JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 9
  • Score
    100M100P100Q51677F
  • License MIT

MemoryLink - Prevent secret leaks in AI-assisted development. 127 patterns including India-specific (Aadhaar, PAN, UPI).

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (memorylink) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    MemoryLink

    CLI tool that prevents secret leaks before they happen.

    npm TypeScript Node.js License

    🔒 100% local. Zero telemetry. Your secrets never leave your machine.

    MemoryLink is a Code Agent Memory OS.
    It treats Git Diffs as "Execution Truth" and uses them to prevent Agents from making mistakes.

    Why not just use "Chat Memory" (Mem0/DiffMem)?
    Chat memory only remembers what you said. MemoryLink remembers what you did (code changes).
    It enforces this truth with Safety Gates (AST checks, Secret Scanning) that block your Agent from introducing regressions or leaks.

    🛡️ Core Features

    MEMORYLINK is a Dual-Engine system:

    1. Memory Engine: Remembers your rules, context, and decisions.
    2. Gate Engine: Blocks mistakes (Secrets + Syntax) before commit.
    Protection What It Does
    🧠 Memory Stores project rules ("Use Hooks, not Classes")
    🔍 Scan Detects 127 secret patterns (API keys, PII)
    🪝 Git Hooks Blocks bad commits automatically
    🚫 CI/CD Block Blocks PRs with secrets or syntax errors
    🔐 Quarantine Encrypts detected secrets (AES-256-GCM)

    How It Works:

    You Code → Git Commit → MemoryLink Scans 
                        ↓
            1. 🧠 Check Memory (Rules)
            2. 🛡️ Check Gates (Secrets + Syntax)
                        ↓
             ⚠️ Warning (or 🚫 Block)

    Result: Your AI Agent gets smarter and safer over time.

    🛠️ Works With

    Category Supported
    AI Agents Cursor, Windsurf, Antigravity, GitHub Copilot
    OS macOS, Linux, Windows (WSL2)
    Node.js v18+

    👀 What You'll See

    When MemoryLink blocks a commit:

    ┌─────────────────────────────────────────────────────┐
┌ 🧠 MEMORY CHECK: 1 CONFLICT                         ┐
│  • Rule: "Never use default exports in utils/"      │
│    Violation: src/utils/date.ts uses default export │
│                                                     │
├ 🛡️ GATE CHECK: 1 SECRET DETECTED                    ┤
│  🔴 HIGH: AWS Access Key                            │
│     File: src/config.ts:15                          │
│                                                     │
└─────────────────────────────────────────────────────┘

    📦 Installation

    Prerequisites

    • Node.js 18+ (install)
    • npm or pnpm

    Install from npm

    npm install -g memorylink

    Verify Installation

    ml --version

    🚀 Quick Start (30 seconds)

    cd your-project
ml init

    What happens:

    1. ✅ Scans project for secrets
    2. ✅ Creates .memorylink/ (Active Memory)
    3. ✅ Installs Git hooks (Red/Blue Gates)

    2. Capture Your First Memory

    Tell your Agent a rule so it never forgets:

    ml capture -t "api-rules" -c "Always use snake_case for API response types"

    Now, if an Agent tries to use camelCase, MemoryLink will know.

    🎯 Core Commands

    Command What It Does
    ml capture Save a new memory/rule
    ml query Retrieve memories by topic
    ml list List all memories (with dates)
    ml delete Delete a memory
    ml gate Check code (Secrets + Syntax)
    ml scan Find existing secrets

    ml scan - Find Secrets

    ml scan                    # Scan entire project
ml scan --path src/        # Scan specific directory
ml scan --json             # JSON output for CI/automation (v2.1)

    ml doctor - Health Check (v2.1)

    ml doctor                  # Basic health checks
ml doctor --full           # Full diagnostics + benchmarks
ml doctor --json           # JSON output for automation

    ml mode - Switch Protection Level

    ml mode                    # View current mode
ml mode active             # Block on secrets (teams/CI)
ml mode inactive           # Warn only (default)

    ml gate - Manual Check

    ml gate --rule block-quarantined              # Check project
ml gate --rule block-quarantined --diff       # Check staged files only
ml gate --rule block-quarantined --history    # Check git history

    🔒 6-Layer Protection

    Layer 1: On-demand scan      → ml scan catches secrets immediately
Layer 2: Pre-commit hook     → Blocks before commit (staged files)
Layer 3: Pre-push hook       → Blocks before push (full scan)
Layer 4: CI/CD gate          → Auto-enforces when running in CI
Layer 5: Quarantine          → AES-256-GCM encrypted isolation
Layer 6: Audit trail         → Tracks everything with timestamps

    💡 Bonus: ml gate --history scans Git history for old leaks!

    📊 Active vs Inactive Mode

    Mode Behavior Exit Code Use Case
    INACTIVE (default) ⚠️ Warns but allows 0 Local development
    ACTIVE ❌ Blocks commit/push 1 Production, CI/CD

    Mode Priority

    MemoryLink checks these in order (highest to lowest):

    1. CLI Flag         --mode active / --enforce / --monitor
2. ENV Variable     ML_MODE=active / ML_MODE=inactive
3. CI Detection     GitHub Actions, GitLab CI, etc. (auto ACTIVE!)
4. Config File      .memorylink/config.json
5. Default          inactive

    One-Time Override

    ML_MODE=active git push      # Force blocking for this push
ML_MODE=inactive git push    # Allow this push (temporary)
git push --no-verify         # Emergency bypass (Git built-in)

    🎨 127 Secret Patterns

    Category Examples
    Cloud AWS, Azure, GCP, DigitalOcean, Heroku
    AI/ML OpenAI, Claude/Anthropic, HuggingFace, Groq, Perplexity, Replicate
    Payment Stripe, PayPal, Square, Razorpay, PhonePe, Cashfree
    Auth GitHub, GitLab, Slack, Discord, JWT, OAuth, Clerk
    Database Supabase, PlanetScale, Turso, Neon, Upstash
    India Aadhaar, PAN, GSTIN, UPI, IFSC, Paytm, PhonePe, Instamojo
    Personal SSN, Credit Card, Phone, Email
    Browser localStorage, sessionStorage, cookies

    🌐 19 CI Platforms Auto-Detected

    ✅ GitHub Actions    ✅ GitLab CI       ✅ Jenkins
✅ CircleCI          ✅ Travis CI       ✅ Buildkite
✅ Azure Pipelines   ✅ TeamCity        ✅ Bitbucket
✅ Drone CI          ✅ AppVeyor        ✅ Semaphore
✅ Buddy             ✅ Vercel          ✅ Netlify
✅ Bitrise           ✅ Codeship        ✅ Generic CI

    CI always enforces ACTIVE mode automatically!

    🛠️ CI/CD Setup

    GitHub Actions

    Add to .github/workflows/memorylink.yml:

    name: MemoryLink Gate
on: [pull_request, push]
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm install -g memorylink
      - run: ml gate --rule block-quarantined

    Quick Setup Command

    ml ci --provider github    # Creates the workflow file for you

    🚫 Handling False Positives

    Option 1: Inline Comment

    const API_ENDPOINT = "https://api.example.com"; // ml:ignore

    Option 2: Mark as False Positive

    ml gate --mark-false <finding-id>

    Option 3: Config File

    Add to .memorylink/config.json:

    {
  "ignores": {
    "values": ["test_key_not_real"],
    "patterns": ["example-api-key"],
    "files": ["tests/**", "docs/**"]
  }
}

    📁 Directory Structure

    .memorylink/
├── config.json         # User preferences
├── records/            # Safe content storage
├── quarantined/        # Encrypted secrets
├── audit/              # Security audit logs
└── falsePositives.json # Ignored findings

    🔐 Security Features

    Feature Implementation
    Key Location ~/.memorylink/keys/ (NOT in project!)
    Encryption AES-256-GCM (industry standard)
    Secret Masking AKIA****MPLE in all output
    Zero Telemetry 100% local, no network calls
    Package Safety .gitattributes + files field

    🔧 Troubleshooting

    Problem Quick Fix
    ml: command not found npx memorylink or fix PATH
    Hooks not running ml hooks --install
    False positive Add // ml:ignore comment
    Mode not changing Check ml mode output
    CI not blocking Verify CI=true is set

    📚 Documentation

    🤝 Contributing

    See CONTRIBUTING.md for guidelines.

    📄 License

    MIT License - see LICENSE

    🙏 Support

    ❓ FAQ

    Q: Why no MCP integration yet?

    MCP (Model Context Protocol) support is planned for v3.0. We're ensuring the core secret detection is bulletproof first.

    Q: Does MemoryLink follow security standards?

    Yes! MemoryLink follows security best practices aligned with OWASP guidelines. Full OWASP ASI06 compliance documentation is planned for v3.0.

    Q: Is it safe to use in enterprise environments?

    Absolutely. 100% local operation, zero telemetry, AES-256-GCM encryption, and project-isolated keys make it enterprise-ready.

    Q: What makes MemoryLink different from gitleaks?

    Better UX (color-coded output), India-specific patterns (Aadhaar, PAN, UPI), zero-config setup, and smart mode switching.

    MemoryLink - Protect your secrets from AI leaks 🔒