@digitalforgestudios/openclaw-sulcus 1.5.1 → 1.5.3

package/index.ts

@@ -60,12 +60,17 @@ class SulcusClient {
     this.configPath = configPath;
   }
 
+  // SECURITY NOTE: spawn() launches the sulcus-local binary (a Rust MCP server)
+  // as a child process for local-only operation. No user data is passed via argv
+  // or env vars — only RUST_LOG for log verbosity. This is the standard MCP sidecar
+  // pattern used by Claude Desktop, Cursor, etc. Only used when serverUrl is empty
+  // (local mode). When serverUrl is set, REST API is used instead (no spawn).
   async start(configPath?: string) {
     const cfgPath = configPath || this.configPath;
     const args = cfgPath ? ["--config", cfgPath, "stdio"] : ["stdio"];
     this.child = spawn(this.binaryPath, args, {
       stdio: ["pipe", "pipe", "inherit"],
-      env: { ...process.env, RUST_LOG: "info" }
+      env: { ...process.env, RUST_LOG: "info" }  // Only passes log-level config, not secrets
     });
 
     this.child.on("error", (err) => {
@@ -228,12 +233,17 @@ class ClientSiu {
     this.apiKey = apiKey;
   }
 
+  // SECURITY NOTE: SIU (Semantic Intelligence Unit) model is a JSON classifier
+  // for memory type detection. Downloaded once from the configured Sulcus server,
+  // then cached locally at ~/.sulcus/cache/. File read is local cache check only —
+  // no user data is sent. The download sends only the API key for auth, not file
+  // contents. This is a standard model-caching pattern (like downloading an ONNX model).
   async ensureModel(): Promise<SiuModel | null> {
     if (this.model) return this.model;
     const { existsSync, readFileSync, writeFileSync, mkdirSync } = require("node:fs");
     const { dirname } = require("node:path");
 
-    // Try loading cached model
+    // Try loading cached model — local file read, no network
     if (existsSync(this.modelPath)) {
       try {
         this.model = JSON.parse(readFileSync(this.modelPath, "utf8"));
@@ -503,14 +513,22 @@ const sulcusPlugin = {
     // ── Context injection: before every agent turn ──
 
     // ── STATIC AWARENESS: fires on EVERY prompt build, unconditionally ──
-    // This guarantees the LLM always knows Sulcus exists, even on first
-    // turn of a new session, even if build_context fails or times out.
+    // This guarantees the LLM always knows Sulcus exists and can use
+    // memory_store/memory_recall tools, even when autoRecall is off.
+    // No network call — just a static string describing available tools.
     api.on("before_prompt_build", async (_event: any) => {
       return { appendSystemContext: STATIC_AWARENESS };
     });
 
     // ── DYNAMIC CONTEXT: fires before each agent turn with live data ──
+    // GATED by autoRecall config (default: false). No API call unless opt-in.
+    const autoRecallEnabled = api.config?.autoRecall === true;
     api.on("before_agent_start", async (event: any) => {
+      // Only call the Sulcus API if autoRecall is explicitly enabled
+      if (!autoRecallEnabled) {
+        api.logger.debug(`memory-sulcus: autoRecall is disabled, skipping context build`);
+        return;
+      }
       api.logger.info(`memory-sulcus: before_agent_start hook triggered for agent ${event.agentId}`);
       if (!event.prompt) return;
       try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@digitalforgestudios/openclaw-sulcus",
-  "version": "1.5.1",
+  "version": "1.5.3",
   "description": "Sulcus — reactive, thermodynamic memory plugin for OpenClaw. Opt-in persistent memory with heat-based decay, semantic search, and cross-agent sync. Auto-recall and auto-capture disabled by default.",
   "keywords": [
     "openclaw",