memory-get-acl 2026.3.31

package/README.md

@@ -0,0 +1,52 @@
+# memory-get-acl
+
+ACL-aware `memory_get` plus a tiny "Memory Gateway" HTTP surface, implemented as an in-process OpenClaw plugin.
+
+## What it provides
+
+- **Gateway HTTP routes** (auth: `gateway`)
+  - `GET /api/memory/index?agent_id=main&identity=owner&identity_id=<id>`
+  - `GET /api/memory/get?agent_id=main&identity=owner&identity_id=<id>&path=MEMORY.md&from=1&lines=200`
+- **Tool**
+  - `memory_get` (reads `MEMORY.md` / `memory/**/*.md` with ACL filtering; non-memory paths fall back to local filesystem reads)
+
+This plugin is `kind: "memory"` and is selected by `plugins.slots.memory`.
+
+## Install (host)
+
+```bash
+openclaw plugins install memory-get-acl --pin
+openclaw config set plugins.allow '["memory-get-acl"]' --strict-json
+openclaw config set plugins.slots.memory "memory-get-acl"
+openclaw config validate
+```
+
+Restart the gateway after config changes.
+
+## Docker (server)
+
+If you are running OpenClaw via the repository `docker-compose.yml` (or a compatible setup), you can install and enable the plugin through the `openclaw-cli` container:
+
+```bash
+docker compose run -T --rm openclaw-cli plugins install memory-get-acl --pin
+docker compose run -T --rm openclaw-cli config set plugins.allow '["memory-get-acl"]' --strict-json
+docker compose run -T --rm openclaw-cli config set plugins.slots.memory "memory-get-acl"
+docker compose run -T --rm openclaw-cli config validate
+docker compose restart openclaw-gateway
+```
+
+Then call the routes with your gateway token:
+
+```bash
+curl -fsSL \
+  -H "Authorization: Bearer $OPENCLAW_GATEWAY_TOKEN" \
+  "http://127.0.0.1:18789/api/memory/get?agent_id=main&identity=owner&identity_id=owner&path=MEMORY.md"
+```
+
+## Publish (npm)
+
+From this directory:
+
+```bash
+npm publish --access public
+```

package/index.ts

@@ -0,0 +1,741 @@
+/**
+ * memory-get-acl — minimal plugin that only provides memory_get.
+ *
+ * - MEMORY paths → routed to Memory Gateway with ACL
+ * - Non-MEMORY paths → passthrough to local filesystem
+ * - No memory_search, no hooks, no CLI
+ */
+
+import { Type } from "@sinclair/typebox";
+import { definePluginEntry } from "openclaw/plugin-sdk/core";
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { readFile } from "node:fs/promises";
+import { join, relative, resolve } from "node:path";
+import fs from "node:fs/promises";
+
+// ── Types ────────────────────────────────────────────────────────────────
+
+export interface SessionIdentity {
+  identity: "owner" | "peer" | "group";
+  agentId: string;
+  userId?: string;
+  /**
+   * Agent owner user id (best-effort) inferred from commands.ownerAllowFrom for the session channel.
+   * Used to apply "shared group" checks for external peer chats.
+   */
+  ownerUserId?: string;
+  groupId?: string;
+}
+
+export interface PathInfo {
+  memoryType: "owner" | "peer" | "group" | "knowledge" | "index";
+  peerId?: string;
+  groupId?: string;
+  kbId?: string;
+  fileDate?: string;
+}
+
+interface ToolCtx {
+  workspaceDir?: string;
+  agentId?: string;
+  sessionKey?: string;
+  requesterSenderId?: string;
+  senderIsOwner?: boolean;
+  // Provided by OpenClaw tool context (not by tool params).
+  config?: unknown;
+}
+
+// ── Path helpers ─────────────────────────────────────────────────────────
+
+export function isMemoryPath(p: string): boolean {
+  const n = p.replace(/\\/g, "/").toLowerCase();
+  return n === "memory.md" || n === "memory/memory.md" || n.startsWith("memory/");
+}
+
+export function parseMemoryPath(p: string): PathInfo {
+  const n = p.replace(/\\/g, "/");
+  if (/^memory\.md$/i.test(n)) return { memoryType: "index" };
+
+  let m = n.match(/^memory\/owner\/(.+)$/);
+  if (m) return { memoryType: "owner", fileDate: extractDate(m[1]) };
+
+  m = n.match(/^memory\/peers\/([^/]+)\/(.+)$/);
+  if (m) return { memoryType: "peer", peerId: m[1], fileDate: extractDate(m[2]) };
+
+  m = n.match(/^memory\/peers\/([^/]+)\/?$/);
+  if (m) return { memoryType: "peer", peerId: m[1] };
+
+  m = n.match(/^memory\/groups\/([^/]+)\/(.+)$/);
+  if (m) return { memoryType: "group", groupId: m[1], fileDate: extractDate(m[2]) };
+
+  m = n.match(/^memory\/groups\/([^/]+)\/?$/);
+  if (m) return { memoryType: "group", groupId: m[1] };
+
+  m = n.match(/^memory\/knowledge\/([^/]+)/);
+  if (m) return { memoryType: "knowledge", kbId: m[1] };
+
+  return { memoryType: "index" };
+}
+
+function extractDate(s: string): string | undefined {
+  return s.match(/(\d{4}-\d{2}-\d{2})/)?.[1];
+}
+
+// ── Identity ─────────────────────────────────────────────────────────────
+
+type OwnerAllowFromEntry = { channel?: string; id: string };
+
+function normalizeToken(value: string): string {
+  return value.trim().toLowerCase();
+}
+
+function parseOwnerAllowFromEntry(raw: string): OwnerAllowFromEntry | null {
+  const trimmed = raw.trim();
+  if (!trimmed) return null;
+  if (trimmed === "*") return { id: "*" };
+
+  const sep = trimmed.indexOf(":");
+  if (sep > 0) {
+    const maybeChannel = trimmed.slice(0, sep).trim();
+    const remainder = trimmed.slice(sep + 1).trim();
+    if (maybeChannel && remainder) {
+      return { channel: normalizeToken(maybeChannel), id: remainder };
+    }
+  }
+
+  return { id: trimmed };
+}
+
+function readOwnerAllowFrom(ctx: ToolCtx): string[] {
+  const cfg = (ctx as unknown as { config?: { commands?: { ownerAllowFrom?: unknown } } }).config;
+  const raw = cfg?.commands?.ownerAllowFrom;
+  if (!Array.isArray(raw)) return [];
+  return raw
+    .map((v) => (typeof v === "string" ? v : String(v ?? "")))
+    .map((v) => v.trim())
+    .filter((v) => v.length > 0);
+}
+
+function isOwnerByAllowFrom(params: {
+  userId: string;
+  channelId?: string;
+  ownerAllowFrom: string[];
+}): boolean {
+  if (params.ownerAllowFrom.length === 0) return false;
+
+  const userIdNorm = normalizeToken(params.userId);
+  const channelNorm = params.channelId ? normalizeToken(params.channelId) : undefined;
+
+  for (const raw of params.ownerAllowFrom) {
+    const entry = parseOwnerAllowFromEntry(raw);
+    if (!entry) continue;
+
+    if (entry.id === "*") return true;
+
+    if (entry.channel) {
+      if (!channelNorm || entry.channel !== channelNorm) continue;
+      if (normalizeToken(entry.id) === userIdNorm) return true;
+      continue;
+    }
+
+    if (normalizeToken(entry.id) === userIdNorm) return true;
+  }
+
+  return false;
+}
+
+function resolveOwnerUserIdFromAllowFrom(ownerAllowFrom: string[], channelId?: string): string | undefined {
+  if (ownerAllowFrom.length === 0) return undefined;
+  const channelNorm = channelId ? normalizeToken(channelId) : undefined;
+
+  const parsed = ownerAllowFrom
+    .map((raw) => (typeof raw === "string" ? raw : String(raw ?? "")))
+    .map((raw) => raw.trim())
+    .filter((raw) => raw.length > 0)
+    .map((raw) => parseOwnerAllowFromEntry(raw))
+    .filter((v): v is OwnerAllowFromEntry => Boolean(v));
+
+  // If allowFrom has "*", everyone is owner; caller will already be treated as owner.
+  if (parsed.some((e) => e.id === "*")) return undefined;
+
+  if (channelNorm) {
+    const match = parsed.find((e) => e.channel && e.channel === channelNorm && e.id);
+    if (match) return match.id;
+  }
+
+  const noChannel = parsed.filter((e) => !e.channel && e.id);
+  if (noChannel.length === 1) return noChannel[0]?.id;
+
+  return undefined;
+}
+
+function parseSessionKeyIdentity(
+  sessionKey: string | undefined,
+): { channelId?: string; kind?: "direct" | "dm" | "group" | "channel"; id?: string } {
+  const sk = (sessionKey ?? "").trim();
+  if (!sk) return {};
+
+  const parts = sk.split(":").filter((p) => p.trim().length > 0);
+  if (parts.length < 3 || parts[0]?.toLowerCase() !== "agent") {
+    // Legacy/non-canonical session keys: best-effort suffix match.
+    const gm = sk.match(/:group:([^:]+)(?::|$)/);
+    if (gm) return { kind: "group", id: gm[1] };
+    const dm = sk.match(/:(?:direct|dm):([^:]+)(?::|$)/);
+    if (dm) return { kind: "direct", id: dm[1] };
+    return {};
+  }
+
+  const channelId = parts[2]?.trim() || undefined;
+  // Scan backwards so suffixes like :topic:5 don't break parsing.
+  for (let i = parts.length - 2; i >= 1; i -= 1) {
+    const kindRaw = (parts[i] ?? "").trim().toLowerCase();
+    const id = (parts[i + 1] ?? "").trim();
+    if (!id) continue;
+    if (kindRaw === "group" || kindRaw === "channel") return { channelId, kind: "group", id };
+    if (kindRaw === "direct" || kindRaw === "dm") return { channelId, kind: "direct", id };
+  }
+
+  return { channelId };
+}
+
+export function resolveIdentity(ctx: ToolCtx): SessionIdentity {
+  const agentId = ctx.agentId ?? "main";
+
+  const parsed = parseSessionKeyIdentity(ctx.sessionKey);
+
+  if (parsed.kind === "group" && parsed.id) {
+    return { identity: "group", agentId, groupId: parsed.id };
+  }
+
+  const directId = parsed.kind === "direct" ? parsed.id : undefined;
+  const userId = directId ?? ctx.requesterSenderId;
+
+  const ownerAllowFrom = readOwnerAllowFrom(ctx);
+  const allowFromOwner =
+    typeof userId === "string" &&
+    userId.trim().length > 0 &&
+    isOwnerByAllowFrom({ userId, channelId: parsed.channelId, ownerAllowFrom });
+
+  if (ctx.senderIsOwner || allowFromOwner) {
+    return { identity: "owner", agentId, userId: ctx.requesterSenderId ?? userId };
+  }
+
+  return {
+    identity: "peer",
+    agentId,
+    userId,
+    ownerUserId: resolveOwnerUserIdFromAllowFrom(ownerAllowFrom, parsed.channelId),
+  };
+}
+
+// ── ACL ──────────────────────────────────────────────────────────────────
+
+type MemberPeriod = { joined: number; left: number | null };
+type MemberGroupInfo = { group_id: string; periods: MemberPeriod[] };
+type MemberApiResponse = { user_id: string; groups: MemberGroupInfo[] };
+
+const MEMBER_API_TIMEOUT_MS = 3500;
+const MEMBER_API_TTL_MS = 30_000;
+const memberCache = new Map<string, { at: number; data: MemberApiResponse | null }>();
+
+function memberApiBaseUrl(): string | null {
+  const raw = process.env.MEMBER_API_BASE_URL;
+  if (!raw) return null;
+  const trimmed = raw.trim().replace(/\/+$/, "");
+  return trimmed.length > 0 ? trimmed : null;
+}
+
+async function fetchMemberInfo(userId: string): Promise<MemberApiResponse | null> {
+  const key = userId.trim();
+  if (!key) return null;
+
+  const cached = memberCache.get(key);
+  if (cached && Date.now() - cached.at < MEMBER_API_TTL_MS) {
+    return cached.data;
+  }
+
+  const base = memberApiBaseUrl();
+  if (!base) {
+    memberCache.set(key, { at: Date.now(), data: null });
+    return null;
+  }
+
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), MEMBER_API_TIMEOUT_MS);
+  try {
+    const url = `${base}/api/members?user_id=${encodeURIComponent(key)}`;
+    const res = await fetch(url, { signal: controller.signal });
+    if (!res.ok) {
+      memberCache.set(key, { at: Date.now(), data: null });
+      return null;
+    }
+    const json = (await res.json()) as MemberApiResponse;
+    if (!json || typeof json !== "object" || !Array.isArray(json.groups)) {
+      memberCache.set(key, { at: Date.now(), data: null });
+      return null;
+    }
+    memberCache.set(key, { at: Date.now(), data: json });
+    return json;
+  } catch {
+    memberCache.set(key, { at: Date.now(), data: null });
+    return null;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+
+function resolveActivePeriodForGroup(resp: MemberApiResponse, groupId: string): MemberPeriod | null {
+  const g = resp.groups?.find((x) => String(x.group_id ?? "") === groupId);
+  if (!g || !Array.isArray(g.periods) || g.periods.length === 0) return null;
+  const last = g.periods[g.periods.length - 1] as MemberPeriod | undefined;
+  if (!last || typeof last.joined !== "number") return null;
+  // Requirement: if already left group, cannot view ANY group memory.
+  if (last.left !== null) return null;
+  return last;
+}
+
+function fileTimestampFromDate(fileDate: string | undefined): number | null {
+  if (!fileDate) return null;
+  const d = new Date(`${fileDate}T00:00:00Z`);
+  const ts = d.getTime();
+  return Number.isFinite(ts) ? ts : null;
+}
+
+async function canPeerReadGroupMemory(params: {
+  peerId: string | undefined;
+  ownerUserId: string | undefined;
+  groupId: string | undefined;
+  fileDate: string | undefined;
+}): Promise<boolean> {
+  const peerId = (params.peerId ?? "").trim();
+  const ownerUserId = (params.ownerUserId ?? "").trim();
+  const groupId = (params.groupId ?? "").trim();
+  if (!peerId || !ownerUserId || !groupId) return false;
+
+  const ts = fileTimestampFromDate(params.fileDate);
+  // No date → deny (avoid listing/group traversal without filtering).
+  if (ts === null) return false;
+
+  const [peerInfo, ownerInfo] = await Promise.all([
+    fetchMemberInfo(peerId),
+    fetchMemberInfo(ownerUserId),
+  ]);
+  if (!peerInfo || !ownerInfo) return false;
+
+  const peerActive = resolveActivePeriodForGroup(peerInfo, groupId);
+  const ownerActive = resolveActivePeriodForGroup(ownerInfo, groupId);
+  if (!peerActive || !ownerActive) return false;
+
+  // Only allow reading memories from the time both are in the group.
+  const overlapStart = Math.max(peerActive.joined, ownerActive.joined);
+  return ts >= overlapStart;
+}
+
+export function checkAcl(id: SessionIdentity, pi: PathInfo): { ok: boolean; reason?: string } {
+  if (id.identity === "owner") return { ok: true };
+
+  if (id.identity === "peer") {
+    if (pi.memoryType === "owner") return { ok: false, reason: "access denied" };
+    if (pi.memoryType === "peer" && pi.peerId && pi.peerId !== id.userId)
+      return { ok: false, reason: "access denied" };
+    if (pi.memoryType === "group") {
+      // External peer chatting with someone else's shrimp:
+      // - must call member API
+      // - only shared groups (peer + owner both active in group)
+      // - if join times differ, only allow reading after later join timestamp
+      // - if either already left, deny ANY group memory
+      // NOTE: This is async; caller should use checkAclAsync for group paths.
+      return { ok: false, reason: "access denied" };
+    }
+    return { ok: true };
+  }
+
+  if (id.identity === "group") {
+    if (pi.memoryType === "owner" || pi.memoryType === "peer")
+      return { ok: false, reason: "access denied" };
+    if (pi.memoryType === "group" && pi.groupId && pi.groupId !== id.groupId)
+      return { ok: false, reason: "access denied" };
+    return { ok: true };
+  }
+
+  return { ok: false, reason: "access denied" };
+}
+
+async function checkAclAsync(
+  id: SessionIdentity,
+  pi: PathInfo,
+): Promise<{ ok: boolean; reason?: string }> {
+  const base = checkAcl(id, pi);
+  if (base.ok) return base;
+
+  if (id.identity === "peer" && pi.memoryType === "group") {
+    const ok = await canPeerReadGroupMemory({
+      peerId: id.userId,
+      ownerUserId: id.ownerUserId,
+      groupId: pi.groupId,
+      fileDate: pi.fileDate,
+    });
+    return ok ? { ok: true } : { ok: false, reason: "access denied" };
+  }
+
+  return base;
+}
+
+// ── Result helper ────────────────────────────────────────────────────────
+
+function jsonResult(payload: unknown) {
+  return {
+    content: [{ type: "text" as const, text: JSON.stringify(payload, null, 2) }],
+    details: payload,
+  };
+}
+
+function normalizeRelPath(p: string): string {
+  return p.trim().replace(/^[./]+/, "").replace(/\\/g, "/");
+}
+
+function sendJson(res: ServerResponse, status: number, payload: unknown): void {
+  res.statusCode = status;
+  res.setHeader("Content-Type", "application/json; charset=utf-8");
+  res.end(`${JSON.stringify(payload)}\n`);
+}
+
+function resolveQueryUrl(req: IncomingMessage): URL {
+  return new URL(req.url ?? "/", "http://localhost");
+}
+
+function readQueryString(url: URL, key: string): string | undefined {
+  const value = url.searchParams.get(key);
+  if (value === null) return undefined;
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : undefined;
+}
+
+function readQueryNumber(url: URL, key: string): number | undefined {
+  const raw = readQueryString(url, key);
+  if (!raw) return undefined;
+  const n = Number(raw);
+  return Number.isFinite(n) ? n : undefined;
+}
+
+function resolveHttpIdentity(url: URL): SessionIdentity {
+  const identityRaw = (readQueryString(url, "identity") ?? "").toLowerCase();
+  const identity =
+    identityRaw === "owner" || identityRaw === "peer" || identityRaw === "group"
+      ? (identityRaw as SessionIdentity["identity"])
+      : "owner";
+  const agentId = readQueryString(url, "agent_id") ?? "main";
+  const identityId = readQueryString(url, "identity_id");
+  const ownerId = readQueryString(url, "owner_id") ?? undefined;
+  if (identity === "group") {
+    return { identity, agentId, groupId: identityId };
+  }
+  return {
+    identity,
+    agentId,
+    userId: identityId,
+    ...(identity === "peer" && ownerId ? { ownerUserId: ownerId } : {}),
+  };
+}
+
+async function listMarkdownFilesRecursive(dir: string, rootDir: string): Promise<string[]> {
+  const entries = await fs.readdir(dir, { withFileTypes: true });
+  const out: string[] = [];
+  for (const entry of entries) {
+    const full = join(dir, entry.name);
+    if (entry.isSymbolicLink()) {
+      continue;
+    }
+    if (entry.isDirectory()) {
+      out.push(...(await listMarkdownFilesRecursive(full, rootDir)));
+      continue;
+    }
+    if (!entry.isFile()) {
+      continue;
+    }
