npm - @memoryrelay/plugin-memoryrelay-ai - Versions diffs - 0.8.1 → 0.8.3 - Mend

@memoryrelay/plugin-memoryrelay-ai 0.8.1 → 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 /**
  * OpenClaw Memory Plugin - MemoryRelay
- * Version: 0.8.0 (Enhanced Debug & Status)
+ * Version: 0.8.3 (Security & Installation Fixes)
  *
  * Long-term memory with vector search using MemoryRelay API.
  * Provides auto-recall and auto-capture via lifecycle hooks.
@@ -9,6 +9,18 @@
  * API: https://api.memoryrelay.net
  * Docs: https://memoryrelay.ai
  *
+ * ENHANCEMENTS (v0.8.3):
+ * - Security fix: logFile now restricted to relative paths only
+ * - Rejects absolute paths and path traversal attempts
+ * - Passes OpenClaw security validation for npm installation
+ * - Clean installation without security warnings
+ *
+ * ENHANCEMENTS (v0.8.2):
+ * - Human-readable gateway logs with memory previews
+ * - Show similarity scores and memory snippets during auto-recall
+ * - Performance indicators (✓/✗ and timing with SLOW warnings)
+ * - Cleaner error messages in gateway logs
+ *
  * ENHANCEMENTS (v0.8.0):
  * - Debug mode with comprehensive API call logging
  * - Enhanced status reporting with tool breakdown
@@ -148,6 +160,8 @@ async function fetchWithTimeout(
 class MemoryRelayClient {
   private debugLogger?: DebugLogger;
   private statusReporter?: StatusReporter;
+  private config?: MemoryRelayConfig;
+  private api?: OpenClawPluginApi;
   constructor(
     private readonly apiKey: string,
@@ -155,9 +169,12 @@ class MemoryRelayClient {
     private readonly apiUrl: string = DEFAULT_API_URL,
     debugLogger?: DebugLogger,
     statusReporter?: StatusReporter,
+    api?: OpenClawPluginApi,
   ) {
     this.debugLogger = debugLogger;
     this.statusReporter = statusReporter;
+    this.api = api;
+    this.config = api?.pluginConfig as MemoryRelayConfig | undefined;
   }
   /**
@@ -234,6 +251,14 @@ class MemoryRelayClient {
             retries: retryCount,
             requestBody: this.debugLogger && body ? body : undefined,
           });
+          // Enhanced gateway logging (v0.8.2): Readable error summary
+          if (this.config.debug && this.api) {
+            const retryMsg = retryCount > 0 ? ` (retry ${retryCount}/${MAX_RETRIES})` : '';
+            this.api.logger.warn?.(
+              `memory-memoryrelay: ${toolName} → ${response.status} ${errorMsg || response.statusText}${retryMsg}`
+            );
+          }
         }
         // Track failure
@@ -267,6 +292,15 @@ class MemoryRelayClient {
           requestBody: this.debugLogger && body ? body : undefined,
           responseBody: this.debugLogger && result ? result : undefined,
         });
+        // Enhanced gateway logging (v0.8.2): Readable API call summary
+        if (this.config.debug && this.api) {
+          const statusSymbol = response.status < 400 ? '✓' : '✗';
+          const durationColor = duration > 1000 ? ' (SLOW)' : duration > 500 ? ' (slow)' : '';
+          this.api.logger.info?.(
+            `memory-memoryrelay: ${toolName} → ${duration}ms ${statusSymbol}${durationColor}`
+          );
+        }
       }
       // Track success
@@ -817,9 +851,34 @@ export default async function plugin(api: OpenClawPluginApi): Promise<void> {
   const debugEnabled = cfg?.debug || false;
   const verboseEnabled = cfg?.verbose || false;
-  const logFile = cfg?.logFile;
   const maxLogEntries = cfg?.maxLogEntries || 100;
+  // Security fix (v0.8.3): logFile must be relative to workspace/plugin directory
+  // Absolute paths and path traversal are rejected
+  let logFile: string | undefined;
+  if (cfg?.logFile) {
+    const requestedPath = cfg.logFile;
+    // Reject absolute paths
+    if (requestedPath.startsWith('/') || requestedPath.startsWith('~') || /^[A-Za-z]:/.test(requestedPath)) {
+      api.logger.warn(
+        `memory-memoryrelay: logFile must be relative path (got: ${requestedPath}). Using default location.`
+      );
+      logFile = undefined;
+    }
+    // Reject path traversal
+    else if (requestedPath.includes('..')) {
+      api.logger.warn(
+        `memory-memoryrelay: logFile cannot contain '..' (got: ${requestedPath}). Using default location.`
+      );
+      logFile = undefined;
+    }
+    // Accept relative path (will be resolved by DebugLogger relative to workspace)
+    else {
+      logFile = requestedPath;
+    }
+  }
   let debugLogger: DebugLogger | undefined;
   let statusReporter: StatusReporter | undefined;
@@ -830,12 +889,16 @@ export default async function plugin(api: OpenClawPluginApi): Promise<void> {
       maxEntries: maxLogEntries,
       logFile: logFile,
     });
-    api.logger.info(`memory-memoryrelay: debug mode enabled (verbose: ${verboseEnabled}, maxEntries: ${maxLogEntries})`);
+    const logLocation = logFile ? ` → ${logFile}` : '';
+    api.logger.info(
+      `memory-memoryrelay: debug mode enabled (verbose: ${verboseEnabled}, maxEntries: ${maxLogEntries}${logLocation})`
+    );
   }
   statusReporter = new StatusReporter(debugLogger);
-  const client = new MemoryRelayClient(apiKey, agentId, apiUrl, debugLogger, statusReporter);
+  const client = new MemoryRelayClient(apiKey, agentId, apiUrl, debugLogger, statusReporter, api);
   // Verify connection on startup (with timeout)
   try {
@@ -3297,9 +3360,23 @@ export default async function plugin(api: OpenClawPluginApi): Promise<void> {
         if (results.length > 0) {
           const memoryContext = results.map((r) => `- ${r.memory.content}`).join("\n");
-          api.logger.info?.(
-            `memory-memoryrelay: injecting ${results.length} memories into context`,
-          );
+          // Enhanced gateway logging (v0.8.2): Show memory previews
+          if (cfg?.debug) {
+            const snippets = results
+              .map((r) => {
+                const preview = r.memory.content.substring(0, 100).replace(/\n/g, ' ');
+                const ellipsis = r.memory.content.length > 100 ? '...' : '';
+                return `  • [${r.score.toFixed(2)}] ${preview}${ellipsis}`;
+              })
+              .join('\n');
+            api.logger.info?.(
+              `memory-memoryrelay: injecting ${results.length} memories into context:\n${snippets}`,
+            );
+          } else {
+            api.logger.info?.(
+              `memory-memoryrelay: injecting ${results.length} memories into context`,
+            );
+          }
           prependContext +=
             `\n\n<relevant-memories>\nThe following memories from MemoryRelay may be relevant:\n${memoryContext}\n</relevant-memories>`;

package/openclaw.plugin.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "kind": "memory",
   "name": "MemoryRelay AI",
   "description": "AI memory service with sessions, decisions, patterns & projects (api.memoryrelay.net)",
-  "version": "0.7.0",
+  "version": "0.8.3",
   "uiHints": {
     "apiKey": {
       "label": "MemoryRelay API Key",
@@ -113,7 +113,7 @@
       },
       "logFile": {
         "type": "string",
-        "description": "Optional file path for persistent debug logs"
+        "description": "Relative file path for persistent debug logs (e.g., 'memoryrelay-debug.log'). Absolute paths and path traversal (..) are rejected for security."
       },
       "maxLogEntries": {
         "type": "number",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@memoryrelay/plugin-memoryrelay-ai",
-  "version": "0.8.1",
+  "version": "0.8.3",
   "description": "OpenClaw memory plugin for MemoryRelay API - sessions, decisions, patterns, projects & semantic search",
   "type": "module",
   "main": "index.ts",