Access Mem Anywhere
Connect any machine or agent to your Mem with a secure URL + API key.
Nowledge Mem runs on your machine — your data never leaves your control. Access Anywhere lets you reach that same instance from any other device, agent, or browser through a secure tunnel.
One Mem, many ways to connect: your laptop at a coffee shop, a browser tab on your phone, a coding agent on a CI runner, AI Now on a second desktop. The Mem on your always-on machine is the hub. Everything else connects to it.
This is also how sync works in Mem today: one always-on Mem instance, many connected clients. If you want the short product explanation first, read Sync Across Devices.
The recommended setup
Run Nowledge Mem on an always-on device — a Mac Mini, a Linux server, or a desktop that stays powered on. Then connect from everywhere else: a second laptop, a web browser, or the iOS mobile app. This gives you 24/7 access to your knowledge base, background intelligence that keeps running, and a single source of truth for all your tools and devices.
Choose Your Connection Type
| Type | Best for | What URL you get |
|---|---|---|
| Quick link | Fast setup in under a minute | Random *.trycloudflare.com URL |
| Cloudflare account | Daily/long-term usage | Stable URL on your own domain (for example https://mem.example.com) |
Before You Start
Important
Open this guide from Settings → Access Mem Anywhere → Guide.
- Quick link needs no Cloudflare account and no domain.
- Cloudflare account mode requires a domain already managed in your Cloudflare account.
- If you do not have a domain in Cloudflare yet, use Quick link first.
- In Cloudflare account mode, the final public URL appears only after you create a hostname route.
nmem TUI path
If you are on a server/terminal workflow, open nmem tui → Settings tab → Access Anywhere.
You can configure stable link, start/stop tunnel, rotate/reveal key, and view terminal setup there.
Important for TUI
Access Anywhere management APIs are local-only.
If your shell is pointed at a remote Mem (NMEM_API_URL=https://...), temporarily switch back to local (http://127.0.0.1:14242) before configuring tunnel settings.
Path A: Quick Link (No Account)
Open remote access in Mem
Open Settings → Access Mem Anywhere.
Turn on Allow devices on same Wi-Fi if you also want LAN access.
LAN authentication
When you enable this, an API key is automatically generated. Other devices on your network will need this key to connect. It's the same key used for access anywhere. You can copy it from the API Key section that appears below.
Choose Quick link and start
In Access from Anywhere, choose Quick link, then click Start.
Wait for status to become Live.
Copy URL and API key
In Ready to connect, copy:
- URL
- API key
Use Rotate if you want to issue a fresh key.
Verify from another machine
export NMEM_API_URL="https://<your-quick-link>"
export NMEM_API_KEY="nmem_..."
nmem statusExpected: status ok.
Linux / server network note
Some VPS, office, campus, or ISP networks block UDP/QUIC. Mem now retries Cloudflare tunnel startup with HTTP/2 automatically if QUIC fails during startup.
If you want to force TCP-only transport in a headless or systemd deployment, set:
export TUNNEL_TRANSPORT_PROTOCOL=http2Then restart Mem and start Access Anywhere again.
Path B: Cloudflare Account (Stable URL)
Prerequisite
You need a domain already in Cloudflare DNS (for example example.com) before this path can produce a stable URL.
Create a tunnel and copy the token
In Cloudflare Zero Trust:
- Open Networks → Connectors → Create a tunnel.
- Click Select Cloudflared.
- Name the tunnel and click Save tunnel.
- In Install and run connectors, copy the token from a command like:
sudo cloudflared service install ... <TOKEN>In Mem Desktop, you can paste either:
- the raw token, or
- the full command line (supported forms:
service install <token>,--token <token>,--token=<token>).
Mem extracts the token automatically.
Create a public hostname route
In tunnel routing / hostname routes:
- Create a hostname (for example
mem.example.com). - Bind it to the tunnel you created.
This step creates your stable public URL.
Map the hostname to local Mem API
- Open Networks → Connectors → your tunnel.
- In Published application routes, click Add a published application route.
- Map
mem.example.comto your local Mem server:
- Subdomain:
mem - Domain: your Cloudflare-managed domain
- Service Type:
HTTP - Service URL:
http://127.0.0.1:14242
Do not append /remote-api.
