hirnd 0.1.0

hirn standalone daemon — gRPC, HTTP, and MCP server for cognitive memory
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

# hirnd

> **⚠️ Experimental:** This project is under active development. APIs, on-disk formats, and behaviour may change without notice. Not recommended for production use.

Standalone cognitive memory daemon — the hirn server. Exposes gRPC, HTTP/REST, and MCP interfaces for multi-client access to HirnDB.

## Interfaces

| Interface | Protocol | Description |
|-----------|----------|-------------|
| **gRPC** | HTTP/2 + Protobuf (tonic) | High-throughput programmatic access |
| **HTTP** | REST + JSON (axum) | Web clients, curl, simple integrations |
| **MCP** | Model Context Protocol (rmcp) | LLM tool calling integration |

## Usage

```bash
# Start with defaults
hirnd --db-path ./brain

# Full configuration
hirnd \
  --db-path ./brain \
  --grpc-port 50051 \
  --http-port 8080 \
  --tls-cert server.pem \
  --tls-key server-key.pem \
  --log-level info

# Generate TLS certificates
hirnd generate-cert --output ./certs

# Add API key for authentication
hirnd add-key --name "my-agent" --output ./keys
```

## Cluster Write Forwarding

In clustered deployments, realm-owned HTTP mutations are forwarded to the current realm owner.
This includes the dedicated write endpoints and mutating HirnQL sent through `/v1/execute`.

- If the realm has no assigned owner yet, or `hirnd` is running in standalone mode, the request executes locally.
- Forwarded owner responses preserve the owner status code.
- Forwarded error payloads include `retryable: true|false` so clients can distinguish owner rejection from transient routing or owner-availability failures.

## CLI Subcommands

| Command | Description |
|---------|-------------|
| (default) | Start the server |
| `generate-cert` | Generate self-signed TLS certificates |
| `add-key` | Generate and register an API key |

## gRPC Services

- `HirnService` — Remember, Recall, Think, Forget, Connect, Inspect, Trace
- `AdminService` — Consolidate, Stats, Compaction, Diagnostics
- `QueryService` — HirnQL execution
- `WatchService` — Event streaming

## MCP Tools

Exposed as MCP tool server for LLM clients:

| Tool | Description |
|------|-------------|
| `remember` | Store a memory |
| `recall` | Retrieve relevant memories |
| `think` | Assemble LLM context |
| `forget` | Archive a memory |
| `connect` | Add graph edge |
| `inspect` | Inspect memory record |
| `trace` | Trace memory provenance |
| `consolidate` | Run consolidation pipeline |

## Security

- TLS / mTLS for transport encryption
- API key authentication
- Cedar policy enforcement per request
- MCFA (Memory Control-Flow Attack) detection
- HMAC audit trail integrity

## Edge Posture

`hirnd` now applies route-class throttling keyed by authenticated actor identity (`realm + agent_id`) instead of a single per-IP budget.

Default budgets:

- `auth`: 10 requests / 60s
- `read`: 240 requests / 60s
- `write`: 60 requests / 60s
- `admin`: 10 requests / 60s

These defaults are configured under `[throttle]` in the server TOML and are enforced consistently across HTTP and gRPC.

## Internal Raft Trust

Raft transport endpoints (`/raft/append`, `/raft/snapshot`, `/raft/vote`) are internal cluster APIs, not public client APIs.

- Expose them only on trusted network paths; prefer mTLS or a private overlay network between `hirnd` nodes.
- Configure the same `raft.transport_secret` on every node; hirnd now rejects `/raft/*` requests unless that shared secret matches, except in explicit insecure-dev mode.
- `append` and `snapshot` reject requests from senders that are not current cluster voters.
- `append` and `snapshot` also reject stale-term requests and same-term requests from a sender that is not the receiver's current leader.
- `vote` rejects requests from candidates that are not current cluster voters or that arrive with stale terms.
- This validation is a receiver-side trust boundary check; it complements, but does not replace, transport security between nodes.

## Raft Log Durability

**`raft.data_dir` is required for multi-node (production) deployments.**

When `raft.data_dir` is set, `hirnd` opens a `DurableLogStore` backed by a `redb` embedded
database at `<data_dir>/raft-log.redb`. This persists votes, log entries, the committed index,
and the last-purged marker across restarts — upholding Raft §5.2 vote-durability safety.

When `raft.data_dir` is absent, `hirnd` falls back to `DevMemLogStore` (in-memory, non-persistent).
**`DevMemLogStore` is development/single-node only.** Restarting a node using `DevMemLogStore`
while it is part of a multi-node cluster causes:
- **Raft safety violation**: The node may re-vote for a different candidate in the same term.
- **Committed log loss**: Entries committed to quorum but not yet applied are permanently lost.
- **Realm ownership reset**: All realms become unowned until they are re-registered.

`hirnd` logs an `error!` at startup if `raft.peers` is non-empty and `raft.data_dir` is absent.

### Minimal cluster configuration

```toml
[raft]
node_id = 1
advertise_addr = "https://node-1.example:3000"
data_dir = "/var/lib/hirnd/raft"          # required for multi-node
transport_secret = "change-me-in-prod"
peers = [
  { node_id = 2, addr = "https://node-2.example:3000" },
  { node_id = 3, addr = "https://node-3.example:3000" },
]
```