mishkan-harness 0.1.0

package/payload/mishkan/cognee/.env.example

@@ -0,0 +1,165 @@
+# MISHKAN cognee-mcp — environment template.
+# Copy to `.env` and manage the real file with SOPS/age (rule: no plaintext
+# secrets in version control). The real `.env` is gitignored.
+#
+#   cp .env.example .env
+#   sops --encrypt --age <your-age-recipient> .env > .env.enc   # commit .env.enc only
+#   sops --decrypt .env.enc > .env                              # locally, before `up`
+
+# REQUIRED. The LLM key cognee uses (OpenAI key by default). SOPS-managed.
+LLM_API_KEY=CHANGEME-use-sops
+
+# Pin the cognee git tag/commit the image builds from — never floating.
+# Used as the Dockerfile build arg AND the built image tag. Confirm a release
+# at https://github.com/topoteretes/cognee/releases.
+COGNEE_MCP_REF=v1.1.0
+
+# Host port for the cognee-mcp HTTP transport (container listens on 7777). <= 65535.
+COGNEE_PORT=7777
+
+# OPTIONAL — backend stores. Defaults are local/embedded (no extra services):
+#   relational = sqlite · vector = lancedb · graph = networkx (file .pkl)
+# Each layer is swappable by an env var (values below are Cognee's accepted set):
+#
+#   DB_PROVIDER=sqlite|postgres
+#   VECTOR_DB_PROVIDER=lancedb|pgvector|qdrant|weaviate
+#   GRAPH_DATABASE_PROVIDER=networkx|kuzu|neo4j
+#   GRAPH_DATABASE_URL=<graph connection string, for neo4j>
+#   DB_HOST=<relational host, for postgres>
+#
+# Low-ops recommendation: if you already run PostgreSQL + pgvector, reuse them;
+# kuzu keeps the graph embedded (no second server):
+#   DB_PROVIDER=postgres
+#   VECTOR_DB_PROVIDER=pgvector
+#   GRAPH_DATABASE_PROVIDER=kuzu
+# (use GRAPH_DATABASE_PROVIDER=neo4j instead only if you want Neo4j's graph UI.)
+# Add any backend service to docker-compose.yml and SOPS-manage its credentials.
+# EMBEDDING_API_KEY=CHANGEME-use-sops   # if your embedding provider differs from LLM
+
+# --- OPTIONAL: Cognee UI / Graph Explorer (docker-compose.ui.yml, profile: ui) ---
+# Visualise the graph your agents build. Requires a SHARED graph backend so the
+# UI and cognee-mcp see the same graph — use Neo4j:
+#   GRAPH_DATABASE_PROVIDER=neo4j
+#   GRAPH_DATABASE_URL=bolt://neo4j:7687
+#   GRAPH_DB_USERNAME=neo4j
+#   GRAPH_DB_PASSWORD=CHANGEME-use-sops
+# Path to a CLONED cognee repo (the UI backend + frontend build from it):
+#   COGNEE_SRC=/absolute/path/to/cloned/cognee
+# UI ports (127.0.0.1-bound, <= 65535):
+#   COGNEE_BACKEND_PORT=7737
+#   COGNEE_UI_PORT=7724
+#   NEO4J_HTTP_PORT=7716
+#   NEO4J_BOLT_PORT=7709
+
+# =============================================================================
+# LLM PROVIDER PROFILES — pick ONE. Cognee resolves providers through litellm,
+# so model names carry a `<provider>/` prefix. Switching providers = set the
+# LLM_* and EMBEDDING_* block below, then recreate the services that read this
+# file:
+#   docker compose ... up -d --force-recreate cognee-mcp cognee-backend
+# Keys are secrets — keep them SOPS-managed, never inline in a committed file.
+#
+# Caveat (load-bearing): Anthropic/Claude ships NO embedding model. If you run
+# Claude for the LLM you MUST pair it with a different embedding provider
+# (OpenAI, Gemini, or local Ollama). Every other profile can self-pair.
+# Embedding dimensions are not free to change after first ingest — re-embedding
+# an existing graph means wiping the vector store. Pick the dimension once.
+#
+# LLM and EMBEDDING providers are INDEPENDENT — mix them. A strong combo:
+# Gemini cloud LLM (fast extraction) + LOCAL Ollama embeddings. Bulk ingest
+# (e.g. seeding ~100 curated nodes) fires many embedding calls in a burst;
+# cloud free-tier embeddings 429 (RESOURCE_EXHAUSTED) on that. Local Ollama
+# embeddings are free and unrate-limited, so seeding/ingest never stalls. Use
+# the PROFILE A embedding block with any cloud LLM above.
+#
+# --- PROFILE A: fully self-hosted (Ollama) — DEFAULT, no external key/quota ---
+# Needs docker-compose.selfhosted.yml (ships Ollama). CPU inference is slow but
+# has NO rate/daily cap — the reliable choice for bulk cognify and for PII-bearing
+# project data (nothing leaves the host). qwen2.5:3b is the recommended local LLM:
+# denser reasoning + better data-extraction than llama3.2:3b at the same size,
+# 128K context — well suited to cognee's entity/relationship extraction.
+#   OLLAMA_VERSION=<pinned ollama tag>          # never :latest
+#   LLM_PROVIDER=ollama
+#   LLM_MODEL=qwen2.5:3b                         # or llama3.1:8b if RAM allows
+#   LLM_ENDPOINT=http://ollama:11434/v1
+#   LLM_API_KEY=ollama                           # sentinel, not a secret
+#   EMBEDDING_PROVIDER=ollama
+#   EMBEDDING_MODEL=nomic-embed-text:latest
+#   EMBEDDING_ENDPOINT=http://ollama:11434/api/embed
+#   EMBEDDING_DIMENSIONS=768
+#   HUGGINGFACE_TOKENIZER=nomic-ai/nomic-embed-text-v1.5
+#
+# --- PROFILE B: Google Gemini (cloud, self-pairs LLM + embeddings) -----------
+# Needs a billing-enabled key — a bare free-tier key returns 429 RESOURCE_EXHAUSTED
+# on generateContent. Verify the key with ?key= ListModels before wiring.
+#   LLM_PROVIDER=gemini
+#   LLM_MODEL=gemini/gemini-2.5-flash            # 2.0-flash deprecated 2026-03, shut down ~2026-06
+#   LLM_API_KEY=CHANGEME-use-sops                # Google AI Studio key
+#   EMBEDDING_PROVIDER=gemini
+#   EMBEDDING_MODEL=gemini/gemini-embedding-001  # text-embedding-004 is retired on v1beta
+#   EMBEDDING_DIMENSIONS=3072                     # gemini-embedding-001 native output
+#   # leave LLM_ENDPOINT / EMBEDDING_ENDPOINT unset (litellm has Gemini routes)
+#
+# --- PROFILE C: OpenAI (cloud, self-pairs) -----------------------------------
+#   LLM_PROVIDER=openai
+#   LLM_MODEL=openai/gpt-5-mini
+#   LLM_API_KEY=CHANGEME-use-sops
+#   EMBEDDING_PROVIDER=openai
+#   EMBEDDING_MODEL=openai/text-embedding-3-large
+#   EMBEDDING_DIMENSIONS=3072
+#
+# --- PROFILE D: Anthropic/Claude LLM + OpenAI embeddings (MUST split) ---------
+#   LLM_PROVIDER=anthropic
+#   LLM_MODEL=anthropic/claude-sonnet-4-5
+#   LLM_API_KEY=CHANGEME-use-sops                # Anthropic key
+#   EMBEDDING_PROVIDER=openai                     # Claude has no embeddings
+#   EMBEDDING_MODEL=openai/text-embedding-3-large
+#   EMBEDDING_DIMENSIONS=3072
+#   EMBEDDING_API_KEY=CHANGEME-use-sops           # separate OpenAI key
+#
+# --- PROFILE E: NVIDIA API Catalog (cloud, free to test, OpenAI-compatible) ---
+# RECOMMENDED low-cost cloud option for bulk cognify: NVIDIA hosts the models,
+# no hardware, OpenAI-compatible REST. Sign up at build.nvidia.com, pick a model,
+# "Get API Key". Generous free testing tier — good middle ground between the
+# free-Gemini daily wall and slow local Ollama. Same pattern fits OpenRouter/
+# DeepInfra. Pair embeddings with local Ollama (the gateway need not serve them).
+#   LLM_PROVIDER=custom
+#   LLM_MODEL=openai/meta/llama-3.1-70b-instruct  # NVIDIA catalog model id, openai/ prefix
+#   LLM_ENDPOINT=https://integrate.api.nvidia.com/v1
+#   LLM_API_KEY=CHANGEME-use-sops                  # nvapi-... key from the catalog
+#   EMBEDDING_PROVIDER=ollama                      # local embeddings (free, no rate wall)
+#   EMBEDDING_MODEL=nomic-embed-text:latest
+#   EMBEDDING_ENDPOINT=http://ollama:11434/api/embed
+#   EMBEDDING_DIMENSIONS=768
+#   HUGGINGFACE_TOKENIZER=nomic-ai/nomic-embed-text-v1.5
+
+# Cognee 1.x defaults multi-user access control ON, whose handler is incompatible
+# with neo4j. Single-user self-host → disable it:
+ENABLE_BACKEND_ACCESS_CONTROL=false
+
+# Secured default user — OVERRIDE Cognee's built-in default_user@example.com + default
+# password. Even with access control off, set these so the well-known defaults don't work.
+DEFAULT_USER_EMAIL=you@example.com
+DEFAULT_USER_PASSWORD=CHANGEME-use-sops
+
+# Local CPU models can exceed cognee preflight 30s LLM check; skip it (real calls work).
+COGNEE_SKIP_CONNECTION_TEST=true
+
+# Throttle cognify's LLM calls under a cloud free-tier ceiling. cognify fires many
+# extraction calls per document; on a free cloud tier (Gemini ~10-15 RPM) bulk
+# ingest 429s and runs ERROR (cognee reports status 422). Self-pacing keeps bulk
+# seeding/ingest reliable. Tune REQUESTS to your provider's per-minute cap; leave
+# disabled for local Ollama (no rate limit). Note: a daily cap (RPD) is a separate
+# wall this does not solve — for large bulk on a tight free tier, use local Ollama.
+LLM_RATE_LIMIT_ENABLED=true
+LLM_RATE_LIMIT_REQUESTS=8
+LLM_RATE_LIMIT_INTERVAL=60
+
+# Persist cognee's ingested-file + system storage on the cognee_data volume.
+# By default cognee writes to a venv-relative .cognee_data/.cognee_system path in
+# the container's ephemeral layer — every `up --force-recreate` wipes the ingested
+# source files and a later cognify fails with FileNotFoundError (status 422).
+# These roots sit under the volume mount (/app/cognee-mcp/.cognee_system), which
+# the Dockerfile pre-creates as the cognee user so a fresh volume is writable.
+DATA_ROOT_DIRECTORY=/app/cognee-mcp/.cognee_system/data
+SYSTEM_ROOT_DIRECTORY=/app/cognee-mcp/.cognee_system/system

package/payload/mishkan/cognee/Dockerfile

@@ -0,0 +1,50 @@
+# MISHKAN — cognee-mcp server image (HTTP transport on 7777).
+# Builds the official cognee-mcp (topoteretes/cognee · cognee-mcp/) at a PINNED
+# git ref. Cognee core is a Python library; cognee-mcp exposes it over MCP.
+# Refs: https://docs.cognee.ai/cognee-mcp/mcp-local-setup
+
+ARG PYTHON_VERSION=3.12-slim
+FROM python:${PYTHON_VERSION}
+
+# Pin the cognee git tag or commit — build fails if unset (no floating refs).
+ARG COGNEE_MCP_REF
+RUN test -n "$COGNEE_MCP_REF" || (echo "ERROR: set COGNEE_MCP_REF to a pinned cognee git tag/commit" >&2 && false)
+
+ENV PYTHONUNBUFFERED=1 \
+    PIP_NO_CACHE_DIR=1 \
+    COGNEE_PORT=7777
+
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends git ca-certificates \
+ && rm -rf /var/lib/apt/lists/* \
+ && pip install --no-cache-dir uv
+
+# Non-root runtime user (least privilege). Own /app BEFORE the heavy steps and
+# run them as `cognee`, so the multi-GB venv is created with correct ownership —
+# avoids a final `chown -R /app` that takes 20+ min over the ML dependency tree.
+RUN useradd --create-home --uid 10001 cognee \
+ && mkdir -p /app && chown cognee:cognee /app
+USER cognee
+WORKDIR /app
+
+# Clone cognee at the pinned ref and install the MCP server's deps (as cognee).
+RUN git clone https://github.com/topoteretes/cognee.git . \
+ && git checkout "$COGNEE_MCP_REF"
+WORKDIR /app/cognee-mcp
+RUN uv sync --all-extras
+
+# Pre-create the persisted-storage root owned by cognee (uid 10001). A named
+# volume mounted here inherits this ownership on first creation, so cognee can
+# write ingested files/system data without a manual chown. DATA_ROOT_DIRECTORY /
+# SYSTEM_ROOT_DIRECTORY (in .env) point under this path so data survives recreate.
+RUN mkdir -p /app/cognee-mcp/.cognee_system
+
+EXPOSE 7777
+
+# HTTP transport has no plain GET health endpoint (the /mcp endpoint may 405 on
+# GET), so liveness is a TCP connect check on the port.
+HEALTHCHECK --interval=15s --timeout=5s --retries=5 --start-period=40s \
+  CMD python -c "import socket,sys; s=socket.create_connection(('127.0.0.1',7777),2); s.close()" || exit 1
+
+# HTTP transport, all interfaces, port 7777, endpoint /mcp.
+CMD ["uv", "run", "cognee-mcp", "--transport", "http", "--host", "0.0.0.0", "--port", "7777"]

package/payload/mishkan/cognee/README.md

@@ -0,0 +1,129 @@
+# cognee-mcp — MISHKAN knowledge graph
+
+Local Docker deployment of `cognee-mcp` — the MCP server that exposes the
+[Cognee](https://docs.cognee.ai) knowledge graph to Claude Code (decision D-001).
+Cognee core is a Python library; this container runs `cognee-mcp` in **HTTP
+transport on port 7777** (endpoint `/mcp`). Optional: agents run without it; only
+graph persistence is deferred until it's up.
+
+New to Cognee setup? Run the **cognee-quickstart** skill first — it walks the
+Python env, provider keys, and backend choices.
+
+## Bring it up
+
+```bash
+cd ~/.claude/mishkan/cognee
+
+# 1. secrets (SOPS-managed; never commit plaintext .env)
+cp .env.example .env
+#    set LLM_API_KEY, set COGNEE_MCP_REF to a pinned cognee git tag/commit, decrypt via sops
+
+# 2. build + start the WORK stack with the hardening overlay (always)
+docker compose -f docker-compose.yml -f docker-compose.hardening.yml up -d --build
+
+# 3. confirm it's listening on 7777
+nc -z localhost 7777 && echo "cognee-mcp (work) up on :7777"
+
+# 4. bring up the CURATED box (isolated reference library — decision D-007)
+cp .env.curated.example .env.curated   # fill secrets; create the DB once:
+docker exec mishkan-cognee-pg psql -U cognee -d cognee_db -c "CREATE DATABASE curated_db OWNER cognee;"
+docker compose --env-file .env.curated -f docker-compose.curated.yml up -d
+nc -z localhost 7730 && echo "cognee-mcp (curated) up on :7730"
+
+# 5. seed the curated reference library (96 nodes) INTO the curated box
+~/.claude/mishkan/scripts/seed-curated-library.sh   # targets mishkan-curated-mcp
+```
+
+## Two stores (decision D-007)
+
+| Store | Containers | Port | Holds | MCP alias |
+|---|---|---|---|---|
+| **work** | `mishkan-cognee-*` | 7777 | per-project knowledge + `<client>_memory` | `cognee` (read+write) |
+| **curated** | `mishkan-curated-*` | 7730 | the cross-project reference library only | `cognee-curated` (read) |
+
+The curated library is **physically isolated** in its own Neo4j so project data
+(which can contain PII) never mixes with it. The curated box reuses the shared
+Ollama and the shared Postgres *server* (own database `curated_db`). The
+per-client memory dataset (e.g. `claude_code_memory`) is part of the **work**
+store and must not be pruned.
+
+## How agents reach it
+
+Claude Code connects via the project's `.mcp.json` (seeded by `/mishkan-init`
+from `~/.claude/mishkan/templates/mcp.json`), which declares **both** stores:
+`cognee` → work (`http://localhost:7777/mcp`) and `cognee-curated` → curated
+(`http://localhost:7730/mcp`). A **zero-container stdio alternative** is included
+in that template (`_stdio_alternative`): it launches `cognee-mcp` directly via
+`uv --directory <path-to-cognee-mcp> run cognee-mcp` with `LLM_API_KEY` — no
+container, no port. Use whichever fits.
+
+## Transports (per cognee docs)
+
+| Transport | Command | Endpoint |
+|---|---|---|
+| stdio (default) | `uv run cognee-mcp` | — (Claude Code spawns it) |
+| http | `uv run cognee-mcp --transport http --host 0.0.0.0 --port 7777` | `/mcp` |
+| sse | `uv run cognee-mcp --transport sse --host 0.0.0.0 --port 7777` | `/sse` |
+
+This deployment uses **http** on 7777.
+
+## Rules this deployment follows
+
+- **Built locally** from a pinned `Dockerfile` (`COGNEE_MCP_REF` required) — no
+  blind image pull, no `:latest`.
+- **SOPS/age** for the `.env` (`LLM_API_KEY` etc.); only an encrypted `.env.enc`
+  is committed.
+- **Hardening overlay re-applied on every recreate** (`docker-compose.hardening.yml`):
+  `no-new-privileges`, `cap_drop: ALL`, tmpfs `/tmp`.
+- **Healthcheck** = TCP connect on 7777 (HTTP `/mcp` may 405 on GET).
+- **Bound to `127.0.0.1`** — not exposed beyond the host.
+- **Resource limits** on the service.
+
+## Backends (self-hosted, swappable by env var)
+
+Each layer defaults to local/embedded — zero extra services — swapped via one env
+var (accepted values per the Cognee docs):
+
+| Layer | Env var | Default | Options |
+|---|---|---|---|
+| Relational | `DB_PROVIDER` | `sqlite` | `sqlite`, `postgres` |
+| Vector | `VECTOR_DB_PROVIDER` | `lancedb` | `lancedb`, `pgvector`, `qdrant`, `weaviate` |
+| Graph | `GRAPH_DATABASE_PROVIDER` | `networkx` (file `.pkl`) | `networkx`, `kuzu`, `neo4j` |
+
+Low-ops fit if you already run Postgres + pgvector: `DB_PROVIDER=postgres`,
+`VECTOR_DB_PROVIDER=pgvector`, `GRAPH_DATABASE_PROVIDER=kuzu` (embedded, no server).
+
+## Visualising the graph
+
+- **Static HTML (zero infra):** `visualize_graph("./graph.html")` from
+  `cognee.api.v1.visualize.visualize` writes an interactive HTML file (drag, zoom,
+  hover; color-coded nodes + weighted edges). Publish it as a Sefer artifact, e.g.
+  `docs/diagrams/graph.html`.
+- **Cognee UI (Graph Explorer):** web workspace that visualises the *reasoning
+  subgraph* used to answer a query. Self-hosted via the optional
+  `docker-compose.ui.yml` overlay (profile `ui`) — see below.
+
+### Graph Explorer (UI) — optional overlay
+
+The UI shows the graph **only if it shares a backend with `cognee-mcp`** (default
+file backends are per-process silos). The overlay runs **Neo4j as the shared graph
+backend** and points both `cognee-mcp` and the UI's cognee backend at it.
+
+```bash
+# .env: GRAPH_DATABASE_PROVIDER=neo4j, GRAPH_DATABASE_URL=bolt://neo4j:7687,
+#       GRAPH_DB_USERNAME/PASSWORD (sops), COGNEE_SRC=/path/to/cloned/cognee
+docker compose -f docker-compose.yml -f docker-compose.hardening.yml \
+               -f docker-compose.ui.yml --profile ui up -d --build
+# UI       http://localhost:7724     backend http://localhost:7737
+# Neo4j    http://localhost:7716      (Neo4j's own graph browser too)
+```
+
+Ports are local-bound and configurable. The UI backend + frontend build from a
+**cloned cognee repo** (`COGNEE_SRC`). The Cognee UI is "work in progress"
+upstream — confirm build contexts and env keys against the docs and repo compose.
+
+## Data
+
+- `cognee_data` — Docker-managed volume (cognee's local graph/vector/sqlite when
+  using default backends). Runtime state, not shipped with the harness.
+- `curated-resources.jsonl` — produced by the seed script; runtime output.

package/payload/mishkan/cognee/docker-compose.curated-ui.yml

@@ -0,0 +1,61 @@
+# MISHKAN — CURATED Graph Explorer UI (optional overlay).
+# A separate Cognee backend + frontend bound to the CURATED graph, so the
+# curated reference library has its own Explorer — distinct from the work UI
+# (:7724), which only sees the work store. Reuses the already-built UI images.
+#
+#   docker compose --env-file .env.curated \
+#     -f docker-compose.curated.yml -f docker-compose.curated-ui.yml up -d
+#
+# UI → http://localhost:7734 (frontend) → http://localhost:7733 (backend) →
+# curated Neo4j. Both 127.0.0.1-bound; tunnel 7733+7734 to view.
+
+services:
+  curated-backend:
+    image: mishkan/cognee-backend:${COGNEE_MCP_REF:?}
+    container_name: mishkan-curated-backend
+    restart: unless-stopped
+    depends_on:
+      curated-neo4j:
+        condition: service_healthy
+    env_file:
+      - .env.curated            # same curated config → curated graph
+    environment:
+      HOST: 0.0.0.0
+      ENVIRONMENT: local
+      CORS_ALLOWED_ORIGINS: ${CURATED_CORS:-http://localhost:${CURATED_UI_PORT:-7734}}
+    ports:
+      - "127.0.0.1:${CURATED_BACKEND_PORT:-7733}:8000"
+    networks:
+      - shared
+    security_opt:
+      - no-new-privileges:true
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 3g
+
+  curated-frontend:
+    image: mishkan/cognee-frontend:${COGNEE_MCP_REF:?}
+    container_name: mishkan-curated-frontend
+    restart: unless-stopped
+    depends_on:
+      - curated-backend
+    environment:
+      NEXT_PUBLIC_LOCAL_API_URL: ${CURATED_NEXT_PUBLIC_API_URL:-http://localhost:${CURATED_BACKEND_PORT:-7733}}
+    ports:
+      - "127.0.0.1:${CURATED_UI_PORT:-7734}:3000"
+    networks:
+      - shared
+    security_opt:
+      - no-new-privileges:true
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 1g
+
+networks:
+  shared:
+    external: true
+    name: ${COGNEE_WORK_NETWORK:-mishkan-cognee_cognee_net}

package/payload/mishkan/cognee/docker-compose.curated.yml

@@ -0,0 +1,85 @@
+# MISHKAN — CURATED box: isolated reference-library store, physically separate
+# from the work/project graph. Holds ONLY the curated_library reference nodes.
