@aj-archipelago/cortex 1.4.1 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/lib/crypto.js +1 -65
  2. package/lib/keyValueStorageClient.js +53 -1
  3. package/package.json +1 -1
  4. package/pathways/system/entity/memory/sys_read_memory.js +1 -1
  5. package/pathways/system/entity/memory/sys_save_memory.js +1 -1
  6. package/pathways/system/entity/memory/sys_search_memory.js +1 -1
  7. package/server/pathwayResolver.js +1 -1
  8. package/testrun.log +35371 -0
  9. package/tests/integration/graphql/async/stream/vendors/openai_streaming.test.js +1 -3
  10. package/tests/unit/core/crypto.test.js +4 -102
  11. package/tests/unit/core/doubleEncryptionStorageClient.test.js +262 -0
  12. package/lib/doubleEncryptionStorageClient.js +0 -97
package/lib/crypto.js CHANGED
@@ -36,70 +36,6 @@ function decrypt(message, key) {
36
36
  }
37
37
  }
38
38
 
39
- // Double encryption: encrypt with user key first, then system key
40
- function doubleEncrypt(data, userContextKey, systemKey) {
41
- if (!systemKey) {
42
- logger.error('System key is required for encryption');
43
- return null;
44
- }
45
-
46
- if (!userContextKey) {
47
- // If no user key provided, use single-layer encryption with system key
48
- return encrypt(data, systemKey);
49
- }
50
-
51
- try {
52
- // First encrypt with user's contextKey
53
- const userEncrypted = encrypt(data, userContextKey);
54
- if (!userEncrypted) {
55
- logger.error('User encryption failed, falling back to system encryption only');
56
- return encrypt(data, systemKey);
57
- }
58
-
59
- // Then encrypt with system key
60
- return encrypt(userEncrypted, systemKey);
61
- } catch (error) {
62
- logger.error(`Double encryption failed: ${error.message}`);
63
- // Fallback to single-layer system encryption
64
- return encrypt(data, systemKey);
65
- }
66
- }
67
-
68
- // Double decryption: decrypt with system key first, then user key
69
- function doubleDecrypt(encryptedData, userContextKey, systemKey) {
70
- if (!systemKey) {
71
- logger.error('System key is required for decryption');
72
- return null;
73
- }
74
-
75
- if (!userContextKey) {
76
- // If no user key provided, use single-layer decryption with system key
77
- return decrypt(encryptedData, systemKey);
78
- }
79
-
80
- try {
81
- // First decrypt with system key
82
- const systemDecrypted = decrypt(encryptedData, systemKey);
83
- if (!systemDecrypted) {
84
- logger.error('System decryption failed');
85
- return null;
86
- }
87
-
88
- // Try to decrypt with user's contextKey
89
- const userDecrypted = decrypt(systemDecrypted, userContextKey);
90
- if (userDecrypted) {
91
- // Successfully double-decrypted
92
- return userDecrypted;
93
- }
94
-
95
- // User decryption failed, but system decryption succeeded
96
- // This means the data was single-encrypted with system key only
97
- return systemDecrypted;
98
- } catch (error) {
99
- logger.error(`Double decryption failed: ${error.message}`);
100
- return null;
101
- }
102
- }
103
39
 
104
40
  function tryBufferKey(key) {
105
41
  if (key.length === 64) {
@@ -108,4 +44,4 @@ function tryBufferKey(key) {
108
44
  return key;
109
45
  }
110
46
 
111
- export { encrypt, decrypt, doubleEncrypt, doubleDecrypt };
47
+ export { encrypt, decrypt };
package/lib/keyValueStorageClient.js CHANGED
@@ -45,8 +45,60 @@ async function getv(key) {
45
45
  return keyValueStorageClient && (await keyValueStorageClient.get(key));
46
46
  }
47
47
 
48
+ // Set values to keyv with additional context key encryption
49
+ async function setvWithDoubleEncryption(key, value, contextKey) {
50
+ let processedValue = value;
51
+
52
+ // If contextKey exists and is not empty, encrypt the value with it
53
+ if (contextKey && contextKey.trim() !== '' && value !== null && value !== undefined) {
54
+ try {
55
+ // Convert value to string for encryption
56
+ const stringValue = typeof value === 'string' ? value : JSON.stringify(value);
57
+ processedValue = encrypt(stringValue, contextKey);
58
+ } catch (error) {
59
+ logger.error(`Context key encryption failed: ${error.message}`);
60
+ // Continue with unencrypted value if context encryption fails
61
+ }
62
+ }
63
+
64
+ return keyValueStorageClient && (await keyValueStorageClient.set(key, processedValue));
65
+ }
66
+
67
+ // Get values from keyv with additional context key decryption
68
+ async function getvWithDoubleDecryption(key, contextKey) {
69
+ const result = keyValueStorageClient && (await keyValueStorageClient.get(key));
70
+
71
+ if (result === null || result === undefined) {
72
+ return result;
73
+ }
74
+
75
+ // If contextKey exists and is not empty, try to decrypt the result with it
76
+ if (contextKey && contextKey.trim() !== '') {
77
+ try {
78
+ // Try to decrypt with context key
79
+ const decrypted = decrypt(result, contextKey);
80
+ if (decrypted) {
81
+ // Try to parse as JSON, if it fails return the string as-is
82
+ try {
83
+ return JSON.parse(decrypted);
84
+ } catch (parseError) {
85
+ return decrypted;
86
+ }
87
+ }
88
+ } catch (error) {
89
+ // If context decryption fails, the data might not be context-encrypted
90
+ // or the context key might be wrong, so return the result as-is
91
+ logger.debug(`Context key decryption failed, returning original data: ${error.message}`);
92
+ }
93
+ }
94
+
95
+ return result;
96
+ }
97
+
48
98
  export {
49
99
  keyValueStorageClient,
50
100
  setv,
51
- getv
101
+ getv,
102
+ setvWithDoubleEncryption,
103
+ getvWithDoubleDecryption
52
104
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aj-archipelago/cortex",
3
- "version": "1.4.1",
3
+ "version": "1.4.2",
4
4
  "description": "Cortex is a GraphQL API for AI. It provides a simple, extensible interface for using AI services from OpenAI, Azure and others.",
5
5
  "private": false,
6
6
  "repository": {
package/pathways/system/entity/memory/sys_read_memory.js CHANGED
@@ -2,7 +2,7 @@
2
2
  // it should never try to call other pathways
3
3
 
4
4
  import { getv } from '../../../../lib/keyValueStorageClient.js';
5
- import { getvWithDoubleDecryption } from '../../../../lib/doubleEncryptionStorageClient.js';
5
+ import { getvWithDoubleDecryption } from '../../../../lib/keyValueStorageClient.js';
6
6
 
7
7
  const isValidISOTimestamp = (timestamp) => {
8
8
  if (!timestamp) return false;
package/pathways/system/entity/memory/sys_save_memory.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { getv } from '../../../../lib/keyValueStorageClient.js';
2
- import { setvWithDoubleEncryption } from '../../../../lib/doubleEncryptionStorageClient.js';
2
+ import { setvWithDoubleEncryption } from '../../../../lib/keyValueStorageClient.js';
3
3
 
4
4
  export default {
5
5
  inputParameters: {
package/pathways/system/entity/memory/sys_search_memory.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { Prompt } from '../../../../server/prompt.js';
2
2
  import { callPathway } from '../../../../lib/pathwayTools.js';
3
- import { setvWithDoubleEncryption } from '../../../../lib/doubleEncryptionStorageClient.js';
3
+ import { setvWithDoubleEncryption } from '../../../../lib/keyValueStorageClient.js';
4
4
 
5
5
  export default {
6
6
  prompt:
package/server/pathwayResolver.js CHANGED
@@ -6,7 +6,7 @@ import { getFirstNToken, getLastNToken, getSemanticChunks } from './chunker.js';
6
6
  import { PathwayResponseParser } from './pathwayResponseParser.js';
7
7
  import { Prompt } from './prompt.js';
8
8
  import { getv, setv } from '../lib/keyValueStorageClient.js';
9
- import { getvWithDoubleDecryption, setvWithDoubleEncryption } from '../lib/doubleEncryptionStorageClient.js';
9
+ import { getvWithDoubleDecryption, setvWithDoubleEncryption } from '../lib/keyValueStorageClient.js';
10
10
  import { requestState } from './requestState.js';
11
11
  import { callPathway, addCitationsToResolver } from '../lib/pathwayTools.js';
12
12
  import logger from '../lib/logger.js';