Skip to main content
mcpSource-backedReview first Safety Privacy

GoodMemory MCP Server

Local-first GoodMemory MCP server for giving Claude durable, scoped memory with SQLite storage, auditable recall, explicit deletion, and opt-in governed writes.

HarnessClaude CodeCodexCursorClaude Desktop
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://github.com/hjqcan/GoodMemory/blob/main/docs/GoodMemory-Standalone-MCP-Setup-Guide.md, https://github.com/hjqcan/GoodMemory
Safety notes
Standalone MCP starts with eight read-only tools; the governed goodmemory_remember tool is registered only with --allow-write or GOODMEMORY_MCP_ALLOW_WRITE=1., Enabling writes persists selected memory; separate GoodMemory lifecycle APIs can remove stored records, so review write and deletion operations and keep backups of important data., Optional installed-host setup can modify Codex or Claude Code hook and MCP configuration; this is separate from standalone MCP mode.
Privacy notes
Standalone mode stores durable memory in local SQLite by default, under the GoodMemory home directory, until the user exports or deletes it., Recalled memory is inserted into Claude's model context and can therefore be sent to the configured model provider., Optional PostgreSQL, embedding, or assisted-extraction providers change the data boundary and may send memory content to configured external services.
Author
hjqcan
Submitted by
hjqcan
Claim status
unclaimed
Last verified
2026-07-13

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

5 minutes

Install command

Provided

Config snippet

Provided

Copy snippet

Provided

Prerequisites

4 to clear

Platforms

4 listed

Install type

CLI install

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

4 prerequisites to line up before setup.

0/4 ready
Install & runtime1Configuration1Permissions & scopes1General15 minutes

Safety & privacy surface

Safety & privacy surface

3 safety and 3 privacy notes across 5 risk areas. Review closely: third-party handling.

5 areas
  • SafetyGeneralStandalone MCP starts with eight read-only tools; the governed goodmemory_remember tool is registered only with --allow-write or GOODMEMORY_MCP_ALLOW_WRITE=1.
  • SafetyData retentionEnabling writes persists selected memory; separate GoodMemory lifecycle APIs can remove stored records, so review write and deletion operations and keep backups of important data.
  • SafetyExecution & processesOptional installed-host setup can modify Codex or Claude Code hook and MCP configuration; this is separate from standalone MCP mode.
  • PrivacyLocal filesStandalone mode stores durable memory in local SQLite by default, under the GoodMemory home directory, until the user exports or deletes it.
  • PrivacyThird-party handlingRecalled memory is inserted into Claude's model context and can therefore be sent to the configured model provider.
  • PrivacyThird-party handlingOptional PostgreSQL, embedding, or assisted-extraction providers change the data boundary and may send memory content to configured external services.

Safety notes

  • Standalone MCP starts with eight read-only tools; the governed goodmemory_remember tool is registered only with --allow-write or GOODMEMORY_MCP_ALLOW_WRITE=1.
  • Enabling writes persists selected memory; separate GoodMemory lifecycle APIs can remove stored records, so review write and deletion operations and keep backups of important data.
  • Optional installed-host setup can modify Codex or Claude Code hook and MCP configuration; this is separate from standalone MCP mode.

Privacy notes

  • Standalone mode stores durable memory in local SQLite by default, under the GoodMemory home directory, until the user exports or deletes it.
  • Recalled memory is inserted into Claude's model context and can therefore be sent to the configured model provider.
  • Optional PostgreSQL, embedding, or assisted-extraction providers change the data boundary and may send memory content to configured external services.

Prerequisites

  • Bun 1.3 or newer on PATH for the packaged MCP command.
  • Node.js 20 or newer and npm for the global package install.
  • A stable user id to scope recalled and stored memory.
  • A writable local GoodMemory directory, or an explicitly configured PostgreSQL store.

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Skill and platform metadata
Retrieval sources
https://github.com/hjqcan/GoodMemory/blob/main/README.mdhttps://github.com/hjqcan/GoodMemory/blob/main/docs/GoodMemory-Standalone-MCP-Setup-Guide.mdhttps://github.com/hjqcan/GoodMemory/blob/main/.well-known/goodmemory.jsonhttps://registry.modelcontextprotocol.io/v0.1/servers/io.github.hjqcan%2Fgoodmemory/versions/latest
Collection metadata
Estimated setup
5 minutes
Difficulty
intermediate
Full copyable content
{
  "mcpServers": {
    "goodmemory": {
      "command": "goodmemory-mcp",
      "args": ["--standalone", "--user-id", "YOUR_USER_ID"]
    }
  }
}

About this resource

Content

GoodMemory is an MIT-licensed memory layer for coding agents and AI applications. Its standalone MCP server gives Claude and other MCP clients a scoped, durable store without requiring GoodMemory's managed Codex or Claude Code installation path.

