@contextableai/openclaw-memory-rebac 0.3.2 → 0.3.4

package/README.md

@@ -168,7 +168,10 @@ When enabled (default: `true`), the plugin captures the last N messages from eac
 The SpiceDB schema defines four object types:
 
 ```
-definition person {}
+definition person {
+    relation agent: agent
+    permission represents = agent
+}
 
 definition agent {
     relation owner: person
@@ -186,7 +189,8 @@ definition memory_fragment {
     relation involves: person | agent
     relation shared_by: person | agent
 
-    permission view = involves + shared_by + source_group->access
+    // involves->represents: if a person is involved, their agent can also view
+    permission view = involves + shared_by + source_group->access + involves->represents
     permission delete = shared_by
 }
 ```

package/dist/authorization.d.ts

@@ -55,6 +55,12 @@ export declare function canDeleteFragment(spicedb: SpiceDbClient, subject: Subje
  * Used to gate writes to non-session groups — prevents unauthorized memory injection.
  */
 export declare function canWriteToGroup(spicedb: SpiceDbClient, subject: Subject, groupId: string, zedToken?: string): Promise<boolean>;
+/**
+ * Discover which groups a set of memory fragments belong to.
+ * Reads the `source_group` relation for each fragment ID.
+ * Returns deduplicated group IDs.
+ */
+export declare function lookupFragmentSourceGroups(spicedb: SpiceDbClient, fragmentIds: string[], zedToken?: string): Promise<string[]>;
 /**
  * Ensure a subject is registered as a member of a group.
  * Idempotent (uses TOUCH operation).

package/dist/authorization.js

@@ -130,6 +130,27 @@ export async function canWriteToGroup(spicedb, subject, groupId, zedToken) {
         consistency: tokenConsistency(zedToken),
     });
 }
+/**
+ * Discover which groups a set of memory fragments belong to.
+ * Reads the `source_group` relation for each fragment ID.
+ * Returns deduplicated group IDs.
+ */
+export async function lookupFragmentSourceGroups(spicedb, fragmentIds, zedToken) {
+    const groupIds = new Set();
+    for (const fid of fragmentIds) {
+        const tuples = await spicedb.readRelationships({
+            resourceType: "memory_fragment",
+            resourceId: fid,
+            relation: "source_group",
+            consistency: tokenConsistency(zedToken),
+        });
+        for (const t of tuples) {
+            if (t.subjectType === "group")
+                groupIds.add(t.subjectId);
+        }
+    }
+    return Array.from(groupIds);
+}
 /**
  * Ensure a subject is registered as a member of a group.
  * Idempotent (uses TOUCH operation).

package/dist/backend.d.ts

@@ -118,12 +118,6 @@ export interface MemoryBackend {
      * Returns true if deleted, false if the backend doesn't support it.
      */
     deleteFragment?(uuid: string, type?: string): Promise<boolean>;
-    /**
-     * Fetch fragment details by their IDs.
-     * Used for fragment-level recall (e.g., finding memories via `involves` permissions).
-     * Optional: not all backends support fetching individual fragments by ID.
-     */
-    getFragmentsByIds?(ids: string[]): Promise<SearchResult[]>;
     /**
      * Discover fragment (fact/edge) UUIDs that were extracted from a stored episode.
      * Called after store() resolves the episode ID to write per-fragment SpiceDB

package/dist/backends/graphiti.d.ts

@@ -63,7 +63,6 @@ export declare class GraphitiBackend implements MemoryBackend {
     listGroups(): Promise<BackendDataset[]>;
     deleteFragment(uuid: string, type?: string): Promise<boolean>;
     getEpisodes(groupId: string, lastN: number): Promise<GraphitiEpisode[]>;
-    getFragmentsByIds(ids: string[]): Promise<SearchResult[]>;
     discoverFragmentIds(episodeId: string): Promise<string[]>;
     getEntityEdge(uuid: string): Promise<FactResult>;
     registerCliCommands(cmd: Command): void;

