Skip to content

rainmana/tinybrain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

31 Commits
.github/workflows
.github/workflows
Β 
Β 
cmd/server
cmd/server
Β 
Β 
docs
docs
Β 
Β 
examples
examples
Β 
Β 
internal
internal
Β 
Β 
test_data
test_data
Β 
Β 
test_scenarios
test_scenarios
Β 
Β 
.clinerules
.clinerules
Β 
Β 
.cursorrules
.cursorrules
Β 
Β 
.cursorrules.user-template
.cursorrules.user-template
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.roo-mode
.roo-mode
Β 
Β 
CWE_LLM_DATASET.json
CWE_LLM_DATASET.json
Β 
Β 
Dockerfile
Dockerfile
Β 
Β 
FRAMEWORK_LIBRARY_PATTERNS.json
FRAMEWORK_LIBRARY_PATTERNS.json
Β 
Β 
LICENSE
LICENSE
Β 
Β 
Makefile
Makefile
Β 
Β 
README.md
README.md
Β 
Β 
config.example.json
config.example.json
Β 
Β 
end_to_end_test.sh
end_to_end_test.sh
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 
simple_mcp_test.sh
simple_mcp_test.sh
Β 
Β 
test_mcp.sh
test_mcp.sh
Β 
Β 
test_mcp_client.sh
test_mcp_client.sh
Β 
Β 
test_real_data.sh
test_real_data.sh
Β 
Β 
test_security_hub.sh
test_security_hub.sh
Β 
Β 
test_security_integration.sh
test_security_integration.sh
Β 
Β 

Repository files navigation

TinyBrain 🧠

License: MIT Go Version MCP Protocol Security Focused

Security-Focused LLM Memory Storage with Intelligence Gathering, Reverse Engineering, and MITRE ATT&CK Integration

TinyBrain is a comprehensive memory storage system designed specifically for security professionals, penetration testers, and AI assistants working on offensive security tasks. It provides intelligent memory management, pattern recognition, and comprehensive intelligence gathering capabilities through the Model Context Protocol (MCP).

πŸ“– View Complete Documentation | βœ… Implementation Parity | πŸ› Report Issues | πŸ’¬ Discussions

Current scope: the Go project currently ships the core SQLite-backed MCP stdio server. The published GitHub Pages site still includes forward-looking PocketBase, REST, GraphQL, SDK, and live NVD/API material; see Implementation Parity for what is implemented and what is intentionally deferred.

✨ Key Features

🧠 Intelligence Gathering

  • OSINT: Open Source Intelligence collection and analysis
  • HUMINT: Human Intelligence gathering and social engineering assessment
  • SIGINT: Signals Intelligence and communications analysis
  • GEOINT: Geospatial Intelligence and location-based analysis
  • MASINT: Measurement and Signature Intelligence
  • TECHINT: Technical Intelligence and technology assessment
  • FININT: Financial Intelligence and cryptocurrency tracking
  • CYBINT: Cyber Intelligence and threat analysis

πŸ” Reverse Engineering

  • Malware Analysis: Static and dynamic malware analysis capabilities
  • Binary Analysis: PE, ELF, Mach-O file format analysis
  • Vulnerability Research: Fuzzing, exploit development, and vulnerability analysis
  • Protocol Analysis: Network and application protocol reverse engineering
  • Code Analysis: Source code and assembly analysis tools

🎯 MITRE ATT&CK Integration

  • Complete Framework: All 14 Enterprise tactics and 200+ techniques
  • TTP Mapping: Map findings to specific tactics, techniques, and procedures
  • Attack Chain Analysis: Complete attack chain mapping and analysis
  • Threat Hunting: Hunt for specific TTPs and attack patterns
  • Campaign Tracking: Track attack campaigns and threat actor activities
  • Real-Time Data: Live MITRE ATT&CK dataset with 823+ techniques and 14 tactics
  • Intelligent Querying: Semantic search across attack techniques and procedures

