@blackms/aistack 1.5.0 → 1.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +30 -3
- package/dist/agents/index.d.ts +1 -1
- package/dist/agents/index.d.ts.map +1 -1
- package/dist/agents/index.js +1 -1
- package/dist/agents/index.js.map +1 -1
- package/dist/agents/spawner.d.ts +12 -0
- package/dist/agents/spawner.d.ts.map +1 -1
- package/dist/agents/spawner.js +117 -2
- package/dist/agents/spawner.js.map +1 -1
- package/dist/hooks/session.d.ts.map +1 -1
- package/dist/hooks/session.js +22 -1
- package/dist/hooks/session.js.map +1 -1
- package/dist/integrations/slack.d.ts +3 -0
- package/dist/integrations/slack.d.ts.map +1 -1
- package/dist/integrations/slack.js +40 -0
- package/dist/integrations/slack.js.map +1 -1
- package/dist/mcp/tools/memory-tools.d.ts +23 -0
- package/dist/mcp/tools/memory-tools.d.ts.map +1 -1
- package/dist/mcp/tools/memory-tools.js +71 -34
- package/dist/mcp/tools/memory-tools.js.map +1 -1
- package/dist/memory/access-control.d.ts +153 -0
- package/dist/memory/access-control.d.ts.map +1 -0
- package/dist/memory/access-control.js +221 -0
- package/dist/memory/access-control.js.map +1 -0
- package/dist/memory/index.d.ts +6 -1
- package/dist/memory/index.d.ts.map +1 -1
- package/dist/memory/index.js +90 -8
- package/dist/memory/index.js.map +1 -1
- package/dist/memory/sqlite-store.d.ts +70 -1
- package/dist/memory/sqlite-store.d.ts.map +1 -1
- package/dist/memory/sqlite-store.js +333 -5
- package/dist/memory/sqlite-store.js.map +1 -1
- package/dist/monitoring/metrics.d.ts.map +1 -1
- package/dist/monitoring/metrics.js +8 -0
- package/dist/monitoring/metrics.js.map +1 -1
- package/dist/monitoring/resource-exhaustion-service.d.ts +121 -0
- package/dist/monitoring/resource-exhaustion-service.d.ts.map +1 -0
- package/dist/monitoring/resource-exhaustion-service.js +499 -0
- package/dist/monitoring/resource-exhaustion-service.js.map +1 -0
- package/dist/types.d.ts +57 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/dist/utils/config.d.ts.map +1 -1
- package/dist/utils/config.js +19 -0
- package/dist/utils/config.js.map +1 -1
- package/dist/web/routes/agents.d.ts.map +1 -1
- package/dist/web/routes/agents.js +134 -1
- package/dist/web/routes/agents.js.map +1 -1
- package/dist/web/routes/memory.d.ts +3 -0
- package/dist/web/routes/memory.d.ts.map +1 -1
- package/dist/web/routes/memory.js +66 -8
- package/dist/web/routes/memory.js.map +1 -1
- package/dist/web/routes/system.d.ts.map +1 -1
- package/dist/web/routes/system.js +49 -0
- package/dist/web/routes/system.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,19 +1,24 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Memory MCP tools - store, search, get, list, delete
|
|
3
|
+
*
|
|
4
|
+
* All operations require a sessionId for session-based isolation.
|
|
3
5
|
*/
|
|
4
6
|
import { z } from 'zod';
|
|
5
|
-
|
|
7
|
+
import { getAccessControl } from '../../memory/index.js';
|
|
8
|
+
// Input schemas - sessionId is required for all operations
|
|
6
9
|
const StoreInputSchema = z.object({
|
|
10
|
+
sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
|
|
7
11
|
key: z.string().min(1).max(500).describe('Unique key for the memory entry'),
|
|
8
12
|
content: z.string().min(1).max(1000000).describe('Content to store'),
|
|
9
|
-
namespace: z.string().min(1).max(100).optional().describe('Namespace for organization'),
|
|
13
|
+
namespace: z.string().min(1).max(100).optional().describe('Namespace for organization (defaults to session namespace)'),
|
|
10
14
|
metadata: z.record(z.unknown()).optional().describe('Additional metadata'),
|
|
11
15
|
generateEmbedding: z.boolean().optional().describe('Generate embedding for vector search'),
|
|
12
16
|
agentId: z.string().uuid().optional().describe('Agent ID to associate this memory with'),
|
|
13
17
|
});
|
|
14
18
|
const SearchInputSchema = z.object({
|
|
19
|
+
sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
|
|
15
20
|
query: z.string().min(1).max(1000).describe('Search query'),
|
|
16
|
-
namespace: z.string().optional().describe('Namespace to search in'),
|
|
21
|
+
namespace: z.string().optional().describe('Namespace to search in (defaults to session namespace)'),
|
|
17
22
|
limit: z.number().min(1).max(100).optional().describe('Maximum results'),
|
|
18
23
|
threshold: z.number().min(0).max(1).optional().describe('Minimum similarity score'),
|
|
19
24
|
useVector: z.boolean().optional().describe('Use vector search if available'),
|
|
@@ -21,46 +26,65 @@ const SearchInputSchema = z.object({
|
|
|
21
26
|
includeShared: z.boolean().optional().describe('Include shared memory (agent_id = NULL)'),
|
|
22
27
|
});
|
|
23
28
|
const GetInputSchema = z.object({
|
|
29
|
+
sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
|
|
24
30
|
key: z.string().min(1).max(500).describe('Key to retrieve'),
|
|
25
|
-
namespace: z.string().optional().describe('Namespace'),
|
|
31
|
+
namespace: z.string().optional().describe('Namespace (defaults to session namespace)'),
|
|
26
32
|
});
|
|
27
33
|
const ListInputSchema = z.object({
|
|
28
|
-
|
|
34
|
+
sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
|
|
35
|
+
namespace: z.string().optional().describe('Filter by namespace (defaults to session namespace)'),
|
|
29
36
|
limit: z.number().min(1).max(1000).optional().describe('Maximum results'),
|
|
30
37
|
offset: z.number().min(0).optional().describe('Offset for pagination'),
|
|
31
38
|
agentId: z.string().uuid().optional().describe('Filter by agent ownership'),
|
|
32
39
|
includeShared: z.boolean().optional().describe('Include shared memory (agent_id = NULL)'),
|
|
33
40
|
});
|
|
34
41
|
const DeleteInputSchema = z.object({
|
|
42
|
+
sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
|
|
35
43
|
key: z.string().min(1).max(500).describe('Key to delete'),
|
|
36
|
-
namespace: z.string().optional().describe('Namespace'),
|
|
44
|
+
namespace: z.string().optional().describe('Namespace (defaults to session namespace)'),
|
|
37
45
|
});
|
|
38
46
|
export function createMemoryTools(memory) {
|
|
47
|
+
const accessControl = getAccessControl();
|
|
48
|
+
/**
|
|
49
|
+
* Helper to execute an operation with proper context management.
