vestige/crates/vestige-mcp
Sam Valladares b8212feb15 feat(cloud-sync): zero-knowledge client-side encryption (XChaCha20-Poly1305)
The portable archive is encrypted on the client before upload and decrypted
after download, so the hosted service only ever stores ciphertext — true
zero-knowledge. The passphrase (VESTIGE_CLOUD_ENCRYPTION_KEY) is independent
of the bearer sync key and never leaves the device.

- new cloud_crypto module: Argon2id KDF + XChaCha20-Poly1305 AEAD, self-
  describing envelope (MAGIC|version|salt|nonce|ciphertext+tag)
- HttpPortableSyncBackend encrypts on write / decrypts on read; transparent
  upgrade of legacy plaintext archives; clear error if remote is encrypted
  but no passphrase is set
- sync_portable_archive_cloud takes optional encryption_key
- CLI surfaces encryption status (on/off) on sync
- 6 crypto tests (roundtrip, wrong-key, tamper detection, non-determinism,
  envelope detection); E2E verified: server blob is ciphertext, passphrase
  device recovers, no-passphrase device cannot decrypt

491 core tests green, clippy -D warnings clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 21:19:16 -05:00
..
src feat(cloud-sync): zero-knowledge client-side encryption (XChaCha20-Poly1305) 2026-06-19 21:19:16 -05:00
Cargo.toml feat(cloud-sync): HTTP managed-sync backend + vestige sync --cloud 2026-06-19 20:35:01 -05:00
README.md Add ComposedGraph composition ledger 2026-06-18 16:00:29 -05:00

Vestige MCP Server

Local cognitive memory for MCP-compatible AI agents.

This crate provides the vestige-mcp stdio MCP server plus the vestige CLI. The cognitive engine lives in vestige-core; this crate owns protocol handling, tool dispatch, optional dashboard serving, backups, restore, update, and portable import/export commands.

Install

For normal users, prefer the release package:

npm install -g vestige-mcp-server

For local development:

cargo build --release -p vestige-mcp

Register With An MCP Client

Use the command vestige-mcp in any stdio MCP client:

{
  "mcpServers": {
    "vestige": {
      "command": "vestige-mcp"
    }
  }
}

Examples:

claude mcp add vestige vestige-mcp -s user
codex mcp add vestige -- vestige-mcp

Transports

  • Default: JSON-RPC 2.0 over stdio.
  • Optional: MCP-over-HTTP on /mcp, enabled only with --http, --http-port, or VESTIGE_HTTP_ENABLED=1.
  • Dashboard: vestige dashboard or VESTIGE_DASHBOARD_ENABLED=1.

HTTP and dashboard bearer tokens are generated locally; see docs/CONFIGURATION.md.

Current Tool Surface

The server exposes the current unified MCP tools from src/server.rs, including:

  • session_context
  • search, smart_ingest, memory, codebase, intention
  • deep_reference, cross_reference, contradictions
  • dream, explore_connections, predict
  • memory_health, memory_graph, composed_graph, system_status
  • importance_score, find_duplicates
  • consolidate, memory_timeline, memory_changelog
  • backup, export, restore, gc, suppress

See the root README.md and docs/AGENT-MEMORY-PROTOCOL.md for agent instructions.

License

AGPL-3.0-only