Open conformance standard · v0.2.0

The conformance standard for agent memory.

A declared capability is not an observed one. GMP is the open protocol — and the executable suite — that tells them apart. Point it at any memory backend and get a signed report of what it actually does.

Certify your backend pip install grafomem →
135
Benchmark traces · 61,754 turns
20
Documented findings (F1–F20)
10
Conformance capabilities
1.000
M8 · reference store, all PASS
HARD_DELETE leak p=0.00 ✓ MULTI_TENANT isolation: PASS BI_TEMPORAL as-of recall ✓ ✓ CONFORMANCE PASS Ed25519-signed reports · 10 capabilities · corpus f049820b
The problem

Every memory layer advertises the same capabilities. Almost none are tested.

Agent-memory backends all claim deletion, isolation, and temporal recall. Vendors benchmark themselves with self-serving numbers; buyers are told to “run your own eval.” There is no neutral referee — so a capability is whatever the README says it is.

Declared
Vendor self-benchmarks

Capability flags asserted in a type signature or a docs page, measured (if at all) by the same team that ships the engine, on a benchmark they chose.

  • “Supports HARD_DELETE” — but deleted data can still be retrieved
  • “MULTI_TENANT” — yet one tenant's memory surfaces in another's
  • Numbers are self-reported on self-selected corpora
  • No common definition of what a capability must do
  • No signed, third-party-verifiable evidence
Observed
GMP conformance

Ten capabilities defined behaviorally and checked by an executable suite against one public corpus. “Supported” means exactly one thing: passes conformance.

  • Each capability has a normative spec and a runnable test
  • One shared corpus — 135 traces, 61,754 turns, fixed hash
  • Output is an Ed25519-signed ComplianceReport, not a claim
  • Findings F10 / F12: declared ≠ observed, with probability 1.0
  • Anyone can re-run it and get the same result
The standard

GMP is to agent memory what SQL is to databases.

The Grafomem Memory Protocol specifies what an agent-memory backend must do; the conformance suite verifies that it does. Engines implement the protocol the way databases implement SQL — GMP is the standard, not another engine.

Three things travel together, and all three are open source under MIT: the spec (ten capabilities, defined in RFC-2119 terms), the suite (an executable conformance harness with eight metrics), and the corpus (135 traces / 61,754 turns / 17,612 queries, locked to a fixed hash so every run is comparable).

Point the suite at any backend — over a Python adapter or over HTTP — and it returns a signed report of which capabilities actually hold. No backend is privileged; the reference store is tested by the same harness as everyone else.

→ Read the specification, capabilities, and conformance model
Conformance

Ten capabilities. One meaning of “supported.”

Each capability is defined by behavior, not by a flag. A backend either passes the conformance test for it on the shared corpus, or it doesn't.

AUDIT
Every write leaves an immutable, ordered record that can be replayed.
SUPERSESSION_CHAIN
Updated facts supersede prior ones without discarding their history.
BI_TEMPORAL
Answer “what did we know, and as of when” — valid-time and system-time.
HARD_DELETE
Deleted data is unrecoverable — gone, not merely hidden from reads.
MULTI_TENANT
One tenant's memory never surfaces in another tenant's retrievals.
CONFLICT_DETECTION
Contradictory facts are flagged, not silently merged or overwritten.
CROSS_SESSION_PROPAGATION
What's learned in one session is available, correctly, in the next.
PROVENANCE
Every fact carries where and when it came from.
CRYPTOGRAPHIC_PROVENANCE
Provenance is Ed25519-signed and tamper-evident.
CONCURRENCY_CONTROL
Simultaneous writes don't corrupt, lose, or interleave state.
Agent-native

Connect any agent to memory you can verify.

The reference server speaks the Model Context Protocol — stdio for local agents like Claude Desktop, SSE for remote. Five memory tools — write, retrieve, delete, audit, capabilities — each backed by guarantees you can run conformance against.

// claude_desktop_config.json
{
  "mcpServers": {
    "grafomem": {
      "command": "grafomem",
      "args": ["serve", "--mcp", "stdio"]
    }
  }
}
# Local agents (stdio) — e.g. Claude Desktop
grafomem serve --mcp stdio

# Remote agents (HTTP + SSE)
grafomem serve --mcp sse

# Tools: write · retrieve · delete · audit · capabilities

Not a spec on paper — a memory server your agent can use today, with conformance you can check. Read the MCP docs →

Certify

Certify in 60 seconds.

Install the suite, point it at your backend, get a signed report. The same three commands produce the certificate that goes in the registry.

# From PyPI — Python 3.11+
pip install grafomem

# or with the server + crypto extras
pip install "grafomem[server,crypto]"
# Audit a live backend over HTTP — no source access needed
grafomem conformance --url https://your-server --token $TOKEN \
  --sign-key ./auditor.ed25519

# or a local adapter
grafomem conformance -b your_pkg.adapter:YourStore
# ComplianceReport — Ed25519-signed, third-party verifiable
{
  "backend": "your_pkg.adapter:YourStore",
  "corpus_hash": "f049820b…b077ca6",
  "M8_conformance": 1.000,
  "capabilities": "7/7 PASS",
  "signature": "ed25519:3a9f…"
}
live · grafomem-production.up.railway.app/health
Click “Ping reference server” to query the live conformance reference endpoint.
Registry

Certified implementations.

Backends that pass GMP conformance, with their signed reports. The list is short today — it's built to fill with external backends. Yours could be the first.

grafomem · reference store in-memory GMP reference implementation M8 1.000 · 7/7 PASS
grafomem · sqlite store persistent SQLite-backed store M8 1.000 · 7/7 PASS

Both entries are self-certified by the reference project. The registry exists to publish external certifications — see the full registry → · add your backend →

Certification

Open standard. Independent certification.

The spec, suite, and corpus are free and open source — forever. Run the suite and self-certify, or get an independent verdict when you need one a third party will trust.

Available now
Self-Certify
$0
Run the suite yourself. Get a signed report. No gatekeeping.
  • Full conformance suite, CLI & adapter SDK
  • Ed25519-signed ComplianceReport
  • Self-host the reference server (grafomem[server])
  • 10 capabilities · 8 metrics · public corpus
  • Community support via GitHub
Get started
Early access
GMP Verified
Certification
Independent verification, the registry listing, and the mark.
  • We run conformance against your live endpoint
  • Independently-signed certificate
  • Public registry listing + “GMP Certified” badge
  • Annual re-certification — code drifts
  • Priority support during onboarding
Request certification
In development
Continuous Assurance
SaaS
Your live endpoint, continuously attested. The compliance monitor for memory.
  • Scheduled conformance against production
  • Signed proof your guarantees still hold
  • Regression alerts when conformance slips
  • Trend dashboard + historical reports
  • Continuously monitors your live endpoint
Join early access

Adopting a memory vendor? Buyer-side audit gives you independent verification of a vendor's claims before you deploy — third-party assurance for procurement and regulatory traceability. Talk to us →

Certify your backend.

Whether you build an agent-memory engine, adopt one, or research the field — tell us what you're working with and we'll get you a conformance run and a signed report.

Opening your mail client.

We'll reply within 24 hours.
In the meantime, pip install grafomem and run a self-certification today.

The suite is open source — you can self-certify right now without us. This is for the signed, listed certification.