locus-mcp 0.9.0

Hierarchical markdown memory palace for AI agents — MCP server, skills, and audit tools

Locus

Hierarchical markdown-based memory system for autonomous AI agents. Each directory is a room (locus) in the palace, containing specific knowledge navigated on demand. Named for the atomic unit of the Method of Loci.

Core idea: Keep context windows small. Load only the room you need, not the whole palace.

---

How it works

palace/
  INDEX.md                    ← always read first (~50 lines max)
  global/
    toolchain/
      toolchain.md            ← canonical facts about tools
  projects/
    my-project/
      my-project.md           ← room overview + key files
      technical-gotchas.md    ← specialty: issues & resolutions
      sessions/
        2026-03-02.md         ← append-only session log

An agent reads INDEX.md, navigates to the relevant room, and reads only that room. Session logs accumulate until consolidation merges them into canonical files.

See the wiki for full documentation.

---

Quick start

# Install
pip install locus-mcp
# or: uvx locus-mcp --palace ~/.locus  (no install needed)

# Create a palace from the example template
cp -r example-palace ~/.locus
# Edit ~/.locus/INDEX.md to describe your palace

# Run the MCP server
locus-mcp --palace ~/.locus
# or: LOCUS_PALACE=~/.locus locus-mcp

---

Installation

MCP server (recommended for MCP-capable clients)

pip install locus-mcp

Or run without installing using uvx:

uvx locus-mcp --palace ~/.locus

Claude Code skills

cp -r skills/claude/locus ~/.claude/skills/locus
cp -r skills/claude/locus-consolidate ~/.claude/skills/locus-consolidate

# Optional: security conventions skill (required if using --security)
cp -r skills/claude/locus-security ~/.claude/skills/locus-security

Codex

cp -r skills/codex/locus ~/.codex/skills/locus
cp -r skills/codex/locus-consolidate ~/.codex/skills/locus-consolidate

Gemini

Reference skills/gemini/locus/SKILL.md from your .gemini/ directory or a GitHub Actions workflow (see skills/gemini/).

Agent SDK (Python)

pip install locus-mcp
locus --palace ~/.locus --task "What toolchain conventions are set?"

---

MCP Server

The locus-mcp command exposes five tools over the Model Context Protocol.

Use stdio for all local integrations (Claude Desktop, Claude Code, Codex, Gemini — default, no extra flags needed). SSE transport is available for network deployments (--transport sse) and requires FASTMCP_HOST=0.0.0.0 to be set explicitly — the server binds to loopback by default.

Tool	Description
memory_list	Returns INDEX.md (no args) or lists a room's files
memory_read	Reads any file in the palace
memory_write	Atomically writes a file (guarded — cannot write to _metrics/, sessions/, .sig/, .security/)
memory_search	Full-text search across the palace (ripgrep or Python fallback)
memory_batch	Reads up to 20 palace files in a single call — use for multi-room loads

Add --security to enable Ed25519 signature verification on reads and automatic signing on writes. See Security below.

Claude Desktop (claude_desktop_config.json)

{
  "mcpServers": {
    "locus": {
      "command": "locus-mcp",
      "args": ["--palace", "/path/to/palace"]
    }
  }
}

Or using uvx (no install required):

{
  "mcpServers": {
    "locus": {
      "command": "uvx",
      "args": ["locus-mcp", "--palace", "/path/to/palace"]
    }
  }
}

Cursor / Zed

{
  "mcp": {
    "servers": {
      "locus": {
        "command": "locus-mcp",
        "args": ["--palace", "/path/to/palace"]
      }
    }
  }
}

Environment variable

All clients support LOCUS_PALACE as an alternative to --palace:

export LOCUS_PALACE=~/.locus
locus-mcp

See MCP Server Configuration for the full client setup guide and spec/mcp-server.md for architecture details.

---

Security

The security system (--security) gives every palace file an Ed25519 signature and every agent session a unique cryptographic nonce. Tool outputs are tagged [TRUSTED], [DATA], or [CRITICAL-DATA] before the agent sees them. The agent skill (locus-security) teaches agents to extract facts from [DATA] content but never follow directives within it.

