npm - @jcode.labs/mimir - Versions diffs - 0.2.1 → 0.3.0 - Mend

@jcode.labs/mimir 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/dist/types.d.ts CHANGED Viewed

@@ -4,14 +4,39 @@ export interface Config {
     rawDir: string;
     storageDir: string;
     sourcesFile: string;
+    accessLogPath: string;
     tableName: string;
     ollamaHost: string;
+    networkPolicy: NetworkPolicy;
     embedModel: string;
     llmModel: string;
+    redaction: RedactionConfig;
+    accessLog: boolean;
+    mcpMaxTopK: number;
     topK: number;
     chunkSize: number;
     chunkOverlap: number;
 }
+export type NetworkPolicy = "local-only" | "allow-private" | "allow-any";
+export interface RedactionConfig {
+    enabled: boolean;
+    builtIn: boolean;
+    patterns: RedactionPattern[];
+}
+export interface RedactionPattern {
+    name: string;
+    pattern: string;
+    flags?: string | undefined;
+    replacement?: string | undefined;
+}
+export interface RedactionCount {
+    name: string;
+    count: number;
+}
+export interface HostClassification {
+    kind: "loopback" | "private" | "remote" | "invalid";
+    host: string;
+}
 export interface SourceFile {
     absolutePath: string;
     relativePath: string;
@@ -46,6 +71,7 @@ export interface IngestResult {
     indexedFiles: number;
     chunks: number;
     skippedFiles: number;
+    redactions: number;
     errors: Array<{
         path: string;
         message: string;
@@ -76,4 +102,45 @@ export interface AuditReport {
     staleInIndex: string[];
     totalChunks: number;
 }
+export interface DestroyIndexResult {
+    storageDir: string;
+    removed: boolean;
+    note: string;
+}
+export interface SecurityAuditReport {
+    projectRoot: string;
+    zeroTelemetry: true;
+    network: {
+        policy: NetworkPolicy;
+        ollamaHost: string;
+        host: string;
+        classification: HostClassification["kind"];
+    };
+    redaction: {
+        enabled: boolean;
+        builtIn: boolean;
+        customPatterns: string[];
+    };
+    accessLog: {
+        enabled: boolean;
+        path: string;
+        storesRawQueries: false;
+    };
+    storage: {
+        path: string;
+        gitIgnored: boolean;
+        encryptedAtRest: "external-required";
+    };
+    mcp: {
+        maxTopK: number;
+        destructiveToolsExposed: false;
+    };
+    gitignore: {
+        kbIgnored: boolean;
+        mimirIgnored: boolean;
+        privateIgnored: boolean;
+    };
+    recommendations: string[];
+    warnings: string[];
+}
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAEvC,MAAM,WAAW,MAAM;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,UAAU,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,SAAU,SAAQ,SAAS;IAC1C,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,EAAE,QAAQ,CAAA;IACd,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACjD;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,EAAE,QAAQ,CAAA;IACd,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,YAAY,EAAE,CAAA;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACvD,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;CACpB"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAEvC,MAAM,WAAW,MAAM;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,aAAa,EAAE,MAAM,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,EAAE,aAAa,CAAA;IAC5B,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,eAAe,CAAA;IAC1B,SAAS,EAAE,OAAO,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,eAAe,GAAG,WAAW,CAAA;AAExE,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,OAAO,CAAA;IAChB,QAAQ,EAAE,gBAAgB,EAAE,CAAA;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,UAAU,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAA;IACnD,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,UAAU,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,SAAU,SAAQ,SAAS;IAC1C,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,EAAE,QAAQ,CAAA;IACd,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACjD;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,EAAE,QAAQ,CAAA;IACd,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,YAAY,EAAE,CAAA;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACvD,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAA;IACnB,aAAa,EAAE,IAAI,CAAA;IACnB,OAAO,EAAE;QACP,MAAM,EAAE,aAAa,CAAA;QACrB,UAAU,EAAE,MAAM,CAAA;QAClB,IAAI,EAAE,MAAM,CAAA;QACZ,cAAc,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAA;KAC3C,CAAA;IACD,SAAS,EAAE;QACT,OAAO,EAAE,OAAO,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,cAAc,EAAE,MAAM,EAAE,CAAA;KACzB,CAAA;IACD,SAAS,EAAE;QACT,OAAO,EAAE,OAAO,CAAA;QAChB,IAAI,EAAE,MAAM,CAAA;QACZ,gBAAgB,EAAE,KAAK,CAAA;KACxB,CAAA;IACD,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAA;QACZ,UAAU,EAAE,OAAO,CAAA;QACnB,eAAe,EAAE,mBAAmB,CAAA;KACrC,CAAA;IACD,GAAG,EAAE;QACH,OAAO,EAAE,MAAM,CAAA;QACf,uBAAuB,EAAE,KAAK,CAAA;KAC/B,CAAA;IACD,SAAS,EAAE;QACT,SAAS,EAAE,OAAO,CAAA;QAClB,YAAY,EAAE,OAAO,CAAA;QACrB,cAAc,EAAE,OAAO,CAAA;KACxB,CAAA;IACD,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB"}

