fails with: Syntax Error at C:\Users\Tafari:1:2
This happens because `shell: IS_WINDOWS` (true on Windows) causes
spawn() to route through cmd.exe, which misinterprets the path at
the first space in the username directory.
Removing `shell: true` on Windows fixes the issue since spawn()
can invoke the Bun binary directly without needing a shell wrapper.
Added `windowsHide: true` to prevent a visible console window from
appearing, matching the previous hidden behavior under cmd.exe.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SessionStart hooks must run synchronously because the context hook's stdout
is captured and injected as Claude's system-level memory context. The Windows
blocking issue was already resolved by the fail-open approach in PRs #973,
#959, and #964.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace Promise.race with new Promise wrapper so timeoutId is assigned
as const before fetch starts. Timer is now cleared on both fetch success
and fetch rejection, not just success.
Replace bare fetch() calls with fetchWithTimeout() using Promise.race
instead of AbortSignal.timeout() which causes libuv assertion crashes
in Bun on Windows.
Applies the already-defined HEALTH_CHECK_TIMEOUT_MS (30s/45s) to
isWorkerHealthy() and getWorkerVersion(), and HOOK_TIMEOUTS.DEFAULT
to the summarize POST. Previously these fetches had no timeout at all,
causing the Stop hook to hang for the full hook timeout (120s) when
the worker was unreachable.
Fixes#963
The /api/context/inject endpoint previously blocked for up to 5 minutes
(300s timeout) waiting for initializationComplete, which includes MCP
connection setup. On Windows, the MCP connection can hang indefinitely,
causing the context hook to never return and blocking Claude Code startup.
This change makes the endpoint fail open: if the worker hasn't finished
initializing, return empty context immediately instead of blocking. The
hook completes fast, and context becomes available on subsequent prompts
once initialization finishes in the background.
Closes#958
Three issues fixed:
1. session-init handler: Worker 500 errors caused `throw`, which
hook-command.ts caught and exited with code 2 (blocking error).
This blocked the user's prompt entirely with:
"Hook error: Error: Session initialization failed: 500"
Fix: Log the failure and return SUCCESS so the prompt proceeds.
2. user-message handler: Referenced nonexistent constant
HOOK_EXIT_CODES.USER_MESSAGE_ONLY (undefined). Also used
console.error() for informational output, which Claude Code
may flag as an error. Fix: Use process.stderr.write() and
return HOOK_EXIT_CODES.SUCCESS explicitly.
3. Both handlers threw on HTTP errors from the worker, causing
exit code 2 (blocking). Memory plugin failures should never
prevent users from using Claude Code. All worker HTTP failures
now log and return gracefully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The user-message handler references HOOK_EXIT_CODES.USER_MESSAGE_ONLY
but the constant was missing from hook-constants.ts, causing it to
return exitCode: undefined. The handler is still registered for Cursor's
afterFileEdit flow.
The user-message hook exits with code 3 (USER_MESSAGE_ONLY), which Claude
Code interprets as a hook failure, displaying "SessionStart:startup hook
error" on every session start. The context hook already handles injecting
context into the conversation, making the user-message hook redundant.
Removing it eliminates the spurious error message and saves ~60 seconds
of potential timeout on systems where the worker is slow to respond.
Closes#905
PR #896 identified a valid XSS concern in TerminalPreview.tsx but was
broken (missing DOMPurify import and dependency). The existing
escapeXML:true on AnsiToHtml already mitigates the vector, but
DOMPurify adds defense-in-depth sanitization.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevents cross-origin attacks from malicious websites by restricting
CORS to only allow:
- Requests without Origin header (hooks, curl, CLI tools)
- Requests from localhost / 127.0.0.1 origins
Previously, CORS was completely open (cors() without configuration),
allowing any website to access the local API and read session data.
PR #875 used negative logic naming (DISABLE instead of ENABLED), superseded
by PR #913 which uses the established CLAUDE_MEM_FOLDER_CLAUDEMD_ENABLED setting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Alex Newman