Fix(hooks): Eliminate DocIntegrity crash and isolate stderr context leakage

[derekslinz]

TLDR I hit an API error with claude due to an image exceeding 2000 pixels, which cascaded to the level that I used 5 hours of claude max quota in under 3 minutes. Multiple bugs contributed, and when DocIntegrity.hook.ts ran, it hit the 15 second timeout, logged straight to the console and thus right into the active prompt payload.

Problem

The DocIntegrity.hook.ts wrapper executes background cross-reference checks at the end of major workspace milestones. When these tasks encounter an inference timeout (15,000ms hard ceiling), two systematic pipeline failures occur:

1. Block-Scoping Exception: An internal variable declaration inside the drift evaluation block caused a fatal ReferenceError: inferenceEdits is not defined when jumping to the final logging summary pass.
2. Context-Bleed Vulnerability: Because the wrapper script intercepts the standard error stream (stderr), logging execution failures and timeout diagnostics directly to console.error forces the CLI orchestrator to sweep these raw stack logs straight into the active conversation history string. This permanently mutates the prompt payload sequence, invalidating prompt prefix caching and triggering massive quota consumption spikes on subsequent model turns.

Solution

• Functional Scope Hardening: Refactored the tracking metric to use a safely initialized, function-scoped counter variable (let inferenceEditsCount = 0) that guarantees safe string interpolation on line 195 regardless of whether drift analysis was processed or bypassed.
• Error Tracing Isolation: Modified the internal runInferenceAnalysis failure handlers. Failed inference results or hard execution timeouts are now caught and silently logged to an independent background disk trace (doc-integrity-errors.log) instead of printing directly to console.error.
• State Preservation: Ensures that background system lifecycle events execute with absolute silence relative to the active prompt pipeline, maintaining bitwise prefix continuity for long-term prompt caching efficiency.

Verification Results

• Deterministic Parsing: Validation passes complete cleanly without crashing when zero drift is encountered.Timeout Resiliency: Forcing an artificial timeout drops the failure context silently into MEMORY/STATE/doc-integrity-errors.log.
• CLI Context Isolation: stderr streams remain completely clear during operational failures, successfully preventing terminal crash diagnostics from injecting unexpected data into the prompt payload matrix.