superlocalmemory 2.5.1 → 2.6.0

package/src/memory-reset.py

@@ -81,9 +81,13 @@ class MemoryReset:
             'sessions'
         ]
 
+        VALID_TABLES = frozenset(tables)  # Whitelist from hardcoded list above
+
         for table in tables:
             try:
-                cursor.execute(f'DELETE FROM {table}')
+                if table not in VALID_TABLES:
+                    raise ValueError(f"Invalid table name: {table}")
+                cursor.execute(f'DELETE FROM {table}')  # Safe: validated against whitelist
                 count = cursor.rowcount
                 print(f"  ✓ Cleared {table}: {count} rows deleted")
             except sqlite3.OperationalError as e:
@@ -141,12 +145,18 @@ class MemoryReset:
             'archive': ['memory_archive']
         }
 
+        VALID_LAYER_TABLES = frozenset(
+            t for tables_list in layer_tables.values() for t in tables_list
+        )  # Whitelist from hardcoded dict above
+
         for layer in layers:
             if layer in layer_tables:
                 print(f"\n  Clearing Layer: {layer.upper()}")
                 for table in layer_tables[layer]:
                     try:
-                        cursor.execute(f'DELETE FROM {table}')
+                        if table not in VALID_LAYER_TABLES:
+                            raise ValueError(f"Invalid table name: {table}")
+                        cursor.execute(f'DELETE FROM {table}')  # Safe: validated against whitelist
                         count = cursor.rowcount
                         print(f"    ✓ Cleared {table}: {count} rows")
                     except sqlite3.OperationalError as e:
@@ -378,10 +388,14 @@ class MemoryReset:
             'Archived Memories': 'memory_archive'
         }
 
+        VALID_STAT_TABLES = frozenset(tables.values())  # Whitelist from hardcoded dict above
+
         print("\nTable Statistics:")
         for name, table in tables.items():
             try:
-                cursor.execute(f'SELECT COUNT(*) FROM {table}')
+                if table not in VALID_STAT_TABLES:
+                    raise ValueError(f"Invalid table name: {table}")
+                cursor.execute(f'SELECT COUNT(*) FROM {table}')  # Safe: validated against whitelist
                 count = cursor.fetchone()[0]
                 print(f"  {name:20s}: {count:>5} rows")
             except sqlite3.OperationalError:

package/src/memory_store_v2.py

@@ -66,6 +66,9 @@ try:
 except ImportError:
     SKLEARN_AVAILABLE = False
 
+import logging
+logger = logging.getLogger(__name__)
+
 MEMORY_DIR = Path.home() / ".claude-memory"
 DB_PATH = MEMORY_DIR / "memory.db"
 VECTORS_PATH = MEMORY_DIR / "vectors"
@@ -137,8 +140,22 @@ class MemoryStoreV2:
         self.vectorizer = None
         self.vectors = None
         self.memory_ids = []
+        self._last_vector_count = 0
         self._load_vectors()
 
+        # HNSW index for O(log n) search (v2.6, optional)
+        self._hnsw_index = None
+        try:
+            from hnsw_index import HNSWIndex
+            if self.vectors is not None and len(self.memory_ids) > 0:
+                dim = self.vectors.shape[1]
+                self._hnsw_index = HNSWIndex(dimension=dim, max_elements=max(len(self.memory_ids) * 2, 1000))
+                self._hnsw_index.build(self.vectors.toarray() if hasattr(self.vectors, 'toarray') else self.vectors, self.memory_ids)
+                logger.info("HNSW index built with %d vectors", len(self.memory_ids))
+        except (ImportError, Exception) as e:
+            logger.debug("HNSW index not available: %s", e)
+            self._hnsw_index = None
+
     # =========================================================================
     # Connection helpers — abstract ConnectionManager vs direct sqlite3
     # =========================================================================
@@ -227,6 +244,14 @@ class MemoryStoreV2:
         def _do_init(conn):
             cursor = conn.cursor()
 
+            # Database integrity check (v2.6: detect corruption early)
+            try:
+                result = cursor.execute('PRAGMA quick_check').fetchone()
+                if result[0] != 'ok':
+                    logger.warning("Database integrity issue detected: %s", result[0])
+            except Exception:
+                logger.warning("Could not run database integrity check")
+
             # Check if we need to add V2 columns to existing table
             cursor.execute("PRAGMA table_info(memories)")
             existing_columns = {row[1] for row in cursor.fetchall()}
@@ -520,7 +545,7 @@ class MemoryStoreV2:
 
         # Emit event (v2.5 — Event Bus)
         self._emit_event("memory.created", memory_id=memory_id,
-                         content_preview=content[:100], tags=tags,
+                         content_preview="[redacted]", tags=tags,
                          project=project_name, importance=importance)
 
         # Record provenance (v2.5 — who created this memory)
@@ -600,8 +625,34 @@ class MemoryStoreV2:
         active_profile = self._get_active_profile()
 
         with self._read_connection() as conn:
-            # Method 1: TF-IDF semantic search
+            # Method 0: HNSW accelerated search (O(log n), v2.6)
+            _hnsw_used = False
             if SKLEARN_AVAILABLE and self.vectorizer is not None and self.vectors is not None:
+                try:
+                    from hnsw_index import HNSWIndex
+                    if hasattr(self, '_hnsw_index') and self._hnsw_index is not None:
+                        query_vec = self.vectorizer.transform([query]).toarray().flatten()
+                        hnsw_results = self._hnsw_index.search(query_vec, k=limit * 2)
+                        cursor = conn.cursor()
+                        for memory_id, score in hnsw_results:
+                            if score > 0.05:
+                                cursor.execute('''
+                                    SELECT id, content, summary, project_path, project_name, tags,
+                                           category, parent_id, tree_path, depth,
+                                           memory_type, importance, created_at, cluster_id,
+                                           last_accessed, access_count
+                                    FROM memories WHERE id = ? AND profile = ?
+                                ''', (memory_id, active_profile))
+                                row = cursor.fetchone()
+                                if row and self._apply_filters(row, project_path, memory_type,
+                                                              category, cluster_id, min_importance):
+                                    results.append(self._row_to_dict(row, score, 'hnsw'))
+                        _hnsw_used = len(results) > 0
+                except (ImportError, Exception):
+                    pass  # HNSW not available, fall through to TF-IDF
+
+            # Method 1: TF-IDF semantic search (fallback if HNSW unavailable or returned no results)
+            if not _hnsw_used and SKLEARN_AVAILABLE and self.vectorizer is not None and self.vectors is not None:
                 try:
                     query_vec = self.vectorizer.transform([query])
                     similarities = cosine_similarity(query_vec, self.vectors).flatten()
@@ -865,6 +916,25 @@ class MemoryStoreV2:
         if not SKLEARN_AVAILABLE:
             return
 
+        # Incremental optimization: skip rebuild if memory count hasn't changed much (v2.6)
+        if hasattr(self, '_last_vector_count') and self._last_vector_count > 0:
+            with self._read_connection() as conn:
+                cursor = conn.cursor()
+                active_profile = self._get_active_profile()
+                cursor.execute("PRAGMA table_info(memories)")
+                columns = {row[1] for row in cursor.fetchall()}
+                if 'profile' in columns:
+                    cursor.execute('SELECT COUNT(*) FROM memories WHERE profile = ?', (active_profile,))
+                else:
+                    cursor.execute('SELECT COUNT(*) FROM memories')
+                current_count = cursor.fetchone()[0]
+
+            # Only rebuild if count changed by more than 5% or is the first few memories
+            if self._last_vector_count > 10:
+                change_ratio = abs(current_count - self._last_vector_count) / self._last_vector_count
+                if change_ratio < 0.05:
+                    return  # Skip rebuild — vectors are still accurate enough
+
         active_profile = self._get_active_profile()
 
         with self._read_connection() as conn:
@@ -903,6 +973,7 @@ class MemoryStoreV2:
             ngram_range=(1, 2)
         )
         self.vectors = self.vectorizer.fit_transform(texts)
+        self._last_vector_count = len(self.memory_ids)
 
