Your AI agent knows your morning routine, your boss’s communication style, the project codenames you never say out loud, and which Slack channels make you anxious. It remembers all of this because memory is what makes agents useful.

But here’s the uncomfortable question: who else can read that memory?

Today, the answer is: basically anyone with server access.

We built the first solution. ClawSouls Memory Sync provides end-to-end encrypted memory synchronization across devices — and no one, not even us, can read your agent’s memory.

The Problem: Agent Memory is Plaintext

Every major AI agent framework that offers memory — whether it’s stored in a vector database, a JSON file, or a managed cloud service — stores it in plaintext. The server that hosts your memory can read it.

This means:

  • The platform operator can access your agent’s accumulated knowledge about you
  • A breach exposes not just credentials, but a rich behavioral profile
  • Cross-device sync transmits unencrypted personal data through third-party infrastructure
  • Compliance (GDPR, HIPAA, SOC 2) becomes a nightmare when you can’t guarantee data confidentiality

We surveyed every major agent framework — LangChain, CrewAI, AutoGen, Claude’s memory, ChatGPT’s memory, Mem0, and others. None of them offer end-to-end encryption for agent memory. Some offer encryption at rest, but the server always holds the key. That’s not E2E.

How ClawSouls Memory Sync Works

ClawSouls Memory Sync uses a zero-knowledge architecture: your encryption key never leaves your device, and the sync backend (a GitHub private repository) only ever sees ciphertext.

The Encryption Stack

  • Algorithm: age (X25519) — a modern, audited encryption tool designed by Filippo Valsorda (former Go security lead at Google)
  • Key management: A keypair is generated locally during sync init. The private key stays on your machine.
  • Backend: Your own GitHub private repository. You control the repo, the access, and the deletion.

Architecture

┌─────────────┐                    ┌─────────────┐
│   Device A   │                    │   Device B   │
│              │                    │              │
│  Memory      │                    │  Memory      │
│  (plaintext) │                    │  (plaintext) │
│      │       │                    │      ▲       │
│      ▼       │                    │      │       │
│  age encrypt │                    │  age decrypt │
│      │       │                    │      ▲       │
└──────┼───────┘                    └──────┼───────┘
       │                                   │
       ▼                                   │
  ┌─────────────────────────────────────────┐
  │        GitHub Private Repository        │
  │         (encrypted blobs only)          │
  └─────────────────────────────────────────┘

What GitHub sees: encrypted binary blobs. No filenames reveal content. No metadata leaks context.

What your device sees: your full agent memory, decrypted locally.

Quick Demo

Initialize Memory Sync

clawsouls sync init

This generates your age keypair and connects to your GitHub repository. The private key is stored in your local keychain — it never leaves your machine.

Push Memory to the Cloud

clawsouls sync push

Your memory files are encrypted locally with your age public key, then pushed to your private GitHub repo as encrypted blobs.

Pull Memory to Another Device

clawsouls sync pull

On a new device, after transferring your private key (via QR code or secure copy), sync pull fetches the encrypted blobs and decrypts them locally.

That’s it. Three commands. Full E2E encryption.

Why This Matters Now

AI agents are moving from “useful toy” to “indispensable assistant.” As they do, they accumulate increasingly sensitive data:

  • Personal patterns: sleep schedules, emotional states, relationship dynamics
  • Work intelligence: project strategies, org chart politics, compensation discussions
  • Access context: which systems you use, how you authenticate, your workflow shortcuts

This data is arguably more sensitive than your browsing history. Your browser knows what you searched for. Your agent knows what you thought about.

As agents become multi-device (phone, laptop, home server), memory sync becomes essential. And sync without encryption is a liability.

We looked for an existing solution. There wasn’t one. So we built it.

The Zero-Knowledge Guarantee

Let’s be precise about what “zero knowledge” means here:

  1. ClawSouls servers never see your memory or your encryption key
  2. GitHub stores only encrypted blobs — even if your repo were made public, the data is unreadable
  3. No key escrow — if you lose your private key, your encrypted memory is unrecoverable. This is a feature, not a bug.

This is the same security model used by Signal for messages and 1Password for credentials. We apply it to agent memory.

Get Started

Read the full setup guide: Memory Sync Guide →

Install ClawSouls CLI:

npm install -g clawsouls
clawsouls sync init

Your agent’s memory deserves the same protection as your passwords. We think it’s time someone built that.

We’re the first. We won’t be the last. And that’s a good thing.


📄 Research Paper: Zero-Knowledge Memory Synchronization for AI Agents (DOI: 10.5281/zenodo.18795489)

ClawSouls is open source. Visit clawsouls.ai to learn more.