Configuration

MemproofConfig is a Pydantic BaseModel that holds all configuration for a Memproof instance. You can construct it directly, pass individual keyword arguments to the Memproof constructor, or load defaults from environment variables using load_config().

from memproof import MemproofConfig, load_config

MemproofConfig

class MemproofConfig(BaseModel):
    policy_path: str = "memproof.yaml"
    adapter: str = "in_memory"
    attesta_enabled: bool = False
    attesta_url: str = ""
    attesta_token: str = ""
    trail_store: str = "memory"
    trail_store_path: str | None = None
    trail_signing_key: str | None = None
    langgraph_url: str = ""
    langgraph_api_key: str = ""
    openai_api_key: str = ""
    openai_organization: str = ""
    mcp_server_url: str = ""

Fields

Core

policy_path

str

default:"\"memproof.yaml\""

Path to the Memproof policy YAML file. This file defines the rules, risk thresholds, and actions that govern memory operations. The path is resolved relative to the current working directory unless an absolute path is provided.

adapter

str

default:"\"in_memory\""

Which memory adapter backend to use. This determines where memories are physically stored.Supported values:

Value	Backend
`"in_memory"`	Ephemeral dictionary-backed store. Data is lost when the process exits. Suitable for testing and development.
`"langgraph"`	LangGraph checkpoint API. Requires `langgraph_url` to be set.
`"openai_sessions"`	OpenAI Sessions API. Requires `openai_api_key` to be set.
`"mcp"`	MCP memory server. Requires `mcp_server_url` to be set.

Attesta Approval Service

These fields configure the external Attesta approval service, which handles human-in-the-loop approval workflows when the policy engine returns a require_approval decision.

attesta_enabled

bool

default:"False"

Enable integration with the Attesta approval service. When False, approval requests are handled by the local ApprovalBroker without an external service.

attesta_url

str

default:"\"\""

Base URL of the Attesta approval service (e.g., "https://attesta.example.com/api/v1"). Only used when attesta_enabled=True.

attesta_token

str

default:"\"\""

Bearer token for authenticating requests to the Attesta service. Only used when attesta_enabled=True.

Trailproof Audit Trail

These fields configure the Trailproof-powered audit trail that records every step of every memory operation for auditing and compliance. Trailproof provides SHA-256 hash chains, HMAC signing, and tamper detection.

trail_store

str

default:"\"memory\""

Trailproof audit trail storage backend.

Value	Backend
`"memory"`	In-memory store. Events are lost on process exit. Suitable for testing.
`"jsonl"`	JSONL file-backed persistent store. Events are appended to a JSON Lines file on disk.

trail_store_path

str | None

default:"None"

File path for the JSONL trail store. Required when trail_store="jsonl". The file is created automatically if it does not exist.

trail_signing_key

str | None

default:"None"

HMAC-SHA256 secret key for signing trail events. When provided, each event in the audit trail includes a cryptographic signature that can be verified later to detect tampering. This should be a strong, random secret kept outside of version control.

Adapter Backends

These fields provide connection details for the supported adapter backends. Only the fields relevant to the selected adapter value need to be configured.

langgraph_url

str

default:"\"\""

Base URL for the LangGraph checkpoint API (e.g., "https://langgraph.example.com"). Required when adapter="langgraph".

langgraph_api_key

str

default:"\"\""

API key for authenticating with the LangGraph checkpoint API. Used when adapter="langgraph".

openai_api_key

str

default:"\"\""

OpenAI API key. Required when adapter="openai_sessions".

openai_organization

str

default:"\"\""

OpenAI organization ID. Optional, used when adapter="openai_sessions" to scope requests to a specific organization.

mcp_server_url

str

default:"\"\""

URL of the MCP memory server (e.g., "http://localhost:8200"). Required when adapter="mcp".

