0ed5e1e016
Extracted from private infra repo into standalone open-source project. Three operating modes: - Local: SQLite + FTS5 (zero dependencies) - Server: PostgreSQL via HTTP API with multi-user auth - Full: PostgreSQL + HashiCorp Vault for secret management Features: - MCP stdio server with 5 tools (store/recall/list/delete/secret_get) - FastAPI HTTP API with multi-user Bearer token auth (API_KEYS JSON map) - Regex-based credential detection with auto-redaction - AES-256-GCM encryption fallback for non-Vault deployments - Vault KV v2 client (stdlib urllib, K8s SA auto-auth) - Per-user data isolation (all queries scoped by user_id) - Secret migration endpoint for existing plain-text credentials - Backward-compatible env var aliases (CLAUDE_MEMORY_API_URL) Infrastructure: - Docker + docker-compose (API + PostgreSQL + optional Vault) - Woodpecker CI (test → build → push → kubectl deploy) - GitHub Actions CI (Python 3.11/3.12/3.13) + Release (GHCR + PyPI) - Helm chart + raw Kubernetes manifests 96 tests passing across 6 test files.
43 lines
969 B
YAML
43 lines
969 B
YAML
when:
|
|
- event: push
|
|
branch: main
|
|
|
|
clone:
|
|
git:
|
|
image: woodpeckerci/plugin-git
|
|
settings:
|
|
attempts: 5
|
|
backoff: 10s
|
|
|
|
steps:
|
|
- name: test
|
|
image: python:3.12-slim
|
|
commands:
|
|
- pip install -e ".[api,dev]"
|
|
- ruff check src/ tests/
|
|
- pytest tests/ -v --tb=short
|
|
|
|
- name: build-and-push
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
depends_on:
|
|
- test
|
|
settings:
|
|
username: viktorbarzin
|
|
password:
|
|
from_secret: dockerhub-token
|
|
repo: viktorbarzin/claude-memory-mcp
|
|
dockerfile: docker/Dockerfile
|
|
context: .
|
|
platforms:
|
|
- linux/amd64
|
|
tags:
|
|
- "${CI_PIPELINE_NUMBER}"
|
|
- latest
|
|
|
|
- name: deploy
|
|
image: bitnami/kubectl:latest
|
|
depends_on:
|
|
- build-and-push
|
|
commands:
|
|
- kubectl rollout restart deployment/claude-memory -n claude-memory
|
|
- kubectl rollout status deployment/claude-memory -n claude-memory --timeout=120s
|