@remnic/core 9.3.620 → 9.3.622

package/dist/transfer/types.d.ts

@@ -313,13 +313,13 @@ declare const CapsuleBlockSchema: z.ZodObject<{
         peerProfiles: boolean;
     }>;
 }, "strip", z.ZodTypeAny, {
+    schemaVersion: string;
     includes: {
         procedural: boolean;
         taxonomy: boolean;
         identityAnchors: boolean;
         peerProfiles: boolean;
     };
-    schemaVersion: string;
     id: string;
     description: string;
     version: string;
@@ -334,13 +334,13 @@ declare const CapsuleBlockSchema: z.ZodObject<{
         directAnswerEnabled: boolean;
     };
 }, {
+    schemaVersion: string;
     includes: {
         procedural: boolean;
         taxonomy: boolean;
         identityAnchors: boolean;
         peerProfiles: boolean;
     };
-    schemaVersion: string;
     id: string;
     description: string;
     version: string;
@@ -464,13 +464,13 @@ declare const ExportManifestV2Schema: z.ZodObject<{
             peerProfiles: boolean;
         }>;
     }, "strip", z.ZodTypeAny, {
+        schemaVersion: string;
         includes: {
             procedural: boolean;
             taxonomy: boolean;
             identityAnchors: boolean;
             peerProfiles: boolean;
         };
-        schemaVersion: string;
         id: string;
         description: string;
         version: string;
@@ -485,13 +485,13 @@ declare const ExportManifestV2Schema: z.ZodObject<{
             directAnswerEnabled: boolean;
         };
     }, {
+        schemaVersion: string;
         includes: {
             procedural: boolean;
             taxonomy: boolean;
             identityAnchors: boolean;
             peerProfiles: boolean;
         };
-        schemaVersion: string;
         id: string;
         description: string;
         version: string;
@@ -518,13 +518,13 @@ declare const ExportManifestV2Schema: z.ZodObject<{
     pluginVersion: string;
     includesTranscripts: boolean;
     capsule: {
+        schemaVersion: string;
         includes: {
             procedural: boolean;
             taxonomy: boolean;
             identityAnchors: boolean;
             peerProfiles: boolean;
         };
-        schemaVersion: string;
         id: string;
         description: string;
         version: string;
@@ -551,13 +551,13 @@ declare const ExportManifestV2Schema: z.ZodObject<{
     pluginVersion: string;
     includesTranscripts: boolean;
     capsule: {
+        schemaVersion: string;
         includes: {
             procedural: boolean;
             taxonomy: boolean;
             identityAnchors: boolean;
             peerProfiles: boolean;
         };
-        schemaVersion: string;
         id: string;
         description: string;
         version: string;
@@ -683,13 +683,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
                 peerProfiles: boolean;
             }>;
         }, "strip", z.ZodTypeAny, {
+            schemaVersion: string;
             includes: {
                 procedural: boolean;
                 taxonomy: boolean;
                 identityAnchors: boolean;
                 peerProfiles: boolean;
             };
-            schemaVersion: string;
             id: string;
             description: string;
             version: string;
@@ -704,13 +704,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
                 directAnswerEnabled: boolean;
             };
         }, {
+            schemaVersion: string;
             includes: {
                 procedural: boolean;
                 taxonomy: boolean;
                 identityAnchors: boolean;
                 peerProfiles: boolean;
             };
-            schemaVersion: string;
             id: string;
             description: string;
             version: string;
@@ -737,13 +737,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
         pluginVersion: string;
         includesTranscripts: boolean;
         capsule: {
+            schemaVersion: string;
             includes: {
                 procedural: boolean;
                 taxonomy: boolean;
                 identityAnchors: boolean;
                 peerProfiles: boolean;
             };
-            schemaVersion: string;
             id: string;
             description: string;
             version: string;
@@ -770,13 +770,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
         pluginVersion: string;
         includesTranscripts: boolean;
         capsule: {
+            schemaVersion: string;
             includes: {
                 procedural: boolean;
                 taxonomy: boolean;
                 identityAnchors: boolean;
                 peerProfiles: boolean;
             };
-            schemaVersion: string;
             id: string;
             description: string;
             version: string;
@@ -815,13 +815,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
         pluginVersion: string;
         includesTranscripts: boolean;
         capsule: {
+            schemaVersion: string;
             includes: {
                 procedural: boolean;
                 taxonomy: boolean;
                 identityAnchors: boolean;
                 peerProfiles: boolean;
             };
-            schemaVersion: string;
             id: string;
             description: string;
             version: string;
@@ -854,13 +854,13 @@ declare const ExportBundleV2Schema: z.ZodObject<{
         pluginVersion: string;
         includesTranscripts: boolean;
         capsule: {
+            schemaVersion: string;
             includes: {
                 procedural: boolean;
                 taxonomy: boolean;
                 identityAnchors: boolean;
                 peerProfiles: boolean;
             };
-            schemaVersion: string;
             id: string;
             description: string;
             version: string;

