Skip to content

Mneme

v0.1.1 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 15d LLM Frameworks
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-memory bun encryption local-first mcp
+5 more
memory open-protocol privacy sdk typescript

Affected surfaces

breaking_upgrade

Summary

AI summary

Updates What's in v0.1.1, Install ```sh, and https://bun.sh across a mixed release.

Full changelog

First usable release of every `@mnemehq/*` package on npm.

v0.1.0 was published earlier today and was broken end-to-end (`publishConfig` field overrides are silently ignored by npm, `workspace:*` deps leaked into the registry, mcp-server's bin entry was stripped). Those versions are deprecated on npm with install-time warnings. v0.1.1 is the version to install. Full postmortem in `decisions/0011-npm-publishing.md`.

Install

```sh

SDK + WebSocket transport (the most common pair)

bun add @mnemehq/sdk @mnemehq/sync-websocket

Optional on-device embeddings

bun add @mnemehq/embedder-local

MCP server in Claude Code — zero install

claude mcp add mneme -- npx -y @mnemehq/mcp-server
```

Requires Bun `>= 1.3` (the SDK uses `bun:sqlite`; the WebSocket transport uses `Bun.serve`).

Packages published

| Package | Size (packed) | Notes |
| --- | --- | --- |
| `@mnemehq/[email protected]` | 10.9 kB | Canonical types + Zod schemas for the open spec |
| `@mnemehq/[email protected]` | 66.4 kB | Local-first `Mneme` class. AES-256-GCM at rest, BIP-39 recovery, Ed25519 signed writes, pairing ceremony, sync engine |
| `@mnemehq/[email protected]` | 7.9 kB | On-device embeddings via `@huggingface/transformers` |
| `@mnemehq/[email protected]` | 20.5 kB | WebSocket transport for sync + pairing |
| `@mnemehq/[email protected]` | 8.9 kB | MCP server with `mneme-mcp` bin |

What's in v0.1.1 (cumulative since v0.0.8)

  • Publish pipeline (this release). Top-level `main`/`types`/`exports`/`bin` point directly at `./dist/*`. `prepublishOnly` script runs build + `scripts/verify-package.ts` (tarball forensics) + `publint --strict` on every publish. Same chain runs in CI on every PR. Broken packages cannot leave the developer's machine.
  • Scope. Published under `@mnemehq` (bare `@mneme` was taken). The brand text remains lowercase `mneme`.

Previous (v0.0.x, pre-npm)

v0.0.4 → v0.0.8 shipped iteratively as workspace-only packages. See git history for the per-feature commits. v0.1.1 wraps everything from v0.0.8 (WebSocket transport for sync + pairing) and earlier into the first publicly-installable cut.

Status

Pre-1.0. The API surface is real but may break across minor versions until v1.0.

Postmortem

The story of why v0.1.0 was a stillbirth and what we built so it never happens again is in ADR 0011 under "Postmortem — 2026-05-19 publish incident."

Breaking Changes

  • Deprecated and removed npm packages @mnemehq/*@0.1.0 with install‑time warnings; users must now install version 0.1.1.
  • Minimum runtime requirement changed to Bun >= 1.3 (SDK uses bun:sqlite, WebSocket transport uses Bun.serve).
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mneme

Get notified when new releases ship.

Sign up free

About Mneme

All releases →

Related context

Beta — feedback welcome: [email protected]