Memzi LogoMEMZI
Memzi Litepaper V2

The user-owned memory layer for AI agents

A local-first protocol for storing, retrieving, and permissioning portable memory across apps, agents, and ecosystems.

Local-first
Private Vault Runtime
Scoped
Revocable Access Grants
Portable
Memory Across Ecosystems
Contents
  1. 01Abstract
  2. 02Introduction
  3. 03Why Now
  4. 04The Problem
  5. 05The Memzi Thesis
  6. 06What Memzi Is
  7. 07Design Principles
  8. 08Core Primitives
  9. 09How Memzi Works
  10. 10The Access Layer
  11. 11The Memory Layer
  12. 12The Role of Web3
  13. 13Architecture Overview
  14. 14Example Use Cases
  15. 15Why Memzi Matters
  16. 16Comparison
  17. 17MVP Strategy
  18. 18Roadmap and Vision
  19. 19Closing
Section 01

Abstract

AI agents can plan, reason, call tools, and execute multi-step workflows, but most still lack one foundational capability: durable, portable memory. Today, memory is trapped inside applications, assistant silos, and vendor- controlled systems.

Memzi is the user-owned memory layer for AI agents. It provides a local-first, portable protocol for storing, retrieving, and permissioning memory across apps and ecosystems. Users maintain private memory vaults, organize memory into domains, and grant agents scoped access through programmable, verifiable, and revocable permissions.

At the permission layer, Memzi behaves like OAuth for AI memory. But the protocol is broader than delegated access alone: it also defines how memory is stored, organized, retrieved, and moved across software boundaries.

Section 02

Introduction

Software is entering an agentic era. AI systems are increasingly able to plan, coordinate tools, maintain workflows, and act as ongoing companions or operators.

But intelligence without memory has a hard ceiling. An agent that cannot remember preferences, prior decisions, working style, projects, relationships, and goals remains useful only in fragments. It can perform tasks in the moment, but it cannot accumulate continuity across tools and time.

Memzi exists to change that by treating memory as infrastructure rather than as a hidden feature inside one app.

Section 03

Why Now

Agents are becoming persistent software actors

AI systems are shifting from response engines to action engines. As they coordinate tools and execute multi-step work, statelessness becomes a real product ceiling.

Memory is becoming a control point

Memory determines continuity, onboarding speed, personalization, and switching costs. Whoever controls memory controls a large part of the user relationship.

Platform memory systems are emerging—but not user-owned

Products like mem0 provide excellent developer tools for AI memory, but memory remains platform-controlled. Users cannot port memory between applications, grant scoped access, or truly own their AI continuity. This creates memory lock-in.

Interoperability is becoming unavoidable

The future is many agents, copilots, assistants, and apps interacting across ecosystems. That world needs a standard way to store, organize, permission, and verify memory—with user ownership as the default.

Section 04

The Problem

Current AI memory is fragmented, platform-owned, and difficult to permission across ecosystems. Users generate the context, agents depend on the context, but the user rarely governs the context.

Memory is fragmented by design

Today's AI products remember things inside their own application boundaries, but those memories do not compose into a user-owned layer.

The user does not truly own AI memory

Even when memory is about the user, it usually sits in vendor-controlled systems, behind app-specific permissions, and is difficult to inspect, export, or reuse elsewhere.

Current solutions solve fragments, not the whole problem

App-specific memory, centralized APIs, vector stores, and fully on-chain experiments each address part of the stack, but not user ownership, portability, and trusted access together.

The stakes are increasing

Hiring, healthcare, finance, work, education, and travel agents all need durable context. The real question is who owns that memory and how access crosses software boundaries.

Section 05

The Memzi Thesis

Memzi is built on a simple thesis: memory should be a user-owned infrastructure layer for AI.

  • Persistent - memory should survive sessions, device changes, and product transitions.
  • Portable - memory should move with the user across apps, agents, and ecosystems.
  • Permissioned - access should be explicitly controlled through scoped, programmable policies.
  • Verifiable - agents and apps should be able to prove access rights are current and authentic.

From that thesis follows a broader architecture:

  • A local-first vault where memory is stored and retrieved.
  • A domain model that organizes memory into practical permission boundaries.
  • A standard interface for agents to read and write memory.
  • An Access Grant system for third-party authorization.
  • A verification layer that makes permissions portable and trustworthy.
  • Optional decentralized persistence for backup and cross-ecosystem continuity.
Section 06

What Memzi Is

Memzi is the user-owned memory layer for AI agents. It sits between four worlds: the user, the memory itself, the agents that need context, and the third-party ecosystems where access must be verified.

What It Enables
  • Store memory in a private vault.
  • Organize memory into domains.
  • Retrieve relevant context for agent tasks.
  • Grant scoped access to third-party agents and apps.
  • Revoke access later.
  • Port memory across products and devices.
What It Is Not
  • A public blockchain for raw personal memory.
  • A replacement for all application databases.
  • Only a vector store.
  • Only a sync layer.
  • Only an authorization standard.
  • Only a wallet product.

This makes Memzi both a runtime and a coordination layer: it defines how memory is stored and retrieved, and how access is granted and validated across systems.

Section 07

Design Principles

User-owned by default
Local-first by default
Permissioned, not ambient
Portable across ecosystems
Programmable access
Crypto for trust, not for friction
Off-chain for performance, anchored for trust
Practical over ideological
Section 08

Core Primitives

Vault

The user-controlled container for memory. It stores memory objects, performs retrieval, enforces policy, manages encryption, handles sync, and exposes access state to the user.

Domain

A permission boundary around a category of memory. Domains make memory understandable and shareable in practical slices such as personal/profile, professional/projects, or health/intake.

Memory Object

A structured unit of memory inside the Vault. It can represent a profile fact, preference, event, workflow instruction, credential reference, project note, or learned pattern.

Access Grant

A signed, user-authorized permission that allows an agent, app, organization, or group to access a defined scope of memory under defined conditions.

Section 09

How Memzi Works

Step 01

Memory is created and stored in a local-first encrypted Vault.

Step 02

The Vault organizes memory into Domains.

Step 03

Authorized agents retrieve relevant memory locally through a standard interface.

Step 04

Third-party agents request access with a stated scope, purpose, duration, and action set.

Step 05

The user approves or denies the request in a human-readable interface.

Step 06

The Vault issues a signed, scoped, revocable Access Grant.

Step 07

Access is verified before any allowed memory subset is returned.

Step 08

The user can revoke access later, causing future validation attempts to fail.

Section 10

The Access Layer

In the agent economy, many AI systems will need slices of user context. The access layer lets users share that context without re-entering it everywhere and without surrendering ownership to each platform.

An Access Grant defines:

  • Who can access memory.
  • Which domains or fields they can access.
  • What actions are permitted.
  • The purpose of access.
  • Duration and expiry.
  • Restrictions such as no-resale, no-training, no-export, or no-writeback.
  • Revocation state.
Example Grant

A hiring assistant requests access to professional/profile and professional/projects with read and summarize permissions for 24 hours, plus restrictions of no onward sharing and no writeback.

Section 11

The Memory Layer

Memzi does not only answer who can access what. It also defines what counts as memory, where memory lives, how it is organized, how agents retrieve it, and how it persists and moves over time.

Memory Categories
  • Profile memory for stable user facts and preferences.
  • Episodic memory for events, interactions, and decisions over time.
  • Semantic memory for abstracted knowledge and learned patterns.
  • Procedural memory for reusable workflows and agent instructions.
  • Credential and attested memory for verifiable claims or references.
Retrieval Signals
  • Relevance to task context.
  • Domain scope.
  • Permission boundaries.
  • Trust tier.
  • Recency.
  • Salience or importance.
Section 12

The Role of Web3

Memzi uses web3 where it strengthens ownership, portability, and verification. It does not depend on putting private memory on-chain.

Anchor Where Useful
  • User ownership anchors.
  • Access Grant hashes or references.
  • Revocation markers.
  • Attestation references.
  • Shared domain policy references.
  • Registry entries for approved identities or relying parties.
Keep Off-Chain
  • Raw memory payloads.
  • Embeddings.
  • Retrieval execution.
  • Most reads and writes.
  • Sensitive private content.

