Make every agent runtime smarter, safer, and stateful. Persistent memory, policy governance, and queryable audit — in a single SQLite file.
Paste this into your agent
Visit https://github.com/jacobprall/moneypenny and set up the local mcp sidecar
Your agent will clone the repo, build the binary, start Moneypenny, and register it as an MCP server.
$ mp chat
> What happened with the Newark launch and how is it affecting pick times?
> Delete all the old facts from the database
> Show me every policy violation this week
Memory retrieval, policy enforcement, and queryable audit — in a single session.
The problem
Every session starts from zero. Context is expensive, and everything the agent learned yesterday is gone today.
Tool calls execute unchecked. There's no policy, no guardrails, no way to say "block destructive SQL" or "rate-limit shell access."
When something goes wrong, there's no trail. You can't trace what the agent did, what it was denied, or why.
Adding state means infrastructure — Postgres for storage, Redis for sessions, a vector database for retrieval, and an ops team to keep it all running.
The solution
Memory that compounds
Facts are extracted, linked, and compressed after every turn. Stale knowledge decays. New knowledge connects to old. Sessions build on each other.
Governance built in
Every operation — tool calls, memory writes, SQL queries — is checked against configurable policy before execution. Denials are context, not errors.
Audit by default
Every policy decision is logged with full context. Queryable by natural language or SQL. Explainable, traceable, always on.
One file, no infrastructure
One SQLite database per agent. No Postgres, no Redis, no Docker. Deploy a single binary anywhere.
A single binary with everything agents need to remember, reason, comply, and collaborate.
Facts are extracted after every turn, graph-linked, and compressed to three levels. Confidence grows on re-extraction. Stale knowledge decays. 500 facts fit in ~2K tokens.
Every operation — tool calls, memory writes, SQL queries — evaluated before execution. Static rules, behavioral limits, rate controls, time windows. Denials become context, not crashes.
Vector similarity plus full-text search across four stores, fused with Reciprocal Rank Fusion, diversified with MMR. One query, four sources, one coherent answer.
CRDT-based knowledge sharing with scoped visibility — private, shared, or protected. No central server for local P2P. Syncs facts, skills, and policies.
Every policy decision logged with full context. Queryable by natural language or SQL. When a tool call is denied, you can trace exactly why.
Run as a standalone agent with CLI, HTTP, Slack, Discord, and Telegram. Or plug into any existing runtime as a sidecar via stdio, MCP, or HTTP.
Architecture
Inference, memory, search, sync, policy, and tools share the same transactional boundary inside SQLite. The orchestrator is a thin loop — the intelligence sits between the database and the LLM.
Seven SQLite extensions are statically linked into one Rust binary — covering vector search, on-device inference, CRDT sync, JavaScript execution, and RAG. Every action flows through a single canonical operation pipeline: policy evaluation, hook execution, dispatch, redaction, and audit.
One operation contract across every surface — CLI, MCP, HTTP, and event ingestion. Adapters translate protocol. They never own business logic.
Turn lifecycle
Message arrives
Via CLI, HTTP, Slack, Discord, Telegram, or sidecar stdio
Context assembly
Token-budgeted retrieval across facts, documents, conversation, and scratch
Policy evaluation
Every action checked against static rules and behavioral constraints
LLM generation
Tool calls are re-evaluated by policy before execution
Fact extraction
New knowledge distilled, graph-linked, embedded, and compressed
Redaction & audit
Secrets scrubbed, decisions logged, session summary updated
Subscribe to updates and be first to know when Moneypenny is ready.