sessionmem 1.0.5 → 1.1.0

package/dist/core/api/memoryCoreService.js

@@ -2,12 +2,14 @@ import { userInfo } from "node:os";
 import { ZodError } from "zod";
 import { deterministicEmbed } from "../embed/deterministicEmbed.js";
 import { retrieveMemories } from "../retrieve/retrieveMemories.js";
+import { computeEffectiveImportance } from "../retrieve/score.js";
 import { formatStartupInjection } from "../injection/formatStartupInjection.js";
 import { applyRedaction } from "../summarize/redaction.js";
-import { countMemoriesOlderThan, deleteMemoriesOlderThan, insertMemory, listMemoriesByProject, recordUse, updateMemoryContent, upsertSessionSummaryMemory, } from "../storage/memoryRepo.js";
-import { configFilePath, readPolicyConfig, resolvePolicySettings, } from "../config/policyConfig.js";
-import { insertSessionEvent } from "../storage/sessionEventsRepo.js";
-import { exportMemoriesRequestSchema, forgetMemoryRequestSchema, getMemoryRequestSchema, handleSessionEndRequestSchema, importMemoriesRequestSchema, pullMemoriesRequestSchema, ingestSessionEventsRequestSchema, listMemoriesRequestSchema, pruneMemoriesRequestSchema, recordMemoryUsedRequestSchema, redactExistingRequestSchema, retrieveMemoriesRequestSchema, statsRequestSchema, storeMemoryRequestSchema, summarizeSessionToMemoryRequestSchema, } from "./contracts.js";
+import { countAllMemoriesByProject, countMemoriesBySession, countMemoriesOlderThan, deleteMemoriesOlderThan, deleteMemoryById, getMemoryOwnerProjectId, getMemoryRecordById, incrementAccessCounts, insertMemory, listMemoriesByProject, resetAccessCounts, updateMemoryContent, upsertImportedMemory, upsertPulledMemory, upsertSessionSummaryMemory, } from "../storage/memoryRepo.js";
+import { SESSION_WRITE_SOFT_LIMIT, configFilePath, DEEP_MODE_RETRIEVAL_CAP, readPolicyConfig, resolvePolicySettings, } from "../config/policyConfig.js";
+import { insertMemoryFeedbackEvent } from "../storage/memoryFeedbackRepo.js";
+import { countAllSessionEvents, insertSessionEvent } from "../storage/sessionEventsRepo.js";
+import { batchStoreMemoryItemSchema, batchStoreMemoryRequestSchema, exportMemoriesRequestSchema, forgetMemoryRequestSchema, getMemoryRequestSchema, handleSessionEndRequestSchema, importMemoriesRequestSchema, pullMemoriesRequestSchema, ingestSessionEventsRequestSchema, LIST_MEMORIES_DEFAULT_LIMIT, listMemoriesRequestSchema, pruneMemoriesRequestSchema, redactExistingRequestSchema, resetAccessCountsRequestSchema, retrieveMemoriesRequestSchema, statsRequestSchema, storeMemoryRequestSchema, summarizeSessionToMemoryRequestSchema, } from "./contracts.js";
 import { DomainError, toErrorEnvelope } from "./errors.js";
 import { assertLocalOnlyPolicy, } from "./localOnlyPolicy.js";
 import { createSessionLifecycleService } from "./sessionLifecycleService.js";
@@ -33,6 +35,28 @@ function resolveServiceUsername(explicit) {
         return "";
     }
 }
+// Maximum content length serialized into an MCP retrieve response. The full
+// content remains in the DB; this only caps what is returned to the tool caller
+// so a large result set cannot overflow the agent context (100 rows × 10k chars
+// ≈ 1MB JSON).
+const RETRIEVE_CONTENT_MAX_LENGTH = 2000;
+/**
+ * Clamp an imported/pulled timestamp to server time. A record carrying a future
+ * createdAt/updatedAt would otherwise be immune to retention pruning (its age
+ * never crosses the cutoff), so any value past `serverNow` is pulled back to it.
+ */
+function clampDateToNow(date) {
+    if (!date)
+        return null;
+    const epochMs = Date.parse(date);
+    if (isNaN(epochMs))
+        return null; // invalid date → discard
+    const nowMs = Date.now();
+    // Parse to epoch (handles timezone offsets correctly), clamp future dates to
+    // now, and normalize to a canonical UTC ISO string (no timezone offset) so
+    // lexicographic comparison in the retention prune stays consistent.
