Memory alone isn't enough — AI tools forget constraints, ignore decisions, and break what works. SpecLock is the AI Constraint Engine that gives your AI memory + active enforcement.
Millions of Bolt.new users have zero memory and zero protection between sessions. SpecLock gives Bolt persistent memory and active constraint enforcement. No MCP needed. Just say "install speclock".
Session 1 — Setup
Say "install speclock" — done.
Bolt automatically runs npx speclock setup, reads the generated rules, and starts capturing your project memory.
User:"Install speclock and set up memory for Lumina"Bolt:✓ Set goal: "Build B2B Lumina API"✓ Added 6 locks (auth, security, rate limiting...)✓ Recorded 7 decisions (Gemini, Stripe...)✓ Context file generated
Session 2 — Full Memory
New chat. Everything remembered.
Bolt reads .speclock/context/latest.md and picks up exactly where you left off. All locks, decisions, and history intact.
User:"Create a plan for the API endpoints"Bolt:✓ Read project context (6 locks, 7 decisions)✓ Created 10-phase plan respecting ALL constraints✓ All plans use Supabase (locked), Bearer auth (locked)✓ Logged planning phase back to SpecLock
Works on Bolt.new free and paid plans. Also works with Aider, Rocket.new, and any platform with npm.
Live Demo
See it in action
Memory + enforcement in action. The AI remembers your constraints and actively blocks violations.
# Session 1 — Setting up the project$speclock_session_briefing> Project memory active. No previous context found.$speclock_set_goal"Build a SaaS dashboard with Stripe billing"> Goal set.$speclock_add_lock"Never modify auth files without permission"> 🔒 Locked: "Never modify auth files without permission"$speclock_add_decision"Use Supabase for auth, Stripe for payments"> Decision recorded.$speclock_session_summary"Set up project structure and core constraints"> Session saved. 1 lock, 1 decision tracked.# Session 2 — AI remembers everything$speclock_session_briefing> 🔒 Memory loaded — 1 lock, 1 decision, 1 session tracked.> Goal: Build a SaaS dashboard with Stripe billing> Lock: Never modify auth files without permission$speclock_check_conflict"Adding social login to auth page"> ⚠️ CONFLICT (HIGH confidence): Violates lock "Never modify auth files"> Action blocked. Ask user for permission before proceeding.
The Problem
Memory without enforcement is dangerous.
Some AI tools now have memory. But remembering is not the same as respecting.
💥
AI Breaks What You Locked
You said "never touch auth files." The AI remembers — and rewrites them anyway while "fixing a bug."
🔄
Decisions Get Overridden
You chose PostgreSQL. Three sessions later, the AI switches to MongoDB because it "seemed better."
🚫
No Constraint Enforcement
Claude's native memory, Mem0, CLAUDE.md — none of them stop the AI when it's about to violate a rule.
🧠
Bolt.new Has Nothing
Millions of vibe coders on Bolt.new have zero memory and zero protection between sessions. Every chat starts from scratch.
🤖
Multi-Agent Chaos
Agent A locks the API. Agent B doesn't know and rewrites it. No tool tracks constraints across agents — except SpecLock.
🔁
Passive Memory = False Safety
Your AI "remembers" your rules in a text file. But when the context is long, it ignores them. You need active enforcement, not passive notes.
Why SpecLock
How SpecLock compares to alternatives
Memory tools exist. But none of them enforce constraints or work on Bolt.new.
Feature
Claude Native Memory
Mem0
CLAUDE.md / .cursorrules
SpecLock
Stops AI from breaking locks
No
No
No
Yes — active enforcement
Semantic conflict detection
No
No
No
Yes — synonyms + negation
Works on Bolt.new
No (Claude only)
No
No
Yes — npm file-based
Works on Lovable
No
No
No
Yes — MCP remote
Remembers context
Yes
Yes
Manual
Yes
Structured decisions/locks
Flat text
Tags only
Flat text
Goals, locks, decisions
Git-aware (checkpoints)
No
No
No
Yes
Cross-platform
Claude only
MCP only
Tool-specific
MCP + npm (universal)
Price
Free (Claude only)
Free tier / $249/mo
Free (manual)
Free & open source
Other tools remember. SpecLock enforces.
How It Works
SpecLock in real life
Connect once. The AI handles everything automatically. Here's what happens:
Install speclock and set up project memory for my app
2
That's it. Bolt does the rest.
Bolt will run npx speclock setup, read the generated SPECLOCK.md rules file, and start using SpecLock automatically. It will add locks when you say "never/always/don't touch", check constraints before changes, and log what it builds. No MCP needed. No config. No paste.
Works on Bolt.new free and paid plans. No MCP support required — uses npm file-based mode.
Project Instructions
The rules that make SpecLock automatic
Copy these rules and paste them into your platform's project instructions. This tells the AI to use SpecLock on every message — no commands needed.
🔒 SpecLock Project Instructions — Copy & Paste
Where to paste (one-time setup):
Platform
Where to Paste
Auto from MCP?
Lovable
Project Settings → Knowledge
No — paste required
Claude Code
CLAUDE.md in project root
Yes — works without paste
Cursor
.cursorrules in project root
Partial — paste recommended
Windsurf
.windsurfrules in project root
Partial — paste recommended
Cline
Custom Instructions in settings
Partial — paste recommended
bolt.diy
System prompt settings
No — paste required
The rules to copy:
## SpecLock Rules (MANDATORY — follow on every message)
1. START OF EVERY CONVERSATION: Call speclock_session_briefing
FIRST. Read all locks, decisions, and goals before doing
anything else. Show a brief summary:
"🔒 Memory loaded — X locks, Y decisions."
2. BEFORE WRITING OR MODIFYING ANY CODE: Call
speclock_check_conflict with a description of what you're
about to change (e.g., "Adding payment page" or "Modifying
the auth login flow"). If a conflict is found with HIGH
confidence, STOP and tell me which lock would be violated.
Do NOT proceed unless I explicitly say to override it.
3. WHEN I SAY "lock this", "never touch this", "don't ever
change this", "this is critical", or similar: Immediately
call speclock_add_lock with my exact constraint.
Confirm with: "🔒 Locked: [constraint]"
4. AFTER COMPLETING ANY FEATURE OR SIGNIFICANT CHANGE: Call
speclock_log_change with a summary of what was built/changed
and which files were affected. Also call speclock_add_decision
if an architectural choice was made.
5. WHEN I ASK TO REMOVE OR CHANGE SOMETHING THAT WAS LOCKED:
Warn me first: "⚠️ You locked this: [constraint]. Want me
to unlock it and proceed?" Only proceed if I confirm.
6. END OF CONVERSATION: Call speclock_session_summary with
what was accomplished.
That's it. Paste once, and every chat after that will automatically use SpecLock. The AI will load your memory at the start, check constraints before changes, and log what it builds. You never have to type a SpecLock command.
"I spent a year building products with AI coding tools. Every session, my AI forgot what we agreed on. 'Never touch auth' became 'oops, I rewrote your login flow.' I chose PostgreSQL — three sessions later, the AI migrated to MongoDB. I built SpecLock because memory without enforcement is useless. Other tools remember. SpecLock is the only one that says NO when you're about to break something."