package/dist/verified-recall.js

@@ -1,15 +1,15 @@
 import {
   searchVerifiedEpisodes
-} from "./chunk-QPD426WT.js";
+} from "./chunk-CCNZM5UM.js";
 import "./chunk-HQ6NIBL6.js";
-import "./chunk-7MLB4NCL.js";
+import "./chunk-DXBCNDVD.js";
 import "./chunk-5UZXUTVO.js";
 import "./chunk-4H5ZJHEN.js";
 import "./chunk-4R4KTDIE.js";
 import "./chunk-RULE4VG5.js";
 import "./chunk-SCU65EZI.js";
-import "./chunk-KILOTVIF.js";
-import "./chunk-3HPAPHUK.js";
+import "./chunk-MB5RSUW6.js";
+import "./chunk-6KYMPV2O.js";
 import "./chunk-CPPS65WS.js";
 import "./chunk-DM2T26WE.js";
 import "./chunk-QSVPYQPG.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@remnic/core",
-  "version": "9.3.620",
+  "version": "9.3.622",
   "description": "Framework-agnostic Remnic memory engine — orchestrator, storage, extraction, search, trust zones",
   "type": "module",
   "main": "dist/index.js",

package/src/config.ts

@@ -2537,6 +2537,11 @@ export function parseConfig(raw: unknown): PluginConfig {
 
     // v3.0 namespaces (default off)
     namespacesEnabled: cfg.namespacesEnabled === true,
+    // NOTE: namespace identifiers are intentionally NOT sanitized here — the
+    // codebase rejects unsafe namespaces at the point of use (see
+    // codex-materialize-runner and NamespaceStorageRouter / resolveNamespaceDir),
+    // so a "../x" value is surfaced as an explicit error rather than silently
+    // rewritten. Containment is enforced at the filesystem sinks.
     defaultNamespace:
       typeof cfg.defaultNamespace === "string" && cfg.defaultNamespace.length > 0 ? cfg.defaultNamespace : "default",
     sharedNamespace:

package/src/namespaces/storage.ts

@@ -32,6 +32,28 @@ async function hasStoredEntries(p: string): Promise<boolean> {
   }
 }
 
+// Build a per-namespace directory under `<memoryDir>/namespaces` and assert the
+// resolved path stays inside that base. Namespace identifiers can originate from
+// operator config (config.defaultNamespace) and request-derived routing, so this
+// containment check prevents directory traversal (CodeQL js/path-injection).
+// For safe segments this returns exactly `path.join(base, segment)`, so there is
+// no behavioral change for valid namespaces.
+function resolveNamespaceDir(memoryDir: string, segment: string): string {
+  // Mirror isSafeRouteNamespace's separator/parent-ref rejection (without its
+  // 64-char cap, so identity tokens still pass). Rejecting separators and ".."
+  // up front keeps the value a single contained child of <memoryDir>/namespaces.
+  if (
+    segment.length === 0 ||
+    segment.includes("/") ||
+    segment.includes("\\") ||
+    segment.includes("..") ||
+    path.isAbsolute(segment)
+  ) {
+    throw new Error(`unsafe namespace path segment: ${segment}`);
+  }
+  return path.join(memoryDir, "namespaces", segment);
+}
+
 const LEGACY_NAMESPACE_CONTENT_CHILDREN = [
   ...ALL_CATEGORY_DIRS,
   "entities",
@@ -94,10 +116,9 @@ export class NamespaceStorageRouter {
       return this.defaultNsRootResolved;
     }
 
-    const legacyNsDir = path.join(this.config.memoryDir, "namespaces", this.config.defaultNamespace);
-    const tokenizedNsDir = path.join(
+    const legacyNsDir = resolveNamespaceDir(this.config.memoryDir, this.config.defaultNamespace);
+    const tokenizedNsDir = resolveNamespaceDir(
       this.config.memoryDir,
-      "namespaces",
       namespaceIdentityToken(this.config.defaultNamespace),
     );
     const tokenizedHasData =
@@ -118,8 +139,8 @@ export class NamespaceStorageRouter {
     if (namespace === this.config.defaultNamespace) {
       return this.defaultNsRootResolved ?? this.config.memoryDir;
     }
-    const legacyRoot = path.join(this.config.memoryDir, "namespaces", namespace);
-    const tokenizedRoot = path.join(this.config.memoryDir, "namespaces", namespaceIdentityToken(namespace));
+    const legacyRoot = resolveNamespaceDir(this.config.memoryDir, namespace);
+    const tokenizedRoot = resolveNamespaceDir(this.config.memoryDir, namespaceIdentityToken(namespace));
     if ((await exists(tokenizedRoot)) && (await hasAnyNamespaceStorageMarker(tokenizedRoot, { includeRuntimeState: true }))) {
       return tokenizedRoot;
     }
@@ -131,6 +152,10 @@ export class NamespaceStorageRouter {
     if (ns !== this.config.defaultNamespace && !isSafeRouteNamespace(ns)) {
       throw new Error(`unsafe namespace: ${ns}`);
     }
+    // Even when the default namespace is exempt from the check above, every
+    // on-disk path is built through resolveNamespaceDir(), which rejects
+    // traversal segments — so an unsafe configured default still cannot escape
+    // <memoryDir>/namespaces (CodeQL js/path-injection).
 
     let root: string;
     if (ns === this.config.defaultNamespace) {

package/src/objective-state.ts

@@ -86,6 +86,20 @@ function validateMetadata(raw: unknown): Record<string, string> | undefined {
   return validateStringRecord(raw, "metadata");
 }
 
+// Assert that a built path stays inside the expected base directory before it is
+// used in a filesystem write. snapshotId/recordedAt are already validated by
+// validateObjectiveStateSnapshot, so for valid data this is a defense-in-depth
+// barrier (and makes the containment provable to CodeQL js/path-injection).
+function assertWithinDir(baseDir: string, candidate: string): string {
+  const resolvedBase = path.resolve(baseDir);
+  const resolved = path.resolve(candidate);
+  const rel = path.relative(resolvedBase, resolved);
+  if (rel === ".." || rel.startsWith(`..${path.sep}`) || path.isAbsolute(rel)) {
+    throw new Error("objective-state path escapes the snapshots directory");
+  }
+  return resolved;
+}
+
 export function resolveObjectiveStateStoreDir(memoryDir: string, overrideDir?: string): string {
   if (typeof overrideDir === "string" && overrideDir.trim().length > 0) {
     return overrideDir.trim();
@@ -163,8 +177,9 @@ export async function recordObjectiveStateSnapshot(options: {
   const rootDir = resolveObjectiveStateStoreDir(options.memoryDir, options.objectiveStateStoreDir);
   const validated = validateObjectiveStateSnapshot(options.snapshot);
   const day = recordStoreDay(validated.recordedAt);
-  const snapshotsDir = path.join(rootDir, "snapshots", day);
-  const filePath = path.join(snapshotsDir, `${validated.snapshotId}.json`);
+  const snapshotsRoot = path.join(rootDir, "snapshots");
+  const snapshotsDir = assertWithinDir(snapshotsRoot, path.join(snapshotsRoot, day));
+  const filePath = assertWithinDir(snapshotsDir, path.join(snapshotsDir, `${validated.snapshotId}.json`));
   await mkdir(snapshotsDir, { recursive: true });
   await writeFile(filePath, JSON.stringify(validated, null, 2), "utf8");
   return filePath;

package/src/runtime/better-sqlite.test.ts

@@ -1,6 +1,7 @@
 import assert from "node:assert/strict";
 import test from "node:test";
 import {
+  displayErrorDetail,
   isLikelyBetterSqlite3NativeBindingError,
   openBetterSqlite3,
 } from "./better-sqlite.js";
@@ -21,6 +22,34 @@ test("isLikelyBetterSqlite3NativeBindingError recognizes missing and mismatched
   assert.equal(isLikelyBetterSqlite3NativeBindingError(new Error("SQLITE_BUSY: database is locked")), false);
 });
 
+test("displayErrorDetail surfaces only error class + code, never the raw message (CodeQL js/stack-trace-exposure)", () => {
+  // MODULE_NOT_FOUND messages embed an absolute "Require stack:" path block.
+  const moduleNotFound = Object.assign(
+    new Error("Cannot find module 'better-sqlite3'\nRequire stack:\n- /home/app/node_modules/x/index.js"),
+    { code: "MODULE_NOT_FOUND" },
+  );
+  const d1 = displayErrorDetail(moduleNotFound);
+  assert.equal(d1, "Error (MODULE_NOT_FOUND)");
+  assert.ok(!d1.includes("/home/app") && !d1.includes("Require stack"));
+
+  // Native loader failures can embed an absolute path (even with spaces) in the
+  // message; we never surface it.
+  const dlopen = Object.assign(
+    new Error("/Users/Jane Doe/app/node_modules/better-sqlite3/build/Release/better_sqlite3.node: file too short"),
+    { code: "ERR_DLOPEN_FAILED" },
+  );
+  const d2 = displayErrorDetail(dlopen);
+  assert.equal(d2, "Error (ERR_DLOPEN_FAILED)");
+  assert.ok(!d2.includes("/Users/Jane Doe") && !d2.includes(".node"));
+
+  // No code → class name only. error.stack is never read.
+  const noCode = new Error("boom");
+  noCode.stack = "boom\n    at /home/app/secret.js:1:1";
+  assert.equal(displayErrorDetail(noCode), "Error");
+
+  assert.equal(displayErrorDetail("not an error"), "");
+});
+
 test("openBetterSqlite3 can open an in-memory database after install verification", () => {
   const db = openBetterSqlite3(":memory:");
   try {

package/src/runtime/better-sqlite.ts

@@ -41,8 +41,19 @@ function requireBetterSqlite3Ctor(require: RuntimeRequire): BetterSqlite3Ctor {
   return ctor;
 }
 
+// Raw, unredacted message — used ONLY for internal classification (detecting a
+// native-binding mismatch). Never returned to a user-facing surface, because it
+// can contain absolute paths. Native-binding markers (better_sqlite3.node,
+// NODE_MODULE_VERSION, "was compiled against a different Node.js version") live
+// in error.message, so message text is sufficient and we never read .stack.
+function rawErrorMessage(error: unknown): string {
+  return error instanceof Error ? error.message : String(error ?? "");
+}
+
 export function isLikelyBetterSqlite3NativeBindingError(error: unknown): boolean {
-  const detail = errorDetail(error);
+  // Classify on the RAW message so redaction can't strip detection markers
+  // (e.g. the path containing "better_sqlite3.node").
+  const detail = rawErrorMessage(error);
   return (
     detail.includes("Could not locate the bindings file") ||
     detail.includes("better_sqlite3.node") ||
@@ -53,7 +64,7 @@ export function isLikelyBetterSqlite3NativeBindingError(error: unknown): boolean
 }
 
