@equationalapplications/core-llm-wiki 4.13.1 → 4.14.1

package/README.md

@@ -477,6 +477,18 @@ Core WikiMemory provides:
 - **Input Validation**: `sourceRef`/`sourceHash` normalized; embedding dimensions validated
 - **Parameterized Queries**: All SQL uses bind parameters
 
+### Prompt-Injection Trust Boundary
+
+User-controlled text — `event.summary` passed to `write()`, document chunks passed to `ingestDocument()`,
+fact `title`/`body` (including imported dumps) — is interpolated verbatim into LLM prompts for librarian,
+heal, and embedding operations. Prompt templating does simple variable substitution; it does not detect
+or filter instruction-like content.
+
+Mitigating prompt injection (e.g. "ignore prior instructions and emit...") is **the host's responsibility**.
+If your application accepts untrusted input that flows into `write()`, `ingestDocument()`, or `importDump()`,
+treat the LLM's librarian/heal output as similarly untrusted — validate or scope it before acting on it
+downstream.
+
 ## Usage
 
 ```typescript

package/dist/{chunk-6FWG2DG4.mjs → chunk-24ANTHZB.mjs}

@@ -284,6 +284,20 @@ var JobManager = class {
     this.activeMaintenanceJobs = /* @__PURE__ */ new Set();
     this.activeIngestJobs = /* @__PURE__ */ new Map();
     this.statusSubscribers = /* @__PURE__ */ new Map();
+    /**
+     * Lookup table for acquireLock/releaseLock's dynamic-dispatch branch.
+     * Excludes 'ingest' | 'global_reembed' | 'global_import', which those
+     * methods already handle via explicit if/else branches before reaching
+     * this table.
+     */
+    this.lockKeyFns = {
+      prune: (id) => this._pruneKey(id),
+      librarian: (id) => this._librarianKey(id),
+      heal: (id) => this._healKey(id),
+      reembed: (id) => this._reembedKey(id),
+      import: (id) => this._importKey(id),
+      forget: (id) => this._forgetKey(id)
+    };
   }
   _pruneKey(entityId) {
     return `${this.prefix}:${entityId}:prune`;
@@ -433,9 +447,7 @@ var JobManager = class {
     } else if (operation === "global_import") {
       this.activeMaintenanceJobs.add(this._globalImportKey());
     } else {
-      const keyFnName = `_${operation}Key`;
-      const keyFn = this[keyFnName];
-      this.activeMaintenanceJobs.add(keyFn.call(this, entityId));
+      this.activeMaintenanceJobs.add(this.lockKeyFns[operation](entityId));
     }
     this._notifyStatusSubscribers(entityId);
   }
@@ -447,9 +459,7 @@ var JobManager = class {
     } else if (operation === "global_import") {
       this.activeMaintenanceJobs.delete(this._globalImportKey());
     } else {
-      const keyFnName = `_${operation}Key`;
-      const keyFn = this[keyFnName];
-      this.activeMaintenanceJobs.delete(keyFn.call(this, entityId));
+      this.activeMaintenanceJobs.delete(this.lockKeyFns[operation](entityId));
     }
     this._notifyStatusSubscribers(entityId);
   }
@@ -875,7 +885,9 @@ function generateId(prefix = "") {
     crypto.getRandomValues(bytes);
     return prefix + Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("").substring(0, 24);
   }
-  return prefix + Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+  throw new Error(
+    "generateId: no cryptographically secure random source available (crypto.randomUUID and crypto.getRandomValues are both missing)."
