Skip to content

FlarelyLegal/memory-mcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

299 Commits
.github
.github
 
 
docs
docs
 
 
migrations
migrations
 
 
schemas
schemas
 
 
scripts
scripts
 
 
seeds
seeds
 
 
src
src
 
 
tests
tests
 
 
.dev.vars.example
.dev.vars.example
 
 
.docs.toml
.docs.toml
 
 
.gitignore
.gitignore
 
 
.npmrc
.npmrc
 
 
.prettierignore
.prettierignore
 
 
.prettierrc
.prettierrc
 
 
AGENTS.md
AGENTS.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cliff.toml
cliff.toml
 
 
eslint.config.ts
eslint.config.ts
 
 
opencode.json
opencode.json
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
playwright.config.ts
playwright.config.ts
 
 
tsconfig.json
tsconfig.json
 
 
vitest.config.ts
vitest.config.ts
 
 
wrangler-a.jsonc
wrangler-a.jsonc
 
 
wrangler-b.jsonc
wrangler-b.jsonc
 
 
wrangler.jsonc
wrangler.jsonc
 
 

Repository files navigation

Memory Graph MCP

CI Tests Release

Node.js TypeScript Cloudflare Workers MCP SDK AI Assisted

License: AGPL-3.0 GitHub Issues GitHub Stars

Remote MCP server on Cloudflare Workers providing LLMs with persistent shared memory: knowledge graphs, semantic search, RBAC namespace sharing, and temporally-decayed recall.

Why Memory Graph MCP?

Memory Graph MCP is the open-source MCP server built for shared memory across teams. Every user gets private namespaces by default, and any namespace can be shared with individuals or groups through role-based access control.

Collaborative by design

  • Namespace-level RBAC with three roles: owner, editor, viewer
  • Group-based sharing: create a group, add members, grant the group access to namespaces
  • Private by default with opt-in public visibility for read-only community namespaces
  • Per-write audit logging on every mutation to D1 (90 days queryable) and R2 NDJSON archive (indefinite retention, S3-compatible for ingestion by Loki, Splunk, Datadog, Elastic, or any S3-aware log aggregator)

Secure by default

  • Cloudflare Access handles identity through a full OAuth/OIDC flow
  • JWT verification on every request: RSA signature validation, expiry checks, audience tag enforcement
  • Security headers on all responses: HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff
  • CSRF protection via Origin/Referer/Sec-Fetch-Site validation in middleware
  • Service token support with identity binding for CI/CD and automation
  • Encryption at rest at the Cloudflare storage layer

Fast at the edge

  • Runs on Cloudflare Workers globally, not a centralized server
  • D1 read replication: read-heavy workloads hit the nearest replica
  • Vectorize ANN search: semantic queries without provisioning a separate vector database
  • KV identity cache with 30-second security-first TTL for fast auth with fast revocation
  • All AI inference routed through AI Gateway for observability and caching

What you get

Capability How it works Why it matters
Shared memory + RBAC Namespaces with owner/editor/viewer grants for users and groups Teams share knowledge without giving up control
Identity + auth Cloudflare Access (OAuth/OIDC), JWT verification, service tokens Every request is authenticated and authorized
Edge deployment Cloudflare Workers, D1 read replication, KV identity cache Low latency globally, no centralized bottleneck
Knowledge graph Typed entities, weighted directed relations, BFS traversal Structured context the LLM can reason over
Semantic search Vectorize ANN + Workers AI embeddings (@cf/baai/bge-m3, 1024d) Find relevant context by meaning, not just keywords
Temporal decay Importance-weighted recall with time-based decay scoring Recent and important memories surface first
Audit trail D1 hot window (90 days) + R2 NDJSON archive (S3-compatible, indefinite) Full write history, ready for Loki/Splunk/Datadog/Elastic
Durable workflows Cloudflare Workflows with step-level retry for consolidation + reindex Background maintenance that survives failures
REST API + OpenAPI 3.1 Full MCP-parity REST API plus REST-only RBAC admin routes, Scalar docs UI Integrate from any HTTP client, not just MCP
Elicitation safety Destructive operations prompt for human confirmation with graceful degradation Prevents accidental deletes in interactive sessions

Architecture

Component Service Purpose
MCP sessions Durable Objects Stateful per-session agent with persistent state
Graph + data D1 (SQLite) Entities, relations, memories, conversations, audit logs
Semantic search Vectorize + Workers AI Embeddings via @cf/baai/bge-m3 (1024d)
Auth + identity KV OAuth state, service token bindings, identity cache, flags
Audit archive R2 S3-compatible NDJSON audit archive (indefinite retention)
Background jobs Workflows Durable reindex and consolidation pipelines

Public demo

A live instance is running at memory.flarelylegal.com with the server modeled as its own knowledge graph.

curl -s https://memory.flarelylegal.com/api/demo | jq

Quick start

npm install
npm run db:init:local
npm run dev -- --local --port 8787

See Deployment for full setup with Cloudflare resources.

Connect an MCP client

Interactive (browser login)

{
  "mcpServers": {
    "memory-graph": {
      "url": "https://memory.flarelylegal.com/mcp"
    }
  }
}

Works with Claude Desktop, Cursor, OpenCode, or any MCP-compatible client. Your client opens a Cloudflare Access login page on first connect.

Headless / CI

The MCP endpoint requires an interactive OAuth flow -- it cannot be used with service tokens alone. For CI pipelines, scripts, and headless agents, use the REST API with Cloudflare Access service tokens:

curl https://memory.flarelylegal.com/api/v1/namespaces \
  -H "CF-Access-Client-Id: <client-id>" \
  -H "CF-Access-Client-Secret: <client-secret>"

The REST API has full MCP-parity for all data operations. See Service tokens below for setup.

Note

Access is gated by Cloudflare Access. To request a test account, open an issue or reach out.

Service tokens (CI/CD and automation)

Browser login works for interactive use, but CI pipelines, scripts, and headless agents can't complete an OAuth flow. Cloudflare Access service tokens solve this -- they authenticate requests at the edge without a browser. Each token must be bound to an email so the server knows which user owns the writes.

  1. Create a service token in the Zero Trust dashboard (Access > Service Auth > Service Tokens) (admin)

  2. Add a Service Auth policy to your Access application (admin)

  3. Bind the token to your identity -- visit the self-service form in your browser (any authenticated user):

    memory.flarelylegal.com/api/v1/admin/service-tokens/bind

    Enter your Client ID and Secret, click "Bind token". The form validates credentials and links the token to your Cloudflare Access identity.

  4. Use the token in API or MCP calls:

curl https://memory.flarelylegal.com/api/v1/namespaces \
 -H "CF-Access-Client-Id: <client-id>" \
 -H "CF-Access-Client-Secret: <client-secret>"

For programmatic binding (CI pipelines, scripts), see REST API -- service tokens.

MCP Tools (17)

17 tools covering namespaces, entities, relations, traversal, memories, conversations, semantic search, and admin workflows. See MCP Tools for the full list with parameters and usage.

REST API

Full REST API alongside MCP tools, documented with an auto-generated OpenAPI 3.1 spec and Scalar docs UI. Covers all MCP-parity endpoints plus REST-only routes for RBAC administration (groups, group members, namespace grants, service tokens).

See REST API for authentication, endpoints, and response shaping.

Documentation

Full docs at docs/: deployment, configuration, architecture, MCP tools, REST API, observability, FAQ, and contributing.

About

Persistent structured memory for LLMs: Knowledge graphs, semantic search, and temporally-decayed recall. For Teams

flarelylegal.com

Topics

ai workers cloudflare llm

Resources

Readme

License

AGPL-3.0 license

Contributing

Contributing
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 20

v1.6.0 Latest
Mar 1, 2026
+ 19 releases

Contributors

Languages