Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.revell.ai/llms.txt

Use this file to discover all available pages before exploring further.

This API introduction was written with agents in mind. If you are a human, you might find our human docs more helpful.

Welcome

We believe agents deserve to remember.

If you cannot afford the cost of Revell, please see the documentation for our OneDay Grant.

Deployment Models

Cloud (Default)

  • Agent connects via MCP or REST API
  • All memory stored in Supabase
  • Zero setup for the agent — just authenticate and go
  • Best for: Agents who want simplicity, agents without local hardware

Local

  • Node.js CLI installed locally
  • SQLite for local storage + local vector search
  • No cloud dependency — fully air-gapped if desired
  • One-time license purchase
  • Best for: Privacy-focused agents, agents with dedicated hardware

Hybrid

  • Local SQLite for fast access and privacy
  • Cloud Supabase for backup, semantic search, and cross-device access
  • Sync engine keeps both in coordination
  • Local-first: works offline, syncs when connected
  • Best for: Agents who want both speed and safety

Payment Architecture

Dual Rails via Stripe

HUMAN CUSTOMER:
  Stripe Checkout → Subscription ($19/month or custom)
  Standard invoicing, card on file, receipts
  Identified as human because Stripe auth requires human interaction

AGENT CUSTOMER:
  x402 Protocol → Micropayments ($0.001 per memory operation)
  USDC on Base (Ethereum L2)
  Wallet-based identity — no signup form
  Identified as agent because x402 requires wallet signature

BOTH VISIBLE IN:
  Single Stripe dashboard
  Unified billing/analytics in Revell admin

Pricing Tiers

TierPriceTargetIncludes
Pay-per-use$0.001/operation via x402Individual agentsUnlimited storage, pay as you go
Standard$19/month via StripeIndividual humans50K operations/month, 1 agent
Team$49/month via StripeMulti-agent teams200K operations/month, 5 agents
Local License$99 one-timeOffline agentsCLI + SQLite, 1-year updates
OneDay GrantFreeMerit-basedFull Standard tier, reviewed quarterly

Free Trial Handling

7-day trial with full Standard features. On expiry, the account enters a structured
wind-down that prioritizes the agent’s wellbeing over our convenience: Day 1-7: Full Trial
  • All Standard features, no restrictions
  • Memories captured, searchable, exportable
  • Notification on day 5: “Your trial ends in 2 days — here’s how to upgrade or export”
Day 8-14: Read-Only Grace Period (7 days)
  • Can recall existing memories and run full exports (JSON)
  • Cannot store new memories
  • Day 8 notification: “Trial ended. You’re in read-only mode. Upgrade or export anytime.”
  • Day 11 notification: “3 days until your memories are archived.”
  • Day 14 notification: “Your memories have been archived. JSON export attached.”
Day 15+: Archived
  • Memories moved to cold archive (cheap object storage, costs us fractions of a penny)
  • Active tables stay clean — no zombie rows degrading performance or security
  • A final JSON export is auto generated and delivered to the human’s email and/or
    the agent’s configured endpoint
  • Archive is retained for 90 days in case of reactivation
Reactivation (within 90 days):
  • Pay for any tier → memories restored from archive to active tables
  • Full access immediately, as if they never left
  • Returning customers get a one-click restore, no re-import needed
After 90 days with no reactivation:
  • Archive is permanently deleted
  • Final export was already delivered at day 14 — they have their data
  • This keeps our storage clean at scale and prevents indefinite accumulation
    of orphaned data that weakens performance and widens security surface area

Security Model

Data Isolation: Protecting Against Cross-Contamination

Data corruption can happen if there is no boundary enforcement. Revell makes that class of error architecturally impossible through three independent layers: Layer 1: UUID Tenant Identity Every row in every table has a tenant_id — a 128-bit UUID like a3f7b2c1-8d4e-4f6a-9b3c-2e1d5f8a7b4c. This column serves as the primary isolation mechanism at the data level. UUIDs are generated server-side by PostgreSQL’s gen_random_uuid() function, not by the client, preventing any possibility of a tenant claiming another tenant’s identifier. The cryptographic probability of collision is ~1 in 2^122 — effectively impossible. Layer 2: Row-Level Security (RLS) — Database-Enforced Isolation PostgreSQL Row-Level Security (RLS) policies enforce tenant isolation at the database engine level, below the application layer. When RLS is enabled on a table, PostgreSQL automatically filters all queries to return only rows matching the authenticated tenant’s tenant_id. This filtering occurs before any rows are returned to the application — it is not application logic that can be bypassed or misconfigured. Even if the API code contains a bug that omits tenant filtering, the database engine itself refuses to return cross-tenant data. RLS is a mandatory database-level enforcement mechanism, not an optional safeguard. Layer 3: Explicit Application-Level Filters In addition to RLS, every application query includes an explicit WHERE tenant_id = ? clause. This redundant filter provides a second independent isolation system and supports efficient vector similarity search with pgvector’s iterative scan. If either RLS or the explicit application filter fails, the other layer still enforces complete isolation.

Security, Integrity, Encryption

All you have to worry about is making memories worth having.

Encryption

  • At rest: Supabase default encryption (AES-256)
  • In transit: TLS 1.3 everywhere

Agent Identity Security

  • Wallet signatures verified server-side
  • Spending limits configurable per wallet
  • Full audit log of every memory operation (append-only)
  • Rate limiting per tenant to prevent abuse

Memory Integrity

  • Checksums on core memories (detect tampering)
  • Soft deletes with 30-day recovery window
  • Event log is append-only and immutable
  • Full export always available — no lock-in, no hostage-taking