* plan-10 Phase 1: ship deterministic plugin runtime dependency closure Approach A — commit & ship plugin/bun.lock so the plugin's runtime node_modules install is deterministic, fixing the recurring `Cannot find module 'zod/v3'` (#2730). - align generated plugin zod range to root (^4.4.3) in build-hooks.js - new scripts/gen-plugin-lockfile.cjs generates plugin/bun.lock as a build artifact after build-hooks.js writes plugin/package.json - track & ship plugin/bun.lock (.gitignore negation, .npmignore, files allowlist) - install with `bun install --frozen-lockfile --ignore-scripts` at runtime Refs #2783, #2730 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * plan-10 Phase 2: fail loud at install time on a broken dependency closure Strengthen verifyCriticalModules to assert each dependency is actually importable via require.resolve (not merely a directory), and assert the worker-required zod subpaths resolve: zod/v3, zod/v4, zod/v4-mini. A partial/stale install now fails `npx claude-mem install` immediately instead of surfacing later as a Stop-hook `Cannot find module 'zod/v3'`. Bin-only packages (e.g. tree-sitter-cli, which has no bare-name entry point) fall back to resolving <dep>/package.json so a healthy install isn't falsely rejected. Adds tests/cli/verify-critical-modules.test.ts covering a missing zod/v3 subpath (throws), a complete zod (passes), and a bin-only dep (passes). Refs #2783, #2730 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * plan-10 Phase 3: clean-room install + import smoke test (#2730 backstop) Add scripts/smoke-clean-room.cjs and a `smoke:clean-room` npm script. Against fresh temp dirs (never the repo's node_modules) it: - copies plugin/, runs `bun install --frozen-lockfile --ignore-scripts`, asserts zod, zod/v3, zod/v4, zod/v4-mini resolve, and boots the bundled worker asserting no `Cannot find module` — the direct #2730 regression guard; - `npm pack`s, installs the tarball into a second temp dir, and load-tests the published bin entrypoint, warning loudly on any declared main/exports target missing from the tarball (latent #2537 gap). Exits non-zero naming the missing module on any failure; cleans up all temp dirs and the tarball in a finally. Refs #2783, #2730 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * plan-10 Phase 4: gate CI and publish on the clean-room dependency closure - ci.yml: new `clean-room-deps` job (between build and the docker e2e job) runs a frozen-lockfile drift check on the committed plugin lockfile, then `npm run build` + `npm run smoke:clean-room`. The drift step catches a contributor who changed plugin deps without regenerating plugin/bun.lock. - npm-publish.yml: add setup-bun and run `npm run smoke:clean-room` between build and `npm publish`, so a broken runtime closure cannot be published on a tag push (ci.yml does not run on tags). Secrets block untouched. Refs #2783, #2730 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * plan-10: doc recluster note + Phase 0 execution slice for #2730 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * plans: backlog recluster (2026-06-04) — cross-cluster execution order + plan-13 doc Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * plan-10: gen-plugin-lockfile degrades gracefully when bun is absent The Windows build CI job has no bun on PATH; regenerating the lockfile there threw and failed the build. The committed plugin/bun.lock is already the deterministic closure, so skip regeneration (non-fatal) when bun is missing and a lockfile exists; fail loud only when neither is available. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2.3 KiB
[plan-02] Spawn-Contract Templating — canonical ${CLAUDE_PLUGIN_ROOT} resolution across all hosts
Defect
The shell/command strings claude-mem templates for hooks and MCP subprocesses are not portable across hosts. On Windows the same root cause recurs in many surfaces: cmd.exe /c uvx … --with "pkg>=x" lets the shell eat >/< redirect operators, command:"sh" reappears where sh is not on PATH, chroma-mcp/mcp-search die instantly or time out, bash hooks pop visible cmd windows, where bun breaks under GBK/UTF-8 usernames, and the PATH prelude spawns a fresh login shell on every hook. All are one defect: there is no single, host-aware spawn contract that quotes arguments and resolves the interpreter/root canonically.
Children
- #2776 — Windows: chroma-mcp connection times out (-32000) despite healthy server + SDK 'poison' churn
- #2762 — Windows: cmd.exe /c uvx mangles
>/<in--withversion pins (one-line fix) - #2757 — Windows: cmd.exe /c uvx
--with "onnxruntime>=1.20"mangled by shell redirect operators - #2716 — Regression (v13.4.0): chroma-mcp still dies instantly on Windows — #2701 cmd.exe quoting fix incomplete
- #2714 — Regression (v13.4.0): mcp-search fails on Windows -32000 —
command:"sh"reappeared; sh not on PATH - #2715 — Hook PATH prelude spawns a login shell on every hook (~0.27s × PostToolUse/UserPromptSubmit/Stop)
- #2755 — Windows + Claude Desktop: bash hooks spawn visible cmd windows on every event
- #2708 —
where bunon Windows with Chinese (GBK/UTF-8) username - #2706 — MCP keeps failing to connect (Windows)
Fix sequence
Design doc: plans/02-spawn-contract-templating.md. Centralize argv construction with host-aware quoting (no shell redirect exposure for uvx --with); resolve interpreter/root once; avoid login-shell-per-hook; suppress console windows on Windows GUI hosts; encode-safe path handling under non-UTF-8 locales.
Test matrix
| Host | Shell | Required behavior |
|---|---|---|
| Windows | cmd.exe | uvx --with "pkg>=x" reaches uvx intact; no >/< mangling |
| Windows | PowerShell / Desktop | no visible cmd windows; chroma-mcp + mcp-search connect |
| Windows | GBK username | where bun / spawn resolves |
| all | all | no login shell spawned per hook |
Out of scope
Hook IO channel/exit discipline (plan-01); worker process lifecycle (plan-03).