Is Mnemosyne production-ready at 1.0.0?
Yes. 141 tests across 16 suites pass under Vitest with about 94% coverage; TypeScript maximum strict mode
is clean; Biome lint is clean; publint and @arethetypeswrong/cli are clean across
every subpath. The suite and the distribution smoke test are run on the Node 20, 22, and 24 matrix. Every
published release carries SLSA provenance produced by GitHub Actions.
How is this different from a closed memory endpoint or a single agent daemon?
A closed endpoint or a single agent daemon keeps memory hidden inside itself: you cannot inspect what it
holds, you cannot move it to another runtime or vendor, and it lives where the vendor decides. Mnemosyne
keeps memory portable, inspectable, and on your infrastructure, with an identity that is stable and
provable across model swaps. That is the differentiator.
Why not let each agent keep its own memory?
You can, and many do. The cost is a pool of agents that re-derive the same facts, disagree about state, and
cannot pick up where another left off. Mnemosyne is the hippocampus of the swarm: namespaced, versioned,
content-addressed records that every agent reads and writes, so the working knowledge is shared instead of
duplicated and drifting.
Does Mnemosyne require a specific backend?
No. The MemoryStore is pluggable: an in-memory store, an edge key-value store such as Cloudflare Workers KV
and lookalikes, a Node file store, or any key-value backend you bring. The semantics are identical
everywhere, so a record written through one store reads back identically through another, and your provider
credentials never live in Mnemosyne.
Does this work in Cloudflare Workers, Vercel Edge, Bun, or Deno?
Yes. The core is node-free; the audit chain and snapshot signatures use the Web Crypto API, not
node:crypto. Import @takk/mnemosyne on any runtime with Web Crypto. Only
@takk/mnemosyne/node, the file store, requires the Node standard library.
How does Mnemosyne handle my data?
Mnemosyne holds the records you remember and the configuration you pass, nothing else. The node-free core
makes no outbound network calls of its own. Field-level masking and a data residency tag apply before a
record crosses a boundary, hashing is deterministic so masked records stay joinable, and with the file
store only the files you point it at are read from disk.
How does an agent keep its identity across model swaps?
A deterministic 256-dimensional identity projects a persona to the same vector byte-for-byte regardless of
model, so an agent keeps the same identity seed when you swap GPT for Claude. This is a fingerprint of the
persona definition, not a behavioral guarantee: it proves the identity you configured is unchanged across
the swap, not that a different model answers the same way. Call deriveIdentity to get the
vector and identityDistance to measure persona-definition drift as a cosine distance, a number
rather than a guess.
Is the audit trail a digital signature?
Both, for different things. The access log is a SHA-256 hash chain, where each entry is chained to the
previous through a hash of its canonical form, so any later edit breaks the chain. That is an integrity
seal. Snapshots go further and are Ed25519-signed, so a transferred memory set also proves who produced it.
Both run over Web Crypto.
Which agents and models does it support?
Any of them. Memory is model-agnostic: OpenAI, Anthropic, Google, a local model, or a mix all share the
same records, and a persona keeps the same identity across them. Memory is also exposed as a Model Context
Protocol (MCP) resource and tools (mnemosyne_remember, recall, query),
so any MCP host can read and write it.
Where does the state live?
Wherever the store you choose puts it: RAM with the in-memory store, your own KV with the edge store, or
disk with @takk/mnemosyne/node. Ed25519-signed snapshots move a memory set between
infrastructures over Web Crypto, so you can export from one runtime and restore into another, or checkpoint
between edge invocations.
How does it keep sensitive fields under control?
Field-level masking applies redact, hash, or partial masks before memory crosses a boundary, and a data
residency tag travels with the record and is enforced at the boundary. Hashing is deterministic, so a masked
field still joins across records, and the original value never leaves the boundary in the clear.
How do I verify a published version's provenance?
Every release is published with npm publish --provenance. Check the attestations with
npm view @takk/mnemosyne@<version> --json | jq .dist.attestations. The attestation
links the tarball you installed to the GitHub Actions workflow that built it from a specific source commit.
What is the policy on breaking changes?
Strict SemVer 2.0.0, starting from 1.0.0. The binding stability surface is documented in SPEC.md section
5. Major bumps require a deprecation cycle; security fixes follow the disclosure flow in SECURITY.md.