The question isn't whether your AI agents will make consequential decisions. They already are. memnos gives you the audit trail, access controls, and enforcement mechanisms to govern them confidently — without adding friction to the engineering workflow.
Every memory write in memnos carries full provenance. Not just what was written — but who wrote it, which tool produced it, which git commit it belongs to, and which ticket it traces back to.
{
"id": "mem_a4f2b91",
"content": "Selected ArcadeDB over Neo4j
for multi-model support",
"memory_type": "decision",
"author": "arch-agent-01",
"provenance": {
"agent_id": "arch-agent-01",
"tool": "claude-code",
"git_commit": "a4f2b91",
"ticket": "ARCH-42",
"session_id": "sess_7c2d..."
},
"created_at": "2026-03-15T10:23:44Z",
"valid_from": "2026-03-15T10:23:44Z",
"valid_until": null,
"namespace": "org:acme:architecture"
}Prove to auditors which AI agents made which decisions. The full provenance chain — agent, session, tool, commit — is queryable forever. Not just a log; a structured knowledge graph.
When something goes wrong, trace the decision back to the exact agent session and git commit that produced it. Understand the context that existed when the decision was made.
Know which team, which tool, which git commit produced each memory. In an AI-assisted world, accountability requires that every machine action be traceable to a human decision point.
Detect when agents are behaving outside expected parameters. Query for agents writing unusual memory patterns, accessing namespaces unexpectedly, or making decisions outside their defined scope.
Not all agents should see all memories. Namespace ACLs give you surgical control over what each agent can read and write — mapped directly to your team structure.
org:acme ← company root org:acme:engineering ← all engineering org:acme:engineering:backend ← backend team org:acme:engineering:mobile ← mobile team org:acme:engineering:infra ← infra team org:acme:security ← security (restricted) org:acme:finance ← finance (isolated)
Each API key is scoped to one or more namespaces with read or read/write permissions
Parent namespace keys can read child namespaces — but not vice versa
API keys are revocable instantly — decommission a compromised agent in seconds
Every access is logged — read and write operations on each namespace are auditable
Backend dev agents
key: sk_backend_xxx
Architecture agents
key: sk_arch_xxx
Oncall / incident agents
key: sk_oncall_xxx
CI / audit agents
key: sk_ci_xxx
AES-256-GCM encrypted vault integrated directly with your memory infrastructure. Secrets stored, accessed, rotated, and audited alongside the knowledge that uses them.
Every secret is encrypted with AES-256 in GCM mode before writing to storage. Even if your memnos database is compromised, secrets cannot be read without the encryption key.
Credential patterns are automatically detected and redacted from memory writes. An agent cannot accidentally store a database password as a fact memory — the vault layer intercepts it.
Rotate any credential with a single API call. Previous versions are retained for a configurable window — so agents using the old value get a grace period to update, without an outage.
Every vault read is recorded — agent, timestamp, namespace. Know exactly which agent read which credential and when. Full compliance-grade access log for every secret access event.
# Store a secret alongside metadata
await client.vault.set(
"prod_db_password",
"s3cr3t_v@lue",
tags=["database", "prod"],
namespace="org:acme:security",
)
# Read — automatically creates audit log entry
password = await client.vault.get("prod_db_password")
# Audit record: {agent: "deploy-agent", read_at: ...}
# Rotate with version history (grace period)
await client.vault.rotate(
"prod_db_password",
"new_s3cr3t_v@lue",
grace_period_hours=24,
)
# List all secrets (metadata only — no values)
secrets = await client.vault.list(
namespace="org:acme:security",
tags=["prod"],
)
# Delete expired versions
await client.vault.purge_old_versions(
"prod_db_password",
keep_versions=3,
)Architecture governance shouldn't require a human reviewer to catch every violation. memnos's corpus checker runs your documented architecture against every code change — automatically, in CI, before it merges.
Violations block the PR — zero exceptions
Violations annotate the PR with a warning comment
Informational — suggests best practices, doesn't block
All PHI data SHALL be encrypted at rest using AES-256 or stronger. Unencrypted PHI storage is a HIPAA violation.
score: 0.94 · section: Data Protection
Services SHOULD include correlation IDs in all log entries for distributed tracing support.
score: 0.87 · section: Logging Standards
APIs MAY return paginated results using cursor-based pagination rather than offset-based for large collections.
score: 0.72 · section: Response Patterns
Whether your team uses Claude Code, GPT-4, Llama, or Gemini — all agents write to the same governed memory layer with the same audit trail. Switch models without losing governance.
| Model | Integration | Status |
|---|---|---|
|
C
Claude (Anthropic)
|
MCP + REST SDK | Supported |
|
G
GPT-4, GPT-4o (OpenAI)
|
REST SDK | Supported |
|
L
Llama 3, Mistral (Ollama)
|
REST SDK | Supported |
|
G
Gemini (Google)
|
REST SDK | Supported |
|
*
Any custom LLM
|
REST API (HTTP) | Supported |
The governance layer is model-agnostic by design. Your organization's audit requirements, access policies, and architecture rules apply equally to all agents — regardless of which LLM they run on.
memnos is MIT licensed and fully self-hostable. Your team's knowledge graph belongs to you — not a vendor. Export, migrate, and restore with complete fidelity.
Full namespace export to JSON
All memories, edges, metadata, and provenance included. Completely portable JSON format — import anywhere.
Import to any memnos installation
Cloud to on-prem, region migration, disaster recovery — any installation can import any export.
All edges, metadata, and provenance preserved
Graph structure is fully exported — not just content nodes but all relationships and connection metadata.
MIT licensed — no vendor dependency
memnos is open source under MIT. Fork it, modify it, self-host it. Your team's memory is not dependent on our continued operation.
# Export entire organization memory
memnos export \
--namespace org:acme \
--output acme-backup-2026-05-27.json \
--include-provenance \
--include-vault-metadata
# → Exported 4,821 memories, 12,440 edges
# → Output: acme-backup-2026-05-27.json (18.4 MB)
# Import to new installation (region migration)
memnos import \
--file acme-backup-2026-05-27.json \
--namespace org:acme \
--target https://new-region.memnos.acme.com
# → Imported 4,821 memories in 2.3s
# Namespace-scoped backup (single team)
memnos export \
--namespace org:acme:engineering:backend \
--output backend-team-2026.jsonmemnos's governance features are not add-ons — they're the foundation. Audit trails, ACLs, and architecture enforcement are part of every memory write, from day one.