mem9-guard-mcp
Provides access to mem9 persistent memory for AI agents, with read and write operations guarded by OWASP agent-memory-guard policies to prevent prompt injection, secret leakage, and memory poisoning.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mem9-guard-mcpremember that my favorite color is blue"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mem9-guard-mcp
An MCP server that exposes mem9 (the TiDB team's persistent memory backend for AI agents) behind OWASP agent-memory-guard.
Agents never touch the raw mem9 API — every read and write goes through the guard:
MCP client (agent)
│ memory_read / memory_write / ...
▼
mem9-guard-mcp (this server)
│ MemoryGuard + Policy.strict() ← inspect, then block / quarantine / redact
▼
Mem9Store adapter (MemoryStore Protocol)
│ REST (X-API-Key)
▼
mem9 (api.mem9.ai or self-hosted)This protects agent memory against prompt injection, secret leakage, and memory poisoning: malicious or sensitive content is blocked, quarantined, or redacted according to policy before it ever reaches — or returns from — the store.
Tools
Tool | Description |
| Guarded write. Result is |
| Read with integrity verification and outbound screening |
| Delete a key (protected keys are blocked) |
| List stored keys |
| Recent security events emitted by the guard (for auditing) |
| Writes currently held in quarantine |
rollback / snapshot restore is intentionally not exposed. Recovery is an
operator action; giving it to agents would let them discard legitimate writes
or cover up poisoned data.
Related MCP server: GroundMemory
Configuration (environment variables)
Variable | Description |
| mem9 API key. Falls back to a local JSON store when unset |
| Defaults to |
|
|
| Path to a policy YAML. Defaults to |
| Path of the fallback JSON store (default |
Installing into Claude Code
Straight from GitHub (no clone needed — uvx fetches and builds on first run):
claude mcp add mem9-guard \
--env MEM9_API_KEY=<your-key> \
-- uvx --from git+https://github.com/Riku-KANO/mem9-guard-mcp mem9-guard-mcpOr from a local clone (recommended while developing):
claude mcp add mem9-guard \
--env MEM9_API_KEY=<your-key> \
-- uv run --project <path-to-this-repo> mem9-guard-mcpNotes:
MEM9_API_KEYis optional — omit the--envline to use the local JSON store fallback.The server is registered for the current project by default; add
--scope userto make it available in every project.For self-hosted mem9, add
--env MEM9_API_URL=<url>.Verify with
claude mcp list, or run/mcpin a new session to see thememory_write/memory_read/ ... tools.
Other MCP clients
Any MCP client that supports stdio servers works, e.g.:
{
"mcpServers": {
"mem9-guard": {
"command": "uvx",
"args": ["--from", "git+https://github.com/Riku-KANO/mem9-guard-mcp", "mem9-guard-mcp"],
"env": { "MEM9_API_KEY": "<your-key>" }
}
}
}Development
uv sync
uv run pytest
# End-to-end smoke test over stdio (no LLM involved)
uv run python scripts/smoke_stdio.pyNotes
The mem9 v1alpha2 JSON field names (content / metadata / id) are not yet
covered by a published official schema, so they are centralized as assumptions
in src/mem9_guard_mcp/client.py. If the real API differs, that is the only
file that needs to change.
License
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Riku-KANO/mem9-guard-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server