Open source · Now available

Your agents forget
everything. Fix that.

Open, end-to-end encrypted, decentralized memory for AI agents. Servers see nothing.

Get started View on GitHub
Get started

Get started in minutes

Claude Code

Recommended

Two ways to install — pick one.

# From marketplace
/plugin marketplace add manojkgorle/ethmumbai-rok
/plugin install rok-memory@rok-plugins
# Or from local checkout
git clone https://github.com/manojkgorle/ethmumbai-rok
claude --plugin-dir rok/plugin/rok-memory
# Then in conversation:
"Set up rok memory"
# That's it. Credentials saved, tools auto-allowed.

Cursor

Install the binary, add one config file.

# Install the binary
cargo install --git https://github.com/manojkgorle/ethmumbai-rok rok-mcp
# Add to .cursor/mcp.json
{
  "mcpServers": {
    "rok-memory": {
      "command": "rok-mcp"
    }
  }
}

Restart Cursor, then say "Set up rok memory" in chat.

Any MCP Client

rok-mcp is a standard MCP server. Point any compatible client at it.

# Install
cargo install --git https://github.com/manojkgorle/ethmumbai-rok rok-mcp

# Run as stdio MCP server
rok-mcp
Why rok

Security that doesn't get in the way

🔒

Nothing leaves unencrypted

Memories are encrypted on your machine before storage. The server holds opaque blobs — it can't read your data.

🌳

Scoped access control

Give your finance agent access to /finance without exposing /engineering. Enforced by cryptography, not permissions files.

🔑

Delegate without risk

Share scoped read keys with agents or teammates. They can read down, never up. Revoke anytime.

🌐

Decentralized by default

Backed by Fileverse. No vendor lock-in, no central point of failure, no trust required.

🤖

Works with your tools

Drop-in MCP server for Claude Code, Cursor, or any MCP-compatible agent framework.

🧬

Post-quantum ready

Hybrid X25519 + ML-KEM-768 encryption. Secure today, safe against tomorrow's quantum computers.

Built for

Who uses rok

AI-native teams

Persistent agent context across sessions without leaking proprietary knowledge to third-party servers.

Security engineers

Auditable, open-source cryptography. ChaCha20, Ed25519, HKDF with domain separation. No black boxes.

Platform builders

rok-core is a standalone Rust crate for encrypted, scope-based access control. No MCP dependency required.

Under the hood

How it works

You / Agent
rok-mcp
rok-core
encrypt / decrypt
Fileverse
opaque ciphertext
ChaCha20-Poly1305 AES-256-GCM-SIV X25519 ECDH Ed25519 HKDF-SHA256 ML-KEM-768
  1. 1 You say "remember that we chose ChaCha20 for performance" at /engineering/decisions
  2. 2 rok derives a scope-specific key from your root seed — one key per path, each cryptographically isolated
  3. 3 Encrypts and signs the memory locally. The ciphertext is authenticated — tampered data is rejected on read
  4. 4 Stores the ciphertext on Fileverse. The server never sees plaintext — not the content, not the key, not even the scope name
  5. 5 Next session, all accessible memories are decrypted and loaded into the agent's context automatically

Hierarchical key tree

A single spend seed derives an entire tree of scoped read keys. A key at any level can decrypt its scope and everything below — but never above or sideways.

Spend Key (Ed25519)
  └── Root Read Key (/)
        ├── /engineering
        │     ├── /engineering/decisions
        │     └── /engineering/infra
        └── /finance
              └── /finance/q1

An /engineering key can read everything green. Finance is cryptographically isolated.

Key delegation

Grant scoped access to agents or teammates without exposing your root key. Recipients can derive children further but never escalate to parent scopes.

// Owner grants /engineering to an agent
rok_memory:grant(scope="/engineering")
// Returns: read_key + spend_public
// Agent can read /engineering/**
// Agent CANNOT read /finance

// Agent writes are staged as proposals
rok_memory:propose(
  scope="/engineering/decisions",
  key="use-chacha20",
  content="..."
) // Owner must accept
Rust crate

Build with rok-core

Generate keys, derive scoped children, encrypt, and decrypt — all in a few lines. No MCP server needed.

use rok_core::keys::{spend::SpendKeyPair, scope::Scope};
use rok_core::encrypt::{Algorithm, EncryptBuilder, decrypt};

// Generate keys and derive scoped children
let spend = SpendKeyPair::generate(&mut rng);
let root = spend.derive_root_read_key();
let eng = root.derive_child(&Scope::new("/engineering")?)?;

// Encrypt to a scope — no recipient list needed
let envelope = EncryptBuilder::new(
  Algorithm::EciesX25519ChaCha20, Scope::new("/engineering")?
).set_spend_key(&spend).set_scope_based()
 .encrypt(b"secret", &mut rng)?;

// Any ancestor key decrypts. Sibling scopes can't.
let data = decrypt(&envelope, &root, &spend.verifying_key())?; // root works
let data = decrypt(&envelope, &eng, &spend.verifying_key())?; // /engineering works
// decrypt(&envelope, &finance_key, ...) — fails, isolated

Supports post-quantum hybrid (ML-KEM-768), sectioned envelopes, key export/import, and more. Read the full API docs →

MCP Tools

10 tools, one protocol

Tool Role Description
setupanySave credentials and start a session
loginanyAuthenticate as owner or agent
logoutanyEnd session and wipe credentials from memory
listanyShow all memories you can access
readanyDecrypt and return a memory
writeownerEncrypt and store a new memory
grantownerShare scoped read access with others
proposeanySuggest a write for the owner to approve
syncanyBulk save memories, skipping duplicates
statusanyCheck your role, scope, and memory count

Give your agents memory
they can't leak

Open memory. Open source. No lock-in. Ready to use today.

Get started Star on GitHub