# memtomem-stm - Doramagic AI Context Pack

> 定位：安装前体验与判断资产。它帮助宿主 AI 有一个好的开始，但不代表已经安装、执行或验证目标项目。

## 充分原则

- **充分原则，不是压缩原则**：AI Context Pack 应该充分到让宿主 AI 在开工前理解项目价值、能力边界、使用入口、风险和证据来源；它可以分层组织，但不以最短摘要为目标。
- **压缩策略**：只压缩噪声和重复内容，不压缩会影响判断和开工质量的上下文。

## 给宿主 AI 的使用方式

你正在读取 Doramagic 为 memtomem-stm 编译的 AI Context Pack。请把它当作开工前上下文：帮助用户理解适合谁、能做什么、如何开始、哪些必须安装后验证、风险在哪里。不要声称你已经安装、运行或执行了目标项目。

## Claim 消费规则

- **事实来源**：Repo Evidence + Claim/Evidence Graph；Human Wiki 只提供显著性、术语和叙事结构。
- **事实最低状态**：`supported`
- `supported`：可以作为项目事实使用，但回答中必须引用 claim_id 和证据路径。
- `weak`：只能作为低置信度线索，必须要求用户继续核实。
- `inferred`：只能用于风险提示或待确认问题，不能包装成项目事实。
- `unverified`：不得作为事实使用，应明确说证据不足。
- `contradicted`：必须展示冲突来源，不得替用户强行选择一个版本。

## 它最适合谁

- **正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**：README 或插件配置提到多个宿主 AI。 证据：`README.md` Claim：`clm_0002` supported 0.86

## 它能做什么

- **命令行启动或安装流程**（需要安装后验证）：项目文档中存在可执行命令，真实使用需要在本地或宿主环境中运行这些命令。 证据：`README.md` Claim：`clm_0001` supported 0.86

## 怎么开始

- `pip install memtomem-stm` 证据：`README.md` Claim：`clm_0003` supported 0.86
- `uv tool install memtomem-stm     # install mms / memtomem-stm as global CLI tools` 证据：`README.md` Claim：`clm_0004` supported 0.86
- `claude mcp add mms -s user -- mms` 证据：`README.md` Claim：`clm_0005` supported 0.86

## 继续前判断卡

- **当前建议**：先做权限沙盒试用
- **为什么**：项目存在安装命令、宿主配置或本地写入线索，不建议直接进入主力环境，应先在隔离环境试装。

### 30 秒判断

- **现在怎么做**：先做权限沙盒试用
- **最小安全下一步**：先跑 Prompt Preview；若仍要安装，只在隔离环境试装
- **先别相信**：工具权限边界不能在安装前相信。
- **继续会触碰**：命令执行、宿主 AI 配置、本地环境或项目文件

### 现在可以相信

- **适合人群线索：正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**（supported）：有 supported claim 或项目证据支撑，但仍不等于真实安装效果。 证据：`README.md` Claim：`clm_0002` supported 0.86
- **能力存在：命令行启动或安装流程**（supported）：可以相信项目包含这类能力线索；是否适合你的具体任务仍要试用或安装后验证。 证据：`README.md` Claim：`clm_0001` supported 0.86
- **存在 Quick Start / 安装命令线索**（supported）：可以相信项目文档出现过启动或安装入口；不要因此直接在主力环境运行。 证据：`README.md` Claim：`clm_0003` supported 0.86

### 现在还不能相信

- **工具权限边界不能在安装前相信。**（unverified）：MCP/tool 类项目通常会触碰文件、网络、浏览器或外部 API，必须真实检查权限和日志。
- **真实输出质量不能在安装前相信。**（unverified）：Prompt Preview 只能展示引导方式，不能证明真实项目中的结果质量。
- **宿主 AI 版本兼容性不能在安装前相信。**（unverified）：Claude、Cursor、Codex、Gemini 等宿主加载规则和版本差异必须在真实环境验证。
- **不会污染现有宿主 AI 行为，不能直接相信。**（inferred）：Skill、plugin、AGENTS/CLAUDE/GEMINI 指令可能改变宿主 AI 的默认行为。 证据：`CLAUDE.md`
- **可安全回滚不能默认相信。**（unverified）：除非项目明确提供卸载和恢复说明，否则必须先在隔离环境验证。
- **真实安装后是否与用户当前宿主 AI 版本兼容？**（unverified）：兼容性只能通过实际宿主环境验证。
- **项目输出质量是否满足用户具体任务？**（unverified）：安装前预览只能展示流程和边界，不能替代真实评测。
- **安装命令是否需要网络、权限或全局写入？**（unverified）：这影响企业环境和个人环境的安装风险。 证据：`README.md`

### 继续会触碰什么

- **命令执行**：包管理器、网络下载、本地插件目录、项目配置或用户主目录。 原因：运行第一条命令就可能产生环境改动；必须先判断是否值得跑。 证据：`README.md`
- **宿主 AI 配置**：Claude/Codex/Cursor/Gemini/OpenCode 等宿主的 plugin、Skill 或规则加载配置。 原因：宿主配置会改变 AI 后续工作方式，可能和用户已有规则冲突。 证据：`CLAUDE.md`
- **本地环境或项目文件**：安装结果、插件缓存、项目配置或本地依赖目录。 原因：安装前无法证明写入范围和回滚方式，需要隔离验证。 证据：`README.md`
- **宿主 AI 上下文**：AI Context Pack、Prompt Preview、Skill 路由、风险规则和项目事实。 原因：导入上下文会影响宿主 AI 后续判断，必须避免把未验证项包装成事实。

### 最小安全下一步

- **先跑 Prompt Preview**：用安装前交互式试用判断工作方式是否匹配，不需要授权或改环境。（适用：任何项目都适用，尤其是输出质量未知时。）
- **只在隔离目录或测试账号试装**：避免安装命令污染主力宿主 AI、真实项目或用户主目录。（适用：存在命令执行、插件配置或本地写入线索时。）
- **先备份宿主 AI 配置**：Skill、plugin、规则文件可能改变 Claude/Cursor/Codex 的默认行为。（适用：存在插件 manifest、Skill 或宿主规则入口时。）
- **安装后只验证一个最小任务**：先验证加载、兼容、输出质量和回滚，再决定是否深用。（适用：准备从试用进入真实工作流时。）

### 退出方式

- **保留安装前状态**：记录原始宿主配置和项目状态，后续才能判断是否可恢复。
- **准备移除宿主 plugin / Skill / 规则入口**：如果试装后行为异常，可以把宿主 AI 恢复到试装前状态。
- **记录安装命令和写入路径**：没有明确卸载说明时，至少要知道哪些目录或配置需要手动清理。
- **如果没有回滚路径，不进入主力环境**：不可回滚是继续前阻断项，不应靠信任或运气继续。

## 哪些只能预览

- 解释项目适合谁和能做什么
- 基于项目文档演示典型对话流程
- 帮助用户判断是否值得安装或继续研究

## 哪些必须安装后验证

- 真实安装 Skill、插件或 CLI
- 执行脚本、修改本地文件或访问外部服务
- 验证真实输出质量、性能和兼容性

## 边界与风险判断卡

- **把安装前预览误认为真实运行**：用户可能高估项目已经完成的配置、权限和兼容性验证。 处理方式：明确区分 prompt_preview_can_do 与 runtime_required。 Claim：`clm_0006` inferred 0.45
- **命令执行会修改本地环境**：安装命令可能写入用户主目录、宿主插件目录或项目配置。 处理方式：先在隔离环境或测试账号中运行。 证据：`README.md` Claim：`clm_0007` supported 0.86
- **待确认**：真实安装后是否与用户当前宿主 AI 版本兼容？。原因：兼容性只能通过实际宿主环境验证。
- **待确认**：项目输出质量是否满足用户具体任务？。原因：安装前预览只能展示流程和边界，不能替代真实评测。
- **待确认**：安装命令是否需要网络、权限或全局写入？。原因：这影响企业环境和个人环境的安装风险。

## 开工前工作上下文

### 加载顺序

- 先读取 how_to_use.host_ai_instruction，建立安装前判断资产的边界。
- 读取 claim_graph_summary，确认事实来自 Claim/Evidence Graph，而不是 Human Wiki 叙事。
- 再读取 intended_users、capabilities 和 quick_start_candidates，判断用户是否匹配。
- 需要执行具体任务时，优先查 role_skill_index，再查 evidence_index。
- 遇到真实安装、文件修改、网络访问、性能或兼容性问题时，转入 risk_card 和 boundaries.runtime_required。

### 任务路由

- **命令行启动或安装流程**：先说明这是安装后验证能力，再给出安装前检查清单。 边界：必须真实安装或运行后验证。 证据：`README.md` Claim：`clm_0001` supported 0.86

### 上下文规模

- 文件总数：102
- 重要文件覆盖：40/102
- 证据索引条目：45
- 角色 / Skill 条目：13

### 证据不足时的处理

- **missing_evidence**：说明证据不足，要求用户提供目标文件、README 段落或安装后验证记录；不要补全事实。
- **out_of_scope_request**：说明该任务超出当前 AI Context Pack 证据范围，并建议用户先查看 Human Manual 或真实安装后验证。
- **runtime_request**：给出安装前检查清单和命令来源，但不要替用户执行命令或声称已执行。
- **source_conflict**：同时展示冲突来源，标记为待核实，不要强行选择一个版本。

## Prompt Recipes

### 适配判断

- 目标：判断这个项目是否适合用户当前任务。
- 预期输出：适配结论、关键理由、证据引用、安装前可预览内容、必须安装后验证内容、下一步建议。

```text
请基于 memtomem-stm 的 AI Context Pack，先问我 3 个必要问题，然后判断它是否适合我的任务。回答必须包含：适合谁、能做什么、不能做什么、是否值得安装、证据来自哪里。所有项目事实必须引用 evidence_refs、source_paths 或 claim_id。
```

### 安装前体验

- 目标：让用户在安装前感受核心工作流，同时避免把预览包装成真实能力或营销承诺。
- 预期输出：一段带边界标签的体验剧本、安装后验证清单和谨慎建议；不含真实运行承诺或强营销表述。

```text
请把 memtomem-stm 当作安装前体验资产，而不是已安装工具或真实运行环境。

请严格输出四段：
1. 先问我 3 个必要问题。
2. 给出一段“体验剧本”：用 [安装前可预览]、[必须安装后验证]、[证据不足] 三种标签展示它可能如何引导工作流。
3. 给出安装后验证清单：列出哪些能力只有真实安装、真实宿主加载、真实项目运行后才能确认。
4. 给出谨慎建议：只能说“值得继续研究/试装”“先补充信息后再判断”或“不建议继续”，不得替项目背书。

硬性边界：
- 不要声称已经安装、运行、执行测试、修改文件或产生真实结果。
- 不要写“自动适配”“确保通过”“完美适配”“强烈建议安装”等承诺性表达。
- 如果描述安装后的工作方式，必须使用“如果安装成功且宿主正确加载 Skill，它可能会……”这种条件句。
- 体验剧本只能写成“示例台词/假设流程”：使用“可能会询问/可能会建议/可能会展示”，不要写“已写入、已生成、已通过、正在运行、正在生成”。
- Prompt Preview 不负责给安装命令；如用户准备试装，只能提示先阅读 Quick Start 和 Risk Card，并在隔离环境验证。
- 所有项目事实必须来自 supported claim、evidence_refs 或 source_paths；inferred/unverified 只能作风险或待确认项。

```

### 角色 / Skill 选择

- 目标：从项目里的角色或 Skill 中挑选最匹配的资产。
- 预期输出：候选角色或 Skill 列表，每项包含适用场景、证据路径、风险边界和是否需要安装后验证。

```text
请读取 role_skill_index，根据我的目标任务推荐 3-5 个最相关的角色或 Skill。每个推荐都要说明适用场景、可能输出、风险边界和 evidence_refs。
```

### 风险预检

- 目标：安装或引入前识别环境、权限、规则冲突和质量风险。
- 预期输出：环境、权限、依赖、许可、宿主冲突、质量风险和未知项的检查清单。

```text
请基于 risk_card、boundaries 和 quick_start_candidates，给我一份安装前风险预检清单。不要替我执行命令，只说明我应该检查什么、为什么检查、失败会有什么影响。
```

### 宿主 AI 开工指令

- 目标：把项目上下文转成一次对话开始前的宿主 AI 指令。
- 预期输出：一段边界明确、证据引用明确、适合复制给宿主 AI 的开工前指令。

```text
请基于 memtomem-stm 的 AI Context Pack，生成一段我可以粘贴给宿主 AI 的开工前指令。这段指令必须遵守 not_runtime=true，不能声称项目已经安装、运行或产生真实结果。
```

## 角色 / Skill 索引

- 共索引 13 个角色 / Skill / 项目文档条目。

- **memtomem-stm**（project_doc）：Official website & docs: https://memtomem.com https://memtomem.com 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`README.md`
- **Tutorial notebooks**（project_doc）：한국어 사용자 분들께 : 노트북은 유지보수 편의와 GitHub 인덱싱을 위해 영어로 작성되어 있지만, 코드 셀은 그대로 실행하시면 됩니다. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`notebooks/README.md`
- **Claude Code notes — memtomem-stm**（project_doc）：Short-term memory MCP proxy. For what it does see README.md ; for setup and project layout see CONTRIBUTING.md ; for architecture see docs/ . This file only captures the few things Claude Code needs in context that aren't obvious from those docs. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CLAUDE.md`
- **Contributing to memtomem-stm**（project_doc）：Thank you for your interest in contributing to memtomem-stm! 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CONTRIBUTING.md`
- **Changelog**（project_doc）：All notable changes will be documented in this file. Format: Keep a Changelog https://keepachangelog.com/en/1.1.0/ 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CHANGELOG.md`
- **Response Caching & Auto-Indexing**（project_doc）：Proxied tool responses are cached in SQLite to avoid repeated upstream calls: 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/caching.md`
- **CLI Reference**（project_doc）：memtomem-stm ships three console scripts: 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/cli.md`
- **Compression Strategies**（project_doc）：memtomem-stm has 10 compression strategies. The CLI's --compression flag exposes 5 of them auto , none , truncate , selective , hybrid ; the remaining five are selected via the config file. The default is auto , which lets auto select strategy pick per response. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/compression.md`
- **Configuration Reference**（project_doc）：memtomem-stm reads configuration from two sources, in order of precedence: 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/configuration.md`
- **Selection Telemetry**（project_doc）：Append-only JSONL log of tool selection and execution outcomes 467 . The proxy sits in the call path, so it can record what an advisory analyzer never sees: which tool the client model actually called, out of which advertised candidate set, and how the call went. This log is the substrate for offline replay/eval 468 and later learning stages 469/ 470 , and the landing zone for the STM-native hard filter's reject rea… 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/selection-telemetry.md`
- **Proactive Memory Surfacing**（project_doc）：When your agent calls a proxied tool, STM automatically: 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/surfacing.md`
- **memtomem Individual Contributor License Agreement**（project_doc）：memtomem Individual Contributor License Agreement 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CLA.md`
- **Security Policy**（project_doc）：Please report security issues via GitHub private vulnerability advisory https://github.com/memtomem/memtomem-stm/security/advisories/new . Do NOT open public issues for vulnerabilities. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`SECURITY.md`

## 证据索引

- 共索引 45 条证据。

- **memtomem-stm**（documentation）：Official website & docs: https://memtomem.com https://memtomem.com 证据：`README.md`
- **Tutorial notebooks**（documentation）：한국어 사용자 분들께 : 노트북은 유지보수 편의와 GitHub 인덱싱을 위해 영어로 작성되어 있지만, 코드 셀은 그대로 실행하시면 됩니다. 证据：`notebooks/README.md`
- **Claude Code notes — memtomem-stm**（documentation）：Short-term memory MCP proxy. For what it does see README.md ; for setup and project layout see CONTRIBUTING.md ; for architecture see docs/ . This file only captures the few things Claude Code needs in context that aren't obvious from those docs. 证据：`CLAUDE.md`
- **Contributing to memtomem-stm**（documentation）：Thank you for your interest in contributing to memtomem-stm! 证据：`CONTRIBUTING.md`
- **License**（source_file）：Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ 证据：`LICENSE`
- **Changelog**（documentation）：All notable changes will be documented in this file. Format: Keep a Changelog https://keepachangelog.com/en/1.1.0/ 证据：`CHANGELOG.md`
- **Response Caching & Auto-Indexing**（documentation）：Proxied tool responses are cached in SQLite to avoid repeated upstream calls: 证据：`docs/caching.md`
- **CLI Reference**（documentation）：memtomem-stm ships three console scripts: 证据：`docs/cli.md`
- **Compression Strategies**（documentation）：memtomem-stm has 10 compression strategies. The CLI's --compression flag exposes 5 of them auto , none , truncate , selective , hybrid ; the remaining five are selected via the config file. The default is auto , which lets auto select strategy pick per response. 证据：`docs/compression.md`
- **Configuration Reference**（documentation）：memtomem-stm reads configuration from two sources, in order of precedence: 证据：`docs/configuration.md`
- **Selection Telemetry**（documentation）：Append-only JSONL log of tool selection and execution outcomes 467 . The proxy sits in the call path, so it can record what an advisory analyzer never sees: which tool the client model actually called, out of which advertised candidate set, and how the call went. This log is the substrate for offline replay/eval 468 and later learning stages 469/ 470 , and the landing zone for the STM-native hard filter's reject reasons 465 — replay sees the tools that were withheld from the advertisement, not just the ones in it. 证据：`docs/selection-telemetry.md`
- **Proactive Memory Surfacing**（documentation）：When your agent calls a proxied tool, STM automatically: 证据：`docs/surfacing.md`
- **All three entry points resolve to the same Click group. The group's**（source_file）：project name = "memtomem-stm" version = "0.1.31" description = "Short-term memory proxy gateway with proactive memory surfacing for AI agents" authors = {name = "DAPADA Inc.", email = "contact@dapada.co.kr"}, {name = "memtomem contributors"}, license = {text = "Apache-2.0"} keywords = "memory", "ai", "mcp", "proxy", "gateway", "agent", "caching", "compression" classifiers = "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python :: 3.12", "Topic :: Scientific/Engineering :: Artificial Intelligence", "Topic :: Software Development :: Libraries :: Python Modules", readme = "README.md" requires-… 证据：`pyproject.toml`
- **Init**（source_file）：version = "0.1.31" 证据：`src/memtomem_stm/__init__.py`
- **request spawn launches a detached child iff our config's lock is free;**（source_file）：def color on - bool ⋮---- def ok s: str - str ⋮---- def warn s: str - str ⋮---- def load config - STMConfig ⋮---- def as int value: Any, default: int = -1 - int ⋮---- def as float value: Any, default: float - float ⋮---- def live foreign daemons config: STMConfig - list dict str, Any ⋮---- current = config fingerprint config live: list dict str, Any = ⋮---- pid = as int hs.get "pid", -1 host = hs.get "host" port = hs.get "port" ⋮---- def configure logging config: STMConfig, , detached: bool - None ⋮---- level = getattr logging, config.log level, logging.WARNING handler: logging.Handler ⋮---- logpath = config.data dir / "stm-daemon.log" .expanduser ⋮---- handler = logging.FileHandler logpath… 证据：`src/memtomem_stm/cli/daemon_cmd.py`
- **Env values may differ even when keys match e.g. token rotation .**（source_file）：NO REGISTRY MSG = "No registered MCP entries. Run mms import --apply to import host configs.\n" ⋮---- FOOTER REMOVED AT HOST TEMPLATE = "{n} entr{ies or y} in registry not present in any host scan" ⋮---- FOOTER NO BASELINE TEMPLATE = ⋮---- SCAN HOST CHOICES = click.Choice ALL HOSTS, "all" , case sensitive=False ⋮---- SYNC NO OP MSG = "Already synchronized. No changes." ⋮---- SYNC CHANGED FOOTER TEMPLATE = ⋮---- SYNC CROSS HOST FOOTER TEMPLATE = ⋮---- SYNC ORPHAN NO BASELINE FOOTER TEMPLATE = ⋮---- SYNC REMOVE PROMPT HEADER TEMPLATE = ⋮---- SYNC RESTAMP PROMPT HEADER TEMPLATE = ⋮---- SYNC REMOVE PROMPT TAIL TEMPLATE = ⋮---- SYNC NON TTY ABORT TEMPLATE = ⋮---- SYNC DECLINE MSG = "Aborted. No… 证据：`src/memtomem_stm/cli/mms_host.py`
- **Cross-imported by mms host.sync cmd along with format env summary**（source_file）：VALID FROM VALUES = ALL HOSTS, "all" ⋮---- parts = ⋮---- tag = " secret " if env classification key .is secret else "" ⋮---- redacted = redact for plan server.env, env classification ⋮---- cls = env classification key tag = f" ← secret {cls.reason} " if cls.is secret else " non-secret " ⋮---- Cross-imported by mms host.sync cmd along with format env summary above . Two helpers already share the cross-import; the promotion trigger is now "next cross-imported helper joins" rather than "3rd caller of this function" — at that point both should land in ⋮---- seen in batch: dict str, ImportCandidate = {} new: list ImportCandidate = conflicts: list tuple ImportCandidate, str = idempotent: list Imp… 证据：`src/memtomem_stm/cli/mms_import.py`
- **--project NAME path**（source_file）：REGISTRY EMPTY MSG = ⋮---- def show no marker no git text cwd: Path - str ⋮---- def show git no marker text root: Path - str ⋮---- @click.group name="project" def project group - None ⋮---- def project payload p: Project - dict ⋮---- payload = { ⋮---- def resolve project for mutation project name: str None - Project ⋮---- p = detect project Path.cwd ⋮---- --project NAME path idx = state.load projects index matches = entry for entry in idx.projects if entry.name == project name ⋮---- entry = matches 0 marker = Path entry.path / state.PROJECT MARKER RELPATH ⋮---- cfg = state.load project config marker ⋮---- def refresh index name: str, root: Path - None ⋮---- """Upsert name, root into the pro… 证据：`src/memtomem_stm/cli/mms_project.py`
- **Structural guard: the rest of the CLI assumes top-level dict with a dict**（source_file）：PREFIX RE = re.compile r"^ a-zA-Z a-zA-Z0-9 $" ⋮---- DEFAULT CONFIG = Path "~/.memtomem/stm proxy.json" logger = logging.getLogger name ⋮---- def color on - bool ⋮---- def err s: str - str ⋮---- def warn s: str - str ⋮---- def ok s: str - str ⋮---- def bad s: str - str ⋮---- def hdr s: str - str ⋮---- def split args args str: str - list str ⋮---- lex = shlex.shlex args str, posix=True ⋮---- def load config path: Path - dict str, Any ⋮---- resolved = config path.expanduser .resolve ⋮---- data = json.loads resolved.read text encoding="utf-8" ⋮---- Structural guard: the rest of the CLI assumes top-level dict with a dict upstream servers . Without this, a valid-but-wrong-shape JSON e.g. a list… 证据：`src/memtomem_stm/cli/proxy.py`
- **Config**（source_file）：class LangfuseConfig BaseModel ⋮---- enabled: bool = False public key: str = "" secret key: str = "" host: str = "" sampling rate: float = Field default=1.0, ge=0.0, le=1.0 """Fraction of proxy calls to trace 0.0–1.0 . Default 1.0 = all.""" ⋮---- @model validator mode="after" def require keys when enabled self - "LangfuseConfig" ⋮---- @model validator mode="after" def require langfuse package when enabled self - "LangfuseConfig" ⋮---- class HookCompressionConfig BaseModel ⋮---- max chars: int = Field default=16000, gt=0 ⋮---- class HookConfig BaseModel ⋮---- use daemon: bool = True ⋮---- daemon timeout seconds: float = Field default=2.5, gt=0.0 ⋮---- fallback: Literal "skip", "cold" = "skip… 证据：`src/memtomem_stm/config.py`
- **Server**（source_file）：logger = logging.getLogger name ⋮---- READ TIMEOUT SECONDS = 30.0 ⋮---- WRITE TIMEOUT SECONDS = 30.0 ⋮---- async def quiet coro: Any, what: str - None ⋮---- def direct child pids - set int ⋮---- out = subprocess.run ⋮---- LEAK KILL ESCALATE SECONDS = 2.0 ⋮---- def signal pid pid: int, sig: int - None ⋮---- pgid = os.getpgid pid ⋮---- async def terminate leaked children pids: set int - None ⋮---- deadline = asyncio.get running loop .time + LEAK KILL ESCALATE SECONDS remaining = {pid for pid in pids if discovery.is pid alive pid } ⋮---- remaining = {pid for pid in remaining if discovery.is pid alive pid } ⋮---- class DaemonServer ⋮---- LOCK ACQUIRE RETRY SECONDS = 1.5 LOCK ACQUIRE POLL SECOND… 证据：`src/memtomem_stm/daemon/server.py`
- **Prompt injection heuristic patterns — common LLM manipulation attempts**（source_file）：CODE FENCE RE = re.compile r" ^ \n + " SCRIPT STYLE RE = re.compile r" \s\S ? ", re.I HTML TAG RE = re.compile r" ?\s /? " CLOSE TAG RE = re.compile r" " MULTI NEWLINE RE = re.compile r"\n{3,}" LINK LINE RE = re.compile r"^\s - \s \ . ?\ \ https?://\S+\ " BARE URL LINE RE = re.compile r"^\s - ?\s https?://\S+\s $" GENERIC RE = re.compile r" A-Z \w{0,60} + " ⋮---- Prompt injection heuristic patterns — common LLM manipulation attempts INJECTION PATTERNS = ⋮---- logger = logging.getLogger name ⋮---- class ContentCleaner Protocol ⋮---- def clean self, text: str - str: ... ⋮---- class DefaultContentCleaner ⋮---- def init self, config: object None = None - None ⋮---- Accept a CleaningConfig or an… 证据：`src/memtomem_stm/proxy/cleaning.py`
- **A tuple with no non-finite float still round-trips through json as an**（source_file）：httpx = None ⋮---- logger = logging.getLogger name ⋮---- QueryRelevanceScorer = BM25Scorer ⋮---- A tuple with no non-finite float still round-trips through json as an array; return it unchanged to preserve the no-copy fast path. ⋮---- Patterns for code structure boundaries function/class/method definitions ⋮---- SQL top-level statement boundaries non-indented only ⋮---- Comment-section boundaries -- Section Header ⋮---- Try JSON key-aware truncation — only for config-like dicts all values are dicts ⋮---- Try section-aware truncation for markdown with headings ⋮---- Try code-structure-aware truncation function/class/SQL boundaries ⋮---- Try SQL/comment-section boundaries ⋮---- Repetitive con… 证据：`src/memtomem_stm/proxy/compression.py`
- **Timeout for a single LLM compression call. A slow or hung LLM endpoint**（source_file）：logger = logging.getLogger name ⋮---- PROXY ENV PREFIX = "MEMTOMEM STM PROXY " ⋮---- def collect proxy env overrides environ: dict str, str None = None - dict str, Any ⋮---- env = environ if environ is not None else dict os.environ overrides: dict str, Any = {} ⋮---- path = p.lower for p in key len PROXY ENV PREFIX : .split " " if p ⋮---- cursor = overrides ⋮---- existing = cursor.get part ⋮---- existing = {} ⋮---- cursor = existing ⋮---- def deep merge base: dict str, Any , overrides: dict str, Any - dict str, Any ⋮---- out = dict base ⋮---- existing = out.get k ⋮---- implicated: set str = set ⋮---- def add leaves path: list str , subtree: dict str, Any - None ⋮---- stack: list tuple list… 证据：`src/memtomem_stm/proxy/config.py`
- **Identifier shapes — kept conservative to limit noise.**（source_file）：httpx = None ⋮---- logger = logging.getLogger name ⋮---- JSON ARRAY RE = re.compile r"\ \s\S ?\ " ⋮---- @dataclass frozen=True, slots=True class ExtractedFact ⋮---- """A single atomic fact extracted from a tool response.""" ⋮---- content: str category: str confidence: float tags: list str = field default factory=list ⋮---- def parse facts json raw: str, , max facts: int - list ExtractedFact ⋮---- """Parse LLM output into ExtractedFact list. Tolerant of markdown wrapping.""" ⋮---- data = json.loads candidate ⋮---- facts = ⋮---- URL RE = re.compile r"https?:// ^\s< \"' +", re.IGNORECASE ⋮---- ISO DATE RE = re.compile r"\b\d{4}-\d{2}-\d{2}\b" ⋮---- DECISION RE = re.compile ⋮---- ACTION RE = re… 证据：`src/memtomem_stm/proxy/extraction.py`
- **Reset the cached snapshot first: start is a supported re-entry path**（source_file）：NO RETRY CODES = {-32600, -32601, -32602, -32603} ⋮---- logger = logging.getLogger name ⋮---- TOOLGRAPH UNREACHABLE ERRORS: tuple type BaseException , ... = ⋮---- class ToolgraphStartupError RuntimeError ⋮---- @dataclass frozen=True, slots=True class ProxyToolInfo ⋮---- prefixed name: str description: str input schema: dict str, Any server: str original name: str annotations: Any = None ⋮---- @dataclass frozen=True, slots=True class ToolConfig ⋮---- compression: CompressionStrategy max chars: int llm: LLMCompressorConfig None auto index enabled: bool selective: SelectiveConfig None cleaning: CleaningConfig hybrid: HybridConfig None extraction enabled: bool = False progressive: ProgressiveCo… 证据：`src/memtomem_stm/proxy/manager.py`
- **Pipeline Stages**（source_file）：@dataclass frozen=True, slots=True class ShapePassthrough ⋮---- has non text: bool ⋮---- @dataclass frozen=True, slots=True class ShapedResponse ⋮---- original text: str non text content: list Any passthrough: ShapePassthrough None = None ⋮---- @dataclass frozen=True, slots=True class CompressionResult ⋮---- compressed: str surfaced: str compressed chars for metrics: int metrics strategy: str ratio violation: bool effective compression: CompressionStrategy progressive passthrough on error: bool surfacing on progressive ok: bool None surface error: str None compress ms: float surface ms: float ⋮---- selective store error: bool ⋮---- @dataclass frozen=True, slots=True class IndexResult ⋮----… 证据：`src/memtomem_stm/proxy/pipeline_stages.py`
- **Protocols**（source_file）：@dataclass class IndexResult ⋮---- indexed chunks: int = 0 ⋮---- class FileIndexer Protocol 证据：`src/memtomem_stm/proxy/protocols.py`
- **Pre-compute per-section TF heading-weighted**（source_file）：logger = logging.getLogger name ⋮---- class RelevanceScorer Protocol ⋮---- def score sections self, query: str, sections: list tuple str, str - list float : ... ⋮---- class BM25Scorer ⋮---- TOKEN RE = re.compile SUFFIX RE = re.compile r" ing ed ly tion ness ment ies es s $" HEADING WEIGHT = 3.0 ⋮---- def init self, , k1: float = 1.5, b: float = 0.75 - None ⋮---- def score sections self, query: str, sections: list tuple str, str - list float ⋮---- query terms = self. tokenize query ⋮---- Pre-compute per-section TF heading-weighted doc tfs: list dict str, float = doc lens: list float = ⋮---- heading tokens = self. tokenize title body tokens = self. tokenize body tf: dict str, float = {} ⋮----… 证据：`src/memtomem_stm/proxy/relevance.py`
