mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

fix(security): scope memory tools to session userId — M2-003/004 #294

Merged
jason.woltje merged 1 commits from fix/m2-prefs-memory-scope into main 2026-03-21 20:19:21 +00:00
Conversation 0 Commits 1 Files Changed 2 +49 -21

1 Commits

Author SHA1 Message Date
Jason Woltje
0044481b4c fix(security): scope memory tools to session userId — prevent LLM parameter injection
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details 
M2-003: Audited PreferencesRepo — all five functions (findByUser, findByUserAndKey,
findByUserAndCategory, upsert, remove) already enforce userId filtering at the DB
WHERE clause level. No gaps found.

M2-004: Fixed agent memory tools (memory_search, memory_save_preference,
memory_save_insight, memory_get_preferences) — removed userId from all tool
parameter schemas so the LLM cannot inject an arbitrary user ID. The userId is
now bound from the authenticated session at tool-creation time via the new
sessionUserId parameter on createMemoryTools(). buildToolsForSandbox() and the
doCreateSession() call site are updated to thread the session userId through.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-21 15:18:15 -05:00