Effectively unlimited long-term memory for any LLM —
zero context tokens · zero weight updates · cryptographic forgetting curve.
Install · How it works · API · Cloud deploy · Architecture · Provenance
If ECHOFORM saves you a context window — drop a ⭐ on the repo.
Stars are the only signal that tells us to keep shipping. It takes one click.
ECHOFORM is a production memory substrate for AI agents. Existing systems (Mem0, Zep, Letta, …) treat memory as a retrieval problem — fetch chunks, stuff them back into the prompt, watch the bill scale with episode count. ECHOFORM inverts the direction: it stores agent history as a single side-channel FHRR hypervector that pre-biases attention geometry at inference time, without ever consuming a context token or updating a model weight. Every recall comes with a signed forgetting certificate — a closed-form, cryptographically verifiable attestation of what the system retains and what it has provably let go.
That last property is the wedge. It turns the mathematical capacity ceiling of holographic memory from a flaw into the only auditable forgetting primitive in the field — and the only memory layer that can answer GDPR Article 17 with a proof, not a promise.
- 🧠 Side-channel memory. Agent history is a single 64 KB FHRR vector.
/v1/biasreturns a residual-stream additive bias in O(1) per call, regardless of how many episodes are stored. - 📜 Signed forgetting certificate. Every recall ships with an Ed25519 JWS
attesting
(D, β, episode_count, archive_count, theoretical_recall_curve), canonicalized via RFC 8785 JCS. Verifiable offline with a standalone 100-line verifier. - 🛡️ GDPR Art. 17 with proof.
DELETE /v1/forgetpurges both the live superposition AND the cold-tier archive (S3 Object Lock GOVERNANCE + STSBypassGovernanceRetention), then signs anErasureReceipt. - 🚀 One-click everything.
curl … | bashbrings up the full prod stack (Postgres + Redis + S3 + worker) and opens a working web UI in your browser. Same stack click-deploys to Render, Fly, DigitalOcean, or any Kubernetes via Helm. - 🔌 Model-agnostic. Works with Llama-3.1, Mistral, Qwen, and (via the proxy layer) Claude / GPT / Gemini. No weight changes, no fine-tuning.
- 🔍 Observable end-to-end. OpenTelemetry traces + Prometheus RED/USE metrics + structured logs unified by trace_id. Built for Grafana, Loki, Tempo.
- 🎨 Embedded web UI. Vanilla-JS SPA at
/— write, recall, view certificates, run GDPR export/erasure, watch live metrics. Zero build step.
macOS / Linux:
curl -fsSL https://raw.githubusercontent.com/OpenAgentic-Labs/echoform-ghost-memory/main/install.sh | bashWindows (PowerShell):
iwr -useb https://raw.githubusercontent.com/OpenAgentic-Labs/echoform-ghost-memory/main/install.ps1 | iexThe installer verifies Docker, pulls the production image, brings up
postgres + redis + minio + api + worker via Compose, waits for /healthz, and
opens http://localhost:8080/ in your default browser. A working web UI loads
— no code, no curl, no terminal required.
Don't have Docker? Grab it once at docker.com/products/docker-desktop — the installer fails fast with a friendly error if it's missing.
Stop: cd ~/.echoform && docker compose down
Upgrade: cd ~/.echoform && docker compose pull && docker compose up -d
Same production image, four managed targets:
| Provider | Click-to-deploy | Cost ballpark | Spec file |
|---|---|---|---|
| Render |  |
~$25/mo | deploy/cloud/render.yaml |
| Fly.io | fly launch --copy-config |
~$5/mo | deploy/cloud/fly.toml |
| DigitalOcean | doctl apps create --spec deploy/cloud/digitalocean-app.yaml |
~$24/mo | deploy/cloud/digitalocean-app.yaml |
| Kubernetes | helm install echoform deploy/helm/echoform |
infra-dependent | deploy/helm/echoform/ |
Every blueprint provisions the same architecture: API + consolidation worker +
managed Postgres + managed Redis, with HPA, PDB, ServiceMonitor, and a working
/healthz probe. See deploy/cloud/README.md for the
production-hardening checklist (KMS for signing keys, S3 archive with GOVERNANCE
Object Lock, WAF, key rotation).
