Why we built Sgraal
AI agents act on memory. We thought someone should decide if that memory is safe to act on.
An AI agent in 2026 has memory. It remembers what the user said last week, what an upstream tool returned, what another agent told it about a customer. Then it acts.
The agent doesn’t usually pause to ask whether those memories are still true, still in scope, still safe to use right now. A stale user preference triggers an unwanted email. A clinical AI references a contraindicated medication note from a different patient. A trading agent acts on market context that was reasonable thirty minutes ago but no longer is. The memory wasn’t fabricated — it was just used at the wrong moment.
Memory governance is the missing layer.
The gap
The AI agent stack has matured fast. Storage is solved — there are excellent memory libraries that handle vector search, episodic storage, summarisation, and cross-session continuity. Observability is solved — there are platforms that tell you what an agent did, which prompts hit which tools, where latency spiked.
What’s not solved: the verdict layer. Before an agent acts on a memory entry, something needs to answer one question — is this safe to act on right now? Not “is this in the database?” Not “was this stored with high confidence?” But: given this decision, in this context, at this moment — should this memory be used?
That’s a different question from storage, and a different question from observability. It’s a governance question. It needs an answer in milliseconds, before the agent commits the action, in a form the agent can branch on.
In 2026 this gap matters more than it did in 2024. AI agents are leaving prototype phase and landing in regulated production: clinical workflows under HIPAA and GDPR, financial execution under regulator scrutiny, government deployments with audit obligations. The cost of getting memory wrong stopped being an awkward UX bug and started being a regulatory finding, a clinical incident, a trading loss.
What Sgraal is
Sgraal is a verdict API for AI agent memory. Every memory access can be passed to a single endpoint — POST /v1/check — and Sgraal returns one of four decisions: USE_MEMORY, WARN, ASK_USER, or BLOCK. The decision arrives in under fifteen milliseconds — fast because /v1/check skips the audit-log write, W3C credential, and webhook dispatch that the metered /v1/preflight path performs; the scoring engine behind both is identical. Fast enough to sit on the agent’s execution path, slow enough to actually evaluate the question.
The verdict is computed by a scoring engine that looks at memory provenance (where did this fact come from, what’s its chain of trust?), staleness (when was this last validated against ground truth?), evidence independence (are three “confirmations” actually three independent confirmations, or is one source echoing itself?), and a dozen other dimensions calibrated for production AI deployment. The full component list is documented at /docs.
For deployments that need more than just a verdict, Sgraal issues two optional artifacts:
- MVMem Certificate (
POST /v1/certify/mvmem) — a W3C Verifiable Credential proving the agent operated with the minimum viable memory set for the given decision. This is the GDPR Article 5(1)(c) data-minimisation proof a DPO can hand to an auditor. - Convergence Proof PDF (
POST /v1/proofs/convergence) — a multi-page FDA-style document illustrating the agent’s memory stability under healing actions with a Lyapunov stability analysis of the assumed worst-case decay model (a demonstration of the model, not an empirical guarantee about a specific run).
Sgraal follows an open-core model. The SDK clients, Edge mode, and Mem0/Zep drop-in proxy are Apache 2.0 — drop them into your codebase, contribute improvements, run them offline. The scoring engine itself runs hosted at api.sgraal.com, with continuous calibration improvements shipping without requiring SDK updates. See /open-source for the full breakdown of what’s open and what’s hosted.
Five lines, no signup
The friction to try Sgraal is intentionally low. Here’s the entire integration in Python:
# pip install sgraal from sgraal import Sgraal client = Sgraal(api_key="sg_demo_playground") verdict = client.check(agent_id="my-agent", memory_state=[{"text": "user prefers email"}]) print(verdict.decision) # USE_MEMORY / WARN / ASK_USER / BLOCK
Five lines. The demo key sg_demo_playground works against the live API immediately — no signup required to verify Sgraal does what we say it does. Node.js and cURL versions live at /docs/quickstart.
Why now
AI agents in 2026 are crossing a threshold. The same systems that ran demos in 2024 are now writing patient communications, executing trades, drafting legal documents, and orchestrating multi-step workflows in regulated industries. The cost of a wrong action is no longer “the user laughs and re-prompts.” It’s a DPO sign-off blocked for three weeks, a clinical incident review, a regulator inquiry, a customer-data exfiltration disclosure.
The infrastructure to build memory-aware compliance and safety used to be a three-to-six-week custom engineering effort per agent. Every deployment built its own provenance tracker, its own audit-log writer, its own verdict logic. The verdict logic ended up wrong in subtle ways because the engineers writing it weren’t memory-governance specialists — they were product engineers who needed it shipped by next quarter.
Sgraal exists to be that infrastructure. So that you can build your agent. So that compliance can be a two-day audit instead of a three-week sign-off. So that the trade-off between speed and safety stops being one.
In the next post in this series, we’ll show how MVMem certificates actually make GDPR Article 5(1)(c) a two-day audit. In the third, how Lyapunov stability analyses become FDA-ready submission artifacts.
Next steps