npm - @contextableai/openclaw-memory-rebac - Versions diffs - 0.1.0 → 0.1.2 - Mend

@contextableai/openclaw-memory-rebac 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/authorization.d.ts +57 -0
package/dist/authorization.js +133 -0
package/dist/backend.d.ts +135 -0
package/dist/backend.js +11 -0
package/dist/backends/graphiti.d.ts +72 -0
package/dist/backends/graphiti.js +222 -0
package/dist/backends/registry.d.ts +14 -0
package/dist/backends/registry.js +12 -0
package/dist/cli.d.ts +23 -0
package/dist/cli.js +446 -0
package/dist/config.d.ts +34 -0
package/dist/config.js +97 -0
package/dist/index.d.ts +25 -0
package/dist/index.js +638 -0
package/dist/plugin.defaults.json +12 -0
package/dist/search.d.ts +34 -0
package/dist/search.js +98 -0
package/dist/spicedb.d.ts +80 -0
package/dist/spicedb.js +267 -0
package/docker/graphiti/.env +50 -0
package/docker/graphiti/docker-compose.yml +2 -2
package/docker/graphiti/graphiti_overlay.py +26 -1
package/docker/graphiti/startup.py +61 -4
package/docker/spicedb/.env +14 -0
package/package.json +8 -11
package/authorization.ts +0 -191
package/backend.ts +0 -176
package/backends/backends.json +0 -3
package/backends/graphiti.test.ts +0 -292
package/backends/graphiti.ts +0 -345
package/backends/registry.ts +0 -36
package/cli.ts +0 -418
package/config.ts +0 -141
package/index.ts +0 -711
package/search.ts +0 -139
package/spicedb.ts +0 -355
/package/{backends → dist/backends}/graphiti.defaults.json +0 -0

package/search.ts DELETED Viewed

@@ -1,139 +0,0 @@
-/**
- * Parallel Multi-Group Search + Merge/Re-rank
- *
- * Backend-agnostic: delegates per-group search to MemoryBackend.searchGroup().
- * Issues parallel calls (one per authorized group_id), merges results,
- * deduplicates by UUID, and re-ranks by score then recency.
- */
-import type { MemoryBackend, SearchResult } from "./backend.js";
-export type { SearchResult };
-// ============================================================================
-// Search options
-// ============================================================================
-export type SearchOptions = {
-  query: string;
-  groupIds: string[];
-  limit?: number;
-  sessionId?: string;
-};
-// ============================================================================
-// Search
-// ============================================================================
-/**
- * Search across multiple authorized group_ids in parallel.
- * Merges and deduplicates results, returning up to `limit` items sorted by
- * score (desc) then recency (desc).
- */
-export async function searchAuthorizedMemories(
-  backend: MemoryBackend,
-  options: SearchOptions,
-): Promise<SearchResult[]> {
-  const { query, groupIds, limit = 10, sessionId } = options;
-  if (groupIds.length === 0) {
-    return [];
-  }
-  // Fan out parallel searches across all authorized groups
-  const promises = groupIds.map((groupId) =>
-    backend.searchGroup({ query, groupId, limit, sessionId }),
-  );
-  const resultSets = await Promise.allSettled(promises);
-  // Collect all successful results — silently skip failed group searches
-  const allResults: SearchResult[] = [];
-  for (const result of resultSets) {
-    if (result.status === "fulfilled") {
-      allResults.push(...result.value);
-    }
-  }
-  // Deduplicate by UUID
-  const seen = new Set<string>();
-  const deduped = allResults.filter((r) => {
-    if (seen.has(r.uuid)) return false;
-    seen.add(r.uuid);
-    return true;
-  });
-  // Sort: score descending (when available), then recency descending
-  deduped.sort((a, b) => {
-    if (a.score !== undefined && b.score !== undefined && a.score !== b.score) {
-      return b.score - a.score;
-    }
-    const dateA = new Date(a.created_at).getTime();
-    const dateB = new Date(b.created_at).getTime();
-    return dateB - dateA;
-  });
-  return deduped.slice(0, limit);
-}
-// ============================================================================
-// Format for agent context
-// ============================================================================
-/**
- * Format search results into a text block for injecting into agent context.
- */
-export function formatResultsForContext(results: SearchResult[]): string {
-  if (results.length === 0) return "";
-  return results.map((r, i) => formatResultLine(r, i + 1)).join("\n");
-}
-/**
- * Format results with long-term and session sections separated.
- * Session group_ids start with "session-".
- */
-export function formatDualResults(
-  longTermResults: SearchResult[],
-  sessionResults: SearchResult[],
-): string {
-  const parts: string[] = [];
-  let idx = 1;
-  for (const r of longTermResults) {
-    parts.push(formatResultLine(r, idx++));
-  }
-  if (sessionResults.length > 0) {
-    if (longTermResults.length > 0) parts.push("Session memories:");
-    for (const r of sessionResults) {
-      parts.push(formatResultLine(r, idx++));
-    }
-  }
-  return parts.join("\n");
-}
-/**
- * Format a single search result line with type-prefixed UUID.
- * e.g. "[fact:da8650cb-...] Eric's birthday is Dec 17th (Eric -[HAS_BIRTHDAY]→ Dec 17th)"
- */
-function formatResultLine(r: SearchResult, idx: number): string {
-  const typeLabel =
-    r.type === "node" ? "entity" :
-    r.type === "fact" ? "fact" :
-    r.type === "chunk" ? "chunk" :
-    r.type === "summary" ? "summary" :
-    "completion";
-  return `${idx}. [${typeLabel}:${r.uuid}] ${r.summary} (${r.context})`;
-}
-/**
- * Deduplicate session results against long-term results (by UUID).
- */
-export function deduplicateSessionResults(
-  longTermResults: SearchResult[],
-  sessionResults: SearchResult[],
-): SearchResult[] {
-  const longTermIds = new Set(longTermResults.map((r) => r.uuid));
-  return sessionResults.filter((r) => !longTermIds.has(r.uuid));
-}

