Skip to content

celiums/celiums-memory

v1.1.0 Security

This release includes 9 security fixes for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 9 known CVEs

Topics

ai ai-memory artificial-intelligence circadian-rhythm claude-code cognitive-architecture
+13 more
cursor developer-tools emotional-ai knowledge-engine mcp memory model-context-protocol neuroscience opencore persistent-memory personality typescript vscode

Affected surfaces

auth breaking_upgrade

Summary

AI summary

OpenCore modules were completely replaced and the dashboard now requires Node 22+.

Full changelog

What's New

Dashboard (packages/dashboard)

  • SvelteKit dashboard with Three.js neural network background, light/dark theme
  • Setup wizard — premium split-layout design for first-run account creation
  • OAuth 2.0 — connect Claude.ai, ChatGPT, or any MCP-compatible AI via browser-based auth
  • MCP proxy — public discovery (initialize, tools/list) + authenticated execution (tools/call)
  • Module browser — search 5,100 OpenCore modules with live search
  • Backup/restore — export and import memories as JSON
  • Docker deploydocker compose up for full stack (engine + dashboard + tunnel)

Security (11 fixes)

  • API endpoints now require session authentication
  • Login rate limiting with exponential backoff
  • Timing-safe session token comparison
  • Secure cookie flag for HTTPS
  • Logout endpoint
  • Password length limits (8-128 chars)
  • Max 10 concurrent sessions
  • MCP proxy explicit method whitelist
  • Multi-stage Docker build (no devDeps in production)

Curated Modules

  • 5,100 OpenCore modules replaced — old v2.0 (LLM-generated, no grounding) replaced with v5.4-ai-curated (real GitHub documentation)
  • Published as @celiums/[email protected]
  • 32 categories, avg 7,652 chars/module
  • Auto-hydrate on fresh deploy (9 seconds)

Engine Fixes

  • Health check handles missing table (enables auto-hydrate on fresh DB)
  • tsvector uses trigger instead of GENERATED (PG17 compatibility)
  • ModuleStore reads from single modules table
  • OAuth endpoints: /oauth/authorize, /oauth/token, /.well-known/oauth-authorization-server
  • readBody supports form-urlencoded for OAuth

Benchmark

  • LongMemEval results published: 62.3% QA accuracy (Opus 4.6)
  • 98.6% on user facts, 100% retrieval rate
  • Full reproducible benchmark suite in benchmarks/

Deploy

git clone https://github.com/terrizoaguimor/celiums-memory.git
cd celiums-memory/packages/dashboard
docker compose up -d
# Open the tunnel URL → create account → connect your AI

Breaking Changes

  • OpenCore modules completely replaced (old v2.0 removed)
  • Dashboard requires Node 22+

Breaking Changes

  • OpenCore modules completely replaced (old v2.0 removed)
  • Dashboard requires Node 22+

Security Fixes

  • API endpoints now require session authentication
  • Login rate limiting with exponential backoff
  • Timing‑safe session token comparison
  • Secure cookie flag for HTTPS
  • Logout endpoint added
  • Password length limited to 8–128 characters
  • Maximum of 10 concurrent sessions enforced
  • MCP proxy now uses an explicit method whitelist
  • Multi‑stage Docker build removes dev dependencies from production image
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track celiums/celiums-memory

Get notified when new releases ship.

Sign up free

About celiums/celiums-memory

Cognitive memory engine with 5,100+ knowledge modules, circadian rhythm awareness, and emotional state tracking (PAD model). Hybrid search (PostgreSQL + Qdrant vectors + Valkey cache), per-user memory isolation, and multi-protocol support (MCP, REST, OpenAI, LangChain, A2A). `npx @celiums/memory` Website

All releases →

Related context

Earlier breaking changes

  • v2.0.0 SaaS/UI/monetization framing removed.

Beta — feedback welcome: [email protected]