ai-memory v0.7.0 closes two long-standing gaps in one release. The substrate says what it can do — capabilities v3 pre-computes the calibration strings LLMs would otherwise improvise — and signs what it remembers — per-agent Ed25519 keypairs sign every memory link, with an append-only signed_events audit chain. Plus the K1/G1 namespace-inheritance cutline, a programmable 20-event hook pipeline, sidechain transcripts, and an opt-in Apache AGE acceleration path.
Each track of the attested-cortex epic lands independently. Use this table to know what's on by default, what's opt-in, and what slips to v0.7.1.
| Track | Scope | Default in v0.7.0 | Status |
|---|---|---|---|
| A — Capabilities v3 | summary, to_describe_to_user, callable_now, agent_permitted_families |
Default response shape (v2 still served on schema_version: 2) |
✅ shipping |
| B — Loader tools | memory_load_family, memory_smart_load(intent) |
Always-on, callable from any harness | ⚠️ partial — B-track lands progressively |
| C — Schema compaction | --profile full drops to ≤3,500 input tokens |
CI-gated | ⚠️ partial — C-track lands progressively |
| D — Per-harness positioning | Cross-harness benchmark + compat matrix | Published as a standalone page | ✅ shipping (D2 merged) |
| E — Discovery Gate T0 | Calibration cells re-run across 4 LLMs post-ship | External run after release | 🚧 v0.7.1+ |
| F — Docs + release | Migration guide, RFC, this page, top-nav refresh, CHANGELOG | Released alongside the binary | ⚠️ partial (F1, F2, F6, D2 merged; F3-F5 in flight) |
| G — Hook pipeline | 20 lifecycle events, exec + daemon modes, decision contract, chain ordering | No hooks fire until ~/.config/ai-memory/hooks.toml exists |
✅ shipping |
| H — Ed25519 attestation | Per-agent keypair, link signing, attest_level enum, signed_events audit table |
Opt-in via ai-memory identity generate; legacy callers stay unsigned |
✅ shipping |
| I — Sidechain transcripts | zstd-3 BLOB store, memory_transcript_links, memory_replay, archive→prune |
Off (per-namespace TTL opt-in) | ⚠️ partial — I1+I2 in v0.7.0; I3-I5 spillover |
| J — Apache AGE acceleration | Cypher backend on Postgres-with-AGE; recursive CTE on SQLite | Auto-detected if AGE extension present; CTE fallback otherwise | 🚧 v0.7.1+ (CTE path stays default in v0.7.0) |
| K — Permissions + G1 cutline | K1 namespace-inheritance enforcement (mandatory); rules + modes + hooks → decision; approval API | K1 enforces inheritance; permissions.mode = "advisory" preserves v0.6.4 semantics on first boot |
✅ K1 shipping · ⚠️ K6-K11 partial |
Same release, three framings — pick yours.
When your AI assistant (Claude, ChatGPT, Cursor, Codex, Grok, Gemini) reaches for ai-memory v0.7.0, the cortex experience now reliably arrives across LLMs. Capabilities v3 ships pre-computed summary and to_describe_to_user strings — reasoning-class LLMs converge on the same accurate first-answer descriptions instead of improvising. Hooks let your agents react to memory operations (post_store, post_link, …). And every memory link is cryptographically attested — per-agent Ed25519 keypairs, signed memory_links, and an append-only signed_events audit chain back every change. Permissions actually enforce now (was advisory-only in v0.6.x; opt into enforce mode).
brew upgrade ai-memory ai-memory identity generate --agent-id ai:claude-code@$(hostname)
That second command opts your agent into Ed25519 attestation; legacy callers continue working as unsigned.
pre_store, post_store, pre_recall, post_recall, …), subprocess + daemon-mode IPC, Allow/Modify/Deny/AskUser decision contract, chain ordering with first-deny-wins short-circuit. Hot-path events default to daemon mode to preserve the v0.6.3 50ms recall budget.ai-memory identity generate), outbound link signing, inbound verification against observed_by, signed_events append-only audit table (schema migration v20 → v22).memory_transcripts, joined to memories via memory_transcript_links, per-namespace TTL with archive→prune lifecycle, memory_replay(memory_id) reconstructs the chain.pg_extension. SQLite installs fall back to recursive CTE. Cypher implementations of memory_kg_query, memory_kg_timeline, memory_kg_invalidate — and the new memory_find_paths(source, target, max_depth=5) tool (recovers commitment R2).enforce/advisory/off) + hooks → Decision; deny-first semantics. Migration tool: ai-memory governance migrate-to-permissions (idempotent, dry-run by default).memory_load_family(family) (always-on) and memory_smart_load(intent) (embedding-matched) — reasoning-class LLMs find the loader of last resort on first ask. (B-track lands progressively.)--profile full drops to ≤3,500 tokens (CI-gated). (C-track lands progressively.)
Every link write is logged with a cryptographic signature in an append-only signed_events table — the audit chain compliance teams have been asking for. T4-T5 multi-agent positioning gets closer to ready: Discovery Gate T0 calibration cells lock the user-facing phrasings so a 3-LLM swarm aligned on capability descriptions doesn't drift across vendors. The cross-harness compatibility matrix (per-feature × per-harness) is published as a Pages doc you can link operators at. K1 (G1 inheritance) cutline shipped: parent namespace policies now enforce on child writes — enables N-level governance hierarchies. SDK back-compat preserved: existing v0.6.4 SDKs still work against the v0.7.0 server (v3 is additive over v2; schema_version: 2 still answered).
v0.7.0 is additive in most surfaces. These two callouts are the exceptions worth reading first.
memory_capabilities v3 is now the default response shape. The change is additive over v2 (every v2 field stays at its current path), but the top-level schema_version discriminator changes from "2" to "3". SDK consumers who pin schema_version === "2" continue receiving the v2 shape (v2 stays supported through v0.7.x); consumers who switch on schema_version without an unknown-version fallback should add v3 handling or pin v2 explicitly.
Mitigation: read v3 fields if present; ignore unknown top-level keys. Existing v0.6.4 SDKs already do this and need no changes. See MIGRATION_v0.7.md §Capabilities v3 schema additions and the canonical phrasings for the pinned v3 strings.
The K1/G1 cutline fix means resolve_governance_policy now walks the namespace chain instead of consulting only the leaf namespace. Child writes that v0.6.x silently approved may now require approval — if a parent namespace has an Approve policy and a child namespace had no policy of its own, v0.6.x let the write through; v0.7.0 routes it to the approval queue.
Mitigation: set inherit = false on a child policy to opt that branch out of inheritance, or run ai-memory governance migrate-to-permissions --dry-run to preview which writes will change behavior under your existing rules. See MIGRATION_v0.7.md §G1 inheritance fix.
Existing @alphaone/ai-memory (npm) and ai-memory-mcp (PyPI) SDKs published for v0.6.4 continue to work against the v0.7.0 server. v3 is additive over v2; the v2 wire shape stays supported through the v0.7.x line. Per-harness coverage is in the v0.7 compatibility matrix.
Every card below is anchored to a track in the attested-cortex epic and a section in the design RFC.
The v3 response carries summary (operator-facing — names the loader vocabulary) and to_describe_to_user (plain English — no MCP jargon). LLMs converge on accurate first-answer descriptions instead of improvising. Per-tool callable_now: bool + agent_permitted_families array honor the [mcp.allowlist] from v0.6.4 phase 1.
The signature column shipped in v0.6.3 finally carries real Ed25519 signatures. Per-agent keypairs at ~/.config/ai-memory/keys/<agent_id>.{pub,priv} (mode 0600 / 0644). Outbound link writes sign canonical-CBOR-encoded link content. attest_level enum: unsigned / self_signed / peer_attested. Append-only signed_events audit table (schema migration v20 → v22).
Programmable extension surface at every memory operation point. Exec mode: subprocess per fire; JSON over stdin→stdout. Daemon mode: long-lived child with JSON-RPC framing, reconnect-on-crash, backpressure metrics. Decision contract: Allow / Modify(delta) (pre- events only) / Deny{reason, code} / AskUser{prompt, options, default}. Chain ordering is priority-desc; first Deny short-circuits. R3 (auto-link inference) and R5 (auto-extraction) ship as reference daemon-mode hooks.
v0.6.x's resolve_governance_policy consulted only the leaf namespace — a parent Approve policy didn't block a child write. v0.7.0 walks the chain via build_namespace_chain; first non-null policy wins. Per-policy inherit: bool flag (default true) lets child branches opt out. Backfill migration sets inherit = true on every existing row. Mandatory cutline: "even if everything else slips, this fix ships."
Raw conversation/reasoning trail in zstd-3 BLOBs. memory_transcripts table (schema v22) joined to memories via memory_transcript_links(memory_id, transcript_id, span_start, span_end). Per-namespace TTL with archive→prune sweeper. memory_replay(memory_id) traverses the join and reconstructs the chain. Substrate for R5 auto-extraction.
