mem9-guard-mcp

mem9-guard-mcp

An MCP server that provides a guarded interface to the mem9 persistent memory backend, protecting AI agents against prompt injection, secret leakage, and memory poisoning.

Category
Visit Server

README

mem9-guard-mcp

An MCP server that exposes mem9 (the TiDB team's persistent memory backend for AI agents) behind OWASP agent-memory-guard.

Agents never touch the raw mem9 API — every read and write goes through the guard:

MCP client (agent)
        │  memory_read / memory_write / ...
        ▼
  mem9-guard-mcp (this server)
        │  MemoryGuard + Policy.strict()   ← inspect, then block / quarantine / redact
        ▼
  Mem9Store adapter (MemoryStore Protocol)
        │  REST (X-API-Key)
        ▼
      mem9 (api.mem9.ai or self-hosted)

This protects agent memory against prompt injection, secret leakage, and memory poisoning: malicious or sensitive content is blocked, quarantined, or redacted according to policy before it ever reaches — or returns from — the store.

Tools

Tool Description
memory_write(key, value, source_class, memory_class) Guarded write. Result is allow / redact / quarantine / blocked
memory_read(key, default) Read with integrity verification and outbound screening
memory_delete(key) Delete a key (protected keys are blocked)
memory_list() List stored keys
security_events(limit) Recent security events emitted by the guard (for auditing)
quarantine_list() Writes currently held in quarantine

rollback / snapshot restore is intentionally not exposed. Recovery is an operator action; giving it to agents would let them discard legitimate writes or cover up poisoned data.

Configuration (environment variables)

Variable Description
MEM9_API_KEY mem9 API key. Falls back to a local JSON store when unset
MEM9_API_URL Defaults to https://api.mem9.ai. Override for self-hosted mem9
MEM9_AGENT_ID X-Mnemo-Agent-Id header (optional)
MEM9_GUARD_POLICY Path to a policy YAML. Defaults to Policy.strict()
MEM9_GUARD_LOCAL_PATH Path of the fallback JSON store (default mem9_local_store.json)

Installing into Claude Code

Straight from GitHub (no clone needed — uvx fetches and builds on first run):

claude mcp add mem9-guard \
  --env MEM9_API_KEY=<your-key> \
  -- uvx --from git+https://github.com/Riku-KANO/mem9-guard-mcp mem9-guard-mcp

Or from a local clone (recommended while developing):

claude mcp add mem9-guard \
  --env MEM9_API_KEY=<your-key> \
  -- uv run --project <path-to-this-repo> mem9-guard-mcp

Notes:

  • MEM9_API_KEY is optional — omit the --env line to use the local JSON store fallback.
  • The server is registered for the current project by default; add --scope user to make it available in every project.
  • For self-hosted mem9, add --env MEM9_API_URL=<url>.
  • Verify with claude mcp list, or run /mcp in a new session to see the memory_write / memory_read / ... tools.

Other MCP clients

Any MCP client that supports stdio servers works, e.g.:

{
  "mcpServers": {
    "mem9-guard": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/Riku-KANO/mem9-guard-mcp", "mem9-guard-mcp"],
      "env": { "MEM9_API_KEY": "<your-key>" }
    }
  }
}

Development

uv sync
uv run pytest

# End-to-end smoke test over stdio (no LLM involved)
uv run python scripts/smoke_stdio.py

Notes

The mem9 v1alpha2 JSON field names (content / metadata / id) are not yet covered by a published official schema, so they are centralized as assumptions in src/mem9_guard_mcp/client.py. If the real API differs, that is the only file that needs to change.

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured