github rohitg00/agentmemory v0.9.2
v0.9.2 — Stop-hook recursion safety + OpenAI-compatible embeddings + viewer import pipeline
on GitHub

5 hours ago

Safety + import-pipeline patch. Kills the infinite Stop-hook recursion loop that burned Claude Pro tokens on unkeyed installs, repairs every empty viewer tab after import-jsonl, derives lessons and crystals automatically from imported sessions, and opens up OpenAI-compatible embedding endpoints.

Contributors

  • @Edison-A-N#186: OPENAI_BASE_URL + OPENAI_EMBEDDING_MODEL env vars (unlocks Azure / vLLM / LM Studio for embeddings).
  • @Tanmay-008 and @tanmaishi#111 / #179 follow-ups: multimodal image memory (Phase 1 CLIP visual embeddings + vision-search), 500MB disk quota LRU eviction, memory deletion parity, multiple CodeRabbit review passes across the multimodal path.
  • @rohitg00#187 Stop-hook recursion 5-layer defense, #188 viewer empty-tabs + import pipeline, #189 OpenAI dimensions lookup, #190 README/website refresh, #191 release.

Thanks to everyone. External PRs merged via admin rebase after local verification.

Security

  • Stop-hook recursion loop (#187, follow-up to #149). A user with no provider key and AGENTMEMORY_AUTO_COMPRESS=false could still trigger unbounded recursion: Stop hook → /summarizeprovider.summarize() → agent-sdk provider spawned a Claude Agent SDK child session that inherited the same plugin hooks, whose own Stop fired, spawning another child, etc. Fixed at five layers in defense-in-depth:
    1. detectProvider() treats empty-string keys as unset and returns the noop provider by default. The agent-sdk fallback now requires explicit AGENTMEMORY_ALLOW_AGENT_SDK=true opt-in.
    2. New NoopProvider returns empty strings; callers detect .name === 'noop' and short-circuit.
    3. agent-sdk provider sets AGENTMEMORY_SDK_CHILD=1 before spawning query() and restores the previous value in finally.
    4. All 12 hook scripts inline an isSdkChildContext(payload) guard checking both env marker and payload.entrypoint === 'sdk-ts'.
    5. /summarize short-circuits with no_provider when the noop provider is active.

Added

  • OPENAI_BASE_URL / OPENAI_EMBEDDING_MODEL (#186, thanks @Edison-A-N). Azure OpenAI, vLLM, LM Studio, and other OpenAI-compatible proxies now work for embeddings. Defaults preserved.
  • OPENAI_EMBEDDING_DIMENSIONS (#189). dimensions derives from the model via a lookup table (3-small=1536, 3-large=3072, ada-002=1536) and the env var overrides for custom / self-hosted endpoints.
  • Auto-derived lessons + crystals on import-jsonl (#188). Each imported session produces one crystal (narrative, tool outcomes, files, lessons) and up to 20 heuristic lessons. Content-addressed IDs (fingerprintId) so re-imports bump reinforcements instead of duplicating.
  • Multimodal Phase 1 (#179 series, thanks @tanmaishi + @Tanmay-008). Optional CLIP visual embeddings and vision-search on top of managed image store, with LRU eviction and refcount parity.
  • Session preview on the sessions list (#188). Session.firstPrompt populated by both import-jsonl and live mem::observe; viewer renders a 140-char preview.
  • Richer session detail panel (#188). 4-stat grid, top-10 tool bar chart, activity breakdown, file list, metadata.

Changed

  • Default provider is now noop when no API key is set (see Security).
  • /agentmemory/audit returns { entries, success } to match viewer shape.
  • /agentmemory/replay/sessions uses kv.list directly: sub-50ms on 600+ sessions.
  • Viewer WS has a 5s connect timeout so the CONNECTING… banner no longer sticks forever.
  • import-jsonl runs synthetic compression + BM25 indexing, fixing consolidation and search on imported data.

Fixed

  • CI + publish workflows use two-step npm install --package-lock-only + npm ci (lockfiles stay gitignored).
  • image-quota-cleanup fails closed on refCount read errors.
  • mem::observe guards raw.userPrompt as a string before sanitizing.
  • Viewer Actions tab reads frontier (not actions) from /frontier.
  • Agent-sdk branch of detectProvider respects the computed maxTokens instead of hardcoding 4096.

Infrastructure

  • StateScope / StateScopeKey interface for the KV.state scope.
  • onnxruntime-node + onnxruntime-web declared as optionalDependencies.
  • FALLBACK_PROVIDERS honors the AGENTMEMORY_ALLOW_AGENT_SDK gate.
  • README provider table + env block refreshed; hero test badge 654 → 827.
  • 827 tests (up from 812 in v0.9.1).
  • @agentmemory/mcp shim bumped to 0.9.2 (was stuck at 0.9.0).

Full CHANGELOG: https://github.com/rohitg00/agentmemory/blob/main/CHANGELOG.md#092--2026-04-22
Full diff: v0.9.1...v0.9.2

Check out latest releases or
releases around rohitg00/agentmemory v0.9.2

Don't miss a new agentmemory release

NewReleases is sending notifications on new releases.

Get notifications