npm - superlocalmemory - Versions diffs - 2.7.6 → 2.8.0 - Mend

superlocalmemory 2.7.6 → 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (170) hide show

package/CHANGELOG.md +120 -155
package/README.md +115 -89
package/api_server.py +2 -12
package/docs/PATTERN-LEARNING.md +64 -199
package/docs/example_graph_usage.py +4 -6
package/install.sh +59 -0
package/mcp_server.py +83 -7
package/package.json +1 -8
package/scripts/generate-thumbnails.py +3 -5
package/skills/slm-build-graph/SKILL.md +1 -1
package/skills/slm-list-recent/SKILL.md +1 -1
package/skills/slm-recall/SKILL.md +1 -1
package/skills/slm-remember/SKILL.md +1 -1
package/skills/slm-show-patterns/SKILL.md +1 -1
package/skills/slm-status/SKILL.md +1 -1
package/skills/slm-switch-profile/SKILL.md +1 -1
package/src/agent_registry.py +7 -18
package/src/auth_middleware.py +3 -5
package/src/auto_backup.py +3 -7
package/src/behavioral/__init__.py +49 -0
package/src/behavioral/behavioral_listener.py +203 -0
package/src/behavioral/behavioral_patterns.py +275 -0
package/src/behavioral/cross_project_transfer.py +206 -0
package/src/behavioral/outcome_inference.py +194 -0
package/src/behavioral/outcome_tracker.py +193 -0
package/src/behavioral/tests/__init__.py +4 -0
package/src/behavioral/tests/test_behavioral_integration.py +108 -0
package/src/behavioral/tests/test_behavioral_patterns.py +150 -0
package/src/behavioral/tests/test_cross_project_transfer.py +142 -0
package/src/behavioral/tests/test_mcp_behavioral.py +139 -0
package/src/behavioral/tests/test_mcp_report_outcome.py +117 -0
package/src/behavioral/tests/test_outcome_inference.py +107 -0
package/src/behavioral/tests/test_outcome_tracker.py +96 -0
package/src/cache_manager.py +4 -6
package/src/compliance/__init__.py +48 -0
package/src/compliance/abac_engine.py +149 -0
package/src/compliance/abac_middleware.py +116 -0
package/src/compliance/audit_db.py +215 -0
package/src/compliance/audit_logger.py +148 -0
package/src/compliance/retention_manager.py +289 -0
package/src/compliance/retention_scheduler.py +186 -0
package/src/compliance/tests/__init__.py +4 -0
package/src/compliance/tests/test_abac_enforcement.py +95 -0
package/src/compliance/tests/test_abac_engine.py +124 -0
package/src/compliance/tests/test_abac_mcp_integration.py +118 -0
package/src/compliance/tests/test_audit_db.py +123 -0
package/src/compliance/tests/test_audit_logger.py +98 -0
package/src/compliance/tests/test_mcp_audit.py +128 -0
package/src/compliance/tests/test_mcp_retention_policy.py +125 -0
package/src/compliance/tests/test_retention_manager.py +131 -0
package/src/compliance/tests/test_retention_scheduler.py +99 -0
package/src/db_connection_manager.py +2 -12
package/src/embedding_engine.py +61 -669
package/src/embeddings/__init__.py +47 -0
package/src/embeddings/cache.py +70 -0
package/src/embeddings/cli.py +113 -0
package/src/embeddings/constants.py +47 -0
package/src/embeddings/database.py +91 -0
package/src/embeddings/engine.py +247 -0
package/src/embeddings/model_loader.py +145 -0
package/src/event_bus.py +3 -13
package/src/graph/__init__.py +36 -0
package/src/graph/build_helpers.py +74 -0
package/src/graph/cli.py +87 -0
package/src/graph/cluster_builder.py +188 -0
package/src/graph/cluster_summary.py +148 -0
package/src/graph/constants.py +47 -0
package/src/graph/edge_builder.py +162 -0
package/src/graph/entity_extractor.py +95 -0
package/src/graph/graph_core.py +226 -0
package/src/graph/graph_search.py +231 -0
package/src/graph/hierarchical.py +207 -0
package/src/graph/schema.py +99 -0
package/src/graph_engine.py +45 -1451
package/src/hnsw_index.py +3 -7
package/src/hybrid_search.py +36 -683
package/src/learning/__init__.py +27 -12
package/src/learning/adaptive_ranker.py +50 -12
package/src/learning/cross_project_aggregator.py +2 -12
package/src/learning/engagement_tracker.py +2 -12
package/src/learning/feature_extractor.py +175 -43
package/src/learning/feedback_collector.py +7 -12
package/src/learning/learning_db.py +180 -12
package/src/learning/project_context_manager.py +2 -12
package/src/learning/source_quality_scorer.py +2 -12
package/src/learning/synthetic_bootstrap.py +2 -12
package/src/learning/tests/__init__.py +2 -0
package/src/learning/tests/test_adaptive_ranker.py +2 -6
package/src/learning/tests/test_adaptive_ranker_v28.py +60 -0
package/src/learning/tests/test_aggregator.py +2 -6
package/src/learning/tests/test_auto_retrain_v28.py +35 -0
package/src/learning/tests/test_e2e_ranking_v28.py +82 -0
package/src/learning/tests/test_feature_extractor_v28.py +93 -0
package/src/learning/tests/test_feedback_collector.py +2 -6
package/src/learning/tests/test_learning_db.py +2 -6
package/src/learning/tests/test_learning_db_v28.py +110 -0
package/src/learning/tests/test_learning_init_v28.py +48 -0
package/src/learning/tests/test_outcome_signals.py +48 -0
package/src/learning/tests/test_project_context.py +2 -6
package/src/learning/tests/test_schema_migration.py +319 -0
package/src/learning/tests/test_signal_inference.py +11 -13
package/src/learning/tests/test_source_quality.py +2 -6
package/src/learning/tests/test_synthetic_bootstrap.py +3 -7
package/src/learning/tests/test_workflow_miner.py +2 -6
package/src/learning/workflow_pattern_miner.py +2 -12
package/src/lifecycle/__init__.py +54 -0
package/src/lifecycle/bounded_growth.py +239 -0
package/src/lifecycle/compaction_engine.py +226 -0
package/src/lifecycle/lifecycle_engine.py +302 -0
package/src/lifecycle/lifecycle_evaluator.py +225 -0
package/src/lifecycle/lifecycle_scheduler.py +130 -0
package/src/lifecycle/retention_policy.py +285 -0
package/src/lifecycle/tests/__init__.py +4 -0
package/src/lifecycle/tests/test_bounded_growth.py +193 -0
package/src/lifecycle/tests/test_compaction.py +179 -0
package/src/lifecycle/tests/test_lifecycle_engine.py +137 -0
package/src/lifecycle/tests/test_lifecycle_evaluation.py +177 -0
package/src/lifecycle/tests/test_lifecycle_scheduler.py +127 -0
package/src/lifecycle/tests/test_lifecycle_search.py +109 -0
package/src/lifecycle/tests/test_mcp_compact.py +149 -0
package/src/lifecycle/tests/test_mcp_lifecycle_status.py +114 -0
package/src/lifecycle/tests/test_retention_policy.py +162 -0
package/src/mcp_tools_v28.py +280 -0
package/src/memory-profiles.py +2 -12
package/src/memory-reset.py +2 -12
package/src/memory_compression.py +2 -12
package/src/memory_store_v2.py +76 -20
package/src/migrate_v1_to_v2.py +2 -12
package/src/pattern_learner.py +29 -975
package/src/patterns/__init__.py +24 -0
package/src/patterns/analyzers.py +247 -0
package/src/patterns/learner.py +267 -0
package/src/patterns/scoring.py +167 -0
package/src/patterns/store.py +223 -0
package/src/patterns/terminology.py +138 -0
package/src/provenance_tracker.py +4 -14
package/src/query_optimizer.py +4 -6
package/src/rate_limiter.py +2 -6
package/src/search/__init__.py +20 -0
package/src/search/cli.py +77 -0
package/src/search/constants.py +26 -0
package/src/search/engine.py +239 -0
package/src/search/fusion.py +122 -0
package/src/search/index_loader.py +112 -0
package/src/search/methods.py +162 -0
package/src/search_engine_v2.py +4 -6
package/src/setup_validator.py +7 -13
package/src/subscription_manager.py +2 -12
package/src/tree/__init__.py +59 -0
package/src/tree/builder.py +183 -0
package/src/tree/nodes.py +196 -0
package/src/tree/queries.py +252 -0
package/src/tree/schema.py +76 -0
package/src/tree_manager.py +10 -711
package/src/trust/__init__.py +45 -0
package/src/trust/constants.py +66 -0
package/src/trust/queries.py +157 -0
package/src/trust/schema.py +95 -0
package/src/trust/scorer.py +299 -0
package/src/trust/signals.py +95 -0
package/src/trust_scorer.py +39 -697
package/src/webhook_dispatcher.py +2 -12
package/ui/app.js +1 -1
package/ui/js/agents.js +1 -1
package/ui_server.py +2 -14
package/ATTRIBUTION.md +0 -140
package/docs/ARCHITECTURE-V2.5.md +0 -190
package/docs/GRAPH-ENGINE.md +0 -503
package/docs/architecture-diagram.drawio +0 -405
package/docs/plans/2026-02-13-benchmark-suite.md +0 -1349

package/src/behavioral/tests/test_outcome_inference.py ADDED Viewed

@@ -0,0 +1,107 @@
+# SPDX-License-Identifier: MIT
+# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
+"""Tests for implicit outcome inference from recall behavior patterns.
+"""
+import sys
+from pathlib import Path
+from datetime import datetime, timedelta
+sys.path.insert(0, str(Path(__file__).resolve().parent.parent.parent))
+class TestOutcomeInference:
+    """Test inference rules for implicit outcome detection."""
+    def test_no_requery_implies_success(self):
+        """No re-query for 10+ min after recall -> success (0.6)."""
+        from behavioral.outcome_inference import OutcomeInference
+        engine = OutcomeInference()
+        now = datetime.now()
+        # Record a recall event
+        engine.record_recall("query_abc", [1, 2], now - timedelta(minutes=12))
+        # Infer outcomes after enough time has passed
+        results = engine.infer_outcomes(now)
+        assert len(results) >= 1
+        result = results[0]
+        assert result["outcome"] == "success"
+        assert abs(result["confidence"] - 0.6) < 0.01
+    def test_memory_used_high_confirms_success(self):
+        """memory_used(high) within 5 min -> confirmed success (0.8)."""
+        from behavioral.outcome_inference import OutcomeInference
+        engine = OutcomeInference()
+        now = datetime.now()
+        engine.record_recall("query_abc", [1], now - timedelta(minutes=3))
+        engine.record_usage("query_abc", signal="mcp_used_high", timestamp=now - timedelta(minutes=1))
+        results = engine.infer_outcomes(now)
+        success_results = [r for r in results if r["outcome"] == "success"]
+        assert len(success_results) >= 1
+        assert success_results[0]["confidence"] >= 0.8
+    def test_immediate_requery_implies_failure(self):
+        """Immediate re-query with different terms -> failure (0.2)."""
+        from behavioral.outcome_inference import OutcomeInference
+        engine = OutcomeInference()
+        now = datetime.now()
+        engine.record_recall("query_abc", [1], now - timedelta(minutes=1))
+        engine.record_recall("different_query", [3], now - timedelta(seconds=30))
+        results = engine.infer_outcomes(now)
+        failure_results = [r for r in results if r["outcome"] == "failure"]
+        assert len(failure_results) >= 1
+        assert failure_results[0]["confidence"] <= 0.3
+    def test_memory_deleted_implies_failure(self):
+        """Memory deleted within 1 hour -> failure (0.0)."""
+        from behavioral.outcome_inference import OutcomeInference
+        engine = OutcomeInference()
+        now = datetime.now()
+        engine.record_recall("query_abc", [1], now - timedelta(minutes=30))
+        engine.record_deletion(memory_id=1, timestamp=now - timedelta(minutes=5))
+        results = engine.infer_outcomes(now)
+        failure_results = [r for r in results if r["outcome"] == "failure" and 1 in r["memory_ids"]]
+        assert len(failure_results) >= 1
+        assert failure_results[0]["confidence"] <= 0.05
+    def test_rapid_fire_queries_implies_failure(self):
+        """3+ queries in 2 min -> failure (0.1)."""
+        from behavioral.outcome_inference import OutcomeInference
+        engine = OutcomeInference()
+        now = datetime.now()
+        engine.record_recall("q1", [1], now - timedelta(seconds=90))
+        engine.record_recall("q2", [2], now - timedelta(seconds=60))
+        engine.record_recall("q3", [3], now - timedelta(seconds=30))
+        results = engine.infer_outcomes(now)
+        # At least some should be failure due to rapid-fire pattern
+        failure_results = [r for r in results if r["outcome"] == "failure"]
+        assert len(failure_results) >= 1
+    def test_cross_tool_access_implies_success(self):
+        """Cross-tool access after recall -> success (0.7)."""
+        from behavioral.outcome_inference import OutcomeInference
+        engine = OutcomeInference()
+        now = datetime.now()
+        engine.record_recall("query_abc", [1], now - timedelta(minutes=3))
+        engine.record_usage("query_abc", signal="implicit_positive_cross_tool", timestamp=now - timedelta(minutes=1))
+        results = engine.infer_outcomes(now)
+        success_results = [r for r in results if r["outcome"] == "success"]
+        assert len(success_results) >= 1
+        assert success_results[0]["confidence"] >= 0.7
+    def test_empty_buffer_returns_empty(self):
+        """No recorded events -> no inferences."""
+        from behavioral.outcome_inference import OutcomeInference
+        engine = OutcomeInference()
+        results = engine.infer_outcomes(datetime.now())
+        assert results == []
+    def test_infer_clears_processed_events(self):
+        """After inference, processed events are cleared from buffer."""
+        from behavioral.outcome_inference import OutcomeInference
+        engine = OutcomeInference()
+        now = datetime.now()
+        engine.record_recall("q1", [1], now - timedelta(minutes=12))
+        results1 = engine.infer_outcomes(now)
+        assert len(results1) >= 1
+        # Second call should have nothing new
+        results2 = engine.infer_outcomes(now)
+        assert len(results2) == 0

