fix: align getScopeFilter bypass semantics with isAccessible for undefined agentId (#288, #231)

Root cause: isAccessible(scope, undefined) used bypass mode (any valid scope
returns true), but getScopeFilter(undefined) returned only explicitly defined
scopes (["global"]), excluding implicit agent scopes like "agent:main". This
caused memory_update to reject accessible memories while recall/forget worked.

Changes:
- scopes.ts: getScopeFilter now returns undefined (full bypass) when agentId
  is missing, matching isAccessible's existing bypass behavior
- tools.ts: memory_update uses runtimeContext.scopeManager instead of
  context.scopeManager, consistent with recall/forget
- test: updated scope-access-undefined assertions to match new bypass semantics

Note: beta.10's resolveRuntimeAgentId already ensures agentId defaults to
"main" in normal operation. This fix is defensive — prevents the same bug
from recurring if any future code path passes undefined agentId.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: AliceLJY

src/scopes.ts

@@ -220,8 +220,10 @@ export class MemoryScopeManager implements ScopeManager {
    * and `[]` only when they intend reads to match nothing.
    */
   getScopeFilter(agentId?: string): string[] | undefined {
-    if (isSystemBypassId(agentId)) {
-      // Internal system tasks bypass store-level scope filtering entirely.
+    if (!agentId || isSystemBypassId(agentId)) {
+      // No agent specified or internal system tasks bypass store-level scope
+      // filtering entirely.  This aligns with isAccessible(scope, undefined)
+      // which also uses bypass semantics for missing agentId.
       return undefined;
     }
     return this.getAccessibleScopes(agentId);

src/tools.ts

@@ -1069,7 +1069,7 @@ export function registerMemoryUpdateTool(
 
           // Determine accessible scopes
           const agentId = resolveRuntimeAgentId(runtimeContext.agentId, runtimeCtx);
-          const scopeFilter = resolveScopeFilter(context.scopeManager, agentId);
+          const scopeFilter = resolveScopeFilter(runtimeContext.scopeManager, agentId);
 
           // Resolve memoryId: if it doesn't look like a UUID, try search
           let resolvedId = memoryId;

test/scope-access-undefined.test.mjs

@@ -62,9 +62,9 @@ describe("MemoryScopeManager - System & Reflection Scopes", () => {
       ]);
     });
 
-    it("does not bypass the store filter for empty or nullish agentId", () => {
-      assert.deepStrictEqual(manager.getScopeFilter(""), manager.getAllScopes());
-      assert.deepStrictEqual(manager.getScopeFilter(undefined), manager.getAllScopes());
+    it("bypasses the store filter for empty or nullish agentId (consistent with isAccessible)", () => {
+      assert.strictEqual(manager.getScopeFilter(""), undefined);
+      assert.strictEqual(manager.getScopeFilter(undefined), undefined);
     });
 
     it("rejects whitespace-padded reserved bypass ids extracted from session keys", () => {