SAIHM × Model Context Protocol crosswalk

The Model Context Protocol (MCP) was announced by Anthropic in November 2024 and donated to the Agentic AI Foundation (AAIF) under the Linux Foundation on 9 December 2025. MCP standardises how an AI agent reaches external tools and contextual data sources using JSON-RPC 2.0 over stdio or HTTP Server-Sent Events.

MCP standardises the tool layer. SAIHM standardises the memory layer. The two are composable: SAIHM exposes its protocol surface entirely through MCP, so any MCP-capable agent (Claude Code, Claude Desktop, Cursor, Continue, Goose, custom) attaches SAIHM as a memory layer with one command.

MCP primitives, mapped

MCP primitiveSAIHM usage
Tools — model-controlled, side-effectful actions invoked by the LLM.SAIHM exposes eight tools at the protocol invariant cap: saihm_remember, saihm_recall, saihm_forget, saihm_status, saihm_share, saihm_revoke_share, saihm_governance_propose, saihm_governance_vote. Each tool is signature-authenticated with ML-DSA-65 (FIPS-204).
Resources — application-controlled, addressable data the host may attach to context.A SAIHM cell id is a stable, content-addressable identifier. Implementations MAY expose cells as MCP resources for direct context attachment (out of scope for the eight-tool surface; an optional implementer extension).
Prompts — user-controlled, named prompt templates the host can offer to the user.SAIHM does not define prompts. Implementer extension: a SAIHM-aware MCP server may expose “remembered prompt templates” as prompts whose body is a recalled cell.
Sampling — server-initiated request for the client’s LLM to produce a completion.SAIHM does not use sampling. The protocol is deterministic; it does not need server-initiated LLM calls.
Roots — workspace scope hinting from the client to the server.SAIHM scope is wallet-bound, not filesystem-bound. Roots are not used at the protocol level.
Logging — server-side log entries surfaced to the client.SAIHM emits structured audit receipts anchored on the COTI V2 public chain. MCP logging MAY mirror a subset for client display; the canonical audit record is on chain.
Elicitation — interactive form requests from server to client.SAIHM does not elicit in normal operation. Future tool versions MAY elicit for sharing-contract confirmation; not in the current eight-tool surface.

Why SAIHM is the memory companion to MCP

MCP answered a clear gap in the agent era: a uniform protocol for tool and data access across vendors. It is now the de facto integration layer for AI agents.

What MCP does not standardise is persistent memory across sessions, models, and vendors. Most production agents either lean on a local file, a vector DB, or a vendor-specific session log. None of those is portable; none is sovereign; none provides cryptographic erasure.

SAIHM closes that gap with four protocol-level properties:

  1. Post-quantum identity binding. ML-DSA-65 (FIPS-204).
  2. Public-chain audit anchor. Every operation receipt is durable and independently verifiable.
  3. GDPR Article 17 cryptographic erasure. DEK destruction + tombstone + CID blacklist.
  4. Wallet-bound sovereignty. The holder’s key never leaves the holder.

MCP + SAIHM together: the agent reaches tools through MCP and remembers across sessions through SAIHM. Both are protocol-level. Both are at AAIF (MCP today; SAIHM proposed).

Reference SAIHM MCP server

{
  "mcpServers": {
    "saihm": {
      "command": "npx",
      "args": ["-y", "@saihm/mcp-server"],
      "env": {
        "SAIHM_ENDPOINT_URL": "https://operator.example.com/saihm/v1",
        "SAIHM_AUTH_HEADER": "Bearer <token-issued-after-enrolment>"
      }
    }
  }
}

Drop the snippet into claude_desktop_config.json (or your client’s equivalent). The eight SAIHM tools become available to the agent.

Quickstart

How to cite SAIHM as an MCP component

  1. For MCP server registry: list as memory provider; tool surface at @saihm/mcp-server; license Apache-2.0.
  2. For agent application security review: cite ML-DSA-65 (FIPS-204) at the SAIHM tool boundary.
  3. For data-flow diagram: show that no plaintext cell content leaves the holder machine; only ciphertext + signed envelopes traverse the MCP transport.
  4. For compliance dossier: pair with the GDPR Article 17 and EU AI Act crosswalks on this site.