Timechain — tamper-evident audit chains
ShippedA tamper-evident record of every ingest, query, retrieval and answer — change one sealed block and the whole chain says so.
Introduction
Mnemosyne is a company brain you run on your own infrastructure. It curates your documents once into an anchored, verified knowledge graph; answers only with grounded citations checked outside the model; enforces need-to-know at key-wrap time; and keeps a tamper-evident record of everything. These pages explain how — and, next to every capability, say plainly whether it is shipped, in progress, planned, or still research.
Every capability below carries an honest status. We would rather show you the boundary of what is built than imply more than runs — for a buyer paid to be skeptical, that is the point.
A tamper-evident record of every ingest, query, retrieval and answer — change one sealed block and the whole chain says so.
The chain's root is published into Bitcoin, so a root already there cannot be un-published — even by someone who owns the box and its keys.
The block-sealing key can rotate without invalidating any history, and no key can be spliced in without the outgoing key's signed consent.
Browse the tamper-evident chain yourself — every block, every anchor, no key required, sealed content stays sealed.
Access is a lattice, not a flat list — a reader must out-rank the level, hold every compartment, and clear every caveat, and it is checked when the key is wrapped.
Who may install an access-policy change is decided where the chain is read, not only where it is written — so no back-door write can grant itself the encryption gate.
Every clearance grant, revocation, and key event is a signed entry on an anchored log — so who could read what, and since when, is answered by replaying the chain, not by trusting a config file.
The keys that unlock everything are never written to disk in the clear — a stolen disk yields wrapped keys with nothing to unwrap them.
Data at rest is encrypted under a key scoped to its full label-set — with two known gaps we name openly, both closed before any real customer data is ingested.
Identifiers that leak nothing — a stolen id is a hash, decodable only by a cleared operator holding the key.
Blocking not just direct disclosure but inference toward a restricted fact — a three-check frame gate plus a human-ratification ratchet.
Fool the AI, and your data is still safe — the model is untrusted by design, so a compromised model still cannot invent a fact or leak one across compartments.
Every claim in an answer must resolve to a source the requester is cleared to see — and that check runs outside the model, so fooling the model does not move it.
We curate your sources once into a verified, interlinked graph that compounds — unlike retrieval that re-derives a raw-chunk answer from scratch on every query.
Retrieval is ranked by a cognitive model of memory — spreading activation over the knowledge graph — not bare vector similarity.
The system gets measurably better with use — and learning can only tune ranking and action-selection, never the security gate.
Standard company files are parsed, mandatorily clearance-tagged, and sealed on the way in — labels are final before the first byte is anchored.
A company brain you run on your own infrastructure — no data leaves your building, and an air-gapped deployment has nowhere for a leak to go.
A private, single-tenant instance we run for you — one customer per box, never shared, and you can leave with your data any time.
We run your instance and still cannot read it — your keys unlock it only inside an attested enclave the host cannot see into.
The deep dive explains each mechanism in detail; Install & run covers on-prem and managed; Company & project has the roadmap. Everything renders from one source of truth, so what you read stays true as the product grows.