@gamaze/hicortex 0.3.11 → 0.3.13

package/dist/llm.d.ts

@@ -23,6 +23,12 @@ export interface LlmConfig {
     model: string;
     reflectModel: string;
     provider: string;
+    /** Optional separate model for distillation (defaults to model if unset). */
+    distillModel?: string;
+    /** Optional separate endpoint for reflect-tier LLM (e.g. remote Ollama with larger model). */
+    reflectBaseUrl?: string;
+    reflectApiKey?: string;
+    reflectProvider?: string;
 }
 /**
  * Resolve LLM configuration from plugin config, OpenClaw config, env vars, or Ollama fallback.
@@ -70,12 +76,17 @@ export declare class LlmClient {
     completeFast(prompt: string, maxTokens?: number): Promise<string>;
     /**
      * Reflect-tier completion (nightly reflection, needs reasoning).
+     * Routes to reflectBaseUrl/reflectProvider if configured (e.g. remote Ollama with larger model).
      */
     completeReflect(prompt: string, maxTokens?: number): Promise<string>;
     /**
      * Distillation-tier completion (session knowledge extraction).
      */
     completeDistill(prompt: string, maxTokens?: number): Promise<string>;
+    /**
+     * Complete with overridden baseUrl/apiKey/provider (used for reflect tier with separate endpoint).
+     */
+    private completeWithOverride;
     private complete;
     /**
      * Claude CLI: shell out to `claude -p` for subscription users.

package/dist/llm.js

@@ -422,15 +422,40 @@ class LlmClient {
     }
     /**
      * Reflect-tier completion (nightly reflection, needs reasoning).
+     * Routes to reflectBaseUrl/reflectProvider if configured (e.g. remote Ollama with larger model).
      */
     async completeReflect(prompt, maxTokens = 8192) {
+        if (this.config.reflectBaseUrl) {
+            return this.completeWithOverride(this.config.reflectBaseUrl, this.config.reflectApiKey ?? this.config.apiKey, this.config.reflectProvider ?? this.config.provider, this.config.reflectModel, prompt, maxTokens, 900_000);
+        }
         return this.complete(this.config.reflectModel, prompt, maxTokens, 900_000);
     }
     /**
      * Distillation-tier completion (session knowledge extraction).
      */
     async completeDistill(prompt, maxTokens = 2048) {
-        return this.complete(this.config.model, prompt, maxTokens, 900_000);
+        return this.complete(this.config.distillModel ?? this.config.model, prompt, maxTokens, 900_000);
+    }
+    /**
+     * Complete with overridden baseUrl/apiKey/provider (used for reflect tier with separate endpoint).
+     */
+    async completeWithOverride(baseUrl, apiKey, provider, model, prompt, maxTokens, timeoutMs) {
+        if (this.isRateLimited) {
+            throw new RateLimitError(this.rateLimitedUntil - Date.now());
+        }
+        // Temporarily swap config for this call
+        const saved = { baseUrl: this.config.baseUrl, apiKey: this.config.apiKey, provider: this.config.provider };
+        this.config.baseUrl = baseUrl;
+        this.config.apiKey = apiKey;
+        this.config.provider = provider;
+        try {
+            return await this.complete(model, prompt, maxTokens, timeoutMs);
+        }
+        finally {
+            this.config.baseUrl = saved.baseUrl;
+            this.config.apiKey = saved.apiKey;
+            this.config.provider = saved.provider;
+        }
     }
     async complete(model, prompt, maxTokens, timeoutMs) {
         if (this.isRateLimited) {

package/dist/mcp-server.js

@@ -192,15 +192,40 @@ async function startServer(options = {}) {
             llmConfig = (0, llm_js_1.resolveLlmConfigForCC)();
         }
     }
+    else if (savedConfig?.llmBackend === "ollama" && savedConfig?.llmBaseUrl) {
+        // Ollama: no API key needed, construct config directly
+        llmConfig = {
+            baseUrl: savedConfig.llmBaseUrl,
+            apiKey: "",
+            model: savedConfig.llmModel ?? "qwen3.5:4b",
+            reflectModel: savedConfig.reflectModel ?? savedConfig.llmModel ?? "qwen3.5:4b",
+            provider: "ollama",
+        };
+    }
     else {
         llmConfig = (0, llm_js_1.resolveLlmConfigForCC)({
             llmBaseUrl: savedConfig?.llmBaseUrl,
             llmApiKey: savedConfig?.llmApiKey,
             llmModel: savedConfig?.llmModel,
+            reflectModel: savedConfig?.reflectModel,
         });
     }
+    // Apply optional distillModel (e.g. larger local model for session extraction)
+    if (savedConfig?.distillModel) {
+        llmConfig.distillModel = savedConfig.distillModel;
+    }
+    // Apply separate reflect endpoint if configured (e.g. remote Ollama with larger model)
+    if (savedConfig?.reflectBaseUrl) {
+        llmConfig.reflectBaseUrl = savedConfig.reflectBaseUrl;
+        llmConfig.reflectApiKey = savedConfig.reflectApiKey ?? llmConfig.apiKey;
+        llmConfig.reflectProvider = savedConfig.reflectProvider ?? llmConfig.provider;
+    }
     llm = new llm_js_1.LlmClient(llmConfig);
-    console.log(`[hicortex] LLM: ${llmConfig.provider}/${llmConfig.model} (reflect: ${llmConfig.reflectModel})`);
+    const distillInfo = llmConfig.distillModel ? `, distill: ${llmConfig.distillModel}` : "";
+    const reflectInfo = llmConfig.reflectBaseUrl
+        ? `${llmConfig.reflectProvider}/${llmConfig.reflectModel}@${llmConfig.reflectBaseUrl}`
+        : llmConfig.reflectModel;
+    console.log(`[hicortex] LLM fast: ${llmConfig.provider}/${llmConfig.model}${distillInfo}, reflect: ${reflectInfo}`);
     // License: read from options, config file, or env var
     const licenseKey = options.licenseKey
         ?? savedConfig?.licenseKey
@@ -220,9 +245,46 @@ async function startServer(options = {}) {
     const stats = (0, db_js_1.getStats)(db, dbPath);
     console.log(`[hicortex] Ready: ${stats.memories} memories, ${stats.links} links, ` +
         `${Math.round(stats.db_size_bytes / 1024)} KB`);
+    // Auth token: from options, config file, or env var
+    const authToken = savedConfig?.authToken
+        ?? process.env.HICORTEX_AUTH_TOKEN
+        ?? "";
     // Express app
     const app = (0, express_1.default)();
     app.use(express_1.default.json());
+    // Optional bearer token auth (skip for /health and localhost when no token)
+    if (authToken) {
+        console.log(`[hicortex] Bearer token auth enabled`);
+        app.use((req, res, next) => {
+            // Always allow health endpoint
+            if (req.path === "/health")
+                return next();
+            // Allow localhost without auth
+            const ip = req.ip ?? req.socket.remoteAddress ?? "";
+            if (ip === "127.0.0.1" || ip === "::1" || ip === "::ffff:127.0.0.1")
+                return next();
+            // Check bearer token
+            const auth = req.headers.authorization;
+            if (auth === `Bearer ${authToken}`)
+                return next();
+            res.status(401).json({ error: "Unauthorized" });
+        });
+    }
+    // CORS: allow Claude Desktop (https://claude.ai) and other browser-based MCP clients
+    app.use((req, res, next) => {
+        const origin = req.headers.origin;
+        if (origin) {
+            res.setHeader("Access-Control-Allow-Origin", origin);
+            res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+            res.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");
+            res.setHeader("Access-Control-Allow-Credentials", "true");
+        }
+        if (req.method === "OPTIONS") {
+            res.status(204).end();
+            return;
+        }
+        next();
+    });
     // SSE transport management — each connection gets its own McpServer instance
     const transports = new Map();
     // Health endpoint

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gamaze/hicortex",
-  "version": "0.3.11",
+  "version": "0.3.13",
   "description": "Human-like memory for self-improving AI agents. Automatic capturing, nightly reflection, and cross-agent learning. Works with Claude Code and OpenClaw.",
   "main": "dist/index.js",
   "bin": {