npm - hippo-memory - Versions diffs - 0.40.0 → 1.0.0 - Mend

hippo-memory 0.40.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/README.md +7 -0
package/dist/cli.js +17 -17
package/dist/cli.js.map +1 -1
package/dist/connectors/slack/transform.d.ts +2 -0
package/dist/connectors/slack/transform.d.ts.map +1 -1
package/dist/connectors/slack/transform.js +3 -0
package/dist/connectors/slack/transform.js.map +1 -1
package/dist/consolidate.d.ts.map +1 -1
package/dist/consolidate.js +9 -3
package/dist/consolidate.js.map +1 -1
package/dist/db.d.ts.map +1 -1
package/dist/db.js +87 -1
package/dist/db.js.map +1 -1
package/dist/mcp/server.js +1 -1
package/dist/mcp/server.js.map +1 -1
package/dist/src/cli.js +17 -17
package/dist/src/cli.js.map +1 -1
package/dist/src/connectors/slack/transform.js +3 -0
package/dist/src/connectors/slack/transform.js.map +1 -1
package/dist/src/consolidate.js +9 -3
package/dist/src/consolidate.js.map +1 -1
package/dist/src/db.js +87 -1
package/dist/src/db.js.map +1 -1
package/dist/src/mcp/server.js +1 -1
package/dist/src/mcp/server.js.map +1 -1
package/dist/src/store.js +105 -52
package/dist/src/store.js.map +1 -1
package/dist/store.d.ts +10 -10
package/dist/store.d.ts.map +1 -1
package/dist/store.js +105 -52
package/dist/store.js.map +1 -1
package/extensions/openclaw-plugin/openclaw.plugin.json +1 -1
package/extensions/openclaw-plugin/package.json +1 -1
package/openclaw.plugin.json +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -85,6 +85,13 @@ hippo recall "data pipeline issues" --budget 2000
 ---
+### What's new in v1.0.0
+- **Tenant-isolation security release.** v0.40.0's measurement gates surfaced a real cross-tenant data leak on the continuity tables (`task_snapshots`, `session_events`, `session_handoffs`). Schema migration v22 closes the gap: every continuity helper now scopes reads and writes by `tenantId`. Markdown mirror files (`buffer/active-task.md`, `buffer/recent-session.md`) are tenant-scoped too; the default tenant keeps the unsuffixed filename for on-disk back-compat.
+- **Slack envelope fix.** `messageToRememberOpts` now sets `owner: 'user:<slack_user_id>'` so ingested Slack rows pass the v0.40.0 `hippo provenance --strict` gate.
+- **Breaking change for JS callers.** 10 store helpers (`saveActiveTaskSnapshot`, `loadLatestHandoff`, `appendSessionEvent`, etc.) gained a required `tenantId` second argument. TypeScript callers get a compile error. JS callers get a runtime guard error (`assertTenantId`) that detects the most common misbinding (passing a `sess-*` session id) and points at the migration. See CHANGELOG for the full helper list.
+- **Schema v22 migration.** Idempotent, transactional, with smart tenant backfill via unambiguous `task_snapshots.session_id` joins.
 ### What's new in v0.40.0
 - **Company Brain measurement gates.** Two new diagnostic commands close the last blocked rows of the Company Brain scorecard. `hippo provenance [--json] [--strict]` audits every `kind='raw'` row for `owner` + `artifact_ref`; `--strict` exits non-zero so CI can block on coverage regressions. `hippo correction-latency [--json]` reports p50 / p95 / max wall-clock lag from receipt to supersession across `superseded_by` chains. Both helpers (`buildProvenanceCoverage`, `buildCorrectionLatency`) are importable from `src/`.