+    if (!entry.name.endsWith(".md")) {
+      continue;
+    }
+    const rel = relative(rootDir, full).replace(/\\/g, "/");
+    out.push(rel);
+  }
+  return out;
+}
+
+async function readWorkspaceFile(params: {
+  workspaceDir: string;
+  relPath: string;
+}): Promise<{ ok: true; text: string } | { ok: false; error: string }> {
+  const abs = resolve(join(params.workspaceDir, params.relPath));
+  if (!abs.startsWith(resolve(params.workspaceDir))) {
+    return { ok: false, error: "path traversal denied" };
+  }
+  try {
+    const text = await readFile(abs, "utf-8");
+    return { ok: true, text };
+  } catch {
+    return { ok: false, error: "file not found" };
+  }
+}
+
+async function listVisibleMemoryPaths(params: {
+  workspaceDir: string;
+  identity: SessionIdentity;
+}): Promise<string[]> {
+  let paths: string[] = [];
+  try {
+    const memoryDir = join(params.workspaceDir, "memory");
+    const stat = await fs.lstat(memoryDir);
+    if (!stat.isSymbolicLink() && stat.isDirectory()) {
+      paths = await listMarkdownFilesRecursive(memoryDir, params.workspaceDir);
+    }
+  } catch {
+    paths = [];
+  }
+
+  return paths
+    .map((p) => normalizeRelPath(p))
+    .filter((p) => p.startsWith("memory/"))
+    .filter((p) => checkAcl(params.identity, parseMemoryPath(p)).ok)
+    .toSorted((a, b) => a.localeCompare(b));
+}
+
+async function loadOrBuildIndex(params: {
+  workspaceDir: string;
+  identity: SessionIdentity;
+}): Promise<{ path: "MEMORY.md"; text: string }> {
+  // Prefer the canonical MEMORY.md (or memory.md fallback) if present.
+  for (const candidate of ["MEMORY.md", "memory.md"]) {
+    const loaded = await readWorkspaceFile({ workspaceDir: params.workspaceDir, relPath: candidate });
+    if (loaded.ok) {
+      return { path: "MEMORY.md", text: loaded.text };
+    }
+  }
+
+  const paths = await listVisibleMemoryPaths({
+    workspaceDir: params.workspaceDir,
+    identity: params.identity,
+  });
+  const text =
+    paths.length === 0
+      ? "# Memory Index\n\nNo memories stored yet.\n"
+      : `# Memory Index\n\n${paths.map((p) => `- ${p}`).join("\n")}\n`;
+  return { path: "MEMORY.md", text };
+}
+
+function sliceText(text: string, from?: number, lines?: number): string {
+  if (from === undefined && lines === undefined) {
+    return text;
+  }
+  const all = text.split("\n");
+  const s = (from ?? 1) - 1;
+  return all.slice(s, s + (lines ?? all.length)).join("\n");
+}
+
+// ── Plugin ───────────────────────────────────────────────────────────────
+
+export default definePluginEntry({
+  id: "memory-get-acl",
+  name: "Memory Get (ACL)",
+  description: "Minimal ACL-aware memory_get backed by Memory Gateway",
+  kind: "memory",
+
+  register(api) {
+    const token =
+      typeof (api.config as { gateway?: { auth?: { token?: unknown } } }).gateway?.auth?.token ===
+      "string"
+        ? ((api.config as { gateway?: { auth?: { token?: unknown } } }).gateway?.auth?.token as string)
+        : "";
+    const authHeader = token.trim() ? `Bearer ${token.trim()}` : "";
+
+    const defaultGatewayUrl = `http://127.0.0.1:${api.config.gateway?.port ?? 18789}`;
+    const gatewayUrl = (api.pluginConfig?.gatewayUrl as string | undefined) ?? defaultGatewayUrl;
+
+    // Provide the Memory Gateway HTTP routes *inside* the OpenClaw Gateway process,
+    // so memory-get-acl can work without a separate PG-backed service.
+    api.registerHttpRoute({
+      path: "/api/memory/index",
+      auth: "gateway",
+      match: "exact",
+      handler: async (req, res) => {
+        const url = resolveQueryUrl(req);
+        const identity = resolveHttpIdentity(url);
+        const workspaceDir = api.runtime.agent.resolveAgentWorkspaceDir(api.config, identity.agentId);
+        const index = await loadOrBuildIndex({ workspaceDir, identity });
+        sendJson(res, 200, index);
+        return true;
+      },
+    });
+
+    api.registerHttpRoute({
+      path: "/api/memory/get",
+      auth: "gateway",
+      match: "exact",
+      handler: async (req, res) => {
+        const url = resolveQueryUrl(req);
+        const identity = resolveHttpIdentity(url);
+        const rawPath = readQueryString(url, "path") ?? "MEMORY.md";
+        const from = readQueryNumber(url, "from");
+        const lines = readQueryNumber(url, "lines");
+        const relPath = normalizeRelPath(rawPath);
+        const workspaceDir = api.runtime.agent.resolveAgentWorkspaceDir(api.config, identity.agentId);
+
+        // Treat MEMORY.md as an index alias.
+        if (/^memory\.md$/i.test(relPath)) {
+          const index = await loadOrBuildIndex({ workspaceDir, identity });
+          sendJson(res, 200, { ...index, text: sliceText(index.text, from, lines) });
+          return true;
+        }
+
+        if (!isMemoryPath(relPath)) {
+          sendJson(res, 400, { path: rawPath, text: "", error: "unsupported path" });
+          return true;
+        }
+
+        const acl = await checkAclAsync(identity, parseMemoryPath(relPath));
+        if (!acl.ok) {
+          sendJson(res, 403, { path: rawPath, text: "", error: acl.reason ?? "access denied" });
+          return true;
+        }
+
+        const loaded = await readWorkspaceFile({ workspaceDir, relPath });
+        if (!loaded.ok) {
+          sendJson(res, 404, { path: rawPath, text: "", error: loaded.error });
+          return true;
+        }
+        sendJson(res, 200, { path: rawPath, text: sliceText(loaded.text, from, lines) });
+        return true;
+      },
+    });
+
+    api.registerTool(
+      (ctx) => {
+        const identity = resolveIdentity(ctx as ToolCtx);
+        const workspaceDir = (ctx as ToolCtx).workspaceDir;
+
+        return {
+          label: "Memory Get",
+          name: "memory_get",
+          description:
+            "Read from MEMORY.md or memory/*.md (ACL-filtered). " +
+            "Non-memory files read from local filesystem.",
+          parameters: Type.Object({
+            path: Type.String(),
+            from: Type.Optional(Type.Number()),
+            lines: Type.Optional(Type.Number()),
+          }),
+
+          async execute(_toolCallId: string, params: Record<string, unknown>) {
+            const relPath = typeof params.path === "string" ? params.path.trim() : "";
+            if (!relPath) return jsonResult({ path: "", text: "", error: "path is required" });
+
+            const from = typeof params.from === "number" ? params.from : undefined;
+            const lines = typeof params.lines === "number" ? params.lines : undefined;
+
+            // ── Non-MEMORY → local passthrough ───────────────
+            if (!isMemoryPath(relPath)) {
+              return jsonResult(await readLocal(workspaceDir, relPath, from, lines));
+            }
+
+            // ── MEMORY → ACL check ──────────────────────────
+            const normalizedRelPath = normalizeRelPath(relPath);
+            const pathInfo = parseMemoryPath(normalizedRelPath);
+            const acl = await checkAclAsync(identity, pathInfo);
+            if (!acl.ok) {
+              return jsonResult({ path: relPath, text: "", error: acl.reason });
+            }
+
+            // ── MEMORY.md index ─────────────────────────────
+            if (pathInfo.memoryType === "index") {
+              return jsonResult(
+                await fetchGateway(
+                  `${gatewayUrl}/api/memory/index`,
+                  {
+                    agent_id: identity.agentId,
+                    identity: identity.identity,
+                    identity_id: identity.userId ?? identity.groupId ?? "",
+                  },
+                  relPath,
+                  { authHeader },
+                  from,
+                  lines,
+                ),
+              );
+            }
+
+            // ── Regular MEMORY path ─────────────────────────
+            return jsonResult(
+              await fetchGateway(
+                `${gatewayUrl}/api/memory/get`,
+                {
+                  agent_id: identity.agentId,
+                  path: normalizedRelPath,
+                  identity: identity.identity,
+                  identity_id: identity.userId ?? identity.groupId ?? "",
+                  ...(identity.identity === "peer" && identity.ownerUserId
+                    ? { owner_id: identity.ownerUserId }
+                    : {}),
+                  ...(from !== undefined && { from: String(from) }),
+                  ...(lines !== undefined && { lines: String(lines) }),
+                },
+                relPath,
+                { authHeader },
+              ),
+            );
+          },
+        };
+      },
+      { names: ["memory_get"] },
+    );
+  },
+});
+
+// ── Gateway fetch ────────────────────────────────────────────────────────
+
+async function fetchGateway(
+  url: string,
+  params: Record<string, string>,
+  fallbackPath: string,
+  opts?: { authHeader?: string },
+  from?: number,
+  lines?: number,
+): Promise<{ path: string; text: string; error?: string }> {
+  try {
+    const res = await fetch(`${url}?${new URLSearchParams(params)}`, {
+      headers: opts?.authHeader ? { Authorization: opts.authHeader } : undefined,
+    });
+    if (!res.ok) return { path: fallbackPath, text: "", error: `Gateway: ${res.status}` };
+    const json = (await res.json()) as { path?: string; text?: string };
+    let text = json.text ?? "";
+    if (from !== undefined || lines !== undefined) {
+      const all = text.split("\n");
+      const s = (from ?? 1) - 1;
+      text = all.slice(s, s + (lines ?? all.length)).join("\n");
+    }
+    return { path: fallbackPath, text };
+  } catch (e) {
+    return { path: fallbackPath, text: "", error: `Gateway unreachable: ${(e as Error).message}` };
+  }
+}
+
+// ── Local file read ──────────────────────────────────────────────────────
+
+async function readLocal(
+  wsDir: string | undefined,
+  relPath: string,
+  from?: number,
+  lines?: number,
+): Promise<{ path: string; text: string; error?: string }> {
+  if (!wsDir) return { path: relPath, text: "", error: "workspace not available" };
+
+  const abs = resolve(join(wsDir, relPath));
+  if (!abs.startsWith(resolve(wsDir))) return { path: relPath, text: "", error: "path traversal denied" };
+
+  try {
+    let content = await readFile(abs, "utf-8");
+    content = sliceText(content, from, lines);
+    return { path: relPath, text: content };
+  } catch {
+    return { path: relPath, text: "", error: `file not found: ${relPath}` };
+  }
+}

package/openclaw.plugin.json

@@ -0,0 +1,14 @@
+{
+  "id": "memory-get-acl",
+  "kind": "memory",
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "gatewayUrl": {
+        "type": "string",
+        "description": "Memory Gateway service URL"
+      }
+    }
+  }
+}

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "memory-get-acl",
+  "version": "2026.3.31",
+  "description": "Minimal ACL-aware memory_get tool backed by Memory Gateway",
+  "type": "module",
+  "files": [
+    "index.ts",
+    "openclaw.plugin.json",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "dependencies": {
+    "@sinclair/typebox": "0.34.48"
+  },
+  "peerDependencies": {
+    "openclaw": ">=2026.3.11"
+  },
+  "peerDependenciesMeta": {
+    "openclaw": {
+      "optional": true
+    }
+  },
+  "openclaw": {
+    "extensions": [
+      "./index.ts"
+    ]
+  }
+}