getmnemo-vercel-ai 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -4
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -106,10 +106,24 @@ const { hits } = await memory.search({ query: "what milk does the user like?" })
|
|
|
106
106
|
|
|
107
107
|
## React hook
|
|
108
108
|
|
|
109
|
-
For client-side memory views (sidebars, inspectors), use `useMnemo`.
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
109
|
+
For client-side memory views (sidebars, inspectors), use `useMnemo`.
|
|
110
|
+
|
|
111
|
+
> **⚠️ Security: the Mnemo `apiKey` is a full-access credential.**
|
|
112
|
+
> There is exactly **one** API key, and it grants **read, write, and delete**
|
|
113
|
+
> rights over your entire workspace. There is **no** public, scoped, or
|
|
114
|
+
> read-only key. **NEVER** ship it in a browser bundle or any `NEXT_PUBLIC_`
|
|
115
|
+
> variable — anything with that prefix is inlined into client-side JavaScript
|
|
116
|
+
> and exposed to every visitor, handing them a delete-capable credential.
|
|
117
|
+
>
|
|
118
|
+
> `useMnemo` is intended for **trusted internal/admin dashboards only**.
|
|
119
|
+
> Production, public-facing apps must **never** expose the key to the browser:
|
|
120
|
+
> proxy all memory reads/writes through a server route (a Server Action or
|
|
121
|
+
> Route Handler) that holds the key server-side.
|
|
122
|
+
|
|
123
|
+
The hook reads `NEXT_PUBLIC_GETMNEMO_API_KEY` /
|
|
124
|
+
`NEXT_PUBLIC_GETMNEMO_WORKSPACE_ID` by default and returns `SearchHit` objects,
|
|
125
|
+
keyed by `memoryId`. The example below is **internal/admin only — not for
|
|
126
|
+
public-facing apps**:
|
|
113
127
|
|
|
114
128
|
```tsx
|
|
115
129
|
"use client";
|
package/package.json
CHANGED