Registry & CLI Reference
Publish, share, and sync memory packages. Collaborate across machines, teams, and AI agents using the memorylayer CLI.
Authentication
All registry commands read your API key from ~/.memorylayer/auth.json or the MEMORY_API_KEY environment variable.
Login
# Save your API key locally
memorylayer login --token sk-ml-your-key-here
# or pass via env (useful in CI/CD)
MEMORY_API_KEY=sk-ml-... memorylayer publishThe key is validated against the registry before being saved. Get a key at memorylayer.in/auth/login.
Logout & whoami
memorylayer logout # removes saved key
memorylayer whoami # shows key prefix + registry URLPublishing packages
A memory package bundles a namespace (or part of one) into a versioned, integrity-verified tarball that others can install. Publishing requires a memory.json manifest in your working directory.
Initialize a manifest
memorylayer init
# → creates memory.json with @user/<dirname> as the name{
"name": "@acme/react-patterns",
"version": "1.0.0",
"description": "React component patterns for the Acme design system",
"keywords": ["react", "components", "design-system"],
"private": false,
"license": "MIT",
"memorylayer": {
"namespace": "react-patterns"
}
}The memorylayer.namespace field tells publish which local namespace to export. If omitted it falls back to the package name.
Publish
# Publish current version
memorylayer publish
# Auto-bump version before publishing
memorylayer publish --bump patch # 1.0.0 → 1.0.1
memorylayer publish --bump minor # 1.0.0 → 1.1.0
memorylayer publish --bump major # 1.0.0 → 2.0.0
# Tag a release channel
memorylayer publish --tag beta
# Make private (only you + collaborators can install)
memorylayer publish --access private
# Preview without uploading
memorylayer publish --dry-run@yourname/package-name. The scope is your account username or an org slug you admin. Create an org with memorylayer org create <slug> to publish under @org/....Installing packages
memorylayer add downloads a package and upserts its memories into a local namespace. Duplicate memories are skipped; updated ones are merged by similarity.
# Install latest version into namespace matching the package name
memorylayer add @acme/react-patterns
# Install specific version
memorylayer add @acme/react-patterns@1.2.0
# Install into a different namespace
memorylayer add @acme/react-patterns --namespace my-acme
# Preview without writing
memorylayer add @acme/react-patterns --dry-run
# Install a private package (uses your logged-in key automatically)
memorylayer add @acme/internal-kbEvery download is verified with SHA-512 integrity before install. If the hash doesn't match, the install aborts. Dependencies listed in memory.json are resolved and installed first.
Search & discovery
# Free-text search
memorylayer search "react hooks"
# Filter by keyword tag
memorylayer search --keyword typescript
# Filter by author
memorylayer search --author acme
# View full package details and version history
memorylayer info @acme/react-patternsSync: push & pull
Sync backs up an entire namespace to the registry as an encrypted blob — your memories never leave your machine in plaintext. Use it to move between machines or to keep a cloud backup.
Push — local is the source of truth
memorylayer sync push --namespace work
# With a custom encryption passphrase (default: derived from your API key)
memorylayer sync push --namespace work --key "my-passphrase"work namespace becomes the authoritative copy in the cloud. Any memories that existed only in a previous push are gone. Run sync pull first if you want to merge before overwriting.Pull — remote merges into local
memorylayer sync pull --namespace work
# With a custom passphrase (must match the one used when pushing)
memorylayer sync pull --namespace work --key "my-passphrase"Pull is additive, not destructive. Memories from the remote blob are upserted into your local namespace — new ones are added, existing ones are updated if the remote version is newer. Local memories that aren't in the remote blob are left untouched.
Priority summary
Check sync status
memorylayer sync status
# Lists all synced namespaces with memory count, size, and last-pushed timeEncryption
Sync blobs are AES-256-GCM encrypted before upload. By default the encryption key is derived from your API key — so only you can decrypt them. Pass --key to use a separate passphrase (useful for team namespaces where multiple people need to pull the same blob). The passphrase must match on every push and pull for that namespace.
Sharing packages
Two ways to share a published package with someone who doesn't have access: a time-limited share link, or adding them as a named collaborator.
Share links
# Create a 7-day share link (default)
memorylayer share @acme/internal-kb
# Custom expiry (in hours)
memorylayer share @acme/internal-kb --expires 48 # 2 days
memorylayer share @acme/internal-kb --expires 720 # 30 days
# Limit total installs
memorylayer share @acme/internal-kb --max-uses 5
# Prints a ready-to-paste install command:
# memorylayer add @acme/internal-kb --key <share-token>Share links expire automatically. After expiry (or max-uses reached) the token is rejected and the install command stops working.
Named collaborators
# Add a collaborator (reader role — can install, not publish)
memorylayer share @acme/internal-kb --add sk-ml-their-key
# Remove a collaborator
memorylayer share @acme/internal-kb --remove sk-ml-their-key
# List all active links and collaborators
memorylayer share @acme/internal-kb --listCollaborators added this way can install the package anytime using their own API key, with no token needed. They are granted the reader role — they can install and pull but cannot publish new versions.
Orgs & teams
Orgs let you publish under a shared namespace (@acme/...) and manage team access without sharing a single API key.
Create an org
# memorylayer org create <slug> <display-name>
memorylayer org create acme "Acme Inc"
# → You are automatically the adminManage members
# Add a member (default role: member)
memorylayer org add-member acme sk-ml-their-key
# Add as admin
memorylayer org add-member acme sk-ml-their-key --role admin
# Change an existing member's role
memorylayer org set-role acme sk-ml-their-key admin
# Remove a member
memorylayer org remove-member acme sk-ml-their-keyRoles
- ·Install packages published under the org
- ·Publish new packages under @org/...
- ·Cannot manage members or billing
- ·All member permissions
- ·Add/remove members, change roles
- ·Create share links for org packages
Licensing model
Licensing is per API key, not per machine. The same key can run on multiple machines; all machines share one monthly call budget.
- ·remember · recall · code · consolidate · verify
- ·50 recall(answer) + code(locate) / mo
- ·5 code(ingest) / mo
- ·50 recall(explore) / mo
- ·No advanced ops (chunk · batch · ripple · weave · prove · domain · audit)
- ·All Free tools
- ·2,000 recall(answer) + code(locate) / mo
- ·50 code(ingest) / mo
- ·500 recall(explore) / mo
- ·No advanced ops (chunk · batch · ripple · weave · prove · domain · audit)
- ·All Pro tools
- ·recall(explore: true) — graph weaving
- ·remember(chunk) — long-doc storage
- ·remember(batch) — bulk write
- ·prove · domain · audit — Z3 formal reasoning
- ·consolidate(compose) — ACT-R chunk compilation
- ·Priority support
- ·All Pro+ tools
- ·Per-machine or per-member keys
- ·Org-level billing & usage
- ·SLA + dedicated support
- ·Custom data retention
Team & org billing
Each team member holds their own API key and their own plan. There is no org-level billing outside of Enterprise — each person upgrades independently and their quotas are theirs alone. Org membership gives publishing rights under a shared scope; it doesn't pool call budgets.
For teams that need a single shared budget, a single quota pool, or per-seat provisioning, contact support@memorylayer.in for Enterprise.
FAQ
sync push/pullis a private encrypted backup of your namespace — only you (or someone with the passphrase) can read it. It's for moving your own data between machines or keeping a cloud backup.
publish makes a versioned, integrity-signed package that anyone (or specific collaborators) can install with memorylayer add. Use sync for personal continuity; use publish to share knowledge with others.
No — sync is personal. Each namespace's blob is stored under your API key and encrypted with a key derived from it. Another person pulling the same namespace name would be pulling their own blob (empty if they've never pushed it), not yours.
To share memories, use publish + add, or share --add to add a named collaborator to a private package.
Push stores the current snapshot. Pull downloads that snapshot and upserts it back locally. Since pull is additive (never deletes), you end up with the same state you pushed — unless you added new memories between the push and the pull, in which case the pull brings back the older memories too. Generally: push first to capture current state, pull on a new machine to restore it.
Yes — each push/pull targets one namespace at a time. Run them in sequence:
memorylayer sync push --namespace work
memorylayer sync push --namespace personal
memorylayer sync push --namespace projectsLicensing is per API key. A single human developer using one key across multiple agents (Claude, Cursor, Windsurf) counts as one user with one shared monthly budget. All agents using the same key see the same namespace and draw from the same call quota.
If you want each agent to have isolated memory and an independent quota, give each its own key and plan — but for most setups, one key shared across all your agents is the right model.
Yes. Any member (or admin) can run memorylayer publish --access private under the org scope. Private packages are only installable by the publisher and explicit collaborators they add via memorylayer share --add.
Not via the CLI yet — contact support@memorylayer.in to yank a version. Yanked versions are still shown in memorylayer info but cannot be installed. The latest non-yanked version becomes the new default.
~/.memorylayer/auth.json — in your home directory, outside any project. Never commit it. The generated .gitignore in node/ already excludes .env files; if you're using MEMORY_API_KEY via an.env, make sure it's also excluded.