Package Exports
- @homo-ai/agentmemory-vault
- @homo-ai/agentmemory-vault/engine/vault-kv.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@homo-ai/agentmemory-vault) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Your AI agent's memories should be yours. Not your cloud provider's.
Built on agentmemory + HOMO Vault Engine
AES-256-GCM enterprise encryption layer for agentmemory. Zero config. One line of code.
Works with Claude Code, Cursor, Codex, OpenClaw, Cline, Gemini CLI, and any MCP client.
Install • Quick Start • Why AgentMemory Vault? • vs agentmemory • How It Works • Features • API • Pricing • FAQ • Contact
Install
npm install -g @homo/agentmemory-vault # install globally
agentmemory-vault attach # attach to your agentmemory instanceOr via npx (no install):
npx @homo/agentmemory-vault attachOr using your existing agentmemory with the Vault plugin:
# Install agentmemory first
npm install -g @agentmemory/agentmemory
# Then add the Vault layer
npm install -g @homo/agentmemory-vault
# Start with encryption
agentmemory-vault startFull options at Quick Start below.
Quick Start
1. Start agentmemory with Vault
# Set your master key
export AMV_MASTER_KEY="your-32-byte-hex-key"
# Start encrypted memory server
agentmemory-vault start
# Connect your agent
agentmemory-vault connect claude-code2. One-liner attach in code
// attach-vault.mjs
import { AgentMemoryVault } from '@homo/agentmemory-vault';
const vault = new AgentMemoryVault();
vault.attach(stateKV); // โ one line. everything else stays the same.
console.log('โ
Agent memories now encrypted with AES-256-GCM');3. Verify encryption
# Check if memories are encrypted
agentmemory-vault status
# Output:
# ๐ Encrypted memories: 142
# ๐ข Plaintext memories: 0
# โ
Encryption active: true4. Platform-specific setup
macOS (Apple Silicon / Intel)
# Homebrew
brew install node
npm install -g @homo/agentmemory-vault
# Verify AES hardware acceleration
sysctl -a | grep aesLinux (Ubuntu / Debian)
# Node.js 18+
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt-get install -y nodejs
npm install -g @homo/agentmemory-vault
# Verify AES-NI
grep aes /proc/cpuinfoWindows (PowerShell)
# Install Node.js from https://nodejs.org
npm install -g @homo/agentmemory-vault
# Or use npx
npx @homo/agentmemory-vault start5. Docker
docker pull homohq/agentmemory-vault:latest
docker run -d \
-e AMV_MASTER_KEY="your-32-byte-hex-key" \
-p 3111:3111 \
-v ~/.agentmemory:/root/.agentmemory \
homohq/agentmemory-vault:latest6. What changes?
| Before (agentmemory) | After (AgentMemory Vault) |
|---|---|
~/.agentmemory/*.json โ plaintext JSON |
~/.agentmemory/*.json โ AES-256-GCM encrypted |
| Your API keys visible in memory dumps | API keys encrypted at rest |
| No tenant isolation | Multi-tenant with separate keys |
| No audit trail | Full audit logging included |
| Risk for enterprise deployment | Enterprise ready |
Your agent still works exactly the same. Only the storage layer changes.
Why AgentMemory Vault?
agentmemory (11Kโญ) is the #1 persistent memory for AI coding agents. It works with Claude Code, Cursor, Codex, OpenClaw, and any MCP client.
But agentmemory stores all data in plaintext JSON. If you:
- ๐ Store API keys in your agent's context
- ๐ฅ Handle PHI, PII, or customer data
- โ๏ธ Work under compliance requirements (HIPAA, SOC2, GDPR)
- ๐ฐ Have proprietary code or trade secrets
- ๐ข Need enterprise-grade access control
agentmemory alone is not enough. You need encryption at rest, multi-tenant isolation, and audit trails.
AgentMemory Vault adds all of this in one line of code.