Constructing a Config

Direct Construction

from memproof import MemproofConfig

config = MemproofConfig(
    policy_path="./policies/production.yaml",
    adapter="langgraph",
    langgraph_url="https://langgraph.example.com",
    langgraph_api_key="lg-key-abc123",
    trail_store="jsonl",
    trail_store_path="/var/lib/memproof/audit.jsonl",
    trail_signing_key="hmac-secret-key",
    attesta_enabled=True,
    attesta_url="https://attesta.example.com/api/v1",
    attesta_token="att-token-xyz",
)

Passing to Memproof

from memproof import Memproof, MemproofConfig

config = MemproofConfig(
    policy_path="./memproof.yaml",
    adapter="mcp",
    mcp_server_url="http://localhost:8200",
)

mp = Memproof(config=config)

Using Convenience kwargs

If you do not need a separate config object, pass the fields directly to the Memproof constructor:

from memproof import Memproof

mp = Memproof(
    policy="./memproof.yaml",
    adapter="openai_sessions",
    openai_api_key="sk-...",
    trail_store="jsonl",
    trail_store_path="./audit.jsonl",
)

load_config()

Load a MemproofConfig from environment variables with sensible defaults. Every field maps to an environment variable with the MEMPROOF_ prefix.

def load_config() -> MemproofConfig

return

MemproofConfig

A fully populated configuration object.

Environment Variable Mapping

Field	Environment Variable	Default
`policy_path`	`MEMPROOF_POLICY_PATH`	`"memproof.yaml"`
`adapter`	`MEMPROOF_ADAPTER`	`"in_memory"`
`attesta_enabled`	`MEMPROOF_ATTESTA_ENABLED`	`"false"`
`attesta_url`	`MEMPROOF_ATTESTA_URL`	`""`
`attesta_token`	`MEMPROOF_ATTESTA_TOKEN`	`""`
`trail_store`	`MEMPROOF_TRAIL_STORE`	`"memory"`
`trail_store_path`	`MEMPROOF_TRAIL_STORE_PATH`	`None`
`trail_signing_key`	`MEMPROOF_TRAIL_SIGNING_KEY`	`None`
`langgraph_url`	`MEMPROOF_LANGGRAPH_URL`	`""`
`langgraph_api_key`	`MEMPROOF_LANGGRAPH_API_KEY`	`""`
`openai_api_key`	`MEMPROOF_OPENAI_API_KEY`	`""`
`openai_organization`	`MEMPROOF_OPENAI_ORGANIZATION`	`""`
`mcp_server_url`	`MEMPROOF_MCP_SERVER_URL`	`""`

Boolean fields accept "true" or "false" (case-insensitive). Numeric fields are parsed as floats.

Example

export MEMPROOF_POLICY_PATH="./policies/production.yaml"
export MEMPROOF_ADAPTER="langgraph"
export MEMPROOF_LANGGRAPH_URL="https://langgraph.example.com"
export MEMPROOF_LANGGRAPH_API_KEY="lg-key-abc123"
export MEMPROOF_TRAIL_STORE="jsonl"
export MEMPROOF_TRAIL_STORE_PATH="/var/lib/memproof/audit.jsonl"
export MEMPROOF_TRAIL_SIGNING_KEY="hmac-secret-key"

from memproof import Memproof, load_config

config = load_config()
mp = Memproof(config=config)

Configuration Precedence

When constructing a Memproof instance, configuration is resolved in the following order:

Explicit config parameter — If a MemproofConfig is passed to the constructor, it is used directly. All keyword arguments (except policy_schema_path) are ignored.
Constructor keyword arguments — If no config is passed, a MemproofConfig is built from the keyword arguments with their defaults.
load_config() — Reads from environment variables. You must call it explicitly and pass the result as the config parameter.

# Option 1: Explicit config object (highest control)
config = MemproofConfig(adapter="langgraph", langgraph_url="...")
mp = Memproof(config=config)

# Option 2: Keyword arguments (convenience)
mp = Memproof(adapter="langgraph", langgraph_url="...")

# Option 3: Environment variables
config = load_config()
mp = Memproof(config=config)

API Reference

​Configuration

​MemproofConfig

​Fields

​Core

​Attesta Approval Service

​Trailproof Audit Trail

​Adapter Backends

​Constructing a Config

​Direct Construction

​Passing to Memproof

​Using Convenience kwargs

​load_config()

​Environment Variable Mapping

​Example

​Configuration Precedence

Configuration

MemproofConfig

Fields

Core

Attesta Approval Service

Trailproof Audit Trail

Adapter Backends

Constructing a Config

Direct Construction

Passing to Memproof

Using Convenience kwargs

load_config()

Environment Variable Mapping

Example

Configuration Precedence