Skip to main content
Memory Passport is the user-controlled identity layer in MemoryOS. It lets one person sign in with email and OTP, maintain a universal memory identity, and decide which agents can access which categories of their memory. Human users do not need to manage raw uui_... tokens. The uui_... token exists for agent-to-agent SDK calls after consent has been granted. Memory Passport consent screen where a user approves memory categories for an AI agent

Why Memory Passport exists

Tenant-scoped memory works well when one application wants to remember its own users. Memory Passport solves a different problem:
  • the same person uses multiple AI agents
  • those agents should not automatically share everything
  • the person should be able to approve, deny, revoke, or delete access themselves
That makes Memory Passport a privacy layer as much as a memory layer.

Core objects

Universal user

When a person registers or signs in through the consent app, MemoryOS creates or resolves a universal user. MemoryOS also maintains an agent-facing token shaped like: 
uui_...
This token is used by backend integrations and SDK calls. It should not be the primary login method for students, patients, customers, or other end users. Human users manage grants from: 
https://consent.memoryos.io/manage
Memory Passport manage page showing active agent grants and revoke actions

Global agent

A global agent is an agent profile that can request Memory Passport access. It has:
  • a public profile
  • a verification status
  • requested default categories for consent links
  • an agent_sk_... API key for universal memory APIs
The tenant creates a global agent with: 
POST /v1/agents/global
Authorization: ApiKey mem_...
MemoryOS returns:
  • id: public agent_id for consent URLs
  • raw_agent_api_key: one-time agent_sk_... secret for backend universal API calls
The raw agent key should be stored server-side and is not shown on the public profile. Default categories are not a hard limit. They are the starting selection shown to the user. A consent URL can preselect another subset for a specific feature, and the user can add or remove categories before approving.

Permission grant

A permission grant connects:
  • one Memory Passport user
  • one global agent
  • one set of allowed categories
  • one access mode (read_only or read_write)
  • an optional expiry

Category-scoped sharing

Memory Passport grants are category-scoped, not all-or-nothing. Current categories are:
  • preference
  • fact
  • goal
  • procedure
  • relationship
  • expertise
That means a user can approve:
  • preference and expertise
while still withholding:
  • goal
  • relationship
  • fact
  • procedure

Auth model

Universal memory access requires both: 
Authorization: ApiKey agent_sk_...
X-MemoryOS-UUI: uui_...
The agent key identifies who is asking. The UUI token identifies which user granted access. MemoryOS then checks whether there is an active grant for that agent and whether the requested category is allowed.

Grant lifecycle

  1. a tenant app introduces MemoryOS where it asks the user to connect memory
  2. the agent sends the user to a consent URL
  3. the consent app handles one of three states inline:
    • new user: create account, then verify OTP
    • existing user: email plus OTP login
    • active session: show consent immediately
  4. user approves specific categories and duration
  5. agent can read or write only within that grant
  6. user can revoke the grant at any time
  7. user can delete the entire Memory Passport and all universal memories

Pending questions

The Memory Passport manage page has a Pending Questions tab. This tab is only for conflicts that MemoryOS deliberately routes back to the end user. It is not a general conflict queue. Pending questions appear when:
  • MemoryOS detects two conflicting memories
  • the conflict is personal to the user
  • automatic recency or confidence rules are not enough
  • the active domain router says the user is the right person to answer
Examples:
ConflictRouted to
Student exam date changed from March 10 to March 15Pending Questions
User changed preferred explanation languagePending Questions
User has two different personal goals recordedPending Questions
Two admins disagree on institution curriculumTenant dashboard review
Workspace policy conflicts with another workspace policyTenant dashboard review
When the user answers, MemoryOS marks the clarification resolved. If they choose one version, the other memory is archived. If they choose neither, the conflict is ignored for that user-session path.

Privacy guarantees

Memory Passport is designed so that:
  • an agent cannot infer what other agents were granted
  • revoking a grant removes future access
  • deleting the Memory Passport removes universal memories and active grants
  • permission notifications can send users back to the manage page for immediate revoke

Related pages