Medical Node, Patient Package, and Backend Ops storage implementation

[iberi22]

Implemented medical-specific extensions to the agent memory graph, including encrypted patient data packages and backend operation logging. Added AES-256 encryption utilities and updated the core MemoryGraph API to support these new data types. Fixed an existing compilation issue in the ObjectBox vector index implementation.

Fixes #43

---

PR created automatically by Jules for task 14306468699778072234 started by @iberi22

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[coderabbitai]

Warning

Rate limit exceeded

@iberi22 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 59 minutes and 48 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 59 minutes and 48 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 306e939e-5db8-419e-b80b-f3e9696ab1c2

📥 Commits

Reviewing files that changed from the base of the PR and between 087a65b and f9198d0.

📒 Files selected for processing (14)

• lib/isar_agent_memory.dart
• lib/objectbox.g.dart
• lib/src/memory_graph.dart
• lib/src/models/backend_operation_log.dart
• lib/src/models/degree.g.dart
• lib/src/models/medical_constants.dart
• lib/src/models/memory_edge.g.dart
• lib/src/models/memory_embedding.g.dart
• lib/src/models/memory_node.dart
• lib/src/models/memory_node.g.dart
• lib/src/models/patient_package.dart
• lib/src/utils/encryption_utils.dart
• lib/src/vector_index_objectbox.dart
• pubspec.yaml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/medical-nodes-patient-package-14306468699778072234

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces medical-specific data structures and encryption utilities to the agent memory system. Key additions include a MedicalMetadata schema, a PatientPackage for encrypted patient data, and a BackendOperationLog for tracking synchronization. The MemoryGraph has been updated with methods to store and retrieve these new entities. However, several critical issues were identified: the deletion of Isar-generated code in multiple .g.dart files will break the database layer, and the EncryptionUtils implementation contains significant security vulnerabilities, including a low PBKDF2 iteration count, a hardcoded salt, and insecure passphrase hashing. Additionally, using enums instead of raw strings for operation types and statuses in the logging model would improve type safety.

[gemini-code-assist]

The Isar-specific generated code (schemas and collection extensions) has been removed from this file. Since the project still relies on Isar for persistence, this change will break the database layer at runtime. This often happens when multiple generators are configured to output to the same .g.dart file. Ensure that the Isar generator is still running and contributing to this file.

[gemini-code-assist]

The number of PBKDF2 iterations (1000) is extremely low and does not meet modern security standards. OWASP recommends at least 600,000 iterations for PBKDF2-HMAC-SHA256 to provide sufficient resistance against brute-force attacks. Using such a low value makes the encryption significantly easier to crack.

Suggested change

	iterations: 1000,
	iterations: 600000,

[gemini-code-assist]

Using a fixed, hardcoded salt ('isar_agent_memory_salt') for key derivation is a major security vulnerability. Salts should be unique and random for every encryption operation to prevent the use of pre-computed rainbow tables. You should generate a random salt for each encryption and store it alongside the encrypted data.

[gemini-code-assist]

Using a single round of SHA-256 without a salt for hashing passphrases is insecure. It is vulnerable to brute-force attacks using rainbow tables or specialized hardware. For passphrase verification, use a slow hashing algorithm like Argon2 or PBKDF2 with a unique salt and a high iteration count.

[gemini-code-assist]

Using raw String types for operationType and status reduces type safety and can lead to bugs due to typos. It is recommended to use enums to define the allowed values, which provides compile-time safety and better readability.