{"slug": "show-hn-memoryops-governed-memory-infrastructure-for-ai-assistants", "title": "Show HN: MemoryOps – governed memory infrastructure for AI assistants", "summary": "MemoryOps AI launched an open-source governed memory infrastructure for AI assistants, implementing a ChatGPT-style memory lifecycle with policy enforcement, typed storage, hybrid retrieval, and auditability. The system treats memory as a governed decision system rather than a vector database, ensuring tenant isolation, deletion guarantees, and provenance for enterprise use.", "body_md": "MemoryOps AI is an enterprise-shaped, loop-engineered memory governance layer for AI assistants. It implements a ChatGPT-style memory lifecycle with capture, policy evaluation, typed storage, hybrid retrieval, controlled forgetting, auditability, and tenant isolation.\n\nMost demos treat memory as a vector database. MemoryOps AI treats memory as **governed state**.\n\nTagline:Enterprise memory governance for AI assistants.Core claim:Memory is not a database. Memory is a governed decision system that decides what information is valuable enough to carry into the future.\n\nMost AI \"memory\" demos do this:\n\n```\nchat message → vector database → retrieve later\n```\n\nMemoryOps AI does this:\n\n```\nWRITE PATH\nMessage → Extractor → Evaluator / Policy Broker → Write Service → Typed Memory Stores → Audit Log\n\nREAD PATH\nMessage → Retriever → Ranker → Context Composer → Response LLM\n\nBACKGROUND\nDecay Job → Reflection Agent → Conflict Resolver → Compression Worker\n\nCROSS-CUTTING PLANES\nSecurity · Governance · Observability · Evaluation · Reliability\n```\n\nThe five verbs the system must demonstrate:\n\n```\nCapture → Store → Retrieve → Update → Forget   (Governance wraps all five)\nphp\nflowchart LR\n    M[\"chat message\"] --> GW[\"Gateway\"]\n    GW --> EX[\"Extractor\"] --> PB[\"Policy Broker\"] --> WS[\"Write Service\"] --> ST[(\"Typed Store\")]\n    GW --> RT[\"Retriever\"] --> RK[\"Ranker\"] --> CC[\"Context Composer\"] --> RESP[\"Response\"]\n    PB --> AUD[[\"Audit Log (append-only)\"]]\n    WS --> AUD\n    ST -. background .-> BG[\"Decay · Reflection · Conflict · Compression\"]\n```\n\nMore diagrams (system architecture, lifecycle state machine, request sequence) are\nin [docs/architecture.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/architecture.md#diagrams).\n\nThese are non-negotiable and are enforced in code and tests.\n\n**Tenant isolation**— User A's memory is never returned to User B or another tenant.** Deletion guarantee**— Deleted memories are never retrieved again.** Provenance**— Every stored memory traces back to its source message/document/manual input.** Graceful degradation**— Retrieval failure never blocks response generation.** Policy-before-storage**— Unsafe / secret-like content is filtered before it reaches the store.** Temporary chat**— Temporary sessions never write or retrieve memory.** Auditability**— Every memory lifecycle event produces an append-only audit event.** Explainability**— The system can show which memories affected a response.** Typed memory**— Episodic, semantic, procedural, project, knowledge, system memories differ.** Evaluation**— Memory quality is testable through a golden set, not just manual inspection.\n\nSee [docs/architecture.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/architecture.md) for the full design and where each invariant is\nenforced.\n\n```\nmemoryops-ai/\n  apps/web/            Next.js frontend (chat, memories, governance, audit, loops, admin, architecture)\n  services/api/        FastAPI backend (gateway, extractor, policy broker, write/read path, audit)\n  services/worker/     Background jobs (decay, reflection, conflict resolution, compression)\n  packages/shared/     Shared types\n  infra/db/            Postgres + pgvector migrations and seed\n  infra/adr/           Architecture Decision Records\n  infra/observability/ OpenTelemetry / metrics notes\n  evals/               Golden + adversarial cases and the eval runner\n  docs/                architecture, security, governance, rollout, demo-script\n  docker-compose.yml\n```\n\nThe API ships with an in-memory repository so you can run the write path and tests without Postgres.\n\n```\ncd services/api\npython -m venv .venv && source .venv/bin/activate\npip install -r requirements.txt\nexport MEMORYOPS_STORAGE=memory          # default; uses in-memory store\nuvicorn app.main:app --reload --port 8000\n# open http://localhost:8000/docs\n```\n\nRun the invariant test suite:\n\n```\ncd services/api\npip install -r requirements-dev.txt\npytest -q\n```\n\nRun the eval harness against a running API (or in-process):\n\n```\ncd evals\npython run_evals.py\ncp .env.example .env\ndocker compose up --build\n# web  → http://localhost:3000\n# api  → http://localhost:8000/docs\n# db   → localhost:5432 (postgres/pgvector)\n# redis→ localhost:6379\n```\n\nCompose runs migrations from `infra/db/migrations`\n\non first boot and sets\n`MEMORYOPS_STORAGE=postgres`\n\nfor the API.\n\nRetrieval uses a swappable embedding provider. The default is a deterministic,\noffline **stub** — no API key required — so tests and demos are reproducible.\n\n```\nexport MEMORYOPS_EMBEDDING_PROVIDER=stub     # default; deterministic, no key\n# optional real embeddings:\nexport MEMORYOPS_EMBEDDING_PROVIDER=openai\nexport OPENAI_API_KEY=sk-...\nexport OPENAI_EMBEDDING_MODEL=text-embedding-3-small\n```\n\nAn unconfigured or failing provider degrades to the stub, and a query-embedding\nfailure degrades retrieval to keyword-only (`retrieval_mode=\"fallback\"`\n\n).\n\nExtraction and conflict detection run through a provider-neutral LLM layer\n(`app/llm/`\n\n). The default is a deterministic, offline **stub** — no API key — so\nbehavior is reproducible and tests never touch the network. Optional OpenAI,\nAnthropic, and Gemini adapters are used only when their key is set.\n\n```\nexport MEMORYOPS_LLM_PROVIDER=stub          # default; deterministic, no key\n# optional real providers (used only when the key is present):\nexport MEMORYOPS_LLM_PROVIDER=anthropic\nexport ANTHROPIC_API_KEY=...   ANTHROPIC_MODEL=claude-haiku-4-5-20251001\n# also: openai (OPENAI_API_KEY/OPENAI_MODEL), gemini (GEMINI_API_KEY/GEMINI_MODEL)\nexport MEMORYOPS_LLM_FALLBACK_TO_HEURISTIC=true   # invalid JSON / failure → heuristic\n```\n\nLLM output is **advisory**: the deterministic policy broker runs after extraction\nand stays authoritative — a model can never override policy, and secret-like\ncontent is still blocked. See [docs/provider-llm-adapters.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/provider-llm-adapters.md),\n[docs/structured-memory-intelligence.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/structured-memory-intelligence.md),\nand [ADR-008](/patibandlavenkatamanideep/memoryops-ai/blob/main/infra/adr/ADR-008-provider-llm-adapters.md).\n\nVerify enforced Row-Level Security against a running Postgres:\n\n```\npython scripts/check_rls_policies.py        # SKIPs cleanly if no DB is reachable\ncd apps/web\nnpm install\nnpm run dev          # http://localhost:3000\n```\n\nThe frontend reads `NEXT_PUBLIC_API_URL`\n\n(defaults to `http://localhost:8000`\n\n).\n\nMemoryOps deploys to **Railway only**. There is **no Vercel** path. One Railway\nproject (`memoryops-ai`\n\n) runs five services:\n\n| Service | Role | Source |\n|---|---|---|\n`memoryops-web` |\nNext.js frontend | `apps/web/Dockerfile` |\n`memoryops-api` |\nFastAPI backend | `services/api/Dockerfile` |\n`memoryops-worker` |\nBackground loops | `services/worker/Dockerfile` |\n| Railway Postgres | Store + pgvector | plugin |\n| Railway Redis | Queue / cache | plugin |\n\nBuild/deploy is config-as-code under [ railway/](/patibandlavenkatamanideep/memoryops-ai/blob/main/railway). Docs:\n\n[docs/deployment/railway.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/deployment/railway.md)— topology, order, rollback[docs/deployment/railway-env.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/deployment/railway-env.md)— env var matrix[docs/deployment/railway-smoke-test.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/deployment/railway-smoke-test.md)— post-deploy checks\n\nPost-deploy verification:\n\n```\npython scripts/railway_smoke_test.py \\\n  --api-url https://memoryops-api.up.railway.app \\\n  --web-url https://memoryops-web.up.railway.app\n```\n\n- Full design spine: README, architecture/security/governance/rollout docs, 5 ADRs, DB schema.\n- FastAPI write path:\n**Gateway → Extractor → Policy Broker → Write Service → Memory Store → Audit**. - Heuristic extractor + policy broker (works with\n**no API keys**); pluggable LLM adapter interface. - Typed memory classification, importance/confidence/sensitivity scoring, provenance capture.\n- Policy decisions:\n`SAVE`\n\n,`PENDING_APPROVAL`\n\n,`BLOCK`\n\n,`DROP_LOW_UTILITY`\n\n,`UPDATE_EXISTING`\n\n,`MERGE_WITH_EXISTING`\n\n. - Secret / PII detection blocks API keys and credentials before storage.\n- Append-only audit log for every lifecycle event.\n- Temporary chat short-circuits both read and write.\n- Memory dashboard + admin/audit + architecture pages (frontend skeleton).\n- Invariant test suite + eval harness scaffolding.\n\nMemoryOps models memory as a set of governed loops rather than a passive store.\n\nThe core loops are:\n\n- Memory Write Loop\n- Memory Read Loop\n- Governance Loop\n- Evaluation Loop\n- Release Gate Loop\n- Continuous Learning Loop\n\nEach loop has explicit states, policy gates, audit events, fallback behavior, and\nevidence requirements. Loop definitions live in `services/api/app/loops/`\n\n, loop\nruns/events are exposed through `/api/loops`\n\n, and the frontend includes a Loops page.\n\nSee [docs/loop-engineering.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/loop-engineering.md),\n[docs/loop-contracts.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/loop-contracts.md), and\n[docs/release-loop.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/release-loop.md).\n\nMemoryOps supports an optional [Headroom](https://github.com/chopratejas/headroom)-powered\ncontext compression layer. Compression runs **after** policy checks, governance\nfiltering, and context composition, and **only** on the composed context block —\nnever the raw user message and never before the policy broker. It reduces tokens\nsent to the LLM while preserving MemoryOps invariants (provenance, deletion\nguarantee, tenant isolation, temporary-chat behavior, explainability metadata).\n\nIt is **off by default** and **not a dependency** — the app runs without\n`headroom-ai`\n\ninstalled, and any compression failure degrades safely to the\nuncompressed context.\n\n```\npip install \"headroom-ai[all]\"            # optional\nexport MEMORYOPS_CONTEXT_COMPRESSION=headroom   # default: none\n```\n\nEach chat response carries a `compression`\n\nblock with estimated tokens saved and\nthe compression ratio. See [docs/token-compression.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/token-compression.md),\n[docs/integrations/headroom.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/integrations/headroom.md), and\n[ADR-007](/patibandlavenkatamanideep/memoryops-ai/blob/main/infra/adr/ADR-007-headroom-token-compression.md). Headroom is Apache-2.0;\nMemoryOps integrates it via an adapter and does not vendor its source.\n\n- Swappable embedding provider (\n`app/embeddings/`\n\n): deterministic offline stub + optional OpenAI. **Hybrid retrieval**: pgvector cosine (`search_candidates`\n\n) + keyword overlap, blended by the ranker.- Per-memory\n+ response`score_breakdown`\n\n(`retrieval_mode`\n\n`hybrid`\n\n/`fallback`\n\n/`none`\n\n). **Enforced** Postgres Row-Level Security (migration`004`\n\n,`FORCE`\n\n+ tenant policy + session GUC).- Expanded evals (semantic / keyword / archived / score-breakdown) + new tests; RLS test is DB-guarded.\n\n- Provider-neutral LLM layer (\n`app/llm/`\n\n): deterministic`StubProvider`\n\ndefault + optional OpenAI/Anthropic/Gemini adapters, selected by`MEMORYOPS_LLM_PROVIDER`\n\n. **Structured memory intelligence**: schema-validated extraction + minimal conflict detection, with prompt registry and deterministic heuristic fallback.- Invalid JSON / provider failure / timeout degrades to the heuristic and never blocks chat; LLM output is advisory and cannot override the policy broker.\n- New observability events (\n`llm_provider_call`\n\n,`llm_provider_failure`\n\n,`structured_output_invalid`\n\n,`llm_fallback_used`\n\n,`memory_extraction_structured`\n\n,`conflict_detection_result`\n\n) +`structured`\n\n/`conflict`\n\nevals; tests need no API keys.\n\n- Browser control plane over the governed lifecycle:\n`/memories`\n\n(filterable inventory),`/memories/[id]`\n\n(detail + provenance + per-memory audit timeline + inline edit),`/governance`\n\n(approval queue + recorded policy decisions),`/audit`\n\n(tenant-wide append-only history). - Additive read routes:\n`GET /api/memories/{id}`\n\n,`/{id}/provenance`\n\n,`/{id}/audit`\n\n, plus a`memory_id`\n\nfilter on`/api/audit`\n\n. Approve/reject/edit/ archive/restore/delete reuse the existing PATCH/DELETE — every action is audited and the policy broker stays authoritative. - Deletion guarantee holds in the UI: deleted memories are never listed or shown as active. Provenance is metadata only (no embeddings/secrets).\n- See\n[docs/governance-ui.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/governance-ui.md),[docs/memory-control-plane.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/memory-control-plane.md), and[ADR-009](/patibandlavenkatamanideep/memoryops-ai/blob/main/infra/adr/ADR-009-memory-control-plane.md).\n\n- Background workers (\n`services/api/app/workers/`\n\n) maintain memory**after** capture, off the chat request path:**decay**(demote aged/low-confidence memory),** archive**(retire stale, non-pinned, not-recently-used memory),** conflict scan**(flag contradictions as review candidates),** deletion verification**(prove soft-deleted memory stays unreachable), and proposal-only** reflection**(off by default). - A tenant-scoped\n`runner`\n\ndrives them:`python -m app.workers.runner --tenant t1 --user u1 --job all`\n\n(returns a structured`WorkerRunReport`\n\n; non-zero exit on a failed job or deletion finding). - Every job is tenant scoped, idempotent, retry-safe, and audited; none resurrects deleted memory and none bypasses the policy broker. A worker failure never blocks chat.\n- See\n[docs/background-lifecycle-workers.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/background-lifecycle-workers.md),[docs/memory-decay-policy.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/memory-decay-policy.md),[docs/deletion-verification.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/deletion-verification.md), and[ADR-010](/patibandlavenkatamanideep/memoryops-ai/blob/main/infra/adr/ADR-010-background-memory-lifecycle-workers.md).\n\n- A sixth lifecycle job —\n**deletion compaction**— clears a soft-deleted memory's content, normalized content, embedding/vector material, and provenance excerpt (after a retention window), while**preserving the governance tombstone**(id, tenant/user,`status='deleted'`\n\n,`deleted_at`\n\n,`source.kind`\n\n) and the full audit trail. Run it with`python -m app.workers.runner --tenant t1 --user u1 --job deletion_compaction`\n\n. - The purge is\n**verified fail-closed**: a still-reachable id, intact material, a missing tombstone, or a verification-path error all record evidence and flag the run — never a silent pass. - Honest scope: this is\n**auditable content/vector compaction + retrieval-exclusion verification**. It is** not**crypto-shred and does** not**claim physical disk/page erasure or pgvector reindex orchestration. - See\n[docs/deletion-compaction.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/deletion-compaction.md),[docs/vector-purge-verification.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/vector-purge-verification.md), and[ADR-011](/patibandlavenkatamanideep/memoryops-ai/blob/main/infra/adr/ADR-011-physical-deletion-compaction-vector-purge.md).\n\n**v0.7**— physical deletion compaction + vector purge verification ✅** v0.8**— Railway worker runtime + scheduled lifecycle orchestration** v0.9**— retention policies + legal hold + consent-aware memory** v0.10**— assistant SDK + example apps** v1.0**— production-ready governed memory runtime\n\n- Scheduled worker runtime with locks/leases, retries, and run history (v0.8).\n- Hard purge / crypto-shred and pgvector index reclamation (beyond v0.7's auditable compaction).\n- Governed reflection write path; cross-tenant scope enumeration for fleet scheduling.\n- Observability + economics, AI PR review runtime, deployment hardening.\n\nSee [docs/rollout.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/rollout.md) and the build phases in [CLAUDE.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/CLAUDE.md).\n\nMemoryOps AI includes an agentic engineering layer **around** the core memory\nsystem (never on the chat request path). It is inspired by three systems:\n\n**Hermes Agent**— used as an operator/developer assistant layer for release checks, invariant audits, and guided project workflows. Seeand`.hermes/skills/`\n\n[docs/integrations/hermes-agent.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/integrations/hermes-agent.md).**agentic-swe-kit**— used as a phase-gate framework for production engineering. MemoryOps maps to lifecycle phases covering cognitive design, memory architecture, evaluation, observability, security, reliability, governance, CI/CD for AI, and continuous learning. See[docs/agentic-swe-kit-map.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/agentic-swe-kit-map.md)and[docs/phase-gates/](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/phase-gates).**AI PR Review Agent**— the pattern behind the** PR Invariant Evidence Gate**. Every PR that touches memory, policy, retrieval, deletion, security, migrations, or API contracts must provide evidence (tests / evals / docs / ADRs). See[scripts/pr_invariant_gate.py](/patibandlavenkatamanideep/memoryops-ai/blob/main/scripts/pr_invariant_gate.py),[.github/workflows/pr-invariant-evidence-gate.yml](/patibandlavenkatamanideep/memoryops-ai/blob/main/.github/workflows/pr-invariant-evidence-gate.yml), and[docs/ai-pr-review-policy.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/ai-pr-review-policy.md).\n\nThe goal: MemoryOps is not just an AI memory feature — it is a governed engineering\nsystem with release discipline, review gates, and operational safety. Overview:\n[docs/integrations/README.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/integrations/README.md).\n\n[docs/architecture.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/architecture.md)— write path, read path, planes, invariants.[docs/loop-engineering.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/loop-engineering.md)— loop definitions, states, gates, evidence.[docs/loop-contracts.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/loop-contracts.md)— LoopDefinition, LoopRun, LoopEvent contracts.[docs/security.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/security.md)— tenant isolation, secret detection, deletion guarantee.[docs/governance.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/governance.md)— lifecycle, approvals, audit, retention.[docs/rollout.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/rollout.md)— phased delivery and production roadmap.[docs/demo-script.md](/patibandlavenkatamanideep/memoryops-ai/blob/main/docs/demo-script.md)— the 6-step demo.[infra/adr/](/patibandlavenkatamanideep/memoryops-ai/blob/main/infra/adr)— storage, retrieval, policy broker, observability, deletion ADRs.", "url": "https://wpnews.pro/news/show-hn-memoryops-governed-memory-infrastructure-for-ai-assistants", "canonical_source": "https://github.com/patibandlavenkatamanideep/memoryops-ai", "published_at": "2026-06-22 05:26:04+00:00", "updated_at": "2026-06-22 05:39:43.885394+00:00", "lang": "en", "topics": ["ai-infrastructure", "ai-tools", "ai-agents", "large-language-models", "ai-safety"], "entities": ["MemoryOps AI", "ChatGPT", "Postgres", "pgvector", "FastAPI", "Next.js", "OpenTelemetry"], "alternates": {"html": "https://wpnews.pro/news/show-hn-memoryops-governed-memory-infrastructure-for-ai-assistants", "markdown": "https://wpnews.pro/news/show-hn-memoryops-governed-memory-infrastructure-for-ai-assistants.md", "text": "https://wpnews.pro/news/show-hn-memoryops-governed-memory-infrastructure-for-ai-assistants.txt", "jsonld": "https://wpnews.pro/news/show-hn-memoryops-governed-memory-infrastructure-for-ai-assistants.jsonld"}}