Skip to main content
By default, Carry stores memories as public Walrus blobs (maximizing verifiability). For private memory, Carry integrates Seal encryption through MemWal — without hand-rolling any crypto.

What MemWal mode changes

Default mode

Memories are public Walrus blobs. Anyone can resolve them — strongest public verifiability.

MemWal mode

Memories are Seal-encrypted server-side before they land on Walrus — addressed by a real blob, readable only through the relayer with the delegate key.

How it’s wired

In MemWal mode, captures route through the MemWal SDK instead of the direct Walrus client:
The MemWal relayer does the Seal encryption, embedding, and Walrus storage server-side, so memories become private — addressed by a real Walrus blob but readable only through the relayer with the delegate key. remember(text, namespace) returns a background job; Carry waits for it and stores the returned blob id.

Enable it

MEMWAL_PRIVATE_KEY is a real secret — keep it in .env.local (gitignored) and never commit it.

Proofs still work

Anchored receipts are always stored as their own (public) Walrus blob regardless of memory mode, so the public verifier works whether or not memories themselves are encrypted. MemWal mode changes how the underlying memory is stored; it doesn’t weaken the proof of what the agent used.
The full remember → blob_id → recall round-trip is validated live against the MemWal relayer in apps/web/scripts/memwal-smoke.mjs.