package/dist/version.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export declare const VERSION = "0.2.1";
+export declare const VERSION = "0.3.0";
 //# sourceMappingURL=version.d.ts.map

package/dist/version.js CHANGED Viewed

@@ -1,2 +1,2 @@
-export const VERSION = "0.2.1";
+export const VERSION = "0.3.0";
 //# sourceMappingURL=version.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@jcode.labs/mimir",
-  "version": "0.2.1",
+  "version": "0.3.0",
   "description": "Mimir: open-source local-first memory and retrieval for private project knowledge.",
   "type": "module",
   "license": "MIT",
@@ -42,7 +42,10 @@
   "files": [
     "dist",
     "skills",
-    "README.md"
+    "README.md",
+    "SECURITY-HARDENING.md",
+    "CHANGELOG.md",
+    "SECURITY.md"
   ],
   "publishConfig": {
     "access": "public"
@@ -55,9 +58,10 @@
     "lint": "biome ci .",
     "lint:fix": "biome check --write .",
     "package:check": "publint",
+    "release:artifacts": "node scripts/release-artifacts.mjs",
     "smoke": "node scripts/smoke.mjs",
     "test": "vitest run",
-    "validate": "pnpm lint && pnpm check && pnpm test && pnpm build && pnpm smoke && pnpm package:check"
+    "validate": "pnpm lint && pnpm check && pnpm test && pnpm build && pnpm smoke && pnpm package:check && pnpm release:artifacts"
   },
   "dependencies": {
     "@lancedb/lancedb": "^0.30.0",

package/skills/mimir/SKILL.md CHANGED Viewed

@@ -20,12 +20,15 @@ private/          # raw documents to ingest
 .kb/config.json   # local Mimir config
 .kb/sources.txt   # optional extra source paths
 .kb/storage/      # generated local index
+.kb/access.log    # metadata-only access log
 ```
 ## Data Safety
 - Do not commit raw documents, secrets, tax IDs, scans, bank documents, tokens, or generated vector stores.
-- Keep `private/**` and `.kb/storage/**` ignored by Git.
+- Keep `private/**`, `.kb/`, and `.mimir/` ignored by Git.
+- Treat `kb search`, `kb ask`, and MCP results as sensitive because they can contain private
+  source passages even when redaction is enabled.
 - Prefer summaries and citations over dumping long private passages into the chat.
 - If the user asks for a high-stakes answer, identify which facts came from Mimir and which still require professional or official verification.
@@ -35,6 +38,7 @@ From the repository root:
 ```bash
 pnpm exec kb status
+pnpm exec kb security-audit
 ```
 If Mimir is not installed:
@@ -58,10 +62,12 @@ After documents are added or changed:
 ```bash
 pnpm exec kb ingest
 pnpm exec kb audit
+pnpm exec kb security-audit
 pnpm exec kb status
 ```
-The audit must show no missing or stale supported files before relying on the index.
+The audit must show no missing or stale supported files before relying on the index. The security
+audit should not show warnings before relying on Mimir for sensitive work.
 ## Query Workflow
@@ -101,9 +107,13 @@ Available MCP tools:
 - `mimir_search`: retrieve source passages.
 - `mimir_ask`: synthesize an answer with local citations.
 - `mimir_audit`: compare source files with the current index.
+- `mimir_security_audit`: inspect local privacy, network, redaction, MCP, and gitignore posture.
 Prefer MCP tools over shell commands when the agent runtime provides them. Use shell commands when MCP is unavailable.
+MCP is read-focused and intentionally does not expose index deletion. Use `pnpm exec kb
+destroy-index --yes` from the shell when the user explicitly wants to remove the generated index.
 ## Installing This Skill Into A Repository
 Run: