Design Spec · Draft v1

Sarea Memory System

2026-05-13 · branch feat-memory · personal memory v1

TL;DR

Add personal memory for signed-in CoreSpeed users. Memory is on by default, manageable in Settings, shared across devices, and exposed to agents through a first-party CoreSpeed MCP endpoint. Sarea talks only to CoreSpeed-owned APIs and a local credential broker; agent subprocesses never receive Mem0 credentials or long-lived CoreSpeed tokens.

V1 scope ship

  • Personal memory for signed-in CoreSpeed users.
  • Default-on remote preference with local display cache.
  • Automatic compact turn ingestion after completed turns.
  • corespeed-memory MCP injection for new sessions when enabled.
  • Manage Memory UI: search, inspect, delete one, clear all.

V1 non-goals defer

  • No organization memory or admin controls.
  • No direct app-to-Mem0 calls.
  • No Mem0 credentials in agent subprocesses.
  • No custom MCP server URL support.
  • No separate Memory Service billing surface.
Billing boundary. The Memory Service itself is not charged as a separate product in v1. Model calls used by the memory backbone are charged/accounted through the existing AI gateway path, outside the Sarea client spec.

Decision

Use a CoreSpeed Memory Service backed by a self-hosted Mem0 deployment. Sarea owns preferences, UI, ingestion triggers, and MCP injection; the service owns JWT validation, policy, memory CRUD, and Mem0 integration.

CandidateFitDecision
Mem0Self-hostable OSS engine with REST APIs, per-user memory primitives, CRUD, and semantic search.Use behind the CoreSpeed service boundary.
Zep / GraphitiStrong temporal graph direction, but heavier and less direct for flat personal memory v1.Keep as phase 2 challenger for org and temporal memory.
LangMemUseful library abstractions, not a deployable multi-user service.Do not use as v1 platform.
memU, A-MEMInteresting research/proactive-agent direction, less mature for CoreSpeed account-bound SaaS memory.Revisit later.
GBrain / Hermes memoryOpinionated full-agent brain designs.Use only as design inspiration.
Avoid mem0ai/mem0-mcp directly. The public package was archived in March 2026 and points users toward hosted Mem0 MCP. Sarea should ship a CoreSpeed-owned MCP endpoint around the self-hosted service.

Architecture

Runtime path
Sarea MemoryStore CredentialBroker 127.0.0.1 /memory/mcp CoreSpeed Memory Service JWT + policy + MCP Mem0 CRUD + search AI Gateway model backbone broker token local CoreSpeed JWT upstream

Sarea owns

  • Preference state and Settings UI.
  • Compact turn-ingestion payloads.
  • Memory MCP config for new sessions.
  • Local broker route and per-launch broker auth.

Service owns

  • JWT validation and user-id scoping.
  • Preference, ingestion, management, and MCP APIs.
  • Mem0 calls and any metadata side table.
  • Model-backed extraction through the AI gateway.

Product Behavior

  1. Signed-in users get memory by default

    The service returns and persists enabled: true when no preference exists.

  2. Signed-out users get no memory

    No memory connector is injected and no conversation turns are sent.

  3. Turning memory off stops future capture

    It also removes memory tools from new or reloaded sessions, but it does not delete existing memories.

  4. Running sessions keep their spawn-time tools

    This matches Sarea's existing connector and credential behavior.

  5. Deletion is explicit

    Delete item and clear all are management actions with confirmation for clear all.

Data Flows

Preference

On launch and sign-in, MemoryStore fetches GET /memory/preferences. If the state is unknown, Sarea must not inject memory MCP or send ingestion payloads. A cached enabled value is display-only until the service confirms.

MCP injection

{
  "name": "corespeed-memory",
  "url": "http://127.0.0.1:<brokerPort>/memory/mcp",
  "headers": { "X-Broker-Auth": "<per-launch-token>" }
}

The broker forwards /memory/mcp to https://gateway.ai.<domain>/memory/mcp and injects a fresh CoreSpeed JWT upstream. The service scopes every read and write to the authenticated token subject.

Automatic ingestion

After a completed turn, Sarea builds a compact payload instead of dumping the full transcript. It includes the latest user prompt, final assistant summary, lightweight tool summaries, session identity, workspace hash, and agent id. 

{
  "sessionId": "uuid-or-agent-session-id",
  "sessionTitle": "Fix Sarea onboarding",
  "workspacePathHash": "sha256...",
  "agentId": "claude-code",
  "createdAt": "2026-05-13T18:00:00Z",
  "userPrompt": "The user's latest prompt",
  "assistantSummary": "A concise final answer or turn summary",
  "toolSummaries": [
    { "name": "apply_patch", "summary": "Edited SettingsView.swift to add..." }
  ]
}

MCP Tool Surface

ToolPurposeScope rule
search_memory(query, limit?)Find relevant personal memories.Authenticated user's personal scope only.
remember(text, source?)Write an explicit memory with optional provenance.Service derives user id from JWT.
update_memory(id, text)Update a memory by id.Service verifies ownership before mutation.
delete_memory(id)Delete one memory by id.Service verifies ownership before deletion.
list_memory(query?, limit?, cursor?)List or filter memory items for management and agent inspection.Personal scope only in v1.
Disabled means unavailable. Reads and writes should both be unavailable while memory is disabled so the off state is easy to reason about.

Settings And Management

Add a dedicated Settings -> Memory pane next to Account. Keep it separate from Account because management actions need space and confirmation flows.

Settings pane

  • Memory on/off toggle.
  • Status line for signed out, checking, enabled, disabled, and error states.
  • Manage Memory button.
  • Footnote: changes apply to new or reloaded sessions.

Manage Memory

  • Search field and memory item list.
  • Item text, timestamps, source session title, and source agent id.
  • Delete item action.
  • Clear all action with irreversible confirmation.

Service Implementation

EndpointUse
GET /memory/preferencesFetch default-on remote preference.
PUT /memory/preferencesToggle memory on/off.
POST /memory/ingestExtract durable memories from compact turn payloads.
GET /memory/itemsSearch/list memory items.
DELETE /memory/items/:idDelete one owned memory.
DELETE /memory/itemsClear all personal memory.
POST /memory/mcpStreamable HTTP MCP endpoint for agents.

The service validates the CoreSpeed JWT on every endpoint. The user id comes from the token subject, never from client-supplied payload fields. Preference storage is keyed by user_id; memory metadata can live in Mem0 or a CoreSpeed side table if needed for clean provenance.

Privacy And Security

Testing And Rollout

Client tests

  • Defaulting and cached fallback.
  • Connector included only when signed in and enabled.
  • Toggle affects new/resumed sessions only.
  • Ingestion fires only after completed turns.
  • Management failures preserve current UI state.

Service tests

  • JWT required on every memory endpoint.
  • User A cannot read/write/delete User B memories.
  • Disabled memory blocks ingestion and MCP.
  • Delete and clear all mutate only the correct personal scope.
  • Mem0 failures return controlled errors.

  1. Deploy staging service + self-hosted Mem0

    Wire the memory paths under the existing gateway host.

  2. Validate with internal accounts

    Check ingestion quality, delete semantics, and MCP behavior.

  3. Enable production for signed-in users

    Server can roll back by returning disabled or unavailable so clients stop ingestion and injection.