|
|
50
|
+
* Ensures context is always cleared, even on error.
|
|
51
|
+
*/
|
|
52
|
+
async function withContext(context, operation) {
|
|
53
|
+
memory.setAgentContext(context);
|
|
54
|
+
try {
|
|
55
|
+
return await operation();
|
|
56
|
+
}
|
|
57
|
+
finally {
|
|
58
|
+
memory.clearAgentContext();
|
|
59
|
+
}
|
|
60
|
+
}
|
|
39
61
|
return {
|
|
40
62
|
memory_store: {
|
|
41
63
|
name: 'memory_store',
|
|
42
|
-
description: 'Store a key-value pair in memory',
|
|
64
|
+
description: 'Store a key-value pair in memory (requires sessionId for isolation)',
|
|
43
65
|
inputSchema: {
|
|
44
66
|
type: 'object',
|
|
45
67
|
properties: {
|
|
68
|
+
sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
|
|
46
69
|
key: { type: 'string', description: 'Unique key for the memory entry' },
|
|
47
70
|
content: { type: 'string', description: 'Content to store' },
|
|
48
|
-
namespace: { type: 'string', description: 'Namespace for organization' },
|
|
71
|
+
namespace: { type: 'string', description: 'Namespace for organization (defaults to session namespace)' },
|
|
49
72
|
metadata: { type: 'object', description: 'Additional metadata' },
|
|
50
73
|
generateEmbedding: { type: 'boolean', description: 'Generate embedding for vector search' },
|
|
51
74
|
agentId: { type: 'string', description: 'Agent ID to associate this memory with' },
|
|
52
75
|
},
|
|
53
|
-
required: ['key', 'content'],
|
|
76
|
+
required: ['sessionId', 'key', 'content'],
|
|
54
77
|
},
|
|
55
78
|
handler: async (params) => {
|
|
56
79
|
const input = StoreInputSchema.parse(params);
|
|
57
80
|
try {
|
|
58
|
-
const
|
|
59
|
-
|
|
81
|
+
const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
|
|
82
|
+
const entry = await withContext({ sessionId: input.sessionId, agentId: input.agentId }, () => memory.store(input.key, input.content, {
|
|
83
|
+
namespace,
|
|
60
84
|
metadata: input.metadata,
|
|
61
85
|
generateEmbedding: input.generateEmbedding,
|
|
62
86
|
agentId: input.agentId,
|
|
63
|
-
});
|
|
87
|
+
}));
|
|
64
88
|
return {
|
|
65
89
|
success: true,
|
|
66
90
|
entry: {
|
|
@@ -83,31 +107,34 @@ export function createMemoryTools(memory) {
|
|
|
83
107
|
},
|
|
84
108
|
memory_search: {
|
|
85
109
|
name: 'memory_search',
|
|
86
|
-
description: 'Search memory using full-text and/or vector search',
|
|
110
|
+
description: 'Search memory using full-text and/or vector search (requires sessionId for isolation)',
|
|
87
111
|
inputSchema: {
|
|
88
112
|
type: 'object',
|
|
89
113
|
properties: {
|
|
114
|
+
sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
|
|
90
115
|
query: { type: 'string', description: 'Search query' },
|
|
91
|
-
namespace: { type: 'string', description: 'Namespace to search in' },
|
|
116
|
+
namespace: { type: 'string', description: 'Namespace to search in (defaults to session namespace)' },
|
|
92
117
|
limit: { type: 'number', description: 'Maximum results' },
|
|
93
118
|
threshold: { type: 'number', description: 'Minimum similarity score (0-1)' },
|
|
94
119
|
useVector: { type: 'boolean', description: 'Use vector search if available' },
|
|
95
120
|
agentId: { type: 'string', description: 'Filter by agent ownership' },
|
|
96
121
|
includeShared: { type: 'boolean', description: 'Include shared memory (agent_id = NULL)' },
|
|
97
122
|
},
|
|
98
|
-
required: ['query'],
|
|
123
|
+
required: ['sessionId', 'query'],
|
|
99
124
|
},
|
|
100
125
|
handler: async (params) => {
|
|
101
126
|
const input = SearchInputSchema.parse(params);
|
|
102
127
|
try {
|
|
103
|
-
const
|
|
104
|
-
|
|
128
|
+
const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
|
|
129
|
+
const includeShared = input.includeShared ?? true;
|
|
130
|
+
const results = await withContext({ sessionId: input.sessionId, agentId: input.agentId, includeShared }, () => memory.search(input.query, {
|
|
131
|
+
namespace,
|
|
105
132
|
limit: input.limit,
|
|
106
133
|
threshold: input.threshold,
|
|
107
134
|
useVector: input.useVector,
|
|
108
135
|
agentId: input.agentId,
|
|
109
|
-
includeShared
|
|
110
|
-
});
|
|
136
|
+
includeShared,
|
|
137
|
+
}));
|
|
111
138
|
return {
|
|
112
139
|
count: results.length,
|
|
113
140
|
results: results.map(r => ({
|
|
@@ -132,18 +159,20 @@ export function createMemoryTools(memory) {
|
|
|
132
159
|
},
|
|
133
160
|
memory_get: {
|
|
134
161
|
name: 'memory_get',
|
|
135
|
-
description: 'Get a memory entry by key',
|
|
162
|
+
description: 'Get a memory entry by key (requires sessionId for isolation)',
|
|
136
163
|
inputSchema: {
|
|
137
164
|
type: 'object',
|
|
138
165
|
properties: {
|
|
166
|
+
sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
|
|
139
167
|
key: { type: 'string', description: 'Key to retrieve' },
|
|
140
|
-
namespace: { type: 'string', description: 'Namespace' },
|
|
168
|
+
namespace: { type: 'string', description: 'Namespace (defaults to session namespace)' },
|
|
141
169
|
},
|
|
142
|
-
required: ['key'],
|
|
170
|
+
required: ['sessionId', 'key'],
|
|
143
171
|
},
|
|
144
172
|
handler: async (params) => {
|
|
145
173
|
const input = GetInputSchema.parse(params);
|
|
146
|
-
const
|
|
174
|
+
const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
|
|
175
|
+
const entry = await withContext({ sessionId: input.sessionId }, () => memory.get(input.key, namespace));
|
|
147
176
|
if (!entry) {
|
|
148
177
|
return {
|
|
149
178
|
found: false,
|
|
@@ -166,24 +195,30 @@ export function createMemoryTools(memory) {
|
|
|
166
195
|
},
|
|
167
196
|
memory_list: {
|
|
168
197
|
name: 'memory_list',
|
|
169
|
-
description: 'List memory entries',
|
|
198
|
+
description: 'List memory entries (requires sessionId for isolation)',
|
|
170
199
|
inputSchema: {
|
|
171
200
|
type: 'object',
|
|
172
201
|
properties: {
|
|
173
|
-
|
|
202
|
+
sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
|
|
203
|
+
namespace: { type: 'string', description: 'Filter by namespace (defaults to session namespace)' },
|
|
174
204
|
limit: { type: 'number', description: 'Maximum results' },
|
|
175
205
|
offset: { type: 'number', description: 'Offset for pagination' },
|
|
176
206
|
agentId: { type: 'string', description: 'Filter by agent ownership' },
|
|
177
207
|
includeShared: { type: 'boolean', description: 'Include shared memory (agent_id = NULL)' },
|
|
178
208
|
},
|
|
209
|
+
required: ['sessionId'],
|
|
179
210
|
},
|
|
180
211
|
handler: async (params) => {
|
|
181
212
|
const input = ListInputSchema.parse(params);
|
|
182
|
-
const
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
213
|
+
const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
|
|
214
|
+
const includeShared = input.includeShared ?? true;
|
|
215
|
+
const { entries, total } = await withContext({ sessionId: input.sessionId, agentId: input.agentId, includeShared }, () => ({
|
|
216
|
+
entries: memory.list(namespace, input.limit, input.offset, {
|
|
217
|
+
agentId: input.agentId,
|
|
218
|
+
includeShared,
|
|
219
|
+
}),
|
|
220
|
+
total: memory.count(namespace),
|
|
221
|
+
}));
|
|
187
222
|
return {
|
|
188
223
|
total,
|
|
189
224
|
count: entries.length,
|
|
@@ -203,18 +238,20 @@ export function createMemoryTools(memory) {
|
|
|
203
238
|
},
|
|
204
239
|
memory_delete: {
|
|
205
240
|
name: 'memory_delete',
|
|
206
|
-
description: 'Delete a memory entry',
|
|
241
|
+
description: 'Delete a memory entry (requires sessionId for isolation)',
|
|
207
242
|
inputSchema: {
|
|
208
243
|
type: 'object',
|
|
209
244
|
properties: {
|
|
245
|
+
sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
|
|
210
246
|
key: { type: 'string', description: 'Key to delete' },
|
|
211
|
-
namespace: { type: 'string', description: 'Namespace' },
|
|
247
|
+
namespace: { type: 'string', description: 'Namespace (defaults to session namespace)' },
|
|
212
248
|
},
|
|
213
|
-
required: ['key'],
|
|
249
|
+
required: ['sessionId', 'key'],
|
|
214
250
|
},
|
|
215
251
|
handler: async (params) => {
|
|
216
252
|
const input = DeleteInputSchema.parse(params);
|
|
217
|
-
const
|
|
253
|
+
const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
|
|
254
|
+
const deleted = await withContext({ sessionId: input.sessionId }, () => memory.delete(input.key, namespace));
|
|
218
255
|
return {
|
|
219
256
|
success: deleted,
|
|
220
257
|
message: deleted ? 'Entry deleted' : 'Entry not found',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"memory-tools.js","sourceRoot":"","sources":["../../../src/mcp/tools/memory-tools.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,gBAAgB;AAChB,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC;IAC3E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC;IACpE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;IACvF,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC1E,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IAC1F,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;CACzF,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IACnE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACxE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IACnF,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC5E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC3E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;CACvD,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAChE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACzE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACtE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC3E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;IACzD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;CACvD,CAAC,CAAC;AAEH,MAAM,UAAU,iBAAiB,CAAC,MAAqB;IACrD,OAAO;QACL,YAAY,EAAE;YACZ,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,kCAAkC;YAC/C,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iCAAiC,EAAE;oBACvE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;oBAC5D,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4BAA4B,EAAE;oBACxE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;oBAChE,iBAAiB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,sCAAsC,EAAE;oBAC3F,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wCAAwC,EAAE;iBACnF;gBACD,QAAQ,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC;aAC7B;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE7C,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,EAAE;wBACzD,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;wBAC1C,OAAO,EAAE,KAAK,CAAC,OAAO;qBACvB,CAAC,CAAC;oBAEH,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,KAAK,EAAE;4BACL,EAAE,EAAE,KAAK,CAAC,EAAE;4BACZ,GAAG,EAAE,KAAK,CAAC,GAAG;4BACd,SAAS,EAAE,KAAK,CAAC,SAAS;4BAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;4BACtB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;4BACxC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;yBACzC;qBACF,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;SACF;QAED,aAAa,EAAE;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,oDAAoD;YACjE,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wBAAwB,EAAE;oBACpE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gCAAgC,EAAE;oBAC5E,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,gCAAgC,EAAE;oBAC7E,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACrE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,yCAAyC,EAAE;iBAC3F;gBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;aACpB;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE9C,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE;wBAC/C,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,aAAa,EAAE,KAAK,CAAC,aAAa;qBACnC,CAAC,CAAC;oBAEH,OAAO;wBACL,KAAK,EAAE,OAAO,CAAC,MAAM;wBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;4BACzB,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG;4BAChB,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;4BACxB,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,SAAS;4BAC5B,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;4BACxB,KAAK,EAAE,CAAC,CAAC,KAAK;4BACd,SAAS,EAAE,CAAC,CAAC,SAAS;4BACtB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ;yBAC3B,CAAC,CAAC;qBACJ,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO;wBACL,KAAK,EAAE,CAAC;wBACR,OAAO,EAAE,EAAE;wBACX,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;SACF;QAED,UAAU,EAAE;YACV,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,2BAA2B;YACxC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACvD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;iBACxD;gBACD,QAAQ,EAAE,CAAC,KAAK,CAAC;aAClB;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;gBAErD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,OAAO,EAAE,iBAAiB;qBAC3B,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,KAAK,EAAE;wBACL,EAAE,EAAE,KAAK,CAAC,EAAE;wBACZ,GAAG,EAAE,KAAK,CAAC,GAAG;wBACd,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;wBACxC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;qBACzC;iBACF,CAAC;YACJ,CAAC;SACF;QAED,WAAW,EAAE;YACX,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,qBAAqB;YAClC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;oBACjE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBAChE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACrE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,yCAAyC,EAAE;iBAC3F;aACF;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE;oBACtE,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,aAAa,EAAE,KAAK,CAAC,aAAa;iBACnC,CAAC,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAE5C,OAAO;oBACL,KAAK;oBACL,KAAK,EAAE,OAAO,CAAC,MAAM;oBACrB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;oBACzB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;wBACzB,EAAE,EAAE,CAAC,CAAC,EAAE;wBACR,GAAG,EAAE,CAAC,CAAC,GAAG;wBACV,SAAS,EAAE,CAAC,CAAC,SAAS;wBACtB,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,cAAc,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC/E,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;wBACpC,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;qBACrC,CAAC,CAAC;iBACJ,CAAC;YACJ,CAAC;SACF;QAED,aAAa,EAAE;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,uBAAuB;YACpC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;oBACrD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;iBACxD;gBACD,QAAQ,EAAE,CAAC,KAAK,CAAC;aAClB;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC9C,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;gBAE1D,OAAO;oBACL,OAAO,EAAE,OAAO;oBAChB,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,iBAAiB;iBACvD,CAAC;YACJ,CAAC;SACF;KACF,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"memory-tools.js","sourceRoot":"","sources":["../../../src/mcp/tools/memory-tools.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,2DAA2D;AAC3D,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC;IAC3E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC;IACpE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4DAA4D,CAAC;IACvH,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC1E,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IAC1F,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;CACzF,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wDAAwD,CAAC;IACnG,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACxE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IACnF,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC5E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC3E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACvF,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qDAAqD,CAAC;IAChG,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACzE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACtE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC3E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;IACzD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACvF,CAAC,CAAC;AAEH,MAAM,UAAU,iBAAiB,CAAC,MAAqB;IACrD,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IAEzC;;;OAGG;IACH,KAAK,UAAU,WAAW,CACxB,OAAyE,EACzE,SAA+B;QAE/B,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,OAAO,MAAM,SAAS,EAAE,CAAC;QAC3B,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO;QACL,YAAY,EAAE;YACZ,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,qEAAqE;YAClF,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iCAAiC,EAAE;oBACvE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;oBAC5D,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4DAA4D,EAAE;oBACxG,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;oBAChE,iBAAiB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,sCAAsC,EAAE;oBAC3F,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wCAAwC,EAAE;iBACnF;gBACD,QAAQ,EAAE,CAAC,WAAW,EAAE,KAAK,EAAE,SAAS,CAAC;aAC1C;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE7C,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;oBAExF,MAAM,KAAK,GAAG,MAAM,WAAW,CAC7B,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,EACtD,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,EAAE;wBAC3C,SAAS;wBACT,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;wBAC1C,OAAO,EAAE,KAAK,CAAC,OAAO;qBACvB,CAAC,CACH,CAAC;oBAEF,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,KAAK,EAAE;4BACL,EAAE,EAAE,KAAK,CAAC,EAAE;4BACZ,GAAG,EAAE,KAAK,CAAC,GAAG;4BACd,SAAS,EAAE,KAAK,CAAC,SAAS;4BAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;4BACtB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;4BACxC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;yBACzC;qBACF,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;SACF;QAED,aAAa,EAAE;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,uFAAuF;YACpG,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;oBACpG,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gCAAgC,EAAE;oBAC5E,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,gCAAgC,EAAE;oBAC7E,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACrE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,yCAAyC,EAAE;iBAC3F;gBACD,QAAQ,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC;aACjC;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE9C,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;oBACxF,MAAM,aAAa,GAAG,KAAK,CAAC,aAAa,IAAI,IAAI,CAAC;oBAElD,MAAM,OAAO,GAAG,MAAM,WAAW,CAC/B,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,aAAa,EAAE,EACrE,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE;wBAC/B,SAAS;wBACT,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,aAAa;qBACd,CAAC,CACH,CAAC;oBAEF,OAAO;wBACL,KAAK,EAAE,OAAO,CAAC,MAAM;wBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;4BACzB,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG;4BAChB,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;4BACxB,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,SAAS;4BAC5B,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;4BACxB,KAAK,EAAE,CAAC,CAAC,KAAK;4BACd,SAAS,EAAE,CAAC,CAAC,SAAS;4BACtB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ;yBAC3B,CAAC,CAAC;qBACJ,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO;wBACL,KAAK,EAAE,CAAC;wBACR,OAAO,EAAE,EAAE;wBACX,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;SACF;QAED,UAAU,EAAE;YACV,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,8DAA8D;YAC3E,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACvD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2CAA2C,EAAE;iBACxF;gBACD,QAAQ,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;aAC/B;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC3C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAExF,MAAM,KAAK,GAAG,MAAM,WAAW,CAC7B,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,EAC9B,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CACvC,CAAC;gBAEF,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,OAAO,EAAE,iBAAiB;qBAC3B,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,KAAK,EAAE;wBACL,EAAE,EAAE,KAAK,CAAC,EAAE;wBACZ,GAAG,EAAE,KAAK,CAAC,GAAG;wBACd,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;wBACxC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;qBACzC;iBACF,CAAC;YACJ,CAAC;SACF;QAED,WAAW,EAAE;YACX,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,wDAAwD;YACrE,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qDAAqD,EAAE;oBACjG,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBAChE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACrE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,yCAAyC,EAAE;iBAC3F;gBACD,QAAQ,EAAE,CAAC,WAAW,CAAC;aACxB;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACxF,MAAM,aAAa,GAAG,KAAK,CAAC,aAAa,IAAI,IAAI,CAAC;gBAElD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,WAAW,CAC1C,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,aAAa,EAAE,EACrE,GAAG,EAAE,CAAC,CAAC;oBACL,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE;wBACzD,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,aAAa;qBACd,CAAC;oBACF,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC;iBAC/B,CAAC,CACH,CAAC;gBAEF,OAAO;oBACL,KAAK;oBACL,KAAK,EAAE,OAAO,CAAC,MAAM;oBACrB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;oBACzB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;wBACzB,EAAE,EAAE,CAAC,CAAC,EAAE;wBACR,GAAG,EAAE,CAAC,CAAC,GAAG;wBACV,SAAS,EAAE,CAAC,CAAC,SAAS;wBACtB,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,cAAc,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC/E,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;wBACpC,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;qBACrC,CAAC,CAAC;iBACJ,CAAC;YACJ,CAAC;SACF;QAED,aAAa,EAAE;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,0DAA0D;YACvE,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;oBACrD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2CAA2C,EAAE;iBACxF;gBACD,QAAQ,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;aAC/B;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC9C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAExF,MAAM,OAAO,GAAG,MAAM,WAAW,CAC/B,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,EAC9B,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAC1C,CAAC;gBAEF,OAAO;oBACL,OAAO,EAAE,OAAO;oBAChB,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,iBAAiB;iBACvD,CAAC;YACJ,CAAC;SACF;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,153 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Memory Access Control - Session-based isolation for agent memory
|
|
3
|
+
*
|
|
4
|
+
* This module provides session-based memory isolation to prevent agents in
|
|
5
|
+
* different sessions from accessing each other's memory. Each session gets
|
|
6
|
+
* its own namespace prefixed with "session:" followed by the session ID.
|
|
7
|
+
*
|
|
8
|
+
* Key security guarantees:
|
|
9
|
+
* - Cross-session access is blocked (agents in session A cannot access session B's memory)
|
|
10
|
+
* - Within a session, agents can optionally share memory or have private memory
|
|
11
|
+
* - Global/system namespaces remain accessible for shared data
|
|
12
|
+
*
|
|
13
|
+
* @module memory/access-control
|
|
14
|
+
*/
|
|
15
|
+
/**
|
|
16
|
+
* Context for memory access operations.
|
|
17
|
+
*
|
|
18
|
+
* This context is required for all memory operations to enforce session isolation.
|
|
19
|
+
*
|
|
20
|
+
* @example
|
|
21
|
+
* ```typescript
|
|
22
|
+
* const context: MemoryAccessContext = {
|
|
23
|
+
* sessionId: 'abc-123-def', // Required: session identifier
|
|
24
|
+
* agentId: 'agent-456', // Optional: filter to specific agent
|
|
25
|
+
* includeShared: true // Optional: include session-level shared memory
|
|
26
|
+
* };
|
|
27
|
+
* ```
|
|
28
|
+
*/
|
|
29
|
+
export interface MemoryAccessContext {
|
|
30
|
+
/** Required - enforced namespace based on session */
|
|
31
|
+
sessionId: string;
|
|
32
|
+
/** Optional - scoping within session for agent-specific memory */
|
|
33
|
+
agentId?: string;
|
|
34
|
+
/** Include shared memory (agent_id = NULL within session). Defaults to true. */
|
|
35
|
+
includeShared?: boolean;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Memory access control for session-based isolation.
|
|
39
|
+
*
|
|
40
|
+
* This class enforces memory isolation between sessions by:
|
|
41
|
+
* - Validating that memory operations only access the caller's session namespace
|
|
42
|
+
* - Blocking cross-session access attempts
|
|
43
|
+
* - Supporting agent-level filtering within a session
|
|
44
|
+
*
|
|
45
|
+
* @example
|
|
46
|
+
* ```typescript
|
|
47
|
+
* const accessControl = getAccessControl();
|
|
48
|
+
* const namespace = accessControl.getSessionNamespace('session-123');
|
|
49
|
+
* // namespace = 'session:session-123'
|
|
50
|
+
*
|
|
51
|
+
* // Validate access
|
|
52
|
+
* accessControl.validateAccess(
|
|
53
|
+
* { sessionId: 'session-123' },
|
|
54
|
+
* 'session:session-123',
|
|
55
|
+
* 'read'
|
|
56
|
+
* ); // OK
|
|
57
|
+
*
|
|
58
|
+
* accessControl.validateAccess(
|
|
59
|
+
* { sessionId: 'session-123' },
|
|
60
|
+
* 'session:session-456',
|
|
61
|
+
* 'read'
|
|
62
|
+
* ); // Throws: Access denied
|
|
63
|
+
* ```
|
|
64
|
+
*/
|
|
65
|
+
export declare class MemoryAccessControl {
|
|
66
|
+
/** Prefix for session namespaces */
|
|
67
|
+
private static readonly SESSION_PREFIX;
|
|
68
|
+
/**
|
|
69
|
+
* Get the namespace for a session.
|
|
70
|
+
*
|
|
71
|
+
* @param sessionId - The session identifier
|
|
72
|
+
* @returns The session namespace in format "session:{sessionId}"
|
|
73
|
+
* @throws {Error} If sessionId is empty or undefined
|
|
74
|
+
*
|
|
75
|
+
* @example
|
|
76
|
+
* ```typescript
|
|
77
|
+
* getSessionNamespace('abc-123'); // Returns 'session:abc-123'
|
|
78
|
+
* ```
|
|
79
|
+
*/
|
|
80
|
+
getSessionNamespace(sessionId: string): string;
|
|
81
|
+
/**
|
|
82
|
+
* Check if a namespace belongs to a session (starts with "session:" prefix).
|
|
83
|
+
*
|
|
84
|
+
* @param namespace - The namespace to check
|
|
85
|
+
* @returns True if the namespace is a session namespace
|
|
86
|
+
*/
|
|
87
|
+
isSessionNamespace(namespace: string): boolean;
|
|
88
|
+
/**
|
|
89
|
+
* Extract session ID from a namespace.
|
|
90
|
+
*
|
|
91
|
+
* @param namespace - The namespace to extract from
|
|
92
|
+
* @returns The session ID if this is a session namespace, null otherwise
|
|
93
|
+
*
|
|
94
|
+
* @example
|
|
95
|
+
* ```typescript
|
|
96
|
+
* extractSessionId('session:abc-123'); // Returns 'abc-123'
|
|
97
|
+
* extractSessionId('default'); // Returns null
|
|
98
|
+
* ```
|
|
99
|
+
*/
|
|
100
|
+
extractSessionId(namespace: string): string | null;
|
|
101
|
+
/**
|
|
102
|
+
* Validate access to a namespace.
|
|
103
|
+
*
|
|
104
|
+
* This method enforces session isolation by checking that:
|
|
105
|
+
* - The context has a valid sessionId
|
|
106
|
+
* - If the target namespace is a session namespace, it belongs to the caller's session
|
|
107
|
+
*
|
|
108
|
+
* Non-session namespaces (global/shared) are allowed for backwards compatibility.
|
|
109
|
+
*
|
|
110
|
+
* @param context - The access context with sessionId
|
|
111
|
+
* @param namespace - The target namespace to access
|
|
112
|
+
* @param operation - The operation type for logging purposes
|
|
113
|
+
* @throws {Error} If sessionId is missing or cross-session access is attempted
|
|
114
|
+
*/
|
|
115
|
+
validateAccess(context: MemoryAccessContext, namespace: string, operation: 'read' | 'write' | 'delete'): void;
|
|
116
|
+
/**
|
|
117
|
+
* Check if a context can access a specific memory entry.
|
|
118
|
+
*
|
|
119
|
+
* This performs a non-throwing access check, useful for filtering results.
|
|
120
|
+
*
|
|
121
|
+
* @param context - The access context with sessionId
|
|
122
|
+
* @param entryNamespace - The namespace of the memory entry
|
|
123
|
+
* @param entryAgentId - Optional agent ID of the entry owner
|
|
124
|
+
* @returns True if access is allowed, false otherwise
|
|
125
|
+
*/
|
|
126
|
+
canAccessEntry(context: MemoryAccessContext, entryNamespace: string, entryAgentId?: string): boolean;
|
|
127
|
+
/**
|
|
128
|
+
* Derive the appropriate namespace for a memory operation.
|
|
129
|
+
*
|
|
130
|
+
* If an explicit namespace is provided, validates access and returns it.
|
|
131
|
+
* Otherwise, returns the session namespace for the context.
|
|
132
|
+
*
|
|
133
|
+
* @param context - The access context with sessionId
|
|
134
|
+
* @param explicitNamespace - Optional explicit namespace to use
|
|
135
|
+
* @returns The namespace to use for the operation
|
|
136
|
+
* @throws {Error} If access to the explicit namespace is denied
|
|
137
|
+
*/
|
|
138
|
+
deriveNamespace(context: MemoryAccessContext, explicitNamespace?: string): string;
|
|
139
|
+
/**
|
|
140
|
+
* Check if we should filter by session namespace
|
|
141
|
+
* Used when listing/searching to ensure session isolation
|
|
142
|
+
*/
|
|
143
|
+
shouldFilterBySession(context: MemoryAccessContext, requestedNamespace?: string): string | undefined;
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Get or create the access control instance
|
|
147
|
+
*/
|
|
148
|
+
export declare function getAccessControl(): MemoryAccessControl;
|
|
149
|
+
/**
|
|
150
|
+
* Reset the access control instance (for testing)
|
|
151
|
+
*/
|
|
152
|
+
export declare function resetAccessControl(): void;
|
|
153
|
+
//# sourceMappingURL=access-control.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"access-control.d.ts","sourceRoot":"","sources":["../../src/memory/access-control.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,mBAAmB;IAClC,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gFAAgF;IAChF,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,mBAAmB;IAC9B,oCAAoC;IACpC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAc;IAEpD;;;;;;;;;;;OAWG;IACH,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAO9C;;;;;OAKG;IACH,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI9C;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAOlD;;;;;;;;;;;;;OAaG;IACH,cAAc,CACZ,OAAO,EAAE,mBAAmB,EAC5B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,GACrC,IAAI;IAuCP;;;;;;;;;OASG;IACH,cAAc,CACZ,OAAO,EAAE,mBAAmB,EAC5B,cAAc,EAAE,MAAM,EACtB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO;IAwBV;;;;;;;;;;OAUG;IACH,eAAe,CAAC,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM;IAWjF;;;OAGG;IACH,qBAAqB,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;CAUrG;AAKD;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,mBAAmB,CAKtD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC"}
|
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Memory Access Control - Session-based isolation for agent memory
|
|
3
|
+
*
|
|
4
|
+
* This module provides session-based memory isolation to prevent agents in
|
|
5
|
+
* different sessions from accessing each other's memory. Each session gets
|
|
6
|
+
* its own namespace prefixed with "session:" followed by the session ID.
|
|
7
|
+
*
|
|
8
|
+
* Key security guarantees:
|
|
9
|
+
* - Cross-session access is blocked (agents in session A cannot access session B's memory)
|
|
10
|
+
* - Within a session, agents can optionally share memory or have private memory
|
|
11
|
+
* - Global/system namespaces remain accessible for shared data
|
|
12
|
+
*
|
|
13
|
+
* @module memory/access-control
|
|
14
|
+
*/
|
|
15
|
+
import { logger } from '../utils/logger.js';
|
|
16
|
+
const log = logger.child('memory:access-control');
|
|
17
|
+
/**
|
|
18
|
+
* Memory access control for session-based isolation.
|
|
19
|
+
*
|
|
20
|
+
* This class enforces memory isolation between sessions by:
|
|
21
|
+
* - Validating that memory operations only access the caller's session namespace
|
|
22
|
+
* - Blocking cross-session access attempts
|
|
23
|
+
* - Supporting agent-level filtering within a session
|
|
24
|
+
*
|
|
25
|
+
* @example
|
|
26
|
+
* ```typescript
|
|
27
|
+
* const accessControl = getAccessControl();
|
|
28
|
+
* const namespace = accessControl.getSessionNamespace('session-123');
|
|
29
|
+
* // namespace = 'session:session-123'
|
|
30
|
+
*
|
|
31
|
+
* // Validate access
|
|
32
|
+
* accessControl.validateAccess(
|
|
33
|
+
* { sessionId: 'session-123' },
|
|
34
|
+
* 'session:session-123',
|
|
35
|
+
* 'read'
|
|
36
|
+
* ); // OK
|
|
37
|
+
*
|
|
38
|
+
* accessControl.validateAccess(
|
|
39
|
+
* { sessionId: 'session-123' },
|
|
40
|
+
* 'session:session-456',
|
|
41
|
+
* 'read'
|
|
42
|
+
* ); // Throws: Access denied
|
|
43
|
+
* ```
|
|
44
|
+
*/
|
|
45
|
+
export class MemoryAccessControl {
|
|
46
|
+
/** Prefix for session namespaces */
|
|
47
|
+
static SESSION_PREFIX = 'session:';
|
|
48
|
+
/**
|
|
49
|
+
* Get the namespace for a session.
|
|
50
|
+
*
|
|
51
|
+
* @param sessionId - The session identifier
|
|
52
|
+
* @returns The session namespace in format "session:{sessionId}"
|
|
53
|
+
* @throws {Error} If sessionId is empty or undefined
|
|
54
|
+
*
|
|
55
|
+
* @example
|
|
56
|
+
* ```typescript
|
|
57
|
+
* getSessionNamespace('abc-123'); // Returns 'session:abc-123'
|
|
58
|
+
* ```
|
|
59
|
+
*/
|
|
60
|
+
getSessionNamespace(sessionId) {
|
|
61
|
+
if (!sessionId) {
|
|
62
|
+
throw new Error('sessionId is required for memory access');
|
|
63
|
+
}
|
|
64
|
+
return `${MemoryAccessControl.SESSION_PREFIX}${sessionId}`;
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Check if a namespace belongs to a session (starts with "session:" prefix).
|
|
68
|
+
*
|
|
69
|
+
* @param namespace - The namespace to check
|
|
70
|
+
* @returns True if the namespace is a session namespace
|
|
71
|
+
*/
|
|
72
|
+
isSessionNamespace(namespace) {
|
|
73
|
+
return namespace.startsWith(MemoryAccessControl.SESSION_PREFIX);
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Extract session ID from a namespace.
|
|
77
|
+
*
|
|
78
|
+
* @param namespace - The namespace to extract from
|
|
79
|
+
* @returns The session ID if this is a session namespace, null otherwise
|
|
80
|
+
*
|
|
81
|
+
* @example
|
|
82
|
+
* ```typescript
|
|
83
|
+
* extractSessionId('session:abc-123'); // Returns 'abc-123'
|
|
84
|
+
* extractSessionId('default'); // Returns null
|
|
85
|
+
* ```
|
|
86
|
+
*/
|
|
87
|
+
extractSessionId(namespace) {
|
|
88
|
+
if (!this.isSessionNamespace(namespace)) {
|
|
89
|
+
return null;
|
|
90
|
+
}
|
|
91
|
+
return namespace.slice(MemoryAccessControl.SESSION_PREFIX.length);
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Validate access to a namespace.
|
|
95
|
+
*
|
|
96
|
+
* This method enforces session isolation by checking that:
|
|
97
|
+
* - The context has a valid sessionId
|
|
98
|
+
* - If the target namespace is a session namespace, it belongs to the caller's session
|
|
99
|
+
*
|
|
100
|
+
* Non-session namespaces (global/shared) are allowed for backwards compatibility.
