Source: Source pull request number: 922 in rohitg00/agentmemory (URL omitted to avoid GitHub cross-reference)
Title: fix(security): close secret-scrubbing bypass paths in all MCP write routes
Author: Srinath279
State: open
Draft: no
Merged: no
Head: Srinath279/agentmemory:fix/close-scrubbing-bypass-paths @ 915c526
Base: main @ f6f9e3c
Labels: (none)
Changed files: 0
Commits: 0
Created: 2026-06-13T03:49:27Z
Updated: 2026-06-13T06:39:52Z
Closed: (not closed)
Merged at: (not merged)
Original PR body:
Problem
stripPrivateData was wired into the observe pipeline only (hooks/prompt-submit.ts).
Seven MCP write tools that accept content directly bypassed that pipeline entirely,
meaning secrets submitted through those routes were stored in plaintext:
| Tool |
Bypass reason |
| memory_save (mem::remember) |
Explicit save, no hook |
| memory_lesson_save |
Crystallize output + manual saves |
| memory_slot_create / append / replace |
Slot writes never touch the hook |
| memory_sketch_create |
Sketch/action title+description |
| memory_team_share |
Re-shares already-stored rows |
| mem::compress (internal) |
LLM can echo secrets into its summary |
| mem::import |
Imported dumps skip capture entirely |
Solution
Apply stripPrivateData (or the new scrubRecord for untyped payloads) at each
write site before data touches KV storage.
New patterns in privacy.ts
- PEM private key blocks — -----BEGIN * PRIVATE KEY-----
- DB connection URLs with credentials — postgres://, mysql://, mongodb+srv://, redis://, amqp://, mssql://
New utility: scrubRecord
A recursive T→T walker (objects, arrays, strings). Lets callers scrub arbitrarily-shaped
payloads (LLM output, import blobs, team-share content) without knowing their schema.
Tests
New test/scrubbing-bypass.test.ts covers every bypass path.
Bonus: pnpm-workspace.yaml
Adds allowBuilds for esbuild, onnxruntime-node, protobufjs, sharp — fixes
ERR_PNPM_IGNORED_BUILDS on fresh checkouts.
Test plan
Summary by CodeRabbit
-
Documentation
- Added comprehensive end-to-end architecture documentation covering system design, data flow, operational flows, security, observability, and deployment.
-
Bug Fixes
- Strengthened privacy: introduced recursive scrubbing and applied automated secret/credential redaction across memory operations, imports, sharing, compression, slots, sketches, lessons, and team boundaries.
-
Tests
- Added end-to-end tests validating scrubbing behavior across storage and memory workflows.
-
Chores
- Updated workspace build configuration.
Local branch:
Fork PR:
Fork decision:
Verification:
Notes:
Source: Source pull request number: 922 in rohitg00/agentmemory (URL omitted to avoid GitHub cross-reference)
Title: fix(security): close secret-scrubbing bypass paths in all MCP write routes
Author: Srinath279
State: open
Draft: no
Merged: no
Head: Srinath279/agentmemory:fix/close-scrubbing-bypass-paths @ 915c526
Base: main @ f6f9e3c
Labels: (none)
Changed files: 0
Commits: 0
Created: 2026-06-13T03:49:27Z
Updated: 2026-06-13T06:39:52Z
Closed: (not closed)
Merged at: (not merged)
Original PR body:
Problem
stripPrivateDatawas wired into the observe pipeline only (hooks/prompt-submit.ts).Seven MCP write tools that accept content directly bypassed that pipeline entirely,
meaning secrets submitted through those routes were stored in plaintext:
Solution
Apply stripPrivateData (or the new scrubRecord for untyped payloads) at each
write site before data touches KV storage.
New patterns in privacy.ts
New utility: scrubRecord
A recursive T→T walker (objects, arrays, strings). Lets callers scrub arbitrarily-shaped
payloads (LLM output, import blobs, team-share content) without knowing their schema.
Tests
New test/scrubbing-bypass.test.ts covers every bypass path.
Bonus: pnpm-workspace.yaml
Adds allowBuilds for esbuild, onnxruntime-node, protobufjs, sharp — fixes
ERR_PNPM_IGNORED_BUILDS on fresh checkouts.
Test plan
Summary by CodeRabbit
Documentation
Bug Fixes
Tests
Chores
Local branch:
Fork PR:
Fork decision:
Verification:
Notes: