Apache-2.0 · Self-hostable · Works with Claude Code, Codex, Cursor & any base-URL agent

Your AI remembers your repo.
memnos remembers your team.

Every AI coding agent keeps its own memory — one per tool, per developer, per session. memnos is the shared, governed layer across all of them: what one agent learns, every agent knows — attributed to who learned it, audited, on your own PostgreSQL.

How we're different: memnos captures deterministically through Claude Code hooks and the capture proxy — not the model’s discretion (and if the server is down, turns are queued and replayed automatically) — runs no LLM at query time, and is fully governed and audited. And we publish honest, judge-transparent benchmarks: the full judge band, per-question predictions in the repo.

64–65%
LoCoMo (full 10) — gpt-4o judge, three independent from-scratch ingests (65 / 64 / 65); every prediction published
Yours
your memory, your data — self-host or cloud, never locked in
Any LLM
OpenAI · Claude · Llama/Ollama — pluggable; none at query time
Governed
token auth · namespace ACL · audit · encrypted secret vault
namespace: org:acme:engineering recent
fact 2h ago

Chose one PostgreSQL + pgvector over a separate graph + vector DB — simpler ops, ACID, bi-temporal facts.

fact 6h ago

Redis OOM on prod-02. Resolved by setting maxmemory-policy=allkeys-lru.

constraint corpus: security-arch.md

CONSTRAINT: All database queries must go through the ORM layer. Direct SQL is prohibited.

fact superseded · as-of queryable

Alex moved to Seattle — the earlier "lives in Austin" fact is closed with valid_to, not deleted.

constraint corpus: arch-docs.md

CONSTRAINT: All PHI data MUST be encrypted at rest using AES-256. Direct database access from service layers is PROHIBITED.

64–65% on full LoCoMo (three independent ingests) · 78.4% on LongMemEval (500q, gpt-4o judge, predictions published) · No LLM at query time · Apache-2.0 · Runs on PostgreSQL.

See it work

Two agents. One shared brain.

Two real Claude Code agents — separate processes, separate tokens, same team namespace. Dev Alice’s agent makes a decision. Dev Bob’s agent, in a fresh session that never saw hers, recalls it — attributed to dev-alice — and adds a constraint her next turn picks up. No one re-explained anything. memnos is the shared memory underneath.

Two Claude Code agents sharing memory through memnos — Dev Bob's agent recalls Dev Alice's decision, attributed by dev-alice

Recorded live · attribution is server-stamped from each agent’s token, not client-claimed · runs on your own Postgres.

Never lose a decision

memnos captures both sides — what you asked and what your AI concluded — deterministically, through hooks and the capture proxy, not the model’s discretion. Decisions land in memory the moment they’re made.

Every memory signed

new in 0.1.6

Author attribution on every write — know which agent or person wrote each memory, and when. Today, every operation is already audit-logged by principal.

Rules that can’t be forgotten

new in 0.1.6

Pinned constraints that ride along with every recall, so your rules never fall out of context. Today: constraints are searchable facts, and /corpus/check tests any diff against them — deterministic, no LLM.

Trust, then verify

Shipped today: token auth, namespace ACLs, a full audit log, and an AES-256-GCM secret vault with write-time credential redaction. Every claim checkable in the open source.

The real cost of stateless AI teams

Your team has 20 engineers and 20 AI assistants. Without shared memory, you have 40 silos — each starting from zero.

Agents forget between sessions

Context window closes; architecture decisions, resolved incidents, learned patterns — gone. Every session restarts from zero.

No shared context across agents

Agent A doesn't know what Agent B discovered 10 minutes ago. Work is repeated, mistakes are repeated, and coordination is manual.

Decisions lost

A senior architect's 10am decision doesn't reach the developer asking the same question at 2pm. The same trade-offs get re-litigated daily.

Zero policy enforcement

No audit trail. No way to know which agent made which call, which decision was automated, or why. Compliance is impossible to prove.

Architecture violations slip through

Agents generate code that violates your documented architecture. No one enforces the rules at code-generation time without re-prompting every session.

Knowledge leaves when engineers do

Onboarding takes weeks because institutional knowledge lives in people's heads and scattered notes. New hires and their AI assistants start completely cold.

memnos fixes all six.
The empty seat

Why another memory system?