┌──────────────────────────────────────────────────────────────────────────────┐
│ │
│ ┌──────────┐ write ┌─────────────┐ enqueue │
│ │ client ├───────────────►│ echoform- ├─────► Redis Streams │
│ │ (LLM │ │ api │ │
│ │ agent) │ bias │ │ pull ┌─────────┐ │
│ │ │◄───────────────┤ (stateless,│ │echoform-│ │
│ └──────────┘ (no tokens) │ N×3..10) │ │ worker │ │
│ └──┬──────┬───┘ │(single- │ │
│ │ │ │ writer) │ │
│ read │ │ write └────┬────┘ │
│ super- │ │ episode │ │
│ position│ │ │ │
│ ▼ ▼ │ │
│ ┌─────────────────────┐ update FHRR │ │
│ │ Postgres 16 │◄─────────────────────┘ │
│ │ · episodic table │ │
│ │ · semantic (FHRR) │ │
│ │ · audit_log │ │
│ └──────────┬──────────┘ │
│ │ spill > capacity │
│ ▼ │
│ ┌─────────────────────┐ │
│ │ S3 / MinIO │ │
│ │ (Ghost Archive, │ │
│ │ Object Lock │ │
│ │ GOVERNANCE) │ │
│ └─────────────────────┘ │
│ │
└──────────────────────────────────────────────────────────────────────────────┘
Three lanes:
- Hot write —
POST /v1/rememberredacts PII, scans for MINJA-class prompt-injection, inserts into the weekly-partitionedepisodestable, enqueues aConsolidationJobto Redis Streams. Target p99 ≤ 5 ms. - Hot read —
POST /v1/biasloads the tenant's 64 KB FHRR superposition (asyncio-locked TTL cache), encodes the query, takes one complex inner product, returns the residual-stream bias +certificate_id. O(1) in episode count. Target p99 ≤ 20 ms. - Cold consolidation — A single-writer worker pulls batches from Redis,
runs the consolidation pass (Mamba-based in v0.2;
IdentityConsolidatorstub in v0.1), writes a new superposition row with optimistic CAS, emits a drift metric. Decoupled from the request path; the API never blocks on it.
Full Architecture Decision Record:
_artifacts/phase3/architecture-adr.md.
Module dependency DAG enforced by .importlinter.
ECHOFORM's wedge. The certificate is a detached Ed25519 JWS over a JCS-canonicalized payload:
{
"deployment_id": "acme-prod-eu",
"signing_key_id": "01J9F3RXK4M7Z2B5W6XE0YQVQR",
"issued_at": "2026-05-19T11:23:45Z",
"D": 8192,
"beta_rational": { "num": 3, "den": 100 },
"episode_count": 47291,
"archive_count": 12055,
"n_star_certified": 909,
"theoretical_recall": "erfc(sqrt(n * beta * log(D) / D))",
"adapter_sha256": "7f2c…",
"coprocessor_sha256": "ae91…",
"proxy_calibration_eps": 0.012,
"post_erasure_cosine_max":0.043,
"enclave_quote_b64": null
}Why this matters:
| Property | Mem0 / Zep / Letta / Graphiti | ECHOFORM |
|---|---|---|
| Forgetting curve published? | ❌ (empirical, opaque) | ✅ closed-form, derivable from (D, β, n) |
| Offline verifiable? | ❌ | ✅ Ed25519 JWS, RFC 7515 + RFC 8785 |
| Bound to model + adapter hash? | ❌ | ✅ adapter_sha256 + coprocessor_sha256 |
Survives alg=none attack? |
n/a | ✅ rejected at ECHOFORM layer before any JWT call |
| Covers cold-tier erasure? | ❌ | ✅ S3 Object Lock GOVERNANCE + STS bypass IAM |
| Pinned crypto stack? | n/a | ✅ pyjwt ≥ 2.12 (CVE-2026-32597 patched), PyNaCl, JCS |
Standalone verifier (no echoform dependency, runnable by auditors):
echoform/security/certificate/verifier.py.
