thoughtbox

Name: thoughtbox
Author: Kastalien-Research

Verified Safe

by Kastalien-Research

View Source

Overview

Provides a durable, local-first reasoning ledger and structured cognitive tools for AI agents, enabling step-by-step thinking, branching, revisions, and autonomous critique, with progressive tool disclosure and client compatibility adaptations.

Installation

Run Command

npx -y @kastalien-research/thoughtbox

Environment Variables

THOUGHTBOX_TRANSPORT
THOUGHTBOX_STORAGE
THOUGHTBOX_DATA_DIR
THOUGHTBOX_PROJECT
DISABLE_THOUGHT_LOGGING
THOUGHTBOX_OBSERVATORY_ENABLED
THOUGHTBOX_OBSERVATORY_PORT
THOUGHTBOX_OBSERVATORY_CORS
THOUGHTBOX_OBSERVATORY_PATH
THOUGHTBOX_OBSERVATORY_MAX_CONN
THOUGHTBOX_OBSERVATORY_HTTP_API

Security Notes

The server is designed for local-first use and incorporates robust input validation (`sanitizePath`, `validateFilename`) in the notebook component to mitigate path traversal and similar file-system based vulnerabilities when executing user-defined code. External process execution (`spawn` for Node.js, npm, tsx) is performed with explicit commands and arguments, reducing the risk of shell injection. There are no overt hardcoded secrets. While the Observatory component allows for flexible CORS configuration (including `*`), this is an opt-in setting in an optional, typically local, monitoring tool. Overall, the source code indicates a conscious effort towards security for its intended use case.

Similar Servers

agent

347

Manages and proxies multiple Model Context Protocol (MCP) servers locally, providing a unified entry point and CLI for installation, configuration, and status monitoring.

Coding Agents

$Low

tiger-gh-mcp-server

Provides a set of focused tools to Large Language Models (LLMs) for interacting with the GitHub API, enabling capabilities like fetching issues, pull requests, commits, releases, and searching code within a specified organization.

Web & APIs

$Medium