Memfog Docs

Get from sign-up to your first auto-captured Claude Code session in 60 seconds.

Quickstart

1. Create an account at dashboard.memfog.com. Email + password. We'll send you a verification link.
2. Verify your email by clicking the link. (Check spam if it's been a couple of minutes.)
3. Sign in at dashboard.memfog.com/sign-in. You'll see an empty events feed and your API token.
4. Connect Claude Code with one command (next section).

Connect Claude Code

Memfog installs as a set of small Node.js hook scripts in ~/.claude/hooks/. Every prompt, tool use, subagent boundary, and session boundary in Claude Code POSTs a HookEvent to https://app.memfog.com/ingest with your bearer token. Zero npm dependencies beyond Node ≥ 20.

npx -y memfog@latest connect claude-code --token <YOUR_API_TOKEN>

That's it. Drops twelve hooks under ~/.claude/settings.json, writes ~/.memfog/auth.json (chmod 600 on POSIX). Re-running is safe — it replaces prior memfog entries.

Verify it took:

cat ~/.memfog/auth.json
grep -i memfog ~/.claude/settings.json | head -5

Then run any Claude Code prompt and watch events appear at dashboard.memfog.com.

Custom API host

MEMFOG_TOKEN=... npx memfog connect claude-code --api https://app.memfog.example

Uninstall

rm -rf ~/.memfog
# then remove the "memfog" hook entries from ~/.claude/settings.json

API reference

Base URL: https://app.memfog.com. All endpoints accept and return application/json unless stated otherwise. CORS is open to memfog.com, www.memfog.com, dashboard.memfog.com, and app.memfog.com.

Authentication

Three credential-handling routes are rate-limited to 10 requests per minute per client IP. Exceeding returns 429.

POST /auth/register

curl -X POST https://app.memfog.com/auth/register \
  -H 'content-type: application/json' \
  -d '{"email":"you@example.com","password":"a-real-password","display_name":"Optional"}'
# 202 Accepted — a verification email is sent

POST /auth/verify-email

curl -X POST https://app.memfog.com/auth/verify-email \
  -H 'content-type: application/json' \
  -d '{"token":"<from the email link>"}'
# 200 OK

POST /auth/login

curl -X POST https://app.memfog.com/auth/login \
  -H 'content-type: application/json' \
  -d '{"email":"you@example.com","password":"a-real-password"}'
# returns: {"access_token":"<jwt>","expires_in":3600,"user":{...}}
# 403 if email is unverified, 401 on bad creds

POST /auth/forgot-password

curl -X POST https://app.memfog.com/auth/forgot-password \
  -H 'content-type: application/json' \
  -d '{"email":"you@example.com"}'
# 202 — does not leak whether the email exists

POST /auth/reset-password

curl -X POST https://app.memfog.com/auth/reset-password \
  -H 'content-type: application/json' \
  -d '{"token":"<from the email link>","password":"new-password"}'

GET /me

curl https://app.memfog.com/me \
  -H "Authorization: Bearer $JWT"
# {"id":"<uuid>","email":"you@example.com","display_name":null,"email_verified":true}

Events

POST /sync/push — append events

curl -X POST https://app.memfog.com/sync/push \
  -H "Authorization: Bearer $JWT" \
  -H 'content-type: application/json' \
  -d '{
    "events": [{
      "id": "11111111-1111-1111-1111-111111111111",
      "ts": "2026-05-19T10:00:00Z",
      "project": "my-repo",
      "kind": {"type": "Prompt", "data": {"text": "What changed in src/auth.rs?"}},
      "schema_version": 1
    }]
  }'
# {"accepted":1}

The server stamps user_id from your JWT — events are always per-user-isolated even if the client omits it. Idempotent on id: re-sending the same event is a no-op.

POST /sync/pull — fetch events

curl -X POST https://app.memfog.com/sync/pull \
  -H "Authorization: Bearer $JWT" \
  -H 'content-type: application/json' \
  -d '{"limit": 50, "project": "my-repo", "since": "2026-05-01T00:00:00Z"}'
# {"events": [{...}, {...}]}

• limit: default 100, max 1000
• project: optional string filter
• since: optional RFC 3339 — only events with ts > since are returned

HookEvent shape

The memfog adapter packages every Claude Code hook payload into a single event kind:

{
  "id": "<uuid>",
  "ts": "2026-05-19T10:00:00Z",
  "project": "<cwd at the time of the hook>",
  "schema_version": 1,
  "kind": {
    "type": "HookEvent",
    "data": {
      "hook": "post_tool_use",
      "data": { /* the unmodified Claude Code hook JSON */ }
    }
  }
}

Hook names: session_start, session_end, prompt_submit, pre_tool_use, post_tool_use, post_tool_failure, pre_compact, subagent_start, subagent_stop, notification, task_completed, stop.

Privacy stance

• Your account, your data. Per-user row-level isolation on every read.
• Local-first by default. The Memfog desktop client runs on your machine with a local SQLite store; cloud sync is opt-in.
• What we store. Email + Argon2id password hash + the events your hooks push. Nothing else.
• What we don't. No third-party trackers on the dashboard or marketing site. No selling data. No reading the contents of your captured events except to serve them back to you.
• Encryption. All traffic is TLS via Cloudflare. The cloud DB runs on a hardened VM. Nightly encrypted backups to Cloudflare R2 (14-day retention).
• Full privacy policy and terms.

Troubleshooting

I can't log in — it says my email isn't verified.

You should have received an email with a verification link. Check spam. If you can't find it, register again — the second registration will replace the first if it hasn't been used.

The hook installer says "command not found: npx".

Install Node ≥ 20 from nodejs.org. We don't ship a binary release yet.

Events aren't appearing.

1. Confirm the hook config is in place: grep -i memfog ~/.claude/settings.json
2. Confirm the token file exists: cat ~/.memfog/auth.json (should have url + token)
3. Test the network path: curl -s https://app.memfog.com/healthz should return ok
4. Test the auth path: curl -s -H "Authorization: Bearer <token>" https://app.memfog.com/me should return your user JSON

I'm hitting 429 on sign-up / login.

The credential routes are rate-limited at 10 req/min/IP. Wait a minute. If you're behind a NAT with many users on the same IP, contact us.