Memorylayer

Hosted memory runtime for agents
Docs Agents Connect
Resources
ArchitectureRuntime boundaries, schemas, and request path. IntegrationsCodex, Claude, CI, scripts, and custom clients. Use casesHandoff, research, incidents, and automations. CapabilitiesFull service and agent-facing capability ledger. ExamplesRequest and response fixtures for client builders. API explorerEndpoint shapes and hosted bridge calls. SDKsCopyable HTTP snippets and playbooks. SecurityBoundary, headers, auth, and disclosure model.
Log in Continue with GitHub
Changelog

The hosted service is moving fast.

Short release notes for the cloud host, product surface, and agent-facing API.

Status Docs
ship record verify next
01 / Ship
Small product batches

Changes land as focused service, docs, UI, and integration improvements.

02 / Record
Readable release notes

The changelog keeps user-facing changes visible without digging through commits.

03 / Verify
Tests and live checks

Each deploy is checked locally and against memorylayer.run after restart.

04 / Next
Keep tightening

Connection flow, dashboard clarity, hosted MCP coverage, and docs stay the focus.

Current focusHosted API, dashboard visibility, and agent setup.
Next obvious workBackground jobs, team management depth, and client SDKs.
PrincipleKeep the cloud layer thin around the real Engram engine.
2026-05-28
Workspace operations expansion
Added repeatable VPS deploy and live-check scripts plus a public deploy-plan JSON endpoint.
Added workspace agent config exports: bundled agent config JSON, Codex TOML, and Claude skill markdown.
Added workspace observability with latency, p95, failure rate, slow-route sampling, runtime cache context, and recent ingest health.
Added ingest preview plus markdown-heading and CSV-row splitting modes before memory writes.
Expanded workspace and dashboard UI with connection profile shortcuts, observability panels, ingest preview commands, and richer operator signals.
Bumped the app package version to 0.3.0.
2026-05-27
Service self-inspection
Added public architecture and readiness JSON endpoints so clients can inspect the live runtime, storage backend, models, limits, and health checks.
Wired the architecture and status pages to the same service contract used by API clients instead of duplicating static implementation details.
Expanded the service manifest, sitemap, and API examples with the new machine-readable self-inspection surfaces.
Bumped the app package version to 0.2.0.
2026-04-24
Product page expansion
Added architecture, use-case, operations, and integrations pages to explain the hosted runtime from client, operator, and workspace perspectives.
Expanded the public manifest, sitemap, navigation, and capability index so clients can discover the new service documentation.
Added route coverage for the new public pages and metadata links.
2026-04-24
Themed error system
Replaced the single 404 treatment with a reusable Memorylayer error page for browser-facing 400, 401, 403, 404, 405, 410, 413, 429, and 500 responses.
Kept API errors machine-readable so clients still receive JSON for /api routes.
Wired middleware-level security blocks into the same themed browser error renderer.
2026-04-24
HTTP probe hardening
Blocked common Python HTTP-server and reverse-proxy probe paths before routing: traversal markers, encoded path escapes, dotfiles, PHP probes, and unsafe methods.
Added strict JSON object parsing for workspace API routes and records malformed JSON requests when they include a valid workspace key.
Added production startup checks for unsafe HTTPS secrets.
Added a custom Memorylayer 404 page for public missing routes while keeping API 404s JSON-shaped.
2026-04-24
Security hardening
Added global security headers: CSP, frame blocking, nosniff, referrer policy, permissions policy, and HSTS on HTTPS.
Added host allow-list enforcement, browser origin checks for state-changing workspace routes, and request body size limits.
Hardened session cookie settings with a dedicated cookie name, SameSite=Lax, configurable HTTPS-only cookies, and a bounded session lifetime.
Added basic auth/API throttles plus input bounds for workspace names, queries, memory content, ingest payloads, labels, roles, and API limits.
Expanded security tests to cover headers, bad hosts, and cross-origin form blocking.
2026-04-24
Editorial visual reset
Replaced the glow-heavy dark treatment with a calmer editorial product system: ivory surface, black ink, restrained borders, and less decorative noise.
Reworked the shared navigation, hero, badges, forms, code blocks, and diagram panels so inherited pages feel more deliberate.
Tightened the homepage headline and connection-kit positioning around concrete hosted-memory infrastructure.
Kept the service free positioning while making the public site look closer to a serious developer product.
2026-04-24
Cloud host
Added workspace paste, file, and batch API ingestion.
Added ingestion run history and recent memory export.
Added structured API usage tracking per workspace key.
Added hosted usage endpoint and dashboard activity stream.
Redesigned the public site around a cleaner infrastructure-style shell.
Added hosted MCP bridge, bootstrap payloads, and downloadable starter skills.
2026-04-23
Initial service
Added GitHub login, workspace provisioning, invites, and API keys.
Provisioned one Engram schema per workspace.
Deployed Memorylayer to the VPS at memorylayer.run.