{"id":50577204,"url":"https://github.com/nikshepsvn/blindcache","last_synced_at":"2026-06-04T23:01:49.907Z","repository":{"id":359987269,"uuid":"1246648228","full_name":"nikshepsvn/blindcache","owner":"nikshepsvn","description":"Encrypted memory layer for AI agents, built on Nillion's Blind Computer. MCP server + vault SDK that no operator — not even us — can read.","archived":false,"fork":false,"pushed_at":"2026-05-24T13:20:14.000Z","size":7870,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-24T14:21:44.066Z","etag":null,"topics":["agent-memory","ai-memory","blind-computer","claude-code","encrypted-storage","mcp","model-context-protocol","mpc","nillion","privacy","typescript"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nikshepsvn.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-22T12:05:42.000Z","updated_at":"2026-05-24T13:37:25.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nikshepsvn/blindcache","commit_stats":null,"previous_names":["nikshepsvn/blindcache"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/nikshepsvn/blindcache","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikshepsvn%2Fblindcache","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikshepsvn%2Fblindcache/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikshepsvn%2Fblindcache/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikshepsvn%2Fblindcache/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nikshepsvn","download_url":"https://codeload.github.com/nikshepsvn/blindcache/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikshepsvn%2Fblindcache/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33923188,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-04T02:00:06.755Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-memory","ai-memory","blind-computer","claude-code","encrypted-storage","mcp","model-context-protocol","mpc","nillion","privacy","typescript"],"created_at":"2026-06-04T23:01:44.609Z","updated_at":"2026-06-04T23:01:49.895Z","avatar_url":"https://github.com/nikshepsvn.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg src=\"docs/banner.jpg\" alt=\"BLINDCACHE\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eBlindCache\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cb\u003eAn encrypted memory layer for AI agents, built on Nillion's Blind Computer.\u003c/b\u003e\u003cbr/\u003e\n Sharded across three nilDB nodes. No operator — not even us — can read your content at rest.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://www.npmjs.com/package/blindcache-mcp\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/blindcache-mcp?label=blindcache-mcp\u0026color=blue\" alt=\"npm: blindcache-mcp\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://www.npmjs.com/package/blindcache-core\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/blindcache-core?label=blindcache-core\u0026color=blue\" alt=\"npm: blindcache-core\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/nikshepsvn/blindcache/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-Apache--2.0-blue.svg\" alt=\"Apache 2.0\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://modelcontextprotocol.io\"\u003e\u003cimg src=\"https://img.shields.io/badge/MCP-compatible-blue.svg\" alt=\"MCP compatible\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://nillion.com\"\u003e\u003cimg src=\"https://img.shields.io/badge/Nillion-Blind%20Computer-blue.svg\" alt=\"Nillion Blind Computer\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#quick-start\"\u003eQuick start\u003c/a\u003e ·\n \u003ca href=\"#tools\"\u003eTools\u003c/a\u003e ·\n \u003ca href=\"#what-we-use-from-nillion-and-what-we-dont-yet\"\u003eStack\u003c/a\u003e ·\n \u003ca href=\"#background-and-where-nemo-ai-fits-in\"\u003eBackground\u003c/a\u003e ·\n \u003ca href=\"#performance\"\u003ePerformance\u003c/a\u003e ·\n \u003ca href=\"#wire-into-claude-code\"\u003eClaude Code\u003c/a\u003e ·\n \u003ca href=\"#whats-next\"\u003eWhat's next\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## Why\n\nEvery AI agent today re-asks you for the same context. Mem0, Letta, Zep, ChatGPT memory — all useful, all centralized: the provider can read your plaintext. BlindCache is the same shape (an MCP server exposing `memory_*` tools) but the substrate is Nillion's **Blind Computer**: content is split into Shamir-style shares across three nilDB nodes, and the SDK only ever recombines them on your machine. To the agent, it feels like a normal memory layer. To the operator, it's noise.\n\n## Architecture in one diagram\n\n```\n┌──────────────┐ memory_* ┌──────────────────┐ encrypted shares ┌──────────────────┐\n│ Claude Code │ ─────────────► │ blindcache-mcp │ ──────────────────────► │ nilDB node 1 │\n│ Cursor │ stdio / HTTP │ (this repo) │ ──────────────────────► │ nilDB node 2 │\n│ any agent │ ◄───────────── │ │ ──────────────────────► │ nilDB node 3 │\n└──────────────┘ plaintext └──────────────────┘ shares re-combine └──────────────────┘\n │\n │ optional: auto-tag + summarize\n ▼\n ┌──────────────────┐\n │ nilAI (TEE) │\n └──────────────────┘\n```\n\nPlaintext only ever exists inside the MCP process and (briefly, inside an enclave) inside nilAI when auto-tagging is on. Nothing else.\n\n## What we use from Nillion (and what we don't, yet)\n\nThe Blind Computer ships ~8 modules. BlindCache uses 4 today; the other 4 are the Tier 2 / Tier 3 roadmap.\n\n### Today\n\n| Module | What it gives BlindCache |\n|---|---|\n| **[nilDB](https://docs.nillion.com/blind-computer/build/storage/key-concepts)** (via `@nillion/secretvaults`) | The vault itself. Content secret-shared across 3 nodes via Shamir; plaintext fields (`tags`, `source`, `scope`, `timestamp`, `embedding`) stay queryable server-side via MongoDB-style aggregation. |\n| **[Blindfold](https://github.com/NillionNetwork/blindfold)** | The share-splitting primitive that powers the `%allot` (write marker) / `%share` (storage marker) pattern. Per-node encryption fanout is automatic. |\n| **NUC tokens** (via `@nillion/nuc`) | Node-specific JWTs for auth + delegation. The SDK mints fresh per request; same primitive will power Tier 2 OAuth-shape scope handoff. |\n| **[nilAI](https://docs.nillion.com/blind-computer/build/llms/quickstart)** (via `@nillion/nilai-ts`) | TEE-hosted OpenAI-compatible LLM. Powers auto-tagging on `memory_append` and `memory_summary`. Optional — set `NILLION_API_KEY` to enable. |\n\n### Not yet (the roadmap)\n\n| Module | What it would unlock |\n|---|---|\n| **[nilCC](https://docs.nillion.com/blind-computer/build/compute/api-reference)** | Confidential containers — host scheduled jobs (consolidation, dedup, nightly reflection digests, an OAuth-style consent server) in a TEE with attestation, no infra to run. |\n| **[Nada AI / Nada Numpy](https://github.com/NillionNetwork/nada-ai)** | MPC operations on encrypted data. The path to **server-side cosine over encrypted vectors** — neither the query nor the stored embeddings ever decrypt. The \"no one else can build this\" version of semantic search. |\n| **SecretDataAnalytics** | Aggregate queries over encrypted content. \"Count of memories containing word X\" without revealing the content or X. Closes the metadata-leakage footnote. |\n| **[Blacklight](https://nillion.com/news/nillion-now-on-ethereum/)** | Verification layer (Feb 2026 launch). Cryptographic receipts proving each vault operation ran correctly. Provable trust, not promised trust. |\n\nSee [What's next](#whats-next) for the order I'd ship these.\n\n## Background — and where nemo-ai fits in\n\nBefore BlindCache, I built **[nemo-ai](https://github.com/nikshepsvn/nemo-ai)** — also an MCP memory server, also \"private memory for AI agents,\" but with a fundamentally different threat model. BlindCache exists because nemo-ai answers one question (*how do I keep memory off the cloud entirely?*) brilliantly but can't answer another (*how do I share that memory across my devices, apps, and — eventually — other people, without trusting any operator?*).\n\n### What nemo-ai is great at\n\n- **Fully local** — SQLite + Ollama, nothing leaves your laptop. Zero cost forever, zero infra, ~10s of ms latency.\n- **Sophisticated memory logic** — fact extraction, ADD/UPDATE/INVALIDATE reasoning (e.g. *\"I moved to Berlin\"* invalidates *\"I live in London\"*), bi-temporal model (`valid_at` / `invalid_at`), auto-extracted entity graph with temporally tracked edges, multi-factor retrieval scoring with per-result component breakdown, session consolidation that dedups + merges + links.\n- **Single-machine privacy** is the strongest possible answer for the use cases it serves: nothing to subpoena, nothing to leak, nothing to trust.\n\n### Where nemo-ai stops\n\n- **One machine only.** Use Cursor on a laptop *and* Claude on a phone *and* ChatGPT in a browser? Your memory is on the laptop. (E2EE sync is on the roadmap; not built.)\n- **Single app, single user.** No way for two apps to share the same vault with scoped access; no way for two users to compute over each other's memory without revealing it.\n- **No cloud — so no cloud-resistant guarantees.** The privacy story is \"the data isn't out there.\" That works until you need it out there.\n\n### Why BlindCache exists\n\nThe same person — me — uses Cursor on a laptop, Claude on a phone, ChatGPT on the web, and would like one memory across all of those. That requires a cloud surface. The moment you put memory in a cloud surface, the question is *who can read it*. nemo-ai's answer (\"nobody, because it's not in the cloud\") is unbeatable for its use case. BlindCache's answer (\"nobody, because it's secret-shared across three operators who'd have to collude to decrypt\") is unbeatable for use cases nemo-ai can't reach: cross-device, multi-app, eventually multi-user MPC.\n\n### How this compares to other options\n\n| | nemo-ai | **BlindCache** | Mem0 / Letta / Zep | ChatGPT memory |\n| --- | --- | --- | --- | --- |\n| Lives where | Your laptop | Sharded across 3 nilDB nodes | Provider's cloud | OpenAI's cloud |\n| Operator can read your content | N/A (no operator) | **No — cryptographic** | Yes | Yes |\n| Cross-device | No (roadmap) | **Yes** | Yes | Locked to ChatGPT |\n| Multi-app sharing | No | **Yes** (Tier 2: per-doc ACLs) | One app at a time | No |\n| Multi-user compute over private data | Architecturally impossible | **Yes** (Tier 2: Nada MPC) | No | No |\n| Memory reasoning (contradictions, temporal, etc.) | **Sophisticated** | Basic + optional nilAI summarize | Sophisticated | Black box |\n| Retrieval explainability | **Per-result component scores** | None | Partial (varies) | None |\n| Latency | **~10s of ms** | ~150–300 ms (geography-dependent; ~330 ms from SEA → US/EU, closer to ~150 ms in-region) | ~100–300 ms | seconds |\n| Cost | **$0** | Free tier + NIL burn | $29–99/mo subscription | $20/mo + ChatGPT subscription |\n\n### The honest take\n\nThese aren't competing on the same axis. **nemo-ai is the right tool when memory should never leave your machine.** **BlindCache is the right tool when memory has to be reachable across machines and apps but you don't trust any cloud operator.** They occupy different points in the design space.\n\nThe most interesting future is **nemo-ai's reasoning layer running on top of BlindCache's encrypted substrate** — local intelligence (ADD/UPDATE/INVALIDATE, contradiction detection, entity graphs) layered over cryptographic persistence (cross-device reach, multi-app scoping, cross-user compute). That's a 1 + 1 = 3. See [What's next](#whats-next).\n\n## Tools\n\n| Tool | What it does |\n|---|---|\n| `memory_append` | Store one encrypted memory. Auto-tagged via nilAI when configured. |\n| `memory_bulk_append` | Up to 200 entries in a single round trip. |\n| `memory_search` | Plaintext filters (`tags` / `source` / `scope` / `since` / `before` / cursor) server-side. Pass `semantic` for cosine-ranked recall via local embeddings, or `query` for substring match on decrypted content. |\n| `memory_list` | Recent-first listing, scope-aware. |\n| `memory_get` | Fetch a single decrypted memory by id. |\n| `memory_update` | Edit content / tags / source / scope of an entry by id. |\n| `memory_delete` | Permanent removal by id. |\n| `memory_summary` | Pull memories matching a filter, summarize via nilAI. Requires `NILLION_API_KEY`. |\n\n## Quick start\n\n```bash\nnpx blindcache-mcp # stdio MCP server, ready to wire into any client\n```\n\nThat's it. First run takes a few seconds (npm download); subsequent runs start in \u003c1s. Without env vars, an ephemeral builder key is generated and a new vault is created on the Nillion testnet — fine for kicking the tires.\n\nFor persistent memory across restarts, generate a real key once and pass it in:\n\n```bash\n# Generate a fresh 32-byte hex private key\nNIL_BUILDER_PRIVATE_KEY=$(openssl rand -hex 32)\n\n# Run with the key set (export it or inline it as below)\nNIL_BUILDER_PRIVATE_KEY=$NIL_BUILDER_PRIVATE_KEY npx blindcache-mcp\n```\n\nSave the hex key somewhere — it's the only way back into the same vault.\n\n\u003e Working from source instead? `git clone` this repo, then `pnpm install \u0026\u0026 pnpm smoke` runs the full CRUD + filters + cursor + update + bulk roundtrip against testnet. `pnpm keygen` prints a fresh key; `pnpm dev:mcp` starts the server.\n\n## Wire into Claude Code\n\nAdd to `~/.claude/claude_desktop_config.json` (or a per-project `.mcp.json`):\n\n```json\n{\n \"mcpServers\": {\n \"blindcache\": {\n \"command\": \"npx\",\n \"args\": [\"-y\", \"blindcache-mcp\"],\n \"env\": {\n \"NIL_BUILDER_PRIVATE_KEY\": \"your-hex-private-key-here\",\n \"NILLION_API_KEY\": \"optional — unlocks auto-tag + memory_summary\"\n }\n }\n }\n}\n```\n\nRestart Claude Code. Your agent now has `memory_*` tools.\n\n## HTTP mode\n\nRun as a local HTTP server multiple agents can share, instead of spawning a new stdio process per agent:\n\n```bash\nBLINDCACHE_HTTP_PORT=3737 BLINDCACHE_HTTP_TOKEN=$(uuidgen) pnpm dev:mcp\n# health: curl http://127.0.0.1:3737/health\n# mcp: POST http://127.0.0.1:3737/mcp with `Authorization: Bearer \u003ctoken\u003e`\n```\n\n`BLINDCACHE_HTTP_TOKEN` is required — the server refuses to listen otherwise.\n\n## Switching from testnet to mainnet\n\nTestnet is permissive — write all you want, no payment. Mainnet is the real, decentralized network: four nodes operated by Nillion, PairPoint, STC Bahrain, and Deutsche Telekom MMS. To flip:\n\n**1. Subscribe via the developer portal.** Open [`portal.nillion.com`](https://portal.nillion.com), connect a Keplr wallet, and subscribe to nilDB. Both nilDB and nilAI have a free tier; beyond it you burn NIL → credits → assign to specific nodes. The portal walks you through it; no email or credit card required.\n\n**2. Point `NILDB_NODES` at the mainnet cluster.** Override the env var (default is testnet):\n\n```bash\nNILDB_NODES=\"https://nildb-5ab1.nillion.network,https://nildb-f496.pairpointweb3.io,https://nildb-f375.stcbahrain.net,https://nildb-2140.staking.telekom-mms.com\"\n```\n\n**3. Use the builder key the portal generated.** Set `NIL_BUILDER_PRIVATE_KEY` to the key from your subscription — that's the DID the network knows you by.\n\n**4. Re-run.** Nothing else changes. Same SDK, same MCP tools, same code. The collection auto-creates on first call; new builder = new vault.\n\n\u003e Migration note: there is no automatic data migration from testnet to mainnet. Treat testnet as scratch space.\n\n## Performance\n\nNumbers from `pnpm smoke` against `nildb-stg-n{1,2,3}.nillion.network` — measured **from Southeast Asia (India) while traveling**, talking to a US/EU staging cluster. The numbers below are with that ~250 ms baseline round-trip already baked in. Closer to the nodes, expect roughly half this.\n\n| Operation | Latency |\n|---|---|\n| `vault.open()` (one-time) | ~1.9 s |\n| Embedder warm (one-time, after first model download) | ~80 ms |\n| `append` (auto-tag + embed in parallel) median / p95 | ~210 ms / ~310 ms |\n| `semantic search` (embed query + fetch + cosine rank) median / p95 | ~370 ms / ~530 ms |\n| `bulkAppend(5)` | ~235 ms |\n| `update` (re-fetch + re-embed + re-encrypt) | ~750 ms |\n| `search` (scope filter only) | ~195 ms |\n| `delete` | ~200 ms |\n| `summarize` (nilAI) | requires `NILLION_API_KEY` |\n\nv0.2 made append *faster* than v0.1: local embedding overlaps with the network write, so the SDK isn't idle while shares fan out. Decryption round-trip + semantic top-1 accuracy verified end-to-end in `pnpm smoke`.\n\n## Semantic search (the v0.2 thing)\n\nPass `semantic` to `memory_search` instead of (or alongside) the older `query` substring filter:\n\n```ts\nawait vault.search({ semantic: \"payment processing bugs\", scope: \"work\", limit: 5 });\n// → top result is the Stripe webhook note even though \"payment\" isn't in the text\n```\n\nThe query is embedded **locally** with [Xenova/all-MiniLM-L6-v2](https://huggingface.co/Xenova/all-MiniLM-L6-v2) (~23 MB q8 quantized, 384-dim, ~2 ms per embed on a laptop CPU). Stored embeddings live as a plaintext array on each memory; cosine ranking runs in the SDK after fetching the structurally-filtered candidate set.\n\n\u003e **Why this matters compared to mem0/Letta/Zep:** all of them send your plaintext to OpenAI's embedding API on every write. BlindCache embeds in-process. Your text never leaves your machine for the embed step. That's a strict privacy upgrade — and you don't pay per-embedding to anyone.\n\n\u003e **Honest footnote:** in v0.2 the *vectors themselves* are stored plaintext on the nodes. An operator scraping all 3 can't reconstruct your text but could see semantic clusters. v0.3 will encrypt embeddings via `%allot`; v0.4 will explore server-side cosine via Nada AI MPC where neither the query nor stored vectors ever get decrypted.\n\n## Auto-tag and summarize (nilAI)\n\nIf `NILLION_API_KEY` is set, every `memory_append` is augmented with 2-5 LLM-suggested topical tags via [nilAI](https://docs.nillion.com/blind-computer/build/llms/quickstart) — an OpenAI-compatible endpoint that runs the model inside a Trusted Execution Environment. The same key unlocks `memory_summary` for digesting filter results.\n\n```\n\"Pair-programmed with Maya on Stripe webhook retry logic…\"\n → [stripe, webhooks, retry-logic, maya]\n```\n\n\u003e **Privacy trade-off, named honestly:** nilAI is TEE-based, not MPC. Plaintext is briefly visible to the model inside the enclave during inference. The vault itself remains MPC-encrypted at rest. If your threat model requires that no Nillion infrastructure ever sees plaintext, leave `NILLION_API_KEY` unset and tag manually.\n\n## Repo layout\n\n```\npackages/\n blindcache-core/ Vault wrapper over @nillion/secretvaults — CRUD, bulk, summarize, auto-tag, local embeddings\n blindcache-mcp/ MCP server (stdio + HTTP) exposing memory_* tools\nscripts/\n fix-libsodium.mjs Postinstall workaround for an upstream libsodium ESM packaging bug\ndocs/\n banner.jpg The wallpaper at the top\n blindcache-v0.2.mp4 v0.2 launch video (scene-based, 25s)\n blindcache-v0.2.gif Same, as a gif\n build-launch-video.sh ffmpeg pipeline that produces the above (reproducible)\n v0.2-demo.{sh,tape,gif} vhs-rendered terminal demo of the smoke output\n```\n\n## Gotchas (so the next person doesn't waste a day)\n\n\u003cdetails\u003e\n\u003csummary\u003eClick to expand the list of things I burned a day on\u003c/summary\u003e\n\n1. **Schema root must be `type: \"array\"` with `items`** — root `type: \"object\"` is rejected as `\"must be object\"` because nilDB validates the whole batch, not each record.\n2. **`Signer.getDid()` returns a `Did` object, not a string** — use `.didString`. `.toString()` returns `[object Object]` and registration fails with `\"Token subject does not match registration DID\"`.\n3. **libsodium-wrappers-sumo ESM build is broken on pnpm** — its build references `./libsodium-sumo.mjs` which actually lives in the sibling `libsodium-sumo` package. `scripts/fix-libsodium.mjs` symlinks it on `pnpm install`.