Jasper Recall

Local retrieval-augmented generation system for AI agents using ChromaDB and sentence-transformers, supporting multi-agent shared memory and privacy controls.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 4 · 2.4k · 1 current installs · 1 all-time installs

by@emberdesire

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name and SKILL.md describe a local RAG/memory system (ChromaDB + sentence-transformers) and the included files implement that. Files, CLI commands, and server code are consistent with the stated purpose. Note: the package writes to ~/.openclaw, installs CLI scripts into ~/.local/bin, and updates openclaw.json to register an OpenClaw plugin — these side effects are aligned with integrating with OpenClaw but are consequential (see persistence/privilege).

Instruction Scope

The runtime instructions and code go well beyond a simple search tool: they create a Python venv (~/.openclaw/rag-env), install Python packages, create persistent DB directories (~/.openclaw/chroma-db), copy scripts to ~/.local/bin, and automatically update the OpenClaw config file (openclaw.json) to enable a plugin. The server component enables CORS '*' and can be bound to 0.0.0.0, which — combined with the ability to turn off public-only filtering via RECALL_ALLOW_PRIVATE — could expose private indexed data. The CLI's setup function enables the plugin with autoRecall: true by default, which will inject retrieved memories into agent messages automatically.

ℹ

Install Mechanism

There is no packaged install spec (instruction-only), but the setup script runs pip installs inside a per-user venv (chromadb, sentence-transformers) and writes files into the user's home directories. Dependencies are pulled from PyPI (expected for this purpose), but they are large and will download models (~80MB) and Python packages (~200MB). No suspicious remote downloads from arbitrary servers were observed; network calls to npm registry and PyPI-style installs are present and expected.

ℹ

Credentials

The SKILL and code do not request unrelated cloud credentials. The code honors optional env vars (RECALL_WORKSPACE, RECALL_CHROMA_DB, RECALL_VENV, RECALL_PORT/HOST) and a special RECALL_ALLOW_PRIVATE flag that, if set to true, allows API callers to request private memories. That env var is powerful and must be treated as sensitive; however, its presence is explainable by the feature set.

Persistence & Privilege

The package persistently modifies user state: it creates directories and binaries under the user's home and programmatically edits openclaw.json to register and enable the jasper-recall plugin (setupOpenClawIntegration). The default setup writes the plugin config with autoRecall enabled, which causes automatic injection of retrieved memories into agent turns — this has privacy implications and increases blast radius. The server component can be bound to external interfaces and sets CORS '*' by default, making accidental external exposure possible if the user enables host 0.0.0.0 or fails to set RECALL_ALLOW_PRIVATE carefully.

What to consider before installing

What to consider before installing: - Review the code and SKILL.md locally. The setup will: create a Python venv (~/.openclaw/rag-env), install Python packages, write CLI scripts to ~/.local/bin, create ~/.openclaw/chroma-db, and modify your openclaw.json to register/enable an OpenClaw plugin. - Back up openclaw.json before running setup. The installer attempts to auto-enable the plugin with autoRecall: true — that will inject memories into agent messages by default. If you don't want that, either skip the OpenClaw integration step or edit openclaw.json to set autoRecall: false. - The included HTTP server enables CORS '*' and can bind to 0.0.0.0. Only run the server on localhost (127.0.0.1) unless you explicitly understand and control network exposure. Do not set RECALL_ALLOW_PRIVATE=true in environments where untrusted callers can reach the server. - The tool indexes files under ~/.openclaw/workspace/memory by default. Ensure no sensitive secrets (API keys, private PII) are present in those files, or use the privacy-check tool included to scan before syncing shared memory. - If you want to evaluate safely, run setup and the service inside an isolated environment (container or VM) first, or run the scripts manually instead of the full setup command. Confirm the pip installs and any model downloads are acceptable for your environment. - If you lack time to audit everything: treat this package as functional but with privacy-sensitive defaults (autoRecall + server CORS). Consider it 'suspicious' until you explicitly opt-in to the persistent changes and verify configuration.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.4.0

Download zip

latestvk97eqyejd9c26w5x1t81af0hzx80y3p7

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Jasper Recall v0.2.3

Local RAG (Retrieval-Augmented Generation) system for AI agent memory. Gives your agent the ability to remember and search past conversations.

New in v0.2.2: Shared ChromaDB Collections — separate collections for private, shared, and learnings content. Better isolation for multi-agent setups.

New in v0.2.1: Recall Server — HTTP API for Docker-isolated agents that can't run CLI directly.

New in v0.2.0: Shared Agent Memory — bidirectional learning between main and sandboxed agents with privacy controls.

When to Use

Memory recall: Search past sessions for context before answering
Continuous learning: Index daily notes and decisions for future reference
Session continuity: Remember what happened across restarts
Knowledge base: Build searchable documentation from your agent's experience

Quick Start

Setup

One command installs everything:

npx jasper-recall setup

This creates:

Python venv at ~/.openclaw/rag-env
ChromaDB database at ~/.openclaw/chroma-db
CLI scripts in ~/.local/bin/
OpenClaw plugin config in openclaw.json

Why Python?

The core search and embedding functionality uses Python libraries:

ChromaDB — Vector database for semantic search
sentence-transformers — Local embedding models (no API needed)

These are the gold standard for local RAG. There are no good Node.js equivalents that work fully offline.

Why a Separate Venv?

The venv at ~/.openclaw/rag-env provides:

Benefit	Why It Matters
Isolation	Won't conflict with your other Python projects
No sudo	Installs to your home directory, no root needed
Clean uninstall	Delete the folder and it's gone
Reproducibility	Same versions everywhere

The dependencies are heavy (~200MB total with the embedding model), but this is a one-time download that runs entirely locally.

Basic Usage

Search your memory:

recall "what did we decide about the API design"
recall "hopeIDS patterns" --limit 10
recall "meeting notes" --json

Index your files:

index-digests  # Index memory files into ChromaDB

Create session digests:

digest-sessions          # Process new sessions
digest-sessions --dry-run  # Preview what would be processed

How It Works

Three Components

digest-sessions — Extracts key info from session logs (topics, tools used)
index-digests — Chunks and embeds markdown files into ChromaDB
recall — Semantic search across your indexed memory

What Gets Indexed

By default, indexes files from ~/.openclaw/workspace/memory/:

*.md — Daily notes, MEMORY.md
session-digests/*.md — Session summaries
repos/*.md — Project documentation
founder-logs/*.md — Development logs (if present)

Embedding Model

Uses sentence-transformers/all-MiniLM-L6-v2:

384-dimensional embeddings
~80MB download on first run
Runs locally, no API needed

Agent Integration

Memory-Augmented Responses

# Before answering questions about past work
results = exec("recall 'project setup decisions' --json")
# Include relevant context in your response

Automated Indexing (Heartbeat)

Add to HEARTBEAT.md:

## Memory Maintenance
- [ ] New session logs? → `digest-sessions`
- [ ] Memory files updated? → `index-digests`

Cron Job

Schedule regular indexing:

{
  "schedule": { "kind": "cron", "expr": "0 */6 * * *" },
  "payload": {
    "kind": "agentTurn",
    "message": "Run index-digests to update the memory index"
  },
  "sessionTarget": "isolated"
}

Shared Agent Memory (v0.2.0+)

For multi-agent setups where sandboxed agents need access to some memories:

Memory Tagging

Tag entries in daily notes:

## 2026-02-05 [public] - Feature shipped
This is visible to all agents.

## 2026-02-05 [private] - Personal note
This is main agent only (default if untagged).

## 2026-02-05 [learning] - Pattern discovered
Learnings shared bidirectionally between agents.

ChromaDB Collections (v0.2.2+)

Memory is stored in separate collections for isolation:

Collection	Purpose	Who accesses
`private_memories`	Main agent's private content	Main agent only
`shared_memories`	[public] tagged content	Sandboxed agents
`agent_learnings`	Learnings from any agent	All agents
`jasper_memory`	Legacy unified (backward compat)	Fallback

Collection selection:

# Main agent (default) - searches private_memories
recall "api design"

# Sandboxed agents - searches shared_memories only
recall "product info" --public-only

# Search learnings only
recall "patterns" --learnings

# Search all collections (merged results)
recall "everything" --all

# Specific collection
recall "something" --collection private_memories

# Legacy mode (single collection)
recall "old way" --legacy

Sandboxed Agent Access

# Sandboxed agents use --public-only
recall "product info" --public-only

# Main agent can see everything
recall "product info"

Moltbook Agent Setup (v0.4.0+)

For the moltbook-scanner (or any sandboxed agent), use the built-in setup:

# Configure sandboxed agent with --public-only restriction
npx jasper-recall moltbook-setup

# Verify the setup is correct
npx jasper-recall moltbook-verify

This creates:

~/bin/recall — Wrapper that forces --public-only flag
shared/ — Symlink to main workspace's shared memory

The sandboxed agent can then use:

~/bin/recall "query"  # Automatically restricted to public memories

Privacy model:

Main agent tags memories as [public] or [private] in daily notes
sync-shared extracts [public] content to memory/shared/
Sandboxed agents can ONLY search the shared collection

Privacy Workflow

# Check for sensitive data before sharing
privacy-check "text to scan"
privacy-check --file notes.md

# Extract [public] entries to shared directory
sync-shared
sync-shared --dry-run  # Preview first

CLI Reference

recall

recall "query" [OPTIONS]

Options:
  -n, --limit N     Number of results (default: 5)
  --json            Output as JSON
  -v, --verbose     Show similarity scores and collection source
  --public-only     Search shared_memories only (sandboxed agents)
  --learnings       Search agent_learnings only
  --all             Search all collections (merged results)
  --collection X    Search specific collection by name
  --legacy          Use legacy jasper_memory collection

serve (v0.2.1+)

npx jasper-recall serve [OPTIONS]

Options:
  --port, -p N    Port to listen on (default: 3458)
  --host, -h H    Host to bind (default: 127.0.0.1)

Starts HTTP API server for Docker-isolated agents.

Endpoints:
  GET /recall?q=query&limit=5    Search memories
  GET /health                    Health check

Security: public_only=true enforced by default.
Set RECALL_ALLOW_PRIVATE=true to allow private queries.

Example (from Docker container):

curl "http://host.docker.internal:3458/recall?q=product+info"

privacy-check (v0.2.0+)

privacy-check "text"     # Scan inline text
privacy-check --file X   # Scan a file

Detects: emails, API keys, internal IPs, home paths, credentials.
Returns: CLEAN or list of violations.

sync-shared (v0.2.0+)

sync-shared [OPTIONS]

Options:
  --dry-run    Preview without writing
  --all        Process all daily notes

Extracts [public] tagged entries to memory/shared/.

index-digests

index-digests

Indexes markdown files from:
  ~/.openclaw/workspace/memory/*.md
  ~/.openclaw/workspace/memory/session-digests/*.md
  ~/.openclaw/workspace/memory/repos/*.md
  ~/.openclaw/workspace/memory/founder-logs/*.md

Skips files that haven't changed (content hash check).

digest-sessions

digest-sessions [OPTIONS]

Options:
  --dry-run    Preview without writing
  --all        Process all sessions (not just new)
  --recent N   Process only N most recent sessions

Configuration

Custom Paths

Set environment variables:

export RECALL_WORKSPACE=~/.openclaw/workspace
export RECALL_CHROMA_DB=~/.openclaw/chroma-db
export RECALL_SESSIONS_DIR=~/.openclaw/agents/main/sessions

Chunking

Default settings in index-digests:

Chunk size: 500 characters
Overlap: 100 characters

Security Considerations

⚠️ Review these settings before enabling in production:

Server Binding

The serve command defaults to 127.0.0.1 (localhost only). Do not use --host 0.0.0.0 unless you explicitly intend to expose the API externally and have secured it appropriately.

Private Memory Access

The server enforces public_only=true by default. The env var RECALL_ALLOW_PRIVATE=true bypasses this restriction. Never set this on public/shared hosts — it exposes your private memories to any client.

autoRecall Plugin

When autoRecall: true in the OpenClaw plugin config, memories are automatically injected before every agent message. Consider:

Set publicOnly: true in plugin config for sandboxed agents
Review which collections will be searched
Use minScore to filter low-relevance injections

What's automatically skipped (no recall triggered):

Heartbeat polls (HEARTBEAT, Read HEARTBEAT.md, HEARTBEAT_OK)
Messages containing NO_REPLY
Messages < 10 characters
Agent-to-agent messages (cron jobs, workers, spawned agents)
Automated reports (📋 PR Review, 🤖 Codex Watch, ANNOUNCE_*)
Messages from senders starting with agent: or worker-

Safer config for untrusted contexts:

"jasper-recall": {
  "enabled": true,
  "config": {
    "autoRecall": true,
    "publicOnly": true,
    "minScore": 0.5
  }
}

Environment Variables

The following env vars affect behavior — set them explicitly rather than relying on defaults:

Variable	Default	Purpose
`RECALL_WORKSPACE`	`~/.openclaw/workspace`	Memory files location
`RECALL_CHROMA_DB`	`~/.openclaw/chroma-db`	Vector database path
`RECALL_SESSIONS_DIR`	`~/.openclaw/agents/main/sessions`	Session logs
`RECALL_ALLOW_PRIVATE`	`false`	Server private access
`RECALL_PORT`	`3458`	Server port
`RECALL_HOST`	`127.0.0.1`	Server bind address

Dry-Run First

Before sharing or syncing, use dry-run options to preview what will be exposed:

privacy-check --file notes.md     # Scan for sensitive data
sync-shared --dry-run             # Preview public extraction
digest-sessions --dry-run         # Preview session processing

Sandboxed Environments

For maximum isolation, run jasper-recall in a container or dedicated account:

Limits risk of accidental data exposure
Separates private memory from shared contexts
Recommended for multi-agent setups with untrusted agents

Troubleshooting

"No index found"

index-digests  # Create the index first

"Collection not found"

rm -rf ~/.openclaw/chroma-db  # Clear and rebuild
index-digests

Model download slow First run downloads ~80MB model. Subsequent runs are instant.

Comments

Loading comments…