rockerritesh Claude Opus 4.7 (1M context) commited on
Commit
cc4292d
·
unverified ·
0 Parent(s):

feat: thin deployment shim — clone private source from GitHub at build time

Browse files

The actual sumit-mcp-server source now lives in a private GitHub repo
(rockerritesh/sumit-mcp-server). This Space is just the deployment
front-end: a Dockerfile that clones that repo at build time using a
Space secret (GITHUB_TOKEN) and runs the server from the cloned source.

Runtime behavior unchanged. Source privacy improved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Files changed (3) hide show
  1. .gitattributes +34 -0
  2. Dockerfile +41 -0
  3. README.md +28 -0
.gitattributes ADDED
@@ -0,0 +1,34 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ *.7z filter=lfs diff=lfs merge=lfs -text
2
+ *.arrow filter=lfs diff=lfs merge=lfs -text
3
+ *.bin filter=lfs diff=lfs merge=lfs -text
4
+ *.bz2 filter=lfs diff=lfs merge=lfs -text
5
+ *.ckpt filter=lfs diff=lfs merge=lfs -text
6
+ *.ftz filter=lfs diff=lfs merge=lfs -text
7
+ *.gz filter=lfs diff=lfs merge=lfs -text
8
+ *.h5 filter=lfs diff=lfs merge=lfs -text
9
+ *.joblib filter=lfs diff=lfs merge=lfs -text
10
+ *.lfs.* filter=lfs diff=lfs merge=lfs -text
11
+ *.model filter=lfs diff=lfs merge=lfs -text
12
+ *.msgpack filter=lfs diff=lfs merge=lfs -text
13
+ *.npy filter=lfs diff=lfs merge=lfs -text
14
+ *.npz filter=lfs diff=lfs merge=lfs -text
15
+ *.onnx filter=lfs diff=lfs merge=lfs -text
16
+ *.ot filter=lfs diff=lfs merge=lfs -text
17
+ *.parquet filter=lfs diff=lfs merge=lfs -text
18
+ *.pb filter=lfs diff=lfs merge=lfs -text
19
+ *.pickle filter=lfs diff=lfs merge=lfs -text
20
+ *.pkl filter=lfs diff=lfs merge=lfs -text
21
+ *.pt filter=lfs diff=lfs merge=lfs -text
22
+ *.pth filter=lfs diff=lfs merge=lfs -text
23
+ *.rar filter=lfs diff=lfs merge=lfs -text
24
+ *.safetensors filter=lfs diff=lfs merge=lfs -text
25
+ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
26
+ *.tar.* filter=lfs diff=lfs merge=lfs -text
27
+ *.tar filter=lfs diff=lfs merge=lfs -text
28
+ *.tflite filter=lfs diff=lfs merge=lfs -text
29
+ *.tgz filter=lfs diff=lfs merge=lfs -text
30
+ *.wasm filter=lfs diff=lfs merge=lfs -text
31
+ *.xz filter=lfs diff=lfs merge=lfs -text
32
+ *.zip filter=lfs diff=lfs merge=lfs -text
33
+ *.zst filter=lfs diff=lfs merge=lfs -text
34
+ *tfevents* filter=lfs diff=lfs merge=lfs -text
Dockerfile ADDED
@@ -0,0 +1,41 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # syntax=docker/dockerfile:1.4
2
+ #
3
+ # HF Spaces shim: clones private GitHub source at build time using
4
+ # a Space secret (GITHUB_TOKEN) and runs from there. This keeps the
5
+ # actual source code private on GitHub while the Space runs publicly.
6
+ #
7
+ # Required HF Space secret:
8
+ # GITHUB_TOKEN = a GitHub PAT with read access to
9
+ # github.com/rockerritesh/sumit-mcp-server (private)
10
+ #
11
+ # See: https://huggingface.co/docs/hub/en/spaces-sdks-docker#buildtime
12
+
13
+ FROM python:3.13-slim
14
+
15
+ # Install uv + git
16
+ COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
17
+ RUN apt-get update && \
18
+ apt-get install -y --no-install-recommends git ca-certificates && \
19
+ rm -rf /var/lib/apt/lists/*
20
+
21
+ WORKDIR /app
22
+
23
+ # Clone private source using HF build-time secret
24
+ RUN --mount=type=secret,id=GITHUB_TOKEN,required=true \
25
+ GITHUB_TOKEN=$(cat /run/secrets/GITHUB_TOKEN) && \
26
+ git clone --depth=1 --branch=main \
27
+ "https://x-access-token:${GITHUB_TOKEN}@github.com/rockerritesh/sumit-mcp-server.git" \
28
+ . && \
29
+ git log -1 --pretty=format:"source: %H %s%n" > /app/BUILD_INFO
30
+
31
+ # Install dependencies from the cloned project (locked)
32
+ RUN --mount=type=cache,target=/root/.cache/uv \
33
+ uv sync --locked
34
+
35
+ # HF Spaces runtime expectations
36
+ EXPOSE 7860
37
+ ENV PORT=7860
38
+ ENV UV_CACHE_DIR=/app/.cache/uv
39
+ RUN mkdir -p /app/.cache/uv && chmod -R 777 /app/.cache
40
+
41
+ CMD ["uv", "run", "sumit-mcp-server"]
README.md ADDED
@@ -0,0 +1,28 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ license: mit
3
+ title: SUMIT SERVER MCP
4
+ sdk: docker
5
+ emoji: "\U0001F680"
6
+ colorFrom: yellow
7
+ colorTo: green
8
+ short_description: Federated memory MCP server with audit trail
9
+ ---
10
+
11
+ # sumit-mcp-server
12
+
13
+ Federated memory MCP server for AI agents — every memory has a transaction trail, every read and write is audited, every version is preserved.
14
+
15
+ ## About this Space
16
+
17
+ This Space is a **thin deployment shell**. The actual server source lives in a private GitHub repository and is cloned at build time using a Personal Access Token stored as a Space secret (`GITHUB_TOKEN`). The container runs publicly; the source stays private.
18
+
19
+ **Source (private):** `github.com/rockerritesh/sumit-mcp-server`
20
+
21
+ ## Part of the trust layer for AI agents
22
+
23
+ - **[agentguard](https://github.com/rockerritesh/agentguard)** — zero-trust identity, policy, mTLS, and audit for agents ("Istio for agents")
24
+ - **this Space** — audited memory infrastructure for agents (the memory half of the trust layer)
25
+ - **[spiffe-core](https://github.com/rockerritesh/spiffe-core)** — SPIFFE identity primitives
26
+ - **[trat-multi-agent](https://github.com/rockerritesh/trat-multi-agent)** — IETF Transaction Tokens for multi-agent workflows
27
+
28
+ Cross-linked so any one walks you through the whole story.