shabti 2.11.0 → 2.12.1

package/README.md

@@ -210,11 +210,13 @@ Or manually add to your MCP settings:
 | --------------- | ----------------------------------------------------------- |
 | `memory_store`  | Store a memory entry with optional namespace, tags, and TTL |
 | `memory_search` | Search memories by semantic similarity                      |
+| `memory_get`    | Retrieve a specific memory entry by UUID                    |
 | `memory_delete` | Delete a memory entry by ID                                 |
 | `memory_list`   | List recent memory entries                                  |
 | `memory_export` | Export entries as JSONL                                     |
 | `memory_gc`     | Garbage collect expired entries                             |
 | `memory_status` | Get engine status                                           |
+| `memory_health` | Run health checks on engine components                      |
 
 ### MCP Resources
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shabti",
-  "version": "2.11.0",
+  "version": "2.12.1",
   "description": "Agent Memory OS — semantic memory for AI agents",
   "type": "module",
   "main": "native.cjs",

package/src/a2a/agentCard.js

@@ -43,6 +43,54 @@ export function buildAgentCard(baseUrl) {
         inputModes: ["text"],
         outputModes: ["application/json"],
       },
+      {
+        id: "memory_get",
+        name: "Get Memory",
+        description: "Retrieve a specific memory entry by its ID",
+        tags: ["memory", "get", "retrieve", "fetch"],
+        inputModes: ["application/json"],
+        outputModes: ["application/json"],
+      },
+      {
+        id: "memory_delete",
+        name: "Delete Memory",
+        description: "Delete a specific memory entry by its ID",
+        tags: ["memory", "delete", "remove"],
+        inputModes: ["application/json"],
+        outputModes: ["application/json"],
+      },
+      {
+        id: "memory_list",
+        name: "List Memories",
+        description: "List stored memory entries with optional filters",
+        tags: ["memory", "list", "entries"],
+        inputModes: ["text", "application/json"],
+        outputModes: ["application/json"],
+      },
+      {
+        id: "memory_export",
+        name: "Export Memories",
+        description: "Export all memory entries as JSONL data",
+        tags: ["memory", "export", "dump", "backup"],
+        inputModes: ["text", "application/json"],
+        outputModes: ["application/json"],
+      },
+      {
+        id: "memory_gc",
+        name: "Garbage Collect",
+        description: "Remove expired memory entries and reclaim storage",
+        tags: ["memory", "gc", "garbage", "cleanup"],
+        inputModes: ["text"],
+        outputModes: ["application/json"],
+      },
+      {
+        id: "memory_health",
+        name: "Health Check",
+        description: "Check the health of the memory engine and its dependencies",
+        tags: ["memory", "health", "diagnostics"],
+        inputModes: ["text"],
+        outputModes: ["application/json"],
+      },
     ],
   };
 }

package/src/a2a/server.js

@@ -10,8 +10,13 @@ import { normalizeText } from "../utils/normalize.js";
 // ============================================================
 
 export class TaskStore {
-  constructor() {
-    this.tasks = new Map();
+  #tasks = new Map();
+  #maxTasks;
+  #ttlMs;
+
+  constructor({ maxTasks = 1000, ttlMs = 30 * 60 * 1000 } = {}) {
+    this.#maxTasks = maxTasks;
+    this.#ttlMs = ttlMs;
   }
 
   create(contextId) {
@@ -22,21 +27,44 @@ export class TaskStore {
       status: { state: "submitted", timestamp: new Date().toISOString() },
       artifacts: [],
       history: [],
+      createdAt: Date.now(),
     };
-    this.tasks.set(task.id, task);
+    this.#tasks.set(task.id, task);
+
+    if (this.#tasks.size > this.#maxTasks) {
+      this.#evictOldest();
+    }
+
     return task;
   }
 
+  #evictOldest() {
+    const oldest = [...this.#tasks.entries()].sort(([, a], [, b]) => a.createdAt - b.createdAt)[0];
+    if (oldest) this.#tasks.delete(oldest[0]);
+  }
+
+  cleanup() {
+    const now = Date.now();
+    for (const [id, task] of this.#tasks) {
+      if (
+        now - task.createdAt > this.#ttlMs &&
+        ["completed", "canceled", "failed"].includes(task.status.state)
+      ) {
+        this.#tasks.delete(id);
+      }
+    }
+  }
+
   get(id) {
-    return this.tasks.get(id) || null;
+    return this.#tasks.get(id) || null;
   }
 
   set(id, task) {
-    this.tasks.set(id, task);
+    this.#tasks.set(id, task);
   }
 
   clear() {
-    this.tasks.clear();
+    this.#tasks.clear();
   }
 }
 
@@ -122,6 +150,112 @@ function handleMemoryStatus(engine) {
   };
 }
 
+async function handleMemoryDelete(engine, parts) {
+  let id = null;
+
+  for (const part of parts) {
+    if (part.kind === "data" && part.data?.id) {
+      id = part.data.id;
+    }
+  }
+
+  if (!id) {
+    throw Object.assign(new Error("Missing id in message parts"), { code: -32602 });
+  }
+
+  await engine.delete(id);
+  return {
+    artifactId: randomUUID(),
+    name: "delete_result",
+    parts: [{ kind: "data", data: { deleted: true, id } }],
+  };
+}
+
+async function handleMemoryGet(engine, parts) {
+  let id = null;
+
+  for (const part of parts) {
+    if (part.kind === "data" && part.data?.id) {
+      id = part.data.id;
+    }
+  }
+
+  if (!id) {
+    throw Object.assign(new Error("Missing id in message parts"), { code: -32602 });
+  }
+
+  const entry = await engine.get(id);
+  return {
+    artifactId: randomUUID(),
+    name: "get_result",
+    parts: [{ kind: "data", data: entry }],
+  };
+}
+
+function handleMemoryList(engine, parts) {
+  let opts = {};
+
+  for (const part of parts) {
+    if (part.kind === "data" && part.data) {
+      if (part.data.limit) opts.limit = part.data.limit;
+      if (part.data.namespace) opts.namespace = part.data.namespace;
+    }
+  }
+
+  const entries = engine.listEntries(opts);
+  return {
+    artifactId: randomUUID(),
+    name: "list_result",
+    parts: [{ kind: "data", data: { entries, count: entries.length } }],
+  };
+}
+
+function handleMemoryExport(engine) {
+  const entries = engine.listEntries();
+  const lines = entries.map((e) => JSON.stringify(e));
+  return {
+    artifactId: randomUUID(),
+    name: "export_result",
+    parts: [{ kind: "data", data: { entries: entries.length, data: lines.join("\n") } }],
+  };
+}
+
+async function handleMemoryGc(engine) {
+  const removed = await engine.gc();
+  return {
+    artifactId: randomUUID(),
+    name: "gc_result",
+    parts: [{ kind: "data", data: { removed } }],
+  };
+}
+
+async function handleMemoryHealth(engine) {
+  const checks = [];
+  const status = engine.status();
+  const qdrantUrl = status.qdrantUrl.replace(/:\d+$/, ":6333");
+
+  try {
+    const res = await fetch(`${qdrantUrl}/healthz`, { signal: AbortSignal.timeout(3000) });
+    checks.push({
+      name: "qdrant",
+      status: res.ok ? "ok" : "degraded",
+      message: res.ok ? "Reachable" : `HTTP ${res.status}`,
+    });
+  } catch (err) {
+    checks.push({ name: "qdrant", status: "error", message: err.message });
+  }
+
+  checks.push({ name: "engine", status: "ok", message: `${status.entryCount} entries` });
+  checks.push({ name: "embedding", status: "ok", message: `Model: ${engine.modelId()}` });
+
+  const healthy = checks.every((c) => c.status === "ok");
+  return {
+    artifactId: randomUUID(),
+    name: "health_result",
+    parts: [{ kind: "data", data: { healthy, checks } }],
+  };
+}
+
 // ============================================================
 // Skill Router
 // ============================================================
@@ -140,6 +274,11 @@ export function resolveSkill(parts) {
       const lower = part.text.toLowerCase();
       if (/\b(store|save|remember)\b/.test(lower)) return "memory_store";
       if (/\b(search|find|recall|query)\b/.test(lower)) return "memory_search";
+      if (/\b(delete|remove)\b/.test(lower)) return "memory_delete";
+      if (/\b(get|retrieve)\b/.test(lower)) return "memory_get";
+      if (/\b(list)\b/.test(lower)) return "memory_list";
+      if (/\b(export|dump)\b/.test(lower)) return "memory_export";
+      if (/\b(garbage|cleanup)\b/.test(lower)) return "memory_gc";
       if (/\b(status|health|stats|info)\b/.test(lower)) return "memory_status";
     }
   }
@@ -149,6 +288,7 @@ export function resolveSkill(parts) {
     if (part.kind === "data" && part.data) {
       if (part.data.content) return "memory_store";
       if (part.data.query) return "memory_search";
+      if (part.data.id) return "memory_get";
     }
   }
 
@@ -204,6 +344,24 @@ async function handleMessageSend(engine, taskStore, params) {
       case "memory_status":
         artifact = handleMemoryStatus(engine);
         break;
+      case "memory_delete":
+        artifact = await handleMemoryDelete(engine, message.parts);
+        break;
+      case "memory_get":
+        artifact = await handleMemoryGet(engine, message.parts);
+        break;
+      case "memory_list":
+        artifact = handleMemoryList(engine, message.parts);
+        break;
+      case "memory_export":
+        artifact = handleMemoryExport(engine);
+        break;
+      case "memory_gc":
+        artifact = await handleMemoryGc(engine);
+        break;
+      case "memory_health":
+        artifact = await handleMemoryHealth(engine);
+        break;
       default:
         task.status = { state: "failed", timestamp: new Date().toISOString() };
         taskStore.set(task.id, task);
@@ -273,10 +431,19 @@ function handleTasksCancel(taskStore, params) {
 // HTTP Server
 // ============================================================
 
-function readBody(req) {
+function readBody(req, maxBytes = 1_048_576) {
+  // デフォルト1MB上限
   return new Promise((resolve, reject) => {
     const chunks = [];
-    req.on("data", (c) => chunks.push(c));
+    let total = 0;
+    req.on("data", (c) => {
+      total += c.length;
+      if (total > maxBytes) {
+        req.destroy();
+        return reject(new Error("リクエストボディが大きすぎます"));
+      }
+      chunks.push(c);
+    });
     req.on("end", () => resolve(Buffer.concat(chunks).toString()));
     req.on("error", reject);
   });
@@ -304,17 +471,30 @@ export function startA2AServer(port = 3000) {
   const agentCard = buildAgentCard(baseUrl);
   const taskStore = new TaskStore();
 
+  const cleanupInterval = setInterval(() => taskStore.cleanup(), 5 * 60 * 1000);
+
   const server = createServer(async (req, res) => {
-    // CORS headers
-    res.setHeader("Access-Control-Allow-Origin", "*");
+    // CORS headers — restrict to null (no browser cross-origin access needed for localhost)
+    res.setHeader("Access-Control-Allow-Origin", "null");
     res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
 
     if (req.method === "OPTIONS") {
       res.writeHead(204);
       return res.end();
     }
 
+    // Bearer Token authentication
+    const a2aToken = process.env.SHABTI_A2A_TOKEN;
+    if (a2aToken) {
+      const authHeader = req.headers["authorization"] || "";
+      if (!authHeader.startsWith("Bearer ") || authHeader.slice(7) !== a2aToken) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Unauthorized" }));
+        return;
+      }
+    }
+
     // Agent Card discovery
     if (req.method === "GET" && req.url === "/.well-known/agent-card.json") {
       res.writeHead(200, { "Content-Type": "application/json" });
@@ -365,6 +545,8 @@ export function startA2AServer(port = 3000) {
     res.end("Not Found");
   });
 
+  server.on("close", () => clearInterval(cleanupInterval));
+
   server.listen(port, "127.0.0.1", () => {
     console.log(`\n  Shabti A2A server listening on ${baseUrl}`);
     console.log(`  Agent Card: ${baseUrl}.well-known/agent-card.json`);

package/src/commands/config.js

@@ -1,9 +1,38 @@
 import chalk from "chalk";
 import { loadConfig, saveConfig, DEFAULT_CONFIG } from "../core/engine.js";
 import { success, error, heading } from "../utils/style.js";
+import { validateQdrantUrl } from "../utils/validate.js";
 
 const ALLOWED_KEYS = Object.keys(DEFAULT_CONFIG);
 
+// キーごとのバリデーター
+const CONFIG_VALIDATORS = {
+  qdrant_url: (value) => {
+    try {
+      const url = new URL(value);
+      if (!["http:", "https:"].includes(url.protocol)) {
+        throw new Error("http://またはhttps://のみ使用できます");
+      }
+    } catch (e) {
+      throw new Error(`qdrant_urlが無効です: ${e.message}`, { cause: e });
+    }
+  },
+  data_dir: (value) => {
+    const { resolve } = require("path");
+    const abs = resolve(value);
+    // 危険なシステムパスを拒否
+    const dangerousPaths = ["/etc", "/usr", "/bin", "/sbin", "/sys", "/proc", "/dev"];
+    if (dangerousPaths.some((p) => abs.startsWith(p))) {
+      throw new Error(`data_dirにシステムパスは指定できません: ${abs}`);
+    }
+  },
+  collection_name: (value) => {
+    if (!/^[a-zA-Z0-9_-]+$/.test(value) || value.length > 256) {
+      throw new Error("collection_nameは英数字、ハイフン、アンダースコアのみ使用できます");
+    }
+  },
+};
+
 export function registerConfig(program) {
   const cmd = program.command("config").description("Manage shabti configuration");
 
@@ -39,10 +68,29 @@ export function registerConfig(program) {
         return;
       }
 
+      if (CONFIG_VALIDATORS[key]) {
+        try {
+          CONFIG_VALIDATORS[key](value);
+        } catch (e) {
+          error(e.message);
+          return;
+        }
+      }
+
       const config = loadConfig();
-      config[key] = value;
+      let validatedValue = value;
+      if (key === "qdrant_url") {
+        try {
+          validatedValue = validateQdrantUrl(value);
+        } catch (err) {
+          error(err.message);
+          process.exitCode = 1;
+          return;
+        }
+      }
+      config[key] = validatedValue;
       saveConfig(config);
-      success(`${key} = ${value}`);
+      success(`${key} = ${validatedValue}`);
     });
 
   cmd

package/src/commands/export.js

@@ -1,4 +1,5 @@
 import { writeFileSync } from "fs";
+import { resolve } from "path";
 import { createEngine } from "../core/engine.js";
 import { success, error } from "../utils/style.js";
 import { parsePositiveInt } from "../utils/validate.js";
@@ -28,8 +29,9 @@ export function registerExport(program) {
         const output = lines.join("\n");
 
         if (opts.output) {
-          writeFileSync(opts.output, output + (lines.length ? "\n" : ""), "utf8");
-          success(`Exported ${entries.length} entries to ${opts.output}`);
+          const absOutput = resolve(opts.output);
+          writeFileSync(absOutput, output + (lines.length ? "\n" : ""), "utf8");
+          success(`Exported ${entries.length} entries to ${absOutput}`);
         } else {
           if (output) console.log(output);
           // Print summary to stderr so it doesn't pollute piped output

package/src/commands/import.js

@@ -1,4 +1,5 @@
 import { readFileSync, existsSync } from "fs";
+import { resolve } from "path";
 import { createEngine } from "../core/engine.js";
 import { success, error, info, warn } from "../utils/style.js";
 
@@ -11,12 +12,13 @@ export function registerImport(program) {
     .option("--dry-run", "Parse and validate without storing")
     .action(async (file, opts) => {
       try {
-        if (!existsSync(file)) {
-          error(`File not found: ${file}`);
+        const absFile = resolve(file);
+        if (!existsSync(absFile)) {
+          error(`File not found: ${absFile}`);
           process.exitCode = 1;
           return;
         }
-        const raw = readFileSync(file, "utf8");
+        const raw = readFileSync(absFile, "utf8");
         const lines = raw
           .split("\n")
           .map((l) => l.trim())

package/src/commands/snapshot.js

@@ -28,6 +28,12 @@ export function registerSnapshot(program) {
     .argument("<id>", "Snapshot ID to restore")
     .action(async (id) => {
       try {
+        // UUIDフォーマット検証
+        const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+        if (!UUID_REGEX.test(id)) {
+          error(`無効なスナップショットID: ${id}（UUID形式で指定してください）`);
+          return;
+        }
         const engine = createEngine();
         engine.snapshotRestore(id);
         success(`Restored from snapshot: ${id}`);

package/src/commands/status.js

@@ -19,8 +19,6 @@ export function registerStatus(program) {
           console.log();
           console.log(`  ${chalk.cyan("Entries:")}     ${status.entryCount}`);
           console.log(`  ${chalk.cyan("Tier:")}        ${status.tier}`);
-          console.log(`  ${chalk.cyan("Qdrant URL:")}  ${status.qdrantUrl}`);
-          console.log(`  ${chalk.cyan("Data Dir:")}    ${status.dataDir}`);
           console.log(`  ${chalk.cyan("Model:")}      ${status.modelId}`);
           console.log();
         }

package/src/core/engine.js

@@ -1,7 +1,8 @@
-import { readFileSync, existsSync, mkdirSync, writeFileSync } from "fs";
+import { readFileSync, existsSync, mkdirSync, writeFileSync, renameSync } from "fs";
 import { createRequire } from "module";
 import { homedir } from "os";
 import { join } from "path";
+import { validateQdrantUrl } from "../utils/validate.js";
 
 const require = createRequire(import.meta.url);
 
@@ -17,7 +18,9 @@ const DEFAULT_CONFIG = {
 /** Env var overrides (highest priority). */
 function envOverrides() {
   const o = {};
-  if (process.env.SHABTI_QDRANT_URL) o.qdrant_url = process.env.SHABTI_QDRANT_URL;
+  if (process.env.SHABTI_QDRANT_URL) {
+    o.qdrant_url = validateQdrantUrl(process.env.SHABTI_QDRANT_URL);
+  }
   return o;
 }
 
@@ -25,7 +28,11 @@ export function loadConfig() {
   let config = DEFAULT_CONFIG;
   if (existsSync(CONFIG_PATH)) {
     try {
-      config = { ...config, ...JSON.parse(readFileSync(CONFIG_PATH, "utf8")) };
+      const saved = JSON.parse(readFileSync(CONFIG_PATH, "utf8"));
+      if (saved.qdrant_url !== undefined) {
+        saved.qdrant_url = validateQdrantUrl(saved.qdrant_url);
+      }
+      config = { ...config, ...saved };
     } catch (_) {
       // keep defaults
     }
@@ -34,13 +41,15 @@ export function loadConfig() {
 }
 
 export function saveConfig(config) {
-  mkdirSync(CONFIG_DIR, { recursive: true });
-  writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
+  mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+  const tmpPath = CONFIG_PATH + ".tmp";
+  writeFileSync(tmpPath, JSON.stringify(config, null, 2), { mode: 0o600 });
+  renameSync(tmpPath, CONFIG_PATH);
 }
 
 export function createEngine(configOverrides = {}) {
   const config = { ...loadConfig(), ...configOverrides };
-  mkdirSync(config.data_dir, { recursive: true });
+  mkdirSync(config.data_dir, { recursive: true, mode: 0o700 });
 
   const { ShabtiEngine } = require("../../native.cjs");
 

package/src/core/session.js

@@ -6,6 +6,10 @@ import { error } from "../utils/style.js";
 const DEFAULT_SYSTEM_PROMPT =
   "You are Shabti, a helpful assistant accessed via CLI. Be concise and direct.";
 
+// 既知の有効なOpenAIモデル名のパターン
+const ALLOWED_MODEL_PATTERN = /^(gpt-[34][- .\w]+|o[12][\w-]*)$/;
+const MAX_HISTORY_TURNS = 50; // 最大50ターン
+
 export class ChatSession {
   #client;
   #messages;
@@ -49,9 +53,22 @@ export class ChatSession {
   }
 
   setModel(model) {
+    if (!ALLOWED_MODEL_PATTERN.test(model)) {
+      throw new Error(`無効なモデル名: ${model}`);
+    }
     this.#model = model;
   }
 
+  #trimHistory() {
+    // システムメッセージは保持、ユーザー/アシスタントのペアを最新N件に制限
+    const systemMessages = this.#messages.filter((m) => m.role === "system");
+    const conversationMessages = this.#messages.filter((m) => m.role !== "system");
+
+    if (conversationMessages.length > MAX_HISTORY_TURNS * 2) {
+      this.#messages = [...systemMessages, ...conversationMessages.slice(-MAX_HISTORY_TURNS * 2)];
+    }
+  }
+
   getModel() {
     return this.#model;
   }
@@ -84,6 +101,7 @@ export class ChatSession {
         }
 
         this.#messages.push({ role: "user", content: trimmed });
+        this.#trimHistory();
 
         try {
           process.stdout.write(chalk.cyan("shabti: "));

package/src/mcp/server.js

@@ -103,6 +103,26 @@ const TOOLS = [
       properties: {},
     },
   },
+  {
+    name: "memory_health",
+    description:
+      "Run health checks on the memory engine (Qdrant connectivity, engine status, embedding model)",
+    inputSchema: {
+      type: "object",
+      properties: {},
+    },
+  },
+  {
+    name: "memory_get",
+    description: "Retrieve a specific memory entry by its UUID",
+    inputSchema: {
+      type: "object",
+      properties: {
+        id: { type: "string", description: "UUID of the memory entry to retrieve" },
+      },
+      required: ["id"],
+    },
+  },
 ];
 
 const RESOURCES = [
@@ -206,7 +226,6 @@ async function handleToolsCall(id, params) {
               entry_count: status.entryCount,
               tier: status.tier,
               model_id: status.modelId,
-              qdrant_url: status.qdrantUrl,
             },
             null,
             2,
@@ -260,8 +279,10 @@ async function handleToolsCall(id, params) {
       const queryObj = { text: normalizeText(query), limit };
       if (args.namespace) queryObj.namespace = args.namespace;
       const results = await eng.executeQuery(queryObj);
+      const formatMemoryEntry = (entry) =>
+        `[MEMORY_START id="${entry.id}"]\n${entry.content}\n[MEMORY_END]`;
       const formatted = results.map((r) => ({
-        content: r.content,
+        content: formatMemoryEntry(r),
         score: r.score,
         id: r.id,
         namespace: r.namespace,
@@ -373,6 +394,78 @@ async function handleToolsCall(id, params) {
     }
   }
 
+  if (name === "memory_health") {
+    const checks = [];
+    const config = loadConfig();
+    const qdrantUrl = config.qdrant_url.replace(/:\d+$/, ":6333");
+    try {
+      const res = await fetch(`${qdrantUrl}/healthz`, {
+        signal: AbortSignal.timeout(3000),
+      });
+      checks.push({
+        name: "qdrant",
+        status: res.ok ? "ok" : "degraded",
+        message: res.ok ? "Reachable" : `HTTP ${res.status}`,
+      });
+    } catch (err) {
+      checks.push({ name: "qdrant", status: "error", message: err.message });
+    }
+
+    if (eng) {
+      try {
+        const status = eng.status();
+        checks.push({
+          name: "engine",
+          status: "ok",
+          message: `${status.entryCount} entries, tier: ${status.tier}`,
+        });
+      } catch (err) {
+        checks.push({ name: "engine", status: "error", message: err.message });
+      }
+      try {
+        const modelId = eng.modelId();
+        checks.push({ name: "embedding", status: "ok", message: modelId });
+      } catch (err) {
+        checks.push({ name: "embedding", status: "error", message: err.message });
+      }
+    } else {
+      checks.push({ name: "engine", status: "error", message: "Engine not available" });
+    }
+
+    const healthy = checks.every((c) => c.status === "ok");
+    return respond(id, {
+      content: [
+        {
+          type: "text",
+          text: JSON.stringify({ healthy, checks }, null, 2),
+        },
+      ],
+    });
+  }
+
+  if (name === "memory_get") {
+    if (!eng) {
+      return respondError(id, -32603, "Engine not available");
+    }
+    const entryId = args?.id;
+    if (!entryId) {
+      return respondError(id, -32602, "Missing required parameter: id");
+    }
+    try {
+      const entry = await eng.get(entryId);
+      return respond(id, {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(entry, null, 2),
+          },
+        ],
+      });
+    } catch (err) {
+      return respondError(id, -32603, err.message);
+    }
+  }
+
   respondError(id, -32601, `Unknown tool: ${name}`);
 }
 
@@ -411,12 +504,17 @@ function handleResourcesRead(id, params) {
 
   if (uri === "shabti://config") {
     const config = loadConfig();
+    // 機密フィールドを除いた安全な設定情報のみ返す
+    const safeConfig = {
+      collection_name: config.collection_name,
+      // qdrant_url, data_dir は公開しない
+    };
     return respond(id, {
       contents: [
         {
           uri,
           mimeType: "application/json",
-          text: JSON.stringify(config),
+          text: JSON.stringify(safeConfig),
         },
       ],
     });
@@ -457,7 +555,10 @@ async function handleRequest(line) {
 const rl = createInterface({ input: process.stdin, terminal: false });
 rl.on("line", (line) => {
   const trimmed = line.trim();
-  if (trimmed) handleRequest(trimmed);
+  if (trimmed && trimmed.length <= 10_000_000) {
+    // 10MB上限
+    handleRequest(trimmed);
+  }
 });
 
 async function shutdown() {

package/src/repl/slashCommands.js

@@ -48,8 +48,12 @@ export function handleSlashCommand(cmd, args, session, rl, engine = null) {
 
     case "/model":
       if (args) {
-        session.setModel(args);
-        success(`Model switched to ${chalk.cyan(args)}`);
+        try {
+          session.setModel(args);
+          success(`Model switched to ${chalk.cyan(args)}`);
+        } catch (err) {
+          error(err.message);
+        }
       } else {
         info(`Current model: ${chalk.cyan(session.getModel())}`);
       }
@@ -132,7 +136,8 @@ async function handleRecall(query, engine) {
       console.log(chalk.dim("  No memories found."));
     } else {
       for (const r of results) {
-        console.log(`  ${chalk.yellow(r.score.toFixed(4))}  ${r.content}`);
+        const formatted = `[MEMORY_START id="${r.id}"]\n${r.content}\n[MEMORY_END]`;
+        console.log(`  ${chalk.yellow(r.score.toFixed(4))}  ${formatted}`);
       }
     }
   } catch (err) {

package/src/utils/validate.js

@@ -52,3 +52,20 @@ export function parsePort(value, name) {
   }
   return n;
 }
+
+/**
+ * qdrant_urlのSSRF防止バリデーション
+ * http/httpsスキームのみ許可し、非ローカルホストの場合は警告を出す
+ */
+export function validateQdrantUrl(raw) {
+  let parsed;
+  try {
+    parsed = new URL(raw);
+  } catch {
+    throw new Error(`無効なqdrant_url: ${raw}`);
+  }
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    throw new Error(`qdrant_urlにはhttp://またはhttps://のみ使用できます: ${raw}`);
+  }
+  return raw;
+}