Skip to content

Mneme

v0.0.4 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 15d LLM Frameworks
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-memory bun encryption local-first mcp
+5 more
memory open-protocol privacy sdk typescript

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Schema break requires deleting v0.0.3 SQLite stores before upgrading to v0.0.4.

Full changelog

Highlights

  • BIP-39 24-word recovery phraseMneme.initialize({ passphrase }) returns the phrase exactly once. Either the passphrase or the recovery phrase unlocks the SAME store. Forgotten passphrase no longer = lost data.
  • Ed25519 signed writes — every encrypted write carries a cryptographic signature derived deterministically from the master key (HKDF-SHA256). Every read verifies it. mneme.publicKey is a stable identifier any third party can use to verify provenance.
  • Lexical recall under encryption now throws instead of silently returning []. Clear pointer at the embedder option in the error message.
  • API split: Mneme.initialize() for fresh encrypted stores, Mneme.open() for existing ones. Sync constructor stays plaintext-only.
  • ADR 0006 captures the dual-wrapping master-key model, the Ed25519/HKDF choice, and the deliberate v0.0.3 schema break.

Breaking change

The v0.0.3 crypto_metadata keyring is not auto-migrated. v0.0.4 uses a new mneme_keyring table with a different shape (random master key + dual wrapping). If you have a v0.0.3 SQLite file (only dev-preview test stores should), delete it and re-initialise. ADR 0006 §"Schema break" explains the reasoning (zero production users; auto-migration is a v0.0.5 helper if anyone asks).

What's in the repo today

  • packages/protocol v0.0.1 — open spec types
  • packages/sdk v0.0.4 — encryption + recovery + signing
  • packages/embedder-local v0.0.1 — on-device embeddings
  • tests/conformance v0.0.1 — cross-implementation suite
  • docs/protocol/v0.1.md — public wire spec
  • decisions/ — 6 ADRs

Try it

git clone https://github.com/ppserapiao/mneme
cd mneme
bun install
bun test    # 70 pass, 2 skip

import { Mneme } from '@mneme/sdk'
import { LocalEmbedder } from '@mneme/embedder-local'

// First time
const { mneme, recoveryPhrase } = await Mneme.initialize({
  passphrase: 'correct horse battery staple',
  embedder: new LocalEmbedder(),
})
console.log('SAVE THIS:', recoveryPhrase)
console.log('Public key:', mneme.publicKey)

await mneme.remember({ kind: 'fact', body: 'london resident' })
const matches = await mneme.recall('where they live')

// Later — passphrase or recovery, same store
// const mneme = await Mneme.open({ passphrase: '...' })
// const mneme = await Mneme.open({ recoveryPhrase: '...' })

Breaking Changes

  • v0.0.3 `crypto_metadata` keyring is not auto-migrated; new stores use a different `mneme_keyring` table shape requiring manual deletion of v0.0.3 SQLite files.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mneme

Get notified when new releases ship.

Sign up free

About Mneme

All releases →

Related context

Beta — feedback welcome: [email protected]