v0.3.1

Added

• install: cmk install now scaffolds a .gitattributes that pins committed memory to LF line endings. Default Windows git (autocrlf=true) rewrites line endings at clone, which could make committed facts unreadable on a Windows checkout. The reader already self-heals (v0.3.0); this prevents the mangling at the source so your memory travels intact across platforms. Idempotent managed block (refreshed in place; everything else in your .gitattributes is preserved).

• config(129): cmk config get / set / --show-origin — settings without hand-editing JSON. Now that --with-semantic writes a real user-facing setting (search.default_mode), you can read and change kit settings by dotted key instead of editing context/settings.json by hand: cmk config get search.default_mode resolves across tiers (local > project > user), cmk config set search.default_mode hybrid writes the project tier (or --local for the gitignored per-machine tier, preserving sibling keys), and cmk config --show-origin <key> shows every tier that defines it — which value wins and which are shadowed.

• security(134): Poison_Guard screens more secret types. The secret catalog gained fixed-prefix provider tokens — GitHub OAuth/app/refresh + fine-grained PATs, Stripe live keys, Google API keys, GitLab PATs, npm tokens, and Hugging Face tokens — so a captured fact carrying one is rejected before it lands on disk. Pure additions (literal prefixes + length floors, no entropy heuristics); each ships a benign-near-miss test so ordinary prose is never falsely blocked.

• memory(143): semantic near-duplicate detection at write time — memory rot dies at the door. With semantic recall enabled (cmk install --with-semantic), explicit captures (cmk remember / mk_remember) now compare the incoming fact against existing memory by meaning: "use uv not pip" vs "always install with uv, never pip" is caught even with zero keyword overlap, and routed to the conflict queue as a reviewable proposal — never silently dropped, never silently duplicated (cmk queue conflicts to resolve). Fully local (one embedding per capture, no API calls); degrades gracefully to the existing literal dedup when the embedder is absent. The detection threshold was measured against the real model, not assumed.

• doctor(144): a memory-HEALTH section — content quality, not just plumbing. cmk doctor now ends with an informational read-only summary of what's IN your memory: total facts with the trust distribution, old-and-untouched facts worth a skim, possible duplicate pairs (literal token-overlap candidates — surfaced for review, never auto-removed), and pending conflict/review queue items. A healthy memory earns one quiet line; concerns appear only when non-zero, and the section never affects the doctor exit code.

• ux(145): a session-start status line — the kit finally tells you it's working. Every session now opens with one user-visible line (e.g. claude-memory-kit: 23 fact(s) in context, 2 captured in the last 24h, 1 conflict(s) pending — cmk queue), shown via the hook's user-display channel: the model never sees it and it costs zero context tokens. An empty project says so honestly (memory is empty — capture starts this session) instead of staying silent.

• install(141a): npm 12 readiness — the kit survives July 2026's install-scripts flip. npm 12 turns dependency install scripts off by default, which silently blocks the native build better-sqlite3 needs (the package then looks installed but search crashes at first use). Now: cmk install probes the binding up front and offers to fix it inline (one [Y/n], runs the documented --allow-scripts reinstall for you); cmk install --with-semantic passes --allow-scripts=onnxruntime-node itself on npm ≥ 11.16; a new doctor check (HC-8) backstops with the exact remediation command; the README documents the prepared-install one-liner.

• import(142): cmk import-claude-md — onboard from the rules file you already own. New installs no longer start empty: one command parses an existing CLAUDE.md (default), .cursorrules, AGENTS.md, or any rules file into typed granular facts (user/feedback/project/reference, inferred from headings) through the kit's safe write path — Poison_Guard secret screening, home-path sanitization, dedup against existing memory — with write_source: imported, trust: medium, and real source_file/source_line provenance. Code fences and the kit's own managed block are never imported. --dry-run previews; apply requires explicit --yes.

Fixed

• privacy: <private> content is now stripped on every write path, not just the prompt hook. Previously <private>…</private> was redacted only by the prompt-capture hook, so a fact written via cmk remember, mk_remember, or an import could carry the secret verbatim into committed memory. It's now stripped at the shared write boundary (terse bullets and rich fact files, all tiers) before anything touches disk — and the content-addressed id is computed from the redacted text, so dedup keys on what actually lands.

• privacy: a <private> secret could survive in a fact's title when an 80-character title trim severed the closing tag. A fact's title is derived from the captured text and trimmed to 80 characters; if that trim landed inside a <private>…</private> span it broke the closing tag, the redaction regex no longer matched, and the secret leaked into the frontmatter title + the index. The strip now runs before the title is derived, so a trimmed title can never carry private content (verified end-to-end: title, filename, and index all redacted).

• cmk repair --index now actually rebuilds the index. The repair path invoked the full reindex without the database handle it needs, so cmk repair --index / --all silently did nothing — masked because every test mocked the reindexer. It now opens the db and runs the real rebuild on the real path.

• a failed index rebuild after a capture is no longer silent. cmk keeps context/memory/INDEX.md current on every write (best-effort). If that rebuild ever failed (e.g. an auto-extract hook killed mid-rebuild), the committed index could quietly fall behind the actual facts with no trace. The failure now records an audit entry, and cmk doctor (HC-4) already flags the drift with cmk reindex as the one-command fix — the fact itself is always safely on disk.

• persona: cross-project traits you demonstrated (not just ones you declared as rules) now reach your persona — no stranded review queue. When the kit synthesized your cross-project style, traits stated as universal rules ("always use uv") were auto-promoted, but traits it merely inferred from how you worked (e.g. a layered-architecture preference you described but didn't declare as a rule) were routed to a review queue surfaced nowhere with no resolve command — so they silently stranded and never reached the persona that injects into new projects. The maintenance passes (daily-distill / weekly-curate) now auto-drain that queue: inferred persona candidates promote automatically (reversible with cmk forget if wrong), so your working style transfers to new projects more completely. (A deeper redesign — promoting by cross-project recurrence rather than phrasing — is planned.)

• recall: questions about your project now reach memory instead of re-reading the code — however you phrase them. The memory-search recall skill used to fire reliably only on precise phrasings like "what did we decide about X", and crawled the code for structure/architecture/"where does X live" questions (its skip-clause wrongly treated those as live-code questions). It now triggers on the intent — "the answer might be something the project already established" — so oblique, roundabout asks recall correctly too ("why is everything so spread out across these folders?", "remind me what we settled on for X", "how come the route files are so thin?" all reach memory). The skill also fires on the per-prompt "memory available" hint, the skip-clause is narrowed to genuinely-live code, and the CLAUDE.md preamble + hint reinforce it. Verified live across precise, oblique, and vague phrasings — and confirmed it correctly stays out of the way for live-code actions and this-conversation questions.

Changed

• internal: content fingerprints migrated from SHA-1 to SHA-256. The non-cryptographic content hashes used for dedup, change-detection, and provenance (source_sha1, the reindex diff key) now use SHA-256, consolidated into one shared helper. No user action needed; existing memory re-indexes itself once on first use after upgrade. (On-disk field names are unchanged for back-compat.)