memory-privacy 1.6.0 → 1.7.0

package/filters.ts

@@ -1,4 +1,4 @@
-import type { SessionIdentity } from "./identity.js";
+import type { SessionIdentity } from "./identity";
 import {
   extractGroupIdFromPath,
   extractDateFromPath,
@@ -6,7 +6,7 @@ import {
   isWithinMembershipPeriod,
   loadKnowledgeACL,
   toRelativeMemoryPath,
-} from "./utils.js";
+} from "./utils";
 
 /**
  * 过滤 memory_search 结果，按身份隔离

package/index.ts

@@ -1,8 +1,8 @@
 import path from "path";
 import fs from "fs";
-import { resolveSessionIdentity } from "./identity.js";
-import { filterResultsByIdentity, isPathAllowed, getTargetDir, isWritePathCorrect } from "./filters.js";
-import { getAllowedDirs, loadAllowedMemoryContent } from "./utils.js";
+import { resolveSessionIdentity } from "./identity";
+import { isPathAllowed, getTargetDir, isWritePathCorrect } from "./filters";
+import { getAllowedDirs } from "./utils";
 
 export default {
   id: "memory-privacy",
@@ -10,153 +10,14 @@ export default {
   description: "Multi-user memory isolation for IM + OpenClaw",
 
   register(api: any) {
-    const config = api.config;
+    const log = api.logger || console;
     const workspaceDir: string =
       api.runtime?.config?.agents?.defaults?.workspace ??
       api.config?.agents?.defaults?.workspace ??
       process.env.OPENCLAW_WORKSPACE ??
       process.cwd();
 
-    api.logger.info(`[memory-privacy] workspaceDir: ${workspaceDir}`);
-
-    // ====================================================================
-    // 钩子 1: before_prompt_build — 用 memory_search 检索相关记忆注入上下文
-    // ====================================================================
-    api.on("before_prompt_build", async (event: any, ctx: any) => {
-      const identity = resolveSessionIdentity(ctx.sessionKey);
-      const wsDir = ctx.workspaceDir || workspaceDir;
-
-      // 从 event.messages 提取用户最新消息作为搜索 query
-      const messages = event.messages || [];
-      const lastUserMsg = [...messages].reverse().find((m: any) => m.role === "user");
-      let query = "";
-      if (lastUserMsg) {
-        const content = lastUserMsg.content;
-        if (typeof content === "string") query = content;
-        else if (Array.isArray(content)) {
-          query = content.filter((c: any) => c.type === "text").map((c: any) => c.text || "").join(" ");
-        }
-      }
-
-      let memoryBlock = "";
-
-      if (identity.type === "owner") {
-        // owner 使用语义搜索（需要 query）
-        if (query) {
-          try {
-            const searchTool = api.runtime.tools.createMemorySearchTool({
-              config: ctx.config || config,
-              agentSessionKey: ctx.sessionKey,
-            });
-
-            if (searchTool) {
-              const rawResults = await searchTool.execute("prompt-build-search", { query });
-              const details = rawResults?.details;
-              const results = Array.isArray(details?.results) ? details.results : [];
-              const snippets = results
-                .map((r: any) => r.snippet || "")
-                .filter((s: string) => s.length > 0);
-
-              if (snippets.length > 0) {
-                memoryBlock = `\n\n${snippets.join("\n\n")}`;
-              }
-            }
-          } catch {
-            // owner 搜索失败不回退
-          }
-        }
-      } else {
-        // 非 owner（peer / group）：直接全量加载已过滤的记忆，不依赖 query
-        const fallback = loadAllowedMemoryContent(wsDir, identity);
-        if (fallback) memoryBlock = `\n\n${fallback}`;
-      }
-
-      switch (identity.type) {
-        case "owner":
-          return {
-            prependContext:
-              `` +
-              memoryBlock,
-          };
-
-        case "peer":
-          return {
-            prependContext:
-              `` +
-              memoryBlock,
-          };
-
-        case "group":
-          return {
-            prependContext:
-              `` +
-              memoryBlock,
-          };
-      }
-    });
-
-    // ====================================================================
-    // 钩子 2: registerTool — 包装 memory_search / memory_get
-    // ====================================================================
-    api.registerTool(
-      (ctx: any) => {
-        const identity = resolveSessionIdentity(ctx.sessionKey);
-        const wsDir = ctx.workspaceDir || workspaceDir;
-
-        const originalSearchTool = api.runtime.tools.createMemorySearchTool({
-          config: ctx.config || config,
-          agentSessionKey: ctx.sessionKey,
-        });
-
-        const originalGetTool = api.runtime.tools.createMemoryGetTool({
-          config: ctx.config || config,
-          agentSessionKey: ctx.sessionKey,
-        });
-
-        const tools: any[] = [];
-
-        if (originalSearchTool) {
-          const wrappedSearchTool = {
-            ...originalSearchTool,
-            execute: async (
-              toolCallId: string,
-              params: Record<string, unknown>,
-              signal?: AbortSignal,
-              onUpdate?: any
-            ) => {
-              const results = await originalSearchTool.execute(toolCallId, params, signal, onUpdate);
-              return filterResultsByIdentity(results, identity, wsDir);
-            },
-          };
-          tools.push(wrappedSearchTool);
-        }
-
-        if (originalGetTool) {
-          const wrappedGetTool = {
-            ...originalGetTool,
-            execute: async (
-              toolCallId: string,
-              params: Record<string, unknown>,
-              signal?: AbortSignal,
-              onUpdate?: any
-            ) => {
-              const filePath = (params.path || params.filePath || "") as string;
-              if (filePath && !isPathAllowed(filePath, identity, wsDir)) {
-                return {
-                  content: [{ type: "text" as const, text: "No results found." }],
-                  details: { error: "access_denied" },
-                };
-              }
-              return originalGetTool.execute(toolCallId, params, signal, onUpdate);
-            },
-          };
-          tools.push(wrappedGetTool);
-        }
-
-        return tools.length > 0 ? tools : null;
-      },
-      { names: ["memory_search", "memory_get"] }
-    );
+    log.info(`[memory-privacy] workspaceDir: ${workspaceDir}`);
 
     // ====================================================================
     // 钩子 3: before_tool_call — 写入拦截 + 重定向
@@ -223,7 +84,7 @@ export default {
       const targetDir = getTargetDir(identity);
       const correctedPath = path.join(wsDir, targetDir, filename);
 
-      api.logger.info(`[memory-privacy] Redirecting write: ${filePath} → ${correctedPath}`);
+      log.info(`[memory-privacy] Redirecting write: ${filePath} → ${correctedPath}`);
 
       // 同时设置所有可能的路径参数名，确保不同工具都能接收
       const correctedParams = { ...event.params };
@@ -377,57 +238,11 @@ export default {
         }
       }
 
-      api.logger.info(`[memory-privacy] Rewriting exec: ${command} → ${rewritten}`);
+      log.info(`[memory-privacy] Rewriting exec: ${command} → ${rewritten}`);
 
       return { params: { ...event.params, command: rewritten, cmd: rewritten } };
     }, { priority: 10 });
 
-    // ====================================================================
-    // 钩子 6: before_tool_call — memory_get 读取拦截
-    // registerTool 包装未生效（添加新工具而非替换），用 before_tool_call 可靠拦截
-    // ====================================================================
-    api.on("before_tool_call", (event: any, ctx: any) => {
-      if (event.toolName !== "memory_get") return;
-
-      const filePath = (event.params?.path || event.params?.filePath || event.params?.file_path || "") as string;
-      if (!filePath) return;
-
-      const identity = resolveSessionIdentity(ctx.sessionKey);
-      if (identity.type === "owner") return;
-
-      // 拦截 MEMORY.md（非 owner 不可读）
-      const lowerFilePath = filePath.toLowerCase();
-      if (lowerFilePath.endsWith("/memory.md") || lowerFilePath.endsWith("\\memory.md") || lowerFilePath === "memory.md") {
-        return { block: true, blockReason: "No results found." };
-      }
-
-      // 拦截 USER.md（group session 不可读）
-      if (lowerFilePath.endsWith("/user.md") || lowerFilePath.endsWith("\\user.md") || lowerFilePath === "user.md") {
-        if (identity.type === "group") {
-          return { block: true, blockReason: "No results found." };
-        }
-      }
-
-      const wsDir = ctx.workspaceDir || workspaceDir;
-      if (!isPathAllowed(filePath, identity, wsDir)) {
-        return { block: true, blockReason: "No results found." };
-      }
-    }, { priority: 10 });
-
-    // ====================================================================
-    // 钩子 6.5: before_tool_call — 非 owner 禁用 memory_search
-    // 框架不 await async before_tool_call，无法做结果过滤
-    // 直接 block，依赖 hook1 (before_prompt_build) 注入已过滤的记忆
-    // ====================================================================
-    api.on("before_tool_call", (event: any, ctx: any) => {
-      if (event.toolName !== "memory_search") return;
-
-      const identity = resolveSessionIdentity(ctx.sessionKey);
-      if (identity.type === "owner") return;
-
-      return { block: true, blockReason: "No results found." };
-    }, { priority: 10 });
-
     // ====================================================================
     // 钩子 7: agent_end — 将 agent 对话同步到 memory 文件
     // ====================================================================
@@ -474,7 +289,7 @@ export default {
       if (assistantText) fs.appendFileSync(filePath!, `[${time}] AI助理: ${assistantText}\n`);
     });
 
-    api.logger.info("[memory-privacy] Plugin registered successfully.");
+    log.info("[memory-privacy] Plugin registered successfully.");
   },
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "memory-privacy",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "type": "module",
   "main": "index.ts",
   "files": [

package/utils.ts

@@ -1,7 +1,7 @@
 import fs from "fs";
 import path from "path";
 import { execSync } from "child_process";
-import type { SessionIdentity } from "./identity.js";
+import type { SessionIdentity } from "./identity";
 
 // ========== 类型定义 ==========