- **Tool Relevance**（source_file）：RANKER VERSION BM25 = "v1-bm25-tool-relevance" ⋮---- RANKER VERSION BM25 RISK = "v2-bm25-risk-penalty" ⋮---- RANKER VERSION BM25 GRAPH RISK = "v3-bm25-graph-risk-penalty" ⋮---- PENALTY SOURCE NONE = "none" PENALTY SOURCE REVIEW = "review" PENALTY SOURCE GRAPH = "graph" PENALTY SOURCE BOTH = "review+graph" ⋮---- MAX SCHEMA CHARS = 2000 ⋮---- MAX QUERY CHARS = 512 ⋮---- def compose risk penalty native: float, graph: float - float ⋮---- def penalty source native: float, graph: float - str ⋮---- def derive query arguments: dict str, Any None - tuple str, str None ⋮---- ctx = arguments.get " context query" ⋮---- parts = ⋮---- def candidate document info: ProxyToolInfo - tuple str, str ⋮---- sche… 证据：`src/memtomem_stm/proxy/tool_relevance.py`
- **Shared state — populated only when proxy is enabled**（source_file）：logger = logging.getLogger name ⋮---- HASHED QUERY PREVIEW RE = re.compile r"sha256: 0-9a-f {16}" """Exact shape of the opaque ID FeedbackStore.get stats passes through verbatim for rows persisted under persist query text=False 352 part 3 . Used by stm surfacing stats to decide whether to emit the hash-legend line. A raw query starting with sha256: e.g. a user-typed checksum search would be 80-char-clipped by the store but still carry the literal prefix; matching the full 23-char digest shape keeps the legend from misfiring on those rows.""" ⋮---- FLAT SCORE WARNING MIN SAMPLES = 10 """Minimum recorded scores before stm surfacing stats warns about a zero-variance score distribution 560 step… 证据：`src/memtomem_stm/server.py`
- **348: default flipped from "prepend" to "append" so the**（source_file）：class ToolSurfacingConfig BaseModel ⋮---- enabled: bool = True query template: str = "" namespace: str None = None min score: float None = Field default=None, ge=0.0, le=1.0 """Per-tool override. Takes precedence over the auto-tuner when set, even if auto tune enabled=True .""" max results: int None = Field default=None, gt=0 ⋮---- class SurfacingConfig BaseModel ⋮---- """Proactive memory surfacing configuration. LTM access is always remote-only via the MCP protocol. The surfacing engine spawns or connects to a memtomem MCP server using the ltm mcp command / ltm mcp args settings below. """ ⋮---- feedback db path: Path = Path "~/.memtomem/stm feedback.db" ⋮---- ltm mcp transport: Literal "s… 证据：`src/memtomem_stm/surfacing/config.py`
- **Explicit exclusions**（source_file）：MAX RECENT QUERIES = 50 MAX SURFACING TIMESTAMPS = 200 RATE LIMIT WINDOW SECONDS = 60.0 SIMILARITY THRESHOLD = 0.95 ⋮---- class RelevanceGate ⋮---- full name = f"{server} {tool}" ⋮---- Explicit exclusions ⋮---- tool cfg = self. config.context tools.get tool ⋮---- now = time.monotonic ⋮---- def record surfacing self, query: str - None ⋮---- @staticmethod def jaccard similarity a: str, b: str - float ⋮---- tokens a = set a.lower .split tokens b = set b.lower .split ⋮---- intersection = tokens a & tokens b union = tokens a tokens b 证据：`src/memtomem_stm/surfacing/relevance.py`
- **Anyio Shutdown**（source_file）：CANCEL SCOPE SHUTDOWN MESSAGES = ⋮---- def is anyio cancel scope shutdown error exc: RuntimeError - bool ⋮---- message = str exc ⋮---- def is clean cancel scope shutdown exc: BaseException - bool 证据：`src/memtomem_stm/utils/anyio_shutdown.py`
- **Circuit Breaker**（source_file）：logger = logging.getLogger name ⋮---- class CircuitBreaker ⋮---- def effective state self - str ⋮---- @property def is open self - bool ⋮---- @property def state self - str ⋮---- @property def failure count self - int ⋮---- @property def opened at self - float None ⋮---- @property def time until reset self - float None ⋮---- remaining = self. reset timeout - time.monotonic - self. opened at ⋮---- def record success self - None ⋮---- def record failure self - None ⋮---- eff = self. effective state ⋮---- success = record success failure = record failure 证据：`src/memtomem_stm/utils/circuit_breaker.py`
- **Fileio**（source_file）：WIN REPLACE ATTEMPTS = 10 WIN REPLACE BACKOFF S = 0.005 ⋮---- resolved = path.expanduser .resolve ⋮---- tmp = Path tmp path ⋮---- def fsync dir directory: Path - None ⋮---- dir fd = os.open str directory , os.O RDONLY ⋮---- def replace with windows retry src: Path, dst: Path - None 证据：`src/memtomem_stm/utils/fileio.py`
- **Numeric**（source_file）：def safe float value: object, default: float = 0.0, , reject nonfinite: bool = True - float ⋮---- result = float value 证据：`src/memtomem_stm/utils/numeric.py`
- **No netloc: urlsplit parses a scheme-less "alice:pw@host/path" as a bare**（source_file）：def redact url userinfo url: str - str ⋮---- parts = urlsplit url ⋮---- host = parts.netloc.rpartition "@" 2 ⋮---- No netloc: urlsplit parses a scheme-less "alice:pw@host/path" as a bare ⋮---- def redact exception text text: str, url: str - str ⋮---- out = text.replace url, redact url userinfo url ⋮---- netloc = urlsplit url .netloc ⋮---- netloc = "" userinfo = netloc.rpartition "@" 0 ⋮---- out = out.replace f"{userinfo}@", " @" 证据：`src/memtomem_stm/utils/redact.py`
- **Sqlite Private**（source_file）：SIDECAR SUFFIXES = "-wal", "-shm" ⋮---- def ensure private db files db path: Path - None ⋮---- sidecars = db path.with name db path.name + s for s in SIDECAR SUFFIXES 证据：`src/memtomem_stm/utils/sqlite_private.py`
- **memtomem Individual Contributor License Agreement**（documentation）：memtomem Individual Contributor License Agreement 证据：`CLA.md`
- **Security Policy**（documentation）：Please report security issues via GitHub private vulnerability advisory https://github.com/memtomem/memtomem-stm/security/advisories/new . Do NOT open public issues for vulnerabilities. 证据：`SECURITY.md`
- **Hook golden fixtures are byte-exact compared via read bytes ; pin LF so a**（source_file）：Hook golden fixtures are byte-exact compared via read bytes ; pin LF so a Windows checkout core.autocrlf=true can't CRLF-convert them and break the byte-identity assertion test kimi render then serialize golden raw stdout . The raw-stdout goldens are .txt; the JSON goldens are parsed structurally so are EOL-agnostic, but pinning the whole tree keeps future B2 host fixtures safe. tests/fixtures/hooks/ text eol=lf 证据：`.gitattributes`
- **Python**（source_file）：Python pycache / .py cod $py.class .egg-info/ .pytest cache/ .mypy cache/ .ruff cache/ 证据：`.gitignore`
- **01 Quickstart Proxy Setup**（source_file）：{ "cells": { "cell type": "markdown", "id": "6ca0bb13", "metadata": {}, "source": " 01 — Quickstart: Proxy a tool through STM\n", "\n", "This notebook walks you through the minimum viable memtomem-stm\n", "setup: register one upstream MCP server, talk to STM as an MCP\n", "client, and read the proxy stats.\n", "\n", " You will learn: \n", "\n", "- How to register an upstream MCP server with the mms CLI\n", "- How STM exposes proxied tools namespaced with a prefix \n", "- How to call tools via the MCP Python client\n", "- How to read stm proxy stats to see what STM did\n", "\n", " Prereqs: uv sync installs the dev group including Jupyter .\n", "No external services required — we use a trivia… 证据：`notebooks/01_quickstart_proxy_setup.ipynb`
- **---------------------------------------------------------------------------**（source_file）：def repo root - Path ⋮---- cwd = Path.cwd .resolve ⋮---- def fixtures dir - Path ⋮---- """Return the absolute path to notebooks/ fixtures/.""" ⋮---- def fake ltm path - Path ⋮---- path = fixtures dir / "fake ltm.py" .resolve ⋮---- --------------------------------------------------------------------------- State isolation ⋮---- def isolate stm state prefix: str = "mms nb ", , enable surfacing: bool = False - Path ⋮---- tmp = Path tempfile.mkdtemp prefix=prefix config path = tmp / "stm proxy.json" ⋮---- def configure fake ltm - Path ⋮---- fake = fake ltm path ⋮---- @asynccontextmanager async def stm session - AsyncIterator ClientSession ⋮---- params = StdioServerParameters ⋮---- def extract t… 证据：`notebooks/_helpers.py`

## 宿主 AI 必须遵守的规则

- **把本资产当作开工前上下文，而不是运行环境。**：AI Context Pack 只包含证据化项目理解，不包含目标项目的可执行状态。 证据：`README.md`, `notebooks/README.md`, `CLAUDE.md`
- **回答用户时区分可预览内容与必须安装后才能验证的内容。**：安装前体验的消费者价值来自降低误装和误判，而不是伪装成真实运行。 证据：`README.md`, `notebooks/README.md`, `CLAUDE.md`

## 用户开工前应该回答的问题

- 你准备在哪个宿主 AI 或本地环境中使用它？
- 你只是想先体验工作流，还是准备真实安装？
- 你最在意的是安装成本、输出质量、还是和现有规则的冲突？

## 验收标准

- 所有能力声明都能回指到 evidence_refs 中的文件路径。
- AI_CONTEXT_PACK.md 没有把预览包装成真实运行。
- 用户能在 3 分钟内看懂适合谁、能做什么、如何开始和风险边界。

---

## Doramagic Context Augmentation

下面内容用于强化 Repomix/AI Context Pack 主体。Human Manual 只提供阅读骨架；踩坑日志会被转成宿主 AI 必须遵守的工作约束。

## Human Manual 骨架

使用规则：这里只是项目阅读路线和显著性信号，不是事实权威。具体事实仍必须回到 repo evidence / Claim Graph。

宿主 AI 硬性规则：
- 不得把页标题、章节顺序、摘要或 importance 当作项目事实证据。
- 解释 Human Manual 骨架时，必须明确说它只是阅读路线/显著性信号。
- 能力、安装、兼容性、运行状态和风险判断必须引用 repo evidence、source path 或 Claim Graph。

- **项目概述与核心价值**：importance `high`
  - source_paths: README.md, pyproject.toml, CHANGELOG.md, src/memtomem_stm/__init__.py, src/memtomem_stm/server.py
- **系统架构与代理管线（CLEAN → COMPRESS → SURFACE → INDEX）**：importance `high`
  - source_paths: src/memtomem_stm/proxy/manager.py, src/memtomem_stm/proxy/pipeline_stages.py, src/memtomem_stm/proxy/protocols.py, src/memtomem_stm/proxy/cleaning.py, src/memtomem_stm/proxy/compression.py
- **CLI、Daemon 与项目管理**：importance `high`
  - source_paths: src/memtomem_stm/cli/__init__.py, src/memtomem_stm/cli/proxy.py, src/memtomem_stm/cli/mms_host.py, src/memtomem_stm/cli/mms_project.py, src/memtomem_stm/cli/mms_import.py
- **可观测性、可靠性与运维**：importance `high`
  - source_paths: src/memtomem_stm/utils/circuit_breaker.py, src/memtomem_stm/utils/redact.py, src/memtomem_stm/utils/anyio_shutdown.py, src/memtomem_stm/utils/fileio.py, src/memtomem_stm/utils/numeric.py

## Repo Inspection Evidence / 源码检查证据

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `ddcb5b82586b14ea2729d75f60e58801a7512b60`
- inspected_files: `README.md`, `pyproject.toml`, `uv.lock`, `docs/caching.md`, `docs/cli.md`, `docs/compression.md`, `docs/configuration.md`, `docs/selection-telemetry.md`, `docs/surfacing.md`, `src/memtomem_stm/__init__.py`, `src/memtomem_stm/__main__.py`, `src/memtomem_stm/cli/__init__.py`, `src/memtomem_stm/cli/_write_lock.py`, `src/memtomem_stm/cli/daemon_cmd.py`, `src/memtomem_stm/cli/hook_adapter.py`, `src/memtomem_stm/cli/hook_cmd.py`, `src/memtomem_stm/cli/hook_hosts.py`, `src/memtomem_stm/cli/mms_host.py`, `src/memtomem_stm/cli/mms_import.py`, `src/memtomem_stm/cli/mms_project.py`

宿主 AI 硬性规则：
- 没有 repo_clone_verified=true 时，不得声称已经读过源码。
- 没有 repo_inspection_verified=true 时，不得把 README/docs/package 文件判断写成事实。
- 没有 quick_start_verified=true 时，不得声称 Quick Start 已跑通。

## Doramagic Pitfall Constraints / 踩坑约束

这些规则来自 Doramagic 发现、验证或编译过程中的项目专属坑点。宿主 AI 必须把它们当作工作约束，而不是普通说明文字。

### Constraint 1: 失败模式：security_permissions: ci: supply-chain hardening — dependency audit, Dependabot, action SHA pinning, top-level work...

- Trigger: Developers should check this security_permissions risk before relying on the project: ci: supply-chain hardening — dependency audit, Dependabot, action SHA pinning, top-level workflow permissions
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: ci: supply-chain hardening — dependency audit, Dependabot, action SHA pinning, top-level workflow permissions. Context: Observed when using python
- Why it matters: Developers may expose sensitive permissions or credentials: ci: supply-chain hardening — dependency audit, Dependabot, action SHA pinning, top-level workflow permissions
- Evidence: failure_mode_cluster:github_issue | https://github.com/memtomem/memtomem-stm/issues/609 | ci: supply-chain hardening — dependency audit, Dependabot, action SHA pinning, top-level workflow permissions
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 2: 失败模式：security_permissions: privacy: disabling privacy_scan_enabled silently sends raw upstream text to external LLM prov...

- Trigger: Developers should check this security_permissions risk before relying on the project: privacy: disabling privacy_scan_enabled silently sends raw upstream text to external LLM providers — warn loudly; consider entropy heuristic
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: privacy: disabling privacy_scan_enabled silently sends raw upstream text to external LLM providers — warn loudly; consider entropy heuristic. Context: Source discussion did not expose a precise runtime context.
- Why it matters: Developers may expose sensitive permissions or credentials: privacy: disabling privacy_scan_enabled silently sends raw upstream text to external LLM providers — warn loudly; consider entropy heuristic
- Evidence: failure_mode_cluster:github_issue | https://github.com/memtomem/memtomem-stm/issues/610 | privacy: disabling privacy_scan_enabled silently sends raw upstream text to external LLM providers — warn loudly; consider entropy heuristic
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 3: 失败模式：security_permissions: tests: fill direct-coverage gaps — observability/tracing, mms/secrets, mms/detect, cli/daemon...

- Trigger: Developers should check this security_permissions risk before relying on the project: tests: fill direct-coverage gaps — observability/tracing, mms/secrets, mms/detect, cli/daemon_cmd, relevance embedding paths
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: tests: fill direct-coverage gaps — observability/tracing, mms/secrets, mms/detect, cli/daemon_cmd, relevance embedding paths. Context: Source discussion did not expose a precise runtime context.
- Why it matters: Developers may expose sensitive permissions or credentials: tests: fill direct-coverage gaps — observability/tracing, mms/secrets, mms/detect, cli/daemon_cmd, relevance embedding paths
- Evidence: failure_mode_cluster:github_issue | https://github.com/memtomem/memtomem-stm/issues/619 | tests: fill direct-coverage gaps — observability/tracing, mms/secrets, mms/detect, cli/daemon_cmd, relevance embedding paths
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 4: 失败模式：installation: proxy: upstream call_tool path has no circuit breaker — SECURITY.md claims per-upstream break...

- Trigger: Developers should check this installation risk before relying on the project: proxy: upstream call_tool path has no circuit breaker — SECURITY.md claims per-upstream breaker isolation
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: proxy: upstream call_tool path has no circuit breaker — SECURITY.md claims per-upstream breaker isolation. Context: Source discussion did not expose a precise runtime context.
- Why it matters: Developers may fail before the first successful local run: proxy: upstream call_tool path has no circuit breaker — SECURITY.md claims per-upstream breaker isolation
- Evidence: failure_mode_cluster:github_issue | https://github.com/memtomem/memtomem-stm/issues/608 | proxy: upstream call_tool path has no circuit breaker — SECURITY.md claims per-upstream breaker isolation
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 5: 失败模式：installation: v0.1.29

- Trigger: Developers should check this installation risk before relying on the project: v0.1.29
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v0.1.29. Context: Observed during installation or first-run setup.
- Why it matters: Upgrade or migration may change expected behavior: v0.1.29
- Evidence: failure_mode_cluster:github_release | https://github.com/memtomem/memtomem-stm/releases/tag/v0.1.29 | v0.1.29
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 6: 来源证据：config: unknown keys are silently ignored and parse failures silently fall back — add `mms config validate` and louder…

- Trigger: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：config: unknown keys are silently ignored and parse failures silently fall back — add `mms config validate` and louder failure
- Why it matters: 可能影响升级、迁移或版本选择。
- Evidence: community_evidence:github | https://github.com/memtomem/memtomem-stm/issues/611 | 来源类型 github_issue 暴露的待验证使用条件。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 7: 来源证据：proxy: ProxyManager.stop() never closes the sqlite pending stores (leaked connection on config-change rebuild)

- Trigger: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：proxy: ProxyManager.stop() never closes the sqlite pending stores (leaked connection on config-change rebuild)
- Host AI rule: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Why it matters: 可能增加新用户试用和生产接入成本。
- Evidence: community_evidence:github | https://github.com/memtomem/memtomem-stm/issues/601 | 来源类型 github_issue 暴露的待验证使用条件。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 8: 来源证据：server: stderr-only logging — add optional rotating file log under ~/.memtomem/

- Trigger: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：server: stderr-only logging — add optional rotating file log under ~/.memtomem/
- Why it matters: 可能阻塞安装或首次运行。
- Evidence: community_evidence:github | https://github.com/memtomem/memtomem-stm/issues/612 | 来源类型 github_issue 暴露的待验证使用条件。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 9: 可能修改宿主 AI 配置

- Trigger: 项目面向 Claude/Cursor/Codex/Gemini/OpenCode 等宿主，或安装命令涉及用户配置目录。
- Host AI rule: 列出会写入的配置文件、目录和卸载/回滚步骤。
- Why it matters: 安装可能改变本机 AI 工具行为，用户需要知道写入位置和回滚方法。
- Evidence: capability.host_targets | https://github.com/memtomem/memtomem-stm | host_targets=claude, mcp_host, claude_code, cursor
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 10: 失败模式：configuration: Harden non-startup exc_info cleanup logs against credential leaks (follow-up to #580/#593)

- Trigger: Developers should check this configuration risk before relying on the project: Harden non-startup exc_info cleanup logs against credential leaks (follow-up to #580/#593)
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: Harden non-startup exc_info cleanup logs against credential leaks (follow-up to #580/#593). Context: Source discussion did not expose a precise runtime context.
- Why it matters: Developers may misconfigure credentials, environment, or host setup: Harden non-startup exc_info cleanup logs against credential leaks (follow-up to #580/#593)
- Evidence: failure_mode_cluster:github_issue | https://github.com/memtomem/memtomem-stm/issues/605 | Harden non-startup exc_info cleanup logs against credential leaks (follow-up to #580/#593)
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。
