XMemo MCP Server

XMemo CLI

@xmemo/client is the privacy-first command line entry point for XMemo client setup. It is intentionally small: the npm package contains only the CLI and setup helper code needed on a user's machine.

@yonro/xmemo-client is reserved as a Yonro fallback package. The CLI exposes xmemo as the primary command and keeps memory-os as a compatibility alias.

The XMemo server, database, token registry, deployment files, logs, and internal scripts are not part of this npm package.

Install

npm install -g @xmemo/client

Upgrade an existing global install:

xmemo update

This runs npm install -g @xmemo/client@latest. Use xmemo update --dry-run to print the exact command without changing anything.

Commands

xmemo update
xmemo setup codex
xmemo setup codex --dry-run
xmemo setup cursor
xmemo setup cursor --dry-run
xmemo setup copilot
xmemo setup copilot --dry-run
xmemo setup gemini
xmemo setup gemini --dry-run
xmemo setup antigravity
xmemo setup antigravity --dry-run
xmemo setup kiro
xmemo setup kiro --dry-run
xmemo mcp add antigravity2
xmemo mcp add antigravity2 --write
xmemo doctor
xmemo discovery show
xmemo setup
xmemo login
xmemo auth status
xmemo status
xmemo token status
xmemo token add --from-stdin
xmemo env example --shell bash
xmemo mcp list
xmemo mcp config --client generic
xmemo mcp config --client antigravity
xmemo mcp add antigravity --write
xmemo profile status codex
xmemo profile install gemini
xmemo profile install antigravity
xmemo smoke --client codex
xmemo privacy

Enterprise privacy and security defaults

• No telemetry or analytics.
• xmemo doctor, xmemo discovery show, and xmemo status do not send tokens.
• MCP config generated by the CLI references XMEMO_KEY or uses the client's MCP OAuth flow; it does not write token values into project files.
• The CLI generates one stable non-secret XMEMO_AGENT_INSTANCE_ID per device and stores it in user-scoped config outside git. All agents on the same device share this instance ID.
• xmemo setup <client> can install a marker-scoped XMemo memory behavior profile for the selected agent. The profile contains instructions only; it never embeds token values.
• xmemo login stores the issued credential in the user-scoped XMemo CLI config directory, shows the approved account when the server provides it, and does not require extra token configuration afterward.
• xmemo token add remains available for existing tokens and still avoids project files, shell history, and printed token values.
• Legacy xmemo token set refuses plaintext credential storage unless --allow-plaintext is explicitly provided.
• The npm package uses a files whitelist so only bin, src, README.md, and LICENSE are published.

Token flow

Recommended personal-user flow:

xmemo login
xmemo auth status
xmemo token status --verify

xmemo login uses the hosted device-login flow when the service advertises it: the CLI shows a browser URL and one-time code, the user authorizes in XMemo, and the CLI stores the issued MCP token in the user-scoped credential file. When the service returns approved account metadata, the CLI prints the account label so users can confirm which XMemo account was connected. No manual token setup is needed after a successful xmemo login; xmemo token status --verify is only an optional connectivity check. The CLI waits for the full browser authorization window by default; use --timeout-ms only to shorten or extend that approval window, and --http-timeout-ms only for individual service requests.

Users who already have a token can configure it directly without shell profiles:

printf '%s\n' 'your-token' | xmemo token add --from-stdin
xmemo token status --verify

This is the preferred fallback while a hosted service is rolling out device login. It still avoids project files, MCP config files, logs, and chat transcripts.

Tokens should be created by the XMemo website or enterprise console, then stored with xmemo login, xmemo token add, a user environment variable, or an enterprise secret manager:

export XMEMO_KEY="your-token"

PowerShell:

[Environment]::SetEnvironmentVariable("XMEMO_KEY", "your-token", "User")

Do not commit tokens to source control, MCP config files, .env files, logs, or chat transcripts.

Hosted discovery setup

Hosted setup uses the XMemo public discovery contracts. The CLI reads secret-free discovery and onboarding status documents, then tells the user where the API, MCP endpoint, docs, and any server-advertised onboarding links are.

xmemo doctor
xmemo discovery show
xmemo setup

Discovery requests do not send XMEMO_KEY or any Authorization header. Token creation still happens in the website or enterprise console; the public service discovery document does not return token values.

The hosted default service/base URL is https://xmemo.dev, so normal users do not need to type a service address. The MCP endpoint is discovered from that base URL and written as https://xmemo.dev/mcp; https://mcp.xmemo.dev is not the current canonical setup URL. Use --url <service-url> or XMEMO_URL only for private, enterprise, or self-hosted deployments. MEMORY_OS_URL remains accepted as a compatibility alias.

Generate and write a client config from discovery:

xmemo setup codex
xmemo setup codex --url "https://your-private-service.example"
xmemo setup cursor
xmemo setup copilot
xmemo setup gemini
xmemo setup antigravity

xmemo setup <client> is the unified setup entry point. For write-capable clients, it applies the user-scoped config directly; use --dry-run to preview without writing. Codex/Cursor configs reference XMEMO_KEY; OAuth-native clients such as Gemini CLI and Antigravity use the client's MCP OAuth flow instead. No generated config embeds a token value. Write-capable client configs also include stable non-secret agent identity headers where the client format supports them. --yes remains accepted for Codex and Cursor as a compatibility no-op.