package/spicedb.ts DELETED Viewed

@@ -1,355 +0,0 @@
-/**
- * SpiceDB Client Wrapper
- *
- * Wraps @authzed/authzed-node for authorization operations:
- * WriteSchema, WriteRelationships, DeleteRelationships, BulkImportRelationships,
- * LookupResources, CheckPermission.
- */
-import { v1 } from "@authzed/authzed-node";
-// ============================================================================
-// Types
-// ============================================================================
-export type SpiceDbConfig = {
-  endpoint: string;
-  token: string;
-  insecure: boolean;
-};
-export type RelationshipTuple = {
-  resourceType: string;
-  resourceId: string;
-  relation: string;
-  subjectType: string;
-  subjectId: string;
-};
-export type ConsistencyMode =
-  | { mode: "full" }
-  | { mode: "at_least_as_fresh"; token: string }
-  | { mode: "minimize_latency" };
-// ============================================================================
-// Client
-// ============================================================================
-export class SpiceDbClient {
-  private client: ReturnType<typeof v1.NewClient>;
-  private promises: ReturnType<typeof v1.NewClient>["promises"];
-  constructor(config: SpiceDbConfig) {
-    if (config.insecure) {
-      this.client = v1.NewClient(
-        config.token,
-        config.endpoint,
-        v1.ClientSecurity.INSECURE_PLAINTEXT_CREDENTIALS,
-      );
-    } else {
-      this.client = v1.NewClient(config.token, config.endpoint);
-    }
-    this.promises = this.client.promises;
-  }
-  // --------------------------------------------------------------------------
-  // Schema
-  // --------------------------------------------------------------------------
-  async writeSchema(schema: string): Promise<void> {
-    const request = v1.WriteSchemaRequest.create({ schema });
-    await this.promises.writeSchema(request);
-  }
-  async readSchema(): Promise<string> {
-    const request = v1.ReadSchemaRequest.create({});
-    const response = await this.promises.readSchema(request);
-    return response.schemaText;
-  }
-  // --------------------------------------------------------------------------
-  // Relationships
-  // --------------------------------------------------------------------------
-  async writeRelationships(tuples: RelationshipTuple[]): Promise<string | undefined> {
-    const updates = tuples.map((t) =>
-      v1.RelationshipUpdate.create({
-        operation: v1.RelationshipUpdate_Operation.TOUCH,
-        relationship: v1.Relationship.create({
-          resource: v1.ObjectReference.create({
-            objectType: t.resourceType,
-            objectId: t.resourceId,
-          }),
-          relation: t.relation,
-          subject: v1.SubjectReference.create({
-            object: v1.ObjectReference.create({
-              objectType: t.subjectType,
-              objectId: t.subjectId,
-            }),
-          }),
-        }),
-      }),
-    );
-    const request = v1.WriteRelationshipsRequest.create({ updates });
-    const response = await this.promises.writeRelationships(request);
-    return response.writtenAt?.token;
-  }
-  async deleteRelationships(tuples: RelationshipTuple[]): Promise<void> {
-    const updates = tuples.map((t) =>
-      v1.RelationshipUpdate.create({
-        operation: v1.RelationshipUpdate_Operation.DELETE,
-        relationship: v1.Relationship.create({
-          resource: v1.ObjectReference.create({
-            objectType: t.resourceType,
-            objectId: t.resourceId,
-          }),
-          relation: t.relation,
-          subject: v1.SubjectReference.create({
-            object: v1.ObjectReference.create({
-              objectType: t.subjectType,
-              objectId: t.subjectId,
-            }),
-          }),
-        }),
-      }),
-    );
-    const request = v1.WriteRelationshipsRequest.create({ updates });
-    await this.promises.writeRelationships(request);
-  }
-  async deleteRelationshipsByFilter(params: {
-    resourceType: string;
-    resourceId: string;
-    relation?: string;
-  }): Promise<string | undefined> {
-    const request = v1.DeleteRelationshipsRequest.create({
-      relationshipFilter: v1.RelationshipFilter.create({
-        resourceType: params.resourceType,
-        optionalResourceId: params.resourceId,
-        ...(params.relation ? { optionalRelation: params.relation } : {}),
-      }),
-    });
-    const response = await this.promises.deleteRelationships(request);
-    return response.deletedAt?.token;
-  }
-  // --------------------------------------------------------------------------
-  // Bulk Import
-  // --------------------------------------------------------------------------
-  private toRelationship(t: RelationshipTuple) {
-    return v1.Relationship.create({
-      resource: v1.ObjectReference.create({
-        objectType: t.resourceType,
-        objectId: t.resourceId,
-      }),
-      relation: t.relation,
-      subject: v1.SubjectReference.create({
-        object: v1.ObjectReference.create({
-          objectType: t.subjectType,
-          objectId: t.subjectId,
-        }),
-      }),
-    });
-  }
-  /**
-   * Bulk import relationships using the streaming ImportBulkRelationships RPC.
-   * More efficient than individual writeRelationships calls for large batches.
-   * Falls back to batched writeRelationships if the streaming RPC is unavailable.
-   */
-  async bulkImportRelationships(
-    tuples: RelationshipTuple[],
-    batchSize = 1000,
-  ): Promise<number> {
-    if (tuples.length === 0) return 0;
-    // Try streaming bulk import first
-    if (typeof this.promises.bulkImportRelationships === "function") {
-      return this.bulkImportViaStream(tuples, batchSize);
-    }
-    // Fallback: batched writeRelationships
-    return this.bulkImportViaWrite(tuples, batchSize);
-  }
-  private bulkImportViaStream(
-    tuples: RelationshipTuple[],
-    batchSize: number,
-  ): Promise<number> {
-    return new Promise((resolve, reject) => {
-      const stream = this.promises.bulkImportRelationships(
-        (err: Error | null, response?: { numLoaded?: string }) => {
-          if (err) reject(err);
-          else resolve(Number(response?.numLoaded ?? tuples.length));
-        },
-      );
-      stream.on("error", (err: Error) => {
-        reject(err);
-      });
-      for (let i = 0; i < tuples.length; i += batchSize) {
-        const chunk = tuples.slice(i, i + batchSize);
-        stream.write(
-          v1.BulkImportRelationshipsRequest.create({
-            relationships: chunk.map((t) => this.toRelationship(t)),
-          }),
-        );
-      }
-      stream.end();
-    });
-  }
-  private async bulkImportViaWrite(
-    tuples: RelationshipTuple[],
-    batchSize: number,
-  ): Promise<number> {
-    let total = 0;
-    for (let i = 0; i < tuples.length; i += batchSize) {
-      const chunk = tuples.slice(i, i + batchSize);
-      await this.writeRelationships(chunk);
-      total += chunk.length;
-    }
-    return total;
-  }
-  // --------------------------------------------------------------------------
-  // Read Relationships
-  // --------------------------------------------------------------------------
-  /**
-   * Read relationships matching a filter. Returns all tuples that match the
-   * specified resource type, optional resource ID, optional relation, and
-   * optional subject filter. Used by the cleanup command to find which
-   * Graphiti episodes have SpiceDB authorization relationships.
-   */
-  async readRelationships(params: {
-    resourceType: string;
-    resourceId?: string;
-    relation?: string;
-    subjectType?: string;
-    subjectId?: string;
-    consistency?: ConsistencyMode;
-  }): Promise<RelationshipTuple[]> {
-    const filterFields: Record<string, unknown> = {