         # Save memory IDs as JSON (safe serialization)
         self.vectors_path.mkdir(exist_ok=True)
@@ -944,7 +1015,8 @@ class MemoryStoreV2:
         return results
 
     def get_by_id(self, memory_id: int) -> Optional[Dict[str, Any]]:
-        """Get a specific memory by ID (V1 compatible)."""
+        """Get a specific memory by ID (V1 compatible, profile-aware)."""
+        active_profile = self._get_active_profile()
         with self._read_connection() as conn:
             cursor = conn.cursor()
 
@@ -952,8 +1024,8 @@ class MemoryStoreV2:
                 SELECT id, content, summary, project_path, project_name, tags,
                        category, parent_id, tree_path, depth, memory_type, importance,
                        created_at, cluster_id, last_accessed, access_count
-                FROM memories WHERE id = ?
-            ''', (memory_id,))
+                FROM memories WHERE id = ? AND profile = ?
+            ''', (memory_id, active_profile))
 
             row = cursor.fetchone()
 
@@ -966,10 +1038,11 @@ class MemoryStoreV2:
         return self._row_to_dict(row, 1.0, 'direct')
 
     def delete_memory(self, memory_id: int) -> bool:
-        """Delete a specific memory (V1 compatible)."""
+        """Delete a specific memory (V1 compatible, profile-aware)."""
+        active_profile = self._get_active_profile()
         def _do_delete(conn):
             cursor = conn.cursor()
-            cursor.execute('DELETE FROM memories WHERE id = ?', (memory_id,))
+            cursor.execute('DELETE FROM memories WHERE id = ? AND profile = ?', (memory_id, active_profile))
             deleted = cursor.rowcount > 0
             conn.commit()
             return deleted

package/src/rate_limiter.py

@@ -0,0 +1,87 @@
+#!/usr/bin/env python3
+"""
+SuperLocalMemory V2 - Rate Limiter
+Copyright (c) 2026 Varun Pratap Bhardwaj
+Licensed under MIT License
+"""
+
+"""
+Lightweight rate limiter using sliding window algorithm.
+Pure stdlib — no external dependencies.
+
+Defaults:
+    Write endpoints: 100 req/min per IP
+    Read endpoints: 300 req/min per IP
+
+Configurable via environment variables:
+    SLM_RATE_LIMIT_WRITE=100
+    SLM_RATE_LIMIT_READ=300
+    SLM_RATE_LIMIT_WINDOW=60
+"""
+
+import os
+import time
+import threading
+from collections import defaultdict
+from typing import Tuple
+
+import logging
+logger = logging.getLogger("superlocalmemory.ratelimit")
+
+# Configurable via env vars
+WRITE_LIMIT = int(os.environ.get('SLM_RATE_LIMIT_WRITE', '100'))
+READ_LIMIT = int(os.environ.get('SLM_RATE_LIMIT_READ', '300'))
+WINDOW_SECONDS = int(os.environ.get('SLM_RATE_LIMIT_WINDOW', '60'))
+
+
+class RateLimiter:
+    """Thread-safe sliding window rate limiter."""
+
+    def __init__(self, max_requests: int = 100, window_seconds: int = 60):
+        self.max_requests = max_requests
+        self.window = window_seconds
+        self._requests: dict = defaultdict(list)
+        self._lock = threading.Lock()
+
+    def is_allowed(self, client_id: str) -> Tuple[bool, int]:
+        """
+        Check if request is allowed for this client.
+
+        Returns:
+            (allowed: bool, remaining: int) — whether request is allowed
+            and how many requests remain in the window
+        """
+        now = time.time()
+        cutoff = now - self.window
+
+        with self._lock:
+            # Remove expired entries
+            self._requests[client_id] = [
+                t for t in self._requests[client_id] if t > cutoff
+            ]
+
+            current = len(self._requests[client_id])
+
+            if current >= self.max_requests:
+                return False, 0
+
+            self._requests[client_id].append(now)
+            return True, self.max_requests - current - 1
+
+    def cleanup(self):
+        """Remove stale entries for clients that haven't made requests recently."""
+        now = time.time()
+        cutoff = now - self.window * 2  # Keep 2 windows of data
+
+        with self._lock:
+            stale_keys = [
+                k for k, v in self._requests.items()
+                if not v or max(v) < cutoff
+            ]
+            for k in stale_keys:
+                del self._requests[k]
+
+
+# Singleton instances for write and read endpoints
+write_limiter = RateLimiter(max_requests=WRITE_LIMIT, window_seconds=WINDOW_SECONDS)
+read_limiter = RateLimiter(max_requests=READ_LIMIT, window_seconds=WINDOW_SECONDS)

package/src/trust_scorer.py

@@ -20,13 +20,14 @@ v2.5 BEHAVIOR (this version):
     - Trust scores are updated in agent_registry.trust_score
     - Dashboard shows scores but they don't affect recall ordering yet
 
-v2.6 BEHAVIOR (future):
+v2.6 BEHAVIOR (this version):
     - Trust scores visible in dashboard
-    - Recall results ranked by trust (higher trust = higher in results)
+    - Active enforcement: agents with trust < 0.3 blocked from write/delete operations
+    - Quarantine and admin approval deferred to v3.0
 
 v3.0 BEHAVIOR (future):
-    - Active enforcement: quarantine low-trust memories, rate limiting
-    - Admin approval for untrusted agents
+    - Quarantine low-trust memories for manual review
+    - Admin approval workflow for untrusted agents
 
 Trust Signals (all silently collected):
     POSITIVE (increase trust):
@@ -200,7 +201,7 @@ class TrustScorer:
         agent_id: str,
         signal_type: str,
         context: Optional[dict] = None,
-    ):
+    ) -> bool:
         """
         Record a trust signal for an agent.
 
@@ -376,6 +377,37 @@ class TrustScorer:
         score = self._get_agent_trust(agent_id)
         return score if score is not None else 1.0
 
+    def check_trust(self, agent_id: str, operation: str = "write") -> bool:
+        """
+        Check if agent is trusted enough for the given operation.
+
+        v2.6 enforcement: blocks write/delete for agents with trust < 0.3.
+        New agents start at 1.0 — only repeated bad behavior triggers blocking.
+
+        Args:
+            agent_id: The agent identifier
+            operation: One of "read", "write", "delete"
+
+        Returns:
+            True if operation is allowed, False if blocked
+        """
+        if operation == "read":
+            return True  # Reads are always allowed
+
+        score = self._get_agent_trust(agent_id)
+        if score is None:
+            return True  # Unknown agent = first-time = allowed (starts at 1.0)
+
+        threshold = 0.3  # Block write/delete below this
+        if score < threshold:
+            logger.warning(
+                "Trust enforcement: agent '%s' blocked from '%s' (trust=%.2f < %.2f)",
+                agent_id, operation, score, threshold
+            )
+            return False
+
+        return True
+
     def get_signals(self, agent_id: str, limit: int = 50) -> List[dict]:
         """Get recent trust signals for an agent."""
         try:
@@ -448,7 +480,7 @@ class TrustScorer:
                 "by_signal_type": by_type,
                 "by_agent": by_agent,
                 "avg_trust_score": round(avg, 4) if avg else 1.0,
-                "enforcement": "disabled (v2.5 — silent collection only)",
+                "enforcement": "enabled (v2.6 — write/delete blocked below 0.3 trust)",
             }
 
         except Exception as e:

package/src/webhook_dispatcher.py

@@ -24,10 +24,13 @@ Security:
     - No private/internal IP blocking in v2.5 (added in v2.6 with trust enforcement)
 """
 
