@graphmemory/server 1.2.0 → 1.3.1

package/LICENSE

@@ -1,15 +1,87 @@
-ISC License
+Copyright (c) 2025-2026 Graph Memory Team
 
-Copyright (c) 2026 prih
+Elastic License 2.0 (ELv2)
 
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
+URL: https://www.elastic.co/licensing/elastic-license
 
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject
+to the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set
+of the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other
+notices of the licensor in the software. Any use of the licensor's trademarks
+is subject to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license
+for the software granted under these terms ends immediately. If your company
+makes such a claim, your patent license ends immediately for work on behalf
+of your company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from
+you also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license
+no later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your
+licenses to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is
+the software the licensor makes available under these terms, including any
+portion of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that organization.
+**control** means ownership of substantially all the assets of an entity, or
+the power to direct the management and policies of an entity.

package/README.md

@@ -170,6 +170,12 @@ Full documentation is in [docs/](docs/README.md):
 - **UI**: [architecture](docs/ui-architecture.md), [features](docs/ui-features.md), [patterns](docs/ui-patterns.md)
 - **Development**: [testing](docs/testing.md), [API patterns](docs/api-patterns.md)
 
+## Contributing
+
+Contributions are welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+For security vulnerabilities, see [SECURITY.md](SECURITY.md).
+
 ## License
 
-ISC
+[Elastic License 2.0 (ELv2)](LICENSE) — free to use, modify, and self-host. Not permitted to offer as a managed/hosted service.

package/dist/api/index.js

@@ -46,6 +46,9 @@ const streamableHttp_js_1 = require("@modelcontextprotocol/sdk/server/streamable
 const embedder_1 = require("../lib/embedder");
 const index_1 = require("../api/rest/index");
 const websocket_1 = require("../api/rest/websocket");
+const access_1 = require("../lib/access");
+const defaults_1 = require("../lib/defaults");
+const multi_config_1 = require("../lib/multi-config");
 const docs_1 = require("../graphs/docs");
 const code_1 = require("../graphs/code");
 const knowledge_1 = require("../graphs/knowledge");
@@ -146,7 +149,7 @@ function buildInstructions(ctx) {
 }
 /**
  * Creates the McpServer with all tools wired to the given graphs.
- * Pass docGraph to enable the 10 doc tools (5 base + 5 code-block tools);
+ * Pass docGraph to enable the 9 doc tools (5 base + 4 code-block) + 1 cross_references (needs codeGraph too);
  * pass codeGraph to enable the 5 code tools;
  * pass fileIndexGraph to enable the 3 file index tools.
  * cross_references requires both docGraph and codeGraph.
@@ -156,7 +159,7 @@ function buildInstructions(ctx) {
  *                 Tests typically pass a single function; CLI passes a map for per-graph models.
  * @param mutationQueue  Optional PromiseQueue to serialize mutation tool handlers.
  */
-function createMcpServer(docGraph, codeGraph, knowledgeGraph, fileIndexGraph, taskGraph, embedFn, mutationQueue, projectDir, skillGraph, sessionContext) {
+function createMcpServer(docGraph, codeGraph, knowledgeGraph, fileIndexGraph, taskGraph, embedFn, mutationQueue, projectDir, skillGraph, sessionContext, readonlyGraphs, userAccess) {
     // Backward-compat: single EmbedFn → use for both document and query
     const defaultPair = { document: (q) => (0, embedder_1.embed)(q, ''), query: (q) => (0, embedder_1.embed)(q, '') };
     const fns = typeof embedFn === 'function'
@@ -181,11 +184,34 @@ function createMcpServer(docGraph, codeGraph, knowledgeGraph, fileIndexGraph, ta
     const server = new mcp_js_1.McpServer({ name: 'graphmemory', version: '1.2.0' }, instructions ? { instructions } : undefined);
     // Mutation tools are registered through mutServer to serialize concurrent writes
     const mutServer = mutationQueue ? createMutationServer(server, mutationQueue) : server;
+    // Check if mutation tools should be registered for a graph:
+    // - graph must not be readonly (global setting — tools hidden for all)
+    // - user must have write access (per-user — tools hidden for this user)
+    // - if no userAccess map, all mutations are allowed (no auth configured)
+    const canMutate = (graphName) => {
+        if (readonlyGraphs?.has(graphName))
+            return false;
+        if (userAccess) {
+            const level = userAccess.get(graphName);
+            if (level && !(0, access_1.canWrite)(level))
+                return false;
+        }
+        return true;
+    };
+    // Check if a graph's tools should be registered at all (deny = no tools)
+    const canAccess = (graphName) => {
+        if (!userAccess)
+            return true;
+        const level = userAccess.get(graphName);
+        if (level && !(0, access_1.canRead)(level))
+            return false;
+        return true;
+    };
     // Context tool (always registered)
     getContext.register(server, sessionContext);
     const ext = { docGraph, codeGraph, knowledgeGraph, fileIndexGraph, taskGraph, skillGraph };
-    // Docs tools (only when docGraph is provided)
-    if (docGraph) {
+    // Docs tools (only when docGraph is provided and user has access)
+    if (docGraph && canAccess('docs')) {
         const docMgr = new docs_1.DocGraphManager(docGraph, fns.docs, ext);
         listTopics.register(server, docMgr);
         getToc.register(server, docMgr);
@@ -197,13 +223,13 @@ function createMcpServer(docGraph, codeGraph, knowledgeGraph, fileIndexGraph, ta
         listSnippets.register(server, docMgr);
         explainSymbol.register(server, docMgr);
         // Cross-graph tools (require both docGraph and codeGraph)
-        if (codeGraph) {
+        if (codeGraph && canAccess('code')) {
             const codeMgrForCross = new code_1.CodeGraphManager(codeGraph, fns.code, ext);
             crossReferences.register(server, docMgr, codeMgrForCross);
         }
     }
-    // Code tools (only when codeGraph is provided)
-    if (codeGraph) {
+    // Code tools (only when codeGraph is provided and user has access)
+    if (codeGraph && canAccess('code')) {
         const codeMgr = new code_1.CodeGraphManager(codeGraph, fns.code, ext);
         listFiles.register(server, codeMgr);
         getFileSymbols.register(server, codeMgr);
@@ -211,93 +237,96 @@ function createMcpServer(docGraph, codeGraph, knowledgeGraph, fileIndexGraph, ta
         getSymbol.register(server, codeMgr);
         searchCodeFiles.register(server, codeMgr);
     }
-    // File index tools (always registered when fileIndexGraph is provided)
-    if (fileIndexGraph) {
+    // File index tools (when fileIndexGraph is provided and user has access)
+    if (fileIndexGraph && canAccess('files')) {
         const fileIndexMgr = new file_index_1.FileIndexGraphManager(fileIndexGraph, fns.files, ext);
         listAllFiles.register(server, fileIndexMgr);
         searchAllFiles.register(server, fileIndexMgr);
         getFileInfo.register(server, fileIndexMgr);
     }
-    // Knowledge tools (always registered)
-    // Mutations (create/update/delete) go through mutServer for queue serialization
-    if (knowledgeGraph) {
+    // Knowledge tools — read tools gated by canAccess, mutation tools gated by canMutate
+    if (knowledgeGraph && canAccess('knowledge')) {
         const ctx = projectDir ? { ...(0, manager_types_1.noopContext)(), projectDir } : (0, manager_types_1.noopContext)();
         const knowledgeMgr = new knowledge_1.KnowledgeGraphManager(knowledgeGraph, fns.knowledge, ctx, {
             docGraph, codeGraph, fileIndexGraph, taskGraph, skillGraph,
         });
-        createNote.register(mutServer, knowledgeMgr);
-        updateNote.register(mutServer, knowledgeMgr);
-        deleteNote.register(mutServer, knowledgeMgr);
         getNote.register(server, knowledgeMgr);
         listNotes.register(server, knowledgeMgr);
         searchNotes.register(server, knowledgeMgr);
-        createRelation.register(mutServer, knowledgeMgr);
-        deleteRelation.register(mutServer, knowledgeMgr);
         listRelations.register(server, knowledgeMgr);
         findLinkedNotes.register(server, knowledgeMgr);
-        addNoteAttachment.register(mutServer, knowledgeMgr);
-        removeNoteAttachment.register(mutServer, knowledgeMgr);
+        if (canMutate('knowledge')) {
+            createNote.register(mutServer, knowledgeMgr);
+            updateNote.register(mutServer, knowledgeMgr);
+            deleteNote.register(mutServer, knowledgeMgr);
+            createRelation.register(mutServer, knowledgeMgr);
+            deleteRelation.register(mutServer, knowledgeMgr);
+            addNoteAttachment.register(mutServer, knowledgeMgr);
+            removeNoteAttachment.register(mutServer, knowledgeMgr);
+        }
     }
-    // Task tools (always registered when taskGraph is provided)
-    // Mutations go through mutServer for queue serialization
-    if (taskGraph) {
+    // Task tools — read tools gated by canAccess, mutation tools gated by canMutate
+    if (taskGraph && canAccess('tasks')) {
         const taskCtx = projectDir ? { ...(0, manager_types_1.noopContext)(), projectDir } : (0, manager_types_1.noopContext)();
         const taskMgr = new task_1.TaskGraphManager(taskGraph, fns.tasks, taskCtx, {
             docGraph, codeGraph, knowledgeGraph, fileIndexGraph, skillGraph,
         });
-        createTask.register(mutServer, taskMgr);
-        updateTask.register(mutServer, taskMgr);
-        deleteTask.register(mutServer, taskMgr);
         getTask.register(server, taskMgr);
         listTasksTool.register(server, taskMgr);
         searchTasksTool.register(server, taskMgr);
-        moveTask.register(mutServer, taskMgr);
-        linkTask.register(mutServer, taskMgr);
-        createTaskLink.register(mutServer, taskMgr);
-        deleteTaskLink.register(mutServer, taskMgr);
         findLinkedTasks.register(server, taskMgr);
-        addTaskAttachment.register(mutServer, taskMgr);
-        removeTaskAttachment.register(mutServer, taskMgr);
+        if (canMutate('tasks')) {
+            createTask.register(mutServer, taskMgr);
+            updateTask.register(mutServer, taskMgr);
+            deleteTask.register(mutServer, taskMgr);
+            moveTask.register(mutServer, taskMgr);
+            linkTask.register(mutServer, taskMgr);
+            createTaskLink.register(mutServer, taskMgr);
+            deleteTaskLink.register(mutServer, taskMgr);
+            addTaskAttachment.register(mutServer, taskMgr);
+            removeTaskAttachment.register(mutServer, taskMgr);
+        }
     }
-    // Skill tools (always registered when skillGraph is provided)
-    if (skillGraph) {
+    // Skill tools — read tools gated by canAccess, mutation tools gated by canMutate
+    if (skillGraph && canAccess('skills')) {
         const skillCtx = projectDir ? { ...(0, manager_types_1.noopContext)(), projectDir } : (0, manager_types_1.noopContext)();
         const skillMgr = new skill_1.SkillGraphManager(skillGraph, fns.skills, skillCtx, {
             docGraph, codeGraph, knowledgeGraph, fileIndexGraph, taskGraph,
         });
-        createSkillTool.register(mutServer, skillMgr);
-        updateSkillTool.register(mutServer, skillMgr);
-        deleteSkillTool.register(mutServer, skillMgr);
         getSkillTool.register(server, skillMgr);
         listSkillsTool.register(server, skillMgr);
         searchSkillsTool.register(server, skillMgr);
-        linkSkill.register(mutServer, skillMgr);
-        createSkillLink.register(mutServer, skillMgr);
-        deleteSkillLink.register(mutServer, skillMgr);
         findLinkedSkills.register(server, skillMgr);
-        addSkillAttachment.register(mutServer, skillMgr);
-        removeSkillAttachment.register(mutServer, skillMgr);
         recallSkills.register(server, skillMgr);
-        bumpSkillUsage.register(mutServer, skillMgr);
+        if (canMutate('skills')) {
+            createSkillTool.register(mutServer, skillMgr);
+            updateSkillTool.register(mutServer, skillMgr);
+            deleteSkillTool.register(mutServer, skillMgr);
+            linkSkill.register(mutServer, skillMgr);
+            createSkillLink.register(mutServer, skillMgr);
+            deleteSkillLink.register(mutServer, skillMgr);
+            addSkillAttachment.register(mutServer, skillMgr);
+            removeSkillAttachment.register(mutServer, skillMgr);
+            bumpSkillUsage.register(mutServer, skillMgr);
+        }
     }
     return server;
 }
 // ---------------------------------------------------------------------------
 // HTTP transport (Streamable HTTP)
 // ---------------------------------------------------------------------------
-const MAX_BODY_SIZE = 10 * 1024 * 1024; // 10 MB
 async function collectBody(req) {
     const chunks = [];
     let size = 0;
     for await (const chunk of req) {
         size += chunk.length;
-        if (size > MAX_BODY_SIZE)
+        if (size > defaults_1.MAX_BODY_SIZE)
             throw new Error('Request body too large');
         chunks.push(chunk);
     }
     return JSON.parse(Buffer.concat(chunks).toString());
 }
-async function startHttpServer(host, port, sessionTimeoutMs, docGraph, codeGraph, knowledgeGraph, fileIndexGraph, taskGraph, embedFn, projectDir, skillGraph, sessionContext) {
+async function startHttpServer(host, port, sessionTimeoutMs, docGraph, codeGraph, knowledgeGraph, fileIndexGraph, taskGraph, embedFn, projectDir, skillGraph, sessionContext, readonlyGraphs) {
     const sessions = new Map();
     // Sweep stale sessions every 60s
     const sweepInterval = setInterval(() => {
@@ -309,7 +338,7 @@ async function startHttpServer(host, port, sessionTimeoutMs, docGraph, codeGraph
                 process.stderr.write(`[http] Session ${sid} timed out\n`);
             }
         }
-    }, 60_000);
+    }, defaults_1.SESSION_SWEEP_INTERVAL_MS);
     sweepInterval.unref();
     const httpServer = http_1.default.createServer(async (req, res) => {
         try {
@@ -344,7 +373,7 @@ async function startHttpServer(host, port, sessionTimeoutMs, docGraph, codeGraph
                 if (sid)
                     sessions.delete(sid);
             };
-            const mcpServer = createMcpServer(docGraph, codeGraph, knowledgeGraph, fileIndexGraph, taskGraph, embedFn, undefined, projectDir, skillGraph, sessionContext);
+            const mcpServer = createMcpServer(docGraph, codeGraph, knowledgeGraph, fileIndexGraph, taskGraph, embedFn, undefined, projectDir, skillGraph, sessionContext, readonlyGraphs);
             await mcpServer.connect(transport);
             await transport.handleRequest(req, res, body);
         }
@@ -372,7 +401,7 @@ async function startMultiProjectHttpServer(host, port, sessionTimeoutMs, project
                 process.stderr.write(`[http] Session ${sid} (project: ${s.projectId}) timed out\n`);
             }
         }
-    }, 60_000);
+    }, defaults_1.SESSION_SWEEP_INTERVAL_MS);
     sweepInterval.unref();
     // Express app handles /api/* routes
     const restApp = (0, index_1.createRestApp)(projectManager, restOptions);
@@ -439,6 +468,23 @@ async function startMultiProjectHttpServer(host, port, sessionTimeoutMs, project
                 res.writeHead(404).end(JSON.stringify({ error: `Project "${projectId}" not found` }));
                 return;
             }
+            // Auth: if users configured, require valid API key
+            const users = restOptions?.users ?? {};
+            const hasUsers = Object.keys(users).length > 0;
+            let userId;
+            if (hasUsers) {
+                const auth = req.headers.authorization;
+                if (!auth?.startsWith('Bearer ') || auth.length <= 7) {
+                    res.writeHead(401).end(JSON.stringify({ error: 'API key required' }));
+                    return;
+                }
+                const result = (0, access_1.resolveUserFromApiKey)(auth.slice(7), users);
+                if (!result) {
+                    res.writeHead(401).end(JSON.stringify({ error: 'Invalid API key' }));
+                    return;
+                }
+                userId = result.userId;
+            }
             // Build session context (auto-detect workspace if not in URL)
             const ws = workspaceId
                 ? projectManager.getWorkspace(workspaceId)
@@ -447,13 +493,38 @@ async function startMultiProjectHttpServer(host, port, sessionTimeoutMs, project
                 projectId,
                 workspaceId: ws?.id,
                 workspaceProjects: ws?.config.projects,
+                userId,
             };
+            // Build readonly set from config + workspace overrides
+            const mcpReadonlyGraphs = new Set();
+            for (const gn of multi_config_1.GRAPH_NAMES) {
+                if (project.config.graphConfigs[gn].readonly)
+                    mcpReadonlyGraphs.add(gn);
+            }
+            if (project.workspaceId) {
+                const wsInst = projectManager.getWorkspace(project.workspaceId);
+                if (wsInst) {
+                    for (const gn of ['knowledge', 'tasks', 'skills']) {
+                        if (wsInst.config.graphConfigs[gn].readonly)
+                            mcpReadonlyGraphs.add(gn);
+                    }
+                }
+            }
+            // Build per-user access map
+            let mcpUserAccess;
+            if (userId && restOptions?.serverConfig) {
+                mcpUserAccess = new Map();
+                for (const gn of multi_config_1.GRAPH_NAMES) {
+                    const level = (0, access_1.resolveAccess)(userId, gn, project.config, restOptions.serverConfig, ws?.config);
+                    mcpUserAccess.set(gn, level);
+                }
+            }
             const body = await collectBody(req);
             const transport = new streamableHttp_js_1.StreamableHTTPServerTransport({
                 sessionIdGenerator: () => (0, crypto_1.randomUUID)(),
                 onsessioninitialized: (sid) => {
-                    sessions.set(sid, { projectId, workspaceId: ws?.id, server: mcpServer, transport, lastActivity: Date.now() });
-                    process.stderr.write(`[http] Session ${sid} started (project: ${projectId}${ws ? `, workspace: ${ws.id}` : ''})\n`);
+                    sessions.set(sid, { projectId, workspaceId: ws?.id, userId, server: mcpServer, transport, lastActivity: Date.now() });
+                    process.stderr.write(`[http] Session ${sid} started (project: ${projectId}${ws ? `, workspace: ${ws.id}` : ''}${userId ? `, user: ${userId}` : ''})\n`);
                 },
             });
             transport.onclose = () => {
@@ -461,7 +532,7 @@ async function startMultiProjectHttpServer(host, port, sessionTimeoutMs, project
                 if (sid)
                     sessions.delete(sid);
             };
-            const mcpServer = createMcpServer(project.docGraph, project.codeGraph, project.knowledgeGraph, project.fileIndexGraph, project.taskGraph, project.embedFns, project.mutationQueue, project.config.projectDir, project.skillGraph, sessionCtx);
+            const mcpServer = createMcpServer(project.docGraph, project.codeGraph, project.knowledgeGraph, project.fileIndexGraph, project.taskGraph, project.embedFns, project.mutationQueue, project.config.projectDir, project.skillGraph, sessionCtx, mcpReadonlyGraphs, mcpUserAccess);
             await mcpServer.connect(transport);
             await transport.handleRequest(req, res, body);
         }
@@ -477,9 +548,35 @@ async function startMultiProjectHttpServer(host, port, sessionTimeoutMs, project
     });
     return new Promise((resolve) => {
         httpServer.listen(port, host, () => {
-            process.stderr.write(`[server] MCP endpoints: http://${host}:${port}/mcp/{projectId} and /mcp/{workspaceId}/{projectId}\n`);
-            process.stderr.write(`[server] REST API at http://${host}:${port}/api/\n`);
-            process.stderr.write(`[server] WebSocket at ws://${host}:${port}/api/ws\n`);
+            const base = `http://${host}:${port}`;
+            const projects = projectManager.listProjects();
+            const workspaces = projectManager.listWorkspaces();
+            const lines = [
+                '',
+                '  ╔══════════════════════════════════════════════╗',
+                '  ║         Graph Memory Server Ready            ║',
+                '  ╚══════════════════════════════════════════════╝',
+                '',
+                `  UI        ${base}/ui/`,
+                `  REST API  ${base}/api/`,
+                `  WebSocket ws://${host}:${port}/api/ws`,
+                '',
+                '  MCP endpoints:',
+            ];
+            for (const id of projects) {
+                const ws = projectManager.getProjectWorkspace(id);
+                const wsLabel = ws ? ` (${ws.id})` : '';
+                lines.push(`    ${id}${wsLabel}  ${base}/mcp/${id}`);
+            }
+            if (projects.length === 0) {
+                lines.push('    (no projects configured)');
+            }
+            if (workspaces.length > 0) {
+                lines.push('');
+                lines.push(`  Workspaces: ${workspaces.join(', ')}`);
+            }
+            lines.push('');
+            process.stderr.write(lines.join('\n') + '\n');
             resolve(httpServer);
         });
     });

package/dist/api/rest/code.js

@@ -50,7 +50,8 @@ function createCodeRouter() {
             const symbol = p.codeManager.getSymbol(symbolId);
             if (!symbol)
                 return res.status(404).json({ error: 'Symbol not found' });
-            res.json(symbol);
+            const { embedding: _, fileEmbedding: _fe, ...rest } = symbol;
+            res.json(rest);
         }
         catch (err) {
             next(err);

package/dist/api/rest/docs.js

@@ -52,7 +52,8 @@ function createDocsRouter() {
             const node = p.docManager.getNode(nodeId);
             if (!node)
                 return res.status(404).json({ error: 'Node not found' });
-            res.json(node);
+            const { embedding: _, ...rest } = node;
+            res.json(rest);
         }
         catch (err) {
             next(err);

package/dist/api/rest/embed.js

@@ -8,6 +8,7 @@ const crypto_1 = __importDefault(require("crypto"));
 const express_1 = require("express");
 const zod_1 = require("zod");
 const embedder_1 = require("../../lib/embedder");
+const embedding_codec_1 = require("../../lib/embedding-codec");
 /**
  * Create an Express router for the embedding API.
  * POST /api/embed — embed texts using the server's embedding model.
@@ -16,6 +17,7 @@ function createEmbedRouter(apiConfig, modelName) {
     const router = (0, express_1.Router)();
     const embedRequestSchema = zod_1.z.object({
         texts: zod_1.z.array(zod_1.z.string().max(apiConfig.maxTextChars)).min(1).max(apiConfig.maxTexts),
+        format: zod_1.z.enum(['json', 'base64']).optional().default('json'),
     });
     router.post('/', async (req, res, next) => {
         try {
@@ -34,7 +36,12 @@ function createEmbedRouter(apiConfig, modelName) {
             const parsed = embedRequestSchema.parse(req.body);
             const inputs = parsed.texts.map(text => ({ title: text, content: '' }));
             const embeddings = await (0, embedder_1.embedBatch)(inputs, modelName);
-            res.json({ embeddings });
+            if (parsed.format === 'base64') {
+                res.json({ embeddings: embeddings.map(e => (0, embedding_codec_1.float32ToBase64)(e)), format: 'base64' });
+            }
+            else {
+                res.json({ embeddings });
+            }
         }
         catch (err) {
             if (err?.name === 'ZodError') {