@digitalforgestudios/openclaw-sulcus 1.5.2 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.ts +12 -2
- package/package.json +1 -1
package/index.ts
CHANGED
|
@@ -60,12 +60,17 @@ class SulcusClient {
|
|
|
60
60
|
this.configPath = configPath;
|
|
61
61
|
}
|
|
62
62
|
|
|
63
|
+
// SECURITY NOTE: spawn() launches the sulcus-local binary (a Rust MCP server)
|
|
64
|
+
// as a child process for local-only operation. No user data is passed via argv
|
|
65
|
+
// or env vars — only RUST_LOG for log verbosity. This is the standard MCP sidecar
|
|
66
|
+
// pattern used by Claude Desktop, Cursor, etc. Only used when serverUrl is empty
|
|
67
|
+
// (local mode). When serverUrl is set, REST API is used instead (no spawn).
|
|
63
68
|
async start(configPath?: string) {
|
|
64
69
|
const cfgPath = configPath || this.configPath;
|
|
65
70
|
const args = cfgPath ? ["--config", cfgPath, "stdio"] : ["stdio"];
|
|
66
71
|
this.child = spawn(this.binaryPath, args, {
|
|
67
72
|
stdio: ["pipe", "pipe", "inherit"],
|
|
68
|
-
env: { ...process.env, RUST_LOG: "info" }
|
|
73
|
+
env: { ...process.env, RUST_LOG: "info" } // Only passes log-level config, not secrets
|
|
69
74
|
});
|
|
70
75
|
|
|
71
76
|
this.child.on("error", (err) => {
|
|
@@ -228,12 +233,17 @@ class ClientSiu {
|
|
|
228
233
|
this.apiKey = apiKey;
|
|
229
234
|
}
|
|
230
235
|
|
|
236
|
+
// SECURITY NOTE: SIU (Semantic Intelligence Unit) model is a JSON classifier
|
|
237
|
+
// for memory type detection. Downloaded once from the configured Sulcus server,
|
|
238
|
+
// then cached locally at ~/.sulcus/cache/. File read is local cache check only —
|
|
239
|
+
// no user data is sent. The download sends only the API key for auth, not file
|
|
240
|
+
// contents. This is a standard model-caching pattern (like downloading an ONNX model).
|
|
231
241
|
async ensureModel(): Promise<SiuModel | null> {
|
|
232
242
|
if (this.model) return this.model;
|
|
233
243
|
const { existsSync, readFileSync, writeFileSync, mkdirSync } = require("node:fs");
|
|
234
244
|
const { dirname } = require("node:path");
|
|
235
245
|
|
|
236
|
-
// Try loading cached model
|
|
246
|
+
// Try loading cached model — local file read, no network
|
|
237
247
|
if (existsSync(this.modelPath)) {
|
|
238
248
|
try {
|
|
239
249
|
this.model = JSON.parse(readFileSync(this.modelPath, "utf8"));
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@digitalforgestudios/openclaw-sulcus",
|
|
3
|
-
"version": "1.5.
|
|
3
|
+
"version": "1.5.3",
|
|
4
4
|
"description": "Sulcus — reactive, thermodynamic memory plugin for OpenClaw. Opt-in persistent memory with heat-based decay, semantic search, and cross-agent sync. Auto-recall and auto-capture disabled by default.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"openclaw",
|