- Restrict CORS to known rSpace domains (no more open wildcard)
- Add tiered rate limiting per IP (anon vs authenticated, per endpoint tier)
- UA filtering blocks scrapers/scanners, allows browsers and AI agents
- Prompt injection sanitization: strip MI_ACTION markers, system tags, and
known attack patterns from user-supplied content before LLM ingestion
- Space access control: private/permissioned spaces gate MI data to members
- Auth required on /triage, /execute-server-action, data-driven /suggestions
- MCP guard: require auth or agent UA for /api/mcp/*
- Anonymous WebSocket cap: max 3 per IP with proper cleanup on close
- Knowledge index + conversation memory gated to members+ (viewers get
public canvas data only)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the 265-line data dump (35 modules × 3 items) in MI system prompts
with a trigram-ranked knowledge index that surfaces only the top-18 most
relevant entries per query. Adds per-space conversation memory persisted
to disk for cross-session context.
New files:
- server/mi-trigrams.ts — trigram + Jaccard similarity utilities
- server/space-knowledge.ts — SpaceKnowledgeIndex with 5-min TTL cache
- server/space-memory.ts — SpaceMemory with debounced disk persistence
Changes:
- mi-routes.ts: ~280 lines removed, replaced with ranked index call
- sync-instance.ts: cache invalidation on doc changes
- rauctions/mod.ts: fix ModuleScoping type (defaultScope, userConfigurable)
- mcp-tools/ragents.ts: fix AccessResult property access (claims.username, claims.sub)
~80% token reduction per MI request (~6,300 → ~1,320 tokens).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett