Releases: moorcheh-ai/memanto
Release list
v0.2.6
Release Notes for v0.2.6
This release closes out a second wave of security hardening: HttpOnly/SameSite session cookies (correctly scoped to Secure only over HTTPS) with proper renewal, fully non-blocking streaming file uploads to prevent memory and event-loop exhaustion, strict input validation (blank content/queries, provenance, memory types) across the API and CLI, and a round of TypeScript SDK correctness fixes (URL-encoded agent IDs, session bootstrap, cookie handling).
Security
-
Session cookie hardening (
memanto/app/routes/auth_deps.py,
memanto/app/ui/routes/ui_router.py,memanto/app/routes/sessions.py)- Browser UI sessions now use an
HttpOnly,SameSite=Strictcookie
(memanto_session_token) instead of JS-readable token storage, with
set_session_cookie()/clear_session_cookie()helpers. - The cookie's
Secureflag is now set dynamically from the actual request
scheme (request.url.scheme == "https") rather than hardcoded — Memanto
defaults to plain HTTP (0.0.0.0, no built-in TLS), so a hardcoded
Secure=Truewould have silently stopped browsers from ever sending the
cookie back in that default deployment. - Session renewal now correctly updates the cookie with the new token on the
response — previously a renewed session invalidated the old token without
refreshing the cookie, breaking the very next request.
- Browser UI sessions now use an
-
Streaming file uploads (
memanto/app/routes/memory.py)upload_filepreviously calledawait file.read(), loading the entire
file into memory before writing it to disk — for the documented 5 GB max,
concurrent large uploads could trivially exhaust server RAM. Uploads are
now streamed to disk in 1 MB chunks with the 5 GB cap enforced during the
stream (413 if exceeded), not after full buffering.- The chunk write itself (
tmp.write(chunk)) is now dispatched via
asyncio.to_threadso large uploads no longer block the event loop on
synchronous disk I/O.
-
Blank/invalid input rejected across API and CLI (
memanto/app/models/__init__.py,
memanto/app/routes/memory.py, CLI commands)answer/recallqueries, conversation-extraction messages, and CLI batch
memory content now reject blank/whitespace-only strings via Pydantic
validators instead of silently accepting empty input.rememberprovenance values andrecallmemory-type filters are now
validated against the allowed enum values instead of passed through
unchecked.
-
Session cleared when deleting the active agent (
memanto/app/services/session_service.py,
memanto/app/routes/sessions.py)- Deleting an agent now also deletes its persisted session state, so a saved
session token for a deleted agent can no longer be replayed via
X-Session-Token.
- Deleting an agent now also deletes its persisted session state, so a saved
-
TypeScript SDK: URL-encode agent/memory IDs (
sdks/typescript/src/index.ts)- All REST paths built from
agentId/memoryIdnow run through
encodeURIComponent(), preventing malformed requests or path injection
when an ID contains special characters.
- All REST paths built from
Improvements
-
Timestamp normalization for imports (
memanto/app/utils/temporal_helpers.py,
memanto/app/services/memory_write_service.py)- Imported memory timestamps (e.g. from
memanto migrate) are now preserved
as source chronology while being normalized to UTC-naive values for
downstream confidence calculations, via a sharedas_utc_naive()helper
(deduplicated out ofmemory_write_serviceintotemporal_helpers). - Session-listing sort and session comparisons now normalize datetimes
consistently before comparing, avoiding naive/awaredatetimecomparison
errors.
- Imported memory timestamps (e.g. from
-
Error handling (
memanto/app/utils/errors.py)map_error_to_http_exceptionnow passes an existingHTTPException
through unchanged instead of re-wrapping it (e.g. avoids turning a 413
upload-too-large into a generic 500).
-
TypeScript SDK fixes (
sdks/typescript/src/index.ts)- Fixed
status()session bootstrap so a session established outside the
constructor is recognized correctly. - Fixed a file-size fallback bug in the upload path.
- Fixed
Tests
- Large expansion of
tests/test_api.py,tests/test_cli.py, and
tests/test_unit.pycovering session-cookie renewal (including the
HTTP-vs-HTTPSSecureflag behavior), streaming upload limits, blank-input
validators, provenance/type validation, session deletion on agent removal,
and timestamp normalization. - Expanded
sdks/typescript/test/memanto.test.tsfor agent-ID encoding and
session bootstrap behavior.
Full Changelog
Full Changelog: v0.2.5...v0.2.6
v0.2.5
Release Notes for v0.2.5
This release is a major security hardening pass across the API, CLI, and Web UI: path-traversal fixes wherever agent_id/session_id/dates flow into filesystem paths, a CORS credential-exposure fix, localhost-only gating for destructive UI endpoints, unpredictable session-secret generation, stricter session-token validation, and a large cleanup that collapses the legacy scope/namespace model down to a single agent_id.
Security
-
Path traversal via
agent_id/session_id/ dates (memanto/app/utils/validation.py,
memanto/app/services/{session_service,memory_export_service,daily_analysis_service}.py)- Unsanitized
agent_id/session_idvalues were concatenated directly into
pathlib.Pathexpressions (e.g.sessions_dir / f"{agent_id}.json"),
letting a caller escape the storage directory with input like
"../../etc/passwd". All filesystem call-sites now run through
validate_safe_id(). - Extended the same guard to
memory_export_service,daily_analysis_service
(including the date parameter used in glob patterns and JSON output paths),
and the--output-pathCLI flag (anchored to a base dir viarelative_to()
containment checks).
- Unsanitized
-
CORS reflected-origin credential exposure (
memanto/app/main.py)- Default
ALLOWED_ORIGINS=["*"]combined withallow_credentials=True
caused Starlette to mirror any requestOriginback in
Access-Control-Allow-Originwhile also sending
Access-Control-Allow-Credentials: true— letting any website make
credentialed cross-origin requests to the Memanto API. Fixed to stop
mirroring arbitrary origins when credentials are allowed.
- Default
-
Sensitive Web UI endpoints gated to localhost-only (
memanto/app/ui/routes/ui_router.py)POST /api/ui/shutdown,GET /api/ui/browse,PATCH /api/ui/config,
PUT /api/ui/api-key,POST /api/ui/onprem/restart, plus the
connections and migrate endpoints, were reachable from any network host
with no authentication (remote DoS, arbitrary file listing, config/API-key
overwrite). Added a_require_local()dependency that returns 403 for any
caller that isn't127.0.0.1/::1(including IPv4-mapped IPv6 loopback),
and blocked glob-pattern injection in the browse endpoint.
-
Unpredictable session secret (
memanto/app/config.py,memanto/app/services/session_service.py)- Removed the hardcoded default JWT signing secret
("memanto-default-secret-change-in-production"). When
MEMANTO_SECRET_KEYisn't set, a per-instance random secret is now
generated (secrets.token_hex(32)) and persisted locally instead of
falling back to a publicly-known constant.
- Removed the hardcoded default JWT signing secret
-
Session token lifecycle hardening (
memanto/app/services/session_service.py,
memanto/app/routes/memory.py,memanto/cli/client/{direct_client,sdk_client}.py)- Deactivated/terminated session tokens are now rejected outright (401)
instead of continuing to authorize writes. - Cross-agent session/agent mismatches now consistently raise
AuthorizationError→ HTTP 403 (was a generic 500) across all
session-scoped endpoints. - CLI clients now validate cached sessions before reuse instead of trusting
a stale cached token. - TypeScript SDK resets its local session state after
deleteAgent().
- Deactivated/terminated session tokens are now rejected outright (401)
Improvements
-
Legacy scope model collapsed to
agent_id(memanto/app/core.py,
memanto/app/models/__init__.py,memanto/app/constants.py,
memanto/app/services/*.py)- Removed the
scope_type/scope_idpair (and the underlying
MemoryScope/namespace-parsing machinery) in favor of a singleagent_id
field; namespaces are now built by one free function
(agent_namespace(agent_id)). Dead code from this and prior cleanups moved
tomemanto/app/legacy/(excluded from CI lint/type-check). - Removed orphaned "trust" fields that were never populated by any live
write/read path (superseded_by,validation_count,
contradiction_detected, etc.) and the unusedValidationPolicyclass.
- Removed the
-
Confidence filtering bug fix (
memanto/app/services/memory_read_service.py)- Numeric
min_confidencefiltering in memory search previously relied on
Moorcheh keyword syntax that never matched; it's now applied as a
post-filter on the numericconfidencefield, fixing a zero-threshold
edge case that silently returned nothing.
- Numeric
-
Manual conflict resolution validation (
memanto/app/models/__init__.py)ConflictResolveRequestnow requires non-emptymanual_contentwhen
action == "manual", both on the API and in the UI (blank submissions show
a warning toast and refocus the textarea).
-
Timestamp normalization (
memanto/app/utils/temporal_helpers.py)- Parsed ISO timestamps are now consistently normalized to UTC, whether the
input has an explicit offset or is naive.
- Parsed ISO timestamps are now consistently normalized to UTC, whether the
-
CLI: honor custom title for short memories (
memanto/cli/commands/memory.py)memanto rememberno longer overrides an explicit--titlewith an
auto-truncated content snippet when the memory content is short.
-
Memory deletion response handling (
memanto/app/services/memory_write_service.py)- Tightened success/failure detection for memory deletion and update-then-delete
flows so partial or malformed backend responses aren't reported as success.
- Tightened success/failure detection for memory deletion and update-then-delete
-
TypeScript SDK & CI — updated dependencies, CI workflow permissions,
regeneratedopenapi.json, and added an npm publishing workflow
(.github/workflows/publish.yml).
Tests
- New
tests/test_cors_fix.py,tests/test_output_path_traversal.py,
tests/test_ui_auth.py,tests/test_remaining_ui_auth.pycovering the CORS,
path-traversal, and localhost-gating fixes. - New
tests/test_memory_read_confidence.pyandtests/test_temporal_helpers.py. - Expanded
tests/test_api.py,tests/test_cli.py,tests/test_unit.pyfor
session-secret generation, inactive-token rejection, and deletion handling.
Full Changelog
Full Changelog: v0.2.4...v0.2.5
v0.2.4
Release Notes for v0.2.4
This release ships an official TypeScript SDK (@moorcheh-ai/memanto) with lifecycle hooks and OpenAPI-generated types, a new memanto edit command for in-place memory updates, v2 memory route response models, and a set of security hardening fixes (cross-agent authorization, upload path-traversal, and secret leakage in the UI config endpoint).
New Features
-
TypeScript SDK (
sdks/typescript/)- New
@moorcheh-ai/memantonpm package: a fully-typed client generated from
the API's OpenAPI spec (openapi-ts), covering agents, sessions, remember,
recall, answer, upload, and the new extract/edit endpoints. - Lifecycle helpers (
src/lifecycle.ts) for session start/stop memory
flows, plus adoctorcommand (src/doctor.ts) for config/connectivity
checks. - All recently-added API features exposed as first-class SDK methods.
- CI workflow
.github/workflows/sdk-typescript.ymlbuilds, tests (Vitest),
and publishes the package; full test suite (memanto.test.ts,
lifecycle.test.ts,doctor.test.ts).
- New
-
memanto editcommand and PATCH endpoint (memanto/app/routes/memory.py,
memanto/cli/commands/memory.py,memanto/app/models/__init__.py)- New
PATCH /{agent_id}/memories/{memory_id}endpoint with
MemoryEditRequestfor partial in-place updates. - CLI
memanto edit <memory_id>with--title,--content,--type,
--confidence,--tags,--sourceoptions (at least one required). - Field validation on both the API and direct-client paths: non-empty content
with length limits, confidence range0.0–1.0, and valid memory-type
membership — matching the create-endpoint contract.
- New
-
v2 memory route response models (
memanto/app/models/__init__.py,
memanto/app/routes/memory.py)- Added explicit Pydantic
response_modelschemas to the v2 memory routes,
giving typed/validated responses and accurate OpenAPI documentation (which
in turn feeds the TypeScript SDK codegen).
- Added explicit Pydantic
Improvements
- Local metadata logging (
memanto/app/services/session_service.py)- Session service now logs memory metadata locally alongside the memory write,
keeping the local session summary in sync with stored memories.
- Session service now logs memory metadata locally alongside the memory write,
Security
-
Cross-agent authorization returns 403 (
memanto/app/routes/memory.py)- All 12 agent-scoped endpoints now return HTTP 403 (not 500) when a
session'sagent_iddoesn't match the URL'sagent_id, correctly
signaling an authorization failure instead of a server error.
- All 12 agent-scoped endpoints now return HTTP 403 (not 500) when a
-
Upload path-traversal fixed (CWE-22) (
memanto/app/routes/memory.py)- Uploaded filenames are stripped to their basename (
Path.name) with a
defense-in-depth realpath check, preventing a crafted filename
(e.g.../../../etc/cron.d/backdoor.txt) from escaping the temp directory.
- Uploaded filenames are stripped to their basename (
-
Secrets removed from UI config endpoint (
memanto/app/ui/routes/ui_router.py)GET /api/ui/configno longer returns the plaintext Moorcheh API key or
session JWT; only safe metadata (api_key_configured,api_key_preview)
remains, closing an unauthenticated secret-disclosure path.
Tests
- Expanded
tests/test_api.pyandtests/test_cli.pyfor the edit endpoint,
v2 response models, the 403 scope guard, and filename sanitization. - New TypeScript test suites under
sdks/typescript/test/.
Full Changelog
Full Changelog: v0.2.3...v0.2.4
v0.2.3
Release Notes for v0.2.3
This release adds conversation memory extraction — turn chat-style message history into typed, durable memories in a single call and surfaces full provenance metadata (source, source ref, provenance) across the recall path, CLI, MCP, and UI.
New Features
- Conversation memory extraction (
memanto/app/services/conversation_memory_extraction_service.py,
memanto/app/routes/memory.py,memanto/app/models/__init__.py)- New
POST /{agent_id}/remember/extractendpoint that distills chat-style
conversation turns into typed memory candidates using the same Moorcheh
answer-generation path as the RAGanswerendpoint. - Candidates are auto-classified into valid memory types, de-duplicated,
confidence-scored, and taggedconversation-extract; secrets/API
keys/tokens are explicitly excluded by the extraction prompt. dry_runreturns candidates without persisting; otherwise they're written
through the standardbatch-rememberpath and logged to the session summary.- New
ExtractMemoriesRequest/ConversationMessagemodels with bounded
limits (≤200 messages, ≤100 memories, 12k-char cap). - CLI:
memanto remember --from-conversation <path|->(reads a JSON message
array from a file or stdin) with--dry-run,--max-memories, and
--ai-modelflags; renders each extracted candidate as a panel. - SDK and direct clients gain
extract_memories_from_conversation().
- New
Improvements
- Provenance metadata in recall (
memanto/cli/commands/memory.py,
integrations/mcp/memanto_mcp/tools.py,memanto/app/ui/static/index.html)recalloutput now displaysSource,Ref, andProvenancefor each
memory (in addition to tags), unifying file-upload source names and
origin (user/agent/tool) into one consistent block.- MCP
MemoryHitmodel extended withstatus,source,source_ref, and
provenancefields so MCP clients receive full memory metadata. - Web UI memory cards surface the same source/provenance metadata.
Tests
- New
tests/test_conversation_memory_extraction.pycovering extraction,
JSON parsing/normalization, validation limits, and dry-run behavior. - Expanded
tests/test_api.pyandtests/test_cli.pyfor the extract endpoint
and--from-conversationCLI flow.
Full Changelog
Full Changelog: v0.2.2...v0.2.3
v0.2.2
Release Notes for v0.2.2
This release adds Ollama host-mode support for on-prem deployments, allowing models to be pulled and run on the host machine instead of requiring Docker-internal Ollama access.
