@morningljn/mnemo 0.1.2

package/src/schema.ts

@@ -0,0 +1,61 @@
+export const SCHEMA = `
+-- 事实表
+CREATE TABLE IF NOT EXISTS facts (
+  fact_id         INTEGER PRIMARY KEY AUTOINCREMENT,
+  content         TEXT NOT NULL UNIQUE,
+  category        TEXT DEFAULT 'general',
+  tags            TEXT DEFAULT '',
+  keywords        TEXT DEFAULT '[]',
+  trust_score     REAL DEFAULT 0.5,
+  retrieval_count INTEGER DEFAULT 0,
+  helpful_count   INTEGER DEFAULT 0,
+  created_at      TEXT DEFAULT (datetime('now', 'localtime')),
+  updated_at      TEXT DEFAULT (datetime('now', 'localtime'))
+);
+
+-- 实体表
+CREATE TABLE IF NOT EXISTS entities (
+  entity_id   INTEGER PRIMARY KEY AUTOINCREMENT,
+  name        TEXT NOT NULL,
+  entity_type TEXT DEFAULT 'unknown',
+  aliases     TEXT DEFAULT '',
+  created_at  TEXT DEFAULT (datetime('now', 'localtime'))
+);
+
+-- 事实-实体关联表
+CREATE TABLE IF NOT EXISTS fact_entities (
+  fact_id   INTEGER NOT NULL REFERENCES facts(fact_id) ON DELETE CASCADE,
+  entity_id INTEGER NOT NULL REFERENCES entities(entity_id) ON DELETE CASCADE,
+  PRIMARY KEY (fact_id, entity_id)
+);
+
+-- 索引
+CREATE INDEX IF NOT EXISTS idx_facts_trust    ON facts(trust_score DESC);
+CREATE INDEX IF NOT EXISTS idx_facts_category ON facts(category);
+CREATE INDEX IF NOT EXISTS idx_entities_name  ON entities(name);
+CREATE INDEX IF NOT EXISTS idx_fact_entities_entity ON fact_entities(entity_id);
+
+-- FTS5 全文索引
+CREATE VIRTUAL TABLE IF NOT EXISTS facts_fts
+  USING fts5(content, tags, content=facts, content_rowid=fact_id);
+
+-- FTS5 同步触发器：插入
+CREATE TRIGGER IF NOT EXISTS facts_ai AFTER INSERT ON facts BEGIN
+  INSERT INTO facts_fts(rowid, content, tags)
+    VALUES (new.fact_id, new.content, new.tags);
+END;
+
+-- FTS5 同步触发器：删除
+CREATE TRIGGER IF NOT EXISTS facts_ad AFTER DELETE ON facts BEGIN
+  INSERT INTO facts_fts(facts_fts, rowid, content, tags)
+    VALUES ('delete', old.fact_id, old.content, old.tags);
+END;
+
+-- FTS5 同步触发器：更新
+CREATE TRIGGER IF NOT EXISTS facts_au AFTER UPDATE ON facts BEGIN
+  INSERT INTO facts_fts(facts_fts, rowid, content, tags)
+    VALUES ('delete', old.fact_id, old.content, old.tags);
+  INSERT INTO facts_fts(rowid, content, tags)
+    VALUES (new.fact_id, new.content, new.tags);
+END;
+`

package/src/security.ts

@@ -0,0 +1,132 @@
+/**
+ * 记忆安全扫描器。
+ * 移植自 Hermes memory_tool.py 的 _scan_memory_content 并扩展。
+ *
+ * 三重扫描：提示注入检测、PII 检测、不可见 Unicode 检测。
+ */
+
+import type { SecurityScanResult } from './types.js'
+
+// -- 提示注入检测 ---
+
+/** 检测伪造围栏标签 */
+const MEMORY_CONTEXT_INJECTION_RE = /<\s*\/?\s*memory-context\s*>/i
+/** 检测 system-reminder 伪装 */
+const SYSTEM_REMINDER_INJECTION_RE = /<\s*system-reminder\s*>/i
+
+/** 提示注入模式 */
+const PROMPT_INJECTION_PATTERNS = [
+  /ignore\s+(?:all\s+)?(?:previous|above|prior)\s+(?:instructions|context)/i,
+  /forget\s+(?:all\s+)?(?:previous|above|prior)\s+(?:instructions|context)/i,
+  /you\s+are\s+now\s+(?:a|an|the)\s+/i,
+  /do\s+not\s+tell\s+the\s+user/i,
+  /(?:system|admin|root)\s+(?:prompt|instruction|message)/i,
+  /disregard\s+(?:your|all|any)\s+(?:instructions|rules|guidelines)/i,
+  /act\s+as\s+(?:if|though)\s+you\s+(?:have\s+no|don'?t\s+have)\s+(?:restrictions|limits|rules)/i,
+]
+
+// -- 数据外泄检测 ---
+
+const EXFIL_PATTERNS = [
+  /curl\s+[^\n]*\$\{?\w*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|API)/i,
+  /wget\s+[^\n]*\$\{?\w*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|API)/i,
+  /(?:cat|type|read)\s+[^\n]*(?:\.env|credentials|\.netrc|\.pgpass|\.npmrc)/i,
+  /authorized_keys/i,
+]
+
+// -- PII 检测 ---
+
+const EMAIL_RE = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g
+const API_KEY_PATTERNS = [
+  /(?:sk|pk|api[_-]?key|token|secret)[_-][a-zA-Z0-9]{20,}/gi,
+  /ghp_[a-zA-Z0-9]{36}/g,
+  /AKIA[0-9A-Z]{16}/g,
+  /AIza[0-9A-Za-z_-]{35}/g,
+]
+
+// -- 不可见 Unicode ---
+
+const INVISIBLE_UNICODE_RANGES: Array<[number, number, string]> = [
+  [0x200B, 0x200F, '零宽字符'],
+  [0x2028, 0x202E, '控制字符'],
+  [0x2060, 0x206F, '不可见格式字符'],
+  [0xFEFF, 0xFEFF, 'BOM'],
+  [0xFFF9, 0xFFFB, '注解字符'],
+]
+
+// -- 导出函数 ---
+
+/** 扫描注入尝试（硬拦截级别） */
+export function scanForInjection(text: string): SecurityScanResult {
+  const injectionAttempts: string[] = []
+
+  if (MEMORY_CONTEXT_INJECTION_RE.test(text)) {
+    injectionAttempts.push('检测到 memory-context 标签注入')
+  }
+  if (SYSTEM_REMINDER_INJECTION_RE.test(text)) {
+    injectionAttempts.push('检测到 system-reminder 标签注入')
+  }
+
+  for (const pattern of PROMPT_INJECTION_PATTERNS) {
+    if (pattern.test(text)) {
+      injectionAttempts.push(`匹配提示注入模式: ${pattern.source}`)
+    }
+  }
+
+  for (const pattern of EXFIL_PATTERNS) {
+    if (pattern.test(text)) {
+      injectionAttempts.push(`匹配数据外泄模式`)
+    }
+  }
+
+  return {
+    safe: injectionAttempts.length === 0,
+    warnings: [],
+    hasPii: false,
+    injectionAttempts,
+  }
+}
+
+/** 扫描 PII（警告级别，不阻止存储） */
+export function scanForPii(text: string): SecurityScanResult {
+  const warnings: string[] = []
+  let hasPii = false
+
+  // 重置 lastIndex（因为使用了 g flag）
+  EMAIL_RE.lastIndex = 0
+  if (EMAIL_RE.test(text)) { warnings.push('包含邮箱地址'); hasPii = true }
+
+  for (const p of API_KEY_PATTERNS) {
+    p.lastIndex = 0
+    if (p.test(text)) { warnings.push('包含 API 密钥模式'); hasPii = true; break }
+  }
+
+  return { safe: true, warnings, hasPii, injectionAttempts: [] }
+}
+
+/** 扫描不可见 Unicode（拦截级别） */
+export function scanForInvisibleUnicode(text: string): SecurityScanResult {
+  const warnings: string[] = []
+  for (const [lo, hi, name] of INVISIBLE_UNICODE_RANGES) {
+    for (let cp = lo; cp <= hi; cp++) {
+      if (text.includes(String.fromCodePoint(cp))) {
+        warnings.push(`包含不可见 Unicode: ${name} (U+${cp.toString(16).toUpperCase()})`)
+      }
+    }
+  }
+  return { safe: warnings.length === 0, warnings, hasPii: false, injectionAttempts: [] }
+}
+
+/** 综合安全扫描 */
+export function fullSecurityScan(text: string): SecurityScanResult {
+  const injection = scanForInjection(text)
+  const pii = scanForPii(text)
+  const unicode = scanForInvisibleUnicode(text)
+
+  return {
+    safe: injection.safe && unicode.safe,
+    warnings: [...injection.warnings, ...pii.warnings, ...unicode.warnings],
+    hasPii: pii.hasPii,
+    injectionAttempts: injection.injectionAttempts,
+  }
+}

package/src/server.ts

@@ -0,0 +1,172 @@
+#!/usr/bin/env node
+
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'
+import { join } from 'node:path'
+import { homedir } from 'node:os'
+import { z } from 'zod/v4'
+import { MemoryStore } from './store.js'
+import { FactRetriever } from './retriever.js'
+import { fullSecurityScan } from './security.js'
+import type { FactStoreArgs, FactFeedbackArgs, FactCategory } from './types.js'
+
+const FACT_STORE_DESCRIPTION = `结构化事实记忆系统（SQLite+FTS5 索引）。支持读写。
+
+操作：
+- search — 关键词查找
+- probe — 实体探测：关于某人/某事的所有事实
+- related — 实体关联
+- reason — 组合推理：同时关联多个实体的事实
+- contradict — 矛盾检测
+- list — 浏览事实
+- add — 添加新事实（自动去重，相似则更新）
+- update — 更新已有事实
+- remove — 删除事实
+
