The Governance UI for memorywire. A server-rendered Starlette + HTMX + Tailwind app that gives operators a human-in-the-loop view over memories produced by memorywire-conformant stores.
- Pending Approvals (
/) � every memory awaiting HITL review, with a structured diff against current state and approve/reject buttons. - Memory Health Dashboard (
/health-dashboard) � counts, staleness %, contradiction-pair drift, and type-coverage breakdown. - Audit Log (
/audit) � filterable + paginated view of every operation; exportable as JSON or CSV. - Co-memorize Bulk Review (
/co-memorize) � forget / merge candidates surfaced from heuristics, with a bulk-apply form. - Approval Patterns (
/patterns) � clusters of repeated approval decisions, with "auto-allow?" recommendations and one-click acceptance.
python -m memorywire_ui
Environment variables:
-
MEMORYWIRE_UI_DB_PATH� path to the sqlite-vec database (default:./memorywire-cli.db). -
MEMORYWIRE_UI_AGENT_ID� agent scope (default:default). -
MEMORYWIRE_UI_HOST� bind host (default:127.0.0.1). -
MEMORYWIRE_UI_PORT� bind port (default:8765). -
MEMORYWIRE_UI_TOKEN� optional bearer token. When set, every request must carryAuthorization: Bearer <token>or thememorywire_ui_session=<token>cookie. Required for any non-loopback bind: ifMEMORYWIRE_UI_HOSTis anything other than127.0.0.1/localhost/::1andMEMORYWIRE_UI_TOKENis empty, the process refuses to start (exit code 1) so an unauthenticated governance UI can't be accidentally exposed to the public internet. Generate one with:python -c "import secrets; print(secrets.token_urlsafe(32))" -
MEMORYWIRE_UI_ALLOW_UNAUTHENTICATED_PUBLIC� set to1to opt out of the public-bind safety check above. Use only when the UI sits behind another auth layer (e.g. a reverse proxy with mTLS, or a demo deployment that intentionally has no auth and is segregated to throwaway data). -
MEMORYWIRE_UI_CSRF_SECRET� base64-encoded HMAC secret (must decode to at least 16 raw bytes) used to sign CSRF tokens. When unset, a fresh random secret is generated per-process, which invalidates every browser session across restarts. Pin this in production so cookies survive restarts; rotating it logs everyone out (intentional). Generate one with:python -c "import secrets, base64; print(base64.b64encode(secrets.token_bytes(32)).decode())"Then export it before launching the UI:
export MEMORYWIRE_UI_CSRF_SECRET=<that-value>If the variable is set but not valid base64, or decodes to fewer than 16 bytes, the process exits with a clear error rather than silently falling back to weak randomness.
The UI reads the same SQLite file the SqliteVecStore adapter writes to �
integration is via the shared file, not a network call.
Functional Source License 1.1, Apache-2.0 Future License (FSL-1.1-ALv2).
Source-available, with an automatic relicensing to Apache-2.0 two years after
each release. See LICENSE for the full text.