{"id":"zircote-subcog","name":"subcog","homepage":null,"repo_url":"https://github.com/zircote/subcog","category":"ai-ml","subcategories":[],"tags":["ai-assistant","memory-system","mcp","rust","hybrid-search","vector-search","sqlite","fts5","knowledge-graph","claude-code","developer-tools"],"what_it_does":"Subcog is a persistent memory system for AI coding assistants. It captures decisions/learned context during coding sessions, stores them in SQLite (default) plus indexing (FTS5) and vector search (usearch HNSW), supports hybrid retrieval (BM25 + vector with RRF fusion), provides a knowledge-graph layer, and exposes an MCP server for agent interoperability. It also offers optional HTTP serving with JWT auth and Claude Code hook integration.","use_cases":["Give AI coding assistants long-lived memory of decisions and learnings across sessions","Hybrid semantic+keyword retrieval of relevant past context for code changes","Knowledge-graph queries over entities/relationships extracted from memories","IDE/agent workflow integration via MCP tools and Claude Code hooks","Compliance workflows like exporting stored memories (e.g., GDPR export)"],"not_for":["Use as a full hosted SaaS memory service without running local infra (it is primarily a local/single-binary system)","Scenarios requiring a public multi-tenant API without careful deployment/security hardening","Use cases needing standardized REST/GraphQL SDKs (integration is mainly CLI/MCP)"],"best_when":"You want local persistent memory for an AI coding workflow with hybrid search and agent/IDE integration via MCP/Claude hooks.","avoid_when":"You need a purely HTTP JSON REST API with OpenAPI/SDKs or you cannot manage local persistence/security configurations for stored sensitive data.","alternatives":["Open-source vector DB + RAG stack you assemble (Postgres pgvector + FTS)","Other agent memory systems with MCP support (if available in your ecosystem)","General-purpose knowledge graph + retrieval pipelines (e.g., Neo4j + embedding/search)"],"af_score":63.0,"security_score":57.5,"reliability_score":37.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:34:35.200539+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"stdio (spawned via `subcog serve`/`subcog` MCP tool transport); optional HTTP mode exists but not described as MCP-over-HTTP","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Local stdio/MCP transport (implicit same-user execution)","Optional HTTP transport with JWT token authentication"],"oauth":false,"scopes":false,"notes":"HTTP mode supports `--jwt-secret` with configurable expiry and CORS configuration; scope/granular authorization is not described. MCP/stdio transport uses implicit same-user execution (no credentials required)."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted/open-source (MIT). Operational costs depend on local hardware and optional external LLM providers used for embedding/LLM-powered features."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":["Mentions GDPR export and audit logging; does not specify formal certifications in provided text."],"min_contract":null},"agent_readiness":{"af_score":63.0,"security_score":57.5,"reliability_score":37.5,"mcp_server_quality":85.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":20.0,"tls_enforcement":55.0,"auth_strength":70.0,"scope_granularity":30.0,"dependency_hygiene":60.0,"secret_handling":70.0,"security_notes":"Security model depends on transport: default stdio/MCP has no network exposure and uses implicit same-user execution; optional HTTP transport requires JWT and relies on reverse proxy for HTTPS. README claims encryption at rest (default true), secrets detection/redaction, PII filtering, and audit logging. Scope/granular authorization is not described, and TLS is not natively enforced in the HTTP mode per README (suggested via reverse proxy).","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":50.0,"error_recovery":50.0,"idempotency_support":"false","idempotency_notes":"Not specified in provided README; tool semantics like capture/delete could be non-idempotent unless explicitly designed otherwise.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["MCP tools are exposed as consolidated tool names; agents should treat tool-name-like strings as tool invocations (not shell commands) unless explicitly instructed otherwise.","When using optional HTTP transport, you must manage JWT secret/expiry and (ideally) run behind HTTPS via reverse proxy; misconfiguration could expose the service.","HTTP transport notes that TLS should be handled via reverse proxy; using it without proper HTTPS would weaken security.","Embeddings/LLM-powered features may require external providers/config; agents should expect additional provider configuration beyond pure local storage."]}}