jasper-recall 0.3.3 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SKILL.md +70 -0
- package/extensions/openclaw-plugin/index.ts +26 -3
- package/package.json +1 -1
package/SKILL.md
CHANGED
|
@@ -293,6 +293,76 @@ Default settings in index-digests:
|
|
|
293
293
|
- Chunk size: 500 characters
|
|
294
294
|
- Overlap: 100 characters
|
|
295
295
|
|
|
296
|
+
## Security Considerations
|
|
297
|
+
|
|
298
|
+
⚠️ **Review these settings before enabling in production:**
|
|
299
|
+
|
|
300
|
+
### Server Binding
|
|
301
|
+
|
|
302
|
+
The `serve` command defaults to `127.0.0.1` (localhost only). **Do not use `--host 0.0.0.0`** unless you explicitly intend to expose the API externally and have secured it appropriately.
|
|
303
|
+
|
|
304
|
+
### Private Memory Access
|
|
305
|
+
|
|
306
|
+
The server enforces `public_only=true` by default. The env var `RECALL_ALLOW_PRIVATE=true` bypasses this restriction. **Never set this on public/shared hosts** — it exposes your private memories to any client.
|
|
307
|
+
|
|
308
|
+
### autoRecall Plugin
|
|
309
|
+
|
|
310
|
+
When `autoRecall: true` in the OpenClaw plugin config, memories are automatically injected before every agent message. Consider:
|
|
311
|
+
|
|
312
|
+
- Set `publicOnly: true` in plugin config for sandboxed agents
|
|
313
|
+
- Review which collections will be searched
|
|
314
|
+
- Use `minScore` to filter low-relevance injections
|
|
315
|
+
|
|
316
|
+
**What's automatically skipped (no recall triggered):**
|
|
317
|
+
- Heartbeat polls (`HEARTBEAT`, `Read HEARTBEAT.md`, `HEARTBEAT_OK`)
|
|
318
|
+
- Messages containing `NO_REPLY`
|
|
319
|
+
- Messages < 10 characters
|
|
320
|
+
- Agent-to-agent messages (cron jobs, workers, spawned agents)
|
|
321
|
+
- Automated reports (`📋 PR Review`, `🤖 Codex Watch`, `ANNOUNCE_*`)
|
|
322
|
+
- Messages from senders starting with `agent:` or `worker-`
|
|
323
|
+
|
|
324
|
+
**Safer config for untrusted contexts:**
|
|
325
|
+
```json
|
|
326
|
+
"jasper-recall": {
|
|
327
|
+
"enabled": true,
|
|
328
|
+
"config": {
|
|
329
|
+
"autoRecall": true,
|
|
330
|
+
"publicOnly": true,
|
|
331
|
+
"minScore": 0.5
|
|
332
|
+
}
|
|
333
|
+
}
|
|
334
|
+
```
|
|
335
|
+
|
|
336
|
+
### Environment Variables
|
|
337
|
+
|
|
338
|
+
The following env vars affect behavior — set them explicitly rather than relying on defaults:
|
|
339
|
+
|
|
340
|
+
| Variable | Default | Purpose |
|
|
341
|
+
|----------|---------|---------|
|
|
342
|
+
| `RECALL_WORKSPACE` | `~/.openclaw/workspace` | Memory files location |
|
|
343
|
+
| `RECALL_CHROMA_DB` | `~/.openclaw/chroma-db` | Vector database path |
|
|
344
|
+
| `RECALL_SESSIONS_DIR` | `~/.openclaw/agents/main/sessions` | Session logs |
|
|
345
|
+
| `RECALL_ALLOW_PRIVATE` | `false` | Server private access |
|
|
346
|
+
| `RECALL_PORT` | `3458` | Server port |
|
|
347
|
+
| `RECALL_HOST` | `127.0.0.1` | Server bind address |
|
|
348
|
+
|
|
349
|
+
### Dry-Run First
|
|
350
|
+
|
|
351
|
+
Before sharing or syncing, use dry-run options to preview what will be exposed:
|
|
352
|
+
|
|
353
|
+
```bash
|
|
354
|
+
privacy-check --file notes.md # Scan for sensitive data
|
|
355
|
+
sync-shared --dry-run # Preview public extraction
|
|
356
|
+
digest-sessions --dry-run # Preview session processing
|
|
357
|
+
```
|
|
358
|
+
|
|
359
|
+
### Sandboxed Environments
|
|
360
|
+
|
|
361
|
+
For maximum isolation, run jasper-recall in a container or dedicated account:
|
|
362
|
+
- Limits risk of accidental data exposure
|
|
363
|
+
- Separates private memory from shared contexts
|
|
364
|
+
- Recommended for multi-agent setups with untrusted agents
|
|
365
|
+
|
|
296
366
|
## Troubleshooting
|
|
297
367
|
|
|
298
368
|
**"No index found"**
|
|
@@ -81,14 +81,37 @@ export default function register(api: PluginApi) {
|
|
|
81
81
|
// ============================================================================
|
|
82
82
|
|
|
83
83
|
if (autoRecall) {
|
|
84
|
-
api.on('before_agent_start', async (event: { prompt?: string }) => {
|
|
84
|
+
api.on('before_agent_start', async (event: { prompt?: string; senderId?: string; source?: string }) => {
|
|
85
85
|
// Skip if no prompt or too short
|
|
86
86
|
if (!event.prompt || event.prompt.length < 10) {
|
|
87
87
|
return;
|
|
88
88
|
}
|
|
89
89
|
|
|
90
|
-
|
|
91
|
-
|
|
90
|
+
const prompt = event.prompt;
|
|
91
|
+
|
|
92
|
+
// Skip heartbeats and system prompts
|
|
93
|
+
if (prompt.startsWith('HEARTBEAT') ||
|
|
94
|
+
prompt.startsWith('Read HEARTBEAT.md') ||
|
|
95
|
+
prompt.includes('NO_REPLY') ||
|
|
96
|
+
prompt.includes('HEARTBEAT_OK')) {
|
|
97
|
+
return;
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
// Skip agent-to-agent messages (cron jobs, workers, spawned agents)
|
|
101
|
+
if (event.source?.startsWith('cron:') ||
|
|
102
|
+
event.source?.startsWith('agent:') ||
|
|
103
|
+
event.source?.startsWith('spawn:') ||
|
|
104
|
+
event.source === 'sessions_send' ||
|
|
105
|
+
event.senderId?.startsWith('agent:') ||
|
|
106
|
+
event.senderId?.startsWith('worker-')) {
|
|
107
|
+
return;
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
// Skip common automated patterns
|
|
111
|
+
if (prompt.startsWith('Agent-to-agent') ||
|
|
112
|
+
prompt.startsWith('📋 PR Review') ||
|
|
113
|
+
prompt.startsWith('🤖 Codex Watch') ||
|
|
114
|
+
prompt.startsWith('ANNOUNCE_')) {
|
|
92
115
|
return;
|
|
93
116
|
}
|
|
94
117
|
|