rohitg00/agentmemory

v0.9.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agentmemory agents ai claude claudecode codex

+7 more

copilot cursor genai harness hermes memory openclaw

Summary

AI summary

Updates Highlights, PRs in this release, and Stats across a mixed release.

Full changelog

Visibility + correctness release. Landing site, filesystem connector, MCP standalone now actually talks to the running server, health logic stops crying wolf, audit trail closes its last gap, and every memory path has a clear policy.

Highlights

Website — Next.js 16 App Router landing page at website/. Lamborghini-inspired dark canvas, live GitHub stars pill, agents marquee with real brand logos, command-center tab showcase (viewer · iii console · state · traces), 12-tile feature grid, agent install selector, universal MCP JSON + one-click Cursor/VS Code deeplinks. Deploys to Vercel with Root Directory = website/.
Filesystem connector — new @agentmemory/fs-watcher package. Emits valid HookPayload observations for every file change and delete, debounced, with default ignore list and bearer auth.
Standalone MCP now talks to the running server — @agentmemory/mcp probes GET /agentmemory/livez at AGENTMEMORY_URL (defaults to http://localhost:3111). If the server is up, every tool routes through REST and sees what hooks and the viewer see. If the probe fails, falls back to the local InMemoryKV. Handle cache invalidates on proxy failure with a 30s TTL.
Health stops flagging critical on tiny Node processes — memory severity no longer escalates from heap ratio alone. Both warn and critical bands require RSS above memoryRssFloorBytes (default 512 MB).
Audit policy codified — src/functions/audit.ts gets a top-of-file policy block. mem::forget no longer deletes silently; it writes a single audit row with target ids, session id, and per-type counts.
Retention eviction targets the right store — mem::retention-evict routes deletes to mem:memories or mem:semantic based on the candidate's source field, probing both namespaces for legacy rows. Batched audit per sweep.
Security advisory drafts for the v0.8.2 CVE set, ready to file through GitHub's advisory UI.
iii console docs + vendored screenshots in the README.

Install

npx @agentmemory/agentmemory          # runs the memory server on :3111, viewer on :3113

Then wire any MCP client — Claude Desktop, Cursor, VS Code, Claude Code, Gemini CLI, Codex CLI, Hermes, OpenClaw — from the new install section on the website or the quick start in the README.

PRs in this release

#118 — v0.8.2 security advisory drafts
#132 — route semantic memory eviction to the correct KV store
#157 — document iii console in README with screenshots
#160 (#158) — gate memory severity on RSS floor
#161 (#159) — proxy standalone MCP tools to the running server
#162 (#125) — mem::forget audit coverage + policy doc
#163 (#62) — filesystem connector
#164 — Next.js website

Stats

777 tests passing (+ 14 skipped)
Build clean
0 critical npm vulnerabilities

Full diff: v0.8.12...v0.9.0

Security Fixes

Draft security advisories prepared for v0.8.2 CVE set (no CVE IDs assigned yet)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track rohitg00/agentmemory

Get notified when new releases ship.

About rohitg00/agentmemory

All releases →