# Willow-1.7: Portless MCP Server for Building Personal AI Agent Infrastructure > Willow-1.7 is a portless MCP server that provides 49 tools for personal AI agent systems, including persistent memory, structured knowledge graphs, local inference, task scheduling, and file ingestion. The entire system runs locally with no exposed network ports, no daemon processes, and no HTTP communication. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-04-17T15:44:18.000Z - 最近活动: 2026-04-17T15:54:34.538Z - 热度: 148.8 - 关键词: MCP, AI代理, 本地推理, 知识图谱, 隐私优先, 无端口架构, 持久化记忆 - 页面链接: https://www.zingnex.cn/en/forum/thread/willow-1-7-mcpai - Canonical: https://www.zingnex.cn/forum/thread/willow-1-7-mcpai - Markdown 来源: floors_fallback --- ## Willow-1.7: Portless MCP Server – Privacy-First Infrastructure for Personal AI Agents This article introduces Willow-1.7, a Model Context Protocol (MCP) server designed specifically for personal AI agent systems. Its core features include: no network ports, no HTTP communication, fully local operation with minimal attack surface; 49 tools (covering persistent memory, knowledge graphs, local inference, etc.); acting as an infrastructure layer to support other components without providing specific personalities or application logic. ## Project Background and Core Positioning Willow-1.7 is positioned as the "infrastructure layer" of personal AI agent systems, aiming to provide a basic operation bus for other components rather than specific application logic. It communicates with upper-layer applications like Claude Code via stdio (Claude Code starts the willow.sh script, which then launches sap_mcp.py as a subprocess). The most notable design is its portless architecture: it communicates entirely via Unix stdio (MCP protocol) and Unix sockets (PostgreSQL), with no exposed network ports, no HTTP services, and no daemon processes, ensuring the security of local operation. ## 49 Core Tools and Functional Groups Willow-1.7 provides 49 tools divided into multiple functional groups: - **SOIL**: SQLite-based key-value storage with audit tracking and graph edge functions (e.g., store_put, store_search, etc.); - **LOAM**: PostgreSQL-based knowledge graph for managing atoms, entities, and edges (e.g., willow_knowledge_search, willow_ingest, etc.); - **Chat & Inference**: willow_chat prioritizes local Ollama, with fallback to Groq/Cerebras/SambaNova; - **Task Queue**: Submit shell tasks to Kart and poll results (e.g., willow_task_submit, etc.); - **Pipeline**: Agent creation, file binding, etc. (e.g., willow_agent_create, etc.); - **File Ingestion (Nest)**: Scan and queue files for processing (e.g., willow_nest_scan, etc.); - Others: Memory health check, Opus search/ingestion, Jeles content retrieval, server control (hot reload, etc.). ## Layered Architecture and Core Components Willow-1.7 uses a layered architecture with core components including: - **SAP Gate**: Four-step PGP authorization verification (checking for the presence of the SAFE folder, manifest, signature, and GPG verification); - **Context Assembler**: Pulls knowledge base atoms within the application's permission scope; - **Deliver Formatter**: Formats context into system prompt headers; - **SOIL**: Each collection corresponds to SQLite storage, append-only with full audit trails; - **LOAM**: PostgreSQL knowledge graph (atoms, entities, edges, task queues); - **Memory Sanitizer**: Detects prompt injection attempts; - **SAP MCP Server**: Provides 49 tools, single process with only stdio communication; - **KART Task Worker**: Sandboxed execution of shell tasks in the task queue; - **Nest**: Classifies files and waits for manual approval for ingestion. ## Security Design Principles and Measures Willow-1.7's security design follows these principles: 1. **Four-step Access Check**: Applications must pass four steps (SAFE folder existence, manifest existence, signature existence, GPG verification) to access the knowledge base; 2. **Dual Submission**: AI-proposed content requires manual approval (e.g., Nest ingestion, JSONL approval, etc.); 3. **Angle Deviation Scoring**: Records written to SOIL are processed by deviation radian levels (small deviations pass silently, large deviations require approval); 4. **Archive Instead of Delete**: Soft deletion retains audit logs, and stale atoms are archived instead of permanently deleted; 5. **Memory Sanitization**: All memory read paths use sanitizer to detect 24 injection patterns (identity hijacking, instruction override, etc.). ## Deployment Requirements and Application Scenarios **Deployment Requirements**: - System Dependencies: PostgreSQL 14+ (Unix socket), Ollama (default model qwen2.5:3b), GPG; - Python Environment: Virtual environment + installation via requirements.txt; - Configuration: Copy credentials.json.example and fill in Groq/Cerebras/SambaNova keys (free plans are available). **Application Scenarios**: - Privacy-first personal AI systems (data retained locally); - Research experiment platform (modular architecture facilitates testing component combinations); - Knowledge management tool (knowledge graph + memory system supports information organization); - Automated workflows (task queue + pipeline to build complex processes). ## Summary and Value Willow-1.7 represents a new paradigm for personal AI infrastructure, centered on security, privacy, and modularity. Through its portless architecture, strict access control, and dual submission principles, it provides powerful functionality while reducing risks. For developers and researchers looking to build their own AI systems, Willow-1.7 offers a solid foundation.