4 Commits

Author	SHA1	Message	Date
Jason Woltje	b5d600e39b	fix(memory): scope InsightsRepo operations to userId — M2-001/002 ... Security audit findings and fixes: M2-001 — searchByEmbedding: confirmed already user-scoped via WHERE user_id M2-002 — findByUser: confirmed already user-scoped M2-002 — decayOldInsights: was global (no userId filter); now requires userId param and scopes UPDATE to eq(insights.userId, userId). Added decayAllInsights as a separate system-only method for cron tier management. Additional unscoped operations fixed: - findById: added userId param + AND eq(userId) to prevent cross-user read - update: added userId param + AND eq(userId) to prevent cross-user write - remove: added userId param + AND eq(userId) to prevent cross-user delete - memory.controller getInsight/removeInsight: now pass user.id for ownership - summarization.service: switched tier-management cron to decayAllInsights Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-21 15:16:24 -05:00
Jason Woltje	9eb48e1d9b	feat(Phase 4): Memory & Intelligence — memory, log, summarization, skills (#91) ... Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-13 13:56:50 +00:00
Jason Woltje	cbac5902db	fix: Phase 0 verification — CI gates green (P0-009) (#70) ... Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-13 02:28:38 +00:00
Jason Woltje	6d0d288e31	feat(P0-001): scaffold monorepo structure (#60) ... Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-13 01:11:46 +00:00