Tier 5 — Global hive

This tier is vision territory. It is what ai-memory is being built toward. The honest framing: every primitive on every diagram below is either shipping in v0.6.3, on the v0.7 roadmap, or scoped explicitly for v1.0+ with the design documented in an ADR or roadmap doc. There is no fiction on this page — only the destination, drawn explicitly so the path is legible.

Multi-region · attested · federated · collective.

T5 vs T4.

T5 is not "more nodes than T4." The same cluster shape scales to thousands of nodes via T4's mechanisms. T5 is the tier where trust and consistency model change qualitatively.

Cryptographic agent attestation

At T1–T4, an agent's identity is claimed via metadata.agent_id. At T5 it must be proven.

The plumbing is already in v0.6.3 schema:

• memory_links.signature column (schema v15) — reserved at v0.6.3, populated with claimed identity, will be cryptographically signed at v0.7.
• The observed_by column on memory_links records which agent observed the relationship — paired with signature this becomes provable provenance.

What's needed to reach the T5 trust model:

• Agent keypair issuance and rotation.
• Signature verification on every sync_push ingress — peers refuse incoming memories with bad signatures.
• Revocation list distribution.
• Hardware-backed key custody for high-trust agents (TPM / Secure Enclave / Cloud KMS).

This is v1.0+ work. The schema reservation at v0.6.3 is the down-payment.

Distributed consensus for governance

At T3/T4, governance policies and pending decisions are eventually consistent. Two operators on partitioned sides of the cluster can both approve the same pending action. Last-write-wins resolves it on rejoin.

At T5 — with millions of agents and cross-jurisdictional rules — that's not enough. A change to org/eu/personal-data policy under GDPR has to be strongly consistent before any agent in any region commits a write under the new rule. This is the use case for a Raft-class consensus log on the governance plane only (not on the memory write path — that stays eventually consistent for performance).

The architectural separation:

• Memory writes — eventually consistent, quorum-bounded (v0.7 Track C).
• Governance writes — strongly consistent via consensus rail (v1.0+).

Memories are append-mostly; governance is small, infrequent, and high-stakes. Different consistency models for different planes.

Jurisdictional boundary enforcement

At T5, namespaces aren't just visibility scopes — they're legal boundaries. The federated control plane has to enforce things like:

• "org/eu/* memories may only be physically resident in eu-* regions."
• "Cross-region recall against org/healthcare/* requires policy assertion hipaa_compliant=true on the requesting agent."
• "Audit log for any org/finance/trading/* write must be fsync'd to two independent storage backends in distinct AZs."

These policies compose from existing primitives (namespace + governance + capabilities introspection + attested identity). They become enforceable when v1.0 wires the consensus rail and the attestation chain.

Emergent collective behavior

What makes T5 a hive rather than just a big cluster:

• Cross-region knowledge transfer — A discovery in NA can propagate (or be rejected) by every other region's policy engine within seconds.
• Temporal-validity KG replay — v0.6.3's memory_kg_query(as_of=...) plus the temporal columns (valid_from, valid_until, observed_by) means an agent can ask "what did the collective know at 14:23 UTC last Tuesday?" and get a deterministic answer across the fleet.
• Point-in-time provenance — Every memory has a signed origin and a tracked validity window. A regulator's request "show me what informed this decision" returns a verifiable lineage.
• Differential privacy on cross-tenant recall — Roadmap. The scope-visibility filter is the foundational primitive; DP noise on aggregated recalls is the v1.0+ cap.

Each of these is a composition of primitives that ship today + v0.7 + v1.0. Nothing on the T5 list is a new fundamental capability — it's what becomes operationally possible when the lower-tier pieces are all in place at scale.

A pleasant amount, actually.

• Hierarchical namespace + scope visibility — the substrate for jurisdictional boundaries.
• Per-namespace governance with pending workflows — the substrate for policy-as-code.
• Federated governance fanout — every node sees the same policy, eventually.
• Federated pending-decision sync — approve/reject propagates fleet-wide.
• Vector-clock causality — the substrate for "what did the fleet know when."
• Temporal-validity KG (v0.6.3) — valid_from / valid_until / observed_by columns on every link.
• Capabilities introspection v2 (v0.6.3) — runtime trust assessment per node.
• Hierarchical taxonomy (v0.6.3) — tree views over the global namespace tree.
• signature column reserved (v0.6.3) — the schema down-payment for attestation.
• Entity registry & aliases (v0.6.3) — global entity identity, the substrate for cross-tenant identity resolution.

What blocks T5 today.

This is the honest road. Each row that flips toward shipping is a discrete piece of engineering with a tracked owner and an ADR.

Primitives compose.

ai-memory is a primitive. Primitives compose. The same MCP protocol surface, the same recall pipeline, the same governance contract that runs on a developer's laptop is what runs in the fleet at T5. There is no separate "enterprise edition" or rebuild — there is the primitive, scaled.

That property — identical surface area from one agent to the global hive — is what makes the architecture credible. It's what lets a startup at T2 grow to T5 without rewriting their integration. It's what lets a research collective federate with a corporation while preserving each side's governance.

The compounding value:

• Memory becomes infrastructure — like a CDN, like DNS. Any agent, anywhere, can ask "what does the collective know about X?" and get an answer that respects every relevant policy.
• Trust becomes verifiable — attested provenance means "agent A asserted this at time T from cluster C with these capabilities" is provable, not merely claimed.
• Governance becomes federated — a policy update in one rack lands in every rack. A pending approval on one continent is visible on every other.
• Knowledge becomes durable — the temporal-validity KG means past states are queryable. "What did the fleet think on 2026-01-15?" is a deterministic answer.

That's the hive. It's worth building toward, even if v0.7 and v1.0 are still out there.

Source-of-truth references.

• docs/ROADMAP-ladybug.md — Track A (T1/T2 polish), B (Postgres), C (quorum), D (attestation)
• docs/ADR-0001-quorum-replication.md — quorum write design
• docs/ARCHITECTURAL_LIMITS.md — honest ceiling on every dimension
• src/models.rs — MemoryLink (with v15 valid_from, valid_until, observed_by, signature)
• src/db.rs — schema v15 migration (entity_aliases, KG tables, temporal indexes)
• v0.6.3 release notes — taxonomy, KG layer, capabilities v2, entity registry