kiro-memory 1.4.2 → 1.6.0

package/README.md

@@ -386,10 +386,10 @@ The agent configuration was not installed. Run the install command:
 kiro-memory install
 ```
 
-This creates the agent config at `~/.kiro/agents/contextkit.json`. Note: the agent name is `contextkit-memory`, so start Kiro with:
+This creates the agent config at `~/.kiro/agents/kiro-memory.json`. Then start Kiro with:
 
 ```bash
-kiro-cli --agent contextkit-memory
+kiro-cli --agent kiro-memory
 ```
 
 ### Port 3001 already in use
@@ -413,6 +413,19 @@ Run the built-in doctor command to check your environment:
 kiro-memory doctor
 ```
 
+## Security
+
+Kiro Memory runs **locally only** on `127.0.0.1` and implements multiple layers of protection:
+
+- **Token Authentication** on the notify endpoint (shared secret via `~/.kiro-memory/worker.token`)
+- **Rate Limiting** on all API endpoints (200 req/min global, 60 req/min for notifications)
+- **Helmet** security headers with Content Security Policy
+- **CORS** restricted to localhost origins
+- **Input Validation** on all POST endpoints (type checking, length limits, safe character patterns)
+- **SSE Connection Limit** (max 50 concurrent clients)
+
+To report a security vulnerability, please open a [private security advisory](https://github.com/auriti-web-design/kiro-memory/security/advisories/new).
+
 ## Contributing
 
 Contributions are welcome. Please open an issue to discuss proposed changes before submitting a pull request. See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kiro-memory",
-  "version": "1.4.2",
+  "version": "1.6.0",
   "description": "Persistent cross-session memory for Kiro CLI. Automatically tracks context, observations, and summaries across coding sessions.",
   "keywords": [
     "kiro",
@@ -58,7 +58,7 @@
     "worker:restart": "bun plugin/scripts/worker-service.cjs restart",
     "worker:status": "bun plugin/scripts/worker-service.cjs status",
     "worker:logs": "tail -n 50 ~/.contextkit/logs/worker-$(date +%Y-%m-%d).log",
-    "worker:tail": "tail -f 50 ~/.contextkit/logs/worker-$(date +%Y-%m-%d).log",
+    "worker:tail": "tail -f -n 50 ~/.contextkit/logs/worker-$(date +%Y-%m-%d).log",
     "queue": "bun scripts/check-pending-queue.ts",
     "queue:process": "bun scripts/check-pending-queue.ts --process",
     "queue:clear": "bun scripts/clear-failed-queue.ts --all --force",
@@ -95,8 +95,10 @@
     "cors": "^2.8.5",
     "dompurify": "^3.3.1",
     "express": "^4.18.2",
+    "express-rate-limit": "^8.2.1",
     "glob": "^11.0.3",
     "handlebars": "^4.7.8",
+    "helmet": "^8.1.0",
     "lucide-react": "^0.574.0",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
@@ -109,6 +111,7 @@
     "@types/cors": "^2.8.19",
     "@types/dompurify": "^3.0.5",
     "@types/express": "^4.17.21",
+    "@types/express-rate-limit": "^5.1.3",
     "@types/node": "^20.0.0",
     "@types/react": "^18.3.5",
     "@types/react-dom": "^18.3.0",