Skip to content

Mneme

v0.0.8 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 15d LLM Frameworks
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-memory bun encryption local-first mcp
+5 more
memory open-protocol privacy sdk typescript

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Updates sas, url, and v0.1.0 across a mixed release.

Full changelog

Highlights

Two laptops on a LAN now pair and sync with no hosted infrastructure. Turns the v0.0.7 cryptographic claims into a tangible cross-machine experience.

// Device A
import { Mneme } from '@mneme/sdk'
import { serveForPairing, WebSocketSyncServer } from '@mneme/sync-websocket'

const alice = await Mneme.open({ passphrase: '...' })
await serveForPairing(alice, {
  onUrlReady: (url) => console.log(`Pair to ${url}`),
  onSasReady: async (sas) => await userConfirms(sas), // your UI
})

const server = new WebSocketSyncServer({ mneme: alice, allowedOwnerId: 'pedro' })
server.start()

// Device B
import { Mneme } from '@mneme/sdk'
import { pairOverWebSocket, WebSocketSyncPeer } from '@mneme/sync-websocket'

const { mneme: bob, recoveryPhrase } = await pairOverWebSocket({
  url: 'ws://192.168.1.10:7078',
  passphrase: 'bob-passphrase',
  path: '/path/b.sqlite',
  onSasReady: async (sas) => await userConfirms(sas),
})
console.log('SAVE THIS:', recoveryPhrase)

await bob.sync(new WebSocketSyncPeer({ url: 'ws://192.168.1.10:7077' }))
  • New package: @mneme/sync-websocket v0.0.1Bun.serve for the server, native WebSocket for the client
  • JSON envelopes with request-id correlation — inspectable with wscat
  • Optional allowedOwnerId on the server pins requests to one owner
  • Both pairing sides drive SAS verification via onSasReady callbacks — either rejecting aborts cleanly
  • ADR 0010 captures the design with the full security-vs-scope tradeoff

⚠️ No authentication in v0.0.8

The server accepts any WebSocket connection. Use only on loopback or a network you control. Bearer-token auth lands with hosted Mneme Cloud (v0.1.0). The crypto story still holds — records are signed encrypted blobs to any non-pairing observer, and pairing's SAS gives independent MITM protection — but server-side resource abuse is possible on shared networks.

What's in the repo today

  • packages/protocol v0.0.1 — open spec types
  • packages/sdk v0.0.7 — encryption + recovery + signing + sync + pairing
  • packages/embedder-local v0.0.1 — on-device embeddings
  • packages/sync-websocket v0.0.1 — WebSocket transport
  • apps/mcp-server v0.0.1 — Claude Code-installable MCP server
  • tests/conformance v0.0.1 — cross-implementation suite
  • decisions/10 ADRs

Try it

git clone https://github.com/ppserapiao/mneme
cd mneme
bun install
bun test    # 118 pass, 2 skip
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mneme

Get notified when new releases ship.

Sign up free

About Mneme

All releases →

Related context

Beta — feedback welcome: [email protected]