npm - @ijfw/memory-server - Versions diffs - 1.6.0 → 1.6.1 - Mend

@ijfw/memory-server 1.6.0 → 1.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +1 -1
package/src/cross-orchestrator-cli.js +46 -0
package/src/dashboard-server.js +16 -0
package/src/model-refresh.js +4 -2
package/src/server.js +11 -4

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ijfw/memory-server",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "description": "Cross-platform persistent memory server for IJFW. 14 MCP tools (memory + admin/update + brain). Works with 15 platforms: 14 via MCP (Claude Code, Codex, Gemini CLI, Cursor, Windsurf, Copilot, Hermes, Wayland, OpenCode, QwenCode, Cline, KimiCode, OpenClaw, Antigravity) plus Aider via the rules-only tier.",
   "author": "Sean Donahoe",
   "contributors": [

package/src/cross-orchestrator-cli.js CHANGED Viewed

@@ -319,6 +319,10 @@ function parseArgsInner(args) {
     return { cmd: 'doctor' };
   }
+  if (args[0] === 'init') {
+    return { cmd: 'init', force: args.includes('--force') };
+  }
   if (args[0] === 'update') {
     const opts = { cmd: 'update' };
     for (let i = 1; i < args.length; i++) {
@@ -2865,6 +2869,8 @@ if (isMainModule) {
     cmdImport(parsed).catch(err => { console.error(err.message); process.exit(1); });
   } else if (parsed.cmd === 'doctor') {
     cmdDoctor(parsed);
+  } else if (parsed.cmd === 'init') {
+    cmdInit(parsed);
   } else if (parsed.cmd === 'update') {
     cmdUpdate(parsed);
   } else if (parsed.cmd === 'version') {
@@ -2954,6 +2960,46 @@ function findCliAsset(...rel) {
   ].filter(Boolean);
   return candidates.find(p => existsSync(p)) || null;
 }
+// `ijfw init` -- explicitly bless the current folder for codebase indexing.
+// The indexer (scripts/build-codebase-index.sh) refuses any folder that has no
+// project marker (issue #16). For a plain working folder with no .git/package.json
+// etc, this drops a .ijfw/project marker so the indexer will index it. It will
+// NOT bless the home directory or filesystem root -- that is the whole point of
+// the guard.
+function cmdInit(parsed = {}) {
+  const cwd = process.cwd();
+  let phys;
+  try { phys = realpathSync(cwd); } catch { phys = resolve(cwd); }
+  let homePhys;
+  try { homePhys = realpathSync(homedir()); } catch { homePhys = homedir(); }
+  if (phys === '/' || phys === homePhys) {
+    console.error('ijfw init: refusing to bless your home directory or the filesystem root for indexing.');
+    console.error('Run `ijfw init` from inside an actual project folder.');
+    process.exit(1);
+  }
+  const marker = join(cwd, '.ijfw', 'project');
+  try {
+    mkdirSync(dirname(marker), { recursive: true });
+    if (existsSync(marker) && !parsed.force) {
+      console.log(`This folder is already initialised for IJFW indexing (${marker}).`);
+      process.exit(0);
+    }
+    const stamp = new Date().toISOString();
+    writeFileSync(
+      marker,
+      `# IJFW project marker\n` +
+      `# Created by \`ijfw init\`. This folder is approved for codebase indexing.\n` +
+      `# Safe to commit. Delete this file to stop IJFW indexing this folder.\n` +
+      `created_at: ${stamp}\n`,
+      { mode: 0o644 }
+    );
+    console.log('IJFW initialised. This folder is now approved for codebase indexing.');
+    console.log(`Marker: ${marker}`);
+  } catch (err) {
+    console.error(`ijfw init: could not write marker -- ${err.message}`);
+    process.exit(1);
+  }
+}
 function cmdInstall() {
   const script = findCliAsset('scripts', 'install.sh');
   if (!script) {

package/src/dashboard-server.js CHANGED Viewed

@@ -174,10 +174,26 @@ function requireLocalhost(req, res) {
   return false;
 }
+// CSRF guard: reject cross-origin browser requests to the data API. Browsers
+// stamp Sec-Fetch-Site; the dashboard's own page is 'same-origin', direct tools
+// (curl, address bar) send 'none'/nothing. Only same-machine cross-origin pages
+// hit 'cross-site'/'same-site' -- block those on /api.
+function rejectCrossSiteApi(req, res, path) {
+  if (!path.startsWith('/api')) return false;
+  const sfs = req.headers['sec-fetch-site'];
+  if (sfs === 'cross-site' || sfs === 'same-site') {
+    res.writeHead(403, { 'Content-Type': 'application/json' });
+    res.end('{"error":"cross-origin request rejected"}');
+    return true;
+  }
+  return false;
+}
 // ---------- simple router ----------
 function route(req, res, routes) {
   const url = new URL(req.url, 'http://localhost');
   const path = url.pathname;
+  if (rejectCrossSiteApi(req, res, path)) return;
   for (const [pattern, handler] of routes) {
     if (typeof pattern === 'string' ? path === pattern : pattern.test(path)) {
       handler(req, res, url);

package/src/model-refresh.js CHANGED Viewed

@@ -232,9 +232,11 @@ async function probeGoogle(env, fetchImpl) {
   if (!key) return null;
   const { signal, cancel } = makeAbortable();
   try {
+    // Pass the key as a header, not a URL query param, so it never lands in
+    // proxy / CDN / firewall access logs (privacy audit finding).
     const r = await fetchImpl(
-      `https://generativelanguage.googleapis.com/v1beta/models?key=${encodeURIComponent(key)}`,
-      { signal },
+      'https://generativelanguage.googleapis.com/v1beta/models',
+      { signal, headers: { 'x-goog-api-key': key } },
     );
     if (!r.ok) return null;
     const json = await r.json();

package/src/server.js CHANGED Viewed

@@ -2117,7 +2117,7 @@ function handleMessage(msg) {
           try {
             const fs = await import('node:fs');
             const path = await import('node:path');
-            const home = process.env.IJFW_HOME || path.join(process.env.HOME || '', '.ijfw');
+            const home = process.env.IJFW_HOME || path.join(process.env.HOME || homedir(), '.ijfw');
             const s = JSON.parse(fs.readFileSync(path.join(home, 'settings.json'), 'utf8'));
             injectOn = s && s.profile && s.profile.inject === 'on';
           } catch { injectOn = false; }
@@ -2424,9 +2424,16 @@ function handleMessage(msg) {
           case 'ijfw_metrics':
             result = handleMetrics(args || {});
             break;
-          case 'ijfw_cross_project_search':
-            result = handleCrossProjectSearch(args || {});
+          case 'ijfw_cross_project_search': {
+            // Privacy opt-out: a dedicated off-switch + the IJFW_MINIMAL master
+            // switch disable cross-project memory surfacing entirely.
+            const xpOff = /^(1|true|yes|on)$/i.test(process.env.IJFW_NO_CROSS_PROJECT || '')
+              || process.env.IJFW_MINIMAL === '1';
+            result = xpOff
+              ? { text: 'Cross-project search is disabled (IJFW_NO_CROSS_PROJECT / IJFW_MINIMAL).' }
+              : handleCrossProjectSearch(args || {});
             break;
+          }
           case 'ijfw_prompt_check': {
             const pc = checkPrompt((args && args.prompt) || '');
             const text = pc.vague
@@ -2550,7 +2557,7 @@ function handleMessage(msg) {
             try {
               const fs = await import('node:fs');
               const path = await import('node:path');
-              const home = process.env.IJFW_HOME || path.join(process.env.HOME || '', '.ijfw');
+              const home = process.env.IJFW_HOME || path.join(process.env.HOME || homedir(), '.ijfw');
               const s = JSON.parse(fs.readFileSync(path.join(home, 'settings.json'), 'utf8'));
               injectOn = s && s.profile && s.profile.inject === 'on';
             } catch { injectOn = false; }