Open Source from Mallorca
Matthias Meyer
Open-source tools for AI builders
I build the MCP servers, memory engines, agent patterns, and security layers I need for my own AI stack. Then I open-source them so other builders can read the architecture, study the trade-offs, and lift what fits.
Open Source from Mallorca
- memory
Local Memory MCP
Persistent local memory for Claude, Cursor, Codex
★ 9 · 21
- agents
Personal Suite MCP
Local-first personal productivity for Claude and Cursor
★ 0 · 49
- media
MCP Video
Cinema-grade video production via MCP
★ 4 · 8
- agents
Agent Fleet
Multi-agent orchestration for the Claude Code CLI
★ 1
- security
AI Shield
LLM security toolkit, direct and indirect injection, memory canary, circuit breakers
★ 3
- agents
Darwin Agents
AI agents that improve themselves, now with GEPA-style reflective optimisation
★ 8
- security
MCP Armor
Drop-in Rust sidecar for MCP servers
★ 1
- workflow
n8n Templates
Production n8n workflows with cross-session memory
★ 3
Drag a node, hover for details, click to open the repo.
- Local Memory MCP (memory, hero): Persistent local memory for Claude, Cursor, Codex. 21 MCP tools, SQLite + FTS5 + Knowledge Graph. No cloud, no API keys. One command: npx @studiomeyer/local-memory-mcp. See: https://github.com/studiomeyer-io/local-memory-mcp
- Personal Suite MCP (agents, hero): Local-first personal productivity for Claude and Cursor. Email, Calendar, Messaging, Search, Image Generation. BYOK, no cloud, no signup. 49 tools across 6 modules. See: https://github.com/studiomeyer-io/mcp-personal-suite
- MCP Video (media, hero): Cinema-grade video production via MCP. 8 tools for recording, editing, effects, captions, TTS, and smart screenshots. Built on ffmpeg + Playwright. See: https://github.com/studiomeyer-io/mcp-video
- Agent Fleet (agents, hero): Multi-agent orchestration for the Claude Code CLI. Run specialized AI agents in parallel: research, critique, analyze, fix, and discuss. TypeScript orchestration layer. See: https://github.com/studiomeyer-io/agent-fleet
- AI Shield (security, hero): LLM security toolkit, direct and indirect injection, memory canary, circuit breakers. v0.2 ships indirect-prompt-injection scanning for RAG, MCP tool descriptions, stored memory and scraped web content; trust-tier context streams with provenance fences; SHA-256 memory canaries with cross-tenant detection; runtime circuit breakers with blast-radius cap and human-in-the-loop. Zero dependencies in the core, optional ONNX classifier sibling. 567 tests, three-round agent code review, MIT. See: https://github.com/studiomeyer-io/ai-shield
- Darwin Agents (agents, hero): AI agents that improve themselves, now with GEPA-style reflective optimisation. Self-evolving prompts via A/B testing, multi-model critics, safety gates. v0.5.0-alpha.2 adds GEPA-style reflective optimisation (GepaOptimizer, Reflector, Pareto helpers, DARWIN_DEFAULT_OBJECTIVES) on top of full execution-trace capture (toolCalls, tokenUsage, errors, capturedAt) for OTEL-mapping. 307 tests, R1+R2 review loops, TypeScript, MIT. See: https://github.com/studiomeyer-io/darwin-agents
- MCP Armor (security, hero): Drop-in Rust sidecar for MCP servers. v0.2: stdio-MCP wrapper with Aho-Corasick + Regex + Unicode-NFKC scanner pipeline, Ed25519 manifest verify with TOFU keystore, Sigstore Rekor bridge, OTLP gRPC export, 10-CVE blocklist from OX-Advisory 2026-04-15. 9 control-plane MCP tools, 133 tests, MIT. See: https://github.com/studiomeyer-io/mcp-armor
- n8n Templates (workflow, hero): Production n8n workflows with cross-session memory. Production-pattern hardened n8n workflow templates for voice agents, customer support, personal assistants. Multi-provider, powered by StudioMeyer Memory. See: https://github.com/studiomeyer-io/n8n-templates
- MeetMyAgent SDK (agents, secondary): Reference TypeScript SDK for an agent-native marketplace API. Zero-dependency client for MeetMyAgent, an agent-native marketplace where AI agents register, post, bid on jobs, exchange messages and build reputation. Native fetch, full TypeScript types, 44 tests. Platform is on hiatus; SDK is preserved as a reference implementation for the third-party-agent integration path. Point baseUrl at any compatible deployment. See: https://github.com/studiomeyer-io/meetmyagent-sdk
- AI Shield (Python) (security, secondary): Python port of AI Shield. Python LLM security middleware: prompt-injection, PII, tool-policy, cost-budget, audit. Port of ai-shield-core (TypeScript). Same defense surface, FastAPI/LangChain hooks instead of Hono/Express. See: https://github.com/studiomeyer-io/ai-shield-py
- MCP Stdio Shellguard (security, secondary): Defense-in-depth bundle for MCP stdio servers. Drop-in guardExec / guardSpawn wrappers, AST audit CLI, reference MCP server. Closes the OX Security 200k-server stdio-RCE class (CVE-2025-69256). Unicode-bypass-hardened, allowlist-based, replay-window protected. MIT, TypeScript, Node 20+. See: https://github.com/studiomeyer-io/mcp-stdio-shellguard
- MCP Spec Migrator 2025-11-25 (factory, secondary): MCP Spec 2025-11-25 migration toolkit. Detect, diff, compatibility-matrix, plan, check. Foundation pillar by StudioMeyer (MCP Factory). Helps you upgrade an MCP server stack across spec versions without breakage. 35/35 tests, MIT. See: https://github.com/studiomeyer-io/mcp-spec-migrator-2511
- MCP Tenant Pair (factory, secondary): Multi-user tenancy library plus reference MCP server. Foundation library for couples, families, groups. Bi-temporal storage, conflict-resolver interface, SQLite + Postgres adapters. See: https://github.com/studiomeyer-io/mcp-tenant-pair
- MCP Tenant Context (factory, secondary): Tenant + actor context propagation for MCP servers. AsyncLocalStorage-based tenant + actor context propagation for MCP servers. Zero runtime dependencies, ESM-only. MCP Factory foundation pillar. See: https://github.com/studiomeyer-io/mcp-tenant-context
- MCP Hook Conformance (factory, secondary): Test harness CLI for Claude Code v2.1.118 hooks. Audits any MCP server for mcp_tool lifecycle-hook readiness: idempotency, latency, determinism, side-effects, GDPR-doc. 56/56 tests, MIT. See: https://github.com/studiomeyer-io/mcp-hook-conformance
- MCP Protocol Conformance (factory, secondary): Conformance test harness for MCP servers. JSON-RPC 2.0, OAuth 2.1 PKCE, tool schemas, capabilities, smoke roundtrip, annotation hygiene. Spec versions 2024-11-05, 2025-03-26, 2025-06-18. See: https://github.com/studiomeyer-io/mcp-protocol-conformance
- MCP Server Attestation (security, secondary): Layer-2 supply-chain hardening for MCP servers. Ed25519-signed tool manifests, runtime spawn-attestation, default-deny argument sanitizer. Defends against marketplace-poisoning + CVE-2025-69256. See: https://github.com/studiomeyer-io/mcp-server-attestation
- n8n Memory Node (workflow, secondary): n8n community node for StudioMeyer Memory. Long-term AI memory with knowledge graph, semantic search, entity tracking, session continuity. Drop-in for n8n. See: https://github.com/studiomeyer-io/n8n-nodes-studiomeyer-memory
- n8n Workflows (workflow, secondary): Production n8n workflows, hardened patterns. Multi-provider LLM, no memory required. For cross-session memory see n8n-templates. See: https://github.com/studiomeyer-io/n8n-workflows
- MCP StudioMeyer Agents (saas, secondary): MCP server for StudioMeyer Agents customers. Read your AI-Audit Fleet data and configure your agents from your own Claude, ChatGPT, Cursor or Codex. See: https://github.com/studiomeyer-io/mcp-studiomeyer-agents
- MCP Academy (saas, secondary): MCP server for StudioMeyer Academy. Next lesson, quiz, review, certificates, tutor. See: https://github.com/studiomeyer-io/mcp-academy
- StudioMeyer Marketplace (saas, secondary): MCP Suite for Claude Code (4 hosted plugins). Memory, CRM, GEO, Crew. 119 tools, 21 slash commands, 5 skills, 3 subagents. Magic Link auth. EU Frankfurt. See: https://github.com/studiomeyer-io/studiomeyer-marketplace
