01 - quickstart

Create useful agent memory in one product flow.

Setup path

Move from tenant setup to an injectable, governed context pack without losing source, temporal layer or policy state.

7 steps
01

Create organization

Establish the tenant boundary for users, projects, providers, policies and audit logs.

02

Create project

Open a project memory workspace where SPM can preserve original, current, working and historical context.

03

Connect source

Attach repositories, files, docs or external systems so memory can be ingested with provenance.

04

Ingest memory

Normalize source material into memory objects, temporal events, tags, topics and searchable indexes.

05

Generate context pack

Ask SPM for a scoped, verifiable package with the memory, provenance and policy state an agent needs.

06

Test injection

Use the pack through MCP, CLI or API and inspect how the agent receives project memory.

07

Share governed context

Publish or share context with entitlement tokens, safety status, source metadata and access logs.

02 - memory model

SPM keeps time, topic and trust as first-class dimensions.

Requirements

Original memory

Founding constraints, requirements, project principles and non-negotiable facts that agents must keep in view.

Truth

Current state

Accepted project state, latest architecture, active policy decisions and the facts agents should treat as current.

Run context

Working memory

Task-level context for active agent work, handoffs, temporary investigations and pending decisions.

Trace

History

Decisions, derivations, superseded states, agent actions and verification events kept as a temporal audit trail.

Durable project memory

Keeps source-linked items, raw evidence references, summaries, decisions, policies, agent activity and context packs inspectable across runs and tools.

Smart prioritization

Ranks what matters by relevance, source, time, authority, confidence and task intent so agents do not treat every memory item as equally important.

Temporal validity

Keeps original, current, working and historical memory separate, then weighs recency, evidence and superseding state before promoting project truth.

Authority-aware memory

Lets owner, security, product, agent and external inputs carry different weight, preserving low-authority input as reviewable context when needed.

Scoped sharing

Builds separate memory views for backend work, release risk, partner handoff, support brief or any authorized audience from one governed project memory.

Queryable graph

Connects requirements, decisions, agents, shares, policies, sources and events so memory can be queried by topic, tag, audience or relationship.

Agent-ready context packs

Compiles scoped memory, summaries and evidence into compact portable packages for MCP, API and CLI consumers.

Agent hardening

Records project policies, preflight decisions, required tests, approvals and violations around agent actions.

Governed sharing

Shares context with provenance, safety previews, entitlements, access logs and revocation.

Marketplace substrate

Lets valuable context packs become listed, licensed and distributed with source and usage controls.

03 - api model

Use project-scoped endpoints as the official SPM contract.

SurfaceMethodEndpoint

Self-serve signup

Create a trial tenant, owner account, trialing plan, onboarding state, email verification challenge and browser session for Team/Business SaaS evaluation.

POST

/v1/auth/signup

Email verification status

Inspect whether the authenticated owner email is verified and whether the latest delivery was sent, skipped or needs configuration.

GET

/v1/auth/email-verification/status

Verify email token

Consume a signed email verification token without exposing raw tokens in the database or delivery ledger.

POST

/v1/auth/email-verification/verify

Resend verification

Revoke older pending verification tokens and send a fresh SMTP-backed verification email.

POST

/v1/auth/email-verification/resend

Memory objects

Create project-scoped memory objects with schema, provenance, policy state and indexing.

POST

/v1/projects/{project_id}/objects

Hybrid search

Retrieve policy-filtered memory through hybrid, context or kind-based recall.

POST

/v1/projects/{project_id}/search

Saved searches

List reusable project recall scopes so operators and agents can repeat approved searches without rebuilding filters.

GET

/v1/projects/{project_id}/saved-searches

Bundles

Persist selected memory as a reproducible bundle with object refs and manifests.

POST

/v1/projects/{project_id}/bundles

Signing status

Read active signing key health, attestation result, algorithm and public-key fingerprint without exposing key material.

GET

/v1/signing-keys/status

Bundle verification

Verify an exported bundle ZIP by checking file hashes, bundle hash consistency, signature envelope, manifest hash and public-key fingerprint.

POST

/v1/bundles/verify

Artifact manifest verification

Verify arbitrary context-pack or handoff manifests against supplied file bytes and optional package hash before agent injection.

POST

/v1/bundles/artifact-manifest/verify

Recent activity

Read project-filtered operational activity; project-scoped API tokens are constrained to their project activity window.

GET

/v1/activity

Operational runs

List project runs with status, tags, linked bundle ids and context-pack metadata for agent handoff history.

GET

/v1/runs

Operational run detail

Read one project run and verify its bundle/context-pack linkage before reusing its memory in an agent workflow.

GET

/v1/runs/{run_id}

Temporal events

Record original, current, working or history events with topics, tags and hashes.

POST

/v1/projects/{project_id}/temporal/events

Temporal state

Compare original memory, current state, working memory and historical tail.

GET

/v1/projects/{project_id}/temporal/state

Context packs

Generate injectable memory packages for agents, MCP, CLI and API consumers.

POST

/v1/projects/{project_id}/temporal/context-pack

Graph query

Traverse topics, tags, events, supersession and related context links.

POST

/v1/projects/{project_id}/temporal/graph-query

Agent connector recipes

List hash-stable Codex, Cursor, Claude Desktop, generic MCP and direct API setup recipes with scopes, install steps, verification steps, security notes and failure modes.

GET

/v1/productization/agent-connector/recipes

Agent connector export

Create a project-scoped agent connector ZIP with one-time token delivery, MCP config, context-pack request, graph query request, agent-specific recipes and verification scripts.

POST

/v1/productization/agent-connector/export

Memory triage

Classify incoming project context with the LLM-first Memory Agent and create or queue governed memory.

POST

/v1/projects/{project_id}/memory-agent/triage

Autonomous maintenance

Consolidate, promote, summarize or review-gate stale and conflicting memory.

POST

/v1/projects/{project_id}/memory-agent/maintenance/run

Maintenance reviews

Inspect risky maintenance operations before approving or rejecting project-memory changes.

GET

/v1/projects/{project_id}/memory-agent/maintenance/reviews

Conflict inbox

List conflict-gated maintenance reviews with assignment, severity and SLA state.

GET

/v1/projects/{project_id}/memory-agent/maintenance/conflicts

Maintenance diff

Compare the proposed maintenance operation with source memories, changed fields and conflict signals.

GET

/v1/projects/{project_id}/memory-agent/maintenance/reviews/{review_id}/diff

Review assignment

Assign a gated maintenance review, set severity, attach SLA and write assignment lineage.

PATCH

/v1/projects/{project_id}/memory-agent/maintenance/reviews/{review_id}/assignment

Maintenance policies

Schedule recurring LLM-first maintenance with confidence gates, scope and hash state.

POST

/v1/projects/{project_id}/memory-agent/maintenance/policies

Hosted billing checkout

Create a Stripe-hosted checkout session with SPM quote, tax, org, plan, checkout id and verification hash metadata.

POST

/v1/billing/checkout-sessions

Billing provider webhook

Verify Stripe-Signature or SPM HMAC webhooks, then complete checkout sessions only after event metadata matches SPM session hash, amount and currency.

POST

/v1/billing/webhooks/provider

Customer billing portal

Create a short-lived Stripe Customer Portal session for the linked billing customer without storing the raw portal URL.

POST

/v1/billing/customer-portal-sessions

Billing provider readiness

Run a launch preflight across Stripe API key state, hosted checkout, Customer Portal, webhook signing secrets, redirect origin, customer binding and operational evidence without returning raw secrets.

GET

/v1/billing/provider-readiness

Release readiness

Compute commercial readiness across demo data, trust, deployment, docs, visual QA and billing.

GET

/v1/productization/release-readiness

Launch operations

Turn release readiness, deployment, tenant isolation, backup/restore, rollback, pilot proof and health checks into a production go-live plan with evidence hashes.

GET

/v1/productization/launch-operations

Revenue readiness

Evaluate whether paid SaaS can open by combining provider readiness, checkout conversion, signed webhook processing, invoice payment, quota enforcement and reconciliation issues.

GET

/v1/productization/revenue-readiness

Revenue readiness export

Download a hash-verifiable ZIP with revenue readiness JSON, check CSV, runbook, billing usage, provider readiness and reconciliation evidence.

GET

/v1/productization/revenue-readiness/export

Buyer journey evidence

Verify that self-serve signup, governed invitations, onboarding, checkout, enterprise contact, private dashboard and MCP setup remain one non-regressive launch route map.

GET

/v1/productization/buyer-journey

Buyer journey export

Download a hash-verifiable ZIP with buyer-route JSON, route CSV, remediation list and manifest hashes for launch review.

GET

/v1/productization/buyer-journey/export

Record outreach prospect

Record a privacy-safe founder-led outreach prospect with segment, source, use case, consent state, follow-up, route linkage and outcome signal. Raw email input is hashed and never returned.

POST

/v1/productization/outreach-prospects

Outreach prospects

List tenant-scoped outreach prospects and follow-up state without exposing private buyer communications or raw emails.

GET

/v1/productization/outreach-prospects

Outreach evidence report

Aggregate founder-led outreach into a market-signal report used by market dossier and SaaS launch review.

GET

/v1/productization/outreach-report

Outreach evidence export

Download a hash-verifiable ZIP with outreach report JSON, markdown, prospect CSV, follow-up CSV and a manifest that excludes raw buyer communications.

GET

/v1/productization/outreach-report/export

Activation event ledger

List privacy-safe activation events emitted by signup, governed invite acceptance, email verification, onboarding and checkout without returning raw tokens or payment secrets.

GET

/v1/productization/activation-events

Trial activation report

Measure whether direct trials and governed invites reach first memory value, agent handoff and SaaS conversion intent in one hash-verifiable funnel.

GET

/v1/productization/trial-activation-report

Trial activation export

Download a ZIP with activation report JSON, markdown, events CSV, funnel CSV and manifest hashes for launch review and commercial readiness.

GET

/v1/productization/trial-activation-report/export

Create pilot cohort

Create a privacy-safe commercial validation cohort that links outreach, invites, activation, pilot evidence, memory benchmarks, competitor comparisons, claim-readiness refs and external approvals.

POST

/v1/productization/pilot-cohorts

Pilot cohorts

List tenant-scoped pilot cohorts with computed readiness, missing evidence and market-validation score.

GET

/v1/productization/pilot-cohorts

Pilot cohort report

Aggregate cohort readiness into a market validation report that proves whether SPM's differentiated memory capabilities have evidence beyond a simple context app.

GET

/v1/productization/pilot-cohorts/report

Pilot cohort export

Download a hash-verifiable ZIP with pilot cohort report JSON, cohort CSV, runbook, next actions and manifest hashes for launch review or investor/customer diligence.

GET

/v1/productization/pilot-cohorts/report/export

External evidence room

Aggregate customer pilot proof, privacy-safe reference hashes, benchmark value, production operability, trust controls and revenue readiness into a buyer-safe market evidence room.

GET

/v1/productization/external-evidence-room

External evidence room export

Download a hash-verifiable ZIP with external evidence checks, approval ledger, runbook, pilot validation, revenue readiness, trust report and latest operational evidence files.

GET

/v1/productization/external-evidence-room/export

Record external evidence approval

Record source-approved market proof with claim levels, privacy boundary, DPA state, expiry, revocation and reference hashes instead of raw customer material.

POST

/v1/productization/external-evidence-approvals

External evidence approvals

List active, warning, expired, revoked and invalid external approvals used to gate commercial evidence-room claims.

GET

/v1/productization/external-evidence-approvals

External evidence approval export

Download a hash-verifiable approval ZIP with approval JSON, governance checks, remediation notes and manifest hashes.

GET

/v1/productization/external-evidence-approvals/{approval_id}/export

Record restore drill

Record a signed, isolated restore drill with SHA-256 verification, tenant checks, app boot evidence, sample queries and rollback rehearsal.

POST

/v1/productization/restore-drills

Restore drill history

List the latest restore drills and expose their status to release readiness, launch operations and the private deployment console.

GET

/v1/productization/restore-drills

Restore drill export

Download a hash-verifiable ZIP with restore evidence, check CSV, operator runbook and manifest hashes.

GET

/v1/productization/restore-drills/{drill_id}/export

Record monitoring evidence

Record observed health, readiness, metrics, alert delivery, on-call, runbook and secret-reference evidence without storing raw monitoring credentials.

POST

/v1/productization/monitoring-evidence

Monitoring evidence history

List the latest monitoring records and expose their status to release readiness, launch operations and the private deployment console.

GET

/v1/productization/monitoring-evidence

Monitoring evidence export

Download a hash-verifiable ZIP with monitoring evidence, alert routes, check CSV, operator runbook and manifest hashes.

GET

/v1/productization/monitoring-evidence/{evidence_id}/export

Record production evidence

Record DNS, HTTPS, private access, runtime dependencies, background jobs, secret posture and shared-host safety for the live SPM environment.

POST

/v1/productization/production-evidence

Production evidence history

List live-environment evidence records and expose their status to release readiness, launch operations and the private deployment console.

GET

/v1/productization/production-evidence

Production evidence export

Download a hash-verifiable ZIP with production environment evidence, check CSV, operator runbook and manifest hashes.

GET

/v1/productization/production-evidence/{evidence_id}/export

Record visual QA evidence

Record tenant-scoped visual QA evidence from the generated frontend report, including public/private route coverage, failing checks, screenshot targets and design-system review state.

POST

/v1/productization/visual-qa-evidence

Visual QA evidence history

List visual QA records and expose the latest hash to release readiness, launch operations and the private deployment console.

GET

/v1/productization/visual-qa-evidence

Visual QA evidence export

Download a hash-verifiable ZIP with visual QA evidence, route checks, screenshot target CSV, operator runbook and manifest hashes.

GET

/v1/productization/visual-qa-evidence/{evidence_id}/export

Record pilot evidence

Record measured customer or design-partner pilot evidence with success criteria, SPM capability validation, trust review, buyer signal and privacy-safe external reference hashes.

POST

/v1/productization/pilot-evidence

Pilot evidence history

List external market proof records and expose their status to release readiness, launch operations and the private deployment console.

GET

/v1/productization/pilot-evidence

Pilot validation report

Aggregate multiple pilot records into a scored market-claim report with capability coverage, buyer signal, governance proof and privacy-safe external references.

GET

/v1/productization/pilot-evidence/validation-report

Pilot validation export

Download a hash-verifiable ZIP with aggregate pilot validation JSON, section CSV, record CSV, capability coverage CSV, runbook and manifest hashes.

GET

/v1/productization/pilot-evidence/validation-report/export

Pilot evidence export

Download a hash-verifiable ZIP with pilot evidence, measured outcomes, checks, runbook and manifest hashes.

GET

/v1/productization/pilot-evidence/{evidence_id}/export

Market readiness dossier

Aggregate release readiness, launch operations, billing provider readiness, production evidence, visual QA, benchmarks, pilot proof and evidence freshness into one market go/no-go dossier.

GET

/v1/productization/market-readiness-dossier

Market readiness dossier export

Download a hash-verifiable ZIP with the market dossier, section CSV, evidence freshness CSV, runbook, billing readiness and latest launch evidence records.

GET

/v1/productization/market-readiness-dossier/export

Memory benchmark

Generate synthetic enterprise projects and contrast expected recall, temporal coverage, context injection, context-pack verification, graph reachability, market-baseline advantage, public feature-claim gaps and token reduction against no-memory, flat-memory, naive keyword-context and market-class agent-memory baselines, with an opt-in real LLM judge for answer correctness, citation fidelity and contradiction control.

POST

/v1/productization/memory-benchmark/run

Memory benchmark history

List persisted benchmark runs with trend, latest score, value lift, context-injection answerability and hash-verifiable history for the private dashboard.

GET

/v1/productization/memory-benchmark/runs

Memory benchmark trend guard

Turn persisted benchmark history into operational evidence with status, continuity, regression alerts, LLM-evidence continuity and recommended remediation.

GET

/v1/productization/memory-benchmark/trend-report

Memory benchmark trend export

Download a ZIP trend package with trend points, regression alerts, Markdown summary and a hash manifest for release reviews.

GET

/v1/productization/memory-benchmark/trend-report/export

Memory benchmark policies

List scheduled benchmark evidence guards with cron schedule, score floor, LLM judge mode, next run, last run hash and regression state.

GET

/v1/productization/memory-benchmark/policies

Create memory benchmark policy

Create an organization-scoped scheduled benchmark guard that can run deterministic or real-LLM evidence checks.

POST

/v1/productization/memory-benchmark/policies

Run due memory benchmark policies

Claim due benchmark policies, execute them with scheduler locking, update policy state and return trend-alert evidence.

POST

/v1/productization/memory-benchmark/policies/run-due

Memory benchmark evidence

Produce a shareable evidence report with claims, limitations, benchmark metrics, evidence level and reproducible hashes.

GET

/v1/productization/memory-benchmark/runs/{run_id}/evidence-report

Memory benchmark evidence export

Download a ZIP evidence package with JSON, Markdown, claims, limitations, run detail and a hash manifest for sales or security review.

GET

/v1/productization/memory-benchmark/runs/{run_id}/evidence-report/export

Product access request

Capture a public product access request with plan, deployment preference, urgency and privacy-preserving request signals.

POST

/v1/productization/access-requests

Access request inbox

Let owners and admins triage access requests from the private SPM console.

GET

/v1/productization/access-requests

Access request notifications

Inspect signed webhook deliveries to sales, Slack, CRM or email-gateway systems without storing raw destination URLs.

GET

/v1/productization/access-requests/notifications

Readiness export

Download a hash-verifiable ZIP with readiness, trust, deployment and visual QA evidence.

GET

/v1/productization/release-readiness/export

Launch operations export

Download a launch evidence ZIP with phases, health checks, rollback plan, trust report, deployment tenancy and manifest hashes.

GET

/v1/productization/launch-operations/export

Marketplace

Discover governed context listings with provenance, safety and entitlement state.

GET

/v1/context-marketplace/listings

04 - mcp and cli

Context packs and review gates are the handoff format for external agents.

MCP

Expose context-pack, temporal-state, graph-query, maintenance review and marketplace import operations to agent tools.

CLI

Let builders script temporal state, maintenance policies, review gates, governance records, package export and verification.

API

Keep every operation project-scoped, authenticated, reviewable and auditable for production services.

MCP tool catalog

The public docs, private setup console and CLI use one generated catalog from the MCP server source. Re-run python scripts/sync_mcp_tool_catalog.py --check before changing tools.

eb70b9966fdb884d

total

119

read-only

75

read-write

119

writes

44

ToolCategoryAccessDefault
spm_projects_listproject_resolutionreadread-only
spm_project_resolveproject_resolutionreadread-only
spm_connector_access_getgeneralreadread-only
spm_connector_access_requestgeneralwritegated
spm_project_bootstrap_previewproject_resolutionwritegated
spm_project_bootstrap_statusproject_resolutionreadread-only
spm_cross_project_context_packproject_resolutionreadread-only
spm_multi_project_context_packproject_resolutionreadread-only
spm_agent_session_startagent_memory_lifecyclewritegated
spm_attention_briefingproject_attentionreadread-only
spm_attention_inboxproject_attentionreadread-only
spm_attention_sentproject_attentionreadread-only
spm_attention_createproject_attentionwritegated
spm_attention_state_updateproject_attentionwritegated
spm_attention_revokeproject_attentionwritegated
spm_agent_session_getagent_memory_lifecyclereadread-only

Full generated catalog: docs/mcp-tool-catalog.md.

05 - agent integration

Connect agents to one governed memory source.

06 - security

Governance is built into the memory layer.

Self-serve trust boundary

SaaS signup issues a tenant, trial plan and owner session only after rate-limit checks and optional Turnstile verification. SPM then creates a hashed email verification token, sends it through the configured SMTP transport and records a privacy-preserving delivery ledger without storing raw recipient or subject data.

email verificationSMTP delivery ledgerTurnstile optionalforced PostgreSQL RLS
Private tenant boundary
Role and scope checks
Temporal hash chains
Context pack verification
Source provenance
Safety previews
Entitlement logs
Retention controls
Legal holds
Provider budgets
Customer-owned LLM keys
AWS KMS signing
Audit exports

Provider-hosted checkout

Paid SaaS plans create Stripe Checkout sessions in subscription mode while SPM keeps the source of truth for quote totals, tax evidence, checkout hashes, invoice generation and entitlement activation. Stripe checkout responses do not return an internal completion token to the customer; plan activation only happens after a signed provider webhook. Provider webhooks must include spm_checkout_session_id and spm_checkout_session_hash; mismatched amount, currency or hash events are retained for reconciliation and ignored. Linked customers can also open a Stripe Customer Portal session from SPM; SPM stores only the provider session id, return URL, portal URL hash and audit metadata while returning the short-lived raw URL once. Stripe webhooks are verified with the raw request body, Stripe-Signature, endpoint signing secrets, timestamp tolerance and rotated-secret support before SPM trusts the event. The private console also exposes a provider-readiness preflight that returns pass, warning and fail checks with secret fingerprints, readiness hashes and operational evidence, never raw Stripe keys or webhook secrets.

Stripe Checkout subscription modeStripe Customer Portalprovider readiness preflightsecret fingerprintsStripe-Signaturerotated webhook secretsno internal checkout tokenamount guardhash-bound webhook

07 - packaging

Package SPM as infrastructure, SaaS and marketplace substrate.

Core Local / MCP

Builders and small agent teams

Local or small-team SPM with CLI, MCP, context packs, strict quotas, 1 EUR hosted AI credit or BYOK.

Team SaaS

Product and engineering teams

49 EUR/month hosted dashboard, agent integrations, temporal memory, sharing, governance basics and 12 EUR hosted AI credit.

Business

Teams with governed agent workflows

199 EUR/month advanced permissions, audit logs, higher quotas, private context sharing, provider budgets and 60 EUR hosted AI credit.

Enterprise

Security-conscious organizations

Private deployment with SSO, BYOK or contracted dedicated AI budget, legal controls, SLA and support.

Marketplace

Context publishers and buyers

99 EUR/month listings, entitlements, licensing, access history and revenue-share-ready context distribution.

08 - deployment

Run a deployment preflight before copying code to a shared server.

Shared-host safety

The deployment CLI inspects the remote Linux host over SSH, detects existing containers and occupied ports, verifies Docker and Compose, and recommends localhost high-port bindings so SPM does not take over other apps.

preflight

spm deploy preflight --mode shared-host --host <server-ip> --identity-file ~/.ssh/id_2020_rsa --json

Treat a blocked preflight as a hard stop; treat warnings as operator work before DNS or reverse-proxy routing.