@blackms/aistack 1.5.0 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/README.md +30 -3
  2. package/dist/agents/index.d.ts +1 -1
  3. package/dist/agents/index.d.ts.map +1 -1
  4. package/dist/agents/index.js +1 -1
  5. package/dist/agents/index.js.map +1 -1
  6. package/dist/agents/spawner.d.ts +12 -0
  7. package/dist/agents/spawner.d.ts.map +1 -1
  8. package/dist/agents/spawner.js +117 -2
  9. package/dist/agents/spawner.js.map +1 -1
  10. package/dist/hooks/session.d.ts.map +1 -1
  11. package/dist/hooks/session.js +22 -1
  12. package/dist/hooks/session.js.map +1 -1
  13. package/dist/integrations/slack.d.ts +3 -0
  14. package/dist/integrations/slack.d.ts.map +1 -1
  15. package/dist/integrations/slack.js +40 -0
  16. package/dist/integrations/slack.js.map +1 -1
  17. package/dist/mcp/tools/memory-tools.d.ts +23 -0
  18. package/dist/mcp/tools/memory-tools.d.ts.map +1 -1
  19. package/dist/mcp/tools/memory-tools.js +71 -34
  20. package/dist/mcp/tools/memory-tools.js.map +1 -1
  21. package/dist/memory/access-control.d.ts +153 -0
  22. package/dist/memory/access-control.d.ts.map +1 -0
  23. package/dist/memory/access-control.js +221 -0
  24. package/dist/memory/access-control.js.map +1 -0
  25. package/dist/memory/index.d.ts +6 -1
  26. package/dist/memory/index.d.ts.map +1 -1
  27. package/dist/memory/index.js +90 -8
  28. package/dist/memory/index.js.map +1 -1
  29. package/dist/memory/sqlite-store.d.ts +70 -1
  30. package/dist/memory/sqlite-store.d.ts.map +1 -1
  31. package/dist/memory/sqlite-store.js +333 -5
  32. package/dist/memory/sqlite-store.js.map +1 -1
  33. package/dist/monitoring/metrics.d.ts.map +1 -1
  34. package/dist/monitoring/metrics.js +8 -0
  35. package/dist/monitoring/metrics.js.map +1 -1
  36. package/dist/monitoring/resource-exhaustion-service.d.ts +121 -0
  37. package/dist/monitoring/resource-exhaustion-service.d.ts.map +1 -0
  38. package/dist/monitoring/resource-exhaustion-service.js +499 -0
  39. package/dist/monitoring/resource-exhaustion-service.js.map +1 -0
  40. package/dist/types.d.ts +57 -0
  41. package/dist/types.d.ts.map +1 -1
  42. package/dist/types.js.map +1 -1
  43. package/dist/utils/config.d.ts.map +1 -1
  44. package/dist/utils/config.js +19 -0
  45. package/dist/utils/config.js.map +1 -1
  46. package/dist/web/routes/agents.d.ts.map +1 -1
  47. package/dist/web/routes/agents.js +134 -1
  48. package/dist/web/routes/agents.js.map +1 -1
  49. package/dist/web/routes/memory.d.ts +3 -0
  50. package/dist/web/routes/memory.d.ts.map +1 -1
  51. package/dist/web/routes/memory.js +66 -8
  52. package/dist/web/routes/memory.js.map +1 -1
  53. package/dist/web/routes/system.d.ts.map +1 -1
  54. package/dist/web/routes/system.js +49 -0
  55. package/dist/web/routes/system.js.map +1 -1
  56. package/package.json +1 -1
@@ -1,19 +1,24 @@
1
1
  /**
2
2
  * Memory MCP tools - store, search, get, list, delete
3
+ *
4
+ * All operations require a sessionId for session-based isolation.
3
5
  */
4
6
  import { z } from 'zod';
5
- // Input schemas
7
+ import { getAccessControl } from '../../memory/index.js';
8
+ // Input schemas - sessionId is required for all operations
6
9
  const StoreInputSchema = z.object({
10
+ sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
7
11
  key: z.string().min(1).max(500).describe('Unique key for the memory entry'),
8
12
  content: z.string().min(1).max(1000000).describe('Content to store'),
9
- namespace: z.string().min(1).max(100).optional().describe('Namespace for organization'),
13
+ namespace: z.string().min(1).max(100).optional().describe('Namespace for organization (defaults to session namespace)'),
10
14
  metadata: z.record(z.unknown()).optional().describe('Additional metadata'),
11
15
  generateEmbedding: z.boolean().optional().describe('Generate embedding for vector search'),
12
16
  agentId: z.string().uuid().optional().describe('Agent ID to associate this memory with'),
13
17
  });
14
18
  const SearchInputSchema = z.object({
19
+ sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
15
20
  query: z.string().min(1).max(1000).describe('Search query'),
16
- namespace: z.string().optional().describe('Namespace to search in'),
21
+ namespace: z.string().optional().describe('Namespace to search in (defaults to session namespace)'),
17
22
  limit: z.number().min(1).max(100).optional().describe('Maximum results'),
18
23
  threshold: z.number().min(0).max(1).optional().describe('Minimum similarity score'),
19
24
  useVector: z.boolean().optional().describe('Use vector search if available'),
@@ -21,46 +26,65 @@ const SearchInputSchema = z.object({
21
26
  includeShared: z.boolean().optional().describe('Include shared memory (agent_id = NULL)'),
22
27
  });
23
28
  const GetInputSchema = z.object({
29
+ sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
24
30
  key: z.string().min(1).max(500).describe('Key to retrieve'),
25
- namespace: z.string().optional().describe('Namespace'),
31
+ namespace: z.string().optional().describe('Namespace (defaults to session namespace)'),
26
32
  });
27
33
  const ListInputSchema = z.object({
28
- namespace: z.string().optional().describe('Filter by namespace'),
34
+ sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
35
+ namespace: z.string().optional().describe('Filter by namespace (defaults to session namespace)'),
29
36
  limit: z.number().min(1).max(1000).optional().describe('Maximum results'),
30
37
  offset: z.number().min(0).optional().describe('Offset for pagination'),
31
38
  agentId: z.string().uuid().optional().describe('Filter by agent ownership'),
32
39
  includeShared: z.boolean().optional().describe('Include shared memory (agent_id = NULL)'),
33
40
  });
34
41
  const DeleteInputSchema = z.object({
42
+ sessionId: z.string().uuid().describe('Session ID for memory isolation (required)'),
35
43
  key: z.string().min(1).max(500).describe('Key to delete'),
36
- namespace: z.string().optional().describe('Namespace'),
44
+ namespace: z.string().optional().describe('Namespace (defaults to session namespace)'),
37
45
  });
38
46
  export function createMemoryTools(memory) {
47
+ const accessControl = getAccessControl();
48
+ /**
49
+ * Helper to execute an operation with proper context management.
50
+ * Ensures context is always cleared, even on error.
51
+ */
52
+ async function withContext(context, operation) {
53
+ memory.setAgentContext(context);
54
+ try {
55
+ return await operation();
56
+ }
57
+ finally {
58
+ memory.clearAgentContext();
59
+ }
60
+ }
39
61
  return {
40
62
  memory_store: {
41
63
  name: 'memory_store',
42
- description: 'Store a key-value pair in memory',
64
+ description: 'Store a key-value pair in memory (requires sessionId for isolation)',
43
65
  inputSchema: {
44
66
  type: 'object',
45
67
  properties: {
68
+ sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
46
69
  key: { type: 'string', description: 'Unique key for the memory entry' },
47
70
  content: { type: 'string', description: 'Content to store' },
48
- namespace: { type: 'string', description: 'Namespace for organization' },
71
+ namespace: { type: 'string', description: 'Namespace for organization (defaults to session namespace)' },
49
72
  metadata: { type: 'object', description: 'Additional metadata' },
50
73
  generateEmbedding: { type: 'boolean', description: 'Generate embedding for vector search' },
51
74
  agentId: { type: 'string', description: 'Agent ID to associate this memory with' },
52
75
  },
53
- required: ['key', 'content'],
76
+ required: ['sessionId', 'key', 'content'],
54
77
  },
55
78
  handler: async (params) => {
56
79
  const input = StoreInputSchema.parse(params);
57
80
  try {
58
- const entry = await memory.store(input.key, input.content, {
59
- namespace: input.namespace,
81
+ const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
82
+ const entry = await withContext({ sessionId: input.sessionId, agentId: input.agentId }, () => memory.store(input.key, input.content, {
83
+ namespace,
60
84
  metadata: input.metadata,
61
85
  generateEmbedding: input.generateEmbedding,
62
86
  agentId: input.agentId,
63
- });
87
+ }));
64
88
  return {
65
89
  success: true,
66
90
  entry: {
@@ -83,31 +107,34 @@ export function createMemoryTools(memory) {
83
107
  },
84
108
  memory_search: {
85
109
  name: 'memory_search',
86
- description: 'Search memory using full-text and/or vector search',
110
+ description: 'Search memory using full-text and/or vector search (requires sessionId for isolation)',
87
111
  inputSchema: {
88
112
  type: 'object',
89
113
  properties: {
114
+ sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
90
115
  query: { type: 'string', description: 'Search query' },
91
- namespace: { type: 'string', description: 'Namespace to search in' },
116
+ namespace: { type: 'string', description: 'Namespace to search in (defaults to session namespace)' },
92
117
  limit: { type: 'number', description: 'Maximum results' },
93
118
  threshold: { type: 'number', description: 'Minimum similarity score (0-1)' },
94
119
  useVector: { type: 'boolean', description: 'Use vector search if available' },
95
120
  agentId: { type: 'string', description: 'Filter by agent ownership' },
96
121
  includeShared: { type: 'boolean', description: 'Include shared memory (agent_id = NULL)' },
97
122
  },
98
- required: ['query'],
123
+ required: ['sessionId', 'query'],
99
124
  },
100
125
  handler: async (params) => {
101
126
  const input = SearchInputSchema.parse(params);