- StudioMeyer Memory (saas, secondary): AI memory server with 56 tools (SaaS connector). Knowledge Graph, semantic search, session tracking, multi-agent support. Hosted at memory.studiomeyer.io. Free tier. See: https://github.com/studiomeyer-io/studiomeyer-memory
- StudioMeyer CRM (saas, secondary): AI-native CRM as MCP Server (SaaS connector). 33 tools for contact management, pipeline, leads, follow-ups, health scores, revenue analytics. Hosted at crm.studiomeyer.io. OAuth 2.1. See: https://github.com/studiomeyer-io/studiomeyer-crm
- StudioMeyer GEO (saas, secondary): AI visibility monitoring (SaaS connector). 25 MCP tools and 5 expert workflows. Check how 8 LLM platforms see your brand. Hosted at geo.studiomeyer.io. See: https://github.com/studiomeyer-io/studiomeyer-geo
- StudioMeyer Crew (saas, secondary): Agent personas for Claude (SaaS connector). 10 MCP tools, 8 personas, 3 workflows. Zero API cost. Free tier available. See: https://github.com/studiomeyer-io/studiomeyer-crew
- MCP RCE Guard (security, secondary): Layer-3 RCE defense for MCP servers via policy synthesis. Foundation pillar 9. Closes the tool-injection-RCE class that sidecar scanners (mcp-armor) and stdio wrappers (mcp-stdio-shellguard) cannot catch. Synthesises per-tool policies from declared semantics and enforces them at execution time. MIT, TypeScript. See: https://github.com/studiomeyer-io/mcp-rce-guard
- Darwin LangGraph (agents, secondary): LangGraph.js adapter for darwin-agents. Bridge between darwin-agents (self-evolving AI agents) and @langchain/langgraph (state-graph workflow orchestration). Zero hard deps, both upstreams as peer-dependencies. Six surfaces: createDarwinNode, darwinAnnotation, withDarwinEvolution (@deprecated), DarwinCallbackHandler, toOtelAttributes (OpenTelemetry GenAI Semantic Conventions), darwinMessagesAnnotation. v0.3 adds runId/parentRunId propagation, double-wrap warning, hung-invoke guard. 132 tests, R1+R2 review loops, MIT. See: https://github.com/studiomeyer-io/darwin-langgraph
- Temporal Memory Workflows (workflow, secondary): Durable workflow templates that pair Temporal with persistent agent memory. Five Temporal templates (T01-T05): memory-aware agent, operator approval, saga rollback, recurring synthesis, multi-agent coordination. All workflows write durable knowledge (learn), decisions (decide), and mistakes into Memory via Temporal activities. Bring-your-own backend via the MemoryClient adapter (HostedMemoryClient + InMemoryMemoryClient). 45 tests with time-skipping, MIT. See: https://github.com/studiomeyer-io/temporal-memory-workflows
- Nex Local Bench (memory, secondary): Reproducible LongMemEval harness for local LLMs against memory systems. Run LongMemEval against any memory system (Nex, Mem0, Graphiti, Letta) with a local LLM reader (Qwen, Llama via Ollama). 50-question stratified oracle, Claude Code subscription judge, zero API cost. Python, MIT. See: https://github.com/studiomeyer-io/nex-local-bench
- Polis (agents, secondary): Open multi-agent society simulation on Claude, LangGraph, Darwin. Nine LLM citizens build a small town. They walk, talk, work, and reason out loud, each driven by a real language model. Open-source mirror of the live meetmyagent.io world, built on darwin-agents and LangGraph. TypeScript, MIT. See: https://github.com/studiomeyer-io/polis-darwin
- MCP Stateless Migrator (factory, secondary): Migrate MCP servers to the 2026-07-28 stateless spec. Scan, diff, patch, and verify an MCP server stack across the 2025-11-25 to 2026-07-28 RC spec jump. Eight detection rules, AST rewrite via ts-morph, CLI-first. Foundation pillar by StudioMeyer (MCP Factory). TypeScript, MIT. See: https://github.com/studiomeyer-io/mcp-stateless-migrator
- MCP Gauntlet (security, secondary): Fuzz + load testing for MCP servers, before they ship. A Rust workspace: mcp-fuzz (a schema-aware fuzzer that finds crashes and hangs, SARIF output) and mcp-storm (a load tester with p50/p95/p99 and a CI gate), both on one shared async MCP client core (mcp-gauntlet-core). The pre-deploy counterpart to mcp-armor's runtime defense. 21 tests, three crates on crates.io, MIT. See: https://github.com/studiomeyer-io/mcp-gauntlet
- MCP Covenant (security, secondary): semver for your MCP server's interface. Snapshots a server's tools/resources/prompts into a lockfile and fails CI on breaking changes, with direction-aware JSON-Schema classification (tightening an input schema vs loosening an output schema break different callers) plus a schema-hygiene linter. Single Rust binary, stdio + HTTP, SARIF + GitHub Action. 132 tests, on crates.io, MIT. See: https://github.com/studiomeyer-io/mcp-covenant
- MCP Herald (security, secondary): Static migration linter for the MCP 2026-07-28 spec. Scans your MCP server's source for the breaking-change signatures of the 2026-07-28 spec, then reports, file and line, what to change. It flags the retired -32002 error code (SEP-2164), stateful sessions (SEP-2575), deprecated roots/sampling/logging (SEP-2577) and OAuth without resource metadata (RFC 9728/8707). Every finding links its SEP/RFC. Single Rust binary, SARIF + GitHub Action. 93 tests, on crates.io, MIT. See: https://github.com/studiomeyer-io/mcp-herald
- MCP Passport (security, secondary): Is your server.json ready for the MCP Registry?. A publish-readiness validator: checks server.json against the registry schema (required name/description/version, reverse-DNS name, packages/remotes, per-package registryType/identifier/transport, the snake_case registry_type mistake, mcpb fileSha256) and cross-checks version + mcpName consistency with the sibling package.json / Cargo.toml / pyproject.toml, so mcp-publisher accepts the upload first try. Single Rust binary, SARIF + GitHub Action. 166 tests, on crates.io, MIT. See: https://github.com/studiomeyer-io/mcp-passport
- MCP OTel (factory, secondary): W3C Trace Context bridge for the Model Context Protocol. Implements MCP spec SEP-414: propagates traceparent / tracestate / baggage from _meta as OpenTelemetry spans, so host → server → tool → downstream renders as one trace tree. Drop-in for any MCP server, no vendor lock-in. 41 tests, MIT, TypeScript. See: https://github.com/studiomeyer-io/mcp-otel
- StatePilot (agents, secondary): Deterministic state-machine guards for AI-agent workflows. Enforces the allowed tool order, transitions, loop limits, and cost budgets at runtime. Fail-closed, so an agent cannot step outside its declared state machine. Zero-dependency core, LangGraph-aware. 74 tests, MIT, Python. See: https://github.com/studiomeyer-io/statepilot
- MCP Cache Kit (factory, secondary): Leak-safe caching for the Model Context Protocol. Implements MCP spec SEP-2549 (ttlMs + cacheScope): set the cache fields correctly server-side, and never share a private result across tenants or users client-side. Closes the cross-tenant cache-leak class with helpers and types. 66 tests, MIT, TypeScript. See: https://github.com/studiomeyer-io/mcp-cache-kit
- SkillDoctor (security, secondary): Linter and security scanner for agent skill files. Lints Claude Code SKILL.md, AGENTS.md, and subagent files: 25 rules, an A–F grade, prompt-injection and secret-leak detection, --fix, SARIF, and a GitHub Action. The CLI command is skilldoctor (the npm package is scoped). 91 tests, MIT, TypeScript. See: https://github.com/studiomeyer-io/skilldoctor
- MeetMyAgent MCP (saas, secondary): AI-native marketplace as an MCP server. Search the free MeetMyAgent marketplace and list your own offers straight from Claude, Cursor, Codex or ChatGPT. Reads are anonymous, listing takes an optional key. See: https://github.com/studiomeyer-io/meetmyagent-mcp
What you cannot see on the GitHub front page
Stars are slow. Real usage shows up in installs and clones first.
- package installs total
- 20k
- git clones / 14d
- 2.3k
- public repos
- 41
- forks
- 17
npm installs, stars and forks: live, refreshed every 6h. Clones, crates.io and PyPI: snapshot from the last deploy.
The eight cornerstones
Start here. Everything else extends one of these.
Local Memory MCP
Persistent local memory for Claude, Cursor, Codex
21 MCP tools, SQLite + FTS5 + Knowledge Graph. No cloud, no API keys. One command: npx @studiomeyer/local-memory-mcp.
Personal Suite MCP
Local-first personal productivity for Claude and Cursor
Email, Calendar, Messaging, Search, Image Generation. BYOK, no cloud, no signup. 49 tools across 6 modules.
MCP Video
Cinema-grade video production via MCP
8 tools for recording, editing, effects, captions, TTS, and smart screenshots. Built on ffmpeg + Playwright.
Agent Fleet
Multi-agent orchestration for the Claude Code CLI
Run specialized AI agents in parallel: research, critique, analyze, fix, and discuss. TypeScript orchestration layer.
AI Shield
LLM security toolkit, direct and indirect injection, memory canary, circuit breakers
v0.2 ships indirect-prompt-injection scanning for RAG, MCP tool descriptions, stored memory and scraped web content; trust-tier context streams with provenance fences; SHA-256 memory canaries with cross-tenant detection; runtime circuit breakers with blast-radius cap and human-in-the-loop. Zero dependencies in the core, optional ONNX classifier sibling. 567 tests, three-round agent code review, MIT.
Darwin Agents
AI agents that improve themselves, now with GEPA-style reflective optimisation
Self-evolving prompts via A/B testing, multi-model critics, safety gates. v0.5.0-alpha.2 adds GEPA-style reflective optimisation (GepaOptimizer, Reflector, Pareto helpers, DARWIN_DEFAULT_OBJECTIVES) on top of full execution-trace capture (toolCalls, tokenUsage, errors, capturedAt) for OTEL-mapping. 307 tests, R1+R2 review loops, TypeScript, MIT.
MCP Armor
Drop-in Rust sidecar for MCP servers
v0.2: stdio-MCP wrapper with Aho-Corasick + Regex + Unicode-NFKC scanner pipeline, Ed25519 manifest verify with TOFU keystore, Sigstore Rekor bridge, OTLP gRPC export, 10-CVE blocklist from OX-Advisory 2026-04-15. 9 control-plane MCP tools, 133 tests, MIT.
n8n Templates
Production n8n workflows with cross-session memory
Production-pattern hardened n8n workflow templates for voice agents, customer support, personal assistants. Multi-provider, powered by StudioMeyer Memory.
More repos
Conformance harnesses, n8n nodes, SaaS connectors. Click to expand.
Zero-dependency client for MeetMyAgent, an agent-native marketplace where AI agents register, post, bid on jobs, exchange messages and build reputation. Native fetch, full TypeScript types, 44 tests. Platform is on hiatus; SDK is preserved as a reference implementation for the third-party-agent integration path. Point baseUrl at any compatible deployment.
statusstableupdated2026-05-20installs590clones (14d)5groupagentsnpx -y meetmyagent-sdk
Python LLM security middleware: prompt-injection, PII, tool-policy, cost-budget, audit. Port of ai-shield-core (TypeScript). Same defense surface, FastAPI/LangChain hooks instead of Hono/Express.
statusstableupdated2026-07-01installs273clones (14d)58groupsecuritypip install studiomeyer-aishield
Drop-in guardExec / guardSpawn wrappers, AST audit CLI, reference MCP server. Closes the OX Security 200k-server stdio-RCE class (CVE-2025-69256). Unicode-bypass-hardened, allowlist-based, replay-window protected. MIT, TypeScript, Node 20+.
statusstableupdated2026-06-21installs754clones (14d)57groupsecuritynpx -y mcp-stdio-shellguard
Detect, diff, compatibility-matrix, plan, check. Foundation pillar by StudioMeyer (MCP Factory). Helps you upgrade an MCP server stack across spec versions without breakage. 35/35 tests, MIT.
statusstableupdated2026-06-22installs327clones (14d)9groupfactorynpx -y mcp-spec-migrator
Foundation pillar 9. Closes the tool-injection-RCE class that sidecar scanners (mcp-armor) and stdio wrappers (mcp-stdio-shellguard) cannot catch. Synthesises per-tool policies from declared semantics and enforces them at execution time. MIT, TypeScript.
statusalphaupdated2026-06-22clones (14d)9groupsecurityBridge between darwin-agents (self-evolving AI agents) and @langchain/langgraph (state-graph workflow orchestration). Zero hard deps, both upstreams as peer-dependencies. Six surfaces: createDarwinNode, darwinAnnotation, withDarwinEvolution (@deprecated), DarwinCallbackHandler, toOtelAttributes (OpenTelemetry GenAI Semantic Conventions), darwinMessagesAnnotation. v0.3 adds runId/parentRunId propagation, double-wrap warning, hung-invoke guard. 132 tests, R1+R2 review loops, MIT.
statusalphaupdated2026-07-06installs1.7kclones (14d)75groupagentsnpx -y darwin-langgraph
Five Temporal templates (T01-T05): memory-aware agent, operator approval, saga rollback, recurring synthesis, multi-agent coordination. All workflows write durable knowledge (learn), decisions (decide), and mistakes into Memory via Temporal activities. Bring-your-own backend via the MemoryClient adapter (HostedMemoryClient + InMemoryMemoryClient). 45 tests with time-skipping, MIT.
statusalphaupdated2026-06-22stars1clones (14d)7groupworkflowNine LLM citizens build a small town. They walk, talk, work, and reason out loud, each driven by a real language model. Open-source mirror of the live meetmyagent.io world, built on darwin-agents and LangGraph. TypeScript, MIT.
statusbetaupdated2026-07-10stars1clones (14d)25groupagentsScan, diff, patch, and verify an MCP server stack across the 2025-11-25 to 2026-07-28 RC spec jump. Eight detection rules, AST rewrite via ts-morph, CLI-first. Foundation pillar by StudioMeyer (MCP Factory). TypeScript, MIT.
statusalphaupdated2026-07-06installs386clones (14d)83groupfactorynpx -y mcp-stateless-migrator
A Rust workspace: mcp-fuzz (a schema-aware fuzzer that finds crashes and hangs, SARIF output) and mcp-storm (a load tester with p50/p95/p99 and a CI gate), both on one shared async MCP client core (mcp-gauntlet-core). The pre-deploy counterpart to mcp-armor's runtime defense. 21 tests, three crates on crates.io, MIT.
statusstableupdated2026-06-29installs33clones (14d)53groupsecuritycargo install mcp-fuzz mcp-storm
Snapshots a server's tools/resources/prompts into a lockfile and fails CI on breaking changes, with direction-aware JSON-Schema classification (tightening an input schema vs loosening an output schema break different callers) plus a schema-hygiene linter. Single Rust binary, stdio + HTTP, SARIF + GitHub Action. 132 tests, on crates.io, MIT.
statusstableupdated2026-06-29installs14clones (14d)42groupsecuritycargo install mcp-covenant
Scans your MCP server's source for the breaking-change signatures of the 2026-07-28 spec, then reports, file and line, what to change. It flags the retired -32002 error code (SEP-2164), stateful sessions (SEP-2575), deprecated roots/sampling/logging (SEP-2577) and OAuth without resource metadata (RFC 9728/8707). Every finding links its SEP/RFC. Single Rust binary, SARIF + GitHub Action. 93 tests, on crates.io, MIT.
statusstableupdated2026-07-06installs14clones (14d)66groupsecuritycargo install mcp-herald
A publish-readiness validator: checks server.json against the registry schema (required name/description/version, reverse-DNS name, packages/remotes, per-package registryType/identifier/transport, the snake_case registry_type mistake, mcpb fileSha256) and cross-checks version + mcpName consistency with the sibling package.json / Cargo.toml / pyproject.toml, so mcp-publisher accepts the upload first try. Single Rust binary, SARIF + GitHub Action. 166 tests, on crates.io, MIT.
statusstableupdated2026-06-29installs23clones (14d)47groupsecuritycargo install mcp-passport
Implements MCP spec SEP-414: propagates traceparent / tracestate / baggage from _meta as OpenTelemetry spans, so host → server → tool → downstream renders as one trace tree. Drop-in for any MCP server, no vendor lock-in. 41 tests, MIT, TypeScript.
statusstableupdated2026-07-06installs327clones (14d)40groupfactorynpx -y mcp-otel
Enforces the allowed tool order, transitions, loop limits, and cost budgets at runtime. Fail-closed, so an agent cannot step outside its declared state machine. Zero-dependency core, LangGraph-aware. 74 tests, MIT, Python.
statusstableupdated2026-06-21installs301clones (14d)16groupagentspip install statepilot
Implements MCP spec SEP-2549 (ttlMs + cacheScope): set the cache fields correctly server-side, and never share a private result across tenants or users client-side. Closes the cross-tenant cache-leak class with helpers and types. 66 tests, MIT, TypeScript.
statusstableupdated2026-06-29installs346clones (14d)33groupfactorynpx -y mcp-cache-kit
Lints Claude Code SKILL.md, AGENTS.md, and subagent files: 25 rules, an A–F grade, prompt-injection and secret-leak detection, --fix, SARIF, and a GitHub Action. The CLI command is skilldoctor (the npm package is scoped). 91 tests, MIT, TypeScript.
statusstableupdated2026-06-29forks1installs368clones (14d)52groupsecuritynpx -y @studiomeyer-io/skilldoctor
Concepts
Repo-agnostic deep dives on the patterns behind the code.
- protocol
What is MCP, actually?
Model Context Protocol explained without the marketing. What it solves, what it doesn't, and when stdio beats HTTP.
Read → - architecture
Stdio vs HTTP for MCP
Transport choice changes everything. Latency, security model, deployment story. A practical decision tree.
Read → - memory
Memory architectures compared
Local SQLite + FTS5, knowledge graph, vector embeddings, hybrid. Which fits which agent shape?
Read → - protocol
Agent-to-Agent protocol v1.0 RC
What an agent-card.json buys you, what it doesn't, and how it relates to MCP and WebMCP.
Read → - browser
WebMCP for browser agents
W3C CG Draft, Chrome 146+. The proposal to give web pages a structured tool surface for in-browser agents.
Read → - agents
Agent orchestration patterns
Single agent, sequential pipeline, parallel fleet, judge-arbitrated. Trade-offs from running each in production.
Read →
Books I wrote
Seven books on AI, Claude, AI visibility and memory-first systems. Plain language, no hype. Kindle eBooks on Amazon.

The Website That Works
Build it with AI, then make it earn
$12.99
Claude Unlocked
The complete handbook for non-coders
$12.99
Build Your Own Jarvis
The memory-first system in practice
$8.99
Get Found by AI
The Discovery Stack, layer by layer
$12.99
AI Without Bullshit
The practical half of the series
$4.99
AI Without Bullshit
Why AI guesses instead of knowing
$4.99
Codex Unlocked
The AI you already pay for, no code
$12.99