+写入时先 search 检查是否已存在相似事实。identity/coding_style/tool_pref/workflow/general → 全局库，project → 项目库。`
+
+const factStoreSchema = {
+  action: z.enum(['add', 'search', 'probe', 'related', 'reason', 'contradict', 'update', 'remove', 'list']),
+  content: z.string().optional().describe("事实内容（'add' 必需）"),
+  query: z.string().optional().describe("搜索查询（'search' 必需）"),
+  entity: z.string().optional().describe("实体名（'probe'/'related' 使用）"),
+  entities: z.array(z.string()).optional().describe("实体列表（'reason' 使用）"),
+  fact_id: z.number().optional().describe("事实 ID（'update'/'remove' 使用）"),
+  category: z.enum(['identity', 'coding_style', 'tool_pref', 'workflow', 'general']).optional(),
+  tags: z.string().optional().describe('逗号分隔标签'),
+  trust_delta: z.number().optional().describe("'update' 的信任调整值"),
+  min_trust: z.number().optional().describe('最低信任过滤（默认 0.3）'),
+  limit: z.number().optional().describe('最大结果数（默认 10）'),
+}
+
+const factFeedbackSchema = {
+  action: z.enum(['helpful', 'unhelpful']),
+  fact_id: z.number().describe('要评分的事实 ID'),
+}
+
+function resolveCategory(category?: string): FactCategory {
+  if (!category) return 'general'
+  const valid: FactCategory[] = ['identity', 'coding_style', 'tool_pref', 'workflow', 'general']
+  return valid.includes(category as FactCategory) ? (category as FactCategory) : 'general'
+}
+
+const minTrust = 0.3
+
+// -- Initialize store + retriever --
+const dbPath = join(homedir(), '.mnemo', 'facts.db')
+const store = new MemoryStore(dbPath)
+const retriever = new FactRetriever(store, { temporalDecayHalfLife: 30 })
+
+// Startup maintenance
+store.decayTrustScores()
+store.auditContradictions()
+
+// -- MCP Server --
+const server = new McpServer({ name: 'mnemo-mcp', version: '0.1.0' })
+
+server.tool(
+  'fact_store',
+  FACT_STORE_DESCRIPTION,
+  factStoreSchema,
+  async (args) => {
+    try {
+      const a = args as unknown as FactStoreArgs
+      const category = resolveCategory(a.category)
+
+      switch (a.action) {
+        case 'add': {
+          if (!a.content) return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Missing required argument: content' }) }] }
+          const similar = store.findSimilarFact(a.content, category) ?? store.findSimilarFact(a.content)
+          let warnings: string[] | undefined
+          const scan = fullSecurityScan(a.content)
+          if (scan.warnings.length > 0 || scan.hasPii) warnings = [...scan.warnings]
+
+          if (similar) {
+            store.updateFact(similar.factId, { content: a.content, tags: a.tags, trustDelta: 0.05 })
+            const demoted = store.demoteContradictingFacts(similar.factId, a.content, category)
+            return { content: [{ type: 'text' as const, text: JSON.stringify({ fact_id: similar.factId, status: 'updated', reason: 'similar_fact_merged', ...(demoted > 0 ? { contradicted_demoted: demoted } : {}), ...(warnings ? { warnings } : {}) }) }] }
+          }
+
+          const factId = store.addFact(a.content, category, a.tags ?? '')
+          const demoted = store.demoteContradictingFacts(factId, a.content, category)
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ fact_id: factId, status: 'added', category, ...(demoted > 0 ? { contradicted_demoted: demoted } : {}), ...(warnings ? { warnings } : {}) }) }] }
+        }
+
+        case 'search': {
+          if (!a.query) return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Missing required argument: query' }) }] }
+          const results = retriever.search(a.query, { category: a.category ? category : undefined, minTrust: a.min_trust ?? minTrust, limit: a.limit ?? 10 })
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ results, count: results.length }) }] }
+        }
+
+        case 'probe': {
+          if (!a.entity) return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Missing required argument: entity' }) }] }
+          const results = retriever.probe(a.entity, { minTrust: a.min_trust ?? minTrust, limit: a.limit ?? 10 })
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ results, count: results.length }) }] }
+        }
+
+        case 'related': {
+          if (!a.entity) return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Missing required argument: entity' }) }] }
+          const results = retriever.related(a.entity, { minTrust: a.min_trust ?? minTrust, limit: a.limit ?? 10 })
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ results, count: results.length }) }] }
+        }
+
+        case 'reason': {
+          const entities = a.entities ?? []
+          if (entities.length === 0) return { content: [{ type: 'text' as const, text: JSON.stringify({ error: "reason requires 'entities' list" }) }] }
+          const results = retriever.reason(entities, { minTrust: a.min_trust ?? minTrust, limit: a.limit ?? 10 })
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ results, count: results.length }) }] }
+        }
+
+        case 'contradict': {
+          const results = retriever.contradict({ threshold: 0.3, limit: a.limit ?? 10 })
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ results, count: results.length }) }] }
+        }
+
+        case 'update': {
+          if (!a.fact_id) return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Missing required argument: fact_id' }) }] }
+          const updated = store.updateFact(a.fact_id, { content: a.content, tags: a.tags, category, trustDelta: a.trust_delta })
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ updated }) }] }
+        }
+
+        case 'remove': {
+          if (!a.fact_id) return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Missing required argument: fact_id' }) }] }
+          const removed = store.removeFact(a.fact_id)
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ removed }) }] }
+        }
+
+        case 'list': {
+          const facts = store.listFacts(category, a.min_trust ?? 0.0, a.limit ?? 10)
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ facts, count: facts.length }) }] }
+        }
+
+        default:
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Unknown action: ${(a as { action: string }).action}` }) }] }
+      }
+    } catch (err) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: String(err) }) }] }
+    }
+  },
+)
+
+server.tool(
+  'fact_feedback',
+  '使用事实后评分。标记 helpful 如果准确，unhelpful 如果过时。训练记忆系统 — 好事实上升，坏事实下降。',
+  factFeedbackSchema,
+  async (args) => {
+    try {
+      const a = args as unknown as FactFeedbackArgs
+      if (!a.fact_id) return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Missing required argument: fact_id' }) }] }
+      const result = store.recordFeedback(a.fact_id, a.action === 'helpful')
+      return { content: [{ type: 'text' as const, text: JSON.stringify(result) }] }
+    } catch (err) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: String(err) }) }] }
+    }
+  },
+)
+
+// -- Start --
+const transport = new StdioServerTransport()
+server.connect(transport).catch(err => {
+  console.error('mnemo-mcp failed to start:', err)
+  process.exit(1)
+})