Design-partner program

Sovereign Memory Pilot

Give one team's agents a governed, citable, local memory — in a 4–6 week pilot, on your machines, with zero data leaving your building.

MIT open-source, preview stage

The pilot

What it is

MemexLab is the governed memory layer for AI agents — MIT open-source, local-first, preview stage. In a pilot, we take one team's (or one executive's) knowledge base, bootstrap it into a plain-markdown vault on your hardware, and connect your agents (Claude Code, Claude Desktop, Cursor) to it through memexlab-mcp:

  • Citable answers — deterministic search; every answer points at your actual documents.
  • Governed writes — agents can file new notes only into inbox/, with provenance, every write logged. The canonical layer cannot be modified, by construction.
  • Sovereign — everything runs on your machines. Nothing reaches us. There is no cloud, no account, no telemetry.

The fit

Who it's for

Regulated and confidentiality-bound teams — finance, legal, healthcare — that want agent leverage without putting their knowledge in someone else's cloud.

The terms

What you get, what we ask

What you get

  • A working governed-memory setup for one team, on your hardware.
  • A weekly office hour with the founder for the length of the pilot.
  • A findings memo at the end: what worked, what didn't, what governance caught.

What we ask

  • A short written feedback form every two weeks (5 questions).
  • Permission to name you, privately, as a reference.
  • If the pilot succeeds: an anonymized case study and a letter of intent — public logo use only if you volunteer it.

Architecture

Architecture & security

Where your data lives: on your machines, as plain markdown files you can read, diff, and delete. The MCP server is a local process; agents talk to it over stdio. No cloud service, no account, no telemetry, no network calls from the memory layer.

Write boundary (enforced in code, not policy): agents can create notes only in inbox/, stamped with provenance (who, when, cited sources). Every write appends to an audit log (.memexlab/log.jsonl). There is no code path that modifies your canonical notes — verified by tests, including adversarial ones (path traversal, symlinks, injection).

Citations: retrieval is deterministic (BM25, no embeddings); results carry slugs, so answers cite your actual documents — auditable by anyone.

Compliance posture (stated honestly): local-first collapses most of the GDPR surface structurally — no cross-border transfer, no third-party processor; you remain sole controller. SOC 2 Type II is on our roadmap, not a current claim. The engine is MIT open source (github.com/btekmen/memexlab-engine) — your security team can read every line.

Model choice: bring your own — a local model (fully offline) or your own API key. The memory layer itself never talks to any model provider.

Design-partner program

Apply — we run at most two pilots at a time

Pilots are free. We run at most two pilots at a time — apply below and we'll schedule honestly.