102
127
  try {
103
- const results = await memory.search(input.query, {
104
- namespace: input.namespace,
128
+ const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
129
+ const includeShared = input.includeShared ?? true;
130
+ const results = await withContext({ sessionId: input.sessionId, agentId: input.agentId, includeShared }, () => memory.search(input.query, {
131
+ namespace,
105
132
  limit: input.limit,
106
133
  threshold: input.threshold,
107
134
  useVector: input.useVector,
108
135
  agentId: input.agentId,
109
- includeShared: input.includeShared,
110
- });
136
+ includeShared,
137
+ }));
111
138
  return {
112
139
  count: results.length,
113
140
  results: results.map(r => ({
@@ -132,18 +159,20 @@ export function createMemoryTools(memory) {
132
159
  },
133
160
  memory_get: {
134
161
  name: 'memory_get',
135
- description: 'Get a memory entry by key',
162
+ description: 'Get a memory entry by key (requires sessionId for isolation)',
136
163
  inputSchema: {
137
164
  type: 'object',
138
165
  properties: {
166
+ sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
139
167
  key: { type: 'string', description: 'Key to retrieve' },
140
- namespace: { type: 'string', description: 'Namespace' },
168
+ namespace: { type: 'string', description: 'Namespace (defaults to session namespace)' },
141
169
  },
142
- required: ['key'],
170
+ required: ['sessionId', 'key'],
143
171
  },
144
172
  handler: async (params) => {
145
173
  const input = GetInputSchema.parse(params);
146
- const entry = memory.get(input.key, input.namespace);
174
+ const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
175
+ const entry = await withContext({ sessionId: input.sessionId }, () => memory.get(input.key, namespace));
147
176
  if (!entry) {
148
177
  return {
149
178
  found: false,
@@ -166,24 +195,30 @@ export function createMemoryTools(memory) {
166
195
  },
167
196
  memory_list: {
168
197
  name: 'memory_list',
169
- description: 'List memory entries',
198
+ description: 'List memory entries (requires sessionId for isolation)',
170
199
  inputSchema: {
171
200
  type: 'object',
172
201
  properties: {
173
- namespace: { type: 'string', description: 'Filter by namespace' },
202
+ sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
203
+ namespace: { type: 'string', description: 'Filter by namespace (defaults to session namespace)' },
174
204
  limit: { type: 'number', description: 'Maximum results' },
175
205
  offset: { type: 'number', description: 'Offset for pagination' },
176
206
  agentId: { type: 'string', description: 'Filter by agent ownership' },
177
207
  includeShared: { type: 'boolean', description: 'Include shared memory (agent_id = NULL)' },
178
208
  },
209
+ required: ['sessionId'],
179
210
  },
180
211
  handler: async (params) => {
181
212
  const input = ListInputSchema.parse(params);
182
- const entries = memory.list(input.namespace, input.limit, input.offset, {
183
- agentId: input.agentId,
184
- includeShared: input.includeShared,
185
- });
186
- const total = memory.count(input.namespace);
213
+ const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
214
+ const includeShared = input.includeShared ?? true;
215
+ const { entries, total } = await withContext({ sessionId: input.sessionId, agentId: input.agentId, includeShared }, () => ({
216
+ entries: memory.list(namespace, input.limit, input.offset, {
217
+ agentId: input.agentId,
218
+ includeShared,
219
+ }),
220
+ total: memory.count(namespace),
221
+ }));
187
222
  return {
188
223
  total,
189
224
  count: entries.length,
@@ -203,18 +238,20 @@ export function createMemoryTools(memory) {
203
238
  },
204
239
  memory_delete: {
205
240
  name: 'memory_delete',
206
- description: 'Delete a memory entry',
241
+ description: 'Delete a memory entry (requires sessionId for isolation)',
207
242
  inputSchema: {
208
243
  type: 'object',
209
244
  properties: {
245
+ sessionId: { type: 'string', description: 'Session ID for memory isolation (required)' },
210
246
  key: { type: 'string', description: 'Key to delete' },
211
- namespace: { type: 'string', description: 'Namespace' },
247
+ namespace: { type: 'string', description: 'Namespace (defaults to session namespace)' },
212
248
  },
213
- required: ['key'],
249
+ required: ['sessionId', 'key'],
214
250
  },
215
251
  handler: async (params) => {
216
252
  const input = DeleteInputSchema.parse(params);
217
- const deleted = memory.delete(input.key, input.namespace);
253
+ const namespace = input.namespace ?? accessControl.getSessionNamespace(input.sessionId);
254
+ const deleted = await withContext({ sessionId: input.sessionId }, () => memory.delete(input.key, namespace));
218
255
  return {
219
256
  success: deleted,
220
257
  message: deleted ? 'Entry deleted' : 'Entry not found',
@@ -1 +1 @@
1
- {"version":3,"file":"memory-tools.js","sourceRoot":"","sources":["../../../src/mcp/tools/memory-tools.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,gBAAgB;AAChB,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC;IAC3E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC;IACpE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;IACvF,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC1E,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IAC1F,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;CACzF,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IACnE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACxE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IACnF,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC5E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC3E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;CACvD,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAChE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACzE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACtE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC3E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;IACzD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;CACvD,CAAC,CAAC;AAEH,MAAM,UAAU,iBAAiB,CAAC,MAAqB;IACrD,OAAO;QACL,YAAY,EAAE;YACZ,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,kCAAkC;YAC/C,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iCAAiC,EAAE;oBACvE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;oBAC5D,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4BAA4B,EAAE;oBACxE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;oBAChE,iBAAiB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,sCAAsC,EAAE;oBAC3F,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wCAAwC,EAAE;iBACnF;gBACD,QAAQ,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC;aAC7B;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE7C,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,EAAE;wBACzD,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;wBAC1C,OAAO,EAAE,KAAK,CAAC,OAAO;qBACvB,CAAC,CAAC;oBAEH,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,KAAK,EAAE;4BACL,EAAE,EAAE,KAAK,CAAC,EAAE;4BACZ,GAAG,EAAE,KAAK,CAAC,GAAG;4BACd,SAAS,EAAE,KAAK,CAAC,SAAS;4BAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;4BACtB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;4BACxC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;yBACzC;qBACF,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;SACF;QAED,aAAa,EAAE;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,oDAAoD;YACjE,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wBAAwB,EAAE;oBACpE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gCAAgC,EAAE;oBAC5E,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,gCAAgC,EAAE;oBAC7E,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACrE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,yCAAyC,EAAE;iBAC3F;gBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;aACpB;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE9C,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE;wBAC/C,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,aAAa,EAAE,KAAK,CAAC,aAAa;qBACnC,CAAC,CAAC;oBAEH,OAAO;wBACL,KAAK,EAAE,OAAO,CAAC,MAAM;wBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;4BACzB,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG;4BAChB,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;4BACxB,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,SAAS;4BAC5B,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;4BACxB,KAAK,EAAE,CAAC,CAAC,KAAK;4BACd,SAAS,EAAE,CAAC,CAAC,SAAS;4BACtB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ;yBAC3B,CAAC,CAAC;qBACJ,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO;wBACL,KAAK,EAAE,CAAC;wBACR,OAAO,EAAE,EAAE;wBACX,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;SACF;QAED,UAAU,EAAE;YACV,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,2BAA2B;YACxC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACvD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;iBACxD;gBACD,QAAQ,EAAE,CAAC,KAAK,CAAC;aAClB;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;gBAErD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,OAAO,EAAE,iBAAiB;qBAC3B,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,KAAK,EAAE;wBACL,EAAE,EAAE,KAAK,CAAC,EAAE;wBACZ,GAAG,EAAE,KAAK,CAAC,GAAG;wBACd,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;wBACxC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;qBACzC;iBACF,CAAC;YACJ,CAAC;SACF;QAED,WAAW,EAAE;YACX,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,qBAAqB;YAClC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;oBACjE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBAChE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACrE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,yCAAyC,EAAE;iBAC3F;aACF;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE;oBACtE,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,aAAa,EAAE,KAAK,CAAC,aAAa;iBACnC,CAAC,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAE5C,OAAO;oBACL,KAAK;oBACL,KAAK,EAAE,OAAO,CAAC,MAAM;oBACrB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;oBACzB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;wBACzB,EAAE,EAAE,CAAC,CAAC,EAAE;wBACR,GAAG,EAAE,CAAC,CAAC,GAAG;wBACV,SAAS,EAAE,CAAC,CAAC,SAAS;wBACtB,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,cAAc,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC/E,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;wBACpC,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;qBACrC,CAAC,CAAC;iBACJ,CAAC;YACJ,CAAC;SACF;QAED,aAAa,EAAE;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,uBAAuB;YACpC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;oBACrD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;iBACxD;gBACD,QAAQ,EAAE,CAAC,KAAK,CAAC;aAClB;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC9C,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;gBAE1D,OAAO;oBACL,OAAO,EAAE,OAAO;oBAChB,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,iBAAiB;iBACvD,CAAC;YACJ,CAAC;SACF;KACF,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"memory-tools.js","sourceRoot":"","sources":["../../../src/mcp/tools/memory-tools.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,2DAA2D;AAC3D,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC;IAC3E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC;IACpE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4DAA4D,CAAC;IACvH,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC1E,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IAC1F,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;CACzF,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wDAAwD,CAAC;IACnG,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACxE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IACnF,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC5E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC3E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACvF,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qDAAqD,CAAC;IAChG,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACzE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACtE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC3E,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;CAC1F,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACnF,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;IACzD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACvF,CAAC,CAAC;AAEH,MAAM,UAAU,iBAAiB,CAAC,MAAqB;IACrD,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IAEzC;;;OAGG;IACH,KAAK,UAAU,WAAW,CACxB,OAAyE,EACzE,SAA+B;QAE/B,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,OAAO,MAAM,SAAS,EAAE,CAAC;QAC3B,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO;QACL,YAAY,EAAE;YACZ,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,qEAAqE;YAClF,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iCAAiC,EAAE;oBACvE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;oBAC5D,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4DAA4D,EAAE;oBACxG,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;oBAChE,iBAAiB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,sCAAsC,EAAE;oBAC3F,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wCAAwC,EAAE;iBACnF;gBACD,QAAQ,EAAE,CAAC,WAAW,EAAE,KAAK,EAAE,SAAS,CAAC;aAC1C;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE7C,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;oBAExF,MAAM,KAAK,GAAG,MAAM,WAAW,CAC7B,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,EACtD,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,EAAE;wBAC3C,SAAS;wBACT,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;wBAC1C,OAAO,EAAE,KAAK,CAAC,OAAO;qBACvB,CAAC,CACH,CAAC;oBAEF,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,KAAK,EAAE;4BACL,EAAE,EAAE,KAAK,CAAC,EAAE;4BACZ,GAAG,EAAE,KAAK,CAAC,GAAG;4BACd,SAAS,EAAE,KAAK,CAAC,SAAS;4BAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;4BACtB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;4BACxC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;yBACzC;qBACF,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;SACF;QAED,aAAa,EAAE;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,uFAAuF;YACpG,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;oBACpG,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gCAAgC,EAAE;oBAC5E,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,gCAAgC,EAAE;oBAC7E,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACrE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,yCAAyC,EAAE;iBAC3F;gBACD,QAAQ,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC;aACjC;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE9C,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;oBACxF,MAAM,aAAa,GAAG,KAAK,CAAC,aAAa,IAAI,IAAI,CAAC;oBAElD,MAAM,OAAO,GAAG,MAAM,WAAW,CAC/B,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,aAAa,EAAE,EACrE,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE;wBAC/B,SAAS;wBACT,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,aAAa;qBACd,CAAC,CACH,CAAC;oBAEF,OAAO;wBACL,KAAK,EAAE,OAAO,CAAC,MAAM;wBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;4BACzB,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG;4BAChB,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;4BACxB,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,SAAS;4BAC5B,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;4BACxB,KAAK,EAAE,CAAC,CAAC,KAAK;4BACd,SAAS,EAAE,CAAC,CAAC,SAAS;4BACtB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ;yBAC3B,CAAC,CAAC;qBACJ,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO;wBACL,KAAK,EAAE,CAAC;wBACR,OAAO,EAAE,EAAE;wBACX,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;SACF;QAED,UAAU,EAAE;YACV,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,8DAA8D;YAC3E,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACvD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2CAA2C,EAAE;iBACxF;gBACD,QAAQ,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;aAC/B;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC3C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAExF,MAAM,KAAK,GAAG,MAAM,WAAW,CAC7B,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,EAC9B,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CACvC,CAAC;gBAEF,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,OAAO,EAAE,iBAAiB;qBAC3B,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,KAAK,EAAE;wBACL,EAAE,EAAE,KAAK,CAAC,EAAE;wBACZ,GAAG,EAAE,KAAK,CAAC,GAAG;wBACd,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;wBACxC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE;qBACzC;iBACF,CAAC;YACJ,CAAC;SACF;QAED,WAAW,EAAE;YACX,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,wDAAwD;YACrE,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qDAAqD,EAAE;oBACjG,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBAChE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACrE,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,yCAAyC,EAAE;iBAC3F;gBACD,QAAQ,EAAE,CAAC,WAAW,CAAC;aACxB;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACxF,MAAM,aAAa,GAAG,KAAK,CAAC,aAAa,IAAI,IAAI,CAAC;gBAElD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,WAAW,CAC1C,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,aAAa,EAAE,EACrE,GAAG,EAAE,CAAC,CAAC;oBACL,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE;wBACzD,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,aAAa;qBACd,CAAC;oBACF,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC;iBAC/B,CAAC,CACH,CAAC;gBAEF,OAAO;oBACL,KAAK;oBACL,KAAK,EAAE,OAAO,CAAC,MAAM;oBACrB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;oBACzB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;wBACzB,EAAE,EAAE,CAAC,CAAC,EAAE;wBACR,GAAG,EAAE,CAAC,CAAC,GAAG;wBACV,SAAS,EAAE,CAAC,CAAC,SAAS;wBACtB,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,cAAc,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC/E,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;wBACpC,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE;qBACrC,CAAC,CAAC;iBACJ,CAAC;YACJ,CAAC;SACF;QAED,aAAa,EAAE;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,0DAA0D;YACvE,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBACxF,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;oBACrD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2CAA2C,EAAE;iBACxF;gBACD,QAAQ,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;aAC/B;YACD,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,EAAE;gBACjD,MAAM,KAAK,GAAG,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC9C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAExF,MAAM,OAAO,GAAG,MAAM,WAAW,CAC/B,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,EAC9B,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAC1C,CAAC;gBAEF,OAAO;oBACL,OAAO,EAAE,OAAO;oBAChB,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,iBAAiB;iBACvD,CAAC;YACJ,CAAC;SACF;KACF,CAAC;AACJ,CAAC"}
@@ -0,0 +1,153 @@
1
+ /**
2
+ * Memory Access Control - Session-based isolation for agent memory
3
+ *
4
+ * This module provides session-based memory isolation to prevent agents in
5
+ * different sessions from accessing each other's memory. Each session gets
6
+ * its own namespace prefixed with "session:" followed by the session ID.
7
+ *
8
+ * Key security guarantees:
9
+ * - Cross-session access is blocked (agents in session A cannot access session B's memory)
10
+ * - Within a session, agents can optionally share memory or have private memory
11
+ * - Global/system namespaces remain accessible for shared data
12
+ *
13
+ * @module memory/access-control
14
+ */
15
+ /**
16
+ * Context for memory access operations.
17
+ *
18
+ * This context is required for all memory operations to enforce session isolation.
19
+ *
20
+ * @example
21
+ * ```typescript
22
+ * const context: MemoryAccessContext = {
23
+ * sessionId: 'abc-123-def', // Required: session identifier
24
+ * agentId: 'agent-456', // Optional: filter to specific agent
25
+ * includeShared: true // Optional: include session-level shared memory
26
+ * };
27
+ * ```
28
+ */
29
+ export interface MemoryAccessContext {
30
+ /** Required - enforced namespace based on session */
31
+ sessionId: string;
32
+ /** Optional - scoping within session for agent-specific memory */
33
+ agentId?: string;
34
+ /** Include shared memory (agent_id = NULL within session). Defaults to true. */
35
+ includeShared?: boolean;
36
+ }
37
+ /**
38
+ * Memory access control for session-based isolation.
39
+ *
40
+ * This class enforces memory isolation between sessions by:
41
+ * - Validating that memory operations only access the caller's session namespace
42
+ * - Blocking cross-session access attempts
43
+ * - Supporting agent-level filtering within a session
44
+ *
45
+ * @example
46
+ * ```typescript
47
+ * const accessControl = getAccessControl();
48
+ * const namespace = accessControl.getSessionNamespace('session-123');
49
+ * // namespace = 'session:session-123'
50
+ *
51
+ * // Validate access
52
+ * accessControl.validateAccess(
53
+ * { sessionId: 'session-123' },
54
+ * 'session:session-123',
55
+ * 'read'
56
+ * ); // OK
57
+ *
58
+ * accessControl.validateAccess(
59
+ * { sessionId: 'session-123' },
60
+ * 'session:session-456',
61
+ * 'read'
62
+ * ); // Throws: Access denied
63
+ * ```
64
+ */
65
+ export declare class MemoryAccessControl {
66
+ /** Prefix for session namespaces */
67
+ private static readonly SESSION_PREFIX;
68
+ /**
69
+ * Get the namespace for a session.
70
+ *
71
+ * @param sessionId - The session identifier
72
+ * @returns The session namespace in format "session:{sessionId}"
73
+ * @throws {Error} If sessionId is empty or undefined
74
+ *
75
+ * @example
76
+ * ```typescript
77
+ * getSessionNamespace('abc-123'); // Returns 'session:abc-123'
78
+ * ```
79
+ */
80
+ getSessionNamespace(sessionId: string): string;
81
+ /**
82
+ * Check if a namespace belongs to a session (starts with "session:" prefix).
83
+ *
84
+ * @param namespace - The namespace to check
85
+ * @returns True if the namespace is a session namespace
86
+ */
87
+ isSessionNamespace(namespace: string): boolean;
88
+ /**
89
+ * Extract session ID from a namespace.
90
+ *
91
+ * @param namespace - The namespace to extract from
92
+ * @returns The session ID if this is a session namespace, null otherwise
93
+ *
94
+ * @example
95
+ * ```typescript
96
+ * extractSessionId('session:abc-123'); // Returns 'abc-123'
97
+ * extractSessionId('default'); // Returns null
98
+ * ```
99
+ */
100
+ extractSessionId(namespace: string): string | null;
101
+ /**
102
+ * Validate access to a namespace.
103
+ *
104
+ * This method enforces session isolation by checking that:
105
+ * - The context has a valid sessionId
106
+ * - If the target namespace is a session namespace, it belongs to the caller's session
107
+ *
108
+ * Non-session namespaces (global/shared) are allowed for backwards compatibility.
109
+ *
110
+ * @param context - The access context with sessionId
111
+ * @param namespace - The target namespace to access
112
+ * @param operation - The operation type for logging purposes
113
+ * @throws {Error} If sessionId is missing or cross-session access is attempted
114
+ */
115
+ validateAccess(context: MemoryAccessContext, namespace: string, operation: 'read' | 'write' | 'delete'): void;
116
+ /**
117
+ * Check if a context can access a specific memory entry.
118
+ *
119
+ * This performs a non-throwing access check, useful for filtering results.
120
+ *
121
+ * @param context - The access context with sessionId
122
+ * @param entryNamespace - The namespace of the memory entry
123
+ * @param entryAgentId - Optional agent ID of the entry owner
124
+ * @returns True if access is allowed, false otherwise
125
+ */
126
+ canAccessEntry(context: MemoryAccessContext, entryNamespace: string, entryAgentId?: string): boolean;
127
+ /**
128
+ * Derive the appropriate namespace for a memory operation.
129
+ *
130
+ * If an explicit namespace is provided, validates access and returns it.
131
+ * Otherwise, returns the session namespace for the context.
