Local-first shared memory for MCP-capable AI agents.
Agents Memory Sidecar lets tools such as Codex, Claude Code, Grok, agy, Pi, and other MCP clients share operational memory through one local sidecar. It is designed for coding agents that need to search prior context before changing a project and store durable non-secret facts after work is validated.
Agent CLI -> stdio MCP wrapper -> localhost HTTP sidecar -> PostgreSQL + pgvector
The HTTP server is intended to listen on 127.0.0.1 only. Do not expose it directly to the public internet.
- MCP tools for searching, reading, and writing shared memory
- Project context storage for stable paths, services, ports, and conventions
- Short-lived agent observations with TTL
- HTTP sidecar with bearer-token authentication
- Actor identity derived from token registry, not model-provided fields
- PostgreSQL persistence with pgvector-backed semantic and hybrid search
- Secret rejection for common token/private-key patterns
- Audit events for writes, permission denials, unauthorized calls, and pruning
- Fake JSON store for local development and smoke tests
memory_searchmemory_getproject_context_getmemory_addagent_observation_addproject_context_set(admin-only)
Search defaults to keyword/full-text mode. PostgreSQL deployments can enable semantic or hybrid mode after backfilling memory_embeddings; see Configuration and Semantic And Hybrid Search.
- Architecture
- 5-Minute Demo Transcript
- PostgreSQL Quickstart
- 30-Minute Durable Deployment Transcript
- Semantic And Hybrid Search
- Agent Integrations
- Operations
- Backup And Restore
- Security Model
- Release Checklist
git clone https://github.com/zenbordercom/agents-memory-sidecar.git
cd agents-memory-sidecar
npm install
npm run buildValidate the checkout and build output:
node scripts/check-installation.mjs --profile quickstart --prettyDemo mode uses the fake JSON store and does not require PostgreSQL, systemd, or production config files:
npm run smoke
npm run http:smoke
npm run http:bridge-smokeUse the fallback CLI against the fake store:
AGENT_MEMORY_AGENT_ID=local-cli \
AGENT_MEMORY_RUNTIME=local \
AGENT_MEMORY_ROLE=writer \
AGENT_MEMORY_PROJECTS='*' \
node dist/cli.js memory_add '{
"tenant":"default",
"project":"demo-app",
"namespace":"ops",
"kind":"note",
"title":"Demo memory",
"body":"Agents Memory Sidecar demo mode is running with the fake store.",
"source_type":"manual"
}'Search it:
AGENT_MEMORY_AGENT_ID=local-cli \
AGENT_MEMORY_RUNTIME=local \
AGENT_MEMORY_ROLE=writer \
AGENT_MEMORY_PROJECTS='*' \
node dist/cli.js memory_search '{
"tenant":"default",
"project":"demo-app",
"query":"demo mode",
"limit":5
}'Create a private local token registry:
mkdir -p .local/agents-memory
node scripts/upsert-http-token.mjs \
--file .local/agents-memory/http-tokens.json \
--agent-id local-cli \
--runtime local \
--role writer \
--projects '*'The token script prints a fingerprint only. For local development, load the
matching local-cli/local token into your shell from the private registry file:
export AGENT_MEMORY_HTTP_BEARER_TOKEN="$(
node -e "const fs=require('fs');const r=JSON.parse(fs.readFileSync('.local/agents-memory/http-tokens.json','utf8'));const e=Object.entries(r).find(([,a])=>a.agentId==='local-cli'&&a.runtime==='local');if(!e) throw new Error('local-cli/local token not found');console.log(e[0])"
)"Start the HTTP sidecar in one terminal:
AGENT_MEMORY_HTTP_TOKENS_FILE="$PWD/.local/agents-memory/http-tokens.json" \
AGENT_MEMORY_HTTP_HOST=127.0.0.1 \
AGENT_MEMORY_HTTP_PORT=18790 \
npm run http:devIn another terminal, call it through the CLI HTTP backend:
export AGENT_MEMORY_HTTP_BEARER_TOKEN="$(
node -e "const fs=require('fs');const r=JSON.parse(fs.readFileSync('.local/agents-memory/http-tokens.json','utf8'));const e=Object.entries(r).find(([,a])=>a.agentId==='local-cli'&&a.runtime==='local');if(!e) throw new Error('local-cli/local token not found');console.log(e[0])"
)"
AGENT_MEMORY_BACKEND=http \
AGENT_MEMORY_HTTP_BASE_URL=http://127.0.0.1:18790 \
AGENT_MEMORY_AGENT_ID=local-cli \
AGENT_MEMORY_RUNTIME=local \
AGENT_MEMORY_ROLE=writer \
AGENT_MEMORY_PROJECTS='*' \
node dist/cli.js memory_add '{
"tenant":"default",
"project":"demo-app",
"namespace":"ops",
"kind":"note",
"title":"HTTP sidecar demo",
"body":"The local HTTP sidecar accepts bearer-token memory writes.",
"source_type":"manual"
}'Search it:
AGENT_MEMORY_BACKEND=http \
AGENT_MEMORY_HTTP_BASE_URL=http://127.0.0.1:18790 \
AGENT_MEMORY_AGENT_ID=local-cli \
AGENT_MEMORY_RUNTIME=local \
AGENT_MEMORY_ROLE=writer \
AGENT_MEMORY_PROJECTS='*' \
node dist/cli.js memory_search '{
"tenant":"default",
"project":"demo-app",
"query":"HTTP sidecar",
"limit":5
}'Use PostgreSQL when you want durable shared memory:
AGENT_MEMORY_BACKEND=postgres \
PGDATABASE=agents_memory \
npm run db:migrateThen run the PostgreSQL smoke test:
npm run postgres:smokeSee PostgreSQL Quickstart for a complete local database setup.
Install the current GitHub release tag:
npm install -g github:zenbordercom/agents-memory-sidecar#v0.2.1Or install the release tarball:
npm install -g https://github.com/zenbordercom/agents-memory-sidecar/releases/download/v0.2.1/agents-memory-sidecar-0.2.1.tgzThe npm registry package may lag the GitHub release. Check the registry version before using the unpinned npm install path:
npm view agents-memory-sidecar version # must print 0.2.1 or newer
npm install -g agents-memory-sidecarThe CLI entry points are:
agents-memory --help
agents-memory-mcp
agents-memory-httpagents-memory: JSON CLI for direct commands and fallback automation.agents-memory-mcp: stdio MCP wrapper for agent clients.agents-memory-http: local HTTP sidecar.
- Missing
dist/*.js: runnpm run build. - Missing token registry: create one with
scripts/upsert-http-token.mjsand setAGENT_MEMORY_HTTP_TOKENS_FILE. - HTTP connection refused: start
agents-memory-httpornpm run http:dev, then runnode scripts/check-installation.mjs --profile quickstart --check-http --expected-backend fake --pretty. permission_denied: check that the bearer token actor has the required role and project access.
The recommended client pattern is:
- Store the bearer token in a private env file.
- Create a small launcher script that sources that env file.
- Point the agent's MCP config at the launcher.
See Agent Integrations and integrations/*/README.md.
- Bind the HTTP sidecar to
127.0.0.1. - Keep full bearer tokens out of Git, chat, logs, and docs.
- Use separate tokens per agent.
- Give normal agents
writer, notadmin. - Store stable facts, not secrets or raw
.envfiles. - Treat model-provided actor fields as untrusted.
See Security Model.
Optional scripts and systemd unit examples are included for local Linux deployments. Review paths, users, groups, database roles, and backup passphrase handling before use.
sudo scripts/install-local.shSee Operations and Backup And Restore.
- Search defaults to keyword/full-text mode. Semantic and hybrid search require stored embeddings and an embedding model or explicit query embedding.
- The project does not replace an agent's internal conversation memory.
- The sidecar is local-first and not designed as a public multi-tenant SaaS API.
- Fresh install automation is intentionally minimal in this version.
- Not a hosted SaaS API or public internet service.
- Not an agent scheduler or orchestration framework.
- Not a secret manager.
- Not full conversation memory.
- Not a replacement for each agent's native session state.
Apache-2.0.