opencode-metis 0.2.7 → 0.2.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -4
- package/dist/cli.cjs +17 -17
- package/dist/mcp-server.cjs +14 -14
- package/dist/plugin.cjs +4 -6
- package/dist/worker.cjs +46 -43
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -8,8 +8,9 @@ Persistent memory system for [OpenCode](https://opencode.ai) sessions. Captures
|
|
|
8
8
|
- **Semantic search** — Find relevant memories by meaning via ChromaDB vector embeddings, not just keywords
|
|
9
9
|
- **Context injection** — Relevant past observations are automatically injected at session start
|
|
10
10
|
- **Compaction survival** — Saves and restores context when OpenCode compacts messages
|
|
11
|
+
- **Multi-session support** — Run multiple OpenCode sessions concurrently with session-scoped data isolation
|
|
11
12
|
- **Privacy protection** — `<private>` tag stripping and automatic secret detection (API keys, tokens, PEM keys) before storage
|
|
12
|
-
- **Crash recovery** — Pending message queue with at-least-once delivery ensures no observations are lost
|
|
13
|
+
- **Crash recovery** — Pending message queue with at-least-once delivery ensures no observations are lost; automatic token refresh on worker restart
|
|
13
14
|
- **Quality checks** — TDD enforcement and file-length warnings on every edit
|
|
14
15
|
- **Tool redirection** — Block or redirect specific tools via configuration
|
|
15
16
|
- **Local-only** — All data stays on your machine at `~/.config/opencode/memory/`; only AI compression calls leave the machine
|
|
@@ -167,7 +168,7 @@ The system has four components, each built as a separate bundle under `dist/`:
|
|
|
167
168
|
|
|
168
169
|
- **CLI** (`dist/cli.cjs`) — Orchestrates init, start, and stop commands
|
|
169
170
|
- **Plugin** (`dist/plugin.cjs`) — Hooks into OpenCode's lifecycle events to capture observations, enforce quality checks, and inject context
|
|
170
|
-
- **Worker** (`dist/worker.cjs`) — Bun HTTP daemon with bearer token auth that stores observations in SQLite (WAL mode), manages ChromaDB via chroma-mcp, runs AI compression,
|
|
171
|
+
- **Worker** (`dist/worker.cjs`) — Bun HTTP daemon with bearer token auth that stores observations in SQLite (WAL mode), manages ChromaDB via chroma-mcp, runs AI compression, serves search queries, and broadcasts session-scoped SSE events
|
|
171
172
|
- **MCP Server** (`dist/mcp-server.cjs`) — Exposes memory tools to the AI via the Model Context Protocol
|
|
172
173
|
|
|
173
174
|
### Data Flow
|
|
@@ -177,7 +178,7 @@ OpenCode Session
|
|
|
177
178
|
│
|
|
178
179
|
├─ session.created ──────► Worker /api/context/inject ──► SQLite + ChromaDB query ──► context injected
|
|
179
180
|
│
|
|
180
|
-
├─ tool.execute.after ───► Worker /api/memory/save ────► privacy strip ──► SQLite write
|
|
181
|
+
├─ tool.execute.after ───► Worker /api/memory/save ────► privacy strip ──► SQLite write (session-scoped)
|
|
181
182
|
│ │
|
|
182
183
|
│ └──► AI compression queue ──► Gemini/OpenRouter/Anthropic
|
|
183
184
|
│ │
|
|
@@ -185,13 +186,17 @@ OpenCode Session
|
|
|
185
186
|
│
|
|
186
187
|
├─ session.idle ─────────► Worker /api/memory/save ────► session summary stored
|
|
187
188
|
│
|
|
189
|
+
├─ SSE connection ───────► Worker /api/events?sessionId= ► session-scoped event stream
|
|
190
|
+
│
|
|
188
191
|
└─ session.compacted ───► Worker /api/context/inject ──► context restored after compaction
|
|
189
192
|
```
|
|
190
193
|
|
|
191
194
|
### Security
|
|
192
195
|
|
|
193
|
-
- **Bearer token auth** — A cryptographically random token is generated per worker instance and stored in the PID file. All non-health endpoints require `Authorization: Bearer <token>`.
|
|
196
|
+
- **Bearer token auth** — A cryptographically random token is generated per worker instance and stored in the PID file with `0o600` permissions (owner read/write only). All non-health endpoints require `Authorization: Bearer <token>`.
|
|
197
|
+
- **Automatic token refresh** — When the worker restarts, sessions automatically re-read the PID file and retry with the new token (single retry to prevent crash-loop storms).
|
|
194
198
|
- **Privacy stripping** — `<private>` tags are removed at the hook layer before data leaves the plugin process. Secrets (AWS keys, GitHub tokens, API keys, PEM keys, JWTs) are detected via regex and redacted with `[REDACTED]`.
|
|
199
|
+
- **Secure API key transmission** — Gemini API keys are sent via `x-goog-api-key` header rather than URL query parameters to prevent exposure in logs and proxy traces.
|
|
195
200
|
- **Localhost binding** — The worker binds to `127.0.0.1` by default.
|
|
196
201
|
|
|
197
202
|
## MCP Tools
|