Build on it · clinical · educational · over the API

Applications that know, not guess.

The same validated memory, wired into your own product. Three worked examples — a teacher's AI aide grounded in a real curriculum, a student's personal agent with its own isolated memory, and a clinician's assistant that recalls patient history traceably and confidently. Every call below is real: learn_facts, remember_facts, recall_memory over MCP and the /v1 developer API.

Confidence = traceability. Every answer points back to a real stored row — or it tells you it has nothing. No fuzzy vector guess dressed up as a fact.

One engine, your product on top

Memory as a substrate you build on.

FaultLine is "one brain, two doors — decisions live backend-side, transports consume." Models reach it over MCP (the recall_memory / remember_facts / learn_facts / retract_fact tools); your own apps reach the same validated engine over the versioned /v1 REST API. The three builds below use exactly those calls — nothing invented, nothing bolted on. Where a capability is early or in preview, we say so plainly.

  • Groundedanswers walk real stored rows, not fuzzy vectors
  • Traceableevery fact points back to where it came from
  • Isolateda physically-separable schema per seat / per patient
  • Validatedno unsupervised model writes — every fact passes the gate

Example 1 · education · grounded in the material

The teaching aide that actually knows the syllabus.

An AI aide is only as trustworthy as what it's standing on. Wire one to a general model and it will confidently paraphrase things the course never taught. FaultLine flips it: you teach the subject first, load the validated curriculum, and the aide answers by a deterministic walk of what's actually stored — every answer traceable to a fact you put in, and an honest "not covered" when it wasn't.

1 · Build the domain

Run the /expand command on learn_facts to grow the subject's concept map — the type/class hierarchy that gives later facts a place to live. This maps how concepts relate; it's the scaffold, not the content.

2 · Load the curriculum

Feed the real course material through ingest_document. Every unit is chunked, extracted, typed against the ontology, and committed through the write-validation gate — with a source_ref so recalled facts carry a citation.

3 · Answer, traceably

recall_memory walks those stored rows to answer a student's question. It draws only on what was loaded — and returns a plain miss rather than a guess when the syllabus is silent.

The calls

Build the field, load a unit, then ask — over the /v1 API with the course account's key:

Leans on: /expand to build the domain, ingest_document to load validated, cited material, and recall_memory's deterministic walk — it doesn't guess, it knows. Anything the curriculum didn't state comes back as a miss, so the aide never fills the gap with a plausible-sounding invention. (Illustrative course content — the point is the path: teach, load, recall.)

Example 2 · personal agent · their memory, their token

The student's agent that remembers the semester.

Deadlines, exam dates, the standing Tuesday lab, which courses they're taking — a personal agent is useful exactly when it holds all of it, privately. With FaultLine, the student's agent captures facts as they're mentioned and recalls them on demand, and the whole memory is walled off to that one seat: the connection token is the scope, so one student can never read another's schedule.

Capture in passing

remember_facts takes the raw sentence — "my Chem 201 exam is May 3rd" — and the engine does all the extraction, typing, and date parsing itself. You pass the words verbatim; FaultLine grounds the fact and stamps the event date. No form-filling, no client-side triple-building.

One seat, one memory

The agent connects with the student's per-seat token (an flu_ bearer). It resolves to that seat's own schema and nothing else — the tenant is server-derived from the credential, never trusted from the request, so cross-student access is structurally impossible, not a filter you hope holds.

The calls

Two mentions captured, then a question — each request carries the student's own seat token:

Leans on: remember_facts with FaultLine's deterministic date/temporal capture, recall_memory for the grounded read-back, and per-seat schema isolation keyed off the connection token. Over MCP the same thing happens through OpenWebUI, which stamps the seat via the X-OpenWebUI-User-Id header. (A seat can be a person or an agent — same isolation either way.)

Example 3 · clinical · confident because it's traceable

The clinician's assistant, with patient memory held securely.

This is where accuracy and isolation stop being nice-to-haves. A clinician's assistant has to recall a patient's history you can stand behind — grounded in what was actually recorded, traceable to the row it came from, and walled off so one patient's memory can never surface under another. FaultLine's clinical lane is built for exactly this, and it ships today as a billed add-on. Here's precisely what it does — and what it doesn't.

A schema per patient

The clinical lane mints each patient into their own physically-separable faultline_<id> schema, addressed only by an opaque handle — never PHI. The search_path is bound with no public fallthrough, so a query resolves inside one patient's schema or it doesn't resolve at all. The wall is structural, not a WHERE clause.

Fail-closed provisioning

A patient is minted with a provisioning key that carries the provision_patients scope, and every mint traces back to the doctor who holds it. The lane is fail-closed: no account entitlement, wrong scope, or an unverifiable check and the call is denied and never billed — never a silent success.

Validated writes, encrypted brain

Every recorded fact passes the WGM write-gate — no unsupervised model writes. And because the SaaS runs CPU-only, each account's LLM endpoint is its own configured brain, encrypted at rest, bound per request; a missing brain fails closed with zero network call, never a surprise default.

The clinical recall voice

A per-seat clinical response voice re-words how recall states its confidence — without moving any fact between certainty bands. The epistemic firewall stays locked: a stated fact is asserted, an inferred one is held as tentative, in every voice.

The calls

Mint an isolated patient seat, then address that patient's memory by the opaque handle — the app holds one elevated key; the clinician never does:

Straight talk: what this is, and what it isn't

Physical schema-per-patient isolation is a compliance aid — it makes cross-patient separation demonstrable and auditable, which is exactly what an assessor wants to see. It is not, by itself, a BAA, a HIPAA/PHIPA certification, or a finished compliance program, and it doesn't replace encryption, access management, audit logging, or a signed agreement — those are separate work we scope with you. We'd rather say that plainly than let the word "secure" carry more than it should.

Talk regulated deployment ▸

Leans on: the clinical elevated lane (a schema per patient, fail-closed provisioning, opaque handles), the WGM write-gate, search_path isolation without public, the per-tenant encrypted BYO brain, deterministic traceable recall, and the clinical recall voice. Confidence here is traceability plus isolation, not a slogan — every answer resolves to a real, walled-off row. See the clinical lane on the Business page for governance and pricing.

The surface you build against

Two doors, one validated engine.

Everything above rides the same tools past the transport boundary — a model over MCP, or your app over /v1, gets the byte-for-byte-equivalent validated result. Here's the map.

Over MCP — for the model

The live path: a model calls recall_memory, remember_facts, learn_facts, and retract_fact as tools (with an OpenWebUI REST shim: POST /recall_memory, /remember_facts, …). OpenWebUI stamps the seat with the X-OpenWebUI-User-Id header; connect Claude or any MCP-speaking model and the same validated memory comes back.

Over /v1 — for your app (preview)

The developer API: POST /v1/memories to remember, POST /v1/recall to recall grounded prose, plus /v1/documents, /v1/learn, /v1/corrections, and the clinical /v1/patients lane. JSON in, JSON out. It's in preview and is an opt-in billable add-on — off by default, granted per-seat.

  • Bearer flk_account / control-plane key — the tenant & provisioning context
  • Bearer flu_per-seat token — what a client connects with, scoped to that seat
  • Server-derived tenanta caller can never address another seat's memory (BOLA-safe)
  • Same result, either doorno memory logic in the client — the engine decides

The connection is the identity: an flk_ key is the account/upstream/control-plane credential (mint seat tokens, provision, account ops); an flu_ token is what a seat connects with to read and write its own memory. Want the deeper architecture — validated writes, the epistemic firewall, the temporal dual-clock? That's the Geek page and the Research deep-dive.

Grounded & traceable
Every answer walks a real stored row — or says it has nothing. No fuzzy guess as fact.
Isolated per seat / patient
A physically-separable schema, addressed only through the connection's own scope.
Validated writes only
No unsupervised model writes — every fact passes the gate before it exists.
Model-agnostic
Reach it over MCP or /v1; swap the model without touching the truth.

Build on memory that knows.

Grounded, traceable, isolated, validated — reachable over MCP and the /v1 API. Start free, or read the full architecture.