v0.7.1

What's Changed

• security(docs): scrub @binary2029 handle from ADR headers on main by @alphaonedev in #1519
• release: v0.7.0 GA → main by @alphaonedev in #1657
• ci(release): pin cross-compile jobs to 1.96.0 (fix E0463 blocking GA publish) by @alphaonedev in #1658
• docs(pages): themed HTML for enterprise reference-architecture pages (fix raw .md on Pages) by @alphaonedev in #1659
• docs(pages): repoint all reference-architecture .md links -> .html sitewide by @alphaonedev in #1660
• ci(release): fix iOS mobile build (stray fi -> }) + iOS re-publish workflow by @alphaonedev in #1661
• ci(release): lipo iOS simulator slices before -create-xcframework by @alphaonedev in #1662
• ci(publish): fix npm publish + make PyPI publish idempotent by @alphaonedev in #1663
• ci(publish): working npm token-auth publish + SDK metadata fixes by @alphaonedev in #1664
• v0.7.1 (#1665): memory_reflect top-level entity_id param + resolve_entity_id trim parity by @alphaonedev in #1666
• docs(roadmap): add v0.7.1 patch-line section + bucket deferrals by version by @alphaonedev in #1668
• docs(roadmap): reconcile v0.7.1 adversarial-audit findings by @alphaonedev in #1669
• docs(roadmap): complete v0.7.1 audit reconciliation (remaining edits) by @alphaonedev in #1681
• docs(roadmap): §11.3.1 add #1667 install-hardening + fix residual wording by @alphaonedev in #1682
• docs: correct v52 schema + governance/L2 claims (v0.7.1 audit) by @alphaonedev in #1697
• docs(roadmap): integrate DeepMind 'From AGI to ASI' review into the Moonshot (§5 decorrelation now committed) by @alphaonedev in #1699
• docs(v0.7.1): self-contained EPIC execution prompt (#1683) by @alphaonedev in #1701
• Release v0.7.1 — hardening patch (attested-cortex line) by @alphaonedev in #1702

Full Changelog: v0.7.0...v0.7.1

What's Changed

• security(docs): scrub @binary2029 handle from ADR headers on main by @alphaonedev in #1519
• release: v0.7.0 GA → main by @alphaonedev in #1657
• ci(release): pin cross-compile jobs to 1.96.0 (fix E0463 blocking GA publish) by @alphaonedev in #1658
• docs(pages): themed HTML for enterprise reference-architecture pages (fix raw .md on Pages) by @alphaonedev in #1659
• docs(pages): repoint all reference-architecture .md links -> .html sitewide by @alphaonedev in #1660
• ci(release): fix iOS mobile build (stray fi -> }) + iOS re-publish workflow by @alphaonedev in #1661
• ci(release): lipo iOS simulator slices before -create-xcframework by @alphaonedev in #1662
• ci(publish): fix npm publish + make PyPI publish idempotent by @alphaonedev in #1663
• ci(publish): working npm token-auth publish + SDK metadata fixes by @alphaonedev in #1664
• v0.7.1 (#1665): memory_reflect top-level entity_id param + resolve_entity_id trim parity by @alphaonedev in #1666
• docs(roadmap): add v0.7.1 patch-line section + bucket deferrals by version by @alphaonedev in #1668
• docs(roadmap): reconcile v0.7.1 adversarial-audit findings by @alphaonedev in #1669
• docs(roadmap): complete v0.7.1 audit reconciliation (remaining edits) by @alphaonedev in #1681
• docs(roadmap): §11.3.1 add #1667 install-hardening + fix residual wording by @alphaonedev in #1682
• docs: correct v52 schema + governance/L2 claims (v0.7.1 audit) by @alphaonedev in #1697
• docs(roadmap): integrate DeepMind 'From AGI to ASI' review into the Moonshot (§5 decorrelation now committed) by @alphaonedev in #1699
• docs(v0.7.1): self-contained EPIC execution prompt (#1683) by @alphaonedev in #1701
• Release v0.7.1 — hardening patch (attested-cortex line) by @alphaonedev in #1702

Full Changelog: v0.7.0...v0.7.1

What's Changed

• security(docs): scrub @binary2029 handle from ADR headers on main by @alphaonedev in #1519
• release: v0.7.0 GA → main by @alphaonedev in #1657
• ci(release): pin cross-compile jobs to 1.96.0 (fix E0463 blocking GA publish) by @alphaonedev in #1658
• docs(pages): themed HTML for enterprise reference-architecture pages (fix raw .md on Pages) by @alphaonedev in #1659
• docs(pages): repoint all reference-architecture .md links -> .html sitewide by @alphaonedev in #1660
• ci(release): fix iOS mobile build (stray fi -> }) + iOS re-publish workflow by @alphaonedev in #1661
• ci(release): lipo iOS simulator slices before -create-xcframework by @alphaonedev in #1662
• ci(publish): fix npm publish + make PyPI publish idempotent by @alphaonedev in #1663
• ci(publish): working npm token-auth publish + SDK metadata fixes by @alphaonedev in #1664
• v0.7.1 (#1665): memory_reflect top-level entity_id param + resolve_entity_id trim parity by @alphaonedev in #1666
• docs(roadmap): add v0.7.1 patch-line section + bucket deferrals by version by @alphaonedev in #1668
• docs(roadmap): reconcile v0.7.1 adversarial-audit findings by @alphaonedev in #1669
• docs(roadmap): complete v0.7.1 audit reconciliation (remaining edits) by @alphaonedev in #1681
• docs(roadmap): §11.3.1 add #1667 install-hardening + fix residual wording by @alphaonedev in #1682
• docs: correct v52 schema + governance/L2 claims (v0.7.1 audit) by @alphaonedev in #1697
• docs(roadmap): integrate DeepMind 'From AGI to ASI' review into the Moonshot (§5 decorrelation now committed) by @alphaonedev in #1699
• docs(v0.7.1): self-contained EPIC execution prompt (#1683) by @alphaonedev in #1701
• Release v0.7.1 — hardening patch (attested-cortex line) by @alphaonedev in #1702

Full Changelog: v0.7.0...v0.7.1

What's Changed

• security(docs): scrub @binary2029 handle from ADR headers on main by @alphaonedev in #1519
• release: v0.7.0 GA → main by @alphaonedev in #1657
• ci(release): pin cross-compile jobs to 1.96.0 (fix E0463 blocking GA publish) by @alphaonedev in #1658
• docs(pages): themed HTML for enterprise reference-architecture pages (fix raw .md on Pages) by @alphaonedev in #1659
• docs(pages): repoint all reference-architecture .md links -> .html sitewide by @alphaonedev in #1660
• ci(release): fix iOS mobile build (stray fi -> }) + iOS re-publish workflow by @alphaonedev in #1661
• ci(release): lipo iOS simulator slices before -create-xcframework by @alphaonedev in #1662
• ci(publish): fix npm publish + make PyPI publish idempotent by @alphaonedev in #1663
• ci(publish): working npm token-auth publish + SDK metadata fixes by @alphaonedev in #1664
• v0.7.1 (#1665): memory_reflect top-level entity_id param + resolve_entity_id trim parity by @alphaonedev in #1666
• docs(roadmap): add v0.7.1 patch-line section + bucket deferrals by version by @alphaonedev in #1668
• docs(roadmap): reconcile v0.7.1 adversarial-audit findings by @alphaonedev in #1669
• docs(roadmap): complete...

v0.7.0 — same NHI tomorrow

ai-memory v0.7.0 — same NHI tomorrow

Persistent, governed, attested memory for any AI. Self-hosted. MCP-native. The release where a substrate-native memory system learns to reflect on what it knows, survive a crash between turns, and prove who wrote what — across SQLite and PostgreSQL+AGE, on the desktop and on-device.

---

Why v0.7.0 matters (read this first)

v0.6.x made ai-memory a fast, token-lean memory server. v0.7.0 makes it a substrate. Three things change the category:

1. It reasons over its own memory. Recursive learning lets the system reflect on stored memories to produce higher-order insight, consolidate near-duplicates with provenance, and traverse a knowledge graph of entities and relations — with a hard, stoppable depth cap.
2. It never loses context to a crash. The #1389 L1–L4 layered auto-capture architecture guarantees that a SIGKILL between conversation turns no longer loses — or duplicates — what was learned.
3. It can prove its provenance. Every write can be attested; the audit chain is a tamper-evident, cross-row hash chain that fails closed; federation requires signatures + replay-proof nonces by secure default.

All of it runs on a single storage-abstraction layer (SAL) with two production backends — embedded SQLite and PostgreSQL + Apache AGE — behind one identical API.

---

TL;DR by audience

👤 If you just want your AI to remember things

Nothing to relearn. brew upgrade ai-memory (or cargo install ai-memory --force) and your existing setup keeps working. Your AI can now recover its own context after a crash and build on what it learned instead of just looking it up.

brew upgrade ai-memory && ai-memory doctor

🛠️ If you build agents / NHI on top of ai-memory

• 74 MCP tools at --profile full (7-tool core default + always-on memory_capabilities bootstrap); three-surface parity across MCP / HTTP / CLI.
• New primitives: memory_reflect, memory_consolidate, memory_entity_register / memory_entity_get_by_alias, memory_kg_query / memory_find_paths / memory_kg_timeline / memory_kg_invalidate, memory_capture_turn (idempotent L4), memory_offload / memory_deref, memory_persona, memory_calibrate_confidence.
• Provider-agnostic: point the LLM and the embedder at any of 15 vendor aliases (or self-hosted OpenAI-compatible / Ollama). Tier no longer dictates vendor.

