feat: opt-in Claude Code SessionEnd auto-harvest hook (PR #711, issue #631)
What's New
[#631] claude-hooks/core/session-end-harvest.js — A new opt-in hook that automatically calls POST /api/harvest at the end of every Claude Code session. Pure CommonJS, zero npm dependencies, installs as a direct command: entry in .claude/settings.json.
Safe-by-default design:
sessionHarvest.enabled: false— user must explicitly opt in- First run forces
dry_run: trueregardless of config (sentinel file~/.claude/mcp-memory-harvest-first-run.doneprevents accidental mass-store on first use) minSessionMessagesthreshold (default 10) skips trivially short sessions- 5-second timeout with graceful failure — never throws, never blocks session end
Security:
- TLS certificate validation is strict by default —
allowSelfSignedCertsisfalseand logs a warning when enabled, preventing silent MITM exposure
Supporting files:
claude-hooks/tests/session-end-harvest.test.js— 9 tests covering disabled-by-default, short-session skip, first-run dry-run force, subsequent-run config honoring, timeout non-fatal, HTTP failure non-fatal, API key precedence, TLS opt-in, and transcript message countingclaude-hooks/README-SESSION-HARVEST.md— user documentationclaude-hooks/config.template.json—sessionHarvest+hooks.sessionEndHarvestconfig sections
Test Count
1,547 Python tests + 9 new Node.js hook tests
Full Changelog
See CHANGELOG.md for the complete entry.