Postgres SAL detects Apache AGE via pg_extension at boot. When present: Cypher implementations of memory_kg_query, memory_kg_timeline, memory_kg_invalidate. When absent (or SQLite): recursive CTE path stays as fallback. Bench-gated: AGE p95 must beat CTE p95 by ≥30% at depth=5 to justify shipping. New memory_find_paths(source, target, max_depth=5) tool recovers commitment R2.
ai-memory's architecture scales from one developer's laptop to a multi-region hive of agents without switching products. v0.7.0's attestation + permission + inheritance work lands the substrates T4-T5 multi-agent deployments need. Every primitive listed below is in the v0.7.0 binary; you turn flags on as you grow.
ai-memory mcp| Capability | v0.6.4 (quiet-tools) | v0.7.0 (attested-cortex) |
|---|---|---|
| Pre-computed capabilities calibration | n/a (v2) | ✅ v3 default (summary, to_describe_to_user) |
| Named loader tools | via memory_capabilities --include-schema | ✅ memory_load_family, memory_smart_load(intent) |
| Per-agent capability allowlist | ✅ phase 1 ([mcp.allowlist]) | ✅ + callable_now + agent_permitted_families |
| Capability-expansion audit log | ✅ schema v20 (audit_log) | ✅ + signed_events append-only chain (schema v22) |
| Ed25519 link signing | ❌ dead column | ✅ filled (per-agent keypair, canonical-CBOR signing) |
| Inbound signature verification | ❌ | ✅ verified against observed_by claim |
| Programmable lifecycle hooks | ❌ (subscriptions only) | ✅ 20 events, exec + daemon modes, decision contract |
| Sidechain transcripts (zstd-3) | ❌ | ✅ memory_transcripts + memory_replay |
| Apache AGE Cypher backend | ❌ | ✅ opt-in (Postgres only); SQLite/CTE fallback unchanged |
| Namespace policy inheritance enforcement | ❌ leaf-only | ✅ walks the chain (K1/G1 cutline) |
| Permissions actually enforce | ⚠️ advisory-only | ✅ enforce / advisory / off modes |
| Approval API (HTTP + SSE + MCP) | ❌ | ✅ memory_approval_* tools + HMAC-mandatory |
| SDK back-compat (v0.6.4 clients) | baseline | ✅ preserved — v3 additive over v2 |
Each tool is described in docs/API_REFERENCE.md once its track lands. The track column points at V0.7-EPIC.md.
| Tool | Track | Purpose |
|---|---|---|
memory_load_family(family) | B1 | Always-on loader — registers the named family's tools without restarting the MCP server |
memory_smart_load(intent) | B2 | Embedding-matched loader — picks the family that best fits a natural-language intent string |
memory_find_paths(source, target, max_depth=5) | J7 (R2) | Returns paths through the knowledge graph — Cypher on AGE, recursive CTE on SQLite |
memory_replay(memory_id) | I4 | Reconstructs the transcript chain for a memory by traversing memory_transcript_links |
memory_verify(link_id) | H4 | Returns {signature_verified, attest_level, signed_by, signed_at} for a link |
memory_approval_pending | K10 | Lists pending approval requests |
memory_approval_decide(id, decision, remember=forever?) | K10 | Decides a pending approval; remember=forever enables progressive trust |
v0.7.0 follows the same evidence discipline established in v0.6.4 — every claim above resolves to a public, verifiable artifact:
The design RFC documents why each v0.7.0 decision shipped in the shape it did: why Ed25519 over X25519 + ChaCha20 (separate concern; X25519 lives in v0.8 end-to-end encryption), why subprocess-stdio + daemon-mode for hooks (vs. dynamic library plugins), why AGE behind a feature flag (vs. hard dependency), why permission system replaces governance instead of augmenting (and the migration story).
Per-feature × per-harness grid covering Claude Code, Claude Desktop, Codex, Cursor, Cline, Continue, Aider, Goose, generic JSON-RPC. Status emojis: ✅ supported, ⚠️ partial, 🚧 in progress, ❌ not yet, n/a not applicable. Cross-linked back to the RFC, migration guide, and Discovery Gate.
What's new at a glance, action required (most users see no behavior change), capabilities v3 schema additions, new tools, hook pipeline opt-in, Ed25519 attestation opt-in, sidechain transcripts opt-in, Apache AGE opt-in, the G1 inheritance fix and its mitigation (inherit = false on child policies), and the permissions migration via ai-memory governance migrate-to-permissions.
v0.6.4 came back 6/6 PASS, GATE GREEN against live xAI Grok 4.3. v0.7.0 re-runs the T0 calibration cells across 4 LLMs after release; convergence target is ≥95% across all 4 models. The cells lock the user-facing canonical phrasings so a 3-LLM swarm doesn't drift across vendors.
v0.7.0 is in flight. The epic tracks remaining work. v0.6.4 install paths below remain canonical until v0.7.0 is tagged; the same channels publish v0.7.0 once F5 lands the release.
brew install alphaonedev/tap/ai-memory ai-memory install claude-code --apply
cargo install ai-memory
docker pull ghcr.io/alphaonedev/ai-memory:latest
sudo dnf copr enable alpha-one-ai/ai-memory sudo dnf install ai-memory
npm install @alphaone/ai-memory
pip install ai-memory-mcp # import name remains ai_memory