|
|
101
|
+
*
|
|
102
|
+
* @param context - The access context with sessionId
|
|
103
|
+
* @param namespace - The target namespace to access
|
|
104
|
+
* @param operation - The operation type for logging purposes
|
|
105
|
+
* @throws {Error} If sessionId is missing or cross-session access is attempted
|
|
106
|
+
*/
|
|
107
|
+
validateAccess(context, namespace, operation) {
|
|
108
|
+
if (!context.sessionId) {
|
|
109
|
+
throw new Error('sessionId is required for memory access');
|
|
110
|
+
}
|
|
111
|
+
// If the namespace is a session namespace, verify it matches the context's session
|
|
112
|
+
if (this.isSessionNamespace(namespace)) {
|
|
113
|
+
const namespaceSessionId = this.extractSessionId(namespace);
|
|
114
|
+
if (namespaceSessionId !== context.sessionId) {
|
|
115
|
+
log.warn('Access denied: cross-session access attempt', {
|
|
116
|
+
operation,
|
|
117
|
+
requestedNamespace: namespace,
|
|
118
|
+
contextSessionId: context.sessionId,
|
|
119
|
+
agentId: context.agentId,
|
|
120
|
+
});
|
|
121
|
+
throw new Error(`Access denied: cannot ${operation} memory in session ${namespaceSessionId} from session ${context.sessionId}`);
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
// Non-session namespaces are allowed (global/shared data)
|
|
125
|
+
// but writes should be carefully controlled
|
|
126
|
+
if (!this.isSessionNamespace(namespace) && operation === 'write') {
|
|
127
|
+
log.debug('Write to non-session namespace', {
|
|
128
|
+
namespace,
|
|
129
|
+
sessionId: context.sessionId,
|
|
130
|
+
agentId: context.agentId,
|
|
131
|
+
});
|
|
132
|
+
}
|
|
133
|
+
log.debug('Access validated', {
|
|
134
|
+
operation,
|
|
135
|
+
namespace,
|
|
136
|
+
sessionId: context.sessionId,
|
|
137
|
+
agentId: context.agentId,
|
|
138
|
+
});
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Check if a context can access a specific memory entry.
|
|
142
|
+
*
|
|
143
|
+
* This performs a non-throwing access check, useful for filtering results.
|
|
144
|
+
*
|
|
145
|
+
* @param context - The access context with sessionId
|
|
146
|
+
* @param entryNamespace - The namespace of the memory entry
|
|
147
|
+
* @param entryAgentId - Optional agent ID of the entry owner
|
|
148
|
+
* @returns True if access is allowed, false otherwise
|
|
149
|
+
*/
|
|
150
|
+
canAccessEntry(context, entryNamespace, entryAgentId) {
|
|
151
|
+
if (!context.sessionId) {
|
|
152
|
+
return false;
|
|
153
|
+
}
|
|
154
|
+
// If entry is in a session namespace, verify it's the same session
|
|
155
|
+
if (this.isSessionNamespace(entryNamespace)) {
|
|
156
|
+
const entrySessionId = this.extractSessionId(entryNamespace);
|
|
157
|
+
if (entrySessionId !== context.sessionId) {
|
|
158
|
+
return false;
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
// If agentId filter is set on context and entry has an agentId
|
|
162
|
+
if (context.agentId && entryAgentId) {
|
|
163
|
+
// If includeShared is false, only allow matching agentId
|
|
164
|
+
if (context.includeShared === false && entryAgentId !== context.agentId) {
|
|
165
|
+
return false;
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
return true;
|
|
169
|
+
}
|
|
170
|
+
/**
|
|
171
|
+
* Derive the appropriate namespace for a memory operation.
|
|
172
|
+
*
|
|
173
|
+
* If an explicit namespace is provided, validates access and returns it.
|
|
174
|
+
* Otherwise, returns the session namespace for the context.
|
|
175
|
+
*
|
|
176
|
+
* @param context - The access context with sessionId
|
|
177
|
+
* @param explicitNamespace - Optional explicit namespace to use
|
|
178
|
+
* @returns The namespace to use for the operation
|
|
179
|
+
* @throws {Error} If access to the explicit namespace is denied
|
|
180
|
+
*/
|
|
181
|
+
deriveNamespace(context, explicitNamespace) {
|
|
182
|
+
if (explicitNamespace) {
|
|
183
|
+
// Validate access to the explicit namespace
|
|
184
|
+
this.validateAccess(context, explicitNamespace, 'write');
|
|
185
|
+
return explicitNamespace;
|
|
186
|
+
}
|
|
187
|
+
// Default to session namespace
|
|
188
|
+
return this.getSessionNamespace(context.sessionId);
|
|
189
|
+
}
|
|
190
|
+
/**
|
|
191
|
+
* Check if we should filter by session namespace
|
|
192
|
+
* Used when listing/searching to ensure session isolation
|
|
193
|
+
*/
|
|
194
|
+
shouldFilterBySession(context, requestedNamespace) {
|
|
195
|
+
// If a specific namespace is requested, validate and use it
|
|
196
|
+
if (requestedNamespace) {
|
|
197
|
+
this.validateAccess(context, requestedNamespace, 'read');
|
|
198
|
+
return requestedNamespace;
|
|
199
|
+
}
|
|
200
|
+
// Default to session namespace for session isolation
|
|
201
|
+
return this.getSessionNamespace(context.sessionId);
|
|
202
|
+
}
|
|
203
|
+
}
|
|
204
|
+
// Singleton instance
|
|
205
|
+
let instance = null;
|
|
206
|
+
/**
|
|
207
|
+
* Get or create the access control instance
|
|
208
|
+
*/
|
|
209
|
+
export function getAccessControl() {
|
|
210
|
+
if (!instance) {
|
|
211
|
+
instance = new MemoryAccessControl();
|
|
212
|
+
}
|
|
213
|
+
return instance;
|
|
214
|
+
}
|
|
215
|
+
/**
|
|
216
|
+
* Reset the access control instance (for testing)
|
|
217
|
+
*/
|
|
218
|
+
export function resetAccessControl() {
|
|
219
|
+
instance = null;
|
|
220
|
+
}
|
|
221
|
+
//# sourceMappingURL=access-control.js.map
|