Orenyl
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Orenylstore event: metformin 500mg at 8am"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Orenyl
Your AI agent remembers everything. Can you prove it forgot?
Orenyl is agent memory with deletion guarantees.
When data is removed, every derived insight is traced, invalidated, and recomputed so deleted information does not resurface.
Orenyl is in early production / public beta. It is production-minded and ready for self-serve local development and evaluation, and production deployments should use authenticated streamable-http; Orenyl is not yet externally certified or enterprise-complete.
Orenyl 0.5.0 is published on PyPI. pip install orenyl-mcp-server is the standard install path, and the source checkout remains the best option when you want an editable local development environment.
Orenyl was previously named Lore. The current package name is orenyl-mcp-server, and legacy LORE_* environment variables are rejected on startup so old configs fail loudly instead of half-working.

Why Orenyl
Deterministic memory model - immutable events, derived facts, lineage edges
Deletion guarantees - cascade invalidation plus recompute plus verification proof
Compliance-oriented - GDPR Article 17/20/30, audit traces, sensitivity controls
MCP-native - stable 14-tool contract for agent integration
Local-first onboarding - explicit stdio development mode for self-serve setup and demos
Related MCP server: GroundMemory
30-Second Primer
What is MCP?
MCP stands for Model Context Protocol. It is the standard way clients like Claude Code and other MCP SDKs discover tools from a server and call them over stdio or HTTP.
Why should I care?
It means you can plug Orenyl into an MCP client without custom glue code and immediately give an agent memory tools for storing events, retrieving bounded context, deleting sensitive records with proof, and tracing lineage.
See It Work
Run the proof-first demo:
python scripts/demo_health_marketing.pyIt stores two medication events, derives Active medications: metformin, penicillin, deletes the penicillin source memory, and recomputes to Active medications: metformin so the removed value does not resurface.


Use capture guide for the capture sequence and launch FAQ for what this demo proves.
Install
Install from PyPI:
pip install orenyl-mcp-serverUse a source checkout for local development:
git clone https://github.com/edison-zhou-nc/Orenyl.git
cd Orenyl
python -m pip install -e .
python -m pip install -r requirements-dev.txtGet Started
5-Minute Quickstart - try Orenyl locally in minutes
Examples - copy-paste-run health tracker, meeting memory, and multi-agent isolation demos
Architecture
Orenyl stores:
events: immutable user memory inputs.facts: deterministic derivations from active events.edges: lineage graph (event -> fact).tombstones/audit: deletion and security decision records.
Core invariant: if upstream data is deleted, downstream derivations must not resurface.
Local development mode
Use this mode for self-serve evaluation, local MCP clients, and demos. It is development only.
Start Orenyl in local stdio mode:
ORENYL_TRANSPORT=stdio ORENYL_ALLOW_STDIO_DEV=1 python -m orenyl.serverConfigure your MCP client:
{
"mcpServers": {
"orenyl": {
"command": "python",
"args": ["-m", "orenyl.server"],
"env": {
"ORENYL_TRANSPORT": "stdio",
"ORENYL_ALLOW_STDIO_DEV": "1",
"ORENYL_DB_PATH": "./orenyl_memory.db"
}
}
}
}This mode uses Orenyl's explicit local-dev auth bypass so you do not need external OIDC setup for local evaluation.
Basic flow:
store_eventretrieve_context_packdelete_and_recomputeaudit_trace
Production deployment mode
Use streamable-http with authenticated tool calls for real deployments.
Set
ORENYL_TRANSPORT=streamable-http.Configure OIDC or HS256 verification settings.
Pass a JWT per tool call using
auth_tokenon FastMCP-registered tools or_auth_tokenin raw tool arguments.Start
orenyl-serverorpython -m orenyl.server.Treat stdio mode as development only.
For an operator-facing setup template, see docs/guides/production-http.md and docs/guides/production.env.example.
Orenyl does not currently read an HTTP Authorization header inside tool dispatch. If you need gateway-level HTTP auth, terminate that at your proxy or application edge and still pass the JWT into the tool call contract described in docs/INTEGRATION.md.
MCP Tool Contract (v2)
Authenticated transports use the same 14-tool contract below. When auth is enabled, include auth_token on FastMCP-registered tools or _auth_token in raw tool arguments.
store_event(domains, content, sensitivity, consent_source, expires_at, metadata, type?, payload?, source?, ts?)retrieve_context_pack(domain, query, include_summary, max_sensitivity, limit, agent_id?, session_id?)delete_and_recompute(target_id, target_type, reason, mode, run_vacuum?)audit_trace(item_id, include_source_events=False)list_events(domain, limit=50, offset=0, include_tombstoned=False)export_domain(domain, format=json|markdown|timeline, confirm_restricted=False)also supports
page_size,cursor,stream, andinclude_hashespagination/streaming performs a full server-side load before slicing; domains with more than 10,000 events return
{"error": "export_domain_too_large_for_pagination"}
erase_subject_data(subject_id, mode=hard|soft, reason=subject_erasure)export_subject_data(subject_id)record_consent(subject_id, status, purpose?, legal_basis?, source?, metadata?)generate_processing_record()audit_anomaly_scan(window_minutes?, limit?)create_snapshot(label?)verify_snapshot(snapshot_id)restore_snapshot(snapshot_id)
Configuration
Variable | Default | Purpose |
|
| SQLite database path |
|
| SQLite audit log database path |
|
| Directory used for disaster recovery snapshots |
|
| Server transport mode |
|
| Allow stdio transport in dev |
|
| Upper bound for context retrieval |
|
| Upper bound for list_events |
|
| Reject mutating tools while keeping read-safe tools available |
|
| Per-tenant request budget; |
|
| Tighten compliance behavior for restricted or incomplete requests |
|
| Enable tenant-aware request resolution and isolation checks |
|
| Enforce domain-scoped policy checks for authenticated agents |
|
| Log policy denies without enforcing them; unsafe with some agent-permission combinations |
|
| Enable semantic duplicate suppression |
|
| Default cosine threshold for semantic dedup |
| unset | Domain-specific dedup threshold override (example: |
|
| Minimum confidence required for facts in context packs |
|
| Embedding provider ( |
|
| Vector storage backend ( |
| unset | PostgreSQL DSN used when |
|
| Vector dimension for |
|
| Worker count for async embedding tasks, clamped to 1-16 |
| unset | OpenAI API key for |
|
| Embedding model when provider is |
|
| Timeout before retrieval falls back when embeddings stall |
| unset | Enables encryption for high/restricted payloads |
| unset | Base64 salt for key derivation |
|
| Active encryption key version stamped onto encrypted payloads |
|
| Dev-only fallback when salt is unset |
|
| TTL cleanup deletion mode |
|
| TTL sweep interval |
| unset | OIDC token issuer (required when RS256/JWKS is enabled) |
|
| OIDC audience |
|
| Allowed JWT algorithms; default requires issuer config |
| unset | HS256 verifier secret (required when |
| unset | JWKS endpoint for RS256 verification |
|
| JWKS cache lifetime for RS256 verification |
|
| Allowed token clock skew in seconds |
|
| Stable node identifier for federation journals and conflict resolution |
Notes:
With default
ORENYL_OIDC_ALLOWED_ALGS=RS256, startup requiresORENYL_OIDC_ISSUER(and typicallyORENYL_OIDC_JWKS_URL).HS256-only deployments should explicitly set
ORENYL_OIDC_ALLOWED_ALGS=HS256,ORENYL_OIDC_HS256_SECRET, andORENYL_OIDC_ISSUER.Multi-version key rotation can use
ORENYL_ENCRYPTION_PASSPHRASE_<VERSION>andORENYL_ENCRYPTION_SALT_<VERSION>alongsideORENYL_ENCRYPTION_KEY_VERSION.
Security Notes
Local stdio development mode uses an explicit local-dev auth bypass.
AuthZ is scope-based per tool action in authenticated transports.
Security decisions are audit-logged (allow/deny + request correlation).
High/restricted payload encryption is fail-closed when passphrase is set without salt.
Deletion proof includes resurface-prevention checks (
deletion_verified).
Development
Code layout:
src/orenyl/Tests:
tests/unit/,tests/integration/Linting: Ruff + Black configured in
pyproject.toml
Run tests:
python -m pytest -qRun the end-to-end stdio MCP client smoke test:
python -m pytest tests/integration/test_stdio_mcp_client_smoke.py -qRun eval harness:
python scripts/run_eval.pyRun Phase 1 synthetic retrieval regression benchmark:
python -m pytest tests/benchmarks/test_phase1_retrieval_quality.py -qRun Phase 3 cross-tenant isolation suite:
python -m pytest tests/integration/test_phase3_tool_isolation.py -qRun Phase 3 federation suite:
python -m pytest tests/integration/test_federation_worker_idempotency.py tests/integration/test_federation_conflict_resolution.py -qRun Phase 3 multi-tenant load harness (opt-in):
ORENYL_ENABLE_PHASE3_LOAD_TEST=1 ORENYL_PHASE3_LOAD_EVENTS=1000000 python -m pytest tests/benchmarks/test_phase3_multi_tenant_load.py -qContributing
See CONTRIBUTING.md, CODE_OF_CONDUCT.md, and SECURITY.md.
License
Apache-2.0. See LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/edison-zhou-nc/Orenyl'
If you have feedback or need assistance with the MCP directory API, please join our Discord server