Build an open protocol for user-owned AI memory

Build an open-source protocol and reference implementation for a user-owned personal AI memory layer: a local-first knowledge graph where a person’s devices can ingest evidence from sources like calendars, notes, photos, messages, contacts, and app activity; derive claims about the user; attach provenance to every claim; and let the user inspect, correct, refute, export, synchronize, delegate, and revoke those claims. The goal is not to build another chatbot. The goal is the substrate a personal AI would need if it were owned by the user instead of by an app vendor. The system should treat raw evidence, derived claims, corrections, permissions, and inference calls as signed operations in an append-only log that can sync between user-controlled nodes: phone, laptop, home server, or trusted third party. Claims should form a derivation graph so corrections cascade. Sharing should be capability-based: a user can grant a partner, assistant, clinic, coach, retailer, or researcher access to a narrow slice of claims without revealing the underlying evidence, then revoke that access mechanically. Deliverables should be staged and public: A concise architecture and threat model. A minimal wire format and operation log schema. A reference local node with import adapters for at least calendar data, notes, and mock photo metadata. A derivation engine that produces claims with provenance and confidence. A UI or CLI where users can inspect and refute claims and see why each suggestion was made. A sync and capability demo showing two user-owned nodes and one delegated third-party node. Tests, sample datasets, documentation, and explicit non-goals. The end state should be a small but real demo: an assistant can answer “what do you know about me and why?”, the user can correct it, the correction invalidates downstream claims, and a delegated node can receive only an authorized subset of the graph. Everything should be open, auditable, portable, and designed so another implementation could interoperate with it.

A concise but rigorous public spec set: system architecture (evidence -> claims -> capabilities -> sync), data ownership and trust model, threat model covering device compromise, malicious delegates, sync adversaries, and inference poisoning; explicit non-goals; glossary of core concepts (evidence, claim, derivation, capability, revocation); and a roadmap mapping every later milestone to the architecture. Delivered as versioned markdown documents suitable for open-source publication and external review.

A minimal, implementation-agnostic protocol specification: canonical serialization for signed operations (evidence-ingest, claim-assert, correction, refutation, permission-grant, revocation, inference-call), append-only log structure with hash chaining, key and identity model, derivation-graph references, and conflict/merge semantics for multi-node logs. Includes JSON Schema definitions, worked byte-level examples, a conformance test-vector suite (valid and invalid operations), and an interoperability checklist so a second implementation could be built from the spec alone.

A working local-first reference node (single language, no external services): append-only signed operation log with local storage, key management, and verification; import adapters for calendar data (ICS), notes (markdown/plain text), and mock photo EXIF metadata, each emitting provenance-tagged evidence operations; realistic synthetic sample datasets for a fictional user; unit and integration tests; and developer documentation covering setup, adapter authoring, and log inspection.

The claim-derivation layer: rule- and heuristic-based derivers that turn evidence into claims (e.g., routines, relationships, places, preferences) with attached provenance chains and calibrated confidence; a derivation graph so every claim records its inputs; correction and refutation operations that mechanically invalidate or re-derive downstream claims; explanation records answering 'why does the system believe this?'; full test suite including cascade-invalidation scenarios and confidence regression tests; and documentation of the derivation model.

A user-facing CLI/TUI over the reference node: browse claims by topic, drill into provenance down to raw evidence, view confidence and derivation explanations, correct or refute any claim and watch downstream effects, export the full graph in the wire format, and audit the operation log. Includes scripted walkthroughs of the canonical demo flow ('what do you know about me and why?' followed by correction and cascade), usability documentation, and tests for every interactive command.

Multi-node completion: log synchronization between two user-owned nodes (phone-like and laptop-like) with conflict handling; capability-based delegation granting a third-party node a narrow, claim-only slice without underlying evidence; mechanical revocation that the delegate node verifiably honors; an end-to-end scripted demo tying all milestones together; conformance results against the milestone-2 test vectors; sample datasets, full project documentation, interoperability guide for second implementations, and a public README with stated non-goals and security caveats.