+# Own Neo4j (the isolation point) + reuses the SHARED Ollama and the SHARED
+# Postgres server (own database: curated_db). No UI — it is static, read-mostly
+# reference; query via MCP, browse via Neo4j Browser on the curated http port.
+#
+#   docker compose --env-file .env.curated -f docker-compose.curated.yml up -d
+#
+# Why a separate box: project knowledge (decisions, incidents, ingested code —
+# which can include PII) must never mix with the cross-project curated library.
+# Neo4j Community allows only one database per instance, so physical graph
+# isolation = a separate Neo4j container. See decision D-007.
+#
+# Joins the work-stack network so it can reach `ollama` and `postgres` by their
+# aliases. Bring the work stack up first (it owns the network). The work network
+# name defaults to the compose project name + "_cognee_net"; override via
+# COGNEE_WORK_NETWORK in .env.curated if your work stack uses a different name.
+
+services:
+  curated-neo4j:
+    image: neo4j:5.26
+    container_name: mishkan-curated-neo4j
+    restart: unless-stopped
+    environment:
+      NEO4J_AUTH: ${GRAPH_DATABASE_USERNAME:?}/${GRAPH_DATABASE_PASSWORD:?}
+      NEO4J_PLUGINS: '["apoc"]'
+      NEO4J_dbms_security_procedures_unrestricted: "apoc.*"
+      NEO4J_dbms_security_procedures_allowlist: "apoc.*"
+    ports:
+      - "127.0.0.1:${CURATED_NEO4J_HTTP_PORT:-7731}:7474"
+      - "127.0.0.1:${CURATED_NEO4J_BOLT_PORT:-7732}:7687"
+    volumes:
+      - curated_neo4j_data:/data
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:7474 >/dev/null 2>&1 || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    networks:
+      - shared
+    security_opt:
+      - no-new-privileges:true
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 2g
+
+  curated-mcp:
+    image: mishkan/cognee-mcp:${COGNEE_MCP_REF:?}
+    container_name: mishkan-curated-mcp
+    restart: unless-stopped
+    depends_on:
+      curated-neo4j:
+        condition: service_healthy
+    env_file:
+      - .env.curated
+    ports:
+      - "127.0.0.1:${CURATED_MCP_PORT:-7730}:7777"
+    healthcheck:
+      test: ["CMD-SHELL", "python3 -c \"import socket; socket.create_connection(('127.0.0.1',7777),2).close()\" || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 10
+      start_period: 90s
+    networks:
+      - shared
+    security_opt:
+      - no-new-privileges:true
+    tmpfs:
+      - /tmp
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 3g
+
+networks:
+  shared:
+    external: true
+    name: ${COGNEE_WORK_NETWORK:-mishkan-cognee_cognee_net}
+
+volumes:
+  curated_neo4j_data:

package/payload/mishkan/cognee/docker-compose.hardening.yml

@@ -0,0 +1,16 @@
+# MISHKAN — cognee-mcp hardening overlay (Migdal rule: re-applied on EVERY recreate).
+# Usage: docker compose -f docker-compose.yml -f docker-compose.hardening.yml up -d
+#
+# Forbids privilege escalation and drops all Linux capabilities. The root fs is
+# left writable because uv/python write caches at runtime; /tmp is tmpfs. Tighten
+# further per the CIS Docker Benchmark once the runtime write paths are confirmed.
+
+services:
+  cognee-mcp:
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    tmpfs:
+      - /tmp
+    # cognee_data volume remains writable (declared in base compose).