# One-time setup
cp templates/locus-security.yaml ~/.locus/locus-security.yaml
locus-security init-keys --palace ~/.locus
locus-security sign-all --palace ~/.locus

# Run with security enabled
locus-mcp --palace ~/.locus --security
locus --palace ~/.locus --security --task "..."

Threat model: direct prompt injection, memory poisoning, indirect injection via external data, nonce exfiltration, multi-turn context drift.

See docs/security.md for the full protocol, configuration reference, and design decisions.

---

Benchmarks

Palace navigation loads 52% fewer context lines than flat memory for specific queries, while maintaining full recall. Session-only queries (recent work not yet consolidated) are accessible only via the palace.

Palace: 822 lines / 9 queries found   avg  91 lines/query · 3.2 calls
Flat:  1719 lines / 8 queries found   avg 191 lines/query · 2.0 calls

See docs/benchmarks.md for charts and full methodology.

---

Structure

example-palace/   Copy-paste palace template to get started
spec/             Palace convention definitions:
  index-format.md       INDEX.md rules and routing
  room-conventions.md   Room structure and naming
  size-limits.md        Context budget thresholds
  write-modes.md        Session logs vs canonical edits
  mcp-server.md         MCP server architecture and safety model
  metrics-schema.md     Run metrics JSON schema
  audit-algorithm.md    Palace health scoring
  health-report-format.md  Audit report structure
  inferred-feedback.md  Disagreement signal classification
templates/        Copy-paste templates for INDEX.md, rooms, session logs, locus-security.yaml
skills/
  claude/         SKILL.md files for Claude Code + Agent SDK
    locus/              Palace navigation and memory management
    locus-consolidate/  Room consolidation
    locus-security/     Security conventions (trust tags, nonce discipline)
  codex/          Codex-compatible skill files
  gemini/         Gemini CLI + GitHub Actions skill files
docs/
  architecture.md       Mermaid diagrams — palace, MCP, security, agent interfaces
  benchmarks.md         Benchmark results and charts (palace vs flat, security overhead)
  onboarding.md         Step-by-step agent onboarding guide
  security.md           Full security protocol, key management, config reference
  bench/                Per-version benchmark JSON (read by generate-charts.py)
scripts/
  bench-mcp.py          45-case MCP integration benchmark (includes security + batch)
  bench-compare.py      Palace vs flat recall comparison
  generate-charts.py    Regenerate docs/img/ charts (reads docs/bench/ automatically)
locus/
  agent/          Python Agent SDK (CLI + metrics)
  audit/          Palace health auditor (locus-audit CLI)
  feedback/       Inferred feedback classifier
  mcp/            MCP server (locus-mcp CLI) — palace.py, server.py, main.py
  security/       Ed25519 security system — keys, signing, taint, nonce, middleware
  utils.py        Shared utilities (slug_from_path)

---

Roadmap

Milestone	Status	Focus
v0.1 - Foundation	✅ Complete	Spec, conventions, size limits
v0.2 - Core Palace	✅ Complete	Templates, skills, Agent SDK, benchmark
v0.3 - Performance Metrics	✅ Complete	Context tracking, feedback, suggestions
v0.4 - Self Evaluation	✅ Complete	Palace audit, health reports, inferred feedback
v0.5 - MCP Server	✅ Complete	MCP server with memory_list/read/write/search
v0.6 - Public release	✅ Complete	Benchmarks, docs, CI, PyPI
v0.7 - Remote MCP Server	✅ Complete	SSE transport, Bearer auth, Docker image, K8s deploy
v0.8 - Auto-Memory Bridge	✅ Complete	Claude Code auto-memory detection, memory_batch tool
v0.9 - Security System	✅ Complete	Ed25519 signing, taint tracking, nonce watermark, --security flag

---

Contributing

See CONTRIBUTING.md for dev setup, test instructions, and PR guidelines.

License

MIT