After writing MCP config, xmemo setup <client> prompts:

Write XMemo memory behavior profile to <path>? [Y/n]

The default is Y, so pressing Enter writes a marker-scoped profile that nudges the agent to recall/search XMemo at the start of non-trivial work and remember high-signal decisions after meaningful changes. Use n or --no-profile to configure MCP only. Use --dry-run to preview without writing config or profile files, and --profile-target <path> to choose a different behavior profile target.

Default behavior profile targets:

codex       ./AGENTS.md
cursor      ~/.cursor/memory-profile.md
gemini      ~/.gemini/GEMINI.md
antigravity ~/.gemini/antigravity/MEMORY.md

Antigravity 2.0 currently uses the lower-level MCP writer because its stable user config path is separate from the original Antigravity profile. Preview the generated OAuth-first config with:

xmemo mcp add antigravity2 --url https://xmemo.dev

Write it to the default Antigravity 2.0 config path with:

xmemo mcp add antigravity2 --url https://xmemo.dev --write

The generated config uses https://xmemo.dev/mcp, contains no bearer token, and expects Antigravity 2.0 to complete MCP OAuth in the browser on first use. XMEMO_AGENT_INSTANCE_ID is a device-level identifier shared by all agents on the same machine, generated and stored when --write is used.

MCP setup

List supported client generators:

xmemo mcp list

Current write-capable clients:

codex       ~/.codex/config.toml
cursor      ~/.cursor/mcp.json
copilot     ~/.copilot/mcp-config.json
gemini      ~/.gemini/settings.json
antigravity ~/.gemini/antigravity/mcp_config.json
antigravity2 ~/.antigravity2/mcp.json
kiro        ~/.kiro/settings/mcp.json

For clients without a verified user-scoped write path, generate a read-only template and apply it manually after review:

xmemo mcp config --client generic --base-url "https://your-private-service.example" --json

Codex, Cursor, Copilot CLI, Gemini CLI, Antigravity, and Kiro have write-capable setup helpers. Antigravity 2.0 is write-capable through xmemo mcp add antigravity2 --write. Other client writes should only be added after their official user-scoped config format is verified.

Copilot CLI

Copilot CLI has /mcp management and reads user MCP configuration from ~/.copilot/mcp-config.json (or $COPILOT_HOME/mcp-config.json). XMemo writes a local proxy server entry there:

xmemo login
xmemo setup copilot
xmemo mcp proxy

xmemo setup copilot writes XMemo to Copilot CLI's user MCP config and does not include token or identity headers. Use xmemo setup copilot --dry-run to preview without writing. xmemo mcp proxy reads the token saved by xmemo login or xmemo token add --from-stdin, adds the XMemo bearer token and local agent identity, then forwards requests to https://xmemo.dev/mcp. If Copilot CLI is already open, reload MCP config or restart Copilot CLI after setup. If you specifically want the older environment-variable template, run:

xmemo mcp config --client copilot-cli --remote-env

Codex

Recommended Codex setup:

xmemo setup codex
xmemo smoke --client codex

setup codex writes the MCP config to user-scoped Codex config and, by default, installs the XMemo Codex behavior profile into the current project's AGENTS.md between these markers. Use xmemo setup codex --dry-run to preview without writing or xmemo setup codex --no-profile to skip the behavior profile.

<!-- memory-os:codex-profile:start -->
<!-- memory-os:codex-profile:end -->

Repeat installs update only that marker block. Remove it with:

xmemo profile uninstall codex

Advanced: generate a Codex MCP config snippet without touching files:

xmemo mcp add codex --url "$XMEMO_URL"

Write it to the default Codex config path:

xmemo mcp add codex --url "$XMEMO_URL" --write

The generated config references XMEMO_KEY, includes the non-secret X-Memory-OS-Agent-ID / X-Memory-OS-Agent-Instance-ID attribution headers, and does not include the token value.

Codex MCP-depth checks:

xmemo mcp profile codex
xmemo profile install codex --dry-run
xmemo profile install codex
xmemo profile status codex
xmemo smoke --client codex

xmemo mcp profile codex prints the recommended memory behavior profile: recall/search at the start of non-trivial tasks, write back high-signal decisions and fixes, and never store secrets. xmemo smoke --client codex checks the local Codex TOML config for the XMemo MCP server, bearer_token_env_var = "XMEMO_KEY", token presence in the environment, and absence of embedded token values.

Cursor

Cursor marketplace plugin assets live in .cursor-plugin/marketplace.json and plugins/xmemo/. The marketplace plugin is OAuth-first and its mcp.json stores only https://xmemo.dev/mcp; it must not contain Authorization, Bearer, or XMEMO_KEY.

