Solves the problem of Claude forgetting design decisions and constraints across conversations by storing structured project memory as JSON files in your repo. You get ten tools to record decisions with required rationale fields (problem, why_chosen, tradeoffs), pipeline workflows with ordering, and constraints with enforcement levels. The get_context tool pulls related entries via ID links, and hooks inject summaries at session start plus snapshot context before Claude Code compaction to catch anything lost. Enforces minimum character counts on reasoning fields so agents can't write lazy one-liners. All data lives in .context/ as human-editable files. Useful when working on projects that span multiple conversations where Claude needs to remember why you chose approach X over Y.
Part of the xylem stack.
Project memory for Claude. Records design decisions, pipeline flows, and constraints so Claude maintains context across conversations.
As conversations get long, Claude loses the "why" behind earlier decisions. New conversations start blank. This causes Claude to make changes that break established patterns — like rewriting a pipeline step it doesn't remember exists.
Context Keeper gives Claude 14 tools to record and retrieve structured project context:
| Tool | Purpose |
|---|---|
record_entry | Unified write tool — record a decision, pipeline, or constraint via kind, with per-kind fields validated server-side. Consolidates the former record_decision/record_pipeline/record_constraint (still dispatchable by those names for back-compat) |
get_context | Retrieve relevant entries by query, tags, scope, or ID — relevance-ranked, pulls related_to links by default |
query_entries | Exact structured-field filtering (status, origin, tags, scope, hardness, supersession, dates) — deterministic, no ranking; distinct from get_context's relevance search |
get_project_summary | Compact overview for conversation start |
update_entry | Update any entry by ID |
deprecate_entry | Retire an entry with reason (optional merge_into folds a duplicate into a survivor) |
prune_stale | Find entries not verified recently |
get_compaction_report | Check if last compaction lost any context |
verify_quality | Scan entries for thin rationale, missing tags, isolated arcs (auto-called by PreCompact hook) |
export_markdown | Regenerate DECISIONS.md from the decisions store — a derived, read-only projection |
reload_constraints | Re-surface the constraints-only block on demand mid-session (rules refresh, not the full store) |
export_snapshot | Write the whole store to a committable .context-keeper/memory.json.gz for sharing project memory via git |
import_snapshot | Import that committed snapshot into the working store — non-destructive, auto-runs on first use when the store is empty |
mirror | Sync with the optional remote store: op="pull" merges remote→local (newest wins), op="backfill" pushes local→remote. No-op if the remote is unconfigured |
All data stored as human-editable JSON files in .context/ inside your project directory. Zero dependencies by default, semantic retrieval optional.
Context Keeper is a small, offline-first memory layer; several of its capabilities are easy to miss because they live inside existing tools rather than as separate features. The map below names them in memory-system terms:
| Capability | How Context Keeper does it |
|---|---|
| Procedural memory | record_entry(kind="pipeline") stores ordered, dependency-aware workflows (build/deploy/data flows) with purpose + when_to_invoke — reusable "how we do X", not just facts. |
| Deduplication | Every record_* runs a word-set Jaccard pass against the store and returns similar_entries when a new entry restates an existing one, so duplicates are caught at capture; deprecate_entry(merge_into=...) then folds the duplicate's unique content into the survivor and retires it in one non-destructive step. |
| Contradiction detection | Those same overlaps are classified likely_restatement vs likely_contradiction (negation/antonym polarity), and a reversal raises a contradiction_note telling the agent to resolve the conflict rather than leave two live rules disagreeing. |
| Quality refinement | verify_quality scans for thin rationale, missing tags, legacy-schema entries, and isolated (unlinked) arcs; the PreCompact hook runs it automatically so entries get enriched before context is compressed. |
| Supersede / decay / forget | supersedes demotes-but-keeps prior decisions (recallable history); prune_stale surfaces unverified entries for review; deprecate_entry removes an entry from retrieval entirely. |
| Origin + trust / source attribution | Every entry records origin (user / agent / import); retrieval gives user-stated entries a trust boost and it decides the default winner when entries conflict. |
| Anticipated queries | retrieval_hints stores alternate phrasings a future session might search for, so vocabulary-mismatch queries hit without embeddings. |
| Hybrid retrieval | Lexical (tag + word overlap) by default; an opt-in embedding-cosine blend (semantic.enabled) adds vector recall, with lexical fallback when the embedder is offline. |
| Fact-metadata query | query_entries filters entries by exact predicates over structured fields (status, origin, tags-any/all, scope, hardness, supersession, dates), AND-combined and deterministic — a precise lookup path distinct from get_context's fuzzy relevance ranking. |
| Cache-friendly injection | The session-start memory block is deterministically ordered with a stable prefix and the only per-session-volatile line (quality-scan IDs) emitted last, so an unchanged store injects byte-identical text across sessions. |
| Narrative + clustering | get_project_summary clusters decisions by topic above a threshold and renders a compact narrative; the DECISIONS.md projection mirrors the store as human-readable prose. |
| Data export / offline / privacy | Plain JSON in .context/ you can read, edit, grep, and commit; runs fully offline with zero required dependencies and no data leaving the machine. |
The retrieval and honesty properties are measured, not asserted — the harness is in evals/ and reproducible with no network required:
evals/token_reduction.py). The meaningful property is that injected cost stays roughly flat as the store grows.evals/retrieval_eval.py).get_context says "nothing relevant" instead of confabulating on no-answer queries; the 0.20 relevance floor is the highest with zero false-abstention on the eval set (evals/abstention.py).Every dataset, metric, and caveat is checked into the repo — see evals/README.md.