package/dist/backends/graphiti.js

@@ -159,26 +159,6 @@ export class GraphitiBackend {
     async getEpisodes(groupId, lastN) {
         return this.restCall("GET", `/episodes/${encodeURIComponent(groupId)}?last_n=${lastN}`);
     }
-    async getFragmentsByIds(ids) {
-        const results = [];
-        for (const id of ids) {
-            try {
-                const fact = await this.getEntityEdge(id);
-                results.push({
-                    type: "fact",
-                    uuid: id,
-                    group_id: "unknown",
-                    summary: fact.fact,
-                    context: fact.name,
-                    created_at: fact.created_at,
-                });
-            }
-            catch {
-                // Fragment not found or unreachable — skip
-            }
-        }
-        return results;
-    }
     async discoverFragmentIds(episodeId) {
         const edges = await this.restCall("GET", `/episodes/${encodeURIComponent(episodeId)}/edges`);
         return edges.map((e) => e.uuid);

package/dist/cli.js

@@ -14,7 +14,7 @@ import { join, dirname, basename, resolve } from "node:path";
 import { homedir } from "node:os";
 import { fileURLToPath } from "node:url";
 import { defaultGroupId } from "./config.js";
-import { lookupAuthorizedGroups, lookupAgentOwner, lookupViewableFragments, ensureGroupMembership, } from "./authorization.js";
+import { lookupAuthorizedGroups, lookupAgentOwner, lookupViewableFragments, lookupFragmentSourceGroups, ensureGroupMembership, } from "./authorization.js";
 import { searchAuthorizedMemories } from "./search.js";
 // ============================================================================
 // Session helper (mirrors index.ts — no shared module to avoid circular import)
@@ -71,39 +71,50 @@ export function registerCommands(cmd, ctx) {
             })
             : [];
         // Fragment-based recall via involves/view permission
+        // Uses search-then-post-filter: search source groups for query relevance,
+        // then intersect with authorized fragment set for security.
         let fragmentResults = [];
-        if (backend.getFragmentsByIds) {
-            try {
-                // Determine the person to search as
-                let personSubject;
-                if (subject.type === "person") {
-                    // Direct person search — look up fragments they can view
-                    personSubject = subject;
-                }
-                else if (subject.type === "agent") {
-                    // Agent search — resolve owner identity first
-                    const ownerId = await lookupAgentOwner(spicedb, subject.id, token);
-                    if (ownerId) {
-                        personSubject = { type: "person", id: ownerId };
-                    }
+        try {
+            // Determine the person to search as
+            let personSubject;
+            if (subject.type === "person") {
+                personSubject = subject;
+            }
+            else if (subject.type === "agent") {
+                const ownerId = await lookupAgentOwner(spicedb, subject.id, token);
+                if (ownerId) {
+                    personSubject = { type: "person", id: ownerId };
                 }
-                if (personSubject) {
-                    const viewableIds = await lookupViewableFragments(spicedb, personSubject, token);
-                    if (viewableIds.length > 0) {
-                        const groupResultIds = new Set(groupResults.map((r) => r.uuid));
-                        const newIds = viewableIds.filter((id) => !groupResultIds.has(id));
-                        if (newIds.length > 0) {
-                            fragmentResults = await backend.getFragmentsByIds(newIds);
+            }
+            if (personSubject) {
+                const viewableIds = await lookupViewableFragments(spicedb, personSubject, token);
+                if (viewableIds.length > 0) {
+                    const groupResultIds = new Set(groupResults.map((r) => r.uuid));
+                    const newIds = viewableIds.filter((id) => !groupResultIds.has(id));
+                    if (newIds.length > 0) {
+                        // Discover which groups the viewable fragments belong to
+                        const ownerGroups = await lookupFragmentSourceGroups(spicedb, newIds, token);
+                        const alreadySearched = new Set(authorizedGroups);
+                        const newGroups = ownerGroups.filter(g => !alreadySearched.has(g));
+                        if (newGroups.length > 0) {
+                            const candidateResults = await searchAuthorizedMemories(backend, {
+                                query,
+                                groupIds: newGroups,
+                                limit: parseInt(opts.limit),
+                            });
+                            // Post-filter: only keep results the person is authorized to view
+                            const viewableSet = new Set(newIds);
+                            fragmentResults = candidateResults.filter(r => viewableSet.has(r.uuid));
                         }
                     }
-                    if (fragmentResults.length > 0) {
-                        console.log(`  + ${fragmentResults.length} result(s) via involves (${personSubject.type}:${personSubject.id})`);
-                    }
+                }
+                if (fragmentResults.length > 0) {
+                    console.log(`  + ${fragmentResults.length} result(s) via involves (${personSubject.type}:${personSubject.id})`);
                 }
             }
-            catch {
-                // Fragment lookup failed — proceed with group results only
-            }
+        }
+        catch {
+            // Fragment lookup failed — proceed with group results only
         }
         const allResults = [...groupResults, ...fragmentResults];
         if (allResults.length === 0) {
@@ -563,14 +574,23 @@ export function registerCommands(cmd, ctx) {
         .argument("<person-id>", "Owner person ID")
         .action(async (agentId, personId) => {
         try {
-            await spicedb.writeRelationships([{
+            await spicedb.writeRelationships([
+                {
                     resourceType: "agent",
                     resourceId: agentId,
                     relation: "owner",
                     subjectType: "person",
                     subjectId: personId,
-                }]);
-            console.log(`Linked agent:${agentId} → person:${personId}`);
+                },
+                {
+                    resourceType: "person",
+                    resourceId: personId,
+                    relation: "agent",
+                    subjectType: "agent",
+                    subjectId: agentId,
+                },
+            ]);
+            console.log(`Linked agent:${agentId} ↔ person:${personId}`);
         }
         catch (err) {
             console.error(`Failed to write identity link: ${err instanceof Error ? err.message : String(err)}`);
@@ -590,14 +610,23 @@ export function registerCommands(cmd, ctx) {
                 console.log(`No owner link found for agent:${agentId}`);
                 return;
             }
-            await spicedb.deleteRelationships([{
+            await spicedb.deleteRelationships([
+                {
                     resourceType: "agent",
                     resourceId: agentId,
                     relation: "owner",
                     subjectType: "person",
                     subjectId: ownerId,
-                }]);
-            console.log(`Unlinked agent:${agentId} (was → person:${ownerId})`);
+                },
+                {
+                    resourceType: "person",
+                    resourceId: ownerId,
+                    relation: "agent",
+                    subjectType: "agent",
+                    subjectId: agentId,
+                },
+            ]);
+            console.log(`Unlinked agent:${agentId} (was ↔ person:${ownerId})`);
         }
         catch (err) {
             console.error(`Failed to remove identity link: ${err instanceof Error ? err.message : String(err)}`);

package/dist/index.js

@@ -21,7 +21,7 @@ import { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
 import { rebacMemoryConfigSchema, createBackend, defaultGroupId } from "./config.js";
 import { SpiceDbClient } from "./spicedb.js";
-import { lookupAuthorizedGroups, lookupViewableFragments, lookupAgentOwner, writeFragmentRelationships, deleteFragmentRelationships, canDeleteFragment, canWriteToGroup, ensureGroupMembership, } from "./authorization.js";
+import { lookupAuthorizedGroups, lookupViewableFragments, lookupFragmentSourceGroups, lookupAgentOwner, writeFragmentRelationships, deleteFragmentRelationships, canDeleteFragment, canWriteToGroup, ensureGroupMembership, } from "./authorization.js";
 import { searchAuthorizedMemories, formatDualResults, deduplicateSessionResults, } from "./search.js";
 import { registerCommands } from "./cli.js";
 // ============================================================================
@@ -154,8 +154,10 @@ const rebacMemoryPlugin = {
                 const groupResults = [...longTermResults, ...sessionResults];
                 // Owner-aware fragment search: if the subject is an agent with an owner,
                 // also find fragments where the owner is in `involves`.
+                // Uses search-then-post-filter: search the source groups for query relevance,
+                // then intersect with the authorized fragment set for security.
                 let ownerFragmentResults = [];
-                if (subject.type === "agent" && backend.getFragmentsByIds) {
+                if (subject.type === "agent") {
                     try {
                         const ownerId = await lookupAgentOwner(spicedb, subject.id, state.lastWriteToken);
                         if (ownerId) {
@@ -165,7 +167,20 @@ const rebacMemoryPlugin = {
                                 const groupResultIds = new Set(groupResults.map((r) => r.uuid));
                                 const newIds = viewableIds.filter((id) => !groupResultIds.has(id));
                                 if (newIds.length > 0) {
-                                    ownerFragmentResults = await backend.getFragmentsByIds(newIds);
+                                    // Discover which groups the viewable fragments belong to
+                                    const ownerGroups = await lookupFragmentSourceGroups(spicedb, newIds, state.lastWriteToken);
+                                    const alreadySearched = new Set([...longTermGroups, ...sessionGroups]);
+                                    const newGroups = ownerGroups.filter(g => !alreadySearched.has(g));
+                                    if (newGroups.length > 0) {
+                                        const candidateResults = await searchAuthorizedMemories(backend, {
+                                            query,
+                                            groupIds: newGroups,
+                                            limit,
+                                        });
+                                        // Post-filter: only keep results the owner is authorized to view
+                                        const viewableSet = new Set(newIds);
+                                        ownerFragmentResults = candidateResults.filter(r => viewableSet.has(r.uuid));
+                                    }
                                 }
                             }
                         }
@@ -686,16 +701,25 @@ const rebacMemoryPlugin = {
                     // Write agent → owner relationships from identities config
                     for (const [agentId, personId] of Object.entries(cfg.identities)) {
                         try {
-                            const token = await spicedb.writeRelationships([{
+                            const token = await spicedb.writeRelationships([
+                                {
                                     resourceType: "agent",
                                     resourceId: agentId,
                                     relation: "owner",
                                     subjectType: "person",
                                     subjectId: personId,
-                                }]);
+                                },
+                                {
+                                    resourceType: "person",
+                                    resourceId: personId,
+                                    relation: "agent",
+                                    subjectType: "agent",
+                                    subjectId: agentId,
+                                },
+                            ]);
                             if (token)
                                 defaultState.lastWriteToken = token;
-                            api.logger.info(`openclaw-memory-rebac: linked agent:${agentId} → person:${personId}`);
+                            api.logger.info(`openclaw-memory-rebac: linked agent:${agentId} ↔ person:${personId}`);
                         }
                         catch (err) {
                             api.logger.warn(`openclaw-memory-rebac: failed to write owner for agent:${agentId}: ${err}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contextableai/openclaw-memory-rebac",
-  "version": "0.3.2",
+  "version": "0.3.4",
   "description": "OpenClaw two-layer memory plugin: SpiceDB ReBAC authorization + Graphiti knowledge graph",
   "type": "module",
   "license": "MIT",

package/schema.zed

@@ -1,4 +1,7 @@
-definition person {}
+definition person {
+    relation agent: agent
+    permission represents = agent
+}
 
 definition agent {
     relation owner: person
@@ -16,8 +19,9 @@ definition memory_fragment {
     relation involves: person | agent
     relation shared_by: person | agent
 
-    // Can view if: directly involved, shared it, or have access to the source group
-    permission view = involves + shared_by + source_group->access
+    // Can view if: directly involved, shared it, have access to the source group,
+    // or are an agent whose owner is involved (involves->agent traversal)
+    permission view = involves + shared_by + source_group->access + involves->represents
     // Can delete if: you shared it (owner-level control)
     permission delete = shared_by
 }