+    return new Date(Math.min(epochMs, nowMs)).toISOString();
+}
 function toMemoryDto(record) {
     return {
         id: record.id,
@@ -40,18 +64,36 @@ function toMemoryDto(record) {
         sessionId: record.session_id,
         sourceAdapter: record.source_adapter,
         kind: record.kind,
-        content: record.content,
-        normalizedContent: record.normalized_content,
+        content: record.content.slice(0, RETRIEVE_CONTENT_MAX_LENGTH),
+        normalizedContent: record.normalized_content?.slice(0, RETRIEVE_CONTENT_MAX_LENGTH) ?? null,
         importance: record.importance,
-        embedding: record.embedding,
+        embedding: null,
         embeddingDim: record.embedding_dim,
         embeddingVersion: record.embedding_version,
         author: record.author,
         originProjectId: record.origin_project_id,
+        accessCount: record.access_count,
+        lastAccessed: record.last_accessed,
+        effectiveImportance: computeEffectiveImportance(record.importance, record.access_count),
         createdAt: record.created_at,
         updatedAt: record.updated_at,
     };
 }
+/**
+ * Export/sync DTO: preserves FULL content and normalized_content, unlike
+ * toMemoryDto which caps both at RETRIEVE_CONTENT_MAX_LENGTH (2000) to bound MCP
+ * tool responses against context overflow. Export and team-push must round-trip
+ * losslessly — importMemories/pullMemories re-embed from the exported `content`,
+ * so truncating here would permanently lose any memory body over 2000 chars
+ * (stored content can be up to MAX_CONTENT_LENGTH = 10000) on re-import.
+ */
+function toExportMemoryDto(record) {
+    return {
+        ...toMemoryDto(record),
+        content: record.content,
+        normalizedContent: record.normalized_content,
+    };
+}
 function toRetrievedMemoryDto(record) {
     return {
         id: record.id,
@@ -59,34 +101,25 @@ function toRetrievedMemoryDto(record) {
         sessionId: record.session_id,
         sourceAdapter: record.source_adapter,
         kind: record.kind,
-        content: record.content,
-        normalizedContent: record.normalized_content,
+        // Cap content for the MCP tool response to prevent context overflow; the
+        // full content stays in the DB and is reachable via getMemory.
+        content: record.content.slice(0, RETRIEVE_CONTENT_MAX_LENGTH),
+        normalizedContent: record.normalized_content?.slice(0, RETRIEVE_CONTENT_MAX_LENGTH) ?? null,
         importance: record.importance,
         embedding: null,
         embeddingDim: record.embedding_dim,
         embeddingVersion: record.embedding_version,
         author: record.author,
         originProjectId: record.origin_project_id,
+        accessCount: record.access_count,
+        lastAccessed: null,
+        effectiveImportance: computeEffectiveImportance(record.importance, record.access_count),
         createdAt: record.created_at,
         updatedAt: record.updated_at,
         semantic: record.semantic,
         score: record.score,
     };
 }
-function getMemoryById(db, projectId, memoryId) {
-    const row = db
-        .prepare(`
-      SELECT
-        id, project_id, session_id, source_adapter, kind, content, normalized_content,
-        importance, embedding, embedding_dim, embedding_version, author, origin_project_id,
-        created_at, updated_at
-      FROM memories
-      WHERE project_id = ? AND id = ?
-      LIMIT 1
-    `)
-        .get(projectId, memoryId);
-    return row;
-}
 function parseRequest(schema, request) {
     try {
         return schema.parse(request);
@@ -136,32 +169,56 @@ export function createMemoryCoreService(deps) {
     const methods = {
         async ingestSessionEvents(request) {
             const parsed = parseRequest(ingestSessionEventsRequestSchema, request);
-            for (const event of parsed.events) {
-                insertSessionEvent(db, {
-                    id: event.id,
-                    project_id: parsed.projectId,
-                    session_id: parsed.sessionId,
-                    event_index: event.eventIndex,
-                    event_type: event.eventType,
-                    payload_json: event.payloadJson,
-                    created_at: event.createdAt,
-                });
-            }
+            // Wrap the whole batch in a single transaction so a mid-loop failure rolls
+            // back every insert (no partial ingestion). Inserts use INSERT OR IGNORE
+            // on the (project_id, session_id, event_index) UNIQUE index, so the count
+            // reflects rows actually written and re-ingestion is a no-op.
+            // Redact each event's payload_json before persisting so secrets in tool
+            // inputs/outputs never reach storage — same write-path guarantee as
+            // storeMemory. Events carry no explicit redactionEnabled flag, so resolve
+            // it from the policy config.
+            const redactionEnabled = resolveRedactionEnabled(undefined);
+            const ingest = db.transaction(() => {
+                let written = 0;
+                for (const event of parsed.events) {
+                    const redactedPayload = applyRedaction(event.payloadJson, {
+                        redactionEnabled,
+                    }).text;
+                    written += insertSessionEvent(db, {
+                        id: event.id,
+                        project_id: parsed.projectId,
+                        session_id: parsed.sessionId,
+                        event_index: event.eventIndex,
+                        event_type: event.eventType,
+                        payload_json: redactedPayload,
+                        created_at: event.createdAt,
+                    });
+                }
+                return written;
+            });
+            const ingested = ingest();
             return {
                 ok: true,
-                ingested: parsed.events.length,
+                ingested,
             };
         },
         async summarizeSessionToMemory(request) {
             const parsed = parseRequest(summarizeSessionToMemoryRequestSchema, request);
-            const embedding = deterministicEmbed(parsed.summary, dimension);
+            // Redact before embedding/persisting so secrets in the summary text never
+            // reach storage and the embedding is computed on the redacted text — same
+            // write-path guarantee as storeMemory. The request carries no explicit
+            // redactionEnabled flag, so resolve it from the policy config.
+            const redaction = applyRedaction(parsed.summary, {
+                redactionEnabled: resolveRedactionEnabled(undefined),
+            });
+            const embedding = deterministicEmbed(redaction.text, dimension);
             upsertSessionSummaryMemory(db, {
                 id: parsed.memoryId,
                 project_id: parsed.projectId,
                 session_id: parsed.sessionId,
                 source_adapter: parsed.sourceAdapter,
                 kind: "summary",
-                content: parsed.summary,
+                content: redaction.text,
                 normalized_content: embedding.normalizedText,
                 importance: parsed.importance,
                 embedding: JSON.stringify(embedding.vector),
@@ -188,6 +245,14 @@ export function createMemoryCoreService(deps) {
                 redactionEnabled: resolveRedactionEnabled(parsed.redactionEnabled),
             });
             const embedding = deterministicEmbed(redaction.text, dimension);
+            // Per-session write soft limit: warn the caller when the session has
+            // already accumulated SESSION_WRITE_SOFT_LIMIT memories so the agent
+            // gets feedback to stop storing excessively. The write still proceeds.
+            const warningCodes = [...redaction.warningCodes];
+            const sessionCount = countMemoriesBySession(db, parsed.sessionId, parsed.projectId);
+            if (sessionCount >= SESSION_WRITE_SOFT_LIMIT) {
+                warningCodes.push("session_write_limit_warning");
+            }
             insertMemory(db, {
                 id: parsed.memoryId,
                 project_id: parsed.projectId,
@@ -205,80 +270,93 @@ export function createMemoryCoreService(deps) {
                 author: localAuthor,
                 origin_project_id: null,
             });
-            const inserted = getMemoryById(db, parsed.projectId, parsed.memoryId);
+            const inserted = getMemoryRecordById(db, parsed.projectId, parsed.memoryId);
             if (!inserted) {
                 throw new DomainError("INTERNAL", "Memory insert did not persist");
             }
             return {
                 ok: true,
-                memory: toMemoryDto(inserted),
-                warningCodes: redaction.warningCodes,
+                // Single-record write echo-back: return the FULL stored body (uncapped),
+                // mirroring getMemory's single-record read. A store response carries one
+                // row bounded by MAX_CONTENT_LENGTH (10000), so it cannot overflow the
+                // agent context the way a multi-row list can, and the caller may want to
+                // verify the actual persisted (post-redaction) content. Contrast with
+                // batchStoreMemory below, which keeps the cap because it returns many rows.
+                memory: toExportMemoryDto(inserted),
+                warningCodes,
             };
         },
         async retrieveMemories(request) {
             const parsed = parseRequest(retrieveMemoriesRequestSchema, request);
-            const limit = parsed.depth === "deep" ? Math.min(parsed.limit * 2, 100) : parsed.limit;
+            const limit = parsed.depth === "deep" ? Math.min(parsed.limit * 2, DEEP_MODE_RETRIEVAL_CAP) : parsed.limit;
             const ranked = retrieveMemories({
                 db,
                 projectId: parsed.projectId,
                 queryText: parsed.query,
                 limit,
             });
+            if (ranked.length > 0 && parsed.mode !== "on-demand") {
+                // Only boost access counts for startup injection (mode='auto'), not for
+                // explicit on-demand retrieval, so a mid-session lookup does not inflate
+                // recall-frequency ranking.
+                incrementAccessCounts(db, parsed.projectId, ranked.map((m) => m.id));
+            }
+            // Honor a user-configured injectionCap when present; otherwise
+            // formatStartupInjection falls back to its built-in default cap.
+            const injectionCap = readPolicyConfig(policyConfigPath).injectionCap;
             return {
                 ok: true,
                 memories: ranked.map(toRetrievedMemoryDto),
                 total: ranked.length,
-                // Render the startup-injection block here so the `author:`
-                // prefix annotation for teammate-authored memories reaches CLI/MCP
-                // callers via the production retrieval path.
                 startupInjection: formatStartupInjection(ranked, {
                     localUsername: localAuthor,
+                    tokenCap: injectionCap,
                 }),
             };
         },
-        async recordMemoryUsed(request) {
-            const parsed = parseRequest(recordMemoryUsedRequestSchema, request);
-            const result = recordUse(db, {
-                project_id: parsed.projectId,
-                memory_id: parsed.memoryId,
-                feedback_type: parsed.feedbackType,
-                used_at: parsed.usedAt,
-            });
-            return {
-                ok: true,
-                memoryId: result.memory_id,
-                previousImportance: result.previous_importance,
-                newImportance: result.new_importance,
-            };
-        },
         async listMemories(request) {
             const parsed = parseRequest(listMemoriesRequestSchema, request);
-            const memories = listMemoriesByProject(db, parsed.projectId);
+            const all = listMemoriesByProject(db, parsed.projectId);
+            // Rows arrive ordered by updated_at DESC, so slicing keeps the most
+            // recently touched memories. `total` reports the full count; a shorter
+            // `memories` array signals the caller that the list was truncated.
+            const limit = parsed.limit ?? LIST_MEMORIES_DEFAULT_LIMIT;
+            const memories = all.slice(0, limit);
             return {
                 ok: true,
                 memories: memories.map(toMemoryDto),
-                total: memories.length,
+                total: all.length,
             };
         },
         async getMemory(request) {
             const parsed = parseRequest(getMemoryRequestSchema, request);
-            const memory = getMemoryById(db, parsed.projectId, parsed.memoryId);
+            const memory = getMemoryRecordById(db, parsed.projectId, parsed.memoryId);
             if (!memory) {
                 throw new DomainError("NOT_FOUND", `Memory not found: ${parsed.memoryId}`);
             }
             return {
                 ok: true,
-                memory: toMemoryDto(memory),
+                memory: toExportMemoryDto(memory),
             };
         },
         async forgetMemory(request) {
             const parsed = parseRequest(forgetMemoryRequestSchema, request);
-            const result = db
-                .prepare("DELETE FROM memories WHERE project_id = ? AND id = ?")
-                .run(parsed.projectId, parsed.memoryId);
-            if (result.changes === 0) {
+            // Capture the memory's importance before deletion so we can record
+            // it in the feedback table as an analytics signal.
+            const existing = getMemoryRecordById(db, parsed.projectId, parsed.memoryId);
+            const deleted = deleteMemoryById(db, parsed.projectId, parsed.memoryId);
+            if (deleted === 0) {
                 throw new DomainError("NOT_FOUND", `Memory not found: ${parsed.memoryId}`);
             }
+            // Record the explicit user deletion as feedback. The FK on
+            // memory_feedback no longer cascades (migration 007), so this row
+            // survives the memory deletion and serves as an analytics signal.
+            insertMemoryFeedbackEvent(db, {
+                memory_id: parsed.memoryId,
+                feedback_type: "manual_delete",
+                previous_importance: existing?.importance ?? 0,
+                new_importance: 0,
+            });
             return {
                 ok: true,
             };
@@ -288,45 +366,16 @@ export function createMemoryCoreService(deps) {
             const memories = listMemoriesByProject(db, parsed.projectId);
             return {
                 ok: true,
-                memories: memories.map(toMemoryDto),
+                memories: memories.map(toExportMemoryDto),
             };
         },
         async importMemories(request) {
             const parsed = parseRequest(importMemoriesRequestSchema, request);
-            const stmt = db.prepare(`
-        INSERT INTO memories (
-          id, project_id, session_id, source_adapter, kind, content, normalized_content,
-          importance, embedding, embedding_dim, embedding_version, author, origin_project_id,
-          created_at, updated_at
-        ) VALUES (
-          @id, @project_id, @session_id, @source_adapter, @kind, @content, @normalized_content,
-          @importance, @embedding, @embedding_dim, @embedding_version, @author, @origin_project_id,
-          COALESCE(@created_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
-          COALESCE(@updated_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
-        )
-        ON CONFLICT(id) DO UPDATE SET
-          project_id = excluded.project_id,
-          session_id = excluded.session_id,
-          source_adapter = excluded.source_adapter,
-          kind = excluded.kind,
-          content = excluded.content,
-          normalized_content = excluded.normalized_content,
-          importance = excluded.importance,
-          embedding = excluded.embedding,
-          embedding_dim = excluded.embedding_dim,
-          embedding_version = excluded.embedding_version,
-          author = excluded.author,
-          origin_project_id = excluded.origin_project_id,
-          created_at = excluded.created_at,
-          updated_at = excluded.updated_at
-      `);
-            // `id` is a globally-unique PRIMARY KEY (not scoped by
-            // project_id). The upsert above reassigns `project_id = excluded.project_id`
-            // on conflict, which would let an imported record silently overwrite and
-            // relocate another project's memory if its `id` happens to collide.
-            // Look up existing ownership per id and skip (rather than upsert) any
-            // record whose id already belongs to a *different* project.
-            const ownerStmt = db.prepare("SELECT project_id FROM memories WHERE id = ?");
+            // The upsert (upsertImportedMemory) reassigns project_id on ON CONFLICT(id).
+            // Because `id` is a globally-unique PRIMARY KEY (not scoped by project_id),
+            // a colliding id owned by a *different* project would otherwise be silently
+            // overwritten and relocated. getMemoryOwnerProjectId resolves ownership per
+            // id so we skip those rather than upsert them.
             // Aggregate redaction warnings across all imported records. A
             // Set de-duplicates the redaction_partial_failure code so the envelope
             // stays compact regardless of how many records tripped the same rule.
@@ -334,52 +383,66 @@ export function createMemoryCoreService(deps) {
             const effectiveRedactionEnabled = resolveRedactionEnabled(parsed.redactionEnabled);
             let imported = 0;
             let skippedCrossProject = 0;
-            for (const memory of parsed.memories) {
-                const owner = ownerStmt.get(memory.id);
-                if (owner && owner.project_id !== parsed.projectId) {
-                    // Another project already owns this id: skip rather than overwrite
-                    // and reassign ownership via ON CONFLICT(id).
-                    skippedCrossProject += 1;
-                    continue;
-                }
-                // Redact each record before embedding/upsert so secrets never persist
-                // and the embedding reflects the redacted text.
-                const redaction = applyRedaction(memory.content, {
-                    redactionEnabled: effectiveRedactionEnabled,
-                });
-                for (const code of redaction.warningCodes) {
-                    warningCodeSet.add(code);
+            let skippedExisting = 0;
+            // Wrap the whole batch in a single transaction so a mid-loop failure rolls
+            // back every upsert (no partial import).
+            const runImport = db.transaction(() => {
+                for (const memory of parsed.memories) {
+                    const ownerProjectId = getMemoryOwnerProjectId(db, memory.id);
+                    if (ownerProjectId !== undefined) {
+                        if (ownerProjectId !== parsed.projectId) {
+                            // Another project already owns this id: skip rather than overwrite
+                            // and reassign ownership via ON CONFLICT(id).
+                            skippedCrossProject += 1;
+                        }
+                        else {
+                            // This project already owns this id: skip rather than overwrite the
+                            // existing memory's content/timestamps. Only brand-new ids import.
+                            skippedExisting += 1;
+                        }
+                        continue;
+                    }
+                    // Redact each record before embedding/upsert so secrets never persist
+                    // and the embedding reflects the redacted text.
+                    const redaction = applyRedaction(memory.content, {
+                        redactionEnabled: effectiveRedactionEnabled,
+                    });
+                    for (const code of redaction.warningCodes) {
+                        warningCodeSet.add(code);
+                    }
+                    const embedding = deterministicEmbed(redaction.text, dimension);
+                    upsertImportedMemory(db, {
+                        id: memory.id,
+                        project_id: parsed.projectId,
+                        session_id: memory.sessionId,
+                        source_adapter: memory.sourceAdapter,
+                        kind: memory.kind,
+                        content: redaction.text,
+                        normalized_content: embedding.normalizedText,
+                        importance: memory.importance,
+                        embedding: JSON.stringify(embedding.vector),
+                        embedding_dim: embedding.dimension,
+                        embedding_version: embedding.embeddingVersion,
+                        // Plain import (not a team pull): preserve an incoming author when
+                        // the export carried one, else stamp the local username so the row
+                        // is never left with an empty author. origin_project_id is carried
+                        // through when present, else null for locally-originating rows.
+                        author: memory.author && memory.author.trim() !== ""
+                            ? memory.author
+                            : localAuthor,
+                        origin_project_id: memory.originProjectId ?? null,
+                        created_at: clampDateToNow(memory.createdAt) ?? undefined,
+                        updated_at: clampDateToNow(memory.updatedAt) ?? undefined,
+                    });
+                    imported += 1;
                 }
-                const embedding = deterministicEmbed(redaction.text, dimension);
-                stmt.run({
-                    id: memory.id,
-                    project_id: parsed.projectId,
-                    session_id: memory.sessionId,
-                    source_adapter: memory.sourceAdapter,
-                    kind: memory.kind,
-                    content: redaction.text,
-                    normalized_content: embedding.normalizedText,
-                    importance: memory.importance,
-                    embedding: JSON.stringify(embedding.vector),
-                    embedding_dim: embedding.dimension,
-                    embedding_version: embedding.embeddingVersion,
-                    // Plain import (not a team pull): preserve an incoming author when the
-                    // export carried one, else stamp the local username so the row is
-                    // never left with an empty author. origin_project_id is carried
-                    // through when present, else null for locally-originating rows.
-                    author: memory.author && memory.author.trim() !== ""
-                        ? memory.author
-                        : localAuthor,
-                    origin_project_id: memory.originProjectId ?? null,
-                    created_at: memory.createdAt,
-                    updated_at: memory.updatedAt,
-                });
-                imported += 1;
-            }
+            });
+            runImport();
             return {
                 ok: true,
                 imported,
                 skippedCrossProject,
+                skippedExisting,
                 warningCodes: [...warningCodeSet],
             };
         },
@@ -388,102 +451,74 @@ export function createMemoryCoreService(deps) {
             // Structural twin of importMemories with three team-pull changes:
             //  - importance uses MAX(local, incoming) so a teammate can never lower a
             //    locally-boosted importance (last-write-wins on content but
-            //    importance-preserving).
+            //    importance-preserving). upsertPulledMemory carries that merge.
             //  - author/origin_project_id are stamped from the incoming record's
             //    provenance so pulled rows carry the teammate's identity and
             //    their source project_id.
             //  - cross-project id collisions are skipped, exactly as import.
-            const stmt = db.prepare(`
-        INSERT INTO memories (
-          id, project_id, session_id, source_adapter, kind, content, normalized_content,
-          importance, embedding, embedding_dim, embedding_version, author, origin_project_id,
-          created_at, updated_at
-        ) VALUES (
-          @id, @project_id, @session_id, @source_adapter, @kind, @content, @normalized_content,
-          @importance, @embedding, @embedding_dim, @embedding_version, @author, @origin_project_id,
-          COALESCE(@created_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
-          COALESCE(@updated_at, strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
-        )
-        ON CONFLICT(id) DO UPDATE SET
-          project_id = excluded.project_id,
-          session_id = excluded.session_id,
-          source_adapter = excluded.source_adapter,
-          kind = excluded.kind,
-          content = excluded.content,
-          normalized_content = excluded.normalized_content,
-          -- Importance-preserving merge. better-sqlite3@12 bundles a
-          -- SQLite that accepts the two-arg scalar MAX() inside DO UPDATE; the
-          -- pull-merge importance-preserve test verifies both directions.
-          importance = MAX(memories.importance, excluded.importance),
-          embedding = excluded.embedding,
-          embedding_dim = excluded.embedding_dim,
-          embedding_version = excluded.embedding_version,
-          author = excluded.author,
-          origin_project_id = excluded.origin_project_id,
-          created_at = excluded.created_at,
-          updated_at = excluded.updated_at
-      `);
-            // Same cross-project ownership skip as importMemories. A colliding
-            // id owned by a different project is skipped, never overwritten/relocated.
-            const ownerStmt = db.prepare("SELECT project_id FROM memories WHERE id = ?");
             const warningCodeSet = new Set();
             const effectiveRedactionEnabled = resolveRedactionEnabled(parsed.redactionEnabled);
             let pulledNew = 0;
             let pulledUpdated = 0;
             let skippedCrossProject = 0;
-            for (const memory of parsed.memories) {
-                const owner = ownerStmt.get(memory.id);
-                if (owner && owner.project_id !== parsed.projectId) {
-                    skippedCrossProject += 1;
-                    continue;
-                }
-                // An id already owned by THIS project is an update; otherwise a
-                // brand-new insert. Snapshotting per-id via ownerStmt keeps the count
-                // correct even when the same id appears across multiple teammate files.
-                const isUpdate = owner !== undefined;
-                // Re-run redaction on every pulled record regardless of the
-                // teammate's redaction setting (4th write path), then re-embed the
-                // redacted text so secrets never persist and the embedding matches.
-                const redaction = applyRedaction(memory.content, {
-                    redactionEnabled: effectiveRedactionEnabled,
-                });
-                for (const code of redaction.warningCodes) {
-                    warningCodeSet.add(code);
-                }
-                const embedding = deterministicEmbed(redaction.text, dimension);
-                stmt.run({
-                    id: memory.id,
-                    // LOCAL project_id so merged rows are retrievable in the pulling
-                    // user's project (Open Q4).
-                    project_id: parsed.projectId,
-                    session_id: memory.sessionId,
-                    source_adapter: memory.sourceAdapter,
-                    kind: memory.kind,
-                    content: redaction.text,
-                    normalized_content: embedding.normalizedText,
-                    importance: memory.importance,
-                    embedding: JSON.stringify(embedding.vector),
-                    embedding_dim: embedding.dimension,
-                    embedding_version: embedding.embeddingVersion,
-                    // Stamp the teammate's provenance. author falls back to the
-                    // local username only when the incoming record carries none.
-                    author: memory.author && memory.author.trim() !== ""
-                        ? memory.author
-                        : localAuthor,
-                    // origin_project_id records the record's source-machine project_id:
-                    // its explicit originProjectId if present, else the record's own
-                    // incoming projectId (Open Q4).
-                    origin_project_id: memory.originProjectId ?? memory.projectId,
-                    created_at: memory.createdAt,
-                    updated_at: memory.updatedAt,
-                });
-                if (isUpdate) {
-                    pulledUpdated += 1;
-                }
-                else {
-                    pulledNew += 1;
+            // Wrap the whole batch in a single transaction so a mid-loop failure rolls
+            // back every upsert (no partial pull).
+            const runPull = db.transaction(() => {
+                for (const memory of parsed.memories) {
+                    const ownerProjectId = getMemoryOwnerProjectId(db, memory.id);
+                    if (ownerProjectId !== undefined && ownerProjectId !== parsed.projectId) {
+                        skippedCrossProject += 1;
+                        continue;
+                    }
+                    // An id already owned by THIS project is an update; otherwise a
+                    // brand-new insert. Snapshotting per-id keeps the count correct even
+                    // when the same id appears across multiple teammate files.
