Skip to main content
The AtomicMemory Langflow plugin delivers a set of custom components backed by the Python atomicmemory SDK. After installation, they appear in the Langflow component sidebar under the atomicmemory category, ready to drag into any flow. Components cover the full memory lifecycle — from reading chat history and searching prior context, to storing new memories, inspecting individual records, and performing governance mutations with a full audit trail. Standard components work with the public SDK; enterprise governance components require the enterprise atomicmemory SDK build.

Components

Chat Memory

Read-only chat history (Message History backend) from a user/session scope. Fails closed by default if the backend is unreachable — toggle Fail open on error to return empty history instead.

Search Context

Query-driven, prompt-ready memory context scoped across all of the user’s sessions by default. Toggle Scope to session to restrict retrieval to the current session.

Store Message

Explicitly persist a message or turn into memory. Ingest runs synchronous LLM extraction and embedding, so writes can take up to ~20 seconds.

Delete Memories in Scope

Best-effort erasure of all memories in a given scope. Confirm-gated to prevent accidental deletion.

Enterprise governance components

The following five components require the enterprise atomicmemory SDK. They will fail fast at runtime with a clear “enterprise SDK required” error if the enterprise build is not installed.
ComponentPurpose
Memory BrowserList the memories in a scope; optional admin inventory view with compliance attributes
Memory InspectorOne memory’s full content, provenance, and audit lineage (redacted without an admin key; full with one)
Search DiagnosticsExplain a retrieval: included and omitted counts, omission reasons, and included memory IDs
Operator ActionAdmin-gated governance mutation: correct / redact / reclassify / revert / hard-delete / delete-by-scope
Audit ReaderRead the operator action log and receipt-chain validity (operator-global; optional user_id filter)
Memory Browser, Memory Inspector, and Search Diagnostics are read-side governance components. Operator Action and Audit Reader are mutating components — they source the admin key from the operator environment, never from a flow input.

Requirements

Before installing, confirm your environment meets these requirements:
  • Python >= 3.10
  • atomicmemory >= 1.1.2 (enterprise build required for governance components)
  • langchain-core
  • Langflow >=1.6,<2.0
  • A running AtomicMemory Core (default http://localhost:17350)
The enterprise SDK ships a local version (1.1.2+jpmc) that PyPI cannot publish. A version floor alone does not guarantee the governance surface is present — the components perform a runtime check and fail fast with a clear error if handle.admin and related APIs are absent. The public PyPI build is intentionally unsupported for governance components.

Run a local AtomicMemory Core (Docker)

All components require a running AtomicMemory Core. To start one locally using Docker: 
cd packages/core
docker compose up -d --build
curl -s -H "Authorization: Bearer local-dev-key" http://localhost:17350/v1/memories/health
# expected response: {"status":"ok"}
For governance component demos, the Core must be started with an admin API key: 
cat > packages/core/.env <<'EOF'
CORE_API_KEY=local-dev-key
CORE_ADMIN_API_KEY=local-admin-key
EMBEDDING_PROVIDER=transformers
EMBEDDING_MODEL=Xenova/all-MiniLM-L6-v2
EMBEDDING_DIMENSIONS=384
RAW_STORAGE_DEPLOYMENT_ENV=local
STORAGE_KEY_HMAC_SECRET=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
LLM_PROVIDER=openai
OPENAI_API_KEY=sk-not-used-for-governance
EOF
The governance demos (Memory Inspector, Search Diagnostics, Operator Action) use local embeddings and do not call an LLM, so a dummy OPENAI_API_KEY value is fine. For conversational demos that run Store Message → Search Context, set a real LLM_PROVIDER and API key.

