Architecture - Kagura v4.0
Universal AI Memory Platform - System Design
This document describes the architecture of Kagura v4.0 after Phase C completion.
ποΈ High-Level Overview
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI Platforms (MCP Clients) β
β Claude Desktop β’ ChatGPT β’ Gemini β’ Cursor β’ Cline β
ββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββ¬ββββββββββ
β stdio (local) HTTP/SSE (remote)β
β β
ββββββββΌββββββββββββββ ββββββββββββββββΌβββββββββ
β MCP Server β β MCP over HTTP/SSE β
β (Local) β β (/mcp endpoint) β
β β β β
β All 31 tools β
β β 24 safe tools only β
β File ops β
β β File ops β β
β Shell exec β
β β Shell exec β β
ββββββββ¬ββββββββββββββ ββββββββββββββββ¬βββββββββ
β β
β Internal Python API β
βββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββΌββββββββββββββββββββββ
β Memory Manager β
β (src/kagura/core/memory/manager.py) β
β β
β ββββββββββββ¬ββββββββββββ¬ββββββββββββββ β
β β Working β Context β Persistent β β
β β Memory β Memory β Memory β β
β β(In-Mem) β(Messages) β(SQLite) β β
β ββββββββββββ΄ββββββββββββ΄ββββββββββββββ β
β β
β ββββββββββββββββββββββββββββββββββββββ β
β β RAG (ChromaDB) β β
β β β’ Working RAG β β
β β β’ Persistent RAG β β
β β β’ Semantic search β β
β ββββββββββββββββββββββββββββββββββββββ β
β β
β ββββββββββββββββββββββββββββββββββββββ β
β β Graph Memory (NetworkX) β β
β β β’ Relationships β β
β β β’ Interaction history β β
β β β’ User patterns β β
β ββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββ¬ββββββββββββββββββββββββββ
β
ββββββββββΌβββββββββ
β Storage β
β β’ SQLite β
β β’ ChromaDB β
β β’ Pickle files β
βββββββββββββββββββ
π Phase C Architecture (Remote MCP Server)
Remote Access Flow
ChatGPT Your Server
βββββββββββ ββββββββββββββββ
β ChatGPT β HTTPS/SSE β Caddy β
βConnectorββββββββββββββββββββββΊβ (Port 443) β
βββββββββββ ββββββββ¬ββββββββ
β
βββββββββΌββββββββ
β Kagura API β
β (Port 8080) β
β β
β /mcp βββ HTTP/SSE
β /api/v1/* βββ REST
βββββββββ¬ββββββββ
β
ββββββββββΌβββββββββ
β Memory Manager β
β + Graph β
ββββββββββ¬βββββββββ
β
ββββββββββΌβββββββββ
β PostgreSQL β
β + pgvector β
βββββββββββββββββββ
Security Layers
1. API Key Authentication
ββ SHA256 hashed storage
ββ Optional expiration
ββ Audit trail (last_used_at)
2. Tool Access Control
ββ Local context: All 31 tools β
ββ Remote context: 24 safe tools only
ββ Dangerous tools filtered:
β’ file_read, file_write
β’ shell_exec
β’ media_open_*
3. Network Security
ββ Caddy reverse proxy
ββ Automatic HTTPS (Let's Encrypt)
ββ CORS configuration
ββ Security headers (HSTS, XSS)
π¦ Component Details
1. MCP Server (src/kagura/mcp/)
stdio Transport (local):
- File: src/kagura/cli/mcp.py
- Command: kagura mcp serve
- Context: local (all tools available)
- Clients: Claude Desktop, Cursor, Cline
HTTP/SSE Transport (remote):
- File: src/kagura/api/routes/mcp_transport.py
- Endpoint: /mcp
- Context: remote (safe tools only)
- Clients: ChatGPT Connector, web browsers
Tool Permissions:
- File: src/kagura/mcp/permissions.py
- Logic: is_tool_allowed(tool_name, context)
- Default: Deny unknown tools (fail-safe)
2. Memory Manager (src/kagura/core/memory/)
Components:
- manager.py - Main coordinator
- working.py - In-memory temporary storage
- persistent.py - SQLite-based long-term storage
- rag.py - ChromaDB vector search
- export.py - JSONL export/import
Storage Scopes: - Working: Session-only, cleared after use - Persistent: Survives restarts, SQLite storage - Both: Indexed in RAG for semantic search
3. Graph Memory (src/kagura/core/graph/)
Implementation: NetworkX-based
Node Types:
- user - User profiles
- topic - Discussion topics
- memory - Memory references
- interaction - AI-User interactions
Edge Types:
- related_to - Related memories
- depends_on - Dependencies
- learned_from - Learning relationships
- works_on - User activities
Storage: Pickle files (~/.kagura/graph.pkl)
4. REST API (src/kagura/api/)
Framework: FastAPI
Endpoints:
- /api/v1/memory - Memory CRUD
- /api/v1/recall - Semantic search
- /api/v1/search - Full-text search
- /api/v1/graph/* - Graph operations
- /api/v1/health - Health check
- /api/v1/metrics - System metrics
- /mcp - MCP over HTTP/SSE β NEW
Authentication:
- File: src/kagura/api/auth.py
- Method: Bearer token (API keys)
- Storage: SQLite (~/.kagura/api_keys.db)
- Hashing: SHA256
π Data Flow
Memory Store Flow
1. MCP Client (Claude/ChatGPT)
βββΊ MCP Tool Call: memory_store(...)
2. MCP Server (stdio or HTTP/SSE)
βββΊ Route to tool_registry
3. Built-in Tool (src/kagura/mcp/builtin/memory.py)
βββΊ Call MemoryManager.store()
4. Memory Manager
βββΊ Working memory (if scope="working")
βββΊ Persistent memory (if scope="persistent")
βββΊ RAG indexing (both scopes)
5. Storage
βββΊ SQLite (persistent)
βββΊ ChromaDB (vectors)
βββΊ In-memory dict (working)
Memory Recall Flow
1. MCP Tool Call: memory_recall(query="Python tips", k=5)
2. Memory Manager
βββΊ Query RAG (vector similarity)
3. RAG Search
βββΊ Embed query (text-embedding-3-small)
βββΊ Search ChromaDB collections
βββΊ Return top-k results
4. Return to client
βββΊ Formatted results with scores
π Security Architecture
Authentication Flow
1. Client Request
βββΊ Authorization: Bearer kagura_abc123...
2. API Gateway (/mcp or /api/v1/*)
βββΊ Extract Bearer token
3. API Key Manager (src/kagura/api/auth.py)
βββΊ Hash provided key (SHA256)
βββΊ Query api_keys.db
βββΊ Check expiration & revocation
βββΊ Extract user_id
4. Request Processing
βββΊ Use authenticated user_id for memory operations
Tool Filtering (Remote Context)
1. create_mcp_server(context="remote")
2. handle_list_tools()
βββΊ Get all registered tools (31 total)
βββΊ Filter by TOOL_PERMISSIONS
βββΊ Return safe tools only (24)
3. Client sees:
β
memory_* tools
β
web_* tools
β file_* tools (blocked)
β shell_exec (blocked)
πΎ Data Model
Memory Record
{
"key": str, # Unique identifier
"value": Any, # Stored data (JSON serializable)
"user_id": str, # Owner (v4.0+)
"agent_name": str, # Agent scope
"scope": "working|persistent",
"tags": List[str], # Categorization
"importance": float, # 0.0-1.0
"created_at": datetime,
"updated_at": datetime,
"metadata": Dict[str, Any] # Additional metadata
}
Graph Node
{
"id": str, # Node identifier
"type": str, # Node type (user, topic, memory, interaction)
"data": Dict[str, Any], # Node attributes
}
Graph Edge
{
"src": str, # Source node ID
"dst": str, # Destination node ID
"type": str, # Relationship type
"weight": float, # 0.0-1.0
}
π Deployment Architecture
Local Development
Developer Machine
βββ SQLite (~/.kagura/memory.db)
βββ ChromaDB (~/.kagura/chromadb/)
βββ Graph pickle (~/.kagura/graph.pkl)
βββ API Keys (~/.kagura/api_keys.db)
Production Deployment
Docker Stack (docker-compose.prod.yml)
βββββββββββββββββββββββββββββββββββββββββββ
β Caddy (Port 443) β
β Automatic HTTPS, Reverse Proxy β
ββββββββββββββββββββ¬βββββββββββββββββββββββ
β
ββββββββββββββββββββΌβββββββββββββββββββββββ
β Kagura API (Port 8080) β
β FastAPI + MCP over HTTP/SSE β
ββββββββ¬βββββββββββββββββββββββ¬ββββββββββββ
β β
ββββββββΌβββββββββββ ββββββββΌβββββββββββ
β PostgreSQL β β Redis β
β + pgvector β β (Caching) β
βββββββββββββββββββ βββββββββββββββββββ
Volumes:
βββ postgres_data - Database persistence
βββ redis_data - Redis persistence
βββ kagura_data - Memory exports, etc.
βββ caddy_data - SSL certificates
π Export/Import System
Export Format (JSONL)
backup/
βββ memories.jsonl # All memory records
βββ graph.jsonl # Graph nodes & edges
βββ metadata.json # Export metadata
Example record:
{"type":"memory","scope":"persistent","key":"python_tips","value":"Use type hints","user_id":"jfk","agent_name":"global","tags":["python"],"importance":0.8,"exported_at":"2025-10-27T10:00:00Z"}
π Design Principles
1. MCP-First
All functionality exposed via MCP tools first, then REST API.
2. Multi-User from Day 1
All operations scoped by user_id (Phase C foundation).
3. Security by Default
Remote access auto-filtered for safety.
4. Data Portability
Complete export/import in human-readable JSONL.
5. Fail-Safe
Unknown tools denied by default in remote context.
π Related Documentation
Last Updated: 2025-10-27 Version: 4.0.0 Phase: C Complete