@xultrax-web/agent-memory-mcp 0.11.2 → 0.11.4

package/README.md

@@ -43,6 +43,35 @@ Companion file targets (v0.11.1):
 
 Set `AGENT_MEMORY_AUTO_EMIT_DIR=/path/to/project` to auto-regenerate all companions on every rule save.
 
+### `check_action` · the protocol enforcement point (v0.11.3)
+
+```bash
+# Agent proposes an action · server matches against rule store
+agent-memory check-action "delete the memory called old-project-notes" --type deletions
+
+# → On approval: returns a Compliance Receipt the agent passes back to destructive tools
+# → On deny: returns structured hard_violations + soft_warnings
+```
+
+MCP shape:
+
+```jsonc
+{
+  "name": "check_action",
+  "arguments": {
+    "action": "delete the memory called old-project-notes",
+    "action_type": "deletions",
+    "session_id": "sess_abc",
+  },
+}
+```
+
+Tier 1 (deterministic, every client): action is matched against `rule.matches` regexes, filtered by `rule.enforce_on` categories. Hard violations block; soft violations warn. Approved actions get a fresh receipt with 60s TTL.
+
+Tier 2 (Sampling-enriched LLM judgment on `rule.applies_when`) lands in v0.11.3.x for clients that support Sampling.
+
+**Receipt-gated delete_memory:** v0.11.3 accepts an optional `receipt` argument on `delete_memory`. Pass a receipt with `{type: 'action_type', value: 'deletions'}` and the delete validates against the rule store. v0.12 will make this required.
+
 ### Compliance Receipts (v0.11.2 · primitive · tool wiring in v0.11.3)
 
 Receipts are short-lived, HMAC-signed bearer tokens with caveats (Macaroon pattern · [Birgisson et al., NDSS 2014](https://research.google/pubs/pub41892/)). The novel protocol primitive in agent-memory-mcp: server-issued tokens that bind to action + session + rules-version-hash + expiry. Tampering breaks the HMAC. Rule changes invalidate stale receipts (because `rules_version` is part of the signed payload).
@@ -68,10 +97,29 @@ if (!v.valid) throw new Error(v.reason);
 
 HMAC key lives at `<MEMORY_DIR>/.keyring/hmac-key` · 32 random bytes · mode `0600`. v0.11.3 wires receipts into `delete_memory` + other destructive tools and adds the `check_action` MCP tool.
 
+### `audit` command (v0.11.4)
+
+Daily operational health report for the rule store:
+
+```bash
+agent-memory audit          # pretty colored terminal output
+agent-memory audit --json   # structured JSON for tooling
+```
+
+Surfaces:
+
+- Rule count broken down by severity (hard / soft / unspecified)
+- **Stale rules** · `last_verified` > 90 days ago, or never verified
+- **Pattern conflicts** · two rules sharing an `enforce_on` category AND an identical regex in their `matches` arrays
+- **Recent denials** · `check_action` calls that blocked an action (helps spot over-aggressive rules)
+- **Unreceipted destructive ops** · `delete_memory` calls that bypassed the receipt path (back-compat in v0.11.x · v0.12 will remove the path)
+
+The `healthy` flag is true iff no stale rules, no conflicts, no unreceipted ops in the recent log.
+
 ### Roadmap for the v0.11.x series:
 
-- `check_action` tool · deterministic rule matching · optional Sampling enrichment where clients support it · issues Compliance Receipts when proposed action passes
-- `audit` command · rule conflicts · staleness · receipt-denial log
+- Compliance Receipt Protocol 1.0 spec doc on GitHub so other MCP servers can adopt the pattern
+- Sampling-enriched Tier-2 `check_action` for clients that support it
 
 ---
 

package/dist/index.js

@@ -190,6 +190,20 @@ function parseStringArray(input) {
     const out = input.filter((x) => typeof x === "string" && x.length > 0);
     return out.length > 0 ? out : undefined;
 }
+/**
+ * js-yaml (gray-matter's parser) auto-coerces ISO-8601 date strings into
+ * JavaScript Date objects unless quoted. Normalize to YYYY-MM-DD string
+ * regardless of whether the YAML gave us a string or a Date.
+ */
+function parseLastVerified(input) {
+    if (input instanceof Date) {
+        return input.toISOString().slice(0, 10);
+    }
+    if (typeof input === "string" && /^\d{4}-\d{2}-\d{2}$/.test(input)) {
+        return input;
+    }
+    return undefined;
+}
 export function readMemory(name) {
     const fp = memoryFilePath(name);
     if (!existsSync(fp))
@@ -210,9 +224,7 @@ export function readMemory(name) {
         applies_when: parseStringArray(fm.applies_when),
         matches: parseStringArray(fm.matches),
         enforce_on: parseStringArray(fm.enforce_on),
-        last_verified: typeof fm.last_verified === "string" && /^\d{4}-\d{2}-\d{2}$/.test(fm.last_verified)
-            ? fm.last_verified
-            : undefined,
+        last_verified: parseLastVerified(fm.last_verified),
     };
 }
 export function listMemoryFiles() {
@@ -603,6 +615,27 @@ export function toolDeleteMemory(args) {
     const fp = memoryFilePath(name);
     if (!existsSync(fp))
         return `Memory "${name}" not found.`;
+    // v0.11.3 · receipt-gated path. If a receipt is supplied, validate it
+    // against the current rule set + required caveats. If validation fails,
+    // refuse the delete with a clear reason. If no receipt is supplied,
+    // proceed (back-compat) but log so audit can surface the gap. v0.12
+    // will require receipts unconditionally for destructive ops.
+    const receipt = parseReceiptArg(args.receipt);
+    if (receipt) {
+        const v = validateReceipt(receipt, {
+            required_caveats: [{ type: "action_type", value: "deletions" }],
+        });
+        if (!v.valid) {
+            logEvent("delete_denied", { name, reason: v.reason, receipt_id: receipt.id });
+            throw new Error(`delete_memory refused · receipt invalid (${v.reason}). ` +
+                `Call check_action({action: 'delete memory ${name}', action_type: 'deletions'}) ` +
+                `to get a fresh receipt.`);
+        }
+        logEvent("delete_approved_via_receipt", { name, receipt_id: receipt.id });
+    }
+    else {
+        logEvent("delete_without_receipt", { name });
+    }
     return withLock(() => {
         ensureTrash();
         // Trash filename: <unix-ms>-<name>.md so restore can pick the
@@ -611,9 +644,12 @@ export function toolDeleteMemory(args) {
         const trashPath = join(TRASH_DIR, `${ts}-${name}.md`);
         renameSync(fp, trashPath);
         removeIndexEntryUnlocked(name);
-        logEvent("delete", { name, trash: `${ts}-${name}.md` });
+        logEvent("delete", { name, trash: `${ts}-${name}.md`, gated: !!receipt });
         log("debug", "delete_memory", { name });
-        return `Moved "${name}" to trash. Restore with: agent-memory restore ${name}`;
+        const gateMsg = receipt
+            ? ` (gated by receipt ${receipt.id})`
+            : " (no receipt · v0.11.3 back-compat path)";
+        return `Moved "${name}" to trash${gateMsg}. Restore with: agent-memory restore ${name}`;
     });
 }
 function toolRestoreMemory(args) {
@@ -1418,6 +1454,317 @@ export function validateReceipt(receipt, opts = {}) {
     }
     return { valid: true };
 }
+function safeRegex(pattern) {
+    try {
+        return new RegExp(pattern, "i");
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Deterministic rule check. For each type=rule memory:
+ *   1. Skip if rule.enforce_on is non-empty and doesn't include actionType.
+ *   2. For each pattern in rule.matches, test against the proposed action.
+ *   3. If any pattern matches → violation entry.
+ * Hard violations block; soft violations warn.
+ */
+export function checkActionAgainstRules(action, actionType) {
+    const rules = loadAllRules();
+    const hard = [];
+    const soft = [];
+    for (const rule of rules) {
+        // Scope filter · if enforce_on is specified, the action's type must be
+        // listed. Empty enforce_on means "applies everywhere".
+        if (rule.enforce_on && rule.enforce_on.length > 0) {
+            if (!rule.enforce_on.includes(actionType))
+                continue;
+        }
+        // No matches array → this rule has no deterministic pattern, only
+        // applies_when (Sampling-only). Skip in Tier 1.