The guiding principle is simple: web3 should act as the trust rail, not the main user surface.

Section 13

Architecture Overview

Vault Layer

The local-first operational layer responsible for local storage, retrieval, encryption, memory indexing, access enforcement, and user visibility.

Domain Layer

The structural layer responsible for domain creation, subdomain structure, field-level views, and policy grouping.

Agent Interface Layer

The integration layer responsible for SDKs, APIs, MCP-compatible interfaces, and request/response semantics for memory access.

Access and Verification Layer

The trust layer responsible for access requests, grant issuance, revocation, identity validation, and relying-party trust checks.

Optional Persistence Layer

The portability and backup layer responsible for encrypted sync, multi-device restore, portable archives, and optional decentralized persistence.

Section 14

Example Use Cases

  • Hiring and interviews - bounded access to professional domains for interview prep and personalization.
  • Healthcare intake - temporary summary-only access to intake and medication domains before an appointment.
  • Financial planning - access to goals and profile constraints without exposing unrelated personal memory.
  • Education and tutoring - access to learning history and learning preferences for tailored guidance.
  • Work copilots - access to organization-approved shared domains for project and process continuity.
  • Cross-assistant continuity - new assistants can continue from prior context instead of starting from zero.
  • Creator and consultant workflows - curated professional context can be shared with specialized tools without repeating onboarding.
Section 15

Why Memzi Matters

Memory is becoming one of the core control points in AI. Whoever controls memory controls continuity, personalization, onboarding speed, agent usefulness, and long-term user dependence.

If memory remains siloed inside platforms, the future of AI becomes more locked-in, less portable, and less user-controlled. If memory becomes a user-owned layer, users gain leverage, developers gain a standard, and third- party ecosystems gain a way to interoperate responsibly.

Section 16

Comparison to Existing Approaches

App-specific memory

Useful but siloed. It improves one product, not the ecosystem.

Centralized memory APIs

Convenient but provider-controlled. The provider remains the gatekeeper.

Vector stores

Powerful retrieval infrastructure, but not a solution for user ownership, permission semantics, or cross-ecosystem portability.

Fully on-chain memory

Strong on permanence and openness, but impractical for most private, high-frequency AI memory workflows.

Memzi

Combines local-first storage, memory structure, agent access, programmable permissions, portable verification, and optional decentralized trust anchors.

Section 17

MVP Strategy

The first goal is to prove a simple, compelling primitive: a user can store memory in a private vault and grant a third-party agent scoped, portable, verifiable access to that memory.

  • Local encrypted Vault.
  • Domain model.
  • Memory Objects.
  • Access Grant request / approve / deny / revoke flow.
  • Basic retrieval engine.
  • Grant validation engine.
  • TypeScript SDK.
  • Basic MCP-compatible provider.
  • User-facing Vault UI.
  • Optional encrypted backup.

The ideal first demo is a hiring assistant that requests access to professional/profile and professional/projects, receives read-only summary access for 24 hours, retrieves only the allowed context, and is later revoked by the user.

Section 18

Roadmap and Long-Term Vision

Phase 1

Vault and grants

Encrypted local Vault, domain model, memory creation and retrieval, Access Grants and revocation, and an SDK with minimal agent integration.

Phase 2

Portable verification

Signed grant validation, verification API, optional registry anchoring, and multi-device restore.

Phase 3

Richer memory and permissions

Field-level permissions, summary-only and proof-only access, trust-aware retrieval, and shared domains for teams and families.

Phase 4

Ecosystem layer

Open protocol spec, multiple SDKs, partner integrations, portable memory packs, and attestation and credential support.

In the long term, Memzi can become the default memory layer for the agent economy: the portability rail for context across software, the permission layer for third-party access, and the trust layer for verifiable sharing.

Section 19

Closing

AI agents are becoming powerful enough to act on behalf of users. But without a user-owned memory layer, they remain fragmented, forgetful, and trapped inside app silos.

By combining local-first memory storage, structured domains, standard agent access, programmable Access Grants, portable verification, and optional decentralized trust rails, Memzi turns memory into infrastructure for the agent era.

Memzi is the user-owned memory layer for AI agents.

Portable, programmable, and controlled on user-defined terms.