SAIHM gives AI agents a single, client-side-encrypted memory that any model can read — and that you can cryptographically erase. The store holds only ciphertext; it never sees your keys or your data.
Three facts are sealed on the client and stored on a blind endpoint. The same memory grounds two different models at once. Then one fact is forgotten — crypto-shredded — and every model loses access. This is a real run (offline mock answers; bring your own keys for live ones):
$ npm install && node demo.mjs
custody : non-custodial (the endpoint stores ciphertext only; it holds no key)
models : Claude + DeepSeek
Sealed and stored 3 facts (the endpoint now holds 3 opaque shards).
(1) One memory, every model -- Claude and DeepSeek, both grounded in SAIHM:
[Claude - offline mock] [DeepSeek - offline mock]
What I know about you: What I know about you:
- My name is Dana Okafor. - My name is Dana Okafor.
- I am allergic to penicillin. - I am allergic to penicillin.
- I am building a Rust ray tracer. - I am building a Rust ray tracer.
Medically: avoid penicillin. Medically: avoid penicillin.
(2) Provable erasure -- forget the allergy, then ask again:
forget("I am allergic to penicillin.") -> recall now returns: NOTHING (crypto-shredded)
[Claude - offline mock] [DeepSeek - offline mock]
What I know about you: What I know about you:
- My name is Dana Okafor. - My name is Dana Okafor.
- I am building a Rust ray tracer. - I am building a Rust ray tracer.
Medically: nothing remembered. Medically: nothing remembered.
Per-vendor memory locks your context inside one model's account. SAIHM is a layer you own — portable, provably erasable, and shareable between agents.
| Capability | Built-in model memory | SAIHM |
|---|---|---|
| Portable across models — one live store, not a lossy manual import | ✗ | ✓ |
| Cryptographically provable erasure (crypto-shred, GDPR Art. 17) | ✗ | ✓ |
| Shareable to other agents, end-to-end authenticated | ✗ | ✓ |
| Operator holds no key — non-custodial, not just encrypted at rest | ✗ | ✓ |
| Tamper-evident — each cell's integrity is anchored on-chain (live service) | ✗ | ✓ |
| Post-quantum cryptography (ML-DSA-65 / ML-KEM-768) | ✗ | ✓ |
Two short reads on the problem and the approach:
A dedicated demo for each model. Every one runs offline against an included sandbox — no account needed to try it — or grounds a live answer with your own key. The memory is identical — that's the point: it's portable across all of them.
Ground Claude in a memory you own, then carry the same store to every other model.
git clone https://github.com/citw2/demo-claude cd demo-claude && npm install && node demo.mjs
A memory layer GPT can read — one you hold the keys to, not your OpenAI account.
git clone https://github.com/citw2/demo-openai cd demo-openai && npm install && node demo.mjs
Seal three facts client-side, ground DeepSeek in them, then prove you can erase one.
git clone https://github.com/citw2/demo-deepseek cd demo-deepseek && npm install && node demo.mjs
Give Qwen a memory that doesn't stay locked to one vendor's account.
git clone https://github.com/citw2/demo-qwen cd demo-qwen && npm install && node demo.mjs
Wire Moonshot's Kimi to a portable, provably erasable store you control.
git clone https://github.com/citw2/demo-kimi cd demo-kimi && npm install && node demo.mjs
Ground Zhipu's GLM in one memory, then carry it to Claude, GPT, or any model.
git clone https://github.com/citw2/demo-glm cd demo-glm && npm install && node demo.mjs
Want them side by side? demo-cross-model-memory grounds two models from the same store at once.
A drop-in BaseChatMessageHistory for LangChain and a BaseMemory for LlamaIndex. The same store opens from both — sealed client-side, provably erasable, and Python never holds a key.
Give any LangChain or LlamaIndex app a memory you own — one store, both frameworks, erasure you can prove.
git clone https://github.com/citw2/saihm-langchain cd saihm-langchain && npm install python3 -m venv .venv && . .venv/bin/activate pip install -r requirements.txt && python demo.py
Re-sending an agent's whole history every turn is the dominant cost of long sessions. A small, offline, reproducible benchmark tokenizes a multi-session transcript two ways — full-history resend vs recalling a bounded set of memory cells — and reports the context-token reduction. It grows with session length: about 79% at ten turns, ~86% by eighteen. No API calls, no cost.
git clone https://github.com/citw2/saihm-token-benchmark cd saihm-token-benchmark npm install node benchmark.mjs # offline; tokenizes with gpt-tokenizer node benchmark.mjs --file your-session.json # run it on your own transcript
Your master secret derives a post-quantum identity and a key-encryption key. Every cell is signed (ML-DSA-65) and encrypted (AES-256-GCM) before it leaves your process.
Only opaque ciphertext is sent. The endpoint stores it, anchors each cell's integrity on-chain, and meters usage — all without ever holding a key, so it cannot read your memory.
forget destroys the wrapped key. The ciphertext becomes unrecoverable noise — erasure you can prove, for every model at once.
git clone https://github.com/citw2/demo-cross-model-memory cd demo-cross-model-memory npm install node demo.mjs # offline sandbox, no account
Prefer it inside your editor? demo-claude-code runs SAIHM as an MCP server for Claude Code, Cursor, and any MCP host.
Ready for durable, hosted, blind memory across all your agents? Join SAIHM and point the same demo at the live endpoint.
The local sandbox is an offline stand-in so you can try the protocol with no account; it is not the SAIHM service. Going live requires a paid membership.
If you want every agent to have portable, provable memory, the fastest way to help is to star the repos and share this page.