mirror of
https://github.com/samvallad33/vestige.git
synced 2026-07-02 22:01:01 +02:00
A full multi-agent review found 7 real issues (4 blockers). All fixed + tested.
B1 (blocker): Promoting a Memory PR did not release the quarantined memory —
the UI said "promoted" while the memory stayed suppressed/out of retrieval.
act_on_memory_pr now calls reverse_suppression(subject_id) on accept actions;
MemoryPrAction::releases_memory() encodes the rule (promote/merge/supersede
release; forget/quarantine keep it held). Proven live: PR response
subjectReleased:true, SQLite suppression_count 0.
B2 (blocker): memory promote/demote (returns `action`, not `decision`) and
codebase remember_* writes bypassed the write-trace + PR gate. extract_writes
now reads `action` too, filtered by is_write_decision (reads like get/state
excluded); is_write_tool includes `codebase`.
B3 (blocker): receipt ids collided within a run (r_<date>_<runId> +
INSERT OR REPLACE overwrote earlier receipts). IDs are now
r_<date>_<runId8>_<unique6>; build() mints the suffix, build_with_unique()
keeps tests deterministic.
B4 (blocker): proof bundle was assembled from two runs (trace.json=run_proof,
websocket-events.jsonl=run_proof2). Re-captured the whole bundle from a single
run — trace, websocket, receipt, and memory_pr all carry run_proof now.
B5: Black Box receipts panel showed global latest, not the selected run.
Added list_receipts_for_run + /api/receipts?run= ; the page uses listForRun.
B6: SENSITIVE_TOPICS substring matching false-fired (tokenizer->token,
author->auth, secretary->secret). Switched to word-boundary matching; real
phrasings (auth token, security vulnerability, api key) still gate.
B7: set_review_mode now writes atomically (temp+rename via write_atomic);
export_trace sanitizes run_id in the Content-Disposition filename; memory-prs
static routes declared before the dynamic /{id} route.
Withdrawn: the /mode-vs-/{id} route order is NOT a functional bug (axum 0.8 /
matchit prioritizes static segments) — reordered for clarity only.
Gates: 999 lib tests pass (+9 new regressions), clippy -D warnings clean,
dashboard check + build clean.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| src | ||
| Cargo.toml | ||
| README.md | ||
Vestige MCP Server
Local cognitive memory for MCP-compatible AI agents.
This crate provides the vestige-mcp stdio MCP server plus the vestige CLI.
The cognitive engine lives in vestige-core; this crate owns protocol handling,
tool dispatch, optional dashboard serving, backups, restore, update, and
portable import/export commands.
Install
For normal users, prefer the release package:
npm install -g vestige-mcp-server
For local development:
cargo build --release -p vestige-mcp
Register With An MCP Client
Use the command vestige-mcp in any stdio MCP client:
{
"mcpServers": {
"vestige": {
"command": "vestige-mcp"
}
}
}
Examples:
claude mcp add vestige vestige-mcp -s user
codex mcp add vestige -- vestige-mcp
Transports
- Default: JSON-RPC 2.0 over stdio.
- Optional: MCP-over-HTTP on
/mcp, enabled only with--http,--http-port, orVESTIGE_HTTP_ENABLED=1. - Dashboard:
vestige dashboardorVESTIGE_DASHBOARD_ENABLED=1.
HTTP and dashboard bearer tokens are generated locally; see
docs/CONFIGURATION.md.
Current Tool Surface
The server exposes the current unified MCP tools from
src/server.rs, including:
session_contextsearch,smart_ingest,memory,codebase,intentiondeep_reference,cross_reference,contradictionsdream,explore_connections,predictmemory_health,memory_graph,composed_graph,system_statusimportance_score,find_duplicatesconsolidate,memory_timeline,memory_changelogbackup,export,restore,gc,suppress
See the root README.md and
docs/AGENT-MEMORY-PROTOCOL.md for
agent instructions.
License
AGPL-3.0-only