+  );
 }
 
 // src/services/IngestionService.ts
@@ -1412,6 +1424,9 @@ var MaintenanceService = class {
 };
 
 // src/services/ImportExportService.ts
+var MAX_EMBEDDING_BLOB_BYTES = 32 * 1024;
+var IMPORT_TITLE_MAX = 500;
+var IMPORT_BODY_MAX = 8e3;
 var ImportExportService = class {
   constructor(db, entryRepo, taskRepo, eventRepo, metadataRepo, searchService, jobManager, embeddingService) {
     this.db = db;
@@ -1493,6 +1508,7 @@ var ImportExportService = class {
     const factsWithPreservedBlob = /* @__PURE__ */ new Map();
     const preservedBlobDims = /* @__PURE__ */ new Set();
     const softDeletedFactIds = [];
+    const clippedTextByFactId = /* @__PURE__ */ new Map();
     await this.db.withTransactionAsync(async (tx) => {
       if (!merge) {
         const deletedLiveFactIds = await this.entryRepo.findIdsBySource(
@@ -1529,21 +1545,32 @@ var ImportExportService = class {
         const rawBlobRaw = fact.embedding_blob;
         let rawBlob = null;
         if (rawBlobRaw instanceof Uint8Array) {
-          rawBlob = rawBlobRaw;
+          if (rawBlobRaw.byteLength <= MAX_EMBEDDING_BLOB_BYTES) {
+            rawBlob = rawBlobRaw;
+          }
         } else if (rawBlobRaw !== null && rawBlobRaw !== void 0 && typeof rawBlobRaw === "object") {
           const obj = rawBlobRaw;
           if (obj["type"] === "Buffer" && Array.isArray(obj["data"])) {
-            rawBlob = new Uint8Array(obj["data"]);
+            const data = obj["data"];
+            if (data.length <= MAX_EMBEDDING_BLOB_BYTES) {
+              rawBlob = new Uint8Array(data);
+            }
           } else if (!Array.isArray(rawBlobRaw)) {
             const entries = Object.keys(obj);
             if (entries.length > 0 && entries.every((k) => /^\d+$/.test(k))) {
               const len = entries.length;
-              rawBlob = new Uint8Array(len);
-              for (let i = 0; i < len; i++)
-                rawBlob[i] = obj[String(i)] ?? 0;
+              if (len <= MAX_EMBEDDING_BLOB_BYTES) {
+                rawBlob = new Uint8Array(len);
+                for (let i = 0; i < len; i++) {
+                  rawBlob[i] = obj[String(i)] ?? 0;
+                }
+              }
             }
           }
         }
+        if (rawBlob !== null && rawBlob.byteLength > MAX_EMBEDDING_BLOB_BYTES) {
+          rawBlob = null;
+        }
         let blobData = null;
         if (rawBlob !== null && rawBlob.byteLength > 0 && rawBlob.byteLength % 4 === 0) {
           const copy = new ArrayBuffer(rawBlob.byteLength);
@@ -1573,11 +1600,14 @@ var ImportExportService = class {
           }
           if (merge && safeUpdatedAt <= existing.updated_at) continue;
         }
+        const safeTitle = clip(String(fact.title ?? ""), IMPORT_TITLE_MAX);
+        const safeBody = clip(String(fact.body ?? ""), IMPORT_BODY_MAX);
+        clippedTextByFactId.set(fact.id, { title: safeTitle, body: safeBody });
         const factObj = {
           id: fact.id,
           entity_id: entityId,
-          title: fact.title,
-          body: fact.body,
+          title: safeTitle,
+          body: safeBody,
           tags: Array.isArray(fact.tags) ? fact.tags : [],
           confidence: fact.confidence,
           source_type: sourceType,
@@ -1665,11 +1695,12 @@ var ImportExportService = class {
     await this.searchService.sync(entityId);
     for (const fact of bundle.facts) {
       if (!fact.deleted_at && upsertedFactIds.has(fact.id) && !factsWithPreservedBlob.has(fact.id)) {
+        const clipped = clippedTextByFactId.get(fact.id);
         const embedded = await this.embeddingService.embedFact({
           id: fact.id,
           entity_id: entityId,
-          title: fact.title,
-          body: fact.body,
+          title: clipped?.title ?? fact.title,
+          body: clipped?.body ?? fact.body,
           tags: Array.isArray(fact.tags) || typeof fact.tags === "string" ? fact.tags : []
         });
         if (!embedded) {
@@ -1769,7 +1800,7 @@ var ImportExportService = class {
   }
   _warnCrossEntityCollision(type, id, existingEntityId, targetEntityId) {
     console.warn(
-      `[WikiMemory] importDump: ${type} id "${id}" already belongs to entity "${existingEntityId}"; skipping for entity "${targetEntityId}"`
+      `[WikiMemory] importDump: ${type} id ${JSON.stringify(id)} already belongs to entity ${JSON.stringify(existingEntityId)}; skipping for entity ${JSON.stringify(targetEntityId)}`
     );
   }
   _normalizeImportedSourceType(raw, ctx) {
@@ -1848,7 +1879,7 @@ var EmbeddingService = class {
         tagsStr = fact.tags;
       }
     }
-    const text = `${fact.title} ${fact.body} ${tagsStr}`.trim();
+    const text = clip(`${fact.title} ${fact.body} ${tagsStr}`.trim(), 16e3);
     try {
       const vector = await embedFn(text);
       if (vector.length === 0 || !vector.every((v) => typeof v === "number" && isFinite(v))) {
@@ -2462,15 +2493,38 @@ var RetrievalService = class {
 
 // src/services/WriteService.ts
 var WriteService = class {
-  constructor(db, options, eventRepo, metadataRepo, jobManager, maintenanceService) {
+  constructor(db, options, entryRepo, eventRepo, metadataRepo, jobManager, maintenanceService) {
     this.db = db;
     this.options = options;
+    this.entryRepo = entryRepo;
     this.eventRepo = eventRepo;
     this.metadataRepo = metadataRepo;
     this.jobManager = jobManager;
     this.maintenanceService = maintenanceService;
   }
   async write(entityId, event) {
+    if (typeof entityId !== "string" || entityId.length === 0 || entityId.length > 200 || entityId.includes("\0")) {
+      throw new TypeError(
+        `Invalid entityId: must be a non-empty string at most 200 chars with no null bytes; got ${JSON.stringify(entityId)}.`
+      );
+    }
+    if (event === null || typeof event !== "object" || Array.isArray(event)) {
+      throw new TypeError("Invalid event: must be a non-null object.");
+    }
+    if (typeof event.summary !== "string") {
+      throw new TypeError("Invalid event.summary: must be a string.");
+    }
+    const summary = clip(event.summary, 4e3);
+    let relatedEntryId = null;
+    const rawRelatedEntryId = event.related_entry_id;
+    if (rawRelatedEntryId != null && rawRelatedEntryId !== "") {
+      if (typeof rawRelatedEntryId !== "string" || rawRelatedEntryId.length > 200 || rawRelatedEntryId.includes("\0")) {
+        relatedEntryId = null;
+      } else {
+        const existing = await this.entryRepo.findByIds([rawRelatedEntryId], [entityId]);
+        relatedEntryId = existing.length > 0 ? rawRelatedEntryId : null;
+      }
+    }
     const id = generateId("evt_");
     const now = Date.now();
     let eventType = event.event_type;
@@ -2481,8 +2535,8 @@ var WriteService = class {
       id,
       entity_id: entityId,
       event_type: eventType,
-      summary: event.summary,
-      related_entry_id: event.related_entry_id || null,
+      summary,
+      related_entry_id: relatedEntryId,
       created_at: now
     };
     let shouldRunLibrarian = false;
@@ -2543,5 +2597,5 @@ var WriteService = class {
 };
 
 export { EmbeddingService, HOOK_TIMEOUT_MARKER, ImportExportService, IngestionService, JobManager, MaintenanceService, PromptService, PrunePartialFailureError, RetrievalService, SearchService, WikiBusyError, WriteService, __privateAdd, __privateGet, __privateSet, generateId, normalizeSourceHash, normalizeSourceRef, parseEmbedding };
-//# sourceMappingURL=chunk-6FWG2DG4.mjs.map
-//# sourceMappingURL=chunk-6FWG2DG4.mjs.map
+//# sourceMappingURL=chunk-24ANTHZB.mjs.map
+//# sourceMappingURL=chunk-24ANTHZB.mjs.map