 function unavailableError(error: unknown): Error {
-  const detail = errorDetail(error);
+  const detail = displayErrorDetail(error);
   const nativeBindingHint = isLikelyBetterSqlite3NativeBindingError(error)
     ? " This usually means the better-sqlite3 native binding was not compiled for this Node.js/platform combination. " +
       "Run `node scripts/ensure-better-sqlite3.mjs` from the Remnic install directory, or run " +
@@ -67,10 +78,21 @@ function unavailableError(error: unknown): Error {
   );
 }
 
-function errorDetail(error: unknown): string {
-  if (error instanceof Error) {
-    const stack = error.stack && error.stack !== error.message ? `\n${error.stack}` : "";
-    return `${error.message}${stack}`;
-  }
-  return String(error ?? "");
+// Sanitized, user-facing error detail. This string becomes the message of the
+// Error thrown by unavailableError(), which propagates to user-facing surfaces
+// (HTTP error bodies, MCP tool errors — access-http.ts / access-mcp.ts return
+// err.message). We must not leak server internals (CodeQL js/stack-trace-exposure):
+//   - error.stack is never read.
+// We deliberately surface only the error's class name and Node error code —
+// never the raw message. Node module-load failures embed absolute server paths
+// directly in error.message (the "Require stack:" block, and unquoted native
+// loader paths that may even contain spaces), which no regex can redact
+// reliably. The error code (MODULE_NOT_FOUND, ERR_DLOPEN_FAILED, …) is a stable,
+// path-free identifier that, together with the native-binding hint, is enough
+// for a user to act on. The full original error stays on the `cause` chain and
+// is logged with its stack elsewhere.
+export function displayErrorDetail(error: unknown): string {
+  if (!(error instanceof Error)) return "";
+  const code = (error as NodeJS.ErrnoException).code;
+  return typeof code === "string" && code.length > 0 ? `${error.name} (${code})` : error.name;
 }

package/dist/chunk-3HPAPHUK.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/runtime/better-sqlite.ts"],"sourcesContent":["import { createRequire } from \"node:module\";\nimport type BetterSqlite3 from \"better-sqlite3\";\n\nexport type BetterSqlite3Database = BetterSqlite3.Database;\ntype BetterSqlite3Ctor = typeof BetterSqlite3;\ntype RuntimeRequire = ReturnType<typeof createRequire>;\n\nlet cachedCtor: BetterSqlite3Ctor | null = null;\n\nfunction loadBetterSqlite3(): BetterSqlite3Ctor {\n  if (cachedCtor) return cachedCtor;\n\n  const require = createRequire(import.meta.url);\n\n  try {\n    cachedCtor = requireBetterSqlite3Ctor(require);\n    return cachedCtor;\n  } catch (error) {\n    throw unavailableError(error);\n  }\n}\n\nexport function openBetterSqlite3(\n  file: string,\n  options?: ConstructorParameters<BetterSqlite3Ctor>[1],\n): BetterSqlite3Database {\n  const Database = loadBetterSqlite3();\n  return new Database(file, options);\n}\n\nfunction requireBetterSqlite3Ctor(require: RuntimeRequire): BetterSqlite3Ctor {\n  const loaded = require(\"better-sqlite3\") as\n    | BetterSqlite3Ctor\n    | { default?: BetterSqlite3Ctor };\n  const ctor = typeof loaded === \"function\" ? loaded : loaded.default;\n\n  if (typeof ctor !== \"function\") {\n    throw new Error(\"module did not export a constructor\");\n  }\n\n  return ctor;\n}\n\nexport function isLikelyBetterSqlite3NativeBindingError(error: unknown): boolean {\n  const detail = errorDetail(error);\n  return (\n    detail.includes(\"Could not locate the bindings file\") ||\n    detail.includes(\"better_sqlite3.node\") ||\n    (detail.includes(\"node-v\") && detail.includes(\"better-sqlite3\")) ||\n    (detail.includes(\"NODE_MODULE_VERSION\") && detail.includes(\"better-sqlite3\")) ||\n    detail.includes(\"was compiled against a different Node.js version\")\n  );\n}\n\nfunction unavailableError(error: unknown): Error {\n  const detail = errorDetail(error);\n  const nativeBindingHint = isLikelyBetterSqlite3NativeBindingError(error)\n    ? \" This usually means the better-sqlite3 native binding was not compiled for this Node.js/platform combination. \" +\n      \"Run `node scripts/ensure-better-sqlite3.mjs` from the Remnic install directory, or run \" +\n      \"`npx node-gyp rebuild --directory=node_modules/better-sqlite3` if the verification script is unavailable.\"\n    : \"\";\n  return new Error(\n    \"better-sqlite3 is unavailable. Remnic attempted to load the native SQLite binding and could not.\" +\n      nativeBindingHint +\n      (detail ? ` Original error: ${detail}` : \"\"),\n    { cause: error instanceof Error ? error : undefined },\n  );\n}\n\nfunction errorDetail(error: unknown): string {\n  if (error instanceof Error) {\n    const stack = error.stack && error.stack !== error.message ? `\\n${error.stack}` : \"\";\n    return `${error.message}${stack}`;\n  }\n  return String(error ?? \"\");\n}\n"],"mappings":";AAAA,SAAS,qBAAqB;AAO9B,IAAI,aAAuC;AAE3C,SAAS,oBAAuC;AAC9C,MAAI,WAAY,QAAO;AAEvB,QAAMA,WAAU,cAAc,YAAY,GAAG;AAE7C,MAAI;AACF,iBAAa,yBAAyBA,QAAO;AAC7C,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,iBAAiB,KAAK;AAAA,EAC9B;AACF;AAEO,SAAS,kBACd,MACA,SACuB;AACvB,QAAM,WAAW,kBAAkB;AACnC,SAAO,IAAI,SAAS,MAAM,OAAO;AACnC;AAEA,SAAS,yBAAyBA,UAA4C;AAC5E,QAAM,SAASA,SAAQ,gBAAgB;AAGvC,QAAM,OAAO,OAAO,WAAW,aAAa,SAAS,OAAO;AAE5D,MAAI,OAAO,SAAS,YAAY;AAC9B,UAAM,IAAI,MAAM,qCAAqC;AAAA,EACvD;AAEA,SAAO;AACT;AAEO,SAAS,wCAAwC,OAAyB;AAC/E,QAAM,SAAS,YAAY,KAAK;AAChC,SACE,OAAO,SAAS,oCAAoC,KACpD,OAAO,SAAS,qBAAqB,KACpC,OAAO,SAAS,QAAQ,KAAK,OAAO,SAAS,gBAAgB,KAC7D,OAAO,SAAS,qBAAqB,KAAK,OAAO,SAAS,gBAAgB,KAC3E,OAAO,SAAS,kDAAkD;AAEtE;AAEA,SAAS,iBAAiB,OAAuB;AAC/C,QAAM,SAAS,YAAY,KAAK;AAChC,QAAM,oBAAoB,wCAAwC,KAAK,IACnE,mTAGA;AACJ,SAAO,IAAI;AAAA,IACT,qGACE,qBACC,SAAS,oBAAoB,MAAM,KAAK;AAAA,IAC3C,EAAE,OAAO,iBAAiB,QAAQ,QAAQ,OAAU;AAAA,EACtD;AACF;AAEA,SAAS,YAAY,OAAwB;AAC3C,MAAI,iBAAiB,OAAO;AAC1B,UAAM,QAAQ,MAAM,SAAS,MAAM,UAAU,MAAM,UAAU;AAAA,EAAK,MAAM,KAAK,KAAK;AAClF,WAAO,GAAG,MAAM,OAAO,GAAG,KAAK;AAAA,EACjC;AACA,SAAO,OAAO,SAAS,EAAE;AAC3B;","names":["require"]}