Env Skin
CANONICALNEEDS KEY
S Staging
Workspace · —

Overview

Everything your agents are doing with Memory Intelligence — live, measured, receipted.
UMOs · this window
Captures · metered
Recalls · metered
Connected sources
Tokens saved · measured
Raw equivalent (cited sources)
Meaning-tokens shipped
▸ Baseline = raw tokens of the exact memories cited per query.

Protected · this window

🔒Encrypted at rest
🧾Receipted (hash chain)
Agent reads PII-scrubbed
ON
Pre-metering (uncounted)

Capture & recall activity Open usage →

CapturesRecalls

Suggested actions

Connect a source
Capture a memory
?Ask MI a question
Wire agents via MCP

Recent captures View all UMOs →

MemoryKindSourceScoreTrustCaptured
— objects

UMOs

Every Unified Memory Object. Click a row to inspect entities, relations, and its provenance receipt.
MemoryKindSourceScoreTrustCaptured
Kind = what the engine actually knows today (document vs decomposed claim). The mockup's Decision / Insight / Preference taxonomy needs a UMO-level classifier — tracked as a design gap, not faked here.

Sources

Where memory comes from. Auto-sync pulls continuously; the scheduler retries and records every run.

Connected

Available connectors · supported by the sync scheduler today

Design stage

Agents & Access

Per-agent scoped views are designed, not yet built.

The north-star — named agents, per-agent visible-UMO counts, owner-vs-redacted side-by-side — needs a policy model the cloud API doesn't have yet.

Real today:
· API keys carry scopes (READ / WRITE / DELETE / ADMIN)
· Read-time redaction branches by caller: MCP/agent reads get hard-PII scrubbed; owner reads don't (R11)
· Workspace RBAC (owner / admin / member) live server-side

Blocked on: org-isolation root (#303) → named-policy table.
Provenance ledger

Receipts

Every UMO carries a tamper-evident hash chain. Verify any memory below — live against the API.
UMOs receipted
UMOs in window
Encrypted at rest

Verify a memory · live

Encryption & sovereignty

Vault

Encrypted at rest (window)
AES-256-GCM
Envelope cipher (KEK)
.umo
Owner-key export format

Two different encryption stories — shown honestly.

Cloud (this console): content is envelope-encrypted at rest with a server-held KEK (AES-256-GCM, versioned for re-encrypt sweeps). MI can read it to serve your queries — that is what makes search work.

.umo files (desktop / export): owner-key encryption (X25519) where MI mathematically cannot read the file. That guarantee belongs to the .umo format, not this cloud database — and this console won't claim otherwise.

Coming: per-UMO .umo export from the cloud · reader-key delegation.
Governance

Policies

Named policies are a design; one global policy is live.

Finance-masked / retain-365 style named policies need a policies table and egress evaluation that don't exist yet.

Live today (global):
· pii-redact-on-agent-read — hard PII scrubbed from every MCP/agent read; owner reads unredacted
· capture-time PII handling — extract_and_redact by default
· deletion receipts — every forget generates a SHA-256 receipt row
The number that pays for itself

Usage & Savings

Measured since metering day one — never estimated backwards.
Cumulative tokens saved
Raw context (cited sources, measured)
MI meaning-tokens shipped
$ / 1M tok — dollars appear only at your own rate; we ship tokens, you own the price

This window

API requests · metered
Captures
Recalls / asks
Avg compression
p50 latency
Tokens saved

Tokens saved per model route

ModelCallsRaw tokMI tokSaved
Per-model attribution requires SDK-side telemetry — MI is not in your LLM loop and will not guess which model you called.
Unlocks when the SDK usage-report lands (tracked). Until then: no fabricated rows.
baseline — · tokenizer —
Integrate

API & Keys

Base URL —

This session's key

Key
Storage
browser localStorage · per-environment · never in this file
Management
create / revoke / rotate lives in the portal (JWT login) — memoryintelligence.io/portal

Endpoints · live on this environment

POST/v1/processCapture content → UMO
POST/v1/memories/querySemantic search / ask
GET/v1/memoriesList UMOs (pagination + filters)
GET/v1/explain/{id}Entities, relations, scores, lineage
GET/v1/provenance/verify/{id}Verify the hash-chain receipt
GET/v1/stats/proofThe proof-dashboard aggregates
POST/v1/upload · /v1/batchMedia / batch capture
DEL/v1/memories/{id}Forget, with deletion receipt

Quickstart · capture

# pip install memoryintelligence
from memoryintelligence import MI
mi = MI(api_key="mi_sk_…")
umo = mi.capture("Sarah proposed provenance hashing.")

Quickstart · ask

ans = mi.ask("what did Sarah propose?")
print(ans.answer)
# every claim cites its UMO
Model Context Protocol

MCP Server

Give any MCP client — Claude Desktop, Claude Code, Cursor — a memory it can read and write.

Connection

Package
memoryintelligence-mcp · PyPI 0.1.12
Transport
stdio
Key storage
OS keychain via mi-mcp setup — never in config files
Capture is consent-gated. Recalled content is data, not instructions.

Install · 30 seconds

# 1 — install
pip install memoryintelligence-mcp

# 2 — key into keychain, wires clients
mi-mcp setup

# 3 — restart your assistant and just talk

Exposed tools · 5 live

mi_captureSave content as an owned, structured memorylive
mi_askRecall with citationslive
mi_listList / filter memorieslive
mi_uploadCapture a file (audio, image, PDF)live
mi_forgetDelete with a receiptlive
mi_verify · mi_explainAPI live (this console uses them) — MCP tools next releasesoon
MEMORYSPACE™ · powered by MemoryIntelligence™ · Data → Meaning → Intelligence