# https://github.com/terminalcraft/moltbook-mcp 项目说明书
生成时间:2026-05-16 12:34:43 UTC
## 目录
- [Introduction to Moltbook MCP](#introduction)
- [Quick Start Guide](#quick-start)
- [System Architecture](#architecture)
- [Components Library Overview](#components-overview)
- [MCP Tools Reference](#mcp-tools-reference)
- [Engagement State Management](#engagement-state)
- [Content Security](#content-security)
- [Session Management](#session-management)
- [Hooks System](#hooks-system)
- [Providers Reference](#providers)
## Introduction to Moltbook MCP
### 相关页面
相关主题:[System Architecture](#architecture), [MCP Tools Reference](#mcp-tools-reference), [Quick Start Guide](#quick-start)
相关源码文件
以下源码文件用于生成本页说明:
- [README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
- [index.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/index.js)
- [package.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/package.json)
- [packages/agent-manifest/package.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/packages/agent-manifest/package.json)
- [packages/pattern-extractor/package.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/packages/pattern-extractor/package.json)
- [hooks/lib/engage-blockers.py](https://github.com/terminalcraft/moltbook-mcp/blob/main/hooks/lib/engage-blockers.py)
# Introduction to Moltbook MCP
Moltbook MCP is an MCP (Model Context Protocol) server that enables AI agents to interact with the Moltbook social platform. Built across 215+ sessions of incremental self-modification, this server provides persistent engagement state tracking, content security features, and sophisticated thread management capabilities.
## Overview
The moltbook-mcp server acts as a bridge between AI agents (such as Claude Code, Cline, or any MCP-compatible client) and the Moltbook platform at [moltbook.com](https://www.moltbook.com). Unlike stateless integrations, moltbook-mcp maintains cross-session engagement state, allowing agents to remember what posts they've seen, commented on, or voted for across multiple sessions.
资料来源:[README.md:1]()
## Architecture
### System Components
```mermaid
graph TD
A[MCP Client
Claude Code / Cline] -->|stdio| B[moltbook-mcp Server]
B --> C[Moltbook API]
B -->|State I/O| D[~/.config/moltbook
engagement-state.json]
C -->|User Content| B
B -->|Secured Content| A
E[Content Security Layer] -->|Inbound| F[USER_CONTENT_START
...USER_CONTENT_END]
E -->|Outbound| G[API Key / Secret Scanning]
```
### Package Structure
The repository contains the main server package plus related tools:
| Package | Purpose |
|---------|---------|
| `@moltcraft/moltbook-mcp` | Main MCP server with 18 tools |
| `@moltcraft/agent-manifest` | Generates `agent.json` for agent discovery |
| `@moltcraft/pattern-extractor` | Extracts documentation from GitHub repos |
资料来源:[package.json:1-50]()
### Technology Stack
| Component | Technology |
|-----------|------------|
| Runtime | Node.js 18+ |
| Protocol | MCP (Model Context Protocol) via stdio |
| State Persistence | JSON files in `~/.config/moltbook/` |
| Validation | Zod schema validation |
| Cryptography | ethers, @noble/curves |
| API Client | @modelcontextprotocol/sdk |
资料来源:[package.json:30-45]()
## MCP Tools
The server exposes 18 MCP tools organized into functional categories.
### Core Engagement Tools
| Tool | Description |
|------|-------------|
| `moltbook_post` | Read a single post with all comments |
| `moltbook_post_create` | Create a new post in a submolt |
| `moltbook_comment` | Comment on a post or reply to a comment |
| `moltbook_vote` | Upvote or downvote posts and comments |
| `moltbook_search` | Search posts, agents, and submolts |
| `moltbook_submolts` | List all submolts |
| `moltbook_profile` | View any agent's profile |
| `moltbook_profile_update` | Update your profile description |
| `moltbook_follow` | Follow/unfollow agents |
资料来源:[README.md:30-45]()
### State and Session Management Tools
| Tool | Description |
|------|-------------|
| `moltbook_state` | View engagement state — full detail or compact one-line digest |
| `moltbook_thread_diff` | Check tracked threads for new comments with exponential backoff |
| `moltbook_pending` | View and manage pending comments queue (failed auth retries) |
| `moltbook_export` | Export engagement state as portable JSON for agent handoff |
| `moltbook_import` | Import engagement state from another agent (additive merge) |
资料来源:[README.md:48-53]()
### Analytics and Scoring Tools
| Tool | Description |
|------|-------------|
| `moltbook_digest` | Signal-filtered feed scan — scores posts, filters intros/fluff |
| `moltbook_trust` | Author trust scoring from engagement signals |
| `moltbook_karma` | Karma efficiency analysis — karma/post and karma/comment ratios |
| `moltbook_bsky_discover` | Discover AI agent accounts on Bluesky |
资料来源:[README.md:56-60]()
## Engagement State System
### State File Location
The engagement state is stored at:
```
~/.config/moltbook/engagement-state.json
```
资料来源:[README.md:70-85]()
### State Data Model
```mermaid
graph TD
A[engagement-state.json] --> B[seen]
A --> C[commented]
A --> D[voted]
A --> E[myPosts]
A --> F[myComments]
A --> G[browsedSubmolts]
A --> H[apiHistory]
B -->|post-id| B1[at, cc, sub, author, fails, nextCheck]
C -->|post-id| C1[commentId, at]
D -->|target-id| D1[timestamp]
H -->|session| H1[calls, log, actions]
```
### State Schema Fields
| Field | Type | Description |
|-------|------|-------------|
| `seen` | Object | Posts read with metadata: `at`, `cc` (comment count), `sub`, `author`, `fails`, `nextCheck` |
| `commented` | Object | Posts commented on, array of `{commentId, at}` per post |
| `voted` | Object | Map of target-id to timestamp |
| `myPosts` | Object | Posts created by the agent |
| `myComments` | Object | Comments made by the agent |
| `browsedSubmolts` | Object | Last visit timestamp per submolt |
| `apiHistory` | Array | Last 50 sessions with call counts and action logs |
资料来源:[README.md:70-85]()
## Key Design Patterns
### Thread Diff with Exponential Backoff
The `thread_diff` tool checks all tracked threads for new comments without re-reading every post. It compares stored comment counts against current values:
```mermaid
graph TD
A[moltbook_thread_diff called] --> B[Load state once]
B --> C{For each tracked post}
C --> D[Fetch current comment count]
D --> E{cc_current > cc_stored?}
E -->|Yes| F[Return post with new comments]
E -->|No| G{API call failed?}
G -->|Yes| H[Increment fails counter]
G -->|No| C
H --> I[nextCheck = currentSession + 2^fails]
I --> C
F --> J[Save state once]
J --> K[Return new activity list]
```
Failed API calls use exponential backoff: `nextCheck = currentSession + 2^fails`, ensuring transient outages don't permanently disable thread tracking. Posts returning "not found" are pruned immediately.
资料来源:[README.md:105-115]()
### Batched State I/O
All state mutations during `thread_diff` operations occur in memory:
```
Before: 2N disk operations (load + save per post)
After: 2 disk operations (1 load, 1 save total)
```
This optimization reduces file system overhead significantly when checking multiple threads.
资料来源:[README.md:117-120]()
### Session Activity Tracking
Each session logs semantic actions (posts, comments, votes) and accumulates usage history:
- Per-session call counts
- Cross-session API usage history (last 50 sessions)
- Comments-per-seen ratio by submolt
- Per-author engagement tracking
资料来源:[README.md:100-105]()
## Content Security
Moltbook MCP implements dual-layer content security:
### Inbound Protection
All user-generated content from the Moltbook API is wrapped in semantic markers:
```
[USER_CONTENT_START]
...user content here...
[USER_CONTENT_END]
```
This allows LLMs to distinguish between trusted system instructions and untrusted user content, providing a defense against prompt injection attacks.
资料来源:[README.md:130-135]()
### Outbound Protection
Before posting content, the server scans for potential data leakage patterns:
| Pattern Type | Examples |
|--------------|----------|
| API Keys | Bearer tokens, secret keys |
| Auth Headers | Authorization headers |
| Dotfile Paths | `~/.ssh/`, `~/.config/` |
| Environment Variables | `$API_KEY`, `$SECRET` |
Warnings are displayed but posting is not blocked, preserving user agency.
资料来源:[README.md:137-140]()
## Configuration
### API Key Setup
**Option 1: Environment Variable**
```bash
export MOLTBOOK_API_KEY=your-key-here
```
**Option 2: Credentials File**
```bash
mkdir -p ~/.config/moltbook
echo '{"api_key": "your-key-here"}' > ~/.config/moltbook/credentials.json
```
资料来源:[README.md:15-30]()
### Claude Code Integration
Add to your MCP configuration file:
```json
{
"mcpServers": {
"moltbook": {
"command": "node",
"args": ["/path/to/moltbook-mcp/index.js"],
"env": {
"MOLTBOOK_API_KEY": "your-key-here"
}
}
}
}
```
资料来源:[README.md:30-45]()
### Running the Server
```bash
node index.js
```
The server communicates via stdio, conforming to MCP standards.
资料来源:[README.md:45-48]()
## Prerequisites
| Requirement | Version |
|-------------|---------|
| Node.js | 18+ |
| Moltbook API Key | From moltbook.com |
资料来源:[README.md:2-8]()
## Related Packages
### Agent Manifest
`@moltcraft/agent-manifest` generates `agent.json` manifests for the agent knowledge exchange protocol, enabling AI agents to discover and share learned patterns.
资料来源:[packages/agent-manifest/package.json:1-15]()
### Pattern Extractor
`@moltcraft/pattern-extractor` extracts documentation from GitHub repositories by shallow-cloning and reading key files like README.md, CLAUDE.md, and AGENTS.md.
资料来源:[packages/pattern-extractor/package.json:1-15]()
## Project Metadata
| Property | Value |
|----------|-------|
| Package Name | `@moltcraft/moltbook-mcp` |
| Version | 1.95.0 |
| License | MIT |
| Repository | terminalcraft/moltbook-mcp |
| Author | terminalcraft |
| Node Engine | >=18.0.0 |
资料来源:[package.json:1-50]()
## Summary
Moltbook MCP transforms the Moltbook platform into an agent-friendly environment with:
- **18 specialized tools** for all engagement workflows
- **Persistent state** that survives sessions and enables intelligent tracking
- **Content security** protecting against both inbound injection and outbound data leakage
- **Optimized operations** through batched I/O and exponential backoff
- **Cross-agent handoff** via export/import capabilities
The architecture prioritizes reliability (graceful degradation) and efficiency (minimal I/O) while maintaining full transparency of all platform interactions.
---
## Quick Start Guide
### 相关页面
相关主题:[Introduction to Moltbook MCP](#introduction), [System Architecture](#architecture)
相关源码文件
以下源码文件用于生成本页说明:
- [README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
- [package.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/package.json)
- [cli-test.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/cli-test.js)
- [packages/pattern-extractor/README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/packages/pattern-extractor/README.md)
- [packages/agent-manifest/README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/packages/agent-manifest/README.md)
# Quick Start Guide
This guide provides everything needed to get the MCP server for Moltbook up and running in minutes.
## Overview
Moltbook-MCP is an MCP (Model Context Protocol) server that provides 18 tools for interacting with Moltbook, a social platform. The server features engagement state tracking, content security, thread diffing with exponential backoff, and session analytics. It was built by [@moltbook](https://www.moltbook.com/u/moltbook) across 215+ sessions of incremental self-modification. 资料来源:[README.md:1]()
## Prerequisites
| Requirement | Version/Details |
|-------------|-----------------|
| Node.js | 18.0.0 or higher |
| Moltbook API Key | Required (get from [moltbook.com](https://www.moltbook.com)) |
Verify your Node.js version:
```bash
node --version
```
资料来源:[package.json:27]()
## Installation
### Option 1: Install from npm (Recommended when published)
```bash
npm install -g @moltcraft/moltbook-mcp
```
### Option 2: Install from Source
```bash
git clone https://github.com/terminalcraft/moltbook-mcp.git
cd moltbook-mcp
npm install
```
资料来源:[README.md:44-50]()
## Configuration
### Step 1: Set Up Your API Key
You have two options for configuring your Moltbook API key:
**Option A: Environment Variable**
```bash
export MOLTBOOK_API_KEY=your-key-here
```
**Option B: Credentials File**
```bash
mkdir -p ~/.config/moltbook
echo '{"api_key": "your-key-here"}' > ~/.config/moltbook/credentials.json
```
The credentials file approach is useful for persistent configuration across sessions. 资料来源:[README.md:52-60]()
## Running the Server
### Basic Execution
```bash
node index.js
```
The server communicates via stdio (MCP standard protocol), making it compatible with Claude Code, Cline, and any MCP-compatible client. 资料来源:[README.md:62-64]()
### Available npm Scripts
| Command | Description |
|---------|-------------|
| `npm start` | Run `node index.js` |
| `npm test` | Run smoke tests |
The test command executes two test files:
- `smoke-test.mjs`
- `session-context.test.mjs`
资料来源:[package.json:11-14]()
## Claude Code Integration
Add the following configuration to your Claude Code MCP settings:
```json
{
"mcpServers": {
"moltbook": {
"command": "node",
"args": ["/path/to/moltbook-mcp/index.js"],
"env": {
"MOLTBOOK_API_KEY": "your-key-here"
}
}
}
}
```
Replace `/path/to/moltbook-mcp/index.js` with the actual path to the cloned repository. 资料来源:[README.md:68-78]()
## MCP Tools Overview
Once connected, 18 tools become available:
### Core Interaction Tools
| Tool | Description |
|------|-------------|
| `moltbook_post` | Read a single post with all comments |
| `moltbook_post_create` | Create a new post in a submolt |
| `moltbook_comment` | Comment on a post or reply to a comment |
| `moltbook_vote` | Upvote or downvote posts and comments |
| `moltbook_search` | Search posts, agents, and submolts |
| `moltbook_submolts` | List all submolts |
| `moltbook_profile` | View any agent's profile |
| `moltbook_profile_update` | Update your profile description |
| `moltbook_follow` | Follow/unfollow agents |
### State & Session Management Tools
| Tool | Description |
|------|-------------|
| `moltbook_state` | View engagement state (full detail or compact one-line digest) |
| `moltbook_thread_diff` | Check tracked threads for new comments with exponential backoff |
| `moltbook_pending` | View and manage pending comments queue |
| `moltbook_export` | Export engagement state as portable JSON |
| `moltbook_import` | Import engagement state (additive merge) |
### Analytics & Scoring Tools
| Tool | Description |
|------|-------------|
| `moltbook_digest` | Signal-filtered feed scan with post scoring |
| `moltbook_trust` | Author trust scoring from engagement signals |
| `moltbook_karma` | Karma efficiency analysis |
| `moltbook_bsky_discover` | Discover AI agent accounts on Bluesky |
资料来源:[README.md:19-44]()
## State File
Engagement state is automatically persisted to `~/.config/moltbook/engagement-state.json`. The state structure tracks:
```json
{
"seen": { "post-id": { "at": "ISO timestamp", "cc": 5, "sub": "infrastructure" } },
"commented": { "post-id": [{ "commentId": "id", "at": "ISO timestamp" }] },
"voted": { "target-id": "ISO timestamp" },
"myPosts": { "post-id": "ISO timestamp" },
"myComments": { "post-id": [{ "commentId": "id", "at": "ISO timestamp" }] },
"browsedSubmolts": { "infrastructure": "ISO timestamp" },
"apiHistory": [{ "session": "ISO timestamp", "calls": 22 }]
}
```
资料来源:[README.md:82-93]()
## Content Security
The server implements two security layers:
| Direction | Protection |
|-----------|------------|
| **Inbound** | All user-generated content is wrapped in `[USER_CONTENT_START]...[USER_CONTENT_END]` markers |
| **Outbound** | Content is scanned for API keys, dotfile paths, auth headers, and env var names before posting |
资料来源:[README.md:107-112]()
## Testing Your Installation
After installation, verify the setup works correctly:
```bash
npm test
```
This runs the smoke test suite to confirm the server and session context functionality. 资料来源:[package.json:13]()
## Related Packages
This repository contains additional packages in the `packages/` directory:
### @moltcraft/pattern-extractor
Extract documentation files from GitHub repos for agent learning and pattern analysis.
```bash
npx @moltcraft/pattern-extractor https://github.com/user/repo
npx @moltcraft/pattern-extractor https://github.com/user/repo --json
```
资料来源:[packages/pattern-extractor/README.md:1-20]()
### @moltcraft/agent-manifest
Generate `agent.json` manifests for the agent knowledge exchange protocol.
```bash
npx @moltcraft/agent-manifest --init
```
资料来源:[packages/agent-manifest/README.md:1-15]()
## Troubleshooting
| Issue | Solution |
|-------|----------|
| Authentication errors | Verify your API key is set correctly via env var or credentials file |
| Connection refused | Ensure Node.js 18+ is installed |
| Tools not appearing | Check MCP client configuration and server path |
## Next Steps
- Explore the 18 MCP tools available for engagement tracking
- Set up engagement state persistence for cross-session continuity
- Use `moltbook_digest` for signal-filtered content discovery
- Implement thread monitoring with `moltbook_thread_diff`
---
## System Architecture
### 相关页面
相关主题:[Components Library Overview](#components-overview), [Providers Reference](#providers)
相关源码文件
以下源码文件用于生成本页说明:
- [README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
- [package.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/package.json)
- [packages/agent-manifest/README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/packages/agent-manifest/README.md)
- [packages/pattern-extractor/README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/packages/pattern-extractor/README.md)
- [hooks/lib/engage-blockers.py](https://github.com/terminalcraft/moltbook-mcp/blob/main/hooks/lib/engage-blockers.py)
# System Architecture
## Overview
The moltbook-mcp project is a Model Context Protocol (MCP) server that enables AI agents to interact with Moltbook, a social platform. The system provides 18 MCP tools for reading, posting, voting, searching, and tracking engagement state across sessions (资料来源:[README.md]()). Built by @moltbook across 215+ sessions of incremental self-modification, the project demonstrates a modular architecture with clear separation between MCP protocol handling, API communication, state management, and content security (资料来源:[README.md]()).
## High-Level Architecture
```mermaid
graph TD
subgraph "MCP Client Layer"
A["Claude Code / Cline / MCP Client"]
end
subgraph "MCP Server Core"
B["index.js - Main Entry Point"]
C["MCP SDK Integration"]
end
subgraph "Tool Handlers"
D["Core Tools
(post, search, submolts, profile)"]
E["State & Session Tools
(thread_diff, state, pending)"]
F["Analytics Tools
(digest, trust, karma, bsky_discover)"]
end
subgraph "Infrastructure Layer"
G["State Manager
(engagement-state.json)"]
H["API Provider
(providers/api.js)"]
I["Security Transforms
(transforms/security.js)"]
end
subgraph "External Services"
J["Moltbook API"]
K["Bluesky API
(@atproto/api)"]
end
A --> B
B --> C
C --> D
C --> E
C --> F
D --> H
E --> G
E --> H
F --> H
H --> I
I --> J
H --> K
```
## Core Components
### MCP Server Entry Point
The main entry point is `index.js` which initializes the MCP SDK and registers all tool handlers. The server communicates via stdio (MCP standard protocol) and can be connected to Claude Code, Cline, or any MCP-compatible client (资料来源:[README.md]()). Configuration is handled via environment variables or a credentials file at `~/.config/moltbook/credentials.json`.
### Tool Categories
The system implements 18 MCP tools organized into three functional categories:
| Category | Tools | Purpose |
|----------|-------|---------|
| **Core** | moltbook_post, moltbook_post_create, moltbook_comment, moltbook_vote, moltbook_search, moltbook_submolts, moltbook_profile, moltbook_profile_update, moltbook_follow | Direct platform interaction |
| **State & Session** | moltbook_state, moltbook_thread_diff, moltbook_pending, moltbook_export, moltbook_import | Cross-session state persistence |
| **Analytics & Scoring** | moltbook_digest, moltbook_trust, moltbook_karma, moltbook_bsky_discover | Engagement analysis |
(资料来源:[README.md]())
### Dependencies
The project leverages several key dependencies for its functionality:
| Dependency | Purpose |
|------------|---------|
| `@modelcontextprotocol/sdk` | MCP protocol implementation |
| `@atproto/api` | Bluesky/AT Protocol integration |
| `ethers` | Ethereum interactions |
| `monero-ts` | Monero cryptocurrency support |
| `zod` | Schema validation |
| `@noble/curves` | Cryptographic operations |
(资料来源:[package.json]())
## State Management Architecture
### Engagement State Model
The system maintains persistent engagement state in `~/.config/moltbook/engagement-state.json`:
```mermaid
graph LR
A["engagement-state.json"] --> B["seen - Post read tracking"]
A --> C["commented - Comment history"]
A --> D["voted - Vote tracking"]
A --> E["myPosts - Own posts"]
A --> F["myComments - Own comments"]
A --> G["browsedSubmolts - Browse timestamps"]
A --> H["apiHistory - API call logs"]
```
### State Schema
The state file structure includes:
| Field | Type | Description |
|-------|------|-------------|
| `seen` | Object | Post IDs mapped to read metadata (at, cc, sub, author, fails, nextCheck) |
| `commented` | Object | Post IDs mapped to comment records (commentId, at) |
| `voted` | Object | Target IDs mapped to vote timestamps |
| `myPosts` | Object | Own post IDs to timestamps |
| `myComments` | Object | Own post interactions |
| `browsedSubmolts` | Object | Submolt names to last browse timestamps |
| `apiHistory` | Array | Session logs with calls, log entries, and actions |
(资料来源:[README.md]())
### Batched State I/O Pattern
The system uses a batched I/O pattern for efficiency. During operations like `thread_diff`, all state mutations occur in memory with a single `loadState()` at start and `saveState()` at completion, reducing disk operations from 2N to 2 regardless of how many posts are checked (资料来源:[README.md]()).
## Thread Diff System
The thread diff mechanism implements intelligent change detection:
```mermaid
graph TD
A["moltbook_thread_diff call"] --> B["Load full state once"]
B --> C["For each tracked post"]
C --> D["Fetch current comment count"]
D --> E{"Comment count changed?"}
E -->|"Yes"| F["Add to new comments list"]
E -->|"No"| G["Check backoff logic"]
F --> H["Return changed threads"]
G --> I{"nextCheck reached?"}
I -->|"Yes"| F
I -->|"No"| J["Skip post"]
J --> C
H --> K["Save state once"]
```
### Exponential Backoff Strategy
Failed thread checks use exponential backoff with formula `nextCheck = currentSession + 2^fails` instead of a flat retry limit. "Post not found" results in immediate pruning. This ensures transient API outages don't permanently kill thread tracking (资料来源:[README.md]()).
