Skip to content

Agent memory you can trust

One endpoint. Lossless transcripts in, durable facts out. Every recall traced to its source.

Diagram: transcript messages are ingested losslessly, flow into light, REM, and deep extraction phases, and become durable facts. Each promoted fact links back to its exact source messages, including corrections that superseded earlier statements.

Agent memory is broken by default

A vector store bolted onto an agent is just a cache. It never expires stale entries, ignores who each memory belongs to, and can't say where a recalled fact came from.

Agents forget

Context windows fill up and sessions restart, and everything the agent learned is gone. Long-running work needs memory that outlives a single conversation.

Stale context poisons runs

Naive memory keeps everything forever, so outdated facts surface next to fresh ones and the agent can't tell which to trust.

Recall is unauditable

When an agent asserts something from memory, most systems can't tell you where it came from.

From raw conversation to durable, auditable facts

Three tiers: the Tier 1 transcript is canonical, Tier 2 stages candidate memories, and only reviewed facts reach the Tier 3 long-term store.

01 · record

Lossless transcript

Cleaned conversation rows land in an append-only Tier 1 store. Rows are never updated or deleted. It's the source of truth every other layer replays from.

tier 1 · messages · append-only

02 · stage

Extraction pipeline

Light extraction stages candidate memories in Tier 2. A model-free REM pass reinforces what repeats, scoring candidates by embedding centrality with zero LLM calls. Deep review then promotes or supersedes them, and a memory only becomes durable after it passes review.

tier 2 · light → rem → deep

03 · promote

Durable facts, with receipts

Every promoted Tier 3 fact carries provenance, confidence, and category, and points back to the exact transcript rows it came from. You can audit any recall, test it, and roll it back.

tier 3 · long_term_memory · durable

Built like infrastructure, not a demo

Memory behavior you can test, migrate, and debug, because every layer above the transcript is rebuildable.

glass-box memory

Provenance on every fact

Each durable memory carries source message ids, confidence, and category. Trace any recall back to the exact transcript rows it came from.

Candidates earn promotion

Unlike vector-store memory that ingests everything it sees, every extracted fact starts as a Tier 2 candidate and must earn promotion through reinforcement and review. When recall falls back to a candidate, it is labeled an unverified note, never passed off as durable memory.

Retrieval telemetry

Every surfaced fact logs a retrieval_events row and increments its retrieved counter in the same transaction, and used counts record which facts informed an answer. Audit what your agents recall, not only what they store.

Replayable indexes

FTS and vector indexes are rebuildable projections over canonical rows. Blow them away and rebuild. The transcript stays the source of truth.

operational boundary

Scoped memory

Explicit MemoryScope binds every request to tenant, project, session, and agent. A null agent scope means shared, not a wildcard match.

Redaction guard

A persistence and egress secret guard applies forbidden-value redaction before anything is stored or leaves the boundary.

Read-only MCP

Expose transcript and long-term search to agents over hosted HTTP MCP. Write, export, and admin tools are deliberately left out.

Managed pipeline

Ingestion, extraction passes, and index rebuilds run as a service, rolling out now through the early-access waitlist. Your agents call one endpoint, and Vexic handles durability, migrations, and reindexing.

search_long_term → factprovenance
{
  "fact_id": 184,
  "fact_text": "Prefers uv over pip.",
  "subject": "tooling",
  "category": "preference",
  "importance": 7,
  "confidence": 0.92,
  "source_message_ids": [412, 418, 573],
  "retrieved_count": 12,
  "used_count": 4,
  "editable": true,
  "created_at": "2026-06-14T21:08:11Z"
}

source_message_ids points at the exact Tier 1 transcript rows this fact came from. Every recall is traceable to its receipts.

Meets your agents where they run

One hosted endpoint, spoken over the protocols your agents already use.

Claude Code

Mint a single-use setup token in the console, then run one install-and-activate command on the machine. It installs the transcript recorder hook and session-start memory priming and exchanges the token for an Agent API key. The raw key is never shown in the browser.

Codex

Mint a setup token and run the install-and-activate command on the machine. It drops a TOML block into your Codex MCP config, pointed at your Vexic endpoint, for scoped read-only search from any Codex session.

MCP

Same setup-token flow, generic MCP client. Standard Model Context Protocol over streamable HTTP. Any MCP-capable agent gets search_transcript and search_long_term, and nothing else.

Connected in two steps

Mint a single-use setup token in the console, install the vexic CLI, then activate. The token exchanges for an Agent API key on the machine. It never touches the browser.

terminal
$ uv tool install vexic
$ vexic setup claude-code --token <setup-token> --base-url https://api.vexic.dev
✓ vexic connected

Give your agents a memory worth trusting

Hosted Vexic is rolling out through the waitlist: managed ingestion, extraction, and recall behind one endpoint.

Early access rolls out gradually. We'll send one email when it's your turn, and nothing else.

Read the source on GitHub →

Frequently asked questions

Is Vexic open source?+

Yes. The memory engine, storage and retrieval, is open source on GitHub.

What's the difference between Vexic open source and hosted?+

Vexic itself is the self-hosted memory engine: Apache 2.0, running on your own database and hardware. The hosted platform is the easy-setup layer on top: one endpoint, a console for projects and API keys, and the ingestion, extraction, and index-rebuild pipeline running as a service. It's the fast path to production-ready agent memory.

How can I manage my data?+

You can export your data or delete it. Deleted data is removed from Vexic's servers permanently. Export is available on request today, with self-serve export on the roadmap.

What can Vexic see?+

At launch, per-tenant data is encrypted using customer-managed keys. Vexic engineers don't have standing access to read customer data; any emergency access is logged and audited. Every request is also scoped to your tenant, project, session, and agent. There's no cross-tenant access, and a redaction guard strips forbidden values before anything is stored or leaves the boundary.

How much will Vexic cost?+

Pricing details will become available closer to launch.