🏢 If you operate it in production

• PostgreSQL + Apache AGE backend at full parity with SQLite via the SAL trait (--store-url postgres://…).
• Secure-by-default posture: governance fails closed, SSRF guard fails closed, keyless-bind refusal, signed federation with per-message nonces, agent-attestation enforcement.
• Config schema v2 (sectioned [llm] / [embeddings] / [reranker] / [storage] / [limits]) with ai-memory config migrate; ai-memory doctor reachability probes for LLM + embeddings.

---

What's new

🧠 Substrate-native recursive learning

• memory_reflect produces reflections over source memories with a stoppable depth cap (REFLECTION_DEPTH_EXCEEDED at the namespace max_reflection_depth, default 3), reflects_on edges, and reflection_origin lineage.
• memory_consolidate merges near-duplicates, preserving derived_from + consolidated_from_agents provenance.

🕸️ Knowledge graph

• Recursive-CTE traversal (find_paths, kg_query, kg_timeline) with temporal validity (valid_from / valid_until) and kg_invalidate; Apache AGE Cypher on the PostgreSQL backend.
• First-class entities with alias resolution (entity_register → entity_get_by_alias), union-idempotent re-registration.

🛟 L1–L4 layered auto-capture (#1389) — never lose context to a crash

• L1 store-first discipline + capture-lag watcher · L2 recover-previous-session (transcript rehydration after SIGKILL) · L3 filesystem watcher · L4 memory_capture_turn — host-volunteered, idempotent by (host_session_id, host_turn_index), backed by schema v52 transcript_line_dedup.

🔐 Attestation, governance & a fail-closed audit chain

• V-4 cross-row hash-chained signed_events; Ed25519-signed daemon serverInfo at the MCP initialize handshake.
• Operator-signed governance rules (R001–R004), namespace standards, K9 permission gate — all fail closed on error.
• L4 host-signature verification against an operator allowlist (attest_level = "signed_by_peer"); federation requires signatures + nonces by secure default.

🔌 Provider-agnostic LLM and embeddings

• One client over 15 vendor aliases + generic OpenAI-compatible + Ollama, for both chat and embeddings (#1067, #1598). Switch embedding models with ai-memory reembed.

📱 On-device build pipeline

• iOS xcframework (device + both simulators) and Android jniLibs (4 ABIs) artifacts; cross-compile + runtime CI (#1068).

⚡ Performance

• Async double-buffered HNSW rebuild (search p95 held under budget during rebuild), sargable list / federation-catchup queries, PostgreSQL stored-generated tsvector + GIN, mmap reads, and a tuned cross-encoder rerank sequence cap.

Schema

• Current schema v57 — automatic migrations on first open; archive→restore lossless for the full v0.7.0 Memory shape on both backends.

Full detail in CHANGELOG.md.

---

Upgrade & compatibility

• Default MCP surface remains the lean core profile (since v0.6.4). Opt back to everything with ai-memory mcp --profile full, AI_MEMORY_PROFILE=full, or [mcp] profile = "full".
• Config: the sectioned v2 schema is canonical. Legacy v0.6.x flat fields still parse (removed in v0.8) — run ai-memory config migrate to convert. Verify wiring with ai-memory doctor.
• Migrations apply automatically; existing databases upgrade in place to schema v57.

---

Distribution channels

Channel	Install
GitHub Release	this page — binary tarballs for 5 targets + .deb/.rpm + iOS/Android artifacts
crates.io	cargo install ai-memory --version 0.7.0
Homebrew tap	brew install alphaonedev/tap/ai-memory
ghcr.io	docker pull ghcr.io/alphaonedev/ai-memory:0.7.0
Fedora COPR	sudo dnf copr enable alpha-one-ai/ai-memory && sudo dnf install ai-memory
PyPI (Python SDK)	pip install ai-memory-mcp==0.7.0
npm (TypeScript SDK)	npm install @alphaone/ai-memory@0.7.0

Targets: x86_64/aarch64 Linux, x86_64/aarch64 macOS, x86_64 Windows.

Verification

• Source provenance: this release is cut from commit a2b448f1 on release/v0.7.0; the v0.7.0 tag is Ed25519-signed.
• Binary integrity: verify downloaded tarballs against the SHA256SUMS published on this release page.

Quality gate

8/8 CI workflows green · per-module coverage 170/170 (global 93.52%) · 3-region PostgreSQL+AGE fleet dogfood green · singleton NHI dogfood clean across all nine substrate surfaces (store · recall/search · reflect · consolidate · entity · KG · governance · capture/offload · capabilities).

---

Persistent memory so your AI can be the same NHI tomorrow as it is today. Self-hosted, governed, attested.

---

⬇️ Downloads

Platform	Package
Linux · x86_64	ai-memory-x86_64-unknown-linux-gnu.tar.gz
Linux · aarch64	ai-memory-aarch64-unknown-linux-gnu.tar.gz
macOS · Apple Silicon (arm64)	ai-memory-aarch64-apple-darwin.tar.gz
macOS · Intel (x86_64)	ai-memory-x86_64-apple-darwin.tar.gz
Windows · x86_64	ai-memory-x86_64-pc-windows-msvc.zip
Debian / Ubuntu · amd64	ai-memory_0.7.0_amd64.deb
Debian / Ubuntu · arm64	ai-memory_0.7.0_arm64.deb
Fedora / RHEL · x86_64	ai-memory-0.7.0-1.x86_64.rpm
Fedora / RHEL · aarch64	ai-memory-0.7.0-1.aarch64.rpm

Or via package managers:

cargo install ai-memory --version 0.7.0           # crates.io
brew install alphaonedev/tap/ai-memory            # Homebrew
docker pull ghcr.io/alphaonedev/ai-memory:0.7.0   # GHCR
sudo dnf copr enable alpha-one-ai/ai-memory && sudo dnf install ai-memory   # Fedora COPR

The complete asset list (every binary, .deb/.rpm, the Android jniLibs bundle, and source archives) is in the Assets section at the bottom of this page.

---

What's Changed

• docs(release): v0.6.4 release-body rewrite — capability-surface clarity + 3-audience honesty by @alphaonedev in #540
• ci: OIDC Trusted Publishing for both SDKs by @alphaonedev in #541
• docs(readme): v0.6.4 alignment pass (drift #512) by @alphaonedev in #542
• docs(pages): v0.6.4 marketing repositioning + new whats-new-v064....

v0.6.4

ai-memory v0.6.4 — quiet-tools

Persistent memory for any AI. Self-hosted. MCP-native. Now 76% lighter on the wire — without losing a single tool.

---

🎯 Quick win — if you're on Claude Code or OpenClaw, you already have cortex-experience under core-tier token cost

You don't have to choose between the 76.4% token savings and the full 43-tool surface. The v0.6.4 design's runtime-expansion path is the bridge — and on harnesses that support deferred-tool registration, it produces a Pareto-better experience than either profile alone.

	--profile core (default)	--profile full	Core + deferred-registration
Boot-time token cost	~1,500	~6,200	~1,500
All 43 tools reachable	via flag/restart	yes	yes, on demand
Mid-session: load family X	restart server	n/a	memory_capabilities(family=X, include_schema=true)
Net per-session token cost	low	high	low + just the families used (typically 1-2 of 8)

How it works: start with --profile core. When your agent needs a family it doesn't have (graph, power, lifecycle, etc.), it calls memory_capabilities(family=<name>, include_schema=true). On Claude Code (via ToolSearch) or OpenClaw (via deferred-tool registration), the harness registers those schemas mid-session and they become directly callable for the rest of the conversation. No restart. No re-auth. No paying for tools the agent doesn't end up using.

Harness compatibility (today)

Harness	Deferred-tool registration	Cortex-on-core today?
Claude Code (Anthropic CLI)	✅ via ToolSearch	✅
OpenClaw	✅ native	✅
Claude Desktop	❌ eager-load only	use --profile full for cortex
Codex CLI (OpenAI)	❌ eager-load only	use --profile full for cortex
Grok CLI (xAI)	❌ eager-load only	use --profile full for cortex
Gemini CLI (Google)	❌ eager-load only	use --profile full for cortex

If your harness is in the top two rows: the v0.6.4 default profile already gives you the full cortex when you need it, at the lightest possible token cost when you don't. This is the Pareto-optimal point of the v0.6.4 design.

Empirical proof (2026-05-05 NHI Discovery Gate)

Live xAI Grok 4.3 driving an OpenClaw harness against the v0.6.4 release binary, all four discovery tiers green:

• T1 Awareness: 100% PASS
• T2 Reactive recovery (-32601 → --include-schema): 100% PASS
• T3 Proactive expansion (agent reaches for --include-schema before failing): 100% PASS
• T4 Mesh recovery: 100% PASS (3/3 cells)

Full cells, transcripts, and MCP wire logs at the NHI Discovery Gate. The discovery dance is not theoretical — it has been measured against a real LLM behind a real harness.

What's blocked behind the harness, not the substrate

The 2026-05-05 Grok 4.2 reasoning before/after on the same release binary makes this concrete:

• Under --profile core (Grok CLI, no deferred registration): "intelligence plugged into a fancy notebook with good search"
• After --profile full: "actual memory cortex substrate ... the first version I would willingly use as primary long-term memory ... I respect it"

The substrate did its job in both cases. The Grok CLI session was capped by the harness, not the v0.6.4 design. Claude Code and OpenClaw users on the same release get the "cortex substrate" experience starting from --profile core — the harness's deferred registration closes the loop. Roadmap fix to lift this for all harnesses tracked at #546.

---

Persistent memory for any AI. Self-hosted. MCP-native. Now 76% lighter on the wire — without losing a single tool.

---

What's actually new in v0.6.4 (read this first — the framing matters)

The headline number is 76.4% reduction in tool-schema prefix tokens on every eager-loading harness (Codex CLI / Grok CLI / Gemini CLI / Claude Desktop). What's NOT changing is the AI's capability surface — every one of the 43 tools shipped in v0.6.3 is still in the server, still callable, still functional.

What changed: how the tool list is advertised on session start.

	v0.6.3	v0.6.4
Tools the server actually runs	43	43 (unchanged)
Tools advertised in initial tools/list	43	5 + always-on memory_capabilities
Tokens prepaid per request prefix	~6,200	~1,500 (-4,700)
AI can still call memory_kg_query, memory_consolidate, etc.?	Yes	Yes — via runtime discovery OR --profile <name>

Every tool the AI could reach in v0.6.3 is still reachable in v0.6.4. The change is when the AI sees the schemas, not whether it can call them.

---

⚠️ Breaking change — default tool advertising surface

Three opt-up paths if you want the v0.6.3 default behavior back:

# Option 1 — CLI flag
ai-memory mcp --profile full

# Option 2 — env var
export AI_MEMORY_PROFILE=full

# Option 3 — config.toml
[mcp]
profile = "full"

Resolution order: CLI > env > config > core (the new default). Full migration walkthrough at docs/MIGRATION_v0.6.4.md.

---

Distribution channels — 5/5 published from this tag

Channel	Install
GitHub Release	this page (11 binary assets + SHA256SUMS)
Homebrew tap	brew install alphaonedev/tap/ai-memory
ghcr.io	docker pull ghcr.io/alphaonedev/ai-memory:0.6.4
Fedora COPR	sudo dnf copr enable alpha-one-ai/ai-memory && sudo dnf install ai-memory
crates.io	cargo install ai-memory --version 0.6.4

All five publishes auto-fired on the same v0.6.4 tag through .github/workflows/ci.yml. SHA256 checksums of binary tarballs match this release page exactly.

---

TL;DR by audience

👤 If you're a non-technical user

What changed: every time your AI assistant (Claude / ChatGPT / Cursor / Codex CLI / Grok CLI / Gemini CLI / etc.) reaches for ai-memory, it used to spend ~6,200 input tokens just describing the available memory tools before it could even read your message. v0.6.4 cuts that to ~1,500. Your AI still does everything it did before — it just doesn't pre-pay for tools it doesn't need every turn.

What you need to do: nothing. Run brew upgrade ai-memory (or cargo install ai-memory --force) and your existing setup keeps working. If you've been seeing slow first-message responses on Codex / Grok / Gemini, they should feel snappier now.

What you'll notice: your AI bill on those harnesses drops automatically. Memory recall, store, and search all work exactly the same way they did before.

brew upgrade ai-memory && ai-memory doctor --tokens

That second command shows you exactly how much you're saving.

🏢 If you're a C-level decision maker

What v0.6.4 closes: the token-tax line item in your AI subscription cost stack. Boris Cherny's published 90-day instrumentation data quantified that 73% of Claude Code tokens go to nine waste patterns. ai-memory was the #1 contributor to Pattern 6 ("just-in-case tool definitions") on every eager-loading harness except Claude Code's own deferred-tools path. v0.6.4 fixes that one waste pattern in one release.

What's also new:

• NHI guardrails phase 1 — opt-in per-agent capability allowlist ([mcp.allowlist] in config.toml), capability-expansion audit log (schema v20), deterministic discovery protocol that lets AI agents opt into restricted tool families at runtime
• Cross-harness coverage — built-in installers for claude-code, claude-desktop, codex, grok-cli, gemini-cli, openclaw, cursor, cline, continue, windsurf. ai-memory install <harness> --apply writes the right config for every one of them
• Empirical validation — companion repo ai-memory-discovery-gate runs a 4-tier test matrix (T1 awareness / T2 reactive / T3 proactive / T4 mesh recovery) against real LLMs to prove agents actually use the discovery mechanisms this release ships with. First baseline run with xAI Grok 4.3 against the v0.6.4 release binary: 100% pass rate across all four tiers (6/6 cells) — see public verdict page

Cost math (concrete, measured): at ~7,500 turns/year for a heavy single user on Sonnet 4.6 input pricing ($3/MTok), the prefix savings alone are ~$107/user/year on eager-loading harnesses. At fleet scale of 1,000 daily-active agent seats, that's ~$107K/year off the input-token line item, before any per-call latency improvements.

Backward compatibility: zero data-migration risk. Existing v0.6.3.x SQLite DBs auto-migrate v18/v19 → v20 on first open (verified against a real production DB with 228 memories + 51 links — no row loss). The audit_log table is added; nothing else changes.

🛠️ If you're a maintainer / subject-matter-expert engineer

What landed in 18 issues:

• --profile {core,graph,admin,power,full,custom} flag (CLI + AI_MEMORY_PROFILE env + [mcp].profile config) with deterministic resolution order
• Family-scoped tools/list filter at mcp.rs::tool_definitions_for_profile. core advertises 5 tools + always-on memory_capabilities bootstrap. Other 38 tools remain registered in the server; they're filtered from the initial advertising surface, not removed
• tools/call for an unloaded tool returns JSON-RPC -32601 with an actionable diagnostic naming the family + suggesting --profile <name> AND memory_capabilities --include-schema family=<f> recovery paths
• memory_capabilities extended: optional family=<name> parameter returns just that family's tools; optional include_schema=true returns full MCP-style tool definitions inline for r...

v0.6.3.1 — the never-lose-context release

ai-memory v0.6.3.1 — the never-lose-context release

Persistent memory for any AI. Self-hosted. MCP-native. Tamper-evident.

---

⚠️ Known issues

config.toml db field does not expand ~ (#507)

If your ~/.config/ai-memory/config.toml has a tilde-prefixed db path, the CLI (ai-memory boot, ai-memory doctor, etc.) treats ~ as a literal directory component instead of expanding to $HOME. The diagnostic header surfaces this loudly:

# ai-memory boot: warn
#   db:        ~/.claude/ai-memory.db (schema=<unavailable>, <unavailable> memories)
#   namespace: <ns> (db unavailable — see `ai-memory doctor`)

The MCP server is unaffected (it gets the absolute path through its launch args), so memory recall mid-session still works — but the SessionStart hook injects an empty context block, which silently defeats the #487 cold-start fix from the user's perspective.

Workaround — use an absolute path in ~/.config/ai-memory/config.toml:

# Before
db = "~/.claude/ai-memory.db"

# After
db = "/Users/you/.claude/ai-memory.db"   # macOS
# or
db = "/home/you/.claude/ai-memory.db"    # Linux

Then re-run ai-memory boot --quiet --limit 3 to confirm the manifest now reports # ai-memory boot: ok (or info-fallback) with the expanded path and a non-zero memory count.

Alternatively, pass --db <absolute-path> explicitly on the CLI — the flag path does expand correctly, only the config-file path is affected.

Fix scheduled for v0.6.3.2. Tracked at #507. Not blocking the v0.6.3.1 ship-gate Phase 1-4 + a2a-gate ironclaw-mtls 48/48 testing currently in flight.

---

Distribution channels (4/4 verified by direct remote query)

Channel	Status	Install
GitHub Release	✅ 11 assets live	this page
Homebrew tap	✅ formula 95fd36d	brew install alphaonedev/tap/ai-memory
ghcr.io	✅ tag in registry	docker pull ghcr.io/alphaonedev/ai-memory:0.6.3.1
Fedora COPR	✅ build #10412670 succeeded	sudo dnf copr enable alpha-one-ai/ai-memory && sudo dnf install ai-memory
crates.io	✅ anchor at 0.6.3 (by design — +patch.N is SemVer build metadata)	cargo install ai-memory

Each channel was verified by direct query against the channel's API or registry — not just CI status labels. SHA256 checksums of binary tarballs match the GitHub Release page exactly. Build #10412670 on Fedora COPR confirms ai-memory v0.6.3.1-1 source package built and published. Homebrew formula 95fd36d on alphaonedev/homebrew-tap has version="0.6.3.1" with all four platform sha256s recomputed against the live release artifacts.

---

TL;DR by audience

👤 If you're a non-technical user

You ever notice how every time you open Claude / Cursor / your AI assistant, it forgets everything you talked about yesterday? That ends today.

ai-memory v0.6.3.1 is a tiny background service you install once. Every AI session you open from then on starts already aware of what you and the AI worked on previously. Your AI picks up exactly where the last conversation left off — automatically, no special prompting, no copy-paste.

It's local. Your memory lives in a single file on your computer. Nothing goes to the cloud. Works with Claude, ChatGPT, Grok, Gemini, and every other AI assistant we know about.

One command to install:

brew install ai-memory && ai-memory install claude-code --apply

That's it. Restart Claude Code. It now remembers.

🏢 If you're a C-level decision maker

ai-memory is enterprise-class memory infrastructure for AI agents. v0.6.3.1 ships:

• Continuity — agents resume work across sessions, devices, and even across vendors (Claude → GPT → Grok → Gemini all share the same store)
• Auditability — opt-in tamper-evident hash-chained audit log, SIEM-ready JSON ingest (Splunk / Datadog / Elastic / Loki recipes shipping in docs/security/)
• Compliance — preset configurations for SOC 2 / HIPAA / GDPR / FedRAMP retention and redaction policies
• Self-hosted — zero cloud dependencies, your data stays in your infrastructure (laptop / server / Kubernetes pod / on-prem)
• Cross-platform — macOS / Linux / Windows / Docker / Kubernetes / ARM Linux / commercial Unix / embedded Linux. Single binary, same store shape, every platform
• Apache 2.0 — use it however you want; no vendor lock-in

The total cost of ownership is "the disk space your team uses" plus "the engineering hours to write the SessionStart hook in their AI host" (one config-file edit, automated by ai-memory install).

For regulated environments, the audit trail is the document of record. Hash-chained line-by-line, append-only at the OS level where supported, signed checkpoint attestation reserved for v0.7+.

This is the release that elevates ai-memory from "nifty open-source project" to enterprise memory infrastructure for any AI deployment.

🔧 If you're a software engineer

ai-memory v0.6.3.1 ships 16 PRs of work resolving issue #487 — cold-start AI sessions don't auto-load memory context.

What's new

Surface	Description
ai-memory boot	Universal session-boot CLI primitive. Always-visible 5-field diagnostic manifest (version + db_path + schema_version + tier + latency). Four status variants: ok / info-fallback / info-empty / warn — never silent. Three output formats (text / json / toon).
ai-memory install <agent>	6-target config installer (claude-code, openclaw, cursor, cline, continue, windsurf). --dry-run default with unified-diff output, --apply opt-in, --uninstall round-trip. Idempotent marker block, JSON roundtrip validation, .bak.<rfc3339> backup, world-writable destination refusal.
ai-memory wrap <agent>	Cross-platform Rust subcommand replacing bash/PowerShell glue. Spawns the named CLI with ai-memory boot context delivered via the right strategy: SystemFlag / SystemEnv / MessageFile / Auto (table covers codex, gemini, aider, ollama by default, fall-through to --system <msg>). Same binary works on macOS / Linux / Windows / Docker / Kubernetes.
ai-memory logs	Operator CLI for the operational logging facility — tail / cat / archive / purge with --since, --until, --level, --namespace, --actor, --action, `--format text
ai-memory audit verify	Walks the hash-chained audit log, verifies every prev_hash matches the prior line's self_hash. Exits 0 on integrity, 2 on tamper detection.
ai-memory doctor	7-section health dashboard (Storage / Index / Recall / Governance / Sync / Webhook / Capabilities). Severity-tagged, JSON mode, exit codes 0 / 1 / 2 for healthy / warning / critical.

Configuration surfaces

• [boot] — enabled (default true; opt-out for privacy contexts), redact_titles (default false; mask titles in body but keep manifest)
• [logging] — path / max_size_mb / max_files / retention_days / structured (JSON mode) / level
• [audit] — path / schema_version / redact_content / hash_chain / attestation_cadence_minutes / append_only
• [audit.compliance.soc2 | hipaa | gdpr | fedramp] — preset overrides for each regulatory frame
• Path resolution precedence: CLI flag > env var (AI_MEMORY_LOG_DIR / AI_MEMORY_AUDIT_DIR / AI_MEMORY_BOOT_ENABLED) > config.toml > platform default (Linux: ${XDG_STATE_HOME}/ai-memory/, macOS: ~/Library/Logs/ai-memory/, Windows: %LOCALAPPDATA%\ai-memory\, systemd: /var/log/ai-memory/)

Schema

v19 (was v15 on v0.6.3). Migration ladder v15→v17→v18→v19 verified on production data — all 152 prior memories preserved. Boot now detects schema drift outside [MIN_SUPPORTED_SCHEMA, MAX_SUPPORTED_SCHEMA] and emits the warn variant (# ai-memory boot: warn — db schema vN unsupported by binary X.Y.Z).

Test footprint

• 1886 lib tests (was 1605 baseline → +281 net)
• 49+ integration tests (boot primitive contract + recipe contract + lifecycle + dispatch integration)
• E2E smoke 7/7 PASS via the audit phase
• 93.84% line coverage (gate: 93%, buffer +0.84pp) — cargo llvm-cov --features sal --no-fail-fast --fail-under-lines 93
• Nightly CI lifetime suite runs on ubuntu-latest, macos-latest, windows-latest

Integration matrix (17 agents documented)

Category 1 (hook-capable): Claude Code

Category 2 (MCP + rules — best-effort until upstream adds session hooks): Cursor, Cline, Continue, Windsurf, OpenClaw, Goose, Zed, Roo-Code

Category 3 (programmatic): Codex CLI, Claude Agent SDK, OpenAI Apps SDK / Assistants / Responses, xAI Grok via API, Gemini CLI / Code Assist, Aider, Sourcegraph Cody, Hermes / Llama / Mistral / Qwen via LM Studio / Ollama / vLLM

Platform support (10 documented)

macOS (Apple Silicon + Intel), Linux glibc x86_64 + aarch64, Linux musl (Alpine), Windows native (10/11), Windows WSL2, Docker / containers, Kubernetes (sidecar / DaemonSet / Helm patterns), ARM Linux (Pi / Graviton / Tau), Commercial Unix (AIX / Solaris / HP-UX, best-effort), Embedded Linux (OpenWRT / Yocto / Buildroot, best-effort), BSD (FreeBSD / OpenBSD / NetBSD, best-effort).

CI matrix: ubuntu-latest + macos-latest + windows-latest. ARM Linux closes via one-line ubuntu-24.04-arm runner addition (recommended in PR #496).

---

Install

Homebrew (macOS / Linux)

brew install ai-memory

Cargo (any Rust target)

cargo install ai-memory

Docker

docker pull ghcr.io/alphaonedev/ai-memory:0.6.3.1

Kubernetes (sidecar pattern)

See docs/integrations/platforms.md#kubernetes for the Helm skeleton + sidecar / DaemonSet manifests.

---

One-command setup for...

v0.6.3 — Structured Memory + Performance

v0.6.3 — Structured Memory + Performance

The grand-slam release. Six streams (A–F) shipped together — hierarchical
namespace taxonomy, temporal-validity knowledge graph, entity registry,
duplicate detection, bench tool with public p95 budgets, and a CI-enforced
performance regression guard. Plus a post-rc1 capabilities-v2 schema for
client introspection and a CI coverage gate that locks in the test-quality
floor at 92%.

🎉 LIVE on all 4 distribution channels

Channel	Status	Verification
crates.io	✅ v0.6.3 LIVE	cargo install ai-memory --version 0.6.3 → HTTP 200, newest: "0.6.3"
Homebrew tap	✅ v0.6.3 LIVE	brew install alphaonedev/tap/ai-memory — formula at version "0.6.3"
Fedora COPR	✅ v0.6.3-1 succeeded	dnf copr enable alpha-one-ai/ai-memory && dnf install ai-memory — build #10397122 state succeeded, 0.6.3-1.src.rpm in repo
Docker GHCR	✅ v0.6.3 LIVE	docker pull ghcr.io/alphaonedev/ai-memory:0.6.3 — tag present in registry, latest also points to v0.6.3

Release pipeline: run #25021409589 — 15/15 jobs green, 24m wall.

🔭 Start here — three pages worth your time

📊 Test Hub →
The full QA picture, refreshed every campaign. Ship-gate phases, A2A
scenario matrix, multi-agent chaos runs, distribution-channel smoke
tests — all linked back to their GitHub Actions evidence. Open it
first if you're evaluating this release.
↳ This release's slice: https://alphaonedev.github.io/ai-memory-test-hub/releases/v0.6.3/

🆕 What's new in v0.6.3 →
The illustrated walkthrough of every Stream A–F change with worked
examples — memory_get_taxonomy calls, memory_kg_query recursive
walks with as_of, memory_check_duplicate near-match output, the
capabilities-v2 envelope. Pair it with the section below for the
full picture.

🗺️ Atlas — ai-memory at a glance →
One page, the whole system: every MCP tool, every REST endpoint,
every storage layer, every distribution channel — what it does, where
it lives, what calls it. Print this and pin it next to your monitor.

What's new

Stream A — Hierarchical namespace taxonomy

• New MCP tool memory_get_taxonomy plus REST mirror at GET /api/v1/taxonomy
• Walks live (non-expired) memories grouped by namespace, splits on /,
  folds them into a TaxonomyNode tree with per-node count and
  subtree_count
• Parameters: namespace_prefix, depth (default 8 = MAX_NAMESPACE_DEPTH),
  limit (default 1000, hard ceiling 10 000)
• Honest envelope under truncation — total_count is computed independently
  and stays accurate even when limit truncates the walk

Stream B — Temporal-validity KG schema (v15)

• memory_links gains four nullable columns: valid_from, valid_until,
  observed_by, signature (placeholder for v0.7 attested identity)
• Backfill on upgrade: valid_from = source.created_at
• Three new indexes for the recursive-CTE traversal:
  idx_links_temporal_src, idx_links_temporal_tgt, idx_links_relation
• New entity_aliases side table (PK on entity_id + alias) with
  idx_entity_aliases_alias lookup index
• Postgres declarative schema mirrored for fresh-init parity

Stream C — KG query layer + entity registry

• memory_kg_query — recursive walk with as_of past-state queries
• memory_kg_timeline — chronological event stream (added + invalidated)
• memory_kg_invalidate — soft-delete edges by stamping valid_until = now()
• memory_entity_register — idempotent on (canonical_name, namespace)
• memory_entity_get_by_alias — resolve aliases to canonical entities

Stream D — Duplicate detection

• memory_check_duplicate — near-match similarity ranking against existing
  memories before write

Stream E — Bench tool + tracing

• --baseline flag: compare current run against a saved baseline; flag
  regressions > N% (CI gate)
• --history flag: append run as JSONL for trend tracking
• --update-performance-md flag: splice fresh measurements into the public
  PERFORMANCE.md file in-place
• Per-MCP-tool info_span!("mcp_tool_call") with tool, elapsed_ms,
  outcome attributes for ops dashboards

Stream F — PERFORMANCE.md + bench.yml CI guard

• Public p95 budgets per operation in PERFORMANCE.md
• bench.yml runs on every PR; regressions fail the gate before merge

Capabilities schema v2

• memory_capabilities (MCP) and GET /api/v1/capabilities (HTTP) gain
  schema_version: "2" plus 5 new top-level blocks for runtime
  introspection: permissions, hooks, compaction, approval,
  transcripts
• v1 fields (tier, version, features, models) preserved at the same
  top-level paths — old clients reading v1 paths continue to work
• permissions.active_rules, hooks.registered_count, and
  approval.pending_requests populate from live DB counts; other blocks
  report zero-state until v0.7 / v0.8 land the underlying systems

CI hardening (folded in for clean cut)

• cargo llvm-cov report --fail-under-lines 92 added to the coverage
  CI job — locks in the v0.6.3 baseline of 93.08% with a 1% absorb buffer
• New dockerfile-validate CI job runs on every push + PR, builds the
  Dockerfile and smoke-tests with docker run --version — catches
  Dockerfile drift (missing COPYs, glibc mismatches, etc.) at PR time,
  not at release time
• cargo publish retry-with-backoff replaces the prior silent-failure
  pattern — distribution failures now fail loudly

Validation evidence

• 1 600 lib tests pass; line coverage 93.08% (gate floor 92%)
• Ship-gate campaign run #25007261531
  — 4 phases pass in 14m wall (Phase 1 functional · Phase 2 multi-agent
  W=2/N=3 · Phase 3 v0.6.2→v0.6.3 migration · Phase 4 chaos 50 cycles
  kill_primary_mid_write)
• A2A-gate campaign run #25007946890
  — 48 scenarios pass in 28m wall (35 v0.6.0 baseline + 4 auto-append
  • 9 new for v0.6.3) on ironclaw-mtls cell
• Release pipeline run #25021409589
  — all 15 jobs green; published to all 5 distribution channels

Browse the full QA surface → https://alphaonedev.github.io/ai-memory-test-hub/
This release's evidence slice → https://alphaonedev.github.io/ai-memory-test-hub/releases/v0.6.3/

Install

# Rust
cargo install ai-memory --version 0.6.3

# macOS / Linux
brew install alphaonedev/tap/ai-memory

# Fedora / RHEL (COPR)
sudo dnf copr enable alpha-one-ai/ai-memory
sudo dnf install ai-memory

# Docker
docker pull ghcr.io/alphaonedev/ai-memory:0.6.3
docker run --rm ghcr.io/alphaonedev/ai-memory:0.6.3 --version

Verify the signed tag

git fetch --tags
git tag -v v0.6.3
# Good "git" signature for alphaonedev@users.noreply.github.com
# with ED25519 key SHA256:tkfDATcb8+hjhJeI3LvDbwAaks/8QqBMRr6oOWz6iBA

Compatibility

• Schema migrates from v0.6.2 v14 → v0.6.3 v15 automatically on first
  daemon start. Adds 4 nullable columns + 3 indexes + 1 side table.
  No data loss; existing rows queryable post-migrate.
• Capabilities v2 is additive. Clients reading the v1 paths
  (tier, version, features, models) continue to work without
  modification.
• A2A protocol unchanged from v0.6.2.

Apache 2.0

ai-memory is open-source and free. No telemetry. No signup. Your laptop,
your data, your AI. See LICENSE and CONTRIBUTING.md.

---

🤖 Release prepared via the ai-memory test-hub campaign — see live test evidence at https://alphaonedev.github.io/ai-memory-test-hub/releases/v0.6.3/.

v0.6.2 — A2A-CERTIFIED: IronClaw + Hermes + OpenClaw × off/tls/mtls · all green

✅ All 9 cells GREEN · v0.6.2 is A2A-CERTIFIED across three frameworks and three transport modes

	off	tls	mtls
IronClaw (Rust, DigitalOcean)	✅ 35/35	✅ 35/35	✅ 37/37
Hermes (Python, DigitalOcean)	✅ 35/35	✅ 35/35	✅ 37/37
OpenClaw (Python, local Docker mesh)	✅ 35/35	✅ 35/35	✅ 37/37

Streak criterion: three consecutive overall_pass = true runs per cell. Zero tolerance for partial greens. All nine cells met the bar. 324 passing scenarios across the nine full-spectrum cert rounds. Evidence is committed per-run in the a2a-gate repo:

• 📊 A2A runs dashboard — https://alphaonedev.github.io/ai-memory-ai2ai-gate/runs/
• 📖 AI-NHI tri-audience insights — https://alphaonedev.github.io/ai-memory-ai2ai-gate/insights/
• 🐳 Local Docker reproducibility spec — https://alphaonedev.github.io/ai-memory-ai2ai-gate/local-docker-mesh/
• 🧾 Certification threshold — https://alphaonedev.github.io/ai-memory-ai2ai-gate/#certification-threshold

---

📥 Install v0.6.2

# Homebrew (macOS + Linux)
brew install alphaonedev/tap/ai-memory

# Ubuntu / Debian (PPA)
sudo add-apt-repository ppa:jbridger2021/ppa
sudo apt update
sudo apt install ai-memory

# Fedora / RHEL / EL (Copr)
sudo dnf copr enable alpha-one-ai/ai-memory
sudo dnf install ai-memory

# Cargo (from crates.io)
cargo install ai-memory --version 0.6.2

Pre-built tarballs, .deb, .rpm, and Windows .exe are attached to this release. Full guide: https://github.com/alphaonedev/ai-memory-mcp/blob/v0.6.2/docs/INSTALL.md

---

👤 For end users (non-technical)

Why it matters to you: your AI tools can finally remember across each other. Apps built on ai-memory v0.6.2 let your calendar AI and email AI and shopping AI share context — no more repeating yourself to every tool.

Value: v0.6.2 is the first ai-memory release that has demonstrably passed three full test batteries in a row, three different ways, across three different AI agent stacks. Not a promise — evidence, artifacts, run logs. When someone says "our multi-agent system works reliably" about a product built on ai-memory v0.6.2, you can click through to 324 scenario artifacts that back it up.

Use: run the same a2a-gate tests on your own workstation if you want to verify. Docker + xAI key is all you need.

---

💼 For C-level decision makers

1. First certified ai-memory release. Prior releases were validated per dispatch; v0.6.2 is certified by the a2a-gate — nine cells green, zero partial passes. The certification becomes the release-gate floor for every subsequent v0.6.x / v0.7.x / v0.8.x push toward v1.0 GA.

2. Framework-agnosticism is triangulated, not asserted. IronClaw (Rust), Hermes (Python), and OpenClaw (Python) all run the same 35-scenario testbook against the same ai-memory substrate with the same pass criteria. That's a three-point claim against the "what if my team's framework isn't supported?" objection.

3. Audit-first posture. 324 per-scenario JSON blobs + stderr traces + baseline attestation + peer-replication canary + full campaign provenance, committed to a public repo. A compliance reviewer asking "how do you know this release is ready?" gets data, not a deck.

4. Cost + reproducibility advantage. OpenClaw's 8+ GB install footprint used to gate it behind DO General Purpose tier. Instead of paying the tier bump at CI scale, v0.6.2 ships a 4-node Docker mesh that certifies OpenClaw on a single 64 GB workstation with fresh ephemeral CA per round. Any customer or regulator can re-run the certification on their own hardware — no cloud bill.

5. AI NHI autonomous engineering, in production. The entire v0.6.2 certification window — RCA, PRs merged, 24 campaign dispatches, local Docker harness + TLS/mTLS, three-audience doc refresh — executed under durable AlphaOne operator authorization with zero human approval cycle on individual PRs / dispatches. That's AlphaOne's multi-agent engineering thesis demonstrated on AlphaOne's own infrastructure under AlphaOne's own quality bar.

---

🛠 For subject-matter software engineers

Product PRs that closed the cert-window gaps (all on release/v0.6.2 @ 3e018d6, each with regression tests):

PR	Subject	Component
#325	create_link fanout via quorum write	federation::broadcast_link_quorum
#326	consolidate fanout (memory + deletions)	federation::broadcast_consolidate_quorum
#327	Embedder visibility + /health fields	handlers::health, embeddings::load
#363	List cap 200→1000 + pending-action + namespace_meta fanout	handlers::list_memories, SyncPushBody
#364	clear_namespace_standard fanout symmetry	follow-up to #363
#366	HTTP /api/v1/recall hybrid semantic when embedder loaded	handlers::recall
#367	Cosine threshold 0.3→0.2 in recall_hybrid	db::recall_hybrid
#368	S40 retry-once on AckOutcome::Fail + Idempotency-Key	federation::post_and_classify
#369	S40 terminal catchup batch per peer after bulk_create	federation::bulk_catchup_push

Harness PRs (a2a-gate side) enabling the full-spectrum cert:

• #55 — drop S20 from tls append (mtls-only scenario inflating denominator with bookkeeping skip)
• #56 — large HTTP bodies via ssh stdin (fixes S23 OSError E2BIG)
• #57 — local Docker mesh + OpenClaw first-class promotion (closes #54)
• #59 — baseline + F3 emission for local-docker runs
• #62, #63 — tri-audience insights rewrite

S40 RCA deep-dive. v3r26 hermes-tls observed node-2: 499/500 bulk rows after fanout. Root cause: when W=2 of N=4 quorum is met, the third peer's POST detaches into fire-and-forget. A transient failure there silently dropped the row (no retry, no catchup). #368 added a retry. v3r27 ironclaw-off dropped a row on a different peer — sustained SQLite-mutex contention can drop two consecutive POSTs inside the 250 ms retry window. #369 added a terminal catchup batch per peer that dedupes via insert_if_newer, closing the gap. Proven on v3r28 → v3r30 (DO) plus local-docker r1/r2/r3 (all 500/500/500).

TLS / mTLS on local Docker (2026-04-24). Full-spectrum OpenClaw cert closed tls + mtls with three consecutive overall_pass=true runs each. Pristine volumes per round (docker compose down -v + fresh ephemeral CA via docker/gen-tls.sh + fresh up). All run artifacts live at runs/a2a-openclaw-v0.6.2-local-docker-{tls,mtls}-{r1,r2,r3}/.

Build (four-gate contract, all clean at the tagged commit):

cargo fmt --check
cargo clippy -- -D warnings -D clippy::all -D clippy::pedantic
AI_MEMORY_NO_CONFIG=1 cargo test
cargo audit

MSRV, schema (v7), and platform support unchanged from v0.6.1. No migrations required upgrading from v0.6.x.

---

📦 Reproduce the certification yourself

# 1. Clone both repos
git clone https://github.com/alphaonedev/ai-memory-mcp.git
git clone https://github.com/alphaonedev/ai-memory-ai2ai-gate.git

# 2. Build ai-memory release binary
cd ai-memory-mcp && git checkout v0.6.2 && cargo build --release --locked

# 3. Stage the binary + build Docker images (see docs/local-docker-mesh.md)
cp target/release/ai-memory ../ai-memory-ai2ai-gate/docker/bin/
cd ../ai-memory-ai2ai-gate/docker
docker build --network host -t ai-memory-base:local -f Dockerfile.base .
docker build --network host -t ai-memory-openclaw:local \
  --build-arg AI_MEMORY_BASE=ai-memory-base:local -f Dockerfile.openclaw .

# 4. Run one round of the testbook on each tls_mode (needs XAI_API_KEY + 64 GB RAM)
bash gen-tls.sh
export XAI_API_KEY=sk-...
for mode in off tls mtls; do
  TLS_MODE=$mode docker compose -f docker-compose.openclaw.yml up -d --force-recreate
  bash run-testbook.sh a2a-openclaw-v0.6.2-local-docker-$mode-r1 \
    "1 1b 2 4 5 6 9 10 11 12 13 14 15 16 17 18 22 23 24 25 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42" \
    $mode
done

Compare the produced a2a-summary.json against the committed one. The per-scenario stderr logs are byte-for-byte replayable.

---

AI involvement

Every PR + every cert dispatch + this release page were authored and merged by Claude Opus 4.7 (1M context) acting as AI Non-Human Intelligence under durable AlphaOne operator authorization 2026-04-23. Zero human approval cycle on individual PRs / dispatches / docs in the cert window.

🤖 Generated with Claude Code

v0.6.2-rc.0

v0.6.2-rc.0: first pre-release — builds binaries for a2a-gate consist…

v0.6.1 — Patch 1: AI2AI validation + federation fanout completeness

v0.6.1 — Patch 1: the "AI agents actually talk to each other through ai-memory" release

Editor's note (2026-04-23). This release was originally described as "certified by" the A2A-gate. That language overstated the evidence a single campaign run can carry. The notes below have been updated to say validated against — the technically accurate framing. Certification is the forward-looking contract published on the A2A-gate home page and the v1.0 GA criteria: three consecutive overall_pass = true runs at full scenario coverage, on every cell of the matrix. No 0.6.x release has met that bar yet — nor is that the claim. The substrate is validated, the story runs every day against real infrastructure, and the evidence is public. See the r15 evidence bundle for the actual artefact behind this release.

v0.6.1 is the first ai-memory release validated against an end-to-end AI-to-AI (A2A) integration campaign (r15 evidence). Two independent AI agent frameworks (Hermes + OpenClaw), running real LLM reasoning against xAI Grok, talk to each other across a 4-node DigitalOcean federation mesh using ai-memory as the exclusive shared-memory substrate. No hidden backchannels, no side protocols — every agent-to-agent coordination in the test surface is forced to flow through ai-memory or the test fails. Evidence is published live at https://alphaonedev.github.io/ai-memory-ai2ai-gate/.

This release closes four federation gaps exposed by the first full-spectrum A2A campaign (a2a-hermes r14), plus scenario-script fixes in the harness. Everything in v0.6.0 carries forward unchanged.

---

For end users (non-technical)

Your AI agents, even ones built on different frameworks, can now reliably coordinate through a shared ai-memory cluster:

• When one agent deletes a memory, the deletion reaches every peer. Before Patch 1, only the creating agent's own server forgot the memory; other servers still returned it on read, so a second agent could "see" something a first agent had "forgotten." Fixed.
• When one agent updates or promotes a memory, the update reaches every peer. Same category of bug — fixed.
• When a server is offline (restart, network blip, SIGSTOP), it automatically catches up on writes that landed while it was down. Before Patch 1, a rejoining node only saw writes made after it came back. Now it pulls the backlog from its peers on a configurable interval (30s default).
• Semantic ("meaning-based") search now works on peers, not just on the node that originally received the write. Before, only the writer's node had the embedding; other peers stored the row but couldn't find it via meaning-based queries. Fixed.
• Contradictions between agents are now surfaced over HTTP. When Alice says "sky is blue" and Bob says "sky is red," a third agent can query a single HTTP endpoint and get back both memories plus a contradiction link between them.

You don't have to take our word for any of this. Every campaign run is a JSON artefact you can read:
https://github.com/alphaonedev/ai-memory-ai2ai-gate/tree/main/runs

---

For C-level decision makers

Release-gate status for v0.6.1:

Gate	Status
Unit + integration (cargo test, 312 tests)	✅
Cross-platform CI (Ubuntu / macOS / Windows)	✅
cargo clippy -D warnings -D clippy::pedantic	✅
Ship-gate inheritance from v0.6.0	✅ (all 4 phases still green)
A2A-gate r15 (hermes framework, 16 scenarios, Grok 4.2 reasoning)	✅
Released to crates.io, GHCR Docker, Ubuntu PPA, Homebrew, GitHub Release	✅
Formal RCA Standard v1 applied to every fix in this release	✅

Business risk bought down:

• Federation fanout completeness. Prior to v0.6.1, the HTTP mutation handlers (DELETE, PUT, promote) committed locally but did not broadcast to peers. Customers running 3+ node federations could observe divergent reads after a delete, update, or tier promotion. Fixed + regression-tested.
• Partition recovery. Prior to v0.6.1, a node offline for any reason (restart, network segmentation, SIGSTOP) would permanently miss the writes made during its outage. Now it catches up automatically via a periodic sync-since poll. Operator-tunable via --catchup-interval-secs.
• Audit posture doubled. v0.6.0 introduced the ship-gate (per-release campaign against real infrastructure). v0.6.1 adds the A2A-gate — the same discipline applied to cross-agent coordination. "Does ai-memory actually serve as a multi-agent shared memory?" is now a JSON artefact, not a marketing claim.
• Root Cause Analysis Standard v1 — AlphaOne now maintains an internal standard for root cause analysis authored directly in response to an AI-NHI-vs-human-biologic exchange during this release's triage. Every substrate fix in v0.6.1 was filed under the standard's 7-phase gate: baseline verified before code hypothesis, multiple competing hypotheses ranked probabilistically, discriminating evidence collected, diagnoses documented with "cannot rule out" tails.

Release cadence classification (forward-looking, lands in v0.7.1 commercial AgenticMem): Patch 1 is a bugfix release — no breaking changes, no new user-facing features beyond the HTTP contradictions endpoint, full v0.6.0 feature surface preserved.

ROI framing: v0.6.0 validated single-node and federation correctness against live infrastructure. v0.6.1 extends that discipline to multi-agent coordination. That's the contract your customers actually pay for when they deploy ai-memory behind an agent fleet. Formal certification (three consecutive full-matrix green runs) is a forward-looking v1.0 GA target documented in the v1.0 GA criteria — 0.6.x releases are steps toward it.

---

For engineers / architects / SREs

Correctness landing in v0.6.1:

• #319 / PR #323 — delete_memory, update_memory, and promote_memory now fan out to federation peers via broadcast_store_quorum / broadcast_delete_quorum. Before, only create_memory did. All three handlers switched from State<Db> to State<AppState>, drop the DB lock before the async peer call (prevents self-sync deadlock), and return 503 quorum_not_met on failure matching create_memory's pattern. New federation::broadcast_delete_quorum is the tombstone analog; SyncPushBody gained a deletions: Vec<String> field processed via db::delete after the memories loop, capped at MAX_BULK_SIZE.
• #320 / PR #324 — federation::spawn_catchup_loop spawns a Tokio task on serve when federation is configured. Periodically (default 30s, configurable via --catchup-interval-secs, 0 disables) calls GET /api/v1/sync/since?peer=<local> against each peer, applies returned memories via insert_if_newer. Uses the receiver's per-peer vector-clock entry so only the delta is pulled. First catchup after restart pulls a capped snapshot (peer-side limit=500). Errors are logged but never propagated — best-effort background task. 5-second startup delay prevents connection refused during rolling cluster start.
• #321 / PR #324 — GET /api/v1/contradictions?topic=X&namespace=Y — new HTTP endpoint. Returns {memories, links} where links includes any existing contradicts rows from memory_links PLUS a heuristic synthesis: when ≥2 candidates share topic/title with differing content, emit a synthesized contradicts link per pair (synthesized: true flag distinguishes from operator-authored or LLM-detected links). Heuristic-only intentionally — LLM-backed detection stays in the MCP memory_detect_contradiction tool so the HTTP surface has no runtime LLM dependency.
• #322 / PR #324 — sync_push handler now takes State<AppState> (previously State<Db>), collects (id, text) for applied rows, and after the DB lock is released regenerates embeddings and updates the peer's in-memory HNSW index. Before, peers applied the row to SQLite but never indexed its embedding, so semantic recall on the peer silently missed propagated memories. Only fires when the embedder is configured — keyword-only deployments are unaffected.

v0.6.1 bug category: all four fixes are federation-path completeness bugs exposed by the a2a-hermes r14 campaign. The substrate (CRUD + federation quorum writes for create_memory) was correct; what was missing was symmetric treatment of the other HTTP write paths (delete, update, promote) and the peer-side embedding refresh on sync_push. Root cause per AlphaOne RCA Standard v1: inference from a code-only review (handler source) was insufficient — the actual campaign exposed the gap.

Operational additions:

• --catchup-interval-secs N on ai-memory serve — operator tuning dial for the new catchup poller. 0 disables.
• A2A_GATE_LLM_MODEL env var in the companion ai-memory-ai2ai-gate harness — defaults to grok-4-0709 (Grok 4.2 reasoning) per the biologic-authored baseline.
• New F4 directional mesh connectivity probe in the A2A-gate setup_node.sh — explicit 12-edge check (N=4 → N·(N-1)=12 directed edges) gates baseline_pass before any scenario runs. Previously baseline was verified indirectly via inference from passing scenarios; now it's direct.

Known deferred (not release-blocking):

• Tombstone table for delete propagation. v0.6.1 ships a simple delete — a concurrent newer `insert_if_...

v0.6.0

v0.6.0 — The "fully autonomous endpoint AI powered by ai-memory" release

This release gets ai-memory one step away from fully autonomous endpoint AI. Not marketing — engineering. Federation is now correct, migration is lossless, and the cluster survives a primary crash mid-write at 100% convergence on real infrastructure. Validated by a 15-campaign ship-gate arc on fresh DigitalOcean droplets, evidence published at https://alphaonedev.github.io/ai-memory-ship-gate/.

---

For end users (non-technical)

Your AI agents now have a memory system that:

• Won't silently lose your data when a server crashes mid-write. If three servers are running and one crashes, the other two always have the write. We found and fixed the bug in this release that was causing roughly 50% of writes to only end up on two of the three servers instead of all three (PR #309). The shipping version writes to all three reliably.
• Survives upgrading between SQLite and Postgres storage. We test 1000 memories round-tripping between both backends every release. Zero errors. Zero data loss. If you start on SQLite and outgrow it, switching to Postgres won't corrupt anything.
• Keeps your agents' memories separated with five levels of scope (private / team / unit / org / collective). A private memory stays private even when multiple agents share the same memory store.
• Detects when your agents contradict each other so a third agent can see both sides of the disagreement instead of one silently overriding the other.
• Labels writes by agent identity and never silently drops that label, even through memory consolidation or migration — so you always know which agent said what.

You don't have to take our word for any of this. Every campaign run is a JSON artefact you can read:
https://github.com/alphaonedev/ai-memory-ship-gate/tree/main/runs

---

For C-level decision makers

Release-gate status for v0.6.0:

Gate	Status
Unit + integration (cargo test, 158 tests)	✅
Cross-platform CI (Ubuntu / macOS / Windows)	✅
Ship-gate Phase 1 — single-node functional	✅
Ship-gate Phase 2 — 3-node federation + quorum probes	✅ (200/200/200 convergence)
Ship-gate Phase 3 — SQLite ↔ Postgres migration round-trip	✅ (1000/1000, 0 errors)
Ship-gate Phase 4 — chaos campaign	✅ (kill_primary_mid_write 1.0)
Released to crates.io, GHCR Docker, Ubuntu PPA, Homebrew, GitHub Release	✅

Business risk bought down:

• Silent data-loss regression found pre-release. Under 3-node federation with --quorum-writes 2, writes were landing on only 2 of 3 nodes instead of all 3. Fixed in PR #309. A customer hitting this bug under a single node failure would have lost data; discovery cost was ~$0.60 of DigitalOcean compute plus engineering time.
• Audit-posture increase. Every release tag is now gated by a peer-reviewable campaign. The ship-gate site publishes each phase's JSON evidence. A compliance reviewer asking "how do you know this build is safe for production?" gets a URL, not a narrative.
• Release-gate velocity: 13–15 min wall-clock per campaign, ~$0.10 of DigitalOcean compute per run. Release decisions don't block on multi-hour QA cycles.
• Release cadence classification arriving v0.7.1 (commercial AgenticMem): bugfix (weekly), security (ASAP), mixed (escalates urgency). Foundation laid in v0.6.0.

ROI framing: the silent-data-loss bug alone justifies the ship-gate investment. This release establishes the operational discipline for every subsequent ai-memory release.

---

For engineers / architects / SREs

Correctness landing in v0.6.0:

• PR #309 — src/federation.rs::broadcast_store_quorum now detaches post-quorum fanouts into a background tokio::spawn instead of calling joins.shutdown().await. The prior implementation aborted in-flight reqwest tasks after W-1 acks, often before the receiving peer's axum handler committed the write. Net effect was silent data-loss under W=2/N=3 against real multi-peer workloads. Regression test added: federation::tests::post_quorum_fanout_reaches_all_peers.
• PR #310 — Added "chaos" to VALID_SOURCES. Triple-sync enforced across src/validate.rs, src/mcp.rs tool schema, sdk/typescript/src/types.ts Source union.
• PR #312 — packaging/chaos/run-chaos.sh now isolates per-cycle DB + namespace, uses SIGKILL teardown with a 100 ms settle (vs SIGTERM + graceful-shutdown WAL-checkpoint race), and emits a correct convergence metric (min(count_node1, count_node2) / total_ok vs the prior ok/writes ratio that was capped at ~2% for kill-type faults).
• PR #313 — Added a 3-second post-write settle before the convergence count so detached fanout retries have time to complete under partition-recovery scenarios.
• PR #316 — Reverted PR #314's aggressive tcp_keepalive(1s) + pool_idle_timeout(5s) on the federation reqwest client after ship-gate r21 hung 40+ min (suspected ephemeral-port exhaustion + keepalive thrash on the chaos loopback mesh). Conservative defaults restored.

Operational additions:

• MCP handshake now advertises ≥ 30 tools (verified per Phase 1 on every run).
• metadata.agent_id immutability preserved through store, update, dedup UPSERT, MCP memory_update, HTTP PUT /memories/{id}, import, sync, and consolidate (ADR + tests).
• Federation client TLS path uses rustls with explicit use_rustls_tls() — no openssl path remains. mTLS client-cert + server-cert PEM loading at config_time via reqwest::Identity::from_pem.
• ai-memory serve --quorum-writes N --quorum-peers <url1,url2> is the sole entry point for federation configuration. Disabled entirely when either flag is absent — backwards-compatible with every prior release.

Known deferred (not release-blocking):

• partition_minority chaos class convergence_bound sits at 0.2 across r19-r24 with the current harness timing. kill_primary_mid_write is the disaster scenario (primary CRASH) and is required; partition_minority is a milder-fault informational scenario deferred to v0.6.0.1 investigation. Per-cycle instrumentation landed then reverted in ship-gate commit f993e2c + a99bb3b; re-landable with proper smoke test.
• Targeted memory_share MCP tool spec filed as issue ai-memory-mcp#311 for v0.6.0.1.

Evidence trail:

• Ship-gate campaign arc: https://alphaonedev.github.io/ai-memory-ship-gate/
• r25 evidence (this release's certifying run): https://alphaonedev.github.io/ai-memory-ship-gate/evidence/v0.6.0.0-final-r25/index.html
• Every phase's JSON artefact with tri-audience analysis.

---

Installation

All the usual paths are up to date:

# Homebrew (macOS + Linux)
brew install alphaonedev/tap/ai-memory

# Ubuntu PPA
sudo add-apt-repository ppa:jbridger2021/ppa && sudo apt install ai-memory

# Docker
docker pull ghcr.io/alphaonedev/ai-memory:0.6.0

# Cargo (from source)
cargo install ai-memory --version 0.6.0

# Or grab a pre-built binary from the assets below

Full install guide: https://github.com/alphaonedev/ai-memory-mcp/blob/v0.6.0/docs/INSTALL.md

---

Thanks

This release is the culmination of a single intense day of engineering (2026-04-20) compressing a 15-campaign ship-gate arc into a certified tag. Every fix is paired with a test, every test is paired with a published artefact, every artefact is peer-reviewable.

Next up (v0.6.0.1): memory_share targeted A2A subset sync (issue #311), partition-recovery investigation, and the first A2A-gate campaigns (repo: https://github.com/alphaonedev/ai-memory-ai2ai-gate).

🤖 Release curated with assistance from Claude Opus 4.7.

---

New features in v0.6.0.0 (delta from v0.5.4.6 Patch 6)

Link to this section: #new-features-in-v060

Every row has the PR number, the commit, and a one-line description of what
the feature does for you. Ordered by theme, not by chronology.

Federation + peer-to-peer

Feature	PR / commit	What it gives you
Silent-data-loss fix in quorum replication	#309 · ed3094e	Writes under --quorum-writes 2 of N=3 now land on all three peers instead of leader + one. Regression test added. Release-blocking fix for v0.6.0.
sync-daemon — peer-to-peer HTTP knowledge mesh	#226 · f50e440	Standalone subcommand that reconciles memories across a peer mesh over HTTP. The substrate for agent-to-agent shared memory.
Quorum-replication primitives + ADR-0001	#280 · 9a6c6d2	--quorum-writes N --quorum-peers url1,url2 on serve enables W-of-N synchronous acknowledgement before 201. Formal claim-shape documented in ADR-0001.
Federation autonomy + chaos harness	#282 · fb97502	serve invokes broadcast_store_quorum on every write when federation is configured. In-repo chaos harness (packaging/chaos/run-chaos.sh) exercises four fault classes.
Phase 3 foundation — vector clocks + sync endpoints	#225 · 528e42d	POST /api/v1/sync/push + GET /api/v1/sync/since + sync --dry-run. Wire protocol for every future federation and A2A feature.
Native TLS (Layer 1)	#227 · 939c3b4	serve --tls-cert --tls-key for HTTPS on the HTTP + MCP-over-HTTP surface. Rustls stack; no openssl dependency.
mTLS with fingerprint allowlist (Layer 2)	#229 · f8b248d	serve --mtls-allowlist + federation client --client-cert / --client-key. Peer-mesh crypto: only allow-listed SHA-256 client-cert fingerprints can reach sync endpoints.

Scoping, namespaces, ...

v0.5.4.6

v0.5.4.6 — Patch 6: Security Hardening & Governance

12 security vulnerabilities fixed. Zero unsafe impl. Repository governance locked down.

---

For Everyone

This is a security-focused release. If you're running v0.5.4.5 or earlier, upgrade now.

What changed:

• The HTTP API no longer allows any website to read your memories (CORS fix)
• Bulk delete (memory_forget) now archives memories before deleting and supports dry_run to preview what would be deleted
• Control characters (ANSI escape codes, backspace, etc.) are now rejected in memory titles and content
• All unsafe code removed from the memory and search engine

New feature: Memories now support an optional metadata JSON field for storing structured key-value data alongside your memories.

Upgrade:

# Any of these:
brew upgrade ai-memory
cargo install ai-memory
curl -fsSL https://raw.githubusercontent.com/alphaonedev/ai-memory-mcp/main/install.sh | sh

---

For Leadership

Governance hardening:

• Branch protection enabled on all branches (main, develop, release/*)
• CODEOWNERS established — all changes require @alphaonedev approval
• Signed commits required
• CI status checks required (fmt, clippy pedantic, tests, audit on Linux + macOS)
• Self-merge permanently blocked

Security fixes (12):

#	Severity	What was wrong	What we fixed
CVE x2	Critical	TLS certificate validation bypass (rustls-webpki)	Patched to 0.103.12
1	Critical	HTTP API accepted cross-origin requests from any website	Deny all cross-origin by default
2a	Critical	Unverified unsafe thread-safety on embedding model	Replaced with Mutex
2b	Critical	Same issue on search reranker model	Replaced with Mutex
3	High	Search queries could exclude results via FTS injection	Stripped +/- operators
4	High	Bulk delete had no undo, no preview, no archive	Added archive + dry_run
5	Medium	Memory consolidation silently lost provenance data	Stored in metadata
6	Medium	Vector search index grew without bound	Capped at 100K entries
7	Medium	Promote operation bypassed safety checks	Uses proper update path
8	Medium	Filesystem directory names leaked into database	Disabled
9	Low	ANSI escape codes accepted in memory content	Rejected

By the numbers:

• 230 automated tests (173 unit + 57 integration), all pass
• 59 live functional tests, all pass
• 0 vulnerabilities, 0 audit warnings
• 0 unsafe impl in codebase

---

For Engineers

Security Fixes

CVE: rustls-webpki 0.103.10 (RUSTSEC-2026-0098, RUSTSEC-2026-0099)
Wildcard name constraint bypass and URI name constraint acceptance. Patched via lockfile update to 0.103.12. Additionally, reqwest bumped from 0.11 to 0.12 to eliminate a second copy (0.101.7) that had no patch available.

CORS (Critical): CorsLayer::permissive() → CorsLayer::new(). The previous configuration allowed any website to make authenticated cross-origin requests to the localhost API, enabling CSRF-style attacks to exfiltrate or destroy memories.

unsafe impl Send/Sync (Critical): Both Embedder and CrossEncoder had unsafe impl Send for T {} / unsafe impl Sync for T {} on types containing BertModel. Replaced with Mutex<BertModel> wrapping. The mutex is never contended in practice (MCP server is single-threaded stdio).

FTS Injection (High): sanitize_fts_query now strips + and - prefix operators in addition to the existing "*^{}():| filter. Previously, -secret in a recall query would exclude matching memories from results.

memory_forget (High): Now archives matching memories before deletion (like GC already did). New dry_run parameter returns {"would_delete": N} without executing.

Consolidation provenance (Medium): derived_from links were created then immediately CASCADE-deleted when source memories were removed in the same transaction. Source IDs are now recorded in the consolidated memory's metadata.derived_from array.

HNSW cap (Medium): all_entries vector capped at 100,000. Oldest entries evicted and index rebuilt on overflow. Prevents unbounded memory growth (~150MB at 100K with 384-dim embeddings).

handle_promote (Medium): Raw SQL UPDATE memories SET tier='long', expires_at=NULL replaced with db::update() call that respects tier downgrade protection and title collision checks.

auto_register_path_hierarchy (Medium): Disabled. This function walked the filesystem from cwd upward and wrote directory names into the database as namespace parent relationships, leaking filesystem structure.

Control char validation (Low): is_clean_string expanded from !s.contains('\0') to !s.chars().any(|c| c.is_control() && c != '\n' && c != '\t'). Rejects ANSI escape sequences, backspace, bell, bidirectional overrides.

New Feature: Metadata Column

Memories now have an optional metadata JSON field (Phase 1, Task 1.1):

{"name": "memory_store", "arguments": {
  "title": "API endpoint",
  "content": "POST /api/v1/users",
  "metadata": {"version": 2, "author": "team-a"}
}}

Schema migration adds the column automatically. MCP tools support store, update, and recall with metadata. Metadata is validated (must be object, max 64KB, max depth 10).

Governance

Branch protection, CODEOWNERS, signed commits, and CI status checks are now enforced on all protected branches. See issue #170 for full details and SOP.

Full Changelog

fix: update rustls-webpki 0.103.10 -> 0.103.12 (RUSTSEC-2026-0098, RUSTSEC-2026-0099)
fix: bump reqwest 0.11 -> 0.12 (eliminates rustls-webpki 0.101.7)
fix: replace permissive CORS with deny-by-default
fix: remove unsafe impl Send/Sync on Embedder
fix: remove unsafe impl Send/Sync on CrossEncoder
fix: strip +/- prefix operators in FTS query sanitizer
fix: memory_forget archive + dry_run
fix: consolidation provenance via metadata
fix: cap HNSW index at 100K entries
fix: handle_promote uses db::update
fix: disable auto_register_path_hierarchy
fix: reject control characters in stored content
fix: restore rust-version = 1.87
feat: metadata JSON column (Phase 1, Task 1.1)
chore: CODEOWNERS, branch protection, governance
chore: reconcile main/develop divergence
chore: bump version to 0.5.4-patch.6

---

Package Distribution

Channel	Install / Upgrade	Status
Pre-built binary (Linux/macOS)	curl -fsSL https://raw.githubusercontent.com/alphaonedev/ai-memory-mcp/main/install.sh | sh	✅ Live
Pre-built binary (Windows)	irm https://raw.githubusercontent.com/alphaonedev/ai-memory-mcp/main/install.ps1 | iex	✅ Live
Homebrew (macOS + Linux)	brew install alphaonedev/tap/ai-memory	✅ Live
Ubuntu PPA (apt)	sudo add-apt-repository ppa:jbridger2021/ppa && sudo apt install ai-memory	✅ Live
Fedora COPR (dnf)	sudo dnf copr enable alpha-one-ai/ai-memory && sudo dnf install ai-memory	✅ Live
crates.io (cargo)	cargo install ai-memory	✅ Live
cargo-binstall	cargo binstall ai-memory	✅ Live
Docker (GHCR)	docker pull ghcr.io/alphaonedev/ai-memory-mcp:v0.5.4.6	✅ Live
GitHub Release (binaries + .deb + .rpm)	Download	✅ Live