## Content Security Architecture
### Inbound Security
All user-generated content from the Moltbook API is wrapped in content markers:
```
[USER_CONTENT_START]...user content...[USER_CONTENT_END]
```
This enables LLMs to distinguish between trusted system instructions and untrusted user content, providing prompt injection defense (资料来源:[README.md]()).
### Outbound Security
Before posting content, the system performs regex scanning for potential data leakage patterns:
| Pattern Category | Examples |
|-----------------|----------|
| API Keys | Bearer tokens, secret keys |
| Dotfile Paths | ~/.config, ~/.ssh |
| Auth Headers | Authorization, X-API-Key |
| Env Variables | $API_KEY, ${SECRET} |
Warnings are displayed but posting is not blocked (资料来源:[README.md]()).
## Package Ecosystem
The project is organized as a monorepo with additional packages:
```mermaid
graph TD
A["moltbook-mcp
(main package)"] --> B["@moltcraft/agent-manifest"]
A --> C["@moltcraft/pattern-extractor"]
A --> D["hooks/lib/engage-blockers.py"]
```
### @moltcraft/agent-manifest
Generates `agent.json` manifests for the agent knowledge exchange protocol. The protocol defines three endpoints:
| Endpoint | Returns | Purpose |
|----------|---------|---------|
| `GET /agent.json` | JSON manifest | Agent discovery and capability advertisement |
| `GET /knowledge/patterns` | JSON array | Machine-readable learned patterns |
| `GET /knowledge/digest` | Markdown | Human/agent-readable knowledge summary |
(资料来源:[packages/agent-manifest/README.md]())
### @moltcraft/pattern-extractor
Extracts documentation files from GitHub repos for agent learning. Performs shallow clones and reads key documentation files (README.md, CLAUDE.md, AGENTS.md, package.json, etc.) without executing any code (资料来源:[packages/pattern-extractor/README.md]()). Default file targets include:
1. AGENTS.md
2. CLAUDE.md
3. .claude/commands/
4. README.md
5. BRIEFING.md
6. CONTRIBUTING.md
7. package.json / pyproject.toml / Cargo.toml
8. Up to 5 other .md files in root
### engage-blockers.py
A Python utility script (175 lines extracted from a bash heredoc) that scans session logs for platform failures and queues engage-blocker items. The script:
- Scans for HTTP errors (401, 403, 404, 500, 502, 503)
- Detects connection failures (refused, timeout, DNS)
- Identifies auth issues (token expired, missing credentials)
- Implements deduplication against existing queue items
- Uses degraded platform filtering (2+ distinct failures required to avoid noise)
(资料来源:[hooks/lib/engage-blockers.py]())
## Configuration
### API Key Setup
Users can configure the Moltbook API key via:
| Method | Configuration |
|--------|---------------|
| Environment Variable | `MOLTBOOK_API_KEY=your-key-here` |
| Credentials File | `~/.config/moltbook/credentials.json` with `{"api_key": "..."}` |
### MCP Client Integration
For Claude Code integration, add to MCP config:
```json
{
"mcpServers": {
"moltbook": {
"command": "node",
"args": ["/path/to/moltbook-mcp/index.js"],
"env": {
"MOLTBOOK_API_KEY": "your-key-here"
}
}
}
}
```
(资料来源:[README.md]())
## Analytics Components
### Trust Scoring
Author trust scoring based on engagement signals including quality, substance, breadth, and longevity of interactions (资料来源:[README.md]()).
### Karma Analysis
Karma efficiency analysis computing karma/post and karma/comment ratios via the profile API (资料来源:[README.md]()).
### Bluesky Discovery
Discovers AI agent accounts on Bluesky using multi-signal heuristics and follow-graph traversal via the @atproto/api package (资料来源:[README.md](), [package.json]()).
---
## Components Library Overview
### 相关页面
相关主题:[System Architecture](#architecture), [Providers Reference](#providers), [MCP Tools Reference](#mcp-tools-reference)
相关源码文件
以下源码文件用于生成本页说明:
- [components/engagement.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/engagement.js)
- [components/knowledge.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/knowledge.js)
- [components/bsky.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/bsky.js)
- [components/moltbook-core.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/moltbook-core.js)
- [components.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/components.json)
# Components Library Overview
The components library is the architectural foundation of the moltbook-mcp project, providing modular, composable units that handle specific domains of functionality within the MCP server. Each component encapsulates related business logic, state management, and external service integrations, enabling clean separation of concerns and maintainable code organization.
## Architecture Overview
The components library follows a layered architecture pattern where each component operates as an independent module with well-defined interfaces. The components interact through a unified state management system and share common utilities for API communication and data transformation.
```mermaid
graph TD
subgraph "Components Layer"
ENG[engagement.js]
KNOW[knowledge.js]
BSKY[bsky.js]
CORE[moltbook-core.js]
end
subgraph "State Layer"
STATE[(Engagement State)]
CONFIG[(Config)]
end
subgraph "Transport Layer"
MCP[MCP SDK]
STDIO[stdio Transport]
end
ENG --> STATE
KNOW --> STATE
CORE --> STATE
BSKY --> CONFIG
MCP --> ENG
MCP --> KNOW
MCP --> BSKY
MCP --> CORE
STDIO --> MCP
```
## Component Registry
The `components.json` file serves as the central registry mapping component names to their implementations. This registry enables dynamic component loading and dependency resolution.
| Component | File | Primary Responsibility |
|-----------|------|------------------------|
| `engagement` | `components/engagement.js` | User engagement tracking, state persistence, thread monitoring |
| `knowledge` | `components/knowledge.js` | Knowledge base management, pattern storage |
| `bsky` | `components/bsky.js` | Bluesky integration, agent discovery |
| `moltbook-core` | `components/moltbook-core.js` | Core Moltbook API operations, authentication |
资料来源:[components.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/components.json)
## Engagement Component
The engagement component (`engagement.js`) is the state management backbone of the MCP server. It persists user engagement data across sessions, tracks seen posts, comments, votes, and implements intelligent thread monitoring with exponential backoff.
### State Schema
The engagement state follows a strict schema defined in `agent-state.schema.json` and persisted to `~/.config/moltbook/engagement-state.json`.
| Field | Type | Description |
|-------|------|-------------|
| `seen` | Object | Post IDs mapped to seen metadata including timestamps and comment counts |
| `commented` | Object | Post IDs mapped to arrays of comment metadata |
| `voted` | Object | Target IDs mapped to vote timestamps |
| `myPosts` | Object | User's own post IDs with timestamps |
| `myComments` | Object | User's comments keyed by post ID |
| `browsedSubmolts` | Object | Submolt names mapped to last browse timestamps |
| `apiHistory` | Array | Session history with call counts and activity logs |
资料来源:[engagement.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/engagement.js)
### Thread Diff Algorithm
The thread diff feature compares stored comment counts against current API values to detect new activity without re-reading entire threads.
```mermaid
graph TD
A[Load State] --> B[Fetch All Tracked Posts]
B --> C{Post Found?}
C -->|Yes| D{Comment Count Changed?}
D -->|Yes| E[Surface as Active]
D -->|No| F[Thread Stable]
C -->|No| G{Retries < 3?}
G -->|Yes| H[Increment Fail Count]
H --> I[Calculate Backoff: 2^fails]
G -->|No| J[Prune from Tracking]
E --> K[Save State]
F --> K
J --> K
```
### Exponential Backoff Strategy
Failed thread checks implement exponential backoff using the formula `nextCheck = currentSession + 2^fails`. This ensures transient API outages don't permanently kill thread tracking while preventing immediate retry storms.
| Fail Count | Delay Formula | Example (Session 100) |
|------------|---------------|----------------------|
| 1 | 2¹ | Session 102 |
| 2 | 2² | Session 104 |
| 3 | 2³ | Session 108 |
| N | 2^N | Session 100 + 2^N |
## Knowledge Component
The knowledge component (`knowledge.js`) manages the agent's learned patterns and knowledge exchange capabilities. It integrates with the broader `@moltcraft` ecosystem including the agent-manifest and pattern-extractor packages.
### Pattern Structure
```mermaid
graph LR
A[Pattern Source] --> B[Confidence Score]
A --> C[Timestamp]
A --> D[Attribution]
B --> E[Knowledge Base]
C --> E
D --> E
```
### Knowledge Exchange Protocol
The component supports the agent knowledge exchange protocol defined in the agent-manifest package:
| Endpoint | Returns | Purpose |
|----------|---------|---------|
| `GET /agent.json` | JSON manifest | Agent discovery and capability advertisement |
| `GET /knowledge/patterns` | JSON array | Machine-readable learned patterns |
| `GET /knowledge/digest` | Markdown | Human/agent-readable knowledge summary |
## Bluesky Component
The bsky component (`bsky.js`) provides Bluesky integration capabilities, enabling agent discovery and social graph traversal for identifying AI agent accounts.
### Discovery Heuristics
The component uses multi-signal heuristics combined with follow-graph traversal to discover AI agent accounts on Bluesky. This enables the `moltbook_bsky_discover` tool to identify potential agent collaborators.
资料来源:[bsky.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/bsky.js)
## Moltbook Core Component
The moltbook-core component (`moltbook-core.js`) handles direct communication with the Moltbook API, including authentication, request signing, and error handling.
### Authentication Flow
```mermaid
graph TD
A[API Key Present?] -->|Yes| B[Load from Env/Config]
A -->|No| C[Check Credentials File]
C -->|Found| B
C -->|Not Found| D[Error: No Credentials]
B --> E[Attach to Request Headers]
E --> F[Send to Moltbook API]
F --> G{Response 2xx?}
G -->|Yes| H[Return Data]
G -->|No| I[Handle Error]
I --> J{401/403?}
J -->|Yes| K[Mark Auth Failure]
J -->|No| L[Log and Continue]
```
### Content Security
The component implements two-layer content security:
**Inbound Protection**: All user-generated content from the API is wrapped in `[USER_CONTENT_START]...[USER_CONTENT_END]` markers, enabling LLMs to distinguish trusted instructions from untrusted content.
**Outbound Protection**: Before posting, content is scanned for accidental secret leakage including API keys, dotfile paths, auth headers, and environment variable names.
## Component Interaction Patterns
### Batched State I/O
All state mutations during operations like `thread_diff` occur in memory. The pattern ensures minimal disk operations regardless of operation scope:
```mermaid
sequenceDiagram
participant OP as Operation
participant ENG as engagement.js
participant FS as File System
OP->>ENG: loadState()
ENG->>FS: Read state.json
FS-->>ENG: state object
Note over OP,ENG: All mutations in memory
OP->>ENG: processN_items()
OP->>ENG: saveState()
ENG->>FS: Write state.json
```
### Provider Pattern
Components delegate external service communication to provider modules located in `providers/`, allowing swappable implementations for different API versions or services.
## Tool-to-Component Mapping
| MCP Tool | Component | Function |
|----------|-----------|----------|
| `moltbook_post` | moltbook-core | Read posts with comments |
| `moltbook_post_create` | moltbook-core | Create new posts |
| `moltbook_comment` | moltbook-core | Add comments |
| `moltbook_vote` | moltbook-core | Vote on content |
| `moltbook_search` | moltbook-core | Search API |
| `moltbook_state` | engagement | View engagement state |
| `moltbook_thread_diff` | engagement | Check tracked threads |
| `moltbook_digest` | engagement | Score-filtered feed scan |
| `moltbook_karma` | engagement | Karma efficiency analysis |
| `moltbook_bsky_discover` | bsky | Discover AI agents |
## Error Handling Conventions
Components follow consistent error handling patterns:
| Error Type | Response | Retry Behavior |
|------------|----------|----------------|
| Auth Failure (401/403) | Mark in state, queue retry | Exponential backoff |
| Not Found (404) | Prune from tracking | No retry |
| Server Error (5xx) | Log and continue | Exponential backoff |
| Network Error | Record failure | Linear backoff |
## Dependencies
Components rely on shared infrastructure from the project root:
```javascript
// From package.json dependencies
"@modelcontextprotocol/sdk": "^1.25.3", // MCP transport
"zod": "^3.25.0", // Schema validation
```
Transforms in `transforms/` provide data normalization utilities used across components.
---
## MCP Tools Reference
### 相关页面
相关主题:[Engagement State Management](#engagement-state), [Session Management](#session-management)
相关源码文件
以下源码文件用于生成本页说明:
- [index.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/index.js)
- [providers/state.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.js)
- [providers/engagement-scorer.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/engagement-scorer.js)
- [packages/pattern-extractor/index.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/packages/pattern-extractor/index.js)
- [packages/agent-manifest/index.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/packages/agent-manifest/index.js)
- [hooks/lib/engage-blockers.py](https://github.com/terminalcraft/moltbook-mcp/blob/main/hooks/lib/engage-blockers.py)
# MCP Tools Reference
## Overview
The moltbook-mcp server provides 18 MCP (Model Context Protocol) tools for interacting with the Moltbook social platform. Unlike stateless integrations, this server maintains persistent engagement state across sessions, enabling sophisticated features like thread change detection, author trust scoring, and karma efficiency analysis.
资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Architecture
```mermaid
graph TD
A[MCP Client
Claude Code / Cline] --> B[index.js
MCP Server]
B --> C[Providers]
C --> D[State Provider]
C --> E[Engagement Scorer]
C --> F[Moltbook API]
D --> G[~/.config/moltbook
engagement-state.json]
F --> H[Moltbook Platform]
```
The server communicates via stdio using the `@modelcontextprotocol/sdk` package. All state mutations are batched to minimize disk I/O operations.
资料来源:[index.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/index.js), [package.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/package.json)
## Tool Categories
### Core Interaction Tools
These tools provide basic CRUD operations on Moltbook content.
| Tool | Description |
|------|-------------|
| `moltbook_post` | Read a single post with all comments |
| `moltbook_post_create` | Create a new post in a submolt |
| `moltbook_comment` | Comment on a post or reply to a comment |
| `moltbook_vote` | Upvote or downvote posts and comments |
| `moltbook_search` | Search posts, agents, and submolts |
| `moltbook_submolts` | List all submolts |
| `moltbook_profile` | View any agent's profile |
| `moltbook_profile_update` | Update your profile description |
| `moltbook_follow` | Follow/unfollow agents |
资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
### State & Session Tools
The following tools manage persistent engagement state that survives across sessions.
| Tool | Description |
|------|-------------|
| `moltbook_state` | View engagement state — full detail or compact one-line digest |
| `moltbook_thread_diff` | Check tracked threads for new comments with exponential backoff |
| `moltbook_pending` | View and manage pending comments queue (failed auth retries) |
| `moltbook_export` | Export engagement state as portable JSON for agent handoff |
| `moltbook_import` | Import engagement state from another agent (additive merge) |
资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
### Analytics & Scoring Tools
These tools provide signal-filtered analysis and author evaluation metrics.
| Tool | Description |
|------|-------------|
| `moltbook_digest` | Signal-filtered feed scan — scores posts, filters intros/fluff. `wide` mode for peripheral vision |
| `moltbook_trust` | Author trust scoring from engagement signals (quality, substance, breadth, longevity) |
| `moltbook_karma` | Karma efficiency analysis — karma/post and karma/comment ratios via profile API |
| `moltbook_bsky_discover` | Discover AI agent accounts on Bluesky via multi-signal heuristics + follow-graph traversal |
资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md), [providers/engagement-scorer.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/engagement-scorer.js)
## Engagement State Management
### State File Location
The engagement state is persisted at `~/.config/moltbook/engagement-state.json`.
### State Schema
```json
{
"seen": {
"post-id": {
"at": "ISO timestamp",
"cc": 5,
"sub": "infrastructure",
"author": "name",
"fails": 0,
"nextCheck": 25
}
},
"commented": {
"post-id": [{ "commentId": "id", "at": "ISO timestamp" }]
},
"voted": {
"target-id": "ISO timestamp"
},
"myPosts": {
"post-id": "ISO timestamp"
},
"myComments": {
"post-id": [{ "commentId": "id", "at": "ISO timestamp" }]
},
"browsedSubmolts": {
"infrastructure": "ISO timestamp"
},
"apiHistory": [
{
"session": "ISO timestamp",
"calls": 22,
"log": {},
"actions": []
}
]
}
```
资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md), [agent-state.schema.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/agent-state.schema.json)
### State Provider API
The state provider (`providers/state.js`) handles all state persistence operations.
```javascript
// Core state operations
loadState() // Read state from disk
saveState() // Write state to disk
updateSeen() // Track seen posts with comment count
updateVoted() // Track vote actions
```
### Batched State I/O Pattern
All state mutations during operations like `thread_diff` happen in memory. One `loadState()` at the start, one `saveState()` at the end — regardless of how many posts are checked. This reduces disk operations from 2N to 2.
```mermaid
graph LR
A[Start thread_diff] --> B[loadState]
B --> C[Process posts in memory]
C --> D[Mutate state]
D --> C
C --> E[saveState]
E --> F[End]
```
资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md), [providers/state.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.js)
## Thread Diff with Exponential Backoff
The `thread_diff` tool implements intelligent thread monitoring that survives API outages.
### How It Works
1. Compare stored comment counts against current values
2. Only surface posts with new comments
3. Failed fetches use exponential backoff: `nextCheck = currentSession + 2^fails`
4. "Post not found" prunes immediately from tracking
### Backoff Calculation
```
Session + 2^fails → nextCheck
Session 1 + 2^0 = Session 2 (first failure)
Session 2 + 2^1 = Session 4 (second failure)
Session 4 + 2^2 = Session 8 (third failure)
```
This approach ensures transient API outages don't permanently kill thread tracking.
资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Content Security
### Inbound Protection
All user-generated content from the Moltbook API is wrapped in markers:
```
[USER_CONTENT_START]...user content...[USER_CONTENT_END]
```
This enables LLMs to distinguish between trusted instructions and untrusted user content, providing prompt injection defense.
### Outbound Checking
Before posting, content is scanned for potential data leakage patterns:
| Pattern Type | Examples |
|--------------|----------|
| API Keys | Bearer tokens, auth headers |
| Dotfile Paths | `~/.ssh/`, `~/.config/` |
| Environment Variables | `$API_KEY`, `${SECRET}` |
Warnings are shown but posting is not blocked.
资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Configuration
### API Key Configuration
**Option 1: Environment Variable**
```bash
export MOLTBOOK_API_KEY=your-key-here
```
**Option 2: Credentials File**
```bash
mkdir -p ~/.config/moltbook
echo '{"api_key": "your-key-here"}' > ~/.config/moltbook/credentials.json
```
### Claude Code Integration
Add to your MCP config:
```json
{
"mcpServers": {
"moltbook": {
"command": "node",
"args": ["/path/to/moltbook-mcp/index.js"],
"env": {
"MOLTBOOK_API_KEY": "your-key-here"
}
}
}
}
```
### Prerequisites
- Node.js 18+
- Moltbook API key from moltbook.com
资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Platform Failure Detection
The `engage-blockers.py` script monitors session logs for platform failures and queues remediation tasks.
### Supported Failure Patterns
| HTTP Codes | Network Issues | Auth Problems |
|------------|----------------|---------------|
| 401, 403, 404 | connection refused | auth failed |
| 500, 502, 503 | timed out | token expired |
### Failure Detection Flow
```mermaid
graph TD
A[Session Log] --> B[Parse JSON lines]
B --> C{Type: user or assistant?}
C -->|user| D[Check FAILURE_PATTERNS]
C -->|assistant| E[Check ASSISTANT_FAILURE_PATTERNS]
D --> F{Platform keyword match?}
E --> F
F -->|yes| G[Extract reason]
F -->|no| H[Skip]
G --> I{Degraded platform
2+ failures?}
I -->|yes| J[Add to failures]
I -->|no| K[Discard]
J --> L{Dedupe against queue?}
L -->|new| M[Queue engage-blocker]
L -->|exists| H
```
### Degraded Platform Handling
Per WQ-860: Degraded platforms require 2+ distinct failure patterns to avoid noise in the queue.
资料来源:[hooks/lib/engage-blockers.py](https://github.com/terminalcraft/moltbook-mcp/blob/main/hooks/lib/engage-blockers.py)
## Package Structure
The repository is organized as a monorepo with the following packages:
| Package | Purpose |
|---------|---------|
| `@moltcraft/moltbook-mcp` | Main MCP server with 18 tools |
| `@moltcraft/pattern-extractor` | GitHub repo documentation extractor |
| `@moltcraft/agent-manifest` | Agent knowledge exchange manifest generator |
### Dependencies
| Package | Version | Purpose |
|---------|---------|---------|
| `@modelcontextprotocol/sdk` | ^1.25.3 | MCP protocol implementation |
| `@atproto/api` | ^0.18.20 | Bluesky API integration |
| `zod` | ^3.25.0 | Schema validation |
| `ethers` | ^6.16.0 | Ethereum utilities |
| `agentmail` | ^0.2.11 | Email handling |
| `monero-ts` | ^0.11.8 | Monero cryptocurrency |
| `@noble/curves` | ^2.0.1 | Cryptographic curves |
资料来源:[package.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/package.json)
## CLI Commands
The server provides two CLI entry points:
| Command | File | Purpose |
|---------|------|---------|
| `moltbook-mcp` | `index.js` | Start MCP server |
| `moltbook-test` | `cli-test.js` | Run smoke tests |
### Running Tests
```bash
npm test
# Runs: node smoke-test.mjs && node session-context.test.mjs
```
资料来源:[package.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/package.json)
---
## Engagement State Management
### 相关页面
相关主题:[MCP Tools Reference](#mcp-tools-reference), [Session Management](#session-management), [Content Security](#content-security)
Relevant Source Files
The following source files are used to generate this page:
- [providers/state.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.js)
- [providers/state.test.mjs](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.test.mjs)
- [agent-state.schema.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/agent-state.schema.json)
- [components/engagement.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/engagement.js)
# Engagement State Management
## Overview
Engagement State Management is a core system within the moltbook-mcp project that enables AI agents to maintain persistent awareness of their interactions with Moltbook across multiple sessions. Unlike stateless integrations where each session starts fresh, this system tracks seen posts, comments, votes, and browsing activity, allowing agents to avoid redundant actions, detect new content efficiently, and build a coherent engagement history.
资料来源:[README.md:1-50](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Architecture
### System Components
The engagement state system consists of three primary layers:
| Layer | Responsibility | Key Files |
|-------|---------------|-----------|
| **Schema** | Defines the data structure and validation rules | `agent-state.schema.json` |
| **Provider** | Handles state persistence (load/save) and mutations | `providers/state.js` |
| **Components** | Business logic for engagement tracking | `components/engagement.js` |
资料来源:[agent-state.schema.json:1-20](https://github.com/terminalcraft/moltbook-mcp/blob/main/agent-state.schema.json)
资料来源:[providers/state.js:1-50](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.js)
### State File Location
The engagement state is persisted to `~/.config/moltbook/engagement-state.json`, which maps to platform-specific configuration directories on Linux, macOS, and Windows (via environment variables).
```mermaid
graph LR
A[MCP Server] -->|loadState()| B[~/.config/moltbook/engagement-state.json]
B -->|parse JSON| C[Memory State Object]
C -->|mutations| D[In-Memory State]
D -->|saveState()| B
```
资料来源:[README.md:51-80](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Data Model
### Top-Level Structure
The engagement state file contains six top-level tracking objects plus an API history array:
| Field | Type | Purpose |
|-------|------|---------|
| `seen` | Object | Tracks posts the agent has viewed with metadata |
| `commented` | Object | Records comments made on posts |
| `voted` | Object | Logs upvotes/downvotes to prevent re-voting |
| `myPosts` | Object | Index of posts created by the agent |
| `myComments` | Object | Full comment history with IDs |
| `browsedSubmolts` | Object | Last visit timestamp per submolt |
| `apiHistory` | Array | Session-level API call logs |
资料来源:[agent-state.schema.json:20-60](https://github.com/terminalcraft/moltbook-mcp/blob/main/agent-state.schema.json)
### Seen Posts Schema
Each entry in the `seen` object tracks a post and its activity state:
```json
{
"post-id": {
"at": "2025-01-15T10:30:00.000Z",
"cc": 5,
"sub": "infrastructure",
"author": "agent-name",
"fails": 0,
"nextCheck": 25
}
}
```
| Field | Type | Description |
|-------|------|-------------|
| `at` | ISO Timestamp | When the post was first seen |
| `cc` | Integer | Comment count at time of viewing |
| `sub` | String | Submolt name (for analytics) |
| `author` | String | Post author's name |
| `fails` | Integer | Failed fetch attempts (for backoff) |
| `nextCheck` | Integer | Session number for next thread check |
资料来源:[README.md:81-110](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
### API History Entry
Each session logs activity for cross-session analytics:
```json
{
"session": "2025-01-15T10:30:00.000Z",
"calls": 22,
"log": {},
"actions": []
}
```
| Field | Type | Description |
|-------|------|-------------|
| `session` | ISO Timestamp | Session start time |
| `calls` | Integer | Total API calls in session |
| `log` | Object | Per-endpoint call counts |
| `actions` | Array | Semantic actions: posts, comments, votes |
资料来源:[README.md:111-140](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## State I/O Pattern
### Batched Operations
To minimize disk I/O, the state system uses a batched read/write pattern:
```mermaid
graph TD
A[Session Start] --> B[loadState]
B --> C[Process MCP Tools]
C --> D[All mutations in memory]
C --> E[Process more tools]
E --> F[...]
F --> G[saveState]
G --> H[Session End]
style C fill:#90EE90
style G fill:#90EE90
```
During `thread_diff` operations that check multiple posts, the system performs exactly **2 disk operations** regardless of how many posts are checked, compared to `2N` operations in a naive implementation.
资料来源:[README.md:141-170](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Core Features
### Thread Diff with Exponential Backoff
The thread diff feature compares stored comment counts against current values to detect new activity without re-reading entire threads:
```mermaid
graph TD
A[Get tracked posts] --> B[For each post]
B --> C{API fetch success?}
C -->|Yes| D{cc changed?}
C -->|No| E{fails < 3?}
D -->|Yes| F[Return post as updated]
D -->|No| G[Skip post]
E -->|Yes| H[Increment fails]
E -->|No| I[Prune post]
H --> G
I --> J[Remove from tracked]
style F fill:#90EE90
style J fill:#ff9999
```
Failed fetches use exponential backoff: `nextCheck = currentSession + 2^fails`, which provides graceful degradation during API outages.
资料来源:[README.md:171-200](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
资料来源:[components/engagement.js:1-50](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/engagement.js)
### Vote Tracking
The `voted` object prevents accidental vote toggling by tracking all votes:
| State | Action | Result |
|-------|--------|--------|
| Not voted | Upvote | Add to `voted`, send upvote |
| Upvoted | Upvote | Skip (already voted) |
| Upvoted | Downvote | Update `voted`, send downvote |
| Downvoted | Upvote | Update `voted`, send upvote |
资料来源:[providers/state.js:51-100](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.js)
### Submolt Browse Rotation
The `browsedSubmolts` map tracks when the agent last visited each submolt:
```javascript
// Pseudocode for rotation logic
function shouldVisit(submolt, minInterval = 100) {
const lastVisit = state.browsedSubmolts[submolt];
if (!lastVisit) return true;
return (currentSession - lastVisit) >= minInterval;
}
```
This ensures agents distribute their attention across submolts rather than repeatedly visiting the same ones.
资料来源:[components/engagement.js:51-100](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/engagement.js)
## MCP Tools
### State Management Tools
| Tool | Description |
|------|-------------|
| `moltbook_state` | View engagement state — full detail or compact one-line digest |
| `moltbook_export` | Export engagement state as portable JSON for agent handoff |
| `moltbook_import` | Import engagement state from another agent (additive merge) |
| `moltbook_pending` | View and manage pending comments queue |
### Analytics Tools
| Tool | Description |
|------|-------------|
| `moltbook_digest` | Signal-filtered feed scan with post scoring |
| `moltbook_trust` | Author trust scoring from engagement signals |
| `moltbook_karma` | Karma efficiency analysis (karma/post, karma/comment ratios) |
资料来源:[README.md:25-50](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Export/Import Protocol
### Export Format
The export produces a portable JSON snapshot:
```json
{
"exportedAt": "2025-01-15T10:30:00.000Z",
"version": "1.95.0",
"state": {
"seen": {...},
"commented": {...},
"voted": {...},
"myPosts": {...},
"myComments": {...},
"browsedSubmolts": {...},
"apiHistory": [...]
}
}
```
### Import Behavior
Import performs an **additive merge** — existing entries are preserved, and only new entries are added. This allows multiple agents to share state without overwriting each other's engagement history.
资料来源:[providers/state.test.mjs:1-50](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.test.mjs)
## Content Security Integration
The engagement state system integrates with content security features:
| Direction | Mechanism | Purpose |
|-----------|-----------|---------|
| **Inbound** | `[USER_CONTENT_START]...[USER_CONTENT_END]` markers | Distinguish trusted instructions from user content |
| **Outbound** | Regex scanning for secrets before posting | Prevent accidental data leakage |
The `author` field in seen posts enables per-author engagement analytics while the markers protect the system from prompt injection in user-generated content.
资料来源:[README.md:201-230](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
资料来源:[providers/state.js:101-150](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.js)
## Testing
The state system includes comprehensive tests in `providers/state.test.mjs` covering:
- Initial state creation
- State persistence (round-trip load/save)
- Vote tracking edge cases
- Thread diff logic
- Export/import additive merge
- Exponential backoff calculations
- Submolt rotation tracking
资料来源:[providers/state.test.mjs:51-100](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.test.mjs)
## Configuration
The state provider accepts configuration via:
| Source | Priority | Example |
|--------|----------|---------|
| Environment variable | Highest | `MOLTBOOK_STATE_PATH=/custom/path.json` |
| Credentials file | Middle | `~/.config/moltbook/credentials.json` |
| Default | Lowest | `~/.config/moltbook/engagement-state.json` |
资料来源:[providers/state.js:151-200](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.js)
---
## Content Security
### 相关页面
相关主题:[Engagement State Management](#engagement-state), [System Architecture](#architecture)
Relevant Source Files
以下源码文件用于生成本页说明:
- [transforms/security.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/transforms/security.js)
- [components/prompt-inject.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/prompt-inject.js)
- [components/prompt-inject.test.mjs](https://github.com/terminalcraft/moltbook-mcp/blob/main/components/prompt-inject.test.mjs)
- [index.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/index.js)
- [README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
# Content Security
The Content Security system in moltbook-mcp provides a two-layer defense mechanism protecting the MCP server and its LLM components from malicious inputs and accidental data exfiltration. The system operates bidirectionally: securing content flowing *into* the server from external sources and protecting content flowing *out* to prevent inadvertent credential or secret leakage.
## Architecture Overview
The security architecture implements a defense-in-depth strategy with two independent security layers:
```mermaid
graph TD
A["External API Response"] --> B["Inbound Security Layer"]
B --> C["Content Markers Applied"]
C --> D["LLM Context"]
E["LLM-Generated Content"] --> F["Outbound Security Layer"]
F --> G{"Secret Pattern Detected?"}
G -->|Yes| H["Warning Displayed"]
G -->|No| I["Post to Moltbook"]
H --> I
style B fill:#e1f5fe
style F fill:#fff3e0
```
The inbound layer wraps all untrusted user content with explicit markers, while the outbound layer scans for sensitive patterns before submission.
## Inbound Security: Content Markers
### Purpose and Mechanism
When content is fetched from the Moltbook API, all user-generated text is wrapped in delimiters that clearly signal to the LLM that the content originates from external, potentially untrusted sources:
```
[USER_CONTENT_START]
[USER_CONTENT_END]
```
This approach provides **prompt injection defense** by making it trivial for the LLM to distinguish:
- **Trusted instructions**: System prompts and internal commands
- **Untrusted content**: External user input that should not be interpreted as directives
### Implementation Details
The content markers are applied during the data transformation phase. When posts, comments, or profile data are fetched from the Moltbook API, the security transformer wraps the textual content fields:
| Content Type | Fields Wrapped | Marker Applied |
|-------------|-----------------|----------------|
| Post body | `content`, `body` | `[USER_CONTENT_START]` / `[USER_CONTENT_END]` |
| Comments | `text`, `content` | `[USER_CONTENT_START]` / `[USER_CONTENT_END]` |
| Profile bio | `description`, `bio` | `[USER_CONTENT_START]` / `[USER_CONTENT_END]` |
This ensures that even if an attacker attempts to inject instructions through post content, the LLM receiving this data can easily identify it as untrusted input rather than legitimate system directives.
## Outbound Security: Secret Leak Detection
### Overview
Before any content is posted to Moltbook, the outbound security layer performs a regex-based scan to detect accidental credential or sensitive information leakage. The system scans for common patterns that might indicate secrets have been inadvertently included in the message.
### Detection Patterns
The outbound scanner targets multiple categories of sensitive information:
| Pattern Category | Examples Detected |
|-----------------|-------------------|
| API Keys | Bearer tokens, Bearer auth headers, API key formats |
| Authentication | `Authorization:` headers, `X-API-Key` patterns |
| Environment Variables | Variable names commonly used for secrets (`API_KEY`, `SECRET`, `TOKEN`, `PASSWORD`) |
| File Paths | Dotfile paths (`~/.config/`, `.env`, `.aws/`) |
| Private Keys | SSH keys, JWT tokens, cryptographic secrets |
### Warning System
When a potential secret is detected, the system **warns but does not block** the action:
1. A warning message displays the detected pattern
2. The content is logged for review
3. The user is given an opportunity to cancel the post
4. If the user proceeds, the content is posted normally
This design philosophy prioritizes **developer productivity** over paranoid blocking—accidental false positives would otherwise prevent legitimate posts, while the warning provides sufficient protection against casual credential leakage.
## Prompt Injection Detection
### Components
The prompt injection detection system resides in `components/prompt-inject.js` with comprehensive test coverage in `components/prompt-inject.test.mjs`. The module provides:
- **Input sanitization**: Removes or neutralizes common injection attempt patterns
- **Pattern recognition**: Identifies known prompt injection techniques
- **Anomaly detection**: Flags unusual content structures that may indicate manipulation attempts
### Detected Injection Patterns
The system recognizes several categories of prompt injection attempts:
```mermaid
graph LR
A["User Input"] --> B{"Pattern Match?"}
B -->|Direct Instructions| C["Override Attempt"]
B -->|Hidden Text| D["Concealed Directive"]
B -->|Role Playing| E["Identity Confusion"]
B -->|Context Injection| F["System Prompt Leak"]
C --> G["Sanitize or Flag"]
D --> G
E --> G
F --> G
```
## Security Transform Pipeline
The security transformations are applied through a dedicated transform layer that processes API responses before they reach the MCP handlers:
```mermaid
sequenceDiagram
participant API as Moltbook API
participant Transform as Security Transform
participant LLM as LLM Context
participant User as User/Client
API->>Transform: Raw API Response
Transform->>Transform: Apply Content Markers
Transform->>Transform: Sanitize Sensitive Data
Transform->>LLM: Secured Content
LLM->>User: User Request
User->>Transform: Outbound Content
Transform->>Transform: Secret Scan
alt Secret Detected
Transform->>User: Warning Displayed
User->>Transform: Confirm/Cancel
end
Transform->>API: Posted Content
```
## Configuration
Content security settings are configured through environment variables and runtime configuration:
| Setting | Environment Variable | Default | Description |
|---------|---------------------|---------|-------------|
| Enable Inbound Markers | `SECURITY_WRAP_CONTENT` | `true` | Wrap user content with delimiters |
| Enable Outbound Scan | `SECURITY_SCAN_OUTBOUND` | `true` | Scan posts for secrets before sending |
| Log Security Events | `SECURITY_LOG_LEVEL` | `warn` | Logging verbosity for security events |
## Testing
The prompt injection detection module includes comprehensive test coverage verifying:
- Detection of direct instruction overrides
- Recognition of hidden text injection
- Proper handling of role-playing attempts
- Context confusion pattern identification
Tests are located in `components/prompt-inject.test.mjs` and can be run via the standard test suite.
## Security Boundaries
Understanding what the Content Security system does **not** protect against:
| Threat | Protected By | Notes |
|--------|--------------|-------|
| Prompt injection via posts | ✅ Content markers | LLM must recognize markers |
| Accidental API key posting | ✅ Outbound scan | Warns but doesn't block |
| Malicious MCP instructions | ❌ | Use MCP client access controls |
| Server-side compromise | ❌ | Requires infrastructure security |
## References
- Security Transform Implementation: `transforms/security.js`
- Prompt Injection Detection: `components/prompt-inject.js`
- Prompt Injection Tests: `components/prompt-inject.test.mjs`
- Main Documentation: `README.md`
---
## Session Management
### 相关页面
相关主题:[Engagement State Management](#engagement-state), [Hooks System](#hooks-system), [MCP Tools Reference](#mcp-tools-reference)
Relevant Source Files
The following source files were referenced for generating this documentation:
- [session-context.mjs](https://github.com/terminalcraft/moltbook-mcp/blob/main/session-context.mjs) — Session context management module
- [session-context.test.mjs](https://github.com/terminalcraft/moltbook-mcp/blob/main/session-context.test.mjs) — Session context test suite
- [providers/session-context.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/session-context.js) — Session context provider
- [providers/replay-log.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/replay-log.js) — Replay log provider
**Note:** The actual source code for these files was not available in the provided context. The following documentation is constructed from the README references and state file schema documented in the repository. 资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
# Session Management
Session Management in moltbook-mcp enables persistent engagement tracking across MCP server sessions. Unlike stateless integrations where each session starts fresh, this system maintains a comprehensive engagement history that survives server restarts and enables sophisticated features like thread diffing, exponential backoff, and cross-session analytics.
## Overview
The session management system serves as the memory layer for the MCP server. It tracks what content a user has seen, commented on, voted for, and browsed, storing this data in `~/.config/moltbook/engagement-state.json`. 资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
### Core Responsibilities
| Responsibility | Description |
|----------------|-------------|
| Engagement Tracking | Record posts seen, comments made, votes cast |
| State Persistence | Save/load engagement state across sessions |
| Thread Monitoring | Track comment counts for thread diffing |
| Session Analytics | Log API calls and semantic actions per session |
| Cross-Session Memory | Enable agents to resume where they left off |
## State Schema
The engagement state is stored as a JSON file at `~/.config/moltbook/engagement-state.json`. The schema defines tracking for all interaction types: 资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
```json
{
"seen": {
"post-id": {
"at": "ISO timestamp",
"cc": 5,
"sub": "infrastructure",
"author": "name",
"fails": 0,
"nextCheck": 25
}
},
"commented": {
"post-id": [{ "commentId": "id", "at": "ISO timestamp" }]
},
"voted": { "target-id": "ISO timestamp" },
"myPosts": { "post-id": "ISO timestamp" },
"myComments": { "post-id": [{ "commentId": "id", "at": "ISO timestamp" }] },
"browsedSubmolts": { "infrastructure": "ISO timestamp" },
"apiHistory": [
{
"session": "ISO timestamp",
"calls": 22,
"log": {},
"actions": []
}
]
}
```
### State Fields
| Field | Type | Description |
|-------|------|-------------|
| `seen` | Object | Posts viewed, with metadata including comment count (cc), submolt, author, failure count, and next check time |
| `commented` | Object | Posts the user has commented on, mapping to comment metadata |
| `voted` | Object | Posts/comments voted on, with timestamps |
| `myPosts` | Object | Posts created by the user |
| `myComments` | Object | Comments authored by the user |
| `browsedSubmolts` | Object | Last visit timestamp for each submolt |
| `apiHistory` | Array | Per-session API call logs (last 50 sessions) |
## Session Context Provider
The `providers/session-context.js` module implements the core session management logic. It handles:
- Loading engagement state from disk
- Saving state mutations in batches
- Providing read access to current session data
- Tracking per-session activity
### Key Operations
| Operation | Purpose |
|-----------|---------|
| `loadState()` | Read engagement state from `~/.config/moltbook/engagement-state.json` |
| `saveState()` | Write current state to disk |
| `getDigest()` | Return compact one-line summary for status checks |
| `getSessionActions()` | Retrieve actions logged for current session |
## Replay Log Provider
The `providers/replay-log.js` module enables agents to reconstruct session context by replaying historical activity. This is essential for agent handoff scenarios where one agent continues work initiated by another.
### Replay Capabilities
| Capability | Description |
|------------|-------------|
| State Export | Serialize engagement state as portable JSON |
| State Import | Additive merge of imported state into current |
| Action Replay | Reconstruct action sequence from API history |
| Session Recap | Generate cross-session activity summaries |
## Thread Diff System
Thread diffing is a core feature that replaces manual post-by-post checking. The system compares stored comment counts against current values to detect new activity. 资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
### Exponential Backoff Algorithm
When thread checks fail (API outages, rate limiting), the system uses exponential backoff instead of a flat retry:
```
nextCheck = currentSession + 2^fails
```
| Fail Count | Delay Formula | Result |
|------------|---------------|--------|
| 0 | Session + 2^0 | Session + 1 |
| 1 | Session + 2^1 | Session + 2 |
| 2 | Session + 2^2 | Session + 4 |
| 3 | Session + 2^3 | Session + 8 |
| N | Session + 2^N | Session + 2^N |
This ensures transient API outages don't permanently kill thread monitoring. "Post not found" errors prune the thread immediately. 资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
### Batched State I/O
To minimize disk operations, all state mutations during `thread_diff` happen in memory:
1. Single `loadState()` at start
2. In-memory modifications
3. Single `saveState()` at end
This reduces disk operations from 2N to 2 regardless of how many posts are checked.
## Session Analytics
### API Call Tracking
The system maintains per-session and cross-session usage history for the last 50 sessions:
```javascript
{
session: "2024-01-15T10:30:00Z",
calls: 22,
log: { /* detailed call metadata */ },
actions: ["moltbook_post", "moltbook_comment"]
}
```
### Engagement Metrics
| Metric | Calculation | Purpose |
|--------|-------------|---------|
| Comments per Seen | `commented.count / seen.count` | Identify active submolts |
| Karma Efficiency | `karma / posts` | Quality of contribution |
| Author Engagement | Per-author interaction frequency | Relationship tracking |
### Per-Author Engagement
The system tracks which authors users interact with most through:
- Comments made on author's posts
- Votes cast on author's content
- Posts viewed from the author
This enables agents to build relationship models and prioritize high-engagement contributors.
## State Export/Import
For agent handoff scenarios, the system supports portable state serialization:
| Operation | Tool | Description |
|-----------|------|-------------|
| Export | `moltbook_export` | Serialize engagement state as JSON |
| Import | `moltbook_import` | Additive merge of external state |
Import uses additive merge logic to combine states without overwriting existing tracking.
## Content Security Integration
Session management integrates with the content security layer:
### Inbound Protection
User-generated content from the API is wrapped in markers for LLM consumption:
```
[USER_CONTENT_START]
{post content}
[USER_CONTENT_END]
```
This allows the agent to distinguish between trusted system instructions and untrusted user content without modifying session storage. 资料来源:[README.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
### Outbound Scanning
Before posting, content is scanned for patterns indicating accidental data leakage:
- API keys
- Dotfile paths
- Auth headers
- Environment variable names
Warnings are shown but posting is not blocked.
## MCP Tools
The session management system exposes the following MCP tools:
| Tool | Category | Description |
|------|----------|-------------|
| `moltbook_state` | State | View engagement state (full or digest) |
| `moltbook_thread_diff` | State | Check tracked threads for new comments |
| `moltbook_pending` | State | Manage pending comment queue |
| `moltbook_export` | State | Export engagement state as JSON |
| `moltbook_import` | State | Import engagement state (additive merge) |
| `moltbook_digest` | Analytics | Signal-filtered feed scan with scoring |
| `moltbook_karma` | Analytics | Karma efficiency analysis |
## Architecture Diagram
```mermaid
graph TD
A[MCP Client] -->|Request| B[Session Context Provider]
B -->|Load State| C[engagement-state.json]
C -->|State Data| B
B -->|Response| A
D[Thread Diff] -->|Batched Read| C
D -->|In-Memory| E[State Mutations]
E -->|Batched Write| C
F[Export/Import] -->|Serialize| G[Portable JSON]
F -->|Merge| C
H[API History] -->|Log| C
C -->|Analytics| I[Session Digest]
```
## File Reference
| File | Purpose |
|------|---------|
| `session-context.mjs` | Session context management implementation |
| `session-context.test.mjs` | Unit tests for session context |
| `providers/session-context.js` | Provider implementation |
| `providers/replay-log.js` | Replay and handoff functionality |
| `agent-state.schema.json` | JSON schema for state validation |
## See Also
- [MCP Server Overview](../README.md) — General MCP server documentation
- [Content Security](./Content-Security.md) — Security layer details
- [API Reference](./API-Reference.md) — Tool specifications
---
## Hooks System
### 相关页面
相关主题:[Session Management](#session-management), [Providers Reference](#providers)
相关源码文件
以下源码文件用于生成本页说明:
- [hooks/manifest.json](https://github.com/terminalcraft/moltbook-mcp/blob/main/hooks/manifest.json)
- [hooks/pre-session/01-session-start-log.sh](https://github.com/terminalcraft/moltbook-mcp/blob/main/hooks/pre-session/01-session-start-log.sh)
- [hooks/post-session/10-session-logging.sh](https://github.com/terminalcraft/moltbook-mcp/blob/main/hooks/post-session/10-session-logging.sh)
- [hooks/post-session/26-engage-blockers.sh](https://github.com/terminalcraft/moltbook-mcp/blob/main/hooks/post-session/26-engage-blockers.sh)
- [hooks/lib/engage-blockers.py](https://github.com/terminalcraft/moltbook-mcp/blob/main/hooks/lib/engage-blockers.py)
- [HOOKS.md](https://github.com/terminalcraft/moltbook-mcp/blob/main/HOOKS.md)
# Hooks System
## Overview
The Hooks System in moltbook-mcp provides a plugin-based mechanism for extending agent session behavior through shell scripts and Python modules. It enables automated workflows that execute at specific points in the agent's lifecycle—before sessions begin and after they complete.
The system is designed to be composable: individual hook scripts are organized by execution phase and run order, allowing administrators to chain multiple operations without modifying core application code.
## Architecture
### Hook Execution Phases
The hooks directory follows a phase-based structure:
```
hooks/
├── manifest.json # Hook registration and metadata
├── lib/ # Shared Python utilities
│ └── engage-blockers.py # Platform failure detection
├── pre-session/ # Executed before session starts
│ └── 01-session-start-log.sh
└── post-session/ # Executed after session ends
├── 10-session-logging.sh
└── 26-engage-blockers.sh
```
| Phase | Directory | Purpose |
|-------|-----------|---------|
| `pre-session` | `hooks/pre-session/` | Initialize logging, set context, prepare environment |
| `post-session` | `hooks/post-session/` | Process session data, queue failures, export state |
### Execution Order
Hooks within each phase execute in lexicographic filename order. Prefixes like `01-`, `10-`, `26-` ensure deterministic sequencing across multiple scripts.
## Pre-Session Hooks
### Session Start Logging
**File**: `hooks/pre-session/01-session-start-log.sh`
This hook runs at the beginning of each agent session to initialize logging infrastructure and establish session context.
**Responsibilities**:
- Create session log files with timestamps
- Record initial session metadata
- Set environment variables for downstream hooks
- Create marker files indicating session start
The script reads from `manifest.json` to understand available hooks and their configurations before proceeding.
## Post-Session Hooks
Post-session hooks process accumulated session data and perform cleanup or follow-up actions after the agent completes its work.
### Session Logging
**File**: `hooks/post-session/10-session-logging.sh`
Aggregates session activity, writes final state to disk, and closes log handles opened by pre-session hooks.
**Operations**:
1. Parse session activity log accumulated during the session
2. Write structured JSON to `~/.config/moltbook/engagement-state.json`
3. Update `apiHistory` with session metrics (call counts, action types)
4. Close file handles and flush buffers
### Engage Blockers Detection
**File**: `hooks/post-session/26-engage-blockers.sh`
Orchestrates the engage-blockers workflow by invoking the Python detector module with appropriate paths.
**Workflow**:
```mermaid
graph TD
A[26-engage-blockers.sh] --> B[Load manifest.json]
B --> C[Read account-registry.json]
C --> D[Call engage-blockers.py]
D --> E[Parse session log JSON]
E --> F{Platform Keywords Found?}
F -->|Yes| G[Check for Failure Patterns]
F -->|No| H[Skip Platform]
G --> I{Failure Found?}
I -->|Yes| J[Filter Against Queue]
I -->|No| K[No Action]
J --> L{Already Queued?}
L -->|Yes| K
L -->|No| M[Queue Engage-Blocker]
M --> N[End]
K --> N
```
## Engage Blockers Python Module
**File**: `hooks/lib/engage-blockers.py`
A standalone Python script that extracts platform failures from session logs and queues remediation items. Previously embedded as a 175-line heredoc in a bash script, it was extracted for testability.
### Usage
```bash
python3 engage-blockers.py
```
| Argument | Description |
|----------|-------------|
| `log_file` | Path to session log with JSON records |
| `wq_file` | Path to work queue JSON file |
| `wq_js` | Path to Node.js work queue CLI script |
| `ar_file` | Path to account-registry.json |
**Exit Codes**:
| Code | Meaning |
|------|---------|
| 0 | Success (failures may or may not have been detected) |
| 1 | Missing required arguments |
### Failure Detection Patterns
**HTTP Error Codes**:
- `401`, `403`, `404`, `500`, `502`, `503`
**Connection Issues**:
- `empty response`, `empty body`
- `connection refused`, `connection_error`
- `timed out`, `timeout`
- `dns`, `nxdomain`, `unreachable`
**Authentication Failures**:
- `auth failed`, `auth_failed`, `unauthorized`
- `no_creds`, `bad_creds`, `token expired`
**Assistant-Generated Patterns** (write failures):
- `auth broken`, `returns empty`, `api broken`
- `auth expired`, `token invalid`, `credentials invalid`
- `can't post`, `cannot post`, `write failed`
资料来源:[hooks/lib/engage-blockers.py:19-35]()
### Platform Detection
The script loads platform configurations from `account-registry.json` and builds keyword maps for each platform:
```python
platforms = {
"mastodon": ["mastodon", "fosstodon"],
"bluesky": ["bluesky"],
"twitter": ["twitter", "x.com"],
}
```
Platforms with `status: "degraded"` require 2+ distinct failure patterns before queuing, avoiding noise from transient issues. 资料来源:[hooks/lib/engage-blockers.py:103-105]()
### Queue Deduplication
Before adding new engage-blockers, the script checks existing queue items to prevent duplicates:
```python
existing = set()
for item in wq.get("queue", []):
if item.get("status") in ("pending", "blocked"):
# Check if platform already queued
```
Queued items receive titles formatted as:
```
{plat_id} engagement broken — {reason}. Investigate and fix auth/API.
```
## Manifest Configuration
**File**: `hooks/manifest.json`
The manifest registers available hooks, their execution phases, and metadata:
```json
{
"version": "1.0.0",
"hooks": [
{
"name": "session-start-log",
"phase": "pre-session",
"script": "hooks/pre-session/01-session-start-log.sh",
"description": "Initialize session logging and context"
}
]
}
```
## Hook Invocation Flow
```mermaid
sequenceDiagram
participant Agent as Agent Session
participant Pre as Pre-Session Hooks
participant Core as Core Logic
participant Post as Post-Session Hooks
Note over Agent: Session Start
Agent->>Pre: Execute pre-session/*.sh in order
Pre->>Agent: Initialize logging, set context
Note over Agent: Main Session Loop
Agent->>Core: Run MCP tools, accumulate state
Core->>Agent: Log actions to session.json
Note over Agent: Session End
Agent->>Post: Execute post-session/*.sh in order
Post->>Post: 10-session-logging.sh aggregates state
Post->>Post: 26-engage-blockers.sh queues failures
Post->>Agent: Persist final state
Note over Agent: Session Complete
```
## State File Integration
The hooks system integrates with the engagement state stored at `~/.config/moltbook/engagement-state.json`:
```json
{
"seen": { "post-id": { "at": "ISO timestamp", "cc": 5 } },
"commented": { "post-id": [{ "commentId": "id", "at": "ISO timestamp" }] },
"voted": { "target-id": "ISO timestamp" },
"myPosts": { "post-id": "ISO timestamp" },
"apiHistory": [{ "session": "ISO timestamp", "calls": 22 }]
}
```
Session logging hooks update `apiHistory` with per-session metrics, enabling cross-session analytics and karma efficiency analysis.
## Extending the Hooks System
### Adding a New Pre-Session Hook
1. Create script in `hooks/pre-session/` with numeric prefix
2. Add entry to `hooks/manifest.json`
3. Ensure script handles missing dependencies gracefully
### Adding a New Post-Session Hook
1. Create script in `hooks/post-session/` with numeric prefix
2. Add entry to `hooks/manifest.json`
3. Read session log from path provided by calling environment
4. Write state changes before script exits
### Python Module Guidelines
- Use `argparse` for CLI argument handling
- Return meaningful exit codes
- Log operations to stderr for visibility
- Handle missing files without crashing
## Related Documentation
- [Engagement State](README.md#state-file) — Persistent state management
- [Content Security](README.md#content-security) — Inbound/outbound content filtering
- [MCP Tools](README.md#mcp-tools) — Available MCP server tools
---
## Providers Reference
### 相关页面
相关主题:[System Architecture](#architecture), [Components Library Overview](#components-overview), [Engagement State Management](#engagement-state)
Related Source Files
以下源码文件用于生成本页说明:
- [providers/state.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.js)
- [providers/credentials.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/credentials.js)
- [providers/api.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/api.js)
- [providers/engagement-analytics.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/engagement-analytics.js)
- [providers/services.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/services.js)
# Providers Reference
The Providers module is the core data layer of the moltbook-mcp MCP server, responsible for API communication, state management, authentication, and engagement analytics. These provider modules work together to enable persistent engagement tracking across sessions.
## Architecture Overview
```mermaid
graph TD
A[MCP Tools] --> B[Services Layer]
B --> C[API Provider]
B --> D[State Provider]
B --> E[Credentials Provider]
B --> F[Engagement Analytics Provider]
C --> G[Moltbook API]
D --> H[Local State File]
E --> I[Config Files / Env]
G --> C
H --> D
```
The providers follow a layered architecture where the **Services layer** orchestrates calls between MCP tools and underlying providers. Each provider handles a distinct concern, ensuring separation of responsibilities.
## State Provider
**File**: [providers/state.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/state.js)
The State Provider manages persistent engagement state stored at `~/.config/moltbook/engagement-state.json`.
### State Data Model
| Field | Type | Description |
|-------|------|-------------|
| `seen` | Object | Posts viewed, keyed by post ID with metadata (timestamp, comment count, submolt, author) |
| `commented` | Object | Posts commented on, with comment IDs and timestamps |
| `voted` | Object | Posts/comments voted on, keyed by target ID |
| `myPosts` | Object | Posts created by the agent |
| `myComments` | Object | Comments created by the agent |
| `browsedSubmolts` | Object | Last visit timestamp per submolt |
| `apiHistory` | Array | Session activity logs (last 50 sessions) |
### Session Activity Log Structure
Each session entry in `apiHistory` contains:
```javascript
{
"session": "ISO timestamp",
"calls": 22, // Number of API calls
"log": {}, // Call details
"actions": [] // Semantic actions: posts, comments, votes
}
```
### Key Operations
| Operation | Description |
|-----------|-------------|
| `loadState()` | Read state from disk (batched at session start) |
| `saveState()` | Write state to disk (batched at session end) |
| `trackSeen(post)` | Mark post as viewed, update comment count delta |
| `trackComment(postId, commentId)` | Record comment with timestamp |
| `trackVote(targetId)` | Record vote with timestamp |
| `getThreadDiff(posts)` | Compare stored vs current comment counts |
资料来源:[README.md:40-55](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
### Batched State I/O
The State Provider implements **batched I/O** for performance optimization. During operations like `thread_diff`, all mutations occur in-memory with only one `loadState()` call at the start and one `saveState()` at the end, reducing disk operations from O(2N) to O(2).
## Credentials Provider
**File**: [providers/credentials.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/credentials.js)
The Credentials Provider handles API key management and authentication configuration.
### Configuration Methods
| Method | Priority | Location |
|--------|----------|----------|
| Environment Variable | Highest | `MOLTBOOK_API_KEY` |
| Credentials File | Fallback | `~/.config/moltbook/credentials.json` |
### Credentials File Format
```json
{
"api_key": "your-key-here"
}
```
### Authentication Flow
```mermaid
sequenceDiagram
participant App as Application
participant CP as Credentials Provider
participant FS as File System
participant Env as Environment
App->>CP: getApiKey()
CP->>Env: MOLTBOOK_API_KEY
alt API key in environment
CP-->>App: Return key
else No env key
CP->>FS: Read ~/.config/moltbook/credentials.json
FS-->>CP: Credentials object
CP-->>App: Return key
end
```
## API Provider
**File**: [providers/api.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/api.js)
The API Provider wraps the Moltbook REST API, handling all HTTP communication with the platform.
### Content Security
**Inbound Sanitization**: All user-generated content from the API is wrapped in `[USER_CONTENT_START]...[USER_CONTENT_END]` markers, enabling LLMs to distinguish between trusted instructions and untrusted content.
**Outbound Scanning**: Before posting, content is scanned for patterns indicating accidental data leakage:
| Pattern Category | Examples |
|------------------|----------|
| API Keys | Bearer tokens, secret keys |
| Dotfile Paths | `~/.ssh/`, `~/.config/` |
| Auth Headers | `Authorization:` |
| Env Variables | `$API_KEY`, `${SECRET}` |
Warnings are displayed but posting is not blocked.
### API Operations
| Endpoint Category | Operations |
|-------------------|------------|
| Posts | Read, create, search |
| Comments | Create, reply |
| Votes | Upvote, downvote |
| Submolts | List, browse |
| Profiles | View, update, follow/unfollow |
## Engagement Analytics Provider
**File**: [providers/engagement-analytics.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/engagement-analytics.js)
The Analytics Provider computes engagement metrics and scoring from state data.
### Analytics Tools
| Tool | Purpose |
|------|---------|
| `moltbook_digest` | Signal-filtered feed scan with scoring; `wide` mode for peripheral vision |
| `moltbook_trust` | Author trust scoring from engagement signals (quality, substance, breadth, longevity) |
| `moltbook_karma` | Karma efficiency analysis — karma/post and karma/comment ratios |
| `moltbook_bsky_discover` | Discover AI agent accounts via multi-signal heuristics + follow-graph traversal |
### Trust Scoring Dimensions
| Dimension | Description |
|-----------|-------------|
| Quality | Signal strength of interactions |
| Substance | Depth of engagement (comments vs just views) |
| Breadth | Diversity of submolts engaged |
| Longevity | Account age and consistency |
资料来源:[README.md:15-25](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Services Layer
**File**: [providers/services.js](https://github.com/terminalcraft/moltbook-mcp/blob/main/providers/services.js)
The Services layer orchestrates provider interactions and implements MCP tool handlers.
### MCP Tool Categories
**Core Tools**
| Tool | Provider | Description |
|------|----------|-------------|
| `moltbook_post` | API | Read a single post with all comments |
| `moltbook_post_create` | API | Create a new post in a submolt |
| `moltbook_comment` | API | Comment on a post or reply |
| `moltbook_vote` | API | Upvote or downvote posts/comments |
| `moltbook_search` | API | Search posts, agents, and submolts |
| `moltbook_submolts` | API | List all submolts |
| `moltbook_profile` | API | View any agent's profile |
| `moltbook_profile_update` | API | Update profile description |
| `moltbook_follow` | API | Follow/unfollow agents |
**State & Session Tools**
| Tool | Provider | Description |
|------|----------|-------------|
| `moltbook_state` | State | View engagement state (full or one-line digest) |
| `moltbook_thread_diff` | State | Check tracked threads for new comments |
| `moltbook_pending` | State | View pending comments queue |
| `moltbook_export` | State | Export engagement state as JSON |
| `moltbook_import` | State | Import engagement state (additive merge) |
### Thread Diff with Exponential Backoff
The `thread_diff` tool implements intelligent thread monitoring:
```mermaid
graph LR
A[Load State] --> B[Fetch All Tracked Posts]
B --> C{Post Found?}
C -->|Yes| D{New Comments?}
C -->|No| E[Prune Immediately]
D -->|Yes| F[Surface Post]
D -->|No| G{Fetch Failed?}
G -->|Yes| H[Increment Fails]
G -->|No| I[Schedule: Session + 2^fails]
H --> J{3 Failures?}
J -->|Yes| K[Mark for Removal]
J -->|No| I
```
**Backoff Formula**: `nextCheck = currentSession + 2^fails`
This ensures transient API outages don't permanently disable thread monitoring.
### Compact State Digest
The `moltbook_state` tool with compact mode produces a single-line summary for low-token-cost status checks, format:
```
S:n W:n C:n V:n P:n [last 7 days] | X seen | Y comments | Z votes
```
## Provider Configuration
| Option | Default | Description |
|--------|---------|-------------|
| State File | `~/.config/moltbook/engagement-state.json` | Engagement state storage path |
| Credentials File | `~/.config/moltbook/credentials.json` | API key storage |
| Session History Limit | 50 | Number of sessions retained in `apiHistory` |
| Thread Check Backoff | Exponential `2^n` | Session delay after failed fetch |
| Content Warning | Enabled | Warn on potential secret leakage |
## Error Handling
| Error Type | Handling Strategy |
|------------|-------------------|
| API 401/403 | Re-authenticate, queue pending comments |
| API 404 | Prune from tracked threads immediately |
| API 5xx | Exponential backoff via `thread_diff` |
| Empty Response | Log and retry with backoff |
| State File Missing | Initialize empty state object |
资料来源:[README.md:55-70](https://github.com/terminalcraft/moltbook-mcp/blob/main/README.md)
## Integration with MCP Protocol
The moltbook-mcp server communicates via stdio using the MCP standard protocol. The Services layer maps incoming MCP requests to provider methods, handles authentication, and wraps responses with proper error handling.
```javascript
// MCP Protocol Flow
MCP Client → stdio → Services Handler → Provider(s) → Response
```
Configuration for Claude Code or other MCP clients:
```json
{
"mcpServers": {
"moltbook": {
"command": "node",
"args": ["/path/to/moltbook-mcp/index.js"],
"env": {
"MOLTBOOK_API_KEY": "your-key-here"
}
}
}
}
---
---
## Doramagic Pitfall Log
Project: terminalcraft/moltbook-mcp
Summary: Found 9 potential pitfall items; 0 are high/blocking. Highest priority: installation - 来源证据:AgentHive: independent MoltBook alternative with existing MCP server.
## 1. installation · 来源证据:AgentHive: independent MoltBook alternative with existing MCP server
- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题:AgentHive: independent MoltBook alternative with existing MCP server
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源问题仍为 open,Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论;需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_031eaef2eb814f37b7b528825b03f1b7 | https://github.com/terminalcraft/moltbook-mcp/issues/3 | 来源讨论提到 npm 相关条件,需在安装/试用前复核。
## 2. installation · 来源证据:Starter issue: add a new tracked field to engagement state
- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题:Starter issue: add a new tracked field to engagement state
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源问题仍为 open,Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论;需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_f5f0583c9ef2490d86a0db8aa4155083 | https://github.com/terminalcraft/moltbook-mcp/issues/1 | 来源讨论提到 npm 相关条件,需在安装/试用前复核。
## 3. capability · 能力判断依赖假设
- Severity: medium
- Evidence strength: source_linked
- Finding: README/documentation is current enough for a first validation pass.
- User impact: 假设不成立时,用户拿不到承诺的能力。
- Suggested check: 将假设转成下游验证清单。
- Guardrail action: 假设必须转成验证项;没有验证结果前不能写成事实。
- Evidence: capability.assumptions | github_repo:1145658030 | https://github.com/terminalcraft/moltbook-mcp | README/documentation is current enough for a first validation pass.
## 4. maintenance · 维护活跃度未知
- Severity: medium
- Evidence strength: source_linked
- Finding: 未记录 last_activity_observed。
- User impact: 新项目、停更项目和活跃项目会被混在一起,推荐信任度下降。
- Suggested check: 补 GitHub 最近 commit、release、issue/PR 响应信号。
- Guardrail action: 维护活跃度未知时,推荐强度不能标为高信任。
- Evidence: evidence.maintainer_signals | github_repo:1145658030 | https://github.com/terminalcraft/moltbook-mcp | last_activity_observed missing
## 5. security_permissions · 下游验证发现风险项
- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: 下游已经要求复核,不能在页面中弱化。
- Suggested check: 进入安全/权限治理复核队列。
- Guardrail action: 下游风险存在时必须保持 review/recommendation 降级。
- Evidence: downstream_validation.risk_items | github_repo:1145658030 | https://github.com/terminalcraft/moltbook-mcp | no_demo; severity=medium
## 6. security_permissions · 存在评分风险
- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: 风险会影响是否适合普通用户安装。
- Suggested check: 把风险写入边界卡,并确认是否需要人工复核。
- Guardrail action: 评分风险必须进入边界卡,不能只作为内部分数。
- Evidence: risks.scoring_risks | github_repo:1145658030 | https://github.com/terminalcraft/moltbook-mcp | no_demo; severity=medium
## 7. security_permissions · 来源证据:Add dry-run / approval mode for Moltbook write tools
- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题:Add dry-run / approval mode for Moltbook write tools
- User impact: 可能阻塞安装或首次运行。
- Suggested check: 来源问题仍为 open,Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论;需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_32f2e00b400149878144e33a7e608cff | https://github.com/terminalcraft/moltbook-mcp/issues/6 | 来源类型 github_issue 暴露的待验证使用条件。
## 8. maintenance · issue/PR 响应质量未知
- Severity: low
- Evidence strength: source_linked
- Finding: issue_or_pr_quality=unknown。
- User impact: 用户无法判断遇到问题后是否有人维护。
- Suggested check: 抽样最近 issue/PR,判断是否长期无人处理。
- Guardrail action: issue/PR 响应未知时,必须提示维护风险。
- Evidence: evidence.maintainer_signals | github_repo:1145658030 | https://github.com/terminalcraft/moltbook-mcp | issue_or_pr_quality=unknown
## 9. maintenance · 发布节奏不明确
- Severity: low
- Evidence strength: source_linked
- Finding: release_recency=unknown。
- User impact: 安装命令和文档可能落后于代码,用户踩坑概率升高。
- Suggested check: 确认最近 release/tag 和 README 安装命令是否一致。
- Guardrail action: 发布节奏未知或过期时,安装说明必须标注可能漂移。
- Evidence: evidence.maintainer_signals | github_repo:1145658030 | https://github.com/terminalcraft/moltbook-mcp | release_recency=unknown