Mneme

Highlights

The missing link between "we have a sync engine" and "two devices, same encrypted memory, real demo." Device A transfers its master key to device B over an untrusted channel; an active MITM is caught by user-verified comparison of a 6-digit SAS on both screens.

// Device A (paired)
const session = alice.beginPairing()
const completed = await session.complete(responseFromB)
// user verifies completed.sas matches device B
const bundle = await completed.commit()

// Device B (fresh)
const accepted = await Mneme.acceptPairing(invite)
// user verifies accepted.sas matches device A
const { mneme: bob, recoveryPhrase } = await accepted.finalize(bundle, {
  path: '/path/to/b.sqlite',
  passphrase: 'bob-passphrase',
})
console.log(bob.publicKey === alice.publicKey) // true

• X25519 ECDH ephemeral key agreement
• HKDF-SHA256 session key + 6-digit SAS, domain-separated
• AES-256-GCM master-key bundle, sessionId bound as AAD for replay protection
• 5-minute session expiry
• B gets its OWN keyring — own passphrase, own 24-word recovery phrase — wrapping the same master-key bytes as A
• Same publicKey on both sides — mneme.publicKey is now a true cross-device identity
• ADR 0009 captures the full cryptographic design

What's in the repo today

• packages/protocol v0.0.1 — open spec types
• packages/sdk v0.0.7 — encryption + recovery + signing + sync + pairing
• packages/embedder-local v0.0.1 — on-device embeddings
• apps/mcp-server v0.0.1 — Claude Code-installable MCP server
• tests/conformance v0.0.1 — cross-implementation suite
• decisions/ — 9 ADRs

What's deliberately deferred

• Pairing transports (QR code, WebSocket signaling, hosted Cloud channel) — v0.0.8 wraps the ceremony in real wire transports
• Hosted Mneme Cloud sync target (apps/api) — v0.1.0
• Pairing revocation (requires master-key rotation) — future ADR
• Pairing attestation — addressed when hosted Cloud provides device registration

Try it

git clone https://github.com/ppserapiao/mneme
cd mneme
bun install
bun test    # 109 pass, 2 skip