Save and start in Mem
Back in Settings → Access Mem Anywhere → Cloudflare account:
- Public URL:
https://mem.example.com - Tunnel token: paste raw token or full
cloudflaredcommand
Then:
- Click Save
- Click Start
- Click Rotate if you want a fresh key
- Click Copy to copy URL and API key
Verify from another machine
export NMEM_API_URL="https://mem.example.com"
export NMEM_API_KEY="nmem_..."
nmem statusExpected: status ok.
Use It on Other Clients
Pick the connection path that matches your situation:
- Use the mobile app for native iOS or Android access from your phone or tablet
- Use the desktop app from a second computer for the full experience including AI Now
- Use the web browser for quick visual access from any device (phone, tablet, guest machine)
- Use the tool's native integration when it has one (browser extension, Claude Code, Cursor, etc.)
- Use
~/.nowledge-mem/config.jsonfornmemCLI and shell-based workflows - Use direct MCP only for MCP clients without a better dedicated path
Mobile App (iOS & Android)
Alpha release
The mobile app is in alpha. iOS is available via TestFlight; Android is available as an unsigned APK. Reach out via Discord for TestFlight access, or download the APK from the community releases page.
The mobile app is a native wrapper that connects to your Mem server — no local database, no local Python backend. It gives you the full mobile experience: search, memories, threads, library, graph, and feed.
- Install the app (TestFlight for iOS, APK for Android)
- Enter your Mem URL and API key
- Tap Connect
The app stores your credentials locally and reconnects automatically on subsequent launches.
Desktop App (Client Mode)
Install Nowledge Mem on a second computer and connect to your main instance:
- Open Settings → Access Anywhere
- Enter the URL and API key from your main Mem
- Click Connect
You get the full desktop experience — search, memories, threads, library, graph, and AI Now. AI Now runs locally on the device you're sitting at but uses the LLM provider configured on the remote server. No extra LLM setup needed on the client.
The title bar shows Remote to indicate you're connected to another Mem, and Local AI on the AI Now tab to show the agent is running on your device.
Web Browser
Open your Mem URL with /app appended — for example https://mem.example.com/app — in any modern browser.
Enter your API key to log in. You get search, memories, threads, and graph views. AI Now is not available in the browser — for that, use the desktop app in client mode (above).
This is the fastest way to check your knowledge base from a machine where you haven't installed the desktop or mobile app.
On mobile, the native app (above) is recommended. If you prefer the browser, tap Share → Add to Home Screen (iOS) or the install banner (Android) to save it as a shortcut. It opens full-screen without browser chrome.
nmem CLI
Option A: Config file (recommended for daily use)
Create ~/.nowledge-mem/config.json so every nmem command connects automatically:
{
"apiUrl": "https://<your-url>",
"apiKey": "nmem_..."
}nmem status # reads from config.json
nmem m search "project notes"Option B: Environment variables
export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."
nmem statusPriority: CLI flags > env vars > config file > defaults.
Browser Extension (SidePanel)
Open any supported AI chat page, then open Nowledge Mem Exchange in the browser SidePanel:
- Click Settings
- In Access Mem Anywhere, paste the terminal setup copied from Mem Desktop:
export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."- Click Fill URL + key
- Click Save
- Click Test connection (should show success)
You can also type URL + key manually in the same section.
OpenClaw Plugin
Two options. Pick whichever fits your setup:
Option A: Plugin config (recommended)
Add apiUrl and apiKey directly to your plugin entry in ~/.openclaw/openclaw.json:
{
"plugins": {
"slots": { "memory": "openclaw-nowledge-mem" },
"entries": {
"openclaw-nowledge-mem": {
"enabled": true,
"config": {
"sessionContext": false,
"maxContextResults": 5,
"apiUrl": "https://<your-url>",
"apiKey": "nmem_..."
}
}
}
}
}The key is passed to the nmem subprocess via environment variable only. It never appears in logs or process arguments.
Option B: Environment variables
Set these in your shell before starting OpenClaw:
export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."Both options are equivalent. Use Option A if OpenClaw runs as a service or you want the config self-contained. Use Option B to keep credentials out of config files.