πŸ›‘οΈ Security Patterns & Standards

  • CWE Integration: Common Weakness Enumeration patterns and classifications
  • OWASP Compliance: OWASP Top 10 2021 and testing guide integration
  • Multi-Language Support: Security patterns for 10+ programming languages
  • Authorization Templates: RBAC, ABAC, and DAC access control patterns
  • Standards Compliance: NIST, ISO 27001, PTES, and industry standards
  • NVD-ready Data Model: Local database tables and query services for CVE data; API ingestion is intentionally deferred in favor of manual file/plugin-style loading
  • OWASP Testing Guide: Complete web application security testing procedures

πŸ”¬ Security Knowledge Hub

  • NVD-ready Data Model: CVE storage/query scaffolding without making NVD API access part of the core runtime
  • MITRE ATT&CK: Complete framework with 823+ techniques and 14 tactics
  • OWASP Testing Guide: Comprehensive web application security testing procedures
  • Intelligent Retrieval: Context-aware querying with summarization
  • Manual/Plugin-Ready Updates: Designed to support local dataset loading first, with API ingestion deferred behind future plugin-style integrations
  • Rate Limiting Scaffolding: Downloader services include rate-limit behavior for future API-backed integrations

πŸ“Š Memory Management

  • 30+ Memory Categories: Comprehensive categorization for intelligence, reconnaissance, and analysis data
  • Intelligence Objects: Threat actors, attack campaigns, IOCs, TTPs, patterns, and correlations
  • Context-Aware Storage: Automatically categorizes and prioritizes information
  • Advanced Search: Semantic, exact, fuzzy, tag-based, and relationship-based search
  • Access Tracking: Monitors which memories are most relevant and frequently accessed
  • Context Summaries: Provides relevant memory summaries for current tasks

High Performance & Reliability

  • SQLite Backend: Fast, reliable, local storage with full-text search
  • Optimized Queries: Indexed searches and efficient relationship traversal
  • Transaction Safety: ACID compliance for data integrity
  • Concurrent Access: Thread-safe operations for multiple LLM interactions

AI-Enhanced Search & Intelligence

  • Semantic Search: AI-powered memory search using embeddings for conceptual similarity
  • Embedding Generation: Generate embeddings for text (placeholder for AI integration)
  • Similarity Calculation: Calculate semantic similarity between embeddings
  • Future-Ready: Complete foundation for OpenAI, Cohere, or local model integration

Real-Time Notifications & Alerts

  • Memory Notifications: Real-time alerts for memory events and system activities
  • High Priority Alerts: Notifications for high-priority memories (priority β‰₯8, confidence β‰₯0.8)
  • Duplicate Detection: Alerts for potential duplicate memories with similarity scores
  • Cleanup Notifications: Notifications for automated cleanup operations
  • Notification Management: Mark notifications as read, filter by session, priority-based sorting

Developer Experience

  • Simple Installation: go install or go build
  • Comprehensive Logging: Detailed logging with structured output
  • Extensive Testing: Unit and MCP user-flow tests for the core memory workflow
  • Docker Support: Containerized deployment ready
  • MCP Tool Surface: Complete API for core memory management operations, plus security-data scaffolding

πŸ› οΈ MCP Tool Set

TinyBrain provides a comprehensive MCP tool surface for LLM memory management. The core memory/session/search/relationship tools are the stable path; security-data tools are scaffolding and should not be treated as required for the core workflow.

Core Memory Operations (8 tools)

  • store_memory - Store new memory entries
  • get_memory - Retrieve memory by ID
  • search_memories - Advanced search with multiple strategies
  • update_memory - Update existing memory entries
  • delete_memory - Delete memory entries
  • find_similar_memories - Find similar memories by content
  • check_duplicates - Check for duplicate memories
  • get_memory_stats - Get comprehensive memory statistics

Session & Task Management (6 tools)

  • create_session - Create new security assessment sessions
  • get_session - Retrieve session information
  • list_sessions - List all sessions with filtering
  • create_task_progress - Create task progress entries
  • update_task_progress - Update task progress
  • list_task_progress - List task progress entries

Advanced Memory Features (8 tools)

  • create_relationship - Create memory relationships
  • get_related_memories - Get related memories
  • create_context_snapshot - Create context snapshots
  • get_context_snapshot - Retrieve context snapshots
  • list_context_snapshots - List context snapshots
  • get_context_summary - Get memory summaries for context
  • export_session_data - Export session data
  • import_session_data - Import session data

Security Templates & Batch Operations (6 tools)

  • get_security_templates - Get predefined security templates
  • create_memory_from_template - Create memories from templates
  • batch_create_memories - Bulk create memory entries
  • batch_update_memories - Bulk update memory entries
  • batch_delete_memories - Bulk delete memory entries
  • get_detailed_memory_info - Get detailed memory debugging info

Memory Lifecycle & Cleanup (4 tools)

  • cleanup_old_memories - Age-based memory cleanup
  • cleanup_low_priority_memories - Priority-based cleanup
  • cleanup_unused_memories - Access-based cleanup
  • get_system_diagnostics - Comprehensive system diagnostics

AI-Enhanced Search (3 tools)

  • semantic_search - AI-powered semantic search
  • generate_embedding - Generate embeddings for text
  • calculate_similarity - Calculate embedding similarity

Real-Time Notifications (4 tools)

  • get_notifications - Get notifications and alerts
  • mark_notification_read - Mark notifications as read
  • check_high_priority_memories - Check for high-priority alerts
  • check_duplicate_memories - Check for duplicate alerts

System Monitoring (1 tool)

  • health_check - Perform system health checks

πŸ›‘οΈ Security Standards & Source Attribution

Standards Compliance

TinyBrain's security patterns and vulnerability datasets are aligned with industry-standard security frameworks:

Source Attribution

Our security patterns and vulnerability datasets are based on authoritative sources:

Multi-Language Coverage

Our security patterns cover 10 major programming languages with language-specific vulnerability patterns:

  • JavaScript/Node.js - Web application security patterns
  • Python - Backend and automation security patterns
  • Java - Enterprise application security patterns
  • C#/.NET - Microsoft ecosystem security patterns
  • PHP - Web application security patterns
  • Ruby - Web framework security patterns
  • Go - System and API security patterns
  • C/C++ - System-level security patterns
  • TypeScript - Type-safe web application patterns
  • Rust - Memory-safe system programming patterns

πŸš€ Quick Start

Installation

# Method 1: Build locally (recommended for now)
git clone https://github.com/rainmana/tinybrain.git
cd tinybrain
go build -o tinybrain ./cmd/server

# Method 2: Install with Go (binary name is "server" because the package is cmd/server)
go install github.com/rainmana/tinybrain/cmd/server@latest

# Method 3: Clone and build manually
git clone https://github.com/rainmana/tinybrain.git
cd tinybrain
go build -o tinybrain ./cmd/server

# Method 4: Docker
docker pull rainmana/tinybrain:latest
docker run -i -v ~/.tinybrain:/app/data rainmana/tinybrain

Pre-built Binaries

Download from Releases

Basic Usage

# Start the MCP stdio server after a local build
./tinybrain

# Or with custom database path
TINYBRAIN_DB_PATH=/path/to/your/memory.db ./tinybrain

# Health check the configured database
./tinybrain --health-check

Intelligence Gathering Example

// Create an OSINT intelligence session
session := &Session{
    Name: "OSINT Intelligence Gathering",
    TaskType: "intelligence_analysis",
    IntelligenceType: "osint",
    Classification: "unclassified",
    ThreatLevel: "medium",
}

// Store intelligence findings
finding := &IntelligenceFinding{
    Title: "Social Media Intelligence",
    IntelligenceType: "osint",
    ThreatLevel: "medium",
    MITRETactic: "TA0001",
    MITRETechnique: "T1591",
    KillChainPhase: "reconnaissance",
}

MCP Integration

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "mcp_tinybrain-mcp-server_create_session",
    "arguments": {
      "name": "Security Assessment",
      "task_type": "penetration_test",
      "intelligence_type": "osint"
    }
  }
}

Troubleshooting Installation

If you encounter issues with go install, try these solutions. Note that go install github.com/rainmana/tinybrain/cmd/server@latest installs a binary named server; use go build -o tinybrain ./cmd/server if you want the local tinybrain name.

# If you get authentication errors, use direct clone method
git clone https://github.com/rainmana/tinybrain.git
cd tinybrain
go build -o tinybrain ./cmd/server

# If repository is private, ensure you have access
git config --global url."git@github.com:".insteadOf "https://github.com/"

# For Go module proxy issues, use direct mode
GOPROXY=direct go install github.com/rainmana/tinybrain/cmd/server@latest

MCP Client Configuration

Add to your MCP client configuration (e.g., Claude Desktop):

{
  "mcpServers": {
    "tinybrain": {
      "command": "/absolute/path/to/tinybrain/tinybrain",
      "args": [],
      "env": {
        "TINYBRAIN_DB_PATH": "~/.tinybrain/memory.db"
      }
    }
  }
}

For Codex app, Codex CLI, or the Codex IDE extension, OpenAI's Codex MCP documentation says MCP servers are configured in ~/.codex/config.toml and that STDIO servers support command, args, env, and optional cwd fields. On Windows, a local Codex app setup can use:

[mcp_servers.tinybrain]
command = 'C:\Users\walec\Development\tinybrain\bin\tinybrain.exe'
args = []
cwd = 'C:\Users\walec\Development\tinybrain'
startup_timeout_sec = 60

[mcp_servers.tinybrain.env]
TINYBRAIN_DB_PATH = 'C:\Users\walec\.tinybrain\memory.db'

If you configure TinyBrain through the Codex app's MCP settings UI, set the same command, database environment variable, and working directory. After changing MCP configuration, restart Codex or start a fresh Codex session so the client rescans the server tools.

πŸ“š Documentation

For complete documentation, API reference, and detailed guides, visit our comprehensive documentation site:

πŸ“– Complete Documentation

The documentation includes:

Quick API Reference

Session Management

Task Types: security_review, penetration_test, exploit_dev, vulnerability_analysis, threat_modeling, incident_response, intelligence_analysis

Intelligence Types: osint, humint, sigint, geoint, masint, techint, finint, cybint

List Sessions

{
  "name": "list_sessions",
  "arguments": {
    "task_type": "security_review",
    "status": "active",
    "limit": 10
  }
}

Memory Operations

Store Memory

{
  "name": "store_memory",
  "arguments": {
    "session_id": "session_123",
    "title": "SQL Injection in Login Form",
    "content": "Found SQL injection vulnerability in username parameter of login form. Payload: ' OR 1=1--",
    "category": "vulnerability",
    "content_type": "text",
    "priority": 8,
    "confidence": 0.9,
    "tags": "[\"sql-injection\", \"authentication\", \"critical\"]",
    "source": "manual-testing"
  }
}

Categories: finding, vulnerability, exploit, payload, technique, tool, reference, context, hypothesis, evidence, recommendation, note

Search Memories

{
  "name": "search_memories",
  "arguments": {
    "query": "SQL injection authentication",
    "session_id": "session_123",
    "search_type": "semantic",
    "categories": "[\"vulnerability\", \"exploit\"]",
    "min_priority": 7,
    "limit": 20
  }
}

Search Types: semantic, exact, fuzzy, tag, category, relationship

Get Related Memories

{
  "name": "get_related_memories",
  "arguments": {
    "memory_id": "memory_456",
    "relationship_type": "exploits",
    "limit": 10
  }
}

Relationship Management

Create Relationship

{
  "name": "create_relationship",
  "arguments": {
    "source_memory_id": "memory_123",
    "target_memory_id": "memory_456",
    "relationship_type": "exploits",
    "strength": 0.8,
    "description": "SQL injection can be used to bypass authentication"
  }
}

Relationship Types: depends_on, causes, mitigates, exploits, references, contradicts, supports, related_to, parent_of, child_of

Context Management

Get Context Summary

{
  "name": "get_context_summary",
  "arguments": {
    "session_id": "session_123",
    "current_task": "Analyzing authentication vulnerabilities",
    "max_memories": 20
  }
}

πŸ—οΈ Architecture

TinyBrain is built with:

  • Go - High-performance backend
  • SQLite - Fast, reliable local storage with FTS5
  • MCP Protocol - LLM integration standard
  • MITRE ATT&CK - Security framework integration
  • Jekyll - Documentation site with Minimal theme

Key Design Principles

  1. Security-First: All data structures and operations designed for security tasks
  2. Intelligence-Focused: Comprehensive intelligence gathering and analysis capabilities
  3. Performance: Optimized queries and indexes for fast retrieval
  4. Flexibility: Extensible schema and relationship system
  5. Reliability: ACID transactions and data integrity checks
  6. Usability: Simple API with comprehensive documentation

πŸ§ͺ Testing

# Run all tests
make test

# Run tests with coverage
go test -v -race -coverprofile=coverage.out ./...
go tool cover -html=coverage.out -o coverage.html

# Run benchmarks
make bench

# Run specific test
go test -v ./internal/database -run TestNewDatabase

🐳 Docker Deployment

# Build Docker image
make docker-build

# Run container
docker run --rm -it \
  -v ~/.tinybrain:/app/data \
  tinybrain:latest

πŸ“Š Performance

Benchmarks

  • Memory Entry Creation: ~1000 entries/second
  • Search Operations: ~100 searches/second
  • Relationship Queries: ~500 queries/second
  • Database Size: ~1MB per 10,000 memory entries

Optimization Features

  • Connection Pooling: Optimized for SQLite single-writer model
  • Index Strategy: Comprehensive indexing for all query patterns
  • Full-Text Search: FTS5 virtual tables for semantic search
  • Caching: Access pattern tracking for intelligent caching

πŸ”§ Configuration

Environment Variables

  • TINYBRAIN_DB_PATH: Path to SQLite database (default: ~/.tinybrain/memory.db)
  • TINYBRAIN_LOG_LEVEL: Log level (debug, info, warn, error)

Database Configuration

The SQLite database is configured with:

  • WAL mode for better concurrency
  • Foreign key constraints enabled
  • Full-text search enabled
  • Optimized pragma settings

πŸ›‘οΈ Security Datasets & Templates

Comprehensive Security Patterns

AI Assistant Configurations

Standards-Based Approach

All security patterns are derived from authoritative sources and aligned with industry standards:

🀝 Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Add tests for new functionality
  4. Ensure all tests pass
  5. Submit a pull request

Development Setup

# Clone repository
git clone https://github.com/rainmana/tinybrain.git
cd tinybrain

# Setup development environment
go mod download

# Run tests
go test ./...

# Build
go build -o tinybrain ./cmd/server

πŸ“„ License

MIT License - see LICENSE file for details.

πŸ™ Acknowledgments

Technical Dependencies

Security Standards & Sources

πŸ“ˆ Roadmap

  • Intelligence gathering frameworks (OSINT, HUMINT, SIGINT, etc.)
  • MITRE ATT&CK integration
  • Reverse engineering capabilities
  • Enhanced memory categories
  • Comprehensive documentation site
  • HTTP transport support
  • Memory compression and archiving
  • Advanced analytics and insights
  • Multi-user support with access controls
  • Plugin system for custom memory types
  • Integration with popular security tools
  • Web dashboard for memory visualization

TinyBrain - Making LLM memory storage intelligent, fast, and security-focused. πŸ§ πŸ”’

About

LLM local persistent storage for security nerds

rainmana.github.io/tinybrain/

Topics

mcp knowledge-graph penetration-testing penetration-testing-tools llm mcp-server

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 2

tinybrain 1.2.3 Latest
Nov 28, 2025
+ 1 release

Packages

 
 
 

Contributors

Languages