Skip to content

celiums/celiums-memory

v1.2.1 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

ai ai-memory artificial-intelligence circadian-rhythm claude-code cognitive-architecture
+13 more
cursor developer-tools emotional-ai knowledge-engine mcp memory model-context-protocol neuroscience opencore persistent-memory personality typescript vscode

Affected surfaces

auth rbac breaking_upgrade

Summary

AI summary

Recall no longer accepts projectId="all" without admin scope, and remember/journal_write block persistence of credential-like content.

Full changelog

External security audit on the hosted celiums-memory deployment surfaced four findings in the MCP tool layer. This patch ports the fixes here so any self-hosted deployment using @celiums/memory benefits immediately. Recommended upgrade: all users.

Security (P0)

recall no longer accepts projectId="all" from arbitrary callers

Previously enabled cross-project reconnaissance from any token. Now gated behind an admin scope:

  • Set the caller's userId in the CELIUMS_CROSS_PROJECT_ADMINS env (comma-separated), or
  • Have the caller's context carry a scopes: ["admin:cross_project"] claim.

remember and journal_write now refuse credential-like content

A shared SECRET_PATTERNS detector blocks persistence of common credential shapes — preventing long-lived leaks via later recall calls:

  • Resend (re_…), DigitalOcean Inference (sk-do-…), DO API tokens (dop_v1_…)
  • Anthropic (sk-ant-…), OpenRouter (sk-or-…), Stripe (sk_live_…)
  • Groq (gsk_…), xAI (xai-…), GitHub PATs (ghp_…)
  • AWS Access Keys (AKIA…), Postgres managed (AVNS_…), Celiums MCP keys (cmk_…)

If you ingest customer support transcripts or chat logs, you especially want this.

journal_write schema validation hardened

  • tags must be string[] — previously a malformed XML payload would persist as tags: [].
  • inherit_from must be a UUIDv4-shaped string — previously ../../etc/passwd was accepted as a no-op.

Notes

  • No data migration required. Existing memories and journal entries are unaffected.
  • If your deployment has credentials in plaintext memories, audit them after upgrade — the new detector blocks new writes but doesn't redact existing rows.

Upgrade

```bash
npm install @celiums/[email protected]
```

Breaking Changes

  • `recall` no longer accepts `projectId="all"` from arbitrary callers; requires admin scope or matching `CELIUMS_CROSS_PROJECT_ADMINS` env.

Security Fixes

  • Recall gated behind admin scope to prevent cross‑project reconnaissance (P0).
  • Remember and journal_write now reject persistence of common credential patterns such as API tokens, secrets, AWS keys, etc. (P0).
  • Journal_write schema validation hardened: `tags` must be string[], `inherit_from` must be UUIDv4-shaped string.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track celiums/celiums-memory

Get notified when new releases ship.

Sign up free

About celiums/celiums-memory

Cognitive memory engine with 5,100+ knowledge modules, circadian rhythm awareness, and emotional state tracking (PAD model). Hybrid search (PostgreSQL + Qdrant vectors + Valkey cache), per-user memory isolation, and multi-protocol support (MCP, REST, OpenAI, LangChain, A2A). `npx @celiums/memory` Website

All releases →

Related context

Earlier breaking changes

  • v2.0.0 SaaS/UI/monetization framing removed.

Beta — feedback welcome: [email protected]