Skip to main content

Citadel — a self-hosted Organization Vault and seat-capture CLI built on Cognee.

Project description

     ▛▜   ▛▜   ▛▜   ▛▜   ▛▜   ▛▜   ▛▜
    ▕══════════════════════════════════▏
    ▕   ____  _ _____ _   ___  ___ _    ▏
    ▕  / ___|| |_   _/ \ |   \| __| |   ▏
    ▕ | |__  | | | |/ _ \| |) | _|| |__ ▏
    ▕  \___| |_| |_/_/ \_\___/|___|____|▏
    ▕══════════════════════════════════▏
    ▕    ▟▀▙       ▟▀▙       ▟▀▙        ▏
    ▕▄▄▄▄█ █▄▄▄▄▄▄▄█ █▄▄▄▄▄▄▄█ █▄▄▄▄▄▄▄▄▏

Citadel

A self-hosted Organization Vault — shared, access-controlled memory for your team and its AI agents. Built on Cognee.

License Python Client MCP

Citadel turns approved sources — commits, sessions, docs, issues — into structured, source-linked knowledge, and exposes it to people and agents through a CLI, a hosted MCP endpoint, an HTTP API, and a web UI. Capture is personal-by-default (your private Node); the shared Central vault evolves only through governed promotion and org sync.

Features

  • One-command onboardingcitadel onboard wires the seat token, autosync git/session hooks, MCP server, and capture roots. Idempotent, self-contained.
  • Autonomous capture — fail-silent git pre-push + Claude Code SessionEnd hooks snapshot work to your private Node. No per-session ceremony.
  • Headless by design — every teammate command speaks --json, so Claude / Codex / Cursor and CI can drive it. Token from env, never argv.
  • Hosted MCP — agents connect with a URL + token; citadel_search to read, citadel_ingest / citadel_contribute to write. Per-call audit.
  • Governed sharing — seat writes stay on your Node; Central updates via org sync and the Promotion Agent. Secrets blocked on every write path.
  • Live knowledge graph — Central + all seat Nodes on one canvas, plus a real-time activity timeline in the web UI.
  • Zero-dependency clientpip install citadel-archive is pure stdlib; the server stack and TUI are opt-in extras.

Quick start

Teammate CLI

pipx install citadel-archive          # the `citadel` command (zero-dep client)
pipx install "citadel-archive[tui]"   # + the live `citadel tui` dashboard

citadel onboard                       # token + hooks + MCP + capture roots (idempotent)
citadel status                        # connection · identity · local setup  (--json for agents)

No Python yet? The bootstrap installer checks for Python 3.10+, asks before installing it if it's missing, then sets up pipx + the CLI:

curl -fsSL https://raw.githubusercontent.com/masumi-network/Citadel-Archive/main/install.sh | sh

(citadel is a Python tool; pipx keeps its interpreter isolated so you don't manage Python yourself. Add -s -- -y to skip prompts, --dry-run to preview.)

  ▙ ▟ ▙ ▟ ▙ ▟ ▙ ▟
  ███████████████   CITADEL
  ██ ▟▀▙   ▟▀▙ ██   the organization vault
  ██ █ █   █ █ ██
  ███████████████

citadel onboard installs the bundled autosync hooks (kb.hooks.* — no vendored skill), writes the seat token to your shell rc (masked), adds the MCP server, and offers Approved Capture Roots. Get a ctdl_… seat token from a vault admin (the Access page or POST /api/access/tokens). One token per person or agent; rotate anything that lands in chat or logs.

Self-host the server

uv sync --dev                         # full server stack (cognee, fastapi, …)
cp .env.example .env                  # set providers, access keys, database
uv run uvicorn kb.server:app --reload --port 8000

Open http://localhost:8000/ for the UI. See docs/operations.md for deployment, environment, and integrations.

How it works

Concept What it is
Node (seat:{slug}) Your private working memory. Default target for all capture.
Central (masumi-network) The shared org vault. Read-only for seats; evolves via sync + promotion.
Capture Approved Capture Roots auto-sync to your Node; everything else needs approval.
Promotion A Promotion Agent moves qualifying Node knowledge into Central (tag-governed).

Four surfaces sit on the same FastAPI process and the same ctdl_ tokens: the CLI, the hosted MCP endpoint (/mcp/), the HTTP API, and the web UI. The domain language is defined in CONTEXT.md; architecture decisions live in docs/adr/.

Usage

CLI

citadel onboard                       # one-command setup
citadel status [--json]               # health + identity + local setup
citadel capture [--dry-run] [--json]  # push summaries of Approved Capture Roots
citadel search "what did we decide about the vault?"
citadel ingest "A durable note" --tag decision

MCP (hosted)

Agents connect with a URL and a token — no clone, no local Python. Add to a project .mcp.json:

{
  "mcpServers": {
    "citadel": {
      "type": "http",
      "url": "https://citadel-archive-production.up.railway.app/mcp/",
      "headers": { "Authorization": "Bearer ${CITADEL_MCP_ACCESS_TOKEN}" }
    }
  }
}

HTTP API

export CITADEL_BASE_URL=https://citadel-archive-production.up.railway.app

# Read — flat, agent-friendly alias over search
curl -fsS -H "Authorization: Bearer $CITADEL_MCP_ACCESS_TOKEN" \
  "$CITADEL_BASE_URL/api/knowledge?q=payment+flow&limit=5"

# Contribute (writer) — routed through the Learning Process with conflict detection
curl -fsS -X POST "$CITADEL_BASE_URL/api/contribute" \
  -H "Authorization: Bearer $CITADEL_MCP_ACCESS_TOKEN" -H "Content-Type: application/json" \
  --data '{"title":"Decision: deepseek-v4-flash","content":"Standardized on it via OpenRouter.","tags":["decision"]}'

Full endpoint reference: docs/operations.md.

Python

import asyncio
from kb import Citadel

async def main() -> None:
    kb = Citadel.from_env()
    await kb.ingest("Citadel keeps my Organization Vault organized.", tags=["personal"])
    print(await kb.search("What does Citadel do?"))

asyncio.run(main())

Skills & agent discovery

The agent skills live in skills/ and are installable straight from this repo:

npx skills add masumi-network/Citadel-Archive

The hosted /skills index and the discovery manifest publish each skill's sha256 / SRI integrity and the MCP endpoint, token requirements, and public/private boundary — without exposing vault content.

Documentation

Topic Doc
Operations & self-hosting docs/operations.md
Teammate rollout (5 min) docs/onboarding/teammate-rollout.md
Autonomous sync docs/onboarding/citadel-autosync.md
Domain glossary CONTEXT.md
Architecture decisions docs/adr/
Brand brand.md
Publishing the CLI PUBLISHING.md
Repo Visibility Role
Citadel Archive (this) Public app, MCP plugin, docs, agent skills (no vault content)
Vault Backup Mirror Private manifest-only backup of vault evidence
Railway deployment Private live Organization Vault

Contributing

Issues and pull requests welcome. Tests run with uv run pytest; lint with uv run ruff check .. Keep the lightweight client free of server dependencies — the base package is stdlib-only (a test guards the import boundary).

License & attribution

Apache-2.0. Citadel builds on Cognee (developed by Topoteretes UG, Apache-2.0) and imports it as a dependency rather than vendoring it, so upstream can be upgraded independently.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

citadel_archive-0.1.1.tar.gz (809.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

citadel_archive-0.1.1-py3-none-any.whl (262.4 kB view details)

Uploaded Python 3

File details

Details for the file citadel_archive-0.1.1.tar.gz.

File metadata

  • Download URL: citadel_archive-0.1.1.tar.gz
  • Upload date:
  • Size: 809.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for citadel_archive-0.1.1.tar.gz
Algorithm Hash digest
SHA256 5d321635c6181c829c531e2bb7e6643d6f8f12c5bd3e593367af7604f7f02622
MD5 cd3c29f3aedda8fb8afc1faef5dea953
BLAKE2b-256 8bf8ae39c0bcb87bee016d041538d7d681b34431c71302b3ecd3cdc405462a15

See more details on using hashes here.

Provenance

The following attestation bundles were made for citadel_archive-0.1.1.tar.gz:

Publisher: publish.yml on masumi-network/Citadel-Archive

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file citadel_archive-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: citadel_archive-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 262.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for citadel_archive-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 7c44a258eb1aec30ad218cc76775a20624f500c49b821a09c5f1de5b54812936
MD5 84bca0bee9de4fe8453ed339600c6632
BLAKE2b-256 da922670a7720e658e1149df53acc26c9ea0eb910e78374202f8496128c71155

See more details on using hashes here.

Provenance

The following attestation bundles were made for citadel_archive-0.1.1-py3-none-any.whl:

Publisher: publish.yml on masumi-network/Citadel-Archive

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page