@memclaw/memclaw 0.9.10 → 0.9.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SECURITY.md +88 -0
- package/dist/index.js +1 -1
- package/dist/plugin-impl.d.ts +7 -33
- package/dist/plugin-impl.d.ts.map +1 -1
- package/dist/plugin-impl.js +168 -170
- package/dist/plugin-impl.js.map +1 -1
- package/dist/src/binaries.d.ts.map +1 -1
- package/dist/src/binaries.js +61 -17
- package/dist/src/binaries.js.map +1 -1
- package/openclaw.plugin.json +15 -5
- package/package.json +5 -4
- package/{skill → skills/lagacy}/SKILL.md +28 -17
- package/skills/lagacy/references/maintenance.md +110 -0
- package/skills/memclaw/SKILL.md +112 -0
- package/skills/memclaw/references/tools.md +205 -0
- package/skills/memclaw-setup/SKILL.md +145 -0
- package/skills/memclaw-setup/references/tools.md +205 -0
- package/skills/memclaw-setup/references/troubleshooting.md +134 -0
- package/skill/references/maintenance.md +0 -75
- /package/{skill → skills/lagacy}/references/setup.md +0 -0
- /package/{skill → skills/lagacy}/references/tools.md +0 -0
package/SECURITY.md
ADDED
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
# Security Information
|
|
2
|
+
|
|
3
|
+
This document describes security considerations for the MemClaw plugin.
|
|
4
|
+
|
|
5
|
+
## Data Flow
|
|
6
|
+
|
|
7
|
+
```
|
|
8
|
+
User Input → OpenClaw → MemClaw Plugin → cortex-mem-service (localhost:8085)
|
|
9
|
+
│
|
|
10
|
+
▼
|
|
11
|
+
Qdrant (localhost:6334)
|
|
12
|
+
│
|
|
13
|
+
▼
|
|
14
|
+
Local Storage
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
**Key Points:**
|
|
18
|
+
- All data processing happens **locally** on your machine
|
|
19
|
+
- No data is sent to external servers except your configured LLM/Embedding providers
|
|
20
|
+
- API keys are only transmitted to your configured API endpoints
|
|
21
|
+
|
|
22
|
+
## Credentials
|
|
23
|
+
|
|
24
|
+
### Required Credentials
|
|
25
|
+
|
|
26
|
+
| Credential | Purpose | Storage Location |
|
|
27
|
+
|------------|---------|------------------|
|
|
28
|
+
| `llmApiKey` | Memory extraction and summarization | OpenClaw plugin config (marked `sensitive: true`) |
|
|
29
|
+
| `embeddingApiKey` | Vector embedding generation | OpenClaw plugin config (marked `sensitive: true`) |
|
|
30
|
+
|
|
31
|
+
### Credential Security
|
|
32
|
+
|
|
33
|
+
- API keys are stored in `openclaw.json` with the `sensitive` flag
|
|
34
|
+
- Keys are **never** logged or transmitted except to your configured API provider
|
|
35
|
+
- Keys are **never** sent to the MemClaw developers or any third party
|
|
36
|
+
|
|
37
|
+
## Binary Packages
|
|
38
|
+
|
|
39
|
+
### What's Included
|
|
40
|
+
|
|
41
|
+
MemClaw uses platform-specific binary packages distributed via npm:
|
|
42
|
+
|
|
43
|
+
| Package | Platform | Contents |
|
|
44
|
+
|---------|----------|----------|
|
|
45
|
+
| `@memclaw/bin-darwin-arm64` | macOS Apple Silicon | Qdrant, cortex-mem-service, cortex-mem-cli |
|
|
46
|
+
| `@memclaw/bin-win-x64` | Windows x64 | Qdrant, cortex-mem-service, cortex-mem-cli |
|
|
47
|
+
|
|
48
|
+
### Verification
|
|
49
|
+
|
|
50
|
+
To verify binary packages:
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
# Check package integrity via npm
|
|
54
|
+
npm view @memclaw/bin-darwin-arm64
|
|
55
|
+
npm view @memclaw/bin-win-x64
|
|
56
|
+
|
|
57
|
+
# Inspect package contents
|
|
58
|
+
npm pack @memclaw/bin-darwin-arm64
|
|
59
|
+
tar -tzf memclaw-bin-darwin-arm64-*.tgz
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
### Source Code
|
|
63
|
+
|
|
64
|
+
The source code for building these binaries is available in the main repository:
|
|
65
|
+
- Repository: https://github.com/sopaco/cortex-mem
|
|
66
|
+
- Build scripts: `cortex-mem-core/`, `cortex-mem-service/`
|
|
67
|
+
|
|
68
|
+
## Network Security
|
|
69
|
+
|
|
70
|
+
### Ports Used
|
|
71
|
+
|
|
72
|
+
| Service | Port | Protocol | Purpose |
|
|
73
|
+
|---------|------|----------|---------|
|
|
74
|
+
| Qdrant HTTP | 6333 | TCP | REST API, health checks |
|
|
75
|
+
| Qdrant gRPC | 6334 | TCP | Vector operations |
|
|
76
|
+
| cortex-mem-service | 8085 | TCP | Memory service API |
|
|
77
|
+
|
|
78
|
+
### Firewall Configuration
|
|
79
|
+
|
|
80
|
+
If you use a firewall, ensure:
|
|
81
|
+
- Ports 6333, 6334, 8085 are allowed for **localhost only**
|
|
82
|
+
- External connections to these ports are blocked
|
|
83
|
+
|
|
84
|
+
### Localhost Only
|
|
85
|
+
|
|
86
|
+
All services bind to `localhost` (127.0.0.1) by default:
|
|
87
|
+
- No external network access is required
|
|
88
|
+
- Services are not accessible from other machines
|
package/dist/index.js
CHANGED
package/dist/plugin-impl.d.ts
CHANGED
|
@@ -12,38 +12,6 @@ interface PluginLogger {
|
|
|
12
12
|
warn: (msg: string, ...args: unknown[]) => void;
|
|
13
13
|
error: (msg: string, ...args: unknown[]) => void;
|
|
14
14
|
}
|
|
15
|
-
interface CronAPI {
|
|
16
|
-
call(params: {
|
|
17
|
-
method: "add" | "remove" | "list";
|
|
18
|
-
params?: {
|
|
19
|
-
name?: string;
|
|
20
|
-
schedule?: {
|
|
21
|
-
kind: string;
|
|
22
|
-
expr: string;
|
|
23
|
-
};
|
|
24
|
-
sessionTarget?: string;
|
|
25
|
-
payload?: {
|
|
26
|
-
kind: string;
|
|
27
|
-
message: string;
|
|
28
|
-
};
|
|
29
|
-
delivery?: {
|
|
30
|
-
mode: string;
|
|
31
|
-
};
|
|
32
|
-
};
|
|
33
|
-
}): Promise<unknown>;
|
|
34
|
-
}
|
|
35
|
-
interface RuntimeAPI {
|
|
36
|
-
tools: {
|
|
37
|
-
get(name: "cron"): CronAPI;
|
|
38
|
-
};
|
|
39
|
-
}
|
|
40
|
-
interface ToolDefinition {
|
|
41
|
-
name: string;
|
|
42
|
-
description: string;
|
|
43
|
-
parameters: object;
|
|
44
|
-
execute: (_id: string, params: Record<string, unknown>) => Promise<unknown>;
|
|
45
|
-
optional?: boolean;
|
|
46
|
-
}
|
|
47
15
|
interface PluginAPI {
|
|
48
16
|
pluginConfig?: Record<string, unknown>;
|
|
49
17
|
registerTool(tool: ToolDefinition, opts?: {
|
|
@@ -55,7 +23,13 @@ interface PluginAPI {
|
|
|
55
23
|
stop: () => Promise<void>;
|
|
56
24
|
}): void;
|
|
57
25
|
logger: PluginLogger;
|
|
58
|
-
|
|
26
|
+
}
|
|
27
|
+
interface ToolDefinition {
|
|
28
|
+
name: string;
|
|
29
|
+
description: string;
|
|
30
|
+
parameters: object;
|
|
31
|
+
execute: (_id: string, params: Record<string, unknown>) => Promise<unknown>;
|
|
32
|
+
optional?: boolean;
|
|
59
33
|
}
|
|
60
34
|
export declare function createPlugin(api: PluginAPI): {
|
|
61
35
|
id: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin-impl.d.ts","sourceRoot":"","sources":["../plugin-impl.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA0CH,UAAU,YAAY;
|
|
1
|
+
{"version":3,"file":"plugin-impl.d.ts","sourceRoot":"","sources":["../plugin-impl.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA0CH,UAAU,YAAY;IACrB,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAC;IAClD,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAC;IAChD,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAC;IAChD,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAC;CACjD;AAED,UAAU,SAAS;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,YAAY,CAAC,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI,CAAC;IACxE,eAAe,CAAC,OAAO,EAAE;QACxB,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;KAC1B,GAAG,IAAI,CAAC;IACT,MAAM,EAAE,YAAY,CAAC;CACrB;AAED,UAAU,cAAc;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5E,QAAQ,CAAC,EAAE,OAAO,CAAC;CACnB;AA+MD,wBAAgB,YAAY,CAAC,GAAG,EAAE,SAAS;;;;EA4d1C"}
|