claude-self-reflect 2.4.11 → 2.4.13

package/Dockerfile.importer

@@ -5,12 +5,20 @@ WORKDIR /app
 # Update system packages for security
 RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/*
 
-# Install dependencies
-COPY scripts/requirements.txt .
-RUN pip install --no-cache-dir -r requirements.txt
+# Install dependencies directly (avoids file path issues with global npm installs)
+RUN pip install --no-cache-dir \
+    qdrant-client==1.15.0 \
+    openai==1.97.1 \
+    mcp-server-qdrant==0.8.0 \
+    backoff==2.2.1 \
+    tqdm==4.67.1 \
+    humanize==4.12.3 \
+    fastembed==0.7.1 \
+    voyageai==0.3.4 \
+    tenacity==9.1.2
 
-# Copy only the unified import script
-COPY scripts/import-conversations-unified.py .
+# Note: The import script is mounted as a volume in docker-compose.yaml
+# This allows the container to work with both local development and global npm installs
 
-# Run the unified importer
-CMD ["python", "import-conversations-unified.py"]
+# Default command (can be overridden by docker-compose)
+CMD ["python", "--version"]

package/Dockerfile.importer-isolated.alpine

@@ -0,0 +1,21 @@
+FROM python:3.12-alpine
+
+# Install build dependencies, security updates and curl
+RUN apk update && apk upgrade && \
+    apk add --no-cache gcc musl-dev linux-headers curl && \
+    rm -rf /var/cache/apk/*
+
+# Install Python dependencies
+RUN pip install --no-cache-dir \
+    qdrant-client \
+    sentence-transformers \
+    numpy
+
+# Copy the import script with proper permissions
+COPY scripts/import-conversations-unified.py /app/import.py
+RUN chmod +x /app/import.py
+
+WORKDIR /app
+
+# Run the import script
+CMD ["python", "import.py"]

package/Dockerfile.importer.alpine

@@ -0,0 +1,23 @@
+FROM python:3.12-alpine
+
+WORKDIR /app
+
+# Install build dependencies and security updates
+RUN apk update && apk upgrade && \
+    apk add --no-cache gcc musl-dev linux-headers curl && \
+    rm -rf /var/cache/apk/*
+
+# Install Python dependencies
+RUN pip install --no-cache-dir \
+    qdrant-client \
+    sentence-transformers \
+    numpy \
+    fastembed \
+    voyageai \
+    python-dotenv
+
+# Copy scripts
+COPY scripts/import-conversations-unified.py /app/
+
+# Run the import script
+CMD ["python", "import-conversations-unified.py"]

package/Dockerfile.mcp-server.alpine

@@ -0,0 +1,22 @@
+FROM python:3.12-alpine
+
+WORKDIR /app
+
+# Install build dependencies and security updates
+RUN apk update && apk upgrade && \
+    apk add --no-cache gcc musl-dev linux-headers && \
+    rm -rf /var/cache/apk/*
+
+# Copy the MCP server package files
+COPY mcp-server/pyproject.toml ./
+COPY mcp-server/src ./src
+
+# Install the package in development mode
+RUN pip install --no-cache-dir -e .
+
+# Create a non-root user
+RUN adduser -D -u 1000 mcpuser
+USER mcpuser
+
+# Keep the container running and wait for docker exec commands
+CMD ["tail", "-f", "/dev/null"]

package/Dockerfile.mcp-server.ubuntu

@@ -0,0 +1,34 @@
+FROM ubuntu:24.04
+
+# Prevent interactive prompts during package installation
+ENV DEBIAN_FRONTEND=noninteractive
+
+WORKDIR /app
+
+# Install Python 3.12 and security updates
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends \
+    python3.12 \
+    python3.12-venv \
+    python3-pip \
+    python3.12-dev \
+    gcc \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create virtual environment
+RUN python3.12 -m venv /venv
+ENV PATH="/venv/bin:$PATH"
+
+# Copy the MCP server package files
+COPY mcp-server/pyproject.toml ./
+COPY mcp-server/src ./src
+
+# Install the package in development mode
+RUN pip install --no-cache-dir -e .
+
+# Create a non-root user
+RUN useradd -m -u 1000 mcpuser
+USER mcpuser
+
+# Keep the container running and wait for docker exec commands
+CMD ["tail", "-f", "/dev/null"]

package/Dockerfile.streaming-importer.alpine

@@ -0,0 +1,24 @@
+FROM python:3.12-alpine
+
+WORKDIR /app
+
+# Install build dependencies and security updates
+RUN apk update && apk upgrade && \
+    apk add --no-cache gcc g++ musl-dev linux-headers curl && \
+    rm -rf /var/cache/apk/*
+
+# Install Python dependencies
+RUN pip install --no-cache-dir \
+    qdrant-client \
+    sentence-transformers \
+    numpy \
+    fastembed \
+    voyageai \
+    python-dotenv \
+    torch==2.3.0 --index-url https://download.pytorch.org/whl/cpu
+
+# Copy scripts
+COPY scripts/import-conversations-voyage-streaming.py /app/
+
+# Run the streaming import script
+CMD ["python", "-u", "import-conversations-voyage-streaming.py"]

package/Dockerfile.watcher.alpine

@@ -0,0 +1,24 @@
+FROM python:3.12-alpine
+
+WORKDIR /app
+
+# Install build dependencies and security updates
+RUN apk update && apk upgrade && \
+    apk add --no-cache gcc musl-dev linux-headers curl && \
+    rm -rf /var/cache/apk/*
+
+# Install Python dependencies
+RUN pip install --no-cache-dir \
+    qdrant-client \
+    sentence-transformers \
+    numpy \
+    fastembed \
+    voyageai \
+    python-dotenv
+
+# Copy scripts with proper permissions
+COPY scripts/ /app/scripts/
+RUN chmod +x /app/scripts/*.py
+
+# Run the watcher script
+CMD ["python", "-u", "scripts/import-watcher.py"]

package/README.md

@@ -260,6 +260,60 @@ Both embedding options work well. Local mode uses FastEmbed for privacy and offl
 - [Why We Built This](docs/motivation-and-history.md) - The full story
 - [Advanced Usage](docs/advanced-usage.md) - Power user features
 
+## Security
+
+### Container Security Notice
+⚠️ **Known Vulnerabilities**: Our Docker images are continuously monitored by Snyk and may show vulnerabilities in base system libraries. We want to be transparent about this:
+
+- **Why they exist**: We use official Python Docker images based on Debian stable, which prioritizes stability over latest versions
+- **Actual risk is minimal** because:
+  - Most CVEs are in unused system libraries or require local access
+  - Security patches are backported by Debian (version numbers don't reflect patches)
+  - Our containers run as non-root users with minimal permissions
+  - This is a local-only tool with no network exposure
+- **What we're doing**: Regular updates, security monitoring, and evaluating alternative base images
+
+**For production or security-sensitive environments**, consider:
+- Building your own hardened images
+- Running with additional security constraints (see below)
+- Evaluating if the tool meets your security requirements
+
+For maximum security:
+```bash
+# Run containers with read-only root filesystem
+docker run --read-only --tmpfs /tmp claude-self-reflect
+```
+
+### Privacy & Data Security
+- **Local by default**: Your conversations never leave your machine unless you explicitly enable cloud embeddings
+- **No telemetry**: We don't track usage or collect any data
+- **Secure storage**: All data stored in Docker volumes with proper permissions
+- **API keys**: Stored in .env file with 600 permissions (read/write by owner only)
+
+See our [Security Policy](SECURITY.md) for vulnerability reporting and more details.
+
+## ⚠️ Important Disclaimers
+
+### Tool Operation
+- **Resource Usage**: The import process can be CPU and memory intensive, especially during initial import of large conversation histories
+- **Data Processing**: This tool reads and indexes your Claude conversation files. Ensure you have adequate disk space
+- **No Warranty**: This software is provided "AS IS" under the MIT License, without warranty of any kind
+- **Data Responsibility**: You are responsible for your conversation data and any API keys used
+
+### Limitations
+- **Not Official**: This is a community tool, not officially supported by Anthropic
+- **Experimental Features**: Some features like memory decay are experimental and may change
+- **Import Delays**: Large conversation histories may take significant time to import initially
+- **Docker Dependency**: Requires Docker to be running, which uses system resources
+
+### Best Practices
+- **Backup Your Data**: Always maintain backups of important conversations
+- **Monitor Resources**: Check Docker resource usage if you experience system slowdowns
+- **Test First**: Try with a small subset of conversations before full import
+- **Review Logs**: Check import logs if conversations seem missing
+
+By using this tool, you acknowledge these disclaimers and limitations.
+
 ## Problems?
 
 - [Troubleshooting Guide](docs/troubleshooting.md)

package/docker-compose.yaml

@@ -2,6 +2,14 @@ volumes:
   qdrant_data:
 
 services:
+  # Fix permissions for config directory
+  init-permissions:
+    image: alpine
+    command: chown -R 1000:1000 /config
+    volumes:
+      - ./config:/config
+    profiles: ["watch", "mcp", "import"]
+
   # Qdrant vector database - the heart of semantic search
   qdrant:
     image: qdrant/qdrant:v1.15.1
@@ -24,6 +32,7 @@ services:
       dockerfile: Dockerfile.importer
     container_name: claude-reflection-importer
     depends_on:
+      - init-permissions
       - qdrant
     volumes:
       - ${CLAUDE_LOGS_PATH:-~/.claude/projects}:/logs:ro
@@ -51,6 +60,7 @@ services:
       dockerfile: Dockerfile.watcher
     container_name: claude-reflection-watcher
     depends_on:
+      - init-permissions
       - qdrant
     volumes:
       - ${CLAUDE_LOGS_PATH:-~/.claude/projects}:/logs:ro
@@ -95,4 +105,4 @@ services:
 networks:
   default:
     name: claude-reflection-network
-    external: false
+    external: false

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-self-reflect",
-  "version": "2.4.11",
+  "version": "2.4.13",
   "description": "Give Claude perfect memory of all your conversations - Installation wizard for Python MCP server",
   "keywords": [
     "claude",