cloison-runtime 0.1.0

package/dist/memory/simple-manager.js

@@ -0,0 +1,216 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as crypto from "node:crypto";
+import { requireNodeSqlite } from "./sqlite.js";
+import { cosineSimilarity, parseEmbedding, hashText } from "./internal.js";
+import { extractKeywords } from "./query-expansion.js";
+import { buildFtsQuery, bm25RankToScore, mergeHybridResults } from "./hybrid.js";
+import { debugEmbeddingsLog } from "./embeddings-debug.js";
+import { createEmbeddingCache, hashContent } from "./embedding-cache.js";
+const SNIPPET_MAX_CHARS = 700;
+const MAX_VECTOR_SEARCH_CHUNKS = 10_000;
+function generateId() {
+    return `mem_${Date.now()}_${crypto.randomBytes(4).toString("hex")}`;
+}
+export function createSimpleMemoryManager(options) {
+    fs.mkdirSync(options.dbDir, { recursive: true });
+    const dbPath = path.join(options.dbDir, "memory.db");
+    const { DatabaseSync } = requireNodeSqlite();
+    const db = new DatabaseSync(dbPath);
+    db.exec("PRAGMA journal_mode = WAL");
+    db.exec("PRAGMA busy_timeout = 5000");
+    // Schema matches OpenClaw's MemoryIndexManager
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS chunks (
+      id TEXT PRIMARY KEY,
+      content TEXT NOT NULL,
+      embedding TEXT,
+      metadata TEXT,
+      source TEXT DEFAULT 'memory',
+      path TEXT,
+      model TEXT,
+      start_line INTEGER DEFAULT 1,
+      end_line INTEGER DEFAULT 1,
+      hash TEXT,
+      created_at TEXT NOT NULL
+    )
+  `);
+    let ftsAvailable = false;
+    let stmtFtsInsert = null;
+    let stmtFtsDelete = null;
+    try {
+        db.exec(`
+      CREATE VIRTUAL TABLE IF NOT EXISTS chunks_fts
+      USING fts5(id, content, source, model)
+    `);
+        stmtFtsInsert = db.prepare("INSERT INTO chunks_fts(id, content, source, model) VALUES (?, ?, ?, ?)");
+        stmtFtsDelete = db.prepare("DELETE FROM chunks_fts WHERE id = ?");
+        ftsAvailable = true;
+    }
+    catch {
+        // FTS5 not available
+    }
+    const provider = options.embeddingProvider ?? null;
+    const providerModel = provider ? `${provider.id}/${provider.model}` : "none";
+    const embeddingCache = (options.enableEmbeddingCache !== false && provider)
+        ? createEmbeddingCache(db)
+        : null;
+    const maxCacheEntries = options.maxCacheEntries ?? 50_000;
+    const stmtInsert = db.prepare(`
+    INSERT OR REPLACE INTO chunks (id, content, embedding, metadata, source, path, model, start_line, end_line, hash, created_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `);
+    const stmtDelete = db.prepare("DELETE FROM chunks WHERE id = ?");
+    const stmtListAll = db.prepare("SELECT id, content, metadata, created_at FROM chunks ORDER BY created_at DESC");
+    const stmtGet = db.prepare("SELECT * FROM chunks WHERE id = ?");
+    return {
+        async store(content, metadata) {
+            const id = generateId();
+            const now = new Date().toISOString();
+            const hash = hashText(content);
+            let embeddingJson = null;
+            if (provider) {
+                try {
+                    const contentHash = hashContent(content);
+                    const cached = embeddingCache?.get(provider.id, provider.model, contentHash);
+                    let vec;
+                    if (cached) {
+                        vec = cached;
+                        debugEmbeddingsLog("embedding from cache", { id, dims: vec.length });
+                    }
+                    else {
+                        vec = await provider.embedQuery(content);
+                        embeddingCache?.set(provider.id, provider.model, "", contentHash, vec, vec.length);
+                        debugEmbeddingsLog("embedded chunk", { id, dims: vec.length });
+                    }
+                    embeddingJson = JSON.stringify(vec);
+                }
+                catch (err) {
+                    debugEmbeddingsLog("embedding failed", { id, error: String(err) });
+                }
+            }
+            stmtInsert.run(id, content, embeddingJson, metadata ? JSON.stringify(metadata) : null, "memory", null, providerModel, 1, 1, hash, now);
+            if (stmtFtsInsert) {
+                try {
+                    stmtFtsInsert.run(id, content, "memory", providerModel);
+                }
+                catch {
+                    // FTS insert failed, keyword search won't find this chunk
+                }
+            }
+            return id;
+        },
+        async search(query, opts) {
+            const maxResults = opts?.maxResults ?? 10;
+            const minScore = opts?.minScore ?? 0;
+            const candidateLimit = Math.max(1, maxResults * 3);
+            // Vector search
+            let vectorResults = [];
+            if (provider) {
+                try {
+                    const queryVec = await provider.embedQuery(query);
+                    const rows = db.prepare("SELECT * FROM chunks WHERE embedding IS NOT NULL AND model = ? LIMIT ?").all(providerModel, MAX_VECTOR_SEARCH_CHUNKS);
+                    const scored = [];
+                    for (const row of rows) {
+                        const embedding = parseEmbedding(row.embedding);
+                        if (embedding.length === 0)
+                            continue;
+                        const score = cosineSimilarity(queryVec, embedding);
+                        if (Number.isFinite(score))
+                            scored.push({ row, score });
+                    }
+                    scored.sort((a, b) => b.score - a.score);
+                    vectorResults = scored.slice(0, candidateLimit).map(({ row, score }) => ({
+                        id: row.id,
+                        path: row.path ?? "",
+                        startLine: row.start_line ?? 1,
+                        endLine: row.end_line ?? 1,
+                        source: row.source ?? "memory",
+                        snippet: (row.content ?? "").slice(0, SNIPPET_MAX_CHARS),
+                        vectorScore: score,
+                    }));
+                }
+                catch {
+                    // Vector search failed
+                }
+            }
+            // Keyword search using OpenClaw's query expansion
+            let keywordResults = [];
+            if (ftsAvailable) {
+                const keywords = extractKeywords(query);
+                const searchTerms = keywords.length > 0 ? keywords : [query];
+                for (const term of searchTerms) {
+                    const ftsQuery = buildFtsQuery(term);
+                    if (!ftsQuery)
+                        continue;
+                    try {
+                        const rows = db.prepare(`SELECT id, content, source, bm25(chunks_fts) AS rank FROM chunks_fts WHERE chunks_fts MATCH ? ORDER BY rank ASC LIMIT ?`).all(ftsQuery, candidateLimit);
+                        for (const row of rows) {
+                            keywordResults.push({
+                                id: row.id,
+                                path: "",
+                                startLine: 1,
+                                endLine: 1,
+                                source: row.source ?? "memory",
+                                snippet: row.content.slice(0, SNIPPET_MAX_CHARS),
+                                textScore: bm25RankToScore(row.rank),
+                            });
+                        }
+                    }
+                    catch {
+                        // FTS query failed
+                    }
+                }
+                // Deduplicate keyword results
+                const byId = new Map();
+                for (const r of keywordResults) {
+                    const existing = byId.get(r.id);
+                    if (!existing || r.textScore > existing.textScore)
+                        byId.set(r.id, r);
+                }
+                keywordResults = Array.from(byId.values());
+            }
+            // Merge using OpenClaw's hybrid merge
+            const merged = await mergeHybridResults({
+                vector: vectorResults,
+                keyword: keywordResults,
+                vectorWeight: provider ? 0.7 : 0,
+                textWeight: provider ? 0.3 : 1,
+            });
+            return merged
+                .filter((r) => r.score >= minScore)
+                .slice(0, maxResults);
+        },
+        async delete(id) {
+            const row = stmtGet.get(id);
+            if (!row)
+                return false;
+            stmtDelete.run(id);
+            if (stmtFtsDelete) {
+                try {
+                    stmtFtsDelete.run(id);
+                }
+                catch { }
+            }
+            return true;
+        },
+        async list() {
+            const rows = stmtListAll.all();
+            return rows.map((r) => ({
+                id: r.id,
+                content: r.content,
+                metadata: r.metadata ? JSON.parse(r.metadata) : undefined,
+                createdAt: r.created_at,
+            }));
+        },
+        async close() {
+            if (embeddingCache) {
+                embeddingCache.prune(maxCacheEntries);
+            }
+            db.close();
+        },
+        get db() { return db; },
+        get embeddingCache() { return embeddingCache; },
+    };
+}
+//# sourceMappingURL=simple-manager.js.map

package/dist/memory/simple-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"simple-manager.js","sourceRoot":"","sources":["../../src/memory/simple-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAiB,QAAQ,EAAE,MAAM,eAAe,CAAC;AAC1F,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AAE9F,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAC9B,MAAM,wBAAwB,GAAG,MAAM,CAAC;AAmBxC,SAAS,UAAU;IACjB,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAmC;IAC3E,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACrD,MAAM,EAAE,YAAY,EAAE,GAAG,iBAAiB,EAAE,CAAC;IAC7C,MAAM,EAAE,GAAiB,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IAElD,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACrC,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAEtC,+CAA+C;IAC/C,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;GAcP,CAAC,CAAC;IAEH,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,aAAa,GAAyC,IAAI,CAAC;IAC/D,IAAI,aAAa,GAAyC,IAAI,CAAC;IAC/D,IAAI,CAAC;QACH,EAAE,CAAC,IAAI,CAAC;;;KAGP,CAAC,CAAC;QACH,aAAa,GAAG,EAAE,CAAC,OAAO,CAAC,wEAAwE,CAAC,CAAC;QACrG,aAAa,GAAG,EAAE,CAAC,OAAO,CAAC,qCAAqC,CAAC,CAAC;QAClE,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;IACvB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC;IACnD,MAAM,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAE7E,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,oBAAoB,KAAK,KAAK,IAAI,QAAQ,CAAC;QACzE,CAAC,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC;IACT,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,MAAM,CAAC;IAE1D,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC;;;GAG7B,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,EAAE,CAAC,OAAO,CAAC,+EAA+E,CAAC,CAAC;IAChH,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,mCAAmC,CAAC,CAAC;IAEhE,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ;YAC3B,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;YAE/B,IAAI,aAAa,GAAkB,IAAI,CAAC;YACxC,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;oBACzC,MAAM,MAAM,GAAG,cAAc,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;oBAC7E,IAAI,GAAa,CAAC;oBAClB,IAAI,MAAM,EAAE,CAAC;wBACX,GAAG,GAAG,MAAM,CAAC;wBACb,kBAAkB,CAAC,sBAAsB,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBACvE,CAAC;yBAAM,CAAC;wBACN,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;wBACzC,cAAc,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;wBACnF,kBAAkB,CAAC,gBAAgB,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBACjE,CAAC;oBACD,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACtC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACrE,CAAC;YACH,CAAC;YAED,UAAU,CAAC,GAAG,CACZ,EAAE,EAAE,OAAO,EAAE,aAAa,EAC1B,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAC1C,QAAQ,EAAE,IAAI,EAAE,aAAa,EAC7B,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,GAAG,CAChB,CAAC;YAEF,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC;oBACH,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;gBAC1D,CAAC;gBAAC,MAAM,CAAC;oBACP,0DAA0D;gBAC5D,CAAC;YACH,CAAC;YAED,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI;YACtB,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAG,IAAI,EAAE,QAAQ,IAAI,CAAC,CAAC;YACrC,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC;YAEnD,gBAAgB;YAChB,IAAI,aAAa,GAAkI,EAAE,CAAC;YACtJ,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;oBAClD,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CACrB,wEAAwE,CACzE,CAAC,GAAG,CAAC,aAAa,EAAE,wBAAwB,CAAmC,CAAC;oBAEjF,MAAM,MAAM,GAA2D,EAAE,CAAC;oBAC1E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;wBACvB,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,SAAmB,CAAC,CAAC;wBAC1D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;4BAAE,SAAS;wBACrC,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;wBACpD,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;4BAAE,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;oBAC1D,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;oBAEzC,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;wBACvE,EAAE,EAAE,GAAG,CAAC,EAAY;wBACpB,IAAI,EAAG,GAAG,CAAC,IAAe,IAAI,EAAE;wBAChC,SAAS,EAAG,GAAG,CAAC,UAAqB,IAAI,CAAC;wBAC1C,OAAO,EAAG,GAAG,CAAC,QAAmB,IAAI,CAAC;wBACtC,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,QAAQ;wBAC1C,OAAO,EAAE,CAAE,GAAG,CAAC,OAAkB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,iBAAiB,CAAC;wBACpE,WAAW,EAAE,KAAK;qBACnB,CAAC,CAAC,CAAC;gBACN,CAAC;gBAAC,MAAM,CAAC;oBACP,uBAAuB;gBACzB,CAAC;YACH,CAAC;YAED,kDAAkD;YAClD,IAAI,cAAc,GAAgI,EAAE,CAAC;YAErJ,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;gBACxC,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAE7D,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;oBAC/B,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;oBACrC,IAAI,CAAC,QAAQ;wBAAE,SAAS;oBACxB,IAAI,CAAC;wBACH,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CACrB,yHAAyH,CAC1H,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAyE,CAAC;wBAExG,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;4BACvB,cAAc,CAAC,IAAI,CAAC;gCAClB,EAAE,EAAE,GAAG,CAAC,EAAE;gCACV,IAAI,EAAE,EAAE;gCACR,SAAS,EAAE,CAAC;gCACZ,OAAO,EAAE,CAAC;gCACV,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,QAAQ;gCAC9B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,iBAAiB,CAAC;gCAChD,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;6BACrC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,mBAAmB;oBACrB,CAAC;gBACH,CAAC;gBAED,8BAA8B;gBAC9B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAsC,CAAC;gBAC3D,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;oBAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAChC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS;wBAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;gBACvE,CAAC;gBACD,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7C,CAAC;YAED,sCAAsC;YACtC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC;gBACtC,MAAM,EAAE,aAAa;gBACrB,OAAO,EAAE,cAAc;gBACvB,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAChC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aAC/B,CAAC,CAAC;YAEH,OAAO,MAAM;iBACV,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC;iBAClC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAyB,CAAC;QAClD,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,EAAE;YACb,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAwC,CAAC;YACnE,IAAI,CAAC,GAAG;gBAAE,OAAO,KAAK,CAAC;YACvB,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnB,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC;oBACH,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxB,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,IAAI;YACR,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAyF,CAAC;YACtH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACtB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAA6B,CAAC,CAAC,CAAC,SAAS;gBACtF,SAAS,EAAE,CAAC,CAAC,UAAU;aACxB,CAAC,CAAC,CAAC;QACN,CAAC;QAED,KAAK,CAAC,KAAK;YACT,IAAI,cAAc,EAAE,CAAC;gBACnB,cAAc,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACxC,CAAC;YACD,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;QAED,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;QACvB,IAAI,cAAc,KAAK,OAAO,cAAc,CAAC,CAAC,CAAC;KAChD,CAAC;AACJ,CAAC"}

package/dist/memory/sqlite.d.ts

@@ -0,0 +1,2 @@
+export declare function requireNodeSqlite(): typeof import("node:sqlite");
+//# sourceMappingURL=sqlite.d.ts.map

package/dist/memory/sqlite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlite.d.ts","sourceRoot":"","sources":["../../src/memory/sqlite.ts"],"names":[],"mappings":"AAKA,wBAAgB,iBAAiB,IAAI,cAAc,aAAa,CAAC,CAahE"}

package/dist/memory/sqlite.js

@@ -0,0 +1,16 @@
+import { createRequire } from "node:module";
+import { installProcessWarningFilter } from "../infra/warning-filter.js";
+const require = createRequire(import.meta.url);
+export function requireNodeSqlite() {
+    installProcessWarningFilter();
+    try {
+        return require("node:sqlite");
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        // Node distributions can ship without the experimental builtin SQLite module.
+        // Surface an actionable error instead of the generic "unknown builtin module".
+        throw new Error(`SQLite support is unavailable in this Node runtime (missing node:sqlite). ${message}`, { cause: err });
+    }
+}
+//# sourceMappingURL=sqlite.js.map

package/dist/memory/sqlite.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlite.js","sourceRoot":"","sources":["../../src/memory/sqlite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,2BAA2B,EAAE,MAAM,4BAA4B,CAAC;AAEzE,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAE/C,MAAM,UAAU,iBAAiB;IAC/B,2BAA2B,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,OAAO,OAAO,CAAC,aAAa,CAAiC,CAAC;IAChE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,8EAA8E;QAC9E,+EAA+E;QAC/E,MAAM,IAAI,KAAK,CACb,6EAA6E,OAAO,EAAE,EACtF,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/memory/ssrf.d.ts

@@ -0,0 +1,18 @@
+export declare class SsrFBlockedError extends Error {
+    constructor(message: string);
+}
+export type SsrfPolicy = {
+    allowPrivateNetwork?: boolean;
+    allowedHostnames?: string[];
+    hostnameAllowlist?: string[];
+};
+export declare function isBlockedHostname(hostname: string): boolean;
+export declare function isPrivateIpAddress(address: string): boolean;
+export declare function isBlockedHostnameOrIp(hostname: string): boolean;
+export declare function buildBaseUrlPolicy(baseUrl: string): SsrfPolicy | undefined;
+export interface ValidateUrlResult {
+    resolvedAddresses: string[];
+}
+export declare function validateUrl(url: string, policy?: SsrfPolicy): Promise<ValidateUrlResult>;
+export declare function fetchWithSsrfGuard(url: string, init: RequestInit, policy?: SsrfPolicy): Promise<Response>;
+//# sourceMappingURL=ssrf.d.ts.map

package/dist/memory/ssrf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf.d.ts","sourceRoot":"","sources":["../../src/memory/ssrf.ts"],"names":[],"mappings":"AAUA,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,MAAM,UAAU,GAAG;IACvB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B,CAAC;AA6BF,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAI3D;AAyFD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAgB3D;AAED,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAI/D;AAyBD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAU1E;AAOD,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,wBAAsB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,iBAAiB,CAAC,CA4D9F;AAwGD,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,WAAW,EACjB,MAAM,CAAC,EAAE,UAAU,GAClB,OAAO,CAAC,QAAQ,CAAC,CAwDnB"}

package/dist/memory/ssrf.js

@@ -0,0 +1,396 @@
+// Ported from OpenClaw src/infra/net/ssrf.ts + fetch-guard.ts
+// DNS validation: we resolve DNS ourselves, validate ALL resolved IPs against
+// the private/special-use blocklist, then pin DNS via undici's Agent to ensure
+// fetch() connects to the exact IPs we validated (eliminates TOCTOU gap).
+// Fail-closed on DNS failure or empty results.
+import * as dns from "node:dns/promises";
+import { lookup as dnsLookupCb } from "node:dns";
+import * as net from "node:net";
+export class SsrFBlockedError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "SsrFBlockedError";
+    }
+}
+// --- Hostname normalization ---
+function normalizeHostname(hostname) {
+    const trimmed = hostname.trim().toLowerCase();
+    if (trimmed.startsWith("[") && trimmed.endsWith("]")) {
+        return trimmed.slice(1, -1);
+    }
+    return trimmed.replace(/\.+$/, "");
+}
+// --- Blocked hostnames (from OpenClaw) ---
+const BLOCKED_HOSTNAMES = new Set([
+    "localhost",
+    "localhost.localdomain",
+    "metadata.google.internal",
+]);
+function isBlockedHostnameNormalized(normalized) {
+    if (BLOCKED_HOSTNAMES.has(normalized))
+        return true;
+    return (normalized.endsWith(".localhost") ||
+        normalized.endsWith(".local") ||
+        normalized.endsWith(".internal"));
+}
