MCP transport diversity — HTTP / SSE
Today: stdio only (ostk-recall serve --stdio wired into MCP-speaking clients). Per the 2025-06-18 MCP spec, streamable HTTP and SSE are the standard remote transports.
What this unlocks
- Non-co-located clients can hit a shared
ostk-recall instance (e.g. a single corpus on a homelab box served to a phone, an editor on a different machine, an agent running in a container).
- Doesn't change the daemon model — the same
ostk-recall serve (without --stdio) could expose HTTP on a configured port instead of (or alongside) the trigger socket.
Acceptance
Caveats
This widens the threat model significantly — current architecture assumes single-operator local stdio. Recall + recall_audit + the corpus-on-disk are sensitive surfaces. Bake a security review (and probably rate limiting) into the rollout, not after.
MCP transport diversity — HTTP / SSE
Today: stdio only (
ostk-recall serve --stdiowired into MCP-speaking clients). Per the 2025-06-18 MCP spec, streamable HTTP and SSE are the standard remote transports.What this unlocks
ostk-recallinstance (e.g. a single corpus on a homelab box served to a phone, an editor on a different machine, an agent running in a container).ostk-recall serve(without--stdio) could expose HTTP on a configured port instead of (or alongside) the trigger socket.Acceptance
ostk-recall serve --http <addr>mode using rmcp's HTTP transport.Caveats
This widens the threat model significantly — current architecture assumes single-operator local stdio. Recall + recall_audit + the corpus-on-disk are sensitive surfaces. Bake a security review (and probably rate limiting) into the rollout, not after.