Why ai-memory beats vector-DB-only.

With measured numbers. Vector databases solve text-similarity search; they do not solve the eight other things an autonomous AI Non-Human Identity agent needs from its substrate. Here are those eight things, each one a real surface in ai-memory, each one absent from "Postgres + a vector column" alone.

This essay is not anti-vector-DB. ai-memory uses one (HNSW over MiniLM embeddings, blended with FTS5 keyword score, in the recall pipeline). The argument is narrower: if all you have is similarity search, you do not have a substrate. Eight things you also need.

01. Typed memory_kind taxonomy

A vector DB stores text + a vector. ai-memory stores text + a vector + a kind: Observation, Reflection, Persona, Concept, Entity, Claim, Relation, Event, Conversation, Decision (the Batman Form-6 vocabulary, v0.7.0). Plus free-form tags for project-specific taxonomies.

Why this matters: an agent recalling "what policies apply here" is a different query from "what did I observe last Tuesday." Without typed kinds, you smear them together and the LLM has to disambiguate every time. With typed kinds, you filter at SQL.

02. Knowledge graph with temporal validity

Memories link to other memories with typed directional edges: related_to, supersedes, contradicts, derived_from, reflects_on, derives_from (six variants at v0.7.0). Each edge carries optional valid_from / valid_until so the substrate can answer "what was true on date X" instead of just "what is in the DB now."

Backends: in-process SQL for T1; Apache AGE for T3+. The same Cypher-shaped query surface in both.

03. Ed25519-signed links (attest_level)

When the autonomous tier writes a link, it signs the link with the agent's Ed25519 key. The link's attest_level field records the signing strength — unsigned, self_signed, peer_attested, signed_by_peer, daemon_signed. The verifier replays the signature on read; tampering breaks verification; the substrate refuses to surface a tampered edge in a high-attest query.

A plain vector DB has no notion of "who said this link is true and can I cryptographically verify it."

04. Operator-signed substrate rules (L1–L6)

The substrate ships with six rule layers, L1 through L6, each Ed25519-signed by the operator's key. Examples: L1 identity rules (every memory carries agent_id), L3 audit rules (every state change emits a signed event), L5 governance rules (per-agent permission scopes). The operator's pubkey lives at operator.key.pub on disk; the env-var override (AI_MEMORY_OPERATOR_PUBKEY) is documented as override-authority.

An agent cannot rewrite the rules. The operator can. That separation is the whole point.

05. HMAC-required subscriptions + SSRF gate

The hook pipeline fires on 25 named substrate events. External subscribers (webhooks) must register an HMAC secret at subscription time; events are POSTed with an X-AI-Memory-Signature header; unsigned subscriptions are refused at registration. Loopback URLs are refused unless AI_MEMORY_ALLOW_LOOPBACK_WEBHOOKS=1 — an SSRF gate (issue #628, H11) so a compromised agent cannot pivot to localhost services.

06. Autonomous tier (LLM consolidate / contradict / auto-tag)

When you wire in an LLM (local Ollama, OpenAI-compatible endpoint, whatever), the substrate runs:

• consolidation — merges duplicate memories, preserves source agent_ids under consolidated_from_agents, emits supersedes links
• contradiction detection — flags pairs of memories whose claims are mutually inconsistent and emits a contradicts link
• auto-tag — assigns tags on store so subsequent recall can filter by topic
• reflection — bounded recursive synthesis over a memory scope, signed and stored as kind reflection

Measured note: on gemma4:e4b Q4_K_M on an M4 Mac Mini, the curator's auto-tag + contradiction passes hit a p50 wall of ~2.9 s for an 80-token completion at 31 tok/sec. Speculative-decoding (MTP) gating on the same host is currently a no-op pending a GGUF-converted drafter; details and reproduction in docs/v0.7.0/mtp-bench-2026-05-17.md.

07. NHI agent_id semantics

Every memory carries metadata.agent_id. Resolution ladder, preservation invariants, validation regex, special-key reservations — all documented in the developer audience page and in docs/agent-identity.html. The substrate preserves agent_id across update, dedup, MCP memory_update, HTTP PUT, import, sync, and consolidate — enforced at the caller layer and again at the SQL layer (json_set CASE clauses in db::insert and db::insert_if_newer) so a single-layer bug cannot leak.

08. Append-only signed audit chain

Every store, update, link, reflection, consolidation, promotion writes a signed event into an append-only chain. The chain replays deterministically; the verifier catches tampering; the operator can audit who did what at any prior point in time. v0.7.0 names this signed-events v4; the spec is docs/signed-events-v4.md.

The honest counter-cases

Where a vector-DB-only setup wins:

• Pure information-retrieval-over-corpus. If your use case is "give me the top-k passages similar to this query against a 100M-document corpus," a hosted vector DB tuned for ANN at scale is the right tool. ai-memory's HNSW is in-process and pragmatic; it is not a million-vector behemoth.
• No autonomous agent in the loop. If a human is reading every retrieval result and there is no agent acting on its own behalf, you may not need the substrate features — you have a human in the loop providing identity, governance, and audit out-of-band.
• You already have a substrate. If your platform already provides typed memory + KG + governance + signed audit, you don't need a second one.

Where you want ai-memory:

• You are running autonomous AI agents on behalf of an organization. The NHI framing exists because the security industry has converged on it.
• You need the audit trail to survive a model swap. Identity, links, and audit chain are independent of the LLM you used to write them; switching from Claude to Grok to GPT does not lose the chain.
• You want the substrate to enforce things against itself. Operator-signed rules, HMAC subscriptions, SSRF gate, append-only audit are constraints the agent cannot lift.

The argument is not "vector DB bad." The argument is: similarity search is one feature out of nine. If you need the other eight, you need a substrate, and ai-memory is the open-source one designed around the AI NHI agent as the load-bearing user.

Reproducing the claims

• Tool counts (74 MCP entries, 89 HTTP routes (75 unique paths), 80 CLI subcommands (default build) / 82 with --features sal or --features sal-postgres): asserted by Profile::full().expected_tool_count() in src/profile.rs and by the HTTP route registry in src/lib.rs; full surface lists in USER_GUIDE, API_REFERENCE, CLI_REFERENCE.
• Schema version v57, 26-field Memory struct, 6 link variants: src/models/memory.rs, src/models/link.rs, src/storage/migrations.rs.
• Autonomous-tier latency p50 ~2.9 s on gemma4:e4b: mtp-bench-2026-05-17.md.
• Test campaign SHIP-RECOMMENDED verdict, 7,321 PASS / 0 FAIL across 269 test binaries (22 issues #1120-#1141 fixed in-campaign, no v0.8.0 deferrals): 2026-05-22 release-gate-final campaign.