+export function isBlockedHostname(hostname) {
+    const normalized = normalizeHostname(hostname);
+    if (!normalized)
+        return false;
+    return isBlockedHostnameNormalized(normalized);
+}
+// --- IP validation (from OpenClaw) ---
+function isCanonicalDottedDecimalIPv4(address) {
+    const parts = address.split(".");
+    if (parts.length !== 4)
+        return false;
+    for (const part of parts) {
+        if (!/^\d{1,3}$/.test(part))
+            return false;
+        const num = Number(part);
+        if (num < 0 || num > 255)
+            return false;
+        if (part.length > 1 && part.startsWith("0"))
+            return false;
+    }
+    return true;
+}
+function isLegacyIpv4Literal(address) {
+    return /^(?:0x[\da-f]+|\d+)(?:\.(?:0x[\da-f]+|\d+)){0,3}$/i.test(address);
+}
+function looksLikeUnsupportedIpv4Literal(address) {
+    const parts = address.split(".");
+    if (parts.length === 0 || parts.length > 4)
+        return false;
+    if (parts.some((part) => part.length === 0))
+        return true;
+    return parts.every((part) => /^[0-9]+$/.test(part) || /^0x/i.test(part));
+}
+function isBlockedSpecialUseIpv4(ip) {
+    if (!net.isIPv4(ip))
+        return false;
+    const parts = ip.split(".").map(Number);
+    const [a, b] = parts;
+    if (a === 0)
+        return true; // 0.0.0.0/8 "this network"
+    if (a === 10)
+        return true; // 10.0.0.0/8 RFC 1918
+    if (a === 100 && b >= 64 && b <= 127)
+        return true; // 100.64.0.0/10 CGN
+    if (a === 127)
+        return true; // 127.0.0.0/8 loopback
+    if (a === 169 && b === 254)
+        return true; // 169.254.0.0/16 link-local
+    if (a === 172 && b >= 16 && b <= 31)
+        return true; // 172.16.0.0/12 RFC 1918
+    if (a === 192 && b === 0 && parts[2] === 0)
+        return true; // 192.0.0.0/24 IETF protocol
+    if (a === 192 && b === 0 && parts[2] === 2)
+        return true; // 192.0.2.0/24 TEST-NET-1
+    if (a === 192 && b === 88 && parts[2] === 99)
+        return true; // 192.88.99.0/24 6to4 relay
+    if (a === 192 && b === 168)
+        return true; // 192.168.0.0/16 RFC 1918
+    if (a === 198 && (b === 18 || b === 19))
+        return true; // 198.18.0.0/15 benchmark
+    if (a === 198 && b === 51 && parts[2] === 100)
+        return true; // 198.51.100.0/24 TEST-NET-2
+    if (a === 203 && b === 0 && parts[2] === 113)
+        return true; // 203.0.113.0/24 TEST-NET-3
+    if (a >= 224)
+        return true; // 224.0.0.0/3 multicast + reserved
+    return false;
+}
+function extractEmbeddedIpv4(ipv6Lower) {
+    // ::ffff:x.x.x.x (IPv4-mapped, RFC 4291)
+    if (ipv6Lower.startsWith("::ffff:")) {
+        const rest = ipv6Lower.slice(7);
+        if (net.isIPv4(rest))
+            return rest;
+    }
+    // ::ffff:0:x.x.x.x (IPv4-translated, RFC 6052)
+    if (ipv6Lower.startsWith("::ffff:0:")) {
+        const rest = ipv6Lower.slice(9);
+        if (net.isIPv4(rest))
+            return rest;
+    }
+    // 64:ff9b::x.x.x.x (NAT64 well-known prefix, RFC 6052)
+    if (ipv6Lower.startsWith("64:ff9b::")) {
+        const rest = ipv6Lower.slice(9);
+        if (net.isIPv4(rest))
+            return rest;
+    }
+    // 64:ff9b:1::x.x.x.x (NAT64 local-use prefix, RFC 8215)
+    if (ipv6Lower.startsWith("64:ff9b:1::")) {
+        const rest = ipv6Lower.slice(11);
+        if (net.isIPv4(rest))
+            return rest;
+    }
+    // ::x.x.x.x (IPv4-compatible, deprecated RFC 4291 §2.5.5.1 but still dangerous)
+    if (ipv6Lower.startsWith("::") && !ipv6Lower.startsWith("::ffff")) {
+        const rest = ipv6Lower.slice(2);
+        if (rest && net.isIPv4(rest))
+            return rest;
+    }
+    return null;
+}
+function isBlockedSpecialUseIpv6(ip) {
+    const lower = ip.toLowerCase();
+    if (lower === "::")
+        return true; // unspecified
+    if (lower === "::1")
+        return true; // loopback
+    if (lower.startsWith("fe80:"))
+        return true; // link-local
+    if (lower.startsWith("fc") || lower.startsWith("fd"))
+        return true; // ULA
+    if (lower.startsWith("ff"))
+        return true; // multicast
+    const embedded = extractEmbeddedIpv4(lower);
+    if (embedded && isBlockedSpecialUseIpv4(embedded))
+        return true;
+    return false;
+}