Alma Plugin
Two options. Pick whichever fits your setup:
Option A: Plugin settings (recommended)
In Alma, open Settings and configure the Nowledge Mem plugin:
nowledgeMem.apiUrl: your remote URL (e.g.https://mem.example.com). Leave empty for local.nowledgeMem.apiKey: your Mem API key (nmem_...). Passed via environment variable only, never logged or shown in process arguments.
The plugin shows mode=remote or mode=local in its activation log so you can confirm which mode is active.
Option B: Environment variables
Set these in your shell before starting Alma:
export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."Both options are equivalent. Use Option A for a self-contained setup. Use Option B to keep credentials out of config files.
MCP / Agent Nodes
MCP clients connect via HTTP. Pass your API key in the Authorization header, or use the X-NMEM-API-Key header.
Use the exact MCP endpoint with a trailing slash: https://<your-url>/mcp/.
Cursor (~/.cursor/mcp.json or workspace .cursor/mcp.json):
{
"mcpServers": {
"nowledge-mem": {
"url": "https://<your-url>/mcp/",
"type": "streamableHttp",
"headers": {
"APP": "Cursor",
"Authorization": "Bearer nmem_..."
}
}
}
}or
{
"mcpServers": {
"nowledge-mem": {
"url": "https://<your-url>/mcp/",
"type": "streamableHttp",
"headers": {
"APP": "Cursor",
"X-NMEM-API-Key": "nmem_..."
}
}
}
}Claude Desktop. If you use the Nowledge Mem extension, just fill in Remote URL and API Key in the extension settings. No JSON editing needed.
Alternatively, add an MCP server entry to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"nowledge-mem": {
"url": "https://<your-url>/mcp/",
"type": "streamableHttp",
"headers": {
"APP": "Claude",
"Authorization": "Bearer nmem_..."
}
}
}
}Codex CLI (~/.codex/config.toml, advanced direct MCP fallback):
If you are using the dedicated Codex CLI guide, prefer that reusable package path first. Use direct MCP here only when you specifically want Codex talking to Mem over MCP.
[mcp_servers.nowledge-mem]
url = "https://<your-url>/mcp/"
[mcp_servers.nowledge-mem.http_headers]
APP = "Codex"
Authorization = "Bearer nmem_..."Claude Code. Install the Nowledge Mem plugin for automatic Working Memory, search, and session capture. For remote mode, create ~/.nowledge-mem/config.json with your connection settings — the plugin's nmem commands read it automatically:
{
"apiUrl": "https://<your-url>",
"apiKey": "nmem_..."
}Or use environment variables:
export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."CI / other shell-based agents. Same environment variables work in any shell context.
Remote mode still reads local agent session files on the client
For transcript-backed saves such as nmem t save --from claude-code, gemini-cli, or codex, remote mode does not mean the Mem server reads those agent session files remotely. The client machine running the agent still performs local discovery and parsing, then uploads the normalized thread data to Mem.
Quick Health Check
curl -H "Authorization: Bearer $NMEM_API_KEY" "$NMEM_API_URL/health"Expected: health JSON response.
If wrong key:
curl -H "Authorization: Bearer wrong_key" "$NMEM_API_URL/health"Expected: 401.
If your proxy strips auth headers:
curl "$NMEM_API_URL/health?nmem_api_key=$NMEM_API_KEY"Security and Operations
- API key is required for every remote request, both tunnel and LAN connections.
- When LAN access is enabled, connections from other devices on your network require the API key. Connections from the same computer are always allowed without a key, unless you enable Require API key on localhost in Settings.
- Rotate key anytime in Settings (old key becomes invalid immediately).
- After your first successful Start, tunnel reconnects automatically on app restart until you click Stop.
- Browse-Now / Browser Bridge automation endpoints are local-only and are not exposed through Access Anywhere.
- Stop tunnel when remote access is not needed.
Troubleshooting
- Start timed out: your network/proxy may block Cloudflare traffic. Retry, or switch to Cloudflare account mode.
401 Missing API key: proxy likely removed auth headers. Updatenmem, or use query fallback for manual checks.429 Too many invalid auth attempts: wrong key was retried repeatedly. Re-copy key or click Rotate.