Skip to content

feat: add allowedAgents config for memory hooks#28

Open
rbutera wants to merge 3 commits intosupermemoryai:mainfrom
rbutera:feat/allowed-agents-config
Open

feat: add allowedAgents config for memory hooks#28
rbutera wants to merge 3 commits intosupermemoryai:mainfrom
rbutera:feat/allowed-agents-config

Conversation

@rbutera
Copy link

@rbutera rbutera commented Mar 15, 2026

Summary

  • add allowedAgents?: string[] to plugin config parsing and schema
  • skip auto-capture when the current sessionKey does not match an allowed agent
  • skip auto-recall when the current sessionKey does not match an allowed agent
  • document the new config option in the README
  • add tests covering config parsing and the new capture/recall guards

Closes #27.

Behavior

When allowedAgents is omitted, behavior stays the same as today.

When allowedAgents is set, auto-capture and auto-recall only run for sessions whose sessionKey includes one of the configured agent IDs, for example agent:navi:main.

Test plan

  • bun test allowed-agents.test.ts
  • bun run check-types
  • bun run lint

sentry[bot]
sentry bot reviewed Mar 15, 2026
View reviewed changes
hooks/capture.ts
Comment on lines +33 to +38
const sessionKey = ctx.sessionKey as string | undefined
if (
cfg.allowedAgents?.length &&
!cfg.allowedAgents.some((agentId) => sessionKey?.includes(agentId))
) {
return

This comment was marked as outdated.

Sign in to view

@rbutera
fix(allowed-agents): prevent silent data loss when sessionKey is unde…
1473703 
…fined

When cfg.allowedAgents is set and sessionKey is undefined, the guard
condition used optional chaining (sessionKey?.includes()) which returns
undefined. Array.some() treated undefined as falsy, so .some() returned
false. The negation (!false) triggered an early return, silently
blocking capture/recall for sessions without a sessionKey.

Fix: only apply the allowedAgents filter when sessionKey is present.
Sessions without a sessionKey fall through and are processed normally,
restoring prior behavior.

Also adds two regression tests covering the undefined sessionKey case.
@rbutera
Copy link
Author

rbutera commented Mar 16, 2026

Good catch - the bug is real.

When sessionKey is undefined, sessionKey?.includes(agentId) returns undefined. Array.some() treats that as falsy and returns false. The negation flips it to true, triggering the early return. Any session without a sessionKey was being silently dropped regardless of the allowedAgents config.

Fixed in the latest commit by gating the filter on sessionKey being present. Sessions without a sessionKey now fall through and are processed normally, which restores prior behavior. Also added two regression tests covering the undefined sessionKey case to prevent this coming back.

@rbutera
Copy link
Author

rbutera commented Mar 18, 2026

Hey @Dhravya @Prasanna721, this is ready for review whenever you get a chance. CI is green, and the undefined sessionKey edge case from the Seer review is fixed with regression tests. Would love to get this merged so we can set up per-agent memory isolation. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature request: per-agent memory isolation via allowedAgents config

1 participant

@rbutera