The default MCP surface is read-only: context, trace, statistics, and artifact inspection. Users can explicitly add --allow-write to register goodmemory_remember, which sends proposed memories through the same governed remember pipeline used by the library API.

Features

  • Local SQLite persistence by default, with optional PostgreSQL storage.
  • Eight read-only MCP tools for recall, context, traces, statistics, and artifact inspection.
  • Opt-in governed writes through goodmemory_remember.
  • User, workspace, and optional agent scope controls.
  • Companion CLI and library surfaces for audit, export, correction, forget, and deletion workflows.
  • Embedding-free lexical retrieval by default, with optional embedding providers.
  • Standalone recipes for Claude Desktop, Cursor, Gemini CLI, OpenCode, and other MCP-compatible clients.

Installation

Install the published package globally:

npm install -g goodmemory@0.5.1

Add the standalone server to an MCP client:

{
  "mcpServers": {
    "goodmemory": {
      "command": "goodmemory-mcp",
      "args": ["--standalone", "--user-id", "YOUR_USER_ID"]
    }
  }
}

The equivalent command is:

goodmemory-mcp --standalone --user-id YOUR_USER_ID

Keep the default read-only surface while validating recall. Add --allow-write only after reviewing the storage scope and write policy.

Use Cases

  • Recall architecture decisions before continuing a coding task.
  • Carry stable project context between Claude sessions.
  • Inspect why a memory was selected before using it.
  • Keep local memory separated by user, workspace, and agent scope.
  • Export or remove incorrect memories through explicit lifecycle operations.
  • Share one configured store across multiple MCP-compatible coding hosts.

Safety and Privacy

GoodMemory creates durable state, so stored content can outlive the conversation that produced it. Start with the read-only MCP surface, inspect the resolved storage location, and keep a stable scope. Before enabling goodmemory_remember, decide which information may be retained and how it will be reviewed, corrected, exported, or deleted.

The default standalone path is local SQLite and does not require an embedding or extraction provider. Configuring PostgreSQL, embeddings, assisted extraction, or a hosted model changes the data boundary. Treat recalled memory as prompt context: it will be visible to the model provider used by the host.

Source Review

These sources were reviewed on 2026-07-13. Prefer the live repository, published package metadata, capability descriptor, and official MCP registry entry for current versions, commands, storage behavior, and tool exposure.

Source citations

Add this badge to your README

Show that GoodMemory MCP Server is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/goodmemory-mcp-server.svg)](https://heyclau.de/entry/mcp/goodmemory-mcp-server)

How it compares

GoodMemory MCP Server side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

1 trust signal differ across this comparison (Submitter).

Field

Local-first GoodMemory MCP server for giving Claude durable, scoped memory with SQLite storage, auditable recall, explicit deletion, and opt-in governed writes.

Open dossier

Local-first persistent memory MCP server for AI coding agents, backed by a single Go binary, SQLite, FTS5 search, CLI, HTTP API, and TUI.

Open dossier

Local-first context-engineering MCP server and CLI that gives Claude token-efficient file reads, shell-output compression, code search, graph queries, persistent session memory, context packaging, verification tools, and dashboard-style token accounting through a single Rust binary.

