opencode-metis 0.1.5 → 0.1.6

package/README.md

@@ -1,20 +1,28 @@
 # opencode-metis
 
-Persistent memory system for [OpenCode](https://opencode.ai) sessions. Captures observations, enables semantic search, and preserves context across compaction.
+Persistent memory system for [OpenCode](https://opencode.ai) sessions. Captures observations, compresses them with AI, enables semantic search, and preserves context across compaction.
 
 ## Features
 
-- **Observation capture** — Automatically records tool executions, decisions, and session summaries
-- **Semantic search** — Find relevant memories by meaning, not just keywords
+- **AI-compressed observations** — Tool outputs are distilled into structured knowledge by Gemini, OpenRouter, or Anthropic
+- **Semantic search** — Find relevant memories by meaning via ChromaDB vector embeddings, not just keywords
+- **Context injection** — Relevant past observations are automatically injected at session start
 - **Compaction survival** — Saves and restores context when OpenCode compacts messages
+- **Privacy protection** — `<private>` tag stripping and automatic secret detection (API keys, tokens, PEM keys) before storage
+- **Crash recovery** — Pending message queue with at-least-once delivery ensures no observations are lost
 - **Quality checks** — TDD enforcement and file-length warnings on every edit
 - **Tool redirection** — Block or redirect specific tools via configuration
-- **Local-only** — All data stays on your machine at `~/.config/opencode/memory/`
+- **Local-only** — All data stays on your machine at `~/.config/opencode/memory/`; only AI compression calls leave the machine
 
 ## Prerequisites
 
-- **Bun** >= 1.0.0
-- **ChromaDB** (optional) — for semantic vector search. Install via `pip install chromadb` or Docker.
+| Tool | Version | Required | Purpose |
+|------|---------|----------|---------|
+| [Bun](https://bun.sh) | >= 1.0.0 | Yes | Runtime for the worker daemon, plugin, and build system |
+| [uv](https://github.com/astral-sh/uv) | latest | No | Runs `chroma-mcp` for semantic vector search (installed automatically by `init`) |
+| API key | — | No | One of `GEMINI_API_KEY`, `OPENROUTER_API_KEY`, or `ANTHROPIC_API_KEY` for AI observation compression |
+
+ChromaDB is managed automatically via `chroma-mcp` (a Model Context Protocol server launched with `uvx`). If `uv` is not installed, the system falls back to SQLite FTS5 keyword search — no semantic search, but everything else works.
 
 ## Installation
 
@@ -32,67 +40,144 @@ Persistent memory system for [OpenCode](https://opencode.ai) sessions. Captures
 
    This merges the required `plugin` and `mcp` entries into `~/.config/opencode/opencode.json`, copies framework files (agents, commands, skills) into `~/.config/opencode/`, and checks for ChromaDB availability. Existing config is backed up before modification.
 
+3. (Optional) Set an AI provider for observation compression:
+
+   ```bash
+   # Pick one:
+   export GEMINI_API_KEY="your-key"
+   export OPENROUTER_API_KEY="your-key"
+   export ANTHROPIC_API_KEY="your-key"
+   ```
+
+   Without an API key, observations are stored with basic string truncation instead of AI compression.
+
 ## CLI
 
-| Command                    | Description                                                        |
-| -------------------------- | ------------------------------------------------------------------ |
-| `opencode-metis init`      | Configure `opencode.json` and copy framework files                 |
-| `opencode-metis start`     | Start the memory worker and launch opencode                        |
-| `opencode-metis stop`      | Stop the memory worker                                             |
+| Command | Description |
+|---------|-------------|
+| `opencode-metis init` | Configure `opencode.json` and copy framework files |
+| `opencode-metis start` | Start the memory worker and launch opencode |
+| `opencode-metis stop` | Stop the memory worker |
 | `opencode-metis start-mcp` | Start the MCP server (used by opencode via `opencode.json` config) |
 
 ## Configuration
 
 The memory system has its own optional config file at `~/.config/opencode/memory/settings.json` (separate from OpenCode's config). All fields have sensible defaults:
 
-| Key                  | Type     | Default                                                | Description                              |
-| -------------------- | -------- | ------------------------------------------------------ | ---------------------------------------- |
-| `workerPort`         | number   | `41777`                                                | HTTP port for the worker daemon          |
-| `workerBind`         | string   | `"127.0.0.1"`                                          | Bind address for the worker              |
-| `chromaDbUrl`        | string   | `"http://localhost:8000"`                              | ChromaDB server URL                      |
-| `recencyWindowDays`  | number   | `90`                                                   | Days to boost recent results             |
-| `retentionDays`      | number   | `365`                                                  | Days before observations expire          |
-| `tddEnabled`         | boolean  | `true`                                                 | Enforce test-file checks on edit         |
-| `fileLengthWarn`     | number   | `300`                                                  | Line count warning threshold             |
-| `fileLengthCritical` | number   | `500`                                                  | Line count critical threshold            |
-| `testFilePatterns`   | string[] | `["*.test.ts", "*.spec.ts", "*_test.go", "test_*.py"]` | Glob patterns for test files             |
-| `toolRedirectRules`  | array    | `[]`                                                   | Rules to deny or redirect specific tools |
+### Worker
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| `workerPort` | number | `41777` | HTTP port for the worker daemon |
+| `workerBind` | string | `"127.0.0.1"` | Bind address for the worker |
+
+### Storage
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| `chromaDbUrl` | string | `"http://localhost:8000"` | ChromaDB server URL |
+| `chromaDbEnabled` | boolean | `true` | Enable ChromaDB vector store |
+
+### AI Compression
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| `aiProvider` | string \| null | `null` | AI provider: `"gemini"`, `"openrouter"`, `"anthropic"`, or `null` (auto-detect from env) |
+| `aiModel` | string \| null | `null` | Override the default model for the selected provider |
+| `aiCompressionTimeoutMs` | number | `15000` | Timeout per AI compression call |
+| `aiCompressionMaxRetries` | number | `3` | Max retries for failed compressions |
+| `aiSkipTools` | string[] | `[]` | Tool names to skip during observation capture |
+
+### Privacy
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| `secretDetectionEnabled` | boolean | `true` | Detect and redact secrets before storage |
+| `secretPatterns` | array | `[]` | Additional custom secret patterns `{ name, pattern }` |
+
+### Retention & Context
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| `recencyWindowDays` | number | `90` | Days to boost recent results |
+| `retentionDays` | number | `365` | Days before observations expire |
+| `contextTokenBudget` | number | `2000` | Max tokens for context injection at session start |
+
+### Quality Checks
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| `tddEnabled` | boolean | `true` | Enforce test-file checks on edit |
+| `fileLengthWarn` | number | `300` | Line count warning threshold |
+| `fileLengthCritical` | number | `500` | Line count critical threshold |
+| `testFilePatterns` | string[] | `["*.test.ts", "*.spec.ts", "*_test.go", "test_*.py"]` | Glob patterns for test files |
+| `toolRedirectRules` | array | `[]` | Rules to deny or redirect specific tools |
+
+### Notifications
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| `notificationsEnabled` | boolean | `false` | Enable macOS desktop notifications for session events |
 
 ## Architecture
 
 The system has four components, each built as a separate bundle under `dist/`:
 
 - **CLI** (`dist/cli.cjs`) — Orchestrates init, start, and stop commands
-- **Plugin** (`dist/plugin.cjs`) — Hooks into OpenCode's lifecycle events to capture observations and enforce quality checks
-- **Worker** (`dist/worker.cjs`) — HTTP daemon that stores observations in SQLite, manages ChromaDB embeddings, and serves search queries
+- **Plugin** (`dist/plugin.cjs`) — Hooks into OpenCode's lifecycle events to capture observations, enforce quality checks, and inject context
+- **Worker** (`dist/worker.cjs`) — Bun HTTP daemon with bearer token auth that stores observations in SQLite (WAL mode), manages ChromaDB via chroma-mcp, runs AI compression, and serves search queries
 - **MCP Server** (`dist/mcp-server.cjs`) — Exposes memory tools to the AI via the Model Context Protocol
 
+### Data Flow
+
+```
+OpenCode Session
+  │
+  ├─ session.created ──────► Worker /api/context/inject ──► SQLite + ChromaDB query ──► context injected
+  │
+  ├─ tool.execute.after ───► Worker /api/memory/save ────► privacy strip ──► SQLite write
+  │                                                         │
+  │                                                         └──► AI compression queue ──► Gemini/OpenRouter/Anthropic
+  │                                                                                        │
+  │                                                                                        └──► update observation with structured data
+  │
+  ├─ session.idle ─────────► Worker /api/memory/save ────► session summary stored
+  │
+  └─ session.compacted ───► Worker /api/context/inject ──► context restored after compaction
+```
+
+### Security
+
+- **Bearer token auth** — A cryptographically random token is generated per worker instance and stored in the PID file. All non-health endpoints require `Authorization: Bearer <token>`.
+- **Privacy stripping** — `<private>` tags are removed at the hook layer before data leaves the plugin process. Secrets (AWS keys, GitHub tokens, API keys, PEM keys, JWTs) are detected via regex and redacted with `[REDACTED]`.
+- **Localhost binding** — The worker binds to `127.0.0.1` by default.
+
 ## MCP Tools
 
 Tools available to the AI through the MCP server:
 
-| Tool               | Description                                                                                                                            |
-| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------- |
-| `search`           | Semantic or keyword search across observations. Accepts `query`, optional `limit`, `type`, and `project` filters.                      |
-| `timeline`         | Chronological context around an observation. Accepts `anchor` (ID, session ID, timestamp, or query) with `depth_before`/`depth_after`. |
-| `get_observations` | Fetch full details for specific observation IDs.                                                                                       |
-| `save_memory`      | Save a new observation with `text`, optional `title` and `project`.                                                                    |
-| `decisions`        | Search decision-type observations. Optional `query` and `project` filters.                                                             |
-| `changes`          | Get recent change-type observations. Optional `project` and `limit`.                                                                   |
+| Tool | Description |
+|------|-------------|
+| `search` | Semantic or keyword search across observations. Accepts `query`, optional `limit`, `type`, and `project` filters. |
+| `timeline` | Chronological context around an observation. Accepts `anchor` (ID, session ID, timestamp, or query) with `depth_before`/`depth_after`. |
+| `get_observations` | Fetch full details for specific observation IDs. |
+| `save_memory` | Save a new observation with `text`, optional `title` and `project`. |
+| `decisions` | Search decision-type observations. Optional `query` and `project` filters. |
+| `changes` | Get recent change-type observations. Optional `project` and `limit`. |
 
 The plugin also registers `memory_search` and `memory_save` as custom tools directly in OpenCode.
 
 ## Plugin Hooks
 
-| Hook                              | Purpose                                                       |
-| --------------------------------- | ------------------------------------------------------------- |
-| `session.created`                 | Injects relevant memory context at session start              |
-| `tool.execute.before`             | Enforces tool redirect rules (deny/redirect) before execution |
-| `tool.execute.after`              | Captures tool executions as observations                      |
-| `session.idle`                    | Saves session summaries when the session goes idle            |
-| `experimental.session.compacting` | Saves active plan and task state before compaction            |
-| `session.compacted`               | Restores memory context after compaction                      |
-| `file.edited`                     | Checks for missing test files and warns on file length        |
+| Hook | Purpose |
+|------|---------|
+| `session.created` | Injects relevant memory context at session start |
+| `tool.execute.before` | Enforces tool redirect rules (deny/redirect) before execution |
+| `tool.execute.after` | Captures tool executions as observations (with AI compression) |
+| `session.idle` | Saves session summaries when the session goes idle |
+| `experimental.session.compacting` | Saves active plan and task state before compaction |
+| `session.compacted` | Restores memory context after compaction |
+| `file.edited` | Checks for missing test files and warns on file length |
 
 ## Local Development
 
@@ -132,11 +217,31 @@ bun run unlink      # unstow
 ```bash
 bun test          # Run tests
 bun run build     # Build all four bundles
-bun run lint      # ESLint + Prettier
+bun run lint      # Lint and format with Biome
 bun run typecheck # TypeScript type checking
 bun run dev       # Watch mode for worker
 ```
 
+### Project Structure
+
+```
+src/
+  cli/              CLI commands (init, start, stop, start-mcp) and worker lifecycle
+  mcp/              MCP server and worker proxy
+  plugin/           OpenCode plugin hooks, privacy filters, and custom tools
+    hooks/          Hook handlers (session-start, tool-after, session-idle, etc.)
+    privacy/        Secret detection, <private> tag stripping, privacy filter
+    tools/          Custom MCP tools registered in OpenCode
+  services/         Business logic layer
+    ai-compression/ Multi-provider AI agents (Gemini, OpenRouter, Anthropic), queue processor
+  shared/           Configuration, types, constants
+  storage/
+    sqlite/         Database, migrations, FTS5 indexing
+    vector/         ChromaDB connection, chroma-mcp manager, vector sync
+  worker/           HTTP server, router, routes, SSE broadcaster, auth middleware
+test/               Integration and E2E tests
+```
+
 ## License
 
 MIT