Knowledge Graph Memory Extension
π₯Plug & Play
Watch the demo
This tutorial covers how to add the Knowledge Graph Memory MCP Server as a goose extension. This enables goose to analyze relationships, detect patterns, and gain a deeper understanding of your data. The knowledge graph builds on the memory extension by mapping complex relationships between concepts and providing persistent memory across goose sessions.
TLDR
- goose Desktop
- goose CLI
Command
npx -y @modelcontextprotocol/server-memory
Configurationβ
info
Note that you'll need Node.js installed on your system to run this command, as it uses npx.
- goose Desktop
- goose CLI
- Launch the installer
- Click
Yesto confirm the installation - Click the button in the top-left to open the sidebar
- Navigate to the chat
- Run the
configurecommand:
goose configure
- Choose to add a
Command-line Extension.
β goose-configure
β
β What would you like to configure?
β Add Extension
β
β What type of extension would you like to add?
β β Built-in Extension
β β Command-line Extension (Run a local command or script)
β β Remote Extension (SSE)
β β Remote Extension (Streaming HTTP)
β
- Give your extension a name.
β goose-configure
β
β What would you like to configure?
β Add Extension
β
β What type of extension would you like to add?
β Command-line Extension
β
β What would you like to call this extension?
β Knowledge Graph Memory
β
- Enter the command to run when this extension is used.
β goose-configure
β
β What would you like to configure?
β Add Extension
β
β What type of extension would you like to add?
β Command-line Extension
β
β What would you like to call this extension?
β Knowledge Graph Memory
β
β What command should be run?
β npx -y @modelcontextprotocol/server-memory
β
- Enter the number of seconds Goose should wait for actions to complete before timing out. Default is
300seconds.
β goose-configure
β
β What would you like to configure?
β Add Extension
β
β What type of extension would you like to add?
β Command-line Extension
β
β What would you like to call this extension?
β Knowledge Graph Memory
β
β What command should be run?
β npx -y @modelcontextprotocol/server-memory
β
β Please set the timeout for this tool (in secs):
β 300
β
- Enter a description for this extension.
β goose-configure
β
β What would you like to configure?
β Add Extension
β
β What type of extension would you like to add?
β Command-line Extension
β
β What would you like to call this extension?
β Knowledge Graph Memory
β
β What command should be run?
β npx -y @modelcontextprotocol/server-memory
β
β Please set the timeout for this tool (in secs):
β 300
β
β Enter a description for this extension:
β Graph-based memory system for persistent knowledge storage
β
- Choose
Nowhen asked to add environment variables.
β goose-configure
β
β What would you like to configure?
β Add Extension
β
β What type of extension would you like to add?
β Command-line Extension
β
β What would you like to call this extension?
β Knowledge Graph Memory
β
β What command should be run?
β npx -y @modelcontextprotocol/server-memory
β
β Please set the timeout for this tool (in secs):
β 300
β
β Enter a description for this extension:
β Graph-based memory system for persistent knowledge storage
β
β Would you like to add environment variables?
β No
β
β Added Knowledge Graph Memory extension
Example Usageβ
In this example, I'll show you how goose can become an intelligent security reviewer by using connected knowledge patterns to detect and analyze vulnerabilities. goose will be able to understand the relationship between security issues, their impacts, and mitigations.
This means goose doesn't just spot issues - it understands how vulnerabilities connect to real world impacts and can suggest comprehensive solutions.
Step 1: Teach goose About Security Patternsβ
goose Prompt #1β
goose, learn these security vulnerability patterns and their relationships:
1. SQL Injection relates to:
- Unvalidated database inputs
- Data theft risks
- Parameterized query solutions
2. XSS Vulnerabilities connect to:
- Unescaped user output
- Session hijacking risks
- Content sanitization fixes
3.Authentication Weaknesses link to:
- Session management
- Account compromise
- JWT-based solutions
goose Outputβ
I'll store this security knowledge in the Knowledge Graph Memory with proper entities and relationships
[.... Create Entities .....]
Now, let's create the relationships between these security concepts:
[.... Create Relations .....]
Let me verify what's been stored:
[... Read Graph ...]
I've now stored your security knowledge in the graph with:
1. Vulnerability Entities:
- SQL Injection (with observations about unvalidated inputs and data theft)
- XSS Vulnerabilities (with observations about unescaped output and session risks)
- Authentication Weaknesses (with observations about session management)
2. Solution Entities:
- Parameterized Queries
- Content Sanitization
- JWT Authentication
3. Connected Relationships:
- Vulnerabilities β their potential impacts
- Solutions β the vulnerabilities they mitigate
The knowledge is now structured in a way that I can:
- Trace vulnerability impact chains
- Identify appropriate solutions for each vulnerability
- Understand how different security issues are related
Step 2: Use Connected Knowledge for Code Reviewβ
goose Prompt # 2β
Review this API endpoint for security issues:
app.post('/api/login', (req, res) => {
const { username, password } = req.body;
const query = `SELECT * FROM users WHERE username = '${username}'`;
db.query(query, (err, result) => {
if (err) throw err;
if (result.length > 0) {
res.cookie('user', username);
res.json({ success: true });
}
});
});
goose Outputβ
I'll analyze this code using our connected knowledge graph to trace security vulnerabilities and their implications:
[.... Search Nodes ... Open Nodes ...]
Based on our knowledge graph analysis, I've found multiple critical security issues:
1. SQL Injection Vulnerability:
- Issue: Using string concatenation in query WHERE username = '${username}'
- Impact Chain: SQL Injection β Data Theft
- Risk Level: Critical
- Solution (from parameterized_queries): Use parameterized queries instead
2. Authentication Weakness:
- Issue: Using basic cookie-based session res.cookie('user', username)
- Impact Chain: Auth Weakness β Account Compromise
- Risk Level: High
- Solution (from jwt_auth): Implement JWT with proper expiration
Here's the secure implementation based on our stored patterns:
app.post('/api/login', async (req, res) => {
try {
// Input validation
if (!req.body.username || !req.body.password) {
return res.status(400).json({
success: false,
error: 'Username and password required'
});
}
// Parameterized query (prevents SQL injection)
const query = 'SELECT * FROM users WHERE username = ?';
const result = await db.query(query, [req.body.username]);
if (!result.length) {
return res.status(401).json({
success: false,
error: 'Invalid credentials'
});
}
// Password verification would go here
// const validPassword = await bcrypt.compare(req.body.password, result[0].password);
// JWT-based session management (prevents session hijacking)
const token = jwt.sign(
{ userId: result[0].id },
process.env.JWT_SECRET,
{ expiresIn: '1h' }
);
res.json({
success: true,
token: token
});
} catch (error) {
res.status(500).json({
success: false,
error: 'Internal server error'
});
}
});
The fixes address the vulnerability chains our knowledge graph identified:
1. SQL Injection β Data Theft: Mitigated by parameterized queries
2. Auth Weakness β Account Compromise: Mitigated by JWT implementation
Additional security improvements based on connected patterns:
- Added input validation
- Proper error handling
- No exposure of internal errors
- Token-based instead of cookie-based auth
- Expiration time on authentication
Would you like me to:
1. Explain any of these security relationships in more detail?
2. Show how to implement additional security patterns?
3. Analyze another endpoint?