superlocalmemory 2.8.3 → 2.8.6

package/ATTRIBUTION.md

@@ -38,7 +38,7 @@ is_valid = QualixarSigner.verify(signed_output)
 
 ### Research Initiative
 
-Qualixar is a research platform for AI agent development tools. SuperLocalMemory is one of several research initiatives under the Qualixar umbrella. For more information, visit qualixar.com.
+Qualixar is a research initiative for AI agent development tools by Varun Pratap Bhardwaj. SuperLocalMemory is one of several research initiatives under the Qualixar umbrella.
 
 ### Third-Party Acknowledgments
 

package/CHANGELOG.md

@@ -16,6 +16,34 @@ SuperLocalMemory V2 - Intelligent local memory system for AI coding assistants.
 
 ---
 
+## [2.8.6] - 2026-03-06
+
+### Fixed
+- Environment variable support across all CLI tools
+- Multi-tool memory database sharing
+
+### Contributors
+- Paweł Przytuła (@pawelel) - Issue #7 and PR #8
+
+---
+
+## [2.8.3] - 2026-03-05
+
+### Fixed
+- Windows installation and cross-platform compatibility
+- Database stability under concurrent usage
+- Forward compatibility with latest Python versions
+
+### Added
+- Full Windows support with PowerShell scripts for all operations
+- `slm attribution` command for license and creator information
+
+### Improved
+- Overall reliability and code quality
+- Dependency management for reproducible installs
+
+---
+
 ## [2.8.2] - 2026-03-04
 
 ### Fixed

package/bin/slm

@@ -10,7 +10,7 @@
 
 set -e
 
-SLM_DIR="${HOME}/.claude-memory"
+SLM_DIR="${SL_MEMORY_PATH:-${HOME}/.claude-memory}"
 
 # Check if SuperLocalMemory is installed
 if [ ! -d "$SLM_DIR" ]; then
@@ -310,6 +310,38 @@ except Exception as e:
 "
         ;;
 
+    attribution)
+        python3 -c "
+import sys
+sys.path.insert(0, '${SLM_DIR}')
+try:
+    from memory_store_v2 import MemoryStoreV2
+    store = MemoryStoreV2()
+    attr = store.get_attribution()
+    print('SuperLocalMemory — Attribution')
+    print('=' * 45)
+    print(f\"Creator:  {attr.get('creator_name', 'Varun Pratap Bhardwaj')}\")
+    print(f\"Role:     {attr.get('creator_role', 'Solution Architect')}\")
+    print(f\"Platform: {attr.get('platform', 'Qualixar')}\")
+    print(f\"License:  {attr.get('license', 'MIT')}\")
+    print(f\"Website:  {attr.get('website', 'https://superlocalmemory.com')}\")
+    print(f\"Author:   {attr.get('author_website', 'https://varunpratap.com')}\")
+    print('=' * 45)
+    try:
+        from qualixar_attribution import QualixarSigner
+        from qualixar_watermark import encode_watermark
+        print('Layer 1 (Visible):        Active')
+        print('Layer 2 (Cryptographic):  Active')
+        print('Layer 3 (Steganographic): Active')
+    except ImportError:
+        print('Layer 1 (Visible):        Active')
+        print('Layer 2 (Cryptographic):  Not available')
+        print('Layer 3 (Steganographic): Not available')
+except Exception as e:
+    print(f'Error: {e}')
+"
+        ;;
+
     help|--help|-h)
         cat <<EOF
 SuperLocalMemory V2 - Universal CLI
@@ -356,6 +388,9 @@ HTTP SERVER (MCP):
   slm serve [PORT]         Start MCP HTTP server (default port 8417)
                            For ChatGPT/remote: ngrok http PORT
 
+ATTRIBUTION:
+  slm attribution          Show creator attribution and provenance status
+
 ADVANCED:
   slm reset soft           Soft reset (clear memories)
   slm reset hard --confirm Hard reset (nuclear option)

package/bin/slm-npm

@@ -16,8 +16,8 @@ const path = require('path');
 const os = require('os');
 const fs = require('fs');
 