Install

1

Install the Python package

Install atomicmemory-langflow into Langflow’s Python environment:
pip install atomicmemory-langflow
For governance components, install the enterprise SDK wheel or private source first, then install atomicmemory-langflow.
2

Copy component entry files

Use the AtomicMemory Langflow plugin CLI to copy the component entry files into your Langflow components root:
npx @atomicmemory/langflow-plugin --target ~/.langflow/components --python <langflow-python>
Alternatively, set the components root via environment variable:
LANGFLOW_COMPONENTS_PATH=~/.langflow/components npx @atomicmemory/langflow-plugin --python <langflow-python>
Replace <langflow-python> with the path to the Python executable in Langflow’s environment.
3

Restart Langflow

Restart Langflow after copying the component files. The atomicmemory category will appear in the component sidebar once Langflow reloads.

Security

AtomicMemory’s Langflow components are designed to keep secrets out of flow definitions and prevent flows from being used as escalation paths.

API keys and Provider Config

Put API keys only in the API Key secret field. Never place them in Provider Config — that field is stored in plaintext in the flow definition. The Provider Config field is allowlist-only: only known tuning keys (timeoutSeconds, apiVersion) are accepted. All URLs, keys, and secret-shaped keys (accessToken, clientSecret, and similar) are rejected.

API URL validation

By default, the API URL field accepts only local hosts. Pointing memory at a non-local endpoint requires the operator (not the flow author) to opt in explicitly: 
# Allow any remote host:
export ATOMICMEMORY_LANGFLOW_ALLOW_REMOTE=1

# Or allow specific hosts only:
export ATOMICMEMORY_LANGFLOW_ALLOWED_HOSTS=memory.yourco.com,memory-staging.yourco.com
This is not full SSRF protection. The URL validation does not sandbox the loopback interface — a flow author can still reach services bound to localhost or 127.0.0.1 on any port. On shared or multi-tenant deployments, treat flow authors as trusted or add network-egress controls.

Governance and the admin key

The admin key is the most privileged credential — it can read the full audit trail and, for mutating components, correct, redact, or delete any memory in scope. The plugin enforces a strict split based on component risk level:
These components take a separate, optional Admin API Key flow input (X-Atomic-Admin-Key). Without it, they return redacted views. Supplying an admin key upgrades to full audit trail and admin inventory views. A flow-level admin key here is read-only — the tolerable upper bound for a flow input.
These components do not accept an admin key as a flow input. The mutation-capable key comes exclusively from the operator environment:
export ATOMICMEMORY_LANGFLOW_ADMIN_API_KEY=local-admin-key
The component fails fast with a clear error if this variable is unset. This design ensures a flow author cannot read or export a key that can mutate or delete memory.The audit actor is set from the authenticated session user when one exists — a flow field cannot override it, preventing identity forgery in the tamper-evident log. Only in headless or CLI runs (where there is no session user) does the component fall back to an optional Actor (fallback) field.
hard_delete and delete_by_scope require a Confirm phrase typed to match the target (a Memory ID or target user_id) in addition to a Confirm toggle. delete_by_scope also offers a Dry run mode that previews the affected count without deleting. Note that the dry-run count is capped at 1000 records — a count at the cap is reported as a lower bound (“at least N”), never a falsely exact total.
Operator Action nodes are non-idempotent. Langflow executes every node on each flow run, and the Confirm toggle persists between runs — meaning an Operator Action node re-applies its mutation on every run. Run Operator Action in a dedicated manual flow, not on a chat path. Prefer reversible verbs (correct, redact, revert) over hard_delete or delete_by_scope.

Scope and identity

Memory is scoped by user (required) and an optional session for per-conversation threading. The User ID field defaults to the Langflow run user when left blank. Search Context recalls across all sessions by default — long-term memory should persist beyond a single conversation. Toggle Scope to session on the Search Context component to restrict retrieval to the current session. Chat Memory and Store Message are always session-aware.
In shared, multi-tenant, or Cloud deployments, user_id and session_id can be set via flow inputs and tweaks. Control who can edit and run flows — a flow author who sets user_id can read and write that user’s memories.