+import ipaddress
 import json
 import logging
+import socket
 import threading
 import time
+import urllib.parse
 from queue import Queue, Empty
 from typing import Optional, Dict
 from datetime import datetime
@@ -49,6 +52,16 @@ except ImportError:
     HTTP_AVAILABLE = False
 
 
+def _is_private_ip(hostname: str) -> bool:
+    """Check if hostname resolves to a private/internal IP address."""
+    try:
+        ip_str = socket.gethostbyname(hostname)
+        ip = ipaddress.ip_address(ip_str)
+        return ip.is_private or ip.is_loopback or ip.is_link_local or ip.is_reserved
+    except (socket.gaierror, ValueError):
+        return False  # DNS resolution failed — allow (might be valid external hostname)
+
+
 class WebhookDispatcher:
     """
     Background webhook delivery with retry logic.
@@ -119,6 +132,10 @@ class WebhookDispatcher:
         if not webhook_url or not (webhook_url.startswith("http://") or webhook_url.startswith("https://")):
             raise ValueError(f"Invalid webhook URL: {webhook_url}")
 
+        parsed = urllib.parse.urlparse(webhook_url)
+        if parsed.hostname and _is_private_ip(parsed.hostname):
+            raise ValueError(f"Webhook URL points to private/internal network: {webhook_url}")
+
         try:
             self._queue.put_nowait({
                 "event": event,

package/ui_server.py

@@ -64,13 +64,67 @@ app = FastAPI(
 # Middleware
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["http://localhost:*", "http://127.0.0.1:*"],
+    allow_origins=[
+        "http://localhost:8765",    # Dashboard
+        "http://127.0.0.1:8765",
+        "http://localhost:8417",    # MCP
+        "http://127.0.0.1:8417",
+        "http://localhost:8766",    # A2A (planned)
+        "http://127.0.0.1:8766",
+    ],
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
 )
 app.add_middleware(GZipMiddleware, minimum_size=1000)
 
+# Rate limiting (v2.6)
+try:
+    from rate_limiter import write_limiter, read_limiter
+
+    @app.middleware("http")
+    async def rate_limit_middleware(request, call_next):
+        client_ip = request.client.host if request.client else "unknown"
+
+        # Determine if this is a write or read endpoint
+        is_write = request.method in ("POST", "PUT", "DELETE", "PATCH")
+        limiter = write_limiter if is_write else read_limiter
+
+        allowed, remaining = limiter.is_allowed(client_ip)
+        if not allowed:
+            from fastapi.responses import JSONResponse
+            return JSONResponse(
+                status_code=429,
+                content={"error": "Too many requests. Please slow down."},
+                headers={"Retry-After": str(limiter.window)}
+            )
+
+        response = await call_next(request)
+        response.headers["X-RateLimit-Remaining"] = str(remaining)
+        return response
+
+except ImportError:
+    pass  # Rate limiter not available — continue without it
+
+# Optional API key authentication (v2.6)
+try:
+    from auth_middleware import check_api_key
+
+    @app.middleware("http")
+    async def auth_middleware(request, call_next):
+        is_write = request.method in ("POST", "PUT", "DELETE", "PATCH")
+        headers = dict(request.headers)
+        if not check_api_key(headers, is_write=is_write):
+            from fastapi.responses import JSONResponse
+            return JSONResponse(
+                status_code=401,
+                content={"error": "Invalid or missing API key. Set X-SLM-API-Key header."}
+            )
+        response = await call_next(request)
+        return response
+except ImportError:
+    pass  # Auth middleware not available
+
 # Mount static files (UI directory)
 UI_DIR.mkdir(exist_ok=True)
 app.mount("/static", StaticFiles(directory=str(UI_DIR)), name="static")