Security at a Glance
| Security Property | agentmemory | AgentMemory Vault |
|---|---|---|
| AES-256-GCM at rest | โ | โ |
| Multi-tenant key isolation | โ | โ |
| Key rotation | โ | โ |
| Audit logging | โ | โ |
| RBAC access control | โ | โ (Shield+) |
| Compliance reports | โ | โ (Shield+) |
| SSO integration | โ | โ (Fortress+) |
| Private cloud deployment | โ | โ (Citadel) |
| HTTPS enforced | โ | โ |
| Tamper-proof signing | โ | โ (HMAC-SHA256) |
How It Works
Architecture Deep Dive
The StateKV Proxy Pattern
AgentMemory Vault uses the Proxy pattern to intercept all StateKV operations. The proxy wraps agentmemory's StateKV instance and adds encryption/decryption transparently. The agent (and agentmemory itself) never knows encryption is happening.
// Simplified proxy logic
const encryptedKV = new Proxy(originalStateKV, {
get(target, prop) {
if (prop === 'set') {
return async (scope, key, value) => {
const encrypted = vault.encrypt(value);
return target.set(scope, key, encrypted);
};
}
if (prop === 'get') {
return async (scope, key) => {
const encrypted = await target.get(scope, key);
if (!encrypted) return null;
return vault.decrypt(encrypted);
};
}
return target[prop];
}
});This approach means:
- Zero code changes to agentmemory itself
- Upgrade-safe โ when agentmemory releases v0.10.0, the proxy still works
- Opt-in โ disable encryption by setting
vault.enabled = false - Scope-aware โ different encryption policies per KV scope
40+ KV Scopes Mapped
AgentMemory Vault's encryption policy engine maps every KV scope in agentmemory to one of three encryption strategies. Here's the complete mapping:
Fully Encrypted (22 scopes) โ Sensitive data, must be encrypted:
mem:sessions โ Session data (conversations, agent interactions)
mem:obs:* โ Observations (file reads, command executions, prompts)
mem:memories โ Saved memories (user-tagged important information)
mem:summaries โ Session summaries (LLM-generated compression)
mem:actions โ Agent action records
mem:audit โ Audit logs (who accessed what)
mem:semantic โ Semantic memory (high-level extracted knowledge)
mem:procedural โ Procedural memory (how-to knowledge)
mem:lessons โ Lessons and insights (agent reflection output)
mem:graph:nodes โ Knowledge graph nodes
mem:graph:edges โ Knowledge graph edges
mem:config โ Configuration (may contain API keys)
mem:signals โ Agent signals
mem:checkpoints:* โ Session checkpoints
mem:crystals โ Crystalized learnings
mem:patterns โ Pattern recognition results
mem:profiles โ Project profiles
mem:timelines โ Timeline data
mem:relations โ Entity relations
mem:file_history โ File access history
mem:mesh:* โ Mesh sync data
mem:governance:* โ Governance operationsField-Level Encrypted (6 scopes) โ Index structure plaintext, content encrypted:
mem:index:bm25 โ BM25 search index (terms in plaintext, documents encrypted)
mem:emb:* โ Vector embeddings (vectors plaintext, metadata encrypted)
mem:index:vectors โ Vector index metadata
mem:index:graph โ Graph index structure
mem:semantic_index โ Semantic memory index
mem:procedural_index โ Procedural memory indexNot Encrypted (12+ scopes) โ Operational data, no sensitive content:
mem:health โ Health check state
mem:metrics โ Performance metrics
mem:function_metrics โ Per-function timing data
mem:config:flags โ Feature flags (no secrets)
mem:version โ Version dataMulti-tenant Key Derivation
Each tenant gets an independent 256-bit encryption key. The key is derived from the master key using PBKDF2 with the tenant ID as salt:
Master Key (provided via AMV_MASTER_KEY or auto-generated)
โ
โโโ deriveKey("default") โ PBKDF2(master, SHA256("default"), 100K) โ 32 bytes
โโโ deriveKey("tenant-a") โ PBKDF2(master, SHA256("tenant-a"), 100K) โ 32 bytes
โโโ deriveKey("tenant-b") โ PBKDF2(master, SHA256("tenant-b"), 100K) โ 32 bytesThis means:
- Each tenant's data is encrypted with a different key
- Tenant A cannot decrypt Tenant B's data (even with the same master key)
- The master key can be rotated without re-encrypting tenant data
- Keys are never stored on disk โ derived on-demand from the master key
Write Path (Encrypted)
Agent writes memory "My API key is sk-abc"
โ
โผ
1. StateKV.set("mem:memories", "key-123", memoryData)
โ
โผ
2. EncryptedStateKV proxy intercepts
โ
โผ
3. Policy engine checks scope โ "full encryption"
โ
โผ
4. zlib compress: "{memory...}" โ compressed binary
โ
โผ
5. AES-256-GCM encrypt: compressed โ ciphertext
โ
โผ
6. HMAC-SHA256 sign: ciphertext โ {encrypted, tag, signature}
โ
โผ
7. Store in iii-engine KV: {v:1, a:"aes-256-gcm", d:"...", t:"...", s:"..."}
โ
โผ
8. Written to disk as plain binary object (encrypted)Read Path (Decrypted)
Agent requests memory "key-123"
โ
โผ
1. StateKV.get("mem:memories", "key-123")
โ
โผ
2. EncryptedStateKV proxy intercepts
โ
โผ
3. Verify HMAC-SHA256 signature (tamper check)
โ
โผ
4. AES-256-GCM decrypt: ciphertext โ compressed
โ
โผ
5. zlib decompress: compressed โ JSON
โ
โผ
6. Return plaintext to agent
โ
โผ
7. Agent sees "My API key is sk-abc" (decrypted transparently)Key Store
Keys are stored in ~/.amvault/:
~/.amvault/
โโโ config.json # Key rotation count, creation timestamp
โโโ keys.bin # Encrypted key bundle (for disaster recovery)
โโโ preferences.json # User preferences (tenant config, etc.)Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AI Agent Side โ
โ โ
โ Claude Code / Cursor / Codex / OpenClaw / Cline / Gemini CLI โ
โ โ โ
โ โโโ[MCP stdio]โโ @agentmemory/mcp โ
โ โ โ
โ โโโ[HTTP]โโ agentmemory Server โ
โ (:3111 REST API) โ
โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโ
โ โโโโโโโโ โ
โ โผ โ
โ AgentMemory Vault โ
โ โ โ
โ โโโโโโโโโโโโโโโดโโโโโโโโโโโโโโ โ
โ โผ โผ โ
โ EncryptedStateKV Key Manager โ
โ (StateKV Proxy) (PBKDF2 + Salt) โ
โ โ โ โ
โ โโโโโโโโโโดโโโโโโโโโ โโโโโโโโโโดโโโโโโโโโ โ
โ โผ โผ โผ โผ โ
โ Full Encryption Field-Level Master Key Tenant Keys โ
โ (sessions, mems, (indices โ Rotation per tenant โ
โ observations) searchable) โ
โ โ โ โ
โ โโโโโโโโโโฌโโโโโโโโโ โ
โ โผ โ
โ iii-engine StateKV โ
โ (AES-256-GCM encrypted .mem files) โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโEncryption Policy (3 Layers)
| Layer | Scope | Method | Performance Impact |
|---|---|---|---|
| ๐ Full Encryption | Sessions, memories, observations, summaries, audit logs, knowledge graph | Encrypt entire value with AES-256-GCM | Write: +5ms, Read: +3ms |
| ๐ Field-Level | BM25 index, vector embeddings, semantic/procedural memory | Index structure plaintext. Sensitive fields encrypted separately | Write: +2ms, Read: +1ms |
| ๐ข No Encryption | Health checks, metrics, signals | Pass through | 0ms |
Key Derivation
Master Key (32 bytes, user-provided or auto-generated)
โ
โโโ PBKDF2(tenantId="default", iterations=100K) โโโ Default Tenant Key
โ
โโโ PBKDF2(tenantId="alice", iterations=100K) โโโ Alice's Tenant Key
โ
โโโ PBKDF2(tenantId="bob", iterations=100K) โโโ Bob's Tenant KeyEach tenant gets an independent encryption key derived from the master key via PBKDF2-SHA512 with a unique salt. Tenant A cannot decrypt Tenant B's data, even with the same master key.
vs agentmemory
| Feature | agentmemory | AgentMemory Vault |
|---|---|---|
| Memory persistence | โ | โ (same) |
| BM25 search | โ | โ (same, search structure plaintext) |
| Vector search | โ (optional) | โ (same) |
| Knowledge graph | โ (optional) | โ (same) |
| MCP protocol | โ 51 tools | โ 51 tools (same) |
| 14 Claude Code hooks | โ | โ (same) |
| Works with 15+ agents | โ | โ (same) |
| Standalone mode | โ | โ (same) |
| AES-256-GCM encryption at rest | โ | โ NEW |
| Multi-tenant key isolation | โ | โ NEW |
| Key rotation | โ | โ NEW |
| Audit logging | โ | โ NEW |
| RBAC access control | โ | โ NEW (Shield+) |
| Compliance reports | โ | โ NEW (Shield+) |
| Tamper-proof signing | โ | โ NEW |
| SSO integration | โ | โ NEW (Fortress+) |
| Private cloud deployment | โ | โ NEW (Citadel) |
| HTTPS enforcement | โ | โ NEW |
| Bearer Token auth (timing-safe) | โ | โ |
Why Not Just Encrypt agentmemory Directly?
You could. But:
- agentmemory is Apache-2.0 โ fork-friendly. But maintaining a fork with custom encryption misses upgrades.
- AgentMemory Vault is a pluggable layer โ it sits between agentmemory and the storage engine. When agentmemory releases v0.10.0, you upgrade agentmemory โ the Vault still works.
- Closed-source binary engine โ the encryption core is proprietary C++ (hardware-accelerated AES-GCM). Even with the source code, you can't weaken the encryption.
- Enterprise features โ RBAC, SSO, audit exports are complex to build. We've already built them.
Migration
# Already using agentmemory? Just add the vault:
npm install -g @homo/agentmemory-vault
agentmemory-vault migrate
# โ
Existing memories stay readable. New memories are encrypted.Your existing data is automatically handled โ unencrypted memories are still readable. Only new writes use encryption.
Features
๐ Encryption Engine
- AES-256-GCM โ authenticated encryption with integrity verification
- PBKDF2-SHA512 โ 100,000 iterations for key derivation
- HMAC-SHA256 โ tamper-proof signature for all encrypted packages
- zlib compression โ data compressed before encryption (saves ~40% storage)
- Per-tenant salt โ each tenant uses unique cryptographic salt
๐ Key Management
- Auto-generation โ if no master key is provided, one is generated
- Key rotation โ re-key all data without downtime
- Export/backup โ export encrypted key bundles for disaster recovery
- Environment-based โ configure via
AMV_MASTER_KEYenv var (CI/CD friendly)
๐ข Enterprise
- Multi-tenant isolation โ tenants with independent encryption keys
- RBAC โ role-based access control (Shield+)
- SSO โ single sign-on integration (Fortress+)
- Audit logging โ full trail of who accessed what (Key+)
- Compliance reports โ auto-generated compliance documentation (Shield+)
- Team memory sharing โ share encrypted memories within teams (Fortress+)
๐ก๏ธ Security Hardening
- Timing-safe comparison โ all token comparisons use
crypto.timingSafeEqual - Strict CSP โ viewer dashboard uses nonce-based CSP
- No TLS bypass โ HTTPS can be enforced via
AMV_REQUIRE_HTTPS - Tamper detection โ HMAC-SHA256 integrity check on every read
- Compatibility mode โ reads unencrypted legacy data transparently
API
AgentMemoryVault Class
class AgentMemoryVault {
constructor(options?: {
masterKey?: string; // 32-byte hex key (auto-generated if omitted)
tenant?: string; // default tenant ID
});
// Attach to agentmemory's StateKV (one-line setup)
attach(stateKV: StateKV): StateKV;
// Migration: encrypt existing plaintext memories
migrate(): Promise<{ migrated: number; skipped: number }>;
// Key management
rotateKeys(): void;
exportKey(): { version: number; keyRotation: number; keyHash: string };
getStats(): VaultStats;
}CLI
agentmemory-vault
Commands:
start Start agentmemory with vault encryption
attach Attach vault to running agentmemory
status Check encryption status
migrate Encrypt existing plaintext memories
rotate-keys Rotate encryption keys
export-key Export key info for backup
connect <agent> Connect to Claude Code/Codex/Cursor/OpenClawEnvironment Variables
| Variable | Default | Description |
|---|---|---|
AMV_MASTER_KEY |
auto-generated | 32-byte hex master encryption key |
AMV_TENANT |
default |
Tenant ID for multi-tenant isolation |
AMV_REQUIRE_HTTPS |
false |
Reject non-HTTPS connections |
AMV_KEY_STORE |
~/.amvault |
Key store directory path |
AMV_PBKDF2_ITERATIONS |
100000 |
PBKDF2 iteration count (higher = slower but more secure) |
AMV_LOG_LEVEL |
info |
Logging level: debug, info, warn, error |
AMV_AUDIT_RETENTION_DAYS |
90 |
Audit log retention period |
AMV_MAX_MEMORY_SIZE_MB |
1024 |
Max encrypted memory store size |
AMV_AUTO_MIGRATE |
false |
Auto-migrate legacy data on startup |
Advanced Configuration
Create a .agentmemory-vault.env file in your home directory or project root:
# ~/.agentmemory-vault.env
# Master encryption key (REQUIRED for production)
AMV_MASTER_KEY=0123456789abcdef0123456789abcdef
# Tenant isolation
AMV_TENANT=my-company-prod
# Security hardening
AMV_REQUIRE_HTTPS=true
AMV_PBKDF2_ITERATIONS=200000
# Audit
AMV_AUDIT_RETENTION_DAYS=365
# Performance
AMV_MAX_MEMORY_SIZE_MB=2048
AMV_LOG_LEVEL=warnDocker Compose (Production)
# docker-compose.yml
version: '3.8'
services:
agentmemory-vault:
image: homohq/agentmemory-vault:latest
ports:
- "3111:3111"
volumes:
- agentmemory-data:/root/.agentmemory
- vault-keys:/root/.amvault
environment:
- AMV_MASTER_KEY=${AMV_MASTER_KEY}
- AMV_REQUIRE_HTTPS=true
- AMV_TENANT=production
- AMV_AUDIT_RETENTION_DAYS=365
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3111/agentmemory/livez"]
interval: 30s
timeout: 10s
retries: 3
nginx:
image: nginx:alpine
ports:
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./ssl:/etc/nginx/ssl
- ./htpasswd:/etc/nginx/htpasswd
depends_on:
- agentmemory-vault
volumes:
agentmemory-data:
vault-keys:Kubernetes Deployment
# k8s-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: agentmemory-vault
spec:
replicas: 2
selector:
matchLabels:
app: agentmemory-vault
template:
metadata:
labels:
app: agentmemory-vault
spec:
containers:
- name: vault
image: homohq/agentmemory-vault:latest
ports:
- containerPort: 3111
env:
- name: AMV_MASTER_KEY
valueFrom:
secretKeyRef:
name: vault-secrets
key: master-key
- name: AMV_REQUIRE_HTTPS
value: "true"
volumeMounts:
- name: vault-data
mountPath: /root/.amvault
volumes:
- name: vault-data
persistentVolumeClaim:
claimName: vault-pvc
---
apiVersion: v1
kind: Service
metadata:
name: agentmemory-vault
spec:
selector:
app: agentmemory-vault
ports:
- port: 3111
targetPort: 3111CI/CD Integration
# .github/workflows/vault.yml
name: Vault Encryption Check
on: [push]
jobs:
test-encryption:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
- run: npm install -g @homo/agentmemory-vault
- run: agentmemory-vault start &
- run: agentmemory-vault status
- run: agentmemory-vault test| Variable | Default | Description |
|---|---|---|
AMV_MASTER_KEY |
auto-generated | 32-byte hex master encryption key |
AMV_TENANT |
default |
Tenant ID for multi-tenant isolation |
AMV_REQUIRE_HTTPS |
false |
Reject non-HTTPS connections |
AMV_KEY_STORE |
~/.amvault |
Key store directory path |
Pricing
| Tier | Price | Core Features | Best For |
|---|---|---|---|
| ๐ฑ Sprout | Free | AES-256-GCM encryption, basic key management, CLI tools, compatibility mode | Individual developers, trial |
| ๐ Key | $9.9/mo | Sprout + multi-tenant isolation, key rotation, audit logging, priority support | Freelancers, small teams |
| ๐ก๏ธ Shield | $29.9/mo | Key + RBAC, compliance reports, tamper-proof signing, team management | Growing startups, agencies |
| ๐ข Fortress | $99.9/mo | Shield + SSO integration, team memory sharing, multi-cluster, advanced audit | Enterprise teams, mid-market |
| ๐ Citadel | $299.9/mo | Fortress + private cloud deployment, dedicated key management, 99.99% SLA, dedicated support | Regulated industries (healthcare, finance, government) |
Annual Pricing
| Tier | Monthly | Annual | Savings |
|---|---|---|---|
| ๐ฑ Sprout | $0 | $0 | โ |
| ๐ Key | $9.9/mo | $99/yr ($8.25/mo) | 17% |
| ๐ก๏ธ Shield | $29.9/mo | $299/yr ($24.92/mo) | 17% |
| ๐ข Fortress | $99.9/mo | $999/yr ($83.25/mo) | 17% |
| ๐ Citadel | $299.9/mo | $2,999/yr ($249.92/mo) | 17% |
What's Included in All Tiers
- โ Regular security patches and updates
- โ Documentation and integration guides
- โ GitHub community support
- โ Bug fixes
Purchase Flow
- Choose your tier โ Sprout (free) or any paid tier
- Contact us โ WeChat or email (see below)
- Receive license key โ RSA-2048 signed license delivered within 24h
- Activate โ
agentmemory-vault activate <license-key> - Done โ Your memories are now enterprise-encrypted
Payment Methods
- ๐ณ Credit/Debit cards (Stripe)
- ๐ฐ USDT (Crypto)
- ๐ฆ Bank transfer (enterprise)
- ๐ฑ WeChat Pay / Alipay (China)
Works With Every Agent
AgentMemory Vault works with every agent that agentmemory supports โ plus enterprise encryption.
