v9.0.17

Bug Fixes

Fix Fresh Install Bun PATH Resolution (#818)

On fresh installations, hooks would fail because Bun wasn't in PATH until terminal restart. The smart-install.js script installs Bun to ~/.bun/bin/bun, but the current shell session doesn't have it in PATH.

Fix: Introduced bun-runner.js — a Node.js wrapper that searches common Bun installation locations across all platforms:

• PATH (via which/where)
• ~/.bun/bin/bun (default install location)
• /usr/local/bin/bun
• /opt/homebrew/bin/bun (macOS Homebrew)
• /home/linuxbrew/.linuxbrew/bin/bun (Linuxbrew)
• Windows: %LOCALAPPDATA%\bun or fallback paths

All 9 hook definitions updated to use node bun-runner.js instead of direct bun calls.

Files changed:

• plugin/scripts/bun-runner.js — New 88-line Bun discovery script
• plugin/hooks/hooks.json — All hook commands now route through bun-runner

Fixes #818 | PR #827 by @bigphoot

v9.0.16

Bug Fixes

Fix Worker Startup Timeout (#811, #772, #729)

Resolves the "Worker did not become ready within 15 seconds" timeout error that could prevent hooks from communicating with the worker service.

Root cause: isWorkerHealthy() and waitForHealth() were checking /api/readiness, which returns 503 until full initialization completes — including MCP connection setup that can take 5+ minutes. Hooks only have a 15-second timeout window.

Fix: Switched to /api/health (liveness check), which returns 200 as soon as the HTTP server is listening. This is sufficient for hook communication since the worker accepts requests while background initialization continues.

Files changed:

• src/shared/worker-utils.ts — isWorkerHealthy() now checks /api/health
• src/services/infrastructure/HealthMonitor.ts — waitForHealth() now checks /api/health
• tests/infrastructure/health-monitor.test.ts — Updated test expectations

PR Merge Tasks

• PR #820 merged with full verification pipeline (rebase, code review, build verification, test, manual verification)

v9.0.15

Security Fix

Isolated Credentials (#745)

• Prevents API key hijacking from random project .env files
• Credentials now sourced exclusively from ~/.claude-mem/.env
• Only whitelisted environment variables passed to SDK query() calls
• Authentication method logging shows whether using Claude Code CLI subscription billing or explicit API key

This is a security-focused patch release that hardens credential handling to prevent unintended API key usage from project directories.

v9.0.14

In-Process Worker Architecture

This release includes the merged in-process worker architecture from PR #722, which fundamentally improves how hooks interact with the worker service.

Changes

• In-process worker architecture - Hook processes now become the worker when port 37777 is available, eliminating Windows spawn issues
• Hook command improvements - Added skipExit option to hook-command.ts for chained command execution
• Worker health checks - worker-utils.ts now returns boolean status for cleaner health monitoring
• Massive CLAUDE.md cleanup - Removed 76 redundant documentation files (4,493 lines removed)
• Chained hook configuration - hooks.json now supports chained commands for complex workflows

Technical Details

The in-process architecture means hooks no longer need to spawn separate worker processes. When port 37777 is available, the hook itself becomes the worker, providing:

• Faster startup times
• Better resource utilization
• Elimination of process spawn failures on Windows

Full PR: #722

v9.0.13

Bug Fixes

Zombie Observer Prevention (#856)

Fixed a critical issue where observer processes could become "zombies" - lingering indefinitely without activity. This release adds:

• 3-minute idle timeout: SessionQueueProcessor now automatically terminates after 3 minutes of inactivity
• Race condition fix: Resolved spurious wakeup issues by resetting lastActivityTime on queue activity
• Comprehensive test coverage: Added 11 new tests for the idle timeout mechanism

This fix prevents resource leaks from orphaned observer processes that could accumulate over time.

v9.0.12

Fix: Authentication failure from observer session isolation

Critical bugfix for users who upgraded to v9.0.11.

Problem

v9.0.11 introduced observer session isolation using CLAUDE_CONFIG_DIR override, which inadvertently broke authentication:

Invalid API key · Please run /login

This happened because Claude Code stores credentials in the config directory, and overriding it prevented access to existing auth tokens.

Solution

Observer sessions now use the SDK's cwd option instead:

• Sessions stored under ~/.claude-mem/observer-sessions/ project
• Auth credentials in ~/.claude/ remain accessible
• Observer sessions still won't pollute claude --resume lists

Affected Users

Anyone running v9.0.11 who saw "Invalid API key" errors should upgrade immediately.

---

🤖 Generated with Claude Code

v9.0.11

Bug Fixes

Observer Session Isolation (#837)

Observer sessions created by claude-mem were polluting the claude --resume list, cluttering it with internal plugin sessions that users never intend to resume. In one user's case, 74 observer sessions out of ~220 total (34% noise).

Solution: Observer processes now use a dedicated config directory (~/.claude-mem/observer-config/) to isolate their session files from user sessions.

Thanks to @Glucksberg for this fix! Fixes #832.

Stale memory_session_id Crash Prevention (#839)

After a worker restart, stale memory_session_id values in the database could cause crashes when attempting to resume SDK conversations. The existing guard didn't protect against this because session data was loaded from the database.

Solution: Clear memory_session_id when loading sessions from the database (not from cache). The key insight: if a session isn't in memory, any database memory_session_id is definitely stale.

Thanks to @bigph00t for this fix! Fixes #817.

---

Full Changelog: v9.0.10...v9.0.11

v9.0.10

Bug Fix

Fixed path format mismatch causing folder CLAUDE.md files to show "No recent activity" (#794) - Thanks @bigph00t!

The folder-level CLAUDE.md generation was failing to find observations due to a path format mismatch between how API queries used absolute paths and how the database stored relative paths. The isDirectChild() function's simple prefix match always returned false in these cases.

Root cause: PR #809 (v9.0.9) only masked this bug by skipping file creation when "no activity" was detected. Since ALL folders were affected, this prevented file creation entirely. This PR provides the actual fix.

Changes:

• Added new shared module src/shared/path-utils.ts with robust path normalization and matching utilities
• Updated SessionSearch.ts, regenerate-claude-md.ts, and claude-md-utils.ts to use shared path utilities
• Added comprehensive test coverage (61 new tests) for path matching edge cases

---

🤖 Generated with Claude Code

v9.0.9

Bug Fixes

Prevent Creation of Empty CLAUDE.md Files (#809)

Previously, claude-mem would create new CLAUDE.md files in project directories even when there was no activity to display, cluttering codebases with empty context files showing only "No recent activity".

What changed: The updateFolderClaudeMdFiles function now checks if the formatted content contains no activity before writing. If a CLAUDE.md file doesn't already exist and there's nothing to show, it will be skipped entirely. Existing files will still be updated to reflect "No recent activity" if that's the current state.

Impact: Cleaner project directories - only folders with actual activity will have CLAUDE.md context files created.

Thanks to @maxmillienjr for this contribution!

v9.0.8

Fix: Prevent Zombie Process Accumulation (Issue #737)

This release fixes a critical issue where Claude haiku subprocesses spawned by the SDK weren't terminating properly, causing zombie process accumulation. One user reported 155 processes consuming 51GB RAM.

Root Causes Addressed

• SDK's SpawnedProcess interface hides subprocess PIDs
• deleteSession() didn't verify subprocess exit
• abort() was fire-and-forget with no confirmation
• No mechanism to track or clean up orphaned processes

Solution

• ProcessRegistry module: Tracks spawned Claude subprocesses via PID
• Custom spawn: Uses SDK's spawnClaudeCodeProcess option to capture PIDs
• Signal propagation: Passes signal parameter to enable AbortController integration
• Graceful shutdown: Waits for subprocess exit in deleteSession() with 5s timeout
• SIGKILL escalation: Force-kills processes that don't exit gracefully
• Orphan reaper: Safety net running every 5 minutes to clean up any missed processes
• Race detection: Warns about multiple processes per session (race condition indicator)

Files Changed

• src/services/worker/ProcessRegistry.ts (new): PID registry and reaper
• src/services/worker/SDKAgent.ts: Use custom spawn to capture PIDs
• src/services/worker/SessionManager.ts: Verify subprocess exit on delete
• src/services/worker-service.ts: Start/stop orphan reaper

Full Changelog: v9.0.7...v9.0.8

Fixes #737