Skillget

peoplemesh

mcp
Security Audit
Warn
Health Warn
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 6 GitHub stars
Code Pass
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This tool provides an AI-powered matching layer for organizations, helping users discover colleagues, projects, and internal opportunities using semantic search. It is designed to integrate with modern AI assistants via the MCP standard.

Security Assessment
Because the application is built to map organizations and people, it inherently processes sensitive personal data and personally identifiable information (PII). The developers claim to prioritize privacy through granular consent management and GDPR-aligned workflows, which is a strong architectural foundation. A light code scan of 12 files found no hardcoded secrets, dangerous code patterns, dangerous permissions, or shell execution capabilities. However, because it relies on external AI APIs for generating vector embeddings, it does make network requests. Overall risk is rated as Medium due to the sensitive nature of the user data it handles, requiring you to ensure your deployment environment is tightly secured.

Quality Assessment
The project is clearly in its early stages, reflected by a low community visibility of only 6 GitHub stars. Despite the low visibility, the repository appears to be under active development, with its most recent push occurring today. It utilizes continuous integration (CI) and code coverage tracking, which indicates good development hygiene. The project is protected by the standard Apache-2.0 open-source license and includes clear documentation.

Verdict
Use with caution: the code itself appears safe and well-licensed, but self-hosting this tool requires strict oversight due to the inherent sensitivity of the organizational data it processes.
SUMMARY

PeopleMesh is the AI-powered matching layer for modern organizations. It helps people discover the right colleagues, internal opportunities, communities, and projects through semantic search that understands context, not just keywords.

README.md

CI
codecov
License: Apache-2.0
Docker Hub

PeopleMesh

The right match in your mesh.

PeopleMesh is the AI-powered matching layer for modern organizations. It helps people discover the right colleagues, internal opportunities, communities, and projects through semantic search that understands context, not just keywords.

By combining embeddings with metadata-based ranking, PeopleMesh surfaces high-signal matches faster, cuts through noise, and improves internal mobility and collaboration.

Built privacy-first, PeopleMesh includes granular consent controls, configurable retention, and GDPR-aligned data rights workflows. Available via web app, API, and MCP integrations for AI assistants.

Open-source at the core. Enterprise-ready in practice. Never built on personal data monetization.

Why PeopleMesh

In large organizations, discovery is fragmented across chat, spreadsheets, and disconnected systems.
PeopleMesh provides one search surface: describe what you need in natural language and get ranked matches across all node types.

What You Can Do

  • Search colleagues, internal opportunities, communities, and initiatives with one prompt (from web UI, API, or MCP clients)
  • Build and enrich profiles (manual, CV import, OAuth import)
  • Manage skill catalogs and self-assessments
  • Discover relevant communities, projects, and initiatives
  • Access PeopleMesh from the web app, API integrations, ChatGPT/Claude via MCP, or any AI agent that supports MCP

How It Works

PeopleMesh models the organization as a single graph-like mesh where each entity is a node (people, opportunities, groups, communities, projects, initiatives, and more).
Each node is converted into an embedding vector that captures semantic meaning from its content and metadata.

When a user searches, the query is embedded in the same vector space and matched against nodes using vector similarity (cosine similarity), then ranked to return the most relevant results.

Trust, Security, and GDPR by Design

PeopleMesh is built with security and privacy controls as first-class product constraints:

  • Granular consent management by scope with user-controlled revoke/re-grant flows
  • GDPR rights support in product flows (data export, account deletion, processing restriction)
  • Configurable retention enforcement and consent-token lifecycle maintenance
  • Pseudonymized audit trails (hashed identifiers, no profile content in logs)
  • Protected maintenance surfaces (X-Maintenance-Key and optional CIDR allowlists)

Quick Start

Run locally with:

make start

Requirements: Java 25+, Maven 3.9+, Docker.

DevServices auto-starts PostgreSQL (pgvector) and Docling.
Ensure Ollama is available locally for LLM inference and embeddings.

Documentation

Technical documentation is organized in docs/README.md.

Open-source governance and legal documents:

License

Apache License 2.0.
See LICENSE.

Enterprise Support and Plugins

PeopleMesh core remains fully open-source under Apache-2.0.
Official enterprise support and proprietary enterprise plugins/connectors (for example LDAP, Slack, LinkedIn, Workday) are available separately for organizations that need them.
For enterprise inquiries, see SUPPORT.md.

Author

Reviews (0)

No results found