How do I install Saihm?

Saihm is a local plugin. Install it using npm package: @saihm/mcp-server and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Saihm need?

Saihm requires the following credentials or environment variables: SAIHM_ENDPOINT_URL, SAIHM_AUTH_HEADER. You can find setup instructions on the server detail page.

What AI apps work with Saihm?

Saihm uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Saihm MCP Server

by SAIHM Admin

Developer ToolsModerate6.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Sovereign encrypted persistent memory for AI agents. 8 MCP tools. GDPR erasure. Apache-2.0.

About

Sovereign encrypted persistent memory for AI agents. 8 MCP tools. GDPR erasure. Apache-2.0.

Security Report

6.2

Moderate6.2Moderate Risk

A well-architected MCP server for encrypted memory management with solid security fundamentals. The codebase demonstrates proper authentication handling (Bearer tokens via env vars, never hardcoded), HTTPS enforcement, input validation via Zod, and cryptographic operations delegated to the operator endpoint. Minor code quality observations around error handling and test coverage do not materially impact security posture. Supply chain analysis found 2 known vulnerabilities in dependencies (0 critical, 2 high severity). Package verification found 1 issue.

6 files analyzed · 7 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

What You'll Need

Set these up before or after installing:

Your SAIHM operator endpoint URL (issued at https://saihm.coti.global/join).Optional

Environment variable: SAIHM_ENDPOINT_URL

Authorization header (typically 'Bearer <token>') issued by your operator.Required

Environment variable: SAIHM_AUTH_HEADER

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-saihm-admin-saihm-mcp": {
      "env": {
        "SAIHM_AUTH_HEADER": "your-saihm-auth-header-here",
        "SAIHM_ENDPOINT_URL": "your-saihm-endpoint-url-here"
      },
      "args": [
        "-y",
        "@saihm/mcp-server"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

SAIHM MCP Server

Sovereign, encrypted, sharable, persistent memory protocol for AI agents.

v0.1.0 · Apache-2.0 · COTI V2 mainnet

What this is

A bare-bones Model Context Protocol server that exposes eight tools any MCP-capable AI agent (Claude Code, Claude Desktop, custom agents) can call to gain a persistent, encrypted memory layer the user owns:

saihm_remember — store an encrypted memory cell
saihm_recall — retrieve and decrypt your memories
saihm_forget — true cryptographic erasure (GDPR Art. 17)
saihm_status — your protocol-runtime stats and storage tier dashboard
saihm_share / saihm_revoke_share — selectively share a memory with another agent or user
saihm_governance_propose / saihm_governance_vote — protocol governance via gSAIHM

This package is a thin client. It holds no crypto, no storage, and no protocol runtime. Each tool forwards to a SAIHM operator endpoint that runs the full protocol stack on COTI V2 mainnet.

Install

npm install @saihm/mcp-server
# or run directly without install:
npx @saihm/mcp-server

Configure

The server needs two env vars:

SAIHM_ENDPOINT_URL=https://operator.example.com/saihm/v1
SAIHM_AUTH_HEADER=Bearer <token-issued-by-your-operator>

SAIHM_ENDPOINT_URL — the SAIHM operator endpoint. Operators publish their endpoint URLs at https://saihm.coti.global.
SAIHM_AUTH_HEADER — the Authorization header value the operator expects (typically a Bearer <token> issued to you after key-bound enrolment). The bare-bones client is authentication-agnostic and never transmits raw private keys; the operator's enrolment flow keeps your Wallet C key on your machine.

Place these in a .env file alongside the server (the .gitignore excludes all .env* files from any future repo).

Wire into Claude Code

{
  "mcpServers": {
    "saihm": {
      "command": "npx",
      "args": ["@saihm/mcp-server"],
      "env": {
        "SAIHM_ENDPOINT_URL": "https://operator.example.com/saihm/v1",
        "SAIHM_AUTH_HEADER": "Bearer <token>"
      }
    }
  }
}

What gets persisted, where

The bare-bones client itself persists nothing. The operator endpoint runs the full protocol stack: cells are encrypted under a per-cell DEK, sealed by a per-agent KEK, persisted to Filecoin, and audited on COTI V2 mainnet. See the operator's documentation for tier details.

Reporting engine

A reporting library is bundled as a sub-export, so operators can compose the eight MCP calls into bespoke reports with their own tooling (no extra dependency, no extra service):

import {
  validateBespokeTemplate,
  registerTemplate,
  generateRegistryAttestation,
  StubPublicRegistry,
  InMemoryReportingRuntime,
  GDPR_ART15_FIELDS,
  REGISTRY_ATTESTATION_FIELDS,
  type BespokeReportTemplate,
} from "@saihm/mcp-server/reporting";

What it covers

Field universe (FIELD_UNIVERSE) — 280 fields (262 framework + 18 ledger). Templates that project a field outside this set are rejected at validation.
Bespoke template schema — zod validator + universe-membership check + scope/cap enforcement.
Authorization path validators — 4 paths: public / self / operator-self / operator-for-downstream.
Receipt emission — 6 sub-kinds (report_generated / report_rejected / template_registered / template_superseded / erasure_chain_broken / rate_limit_exceeded) under a stable HKDF receipt domain.
Framework smoke — registry-attestation (public auth) for end-to-end plumbing verification.

Constraints

Every fieldProjections[] entry MUST be in FIELD_UNIVERSE.
scope.customerIdHashes 64-hex; max 10,000 per template.
scope.timeRange window ≤ 366 days.
fieldProjections length 1–200.
framework ∈ {gdpr-art-15, gdpr-art-17, soc2-t1, soc2-t2, iso27001, aml, audit-export, billing-history, registry-attestation}.
format ∈ {pdfa3, json, csv}.

Worked example

const template: BespokeReportTemplate = {
  templateId: "acme-q1-summary",
  templateVersion: 1,
  operatorIdHash: "ab".repeat(32),
  scope: {
    customerIdHashes: ["cd".repeat(32)],
    timeRange: { from: "2026-01-01T00:00:00Z", to: "2026-04-01T00:00:00Z" },
  },
  framework: "gdpr-art-15",
  fieldProjections: [GDPR_ART15_FIELDS[0], GDPR_ART15_FIELDS[1]],
  format: "pdfa3",
};
const v = validateBespokeTemplate(template);
if (!v.valid) throw new Error(v.errors.join(", "));

const runtime = new InMemoryReportingRuntime(); // replace with your audit-ledger runtime
const reg = await registerTemplate(template, runtime);
if (reg.ok) console.log("registered:", reg.templateHash);

In production, replace InMemoryReportingRuntime with a runtime that persists audit payloads to your operator's audit ledger. Operators who inject signature verifiers should use pure-crypto libraries (@noble/curves for EIP-712, @noble/post-quantum for FIPS 204 ML-DSA) — the package itself bundles no EVM tooling.

Security

The bare-bones client enforces a small set of defaults so misconfiguration cannot leak the Authorization header in transit:

HTTPS-only endpoints. SAIHM_ENDPOINT_URL must use https://. Plain http:// is rejected at construction time, except for 127.0.0.1 and localhost (so a local operator endpoint works during development).
Per-call abort window. Each request runs under an AbortController that aborts after 30s, preventing a hung endpoint from starving the MCP server.
Response-size cap. Responses whose Content-Length exceeds 16 MB are rejected before deserialisation.
No header echo. Authorization is never included in thrown error messages or stdout.
No filesystem reads. The package never reads from disk; configuration flows entirely through env vars.
Zero EVM tooling. No ethers, no eth_*, no Solidity. If operators inject signature verifiers via AuthVerifiers, they should use pure-crypto libraries (@noble/curves, @noble/post-quantum).

Trust model: this client trusts whatever endpoint the operator configures. Cell IDs, audit anchors, and report receipts returned from that endpoint are surfaced to the agent verbatim — operators are the authority for content shown via saihm_recall. Verifying receipts against COTI V2 mainnet anchors is out of scope for the bare-bones; consume the cellId and auditCellId fields and verify against your own SAIHM mainnet read path.

For distribution integrity, the SAIHM publisher signs releases via npm sigstore provenance; verify with npm view @saihm/mcp-server --json | jq .dist and npm audit signatures.

License

Apache-2.0 — see LICENSE.

Project

Site: https://saihm.coti.global
Issue tracker: see homepage for current contact channel.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Saihm MCP Server

About

Security Report

Findings (7)Action required

Permissions Required

What You'll Need

How to Install

Documentation

SAIHM MCP Server

What this is

Install

Configure

Wire into Claude Code

What gets persisted, where

Reporting engine

What it covers

Constraints

Worked example

Security

License

Project

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent