libre-webui 0.2.4

package/backend/dist/services/encryptionService.js

@@ -0,0 +1,284 @@
+/*
+ * Libre WebUI
+ * Copyright (C) 2025 Kroonen AI, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import crypto from 'crypto';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+// ESM __dirname equivalent
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+/**
+ * Encryption service for sensitive data
+ * Provides AES-256-GCM encryption for application-level encryption
+ */
+export class EncryptionService {
+    /**
+     * Automatically add the encryption key to the .env file or persistent storage
+     */
+    addKeyToEnvFile(encryptionKey) {
+        const isDocker = process.env.DOCKER_ENV === 'true';
+        if (isDocker) {
+            // In Docker, store key in persistent data directory
+            this.saveKeyToPersistentStorage(encryptionKey);
+        }
+        else {
+            // In regular environment, store in .env file
+            this.saveKeyToEnvFile(encryptionKey);
+        }
+    }
+    /**
+     * Save encryption key to persistent data directory (for Docker)
+     */
+    saveKeyToPersistentStorage(encryptionKey) {
+        try {
+            const dataDir = process.env.DATA_DIR || path.join(process.cwd(), 'backend', 'data');
+            const keyPath = path.join(dataDir, '.encryption_key');
+            // Ensure data directory exists
+            if (!fs.existsSync(dataDir)) {
+                fs.mkdirSync(dataDir, { recursive: true });
+            }
+            // Write the key to persistent storage
+            fs.writeFileSync(keyPath, encryptionKey, 'utf8');
+            console.info(`✅ Automatically saved ENCRYPTION_KEY to persistent storage: ${keyPath}`);
+            console.info('🔐 Encryption key will persist across container restarts');
+        }
+        catch (error) {
+            console.error('❌ Failed to save ENCRYPTION_KEY to persistent storage:', error);
+            console.warn('   Please set ENCRYPTION_KEY environment variable manually:');
+            console.warn(`   ENCRYPTION_KEY=${encryptionKey}`);
+        }
+    }
+    /**
+     * Find the .env file location - checks multiple possible locations
+     */
+    findEnvFilePath() {
+        // Possible .env file locations in order of priority
+        const possiblePaths = [
+            path.join(process.cwd(), 'backend', '.env'), // Running from project root (npm run dev)
+            path.join(process.cwd(), '.env'), // Running from backend directory
+            path.join(__dirname, '..', '..', '.env'), // Relative to this file (backend/src/services -> backend/)
+        ];
+        // Find the first existing .env file
+        for (const envPath of possiblePaths) {
+            if (fs.existsSync(envPath)) {
+                return envPath;
+            }
+        }
+        // If no .env exists, prefer the backend/.env location if backend dir exists
+        const backendEnvPath = path.join(process.cwd(), 'backend', '.env');
+        const backendDir = path.dirname(backendEnvPath);
+        if (fs.existsSync(backendDir)) {
+            return backendEnvPath;
+        }
+        // Fallback to cwd/.env
+        return path.join(process.cwd(), '.env');
+    }
+    /**
+     * Save encryption key to .env file (for regular environments)
+     */
+    saveKeyToEnvFile(encryptionKey) {
+        try {
+            const envPath = this.findEnvFilePath();
+            let envContent = '';
+            // Read existing .env file if it exists
+            if (fs.existsSync(envPath)) {
+                envContent = fs.readFileSync(envPath, 'utf8');
+                // Check if ENCRYPTION_KEY already exists (commented or uncommented)
+                if (/^ENCRYPTION_KEY=/m.test(envContent)) {
+                    console.warn('⚠️  ENCRYPTION_KEY already exists in .env file, skipping auto-generation');
+                    return;
+                }
+                // If there's a commented ENCRYPTION_KEY line, replace it with the actual key
+                if (envContent.includes('# ENCRYPTION_KEY=')) {
+                    envContent = envContent.replace(/# ENCRYPTION_KEY=.*/, `ENCRYPTION_KEY=${encryptionKey}`);
+                    fs.writeFileSync(envPath, envContent, 'utf8');
+                    console.info(`✅ Automatically added ENCRYPTION_KEY to .env file: ${envPath}`);
+                    return;
+                }
+            }
+            // Add the encryption key to the content
+            const keyLine = `\n# Database Encryption\n# 64-character encryption key for protecting sensitive data\nENCRYPTION_KEY=${encryptionKey}\n`;
+            if (envContent && !envContent.endsWith('\n')) {
+                envContent += '\n';
+            }
+            envContent += keyLine;
+            // Write back to .env file
+            fs.writeFileSync(envPath, envContent, 'utf8');
+            console.info(`✅ Automatically added ENCRYPTION_KEY to .env file: ${envPath}`);
+        }
+        catch (error) {
+            console.error('❌ Failed to automatically add ENCRYPTION_KEY to .env file:', error);
+            console.warn('   Please manually add the following line to your .env file:');
+            console.warn(`   ENCRYPTION_KEY=${encryptionKey}`);
+        }
+    }
+    /**
+     * Load encryption key from persistent storage (for Docker)
+     */
+    loadKeyFromPersistentStorage() {
+        try {
+            const dataDir = process.env.DATA_DIR || path.join(process.cwd(), 'backend', 'data');
+            const keyPath = path.join(dataDir, '.encryption_key');
+            if (fs.existsSync(keyPath)) {
+                const key = fs.readFileSync(keyPath, 'utf8').trim();
+                if (key.length === 64) {
+                    console.info(`✅ Loaded encryption key from persistent storage: ${keyPath}`);
+                    return key;
+                }
+            }
+        }
+        catch (error) {
+            console.warn('⚠️  Failed to load encryption key from persistent storage:', error);
+        }
+        return null;
+    }
+    constructor() {
+        this.algorithm = 'aes-256-gcm';
+        // Get encryption key from environment, persistent storage, or generate one
+        let keyString = process.env.ENCRYPTION_KEY;
+        // If no environment variable, try loading from persistent storage in Docker
+        if (!keyString && process.env.DOCKER_ENV === 'true') {
+            const persistentKey = this.loadKeyFromPersistentStorage();
+            if (persistentKey) {
+                keyString = persistentKey;
+            }
+        }
+        if (keyString) {
+            if (keyString.length !== 64) {
+                throw new Error(`ENCRYPTION_KEY must be exactly 64 hex characters (32 bytes). Current length: ${keyString.length}`);
+            }
+            this.encryptionKey = Buffer.from(keyString, 'hex');
+            if (this.encryptionKey.length !== 32) {
+                throw new Error('Invalid ENCRYPTION_KEY: hex decoding failed');
+            }
+        }
+        else {
+            // Generate a new key and automatically add it to appropriate storage
+            this.encryptionKey = crypto.randomBytes(32);
+            const newKeyString = this.encryptionKey.toString('hex');
+            console.warn(`⚠️  No ENCRYPTION_KEY found. Generated key: ${newKeyString}`);
+            // Automatically add the key to appropriate storage (Docker vs regular)
+            this.addKeyToEnvFile(newKeyString);
+            if (process.env.DOCKER_ENV === 'true') {
+                console.info('🔐 Generated encryption key saved to persistent storage');
+                console.info('   Key will persist across container restarts');
+            }
+            else {
+                console.info('🔐 Generated encryption key has been automatically added to your .env file');
+                console.info('   Restart the application to use the persistent key');
+            }
+        }
+    }
+    static getInstance() {
+        if (!EncryptionService.instance) {
+            EncryptionService.instance = new EncryptionService();
+        }
+        return EncryptionService.instance;
+    }
+    /**
+     * Encrypt sensitive text data
+     */
+    encrypt(plaintext) {
+        if (!plaintext)
+            return plaintext;
+        try {
+            const iv = crypto.randomBytes(16); // 16 bytes for AES
+            const cipher = crypto.createCipheriv(this.algorithm, this.encryptionKey, iv);
+            let encrypted = cipher.update(plaintext, 'utf8', 'hex');
+            encrypted += cipher.final('hex');
+            const authTag = cipher.getAuthTag();
+            // Combine IV, auth tag, and encrypted data
+            return (iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted);
+        }
+        catch (error) {
+            console.error('Encryption error:', error);
+            throw new Error('Failed to encrypt data');
+        }
+    }
+    /**
+     * Decrypt encrypted text data
+     */
+    decrypt(encryptedData) {
+        if (!encryptedData || !encryptedData.includes(':')) {
+            // Data doesn't contain colons, likely unencrypted
+            if (process.env.DEBUG_ENCRYPTION) {
+                console.debug('Decryption: Data appears to be unencrypted (no colons found)');
+            }
+            return encryptedData;
+        }
+        try {
+            const parts = encryptedData.split(':');
+            if (parts.length !== 3) {
+                console.warn(`Decryption: Invalid format (expected 3 parts, got ${parts.length}), treating as unencrypted data`);
+                return encryptedData;
+            }
+            const [ivHex, authTagHex, encrypted] = parts;
+            // Validate hex format before attempting to convert
+            if (!/^[a-fA-F0-9]+$/.test(ivHex) || !/^[a-fA-F0-9]+$/.test(authTagHex)) {
+                console.warn('Decryption: Invalid hex format, treating as unencrypted data');
+                return encryptedData;
+            }
+            const iv = Buffer.from(ivHex, 'hex');
+            const authTag = Buffer.from(authTagHex, 'hex');
+            const decipher = crypto.createDecipheriv(this.algorithm, this.encryptionKey, iv);
+            decipher.setAuthTag(authTag);
+            let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+            decrypted += decipher.final('utf8');
+            return decrypted;
+        }
+        catch (error) {
+            console.error('Decryption error:', error);
+            console.warn('Treating as unencrypted data for backward compatibility');
+            return encryptedData; // Return original data if decryption fails
+        }
+    }
+    /**
+     * Encrypt JSON objects
+     */
+    encryptObject(obj) {
+        return this.encrypt(JSON.stringify(obj));
+    }
+    /**
+     * Decrypt JSON objects
+     */
+    decryptObject(encryptedData) {
+        const decrypted = this.decrypt(encryptedData);
+        return JSON.parse(decrypted);
+    }
+    /**
+     * Check if data appears to be encrypted
+     */
+    isEncrypted(data) {
+        return Boolean(data && data.includes(':') && data.split(':').length === 3);
+    }
+    /**
+     * Generate a new encryption key
+     */
+    static generateKey() {
+        return crypto.randomBytes(32).toString('hex');
+    }
+    /**
+     * Get the current encryption key (for first-time setup display)
+     * WARNING: Only use this during first-time setup when showing the key to the admin
+     */
+    getKeyForDisplay() {
+        return this.encryptionKey.toString('hex');
+    }
+}
+// Export singleton instance
+export const encryptionService = EncryptionService.getInstance();
+//# sourceMappingURL=encryptionService.js.map

package/backend/dist/services/encryptionService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptionService.js","sourceRoot":"","sources":["../../src/services/encryptionService.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AAEpC,2BAA2B;AAC3B,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAE3C;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IAK5B;;OAEG;IACK,eAAe,CAAC,aAAqB;QAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,MAAM,CAAC;QAEnD,IAAI,QAAQ,EAAE,CAAC;YACb,oDAAoD;YACpD,IAAI,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,6CAA6C;YAC7C,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,0BAA0B,CAAC,aAAqB;QACtD,IAAI,CAAC;YACH,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;YACtE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;YAEtD,+BAA+B;YAC/B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7C,CAAC;YAED,sCAAsC;YACtC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;YACjD,OAAO,CAAC,IAAI,CACV,+DAA+D,OAAO,EAAE,CACzE,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,wDAAwD,EACxD,KAAK,CACN,CAAC;YACF,OAAO,CAAC,IAAI,CACV,6DAA6D,CAC9D,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,qBAAqB,aAAa,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,oDAAoD;QACpD,MAAM,aAAa,GAAG;YACpB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,0CAA0C;YACvF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,EAAE,iCAAiC;YACnE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,2DAA2D;SACtG,CAAC;QAEF,oCAAoC;QACpC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;YACpC,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QAED,4EAA4E;QAC5E,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAChD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,uBAAuB;QACvB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,aAAqB;QAC5C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YACvC,IAAI,UAAU,GAAG,EAAE,CAAC;YAEpB,uCAAuC;YACvC,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAE9C,oEAAoE;gBACpE,IAAI,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBACzC,OAAO,CAAC,IAAI,CACV,0EAA0E,CAC3E,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,6EAA6E;gBAC7E,IAAI,UAAU,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;oBAC7C,UAAU,GAAG,UAAU,CAAC,OAAO,CAC7B,qBAAqB,EACrB,kBAAkB,aAAa,EAAE,CAClC,CAAC;oBACF,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;oBAC9C,OAAO,CAAC,IAAI,CACV,sDAAsD,OAAO,EAAE,CAChE,CAAC;oBACF,OAAO;gBACT,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,MAAM,OAAO,GAAG,wGAAwG,aAAa,IAAI,CAAC;YAE1I,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7C,UAAU,IAAI,IAAI,CAAC;YACrB,CAAC;YAED,UAAU,IAAI,OAAO,CAAC;YAEtB,0BAA0B;YAC1B,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;YAC9C,OAAO,CAAC,IAAI,CACV,sDAAsD,OAAO,EAAE,CAChE,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,4DAA4D,EAC5D,KAAK,CACN,CAAC;YACF,OAAO,CAAC,IAAI,CACV,8DAA8D,CAC/D,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,qBAAqB,aAAa,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,4BAA4B;QAClC,IAAI,CAAC;YACH,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;YACtE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;YAEtD,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;gBACpD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;oBACtB,OAAO,CAAC,IAAI,CACV,oDAAoD,OAAO,EAAE,CAC9D,CAAC;oBACF,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CACV,4DAA4D,EAC5D,KAAK,CACN,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;QArKQ,cAAS,GAAG,aAAa,CAAC;QAsKhC,2EAA2E;QAC3E,IAAI,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAE3C,4EAA4E;QAC5E,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;YACpD,MAAM,aAAa,GAAG,IAAI,CAAC,4BAA4B,EAAE,CAAC;YAC1D,IAAI,aAAa,EAAE,CAAC;gBAClB,SAAS,GAAG,aAAa,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CACb,gFAAgF,SAAS,CAAC,MAAM,EAAE,CACnG,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YACnD,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,qEAAqE;YACrE,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAExD,OAAO,CAAC,IAAI,CACV,+CAA+C,YAAY,EAAE,CAC9D,CAAC;YAEF,uEAAuE;YACvE,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;YAEnC,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;gBACxE,OAAO,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YAChE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CACV,4EAA4E,CAC7E,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;IACH,CAAC;IAEM,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,CAAC;YAChC,iBAAiB,CAAC,QAAQ,GAAG,IAAI,iBAAiB,EAAE,CAAC;QACvD,CAAC;QACD,OAAO,iBAAiB,CAAC,QAAQ,CAAC;IACpC,CAAC;IAED;;OAEG;IACI,OAAO,CAAC,SAAiB;QAC9B,IAAI,CAAC,SAAS;YAAE,OAAO,SAAS,CAAC;QAEjC,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB;YACtD,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAClC,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,aAAa,EAClB,EAAE,CACH,CAAC;YAEF,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;YACxD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAEjC,MAAM,OAAO,GAAI,MAA2B,CAAC,UAAU,EAAE,CAAC;YAE1D,2CAA2C;YAC3C,OAAO,CACL,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CACrE,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;OAEG;IACI,OAAO,CAAC,aAAqB;QAClC,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACnD,kDAAkD;YAClD,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;gBACjC,OAAO,CAAC,KAAK,CACX,8DAA8D,CAC/D,CAAC;YACJ,CAAC;YACD,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,IAAI,CACV,qDAAqD,KAAK,CAAC,MAAM,iCAAiC,CACnG,CAAC;gBACF,OAAO,aAAa,CAAC;YACvB,CAAC;YAED,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;YAE7C,mDAAmD;YACnD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBACxE,OAAO,CAAC,IAAI,CACV,8DAA8D,CAC/D,CAAC;gBACF,OAAO,aAAa,CAAC;YACvB,CAAC;YAED,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YAE/C,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CACtC,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,aAAa,EAClB,EAAE,CACH,CAAC;YACD,QAA+B,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAErD,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAEpC,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;YACxE,OAAO,aAAa,CAAC,CAAC,2CAA2C;QACnE,CAAC;IACH,CAAC;IAED;;OAEG;IACI,aAAa,CAAC,GAA4B;QAC/C,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACI,aAAa,CAAI,aAAqB;QAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACI,WAAW,CAAC,IAAY;QAC7B,OAAO,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;;OAGG;IACI,gBAAgB;QACrB,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC;CACF;AAED,4BAA4B;AAC5B,MAAM,CAAC,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC"}

package/backend/dist/services/memoryService.d.ts

@@ -0,0 +1,140 @@
+import { PersonaMemoryEntry, MemorySearchResult, EmbeddingModel } from '../types/index.js';
+export type MemoryType = 'fact' | 'preference' | 'experience' | 'emotional' | 'context' | 'instruction' | 'general';
+export interface EnhancedMemoryEntry extends PersonaMemoryEntry {
+    memory_type?: MemoryType;
+    access_count?: number;
+    last_accessed?: number;
+    decay_factor?: number;
+    consolidated_from?: string[];
+}
+export declare class MemoryService {
+    private db;
+    private embeddingModels;
+    constructor();
+    /**
+     * Ensure database is available
+     */
+    private ensureDatabase;
+    private initializeTables;
+    /**
+     * Migrate database to add new columns for existing tables
+     */
+    private migrateDatabase;
+    /**
+     * Get SQLite column type for a given column name
+     */
+    private getColumnType;
+    /**
+     * Classify memory content into a type
+     */
+    classifyMemoryType(content: string): MemoryType;
+    /**
+     * Calculate enhanced importance score based on multiple factors
+     */
+    calculateEnhancedImportance(content: string, memoryType: MemoryType, _context?: string): number;
+    /**
+     * Apply time-based decay to importance score
+     */
+    applyDecay(originalImportance: number, timestamp: number, accessCount?: number, lastAccessed?: number): number;
+    /**
+     * Get available embedding models
+     */
+    getEmbeddingModels(): EmbeddingModel[];
+    /**
+     * Generate embedding for text using specified model
+     */
+    private generateEmbedding;
+    /**
+     * Store a memory entry with embedding and automatic classification
+     */
+    storeMemory(userId: string, personaId: string, content: string, embeddingModel: string, context?: string, importanceScore?: number, memoryType?: MemoryType): Promise<EnhancedMemoryEntry>;
+    /**
+     * Find similar memories (for deduplication)
+     */
+    private findSimilarMemories;
+    /**
+     * Reinforce a memory (increases importance and access count)
+     */
+    reinforceMemory(memoryId: string): Promise<boolean>;
+    /**
+     * Calculate cosine similarity between two vectors
+     */
+    private cosineSimilarity;
+    /**
+     * Search memories using semantic similarity with enhanced relevance scoring
+     */
+    searchMemories(userId: string, personaId: string, query: string, embeddingModel: string, topK?: number, minSimilarity?: number, memoryTypes?: MemoryType[]): Promise<MemorySearchResult[]>;
+    /**
+     * Update memory access tracking
+     */
+    private updateMemoryAccess;
+    /**
+     * Get all memories for a persona
+     */
+    getMemories(userId: string, personaId: string, limit?: number, offset?: number): Promise<PersonaMemoryEntry[]>;
+    /**
+     * Get memory count for a persona
+     */
+    getMemoryCount(userId: string, personaId: string): Promise<number>;
+    /**
+     * Get memory status for a persona
+     */
+    getMemoryStatus(userId: string, personaId: string): Promise<{
+        memory_count: number;
+        last_backup?: number;
+        size_mb: number;
+    }>;
+    /**
+     * Delete all memories for a persona (wipe)
+     */
+    wipeMemories(userId: string, personaId: string): Promise<number>;
+    /**
+     * Export memories for backup
+     */
+    exportMemories(userId: string, personaId: string): Promise<PersonaMemoryEntry[]>;
+    /**
+     * Import memories from backup
+     */
+    importMemories(memories: PersonaMemoryEntry[], targetUserId: string): Promise<number>;
+    /**
+     * Update memory importance score
+     */
+    updateMemoryImportance(memoryId: string, importanceScore: number): Promise<boolean>;
+    /**
+     * Delete old memories based on retention policy
+     */
+    cleanupOldMemories(userId: string, personaId: string, retentionDays: number): Promise<number>;
+    /**
+     * Consolidate similar memories to reduce redundancy and save space
+     * This merges memories with high similarity into a single, more comprehensive memory
+     */
+    consolidateMemories(userId: string, personaId: string, embeddingModel: string, similarityThreshold?: number): Promise<{
+        consolidated: number;
+        deleted: number;
+    }>;
+    /**
+     * Create consolidated content from multiple similar memories
+     */
+    private createConsolidatedContent;
+    /**
+     * Get memory statistics for a persona
+     */
+    getMemoryStats(userId: string, personaId: string): Promise<{
+        total_count: number;
+        by_type: Record<string, number>;
+        avg_importance: number;
+        oldest_memory: number | null;
+        newest_memory: number | null;
+        total_accesses: number;
+    }>;
+    /**
+     * Apply decay to all memories (should be called periodically)
+     */
+    applyGlobalDecay(userId: string, personaId: string): Promise<number>;
+    /**
+     * Get important memories (facts, preferences, instructions) that should always be included
+     */
+    getCoreMemories(userId: string, personaId: string, limit?: number): Promise<PersonaMemoryEntry[]>;
+}
+export declare const memoryService: MemoryService;
+//# sourceMappingURL=memoryService.d.ts.map

package/backend/dist/services/memoryService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memoryService.d.ts","sourceRoot":"","sources":["../../src/services/memoryService.ts"],"names":[],"mappings":"AAmBA,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,cAAc,EACf,MAAM,mBAAmB,CAAC;AAI3B,MAAM,MAAM,UAAU,GAClB,MAAM,GACN,YAAY,GACZ,YAAY,GACZ,WAAW,GACX,SAAS,GACT,aAAa,GACb,SAAS,CAAC;AAGd,MAAM,WAAW,mBAAoB,SAAQ,kBAAkB;IAC7D,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,EAAE,CAAqB;IAC/B,OAAO,CAAC,eAAe,CAoCrB;;IAMF;;OAEG;IACH,OAAO,CAAC,cAAc;IAOtB,OAAO,CAAC,gBAAgB;IA+CxB;;OAEG;IACH,OAAO,CAAC,eAAe;IAqCvB;;OAEG;IACH,OAAO,CAAC,aAAa;IAWrB;;OAEG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IA2D/C;;OAEG;IACH,2BAA2B,CACzB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,UAAU,EACtB,QAAQ,CAAC,EAAE,MAAM,GAChB,MAAM;IAyCT;;OAEG;IACH,UAAU,CACR,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,MAAM,EACjB,WAAW,GAAE,MAAU,EACvB,YAAY,CAAC,EAAE,MAAM,GACpB,MAAM;IAwBT;;OAEG;IACH,kBAAkB,IAAI,cAAc,EAAE;IAItC;;OAEG;YACW,iBAAiB;IAmB/B;;OAEG;IACG,WAAW,CACf,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM,EACtB,OAAO,CAAC,EAAE,MAAM,EAChB,eAAe,CAAC,EAAE,MAAM,EACxB,UAAU,CAAC,EAAE,UAAU,GACtB,OAAO,CAAC,mBAAmB,CAAC;IA6E/B;;OAEG;YACW,mBAAmB;IAmEjC;;OAEG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAczD;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAkBxB;;OAEG;IACG,cAAc,CAClB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,MAAM,EACtB,IAAI,SAAI,EACR,aAAa,SAAM,EACnB,WAAW,CAAC,EAAE,UAAU,EAAE,GACzB,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAgHhC;;OAEG;YACW,kBAAkB;IAehC;;OAEG;IACG,WAAW,CACf,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,KAAK,SAAM,EACX,MAAM,SAAI,GACT,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAmChC;;OAEG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAmBxE;;OAEG;IACG,eAAe,CACnB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;QACT,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IAmBF;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAWtE;;OAEG;IACG,cAAc,CAClB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAIhC;;OAEG;IACG,cAAc,CAClB,QAAQ,EAAE,kBAAkB,EAAE,EAC9B,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC;IAkClB;;OAEG;IACG,sBAAsB,CAC1B,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,OAAO,CAAC;IAYnB;;OAEG;IACG,kBAAkB,CACtB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC;IAclB;;;OAGG;IACG,mBAAmB,CACvB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,EACtB,mBAAmB,SAAM,GACxB,OAAO,CAAC;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAuJrD;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAejC;;OAEG;IACG,cAAc,CAClB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC;QACT,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAChC,cAAc,EAAE,MAAM,CAAC;QACvB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAiDF;;OAEG;IACG,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA6C1E;;OAEG;IACG,eAAe,CACnB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,KAAK,SAAI,GACR,OAAO,CAAC,kBAAkB,EAAE,CAAC;CAyCjC;AAED,eAAO,MAAM,aAAa,eAAsB,CAAC"}