Agents act on stored memory. But that memory can be edited, overwritten, or silently corrupted. verifiable-memory-mcp gives an agent an integrity layer: it checks memory before acting, stops if it was changed outside the approved flow, and exports portable evidence of what happened.
Try it
The sandbox lets anyone create controlled runs, trigger a prompt-injection warning, apply memory tamper, export an Evidence Record plus ECO artifacts, and verify them in the browser.
Generate clean runs, trigger a prompt-injection warning, apply memory tamper, and verify the resulting ECO artifacts in the browser.
Run the same integrity flow from the repository scripts, then export and verify the generated evidence on your own machine.
How it works
This is the product story a visitor should understand without extra explanation. The sandbox is controlled and repeatable: it demonstrates governed agent behavior under integrity failure, not a free-form live search demo.
A sample brief or criterion is loaded into verifiable memory as the starting state.
The agent reads that state and executes with an auditable memory checkpoint before acting.
The system records the cycle and prepares a portable ECO package describing what the agent relied on.
A later modification outside the approved flow changes the state the next run would inherit.
Before continuing, the agent detects that inconsistency and halts instead of acting on corrupted context.
The resulting evidence package captures the stop condition, the integrity finding, and the run metadata.
Anyone can re-check that package in the browser without trusting our backend or our screen.
Local install
The browser sandbox is the fastest way to understand the flow. The local path lets anyone reproduce the same sequence from the repository scripts without trusting the landing page.
Install the package and its local demo tooling.
npm install -g verifiable-memory-mcp
Reset the scenario, load the sample state, and execute one clean pass.
npm run demo:scenario:reset npm run demo:cycle
Alter the ledger outside the approved flow, then execute the next cycle.
npm run demo:tamper npm run demo:cycle-after-tamper
Export the ECO package, then open the independent verifier in your browser.
npm run demo:export npm run demo:verifier
The point is not general AI correctness. The point is whether the agent can prove the state it acted from and stop when that state changes.
Evidence
The main evidence artifact is an .eco package: the Evidence Record, an integrity anchor, agent decision metadata, and a human-readable report. The verifier checks it entirely in the browser.
Applied workflow proof
Beyond the sandbox, this pattern is being validated inside a full recruiting application workflow: verifying memory before action, pausing for owner approval, and stopping when integrity fails. A demo video will be published here once recorded.
Verifiable Memory MCP running inside a full application.
The recording will show external candidate documents, owner approval, evidence generation, and stop-by-integrity behavior in a real operational flow. Until it's published, the sandbox above remains the reproducible way to evaluate the pattern directly.
Verification stack
This is not a portfolio of separate products. Each workflow below applies the same control pattern to a different kind of information: before a system acts on a claim, it must be able to verify where that claim came from, what state it relied on, and whether that state changed.
Public primitive - reproducible and local.
A local, tamper-evident memory layer that lets agents verify what they know before acting - and stop when integrity fails. Install it from npm, tamper with it, verify it yourself.
Portable receipt.
Carries the evidence record, integrity state, decision metadata, and a human-readable report so another party can check what happened outside the original system.
Independent check.
Lets anyone inspect an evidence package in the browser without trusting our backend, our screen, or our claims. Verification stays separate from the workflow that produced the evidence.
Documents and agreements.
Evidence travels with document-centered workflows: integrity, export, and independent verification for operational records.
Provenance and custody.
Fingerprinting, witness, sealing, and exportable evidence for digital assets over time.
Personal verifiable memory.
AI assistant memory where answers can link back to the records that support them.
Controlled recruiting demo.
Agents verify memory before acting, pause for owner approval, and stop when integrity fails.
The common unit is not the industry. The common unit is the claim: who made it, what record supports it, what changed, and whether another party can verify it independently.
AI agents should not just act. They should prove the state they acted from, and stop when that state changes.