package/dist/cli.js CHANGED Viewed

@@ -2500,7 +2500,7 @@ function cmdSnapshot(hippoRoot, args, flags) {
             console.error('Usage: hippo snapshot save --task <task> --summary <summary> --next-step <step> [--source <source>] [--session <session-id>]');
             process.exit(1);
         }
-        const snapshot = saveActiveTaskSnapshot(hippoRoot, {
+        const snapshot = saveActiveTaskSnapshot(hippoRoot, resolveTenantId({}), {
             task,
             summary,
             next_step: nextStep,
@@ -2516,7 +2516,7 @@ function cmdSnapshot(hippoRoot, args, flags) {
         return;
     }
     if (subcommand === 'clear') {
-        const cleared = clearActiveTaskSnapshot(hippoRoot, String(flags['status'] ?? 'cleared'));
+        const cleared = clearActiveTaskSnapshot(hippoRoot, resolveTenantId({}), String(flags['status'] ?? 'cleared'));
         if (!cleared) {
             console.log('No active task snapshot to clear.');
             return;
@@ -2525,7 +2525,7 @@ function cmdSnapshot(hippoRoot, args, flags) {
         return;
     }
     if (subcommand === 'show') {
-        const snapshot = loadActiveTaskSnapshot(hippoRoot);
+        const snapshot = loadActiveTaskSnapshot(hippoRoot, resolveTenantId({}));
         if (!snapshot) {
             if (flags['json']) {
                 console.log(JSON.stringify({ snapshot: null }));
@@ -2558,7 +2558,7 @@ function cmdSession(hippoRoot, args, flags) {
             console.error('Usage: hippo session log --id <session-id> --content <text> [--type <type>] [--task <task>] [--source <source>]');
             process.exit(1);
         }
-        const event = appendSessionEvent(hippoRoot, {
+        const event = appendSessionEvent(hippoRoot, resolveTenantId({}), {
             session_id: sessionId,
             task: task || null,
             event_type: eventType || 'note',
@@ -2571,7 +2571,7 @@ function cmdSession(hippoRoot, args, flags) {
         return;
     }
     if (subcommand === 'show') {
-        const events = listSessionEvents(hippoRoot, {
+        const events = listSessionEvents(hippoRoot, resolveTenantId({}), {
             session_id: sessionId || undefined,
             task: task || undefined,
             limit,
@@ -2584,8 +2584,8 @@ function cmdSession(hippoRoot, args, flags) {
         return;
     }
     if (subcommand === 'latest') {
-        const snapshot = loadActiveTaskSnapshot(hippoRoot);
-        const events = listSessionEvents(hippoRoot, {
+        const snapshot = loadActiveTaskSnapshot(hippoRoot, resolveTenantId({}));
+        const events = listSessionEvents(hippoRoot, resolveTenantId({}), {
             session_id: sessionId || snapshot?.session_id || undefined,
             limit,
         });
@@ -2618,7 +2618,7 @@ function cmdSession(hippoRoot, args, flags) {
         const metadata = { ended_at: new Date().toISOString() };
         if (summary)
             metadata.summary = summary;
-        const event = appendSessionEvent(hippoRoot, {
+        const event = appendSessionEvent(hippoRoot, resolveTenantId({}), {
             session_id: sessionId,
             task: task || null,
             event_type: 'session_complete',
@@ -2630,7 +2630,7 @@ function cmdSession(hippoRoot, args, flags) {
         return;
     }
     if (subcommand === 'resume') {
-        const handoff = loadLatestHandoff(hippoRoot, sessionId || undefined);
+        const handoff = loadLatestHandoff(hippoRoot, resolveTenantId({}), sessionId || undefined);
         if (!handoff) {
             console.log('No handoff to resume from.');
             return;
@@ -2703,7 +2703,7 @@ function cmdHandoff(hippoRoot, args, flags) {
         const artifacts = Array.isArray(artifactFlag)
             ? artifactFlag
             : (typeof artifactFlag === 'string' ? [artifactFlag] : []);
-        const handoff = saveSessionHandoff(hippoRoot, {
+        const handoff = saveSessionHandoff(hippoRoot, resolveTenantId({}), {
             version: 1,
             sessionId,
             repoRoot: process.cwd(),
@@ -2723,7 +2723,7 @@ function cmdHandoff(hippoRoot, args, flags) {
     }
     if (subcommand === 'latest') {
         const sessionId = String(flags['session'] ?? flags['id'] ?? '').trim() || undefined;
-        const handoff = loadLatestHandoff(hippoRoot, sessionId);
+        const handoff = loadLatestHandoff(hippoRoot, resolveTenantId({}), sessionId);
         if (!handoff) {
             if (flags['json']) {
                 console.log(JSON.stringify({ handoff: null }));
@@ -2751,7 +2751,7 @@ function cmdHandoff(hippoRoot, args, flags) {
             console.error(`Invalid handoff ID: ${idArg}`);
             process.exit(1);
         }
-        const handoff = loadHandoffById(hippoRoot, handoffId);
+        const handoff = loadHandoffById(hippoRoot, resolveTenantId({}), handoffId);
         if (!handoff) {
             if (flags['json']) {
                 console.log(JSON.stringify({ handoff: null }));
@@ -2776,9 +2776,9 @@ function cmdCurrent(hippoRoot, args, flags) {
     const subcommand = args[0] ?? 'show';
     if (subcommand === 'show') {
         const asJson = Boolean(flags['json']);
-        const snapshot = loadActiveTaskSnapshot(hippoRoot);
+        const snapshot = loadActiveTaskSnapshot(hippoRoot, resolveTenantId({}));
         const sessionId = snapshot?.session_id ?? undefined;
-        const events = listSessionEvents(hippoRoot, {
+        const events = listSessionEvents(hippoRoot, resolveTenantId({}), {
             session_id: sessionId,
             limit: 5,
         });
@@ -2867,12 +2867,12 @@ async function cmdContext(hippoRoot, args, flags) {
     let totalTokens = 0;
     // Task snapshots / session events live in the local store. Skip when
     // local isn't initialized — loading would auto-create .hippo in the cwd.
-    const activeSnapshot = hasLocal ? loadActiveTaskSnapshot(hippoRoot) : null;
+    const activeSnapshot = hasLocal ? loadActiveTaskSnapshot(hippoRoot, resolveTenantId({})) : null;
     const sessionHandoff = hasLocal && activeSnapshot?.session_id
-        ? loadLatestHandoff(hippoRoot, activeSnapshot.session_id)
+        ? loadLatestHandoff(hippoRoot, resolveTenantId({}), activeSnapshot.session_id)
         : null;
     const recentSessionEvents = hasLocal && activeSnapshot?.session_id
-        ? listSessionEvents(hippoRoot, { session_id: activeSnapshot.session_id, limit: 5 })
+        ? listSessionEvents(hippoRoot, resolveTenantId({}), { session_id: activeSnapshot.session_id, limit: 5 })
         : [];
     if (localEntries.length === 0 && globalEntries.length === 0 && !activeSnapshot && !sessionHandoff && recentSessionEvents.length === 0) {
         return;