do-memory-mcp 0.1.26

Model Context Protocol (MCP) server with secure code execution sandbox for AI agents
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

#![allow(clippy::useless_attribute)]
#![allow(clippy::excessive_nesting)]
#![allow(clippy::missing_errors_doc)]
#![allow(clippy::ifs_same_cond)]

//! # Memory MCP (Model Context Protocol) Integration
//!
//! This crate provides MCP server integration for the self-learning memory system,
//! enabling secure code execution and memory queries through standardized tool interfaces.
//!
//! ## Features
//!
//! - **MCP Server**: Standard MCP server implementation with tool definitions
//! - **Secure Sandbox**: TypeScript/JavaScript code execution with comprehensive security
//! - **Memory Integration**: Query episodic memory and analyze patterns
//! - **Progressive Disclosure**: Tools are prioritized based on usage patterns
//! - **Execution Monitoring**: Detailed statistics and logging
//!
//! ## Security
//!
//! The sandbox implements defense-in-depth security:
//!
//! 1. **Input Validation**: All code is scanned for malicious patterns
//! 2. **Process Isolation**: Code runs in separate Node.js processes
//! 3. **Resource Limits**: CPU and memory usage are constrained
//! 4. **Timeout Enforcement**: Long-running code is terminated
//! 5. **Access Controls**: Network and filesystem access denied by default
//! 6. **Malicious Code Detection**: Common attack patterns are blocked
//!
//! ## Example
//!
//! ```no_run
//! use do_memory_core::SelfLearningMemory;
//! use do_memory_mcp::server::MemoryMCPServer;
//! use do_memory_mcp::types::{SandboxConfig, ExecutionContext};
//! use serde_json::json;
//! use std::sync::Arc;
//!
//! #[tokio::main]
//! async fn main() -> anyhow::Result<()> {
//!     // Create memory and server with restrictive sandbox
//!     let memory = Arc::new(SelfLearningMemory::new());
//!     let server = MemoryMCPServer::new(SandboxConfig::restrictive(), memory).await?;
//!
//!     // List available tools
//!     let tools = server.list_tools().await;
//!     for tool in tools {
//!         println!("Tool: {} - {}", tool.name, tool.description);
//!     }
//!
//!     // Execute code securely
//!     let code = r#"
//!         const result = {
//!             sum: 1 + 1,
//!             message: "Hello from sandbox"
//!         };
//!         return result;
//!     "#;
//!
//!     let context = ExecutionContext::new(
//!         "Calculate sum".to_string(),
//!         json!({"a": 1, "b": 1}),
//!     );
//!
//!     let result = server.execute_agent_code(code.to_string(), context).await?;
//!     println!("Result: {:?}", result);
//!
//!     // Get execution statistics
//!     let stats = server.get_stats().await;
//!     println!(
//!         "Executed {} times, success rate: {:.1}%",
//!         stats.total_executions,
//!         stats.success_rate()
//!     );
//!
//!     Ok(())
//! }
//! ```
//!
//! ## Architecture
//!
//! ```text
//! ┌─────────────────────────────────────────────────────────┐
//! │                    MCP Server                           │
//! │  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐ │
//! │  │ Query Memory │  │Execute Code  │  │Analyze       │ │
//! │  │              │  │              │  │Patterns      │ │
//! │  └──────────────┘  └──────────────┘  └──────────────┘ │
//! └───────────────────────┬─────────────────────────────────┘
//!//!          ┌──────────────┴──────────────┐
//!          ▼                             ▼
//! ┌─────────────────┐          ┌──────────────────┐
//! │  Code Sandbox   │          │ Memory System    │
//! │  - Validation   │          │ - Episodes       │
//! │  - Isolation    │          │ - Patterns       │
//! │  - Timeout      │          │ - Heuristics     │
//! │  - Limits       │          │                  │
//! └─────────────────┘          └──────────────────┘
//! ```

pub mod batch;
pub mod cache;
pub mod error;
#[cfg(feature = "javy-backend")]
pub mod javy_compiler;
pub mod jsonrpc;
pub mod mcp;
pub mod monitoring;
pub mod patterns;
pub mod protocol;
pub mod sandbox;
pub mod server;
pub mod types;
#[cfg(feature = "wasmtime-backend")]
pub mod unified_sandbox;
#[cfg(feature = "wasm-rquickjs")]
pub mod wasm_sandbox;
#[cfg(feature = "wasmtime-backend")]
pub mod wasmtime_sandbox;

// Re-export commonly used types
pub use batch::{
    BatchExecutor, BatchMode, BatchOperation, BatchRequest, BatchResponse, BatchStats,
    DependencyGraph, OperationError, OperationResult,
};
pub use cache::{CacheConfig, CacheStats, QueryCache};
pub use error::{Error, Result};
pub use sandbox::CodeSandbox;
pub use server::MemoryMCPServer;
pub use server::audit::{AuditConfig, AuditDestination, AuditLogEntry, AuditLogLevel, AuditLogger};
pub use types::{
    ErrorType, ExecutionContext, ExecutionResult, ExecutionStats, ResourceLimits, SandboxConfig,
    SecurityViolationType, Tool,
};

// Re-export security modules
pub use sandbox::{FileSystemRestrictions, IsolationConfig, NetworkRestrictions};

// Re-export new WASM modules
#[cfg(feature = "javy-backend")]
pub use javy_compiler::{JavyCompiler, JavyConfig, JavyMetrics};
#[cfg(feature = "wasmtime-backend")]
pub use unified_sandbox::{BackendHealth, SandboxBackend, UnifiedMetrics, UnifiedSandbox};
#[cfg(feature = "wasm-rquickjs")]
pub use wasm_sandbox::{WasmConfig, WasmMetrics, WasmSandbox};
#[cfg(feature = "wasmtime-backend")]
pub use wasmtime_sandbox::{WasmtimeConfig, WasmtimeMetrics, WasmtimeSandbox};