shabti 2.12.0 → 2.12.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shabti",
-  "version": "2.12.0",
+  "version": "2.12.1",
   "description": "Agent Memory OS — semantic memory for AI agents",
   "type": "module",
   "main": "native.cjs",

package/src/a2a/server.js

@@ -10,8 +10,13 @@ import { normalizeText } from "../utils/normalize.js";
 // ============================================================
 
 export class TaskStore {
-  constructor() {
-    this.tasks = new Map();
+  #tasks = new Map();
+  #maxTasks;
+  #ttlMs;
+
+  constructor({ maxTasks = 1000, ttlMs = 30 * 60 * 1000 } = {}) {
+    this.#maxTasks = maxTasks;
+    this.#ttlMs = ttlMs;
   }
 
   create(contextId) {
@@ -22,21 +27,44 @@ export class TaskStore {
       status: { state: "submitted", timestamp: new Date().toISOString() },
       artifacts: [],
       history: [],
+      createdAt: Date.now(),
     };
-    this.tasks.set(task.id, task);
+    this.#tasks.set(task.id, task);
+
+    if (this.#tasks.size > this.#maxTasks) {
+      this.#evictOldest();
+    }
+
     return task;
   }
 
+  #evictOldest() {
+    const oldest = [...this.#tasks.entries()].sort(([, a], [, b]) => a.createdAt - b.createdAt)[0];
+    if (oldest) this.#tasks.delete(oldest[0]);
+  }
+
+  cleanup() {
+    const now = Date.now();
+    for (const [id, task] of this.#tasks) {
+      if (
+        now - task.createdAt > this.#ttlMs &&
+        ["completed", "canceled", "failed"].includes(task.status.state)
+      ) {
+        this.#tasks.delete(id);
+      }
+    }
+  }
+
   get(id) {
-    return this.tasks.get(id) || null;
+    return this.#tasks.get(id) || null;
   }
 
   set(id, task) {
-    this.tasks.set(id, task);
+    this.#tasks.set(id, task);
   }
 
   clear() {
-    this.tasks.clear();
+    this.#tasks.clear();
   }
 }
 
@@ -403,10 +431,19 @@ function handleTasksCancel(taskStore, params) {
 // HTTP Server
 // ============================================================
 
-function readBody(req) {
+function readBody(req, maxBytes = 1_048_576) {
+  // デフォルト1MB上限
   return new Promise((resolve, reject) => {
     const chunks = [];
-    req.on("data", (c) => chunks.push(c));
+    let total = 0;
+    req.on("data", (c) => {
+      total += c.length;
+      if (total > maxBytes) {
+        req.destroy();
+        return reject(new Error("リクエストボディが大きすぎます"));
+      }
+      chunks.push(c);
+    });
     req.on("end", () => resolve(Buffer.concat(chunks).toString()));
     req.on("error", reject);
   });
@@ -434,17 +471,30 @@ export function startA2AServer(port = 3000) {
   const agentCard = buildAgentCard(baseUrl);
   const taskStore = new TaskStore();
 
+  const cleanupInterval = setInterval(() => taskStore.cleanup(), 5 * 60 * 1000);
+
   const server = createServer(async (req, res) => {
-    // CORS headers
-    res.setHeader("Access-Control-Allow-Origin", "*");
+    // CORS headers — restrict to null (no browser cross-origin access needed for localhost)
+    res.setHeader("Access-Control-Allow-Origin", "null");
     res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
 
     if (req.method === "OPTIONS") {
       res.writeHead(204);
       return res.end();
     }
 
+    // Bearer Token authentication
+    const a2aToken = process.env.SHABTI_A2A_TOKEN;
+    if (a2aToken) {
+      const authHeader = req.headers["authorization"] || "";
+      if (!authHeader.startsWith("Bearer ") || authHeader.slice(7) !== a2aToken) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Unauthorized" }));
+        return;
+      }
+    }
+
     // Agent Card discovery
     if (req.method === "GET" && req.url === "/.well-known/agent-card.json") {
       res.writeHead(200, { "Content-Type": "application/json" });
@@ -495,6 +545,8 @@ export function startA2AServer(port = 3000) {
     res.end("Not Found");
   });
 
+  server.on("close", () => clearInterval(cleanupInterval));
+
   server.listen(port, "127.0.0.1", () => {
     console.log(`\n  Shabti A2A server listening on ${baseUrl}`);
     console.log(`  Agent Card: ${baseUrl}.well-known/agent-card.json`);

package/src/commands/config.js

@@ -1,9 +1,38 @@
 import chalk from "chalk";
 import { loadConfig, saveConfig, DEFAULT_CONFIG } from "../core/engine.js";
 import { success, error, heading } from "../utils/style.js";
+import { validateQdrantUrl } from "../utils/validate.js";
 
 const ALLOWED_KEYS = Object.keys(DEFAULT_CONFIG);
 
+// キーごとのバリデーター
+const CONFIG_VALIDATORS = {
+  qdrant_url: (value) => {
+    try {
+      const url = new URL(value);
+      if (!["http:", "https:"].includes(url.protocol)) {
+        throw new Error("http://またはhttps://のみ使用できます");
+      }
+    } catch (e) {
+      throw new Error(`qdrant_urlが無効です: ${e.message}`, { cause: e });
+    }
+  },
+  data_dir: (value) => {
+    const { resolve } = require("path");
+    const abs = resolve(value);
+    // 危険なシステムパスを拒否
+    const dangerousPaths = ["/etc", "/usr", "/bin", "/sbin", "/sys", "/proc", "/dev"];
+    if (dangerousPaths.some((p) => abs.startsWith(p))) {
+      throw new Error(`data_dirにシステムパスは指定できません: ${abs}`);
+    }
+  },
+  collection_name: (value) => {
+    if (!/^[a-zA-Z0-9_-]+$/.test(value) || value.length > 256) {
+      throw new Error("collection_nameは英数字、ハイフン、アンダースコアのみ使用できます");
+    }
+  },
+};
+
 export function registerConfig(program) {
   const cmd = program.command("config").description("Manage shabti configuration");
 
@@ -39,10 +68,29 @@ export function registerConfig(program) {
         return;
       }
 
+      if (CONFIG_VALIDATORS[key]) {
+        try {
+          CONFIG_VALIDATORS[key](value);
+        } catch (e) {
+          error(e.message);
+          return;
+        }
+      }
+
       const config = loadConfig();
-      config[key] = value;
+      let validatedValue = value;
+      if (key === "qdrant_url") {
+        try {
+          validatedValue = validateQdrantUrl(value);
+        } catch (err) {
+          error(err.message);
+          process.exitCode = 1;
+          return;
+        }
+      }
+      config[key] = validatedValue;
       saveConfig(config);
-      success(`${key} = ${value}`);
+      success(`${key} = ${validatedValue}`);
     });
 
   cmd

package/src/commands/export.js

@@ -1,4 +1,5 @@
 import { writeFileSync } from "fs";
+import { resolve } from "path";
 import { createEngine } from "../core/engine.js";
 import { success, error } from "../utils/style.js";
 import { parsePositiveInt } from "../utils/validate.js";
@@ -28,8 +29,9 @@ export function registerExport(program) {
         const output = lines.join("\n");
 
         if (opts.output) {
-          writeFileSync(opts.output, output + (lines.length ? "\n" : ""), "utf8");
-          success(`Exported ${entries.length} entries to ${opts.output}`);
+          const absOutput = resolve(opts.output);
+          writeFileSync(absOutput, output + (lines.length ? "\n" : ""), "utf8");
+          success(`Exported ${entries.length} entries to ${absOutput}`);
         } else {
           if (output) console.log(output);
           // Print summary to stderr so it doesn't pollute piped output

package/src/commands/import.js

@@ -1,4 +1,5 @@
 import { readFileSync, existsSync } from "fs";
+import { resolve } from "path";
 import { createEngine } from "../core/engine.js";
 import { success, error, info, warn } from "../utils/style.js";
 
