Skip to content

feat: add allowedAgents config for memory hooks#28

Open
rbutera wants to merge 4 commits into
supermemoryai:mainfrom
rbutera:feat/allowed-agents-config
Open

feat: add allowedAgents config for memory hooks#28
rbutera wants to merge 4 commits into
supermemoryai:mainfrom
rbutera:feat/allowed-agents-config

Conversation

@rbutera

@rbutera rbutera commented Mar 15, 2026

Copy link
Copy Markdown

Summary

  • add allowedAgents?: string[] to plugin config parsing and schema
  • skip auto-capture when the current sessionKey does not match an allowed agent
  • skip auto-recall when the current sessionKey does not match an allowed agent
  • document the new config option in the README
  • add tests covering config parsing and the new capture/recall guards

Closes #27.

Behavior

When allowedAgents is omitted, behavior stays the same as today.

When allowedAgents is set, auto-capture and auto-recall only run for sessions whose sessionKey includes one of the configured agent IDs, for example agent:navi:main.

Test plan

  • bun test allowed-agents.test.ts
  • bun run check-types
  • bun run lint

Comment thread hooks/capture.ts
Comment on lines +33 to +38
const sessionKey = ctx.sessionKey as string | undefined
if (
cfg.allowedAgents?.length &&
!cfg.allowedAgents.some((agentId) => sessionKey?.includes(agentId))
) {
return

This comment was marked as outdated.

@rbutera

rbutera commented Mar 16, 2026

Copy link
Copy Markdown
Author

Good catch - the bug is real.

When sessionKey is undefined, sessionKey?.includes(agentId) returns undefined. Array.some() treats that as falsy and returns false. The negation flips it to true, triggering the early return. Any session without a sessionKey was being silently dropped regardless of the allowedAgents config.

Fixed in the latest commit by gating the filter on sessionKey being present. Sessions without a sessionKey now fall through and are processed normally, which restores prior behavior. Also added two regression tests covering the undefined sessionKey case to prevent this coming back.

@rbutera

rbutera commented Mar 18, 2026

Copy link
Copy Markdown
Author

Hey @Dhravya @Prasanna721, this is ready for review whenever you get a chance. CI is green, and the undefined sessionKey edge case from the Seer review is fixed with regression tests. Would love to get this merged so we can set up per-agent memory isolation. Thanks!

@ved015

ved015 commented May 20, 2026

Copy link
Copy Markdown
Member

hi @rbutera thank you for your contribution can you pls resolve the conflicts

rbutera added 4 commits June 30, 2026 09:15
…fined

When cfg.allowedAgents is set and sessionKey is undefined, the guard
condition used optional chaining (sessionKey?.includes()) which returns
undefined. Array.some() treated undefined as falsy, so .some() returned
false. The negation (!false) triggered an early return, silently
blocking capture/recall for sessions without a sessionKey.

Fix: only apply the allowedAgents filter when sessionKey is present.
Sessions without a sessionKey fall through and are processed normally,
restoring prior behavior.

Also adds two regression tests covering the undefined sessionKey case.
- buildCaptureHandler moved sessionKey from a builder arg to the handler ctx on
  main; drop the now-redundant 3rd arg in the capture tests (sessionKey is passed
  via ctx, matching the recall tests + the hook implementations).
- add @types/bun so the bun:test import typechecks under tsc --noEmit (this is the
  repo's first test file; the type was previously unresolved).
- formatting (biome).
@rbutera rbutera force-pushed the feat/allowed-agents-config branch from 1473703 to 8ec25ac Compare June 30, 2026 08:24
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Added@​types/​bun@​1.3.141001004989100

View full report

@rbutera

rbutera commented Jun 30, 2026

Copy link
Copy Markdown
Author

Rebased onto main and resolved the conflicts.

The main thing that shifted underneath this PR: buildCaptureHandler / buildRecallHandler moved sessionKey from a builder argument to the handler ctx, so I re-applied the allowedAgents guard against ctx.sessionKey and dropped the now-redundant third arg in the capture tests (the recall tests already used the ctx form). The prompt -> rawPrompt rename in recall is preserved. I also added @types/bun so the new bun:test file typechecks under tsc --noEmit, since it's the repo's first test file.

bun run check-types, bun run lint, and all 5 allowed-agents.test.ts tests are green. The undefined-sessionKey guard (no silent data loss) is intact.

@Dhravya @Prasanna721 @ved015 ready for another look whenever you get a chance, thanks for the patience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Feature request: per-agent memory isolation via allowedAgents config

2 participants