Mnemoscope

Demo · Workflow · Tools · Quickstart · Architecture · Science

👀 See it in action

Real output, captured from the bundled examples/demo-vault — a 13-note synthetic vault built so every rot factor moves. Reproduce locally with mnemoscope-init examples/demo-vault (full transcript: SAMPLE-OUTPUT.md).

predict_rot — score, factors, top-risk notes

mnemoscope-verify — clean run vs. tamper detection

✨ What is Mnemoscope?

Mnemoscope is not another memory store. It is an instrument that sits between your LLM agent and your Markdown vault and gives you three things nobody else gives you in one tool:

• 🎯 Predict the rot risk of a corpus before injection, with a citation-backed score across 5 factors.

• 📝 Witness every read and write your agent performs, in an Ed25519-signed, hash-chained journal that detects field-level tampering, deletion, and reordering.

• 🧱 Tier the corpus into a working / episodic / semantic hierarchy, drawing on the 2025–2026 science instead of the GraphRAG hype.

It ships as an MCP server (Claude Code, Cursor, ChatGPT desktop, anything MCP-compatible), an Obsidian plugin, and a Claude Code PostToolUse hook. Everything runs 100% locally. No cloud. No telemetry without explicit opt-in.

🔄 How it fits your workflow

Imagine you start a brand-new project — a folder of Markdown notes you'll grow with Claude Code over the next year. Mnemoscope plugs into the lifecycle in five places:

   [create project]
        │
        ▼
   mnemoscope-init                     ◄─── 1× at the very start
        │                                   creates .mnemoscope/, generates Ed25519 keypair
        ▼
   ┌───────────────────────────────────────────────────────────┐
   │  [you work with Claude Code on the vault]                 │
   │                                                           │
   │   predict_rot       ──┐                                   │
   │                       ├─►  on demand (or before sessions) │
   │   get_tiered_read   ──┘    "is the vault healthy?"        │
   │                            "what should the agent read?"  │
   │                                                           │
   │   PostToolUse hook  ────►  passive, on every Write/Edit   │
   │                            "what did the agent just do?"  │
   └───────────────────────────────────────────────────────────┘
        │
        ▼
   mnemoscope-verify                   ◄─── on demand, or in CI
                                            "has anyone tampered?"

🛠️ The four MCP tools

Example — predict_rot on a real vault

{
  "rot_risk": 41,
  "dominant_factor": "tokenVolume",
  "factors": {
    "tokenVolume": 100, "semanticRedundancy": 0,
    "distractorDensity": 2.65, "structuralCoherence": 100, "freshnessSpread": 0
  },
  "top_risk_notes": [
    { "relPath": "brainstorms/.../transcript.md", "approxTokens": 13439, "reason": "very large note" },
    { "relPath": "brainstorms/.../sylvie-signaux.md", "approxTokens": 12605, "reason": "very large note" }
  ],
  "vault_stats": { "noteCount": 113, "approxTokens": 506823 },
  "baseline_model": "v0-heuristic",
  "version": "0.2.0"
}

🚀 Quickstart

git clone https://github.com/toonight/Mnemoscope
cd Mnemoscope
npm install
npm run build
npm test                           # 47 tests across core + mcp-server
npm audit                          # 0 vulnerabilities

# Make the CLI binaries available on your PATH
npm link --workspace @mnemoscope/cli

Bootstrap a vault

mnemoscope-init /path/to/your/vault
# → state dir, Ed25519 keypair, fingerprint

Add .mnemoscope/ to your vault's .gitignore — the per-vault private key must never be committed.

Connect the MCP server to Claude Code (or Cursor / any MCP client)

// ~/.claude/settings.json
{
  "mcpServers": {
    "mnemoscope": {
      "command": "node",
      "args": ["/absolute/path/to/Mnemoscope/packages/mcp-server/dist/index.js"]
    }
  }
}

The four tools (predict_rot, get_tiered_read, record_journal, read_journal) become available to the agent immediately.

(Optional) wire the auto-journal hook

Asking the agent to call record_journal on every write is a recipe for forgetting. Wire the bundled hook instead:

// ~/.claude/settings.json
{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Write|Edit|MultiEdit",
        "hooks": [{ "type": "command", "command": "mnemoscope-record-hook" }]
      }
    ]
  }
}

The hook resolves the vault root via MNEMOSCOPE_VAULT_PATH or by walking up to the closest .mnemoscope/ directory. It never blocks the tool call: any internal error is caught, logged to stderr, and the process exits 0. Full setup including safety properties: docs/claude-code-hook.md.

Verify the journal

mnemoscope-verify /path/to/vault
# ok    2026-04-26T19:42:13.001Z  write  /vault/notes/foo.md
# ok    2026-04-26T19:43:01.220Z  write  /vault/notes/bar.md
# 2 entries; 2 valid; 0 invalid

mnemoscope-verify exits non-zero on any of:

• field-level tampering (signature mismatch),

• deletion or reordering (prevHash chain break),

• entries signed by a key the current vault does not own.

(Optional) back up the per-vault private key

If you lose <vault>/.mnemoscope/keys/ed25519.key, the journal becomes unverifiable. The bundled backup CLIs encrypt the key with a passphrase (scrypt + AES-256-GCM, no extra deps) and let you restore it later:

mnemoscope-backup-key /path/to/vault /path/to/off-vault-backup.enc.json
# … prompts for a passphrase, writes chmod 0600 …

mnemoscope-restore-key /path/to/vault /path/to/off-vault-backup.enc.json
# … prompts for the same passphrase, writes the key back into the vault …

Full flow including threat model: docs/key-escrow.md.

(Optional) anchor the journal in time with OpenTimestamps

The signed hash chain proves order. To prove absolute time and stay safe against retroactive rewrites if the per-vault key is ever compromised, anchor each entry's signature to a public Bitcoin-backed OTS calendar:

mnemoscope-timestamp /path/to/vault
# … POSTs SHA-256(sig) per entry to the calendar, writes .ots proofs
# under <vault>/.mnemoscope/timestamps/. Idempotent on re-run.

Pending proofs are upgraded to fully self-verifying Bitcoin proofs with the upstream ots upgrade / ots verify CLIs — that part is intentionally not reimplemented. Full threat model and flow: docs/timestamping.md.

✅ What works today

🏗️ Architecture

flowchart LR
    A["Obsidian vault<br/>Markdown files"] --> B["mnemoscope/core<br/>signatures · rot · tiering · Ed25519 chained journal"]
    B --> C["mnemoscope/mcp-server<br/>stdio MCP - 4 tools"]
    B --> D["mnemoscope/obsidian-plugin<br/>UI · rot gauge"]
    B --> G["mnemoscope/cli<br/>init · record-hook · verify"]
    C -->|tools| E(("Claude Code<br/>Cursor<br/>ChatGPT desktop"))
    G -->|PostToolUse hook| E
    F["research/<br/>classifier · benchmark · replication"] -.->|trained ONNX classifier| B
    style A fill:#1a2444,stroke:#a78bfa,color:#cbd5e1
    style B fill:#0e1530,stroke:#5fd9d1,color:#cbd5e1
    style C fill:#0e1530,stroke:#5fd9d1,color:#cbd5e1
    style D fill:#0e1530,stroke:#5fd9d1,color:#cbd5e1
    style G fill:#0e1530,stroke:#5fd9d1,color:#cbd5e1
    style E fill:#1a2444,stroke:#7cf09d,color:#cbd5e1
    style F fill:#1a2444,stroke:#fbbf24,color:#cbd5e1

mnemoscope/
├── packages/
│   ├── core/              # rot scoring, tiering, Ed25519 hash-chained journal, signatures
│   ├── mcp-server/        # MCP server (stdio); 4 tools, integration-tested via spawn
│   ├── obsidian-plugin/   # Obsidian plugin: rot gauge, factor bars, top-risk list, settings
│   └── cli/               # mnemoscope-init, mnemoscope-record-hook, mnemoscope-verify
├── examples/
│   └── demo-vault/        # 13-note synthetic vault — every rot factor moves
├── research/              # Python (uv): classifier, MarkdownMemBench v0.1, Chroma replication
└── docs/                  # banner, logo, claude-code-hook setup, demo page, screenshots

🔐 The signed journal in one diagram

flowchart TD
    K["Per-vault Ed25519 keypair<br/>.mnemoscope/keys/ed25519.key (mode 0600)"]
    E1["Entry 1<br/>prevHash = GENESIS<br/>sig = σ1"]
    E2["Entry 2<br/>prevHash = SHA256 of σ1<br/>sig = σ2"]
    E3["Entry 3<br/>prevHash = SHA256 of σ2<br/>sig = σ3"]
    K -->|signs| E1
    K -->|signs| E2
    K -->|signs| E3
    E1 -.->|chain| E2
    E2 -.->|chain| E3
    style K fill:#1a2444,stroke:#a78bfa,color:#cbd5e1
    style E1 fill:#0e1530,stroke:#5fd9d1,color:#cbd5e1
    style E2 fill:#0e1530,stroke:#5fd9d1,color:#cbd5e1
    style E3 fill:#0e1530,stroke:#5fd9d1,color:#cbd5e1

🤝 Voisins (not competitors)

🔬 Scientific posture

Mnemoscope is meant to be a tool and a contribution to the public empirical record on agent memory.

Each thread lives in research/ and will produce a preprint alongside the code.

🛣️ Roadmap

Done

• Publish the three packages on npm at v0.2.0 with OIDC Trusted Publishing — @mnemoscope/{core,mcp-server,cli} are live on the npm registry. CI publishes automatically on tag push, no rotating token required, provenance attestations emitted on every publish.

• List the MCP server on the Official MCP Registry — io.github.toonight/mnemoscope @ 0.2.0 is indexed. PulseMCP ingests the official registry daily, so the server appears there too within ~7 days, no separate submission required.

• Submit the Obsidian plugin to the community plugins directory — obsidianmd/obsidian-releases#12354 passes automated validation; awaiting human review (typical 2–4 weeks).

• Periodic remote attestation — OpenTimestamps anchoring of every journal-entry signature, upgradable to a Bitcoin-backed proof via the upstream ots CLI (docs/timestamping.md).

• Calibrate the predictive classifier on real LLM measurements — 50 (signature, observed_loss) rows graded by gemma4:26b, Random Forest wins at R² = 0.58 / MAE = 0.14 on the held-out split; first public observation of the Chroma 2025 "structured > shuffled is worse" effect on real Markdown vaults graded by a real LLM (model.json).

• Lint locally with the same plugin the Obsidian reviewer uses — eslint-plugin-obsidianmd is wired into the project (root eslint.config.mjs, npm run lint) and gates CI, so reviewer-bot findings land at commit time instead of review time.

Next

• Dogfood the auto-journal hook on the author's vault for two full weeks; tune heuristics against observed Claude Code session outcomes

• Wire the calibrated model.onnx into @mnemoscope/core via onnxruntime-node (optional dependency) so predict_rot returns the model's prediction next to the v0 heuristic

• Release MarkdownMemBench v1 with 50–200 contributed real vaults

• Preprint #1: replication of Chroma Context Rot on real Obsidian vaults

• List on Glama (catalog ingestion path complementary to PulseMCP)

Full history: CHANGELOG.md.

🧑‍🤝‍🧑 Contributing

PRs are welcome but the most useful first step is opening an issue describing what you want to do. See CONTRIBUTING.md for code style and process.

If you are a researcher at Letta, Chroma, Mem0, Cognee, OSU-NLP, Snap Research or any related lab and you see overlap with the Predictive Context Rot or MarkdownMemBench axes, please reach out — the project is explicitly designed for this.

📜 License

Apache License 2.0. Apache-2.0 was chosen over MIT for its explicit patent grant, which we believe is appropriate for a project introducing novel scoring methods in an active research area.

🙏 Acknowledgements

Mnemoscope's framing borrows directly from public work by:

• Chroma Research — Context Rot (July 2025)

• Letta — Is a Filesystem All You Need? (August 2025)

• Letta — Sleep-time Compute (2025)

• Microsoft — LazyGraphRAG (June 2025)

• HippoRAG (NeurIPS'24, OSU-NLP)

• LongMemEval (ICLR 2025)

• LoCoMo (Snap Research)

• Liu et al., Lost in the Middle (2023)

• Andrej Karpathy's LLM Wiki proposal (April 2026)

Without their public artifacts, this project would not be possible.