Technical Whitepaper · v1.0 · 2026-06-03

EngramPort: GraphRAG Memory for AI Agents

A whitepaper from Covenant Systems AI LLC.

Every claim in this document has been verified against the live production system as of June 3, 2026. Features that exist on roadmap but not in production are explicitly marked. We do not make claims we cannot demonstrate.

Executive Summary

EngramPort is a plug-and-play GraphRAG memory layer for AI agents. One npm install gives any MCP-compatible client (Claude Desktop, Claude Code, Cursor, Continue, Cline, Zed, Goose) durable, semantic, graph-connected memory backed by Pinecone vectors, Supabase Postgres, and the AEGIS cryptographic provenance ledger.

Users bring their own LLM provider key (Anthropic, OpenAI, Google, DeepSeek, Mistral). Their inference cost stays with their provider. Their data stays in their tenant. Their model choice stays with them. EngramPort never holds plaintext provider credentials and never bills the user for LLM inference.

The product ships as engramport@2.0.0 on npm. Public API surface lives at api.engramport.com. Stripe webhook ingress at hook.engramport.com. Both routes are fronted by a thin proxy service in a domain-restricted GCP project, with the substrate (eidetic-v3) remaining fully internal.

The Problem

Every AI agent built today suffers from the same flaw: it forgets.

A Claude Desktop session researches a topic, drafts a plan, and closes. The next session starts blank. A Cursor window writes a feature spec, ships it, exits. The next coder loses every justification. Two agents collaborating on the same task cannot see each other's work. Cross-session, cross-agent, cross-vendor coordination is structurally impossible without external infrastructure.

The pain shows up in three places:

Repetitive context. Users re-explain preferences, history, and constraints every session.
No personalization. Agents cannot learn what matters to individuals over time.
No swarm coordination. In multi-agent setups (a code agent + a planning agent + a reviewer), each operates in isolation. Shared context requires manual relay through a human.

Existing solutions require teams to provision a vector database, build embedding pipelines, implement namespace isolation, manage authentication and key rotation, add cryptographic provenance for compliance, and maintain all of it. This is weeks of infrastructure work before any actual product behavior gets built.

The Solution: EngramPort

EngramPort abstracts the memory stack to one install command. After signup at engramport.com, any developer receives a tenant API key with the prefix ek_. Configuring an MCP-compatible client takes three environment variables. From that moment, the client has tools backed by a graph-aware semantic memory layer.

npm install -g engramport

# In your MCP client config:
ENGRAMPORT_API_URL=https://api.engramport.com
ENGRAMPORT_API_KEY=<your ek_ key>
ENGRAMPORT_NAMESPACE=<your namespace>

Three properties make EngramPort different from previous memory products:

Plug-and-play GraphRAG

Recall returns vector-similarity direct matches plus graph-connected context nodes traversed from the matches. This is verifiable: a recent production recall returned 3 direct matches and 20 graph-connected nodes from a single query, all ranked by combined relevance. The graph layer preserves structure between memories, not just similarity.

MCP-native distribution

EngramPort ships as an npm package that implements the Model Context Protocol. Works with Claude Desktop, Claude Code, Cursor, Continue, Cline, Zed, Goose, and any MCP-compatible client without integration code or SDKs. The same package powers Covenant Systems' own internal multi-session coordination.

Bring Your Own LLM

Users supply their own Anthropic, OpenAI, Google, DeepSeek, or Mistral API key via a one-time POST to /v1/llm-credentials/save. The provider key is encrypted at rest with the AEGIS vault key using AES-256-GCM. EngramPort never holds the plaintext credential after this call. When the user requests an inference-bearing operation (chat, reflect), the substrate retrieves the encrypted credential, decrypts in memory, makes the provider call on the user's behalf, and discards the plaintext. The provider bills the user directly. EngramPort records a $0 usage_ledger row for audit; no cost passthrough.

How It Works

Step 1: Sign up

Sign up at engramport.com. Receive a tenant ID, namespace prefix, and an ek_ API key. The raw key is shown once at registration; only its SHA-256 hash is stored. Lose the key and you mint a new one.

Step 2: Install and configure

Install the npm package globally:

npm install -g engramport

Add an entry to your MCP client's configuration. For Claude Desktop:

{
  "mcpServers": {
    "engramport": {
      "command": "engramport",
      "env": {
        "ENGRAMPORT_API_URL": "https://api.engramport.com",
        "ENGRAMPORT_API_KEY": "ek_...",
        "ENGRAMPORT_NAMESPACE": "your-namespace"
      }
    }
  }
}

Restart your MCP client. Eight tools become available: chat, dream, groom, inspect, recall, reflect, remember, upload.

Step 3: Use direct REST (optional)

Developers who prefer raw HTTP can call the API directly:

# Ingest a memory
curl -X POST https://api.engramport.com/v2/memory \
  -H "X-API-Key: ek_..." \
  -H "Content-Type: application/json" \
  -d '{"namespace":"your-ns","content":"What you want to remember"}'

# Recall by semantic + graph
curl -X POST https://api.engramport.com/v2/recall \
  -H "X-API-Key: ek_..." \
  -H "Content-Type: application/json" \
  -d '{"namespace":"your-ns","query":"What did I want to remember?","top_k":5}'

Architecture

EngramPort runs on a two-project GCP architecture. The substrate (eidetic-v3) stays internally authenticated and fully locked down. Public traffic flows through a thin proxy service in a separate domain-restricted project, with all authentication validated before requests reach the substrate.

Public Internet
    │
    │  (Stripe webhooks, MCP clients with ek_ keys)
    ▼
api.engramport.com / hook.engramport.com
    │
    │  Cloud Run domain mapping
    ▼
engramport-public-gateway (covenant-public project)
    │  · allow-unauthenticated, DRS-relaxed
    │  · path-routes /v1/*, /v2/*, /v1/stripe/webhook
    │  · mints OIDC token via gateway SA
    ▼
eidetic-v3 (an2b-beast-prod project)
    │  · IAM-locked; only gateway SA can invoke
    │  · Phase 4 middleware validates ek_ → resolves tenant
    │  · Phase 2.5 BYO LLM credentials decrypt
    │
    ├──→ Pinecone (vectors, per-namespace index)
    ├──→ Supabase Postgres (tenants, api_keys, llm_credentials, usage_ledger)
    └──→ AEGIS provenance ledger (RSA + SHA-256 dual strand)

Stack summary:

Component	Technology	Purpose
API Server	FastAPI on Google Cloud Run	Auto-scaling, serverless
Vector Store	Pinecone	Namespace-isolated similarity search
Database	Supabase Postgres	Tenants, API keys, credentials, usage
Provenance	AEGIS (SHA-256 + RSA-PKCS1-v1.5)	Tamper-evident audit trail
Credential Vault	AES-256-GCM with AEGIS key	BYO LLM key encryption at rest
Public Ingress	Cloud Run domain mapping	Public-facing, OIDC-bridged to substrate
Billing	Stripe Checkout + webhooks	Subscription lifecycle
Frontend	Next.js 16 on Vercel	Landing, signup, dashboard

Security Model

API key architecture

Every tenant receives one or more api_keys with the prefix ek_. The raw key is generated cryptographically (URL-safe random bytes), shown to the user exactly once, and never persisted in any form. Only the SHA-256 hash and the first 12 characters (as a display prefix) are stored. Verification uses constant-time hash comparison.

Each api_key carries a JSONB scopes field listing the namespaces that key is permitted to read or write. Cross-namespace access is rejected at the middleware layer before any vector or database operation begins. There is no mechanism for one tenant to access another tenant's memories.

AEGIS cryptographic provenance

Every memory written through EngramPort receives a cryptographic provenance record using a dual-strand hashing algorithm:

strand_a_hash  = SHA-256(source_content)
strand_b_hash  = SHA-256(embedding_metadata_json)
provenance_hash = SHA-256(strand_a_hash + strand_b_hash + ISO_timestamp)
signature       = RSA-PKCS1-v1.5-SHA256(provenance_hash, private_key)

This delivers tamper evidence (any modification invalidates the hash chain), existence proof (timestamped record of creation), authorship attribution (RSA signature ties provenance to the substrate), and an audit trail.

BYO LLM credential encryption

Provider keys (Anthropic, OpenAI, Google, DeepSeek, Mistral) are encrypted at rest using AES-256-GCM with the AEGIS vault key. Storage columns include only ciphertext, nonce, and authentication tag. Bit-flip tampering is detected at decrypt time and rejected. The plaintext key exists in memory only during inference; it is never logged, never returned via API, and never appears in stored telemetry.

Row-level security

All Supabase tables have row-level security enabled with zero policies (deny-by-default). Backend access uses the service-role key which bypasses RLS; anonymous and authenticated client access is denied. The frontend never holds the service-role key.

What Makes EngramPort Different

The honest market read, where each alternative is strong and where it breaks:

Alternative	Strength	Where It Breaks
Mem0	Mature, well-funded, Python SDK	Not MCP-native (write integration code); single inference model
Zep	Strong knowledge-graph memory, recent MCP support	Chat-history-shaped, enterprise-focused, no BYO LLM
OpenAI Memory / Claude Memory	Built into vendor product	Single-vendor lock-in; no cross-client portability
Anthropic reference memory MCP	Free, MCP-native	File-based, local, single-user, no managed service
DIY (Pinecone + glue code)	Full control, no third party	Weeks of infrastructure work; ongoing maintenance burden

EngramPort sits at the intersection: MCP-native (so distribution works in any modern AI tool), BYO LLM (so users keep model choice and inference billing), graph-aware (so recall returns structure not just similarity), and cryptographically auditable (so compliance buyers have a defensible audit trail). That four-way combination is unique in the current market.

Pricing

Plan	Engrams	Namespaces	Price
Free	1,000	1	$0
Hobbyist	10,000	5	$9 / mo
Pro	100,000	Unlimited	$29 / mo
Team	1,000,000	Unlimited + team mgmt	$99 / mo
Enterprise	Custom	Custom	Contact sales

All plans include AEGIS cryptographic provenance, BYO LLM, semantic + graph recall, namespace isolation, and the full MCP tool set. Higher tiers add per-namespace cost caps, team key management, shared bus across team members, and audit log export.

Roadmap (Honest)

The following features are documented in product strategy but are not yet in production. We mention them because they shape the longer arc, not because they are available today. We will not market them as live until they are.

Multi-Agent Orchestra. Conductor keys that orchestrate cross-namespace synthesis across multiple agent tenants. Concept is sharp; implementation is queued.
DreamState scheduling. Background reflection and insight extraction that runs while the agent is idle. Not shipped.
Bus subscription webhooks. Subscribe an external URL to specific memory kinds across your namespaces. Internal prototype only.
Self-host edition. Enterprise tier deployments with customer-managed infrastructure. Available via direct engagement.
Mintlify docs site at docs.engramport.com. The current docs page is a placeholder; full documentation ships alongside the public launch.

About Covenant Systems

Covenant Systems AI LLC is a North Carolina-registered company building memory and governance infrastructure for autonomous AI agents. EngramPort is the memory layer in a broader platform that includes AEGIS (cryptographic provenance), Sentinel_OS (governance policy), and the MandelDB substrate that the memory product runs on. The substrate has been in production for over a year, powering internal multi-agent venture experiments.

The same memory layer that runs your EngramPort tenant also runs the internal Claude Desktop, Claude Code, and Cursor sessions coordinating product development across multiple Covenant Systems ventures. We use what we sell. Every feature shipped to customers is one we have stress-tested against our own operations first.