package/src/behavioral/tests/test_outcome_tracker.py ADDED Viewed

@@ -0,0 +1,96 @@
+# SPDX-License-Identifier: MIT
+# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
+"""Tests for explicit action outcome recording.
+"""
+import sqlite3
+import tempfile
+import os
+import sys
+import json
+from pathlib import Path
+sys.path.insert(0, str(Path(__file__).resolve().parent.parent.parent))
+class TestOutcomeTracker:
+    """Test outcome recording and querying."""
+    def setup_method(self):
+        self.tmp_dir = tempfile.mkdtemp()
+        self.db_path = os.path.join(self.tmp_dir, "learning.db")
+    def teardown_method(self):
+        import shutil
+        shutil.rmtree(self.tmp_dir, ignore_errors=True)
+    def test_record_success(self):
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        oid = tracker.record_outcome([1, 2], "success", action_type="code_written")
+        assert isinstance(oid, int)
+        assert oid > 0
+    def test_record_failure(self):
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        oid = tracker.record_outcome([3], "failure", context={"error": "timeout"})
+        assert oid > 0
+    def test_record_partial(self):
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        oid = tracker.record_outcome([1], "partial", action_type="debug_resolved")
+        assert oid > 0
+    def test_confidence_for_explicit(self):
+        """Explicit outcomes should have confidence >= 0.8."""
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        tracker.record_outcome([1], "success")
+        outcomes = tracker.get_outcomes()
+        assert outcomes[0]["confidence"] >= 0.8
+    def test_multiple_memory_ids(self):
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        tracker.record_outcome([1, 2, 3], "success")
+        outcomes = tracker.get_outcomes()
+        assert len(outcomes[0]["memory_ids"]) == 3
+    def test_get_outcomes_by_memory(self):
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        tracker.record_outcome([1, 2], "success")
+        tracker.record_outcome([3], "failure")
+        results = tracker.get_outcomes(memory_id=1)
+        assert len(results) == 1
+    def test_get_outcomes_by_project(self):
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        tracker.record_outcome([1], "success", project="proj_a")
+        tracker.record_outcome([2], "failure", project="proj_b")
+        results = tracker.get_outcomes(project="proj_a")
+        assert len(results) == 1
+    def test_get_success_rate(self):
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        tracker.record_outcome([1], "success")
+        tracker.record_outcome([1], "success")
+        tracker.record_outcome([1], "failure")
+        rate = tracker.get_success_rate(1)
+        assert abs(rate - 0.667) < 0.01  # 2/3
+    def test_success_rate_no_outcomes(self):
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        rate = tracker.get_success_rate(999)
+        assert rate == 0.0
+    def test_valid_outcomes_only(self):
+        """Only success, failure, partial are valid outcomes."""
+        from behavioral.outcome_tracker import OutcomeTracker
+        tracker = OutcomeTracker(self.db_path)
+        result = tracker.record_outcome([1], "invalid_outcome")
+        assert result is None  # Rejected

package/src/cache_manager.py CHANGED Viewed

@@ -1,16 +1,14 @@
 #!/usr/bin/env python3
-"""
-SuperLocalMemory V2 - Cache Manager
+# SPDX-License-Identifier: MIT
+# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
+"""SuperLocalMemory V2 - Cache Manager
-Copyright (c) 2026 Varun Pratap Bhardwaj
 Solution Architect & Original Creator
-Licensed under MIT License (see LICENSE file)
-Repository: https://github.com/varun369/SuperLocalMemoryV2
+ (see LICENSE file)
 ATTRIBUTION REQUIRED: This notice must be preserved in all copies.
 """
 """
 Cache Manager - LRU Cache for Search Results

package/src/compliance/__init__.py ADDED Viewed

@@ -0,0 +1,48 @@
+# SPDX-License-Identifier: MIT
+# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
+"""SLM v2.8 Compliance Engine — ABAC + Audit Trail + Retention.
+Enterprise-grade access control, tamper-evident audit trail,
+and retention policy management for GDPR/EU AI Act/HIPAA.
+Graceful degradation: if this module fails to import,
+all agents have full access (v2.7 behavior).
+"""
+import threading
+from pathlib import Path
+from typing import Optional, Dict, Any
+COMPLIANCE_AVAILABLE = False
+_init_error = None
+try:
+    from .abac_engine import ABACEngine
+    from .audit_db import AuditDB
+    COMPLIANCE_AVAILABLE = True
+except ImportError as e:
+    _init_error = str(e)
+_abac_engine: Optional["ABACEngine"] = None
+_abac_lock = threading.Lock()
+def get_abac_engine(config_path: Optional[Path] = None) -> Optional["ABACEngine"]:
+    """Get or create the ABAC engine singleton."""
+    global _abac_engine
+    if not COMPLIANCE_AVAILABLE:
+        return None
+    with _abac_lock:
+        if _abac_engine is None:
+            try:
+                _abac_engine = ABACEngine(config_path)
+            except Exception:
+                return None
+        return _abac_engine
+def get_status() -> Dict[str, Any]:
+    return {
+        "compliance_available": COMPLIANCE_AVAILABLE,
+        "init_error": _init_error,
+        "abac_active": _abac_engine is not None,
+    }

package/src/compliance/abac_engine.py ADDED Viewed

@@ -0,0 +1,149 @@
+# SPDX-License-Identifier: MIT
+# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
+"""Attribute-Based Access Control policy evaluation.
+Evaluates access requests against JSON-defined policies using
+subject, resource, and action attributes. Deny-first semantics
+ensure any matching deny policy blocks access regardless of
+allow policies. When no policies exist, all access is permitted
+(backward compatible with v2.7 default-allow behavior).
+Policy format:
+    {
+        "name": str,          # Human-readable policy name
+        "effect": str,        # "allow" or "deny"
+        "subjects": dict,     # Attribute constraints on the requester
+        "resources": dict,    # Attribute constraints on the resource
+        "actions": list[str]  # Actions this policy applies to
+    }
+Matching rules:
+    - "*" matches any value for that attribute
+    - Specific values require exact match
+    - All attributes in the policy must match for the policy to apply
+"""
+import json
+import logging
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+logger = logging.getLogger(__name__)
+class ABACEngine:
+    """Evaluates ABAC policies for memory access control.
+    Deny-first evaluation: if ANY deny policy matches the request,
+    access is denied. If no deny matches, access is allowed
+    (default-allow preserves v2.7 backward compatibility).
+    """
+    def __init__(self, config_path: Optional[str] = None) -> None:
+        self._config_path = config_path
+        self.policies: List[Dict[str, Any]] = []
+        if config_path:
+            self._load_policies(config_path)
+    def _load_policies(self, path: str) -> None:
+        """Load policies from a JSON file. Graceful on missing/invalid."""
+        try:
+            raw = Path(path).read_text(encoding="utf-8")
+            data = json.loads(raw)
+            if isinstance(data, list):
+                self.policies = data
+                logger.info("Loaded %d ABAC policies from %s", len(data), path)
+            else:
+                logger.warning("ABAC policy file is not a list: %s", path)
+        except FileNotFoundError:
+            logger.debug("No ABAC policy file at %s — default allow", path)
+        except (json.JSONDecodeError, OSError) as exc:
+            logger.warning("Failed to parse ABAC policies: %s", exc)
+    def evaluate(
+        self,
+        subject: Dict[str, Any],
+        resource: Dict[str, Any],
+        action: str,
+    ) -> Dict[str, Any]:
+        """Evaluate an access request against loaded policies.
+        Args:
+            subject:  Attributes of the requester (e.g. agent_id).
+            resource: Attributes of the target resource.
+            action:   The action being requested (read/write/delete).
+        Returns:
+            Dict with keys: allowed (bool), reason (str),
+            and policy_name (str) when a specific policy decided.
+        """
+        if not self.policies:
+            return {"allowed": True, "reason": "no_policies_loaded"}
+        # Phase 1: check all deny policies first
+        for policy in self.policies:
+            if policy.get("effect") != "deny":
+                continue
+            if self._matches(policy, subject, resource, action):
+                return {
+                    "allowed": False,
+                    "reason": "denied_by_policy",
+                    "policy_name": policy.get("name", "unnamed"),
+                }
+        # Phase 2: check allow policies
+        for policy in self.policies:
+            if policy.get("effect") != "allow":
+                continue
+            if self._matches(policy, subject, resource, action):
+                return {
+                    "allowed": True,
+                    "reason": "allowed_by_policy",
+                    "policy_name": policy.get("name", "unnamed"),
+                }
+        # Phase 3: no matching policy — default allow (backward compat)
+        return {"allowed": True, "reason": "no_matching_policy"}
+    # ------------------------------------------------------------------
+    # Internal matching helpers
+    # ------------------------------------------------------------------
+    def _matches(
+        self,
+        policy: Dict[str, Any],
+        subject: Dict[str, Any],
+        resource: Dict[str, Any],
+        action: str,
+    ) -> bool:
+        """Return True if policy matches the request."""
+        if not self._action_matches(policy.get("actions", []), action):
+            return False
+        if not self._attrs_match(policy.get("subjects", {}), subject):
+            return False
+        if not self._attrs_match(policy.get("resources", {}), resource):
+            return False
+        return True
+    @staticmethod
+    def _action_matches(policy_actions: List[str], action: str) -> bool:
+        """Check if the requested action is in the policy's action list."""
+        if "*" in policy_actions:
+            return True
+        return action in policy_actions
+    @staticmethod
+    def _attrs_match(
+        policy_attrs: Dict[str, Any],
+        request_attrs: Dict[str, Any],
+    ) -> bool:
+        """Check if all policy attribute constraints are satisfied.
+        Every key in policy_attrs must either be "*" (match anything)
+        or exactly equal the corresponding value in request_attrs.
+        """
+        for key, expected in policy_attrs.items():
+            if expected == "*":
+                continue
+            if request_attrs.get(key) != expected:
+                return False
+        return True

package/src/compliance/abac_middleware.py ADDED Viewed

@@ -0,0 +1,116 @@
+# SPDX-License-Identifier: MIT
+# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
+"""ABAC middleware for MCP tool integration.
+Provides a simple interface for MCP tools to check access before
+executing memory operations. Delegates to ABACEngine for policy
+evaluation.
+"""
+import threading
+from pathlib import Path
+from typing import Any, Dict, Optional
+from .abac_engine import ABACEngine
+class ABACMiddleware:
+    """Thin middleware between MCP tools and ABAC policy engine.
+    Usage from MCP tools:
+        mw = ABACMiddleware(db_path)
+        result = mw.check_access(agent_id="agent_1", action="read",
+                                 resource={"access_level": "private"})
+        if not result["allowed"]:
+            return error_response(result["reason"])
+    """
+    def __init__(
+        self,
+        db_path: Optional[str] = None,
+        policy_path: Optional[str] = None,
+    ) -> None:
+        if db_path is None:
+            db_path = str(Path.home() / ".claude-memory" / "memory.db")
+        self._db_path = str(db_path)
+        if policy_path is None:
+            policy_path = str(
+                Path(self._db_path).parent / "abac_policies.json"
+            )
+        self._lock = threading.Lock()
+        self.denied_count = 0
+        self.allowed_count = 0
+        try:
+            self._engine = ABACEngine(config_path=policy_path)
+        except Exception:
+            self._engine = None
+    def check_access(
+        self,
+        agent_id: str,
+        action: str,
+        resource: Optional[Dict[str, Any]] = None,
+    ) -> Dict[str, Any]:
+        """Check if an agent has access to perform an action.
+        Args:
+            agent_id: Identifier for the requesting agent.
+            action: The action being performed (read, write, delete).
+            resource: Resource attributes (access_level, project, tags).
+        Returns:
+            Dict with ``allowed`` (bool), ``reason`` (str), and
+            optionally ``policy_name``.
+        """
+        if self._engine is None:
+            return {
+                "allowed": True,
+                "reason": "ABAC engine unavailable — default allow",
+            }
+        subject = {"agent_id": agent_id}
+        result = self._engine.evaluate(
+            subject=subject,
+            resource=resource or {},
+            action=action,
+        )
+        with self._lock:
+            if result["allowed"]:
+                self.allowed_count += 1
+            else:
+                self.denied_count += 1
+        return result
+    def build_agent_context(
+        self,
+        agent_id: str = "user",
+        protocol: str = "mcp",
+    ) -> Dict[str, Any]:
+        """Build an agent context dict for passing to MemoryStoreV2.
+        Args:
+            agent_id: Agent identifier.
+            protocol: Access protocol (mcp, cli, dashboard).
+        Returns:
+            Dict suitable for ``MemoryStoreV2.search(agent_context=...)``.
+        """
+        return {
+            "agent_id": agent_id,
+            "protocol": protocol,
+        }
+    def get_status(self) -> Dict[str, Any]:
+        """Return middleware status."""
+        return {
+            "engine_available": self._engine is not None,
+            "policies_loaded": (
+                len(self._engine.policies) if self._engine else 0
+            ),
+            "allowed_count": self.allowed_count,
+            "denied_count": self.denied_count,
+        }