vestige/crates/vestige-mcp
Sam Valladares 83902b46dd fix(audit): sanitize graph error paths + expose intention status field
Two fixes surfaced by the pre-merge audit of chore/v2.0.7-clean:

1. Security MEDIUM (audit M2): `graph/+page.svelte` was rendering
   `e.message` verbatim into the DOM. A backend error that carried a
   filesystem path (e.g. a wrapped rusqlite error with the DB path in
   the message) would leak that path to any browser viewer. SvelteKit
   auto-escapes the interpolation so raw XSS is blocked, but the info-
   disclosure is real. Now we strip `/path/to/file.{sqlite,rs,db,toml,
   lock}` patterns and cap the rendered string at 200 chars before it
   hits the DOM. The regex used to gate the empty-state branch still
   runs against the raw message so detection accuracy isn't affected.

2. Correctness nit (audit PATH D): `execute_check` in
   `intention_unified.rs` was dropping `intention.status` and
   `intention.snoozed_until` from the response JSON. When
   `include_snoozed=true` surfaces both active and snoozed intentions
   in the same list, callers cannot distinguish an active-triggered
   intention from a snoozed-overdue one. Expose both fields so the
   consumer (dashboard, CLI, Claude Code) can render them
   appropriately.

Neither change affects the default code path under
`include_snoozed=false`; regression risk is zero.
2026-04-19 17:02:36 -05:00
..
src fix(audit): sanitize graph error paths + expose intention status field 2026-04-19 17:02:36 -05:00
Cargo.toml chore(release): v2.0.6 "Composer" — rebuild + version bump + CHANGELOG 2026-04-18 18:33:31 -05:00
README.md Switch embedding model from BGE to nomic-embed-text-v1.5 2026-01-25 03:11:15 -06:00

Vestige MCP Server

A bleeding-edge Rust MCP (Model Context Protocol) server for Vestige - providing Claude and other AI assistants with long-term memory capabilities.

Features

  • FSRS-6 Algorithm: State-of-the-art spaced repetition (21 parameters, personalized decay)
  • Dual-Strength Memory Model: Based on Bjork & Bjork 1992 cognitive science research
  • Local Semantic Embeddings: nomic-embed-text-v1.5 (768d) via fastembed v5 (no external API)
  • HNSW Vector Search: USearch-based, 20x faster than FAISS
  • Hybrid Search: BM25 + semantic with RRF fusion
  • Codebase Memory: Remember patterns, decisions, and context

Installation

cd /path/to/vestige/crates/vestige-mcp
cargo build --release

Binary will be at target/release/vestige-mcp

Claude Desktop Configuration

Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "vestige": {
      "command": "/path/to/vestige-mcp"
    }
  }
}

Available Tools

Core Memory

Tool Description
ingest Add new knowledge to memory
recall Search and retrieve memories
semantic_search Find conceptually similar content
hybrid_search Combined keyword + semantic search
get_knowledge Retrieve a specific memory by ID
delete_knowledge Delete a memory
mark_reviewed Review with FSRS rating (1-4)

Statistics & Maintenance

Tool Description
get_stats Memory system statistics
health_check System health status
run_consolidation Apply decay, generate embeddings

Codebase Tools

Tool Description
remember_pattern Remember code patterns
remember_decision Remember architectural decisions
get_codebase_context Get patterns and decisions

Available Resources

Memory Resources

URI Description
memory://stats Current statistics
memory://recent?n=10 Recent memories
memory://decaying Low retention memories
memory://due Memories due for review

Codebase Resources

URI Description
codebase://structure Known codebases
codebase://patterns Remembered patterns
codebase://decisions Architectural decisions

Example Usage (with Claude)

User: Remember that we decided to use FSRS-6 instead of SM-2 because it's 20-30% more efficient.

Claude: [calls remember_decision]
I've recorded that architectural decision.

User: What decisions have we made about algorithms?

Claude: [calls get_codebase_context]
I found 1 decision:
- We decided to use FSRS-6 instead of SM-2 because it's 20-30% more efficient.

Data Storage

  • Database: ~/Library/Application Support/com.vestige.mcp/vestige-mcp.db (macOS)
  • Uses SQLite with FTS5 for full-text search
  • Vector embeddings stored in separate table

Protocol

  • JSON-RPC 2.0 over stdio
  • MCP Protocol Version: 2024-11-05
  • Logging to stderr (stdout reserved for JSON-RPC)

License

MIT