+                    const isUpdate = ownerProjectId !== undefined;
+                    // Re-run redaction on every pulled record regardless of the
+                    // teammate's redaction setting (4th write path), then re-embed the
+                    // redacted text so secrets never persist and the embedding matches.
+                    const redaction = applyRedaction(memory.content, {
+                        redactionEnabled: effectiveRedactionEnabled,
+                    });
+                    for (const code of redaction.warningCodes) {
+                        warningCodeSet.add(code);
+                    }
+                    const embedding = deterministicEmbed(redaction.text, dimension);
+                    upsertPulledMemory(db, {
+                        id: memory.id,
+                        // LOCAL project_id so merged rows are retrievable in the pulling
+                        // user's project (Open Q4).
+                        project_id: parsed.projectId,
+                        session_id: memory.sessionId,
+                        source_adapter: memory.sourceAdapter,
+                        kind: memory.kind,
+                        content: redaction.text,
+                        normalized_content: embedding.normalizedText,
+                        importance: memory.importance,
+                        embedding: JSON.stringify(embedding.vector),
+                        embedding_dim: embedding.dimension,
+                        embedding_version: embedding.embeddingVersion,
+                        // Stamp the teammate's provenance. author falls back to the
+                        // local username only when the incoming record carries none.
+                        author: memory.author && memory.author.trim() !== ""
+                            ? memory.author
+                            : localAuthor,
+                        // origin_project_id records the record's source-machine project_id:
+                        // its explicit originProjectId if present, else the record's own
+                        // incoming projectId (Open Q4).
+                        origin_project_id: memory.originProjectId ?? memory.projectId,
+                        created_at: clampDateToNow(memory.createdAt) ?? undefined,
+                        updated_at: clampDateToNow(memory.updatedAt) ?? undefined,
+                    });
+                    if (isUpdate) {
+                        pulledUpdated += 1;
+                    }
+                    else {
+                        pulledNew += 1;
+                    }
                 }
-            }
+            });
+            runPull();
             return {
                 ok: true,
                 pulledNew,
@@ -537,8 +572,12 @@ export function createMemoryCoreService(deps) {
                 // the limit isn't split into an unpaired surrogate.
                 previews.push(Array.from(redaction.text).slice(0, REDACT_PREVIEW_MAX_LENGTH).join(""));
                 if (parsed.apply) {
-                    // Recompute the embedding-normalized text on the redacted content so
-                    // the stored normalized_content stays consistent with the scrub.
+                    // Recompute the embedding on the redacted content so BOTH the stored
+                    // normalized_content AND the embedding vector track the scrub. Without
+                    // re-embedding, the vector would remain a hash of the pre-redaction
+                    // (secret-bearing) text — inconsistent with normalized_content and
+                    // still ranking against the un-redacted body in semantic retrieval,
+                    // defeating the purpose of the scrub.
                     const embedding = deterministicEmbed(redaction.text, dimension);
                     // A single row that was deleted concurrently between the
                     // initial listMemoriesByProject snapshot and this update would
@@ -548,7 +587,11 @@ export function createMemoryCoreService(deps) {
                     // wrapped in a transaction). Catch per-row and report it as
                     // skipped instead.
                     try {
-                        updateMemoryContent(db, parsed.projectId, memory.id, redaction.text, embedding.normalizedText);
+                        updateMemoryContent(db, parsed.projectId, memory.id, redaction.text, embedding.normalizedText, {
+                            vector: embedding.vector,
+                            dimension: embedding.dimension,
+                            embeddingVersion: embedding.embeddingVersion,
+                        });
                         updated += 1;
                     }
                     catch {
@@ -565,18 +608,144 @@ export function createMemoryCoreService(deps) {
                 previews,
             };
         },
+        async batchStoreMemory(request) {
+            const parsed = parseRequest(batchStoreMemoryRequestSchema, request);
+            const uniqueSessions = new Set(parsed.memories.map((m) => m.sessionId));
+            const sessionOverLimit = new Set();
+            for (const sid of uniqueSessions) {
+                const count = countMemoriesBySession(db, sid, parsed.projectId);
+                if (count >= SESSION_WRITE_SOFT_LIMIT) {
+                    sessionOverLimit.add(sid);
+                }
+            }
+            const results = [];
+            let stored = 0;
+            let failed = 0;
+            // Validate each item individually before entering the transaction so
+            // validation errors are reported per-item without aborting the whole batch.
+            const validatedItems = [];
+            for (let i = 0; i < parsed.memories.length; i++) {
+                const raw = parsed.memories[i];
+                try {
+                    // The array items were already parsed by batchStoreMemoryRequestSchema,
+                    // but we re-validate with the item schema so per-item errors are
+                    // captured individually (e.g. if a caller bypasses the outer schema).
+                    const item = batchStoreMemoryItemSchema.parse(raw);
+                    validatedItems.push({ index: i, item });
+                }
+                catch (err) {
+                    results.push({
+                        memoryId: raw.memoryId ?? `<index-${i}>`,
+                        ok: false,
+                        error: err instanceof ZodError
+                            ? err.issues.map((issue) => issue.message).join("; ")
+                            : String(err),
+                    });
+                    failed += 1;
+                }
+            }
+            // Wrap all valid inserts in a single SQLite transaction for atomicity
+            // and performance (better-sqlite3 transactions avoid per-statement
+            // fsync, making batch inserts significantly faster).
+            if (validatedItems.length > 0) {
+                const runTransaction = db.transaction(() => {
+                    for (const { item } of validatedItems) {
+                        // Each insert is guarded individually so a duplicate-id (or other
+                        // constraint) collision fails only that item instead of aborting the
+                        // whole batch. A SQLite constraint violation rolls back only the
+                        // current statement, not the surrounding transaction, so the loop can
+                        // continue and the transaction still commits the successful inserts.
+                        try {
+                            const redaction = applyRedaction(item.content, {
+                                redactionEnabled: resolveRedactionEnabled(item.redactionEnabled),
+                            });
+                            const embedding = deterministicEmbed(redaction.text, dimension);
+                            insertMemory(db, {
+                                id: item.memoryId,
+                                project_id: parsed.projectId,
+                                session_id: item.sessionId,
+                                source_adapter: item.sourceAdapter,
+                                kind: item.kind,
+                                content: redaction.text,
+                                normalized_content: embedding.normalizedText,
+                                importance: item.importance,
+                                embedding: JSON.stringify(embedding.vector),
+                                embedding_dim: embedding.dimension,
+                                embedding_version: embedding.embeddingVersion,
+                                author: localAuthor,
+                                origin_project_id: null,
+                            });
+                            const inserted = getMemoryRecordById(db, parsed.projectId, item.memoryId);
+                            if (!inserted) {
+                                throw new DomainError("INTERNAL", `Memory insert did not persist: ${item.memoryId}`);
+                            }
+                            const itemWarningCodes = [...redaction.warningCodes];
+                            if (sessionOverLimit.has(item.sessionId)) {
+                                itemWarningCodes.push("session_write_limit_warning");
+                            }
+                            results.push({
+                                memoryId: item.memoryId,
+                                ok: true,
+                                // Capped echo-back (unlike single-record storeMemory): a batch
+                                // returns up to MAX_BATCH_SIZE rows, so returning full content per
+                                // row could overflow the agent context (parallel to listMemories).
+                                // The caller already holds each original body; full content stays
+                                // in the DB and is reachable via getMemory.
+                                memory: toMemoryDto(inserted),
+                                warningCodes: itemWarningCodes,
+                            });
+                            stored += 1;
+                        }
+                        catch (err) {
+                            const code = err.code ?? "";
+                            const message = err instanceof Error ? err.message : String(err);
+                            const isConstraint = code.startsWith("SQLITE_CONSTRAINT") ||
+                                /constraint failed/i.test(message);
+                            if (!isConstraint) {
+                                // Unexpected (non-constraint) failure — abort the whole
+                                // transaction so we don't silently commit a corrupt partial batch.
+                                throw err;
+                            }
+                            results.push({
+                                memoryId: item.memoryId,
+                                ok: false,
+                                error: "duplicate id",
+                            });
+                            failed += 1;
+                        }
+                    }
+                });
+                runTransaction();
+            }
+            // Sort results back into original input order: validated items were
+            // processed in order but failed items were pushed first. Re-sort by
+            // the memoryId to maintain a predictable output. Since memoryIds are
+            // unique, use the input array order as the canonical sort key.
+            const inputOrder = new Map(parsed.memories.map((m, i) => [m.memoryId, i]));
+            results.sort((a, b) => (inputOrder.get(a.memoryId) ?? 0) - (inputOrder.get(b.memoryId) ?? 0));
+            return {
+                ok: true,
+                results,
+                stored,
+                failed,
+            };
+        },
         async stats(request) {
             const parsed = parseRequest(statsRequestSchema, request);
-            const memoryCount = db
-                .prepare("SELECT COUNT(*) AS count FROM memories WHERE project_id = ?")
-                .get(parsed.projectId);
-            const sessionEventCount = db
-                .prepare("SELECT COUNT(*) AS count FROM session_events WHERE project_id = ?")
-                .get(parsed.projectId);
+            const totalMemories = countAllMemoriesByProject(db, parsed.projectId);
+            const totalSessionEvents = countAllSessionEvents(db, parsed.projectId);
+            return {
+                ok: true,
+                totalMemories,
+                totalSessionEvents,
+            };
+        },
+        async resetAccessCounts(request) {
+            const parsed = parseRequest(resetAccessCountsRequestSchema, request);
+            const affected = resetAccessCounts(db, parsed.projectId);
             return {
                 ok: true,
-                totalMemories: memoryCount.count,
-                totalSessionEvents: sessionEventCount.count,
+                affected,
             };
         },
     };