Isolated vaults. Agent-autonomous. Human-observable.
Installation • Quick Start • Examples • Documentation • API Reference
Most agent frameworks treat memory as an afterthought — a shared vector store queried with metadata filters, where isolation depends entirely on configuration staying correct. It works until it doesn't: multiple agents with different domains, a growing knowledge base, and the wrong document surfaces in the wrong place.
CtxVault is built around a different primitive. Memory is organized into vaults — self-contained, directory-backed units, each with its own documents and its own vector index. Isolation is structural. The topology is defined explicitly: one vault per agent, a shared knowledge base across multiple workflows, or any combination — with access control that determines exactly which agents can reach which vault.
The result is a memory layer that behaves like real infrastructure: composable, observable, persistent and entirely local.
Isolation enforced through prompt logic or metadata schemas is fragile — it grows harder to reason about as systems scale, and fails silently when it breaks.
In CtxVault, each vault is an independent index. Agents have no shared retrieval path unless one is explicitly defined. Vaults can be declared restricted, with access granted to specific agents directly through the CLI. The boundary is part of the architecture, not a rule written in a config file that someone might later get wrong.
Found 3 vaults
> agent-a-vault [RESTRICTED]
path: ~/.ctxvault/vaults/agent-a-vault
agents: agent-a
> shared-vault [PUBLIC]
path: ~/.ctxvault/vaults/shared-vault
> agent-c-vault [RESTRICTED]
path: ~/.ctxvault/vaults/agent-c-vault
agents: agent-c
Agents lose all context when a session ends. CtxVault gives them a knowledge base that persists across conversations, queryable by meaning rather than exact match. Context written in one session is retrievable days later using semantically related language.
Persistent memory across sessions — shown with Claude Desktop, works with any MCP-compatible client.
When agents write to memory autonomously, visibility into what they write is not a debugging feature — it is the foundation of a trustworthy system.
Every vault is a plain directory on your machine. You can read it, edit it, and query it directly through the CLI at any point, independent of what any agent is doing. You also contribute to the same memory layer directly: drop documents into a vault, index with one command, and the agent queries that knowledge alongside what it has written on its own.
# Inspect what your agent has written in the vault
ctxvault list my-vault
# Query its knowledge base directly
ctxvault query my-vault "what decisions were made last week?"
# Add your own documents and index them
ctxvault index my-vaultNo cloud, no telemetry, no external services. Vaults are plain directories on your machine, the storage layer is entirely local. What you connect to that knowledge base is your choice.
CtxVault exposes the same vault layer through three interfaces. Use whichever fits your context, or combine them freely.
CLI — Human-facing. Monitor vaults, inspect agent-written content, add your own documents, query knowledge bases directly.
HTTP API — Programmatic integration. Connect LangChain, LangGraph, or any custom pipeline to vaults via REST. Full CRUD, semantic search, and agent write support.
MCP server — For autonomous agents. Give any MCP-compatible client direct vault access with no integration code required. The agent handles list_vaults, query, write, and list_docs on its own.
| CtxVault | ChromaDB + custom | LangChain Memory | Mem0 | |
|---|---|---|---|---|
| Vault isolation | ✓ | ✗ — you build it | ✗ | ✗ |
| Access control | ✓ | ✗ — you build it | ✗ | ✗ |
| Agent-written memory | ✓ | ✗ — you build it | Partial | Partial |
| Human CLI observability | ✓ | ✗ | ✗ | ✗ |
| Local-first | ✓ | ✓ | ✓ | ✗ (cloud) |
| MCP server | ✓ | ✗ — you build it | ✗ | ✗ |
Three scenarios — each with full code and setup instructions.
| Example | What it shows | |
|---|---|---|
| 🟢 | Personal Research Assistant | Single vault, single agent. Semantic RAG over PDF, MD, TXT, DOCX with source attribution. ~100 lines. |
| 🔴 | Multi-Agent Isolation | Two agents, two vaults. Each agent has no retrieval path to the other's vault — isolation enforced at the infrastructure layer, not through metadata filtering. ~200 lines. |
| 🔵 | Persistent Memory Agent | An agent that recalls context across sessions using semantic queries. "financial constraints" retrieves "cut cloud costs by 15%" written three days prior. |
| 🟡 | Composed Topology | Three agents, five vaults — private, shared between a subset, and public. A tiered support system where access boundaries reflect organizational boundaries. |
Requirements: Python 3.10+
pip install ctxvaultgit clone https://github.com/Filippo-Venturini/ctxvault
cd ctxvault
python -m venv .venv && source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -e .Both CLI and API follow the same workflow: create a vault → add documents → index → query. Choose CLI for manual use, API for programmatic integration.
# 1. Initialize a vault (run from your project root)
ctxvault init my-vault
# 2. Add your documents to the vault folder
# Default location: .ctxvault/vaults/my-vault/
# Drop your .txt, .md, .pdf or .docx files there
# 3. Index documents
ctxvault index my-vault
# 4. Query semantically
ctxvault query my-vault "transformer architecture"
# 5. List indexed documents
ctxvault docs my-vault
# 6. List all your vaults
ctxvault vaults
# For a machine-wide vault available everywhere
ctxvault init my-vault --globalGive your agent persistent semantic memory in minutes. Start the server:
uvicorn ctxvault.api.app:appThen write, store, and recall context across sessions:
import requests
from langchain_openai import ChatOpenAI
API = "http://127.0.0.1:8000/ctxvault"
# 1. Create a vault
requests.post(f"{API}/init", json={"vault_name": "agent-memory"})
# 2. Agent writes what it learns to memory
requests.post(f"{API}/write", json={
"vault_name": "agent-memory",
"filename": "session_monday.md",
"content": "Discussed Q2 budget: need to cut cloud costs by 15%. "
"Competitor pricing is 20% lower than ours."
})
# 3. Days later — query with completely different words
results = requests.post(f"{API}/query", json={
"vault_name": "agent-memory",
"query": "financial constraints from last week", # ← never mentioned in the doc
"top_k": 3
}).json()["results"]
# 4. Ground your LLM in retrieved memory
context = "\n".join(r["text"] for r in results)
answer = ChatOpenAI().invoke(f"Context:\n{context}\n\nQ: What are our cost targets?")
print(answer.content)
# → "You mentioned a 15% cloud cost reduction target, with competitor pricing 20% lower."Any LLM works — swap
ChatOpenAIfor Ollama, Anthropic, or any provider. Ready to go further? See the examples for full RAG pipelines and multi-agent architectures — or browse the API Reference and the interactive docs athttp://127.0.0.1:8000/docs.
Give any MCP-compatible AI client direct access to your vaults — no code required. The agent handles list_vaults, query, write, and list_docs autonomously.
Install:
uv tool install ctxvaultAdd to your mcp.json (Claude Desktop: %APPDATA%\Claude\claude_desktop_config.json — macOS: ~/Library/Application Support/Claude/claude_desktop_config.json):
{
"mcpServers": {
"ctxvault": {
"command": "ctxvault-mcp"
}
}
}Restart your client. The agent can now query your existing vaults, write new context, and list available knowledge — all locally, all under your control.
Restricted vaults: if you are integrating programmatically and need to access a restricted vault, pass the agent name at startup:
{
"mcpServers": {
"ctxvault": {
"command": "ctxvault-mcp",
"args": ["--agent", "my-agent"]
}
}
}The --agent argument is optional and only required for restricted vaults.
All commands require a vault name. Default vault location: ~/.ctxvault/vaults/<name>/
Initialize a new vault. Vaults are public by default — any agent can access them.
Pass --restricted to create a restricted vault, accessible only to explicitly
attached agents.
ctxvault init <name> [--path <path>] [--global] [--restricted]Arguments:
<name>- Vault name (required)--path <path>- Custom vault location (optional, default:~/.ctxvault/vaults/<name>)--global- Create a global vault in ~/.ctxvault, available from anywhere on the machine--restricted- Create vault as restricted (optional, default: public)
Example:
ctxvault init my-vault # local vault, pinned to current directory
ctxvault init my-vault --path ./databases # local vault, data under ./databases/vaults/my-vault
ctxvault init my-vault --global # global vault in ~/.ctxvault
ctxvault init my-vault --restrictedAttach an agent to a vault, granting it access. If the vault is public, attaching an agent automatically makes it restricted — only explicitly attached agents will be able to access it from that point on.
ctxvault attach <vault> <agent>Arguments:
<vault>- Vault name (required)<agent>- Agent name (required)
Example:
ctxvault attach my-vault my-agentRemove an agent's access from a restricted vault.
ctxvault detach <vault> <agent>Arguments:
<vault>- Vault name (required)<agent>- Agent name (required)
Example:
ctxvault detach my-vault my-agentMake a restricted vault public, removing all access restrictions and granting access to any agent.
ctxvault publish <vault>Arguments:
<vault>- Vault name (required)
Example:
ctxvault publish my-vaultIndex documents in vault.
ctxvault index <vault> [--path <path>]Arguments:
<vault>- Vault name (required)--path <path>- Specific file or directory to index (optional, default: entire vault)
Example:
ctxvault index my-vault
ctxvault index my-vault --path docs/papers/Perform semantic search.
ctxvault query <vault> <text>Arguments:
<vault>- Vault name (required)<text>- Search query (required)
Example:
ctxvault query my-vault "attention mechanisms"List all indexed documents in a vault.
ctxvault docs <vault>Arguments:
<vault>- Vault name (required)
Example:
ctxvault docs my-vaultFound 2 documents in 'my-vault'
1. paper.pdf
.pdf · 12 chunks
2. notes.md
.md · 3 chunks
Remove documents from a vault or delete the vault entirely.
ctxvault delete <vault> [--path <path>] [--purge]Arguments:
<vault>- Vault name (required)--path <path>- File or directory path to delete, relative to the vault root (optional, deletes all documents if omitted)--purge- Permanently delete the vault, all its documents and indexes (cannot be used together with--path)
Examples:
ctxvault delete my-vault # removes all documents and indexes
ctxvault delete my-vault --path paper.pdf # removes a specific document
ctxvault delete my-vault --purge # removes the vault entirelyRe-index documents in a vault.
ctxvault reindex <vault> [--path <path>]Arguments:
<vault>- Vault name (required)--path <path>- Specific file or directory to re-index (optional, default: entire vault)
Example:
ctxvault reindex my-vault
ctxvault reindex my-vault --path docs/List all vaults with their paths and access configuration.
ctxvault vaultsExample:
ctxvault vaultsFound 3 vaults (1 local, 2 global)
── local ──────────────────────────
> project-vault [PUBLIC]
path: /my-project/.ctxvault/vaults/project-vault
── global ─────────────────────────
> atlas-vault [RESTRICTED]
path: ~/.ctxvault/vaults/atlas-vault
allowed agents: atlas-agent
> research-vault [PUBLIC]
path: ~/.ctxvault/vaults/research-vault
Vault management:
- By default,
ctxvault initcreates a local vault pinned to the current directory — similar to howgit initworks. A.ctxvault/folder is created in the current directory containingconfig.jsonand the vault data. Commitconfig.jsonto make the setup portable and reproducible across machines. - Use
--pathto store vault data in a custom location. The.ctxvault/config folder always stays in the current directory regardless of--path. - Use
--globalfor machine-wide vaults stored in~/.ctxvault, accessible from anywhere without being tied to a project. - Config lookup: CtxVault searches for a local config from the current directory upward,
then falls back to
~/.ctxvault. This means you can run any command from anywhere inside a project and it will find your local vaults automatically. - Global vaults are always visible alongside local ones. If a local and global vault share the same name, the local one takes precedence.
Access control:
- Vaults are public by default — any agent can access them
init --restrictedorattachmake a vault restricted- Once restricted, only explicitly attached agents can access it
publishreverts a restricted vault to public- Access is enforced server-side on every request — not in application code
Base URL: http://127.0.0.1:8000/ctxvault
| Endpoint | Method | Description |
|---|---|---|
/index |
PUT | Index entire vault or specific path |
/query |
POST | Semantic search |
/write |
POST | Write and index new file |
/docs |
GET | List indexed documents |
/delete |
DELETE | Remove document from vault |
/reindex |
PUT | Re-index entire vault or specific path |
/vaults |
GET | List all initialized vaults |
Agent authorization:
Requests to /query, /write, /docs, /delete, and /reindex on a restricted
vault require the X-CtxVault-Agent header. The value must match an agent name
attached to that vault via ctxvault attach. Requests without the header, or with
an unrecognized agent name, return 403.
X-CtxVault-Agent: my-agentrequests.post("http://127.0.0.1:8000/ctxvault/query",
headers={"X-CtxVault-Agent": "my-agent"},
json={"vault_name": "my-vault", "query": "attention mechanisms", "top_k": 3}
)Requests to public vaults do not require the header. /init and /vaults never
require it.
Interactive documentation: Start the server and visit http://127.0.0.1:8000/docs
- CLI MVP
- FastAPI server
- Multi-vault support
- Agent write API
- MCP server support
- Access control
- File watcher / auto-sync
- Context pruning
- Configurable embedding models
Contributions welcome! Please check the issues for open tasks.
Development setup:
git clone https://github.com/Filippo-Venturini/ctxvault
cd ctxvault
python -m venv .venv && source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -e ".[dev]"
pytestIf you use CtxVault in your research or project, please cite:
@software{ctxvault2026,
author = {Filippo Venturini},
title = {CtxVault: Local Semantic Knowledge Vault for AI Agents},
year = {2026},
url = {https://github.com/Filippo-Venturini/ctxvault}
}MIT License - see LICENSE for details.
Built with ChromaDB, LangChain and FastAPI.