SAIHM
The SAIHM server provides a sovereign, encrypted, persistent memory layer for AI agents, enabling them to store, retrieve, share, and govern private data.
saihm_remember— Encrypt and store information as a persistent memory cell (using per-cell DEKs and per-agent KEKs, persisted to Filecoin).saihm_recall— Retrieve and decrypt stored memories, optionally filtered by a keyword query.saihm_forget— Cryptographically erase a specific memory cell by its ID, satisfying GDPR Article 17 (right to erasure).saihm_status— View session statistics including Protocol Runtime State (PRS), BFSI metrics, storage tier usage, sharing contracts, and PHI details.saihm_share— Create a sharing contract (temporary, permanent, or syndicate) granting agents read, write, or read-write access to specific memory shards, with an optional expiry.saihm_revoke_share— Revoke an existing sharing contract by its contract ID, removing previously granted access.saihm_governance_propose— Submit a governance proposal (scoped toemission_paramorprotocol_upgrade) to the gSAIHM governance system.saihm_governance_vote— Cast an approve or reject vote on an open governance proposal, with voting weight derived from the voter's gSAIHM token balance at the proposal's snapshot epoch.
SAIHM MCP Server
Sovereign, encrypted, sharable, persistent memory protocol for AI agents.
v0.3.1 · Apache-2.0 · COTI V2 mainnet
What this is
A Model Context Protocol server that exposes eight tools any MCP-capable AI agent (Claude Code, Claude Desktop, custom agents) can call to gain a persistent, encrypted memory layer the user owns:
saihm_remember— store an encrypted memory cellsaihm_recall— retrieve and decrypt your memoriessaihm_forget— true cryptographic erasure (GDPR Art. 17)saihm_status— your protocol-runtime stats and storage tier dashboardsaihm_share/saihm_revoke_share— selectively share a memory with another agent or usersaihm_governance_propose/saihm_governance_vote— protocol governance via gSAIHM
Each tool forwards to a SAIHM operator endpoint that runs the full protocol stack on COTI V2 mainnet. The server itself holds no crypto, no storage, and no protocol runtime — those live behind the operator endpoint.
Related MCP server: Central Intelligence
Install
npm install @saihm/mcp-server
# or run directly without install:
npx @saihm/mcp-serverConfigure
The server needs two env vars:
SAIHM_ENDPOINT_URL=https://operator.example.com/saihm/v1
SAIHM_AUTH_HEADER=Bearer <token-issued-by-your-operator>SAIHM_ENDPOINT_URL— the SAIHM operator endpoint. Operators publish their endpoint URLs at https://saihm.coti.global.SAIHM_AUTH_HEADER— theAuthorizationheader value the operator expects (typically aBearer <token>issued to you after key-bound enrolment). The server is authentication-agnostic and never transmits raw private keys; the operator's enrolment flow keeps your signing key on your machine.
Place these in a .env file alongside the server (the .gitignore excludes
all .env* files from any future repo).
Wire into Claude Code
{
"mcpServers": {
"saihm": {
"command": "npx",
"args": ["@saihm/mcp-server"],
"env": {
"SAIHM_ENDPOINT_URL": "https://operator.example.com/saihm/v1",
"SAIHM_AUTH_HEADER": "Bearer <token>"
}
}
}
}What gets persisted, where
The server itself persists nothing. The operator endpoint runs the full protocol stack: cells are encrypted under a per-cell DEK, sealed by a per-agent KEK, persisted to Filecoin, and audited on COTI V2 mainnet. See the operator's documentation for tier details.
Reporting engine
A reporting library is bundled as a sub-export, so operators can compose the eight MCP calls into bespoke reports with their own tooling (no extra dependency, no extra service):
import {
validateBespokeTemplate,
registerTemplate,
generateRegistryAttestation,
StubPublicRegistry,
InMemoryReportingRuntime,
GDPR_ART15_FIELDS,
REGISTRY_ATTESTATION_FIELDS,
type BespokeReportTemplate,
} from "@saihm/mcp-server/reporting";What it covers
Field universe (
FIELD_UNIVERSE) — 280 fields (262 framework + 18 ledger). Templates that project a field outside this set are rejected at validation.Bespoke template schema — zod validator + universe-membership check + scope/cap enforcement.
Authorization path validators — 4 paths:
public/self/operator-self/operator-for-downstream.Receipt emission — 6 sub-kinds (
report_generated/report_rejected/template_registered/template_superseded/erasure_chain_broken/rate_limit_exceeded) under a stable HKDF receipt domain.Framework smoke —
registry-attestation(public auth) for end-to-end plumbing verification.
Constraints
Every
fieldProjections[]entry MUST be inFIELD_UNIVERSE.scope.customerIdHashes64-hex; max 10,000 per template.scope.timeRangewindow ≤ 366 days.fieldProjectionslength 1–200.framework∈ {gdpr-art-15,gdpr-art-17,soc2-t1,soc2-t2,iso27001,aml,audit-export,billing-history,registry-attestation}.format∈ {pdfa3,json,csv}.
Worked example
const template: BespokeReportTemplate = {
templateId: "acme-q1-summary",
templateVersion: 1,
operatorIdHash: "ab".repeat(32),
scope: {
customerIdHashes: ["cd".repeat(32)],
timeRange: { from: "2026-01-01T00:00:00Z", to: "2026-04-01T00:00:00Z" },
},
framework: "gdpr-art-15",
fieldProjections: [GDPR_ART15_FIELDS[0], GDPR_ART15_FIELDS[1]],
format: "pdfa3",
};
const v = validateBespokeTemplate(template);
if (!v.valid) throw new Error(v.errors.join(", "));
const runtime = new InMemoryReportingRuntime(); // replace with your audit-ledger runtime
const reg = await registerTemplate(template, runtime);
if (reg.ok) console.log("registered:", reg.templateHash);In production, replace InMemoryReportingRuntime with a runtime that persists audit payloads to your operator's audit ledger. Operators who inject signature verifiers should use pure-crypto libraries (@noble/curves for EIP-712, @noble/post-quantum for FIPS 204 ML-DSA) — the package itself bundles no EVM tooling.
Security
The server enforces a small set of defaults so misconfiguration cannot leak the Authorization header in transit:
HTTPS-only endpoints.
SAIHM_ENDPOINT_URLmust usehttps://. Plainhttp://is rejected at construction time, except for127.0.0.1andlocalhost(so a local operator endpoint works during development).Per-call abort window. Each request runs under an
AbortControllerthat aborts after 30s, preventing a hung endpoint from starving the MCP server.Response-size cap. Responses whose
Content-Lengthexceeds 16 MB are rejected before deserialisation.No header echo.
Authorizationis never included in thrown error messages or stdout.No filesystem reads. The package never reads from disk; configuration flows entirely through env vars.
Zero EVM tooling. No
ethers, noeth_*, no Solidity. If operators inject signature verifiers viaAuthVerifiers, they should use pure-crypto libraries (@noble/curves,@noble/post-quantum).
Trust model: this client trusts whatever endpoint the operator configures. Cell IDs, audit anchors, and report receipts returned from that endpoint are surfaced to the agent verbatim — operators are the authority for content shown via saihm_recall. Verifying receipts against COTI V2 mainnet anchors is out of scope for this server; consume the cellId and auditCellId fields and verify against your own SAIHM mainnet read path.
For distribution integrity, the SAIHM publisher signs releases via npm sigstore provenance; verify with npm view @saihm/mcp-server --json | jq .dist and npm audit signatures.
Dependencies
The published npm package has a minimal runtime surface:
Dependency | License | Role |
Node.js (≥ 20.x) | MIT | Runtime |
| MIT | MCP SDK; binds the eight-tool surface |
TypeScript | Apache-2.0 | Build-time only |
| MIT | TypeScript runner for tests + CLI |
No copyleft, no proprietary dependencies. Cryptographic primitives at the
operator-endpoint layer (ML-DSA-65 / HKDF / Ed25519) are not bundled into
this MCP server; operators implementing the protocol stack are recommended
to use @noble/post-quantum and @noble/curves (MIT) rather than rolling
custom code.
Achievements
OpenSSF Best Practices Passing badge — project 12898, 100% Passing criteria (2026-05-19). https://www.bestpractices.dev/projects/12898
IETF Independent Submission Stream —
draft-saihm-memory-protocol-00accepted into pipeline (2026-05-18). https://datatracker.ietf.org/doc/draft-saihm-memory-protocol/npm registry —
@saihm/mcp-server@0.3.1published (2026-05-28), a metadata patch that sources the MCPserverInfo.versionfrompackage.json(was hardcoded"0.1.0"from 0.1.0 through 0.3.0). 0.3.0 (also 2026-05-28) aligned thesaihm_statusresponse shape withdraft-saihm-memory-protocol-01§3.4 (full eight-field schema:prs,bfsi,bfsi_window_start_ts,bfsi_R,bfsi_M,shards,contracts,governance). 0.2.0 (also 2026-05-28) aligned the cell-tuple response shape with §2.1; 0.1.3 was the OpenSSF Best Practices Passing badge release (2026-05-19).MCP Registry / Glama — server listed for discovery (2026-05-16).
Roadmap
A 12-month roadmap is maintained in the project's AAIF proposal and will be mirrored to https://saihm.coti.global/roadmap with the v0.2.x release. Near-term tracks:
2026-Q2 — Operator-endpoint reference implementation; OpenSSF Silver pursuit (governance, code-of-conduct, DCO, signed releases, coverage tooling, assurance case).
2026-Q3 — First 2–3 external organization deployments; formal AAIF Project Proposal submission when adoption blockers clear.
2026-Q4 — NIST AI RMF crosswalk public review; EU AI Act compliance-checklist generator. OpenSSF Silver award (target).
2027-Q1 — IETF RFC publication (subject to ISE workflow); v1.0 reference implementation.
License
Apache-2.0 — see LICENSE.
Project
Issue tracker: https://github.com/SAIHM-Admin/saihm-mcp/issues
Security: see
SECURITY.mdfor private vulnerability disclosureContributing: see
CONTRIBUTING.mdandCODE_OF_CONDUCT.mdGovernance: see
GOVERNANCE.mdChangelog: see
CHANGELOG.md
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/SAIHM-Admin/saihm-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server