XMemo

XMemo CLI

@xmemo/client is the privacy-first command line entry point for XMemo client setup. It is intentionally small: the npm package contains only the CLI and setup helper code needed on a user's machine.

@yonro/xmemo-client is reserved as a Yonro fallback package. The CLI exposes xmemo as the primary command and keeps memory-os as a compatibility alias.

The XMemo server, database, token registry, deployment files, logs, and internal scripts are not part of this npm package.

Install

npm install -g @xmemo/client

Upgrade an existing global install:

xmemo update

This runs npm install -g @xmemo/client@latest. Use xmemo update --dry-run to print the exact command without changing anything.

Commands

xmemo update
xmemo setup codex
xmemo setup codex --dry-run
xmemo setup cursor
xmemo setup cursor --dry-run
xmemo setup copilot
xmemo setup copilot --dry-run
xmemo setup gemini
xmemo setup gemini --dry-run
xmemo setup antigravity
xmemo setup antigravity --dry-run
xmemo setup kiro
xmemo setup kiro --dry-run
xmemo setup grok
xmemo setup grok --dry-run
xmemo mcp add antigravity2
xmemo mcp add antigravity2 --write
xmemo doctor
xmemo discovery show
xmemo setup
xmemo login
xmemo auth status
xmemo status
xmemo token status
xmemo token add --from-stdin
xmemo env example --shell bash
xmemo mcp list
xmemo mcp config --client generic
xmemo mcp config --client antigravity
xmemo mcp add antigravity --write
xmemo profile status codex
xmemo profile install gemini
xmemo profile install antigravity
xmemo smoke --client codex
xmemo privacy

Enterprise privacy and security defaults

• No telemetry or analytics.
• xmemo doctor, xmemo discovery show, and xmemo status do not send tokens.
• MCP config generated by the CLI references XMEMO_KEY or uses the client's MCP OAuth flow; it does not write token values into project files.
• The CLI generates one stable non-secret XMEMO_AGENT_INSTANCE_ID per device and stores it in user-scoped config outside git. All agents on the same device share this instance ID.
• xmemo setup <client> can install a marker-scoped XMemo memory behavior profile for the selected agent. The profile contains instructions only; it never embeds token values.
• xmemo login stores the issued credential in the user-scoped XMemo CLI config directory, shows the approved account when the server provides it, and does not require extra token configuration afterward.
• xmemo token add remains available for existing tokens and still avoids project files, shell history, and printed token values.
• Legacy xmemo token set refuses plaintext credential storage unless --allow-plaintext is explicitly provided.
• The npm package uses a files whitelist so only bin, src, README.md, and LICENSE are published.

Token flow

Recommended personal-user flow:

xmemo login
xmemo auth status
xmemo token status --verify

xmemo login uses the hosted device-login flow when the service advertises it: the CLI shows a browser URL and one-time code, the user authorizes in XMemo, and the CLI stores the issued MCP token in the user-scoped credential file. When the service returns approved account metadata, the CLI prints the account label so users can confirm which XMemo account was connected. No manual token setup is needed after a successful xmemo login; xmemo token status --verify is only an optional connectivity check. The CLI waits for the full browser authorization window by default; use --timeout-ms only to shorten or extend that approval window, and --http-timeout-ms only for individual service requests.

Users who already have a token can configure it directly without shell profiles:

printf '%s\n' 'your-token' | xmemo token add --from-stdin
xmemo token status --verify

This is the preferred fallback while a hosted service is rolling out device login. It still avoids project files, MCP config files, logs, and chat transcripts.

Tokens should be created by the XMemo website or enterprise console, then stored with xmemo login, xmemo token add, a user environment variable, or an enterprise secret manager:

export XMEMO_KEY="your-token"

PowerShell:

[Environment]::SetEnvironmentVariable("XMEMO_KEY", "your-token", "User")

Do not commit tokens to source control, MCP config files, .env files, logs, or chat transcripts.

Hosted discovery setup

Hosted setup uses the XMemo public discovery contracts. The CLI reads secret-free discovery and onboarding status documents, then tells the user where the API, MCP endpoint, docs, and any server-advertised onboarding links are.

xmemo doctor
xmemo discovery show
xmemo setup