Sepehr Ramezani 1c659ce42f fix: comprehensive security, consistency, and dead code cleanup
Security:
- Add auth + file type/size validation to upload API
- Add admin auth to /api/admin/ endpoints
- Add SSRF protection to scrape action
- Whitelist fields in PUT /api/notes/[id] to prevent mass assignment
- Protect /lab, /agents, /chat, /canvas, /notebooks routes in middleware

AI provider fixes:
- Add deepseek/openrouter to factory ProviderType (was silently falling back to ollama)
- Fix title-suggestion.service.ts to use factory instead of hardcoded OpenAI
- Fix getAIProvider→getChatProvider in memory-echo, notebook-summary, agent-executor
- Fix getAIProvider→getTagsProvider in notebook-suggestion, title-suggestions, transform-markdown

Functional bugs:
- Fix ALLOW_REGISTRATION AND→OR logic
- Fix note-editor.tsx passing stale props to useAutoTagging instead of local state
- Fix stale Note.embedding type (migrated to NoteEmbedding table)
- Remove hardcoded SQLite path from prisma.ts

Frontend:
- Add AbortController to useAutoTagging and useTitleSuggestions hooks
- Add error rollback to optimistic UI in note-inline-editor
- Remove stale closure over notebookId/language in useAutoTagging

Cleanup:
- Rename docker-compose from keepnotes→memento
- Remove unused unstable_cache import from config.ts
- Remove dead useUndoRedo hook
- Fix TagSuggestion type (add isNewLabel, reasoning)
- Remove dead AIConfig/AIProviderType types
- Fix ghost-tags unused isEmpty var and as any cast
- Fix note-editor titleSuggestions typed as any[]

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-04-21 22:22:02 +02:00
2026-04-21 00:05:25 +02:00

Memento

A smart, AI-powered note-taking app. Like Google Keep, but with notebooks, semantic search, AI agents, and a built-in MCP server.

Lire en francais / Read in French | Full documentation


Features

Notes & Organization

  • Text, checklist, and Markdown notes (with LaTeX/KaTeX)
  • Notebooks with contextual labels
  • Responsive masonry grid with drag-and-drop
  • Image upload, note sharing, archive, and trash
  • 10 pastel color themes + dark mode

AI & Automation

  • Semantic search powered by embeddings
  • Auto-generated tags and title suggestions
  • Configurable AI agents with custom instructions
  • Persistent AI chat conversations
  • Memory Echo - discover hidden connections between notes
  • Batch auto-organization and smart labels
  • AI-generated notebook summaries
  • Visual workflow builder

Integrations

  • MCP Server with 37 tools - connect Claude Desktop, N8N, or any MCP client
  • REST API for custom integrations
  • RSS feed support
  • Canvas/Lab whiteboard (Excalidraw)

Platform

  • 15 languages (EN, FR, AR, DE, ES, FA, HI, IT, JA, KO, NL, PL, PT, RU, ZH)
  • Progressive Web App (PWA)
  • Reminder system with recurrence
  • Data export/import (JSON)
  • Admin panel for AI providers, SMTP, and settings

Quick Start

git clone https://github.com/yourusername/Momento.git
cd Momento

cp .env.docker.example .env.docker

# Edit these two required values:
# NEXTAUTH_URL="http://YOUR_SERVER_IP:3000"
# NEXTAUTH_SECRET="generate-with: openssl rand -base64 32"

docker compose up -d

Open http://localhost:3000 - the first registered user becomes admin.

Local Development

git clone https://github.com/yourusername/Momento.git
cd Momento/memento-note

cp .env.example .env
# Edit .env with your DATABASE_URL, NEXTAUTH_SECRET, etc.

npm install --legacy-peer-deps
npx prisma migrate dev
npm run dev

AI Providers

Memento supports three AI providers, configurable independently for tags, embeddings, and chat:

Provider Type Setup
Ollama Local, free docker compose --profile ollama up -d
OpenAI Cloud, paid Set OPENAI_API_KEY
Custom OpenRouter, Groq, Together, Mistral... Set CUSTOM_OPENAI_API_KEY + CUSTOM_OPENAI_BASE_URL

Example for Ollama:

# .env.docker
AI_PROVIDER_TAGS=ollama
AI_PROVIDER_EMBEDDING=ollama
OLLAMA_BASE_URL="http://ollama:11434"
AI_MODEL_TAGS="granite4:latest"
AI_MODEL_EMBEDDING="embeddinggemma:latest"

All AI settings can also be configured from the admin panel at /admin/settings.


MCP Server

Connect AI agents to your notes via the Model Context Protocol.

// claude_desktop_config.json
{
  "mcpServers": {
    "memento": {
      "command": "docker",
      "args": ["exec", "-i", "memento-mcp", "node", "index.js"]
    }
  }
}

37 tools available - notes CRUD, notebooks, labels, AI operations (tag generation, title suggestions, memory echo, batch organize), reminders, and API key management.

For N8N or HTTP clients, use Streamable HTTP mode: http://localhost:3001/mcp


Tech Stack

Layer Technology
Framework Next.js 16, React 19, TypeScript 5
Styling Tailwind CSS 4, shadcn/ui
Database PostgreSQL 16, Prisma ORM 5
Auth NextAuth.js v5
AI Vercel AI SDK (OpenAI, Ollama, Custom)
MCP @modelcontextprotocol/sdk
Email Nodemailer (SMTP) / Resend

Documentation

For the complete installation, deployment, and configuration guide, see GUIDE.en.md.


Project Structure

Momento/
├── docker-compose.yml        # Multi-container orchestration
├── .env.docker.example       # Docker environment template
├── memento-note/             # Next.js application
│   ├── app/                  # App Router (pages, actions, API)
│   ├── components/           # React UI components
│   ├── lib/                  # Business logic (AI, DB, mail, i18n)
│   ├── prisma/               # Schema + migrations
│   ├── locales/              # 15 i18n JSON files
│   └── Dockerfile            # Multi-stage build
├── mcp-server/               # MCP server (37 tools)
│   ├── index.js              # stdio mode
│   ├── index-sse.js          # HTTP Streamable mode
│   ├── tools.js              # Tool definitions
│   └── Dockerfile            # Container build
└── n8n-memento-workflow.json # Pre-configured N8N workflow

Environment Variables

See .env.docker.example for the complete list. Key variables:

Variable Required Description
NEXTAUTH_URL Yes Public URL of the app
NEXTAUTH_SECRET Yes JWT secret (openssl rand -base64 32)
POSTGRES_PASSWORD Rec. PostgreSQL password (default: memento)
AI_PROVIDER_TAGS No AI provider for tags: ollama, openai, custom
OPENAI_API_KEY If OpenAI Your OpenAI API key

Contributing

Contributions are welcome!


Support

If you find Memento useful, consider supporting its development:

  • Ko-fi - One-time or monthly support
  • GitHub Sponsors - Recurring sponsorship
  • Star the repo - It's free and helps visibility

License

Apache License 2.0 with Commons Clause Restriction.

Free for personal, educational, and non-commercial use. Commercial use requires written permission from the author. See LICENSE for details.

Description
No description provided
Readme 139 MiB
Languages
TypeScript 64.2%
Python 27.4%
JavaScript 4.3%
HTML 1.6%
CSS 1.3%
Other 1.1%