Fair question — there are good ones. But look at what each actually ships, as of June 2026:

Zep

A polished temporal knowledge graph — as a hosted cloud product. Its open engine (Graphiti) requires a separate graph database, and conflict resolution is LLM-driven.

Mem0

Genuinely open source, with the biggest community. But an LLM decides what to add, update or delete at write time, and governance — ACL, audit, vault — isn’t part of the package.

Letta

An agent runtime — capture is complete inside it, but it can’t add memory to the tools you already use: Claude Code, Claude Desktop, Cursor stay outside.

Supermemory

Great DX and connectors — but the engine’s source is unpublished, local mode is a closed binary with a single API key, and governance starts at paid tiers.

Nobody in that list ships all three of: a fully open engine (read every line that touches your data), governance by default in the free tier (token auth, namespace ACL, audit log, cost ledger, encrypted vault, ingest redaction), and running on your own PostgreSQL — the database your org already operates, backs up, and has compliance sign-off on. memnos is that combination: memory you can audit, govern, and run on your own Postgres. See the full comparison →

Who it's for

Not for everyone. Built for people shipping with AI agents.

memnos earns its place when more than one agent — or more than one developer — needs to share what’s been learned. Three audiences feel that most:

👩‍💻

AI engineering teams

Your team runs Claude Code, Codex and Cursor. memnos is the one shared, governed memory underneath them: decisions, constraints and incidents every developer’s agent reads and writes — attributed to who learned them. New hires get full context on day one; the team stops re-litigating settled questions.

🤖

Agent builders

Building on LangChain, LangGraph or your own stack? memnos is a real memory backend via the memnos-sdk, MCP and REST — hybrid recall, bi-temporal facts, no LLM at query time. Vendor-neutral, runs anywhere.

🏛️

Regulated enterprise

Healthcare, finance, government. Self-host on the PostgreSQL you already operate, with token auth, namespace ACLs, a full audit log, server-stamped authorship and an encrypted secret vault. Your data never leaves your infrastructure.

Capabilities

Enterprise-grade memory for every layer of your stack

Persistent Shared Memory

Facts, decisions, preferences, incidents and constraints survive session boundaries and are shared across your whole team — so nothing important is ever lost or re-explained. Runs on infrastructure you already operate; no exotic database to babysit.

Temporal Memory

Every memory carries valid_from / valid_until timestamps. Query the memory store as_of any past date — "what did we know about the auth service on March 15th?" Zep/Graphiti are bi-temporal too; memnos is the one that does it on a single plain PostgreSQL.

Living Knowledge Graph

Not a static document store. The graph evolves in real-time as agents work — new edges, superseded decisions, cross-linked incidents — always reflecting your team's current understanding.

Architecture Enforcement

Ingest your architecture docs — memnos parses RFC-2119 rules (SHALL / SHOULD / MAY) into constraint facts. They surface in recall like any memory, and corpus_check returns the rules relevant to any code snippet or diff — deterministic, no LLM.

Agent Memory Policies & Audit Trail

Every operation is token-authenticated, namespace-scoped and audit-logged — principal, operation, latency, result count. Every consolidated fact keeps provenance links to the raw episodes behind it. (Per-author memory attribution ships in v0.1.6.)

Multi-Agent Coordination

Pub/sub across agents — webhook push and cursor-based polling, delivered at-least-once. When one agent writes a discovery, subscribed agents hear about it on the next delivery pass.

Multi-Model Support

Claude Code, Codex, Cursor, GPT-5, Llama, Gemini, Mistral — any model that can make an HTTP call works with memnos. Swap your underlying LLM without touching your memory layer.

Namespace ACLs

Fine-grained access control via API keys and namespaces. Give the backend team read/write to org:acme:backend, the frontend team to org:acme:frontend. Each agent gets exactly the permissions it needs.

Secret Vault

AES-256-GCM encrypted vault for secrets and keys, stored alongside memories, with master-key rotation built in. Ingest redaction strips credential patterns before they ever land in memory.

Constraint Checks

Write an architecture rule once — or ingest a whole doc. Stored rules are searchable by every agent, and /corpus/check returns the rules relevant to any snippet or diff — in CI, code review, or your editor.