\n4. **Plaintext-only updates fail under blindfold** — the SDK's blindfold layer expects every write body to contain a `%allot` field so it can fan out into one share per node. We always include `content` (re-fetched if not changing) to keep blindfold happy. Cost: one extra read per update.\n5. **Collections are immutable** — bumping the schema (e.g. adding `scope` in v2) requires a new collection. Existing entries in older collections stay queryable under their old schema; just don't expect cross-version writes.\n6. **One bad node breaks reads** — the SDK retries 5× per node on transient errors, but if one node is permanently down, `findData` throws (no 2-of-3 fallback yet). Bypassing this requires forking the SDK.\n\n\u003c/details\u003e\n\n## What this proves\n\n- Nillion testnet works headlessly. No MetaMask, no browser. `pnpm keygen` + `pnpm smoke` is enough.\n- Sub-500ms encrypted writes / reads from a US laptop to a 3-node staging cluster.\n- The full CRUD + filter + paginate + bulk + summarize loop runs end-to-end.\n- An MCP server is a viable distribution channel — the vault feels like a normal `memory.*` to the agent; the encryption is invisible.\n\n## What's next\n\nTwo parallel tracks. **Tier 2** is the Nillion-native differentiation; **the nemo-ai integration** is the 1 + 1 = 3 with the [prior project](#background-and-where-nemo-ai-fits-in).\n\n### Tier 2 — primitives nothing else can build\n\n- **Owned collections + per-document ACLs** → user owns vault, multiple apps coexist with scoped access.\n- **OAuth-shape scope handoff** → third-party apps request scoped delegation tokens; user approves via a dashboard. Plaid Link, but for memory.\n- **Cross-user compute (Nada)** → first MPC program: shared tag overlap between two users, neither sees the other's tags. The viral demo.\n- **Encrypted semantic search (Nada)** → top-k over encrypted embeddings, server-side.\n- **Field-level disclosure** → an app reads `tags` but not `content`.\n- **2-of-3 read tolerance** → fork the SDK's cluster fanout so one missing node doesn't kill reads.\n- **Lit Protocol PKP identity** → passkey-based identity, multi-device, social recovery.\n\n### nemo-ai + BlindCache integration\n\nA separate adapter package (`nemo-blindcache` or an example in either repo) that lets nemo-ai's reasoning layer use BlindCache as its persistence backend. Concretely:\n\n- **nemo handles** fact extraction, ADD/UPDATE/INVALIDATE reasoning, contradiction detection, the entity graph, multi-factor scoring.\n- **BlindCache handles** encrypted-at-rest persistence, cross-device reach, multi-app scoping (via Tier 2 ACLs), eventually cross-user MPC.\n- The result: an MCP server with nemo's *intelligence* and BlindCache's *substrate*. Local reasoning, cryptographic persistence, agent-accessible from anywhere — a combination neither project achieves alone.\n\nThis is the more interesting of the two tracks long-term. Tier 2 unlocks the substrate's full surface; the nemo integration shows the substrate is worth using even when you already have a smart local memory layer.\n\n## License\n\n[Apache 2.0](LICENSE) © 2026 Nikshep Svn. Patent grant included; use commercially, fork freely.\n\n## Contributing\n\nIssues and PRs welcome. The project is intentionally small — keep new code in the same shape: thin wrappers over `@nillion/secretvaults`, no opinionated state machines, no business logic that doesn't earn its weight. See [CHANGELOG.md](CHANGELOG.md) for what's shipped.\n\n---\n\n\u003cp align=\"center\"\u003e\u003csub\u003ebuilt against Nillion's \u003ca href=\"https://nillion.com\"\u003eBlind Computer\u003c/a\u003e. you can't read what isn't there.\u003c/sub\u003e\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikshepsvn%2Fblindcache","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnikshepsvn%2Fblindcache","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikshepsvn%2Fblindcache/lists"}