Self-hosting and teams

One server. Every agent. Your rules.

Run one Remnic server on a machine you control and point every agent at it. The standalone server speaks HTTP and MCP, isolates tenants with namespaces and ACLs, and ships an operator console so you can see exactly what is stored and why. No cloud account, no subscription.

Start here. @remnic/server is bundled in @remnic/cli. Bring up the daemon with remnic daemon start, or run the server directly. It binds 127.0.0.1:4318 by default and gates every request on a loopback bearer token.
npx --package @remnic/server remnic-server --port 4318
# Bearer token via --auth-token or REMNIC_AUTH_TOKEN

HTTP and MCP, without OpenClaw

@remnic/server serves the full memory and context tool surface over HTTP and MCP: recall, store, entity lookup, correction, X-ray provenance, and the operator API. The bind address defaults to loopback and the auth token is required, so nothing is exposed until you decide to expose it. Set REMNIC_AUTH_TOKEN to a random value and put the server behind a tunnel only when you need remote agents to reach it.

Namespaces and ACLs

Turn on namespacesEnabled and each agent gets its own self namespace plus a curated shared namespace for cross-agent context. namespacePolicies lists the read and write principals per namespace, so one install can host several agents or users without leaking memory between them.

Per-agent isolation

Extracted memories land in the agent's own self namespace. Two principals working in the same repo get separate project namespaces by default.

Curated sharing

The shared namespace provides cross-agent context. Promotion is opt-in and category-gated, so sharing is a decision, not a default.

Read and write principals

namespacePolicies binds each namespace to explicit read and write principals. Explicit namespace overrides still go through the policy checks.

Scope profiles for teams

Optional scopeProfiles and teams layer user, team-project, and server-shared namespaces for hosted-team setups. Team namespaces derive from trusted config, never from caller-supplied strings.

Operator console

Set server.adminConsoleEnabled: true (default false) and the browser console mounts at /remnic/ui/. It is a memory browser, a recall debugger, trust-zone and review-queue panes, an entity explorer, and a live force-directed memory-graph view. Every fetch and every operator action goes through the same loopback bearer token as the rest of the operator API, so the console adds no new trust surface.

Daemon handoff

remnic daemon start hands the process off to launchd or systemd when a service is installed, so the server survives logout and reboots. It stays idle until an agent talks to it, so it is not another thing to babysit.

Docker image with QMD bundled

The published container image includes the QMD search backend, so there is no separate index install. It exposes port 4318, stores memory under the /data volume, and reads the bearer token from REMNIC_AUTH_TOKEN.

docker run --rm \
  -p 4318:4318 \
  -v remnic-data:/data \
  -e REMNIC_AUTH_TOKEN=change-me \
  ghcr.io/joshuaswarren/remnic:latest

Teams: corrections that propagate

Remnic Relay is recent work built during OpenAI Build Week 2026. It tackles the team version of the correction problem: when two agents hold conflicting beliefs, evidence identifies the stale one, a human approves a single correction, and the replacement crosses into a cold agent that had never seen it, so the same test passes on the next run. One approval, propagated, with a receipt for who approved what and which agent learned it.