Shodh-Memory: A Cognitive Memory System for Edge-Native AI Agents

Q: How is shodh-memory different from a vector database?

Vector databases give you similarity search. Shodh-memory gives you cognition — memories strengthen when accessed together (Hebbian learning), decay naturally over time (power-law forgetting), and form associative networks via a knowledge graph. It's the difference between storage and memory.

Q: Does shodh-memory require an internet connection?

No. Shodh-memory runs 100% offline. The embeddings, vector index, knowledge graph — everything runs locally. Perfect for edge devices, air-gapped systems, or anywhere you need data privacy.

Q: What's the memory overhead?

The binary is ~30MB. Models add ~50MB (22MB MiniLM embeddings + 14MB NER model + 14MB ONNX runtime). Each memory entry uses roughly 2-5KB. A system with 10,000 memories uses approximately 50MB of storage.

Q: Can shodh-memory run on a Raspberry Pi?

Yes. Shodh-memory is designed for edge deployment. It runs on Raspberry Pi Zero, Jetson Nano, industrial PCs, and other resource-constrained devices. Graph lookups are under 1 microsecond.

Q: How does memory decay work?

Shodh-memory uses a hybrid model: exponential decay for the first 3 days (consolidation phase), then power-law decay for long-term retention. Memories accessed 10+ times become potentiated and decay 10x slower. Based on Wixted & Ebbesen (1991).

Q: What is Hebbian learning in AI agent memory?

Cells that fire together, wire together. When memories are accessed together, their connection strengthens. When memories compete, interference effects occur. It's how biological brains work, now applied to AI agent memory.

Q: Is there a cloud version?

No, and that's intentional. Shodh-memory is built for local-first, privacy-preserving AI. Your agent's memories stay on your hardware. If you need multi-device sync, you can replicate the RocksDB storage yourself.

Q: What languages and frameworks does shodh-memory support?

The core is Rust. We provide: an MCP server (for Claude, Cursor, and other AI agents), Python bindings (via PyO3/maturin), and a REST API. The Rust crate can be embedded directly in your application.

Q: How do I contribute?

Check out github.com/varun29ankuS/shodh-memory. Open issues, submit PRs, or join discussions. The codebase is well-documented with 688+ tests. All constants have neuroscience citations.

Varun Sharma

doi:10.5281/zenodo.18668709

security

Last updated: April 2026

// core principle

Shodh-memory is designed so that your data never leaves your machine. There is no cloud component, no telemetry, no phone-home behavior. Everything runs locally.

// architecture

Single Rust binary — no external runtime, no Docker, no interpreter
All storage is local RocksDB on your filesystem
Embeddings computed locally via ONNX Runtime (MiniLM-L6-v2, 384-dim)
Entity extraction runs locally via a bundled NER model
No network calls are made during normal operation
The only network activity is model downloads on first run (from HuggingFace, with checksum verification)

// data isolation

Each user gets a separate storage directory with isolated RocksDB instances
Multi-user mode uses per-user column families — no cross-user data access
API endpoints are scoped by user ID — one user cannot access another's memories
The MCP server runs on localhost by default — not exposed to the network

// network exposure

The REST API binds to 127.0.0.1:3030 by default (localhost only)
WebSocket endpoint (/api/stream) has no authentication — acceptable for localhost, not recommended for network exposure
If you expose the API to a network, use a reverse proxy with authentication (nginx, Caddy, etc.)
The MCP server communicates over stdio — no network sockets involved

// supply chain

Model URLs are pinned to immutable HuggingFace commits
All model downloads are verified with SHA-256 checksums
Binary releases are built via GitHub Actions CI with reproducible builds
Dependencies are audited — see cargo audit in CI
Published on crates.io, npm, and PyPI with standard package verification

// memory safety

Core written in Rust — memory-safe by design, no buffer overflows or use-after-free
1089 tests covering storage, retrieval, graph operations, and edge cases
CI runs cargo clippy with strict warnings on every PR
OOM protection: deserialization has 10MB size limits to prevent allocation attacks
ONNX Runtime configured with thread limits and lock timeouts to prevent deadlocks

// backup & recovery

Built-in backup system with SHA-256 checksum verification
Backups cover all data: memories, todos, reminders, facts, knowledge graph, feedback, audit logs
Point-in-time restore with integrity verification before restore
Backup purging to manage disk space (configurable retention count)

// responsible disclosure

If you discover a security vulnerability, please report it responsibly:

Email: enterprise@shodh-memory.com with subject "SECURITY"
Do not open a public GitHub issue for security vulnerabilities
We will acknowledge receipt within 48 hours
We will provide a fix timeline within 7 days
We credit all responsible disclosures (unless you prefer anonymity)

tl;dr → Everything runs locally. No cloud, no telemetry, no network calls. Rust for memory safety. SHA-256 for supply chain. Report vulnerabilities to enterprise@shodh-memory.com.