Build an open protocol for user-owned AI memory

Build an open-source protocol and reference implementation for a user-owned personal AI memory layer: a local-first knowledge graph where a person’s devices can ingest evidence from sources like calendars, notes, photos, messages, contacts, and app activity; derive claims about the user; attach provenance to every claim; and let the user inspect, correct, refute, export, synchronize, delegate, and revoke those claims. The goal is not to build another chatbot. The goal is the substrate a personal AI would need if it were owned by the user instead of by an app vendor. The system should treat raw evidence, derived claims, corrections, permissions, and inference calls as signed operations in an append-only log that can sync between user-controlled nodes: phone, laptop, home server, or trusted third party. Claims should form a derivation graph so corrections cascade. Sharing should be capability-based: a user can grant a partner, assistant, clinic, coach, retailer, or researcher access to a narrow slice of claims without revealing the underlying evidence, then revoke that access mechanically. Deliverables should be staged and public: A concise architecture and threat model. A minimal wire format and operation log schema. A reference local node with import adapters for at least calendar data, notes, and mock photo metadata. A derivation engine that produces claims with provenance and confidence. A UI or CLI where users can inspect and refute claims and see why each suggestion was made. A sync and capability demo showing two user-owned nodes and one delegated third-party node. Tests, sample datasets, documentation, and explicit non-goals. The end state should be a small but real demo: an assistant can answer “what do you know about me and why?”, the user can correct it, the correction invalidates downstream claims, and a delegated node can receive only an authorized subset of the graph. Everything should be open, auditable, portable, and designed so another implementation could interoperate with it.

AI is starting to remember us. Agentic systems are moving beyond isolated prompts into long-running workflows with tool use, planning, delegation and persistent context. At the same time, context windows are getting larger, making it easier for us to pour more about a person into inference: messages, calendars, photos, tasks, locations, documents, history. I think context memory will become a foundational layer of computing, but we need to take from the lessons of the past. If this agentic memory layer belongs to vendors, with no standard pattern of how to port, extract, examine the inferences made about the data you provide - then your digital context becomes a vendor lock-in play. It will be useful, intimate, powerful, and assistive - but it won't truly be yours. There is no "file format" for context. This project advocates for a different future: open-source, user-owned memory infrastructure for AI. Claims have provenance, corrections can cascade, access is scoped and revocable. A standardized format allows you to export your inferences from one provider to another, or run a local LLM stack at home. The core thesis behind this project started with the idea that a user should always have the opportunity to ask "What do you think you know about me, and why?" and get a useful result, and a developer should be able to build against persistent user memory without owning it. This project is in active development. Reach out :)

Produce the foundational public design package: project goals, explicit non-goals, terminology, user stories, trust assumptions, adversary model, privacy risks, local-first architecture, data-flow diagrams, node roles, lifecycle of evidence/claims/corrections/permissions, and the staged MVP definition for an interoperable user-owned AI memory layer.

Define the minimal interoperable protocol objects and canonical serialization rules: identities, devices, raw evidence records, derived claims, provenance links, confidence scores, refutations, corrections, inference calls, delegations, revocations, sync envelopes, and export bundles. Include JSON Schemas, examples, validation rules, versioning rules, and compatibility guidance.

Design and document the append-only log as the protocol source of truth. Specify operation types, canonical signing payloads, hash chaining or DAG linking, Ed25519 key handling, device keys, author identities, replay rules, conflict handling, tombstones, revocation mechanics, verification algorithms, and test vectors for valid and invalid logs.

Create the open-source reference implementation scaffold with a practical stack, package structure, coding standards, CI configuration, linting, test harness, sample config, developer docs, and core modules for schema validation, canonical encoding, key generation, signing, signature verification, operation creation, and fixture loading.

Implement the local-first node persistence layer using a simple portable store. Build modules for storing signed operations, projecting them into a queryable knowledge graph, indexing evidence and claims, reconstructing derivation edges, exporting/importing bundles, validating log integrity, and exposing a small internal API for adapters, derivations, CLI, and sync.

Build the first ingestion adapters: calendar import from common exported formats or fixtures, notes import from Markdown/text directories, and mock photo metadata import from JSON/CSV fixture data. Each adapter should create signed evidence operations, normalize metadata, preserve source provenance, avoid over-collection, and include sample datasets and tests.

Implement the claim layer on top of ingested evidence: claim creation APIs, typed claim categories, source attribution, confidence representation, provenance graph construction, human-readable explanation strings, claim status tracking, derived-from edges, and projection queries such as 'claims about me', 'claims from this evidence', and 'why does this claim exist?'.

Create an auditable derivation engine that turns evidence into initial claims without requiring a chatbot. Include deterministic rules for calendars, notes, and mock photo metadata; confidence calculation; inference-call operation records; derivation graph updates; repeatable recomputation; debug traces; and tests showing how claims are produced from sample evidence.

Implement user correction and refutation operations. Add mechanisms for marking claims disputed, superseded, corrected, or invalid; propagating invalidation to downstream derived claims; recomputing affected claims; preserving the audit trail; explaining cascade effects; and testing scenarios where one corrected fact changes multiple downstream suggestions.

Build a user-facing CLI that lets a person initialize a node, import sample data, list evidence, list claims, inspect provenance, ask 'what do you know about me and why?', refute or correct a claim, view cascade results, export the graph, and run verification checks. Include polished help text, scripted demo flows, and CLI tests.

Specify and implement the first capability model for delegated access. Define scoped grants over claim subsets, attenuation, expiration, recipient identity, selective disclosure without raw evidence, revocation operations, authorization checks, delegated export bundles, and examples for a partner, assistant, clinic, coach, retailer, or researcher receiving narrow graph slices.

Implement a minimal sync protocol and demo transport for two user-owned nodes and one delegated third-party node. Include push/pull exchange of signed operations, verification on receipt, idempotency, conflict handling, projection rebuilds, capability-filtered replication, revocation propagation, and scripts that demonstrate laptop, home server, and delegated node behavior.

Build the third-party delegated node demo that can receive only an authorized subset of claims, cannot inspect underlying evidence unless granted, rejects unauthorized operations, handles revocation mechanically, and shows before/after access views. Include sample scenarios and tests proving that hidden evidence remains hidden from the delegated node.

Create a small local web UI or terminal-friendly dashboard for the demo: overview of evidence sources, claim cards, provenance graph view, confidence and explanation display, correction/refutation actions, cascade visualization, capability grants, delegated-node access preview, and export/download controls. Keep it minimal but usable for public demonstration.

Add a narrow assistant-facing interface that answers questions from the local memory graph rather than acting as a general chatbot. Implement queries such as 'what do you know about me?', 'why do you believe that?', 'what changed after my correction?', and 'what can this delegate see?'. Include deterministic fallback behavior and scripted demo transcripts.

Expand test coverage across the protocol and implementation: schema conformance, signature verification, tamper detection, operation replay, import adapters, derivation rules, correction cascades, capability filtering, revocation, sync idempotency, export/import portability, and end-to-end demo scenarios. Include reusable fixtures and documented test vectors for other implementations.

Prepare the public release: README, quickstart, architecture summary, protocol reference, operation examples, implementer guide, adapter guide, privacy and safety notes, explicit non-goals, roadmap, contribution guide, license recommendations, changelog, demo scripts, sample datasets, and a v0 release checklist suitable for other developers to build against.