Optional, fail-soft mirroring so a second device — e.g. a phone recording decisions on the go — can both receive the desktop's memory and contribute its own. The local .context/ JSON store stays canonical; the context-keeper-remote Cloudflare Worker is a sync surface, never the source of truth. (Distinct from the git-committed export_snapshot mechanism — the mirror is live and cross-device, the snapshot is a versioned bundle in the repo.)
Conflict resolution is last-writer-wins by updated_at timestamp, applied identically in both directions, so an edit made on either device converges everywhere. Neither side ever deletes — a deprecation is a status change that propagates like any other edit.
The clock-skew caveat, stated honestly. "Last writer" is decided by comparing ISO-8601 updated_at strings, and those timestamps come from whichever machine did the write — the desktop's wall clock for a local edit, the Worker's for a remote one. Two edits to the same entry made within the clock skew between those machines (realistically sub-second, cross-device) can therefore misorder: the copy stamped later isn't guaranteed to be the one written later, so the guard can pick the wrong winner. There is no logical clock or vector clock to break the tie — just wall time. The blast radius is bounded (a single pull compares only the remote's own timestamps, against one clock, so intra-remote ordering is exact; skew only bites when a local write races a remote one on the same id), and it is never silent: whenever newest-wins overwrites a copy that differed in substance, the losing version is appended to .context/.mirror_conflicts.json (see below) so you can reconcile by hand.
record_entry/record_*, update_entry, deprecate_entry) the entry is pushed via the remote's upsert_entries MCP tool (one call per kind). upsert_entries preserves the incoming id and replaces an existing remote copy only when the pushed entry's updated_at is newer — so an edit or deprecation actually overwrites the stale remote copy instead of being skipped. If the remote is unreachable the entry is queued to .context/.mirror_queue.json (deduped to its latest state) and flushed on the next successful push. A push failure never blocks or fails the local write.pull_remote calls the remote's query_entries and merges every returned row by timestamp — a remote entry whose id exists locally overwrites the local copy only when the remote's updated_at is newer; a newer local copy is kept and pushes back on its next write. The .context/.mirror_watermark is only a bookkeeping hint now: every fetched row goes through the per-entry newest-wins merge, so a remote entry is never dropped merely because its timestamp falls at or below the watermark (an earlier build filtered on the watermark before merging, which could silently lose a phone-recorded entry under cross-device clock skew — the exact scenario the mirror exists for). Wired into the SessionStart hook (so desktop sessions start with phone-recorded entries present) and exposed through the mirror MCP tool as op="pull"..context/.mirror_conflicts.json. Last-writer-wins has already resolved which copy is live; this is the audit trail of what it replaced. No resolution UI — the record is there if you need to reconcile by hand.mirror with op="backfill") pushes the entire local store to the remote (one upsert_entries call per kind) — for seeding a fresh remote. Idempotent: an equal-or-older re-push is skipped server-side.dec-013 for different decisions, and an upsert keyed by (project, id) would then let one silently overwrite the other. Fix: when mirroring is enabled, new ids get a short random hex suffix — dec-013-a7f3. The number still leads (sortable, greppable); old ids are never rewritten; and with mirroring off ids stay bare dec-013 (single writer, no collision possible).urllib only), no secrets in code: the remote URL contains the auth token as its final path segment (/mcp/<token>) and comes from an env var only.Enable by setting one env var where the MCP server runs:
CONTEXT_KEEPER_REMOTE_URL=https://context-keeper-remote.<acct>.workers.dev/mcp/<AUTH_TOKEN>
# CONTEXT_KEEPER_REMOTE_TIMEOUT=5 # optional per-request seconds
With no CONTEXT_KEEPER_REMOTE_URL set, every mirror path is a silent no-op — behavior is identical to pre-v0.15.
Transport: stateless JSON-RPC over Streamable HTTP. Each write is one POST to the /mcp/<token> URL (tools/call → upsert_entries); the pull op (mirror with op="pull") calls the remote's query_entries. No initialize/session handshake (the server is stateless); the response is a single application/json body.
deprecate_entry(merge_into=...))Capture-time detection already caught near-duplicates (similar_entries with a likely_restatement relation), but resolving one was a manual two-step: deprecate the duplicate, then update_entry the original to fold in anything it was missing. v0.14 collapses that into one atomic, non-destructive operation.
deprecate_entry(id=<dupe>, reason=..., merge_into=<survivor>) folds the duplicate's unique content into the survivor, then deprecates the duplicate with superseded_by=<survivor>. When merge_into is absent, deprecate_entry behaves exactly as before — byte-for-byte.tags, retrieval_hints, related_to, constraints/constraints_created) are unioned, and empty text fields are backfilled from the duplicate — a non-empty field on the survivor is never overwritten. The duplicate isn't hard-deleted; it stays on disk as a deprecated entry pointing at the survivor, so the merge is fully auditable and reversible.merge_into (missing target, cross-type, or self) errors cleanly and deprecates nothing.// dec-002 restates dec-001 — merge and retire it in one call
{ "id": "dec-002", "reason": "Restatement of dec-001", "merge_into": "dec-001" }
// -> dec-001 gains dec-002's unique tags/hints/related_to + any text it lacked;
// dec-002 becomes deprecated with superseded_by = dec-001
query_entries)get_context answers "what's relevant to what I'm working on?" — it ranks by relevance, blends optional semantics, and flags low-relevance results with an abstention signal. That's the right tool for fuzzy recall, but the wrong one when you already know the exact field values you want. query_entries fills that gap: deterministic filtering over the structured fields that already exist on every entry, no ranking and no abstention.
types, status (active/superseded/deprecated), origin (user/agent/import), tags_any, tags_all, scope (exact, case-sensitive), hardness (absolute/advisory), supersedes / superseded_by, and the same since / before temporal filters as get_context. Every predicate is a hard match over an existing field — a query either matches or it doesn't.min_relevance floor — an empty result set is a real, honest answer, not an abstention message. The abstention machinery is for fuzzy text queries; a structured predicate doesn't need it.get_context uses, and packs the matched set into the same token budget (default 4000, token_budget per call), so a broad query can't dump the store — matched_entries vs entries_returned and a budget_truncated flag tell you if the cap clipped anything.get_context, the semantic blend, the scoring, and every hook are untouched; default behavior of every existing tool is byte-for-byte unchanged.One deliberate difference from get_context: query_entries applies no default status filter, so superseded and deprecated entries are returned unless you pass status. get_context always hides deprecated entries; the structured tool lets you ask for them on purpose.
Examples:
// Absolute constraints scoped to the hooks/ directory
{ "types": ["constraints"], "hardness": "absolute", "scope": "hooks/" }
// User-stated decision that superseded dec-005
{ "origin": "user", "supersedes": "dec-005" }
// Active pipelines tagged "release"
{ "types": ["pipelines"], "status": "active", "tags_any": ["release"] }
// Everything a user asserted this month, across all types
{ "origin": "user", "since": "2026-07-01" }
likely_restatement or likely_contradiction. A restatement nudges you to merge; a contradiction raises a contradiction_note telling the agent to resolve which rule is current (deprecate_entry with superseded_by) instead of silently leaving two live rules that disagree. Advisory only, and only evaluated on pairs Jaccard already flagged as overlapping — the write always proceeds. Zero new dependencies, no LLM call, no added tokens at record time.The SessionStart hook injects your constraints once, at turn one. As a long session fills with tool output, those rules scroll out of the model's working attention and effectively decay — the model can violate a constraint it was briefed on an hour ago simply because it is buried. v0.11 re-surfaces the constraints during a long session, not just at the start.
Two ways in, both constraints-only — they re-inject the exact Absolute/Advisory block SessionStart shows, and nothing else from the store (no decisions, no pipelines). It's a lightweight rules refresh, not a second full dump.
reload_constraints tool — returns the current constraints block on
demand. Always available; call it whenever you want the rules back in
context.constraint_reinject.py hook (PostToolUse) — opt-in, default off.
When enabled, it counts tool calls per session and re-injects the
constraints block every N calls (every_n_tools, default 25) via
additionalContext.What triggers it, honestly. The automatic path is the PostToolUse
hook — that surface is injected into the model, and its firing rate tracks
tool-output volume, which is the thing actually burying the rules. It is not
a timer: an MCP server has no wall-clock inside the context window, so
re-injection is driven by counting tool calls, not elapsed seconds. It is
not PreCompact either — PreCompact stdout is shown only to the user, never
injected into the model (the compaction boundary is already re-covered by the
SessionStart hook, which re-fires with source compact).
Default behavior is unchanged. With no config (or enabled: false), the
hook is inert and SessionStart works exactly as before. Enable it in
.context/config.json:
{ "constraint_reinjection": { "enabled": true, "every_n_tools": 25 } }
Two ideas adapted from studying Curion, kept dependency-free:
get_context can now say "I don't have anything relevant." Previously it always returned its top-scored entries — but the composite score banks ~55 points from recency/status/origin regardless of relevance, so a query with no relevant memory silently got a confident-looking result. Measured confabulation was 100% on no-answer queries (evals/abstention.py). Now the response carries top_relevance and, when the top entry's tag/text relevance falls below min_relevance (config, default 0.20), no_confident_match: true with guidance telling the agent not to present the entries as established fact. It annotates, never suppresses — weak matches are still returned, so the vocabulary-mismatch recall that retrieval_hints and the semantic blend preserve survives. 0.20 is the highest floor with zero false-abstention on the eval set.record_decision accepts supersedes: [ids]: the prior decisions become superseded — demoted in ranking but still recallable ("why did we change from X?"), distinct from deprecate_entry which removes an entry from retrieval entirely. Superseded entries are skipped by prune_stale/verify_quality (they're intentional history, not stale work) and marked **SUPERSEDED** by dec-NNN in the DECISIONS.md projection.Deliberately not adopted from Curion: its LLM-controller architecture (an API call on every store and recall). context-keeper stays zero-dependency and offline by default.
get_project_summary groups decisions by their most-frequent shared tag instead of one flat list — a 59-decision store reads as a dozen topics.semantic.api: "openai" points the semantic blend at any /v1/embeddings endpoint — LM Studio, llama.cpp server, or OpenAI itself (api_key_env names the env var holding the key). Ollama stays the default; same fail-safe lexical fallback. nomic task prefixes now apply only to nomic models.similar_entries matches now carry each entry's origin, and the guidance states the precedence: user-stated overrides agent-inferred overrides imported.evals/token_reduction.py), run against four real stores:| store | active entries | full store (tokens) | injected at session start | reduction |
|---|---|---|---|---|
| balatron | 78 | ~75,277 | ~2,057 | 97.3% |
| clark | 55 | ~35,445 | ~2,102 | 94.1% |
| context-keeper | 13 | ~5,692 | ~828 | 85.5% |
| conductor | 9 | ~1,538 | ~411 | 73.3% |
Baseline = dumping every active entry into context; injected = the get_project_summary output the SessionStart hook prints. Honest caveat: the summary is budget-capped (default 2000 tokens), so for large stores part of the reduction is by construction — the meaningful property is that injected cost stays flat as stores grow.
Opt-in: mirror the decisions store into a human-readable DECISIONS.md at the project root. Enable in .context/config.json:
{ "markdown_export": { "enabled": true, "path": "DECISIONS.md" } }
record_decision, update_entry, deprecate_entry) regenerates the entire file from decisions.json after the JSON write and before the tool returns — so a subsequent git commit captures both in the same commit. Deliberately not a git/PostToolUse hook: rendering after the commit snapshot would reintroduce drift.export_markdown tool regenerates on demand (optionally to a custom path), so existing repos can backfill without enabling the flag.Born from field use: Balatron's DECISIONS.md was kept in sync with the store by hand, one mirror-edit per commit. This automates that convention.
retrieval_hints (all record_* tools): 2-4 alternate phrasings a future session might search for — synonyms, symptom descriptions, error messages. Indexed for both lexical and semantic retrieval, so vocabulary-mismatch queries ("value network diverging" vs. "value head saturating") can hit without embeddings. The zero-dependency complement to the semantic blend.origin + trust weighting (all record_* tools): entries record who authored them — user (explicitly stated), agent (inferred from the session), or import (backfilled). Retrieval scoring gives user-stated entries a trust boost over agent-inferred, which outrank imports. Pre-v0.7 entries score as agent, preserving their relative order.since / before on get_context: temporal filters against each entry's verified/created timestamp — "what did we decide this month" is now a query.scope_guard.py hook (PostToolUse on Edit|Write|NotebookEdit): the moment the agent edits a file covered by a constraint's scope, that constraint is injected into context via additionalContext. Session-start injection briefs the model once at turn one; this enforces the rule at the exact moment it's about to matter. Each constraint fires at most once per session.record_* now compares the new entry against the store (word-set Jaccard, threshold configurable via similar_threshold) and returns similar_entries when existing entries overlap heavily — catching restatements and contradictions at capture instead of relying on MMR to mitigate duplicates at retrieval. Advisory only: the write always proceeds.os.replace, so a crash mid-write can no longer leave a truncated JSON file behind.record_*/update_entry/deprecate_entry now refuse to write (previously a corrupt file read as empty, and the next record silently replaced your entire history with one entry). Read-only tools still degrade gracefully.update_entry enforces the schema. Structured fields (why_chosen, problem, reason, purpose, ...) are min-length validated on update too, so entries can't be hollowed out after recording.get_context skips entries that don't fit the token budget and keeps packing smaller ones, instead of stopping at the first oversized entry.compact immediately after compaction — before any Stop), so the injected report is never one compaction stale. It also injects a one-line quality-scan nudge, which is the model-visible surface for verify_quality (PreCompact stdout is only shown to the user, not the model).semantic_index.py was missing from the wheel/sdist), with batched embedding requests and one fewer HTTP round-trip per query.Earlier versions used a single freeform rationale field. In practice, agents wrote one-line summaries instead of full reasoning — defeating the point. v0.4 fixes this three ways:
record_decision requires problem (min 40 chars), why_chosen (min 60 chars), and accepts optional what_we_tried and tradeoffs. record_pipeline requires purpose. record_constraint enforces reason ≥ 40 chars and accepts optional triggering_incident. Thin entries are rejected server-side with field-specific guidance — the lazy path no longer produces a useful entry.related_to. Every entry can reference IDs of related entries. get_context traverses these links by default (depth=1), so when you retrieve one decision the rest of its arc comes along. Connective tissue survives across sessions.verify_quality tool scans for legacy entries, thin reasoning, missing tags, and isolated entries (tag overlap with no related_to). The PreCompact hook calls it automatically and surfaces flagged entries so they can be enriched before context is compressed.Legacy entries (pre-v0.4) stay valid — they're never auto-rejected, just flagged by verify_quality for optional enrichment. The deprecated rationale parameter still works on record_decision for backward compatibility (it auto-maps to why_chosen), but problem is still required.
Two ways to install, depending on your client. Claude Desktop users get the one-click bundle; everything else uses the standard stdio server.
Context Keeper ships as an MCPB desktop extension:
a single .mcpb file you install without touching any config.
context-keeper-<version>.mcpb from the
Releases page..context/ subfolder of readable JSON is created there). Then
enable the extension.That's it — no pip, no JSON editing. The bundle is stdlib-only Python, so it has
no third-party dependencies to install. (Claude Desktop provides the Python
runtime for .mcpb python extensions; you need Python available for it to launch.)
The bundle is built reproducibly from this repo with scripts/build-mcpb.sh, and
CI attaches it to each version's GitHub Release automatically.
pip install context-keeper-mcp
claude mcp add --scope user context-keeper -- python /path/to/context-keeper/server.py
Prefer editing config by hand instead of the .mcpb bundle? Add to your claude_desktop_config.json:
{
"mcpServers": {
"context-keeper": {
"command": "python",
"args": ["/path/to/context-keeper/server.py"],
"env": {
"CONTEXT_KEEPER_PROJECT": "/path/to/your/project"
}
}
}
}
The server is a standard stdio MCP server, so any MCP-capable client can use it — the hooks are Claude Code extras, not requirements. Point your client's MCP config at python /path/to/context-keeper/server.py and set CONTEXT_KEEPER_PROJECT:
Cursor (~/.cursor/mcp.json or per-project .cursor/mcp.json) and Windsurf (~/.codeium/windsurf/mcp_config.json) use the same shape as Claude Desktop:
{
"mcpServers": {
"context-keeper": {
"command": "python",
"args": ["/path/to/context-keeper/server.py"],
"env": { "CONTEXT_KEEPER_PROJECT": "/path/to/your/project" }
}
}
}
OpenAI Codex CLI (~/.codex/config.toml):
[mcp_servers.context-keeper]
command = "python"
args = ["/path/to/context-keeper/server.py"]
env = { "CONTEXT_KEEPER_PROJECT" = "/path/to/your/project" }
Gemini CLI (~/.gemini/settings.json) uses the same mcpServers JSON shape as Cursor above.
GitHub Copilot CLI (~/.copilot/mcp-config.json) and oh-my-pi (mcpServers config) use the mcpServers shape with "type": "stdio":
{
"mcpServers": {
"context-keeper": {
"type": "stdio",
"command": "python",
"args": ["/path/to/context-keeper/server.py"],
"env": { "CONTEXT_KEEPER_PROJECT": "/path/to/your/project" }
}
}
}
OpenCode (opencode.json):
{
"mcp": {
"context-keeper": {
"type": "local",
"command": ["python", "/path/to/context-keeper/server.py"],
"environment": { "CONTEXT_KEEPER_PROJECT": "/path/to/your/project" }
}
}
}
Antigravity (~/.gemini/config/mcp_config.json or workspace .agents/mcp_config.json) and OpenClaw (openclaw.json) use the mcpServers shape with command/args, same as Copilot above.
Hermes (~/.hermes/config.yaml):
mcp_servers:
context-keeper:
command: "python"
args: ["/path/to/context-keeper/server.py"]
env:
CONTEXT_KEEPER_PROJECT: "/path/to/your/project"
Without the Claude Code hooks you lose automatic session-start injection and edit-time constraint guards — call get_project_summary at conversation start and record_* as you work instead (the tool descriptions prompt for this).
Set CONTEXT_KEEPER_PROJECT to the root of your project. If omitted, the server resolves the project directory in this order:
CONTEXT_KEEPER_PROJECT env var (explicit opt-in — trusted).context/ directory.context/ (git-style discovery — finds your project when the server is launched from any subdirectory of it)record_* returns an "unresolved project" errorSteps 2 and 3 only resolve to directories that already contain .context/. The server never creates one implicitly, so you can never accidentally pollute a parent directory by launching from the wrong place. Pass project_dir explicitly to any tool to force-create a new project.
When you make a design decision:
You: Let's use JSON files instead of SQLite for storage.
Claude: [calls record_entry(kind="decision") with summary, problem, why_chosen,
alternatives, and optionally what_we_tried + tradeoffs + related_to links]
When you establish a workflow:
You: The deploy pipeline is: run tests, build, push to registry, deploy.
Claude: [calls record_entry(kind="pipeline") with ordered steps]
When you set a rule:
You: Never run Conductor from source. Always use the exe.
Claude: [calls record_entry(kind="constraint") with rule, reason, and hardness=absolute]
At conversation start, the SessionStart hook injects the project summary (and any compaction-discrepancy report) directly into context — no tool call required, so retrieval can't be skipped on a task-focused first turn. get_project_summary remains callable on demand. Before making changes, Claude calls get_context with relevant tags to check for conflicts.
Without embeddings or external services, Context Keeper scores entries using:
Results are capped by a configurable token budget (default: 4000 tokens).
Context Keeper includes hooks that inject project memory at session start, remind Claude to capture after every git commit, snapshot your context before Claude Code compaction, and detect if anything was lost afterward.
Add to your Claude Code hooks config (~/.claude/settings.json):
{
"hooks": {
"PreCompact": [
{
"matcher": "",
"hooks": [
{
"type": "command",
"command": "python /path/to/context-keeper/hooks/pre_compact.py"
}
]
}
],
"Stop": [
{
"matcher": "",
"hooks": [
{
"type": "command",
"command": "python /path/to/context-keeper/hooks/post_compact.py"
}
]
}
],
"SessionStart": [
{
"matcher": "",
"hooks": [
{
"type": "command",
"command": "python /path/to/context-keeper/hooks/session_start.py"
}
]
}
],
"PostToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "python /path/to/context-keeper/hooks/commit_capture_reminder.py"
}
]
},
{
"matcher": "Edit|Write|NotebookEdit",
"hooks": [
{
"type": "command",
"command": "python /path/to/context-keeper/hooks/scope_guard.py"
}
]
},
{
"matcher": "",
"hooks": [
{
"type": "command",
"command": "python /path/to/context-keeper/hooks/constraint_reinject.py"
}
]
}
]
}
}
The constraint_reinject.py entry is only active when
constraint_reinjection.enabled is set in .context/config.json (default
off) — wiring it up is harmless until you opt in. Its matcher is "" (every
tool call) so the per-session counter advances on all activity.
Replace /path/to/context-keeper with the actual install path. Set CONTEXT_KEEPER_PROJECT env var if your project isn't in the current working directory.
Windows users: Use forward slashes (C:/Users/.../context-keeper/hooks/pre_compact.py) or double-escaped backslashes in JSON. Single backslashes get mangled by the shell.
The hooks form a complete capture-and-retrieval loop:
compact immediately after compaction, before any Stop hook, so this keeps the injected report fresh. This replaces the older approach of printing an instruction to call the tools — a request that reliably lost to a task-focused first turn since the tools are deferred. Stays silent when the project has no .context/ yet, and emits ASCII-only output so it cannot crash on Windows cp1252 stdoutgit commit, it injects a reminder to record the matching decision/constraint/gotcha in the same work cycle. A commit is the single best capture trigger — it's the exact moment something became real enough to persist in version control. Born from field use: during incident-heavy sessions the agent batched capture "for later," and the user had to ask "update context keeper" three times in one night while a dozen commits shippedscope_guard.py: when the agent edits a file covered by a constraint's scope (e.g. a constraint scoped to hooks/ and an edit to hooks/session_start.py), that constraint is injected right then via additionalContext. Session start briefs the rules; this enforces them at the moment of edit. Once per constraint per sessionconstraint_reinject.py: opt-in, default off. When constraint_reinjection.enabled is set, it counts tool calls per session and re-injects the constraints-only block every every_n_tools calls via additionalContext, so rules injected at session start don't decay as tool output buries them. PostToolUse is chosen deliberately: it's a model-visible surface (unlike PreCompact) and its firing rate tracks tool-output volume. Not a timer — an MCP server has no wall-clock in the context window.context/ entries and runs a quality scan (verify_quality), printing flagged entries (thin reasoning, missing tags, isolated arcs) to the transcript. Note: PreCompact stdout is user-visible only — Claude Code does not inject it into the model's context, which is why the model-visible quality nudge lives in the SessionStart hook insteadThis closes the capture loop: SessionStart injects retrieval at turn one, the commit reminder anchors capture to the moment changes land, PreCompact is the pre-compression safety net, and Stop handles integrity checking. Retrieval is unavoidable; capture is now prompted at the right moment rather than left to the agent's discretion mid-task.
your-project/
.context/
decisions.json # Design decisions with rationale
pipelines.json # Multi-step workflows
constraints.json # Rules and invariants
config.json # Token budget, stale threshold
embeddings.json # Semantic-retrieval vector cache, keyed by entry text (auto-generated, only when semantic enabled)
compaction_snapshot.json # Pre-compaction snapshot (auto-generated)
compaction_report.json # Post-compaction diff report (auto-generated)
reinject_state.json # Per-session tool counter for constraint re-injection (auto-generated)
scope_guard_state.json # Per-session record of already-injected scoped constraints (auto-generated)
.mirror_queue.json # Queued mirror-out writes pending a reachable remote (auto-generated)
.mirror_watermark # Newest remote timestamp already pulled (auto-generated)
.mirror_conflicts.json # Substance-differing versions overwritten by newest-wins (auto-generated)
hook.log # Hook activity log
mirror.log # Mirror (local<->remote) activity log (auto-generated)
All files are human-readable JSON. You can edit them directly. IDs are sequential and readable: dec-001, pipe-001, con-001.
Create .context/config.json to customize:
{
"project_name": "my-project",
"token_budget": 4000,
"max_entry_tokens": 1000,
"stale_threshold_days": 30,
"min_relevance": 0.20,
"markdown_export": {
"enabled": false,
"path": "DECISIONS.md"
},
"constraint_reinjection": {
"enabled": false,
"every_n_tools": 25
},
"semantic": {
"enabled": false,
"weight": 150,
"model": "nomic-embed-text",
"url": "http://localhost:11434",
"api": "ollama",
"api_key_env": ""
},
"mmr": {
"enabled": false,
"lambda": 0.7
}
}
mmr (opt-in, default off) reorders the ranked results for Maximal Marginal
Relevance: a candidate is penalized by its lexical similarity to entries already
chosen, so near-duplicate restatements of one topic don't crowd the token budget
and a second relevant topic gets a seat. lambda trades relevance (1.0 = pure
relevance order) against diversity. Entries linked by related_to are exempt —
those arcs are meant to surface together. On today's store sizes the effect is
small (redundancy@5 is already low); it earns its keep as a store grows and
accumulates superseded/restated entries.
By default, get_context ranks entries with pure lexical matching (tag + word
overlap) — zero dependencies, works offline. The weakness is vocabulary
mismatch: a query about a "value network diverging" won't find the decision
about a "value head saturating", because they share no keywords.
Setting semantic.enabled: true blends an embedding-cosine signal into the
ranking, using a local Ollama server
(ollama pull nomic-embed-text). On a held-out eval across three real project
stores this lifted hit@5 from 80% to 93% and MRR from 0.63 to 0.88 (the
retrieval harness lives in evals/). Entry embeddings are cached per
store in .context/embeddings.json, keyed by a hash of the entry text, so an
edited entry is re-embedded automatically.
It is strictly additive and fail-safe: if Ollama is unreachable or the model is
missing, retrieval silently falls back to lexical ranking. The default stays
enabled: false, so zero-dependency remains the out-of-the-box behavior.
Any OpenAI-compatible endpoint works too: set "api": "openai" and point url
at an LM Studio / llama.cpp server (http://localhost:1234) or OpenAI itself,
with "api_key_env" naming the environment variable that holds the key.
Query another project's context by passing project_dir:
Claude: [calls get_context with project_dir="/path/to/other-project"]
Or tag entries with other project names for cross-referencing.
Every tool is also reachable from the command line, dispatching to the same handlers the MCP server uses:
context-keeper <tool> '<json-args>'
# examples
context-keeper get_project_summary '{}'
context-keeper record_entry '{"kind":"constraint","rule":"...","reason":"..."}'
context-keeper query_entries '{"kind":"decision","text":"storage","limit":5}'
context-keeper --help # list tools
Project resolution is identical to the server (CONTEXT_KEEPER_PROJECT, a cwd
with .context/, or a project_dir key in the JSON). Exit codes: 0 success,
1 if the tool returns an error, 2 for a usage error. Run with no
arguments and it serves the stdio MCP protocol exactly as before.
The working store in .context/ is per-machine (and usually gitignored). To
share project memory with a team through git, export a single compressed,
committable snapshot:
context-keeper export_snapshot '{}'
This writes .context-keeper/memory.json.gz next to your project and adds a
.gitattributes line marking it merge=ours so the binary artifact never
causes a merge conflict. Committing it is opt-in:
git add .context-keeper/memory.json.gz .gitattributes
git commit -m "Share project memory"
# one-time, per clone, for the merge=ours guard to take effect:
git config merge.ours.driver true
On a fresh clone where the snapshot is present but the working store is empty,
Context Keeper imports it automatically on first use (the first
get_project_summary / session start), so a new teammate starts oriented. Import
is non-destructive — a store that already has entries is never overwritten;
run context-keeper import_snapshot '{}' to trigger it manually.
Codec note: the snapshot uses stdlib gzip, not zstd — a real .zst would
require the third-party zstandard package, which would break the project's
zero-dependency guarantee. The snapshot is byte-stable when the store is
unchanged, so re-exporting doesn't churn git history.
Context Keeper is a local-only tool. All data — every decision, constraint,
pipeline, and config file — is stored as plain JSON in the storage directory you
choose (a .context/ folder inside it), on your own machine. Concretely:
semantic.enabled, off by default), the
server sends entry text to the embeddings endpoint you configure — by design
a local service such as Ollama or LM Studio. It is never enabled unless you turn
it on, and it only contacts the URL you set. If you point it at a third-party
endpoint, that endpoint's own privacy policy applies to what you send it.Because the tool stores data only in your chosen local directory and transmits nothing on its own, there is no external service processing your data by default.
CONTEXT_KEEPER_PROJECTAbsolute path to the project directory. Defaults to current working directory.
io.github.ericm1018/skillfm-llm-cost-optimizer-openai-anthropic-usage
io.github.mikerawsonnz/llm-orchestration-agent
io.github.mikerawsonnz/authenticated-llm-agent
labforgedev/copilot-memory-mcp
csoai-org/agent-prompt-injection-firewall-mcp
io.github.mikerawsonnz/authenticated-multi-llm-agent