UNPKG

@dollhousemcp/mcp-server

Version:

DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.

140 lines 4.78 kB
/** * Background Validation Service for Memory Security * * Part of Issue #1314 Phase 1: Memory Security Architecture * * PURPOSE: * Asynchronously validates UNTRUSTED memory entries and updates their trust levels * without blocking memory creation. Runs outside the LLM request path to avoid * token costs and latency. * * ARCHITECTURE: * - Layer 2 in the Memory Security Architecture (see docs/development/MEMORY_SECURITY_ARCHITECTURE.md) * - Runs server-side, not in LLM context * - No token cost for validation * - Updates trust levels in-place * * TRUST LEVEL TRANSITIONS: * UNTRUSTED → VALIDATED (clean content, no patterns) * UNTRUSTED → FLAGGED (dangerous patterns detected, needs encryption) * UNTRUSTED → QUARANTINED (explicitly malicious, critical threat) * * @module BackgroundValidator */ import { PatternExtractor } from './PatternExtractor.js'; /** * Configuration for background validation behavior */ export interface BackgroundValidatorConfig { /** Enable background validation (default: true) */ enabled: boolean; /** Interval in seconds between validation runs (default: 300 = 5 minutes) */ intervalSeconds: number; /** Maximum number of memories to process per batch (default: 10) */ batchSize: number; /** Maximum time in ms for a single validation operation (default: 5000) */ validationTimeoutMs: number; } /** * Pattern information for encrypted storage */ export interface SanitizedPattern { /** Unique reference ID for this pattern */ ref: string; /** Human-readable description of the pattern */ description: string; /** Severity level of the pattern */ severity: 'critical' | 'high' | 'medium' | 'low'; /** Location in original content (offset and length) */ location: string; /** Encrypted pattern (AES-256-GCM) - Phase 2 */ encryptedPattern?: string; /** Encryption algorithm used - Phase 2 */ algorithm?: string; /** Initialization vector for decryption - Phase 2 */ iv?: string; /** GCM authentication tag for integrity verification - Phase 2 */ authTag?: string; /** Safety instruction for pattern usage */ safetyInstruction: string; } /** * Background validation service for memory entries * * This service runs outside the LLM request path to validate UNTRUSTED * memory entries and update their trust levels based on security analysis. * * REFACTOR NOTE: * Converted to full DI architecture. Removed singleton export. * PatternExtractor is now injected as a dependency instead of static calls. */ export declare class BackgroundValidator { private readonly patternExtractor; private readonly memoryManager; private readonly config; private intervalHandle?; private isProcessing; constructor(patternExtractor: PatternExtractor, memoryManager: any, // MemoryManager - using any to avoid circular import config?: Partial<BackgroundValidatorConfig>); /** * Start the background validation service * Begins periodic validation of UNTRUSTED memories */ start(): void; /** * Stop the background validation service */ stop(): void; /** * Process all UNTRUSTED memory entries * This is the main background validation loop */ processUntrustedMemories(): Promise<void>; /** * Find all memories that have UNTRUSTED entries * * DI REFACTOR: Use injected MemoryManager instead of static Memory methods * Loads memories from filesystem and filters by trust level */ private findMemoriesWithUntrustedEntries; /** * Process a batch of memories for validation */ private processBatch; /** * Validate all UNTRUSTED entries in a memory * FIX #1320: Now uses public Memory API and saves changes * FIX (Claude Bot Review): Removed type casting for memory.id */ private validateMemory; /** * Validate a single memory entry and update its trust level * * @param entry - The memory entry to validate * @returns true if the entry was updated, false otherwise */ private validateEntry; /** * Determine the appropriate trust level based on validation results */ private determineTrustLevel; /** * Split an array into batches of specified size */ private createBatches; /** * Get current validation statistics */ getStats(): { enabled: boolean; isProcessing: boolean; intervalSeconds: number; batchSize: number; }; /** * Dispose of the validator and clean up resources * Implements cleanup for proper DI lifecycle management */ dispose(): Promise<void>; } //# sourceMappingURL=BackgroundValidator.d.ts.map