Shelvia

Build with reviewed project memory.

Shelvia exposes structured project memory through a REST API, a Streamable HTTP MCP endpoint, a TypeScript SDK, and signed webhooks. Every surface honors the same contract: humans approve what enters memory, tools retrieve what humans approved.

Request a workspace View the API

  • Project Memory REST API

    Read structured memory, generate context packs, create review candidates, and log continuations.

    Read more

  • Model Context Protocol

    Streamable HTTP MCP plus an in-process adapter for local tools. Same auth and review semantics as REST.

    Read more

  • TypeScript SDK

    Typed client for the REST, MCP, and OAuth surface. Writes always create review candidates, never trusted memory.

    Read more

  • Signed webhooks

    Signed outbound events on candidate creation, context pack generation, and handoff generation.

    Read more

  • OAuth 2.0 with PKCE

    Standards-based authorization-code flow with single-use codes, refresh rotation, and discovery metadata.

    Read more

  • Review-before-save

    Every API and MCP write enters the human review queue. Tokens never bypass approval. The contract holds across every surface.

    Read more
The trust contract

Agents propose. Humans approve. Shelvia remembers.

There is no override flag. There is no "trust this token" toggle. Every write through every surface, including REST, MCP, SDK, and connector sync, enters the review queue. A workspace member approves it or rejects it. Only then does it become trusted project memory. Browser Capture follows the same contract: every capture enters the review queue.

  • Workspace audience is mandatory on every token and every memory row. Cross-workspace retrieval is impossible by query construction.
  • No raw vectors or similarity scores are exposed in any response. Context packs surface human-readable match reasons instead.
  • Provenance travels with every response : workspace, token, project ids, and generation timestamp.
  • Connector secrets are never echoed through the API, MCP, SDK, or webhooks.
01 · REST API

Project Memory API

Read decisions, sources, prompts, next steps, open questions, constraints, memory health, and connector activity. Generate context packs and handoffs. Create review candidates. Search across reviewed memory. Four scopes: memory.read, memory.context, memory.candidates, and continuations.log.

HTTP · TypeScriptRead project context
// GET project context (read scope)
const res = await fetch(
  "https://shelvia.net/api/v1/project-memory/projects/$PROJECT_ID/context",
  { headers: { Authorization: `Bearer ${SHELVIA_TOKEN}` } }
);
const { ok, data, provenance } = await res.json();
// data.decisions, data.sources, data.prompts, data.next_steps,
// data.open_questions, data.constraints, data.connector_activity,
// data.memory_health
// provenance: { workspace_id, token_id, generated_at, api_version }
HTTP · TypeScriptHybrid keyword + semantic search
// Semantic search across reviewed memory
const res = await fetch(
  "https://shelvia.net/api/v1/project-memory/search",
  {
    method: "POST",
    headers: {
      Authorization: `Bearer ${SHELVIA_TOKEN}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      query: "What did we decide about the payment provider?",
      project_id: PROJECT_ID,
      mode: "hybrid", // keyword | semantic | hybrid
      limit: 10,
    }),
  }
);
HTTP · TypeScriptGenerate ranked context pack
// Generate a context pack ranked by semantic similarity
//   + structured priority + source-backed bonus + recency
const res = await fetch(
  "https://shelvia.net/api/v1/project-memory/projects/$PROJECT_ID/context-pack",
  {
    method: "POST",
    headers: {
      Authorization: `Bearer ${SHELVIA_TOKEN}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      purpose: "Continue the v2 launch checklist",
      target_tool: "claude",
      max_chars: 12000,
      semantic_ranking: true,
    }),
  }
);
// response.ranking.top_reasons surfaces human-readable match
// reasons, never raw similarity scores.
HTTP · TypeScriptCreate review candidate (write)
// Create a review candidate (write scope)
// Writes ALWAYS enter the review queue, never trusted memory.
const res = await fetch(
  "https://shelvia.net/api/v1/project-memory/projects/$PROJECT_ID/candidates",
  {
    method: "POST",
    headers: {
      Authorization: `Bearer ${SHELVIA_TOKEN}`,
      "Content-Type": "application/json",
      "Idempotency-Key": IDEMPOTENCY_KEY, // optional
    },
    body: JSON.stringify({
      type: "decision",
      title: "Use Paystack for African card payments",
      content: "Decision body...",
      source_url: "https://example.com/source",
    }),
  }
);
02 · MCP

Model Context Protocol: Streamable HTTP

The remote MCP endpoint honors Accept: text/event-stream for SSE-framed delivery, accepts plain JSON-RPC for backwards compatibility, and honors Mcp-Session-Id for session affinity. Every tool routes through the same service functions as the REST API, so a memory change propagates to both surfaces with no parallel logic.

HTTPStreamable HTTP MCP request
// Streamable HTTP MCP. Clients negotiate transport via Accept header.
// Same Bearer auth as the REST API; OAuth tokens accepted too.
POST https://shelvia.net/api/mcp
Authorization: Bearer $SHELVIA_TOKEN
Content-Type: application/json
Accept: text/event-stream   # SSE-framed, or omit for plain JSON-RPC

// Tools exposed (exact runtime names):
//   shelvia_search_project_memory
//   shelvia_get_project_context
//   shelvia_get_decisions / shelvia_get_sources / shelvia_get_prompts
//   shelvia_get_next_steps / shelvia_get_constraints
//   shelvia_get_memory_health
//   shelvia_generate_context_pack
//   shelvia_create_handoff
//   shelvia_create_memory_candidate   // review-gated
//   shelvia_log_continuation
//   shelvia_regenerate_project_summary
03 · SDK

TypeScript SDK

The @shelvia/sdk package wraps the public surface with TypeScript types, OpenAPI-backed responses, runnable examples, and explicit opt-in retry semantics. Reads are idempotent by default; write methods accept an idempotencyKey for safe retries. Install it from the public npm registry:

ShellPublic npm registry · @shelvia/sdk
npm install @shelvia/sdk
TypeScript@shelvia/sdk usage
// TypeScript SDK: wraps the public surface with types.
// Published on public npm: npm install @shelvia/sdk
import { ShelviaClient } from "@shelvia/sdk";

const shelvia = new ShelviaClient({
  apiKey: process.env.SHELVIA_TOKEN!,
});

// Reads
await shelvia.projects.list();
await shelvia.projects.getContext(projectId);
await shelvia.memory.search({ query, project_id, mode: "hybrid" });

// Generation
await shelvia.context.generatePack(projectId, {
  purpose: "Continue the v2 launch",
  target_tool: "claude",
  max_chars: 12000,
});
await shelvia.summaries.regenerate(projectId, {
  summary_type: "project_rolling",
});

// Writes (always create review candidates)
await shelvia.memory.createCandidate(projectId, {
  type: "decision",
  title: "...",
  content: "...",
});
04 · Webhooks

Signed outbound events

Subscribe to memory.candidate.created, context_pack.generated, and handoff.generated with signed delivery, delivery safeguards against private networks, and exponential retry backoff (1m → 5m → 30m → 3h → 12h → 24h). Admin test delivery is available from the workspace API settings.

TypeScriptVerify webhook signatures
// Webhook receivers verify the HMAC signature.
// Header: X-Shelvia-Signature-256: sha256=<hex>. Also: X-Shelvia-Timestamp.
// Configured in your workspace (Settings). No public management API yet.
import crypto from "node:crypto";

function verify(req, secret) {
  // Header X-Shelvia-Signature-256 is "sha256=<hex>"; HMAC-SHA256 over the raw body.
  const sig = req.headers["x-shelvia-signature-256"];
  const body = req.rawBody;  // raw bytes, BEFORE JSON parse
  const expected =
    "sha256=" + crypto.createHmac("sha256", secret).update(body).digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(sig), Buffer.from(expected)
  );
}

// Supported events:
//   memory.candidate.created
//   context_pack.generated
//   handoff.generated
05 · OAuth 2.0

Authorization for third-party clients

The authorization server runs the standard PKCE-required authorization-code flow with single-use codes, single-use refresh rotation, and revocation. Discovery metadata lives at the standard well-known paths. Access tokens are opaque (no JWT) and flow through the same auth chokepoint as workspace tokens, so scopes, audit logging, and rate limits are identical.

  • PKCE required for public clients. Plain code_challenge_method is rejected.
  • Single-use authorization codes. Replay revokes any tokens already issued from that code.
  • No dynamic client registration. Clients are admin-registered. Smaller surface, fewer enumeration paths.
  • No userinfo endpoint. Workspace audience travels in the token response, not as OpenID claims.
Where Shelvia fits

The memory layer inside your stack.

Shelvia is not a runtime. Agent execution lives in your stack. Shelvia is the project memory and context layer those runtimes call before they act. Browser Capture is a click-to-capture surface. Agent Compatibility prepares reviewed project memory and structured context packs that humans, tools, and agentic workflows can reuse safely. Agent, API, and MCP writes enter review before becoming trusted memory, without changing the contract.

Browser Capture

User-initiated capture from ChatGPT, Claude, Perplexity, Gemini, and NotebookLM. Every send is a user click; every capture lands in the review queue before it becomes trusted memory.

Agent Compatibility · developer preview

Recipes, candidate-write APIs, MCP tool exposure, SDK helper, and observability logging are available today. Full four-runtime manual attestation remains pending. Not a runtime. Not a scheduler. Read the preview concept.

Build with memory that survives the session.

Shelvia is invite-only during beta. Create a workspace, issue a scoped token, and start querying your project memory.

Request access Read the security model