-// Installation directory
-const SLM_DIR = path.join(os.homedir(), '.claude-memory');
+// Installation directory (SL_MEMORY_PATH overrides default)
+const SLM_DIR = process.env.SL_MEMORY_PATH || path.join(os.homedir(), '.claude-memory');
 
 // Check if SuperLocalMemory is installed
 if (!fs.existsSync(SLM_DIR)) {

package/bin/slm.bat

@@ -9,7 +9,9 @@ REM ATTRIBUTION REQUIRED: This notice must be preserved in all copies.
 setlocal enabledelayedexpansion
 
 REM Determine installation location
-if exist "%USERPROFILE%\.claude-memory\memory_store_v2.py" (
+if defined SL_MEMORY_PATH (
+    set "INSTALL_DIR=%SL_MEMORY_PATH%"
+) else if exist "%USERPROFILE%\.claude-memory\memory_store_v2.py" (
     set INSTALL_DIR=%USERPROFILE%\.claude-memory
 ) else if exist "%~dp0..\src\memory_store_v2.py" (
     set INSTALL_DIR=%~dp0..\src
@@ -181,7 +183,7 @@ echo   slm build-graph
 echo   slm switch-profile work
 echo.
 echo Installation: %INSTALL_DIR%
-echo Database: %USERPROFILE%\.claude-memory\memory.db
+echo Database: %INSTALL_DIR%\memory.db
 echo.
 echo Documentation: https://github.com/varun369/SuperLocalMemoryV2/wiki
 echo Report issues: https://github.com/varun369/SuperLocalMemoryV2/issues

package/install.ps1

@@ -15,7 +15,7 @@ param(
 
 $ErrorActionPreference = "Stop"
 
-$INSTALL_DIR = Join-Path $env:USERPROFILE ".claude-memory"
+$INSTALL_DIR = if ($env:SL_MEMORY_PATH) { $env:SL_MEMORY_PATH } else { Join-Path $env:USERPROFILE ".claude-memory" }
 $REPO_DIR = Split-Path -Parent $MyInvocation.MyCommand.Path
 
 # Auto-detect non-interactive environment
@@ -122,6 +122,35 @@ if (Test-Path $uiServerPath) {
     Write-Host "OK UI server copied" -ForegroundColor Green
 }
 
+# Copy security middleware (required by ui_server.py)
+$securityMiddlewarePath = Join-Path $REPO_DIR "security_middleware.py"
+if (Test-Path $securityMiddlewarePath) {
+    Copy-Item -Path $securityMiddlewarePath -Destination $INSTALL_DIR -Force
+    Write-Host "OK Security middleware copied" -ForegroundColor Green
+}
+
+# Copy routes (required by ui_server.py)
+$routesDir = Join-Path $REPO_DIR "routes"
+$installRoutesDir = Join-Path $INSTALL_DIR "routes"
+if (Test-Path $routesDir) {
+    if (-not (Test-Path $installRoutesDir)) {
+        New-Item -ItemType Directory -Path $installRoutesDir -Force | Out-Null
+    }
+    Copy-Item -Path (Join-Path $routesDir "*") -Destination $installRoutesDir -Recurse -Force
+    Write-Host "OK Routes copied" -ForegroundColor Green
+}
+
+# Copy UI assets (required by ui_server.py)
+$uiDir = Join-Path $REPO_DIR "ui"
+$installUiDir = Join-Path $INSTALL_DIR "ui"
+if (Test-Path $uiDir) {
+    if (-not (Test-Path $installUiDir)) {
+        New-Item -ItemType Directory -Path $installUiDir -Force | Out-Null
+    }
+    Copy-Item -Path (Join-Path $uiDir "*") -Destination $installUiDir -Recurse -Force
+    Write-Host "OK UI assets copied" -ForegroundColor Green
+}
+
 # Copy MCP server
 $mcpServerPath = Join-Path $REPO_DIR "mcp_server.py"
 if (Test-Path $mcpServerPath) {
@@ -169,8 +198,9 @@ if (Test-Path $setupValidatorPath) {
         # Fallback: create basic database
         & python -c @"
 import sqlite3
+import os
 from pathlib import Path
-db_path = Path.home() / '.claude-memory' / 'memory.db'
+db_path = Path(os.environ.get('SL_MEMORY_PATH') or str(Path.home() / '.claude-memory')) / 'memory.db'
 conn = sqlite3.connect(db_path)
 cursor = conn.cursor()
 cursor.execute('''CREATE TABLE IF NOT EXISTS memories (
@@ -228,8 +258,9 @@ Write-Host "Initializing advanced features..."
 # Add sample memories if database is empty (for first-time users)
 $memoryCount = & python -c @"
 import sqlite3
+import os
 from pathlib import Path
-db_path = Path.home() / '.claude-memory' / 'memory.db'
+db_path = Path(os.environ.get('SL_MEMORY_PATH') or str(Path.home() / '.claude-memory')) / 'memory.db'
 conn = sqlite3.connect(db_path)
 cursor = conn.cursor()
 cursor.execute('SELECT COUNT(*) FROM memories')
@@ -261,8 +292,9 @@ try {
     & python "$INSTALL_DIR\pattern_learner.py" update 2>$null | Out-Null
     $patternCount = & python -c @"
 import sqlite3
+import os
 from pathlib import Path
-db_path = Path.home() / '.claude-memory' / 'memory.db'
+db_path = Path(os.environ.get('SL_MEMORY_PATH') or str(Path.home() / '.claude-memory')) / 'memory.db'
 conn = sqlite3.connect(db_path)
 cursor = conn.cursor()
 cursor.execute('SELECT COUNT(*) FROM identity_patterns')

package/install.sh

@@ -8,7 +8,7 @@
 
 set -e
 
-INSTALL_DIR="${HOME}/.claude-memory"
+INSTALL_DIR="${SL_MEMORY_PATH:-${HOME}/.claude-memory}"
 REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]:-$0}")" && pwd)"
 
 # Parse command line arguments
@@ -214,6 +214,11 @@ if [ -f "${REPO_DIR}/ui_server.py" ]; then
     echo "✓ UI server copied"
 fi
 
+if [ -f "${REPO_DIR}/security_middleware.py" ]; then
+    cp "${REPO_DIR}/security_middleware.py" "${INSTALL_DIR}/"
+    echo "✓ Security middleware copied"
+fi
+
 if [ -d "${REPO_DIR}/ui" ]; then
     mkdir -p "${INSTALL_DIR}/ui/js"
     cp "${REPO_DIR}/ui/index.html" "${INSTALL_DIR}/ui/" 2>/dev/null || true
@@ -258,8 +263,7 @@ echo "✓ Directories created"
 if [ ! -f "${INSTALL_DIR}/audit.db" ]; then
     python3 -c "
 import sqlite3
-from pathlib import Path
-audit_path = Path.home() / '.claude-memory' / 'audit.db'
+audit_path = '${INSTALL_DIR}/audit.db'
 conn = sqlite3.connect(audit_path)
 cursor = conn.cursor()
 cursor.execute('''CREATE TABLE IF NOT EXISTS audit_events (
@@ -298,8 +302,7 @@ else
     # Fallback: create basic tables
     python3 -c "
 import sqlite3
-from pathlib import Path
-db_path = Path.home() / '.claude-memory' / 'memory.db'
+db_path = '${INSTALL_DIR}/memory.db'
 conn = sqlite3.connect(db_path)
 cursor = conn.cursor()
 cursor.execute('''CREATE TABLE IF NOT EXISTS memories (
@@ -399,8 +402,7 @@ echo "Initializing advanced features..."
 # Add sample memories if database is empty (for first-time users)
 MEMORY_COUNT=$(python3 -c "
 import sqlite3
-from pathlib import Path
-db_path = Path.home() / '.claude-memory' / 'memory.db'
+db_path = '${INSTALL_DIR}/memory.db'
 conn = sqlite3.connect(db_path)
 cursor = conn.cursor()
 cursor.execute('SELECT COUNT(*) FROM memories')
@@ -428,8 +430,7 @@ echo "○ Learning patterns..."
 if python3 "${INSTALL_DIR}/pattern_learner.py" update > /dev/null 2>&1; then
     PATTERN_COUNT=$(python3 -c "
 import sqlite3
-from pathlib import Path
-db_path = Path.home() / '.claude-memory' / 'memory.db'
+db_path = '${INSTALL_DIR}/memory.db'
 conn = sqlite3.connect(db_path)
 cursor = conn.cursor()
 cursor.execute('SELECT COUNT(*) FROM identity_patterns')
@@ -486,8 +487,8 @@ else
 fi
 
 # Check if PATH already configured
-PATH_EXPORT="export PATH=\"\${HOME}/.claude-memory/bin:\${PATH}\""
-if grep -q ".claude-memory/bin" "${SHELL_CONFIG}" 2>/dev/null; then
+PATH_EXPORT="export PATH=\"${INSTALL_DIR}/bin:\${PATH}\""
+if grep -Fq -- "${INSTALL_DIR}/bin" "${SHELL_CONFIG}" 2>/dev/null; then
     echo "○ PATH already configured in ${SHELL_CONFIG}"
 else
     # Add PATH export to shell config
@@ -498,7 +499,7 @@ else
 fi
 
 # Add to current session PATH
-export PATH="${HOME}/.claude-memory/bin:${PATH}"
+export PATH="${INSTALL_DIR}/bin:${PATH}"
 echo "✓ Commands available in current session"
 
 # ============================================================================
@@ -932,7 +933,7 @@ case "$INSTALL_CHOICE" in
         echo "  pip3 install -r ${REPO_DIR}/requirements-search.txt"
         echo ""
         echo "Start Web Dashboard:"
-        echo "  python3 ~/.claude-memory/ui_server.py"
+        echo "  python3 ${INSTALL_DIR}/ui_server.py"
         echo "  Then open: http://localhost:8000"
         ;;
 esac

package/mcp_server.py

@@ -33,7 +33,15 @@ from pathlib import Path
 from typing import Optional, Dict, List, Any
 
 # Add src directory to path (use existing code!)
-MEMORY_DIR = Path.home() / ".claude-memory"
+import logging
+_raw_memory_dir = os.environ.get("SL_MEMORY_PATH")
+MEMORY_DIR = Path(_raw_memory_dir).expanduser() if _raw_memory_dir else (Path.home() / ".claude-memory")
+MEMORY_DIR = MEMORY_DIR.resolve()
+
+_required_modules = ("memory_store_v2.py", "graph_engine.py", "pattern_learner.py")
+if not MEMORY_DIR.is_dir() or not all((MEMORY_DIR / m).exists() for m in _required_modules):
+    raise RuntimeError(f"Invalid SuperLocalMemory install directory: {MEMORY_DIR}")
+
 sys.path.insert(0, str(MEMORY_DIR))
 
 # Import existing core modules (zero duplicate logic)
@@ -61,6 +69,26 @@ try:
 except ImportError:
     TRUST_AVAILABLE = False
 
+# Qualixar Attribution (v2.8.3 — 3-layer provenance)
+try:
+    from qualixar_attribution import QualixarSigner
+    from qualixar_watermark import encode_watermark
+    _signer = QualixarSigner("superlocalmemory", "2.8.3")
+    ATTRIBUTION_AVAILABLE = True
+except ImportError:
+    _signer = None
+    ATTRIBUTION_AVAILABLE = False
+
+
+def _sign_response(response: dict) -> dict:
+    """Apply Layer 2 cryptographic signing to MCP tool responses."""
+    if _signer and isinstance(response, dict):
+        try:
+            return _signer.sign(response)
+        except Exception:
+            pass
+    return response
+
 # Learning System (v2.7+)
 try:
     sys.path.insert(0, str(Path(__file__).parent / "src"))
@@ -577,14 +605,14 @@ def _eager_init():
         pass
     try:
         from behavioral.outcome_tracker import OutcomeTracker
-        OutcomeTracker(str(Path.home() / ".claude-memory" / "learning.db"))
+        OutcomeTracker(str(MEMORY_DIR / "learning.db"))
     except Exception:
-        pass
+        logging.getLogger("superlocalmemory.mcp").exception("OutcomeTracker eager initialization failed")
     try:
         from compliance.audit_db import AuditDB
-        AuditDB(str(Path.home() / ".claude-memory" / "audit.db"))
+        AuditDB(str(MEMORY_DIR / "audit.db"))
     except Exception:
-        pass
+        logging.getLogger("superlocalmemory.mcp").exception("AuditDB eager initialization failed")
 
 # Run once at module load
 _eager_init()
@@ -676,12 +704,12 @@ async def remember(
         # Format response
         preview = content[:100] + "..." if len(content) > 100 else content
 
-        return {
+        return _sign_response({
             "success": True,
             "memory_id": memory_id,
             "message": f"Memory saved with ID {memory_id}",
             "content_preview": preview
-        }
+        })
 
     except Exception as e:
         return {
@@ -805,13 +833,13 @@ async def recall(
             if r.get('score', 0) >= min_score
         ]
 
-        return {
+        return _sign_response({
             "success": True,
             "query": query,
             "results": filtered_results,
             "count": len(filtered_results),
             "total_searched": len(results)
-        }
+        })
 
     except Exception as e:
         return {
@@ -888,10 +916,10 @@ async def get_status() -> dict:
         # Call existing get_stats method
         stats = store.get_stats()
 
-        return {
+        return _sign_response({
             "success": True,
             **stats
-        }
+        })
 
     except Exception as e:
         return {
@@ -1637,6 +1665,54 @@ async def project_context_prompt(project_name: str) -> str:
 # SERVER STARTUP
 # ============================================================================
 
+@mcp.tool(annotations=ToolAnnotations(
+    readOnlyHint=True,
+    destructiveHint=False,
+    openWorldHint=False,
+))
+async def get_attribution() -> dict:
+    """
+    Get creator attribution and provenance verification for SuperLocalMemory.
+
+    Returns creator information, license details, and verification status
+    for the 3-layer Qualixar attribution system.
+
+    Returns:
+        {
+            "creator": str,
+            "license": str,
+            "platform": str,
+            "layers": {
+                "visible": bool,
+                "cryptographic": bool,
+                "steganographic": bool
+            }
+        }
+    """
+    try:
+        store = get_store()
+        attribution = store.get_attribution()
+
+        return _sign_response({
+            "success": True,
+            **attribution,
+            "website": "https://superlocalmemory.com",
+            "author_website": "https://varunpratap.com",
+            "attribution_layers": {
+                "layer1_visible": True,
+                "layer2_cryptographic": ATTRIBUTION_AVAILABLE,
+                "layer3_steganographic": ATTRIBUTION_AVAILABLE,
+            },
+        })
+
+    except Exception as e:
+        return {
+            "success": False,
+            "error": _sanitize_error(e),
+            "message": "Failed to get attribution"
+        }
+
+
 if __name__ == "__main__":
     import argparse
 
@@ -1662,7 +1738,7 @@ if __name__ == "__main__":
     # Print startup message to stderr (stdout is used for MCP protocol)
     print("=" * 60, file=sys.stderr)
     print("SuperLocalMemory V2 - MCP Server", file=sys.stderr)
-    print("Version: 2.7.4", file=sys.stderr)
+    print("Version: 2.8.3", file=sys.stderr)
     print("=" * 60, file=sys.stderr)
     print("Created by: Varun Pratap Bhardwaj (Solution Architect)", file=sys.stderr)
     print("Repository: https://github.com/varun369/SuperLocalMemoryV2", file=sys.stderr)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "superlocalmemory",
-  "version": "2.8.3",
+  "version": "2.8.6",
   "description": "Your AI Finally Remembers You - Local-first intelligent memory system for AI assistants. Works with Claude, Cursor, Windsurf, VS Code/Copilot, Codex, and 17+ AI tools. 100% local, zero cloud dependencies.",
   "keywords": [
     "ai-memory",

package/src/memory_store_v2.py

@@ -1105,7 +1105,8 @@ class MemoryStoreV2:
 
         # Qualixar platform provenance (non-breaking additions)
         attribution['platform'] = 'Qualixar'
-        attribution['verify_url'] = 'https://qualixar.com'
+        attribution['website'] = 'https://superlocalmemory.com'
+        attribution['author_website'] = 'https://varunpratap.com'
 
         return attribution
 
@@ -1136,7 +1137,16 @@ class MemoryStoreV2:
             output.append(entry)
             char_count += len(entry)
 
-        return ''.join(output)
+        text = ''.join(output)
+
+        # Layer 3: Steganographic watermark on text exports
+        try:
+            from qualixar_watermark import encode_watermark
+            text = encode_watermark(text, "slm")
+        except ImportError:
+            pass
+
+        return text
 
 
 # CLI interface (V1 compatible + V2 extensions)

package/ui_server.py

@@ -20,6 +20,9 @@ import sys
 from pathlib import Path
 from datetime import datetime
 
+_script_dir = str(Path(__file__).parent.resolve())
+sys.path = [p for p in sys.path if p not in ("", _script_dir)]
+
 try:
     from fastapi import FastAPI
     from fastapi.staticfiles import StaticFiles
@@ -33,6 +36,8 @@ except ImportError:
         "Install with: pip install 'fastapi[all]' uvicorn websockets"
     )
 
+sys.path.insert(0, _script_dir)
+
 from security_middleware import SecurityHeadersMiddleware
 
 # Add src/ and routes/ to path
@@ -50,7 +55,7 @@ app = FastAPI(
     description="Real-Time Memory Dashboard with Event Bus, Agent Registry, and Trust Scoring",
     version="2.5.0",
     docs_url="/api/docs",
-    redoc_url="/api/redoc"
+    redoc_url="/api/redoc",
 )
 
 # Middleware (order matters: security headers should be outermost)
@@ -59,9 +64,9 @@ app.add_middleware(GZipMiddleware, minimum_size=1000)
 app.add_middleware(
     CORSMiddleware,
     allow_origins=[
-        "http://localhost:8765",    # Dashboard
+        "http://localhost:8765",  # Dashboard
         "http://127.0.0.1:8765",
-        "http://localhost:8417",    # MCP
+        "http://localhost:8417",  # MCP
         "http://127.0.0.1:8417",
     ],
     allow_credentials=True,
@@ -84,10 +89,11 @@ try:
         allowed, remaining = limiter.is_allowed(client_ip)
         if not allowed:
             from fastapi.responses import JSONResponse
+
             return JSONResponse(
                 status_code=429,
                 content={"error": "Too many requests. Please slow down."},
-                headers={"Retry-After": str(limiter.window)}
+                headers={"Retry-After": str(limiter.window)},
             )
 
         response = await call_next(request)
@@ -107,9 +113,12 @@ try:
         headers = dict(request.headers)
         if not check_api_key(headers, is_write=is_write):
             from fastapi.responses import JSONResponse
+
             return JSONResponse(
                 status_code=401,
-                content={"error": "Invalid or missing API key. Set X-SLM-API-Key header."}
+                content={
+                    "error": "Invalid or missing API key. Set X-SLM-API-Key header."
+                },
             )
         response = await call_next(request)
         return response
@@ -136,6 +145,7 @@ from routes.ws import router as ws_router, manager as ws_manager
 # v2.7 Learning routes (graceful)
 try:
     from routes.learning import router as learning_router
+
     LEARNING_ROUTES = True
 except ImportError:
     LEARNING_ROUTES = False
@@ -154,18 +164,21 @@ if LEARNING_ROUTES:
 # v2.8 routes (graceful — don't fail if engines unavailable)
 try:
     from routes.lifecycle import router as lifecycle_router
+
     app.include_router(lifecycle_router)
 except ImportError:
     pass
 
 try:
     from routes.behavioral import router as behavioral_router
+
     app.include_router(behavioral_router)
 except ImportError:
     pass
 
 try:
     from routes.compliance import router as compliance_router
+
     app.include_router(compliance_router)
 except ImportError:
     pass
@@ -173,6 +186,7 @@ except ImportError:
 # Wire WebSocket manager into routes that need broadcast capability
 import routes.profiles as _profiles_mod
 import routes.data_io as _data_io_mod
+
 _profiles_mod.ws_manager = ws_manager
 _data_io_mod.ws_manager = ws_manager
 
@@ -180,6 +194,7 @@ _data_io_mod.ws_manager = ws_manager
 # Basic Routes (root page + health check)
 # ============================================================================
 
+
 @app.get("/", response_class=HTMLResponse)
 async def root():
     """Serve main UI page."""
@@ -206,7 +221,7 @@ async def health_check():
         "status": "healthy",
         "version": "2.5.0",
         "database": "connected" if DB_PATH.exists() else "missing",
-        "timestamp": datetime.now().isoformat()
+        "timestamp": datetime.now().isoformat(),
     }
 
 
@@ -214,6 +229,7 @@ async def health_check():
 # Startup Events
 # ============================================================================
 
+
 @app.on_event("startup")
 async def startup_event():
     """Register Event Bus listener for SSE bridge on startup."""
@@ -229,8 +245,12 @@ if __name__ == "__main__":
     import socket
 
     parser = argparse.ArgumentParser(description="SuperLocalMemory V2 - Web Dashboard")
-    parser.add_argument("--port", type=int, default=8765, help="Port to run on (default 8765)")
-    parser.add_argument("--profile", type=str, default=None, help="Memory profile to use")
+    parser.add_argument(
+        "--port", type=int, default=8765, help="Port to run on (default 8765)"
+    )
+    parser.add_argument(
+        "--profile", type=str, default=None, help="Memory profile to use"
+    )
     args = parser.parse_args()
 
     def find_available_port(preferred):