Recommended Cursor setup:

xmemo setup cursor

setup cursor merges the Cursor MCP config into the default Cursor user config path. Use xmemo setup cursor --dry-run to preview without writing. The lower-level equivalent remains:

xmemo mcp add cursor --url "$XMEMO_URL" --write

The CLI refuses to overwrite an existing XMemo, memory_os, or memory-os MCP server entry. Edit the config manually if you need to rotate the endpoint. Cursor configs include X-Memory-OS-Agent-ID and X-Memory-OS-Agent-Instance-ID; the instance ID is non-secret and stored under the user's XMemo CLI config directory. By default, the setup prompt also installs a Cursor behavior profile at ~/.cursor/memory-profile.md; answer n or pass --no-profile to skip it. Use this direct-key setup only for local/manual installs where Cursor OAuth is unavailable; public plugin submission should use the OAuth-first plugin config.

Gemini CLI

Recommended Gemini CLI setup:

xmemo setup gemini

setup gemini merges an XMemo MCP server into Gemini CLI's user settings at ~/.gemini/settings.json. It writes a remote HTTP server using Gemini's httpUrl key plus X-Memory-OS-Agent-ID and X-Memory-OS-Agent-Instance-ID headers. Use xmemo setup gemini --dry-run to preview without writing.

Unlike Codex/Cursor, the Gemini config carries no token: authentication uses Gemini CLI's built-in MCP OAuth flow (a one-time browser login on first use). This is deliberate — Gemini redacts environment variables matching *KEY*/*TOKEN*/*AUTH* during header expansion, so an ${XMEMO_KEY} reference would not survive. OAuth avoids storing any secret in the config and still grants the full XMemo tool profile. After setup, restart Gemini CLI and run /mcp (or the first XMemo tool call) to complete the OAuth login. By default, the setup prompt also installs a Gemini behavior profile at ~/.gemini/GEMINI.md; answer n or pass --no-profile to skip it.

The CLI refuses to overwrite an existing XMemo, memory_os, or memory-os MCP server entry. Edit the config manually if you need to rotate the endpoint.

Antigravity

Recommended Antigravity setup:

xmemo setup antigravity

setup antigravity merges an XMemo MCP server into Antigravity's user MCP config at ~/.gemini/antigravity/mcp_config.json. It writes Antigravity's serverUrl shape plus X-Memory-OS-Agent-ID and X-Memory-OS-Agent-Instance-ID headers. Like Gemini CLI, the config carries no token: restart Antigravity and complete the MCP OAuth flow on first use. By default, the setup prompt also installs an Antigravity behavior profile at ~/.gemini/antigravity/MEMORY.md; answer n or pass --no-profile to skip it.

The lower-level equivalent is:

xmemo mcp add antigravity --write

Use xmemo setup antigravity for normal installs because it performs discovery and chooses the recommended Antigravity path automatically. Use xmemo mcp add antigravity --write when you want the generic MCP writer directly, for example with --url or --config in advanced/multi-client setup. The CLI refuses to overwrite an existing XMemo, memory_os, or memory-os MCP server entry. Edit the config manually if you need to rotate the endpoint.

Kiro

Recommended Kiro setup:

xmemo setup kiro

setup kiro merges an XMemo MCP server into Kiro's user MCP config at ~/.kiro/settings/mcp.json. It writes a remote HTTP server using Kiro's standard url key plus X-Memory-OS-Agent-ID and X-Memory-OS-Agent-Instance-ID headers. Use xmemo setup kiro --dry-run to preview without writing.

The Kiro config includes Authorization: Bearer ${env:XMEMO_KEY} so authentication uses the environment variable approach. Set your XMemo token with:

xmemo login
# or
printf '%s\n' 'your-token' | xmemo token add --from-stdin

After setup, restart Kiro or reload MCP servers for the changes to take effect. The CLI refuses to overwrite an existing XMemo, memory_os, or memory-os MCP server entry. Edit the config manually if you need to rotate the endpoint.

Antigravity 2.0

Recommended Antigravity 2.0 setup:

xmemo mcp add antigravity2 --write

Use a dry preview first if you want to inspect the exact JSON before writing:

xmemo mcp add antigravity2

Antigravity 2.0 uses a separate config path from the original Antigravity profile. The default write target is ~/.antigravity2/mcp.json; on Windows the server-side config contract also documents %APPDATA%\\Antigravity 2.0\\mcp.json as the Antigravity 2.0 user config location. Pass --config <path> when you want to write to a specific file.

The generated XMemo entry uses hosted HTTP MCP:

{
  "mcpServers": {
    "XMemo": {
      "type": "http",
      "url": "https://xmemo.dev/mcp"
    }
  }
}

No token value is written. Restart Antigravity 2.0 after setup and complete the MCP OAuth browser flow on first use. If you use --write, the CLI also prepares a device-level XMEMO_AGENT_INSTANCE_ID shared by all agents on the same machine so XMemo can attribute activity consistently without embedding secrets.

Release model

This repository is the source for the @xmemo/client npm package. Releases should be published from GitHub Actions on tags or GitHub Releases, not from a developer workstation.

Recommended flow:

develop -> test -> tag/release -> GitHub Actions -> npm publish --provenance

Package boundary

Included in npm:

bin/
src/
README.md
LICENSE

Excluded from npm:

.github/
test/
coverage/
server code
database migrations
deployment files
logs
local state
secrets