What are the requirements for Grimoire?

Grimoire requires a compatible MCP client such as Claude Desktop, Claude Code, or Cursor. No additional environment variables are needed for basic setup.

Is Grimoire free to use?

Yes, Grimoire is open source and free to use. You can find the source code on GitHub.

What MCP clients support Grimoire?

Grimoire works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure Grimoire?

Configure Grimoire by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

Grimoire MCP Server

Q: What tools does Grimoire provide?

grimoire_search: Performs hybrid keyword and semantic search against the indexed security documentation.. grimoire_status: Returns the current status and statistics of the indexed security database.. grimoire_quality: Checks the quality or integrity of the indexed data..

Q: How do I install Grimoire?

Install Grimoire by running: git clone https://github.com/tannernicol/grimoire.git && cd grimoire && pip install -e .

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal

git clone https://github.com/tannernicol/grimoire.git
cd grimoire
pip install -e .

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal

claude mcp add grimoire -- python "<FULL_PATH_TO_GRIMOIRE>/dist/index.js"

Replace <FULL_PATH_TO_GRIMOIRE>/dist/index.js with the actual folder you prepared in step 1.

README.md

Your LLM re-reads the same reference docs every conversation. Grimoire indexes them.

Grimoire

Your LLM re-reads the same reference docs every conversation. Grimoire indexes them once.

tannner.com ·
GitHub

The Problem

Your LLM agent needs to reference CWE-89 during a code review. Without Grimoire, it either hallucinates the details, or you paste 50 pages of NIST docs into the context window and hope it finds the right paragraph. Every conversation. Every time.

The Solution

Grimoire indexes security reference material once — CVEs, CWEs, OWASP, audit findings, your internal standards — into a single SQLite file with both FTS5 keyword search and semantic embeddings. Your LLM agent searches it mid-conversation via MCP. Exact matches when you need "CWE-89". Conceptual recall when you need "authentication bypass techniques". Both in one query.

One SQLite file. Zero cloud. Instant retrieval via MCP.

                          +------------------+
                          |   Data Sources   |
                          |  CVE  MD  CSV .. |
                          +--------+---------+
                                   |
                              ingest()
                                   |
                          +--------v---------+
                          |     SQLite DB    |
                          |  +------------+  |
                          |  | documents  |  |
                          |  +------------+  |
                          |  | docs_fts5  |  |  <-- FTS5 keyword index
                          |  +------------+  |
                          |  | embeddings |  |  <-- semantic vectors
                          |  +------------+  |
                          +--------+---------+
                                   |
                          +--------v---------+
                          |   Search Engine  |
                          |                  |
                          |  keyword (BM25)  |
                          |  semantic (cos)  |
                          |  hybrid (both)   |
                          +--------+---------+
                                   |
                     +-------------+-------------+
                     |                           |
              +------v------+           +--------v--------+
              | Python API  |           |   MCP Server    |
              |             |           |                 |
              | Grimoire()  |           | grimoire_search |
              | .search()   |           | grimoire_status |
              | .add_doc()  |           | grimoire_quality|
              +-------------+           +-----------------+

Quick Start

git clone https://github.com/tannernicol/grimoire.git
cd grimoire
pip install -e .

# Fetch and index real security data (NVD CVEs + CWE catalog + OWASP Top 10)
python scripts/fetch_sources.py all

# Search
python examples/search_demo.py "SQL injection"
python examples/search_demo.py "access control" --severity critical
python examples/search_demo.py --status

Auto-Fetch Security Data

Grimoire fetches from reputable public sources — no manual downloads:

# Everything: NVD + CWE + OWASP
python scripts/fetch_sources.py all

# Recent CVEs from NIST NVD (last 90 days, critical only)
python scripts/fetch_sources.py nvd --days 90 --severity CRITICAL

# Full CWE catalog from MITRE
python scripts/fetch_sources.py cwe

# With embeddings for semantic search (requires Ollama)
python scripts/fetch_sources.py all --embeddings

Enable Semantic Search

Requires Ollama with nomic-embed-text:

ollama pull nomic-embed-text
python scripts/fetch_sources.py all --embeddings
python examples/search_demo.py "authentication bypass" --mode hybrid

Why Not Just Use RAG?

Most RAG setups do one thing: chunk documents, embed them, vector search. That works until you need an exact CVE number, a specific NIST control ID, or a CWE by name. Vector search alone misses exact matches.

Grimoire runs both:

FTS5 (BM25) for keyword precision — finds "CWE-89" when you search "CWE-89"
Semantic embeddings (cosine similarity) for conceptual recall — finds SQL injection variants when you search "database manipulation"
Hybrid mode combines both with configurable weighting (default 40/60 keyword/semantic)

Everything lives in a single SQLite file. N

Tools (3)

grimoire_searchPerforms hybrid keyword and semantic search against the indexed security documentation.

grimoire_statusReturns the current status and statistics of the indexed security database.

grimoire_qualityChecks the quality or integrity of the indexed data.

Configuration

claude_desktop_config.json

{"mcpServers": {"grimoire": {"command": "python", "args": ["/path/to/grimoire/mcp_server.py"]}}}

Try it

→Search for details on CWE-89 to help with my current code review.

→Find recent critical CVEs from the last 90 days related to authentication bypass.

→What is the current status of the security documentation index in Grimoire?

→Search for information on OWASP Top 10 vulnerabilities using hybrid mode.

Frequently Asked Questions

What are the key features of Grimoire?

Hybrid search combining FTS5 keyword precision and semantic embeddings. Local-first architecture using a single SQLite file. Automated ingestion of NVD CVEs, CWE catalog, and OWASP Top 10. Configurable weighting between keyword and semantic search results.

What can I use Grimoire for?

Providing LLM agents with accurate, non-hallucinated security reference data during code reviews. Querying specific CVE or CWE identifiers without pasting large documents into the context window. Performing conceptual security research on vulnerability patterns using semantic recall. Maintaining a local, offline-capable security knowledge base for audit findings.

How do I install Grimoire?

Install Grimoire by running: git clone https://github.com/tannernicol/grimoire.git && cd grimoire && pip install -e .

What MCP clients work with Grimoire?

Grimoire works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Grimoire docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all search servers →