package/docs/SECURITY-QUICK-REFERENCE.md

@@ -1,214 +0,0 @@
-# Security Quick Reference — For Developers
-
-**Last Updated:** March 4, 2026
-
-## TL;DR — Safe Coding Patterns
-
-### ✅ DO THIS (Safe)
-
-```javascript
-// Safe: Use textContent for plain text
-element.textContent = userContent;
-
-// Safe: Use escapeHtml() before DOM insertion
-element.innerHTML = escapeHtml(userContent);
-
-// Safe: Create elements programmatically
-const div = document.createElement('div');
-div.textContent = userContent;
-parent.appendChild(div);
-```
-
-### ❌ DON'T DO THIS (Dangerous)
-
-```javascript
-// DANGEROUS: Direct assignment with user content
-element.innerHTML = userContent;  // XSS VULNERABLE
-
-// DANGEROUS: Using code evaluation with user input
-// Never use eval, Function constructor, or similar
-
-// DANGEROUS: Inline event handlers with user content
-element.setAttribute('onclick', userCode);  // XSS VULNERABLE
-```
-
-## Security Checklist — Before Committing
-
-- [ ] No direct innerHTML assignments without escapeHtml()
-- [ ] All user content either uses textContent or is escaped
-- [ ] No code evaluation with user input
-- [ ] No inline event handlers with dynamic content
-- [ ] All API endpoints return explicit Content-Type
-- [ ] SQL queries use parameterized statements (never string concatenation)
-- [ ] No secrets in code or config files
-- [ ] Run security tests: pytest tests/test_security_headers.py -v
-
-## Common Patterns
-
-### Rendering User-Generated Content
-
-**Pattern 1: Plain Text Only**
-```javascript
-const contentDiv = document.getElementById('memory-content');
-contentDiv.textContent = memory.content;  // Automatically safe
-```
-
-**Pattern 2: Mixed Content (HTML Structure + User Text)**
-```javascript
-const html = `
-  <div class="memory-card">
-    <h3>${escapeHtml(memory.title)}</h3>
-    <p>${escapeHtml(memory.content)}</p>
-    <span class="badge">${escapeHtml(memory.category)}</span>
-  </div>
-`;
-container.innerHTML = html;
-```
-
-**Pattern 3: Building DOM Programmatically (Most Secure)**
-```javascript
-const card = document.createElement('div');
-card.className = 'memory-card';
-
-const title = document.createElement('h3');
-title.textContent = memory.title;
-
-const content = document.createElement('p');
-content.textContent = memory.content;
-
-card.appendChild(title);
-card.appendChild(content);
-container.appendChild(card);
-```
-
-### FastAPI Routes
-
-**Safe Pattern:**
-```python
-@router.get("/api/memories")
-async def get_memories():
-    # FastAPI automatically sets Content-Type: application/json
-    return {
-        "memories": memories,  # User content here is safe in JSON
-        "total": len(memories)
-    }
-```
-
-**SQL Queries:**
-```python
-# SAFE: Parameterized query
-cursor.execute("SELECT * FROM memories WHERE id = ?", (memory_id,))
-
-# DANGEROUS: String concatenation (SQL injection)
-# Never use f-strings or concatenation for SQL queries
-```
-
-## Testing XSS Protection
-
-```python
-# Test that XSS payloads are handled safely
-def test_xss_payload():
-    payload = "<script>alert('xss')</script>"
-
-    # This should be safe when:
-    # 1. Returned as JSON with Content-Type: application/json
-    # 2. Rendered with escapeHtml() on client
-    # 3. Protected by CSP headers
-
-    response = client.get(f"/api/memory?content={payload}")
-    assert response.headers["Content-Type"] == "application/json"
-    assert response.headers["X-Content-Type-Options"] == "nosniff"
-```
-
-## Security Headers Reference
-
-All responses include these headers automatically via SecurityHeadersMiddleware:
-
-- X-Content-Type-Options: nosniff
-- X-Frame-Options: DENY
-- X-XSS-Protection: 1; mode=block
-- Content-Security-Policy: (comprehensive policy)
-- Referrer-Policy: strict-origin-when-cross-origin
-- Cache-Control: no-store (API endpoints only)
-
-**Don't override these headers** unless you have a specific security reason and understand the implications.
-
-## CORS Configuration
-
-Current allowed origins:
-- http://localhost:8765
-- http://127.0.0.1:8765
-- http://localhost:8417
-- http://127.0.0.1:8417
-
-**To add a new origin:**
-1. Add to the allow_origins list in ui_server.py
-2. Document why it's needed
-3. Never use wildcard * in production
-
-## When to Update Security
-
-### Add New Route
-- [ ] Verify return type has explicit Content-Type
-- [ ] Test with XSS payloads
-- [ ] Add test case to test_security_headers.py
-
-### Add New JavaScript
-- [ ] Use textContent for plain text
-- [ ] Use escapeHtml() for mixed content
-- [ ] Test rendering with XSS payloads
-
-### Modify Security Headers
-- [ ] Document reason in commit message
-- [ ] Update SECURITY.md
-- [ ] Run full security test suite
-- [ ] Consider security implications
-
-## Resources
-
-- **Full Security Policy:** See SECURITY.md
-- **Security Enhancement Details:** .backup/security-enhancement-2026-03-04.md
-- **Security Tests:** tests/test_security_headers.py
-- **Middleware Source:** security_middleware.py
-- **Client-Side Escaping:** ui/app.js (escapeHtml function)
-
-## Quick Test Commands
-
-```bash
-# Run security tests only
-pytest tests/test_security_headers.py -v
-
-# Run all tests
-pytest tests/ -x -q
-
-# Manual verification (browser)
-python3 ui_server.py
-# Open http://localhost:8765
-# DevTools → Network → Check response headers
-```
-
-## Red Flags — Stop and Review
-
-If you see any of these patterns, STOP and review:
-
-- innerHTML with user content (without escaping)
-- Code evaluation functions anywhere
-- String concatenation in SQL queries
-- CORS with wildcard *
-- User input in event handler attributes
-- Disabling CSP or security headers
-- Secrets or API keys in code
-
-## When in Doubt
-
-**Ask these questions:**
-1. Could a user inject a script tag here?
-2. Is this content escaped before rendering?
-3. Does this SQL query use parameters?
-4. Could this header configuration weaken security?
-
-**If unsure:** Use the safest pattern (textContent or programmatic DOM creation).
-
----
-
-**Remember:** Defense in depth. We have multiple layers (headers, CSP, escaping). Use all of them.