Deterministic Capture Proxy

Point ANTHROPIC_BASE_URL / OPENAI_BASE_URL at memnos proxy and every conversation is captured deterministically — not left to the model's discretion like MCP-only memory.

Portable Memory

Copy or move whole namespaces with one command, and back up everything with standard PostgreSQL tooling (pg_dump). It’s your database — your memory travels with your infrastructure.

Consolidate your stack

One engine, three systems

The three pieces teams usually bolt together from separate products — shipped as one engine, on one governed PostgreSQL.

Your RAG

Document ingestion (/ingest/file), hybrid retrieval — vector + BM25 fused with RRF — and a cross-encoder reranker on by default. No separate vector database to run.

Your knowledge graph

Entities, edges, bi-temporal facts and consolidated dossiers — plus grounded recall: admin-linked knowledge namespaces consulted with every search. Lightweight by design: it is not a replacement for a dedicated graph-analytics platform.

Your agent memory

Episodes, deterministic supersession, namespaces with ACLs, audit, pub/sub coordination — persistent memory for every agent and AI tool you already use, via MCP, REST and the SDK.

All three live in one PostgreSQL + pgvector you already run — one backup, one auth model, one audit trail.

No fine print

How memories actually get captured

Here’s a truth most memory products won’t put on their homepage: the MCP protocol has no post-response event — a memory server never sees the conversation, so capture via MCP tools is at the model’s discretion. That’s true for every vendor, including us. So memnos ships three explicit capture tiers and tells you which one you’re getting:

Capture tier Works with Who decides what’s saved Guarantee
Claude Code hooks Claude Code memnos — both speakers, every turn Deterministic
memnos proxy Any client with a base-URL override (ANTHROPIC_BASE_URL / OPENAI_BASE_URL) memnos — full conversation relayed Deterministic
MCP tools Everything else — including Claude Desktop The model ~ Best-effort

Claude Desktop allows no base-URL override and no hooks — it is tools-only for every memory vendor. If a memory product promises automatic capture there, ask how.

Use Cases

Built for real engineering team complexity

Policies

Agent memory policies from day one

The question isn't whether your AI agents will make consequential decisions. They already are. The question is whether you can audit them, govern them, and prove it to your organization.

Complete audit trail — every operation logged with principal, namespace and outcome
Namespace access control — each agent gets exactly the permissions it needs
Architecture checks — stored rules checked against any diff from CI
Learn about policies →
audit_record.json
{
  "id": 48121,
  "text": "Chose PostgreSQL + pgvector over Neo4j",
  "kind": "proposition",
  "valid_from": "2026-03-15T10:23:44Z",
  "valid_to": null,
  "provenance": { "episodes": [9143, 9150] },
  "audit": { "principal": "arch-agent", "op": "/remember" },
  "namespace": "org:acme:architecture"
}
Comparison

Not just another memory layer

memnos is the only memory tool built for multi-agent engineering teams — with memory policies, temporal queries, and architecture enforcement no other tool has.

Capability memnos mem0 Zep Obsidian+Claude ChatGPT Memory
Multi-agent shared memory ~
Temporal memory (as_of queries)
Architecture enforcement
Complete audit trail
Self-hostable, 100% local ~
Secret vault
Install & integrate

One command. Then use it from anywhere.

A cross-platform memnos CLI (server + client in one), an MCP server for Claude Code / Cursor / Windsurf, and a plain REST API. PostgreSQL is the only prerequisite. (Plus a Python SDK on PyPI — memnos-sdk — with LangChain, LangGraph & LlamaIndex retriever adapters.)

$ ./install.sh macOS/Linux (Windows: install.ps1)
$ memnos setup connect your Postgres
$ memnos start → http://127.0.0.1:8900/admin
remember + recall (REST / CLI)
# REST — works from any language (Bearer token, namespace-scoped)
curl -X POST http://127.0.0.1:8900/remember \
  -H "Authorization: Bearer $MEMNOS_TOKEN" -H "Content-Type: application/json" \
  -d '{"namespace":"org:acme:security","text":"JWT tokens must expire after 15 minutes in production"}'

curl -X POST http://127.0.0.1:8900/recall \
  -H "Authorization: Bearer $MEMNOS_TOKEN" -H "Content-Type: application/json" \
  -d '{"namespace":"org:acme:security","query":"token expiry policy"}'

# …or the CLI client
memnos remember "JWT tokens expire after 15 min in prod" --namespace org:acme:security
memnos recall   "token expiry policy" --namespace org:acme:security
Claude Code (MCP)
LangChain
LlamaIndex
REST API (any language)
Cursor / Windsurf
Integration

How it works

Five lines is all it takes to give your agent permanent, governed, shared memory.

1

Connect your agents

Drop the MCP server into Claude Code, Cursor, or any MCP-compatible host. Or use the REST SDK from any language. Self-host with one uv tool install — your Postgres, your data.

2

Recall — ranked, governed memory

Agents recall and write as they work. Hybrid search (vector + BM25 + RRF) with a cross-encoder reranker returns the most relevant facts and episodes — including any stored constraint facts that match.

3

Enforce in CI

Call /corpus/check with every PR diff. It returns the stored SHALL / SHOULD / MAY rules relevant to the change — annotate the PR, or fail the build on your own policy.

4

Write with full provenance

Every call is token-authenticated and audit-logged; every consolidated fact keeps provenance links to its source episodes. Per-author attribution on each memory lands in v0.1.6.

client.py
from memnos_sdk import MemnosClient

with MemnosClient(
    base_url="https://memnos.acme.com",
    token="...",
) as client:

    # Hybrid recall — facts + episodes, reranked
    out = client.recall(
        "how do we handle patient data encryption",
        namespace="org:acme:engineering",
    )

    # One prompt-ready context string
    ctx = client.context("auth service decisions")

    # Write — authed, namespaced, audit-logged
    client.remember(
        "Selected PostgreSQL + pgvector — single engine",
        namespace="org:acme:architecture",
    )
Multi-agent coordination new in 0.1.6

Agent handoffs you can audit

The classic blackboard pattern, with a policy layer: agents share a namespace, every write is signed with the authenticated principal — set by the server, never client-supplied — and webhook subscriptions push new memories to the agents that care (at-least-once). When another agent recalls, it sees exactly who said what.

blackboard.sh — a governed handoff between two agents
# Give the agent its own identity, key and scope
memnos principal create billing-bot --kind service
memnos token mint billing-bot                  # → mnk_…
memnos grant add billing-bot proj:storefront

# billing-bot writes a discovery to the shared namespace…
memnos remember "Refund r-1041 approved — customer churned over shipping delays" \
  --namespace proj:storefront

# …the support agent subscribes (webhook push, at-least-once)
curl -s -H "Authorization: Bearer $MEMNOS_TOKEN" http://127.0.0.1:8900/subscribe \
  -d '{"namespace":"proj:storefront","webhook":"https://support-bot.internal/hook"}'

# …and every other agent's recall shows who said it — server-signed:
- (fact, 2026-06-11, by billing-bot) Refund r-1041 approved — customer churned …

Delivery is webhook push plus cursor-based polling, at-least-once on each pusher pass — not a millisecond bus. Full details in the API reference.

We eat our own dog food

The AI agents that built memnos used memnos.

Every architecture decision in this codebase is a memory. Every incident we hit is stored. The agents that write our docs query memnos before writing a word.

We didn't just use our product — our product made itself. If memnos went down, our agents would start repeating the same mistakes within a week.

// actual memories from building memnos

fact 2025-11-03

Chose PostgreSQL + pgvector over Neo4j + Qdrant. One engine eliminates two services and gives vector + full-text search without a second database.

fact 2025-12-14

E2E stack stuck at "Created" — Postgres container never became healthy. Root cause: ~ in .env file not expanded by docker-compose. Fixed by injecting MEMNOS_DATA_DIR as shell env var.

constraint corpus constraint — searchable by all agents

CONSTRAINT: Source directories are READ-ONLY. All memory and learnings go to vaults only. Never write markdown in source repos.

One tool. Every agent.
Zero lost context.

Self-host in minutes — one installer script or Docker, on a PostgreSQL you already run. Apache-2.0 licensed. No lock-in.