132
+ *
133
+ * @param context - The access context with sessionId
134
+ * @param explicitNamespace - Optional explicit namespace to use
135
+ * @returns The namespace to use for the operation
136
+ * @throws {Error} If access to the explicit namespace is denied
137
+ */
138
+ deriveNamespace(context: MemoryAccessContext, explicitNamespace?: string): string;
139
+ /**
140
+ * Check if we should filter by session namespace
141
+ * Used when listing/searching to ensure session isolation
142
+ */
143
+ shouldFilterBySession(context: MemoryAccessContext, requestedNamespace?: string): string | undefined;
144
+ }
145
+ /**
146
+ * Get or create the access control instance
147
+ */
148
+ export declare function getAccessControl(): MemoryAccessControl;
149
+ /**
150
+ * Reset the access control instance (for testing)
151
+ */
152
+ export declare function resetAccessControl(): void;
153
+ //# sourceMappingURL=access-control.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"access-control.d.ts","sourceRoot":"","sources":["../../src/memory/access-control.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,mBAAmB;IAClC,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gFAAgF;IAChF,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,mBAAmB;IAC9B,oCAAoC;IACpC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAc;IAEpD;;;;;;;;;;;OAWG;IACH,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAO9C;;;;;OAKG;IACH,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAI9C;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAOlD;;;;;;;;;;;;;OAaG;IACH,cAAc,CACZ,OAAO,EAAE,mBAAmB,EAC5B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,GACrC,IAAI;IAuCP;;;;;;;;;OASG;IACH,cAAc,CACZ,OAAO,EAAE,mBAAmB,EAC5B,cAAc,EAAE,MAAM,EACtB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO;IAwBV;;;;;;;;;;OAUG;IACH,eAAe,CAAC,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM;IAWjF;;;OAGG;IACH,qBAAqB,CAAC,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;CAUrG;AAKD;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,mBAAmB,CAKtD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC"}
@@ -0,0 +1,221 @@
1
+ /**
2
+ * Memory Access Control - Session-based isolation for agent memory
3
+ *
4
+ * This module provides session-based memory isolation to prevent agents in
5
+ * different sessions from accessing each other's memory. Each session gets
6
+ * its own namespace prefixed with "session:" followed by the session ID.
7
+ *
8
+ * Key security guarantees:
9
+ * - Cross-session access is blocked (agents in session A cannot access session B's memory)
10
+ * - Within a session, agents can optionally share memory or have private memory
11
+ * - Global/system namespaces remain accessible for shared data
12
+ *
13
+ * @module memory/access-control
14
+ */
15
+ import { logger } from '../utils/logger.js';
16
+ const log = logger.child('memory:access-control');
17
+ /**
18
+ * Memory access control for session-based isolation.
19
+ *
20
+ * This class enforces memory isolation between sessions by:
21
+ * - Validating that memory operations only access the caller's session namespace
22
+ * - Blocking cross-session access attempts
23
+ * - Supporting agent-level filtering within a session
24
+ *
25
+ * @example
26
+ * ```typescript
27
+ * const accessControl = getAccessControl();
28
+ * const namespace = accessControl.getSessionNamespace('session-123');
29
+ * // namespace = 'session:session-123'
30
+ *
31
+ * // Validate access
32
+ * accessControl.validateAccess(
33
+ * { sessionId: 'session-123' },
34
+ * 'session:session-123',
35
+ * 'read'
36
+ * ); // OK
37
+ *
38
+ * accessControl.validateAccess(
39
+ * { sessionId: 'session-123' },
40
+ * 'session:session-456',
41
+ * 'read'
42
+ * ); // Throws: Access denied
43
+ * ```
44
+ */
45
+ export class MemoryAccessControl {
46
+ /** Prefix for session namespaces */
47
+ static SESSION_PREFIX = 'session:';
48
+ /**
49
+ * Get the namespace for a session.
50
+ *
51
+ * @param sessionId - The session identifier
52
+ * @returns The session namespace in format "session:{sessionId}"
53
+ * @throws {Error} If sessionId is empty or undefined
54
+ *
55
+ * @example
56
+ * ```typescript
57
+ * getSessionNamespace('abc-123'); // Returns 'session:abc-123'
58
+ * ```
59
+ */
60
+ getSessionNamespace(sessionId) {
61
+ if (!sessionId) {
62
+ throw new Error('sessionId is required for memory access');
63
+ }
64
+ return `${MemoryAccessControl.SESSION_PREFIX}${sessionId}`;
65
+ }
66
+ /**
67
+ * Check if a namespace belongs to a session (starts with "session:" prefix).
68
+ *
69
+ * @param namespace - The namespace to check
70
+ * @returns True if the namespace is a session namespace
71
+ */
72
+ isSessionNamespace(namespace) {
73
+ return namespace.startsWith(MemoryAccessControl.SESSION_PREFIX);
74
+ }
75
+ /**
76
+ * Extract session ID from a namespace.
77
+ *
78
+ * @param namespace - The namespace to extract from
79
+ * @returns The session ID if this is a session namespace, null otherwise
80
+ *
81
+ * @example
82
+ * ```typescript
83
+ * extractSessionId('session:abc-123'); // Returns 'abc-123'
84
+ * extractSessionId('default'); // Returns null
85
+ * ```
86
+ */
87
+ extractSessionId(namespace) {
88
+ if (!this.isSessionNamespace(namespace)) {
89
+ return null;
90
+ }
91
+ return namespace.slice(MemoryAccessControl.SESSION_PREFIX.length);
92
+ }
93
+ /**
94
+ * Validate access to a namespace.
95
+ *
96
+ * This method enforces session isolation by checking that:
97
+ * - The context has a valid sessionId
98
+ * - If the target namespace is a session namespace, it belongs to the caller's session
99
+ *
100
+ * Non-session namespaces (global/shared) are allowed for backwards compatibility.
101
+ *
102
+ * @param context - The access context with sessionId
103
+ * @param namespace - The target namespace to access
104
+ * @param operation - The operation type for logging purposes
105
+ * @throws {Error} If sessionId is missing or cross-session access is attempted
106
+ */
107
+ validateAccess(context, namespace, operation) {
108
+ if (!context.sessionId) {
109
+ throw new Error('sessionId is required for memory access');
110
+ }
111
+ // If the namespace is a session namespace, verify it matches the context's session
112
+ if (this.isSessionNamespace(namespace)) {
113
+ const namespaceSessionId = this.extractSessionId(namespace);
114
+ if (namespaceSessionId !== context.sessionId) {
115
+ log.warn('Access denied: cross-session access attempt', {
116
+ operation,
117
+ requestedNamespace: namespace,
118
+ contextSessionId: context.sessionId,
119
+ agentId: context.agentId,
120
+ });
121
+ throw new Error(`Access denied: cannot ${operation} memory in session ${namespaceSessionId} from session ${context.sessionId}`);
122
+ }
123
+ }
124
+ // Non-session namespaces are allowed (global/shared data)
125
+ // but writes should be carefully controlled
126
+ if (!this.isSessionNamespace(namespace) && operation === 'write') {
127
+ log.debug('Write to non-session namespace', {
128
+ namespace,
129
+ sessionId: context.sessionId,
130
+ agentId: context.agentId,
131
+ });
132
+ }
133
+ log.debug('Access validated', {
134
+ operation,
135
+ namespace,
136
+ sessionId: context.sessionId,
137
+ agentId: context.agentId,
138
+ });
139
+ }
140
+ /**
141
+ * Check if a context can access a specific memory entry.
142
+ *
143
+ * This performs a non-throwing access check, useful for filtering results.
144
+ *
145
+ * @param context - The access context with sessionId
146
+ * @param entryNamespace - The namespace of the memory entry
147
+ * @param entryAgentId - Optional agent ID of the entry owner
148
+ * @returns True if access is allowed, false otherwise
149
+ */
150
+ canAccessEntry(context, entryNamespace, entryAgentId) {
151
+ if (!context.sessionId) {
152
+ return false;
153
+ }
154
+ // If entry is in a session namespace, verify it's the same session
155
+ if (this.isSessionNamespace(entryNamespace)) {
156
+ const entrySessionId = this.extractSessionId(entryNamespace);
157
+ if (entrySessionId !== context.sessionId) {
158
+ return false;
159
+ }
160
+ }
161
+ // If agentId filter is set on context and entry has an agentId
162
+ if (context.agentId && entryAgentId) {
163
+ // If includeShared is false, only allow matching agentId
164
+ if (context.includeShared === false && entryAgentId !== context.agentId) {
165
+ return false;
166
+ }
167
+ }
168
+ return true;
169
+ }
170
+ /**
171
+ * Derive the appropriate namespace for a memory operation.
172
+ *
173
+ * If an explicit namespace is provided, validates access and returns it.
174
+ * Otherwise, returns the session namespace for the context.
175
+ *
176
+ * @param context - The access context with sessionId
177
+ * @param explicitNamespace - Optional explicit namespace to use
178
+ * @returns The namespace to use for the operation
179
+ * @throws {Error} If access to the explicit namespace is denied
180
+ */
181
+ deriveNamespace(context, explicitNamespace) {
182
+ if (explicitNamespace) {
183
+ // Validate access to the explicit namespace
184
+ this.validateAccess(context, explicitNamespace, 'write');
185
+ return explicitNamespace;
186
+ }
187
+ // Default to session namespace
188
+ return this.getSessionNamespace(context.sessionId);
189
+ }
190
+ /**
191
+ * Check if we should filter by session namespace
192
+ * Used when listing/searching to ensure session isolation
193
+ */
194
+ shouldFilterBySession(context, requestedNamespace) {
195
+ // If a specific namespace is requested, validate and use it
196
+ if (requestedNamespace) {
197
+ this.validateAccess(context, requestedNamespace, 'read');
198
+ return requestedNamespace;
199
+ }
200
+ // Default to session namespace for session isolation
201
+ return this.getSessionNamespace(context.sessionId);
202
+ }
203
+ }
204
+ // Singleton instance
205
+ let instance = null;
206
+ /**
207
+ * Get or create the access control instance
208
+ */
209
+ export function getAccessControl() {
210
+ if (!instance) {
211
+ instance = new MemoryAccessControl();
212
+ }
213
+ return instance;
214
+ }
215
+ /**
216
+ * Reset the access control instance (for testing)
217
+ */
218
+ export function resetAccessControl() {
219
+ instance = null;
220
+ }
221
+ //# sourceMappingURL=access-control.js.map