import ghost_memory as gm
mem = gm.GhostMemory(endpoint="https://your-deploy.example.com")
# Write
mem.remember(
agent_id="customer-success-bot",
content="User asked about Q3 revenue forecast on the discovery call.",
subject_pseudonym="cust_1f3a",
)
# Recall — returns the residual-stream bias + certificate id
bias = mem.bias(
agent_id="customer-success-bot",
query="what did the customer ask about previously?",
)
print(bias.certificate_id, bias.vector_bytes[:16].hex())
# Compliance
cert = mem.certificate() # current ForgettingCertificate JWS
export = mem.export(subject_pseudonym="cust_1f3a") # GDPR Art. 15
receipt = mem.forget( # GDPR Art. 17
subject_pseudonym="cust_1f3a",
audit_reason="DSAR-2026-0042",
)# Write
curl -X POST https://localhost:8080/v1/remember \
-H 'Content-Type: application/json' \
-H 'Idempotency-Key: 01J9F3R…' \
-d '{"agent_id":"demo","content":"hello world","ts":1747641600}'
# Bias
curl -X POST https://localhost:8080/v1/bias \
-H 'Content-Type: application/json' \
-d '{"agent_id":"demo","query":"what did I say?"}'
# Certificate
curl https://localhost:8080/v1/certificate
# Erase
curl -X DELETE https://localhost:8080/v1/forget \
-H 'Content-Type: application/json' \
-d '{"subject_pseudonym":"cust_1f3a","audit_reason":"DSAR-2026-0042"}'Full OpenAPI 3.1 spec at /openapi.json once the server is running.
Interactive Swagger at /docs. ReDoc at /redoc.
| Module | What | Status |
|---|---|---|
echoform.core.fhrr |
FHRR bind/unbind/bundle/capacity at D=8192 complex64 | ✅ real |
echoform.core.adapter |
Llama-3.1-70B residual-stream bias (HF forward hook) | ✅ real |
echoform.storage.episodic |
Postgres 16 + pgcrypto + pg_partman 5.2 |
✅ real |
echoform.storage.semantic |
Optimistic CAS + asyncio-locked TTL cache + safetensors | ✅ real |
echoform.api.public |
FastAPI 0.136.1 — 9 stable endpoints + web UI mount | ✅ real |
echoform.sdk |
Async + sync httpx clients + ghost_memory façade |
✅ real |
echoform.security.certificate |
Ed25519 + JCS canonicalization + key rotation | ✅ real |
echoform.safety |
PII redactor + 55 MINJA payloads + poison_scan_gate | ✅ real |
echoform.observability |
structlog + OpenTelemetry + Prometheus | ✅ real |
echoform.core.compression |
Bag-of-tokens FHRR (Mamba-2 → v0.2) | 🟡 stub |
echoform.core.consolidation |
IdentityConsolidator (HiCL → v0.2) |
🟡 stub |
echoform.storage.archive |
LocalArchive + S3 stub with COMPLIANCE refusal | 🟡 v0.2 S3 wire-up |
echoform.api.proxy |
Returns HTTP 501 (Anthropic + OpenAI + vLLM in v0.2) | 🟡 stub |
See docs/roadmap.md for the v0.2 / v1.0 line.
echoform-ghost-memory/
├── README.md LICENSE NOTICE CHANGELOG.md SECURITY.md GOVERNANCE.md
├── BUILT_FROM.md ← provenance trail
├── pyproject.toml tasks.py Dockerfile docker-compose.yml
├── install.sh install.ps1 ← one-click local installer
├── echoform/ ← the package (82 .py files)
│ ├── types.py ← canonical types (leaf import)
│ ├── core/{fhrr, compression, adapter, consolidation}
│ ├── storage/{episodic, semantic, archive}
│ ├── api/{public, proxy}
│ ├── sdk/, cli.py
│ ├── observability/, security/certificate/, safety/
│ └── config/settings.py
├── ghost_memory/ ← 5-line public façade
├── tests/ ← 46 tests across 7 categories
│ ├── unit/ property/ integration/ smoke/ perf/ security/ fuzz/
│ └── conftest.py
├── deploy/
│ ├── k8s/{base, overlays/{dev,prod}, iam} ← Kustomize
│ ├── cloud/{render.yaml, fly.toml, …} ← managed-platform blueprints
│ └── helm/echoform/ ← Helm chart with subcharts
├── docs/
│ ├── architecture.md ops-runbook.md security-baseline.md
│ ├── observability.md data-classification.md
│ ├── glossary.md governance.md roadmap.md known-issues.md
│ └── closed-model-gap.md assets/
├── examples/ ← 4 runnable examples
└── .github/workflows/ ← ci.yml, release.yml (cosign), security.yml
- Container. Multi-stage
Dockerfile, non-root UID 10001, distroless-style runtime, signed via Sigstore Cosign on every release. - CI matrix.
ubuntu × macos × windows×python-3.11, python-3.12. Lint (ruff), typecheck (mypy strict on critical paths), unit + property + integration + smoke + security, dep audit (pip-audit), license guard (pip-licenses --fail-on=GPL;LGPL;AGPL;…), gitleaks on every PR, import-DAG enforcement viaimport-linter. - Observability. OpenTelemetry SDK 1.41, OTLP gRPC default,
trace_idin every log,tenant_idonly on trace exemplars (cardinality budget enforced). - K8s defaults. HPA 3-10, PDB minAvailable=2 on api / 1 on worker,
NetworkPolicy default-deny + explicit egress, all three probes (startup +
liveness + readiness), securityContext with
runAsNonRoot,readOnlyRootFilesystem, drop ALL caps,seccompProfile: RuntimeDefault. - Compliance. GDPR Art. 15 export + Art. 17 erasure + Art. 20 portable
format. EU AI Act Art. 12 audit log retained 6 months minimum. Data
classification table in
docs/data-classification.md.
v0.2 (next):
- Real Mamba-2 130M consolidation rebind (replaces
IdentityConsolidator) api.proxyAnthropic + OpenAI + vLLM adapters- Spectral-entropy MINJA detector (replaces regex tier)
- AWS KMS / HashiCorp Vault signing-key backend
/v1/audit/{event_id}endpoint- Locust-driven cross-process p99 perf gate
v1.0:
- TEE attestation (AMD SEV-SNP / AWS Nitro Enclaves) — Sovereign SKU
pgBackRestcontinuous WAL streaming + PITR- CBOR / COSE certificate payloads
- Photonic / neuromorphic substrate support (D ≥ 10⁶)
See docs/roadmap.md for the full sequencing.
Pull requests welcome. We use the Developer Certificate of Origin —
git commit -s on each commit; no CLA. Open an issue first for non-trivial
changes; architecture changes need an ADR under docs/adr/ per
GOVERNANCE.md.
git clone https://github.com/OpenAgentic-Labs/echoform-ghost-memory
cd echoform-ghost-memory
python -m pip install -e ".[safety]"
python tasks.py smoke # ✅ < 30 s
python tasks.py test # full suite (needs PG + Redis)All contributors must follow CODE_OF_CONDUCT.md
(Contributor Covenant 2.1). Vulnerability reports go to the channel in
SECURITY.md.
If you build on ECHOFORM in academic work, please cite:
@software{echoform_ghost_memory_2026,
title = {ECHOFORM Ghost Memory: A side-channel forgetting-certified memory substrate for LLM agents},
author = {{The ECHOFORM Authors}},
year = {2026},
url = {https://github.com/OpenAgentic-Labs/echoform-ghost-memory},
version= {0.1.0},
}Apache License 2.0 — see NOTICE for third-party
attributions (PyTorch, FastAPI, asyncpg, OpenTelemetry, PyJWT, PyNaCl,
structlog, mamba-ssm, …). Compliant deps only — cargo-deny / pip-licenses
gates AGPL/GPL/LGPL/SSPL/BUSL in CI.
This codebase was assembled in 8 phases (intake, spec crystallization, paired
30-agent dispatch, architecture council, adversarial critic review with veto
floor, assembly, pre-flight integration check, end-to-end test verification)
per the mind-build@v2 workflow. The provenance trail — dossier SHA-256,
archetype pairings, conflict resolutions, Phase-3.5 critic confidence scores,
all 10 must-fix items with their resolution — lives in
BUILT_FROM.md.
Watching this graph climb is how we know the work matters. If you’ve read this far,
the ⭐ star button takes one click — thank you.
Made with ∞ by OpenAgentic Labs.