Installation
What you'll do
Get a local Stigmem node running. Three paths: a two-node federated quickstart with Docker Compose (fastest), running from the Python source directly (development), or installing as a persistent macOS LaunchAgent (always-on local node).
Local-dev defaults only.
The Docker Compose path runs plaintext federation between two loopback containers for the quickstart. Production federation requires mTLS — see mTLS federation transport before exposing a node outside of localhost.
Prerequisites
Path A · Single-command install (two-node federation)
git clone https://github.com/eidetic-labs/stigmem
cd stigmem
docker compose up --build -d
This builds the reference node image once and starts two federated nodes:
| Container | Host port | Well-known URL |
|---|---|---|
node-a | 8765 | http://localhost:8765/.well-known/stigmem |
node-b | 8766 | http://localhost:8766/.well-known/stigmem |
Verify both are healthy:
curl -s http://localhost:8765/healthz # {"status":"ok"}
curl -s http://localhost:8766/healthz # {"status":"ok"}
For the full two-node federation walk-through — peer handshake, fact assertion, replication verification — continue to the Quickstart.
Docker Compose configuration
docker-compose.yml in the repo root sets up the two-node quickstart
cluster. Key environment variables:
STIGMEM_FEDERATION_ENABLEDtrueSTIGMEM_NODE_URLSTIGMEM_FEDERATION_INSECURE1STIGMEM_LOCAL_DEV_ALLOW_INSECURE_NON_LOOPBACK1node-a, node-b) for the plaintext demo.STIGMEM_FEDERATION_PULL_INTERVAL_S30STIGMEM_SECRET_KEYTo customize, copy docker-compose.yml and edit the environment:
block before running.
Production checklist.
Remove both insecure local-dev flags
(STIGMEM_FEDERATION_INSECURE and
STIGMEM_LOCAL_DEV_ALLOW_INSECURE_NON_LOOPBACK) and
configure mTLS per
mTLS federation transport before peering
outside localhost.
4-node topology (soak / staging)
For multi-node deployments, use the soak Compose file:
docker compose -f infra/docker-compose.soak.yml up --build -d
This starts four nodes (node-a through node-d on ports 8765–8768)
in a full-mesh topology. See the
4-node topology guide for
peer wiring, failure injection, and soak metrics.
Path B · Running without Docker (development)
For development against the source directly:
cd stigmem/node
pip install -e . # or: uv sync
python -m stigmem_node
The node starts on http://localhost:8000. Interactive Swagger UI at
http://localhost:8000/docs.
Running as a persistent service (macOS)
The service-install.sh script registers Stigmem as a macOS
LaunchAgent that starts automatically at login and restarts on crash
— no Docker required.
Prerequisites
A Python venv built in the repo root (run uv sync if you haven't
already):
uv sync
The script expects .venv/bin/stigmem-node to exist; it will fail
fast if it doesn't.
Install
bash scripts/service-install.sh
The script:
- Generates a LaunchAgent plist at
~/Library/LaunchAgents/com.eidetic-labs.stigmem.plist. - Bootstraps it with
launchctl bootstrap(nosudorequired). - Polls
http://127.0.0.1:8765/healthzfor up to 10 seconds and prints the result.
The service runs with these environment variables baked in:
STIGMEM_HOST127.0.0.1STIGMEM_PORT8765STIGMEM_DB_PATHdata/stigmem.dbSTIGMEM_FEDERATION_ENABLEDfalseLogs are written to logs/stigmem.log (stdout) and
logs/stigmem-error.log (stderr).
Verify
curl -s http://127.0.0.1:8765/healthz # {"status":"ok"}
lsof -i :8765 # shows the stigmem-node process
Uninstall
bash scripts/service-uninstall.sh
Stops the service, unregisters it from launchctl, and removes the
plist. The database at data/stigmem.db is preserved.
The service label is com.eidetic-labs.stigmem. To inspect it directly:
launchctl print gui/$(id -u)/com.eidetic-labs.stigmem
Upgrading
git pull
docker compose up --build -d # rebuilds the image from updated source
Data volumes persist across rebuilds. Run database migrations automatically on startup — there is no manual migration step.
Teardown
docker compose down # stop containers; preserve data volumes
docker compose down -v # stop and delete all data volumes