Open dossier

MCP server and CLI for Ruflo's multi-agent Claude Code and Codex workflow harness, exposing tools for swarms, agents, memory, hooks, daemons, plugins, federation, and project automation.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
SubmitterDiffershjqcanoktofeesh1oktofeesh1oktofeesh1
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
BrandLeanCTX logoLeanCTX
Categorymcpmcpmcpmcp
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorhjqcanGentleman ProgrammingYves GudeRuvNet
Added2026-07-132026-06-052026-06-062026-06-06
Platforms
Claude CodeCodexCursorClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Source repo
Safety notesStandalone MCP starts with eight read-only tools; the governed goodmemory_remember tool is registered only with --allow-write or GOODMEMORY_MCP_ALLOW_WRITE=1. Enabling writes persists selected memory; separate GoodMemory lifecycle APIs can remove stored records, so review write and deletion operations and keep backups of important data. Optional installed-host setup can modify Codex or Claude Code hook and MCP configuration; this is separate from standalone MCP mode.Engram can save, update, delete, search, compare, judge, merge, and summarize project memories that may influence future agent behavior. Incorrect or stale memories can steer an agent toward bad assumptions, so review saved decisions, architecture notes, and task learnings periodically. Use explicit project selection or repo-local configuration when multiple projects are visible to the MCP server. Cloud sync is opt-in; review project scope, tokens, allowed projects, and repair flows before enabling shared replication.LeanCTX can read local files, run shell commands invoked through its tools, cache outputs, install shell/editor hooks, and persist session state. Review generated MCP and shell-hook changes before enabling them across all agents or shells. Keep path jail enforcement enabled for normal use, and allow extra roots only when a project genuinely needs them. Disable or restrict command-execution and unsafe I/O tools for regulated repositories, untrusted workspaces, or shared team environments. Treat compressed shell output and cached reads as summaries; switch to full reads or raw command output when exact source text matters.Ruflo's full CLI install can add project files, MCP configuration, hooks, helper scripts, memory state, commands, skills, and background automation. The MCP surface includes tools for agent spawning, swarm coordination, memory operations, hook execution, daemon control, plugins, security scans, and federation. Background daemons and hooks can run automatically based on session, task, file, or worker events; inspect generated settings before relying on them. Some workflows can execute shell commands, edit project files, scan dependencies, start services, or dispatch multi-step agent tasks. Federation and HTTP transport modes can expose agent coordination outside the local stdio boundary; keep them disabled unless you have reviewed network trust. Use least-privilege repositories and require human review before accepting generated code, security fixes, plugin installs, or automated workflow changes.
Privacy notesStandalone mode stores durable memory in local SQLite by default, under the GoodMemory home directory, until the user exports or deletes it. Recalled memory is inserted into Claude's model context and can therefore be sent to the configured model provider. Optional PostgreSQL, embedding, or assisted-extraction providers change the data boundary and may send memory content to configured external services.Memories can contain product plans, architecture decisions, code paths, prompts, implementation notes, incident details, and sensitive lessons learned. Local SQLite storage, exported sync chunks, Git-tracked memory files, cloud replication, HTTP API logs, and TUI copy actions can expose memory content. Do not store secrets, credentials, customer data, or unreleased security details unless the local store and any sync targets are approved for that data.Local code, file paths, command output, search terms, session notes, context packages, knowledge graph data, token metrics, and dashboard statistics can be sent to the MCP client and model. LeanCTX stores local stats and session state under its own configuration/data directories; protect these files if they contain project decisions, findings, or sensitive paths. Secret-like paths are blocked or role-gated by default according to upstream security docs, but users should still avoid prompting agents to read credentials, private keys, tokens, or ignored files. The upstream security policy describes optional update checks and opt-in anonymous stats sharing; disable network checks when working in confidential or offline environments.Ruflo memory, hooks, logs, telemetry-style metrics, worker output, prompts, code snippets, file paths, and task history may be stored under project-local state. Agent memory and embeddings can preserve sensitive implementation details beyond the current chat session. Federation, hosted UI, remote provider, plugin, or HTTP transport workflows may move task context beyond the local machine if enabled. Security scans, dependency checks, and code analysis can reveal private package names, vulnerabilities, paths, branch names, and repository structure. Review `.claude`, `.claude-flow`, helper scripts, logs, and exported memory before sharing a repository or support bundle.
Prerequisites
  • Bun 1.3 or newer on PATH for the packaged MCP command.
  • Node.js 20 or newer and npm for the global package install.
  • A stable user id to scope recalled and stored memory.
  • A writable local GoodMemory directory, or an explicitly configured PostgreSQL store.
  • Engram binary installed through Homebrew, GitHub Releases, Go install, or a source build.
  • MCP-compatible coding agent such as Claude Code, Codex, OpenCode, Gemini CLI, VS Code, Cursor, or Windsurf.
  • Project selection rules for where memories should be written, especially in monorepos or parent workspaces.
  • Optional cloud server configuration only when shared or cross-machine memory replication is desired.
  • npm for the `lean-ctx-bin` package, or another upstream-supported install path such as release binaries, Homebrew, Cargo, or AUR.
  • A local repository workspace where LeanCTX is allowed to read files, run configured shell commands, and store session metadata.
  • Review of generated MCP client config, shell hooks, per-project `.lean-ctx.toml`, and global `~/.config/lean-ctx/config.toml`.
  • Explicit allow-listing for any paths outside the current project root that LeanCTX should be permitted to access.
  • Node.js 20 or newer.
  • Claude Code or another MCP client that can launch stdio servers.
  • A repository where Ruflo-generated `.claude`, `.claude-flow`, settings, helpers, hooks, and memory files are acceptable.
  • Review of which MCP tool groups, hooks, plugins, providers, and background workers should be enabled.
Install
npm install -g goodmemory@0.5.1
brew install gentleman-programming/tap/engram
npm install -g lean-ctx-bin
npx ruflo@latest init wizard
Config
{
  "mcpServers": {
    "goodmemory": {
      "command": "goodmemory-mcp",
      "args": ["--standalone", "--user-id", "YOUR_USER_ID"]
    }
  }
}
{
  "mcpServers": {
    "engram": {
      "command": "engram",
      "args": ["mcp"]
    }
  }
}
{
  "mcpServers": {
    "lean-ctx": {
      "command": "lean-ctx",
      "env": {
        "LEAN_CTX_IO_BOUNDARY_MODE": "enforce",
        "LEAN_CTX_NO_UPDATE_CHECK": "1"
      }
    }
  }
}
{
  "mcpServers": {
    "ruflo": {
      "command": "npx",
      "args": [
        "-y",
        "ruflo@latest",
        "mcp",
        "start"
      ],
      "type": "stdio"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.