Spaces:
Running
Running
Commit ·
cc4292d
unverified ·
0
Parent(s):
feat: thin deployment shim — clone private source from GitHub at build time
Browse filesThe actual sumit-mcp-server source now lives in a private GitHub repo
(rockerritesh/sumit-mcp-server). This Space is just the deployment
front-end: a Dockerfile that clones that repo at build time using a
Space secret (GITHUB_TOKEN) and runs the server from the cloned source.
Runtime behavior unchanged. Source privacy improved.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- .gitattributes +34 -0
- Dockerfile +41 -0
- README.md +28 -0
.gitattributes
ADDED
|
@@ -0,0 +1,34 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
*.7z filter=lfs diff=lfs merge=lfs -text
|
| 2 |
+
*.arrow filter=lfs diff=lfs merge=lfs -text
|
| 3 |
+
*.bin filter=lfs diff=lfs merge=lfs -text
|
| 4 |
+
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
| 5 |
+
*.ckpt filter=lfs diff=lfs merge=lfs -text
|
| 6 |
+
*.ftz filter=lfs diff=lfs merge=lfs -text
|
| 7 |
+
*.gz filter=lfs diff=lfs merge=lfs -text
|
| 8 |
+
*.h5 filter=lfs diff=lfs merge=lfs -text
|
| 9 |
+
*.joblib filter=lfs diff=lfs merge=lfs -text
|
| 10 |
+
*.lfs.* filter=lfs diff=lfs merge=lfs -text
|
| 11 |
+
*.model filter=lfs diff=lfs merge=lfs -text
|
| 12 |
+
*.msgpack filter=lfs diff=lfs merge=lfs -text
|
| 13 |
+
*.npy filter=lfs diff=lfs merge=lfs -text
|
| 14 |
+
*.npz filter=lfs diff=lfs merge=lfs -text
|
| 15 |
+
*.onnx filter=lfs diff=lfs merge=lfs -text
|
| 16 |
+
*.ot filter=lfs diff=lfs merge=lfs -text
|
| 17 |
+
*.parquet filter=lfs diff=lfs merge=lfs -text
|
| 18 |
+
*.pb filter=lfs diff=lfs merge=lfs -text
|
| 19 |
+
*.pickle filter=lfs diff=lfs merge=lfs -text
|
| 20 |
+
*.pkl filter=lfs diff=lfs merge=lfs -text
|
| 21 |
+
*.pt filter=lfs diff=lfs merge=lfs -text
|
| 22 |
+
*.pth filter=lfs diff=lfs merge=lfs -text
|
| 23 |
+
*.rar filter=lfs diff=lfs merge=lfs -text
|
| 24 |
+
*.safetensors filter=lfs diff=lfs merge=lfs -text
|
| 25 |
+
saved_model/**/* filter=lfs diff=lfs merge=lfs -text
|
| 26 |
+
*.tar.* filter=lfs diff=lfs merge=lfs -text
|
| 27 |
+
*.tar filter=lfs diff=lfs merge=lfs -text
|
| 28 |
+
*.tflite filter=lfs diff=lfs merge=lfs -text
|
| 29 |
+
*.tgz filter=lfs diff=lfs merge=lfs -text
|
| 30 |
+
*.wasm filter=lfs diff=lfs merge=lfs -text
|
| 31 |
+
*.xz filter=lfs diff=lfs merge=lfs -text
|
| 32 |
+
*.zip filter=lfs diff=lfs merge=lfs -text
|
| 33 |
+
*.zst filter=lfs diff=lfs merge=lfs -text
|
| 34 |
+
*tfevents* filter=lfs diff=lfs merge=lfs -text
|
Dockerfile
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# syntax=docker/dockerfile:1.4
|
| 2 |
+
#
|
| 3 |
+
# HF Spaces shim: clones private GitHub source at build time using
|
| 4 |
+
# a Space secret (GITHUB_TOKEN) and runs from there. This keeps the
|
| 5 |
+
# actual source code private on GitHub while the Space runs publicly.
|
| 6 |
+
#
|
| 7 |
+
# Required HF Space secret:
|
| 8 |
+
# GITHUB_TOKEN = a GitHub PAT with read access to
|
| 9 |
+
# github.com/rockerritesh/sumit-mcp-server (private)
|
| 10 |
+
#
|
| 11 |
+
# See: https://huggingface.co/docs/hub/en/spaces-sdks-docker#buildtime
|
| 12 |
+
|
| 13 |
+
FROM python:3.13-slim
|
| 14 |
+
|
| 15 |
+
# Install uv + git
|
| 16 |
+
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
|
| 17 |
+
RUN apt-get update && \
|
| 18 |
+
apt-get install -y --no-install-recommends git ca-certificates && \
|
| 19 |
+
rm -rf /var/lib/apt/lists/*
|
| 20 |
+
|
| 21 |
+
WORKDIR /app
|
| 22 |
+
|
| 23 |
+
# Clone private source using HF build-time secret
|
| 24 |
+
RUN --mount=type=secret,id=GITHUB_TOKEN,required=true \
|
| 25 |
+
GITHUB_TOKEN=$(cat /run/secrets/GITHUB_TOKEN) && \
|
| 26 |
+
git clone --depth=1 --branch=main \
|
| 27 |
+
"https://x-access-token:${GITHUB_TOKEN}@github.com/rockerritesh/sumit-mcp-server.git" \
|
| 28 |
+
. && \
|
| 29 |
+
git log -1 --pretty=format:"source: %H %s%n" > /app/BUILD_INFO
|
| 30 |
+
|
| 31 |
+
# Install dependencies from the cloned project (locked)
|
| 32 |
+
RUN --mount=type=cache,target=/root/.cache/uv \
|
| 33 |
+
uv sync --locked
|
| 34 |
+
|
| 35 |
+
# HF Spaces runtime expectations
|
| 36 |
+
EXPOSE 7860
|
| 37 |
+
ENV PORT=7860
|
| 38 |
+
ENV UV_CACHE_DIR=/app/.cache/uv
|
| 39 |
+
RUN mkdir -p /app/.cache/uv && chmod -R 777 /app/.cache
|
| 40 |
+
|
| 41 |
+
CMD ["uv", "run", "sumit-mcp-server"]
|
README.md
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
---
|
| 2 |
+
license: mit
|
| 3 |
+
title: SUMIT SERVER MCP
|
| 4 |
+
sdk: docker
|
| 5 |
+
emoji: "\U0001F680"
|
| 6 |
+
colorFrom: yellow
|
| 7 |
+
colorTo: green
|
| 8 |
+
short_description: Federated memory MCP server with audit trail
|
| 9 |
+
---
|
| 10 |
+
|
| 11 |
+
# sumit-mcp-server
|
| 12 |
+
|
| 13 |
+
Federated memory MCP server for AI agents — every memory has a transaction trail, every read and write is audited, every version is preserved.
|
| 14 |
+
|
| 15 |
+
## About this Space
|
| 16 |
+
|
| 17 |
+
This Space is a **thin deployment shell**. The actual server source lives in a private GitHub repository and is cloned at build time using a Personal Access Token stored as a Space secret (`GITHUB_TOKEN`). The container runs publicly; the source stays private.
|
| 18 |
+
|
| 19 |
+
**Source (private):** `github.com/rockerritesh/sumit-mcp-server`
|
| 20 |
+
|
| 21 |
+
## Part of the trust layer for AI agents
|
| 22 |
+
|
| 23 |
+
- **[agentguard](https://github.com/rockerritesh/agentguard)** — zero-trust identity, policy, mTLS, and audit for agents ("Istio for agents")
|
| 24 |
+
- **this Space** — audited memory infrastructure for agents (the memory half of the trust layer)
|
| 25 |
+
- **[spiffe-core](https://github.com/rockerritesh/spiffe-core)** — SPIFFE identity primitives
|
| 26 |
+
- **[trat-multi-agent](https://github.com/rockerritesh/trat-multi-agent)** — IETF Transaction Tokens for multi-agent workflows
|
| 27 |
+
|
| 28 |
+
Cross-linked so any one walks you through the whole story.
|