Improvements
- Ollama host-mode pull support (
memanto/cli/commands/core.py)- On-prem setup now supports pulling Ollama models onto the host machine
instead of requiring Docker-internal Ollama access. - Model-agnostic messaging in pull helpers so the flow works with any
Ollama-compatible LLM. - New setup path handles host-mounted Ollama, making local development easier
and eliminating the need to expose Docker sockets.
- On-prem setup now supports pulling Ollama models onto the host machine
Full Changelog
Full Changelog: v0.2.1...v0.2.2
Claude Code Skills v0.1.0
Release Notes for v0.1.0
This is the initial release of claudecode-memanto, a standalone package providing native integration of Memanto's persistent, cross-session engineering memory directly into Claude Code and the mattpocock/skills ecosystem.
With one install command, Claude Code gains semantic recall across terminals, automatic extraction of architectural decisions, and per-profile memory isolation. Your engineering preferences persist seamlessly between runs without repeating instructions.
New Features & Improvements
Dual Integration Methodologies
The integration supports two methods for injecting memory, both of which can be installed either globally (applying to all projects on your machine) or locally (per-project):
- Global Lifecycle Hooks (Recommended): Wires directly into Claude Code's internal hook lifecycle (
SessionStart,UserPromptExpansion,Stop). Memory is recalled and stored invisibly in the background without requiring modified skills or wrapper scripts. - Prompt Injection (Explicit): For users who prefer explicit tool calls over hidden hooks, the
CLAUDE.mdinstaller safely appends memory instructions to yourCLAUDE.mdfile, instructing Claude to use the CLI itself.
Lifecycle Hooks Breakdown
SessionStart: Injects a compact snapshot of the developer's most recent engineering memories so every session begins aware of established conventions.UserPromptExpansion: Detects the invoked skill (e.g.,/tdd,/grill-with-docs) and dynamically injects the most relevant memories as an<engineering-profile>system-constraint block. Bare prompts are skipped to avoid polluting every turn.Stop: Asynchronously captures the session transcript and distills durable decisions in the background. Guards againststop_hook_activere-fires so a session is never distilled twice.
Active Extraction
- LLM-Powered Distillation: Instead of basic keyword matching, the
Stophook hands the session summary to Memanto's backend LLM (answer()), which actively reads it to distill durable decisions, rules, and preferences into Memanto's 13 typed memory categories.
Installation & Configuration
- Local vs Global Install:
claudecode-memanto install --method hooks # Project-local (.claude/) claudecode-memanto install --method hooks --global # Machine-global (~/.claude/)
- Environment Variables:
MOORCHEH_API_KEY: Required. Powers the Memanto connection.MEMANTO_AGENT_ID: Set a custom namespace for shared memory.MEMANTO_RECALL_LIMIT: Max memories to inject per turn (default: 15).
Full Changelog
Full Changelog: https://github.com/moorcheh-ai/memanto/commits/integrations/claudecode/v0.1.0
v0.2.1
Release Notes for v0.2.1
This release introduces memanto migrate a complete end-to-end migration command that imports memories from Mem0, Letta, and Supermemory (replacing the old analyze command), a new memanto forget endpoint for single-memory
deletion, a production-ready Claude Code Skills integration with 8 composable skill templates for cross-session engineering memory and on-prem backend refinements.
New Features
-
memanto migratecommand suite (memanto/cli/commands/migrate.py,
memanto/cli/migrate/{mappers,runner}.py)- Replaces the old
analyzecommand with a full bidirectional migration
workflow: export a provider's data (Mem0, Letta, Supermemory), map each
source row onto Memanto memory types (auto-classified via the rule-based
parser), bulk-write viabatch_remember(100 items/request), and optionally
generate a storage/token/latency savings report — all in one command. - Provider metadata (scope IDs, confidence scores, hashes) is preserved in a
bounded[Supporting data]footer so nothing is lost; original
created_at/source/source_refmap naturally onto schema. --dry-runpreviews the mapping (shows types, confidence, tags) without
writing.--reportgenerates the Markdown comparison on real runs. Outputs
live in~/.memanto/migrate/<provider>/<timestamp>/(separate from
legacyanalyze/artifacts).- Works on both cloud and on-prem backends; on-prem batch_remember respects
the same chunking.
- Replaces the old
-
memanto forgetcommand and REST endpoint (memanto/app/routes/memory.py,
memanto/cli/commands/memory.py,memanto/app/ui/static/index.html)- New
DELETE /{agent_id}/memories/{memory_id}endpoint for single-memory
deletion. Checks session scope (session must own the agent) and removes the
memory from Moorcheh. - CLI
memanto forget <memory_id>for quick terminal deletion. - UI Delete button on each memory card in the Memory Explorer.
- New
-
Claude Code Skills integration (
examples/claudecode-skills-memanto/)- New full integration package (
memanto_skillsPython module + CLI
entrypoint) that wires Memanto into Claude Code's extensible skill system.
Every skill invocation can recall past engineering decisions and persist new
ones — eliminating context resets at terminal close. - Eight pre-built skill templates (installed via
setup-memanto-skills):tdd-with-memory: TDD workflow with persisted test patternsgrill-with-docs: Code review with cached architectural decisionsdiagnose-with-memory: Debugging with prior failure logshandoff-with-memory: Pass context to teammatesmemanto-profile: View/manage your engineering profilememanto-recall: Direct memory searchmemanto-store: Save arbitrary facts
- CLI commands:
memanto-skills recall <skill> [--hint TEXT],
memanto-skills store <skill> "<insight>" [--type TYPE],
memanto-skills store-file <skill> <path>,memanto-skills profile,
memanto-skills clear-agent. - Skill definitions in
.claude-plugin/plugin.jsonandSKILL.mdper skill. - Includes session 1 & 2 demos showing before/after context fragmentation.
- New full integration package (
Improvements
-
On-prem backend enhancements (
memanto/app/services/session_service.py,
memanto/cli/commands/core.py)- Session namespace creation now reuses existing namespace on-prem instead of
error-ing when namespace already exists (idempotent namespace setup). - On-prem forget error messages are now clear and actionable (differentiate
"memory not found" from "namespace issue"). - On-prem threshold boundary checks fixed (no off-by-one on min similarity
validation).
- Session namespace creation now reuses existing namespace on-prem instead of
-
Mapper robustness (
memanto/cli/migrate/mappers.py)- Mappers now extract all available info from source exports, including
less-common fields like interaction hashes, scope IDs, and custom metadata,
preserving them in the[Supporting data]footer for compliance and audit
trails.
- Mappers now extract all available info from source exports, including
-
Migrate + on-prem API key handling (
memanto/app/routes/auth_deps.py,
memanto/app/clients/moorcheh.py)- Migrate command correctly propagates the API key dependency for on-prem
backend (no double-init of backend client).
- Migrate command correctly propagates the API key dependency for on-prem
Tests
- New
tests/test_cli.pycoverage formigrateandforgetcommands
(dry-run, report generation, single-memory delete flow). - New
tests/test_unit.pycoverage for mappers (all three providers) and
session namespace idempotency. - Integration tests expanded across CrewAI and LangGraph tooling.
Full Changelog
Full Changelog: v0.2.0...v0.2.1
V0.2.0
Release Notes for v0.2.0
This release adds a pluggable on-prem backend (talk to a local Moorcheh server instead of the cloud), a new memanto analyze command suite for comparing Memanto against Mem0 / Letta / Supermemory, an official langgraph-memanto integration package, a separate detect-conflicts job entrypoint, plus large UI upgrades (Connect tab, memory-history timeline, daily summary view, file pagination).
New Features
-
On-prem Moorcheh backend (
memanto/app/clients/{backend,onprem,moorcheh}.py,
memanto/app/config.py,memanto/app/routes/{health,auth_deps}.py,
memanto/cli/commands/{core,config_cmd}.py)- New
MEMANTO_BACKENDsetting (cloud|on-prem) routes every call through
a backend-aware dispatcher that exposes the same
namespaces / documents / similarity_search / answer / files / vectors
shape regardless of target — service code never branches. - First-run wizard now asks
CloudvsOn-Prem; on-prem path installs
moorcheh-client>=0.1.3, prompts for embedding + LLM provider
(ollama/openai/cohere), persists choices to
~/.memanto/on-prem/state.json, writes the full LLM block to
~/.moorcheh/config.jsonbeforemoorcheh up, then pulls Ollama
models into the container. - On-prem data lives under
~/.memanto/on-prem/(sessions, agents, summaries)
so cloud and on-prem never share local state; switching backends clears the
active session. - New
memanto config backend [cloud|on-prem]CLI command for runtime
switching, plusBackend,MOORCHEH_ONPREM_URL(default
http://localhost:8080) andMOORCHEH_ONPREM_TIMEOUT(default300) rows
inmemanto config show. - Health check, startup validation, and the agent delete flow are all
backend-aware.
- New
-
Official LangGraph integration package (
integrations/langgraph/)- New
langgraph-memantoPyPI package:create_memanto_toolsreturns native
LangChain@toolwrappers (memanto_remember,memanto_recall,
memanto_answer);create_recall_node/create_remember_nodeare
pre-built graph nodes;MemantoStoreis a drop-inBaseStore
implementation for the official LangGraph Store API. - Lazy, exception-driven, thread-safe setup so agents are created only on
first tool call; auto-detects type via the parser; usesrecall_recent
when no query is provided.
- New
-
memanto detect-conflicts+ scheduled job split (memanto/cli/commands/memory.py,
memanto/cli/commands/schedule.py,memanto/app/services/daily_analysis_service.py,
memanto/app/routes/memory.py)- Conflict detection split out of
daily-summaryinto its own command,
POST /{agent_id}/conflicts/generateREST endpoint, and
DirectClient.generate_conflict_report()method. - New hidden
memanto schedule _runentrypoint executesdaily-summary+
detect-conflictsback-to-back; OS scheduler now points at it. On-prem
backend short-circuits with a clear error (scheduled job depends on
cloud-only LLM Answer). daily_summary_service.pyrenamed →daily_analysis_service.py.
- Conflict detection split out of
-
UI: Connect tab, memory timeline, daily summary, file pagination
(memanto/app/ui/static/index.html,memanto/app/ui/routes/ui_router.py)- Connect tab installs/removes Memanto skills into any registered agent
(Claude Code, Cursor, etc.) via the underlyinginstall_agent/
remove_agentengine, with aconnections.jsonregistry tracking
project-local vs global installs. - Memory History page with a vertical timeline of every change (created,
updated, conflict resolved) per memory. - Daily summary + Unreviewed conflicts widget surfaced on the
dashboard (Daily Summary tab renders the generated MD and shows days with
pending conflict review). - Answer panel is backend-aware: on-prem shows
provider/model/api-key only (no cloud-only knobs) and writes to
~/.moorcheh/config.jsonwithout polluting the shared cloud yaml. - Memory Explorer + file uploads now use cursor pagination through
documents.fetch_text_data(next_token/has_more) instead of being
capped at 100 items per namespace.
- Connect tab installs/removes Memanto skills into any registered agent
Improvements
-
Backend-aware
recall_*REST endpoints (memanto/app/routes/memory.py)recall_as_of,recall_changed_since,recall_recent, and the
underlyingMemoryReadServicemethods now treatlimit=Noneas
"fetch all" — theCostGuard.validate_k_limitcap is only applied when a
limit is explicitly set.answer.generatecalls route throughget_active_llm_model()so the LLM
identifier comes from cloud settings on cloud, on-premstate.jsonon
on-prem, with the field omitted entirely when on-prem has no LLM
configured (server picks its own default).
-
Stale active-session handling (
memanto/app/services/session_service.py,
memanto/app/models/session.py)get_active_session()now clears the staleactivemarker and returns
Nonewhen the session has expired, instead of returning an expired
Session.- All datetimes flow through a single
utc_now()helper; Pydantic v1
Config.json_encodersblocks removed from session models.
-
Connect engine ↔ registry sync (
memanto/cli/connect/engine.py,
memanto/cli/config/manager.py)install_agent/remove_agentnow sync their results into
~/.memanto/connections.jsonso the UI's Connections page reflects what
the CLI did and vice versa.
-
CrewAI integration (
integrations/crewai/...)- Sessions are validated and refreshed on tool init so long-running CrewAI
runs don't fail on a silently-expired session.
- Sessions are validated and refreshed on tool init so long-running CrewAI
Tests
- New
tests/test_backend.pycovering cloud/on-prem dispatcher behavior and
get_active_llm_modelfallbacks. - New
tests/test_analyze.pycovering the Mem0/Letta/Supermemory export +
compare + report flow end-to-end with mocked provider responses. tests/test_cli.pyandtests/test_unit.pyexpanded to cover the new
detect-conflicts/schedule _runpaths.
Full Changelog
Full Changelog: v0.1.3...v0.2.0
LangGraph v0.1.1
Release Notes for v0.1.1
This release expands the langgraph-memanto integration by moving beyond standalone tools to provide deep, native support for LangGraph's core architectural patterns, including a custom BaseStore implementation and pre-built memory nodes.
New Features
-
Native
BaseStoreImplementation (MemantoStore)
You can now useMemantoStoreas a drop-in replacement for LangGraph's officialBaseStore(alongsideInMemoryStoreorPostgresStore). This automatically backs LangGraph's cross-thread, cross-session memory abstractions (store.put,store.search) with Memanto's persistent semantic engine, completely abstracted away from the LLM. -
Pre-built Memory Graph Nodes (
langgraph_memanto.nodes)
Introducescreate_recall_nodeandcreate_remember_node. These nodes can be directly added to yourStateGraphto automatically retrieve relevant context before an LLM call and seamlessly extract/store new memories from the LLM's response, completely removing the need for explicit tool-calling.
Improvements & Bug Fixes
- New Streamlit Example Application
Addedmemanto_base_storetoexamples/langgraph-memanto/. This builds a robust, cross-session customer-support agent to demonstrate nativeMemantoStore(BaseStore)integration with LangGraph. It comes with a Streamlit UI, built-in contradiction resolution logic, and a detailed architectural README.
Full Changelog
Full Changelog: https://github.com/moorcheh-ai/memanto/commits/integrations/langgraph/v0.1.1
LangGraph v0.1.0
Release Notes for v0.1.0
This initial release introduces langgraph-memanto, a standalone package providing native tools to integrate Memanto's persistent, cross-agent memory capabilities directly into your LangGraph workflows.
New Features
- Persistent Memory Tools (
langgraph_memanto.tools)- Includes three highly optimized LangChain tools (
memanto_remember,memanto_recall, andmemanto_answer) ready to be bound to your LLMs and invoked by LangGraph agents.
- Includes three highly optimized LangChain tools (
- Automatic Agent Initialization
- Tool execution dynamically handles the lifecycle of Memanto agents. The tools automatically create and activate the agent session behind the scenes the first time the LLM attempts to interact with memory, requiring zero setup code from the developer.
- Serverless Architecture
- Wraps the Memanto SDK (
SdkClient), allowing tools to communicate directly with the Moorcheh Cloud API without the need to runmemanto servelocally.
- Wraps the Memanto SDK (
- Cross-Session Persistence
- Agents can store memories in one run and recall them in completely separate future runs or threads using a shared
agent_id.
- Agents can store memories in one run and recall them in completely separate future runs or threads using a shared
- Semantic Type System
- The tools guide the LLM to categorize stored memories using 13 distinct semantic types (e.g.,
fact,observation,decision,preference), and the LLM determines and assigns confidence scores and custom tags.
- The tools guide the LLM to categorize stored memories using 13 distinct semantic types (e.g.,
Improvements
- Documentation & Examples
- Updated LangGraph integration documentation.
- Revamped
examples/langgraph-memanto/demonstrating basic tool usage, cross-session persistence, a custom state checkpointer, and a full multi-agent research pipeline.
Full Changelog
Full Changelog: https://github.com/moorcheh-ai/memanto/commits/integrations/langgraph/v0.1.0