latticesql 3.3.0 → 3.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -0
- package/dist/cli.js +61125 -59988
- package/dist/index.cjs +60468 -59279
- package/dist/index.d.cts +8 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.js +60229 -59042
- package/docs/assistant.md +29 -0
- package/package.json +2 -1
package/docs/assistant.md
CHANGED
|
@@ -105,6 +105,35 @@ each source:
|
|
|
105
105
|
`source_file_id`. New objects, enrichment, links, and junctions are all
|
|
106
106
|
reversible via the version history.
|
|
107
107
|
|
|
108
|
+
### Reading a web link (`ingest_url`)
|
|
109
|
+
|
|
110
|
+
You can also just **ask** the assistant to read a link: "summarize https://… for me",
|
|
111
|
+
"save this article", "read that page". The model calls the **`ingest_url`** tool,
|
|
112
|
+
which fetches the page, saves it as a `files` web reference (`ref_kind='cloud_ref'`,
|
|
113
|
+
`ref_provider='web'`), summarizes it, and reports back. The saved reference follows
|
|
114
|
+
the same sharing rules as any file (private mode → private).
|
|
115
|
+
|
|
116
|
+
It is deliberately **not** a general fetch primitive — that would be an SSRF + prompt-
|
|
117
|
+
injection hazard for an LLM-driven tool. Guardrails:
|
|
118
|
+
|
|
119
|
+
- **User-provided URLs only.** The tool fetches only a URL that appears verbatim in
|
|
120
|
+
your own message; it refuses a URL discovered inside a file, a row, or model output.
|
|
121
|
+
- **SSRF + policy + rate limits.** Every fetch passes the SSRF guard (no private /
|
|
122
|
+
loopback / metadata addresses), a deployment on/off + allow/block-list policy, a
|
|
123
|
+
per-turn fetch budget, a process-wide concurrency cap, and a per-host throttle —
|
|
124
|
+
all tunable via the `LATTICE_URL_*` env vars (see [`.env.example`](../.env.example)).
|
|
125
|
+
- **Untrusted content.** A fetched page is treated as untrusted data end-to-end: the
|
|
126
|
+
row is flagged `source_json.untrusted=true`, the enrichment prompts wrap its text in
|
|
127
|
+
explicit "data, not instructions" markers, and `get_row`/`list_rows` re-wrap it when
|
|
128
|
+
the assistant reads it back. The compact tool result never includes the raw page text.
|
|
129
|
+
- **Optional JS rendering.** SPA pages render with headless Chromium when the optional
|
|
130
|
+
`playwright` dependency is installed; otherwise the crawler degrades to the static
|
|
131
|
+
extraction (one warning, no failure). Posts on x.com / twitter.com are read via their
|
|
132
|
+
public oEmbed endpoint.
|
|
133
|
+
|
|
134
|
+
This shares one `ingestUrlAsFile` path with the `/api/ingest/text` URL branch, so a
|
|
135
|
+
pasted URL and an assistant-requested URL behave identically.
|
|
136
|
+
|
|
108
137
|
### Library API
|
|
109
138
|
|
|
110
139
|
The same intelligence is a first-class, GUI-independent API (inert without an LLM
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "latticesql",
|
|
3
|
-
"version": "3.3.
|
|
3
|
+
"version": "3.3.1",
|
|
4
4
|
"description": "Persistent structured memory for AI agent systems — pluggable SQLite or Postgres backend, LLM context bridge",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -77,6 +77,7 @@
|
|
|
77
77
|
"@types/pg": "^8.11.0",
|
|
78
78
|
"@vitest/coverage-v8": "^2.1.9",
|
|
79
79
|
"better-sqlite3": "^12.8.0",
|
|
80
|
+
"embedded-postgres": "^18.4.0-beta.17",
|
|
80
81
|
"eslint": "^9.0.0",
|
|
81
82
|
"pg": "^8.11.0",
|
|
82
83
|
"prettier": "^3.3.0",
|