Governance overview

Memory your agents can trust, inspect, and erase.

isanna Hive turns agent memory from a black box into governed infrastructure: every write has provenance, every recall is scoped, and every deletion leaves a verifiable trail.

Read this page for the model. Implementation proof is available when a buyer or reviewer needs it.

Agents act on memory. Bad memory becomes bad work.

If memory is stale, poisoned, leaked, or unprovable, the risk compounds across every future prompt. Governance is the difference between "the agent remembered something" and "the agent remembered something we can defend."

The black-box tax

Most memory systems answer one question: "can the agent retrieve it?" Hive answers the harder ones: who wrote it, who can see it, what changed, what was deleted, and whether the system can prove those facts later.

Eight controls, one trust boundary.

The overview is intentionally simple: each control exists to keep agent memory useful without letting it become unaccountable infrastructure.

01

Provenance

Who wrote it is stamped by the server, not the caller. The human path hard-pins "human"; client-supplied agent_id cannot forge authorship.

02

Audit

Every tool call writes an immutable, content-free audit row: action, tenant, status, time, and safe metadata. Never the memory content.

03

Erasure

Delete and receipt commit in one transaction. If the receipt cannot be recorded, the delete does not happen.

04

Isolation

Each tenant gets its own physical Postgres schema, FORCE row-level security, and request-scoped org_id. Missing scope fails closed.

05

Quarantine

Suspicious agent writes are held out of recall until a human reviews them. Attack-shaped text cannot quietly become future context.

06

Curation

Curator and Knowledge surfaces render live data once tagged memories exist; the spec-02/03 schema evolution chain is applied.

07

Lifecycle

Memories move through active, superseded, archived, quarantined, and expired states. Default recall prefers current truth.

08

Local-first

The memory substrate runs on infrastructure you control. Cloud beta keeps the same governance model on isolated Hive-operated infrastructure.

From write to provable erase.

A memory is not just inserted and forgotten. It moves through a governed path with explicit checks at the places where trust can break.

1

Write

The request enters through the server boundary under tenant scope.

2

Stamp

Author and request context are resolved server-side.

3

Index

The memory is embedded and prepared for search without silent merging.

4

Gate

Poisoning-shaped writes are quarantined before recall.

5

Recall

Search returns scoped, current, explainable memory.

6

Curate

Human-approved changes supersede rather than overwrite.

7

Erase

Deletes cascade; a complete delete + ledger seal mints a hash-chained receipt (a partial one errors instead).

Enough proof to trust the overview. More proof when you need it.

This page keeps the public story readable. The full engineering notes remain available for developers, reviewers, and skeptical buyers.

What the overview proves

  • API keys resolve to org and tenant scope; setRequestScope writes transaction-local GUCs; RLS gates every row; the request role is non-bypass NOBYPASSRLS with FORCE ROW LEVEL SECURITY. The isolation posture remains schema segregation backed by RLS, with scaling work kept inside that boundary.
  • The hivemind_app role is NOSUPERUSER NOBYPASSRLS; startup guards and the isolation matrix prove missing and foreign org scope return zero rows.
  • The MCP server runs with allow-net, allow-env, and allow-read only; ci/request-path-privilege-guard.ts blocks broader deploy permissions and any system-permission expansion.
  • Recall uses vector and keyword arms, fused by Reciprocal-Rank Fusion, then a relevance, recency, and importance blend.
  • Structured-table recall and graph-augmented recall are roadmap items — not yet implemented. A learned reranker and reflective retrieval are also roadmap, not shipped.

Share proof selectively

The public page stays intentionally high-level. Detailed architecture notes, SQL/RLS mechanics, retrieval diagrams, and telemetry evidence are kept for direct reviewer or buyer share-outs.

Memory makes agents measurably better.

The research argument is simple: agents improve when they can learn from prior work. Hive's bet is that production agent memory also needs governance, not just retrieval.

Trust the memory before agents rely on it.

Start with the overview, then apply for the private beta when you want governed memory in a real workflow.