-      resourceType: params.resourceType,
-    };
-    if (params.resourceId) {
-      filterFields.optionalResourceId = params.resourceId;
-    }
-    if (params.relation) {
-      filterFields.optionalRelation = params.relation;
-    }
-    if (params.subjectType) {
-      const subjectFilter: Record<string, unknown> = {
-        subjectType: params.subjectType,
-      };
-      if (params.subjectId) {
-        subjectFilter.optionalSubjectId = params.subjectId;
-      }
-      filterFields.optionalSubjectFilter = v1.SubjectFilter.create(subjectFilter);
-    }
-    const request = v1.ReadRelationshipsRequest.create({
-      relationshipFilter: v1.RelationshipFilter.create(filterFields),
-      consistency: this.buildConsistency(params.consistency),
-    });
-    const results = await this.promises.readRelationships(request);
-    const tuples: RelationshipTuple[] = [];
-    for (const r of results) {
-      const rel = r.relationship;
-      if (!rel?.resource || !rel.subject?.object) continue;
-      tuples.push({
-        resourceType: rel.resource.objectType,
-        resourceId: rel.resource.objectId,
-        relation: rel.relation,
-        subjectType: rel.subject.object.objectType,
-        subjectId: rel.subject.object.objectId,
-      });
-    }
-    return tuples;
-  }
-  // --------------------------------------------------------------------------
-  // Permissions
-  // --------------------------------------------------------------------------
-  private buildConsistency(mode?: ConsistencyMode) {
-    if (!mode || mode.mode === "minimize_latency") {
-      return v1.Consistency.create({
-        requirement: { oneofKind: "minimizeLatency", minimizeLatency: true },
-      });
-    }
-    if (mode.mode === "at_least_as_fresh") {
-      return v1.Consistency.create({
-        requirement: {
-          oneofKind: "atLeastAsFresh",
-          atLeastAsFresh: v1.ZedToken.create({ token: mode.token }),
-        },
-      });
-    }
-    return v1.Consistency.create({
-      requirement: { oneofKind: "fullyConsistent", fullyConsistent: true },
-    });
-  }
-  async checkPermission(params: {
-    resourceType: string;
-    resourceId: string;
-    permission: string;
-    subjectType: string;
-    subjectId: string;
-    consistency?: ConsistencyMode;
-  }): Promise<boolean> {
-    const request = v1.CheckPermissionRequest.create({
-      resource: v1.ObjectReference.create({
-        objectType: params.resourceType,
-        objectId: params.resourceId,
-      }),
-      permission: params.permission,
-      subject: v1.SubjectReference.create({
-        object: v1.ObjectReference.create({
-          objectType: params.subjectType,
-          objectId: params.subjectId,
-        }),
-      }),
-      consistency: this.buildConsistency(params.consistency),
-    });
-    const response = await this.promises.checkPermission(request);
-    return (
-      response.permissionship ===
-      v1.CheckPermissionResponse_Permissionship.HAS_PERMISSION
-    );
-  }
-  async lookupResources(params: {
-    resourceType: string;
-    permission: string;
-    subjectType: string;
-    subjectId: string;
-    consistency?: ConsistencyMode;
-  }): Promise<string[]> {
-    const request = v1.LookupResourcesRequest.create({
-      resourceObjectType: params.resourceType,
-      permission: params.permission,
-      subject: v1.SubjectReference.create({
-        object: v1.ObjectReference.create({
-          objectType: params.subjectType,
-          objectId: params.subjectId,
-        }),
-      }),
-      consistency: this.buildConsistency(params.consistency),
-    });
-    const results = await this.promises.lookupResources(request);
-    return results.map((r: { resourceObjectId: string }) => r.resourceObjectId);
-  }
-}

/package/{backends → dist/backends}/graphiti.defaults.json RENAMED Viewed

File without changes