 Claude Code |
 Codex CLI |
Cursor |
OpenClaw |
Gemini CLI |
 Cline |
 agentmemory |
Hermes |
| Agent | Integration | Vault Support |
|---|---|---|
| Claude Code | Native MCP + 14 hooks | โ |
| Codex CLI | Native MCP + 6 hooks | โ |
| Cursor | MCP server | โ |
| OpenClaw | Native plugin + MCP | โ |
| Gemini CLI | MCP server | โ |
| Cline | MCP server | โ |
| Pi (Codestory) | Native MCP | โ |
| OpenCode | MCP server | โ |
| Kilo Code | MCP server | โ |
| Aider | REST API | โ |
| Claude Desktop | MCP server | โ |
| Windsurf | MCP server | โ |
| Roo Code | MCP server | โ |
| Goose | MCP server | โ |
| Hermes | Python SDK | โ |
All agents share the same encrypted memory server. One vault, memories encrypted for all.
AgentMemory Vault is agent-agnostic โ it works with any tool that speaks MCP or HTTP. If your agent can use memory today, it can use encrypted memory tomorrow.
Troubleshooting
"Cannot find module @homo/agentmemory-vault"
# Make sure you installed globally
npm install -g @homo/agentmemory-vault
# Or use npx
npx @homo/agentmemory-vault start"Decryption failed: auth tag mismatch"
This usually means the master key has changed. If you intentionally rotated keys, run:
agentmemory-vault reindexIf you didn't change keys and see this error, your data may have been tampered with. Contact support immediately.
"Legacy data is readable but not encrypted"
Run the migration command:
agentmemory-vault migrateThis encrypts all existing plaintext memories without affecting your active sessions.
"Performance is slower than expected"
Encryption adds ~5ms per write. If you're seeing more than that:
- Check that AES-NI hardware acceleration is available (
grep aes /proc/cpuinfoon Linux) - Ensure you're using Node.js 18+
- Reduce
PBKDF2_ITERATIONSif you need extreme throughput (not recommended for production)
Connection refused to agentmemory
Make sure agentmemory is running first:
# Start agentmemory
npx @agentmemory/agentmemory start
# Then start the vault
agentmemory-vault startSecurity
Threat Model
| Threat | Mitigation |
|---|---|
| File system compromise | AES-256-GCM encrypted data at rest. Without the master key, encrypted files are gibberish. |
| Cross-tenant access | Unique cryptographic keys per tenant. PBKDF2 with unique salt. |
| Data tampering | HMAC-SHA256 signature on every encrypted package. Detection on every read. |
| Memory dump | No plaintext secrets in memory. Keys are derived on-demand, not cached in plaintext. |
| Replay attack | IV is random per encryption. Same plaintext produces different ciphertext. |
Integration Guide for Each Agent
Claude Code
# 1. Install vault
npm install -g @homo/agentmemory-vault
# 2. Start encrypted memory server
agentmemory-vault start
# 3. Connect Claude Code
agentmemory-vault connect claude-code
# Claude Code will now use encrypted memory automaticallyWhat happens: AgentMemory Vault starts agentmemory with encryption enabled. Claude Code's MCP client connects to the encrypted memory server. All observations, memories, and context are encrypted at rest. Claude Code's 14 lifecycle hooks (session-start, prompt-submit, pre-tool-use, post-tool-use, etc.) work unchanged.
Codex CLI
agentmemory-vault start
agentmemory-vault connect codexCodex CLI integrates via native plugin + 6 hooks + MCP. The vault layer sits between Codex and the storage engine โ Codex never sees plaintext memory data.
Cursor
# Add to .cursor/mcp.json:
{
"mcpServers": {
"agentmemory-vault": {
"command": "agentmemory-vault",
"args": ["mcp"]
}
}
}Cursor uses MCP server integration. The encrypted memory server exposes the same 51 MCP tools as agentmemory, but all data is encrypted.
OpenClaw
agentmemory-vault start
agentmemory-vault connect openclawOpenClaw has a native plugin (integrations/openclaw/plugin.mjs) with before_agent_start and agent_end hooks. The vault wraps these hooks with encryption.
Gemini CLI
agentmemory-vault start
gemini-cli config set mcp-servers.agentmemory-vault.command "agentmemory-vault mcp"Gemini CLI uses MCP stdio. The vault MCP server speaks the same protocol with transparent encryption.
Cline
# In Cline's MCP settings:
{
"mcpServers": {
"agentmemory-vault": {
"command": "npx",
"args": ["-y", "@homo/agentmemory-vault", "mcp"]
}
}
}Cryptographic Details
| Parameter | Value |
|---|---|
| Encryption | AES-256-GCM (authenticated encryption) |
| Key derivation | PBKDF2-SHA512, 100,000 iterations |
| IV length | 16 bytes (random per encryption) |
| Tag length | 16 bytes (GCM authentication tag) |
| Key length | 32 bytes (256-bit) |
| Integrity | HMAC-SHA256 |
| Compression | zlib (before encryption, saves ~40%) |
Responsible Disclosure
Found a security issue? Email us at homo-ai@outlook.com. We'll respond within 24h.
FAQ
Is this an agentmemory replacement?
No. AgentMemory Vault is a transparent encryption layer that sits on top of agentmemory. You keep all of agentmemory's features โ search, MCP, hooks, integrations. We just encrypt the storage layer.
Will this slow down my agent?
Minimal. AES-256-GCM with hardware acceleration adds ~5ms on writes and ~3ms on reads. The search index (BM25/vector) is stored with field-level encryption โ search structure is plaintext, so searches are not slowed down.
Can I still use all agentmemory features?
Yes. All 51 MCP tools, 14 Claude Code hooks, BM25 search, vector search, knowledge graph, mesh sync, team sharing โ everything works. The vault operates at the storage layer, invisible to the agent.
What if I already have unencrypted memories?
AgentMemory Vault includes a migrate command that encrypts your existing plaintext memories. Legacy data is transparently readable โ you don't lose anything.
How is this different from just encrypting the file system?
- Granular encryption โ different KV scopes (sessions, memories, indices) use different encryption policies
- Multi-tenant โ tenant isolation at the application layer, not just the file system
- Search-aware โ search index structure stays plaintext for fast queries
- Audit trail โ who accessed what, when
- Key rotation โ re-key without touching the file system
Is the vault engine open source?
Adapter layer (the JS integration) is Apache 2.0 โ open source. The Vault engine (AES-256-GCM core) is proprietary closed-source binary. This follows the open-core model: you can audit the integration, but the encryption core is hardened against tampering.
Can I contribute?
We welcome PRs! Check our contributing guide.
Benchmarks
AgentMemory Vault adds minimal overhead to agentmemory's core operations.
Encryption Overhead
| Operation | agentmemory (plaintext) | AgentMemory Vault (encrypted) | Difference |
|---|---|---|---|
| Write 1KB memory | 2ms | 7ms | +5ms |
| Read 1KB memory | 1ms | 4ms | +3ms |
| Write 10KB session | 5ms | 13ms | +8ms |
| Read 10KB session | 3ms | 8ms | +5ms |
| Search (BM25, 1000 docs) | 15ms | 16ms | +1ms |
| Search (Vector, 1000 docs) | 45ms | 47ms | +2ms |
| Migrate 1000 memories | โ | 3.2s | One-time cost |
Measured on: Node.js v24, AMD EPYC, AES-NI enabled, 100 runs average
Why the Search Overhead Is Minimal
The BM25 search index and vector embeddings use field-level encryption โ the index structure (terms, positions, scores) is stored in plaintext so search operations run at native speed. Only the memory content (session texts, observations, saved memories) is fully encrypted.
Startup Time
| Scenario | agentmemory | AgentMemory Vault |
|---|---|---|
| Cold start (no index) | 1.2s | 1.3s |
| Warm start (loaded index) | 0.4s | 0.5s |
| With 10K memories | 2.1s | 2.4s |
Memory Overhead
The vault adds approximately 8MB of resident memory for key management and crypto context, regardless of memory count. This is negligible compared to agentmemory's typical 50-150MB footprint.
Roadmap
Phase 1: Core Encryption (Current) โ
- AES-256-GCM StateKV encryption layer
- Field-level encryption for search indices
- Multi-tenant key isolation
- HMAC-SHA256 tamper-proof signing
- Legacy data compatibility
- Key rotation and export
- 25/25 test suite passing
Phase 2: Enterprise (Next) ๐ง
- C++ binary engine (hardware-accelerated AES-GCM)
- RBAC access control
- Compliance report generation (HIPAA/SOC2/GDPR)
- SSO integration (OIDC/SAML)
- Team memory sharing with encrypted channels
Phase 3: Scale (Future) ๐
- Private cloud deployment (Kubernetes helm chart)
- Multi-region key management (AWS KMS / Azure Key Vault integration)
- Audit log streaming (S3 / Elasticsearch / Splunk)
- Zero-trust architecture support
- FIPS 140-2 compliance
Changelog
v0.1.0 (2026-05-18)
Initial Release
- ๐ AES-256-GCM encryption layer for agentmemory
- ๐ PBKDF2-SHA512 key derivation with multi-tenant isolation
- ๐ Three-tier encryption policy (full / field-level / none)
- ๐ก๏ธ HMAC-SHA256 tamper-proof package signing
- ๐ Audit logging integration
- ๐ Key rotation support
- ๐ค Compatibility mode โ reads existing unencrypted data
- ๐งช 25/25 tests passing
- ๐ฆ npm package:
@homo/agentmemory-vault
Contributing
We welcome contributions! The vault adapter layer is Apache 2.0 licensed.
How to Contribute
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Before submitting a PR:
- Run the test suite:
node test/vault-test.js - Ensure all 25+ tests pass
- Add tests for new functionality
- Update documentation if needed
Development Setup
git clone https://github.com/sevenliuhu/agentmemory-vault.git
cd agentmemory-vault
npm install
npm testSupport
| Channel | Response Time | Availability |
|---|---|---|
| GitHub Issues | < 48h | Community |
WeChat: sevenliuhu |
< 4h | Business hours (GMT+8) |
| Email: homo-ai@outlook.com | < 24h | 7 days/week |
| Enterprise (Citadel tier) | < 1h | 24/7 |
Before opening an issue:
- Search existing issues
- Check our FAQ
- Run
agentmemory-vault diagnoseto collect diagnostics
Contact
WeChat: sevenliuhu
Email: homo-ai@outlook.com
GitHub: github.com/sevenliuhu/agentmemory-vault
Scan to contact us on WeChat
Related Projects
- agentmemory โ The #1 persistent memory for AI coding agents that AgentMemory Vault builds upon
- 9router Gateway โ Enterprise API gateway for LLMs with auth, audit, and rate limiting
- Skill Vault โ Encrypt and protect your AI agent skills with the same vault engine
- BrowserHand โ Stealth browser automation and anti-detection scraping toolkit
- Memory Vault โ Standalone encrypted memory vault (without agentmemory dependency)
Learn More
- agentmemory Architecture Deep Dive โ The design doc that inspired agentmemory (1200+ stars)
- HOMO Vault Engine Whitepaper โ Cryptographic design and threat model
- Compliance Guide โ HIPAA, SOC2, GDPR compliance with AgentMemory Vault
- Migration Guide โ Upgrading from agentmemory to AgentMemory Vault
Built with โค๏ธ by sevenliuhu & the HOMO team • AGPL v3.0 Open Core • Report Issue • Submit PR