@@ -11,12 +12,13 @@ export function registerImport(program) {
     .option("--dry-run", "Parse and validate without storing")
     .action(async (file, opts) => {
       try {
-        if (!existsSync(file)) {
-          error(`File not found: ${file}`);
+        const absFile = resolve(file);
+        if (!existsSync(absFile)) {
+          error(`File not found: ${absFile}`);
           process.exitCode = 1;
           return;
         }
-        const raw = readFileSync(file, "utf8");
+        const raw = readFileSync(absFile, "utf8");
         const lines = raw
           .split("\n")
           .map((l) => l.trim())

package/src/commands/snapshot.js

@@ -28,6 +28,12 @@ export function registerSnapshot(program) {
     .argument("<id>", "Snapshot ID to restore")
     .action(async (id) => {
       try {
+        // UUIDフォーマット検証
+        const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+        if (!UUID_REGEX.test(id)) {
+          error(`無効なスナップショットID: ${id}（UUID形式で指定してください）`);
+          return;
+        }
         const engine = createEngine();
         engine.snapshotRestore(id);
         success(`Restored from snapshot: ${id}`);

package/src/commands/status.js

@@ -19,8 +19,6 @@ export function registerStatus(program) {
           console.log();
           console.log(`  ${chalk.cyan("Entries:")}     ${status.entryCount}`);
           console.log(`  ${chalk.cyan("Tier:")}        ${status.tier}`);
-          console.log(`  ${chalk.cyan("Qdrant URL:")}  ${status.qdrantUrl}`);
-          console.log(`  ${chalk.cyan("Data Dir:")}    ${status.dataDir}`);
           console.log(`  ${chalk.cyan("Model:")}      ${status.modelId}`);
           console.log();
         }

package/src/core/engine.js

@@ -1,7 +1,8 @@
-import { readFileSync, existsSync, mkdirSync, writeFileSync } from "fs";
+import { readFileSync, existsSync, mkdirSync, writeFileSync, renameSync } from "fs";
 import { createRequire } from "module";
 import { homedir } from "os";
 import { join } from "path";
+import { validateQdrantUrl } from "../utils/validate.js";
 
 const require = createRequire(import.meta.url);
 
@@ -17,7 +18,9 @@ const DEFAULT_CONFIG = {
 /** Env var overrides (highest priority). */
 function envOverrides() {
   const o = {};
-  if (process.env.SHABTI_QDRANT_URL) o.qdrant_url = process.env.SHABTI_QDRANT_URL;
+  if (process.env.SHABTI_QDRANT_URL) {
+    o.qdrant_url = validateQdrantUrl(process.env.SHABTI_QDRANT_URL);
+  }
   return o;
 }
 
@@ -25,7 +28,11 @@ export function loadConfig() {
   let config = DEFAULT_CONFIG;
   if (existsSync(CONFIG_PATH)) {
     try {
-      config = { ...config, ...JSON.parse(readFileSync(CONFIG_PATH, "utf8")) };
+      const saved = JSON.parse(readFileSync(CONFIG_PATH, "utf8"));
+      if (saved.qdrant_url !== undefined) {
+        saved.qdrant_url = validateQdrantUrl(saved.qdrant_url);
+      }
+      config = { ...config, ...saved };
     } catch (_) {
       // keep defaults
     }
@@ -34,13 +41,15 @@ export function loadConfig() {
 }
 
 export function saveConfig(config) {
-  mkdirSync(CONFIG_DIR, { recursive: true });
-  writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
+  mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+  const tmpPath = CONFIG_PATH + ".tmp";
+  writeFileSync(tmpPath, JSON.stringify(config, null, 2), { mode: 0o600 });
+  renameSync(tmpPath, CONFIG_PATH);
 }
 
 export function createEngine(configOverrides = {}) {
   const config = { ...loadConfig(), ...configOverrides };
-  mkdirSync(config.data_dir, { recursive: true });
+  mkdirSync(config.data_dir, { recursive: true, mode: 0o700 });
 
   const { ShabtiEngine } = require("../../native.cjs");
 

package/src/core/session.js

@@ -6,6 +6,10 @@ import { error } from "../utils/style.js";
 const DEFAULT_SYSTEM_PROMPT =
   "You are Shabti, a helpful assistant accessed via CLI. Be concise and direct.";
 
+// 既知の有効なOpenAIモデル名のパターン
+const ALLOWED_MODEL_PATTERN = /^(gpt-[34][- .\w]+|o[12][\w-]*)$/;
+const MAX_HISTORY_TURNS = 50; // 最大50ターン
+
 export class ChatSession {
   #client;
   #messages;
@@ -49,9 +53,22 @@ export class ChatSession {
   }
 
   setModel(model) {
+    if (!ALLOWED_MODEL_PATTERN.test(model)) {
+      throw new Error(`無効なモデル名: ${model}`);
+    }
     this.#model = model;
   }
 
+  #trimHistory() {
+    // システムメッセージは保持、ユーザー/アシスタントのペアを最新N件に制限
+    const systemMessages = this.#messages.filter((m) => m.role === "system");
+    const conversationMessages = this.#messages.filter((m) => m.role !== "system");
+
+    if (conversationMessages.length > MAX_HISTORY_TURNS * 2) {
+      this.#messages = [...systemMessages, ...conversationMessages.slice(-MAX_HISTORY_TURNS * 2)];
+    }
+  }
+
   getModel() {
     return this.#model;
   }
@@ -84,6 +101,7 @@ export class ChatSession {
         }
 
         this.#messages.push({ role: "user", content: trimmed });
+        this.#trimHistory();
 
         try {
           process.stdout.write(chalk.cyan("shabti: "));

package/src/mcp/server.js

@@ -226,7 +226,6 @@ async function handleToolsCall(id, params) {
               entry_count: status.entryCount,
               tier: status.tier,
               model_id: status.modelId,
-              qdrant_url: status.qdrantUrl,
             },
             null,
             2,
@@ -280,8 +279,10 @@ async function handleToolsCall(id, params) {
       const queryObj = { text: normalizeText(query), limit };
       if (args.namespace) queryObj.namespace = args.namespace;
       const results = await eng.executeQuery(queryObj);
+      const formatMemoryEntry = (entry) =>
+        `[MEMORY_START id="${entry.id}"]\n${entry.content}\n[MEMORY_END]`;
       const formatted = results.map((r) => ({
-        content: r.content,
+        content: formatMemoryEntry(r),
         score: r.score,
         id: r.id,
         namespace: r.namespace,
@@ -503,12 +504,17 @@ function handleResourcesRead(id, params) {
 
   if (uri === "shabti://config") {
     const config = loadConfig();
+    // 機密フィールドを除いた安全な設定情報のみ返す
+    const safeConfig = {
+      collection_name: config.collection_name,
+      // qdrant_url, data_dir は公開しない
+    };
     return respond(id, {
       contents: [
         {
           uri,
           mimeType: "application/json",
-          text: JSON.stringify(config),
+          text: JSON.stringify(safeConfig),
         },
       ],
     });
@@ -549,7 +555,10 @@ async function handleRequest(line) {
 const rl = createInterface({ input: process.stdin, terminal: false });
 rl.on("line", (line) => {
   const trimmed = line.trim();
-  if (trimmed) handleRequest(trimmed);
+  if (trimmed && trimmed.length <= 10_000_000) {
+    // 10MB上限
+    handleRequest(trimmed);
+  }
 });
 
 async function shutdown() {

package/src/repl/slashCommands.js

@@ -48,8 +48,12 @@ export function handleSlashCommand(cmd, args, session, rl, engine = null) {
 
     case "/model":
       if (args) {
-        session.setModel(args);
-        success(`Model switched to ${chalk.cyan(args)}`);
+        try {
+          session.setModel(args);
+          success(`Model switched to ${chalk.cyan(args)}`);
+        } catch (err) {
+          error(err.message);
+        }
       } else {
         info(`Current model: ${chalk.cyan(session.getModel())}`);
       }
@@ -132,7 +136,8 @@ async function handleRecall(query, engine) {
       console.log(chalk.dim("  No memories found."));
     } else {
       for (const r of results) {
-        console.log(`  ${chalk.yellow(r.score.toFixed(4))}  ${r.content}`);
+        const formatted = `[MEMORY_START id="${r.id}"]\n${r.content}\n[MEMORY_END]`;
+        console.log(`  ${chalk.yellow(r.score.toFixed(4))}  ${formatted}`);
       }
     }
   } catch (err) {

package/src/utils/validate.js

@@ -52,3 +52,20 @@ export function parsePort(value, name) {
   }
   return n;
 }
+
+/**
+ * qdrant_urlのSSRF防止バリデーション
+ * http/httpsスキームのみ許可し、非ローカルホストの場合は警告を出す
+ */
+export function validateQdrantUrl(raw) {
+  let parsed;
+  try {
+    parsed = new URL(raw);
+  } catch {
+    throw new Error(`無効なqdrant_url: ${raw}`);
+  }
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    throw new Error(`qdrant_urlにはhttp://またはhttps://のみ使用できます: ${raw}`);
+  }
+  return raw;
+}