package/payload/mishkan/cognee/docker-compose.selfhosted.yml

@@ -0,0 +1,114 @@
+# MISHKAN — Cognee FULLY SELF-HOSTED overlay (no external LLM/API).
+# Local Ollama (LLM + embeddings) + SHARED server backends (Neo4j graph,
+# Postgres/pgvector relational+vector) so cognee-mcp (agents) and the Graph
+# Explorer UI both read/write the SAME graph. Nothing leaves the host.
+#
+#   docker compose -f docker-compose.yml -f docker-compose.hardening.yml \
+#                  -f docker-compose.selfhosted.yml up -d --build
+#
+# All cognee config (LLM/embedding/graph/relational/vector) lives in .env so both
+# cognee-mcp and the UI backend share it. Var names per cognee v1.1.0 .env.template.
+# The only credentials are two SELF-CHOSEN LOCAL passwords (Neo4j, Postgres) —
+# no external API keys. SOPS-manage .env.
+#
+# Models (pull once into the ollama volume):
+#   ollama pull nomic-embed-text   # embeddings, 768 dims
+#   ollama pull llama3.2:3b        # LLM (light; LLM_MODEL swappable, e.g. llama3.1:8b)
+
+services:
+  ollama:
+    image: ollama/ollama:${OLLAMA_VERSION:?set OLLAMA_VERSION in .env to a pinned tag}
+    container_name: mishkan-ollama
+    restart: unless-stopped
+    volumes:
+      - ollama_models:/root/.ollama
+    expose:
+      - "11434"
+    healthcheck:
+      test: ["CMD", "sh", "-c", "ollama list >/dev/null 2>&1 || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
+    networks:
+      - cognee_net
+    security_opt:
+      - no-new-privileges:true
+    deploy:
+      resources:
+        limits:
+          cpus: "4.0"
+          memory: 10g
+
+  neo4j:
+    image: neo4j:5.26
+    container_name: mishkan-cognee-neo4j
+    restart: unless-stopped
+    environment:
+      NEO4J_AUTH: ${GRAPH_DATABASE_USERNAME:?}/${GRAPH_DATABASE_PASSWORD:?}
+      # Cognee's Neo4j adapter calls APOC (apoc.create.addLabels, etc.). The
+      # apoc-core jar ships inside the neo4j:5.26 image (/var/lib/neo4j/labs),
+      # so NEO4J_PLUGINS just activates it locally — no download needed.
+      NEO4J_PLUGINS: '["apoc"]'
+      NEO4J_dbms_security_procedures_unrestricted: "apoc.*"
+      NEO4J_dbms_security_procedures_allowlist: "apoc.*"
+    ports:
+      - "127.0.0.1:${NEO4J_HTTP_PORT:-7716}:7474"   # Neo4j Browser
+      - "127.0.0.1:${NEO4J_BOLT_PORT:-7709}:7687"   # bolt
+    volumes:
+      - neo4j_data:/data
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:7474 >/dev/null 2>&1 || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    networks:
+      - cognee_net
+    security_opt:
+      - no-new-privileges:true
+    deploy:
+      resources:
+        limits:
+          cpus: "1.5"
+          memory: 2g
+
+  postgres:
+    image: pgvector/pgvector:pg16
+    container_name: mishkan-cognee-pg
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${DB_NAME:?}
+      POSTGRES_USER: ${DB_USERNAME:?}
+      POSTGRES_PASSWORD: ${DB_PASSWORD:?}
+    volumes:
+      - cognee_pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USERNAME} -d ${DB_NAME}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
+    networks:
+      - cognee_net
+    security_opt:
+      - no-new-privileges:true
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 1g
+
+  cognee-mcp:
+    depends_on:
+      ollama:
+        condition: service_healthy
+      neo4j:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+
+volumes:
+  ollama_models:
+  neo4j_data:
+  cognee_pgdata: