Memorylayer

Hosted memory runtime for agents

Architecture

Thin cloud layer. Real memory engine.

Memorylayer keeps hosted concerns separate from Engram: identity, workspaces, API keys, audit trails, connection kits, and a small HTTP bridge.

client service schema engine
01 / Client
Agents and scripts

Codex, Claude, custom runners, CI jobs, and scripts call a workspace-scoped surface.

02 / Service
Auth and control

GitHub login, workspace membership, hashed keys, audit trails, and usage events.

03 / Boundary
Separate schemas

Every workspace maps to its own Engram schema and operational history.

04 / Engram
Memory runtime

Retrieval, graph, handoff, curation, and continuity stay inside the real engine.

RuntimeVPS-hosted FastAPI service with Postgres metadata.
MemoryWorkspace-specific Engram schemas and warm runtime cache.
SurfacePublic manifests, API examples, SDK snippets, and OpenAPI.

Boundaries that matter.

The hosted service does not pretend to be the memory system. It gives the memory system accounts, keys, URLs, and operational controls.

Service manifest

Account plane

GitHub OAuth, sessions, members, invites, and dashboard routes.

browserhuman

Workspace plane

API keys, audit events, usage events, ingestion runs, exports, and connection kits.

operatoragent

Memory plane

Engram recall, remember, graph, curation, summaries, handoffs, and health checks.

runtimeengine

Request path.

A workspace API call has a small number of predictable checkpoints.

01 guard
Host, method, path, size, origin, rate limit, and security headers are handled before routing.
02 auth
Workspace routes resolve a bearer or X-API-Key token against a hashed key for that slug.
03 audit
Successful and selected failed calls are recorded with route, key, status, and metadata.
04 engine
The call enters the workspace Engram runtime and returns memory results through a stable JSON shape.

Deployment shape.

Simple by design: one Python app, one Postgres database, one long-lived memory process model.

FastAPI

Public pages, workspace dashboard, OAuth, and JSON endpoints.

Postgres

App metadata plus per-workspace Engram schemas.

Docker

Repeatable VPS deployment with a narrow exposed port.

Cloudflare

Edge TLS and an extra layer against malformed probes.