+        if (!rule.matches || rule.matches.length === 0)
+            continue;
+        for (const pat of rule.matches) {
+            const re = safeRegex(pat);
+            if (!re)
+                continue;
+            if (re.test(action)) {
+                const violation = {
+                    rule: rule.name,
+                    severity: rule.severity ?? "soft",
+                    reason: `matched pattern '${pat}' on action of type '${actionType}'`,
+                };
+                if (violation.severity === "hard")
+                    hard.push(violation);
+                else
+                    soft.push(violation);
+                break; // one match per rule is enough
+            }
+        }
+    }
+    return { hard, soft, rules_evaluated: rules.length };
+}
+function toolCheckAction(args) {
+    const action = String(args.action ?? "").trim();
+    const actionType = String(args.action_type ?? "").trim();
+    const sessionId = typeof args.session_id === "string" ? args.session_id.trim() : "";
+    if (!action)
+        throw new Error("action is required (the proposed action description)");
+    if (!actionType)
+        throw new Error("action_type is required (e.g. 'deletions', 'commits', 'file_writes', 'chat_responses')");
+    const { hard, soft, rules_evaluated } = checkActionAgainstRules(action, actionType);
+    if (hard.length > 0) {
+        const result = {
+            approved: false,
+            hard_violations: hard,
+            soft_warnings: soft,
+            rules_evaluated,
+        };
+        logEvent("check_action_denied", {
+            proposed_action: action,
+            action_type: actionType,
+            hard_count: hard.length,
+            soft_count: soft.length,
+        });
+        return JSON.stringify(result, null, 2);
+    }
+    // Approved · issue a receipt that downstream tools can require.
+    const caveats = [
+        { type: "action_type", value: actionType },
+        { type: "action_hash", value: createHash("sha256").update(action).digest("hex").slice(0, 16) },
+    ];
+    if (sessionId)
+        caveats.push({ type: "session", value: sessionId });
+    const receipt = issueReceipt({ caveats });
+    const result = {
+        approved: true,
+        receipt,
+        hard_violations: [],
+        soft_warnings: soft,
+        rules_evaluated,
+    };
+    logEvent("check_action_approved", {
+        proposed_action: action,
+        action_type: actionType,
+        receipt_id: receipt.id,
+        soft_count: soft.length,
+    });
+    return JSON.stringify(result, null, 2);
+}
+/**
+ * Parse a receipt argument · accepts either an already-decoded object or
+ * a JSON string (the form check_action returns when the agent calls it).
+ * Returns null if missing/unparseable.
+ */
+function parseReceiptArg(input) {
+    if (!input)
+        return null;
+    if (typeof input === "object")
+        return input;
+    if (typeof input === "string") {
+        try {
+            return JSON.parse(input);
+        }
+        catch {
+            return null;
+        }
+    }
+    return null;
+}
+// -------------------------------------------------------------
+// audit · v0.11.4 · daily-rhythm operational health command
+// -------------------------------------------------------------
+//
+// Surfaces what's working and what's drifting in the rule store:
+//   - Rule count, broken down by severity
+//   - Stale rules (last_verified > 90 days ago, or never verified)
+//   - Pattern conflicts (two rules sharing an enforce_on category AND
+//     an identical regex in their matches arrays · likely contradiction)
+//   - Recent check_action denials (the system blocked something — was
+//     that the right call? is a rule too aggressive?)
+//   - Recent unreceipted destructive ops (back-compat path · v0.12 will
+//     remove it but for v0.11.x audit just flags them)
+const STALE_THRESHOLD_DAYS = 90;
+const AUDIT_EVENT_TAIL = 50;
+function summarizeRules(rules) {
+    let hard = 0;
+    let soft = 0;
+    let noSev = 0;
+    for (const r of rules) {
+        if (r.severity === "hard")
+            hard++;
+        else if (r.severity === "soft")
+            soft++;
+        else
+            noSev++;
+    }
+    return { total: rules.length, hard, soft, no_severity: noSev };
+}
+function findStaleRules(rules, thresholdDays) {
+    const now = Date.now();
+    const stale = [];
+    for (const r of rules) {
+        if (!r.last_verified) {
+            stale.push({
+                name: r.name,
+                last_verified: null,
+                age_days: null,
+                description: r.description,
+            });
+            continue;
+        }
+        const verifiedAt = new Date(r.last_verified).getTime();
+        if (Number.isNaN(verifiedAt)) {
+            stale.push({
+                name: r.name,
+                last_verified: r.last_verified,
+                age_days: null,
+                description: r.description,
+            });
+            continue;
+        }
+        const ageDays = Math.floor((now - verifiedAt) / 86400_000);
+        if (ageDays > thresholdDays) {
+            stale.push({
+                name: r.name,
+                last_verified: r.last_verified,
+                age_days: ageDays,
+                description: r.description,
+            });
+        }
+    }
+    return stale;
+}
+function findPatternConflicts(rules) {
+    const conflicts = [];
+    for (let i = 0; i < rules.length; i++) {
+        const a = rules[i];
+        if (!a.matches || a.matches.length === 0)
+            continue;
+        for (let j = i + 1; j < rules.length; j++) {
+            const b = rules[j];
+            if (!b.matches || b.matches.length === 0)
+                continue;
+            // Need overlap in enforce_on (or both empty → universal)
+            const aCategories = a.enforce_on ?? [];
+            const bCategories = b.enforce_on ?? [];
+            const sharedCategories = aCategories.length === 0 || bCategories.length === 0
+                ? ["(universal)"]
+                : aCategories.filter((c) => bCategories.includes(c));
+            if (sharedCategories.length === 0)
+                continue;
+            // Need at least one identical pattern · low-false-positive heuristic
+            const sharedPatterns = a.matches.filter((p) => b.matches.includes(p));
+            if (sharedPatterns.length === 0)
+                continue;
+            for (const cat of sharedCategories) {
+                for (const pat of sharedPatterns) {
+                    conflicts.push({
+                        rule_a: a.name,
+                        rule_b: b.name,
+                        shared_pattern: pat,
+                        shared_enforce_on: cat,
+                    });
+                }
+            }
+        }
+    }
+    return conflicts;
+}
+function recentDenials() {
+    const records = readEventLog({ tail: AUDIT_EVENT_TAIL, action: "check_action_denied" });
+    return records.map((r) => ({
+        ts: String(r.ts),
+        action: String(r.proposed_action ?? ""),
+        action_type: String(r.action_type ?? ""),
+        hard_count: typeof r.hard_count === "number" ? r.hard_count : 0,
+    }));
+}
+function recentUnreceiptedDeletes() {
+    const records = readEventLog({ tail: AUDIT_EVENT_TAIL, action: "delete_without_receipt" });
+    return records.map((r) => ({
+        ts: String(r.ts),
+        name: String(r.name ?? ""),
+    }));
+}
+export function runAudit() {
+    const rules = loadAllRules();
+    const stale = findStaleRules(rules, STALE_THRESHOLD_DAYS);
+    const conflicts = findPatternConflicts(rules);
+    const denials = recentDenials();
+    const unreceipted = recentUnreceiptedDeletes();
+    return {
+        rules: summarizeRules(rules),
+        stale_rules: stale,
+        pattern_conflicts: conflicts,
+        recent_denials: denials,
+        recent_unreceipted_deletes: unreceipted,
+        healthy: stale.length === 0 && conflicts.length === 0 && unreceipted.length === 0,
+    };
+}
+function formatAuditPretty(r) {
+    const lines = [];
+    lines.push(c(ANSI.bold, "agent-memory audit"));
+    lines.push("");
+    lines.push(`  Rules: ${c(ANSI.bold, String(r.rules.total))}  ` +
+        `(${c(ANSI.red, String(r.rules.hard) + " hard")} · ` +
+        `${c(ANSI.yellow, String(r.rules.soft) + " soft")} · ` +
+        `${r.rules.no_severity} unspecified)`);
+    lines.push("");
+    if (r.stale_rules.length > 0) {
+        lines.push(c(ANSI.yellow, `  ${r.stale_rules.length} stale rule(s):`));
+        for (const s of r.stale_rules) {
+            const age = s.age_days === null
+                ? c(ANSI.dim, "(never verified)")
+                : c(ANSI.dim, `(${s.age_days}d since last_verified)`);
+            lines.push(`    ${s.name}  ${age}`);
+            lines.push(`      ${c(ANSI.dim, s.description)}`);
+        }
+        lines.push("");
+    }
+    else {
+        lines.push(c(ANSI.green, "  All rules verified within 90 days."));
+        lines.push("");
+    }
+    if (r.pattern_conflicts.length > 0) {
+        lines.push(c(ANSI.red, `  ${r.pattern_conflicts.length} pattern conflict(s):`));
+        for (const conf of r.pattern_conflicts) {
+            lines.push(`    ${conf.rule_a} <-> ${conf.rule_b}  ` +
+                c(ANSI.dim, `(share pattern '${conf.shared_pattern}' on '${conf.shared_enforce_on}')`));
+        }
+        lines.push("");
+    }
+    else {
+        lines.push(c(ANSI.green, "  No pattern conflicts detected."));
+        lines.push("");
+    }
+    if (r.recent_denials.length > 0) {
+        lines.push(`  Recent denials (${r.recent_denials.length}):`);
+        for (const d of r.recent_denials.slice(-5)) {
+            lines.push(`    ${c(ANSI.dim, d.ts.slice(0, 19))}  ${d.action_type}  ` +
+                c(ANSI.red, `(${d.hard_count} hard violation${d.hard_count === 1 ? "" : "s"})`));
+            lines.push(`      ${c(ANSI.dim, d.action)}`);
+        }
+        lines.push("");
+    }
+    if (r.recent_unreceipted_deletes.length > 0) {
+        lines.push(c(ANSI.yellow, `  ${r.recent_unreceipted_deletes.length} unreceipted delete(s):`));
+        for (const u of r.recent_unreceipted_deletes.slice(-5)) {
+            lines.push(`    ${c(ANSI.dim, u.ts.slice(0, 19))}  ${u.name}`);
+        }
+        lines.push(c(ANSI.dim, `    (v0.11.x back-compat path; v0.12 will require receipts for delete_memory)`));
+        lines.push("");
+    }
+    lines.push(r.healthy
+        ? c(ANSI.green, "  HEALTHY · no action required")
+        : c(ANSI.yellow, "  ATTENTION · review the items above"));
+    return lines.join("\n");
+}
+function toolAudit(args) {
+    const json = args.json === true || args.format === "json";
+    const report = runAudit();
+    return json ? JSON.stringify(report, null, 2) : formatAuditPretty(report);
+}
 // -------------------------------------------------------------
 // Git sync · multi-machine memory via git remote
 // -------------------------------------------------------------
@@ -1740,7 +2087,7 @@ function actionColor(action) {
 // -------------------------------------------------------------
 // Server wiring
 // -------------------------------------------------------------
-const server = new Server({ name: "agent-memory", version: "0.11.2" }, { capabilities: { tools: {}, resources: {}, prompts: {} } });
+const server = new Server({ name: "agent-memory", version: "0.11.4" }, { capabilities: { tools: {}, resources: {}, prompts: {} } });
 // -------------------------------------------------------------
 // Resource URI scheme
 // -------------------------------------------------------------
@@ -2063,11 +2410,17 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
         },
         {
             name: "delete_memory",
-            description: "Move a memory to .trash/ (soft delete). The file is removed from the index but recoverable via restore_memory until you manually empty .trash/.",
+            description: "Move a memory to .trash/ (soft delete). The file is removed from the index but recoverable via restore_memory until you manually empty .trash/. " +
+                "v0.11.3+ accepts an optional `receipt` argument · pass a Compliance Receipt from check_action({action_type: 'deletions'}) to gate the delete against the rule store. " +
+                "Receipts must carry the caveat {type: 'action_type', value: 'deletions'} or the delete refuses. " +
+                "Receipts not supplied are accepted (back-compat) but logged · v0.12 will require them.",
             inputSchema: {
                 type: "object",
                 properties: {
                     name: { type: "string", description: "The memory's name slug" },
+                    receipt: {
+                        description: "Optional Compliance Receipt (object or JSON string) from check_action. v0.11.3 logs unreceipted deletes but doesn't block them yet.",
+                    },
                 },
                 required: ["name"],
             },
@@ -2236,6 +2589,48 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
             description: "List every active rule memory with severity, scope, and staleness markers (>90 days since last_verified). Use this to audit which rules are currently constraining the agent.",
             inputSchema: { type: "object", properties: {} },
         },
+        {
+            name: "audit",
+            description: "v0.11.4 · operational health report for the rule store. Surfaces: rule count by severity, stale rules (last_verified > 90 days or null), pattern conflicts (two rules sharing an enforce_on category AND an identical regex pattern), recent check_action denials, and recent unreceipted destructive ops. " +
+                "Default returns pretty-printed text; pass {format: 'json'} for structured output. " +
+                "Run daily-ish · the report is fast and gives the operator a single view of what's drifting.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    format: {
+                        type: "string",
+                        enum: ["pretty", "json"],
+                        description: "Output format. Default 'pretty' (human-readable colored text).",
+                    },
+                },
+            },
+        },
+        {
+            name: "check_action",
+            description: "v0.11.3 · the protocol enforcement point. Pass a proposed action description + its category; the server matches against rule memories (type=rule) and either:\n" +
+                "  - APPROVES: returns a short-lived Compliance Receipt (HMAC-signed, 60s default) the agent can pass to destructive tools (e.g. delete_memory) as proof of compliance.\n" +
+                "  - DENIES: returns structured hard_violations (severity:hard rules that block) and/or soft_warnings (severity:soft rules that warn but allow).\n\n" +
+                "Tier 1 (deterministic) matches the action against rule.matches regexes + rule.enforce_on category filter. Works on every MCP client.\n" +
+                "Tier 2 (Sampling-enriched LLM judgment on rule.applies_when) ships in v0.11.3.x for clients that support Sampling (Claude Desktop, VS Code Copilot).",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    action: {
+                        type: "string",
+                        description: "Description of the proposed action. Plain prose · 'delete the memory called X', 'push to main branch', 'commit with message Y', etc.",
+                    },
+                    action_type: {
+                        type: "string",
+                        description: "Action category for rule.enforce_on matching. Examples: 'deletions', 'commits', 'pushes', 'file_writes', 'chat_responses', 'tool_calls'.",
+                    },
+                    session_id: {
+                        type: "string",
+                        description: "Optional session identifier · binds the issued receipt to this session via a caveat.",
+                    },
+                },
+                required: ["action", "action_type"],
+            },
+        },
         {
             name: "emit_companions",
             description: "Regenerate companion rule files from the current rule memories. " +
@@ -2325,6 +2720,12 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             case "emit_companions":
                 result = toolEmitCompanions(args);
                 break;
+            case "check_action":
+                result = toolCheckAction(args);
+                break;
+            case "audit":
+                result = toolAudit(args);
+                break;
             default:
                 throw new Error(`Unknown tool: ${name}`);
         }
@@ -2364,6 +2765,8 @@ const CLI_COMMANDS = new Set([
     "save-rule",
     "list-rules",
     "emit-companions",
+    "check-action",
+    "audit",
     "ui",
     "import-claude-code",
     "help",
@@ -2609,6 +3012,23 @@ async function cliMain(command, rest) {
                 process.stdout.write(toolEmitCompanions({ out_dir: out, targets }) + "\n");
                 return 0;
             }
+            case "check-action": {
+                const action = positional[0];
+                const actionType = String(flags.type ?? flags["action-type"] ?? "");
+                if (!action || !actionType) {
+                    throw new Error("Usage: agent-memory check-action '<action description>' --type <action_type> [--session <id>]");
+                }
+                process.stdout.write(toolCheckAction({
+                    action,
+                    action_type: actionType,
+                    session_id: flags.session ? String(flags.session) : undefined,
+                }) + "\n");
+                return 0;
+            }
+            case "audit": {
+                process.stdout.write(toolAudit({ format: flags.json ? "json" : "pretty" }) + "\n");
+                return 0;
+            }
             case "ui": {
                 // Dynamic import so Ink + React only load when the TUI runs,
                 // keeping cold-start fast for MCP server + every other CLI command.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xultrax-web/agent-memory-mcp",
-  "version": "0.11.2",
+  "version": "0.11.4",
   "mcpName": "io.github.xultrax-web/agent-memory-mcp",
   "description": "Markdown memory for AI agents. Plain files you can read, edit, grep, and commit. Operator-grade storage with atomic writes, file locking, tags, [[wiki-links]], find_related, git-backed multi-machine sync, and an Ink-based TUI.",
   "type": "module",