memotrust
Confirms growth claims against live analytics through a read-only service account.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@memotrustShow me trusted memories about the authentication flow"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
memotrust
Verified memory for AI agents. Your agents remember only what's true.
Agents propose memories. Evidence verifies them. recall() returns only what has earned trust, so a hallucinated, stale, or poisoned "fact" never reaches your other agents.
Why memotrust
Give your agents a shared memory and it's a superpower, until one agent hallucinates a fact, copies a stale number, or reads a poisoned note. In every other memory layer, that mistake becomes every agent's "truth", silently, forever. (Memory poisoning is OWASP agentic risk ASI06.)
memotrust flips the default: nothing is trusted on arrival. A memory reaches recall() only after it's verified against a real source or approved by a human. Trust decays. Disputes withhold. Every verdict keeps a receipt.
Related MCP server: agent-knowledge
What's inside
Trusted recall |
|
One shared memory | Every agent, Claude Code, Cursor, any MCP client, reads and writes the same store. Git-backed, so what your agents know is versioned, diffable, and portable. |
Poison can't spread | Every new memory is quarantined until proven. One agent's bad note can't become another's fact. |
MCP Verifiers | Read-only checks that turn a claim into trusted knowledge: built in, or connected to a source of truth. |
Read-only connectors | Confirm domain claims against live data. Mixpanel built-in; connect any read-only MCP source. |
Dashboard | A local UI to review, approve, dispute, and manage every memory and every verifier connection. |
Receipts, not vibes | Every verdict records the query, the reading, and the judgment. Audit why anything is trusted. |
Just files | Markdown claims plus an append-only log, git-backed. Human-readable, diffable, no database. |
One memory, every agent
memotrust is the shared source of truth for your whole agent fleet. Claude Code, Cursor, and every MCP client read and write the same store, so a fact one agent proves, all of them can trust.
And because it's git-backed, that memory is versioned, diffable, and portable: branch it, review it, roll it back, sync it however you sync code. It's the home for everything your agents know, and every line of it has earned its place.
Quick start
npx memotrust install # create the store, git-init it, register the MCP with your agentPoint Claude Code, Cursor, or any MCP client at it, and your agents can propose and recall. The dashboard comes up at http://localhost:8765.
The dashboard
Everything your agents know, and exactly how much of it is proven. Review the inbox, approve or dispute at a glance, watch trust coverage, and audit any claim's full evidence chain.
MCP verifiers, read-only
A verifier confirms or refutes a claim against a source of truth. It is always read-only: it can query, never write, update, or delete.
Built in, zero credentials. Check a claim against a file, a URL, or a command:
check: {"kind": "file", "path": "package.json", "contains": "pnpm"} check: {"kind": "url", "url": "https://api.example.com/health", "status": 200}Connect a source of truth. Mixpanel is built-in (a read-scoped service account confirms growth and metric claims). Connect any other read-only MCP data source, or let your agent submit a read-only observation, and memotrust decides the verdict, the agent never can.
Human approval. Anything you'd rather confirm yourself, in one click.
commandchecks are disabled by default: a poisoned claim must never become code execution. Opt in withMEMOTRUST_ALLOW_COMMAND_CHECKS=1.
How it works
There is no LLM inside the store: your agent extracts durable facts and proposes them over MCP; memotrust only ever judges the evidence and records the receipt.
The tools your agent gets
Tool | What it does |
| Only trusted + fresh + in-scope memory; disproven approaches come back as warnings |
| File a new memory; it lands quarantined, never trusted on arrival |
| Everything at any trust level, each result labeled with its status |
| Existing spaces + tags, so agents reuse names instead of inventing synonyms |
| Claims that carry a machine-checkable assertion, awaiting a reading |
| Submit a read-only observation; memotrust judges, not the agent |
memotrust vs. a plain memory layer
plain memory | memotrust | |
New memory is… | trusted immediately | quarantined until verified |
Hallucinated / poisoned note | served to every agent | withheld, never recalled |
Stale facts | linger and win | decay after 60 days, re-verify |
"We already tried that" | forgotten | returned as a warning |
Why is this trusted? | ¯\_(ツ)_/¯ | an auditable receipt |
Contributing
Issues and PRs welcome. npm test runs the store + verifier suite; npm run test:e2e runs the end-to-end MCP acceptance test. House style: docs/code-style.md.
If verified memory is something your agents need, ⭐ star the repo. It helps a lot.
MIT · built for the Model Context Protocol
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Idanref/memotrust'
If you have feedback or need assistance with the MCP directory API, please join our Discord server