@twelvehart/supermemory-runtime 1.0.0-next.0

package/docker-compose.prod.yml

@@ -0,0 +1,91 @@
+# =============================================================================
+# SuperMemory Clone - Docker Compose Production Override
+# =============================================================================
+# This file extends docker-compose.yml for production deployment:
+# - PostgreSQL with pgvector for vector search
+# - Redis for caching and job queues (BullMQ)
+# - ChromaDB for scalable vector search (optional)
+# - Full resource limits enabled
+# - Persistent volumes
+#
+# Usage:
+#   # Full production stack (API + PostgreSQL + Redis):
+#   docker compose -f docker-compose.yml -f docker-compose.prod.yml --profile production up -d
+#
+#   # With ChromaDB vector store:
+#   docker compose -f docker-compose.yml -f docker-compose.prod.yml --profile production --profile chroma up -d
+#
+#   # With worker:
+#   docker compose -f docker-compose.yml -f docker-compose.prod.yml --profile production --profile worker up -d
+#
+#   # View logs:
+#   docker compose -f docker-compose.yml -f docker-compose.prod.yml logs -f api
+#
+#   # Stop all services:
+#   docker compose -f docker-compose.yml -f docker-compose.prod.yml down
+#
+#   # Stop and remove volumes (WARNING: deletes data):
+#   docker compose -f docker-compose.yml -f docker-compose.prod.yml down -v
+# =============================================================================
+
+services:
+  # ---------------------------------------------------------------------------
+  # API Service - Production configuration
+  # ---------------------------------------------------------------------------
+  api:
+    environment:
+      - NODE_ENV=production
+      - API_HOST=0.0.0.0
+      - API_PORT=3000
+      # Database connection (PostgreSQL)
+      - DATABASE_URL=postgresql://supermemory:supermemory_secret@postgres:5432/supermemory
+      # Redis connection
+      - REDIS_URL=redis://redis:6379
+      # These should be provided via .env file or secrets
+      - OPENAI_API_KEY=${OPENAI_API_KEY}
+      - AUTH_ENABLED=${AUTH_ENABLED:-false}
+      - AUTH_TOKEN=${AUTH_TOKEN:-}
+      - EMBEDDING_MODEL=${EMBEDDING_MODEL:-text-embedding-3-small}
+      - EMBEDDING_DIMENSIONS=${EMBEDDING_DIMENSIONS:-1536}
+      # Vector Store Configuration
+      - VECTOR_STORE_PROVIDER=${VECTOR_STORE_PROVIDER:-memory}
+      - VECTOR_DIMENSIONS=${VECTOR_DIMENSIONS:-1536}
+      - CHROMA_URL=${CHROMA_URL:-http://chromadb:8000}
+      - CHROMA_COLLECTION=${CHROMA_COLLECTION:-supermemory_vectors}
+      # LLM Provider Configuration
+      - LLM_PROVIDER=${LLM_PROVIDER:-}
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
+      - LLM_MODEL=${LLM_MODEL:-}
+      - LLM_MAX_TOKENS=${LLM_MAX_TOKENS:-2000}
+      - LLM_CACHE_ENABLED=${LLM_CACHE_ENABLED:-true}
+      - LLM_CACHE_TTL_MS=${LLM_CACHE_TTL_MS:-900000}
+      - LOG_LEVEL=${LOG_LEVEL:-info}
+      - RATE_LIMIT_REQUESTS=${RATE_LIMIT_REQUESTS:-100}
+      - RATE_LIMIT_WINDOW_MS=${RATE_LIMIT_WINDOW_MS:-60000}
+
+    # In production, API depends on postgres and redis being healthy
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+
+  # ---------------------------------------------------------------------------
+  # Worker - Production configuration
+  # ---------------------------------------------------------------------------
+  worker:
+    environment:
+      - NODE_ENV=production
+      - DATABASE_URL=postgresql://supermemory:supermemory_secret@postgres:5432/supermemory
+      - REDIS_URL=redis://redis:6379
+      - OPENAI_API_KEY=${OPENAI_API_KEY}
+      - AUTH_ENABLED=${AUTH_ENABLED:-false}
+      - AUTH_TOKEN=${AUTH_TOKEN:-}
+      - LOG_LEVEL=${LOG_LEVEL:-info}
+
+    # In production, worker depends on postgres and redis being healthy
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy

package/docker-compose.yml

@@ -0,0 +1,358 @@
+# =============================================================================
+# SuperMemory Clone - Docker Compose Base Configuration
+# =============================================================================
+# This file defines the base service configurations.
+# Services use profiles for flexible deployment:
+#
+# Development (SQLite only):
+#   docker compose -f docker-compose.yml -f docker-compose.dev.yml up
+#
+# Development with Redis:
+#   docker compose -f docker-compose.yml -f docker-compose.dev.yml --profile redis up
+#
+# Production (requires docker-compose.prod.yml):
+#   docker compose -f docker-compose.yml -f docker-compose.prod.yml up
+# =============================================================================
+
+services:
+  # ---------------------------------------------------------------------------
+  # API Service - Main SuperMemory Clone API
+  # ---------------------------------------------------------------------------
+  api:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: supermemory-api
+    restart: unless-stopped
+
+    # Environment variables - base configuration
+    # Override in dev/prod compose files as needed
+    environment:
+      - NODE_ENV=production
+      - API_HOST=0.0.0.0
+      - API_PORT=3000
+      # These should be provided via .env file or secrets
+      - OPENAI_API_KEY=${OPENAI_API_KEY}
+      - AUTH_ENABLED=${AUTH_ENABLED:-false}
+      - AUTH_TOKEN=${AUTH_TOKEN:-}
+      - CSRF_SECRET=${CSRF_SECRET:-}
+      - SUPERMEMORY_ALLOW_GENERATED_LOCAL_SECRETS=${SUPERMEMORY_ALLOW_GENERATED_LOCAL_SECRETS:-true}
+      - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-http://localhost:13000,http://localhost:15173}
+      - EMBEDDING_MODEL=${EMBEDDING_MODEL:-text-embedding-3-small}
+      - EMBEDDING_DIMENSIONS=${EMBEDDING_DIMENSIONS:-1536}
+      # Vector Store Configuration
+      - VECTOR_STORE_PROVIDER=${VECTOR_STORE_PROVIDER:-memory}
+      - VECTOR_DIMENSIONS=${VECTOR_DIMENSIONS:-1536}
+      - VECTOR_SQLITE_PATH=${VECTOR_SQLITE_PATH:-./data/vectors.db}
+      - CHROMA_URL=${CHROMA_URL:-http://chromadb:8000}
+      - CHROMA_COLLECTION=${CHROMA_COLLECTION:-supermemory_vectors}
+      # Redis Configuration
+      - REDIS_HOST=${REDIS_HOST:-redis}
+      - REDIS_PORT=${REDIS_PORT:-6379}
+      # BullMQ Queue Configuration
+      - BULLMQ_CONCURRENCY_EXTRACTION=${BULLMQ_CONCURRENCY_EXTRACTION:-5}
+      - BULLMQ_CONCURRENCY_CHUNKING=${BULLMQ_CONCURRENCY_CHUNKING:-3}
+      - BULLMQ_CONCURRENCY_EMBEDDING=${BULLMQ_CONCURRENCY_EMBEDDING:-2}
+      - BULLMQ_CONCURRENCY_INDEXING=${BULLMQ_CONCURRENCY_INDEXING:-1}
+      # LLM Provider Configuration (optional - for memory extraction)
+      - LLM_PROVIDER=${LLM_PROVIDER:-}
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
+      - LLM_MODEL=${LLM_MODEL:-}
+      - LLM_MAX_TOKENS=${LLM_MAX_TOKENS:-2000}
+      - LLM_TEMPERATURE=${LLM_TEMPERATURE:-0.1}
+      - LLM_TIMEOUT_MS=${LLM_TIMEOUT_MS:-30000}
+      - LLM_MAX_RETRIES=${LLM_MAX_RETRIES:-3}
+      - LLM_CACHE_ENABLED=${LLM_CACHE_ENABLED:-true}
+      - LLM_CACHE_TTL_MS=${LLM_CACHE_TTL_MS:-900000}
+      - LOG_LEVEL=${LOG_LEVEL:-info}
+      - RATE_LIMIT_REQUESTS=${RATE_LIMIT_REQUESTS:-100}
+      - RATE_LIMIT_WINDOW_MS=${RATE_LIMIT_WINDOW_MS:-60000}
+
+    ports:
+      - "${API_HOST_PORT:-13000}:3000"
+
+    # No depends_on in base - override in prod compose file
+    # This allows dev mode to work without postgres/redis
+
+    # Health check configuration
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+    # Resource limits to prevent runaway processes
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 1G
+        reservations:
+          cpus: '0.5'
+          memory: 256M
+
+    networks:
+      - supermemory-network
+
+    # Logging configuration
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+  # ---------------------------------------------------------------------------
+  # PostgreSQL with pgvector - Vector database for embeddings
+  # ---------------------------------------------------------------------------
+  # Only started when postgres profile is active or via prod compose
+  postgres:
+    image: pgvector/pgvector:pg16
+    container_name: supermemory-postgres
+    restart: unless-stopped
+
+    environment:
+      - POSTGRES_USER=supermemory
+      - POSTGRES_PASSWORD=supermemory_secret
+      - POSTGRES_DB=supermemory
+      # Performance tuning
+      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+
+    ports:
+      - "${POSTGRES_HOST_PORT:-15432}:5432"
+
+    # Persistent storage for database
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+      # Mount initialization script for pgvector extension setup
+      - ./scripts/init-db.sql:/docker-entrypoint-initdb.d/init-db.sql:ro
+      # Mount migration scripts for easy access
+      - ./scripts/migrations:/migrations:ro
+
+    # Health check to verify PostgreSQL is ready
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U supermemory -d supermemory"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+    # Resource limits
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 2G
+        reservations:
+          cpus: '0.25'
+          memory: 256M
+
+    networks:
+      - supermemory-network
+
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+    # PostgreSQL is optional - use profile to enable
+    profiles:
+      - postgres
+      - production
+
+  # ---------------------------------------------------------------------------
+  # Redis - Caching and job queue (BullMQ)
+  # ---------------------------------------------------------------------------
+  # Only started when redis profile is active or via prod compose
+  redis:
+    image: redis:7-alpine
+    container_name: supermemory-redis
+    restart: unless-stopped
+
+    # Redis configuration for persistence and memory management
+    command: >
+      redis-server
+      --appendonly yes
+      --appendfsync everysec
+      --maxmemory 256mb
+      --maxmemory-policy allkeys-lru
+
+    ports:
+      - "${REDIS_HOST_PORT:-16379}:6379"
+
+    # Persistent storage for Redis
+    volumes:
+      - redis_data:/data
+
+    # Health check to verify Redis is ready
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 5s
+
+    # Resource limits
+    deploy:
+      resources:
+        limits:
+          cpus: '1'
+          memory: 512M
+        reservations:
+          cpus: '0.1'
+          memory: 64M
+
+    networks:
+      - supermemory-network
+
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+    # Redis is optional - use profile to enable
+    profiles:
+      - redis
+      - production
+
+  # ---------------------------------------------------------------------------
+  # ChromaDB - Vector database for embeddings (optional)
+  # ---------------------------------------------------------------------------
+  # Started when chroma profile is active or via prod compose with chroma
+  chromadb:
+    image: chromadb/chroma:latest
+    container_name: supermemory-chromadb
+    restart: unless-stopped
+
+    environment:
+      - IS_PERSISTENT=TRUE
+      - PERSIST_DIRECTORY=/chroma/chroma
+      - ANONYMIZED_TELEMETRY=FALSE
+      # Optional authentication (uncomment to enable)
+      # - CHROMA_SERVER_AUTH_PROVIDER=token
+      # - CHROMA_SERVER_AUTH_CREDENTIALS=${CHROMA_AUTH_TOKEN}
+      # - CHROMA_SERVER_AUTH_TOKEN_TRANSPORT_HEADER=Authorization
+
+    ports:
+      - "8000:8000"
+
+    # Persistent storage for vector data
+    volumes:
+      - chromadb_data:/chroma/chroma
+
+    # Health check to verify ChromaDB is ready
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/api/v1/heartbeat"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+    # Resource limits
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 2G
+        reservations:
+          cpus: '0.25'
+          memory: 256M
+
+    networks:
+      - supermemory-network
+
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+    # ChromaDB is optional - use profile to enable
+    profiles:
+      - chroma
+      - production
+
+  # ---------------------------------------------------------------------------
+  # Worker Service - Background job processor
+  # ---------------------------------------------------------------------------
+  # Handles asynchronous tasks like:
+  # - Document processing and chunking
+  # - Embedding generation
+  # - Batch imports
+  # ---------------------------------------------------------------------------
+  worker:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: supermemory-worker
+    restart: unless-stopped
+
+    # Override command to run worker instead of API
+    command: ["node", "dist/worker.js"]
+
+    environment:
+      - NODE_ENV=production
+      - OPENAI_API_KEY=${OPENAI_API_KEY}
+      - AUTH_ENABLED=${AUTH_ENABLED:-false}
+      - AUTH_TOKEN=${AUTH_TOKEN:-}
+      - LOG_LEVEL=${LOG_LEVEL:-info}
+      # Redis Configuration
+      - REDIS_HOST=${REDIS_HOST:-redis}
+      - REDIS_PORT=${REDIS_PORT:-6379}
+      # BullMQ Queue Configuration
+      - BULLMQ_CONCURRENCY_EXTRACTION=${BULLMQ_CONCURRENCY_EXTRACTION:-5}
+      - BULLMQ_CONCURRENCY_CHUNKING=${BULLMQ_CONCURRENCY_CHUNKING:-3}
+      - BULLMQ_CONCURRENCY_EMBEDDING=${BULLMQ_CONCURRENCY_EMBEDDING:-2}
+      - BULLMQ_CONCURRENCY_INDEXING=${BULLMQ_CONCURRENCY_INDEXING:-1}
+
+    # No depends_on in base - override in prod compose file
+
+    # No health check for worker - it doesn't expose HTTP
+    # You could add a custom health check script if needed
+
+    # Resource limits
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 1G
+        reservations:
+          cpus: '0.25'
+          memory: 128M
+
+    networks:
+      - supermemory-network
+
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+    # Worker is optional - use profile to enable
+    profiles:
+      - worker
+
+# =============================================================================
+# Volumes - Persistent storage
+# =============================================================================
+volumes:
+  postgres_data:
+    driver: local
+    name: supermemory_postgres_data
+  redis_data:
+    driver: local
+    name: supermemory_redis_data
+  chromadb_data:
+    driver: local
+    name: supermemory_chromadb_data
+
+# =============================================================================
+# Networks - Container networking
+# =============================================================================
+networks:
+  supermemory-network:
+    driver: bridge
+    name: supermemory-network

package/drizzle/0000_dapper_the_professor.sql

@@ -0,0 +1,159 @@
+CREATE TABLE "container_tags" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"tag" varchar(255) NOT NULL,
+	"parent_tag" varchar(255),
+	"display_name" varchar(255),
+	"description" text,
+	"metadata" jsonb DEFAULT '{}'::jsonb,
+	"settings" jsonb DEFAULT '{}'::jsonb,
+	"is_active" boolean DEFAULT true NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "container_tags_tag_unique" UNIQUE("tag"),
+	CONSTRAINT "container_tags_no_self_parent" CHECK ("container_tags"."tag" != "container_tags"."parent_tag"),
+	CONSTRAINT "container_tags_tag_format" CHECK ("container_tags"."tag" ~ '^[a-zA-Z0-9_-]+$')
+);
+--> statement-breakpoint
+CREATE TABLE "documents" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"custom_id" varchar(255),
+	"content" text NOT NULL,
+	"content_type" varchar(50) DEFAULT 'text/plain' NOT NULL,
+	"status" varchar(20) DEFAULT 'pending' NOT NULL,
+	"container_tag" varchar(255) NOT NULL,
+	"metadata" jsonb DEFAULT '{}'::jsonb,
+	"content_hash" varchar(64) GENERATED ALWAYS AS (encode(sha256(content::bytea), 'hex')) STORED NOT NULL,
+	"word_count" integer GENERATED ALWAYS AS (array_length(regexp_split_to_array(content, '\s+'), 1)) STORED NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "documents_status_check" CHECK ("documents"."status" IN ('pending', 'processing', 'processed', 'failed', 'archived')),
+	CONSTRAINT "documents_content_type_check" CHECK ("documents"."content_type" IN ('text/plain', 'text/markdown', 'text/html', 'application/pdf', 'application/json', 'image/png', 'image/jpeg', 'audio/mp3', 'video/mp4'))
+);
+--> statement-breakpoint
+CREATE TABLE "memories" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"document_id" uuid,
+	"content" text NOT NULL,
+	"memory_type" varchar(20) DEFAULT 'fact' NOT NULL,
+	"is_latest" boolean DEFAULT true NOT NULL,
+	"similarity_hash" varchar(64) NOT NULL,
+	"version" integer DEFAULT 1 NOT NULL,
+	"supersedes_id" uuid,
+	"container_tag" varchar(255) NOT NULL,
+	"confidence_score" numeric(4, 3) DEFAULT '1.000',
+	"metadata" jsonb DEFAULT '{}'::jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "memories_type_check" CHECK ("memories"."memory_type" IN ('fact', 'preference', 'episode', 'belief', 'skill', 'context')),
+	CONSTRAINT "memories_confidence_check" CHECK ("memories"."confidence_score" >= 0 AND "memories"."confidence_score" <= 1)
+);
+--> statement-breakpoint
+CREATE TABLE "memory_embeddings" (
+	"memory_id" uuid PRIMARY KEY NOT NULL,
+	"embedding" vector(1536) NOT NULL,
+	"model" varchar(100) DEFAULT 'text-embedding-3-small' NOT NULL,
+	"model_version" varchar(50),
+	"normalized" boolean DEFAULT true,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "memory_embeddings_model_check" CHECK ("memory_embeddings"."model" IN ('text-embedding-3-small', 'text-embedding-3-large', 'text-embedding-ada-002', 'voyage-large-2', 'voyage-code-2', 'cohere-embed-v3', 'bge-large-en-v1.5', 'custom'))
+);
+--> statement-breakpoint
+CREATE TABLE "memory_relationships" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"source_memory_id" uuid NOT NULL,
+	"target_memory_id" uuid NOT NULL,
+	"relationship_type" varchar(30) NOT NULL,
+	"weight" numeric(4, 3) DEFAULT '1.000',
+	"bidirectional" boolean DEFAULT false,
+	"metadata" jsonb DEFAULT '{}'::jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "memory_relationships_unique_edge" UNIQUE("source_memory_id","target_memory_id","relationship_type"),
+	CONSTRAINT "memory_relationships_type_check" CHECK ("memory_relationships"."relationship_type" IN ('updates', 'extends', 'derives', 'contradicts', 'supports', 'relates', 'temporal', 'causal', 'part_of', 'similar')),
+	CONSTRAINT "memory_relationships_weight_check" CHECK ("memory_relationships"."weight" >= 0 AND "memory_relationships"."weight" <= 1),
+	CONSTRAINT "memory_relationships_no_self_loop" CHECK ("memory_relationships"."source_memory_id" != "memory_relationships"."target_memory_id")
+);
+--> statement-breakpoint
+CREATE TABLE "user_profiles" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"container_tag" varchar(255) NOT NULL,
+	"static_facts" jsonb DEFAULT '[]'::jsonb,
+	"dynamic_facts" jsonb DEFAULT '[]'::jsonb,
+	"preferences" jsonb DEFAULT '{}'::jsonb,
+	"computed_traits" jsonb DEFAULT '{}'::jsonb,
+	"last_interaction_at" timestamp with time zone,
+	"memory_count" integer DEFAULT 0,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "user_profiles_container_tag_unique" UNIQUE("container_tag")
+);
+--> statement-breakpoint
+CREATE TABLE "processing_queue" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"document_id" uuid NOT NULL,
+	"stage" varchar(30) DEFAULT 'extraction' NOT NULL,
+	"status" varchar(20) DEFAULT 'pending' NOT NULL,
+	"priority" integer DEFAULT 0,
+	"error" text,
+	"error_code" varchar(50),
+	"attempts" integer DEFAULT 0,
+	"max_attempts" integer DEFAULT 3,
+	"worker_id" varchar(100),
+	"metadata" jsonb DEFAULT '{}'::jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"started_at" timestamp with time zone,
+	"completed_at" timestamp with time zone,
+	"scheduled_at" timestamp with time zone DEFAULT now(),
+	CONSTRAINT "processing_queue_stage_check" CHECK ("processing_queue"."stage" IN ('extraction', 'embedding', 'deduplication', 'relationship', 'profile_update', 'cleanup')),
+	CONSTRAINT "processing_queue_status_check" CHECK ("processing_queue"."status" IN ('pending', 'processing', 'completed', 'failed', 'cancelled', 'retry')),
+	CONSTRAINT "processing_queue_attempts_check" CHECK ("processing_queue"."attempts" <= "processing_queue"."max_attempts")
+);
+--> statement-breakpoint
+ALTER TABLE "container_tags" ADD CONSTRAINT "container_tags_parent_tag_container_tags_tag_fk" FOREIGN KEY ("parent_tag") REFERENCES "public"."container_tags"("tag") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "memories" ADD CONSTRAINT "memories_document_id_documents_id_fk" FOREIGN KEY ("document_id") REFERENCES "public"."documents"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "memories" ADD CONSTRAINT "memories_supersedes_id_memories_id_fk" FOREIGN KEY ("supersedes_id") REFERENCES "public"."memories"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "memory_embeddings" ADD CONSTRAINT "memory_embeddings_memory_id_memories_id_fk" FOREIGN KEY ("memory_id") REFERENCES "public"."memories"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "memory_relationships" ADD CONSTRAINT "memory_relationships_source_memory_id_memories_id_fk" FOREIGN KEY ("source_memory_id") REFERENCES "public"."memories"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "memory_relationships" ADD CONSTRAINT "memory_relationships_target_memory_id_memories_id_fk" FOREIGN KEY ("target_memory_id") REFERENCES "public"."memories"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "user_profiles" ADD CONSTRAINT "user_profiles_container_tag_container_tags_tag_fk" FOREIGN KEY ("container_tag") REFERENCES "public"."container_tags"("tag") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "processing_queue" ADD CONSTRAINT "processing_queue_document_id_documents_id_fk" FOREIGN KEY ("document_id") REFERENCES "public"."documents"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "idx_container_tags_parent" ON "container_tags" USING btree ("parent_tag");--> statement-breakpoint
+CREATE INDEX "idx_container_tags_active" ON "container_tags" USING btree ("is_active") WHERE "container_tags"."is_active" = TRUE;--> statement-breakpoint
+CREATE INDEX "idx_container_tags_metadata" ON "container_tags" USING gin ("metadata");--> statement-breakpoint
+CREATE INDEX "idx_container_tags_hierarchy" ON "container_tags" USING btree ("tag","parent_tag");--> statement-breakpoint
+CREATE INDEX "idx_documents_container_tag" ON "documents" USING btree ("container_tag");--> statement-breakpoint
+CREATE INDEX "idx_documents_status" ON "documents" USING btree ("status") WHERE "documents"."status" != 'processed';--> statement-breakpoint
+CREATE INDEX "idx_documents_custom_id" ON "documents" USING btree ("custom_id") WHERE "documents"."custom_id" IS NOT NULL;--> statement-breakpoint
+CREATE INDEX "idx_documents_content_hash" ON "documents" USING btree ("content_hash");--> statement-breakpoint
+CREATE INDEX "idx_documents_created_at" ON "documents" USING btree ("created_at" DESC NULLS LAST);--> statement-breakpoint
+CREATE INDEX "idx_documents_metadata" ON "documents" USING gin ("metadata" jsonb_path_ops);--> statement-breakpoint
+CREATE INDEX "idx_documents_container_status" ON "documents" USING btree ("container_tag","status","created_at");--> statement-breakpoint
+CREATE INDEX "idx_memories_document_id" ON "memories" USING btree ("document_id") WHERE "memories"."document_id" IS NOT NULL;--> statement-breakpoint
+CREATE INDEX "idx_memories_container_tag" ON "memories" USING btree ("container_tag");--> statement-breakpoint
+CREATE INDEX "idx_memories_type" ON "memories" USING btree ("memory_type");--> statement-breakpoint
+CREATE INDEX "idx_memories_is_latest" ON "memories" USING btree ("is_latest") WHERE "memories"."is_latest" = TRUE;--> statement-breakpoint
+CREATE INDEX "idx_memories_similarity_hash" ON "memories" USING btree ("similarity_hash");--> statement-breakpoint
+CREATE INDEX "idx_memories_supersedes" ON "memories" USING btree ("supersedes_id") WHERE "memories"."supersedes_id" IS NOT NULL;--> statement-breakpoint
+CREATE INDEX "idx_memories_metadata" ON "memories" USING gin ("metadata" jsonb_path_ops);--> statement-breakpoint
+CREATE INDEX "idx_memories_created_at" ON "memories" USING btree ("created_at" DESC NULLS LAST);--> statement-breakpoint
+CREATE INDEX "idx_memories_container_latest" ON "memories" USING btree ("container_tag","is_latest","created_at") WHERE "memories"."is_latest" = TRUE;--> statement-breakpoint
+CREATE INDEX "idx_memories_container_type_latest" ON "memories" USING btree ("container_tag","memory_type","is_latest") WHERE "memories"."is_latest" = TRUE;--> statement-breakpoint
+CREATE INDEX "idx_memories_version_chain" ON "memories" USING btree ("supersedes_id","version") WHERE "memories"."supersedes_id" IS NOT NULL;--> statement-breakpoint
+CREATE INDEX "idx_memory_embeddings_hnsw" ON "memory_embeddings" USING hnsw ("embedding" vector_cosine_ops) WITH (m=16,ef_construction=64);--> statement-breakpoint
+CREATE INDEX "idx_memory_embeddings_model" ON "memory_embeddings" USING btree ("model");--> statement-breakpoint
+CREATE INDEX "idx_memory_rel_source" ON "memory_relationships" USING btree ("source_memory_id");--> statement-breakpoint
+CREATE INDEX "idx_memory_rel_target" ON "memory_relationships" USING btree ("target_memory_id");--> statement-breakpoint
+CREATE INDEX "idx_memory_rel_type" ON "memory_relationships" USING btree ("relationship_type");--> statement-breakpoint
+CREATE INDEX "idx_memory_rel_bidirectional" ON "memory_relationships" USING btree ("source_memory_id","target_memory_id") WHERE "memory_relationships"."bidirectional" = TRUE;--> statement-breakpoint
+CREATE INDEX "idx_memory_rel_graph" ON "memory_relationships" USING btree ("source_memory_id","target_memory_id","relationship_type","weight");--> statement-breakpoint
+CREATE INDEX "idx_user_profiles_container" ON "user_profiles" USING btree ("container_tag");--> statement-breakpoint
+CREATE INDEX "idx_user_profiles_static_facts" ON "user_profiles" USING gin ("static_facts");--> statement-breakpoint
+CREATE INDEX "idx_user_profiles_dynamic_facts" ON "user_profiles" USING gin ("dynamic_facts");--> statement-breakpoint
+CREATE INDEX "idx_user_profiles_preferences" ON "user_profiles" USING gin ("preferences");--> statement-breakpoint
+CREATE INDEX "idx_user_profiles_updated" ON "user_profiles" USING btree ("updated_at" DESC NULLS LAST);--> statement-breakpoint
+CREATE INDEX "idx_processing_queue_document" ON "processing_queue" USING btree ("document_id");--> statement-breakpoint
+CREATE INDEX "idx_processing_queue_status" ON "processing_queue" USING btree ("status") WHERE "processing_queue"."status" IN ('pending', 'retry');--> statement-breakpoint
+CREATE INDEX "idx_processing_queue_stage" ON "processing_queue" USING btree ("stage");--> statement-breakpoint
+CREATE INDEX "idx_processing_queue_worker" ON "processing_queue" USING btree ("worker_id") WHERE "processing_queue"."worker_id" IS NOT NULL;--> statement-breakpoint
+CREATE INDEX "idx_processing_queue_priority" ON "processing_queue" USING btree ("priority" DESC NULLS LAST,"scheduled_at") WHERE "processing_queue"."status" IN ('pending', 'retry');--> statement-breakpoint
+CREATE INDEX "idx_processing_queue_stale" ON "processing_queue" USING btree ("started_at") WHERE "processing_queue"."status" = 'processing';--> statement-breakpoint
+CREATE INDEX "idx_processing_queue_worker_select" ON "processing_queue" USING btree ("status","stage","priority","scheduled_at") WHERE "processing_queue"."status" IN ('pending', 'retry');

package/drizzle/0001_api_keys.sql

@@ -0,0 +1,51 @@
+-- API Keys table for MCP authentication
+-- Migration: Add API key authentication support
+
+CREATE TABLE "api_keys" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"key_hash" varchar(255) NOT NULL,
+	"name" varchar(255) NOT NULL,
+	"scopes" jsonb DEFAULT '["read"]'::jsonb NOT NULL,
+	"expires_at" timestamp with time zone,
+	"last_used_at" timestamp with time zone,
+	"revoked" timestamp with time zone,
+	"metadata" jsonb DEFAULT '{}'::jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+
+-- Index for fast key lookup during authentication
+CREATE INDEX "idx_api_keys_hash" ON "api_keys" USING btree ("key_hash");
+--> statement-breakpoint
+
+-- Index for listing active keys (not expired, not revoked)
+CREATE INDEX "idx_api_keys_active" ON "api_keys" USING btree ("expires_at", "revoked") WHERE ("revoked" IS NULL);
+--> statement-breakpoint
+
+-- Index for usage tracking and security audits
+CREATE INDEX "idx_api_keys_last_used" ON "api_keys" USING btree ("last_used_at" DESC);
+--> statement-breakpoint
+
+-- Index for scopes filtering
+CREATE INDEX "idx_api_keys_scopes" ON "api_keys" USING gin ("scopes");
+--> statement-breakpoint
+
+-- Index for metadata search
+CREATE INDEX "idx_api_keys_metadata" ON "api_keys" USING gin ("metadata" jsonb_path_ops);
+--> statement-breakpoint
+
+-- Index for name lookup
+CREATE INDEX "idx_api_keys_name" ON "api_keys" USING btree ("name");
+--> statement-breakpoint
+
+-- Index for expiration checks
+CREATE INDEX "idx_api_keys_expires" ON "api_keys" USING btree ("expires_at") WHERE ("expires_at" IS NOT NULL);
+--> statement-breakpoint
+
+-- Add comment explaining the security model
+COMMENT ON TABLE "api_keys" IS 'API keys for MCP authentication. Keys are hashed with bcrypt (cost factor 10). Never store plaintext keys.';
+COMMENT ON COLUMN "api_keys"."key_hash" IS 'Bcrypt hash of the API key (never store plaintext)';
+COMMENT ON COLUMN "api_keys"."scopes" IS 'Permissions granted to this key: read, write, admin';
+COMMENT ON COLUMN "api_keys"."revoked" IS 'Timestamp when the key was revoked (NULL = active)';
+COMMENT ON COLUMN "api_keys"."last_used_at" IS 'Last time this key was used for authentication';