GRAFOMEM Cloud — Inference Governance
Verify the memory. Govern the inference. Prove the erasure.
GRAFOMEM Cloud is the managed inference governance layer for the GRAFOMEM platform. While the core GMP protocol and conformance suite verify memory backends, GRAFOMEM Cloud adds the operational layer enterprises need: every AI inference is logged, every deletion is cryptographically proved, every policy is enforced before execution, and compliance reports are generated on demand.
Core GRAFOMEM answers: "Does my memory backend behave correctly?" GRAFOMEM Cloud answers: "Can I prove my AI system is governed, transparent, and compliant?"
The five governance layers
| Layer | What it does | API Prefix | Docs |
|---|---|---|---|
| Decision Trail | Immutable audit log of every inference decision — model, query, facts, output, tokens, latency. Ed25519-signed. | /v1/decisions/ | Decision Trail |
| Erasure Proof | GDPR Article 17 signed erasure certificates. Cryptographic proof that data was deleted and all references scrubbed. | /v1/erasure/ | Erasure Proof |
| Governance Gateway | Pre-execution policy engine — rate limits, model allowlists, content filters, PII guards, HITL gates. | /v1/governance/ | Governance Gateway |
| Regulatory Reports | One-click compliance packages for EU AI Act, GDPR, and DORA. | /v1/reports/ | Regulatory Reports |
| Cloud Portal | Web dashboard — 8 tabs, dark-mode glassmorphism UI. | cloud.grafomem.com | Cloud Portal |
Architecture
┌───────────────────────────────────────────────────┐
│ Cloud Portal (UI) │
├───────────────────────────────────────────────────┤
│ Reports │ Governance │ Erasure Proof │ Decision │
│ Engine │ Gateway │ Service │ Trail │
├───────────────────────────────────────────────────┤
│ Compliance · Metering · Auth · Billing │
├───────────────────────────────────────────────────┤
│ GMP Core — Memory Protocol + Backends │
├───────────────────────────────────────────────────┤
│ FastAPI · PostgreSQL · Ed25519 │
└─────────────────────────── ────────────────────────┘
Cryptographic guarantees
Every layer uses the same provenance primitives from the GMP core:
| Primitive | Usage |
|---|---|
| BLAKE2b-128 | Content-addressed IDs for decisions, certificates, and facts |
| BLAKE2b-256 | Tamper-detection hashes for reports and corpus manifests |
| Ed25519 | Digital signatures on decisions, erasure certificates, and conformance reports |
Getting started
Managed Cloud — sign up at cloud.grafomem.com
Self-hosted — deploy with Cloud mode enabled:
pip install grafomem[cloud]
grafomem serve --cloud --db postgresql://... --port 8000
Or with Docker:
docker run -e DATABASE_URL=postgresql://... -e CLOUD_MODE=1 grafomem/server
API authentication
All Cloud APIs are tenant-scoped. Include your API key in every request:
curl -H "Authorization: Bearer gf_your_api_key_here" \
https://cloud.grafomem.com/v1/decisions/stats
API keys are managed via the Cloud Portal or POST /v1/cloud/keys/rotate.
Total API surface
The Cloud Platform adds 30 new endpoints across 4 routers: