Memory Vault
MCP Developer ToolsFeatures
- Hybrid semantic + keyword search for persistent AI memories
- MCP-native tools (recall, remember, forget, status) for Claude integration
- Local LLM chat with source‑linked answers via a web dashboard
- Automatic knowledge graph extraction of entities and relationships
Recent releases
View all 7 releases →
v1.0.2
Security relevant
⚠ Upgrade required
- Upgrade instructions: run `docker compose pull && docker compose up -d` or explicitly pull the image with `docker pull ghcr.io/mihaibuilds/memory-vault:1.0.2`.
- All existing functionality remains unchanged; drop‑in replacement for v1.0.1.
Security fixes
- High severity path traversal in unauthenticated SPA fallback route fixed via `_safe_static_path` validation using `os.path.commonpath` and `os.path.realpath`.
- Medium severity information exposure in `/api/chat/stream` SSE error handler fixed by logging exceptions server‑side and sending a generic client message.
Full changelog
Security release — fixes from the M8 CodeQL pass. No API or behavioral changes; drop-in replacement for v1.0.1.
What's fixed
| CodeQL alert | Severity | File | Fix |
|---|---|---|---|
| alert 2 + 3 py/path-injection | High | src/api/app.py | New _safe_static_path helper |
| alert 1 py/stack-trace-exposure | Medium | src/api/routers/chat.py | Generic error message |
Path traversal in SPA fallback (High). The unauthenticated SPA fallback route accepted user-controlled paths and composed them with the static directory, allowing requests like GET /../../etc/passwd to escape. Fixed via _safe_static_path using os.path.commonpath + os.path.realpath plus pre-composition rejection of empty / null-byte / leading-slash / explicit-traversal inputs. Three independent layers of defense.
Information exposure in chat stream (Medium). The inner SSE error handler in /api/chat/stream interpolated raw exception text into the response. Fixed: server-side logger.exception(...), generic client message.
Out of scope
CodeQL flagged 3 partial-SSRF findings on the llm_url field in ChatRequest. These were dismissed as architectural — Memory Vault is single-tenant self-hosted with bearer-token auth; the llm_url field is intentional operator configuration. Hardening guidance for non-default deployments (publicly exposed cloud VMs, multi-user environments) is tracked in #18 for v1.1.
Full PR with test plan: #19.
Upgrade
docker compose pull
docker compose up -d
Or pin explicitly:
docker pull ghcr.io/mihaibuilds/memory-vault:1.0.2
170 tests passing in CI.
v1.0.1
Bug fix
⚠ Upgrade required
- Run `git pull && docker compose pull && docker compose up -d` after updating to v1.0.1.
- First‑run now pulls the prebuilt image (`ghcr.io/mihaibuilds/memory-vault:1.0.1`) instead of building locally.
Full changelog
Patch release — fixes the bundled docker-compose.yml to use the published multi-arch image instead of building from source.
What changed
docker-compose.ymlnow referencesghcr.io/mihaibuilds/memory-vault:1.0.1instead ofbuild: .- First-run on a fresh clone is now ~30 seconds (image pull) instead of ~5 minutes (local build)
- The README's "one-command Docker" promise is now actually one command
Recommended starting point
Use v1.0.1 — it's the same code as v1.0.0 with a faster install path. If you've already cloned v1.0.0, run:
git pull
docker compose pull && docker compose up -d
Quick start (fresh clone)
git clone https://github.com/MihaiBuilds/memory-vault
cd memory-vault
cp .env.example .env
docker compose up -d
Open http://localhost:8000 and you're running.
v1.0 capabilities
Same as v1.0.0 — no functionality changes.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Install & Platforms
Install via
docker-compose
Platforms
linux
macos
windows
arm64