+export function isPrivateIpAddress(address) {
+    let normalized = address.trim().toLowerCase();
+    if (normalized.startsWith("[") && normalized.endsWith("]")) {
+        normalized = normalized.slice(1, -1);
+    }
+    if (!normalized)
+        return false;
+    if (net.isIPv4(normalized))
+        return isBlockedSpecialUseIpv4(normalized);
+    if (net.isIPv6(normalized))
+        return isBlockedSpecialUseIpv6(normalized);
+    // Malformed IPv6 literals: fail closed
+    if (normalized.includes(":") && !net.isIPv6(normalized))
+        return true;
+    if (!isCanonicalDottedDecimalIPv4(normalized) && isLegacyIpv4Literal(normalized))
+        return true;
+    if (looksLikeUnsupportedIpv4Literal(normalized))
+        return true;
+    return false;
+}
+export function isBlockedHostnameOrIp(hostname) {
+    const normalized = normalizeHostname(hostname);
+    if (!normalized)
+        return false;
+    return isBlockedHostnameNormalized(normalized) || isPrivateIpAddress(normalized);
+}
+// --- Hostname allowlist ---
+function matchesHostnameAllowlist(hostname, allowlist) {
+    if (allowlist.length === 0)
+        return true;
+    return allowlist.some((pattern) => {
+        if (pattern.startsWith("*.")) {
+            const suffix = pattern.slice(2);
+            if (!suffix || hostname === suffix)
+                return false;
+            return hostname.endsWith(`.${suffix}`);
+        }
+        return hostname === pattern;
+    });
+}
+// --- Policy helpers ---
+function shouldSkipPrivateNetworkChecks(hostname, policy) {
+    return (policy?.allowPrivateNetwork === true ||
+        new Set(policy?.allowedHostnames?.map(normalizeHostname)).has(hostname));
+}
+export function buildBaseUrlPolicy(baseUrl) {
+    const trimmed = baseUrl.trim();
+    if (!trimmed)
+        return undefined;
+    try {
+        const parsed = new URL(trimmed);
+        if (parsed.protocol !== "http:" && parsed.protocol !== "https:")
+            return undefined;
+        return { allowedHostnames: [parsed.hostname], hostnameAllowlist: [normalizeHostname(parsed.hostname)] };
+    }
+    catch {
+        return undefined;
+    }
+}
+// --- URL validation ---
+const BLOCKED_HOST_OR_IP_MESSAGE = "Blocked hostname or private/internal/special-use IP address";
+const BLOCKED_RESOLVED_IP_MESSAGE = "Blocked: resolves to private/internal/special-use IP address";
+export async function validateUrl(url, policy) {
+    const parsed = new URL(url);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        throw new SsrFBlockedError(`SSRF: blocked non-HTTP protocol: ${parsed.protocol}`);
+    }
+    const hostname = normalizeHostname(parsed.hostname);
+    if (!hostname)
+        throw new SsrFBlockedError("SSRF: empty hostname");
+    const hostnameAllowlist = (policy?.hostnameAllowlist ?? []).map(normalizeHostname).filter(Boolean);
+    if (hostnameAllowlist.length > 0 && !matchesHostnameAllowlist(hostname, hostnameAllowlist)) {
+        throw new SsrFBlockedError(`Blocked hostname (not in allowlist): ${parsed.hostname}`);
+    }
+    if (!shouldSkipPrivateNetworkChecks(hostname, policy)) {
+        if (isBlockedHostnameOrIp(hostname)) {
+            throw new SsrFBlockedError(BLOCKED_HOST_OR_IP_MESSAGE);
+        }
+        // Resolve both IPv4 and IPv6 and check ALL results.
+        // Fail-closed: if DNS resolution fails entirely, block the request
+        // (we cannot verify the target IP is safe).
+        const allAddresses = [];
+        let v4Error = null;
+        let v6Error = null;
+        try {
+            const v4 = await dns.resolve4(hostname);
+            allAddresses.push(...v4);
+        }
+        catch (err) {
+            if (err instanceof SsrFBlockedError)
+                throw err;
+            v4Error = err;
+        }
+        try {
+            const v6 = await dns.resolve6(hostname);
+            allAddresses.push(...v6);
+        }
+        catch (err) {
+            if (err instanceof SsrFBlockedError)
+                throw err;
+            v6Error = err;
+        }
+        // Fail-closed: if we got zero resolved addresses (whether DNS errored
+        // or returned empty results) and the hostname is not a literal IP,
+        // block the request — we cannot verify the target IP is safe.
+        if (allAddresses.length === 0 && !net.isIP(hostname)) {
+            throw new SsrFBlockedError(`SSRF: unable to resolve hostname "${hostname}" — blocking (fail-closed)`);
+        }
+        for (const addr of allAddresses) {
+            if (isBlockedHostnameOrIp(addr)) {
+                throw new SsrFBlockedError(BLOCKED_RESOLVED_IP_MESSAGE);
+            }
+        }
+        return { resolvedAddresses: allAddresses };
+    }
+    return { resolvedAddresses: [] };
+}
+function createPinnedLookupCb(targetHostname, addresses) {
+    const normalizedTarget = normalizeHostname(targetHostname);
+    let index = 0;
+    const records = addresses.map((addr) => ({
+        address: addr,
+        family: addr.includes(":") ? 6 : 4,
+    }));
+    return ((hostname, optionsOrCb, maybeCb) => {
+        const cb = (typeof optionsOrCb === "function" ? optionsOrCb : maybeCb);
+        if (!cb)
+            return;
+        const normalized = normalizeHostname(hostname);
+        if (normalized !== normalizedTarget || records.length === 0) {
+            if (typeof optionsOrCb === "function") {
+                return dnsLookupCb(hostname, cb);
+            }
+            return dnsLookupCb(hostname, optionsOrCb, cb);
+        }
+        const opts = typeof optionsOrCb === "object" && optionsOrCb !== null
+            ? optionsOrCb
+            : {};
+        const requestedFamily = typeof optionsOrCb === "number"
+            ? optionsOrCb
+            : (opts.family ?? 0);
+        const candidates = requestedFamily === 4 || requestedFamily === 6
+            ? records.filter((r) => r.family === requestedFamily)
+            : records;
+        const usable = candidates.length > 0 ? candidates : records;
+        if (opts.all) {
+            cb(null, usable);
+            return;
+        }
+        const chosen = usable[index % usable.length];
+        index = (index + 1) % usable.length;
+        cb(null, chosen.address, chosen.family);
+    });
+}
+async function buildPinnedFetchInit(hostname, resolvedAddresses, init) {
+    if (resolvedAddresses.length === 0) {
+        return { init, cleanup: async () => { } };
+    }
+    try {
+        // Node.js 22+ bundles undici; use its Agent for DNS pinning
+        // @ts-expect-error -- undici is bundled in Node.js 22+ but may lack type declarations
+        const { Agent } = await import("undici");
+        const lookup = createPinnedLookupCb(hostname, resolvedAddresses);
+        const agent = new Agent({ connect: { lookup } });
+        return {
+            init: { ...init, dispatcher: agent },
+            cleanup: async () => { try {
+                await agent.close();
+            }
+            catch { } },
+        };
+    }
+    catch {
+        return { init, cleanup: async () => { } };
+    }
+}
+// --- Guarded fetch with redirect handling (from fetch-guard.ts) ---
+const DEFAULT_MAX_REDIRECTS = 3;
+function retainSafeHeadersForCrossOriginRedirect(headers) {
+    if (!headers)
+        return undefined;
+    const safe = {};
+    const headerObj = new Headers(headers);
+    const SAFE_HEADERS = new Set(["accept", "accept-language", "content-language", "content-type"]);
+    headerObj.forEach((value, key) => {
+        if (SAFE_HEADERS.has(key.toLowerCase())) {
+            safe[key] = value;
+        }
+    });
+    return Object.keys(safe).length > 0 ? safe : undefined;
+}
+function isRedirectStatus(status) {
+    return status === 301 || status === 302 || status === 303 || status === 307 || status === 308;
+}
+export async function fetchWithSsrfGuard(url, init, policy) {
+    const maxRedirects = DEFAULT_MAX_REDIRECTS;
+    const visited = new Set();
+    let currentUrl = url;
+    let currentInit = init ? { ...init } : undefined;
+    let redirectCount = 0;
+    while (true) {
+        let parsedUrl;
+        try {
+            parsedUrl = new URL(currentUrl);
+        }
+        catch {
+            throw new Error("Invalid URL: must be http or https");
+        }
+        if (!["http:", "https:"].includes(parsedUrl.protocol)) {
+            throw new Error("Invalid URL: must be http or https");
+        }
+        const validationResult = await validateUrl(currentUrl, policy);
+        const pinned = await buildPinnedFetchInit(parsedUrl.hostname, validationResult.resolvedAddresses, { ...(currentInit ?? {}), redirect: "manual" });
+        let response;
+        try {
+            response = await fetch(parsedUrl.toString(), pinned.init);
+        }
+        finally {
+            await pinned.cleanup();
+        }
+        if (isRedirectStatus(response.status)) {
+            const location = response.headers.get("location");
+            if (!location)
+                throw new Error(`Redirect missing location header (${response.status})`);
+            redirectCount += 1;
+            if (redirectCount > maxRedirects)
+                throw new Error(`Too many redirects (limit: ${maxRedirects})`);
+            const nextParsedUrl = new URL(location, parsedUrl);
+            const nextUrl = nextParsedUrl.toString();
+            if (visited.has(nextUrl))
+                throw new Error("Redirect loop detected");
+            if (nextParsedUrl.origin !== parsedUrl.origin && currentInit?.headers) {
+                const safeHeaders = retainSafeHeadersForCrossOriginRedirect(currentInit.headers);
+                currentInit = { ...currentInit, headers: safeHeaders };
+            }
+            visited.add(nextUrl);
+            currentUrl = nextUrl;
+            continue;
+        }
+        return response;
+    }
+}
+//# sourceMappingURL=ssrf.js.map