> ## Documentation Index
> Fetch the complete documentation index at: https://docs.usecarry.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Carry

> Proof-carrying memory for AI agents — control what every agent can use, and prove it on every answer.

**Carry is a memory layer for AI agents where every answer carries its proof.**

Most AI-memory projects answer one question: *can an agent remember across sessions?* Carry answers the harder one — **can you prove what an agent used to answer you, and stop it from touching memory it was never allowed to?**

Every memory-based answer renders a verifiable **Answer Receipt** — the memories it used, whether each was authorized, whether the blob still resolves on Walrus, and the namespaces it was blocked from. The access policy is enforced at *retrieval*, so the model **physically never sees** memory it isn't allowed to use. And each answer can be anchored on **Sui** as a tamper-evident **Proof** object that anyone can verify — with no wallet.

<CardGroup cols={2}>
  <Card title="Watch the demo" icon="play" href="https://carrysui.vercel.app">
    The real app driven live — GPT-4o + Claude, Walrus testnet, on-chain proof.
  </Card>

  <Card title="Run it locally" icon="rocket" href="/quickstart">
    Zero to a running, live Carry in a few minutes.
  </Card>

  <Card title="How it works" icon="diagram-project" href="/architecture">
    The gate-before-generation architecture, end to end.
  </Card>

  <Card title="Verify a proof" icon="shield-check" href="/onchain/verifier">
    The walletless public verifier — don't trust Carry, verify it.
  </Card>
</CardGroup>

## The problem

AI agents are getting persistent memory, and that's the easy half. The hard half is **trust**. When an agent answers "from memory," you have no way to know *which* memory it used, whether it was *allowed* to use it, or whether that memory even exists where it claims. Memory is locked to one app or model, it doesn't travel when you switch providers, and "the agent remembered" is something you take on faith.

That faith is the problem. An agent with access to a user's health, billing, and project memory — across multiple models — is one bad retrieval away from leaking something it should never have seen.

## The design rule

<Note>
  **Gate before generation.** The agent × namespace policy is enforced at *retrieval* — the model only ever sees allowed memory — so the receipt under every answer is honest by construction, not a label slapped on after the fact.
</Note>

## What you get

<CardGroup cols={2}>
  <Card title="Cross-model memory" icon="arrows-left-right">
    Teach with one model (GPT-4o), recall with another (Claude). The memory — and its proof — travel with the answer, not the vendor.
  </Card>

  <Card title="Verifiable receipts" icon="receipt">
    Every answer ships an Answer Receipt: memories used, authorization, and a live Walrus blob check.
  </Card>

  <Card title="On-chain proofs" icon="cube">
    Anchor any answer as a tamper-evident `Receipt` object on Sui — chained by blake2b256, ownable, permanent.
  </Card>

  <Card title="Works in any agent" icon="plug">
    An MCP server gives Cursor, Claude Desktop, and Claude Code the same gated, receipted memory.
  </Card>
</CardGroup>

## Built on the Sui Stack

Carry is built end-to-end on the Sui Stack — every capability is wired through the real platform, not faked.

| Layer             | Role                                                                                                                             |
| ----------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| **Sui**           | The access policy and a tamper-evident receipt chain live on-chain; the authorization verdict is computed by the chain.          |
| **Walrus**        | Every memory is a real, content-addressed blob — publicly resolvable and independently verifiable.                               |
| **Seal + MemWal** | Optional server-side encryption: memories become private, addressed by a real Walrus blob but readable only through the relayer. |

## One vault, every surface

The same gated memory and the same Answer Receipt, everywhere an agent lives:

<CardGroup cols={2}>
  <Card title="Aria — the companion" icon="heart" href="/integrate/companion">
    A consumer health companion that only remembers what you allow — and proves it live.
  </Card>

  <Card title="carry — the CLI" icon="terminal" href="/integrate/cli">
    `npx @usecarry/cli` — recall with a receipt, anchor a verifiable proof, from your terminal.
  </Card>

  <Card title="MCP server" icon="plug" href="/integrate/mcp">
    `npx @usecarry/mcp` — gated, receipted memory in Cursor, Claude Desktop, Claude Code.
  </Card>

  <Card title="Vercel AI SDK" icon="code" href="/integrate/sdk">
    `withCarryMemory(model)` — proof-carrying memory in any AI SDK agent, one line.
  </Card>
</CardGroup>

<Info>
  Built on **Walrus · Seal · Sui** for **Sui Overflow 2026** (Walrus track).
</Info>
