SAIHM MCP Server
Provides non-custodial, post-quantum encrypted memory for AI agents, enabling portable memory across models with provable erasure.
README
demo-cross-model-memory
One client-side-encrypted memory. Every model. Erasure you can prove.
⭐ Star this repo and share it — help every agent get portable, provable memory. Share on X.
This is a tiny, runnable demo of SAIHM — non-custodial, post-quantum memory for AI agents. It stores three personal facts, grounds two models at once (Claude and DeepSeek by default — or Qwen, Kimi, GLM, GPT; your pick) in the same memory, then forgets one fact and shows that neither model can use it any more.
It runs fully offline with zero signup against a local blind endpoint (included, ~130 lines), or against the real hosted SAIHM service with one environment variable.
git clone https://github.com/citw2/demo-cross-model-memory
cd demo-cross-model-memory
npm install
node demo.mjs
What you'll see
------------------------------------------------------------------------
SAIHM cross-model memory demo
------------------------------------------------------------------------
agent id : e4203f25c7dd3a9b...
endpoint : http://127.0.0.1:<port>/mcp (local sandbox)
custody : non-custodial (the endpoint stores ciphertext only; it holds no key)
models : Claude + DeepSeek (set MODEL_A / MODEL_B to: claude, deepseek, qwen, kimi, glm, openai)
Sealed and stored 3 facts (the endpoint now holds 3 opaque shards).
------------------------------------------------------------------------
(1) One memory, every model -- Claude and DeepSeek, both grounded in SAIHM:
------------------------------------------------------------------------
[Claude - offline mock]
What I know about you:
- My name is Dana Okafor.
- I am allergic to penicillin.
- I am building a Rust ray tracer called Lumen.
Medically: per "I am allergic to penicillin.", avoid the substance it names.
[DeepSeek - offline mock]
What I know about you:
- My name is Dana Okafor.
- I am allergic to penicillin.
- I am building a Rust ray tracer called Lumen.
Medically: per "I am allergic to penicillin.", avoid the substance it names.
------------------------------------------------------------------------
(2) Provable erasure -- forget the allergy, then ask the same question again:
------------------------------------------------------------------------
forget("I am allergic to penicillin.") -> recall now returns: NOTHING (crypto-shredded)
[Claude - offline mock]
What I know about you:
- My name is Dana Okafor.
- I am building a Rust ray tracer called Lumen.
Medically: nothing is remembered on that, so I won't guess.
[DeepSeek - offline mock]
What I know about you:
- My name is Dana Okafor.
- I am building a Rust ray tracer called Lumen.
Medically: nothing is remembered on that, so I won't guess.
Two things just happened that a per-vendor "memory" feature doesn't give you:
- Portability across models. Your memory lives with you, not inside one model's account — one live store that grounds Claude and DeepSeek at once, with no per-vendor export or lossy one-time import. The same store would ground GPT, Qwen, Kimi, GLM, a local model, or your own agent, unchanged.
- Provable erasure.
forgetcrypto-shreds the cell (its wrapped key is destroyed).recallreturns nothing for it, and every model loses access at once — not a soft "hidden" flag. This is what GDPR Art. 17 ("right to erasure") actually asks for.
Choose your models (any two, side by side)
The demo runs two models next to each other to show the same memory grounding both. Pick them with MODEL_A / MODEL_B (default: claude + deepseek):
MODEL_A=qwen MODEL_B=kimi node demo.mjs
MODEL_* value |
Model | API key env (BYOK) |
|---|---|---|
claude |
Claude (Anthropic) | ANTHROPIC_API_KEY |
deepseek |
DeepSeek | DEEPSEEK_API_KEY |
qwen |
Qwen (Alibaba) | DASHSCOPE_API_KEY |
kimi |
Kimi (Moonshot) | MOONSHOT_API_KEY |
glm |
GLM (Zhipu) | ZHIPUAI_API_KEY |
openai |
GPT (OpenAI) | OPENAI_API_KEY |
With no key set, a model answers in a deterministic offline mock, so the demo runs end to end with zero setup. Set a key to get real answers; keys are read from your environment and sent only to that model's own API. The DeepSeek / Qwen / Kimi / GLM / GPT calls are the same OpenAI-compatible request — SAIHM reaches every model through one path. (Override a provider's base URL or model id without touching code via SAIHM_<MODEL>_URL / SAIHM_<MODEL>_MODEL.)
That every one of these models can be grounded in — and erased from — a single store is the whole point: your memory is yours, not locked inside one vendor.
Go live against the real SAIHM service
The local sandbox is a throwaway stand-in so you can try the protocol offline — it is not the SAIHM service and stores nothing beyond the current process. To run the exact same demo against the real, hosted, blind endpoint:
-
Join SAIHM at saihm.coti.global/join and onboard to obtain your JWT. (Going live requires a paid membership — there is no free tier.)
-
Point the demo at the live endpoint:
export SAIHM_ENDPOINT_URL=https://saihm.coti.global/mcp export SAIHM_AUTH_HEADER="Bearer <your-onboard-JWT>" export SAIHM_MASTER_SECRET_HEX=<at least 64 hex chars, generated and held only by you> node demo.mjs
Your master secret never leaves your machine; the endpoint only ever receives ciphertext.
How it works
@saihm/mcp-server-pro(the client) seals every cell with@saihm/client-pro: an ML-DSA-65 identity signs it, a per-cell AES-256-GCM key encrypts it, and that key is wrapped under a key-encryption key derived from your master secret. Sharing uses ML-KEM-768. All of this happens in your process.- Only opaque ciphertext is POSTed to the endpoint.
sandbox.mjsis a complete, readable blind operator: it stores and returns ciphertext and never holds a key — exactly the property the hosted service provides at scale (with on-chain anchoring, authenticated sharing, and metering). forgettells the endpoint to destroy the wrapped key. Without it the ciphertext is unrecoverable noise — that is the "crypto-shred".
Built on / see also
@saihm/mcp-server-pro— the production sealing client this demo uses (npm).@saihm/client-pro— the post-quantum client crypto library (npm).@saihm/mcp-server— the open MCP thin-client for the SAIHM transport (npm).- Learn more: AI memory needs a standard · What makes SAIHM different.
- Join the protocol: saihm.coti.global/join.
License
Apache-2.0 © SAIHM
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.