UnisonHow do I give each end-user their own private memory?
Use the brain:act-as scope and a per-call actor ID to create isolated private memory for every user in your application.
I'm building a multi-user app. How do I make sure user A can't see user B's memories?
Unison has a first-class mechanism for this: the brain:act-as scope combined with a per-call actor ID. When you pass an actor ID, the brain stores and retrieves memory scoped to that actor — users are isolated from each other by default, even though you're using a single API key.
How it works
- Your backend holds one
usk_live_...key with thebrain:act-asscope granted. - On every API call, you pass the current user's stable ID as the actor.
- Unison treats each actor as its own isolated memory namespace under
/private/.
Example
curl 'https://brain.unisonlabs.ai/v1/brain/context?q=preferences' \
-H "Authorization: Bearer $UNISON_TOKEN" \
-H "X-Unison-Actor: user_abc123"Ingest also respects the actor:
curl -X POST https://brain.unisonlabs.ai/v1/brain/ingest \
-H "Authorization: Bearer $UNISON_TOKEN" \
-H "X-Unison-Actor: user_abc123" \
-H 'content-type: application/json' \
-d '{"items":[{"type":"conversation","turns":[...],"visibility":"private"}]}'User user_abc123's recalls will never surface content ingested under user_def456.
Choosing actor IDs
Use your app's stable internal user ID (a UUID, a database row ID). Don't use email addresses — they can change, and the actor ID is how you'll look things up later.
What about shared workspace memory?
Actor-scoped memory is isolated. If you also want some shared knowledge (e.g., company-wide context all users should benefit from), ingest that without an actor ID into the /workspace/ path, and it will be visible to all actors in the same workspace.