SignetAI

Type: ../types/agent-memory-system-review.md · Status: current · Tags: trace-derived

SignetAI is Signet AI's local-first context layer for AI agents. It is not an agent harness; it runs underneath Claude Code, Codex, OpenCode, OpenClaw, Pi, Gemini CLI, Hermes Agent, and a first-party Forge runtime as a daemon, CLI, MCP server, SDK, dashboard, connector suite, and benchmark provider. The inspected source supports the previous trace-derived placement: Signet preserves raw session/transcript records and derives durable memories, summaries, graph attributes, embeddings, retrieval hints, and feedback-weighted recall state from those traces.

Repository: https://github.com/Signet-AI/signetai

Reviewed commit: b5c1ab80215d2dec18114f28d46af29aff2c7349

Last checked: 2026-05-16

Core Ideas

Signet is a daemon-centered cross-harness memory layer. The root package declares a Bun monorepo with @signet/core, @signet/daemon, @signet/cli, @signet/sdk, connector packages, dashboard, desktop/tray surfaces, plugins, and MemoryBench (root manifest). The repo's own agent guide describes the daemon as a Hono HTTP service on port 3850 with dashboard, hooks, file watching, pipeline workers, and $SIGNET_WORKSPACE/memory/memories.db as the main local data location (repo guide). That makes the storage substrate local SQLite plus workspace files, not a hosted service.

Connectors install the same lifecycle into many harnesses. The Claude Code connector writes lifecycle hooks, removes stale generated CLAUDE.md, and symlinks Signet skills into ~/.claude/skills (Claude Code connector). The Codex connector writes hooks.json entries for SessionStart, UserPromptSubmit, and Stop, and also configures a signet-mcp command or remote /mcp endpoint in Codex config (Codex connector). OpenCode, OpenClaw, Gemini, Forge, Pi, Oh My Pi, and Hermes Agent connectors follow the same package pattern under integrations/ (integrations tree). The connector layer is a system-definition artifact: it instructs harnesses when to call Signet and how to inject retrieved context.

The public consumer surfaces are CLI, HTTP, MCP, SDK, dashboard, and native runtime code. CLI commands wrap daemon start/stop/status, remember, recall, embedding audit/backfill, MCP management, knowledge graph browsing, session bypass, skills, secrets, and workspace configuration (memory CLI, daemon CLI, MCP CLI). The SDK exposes hook methods such as sessionStart, userPromptSubmit, sessionEnd, hookRemember, hookRecall, compaction, synthesis, continuity, knowledge, analytics, and repair calls (SDK client). The dashboard is a Svelte app that fetches identity, config files, recent memories, stats, and harnesses from daemon APIs (dashboard load).

SQLite is the primary storage substrate, with FTS, vectors, graph tables, and file artifacts as derived or parallel layers. The database wrapper uses bun:sqlite under Bun or better-sqlite3 under Node, loads sqlite-vec when available, enables WAL, and runs numbered migrations (database wrapper). Baseline tables include memories, conversations, embeddings, vec_embeddings, and FTS5 over memories (baseline migration). Later migrations add lossless session transcripts, memory artifact FTS/tombstones, knowledge graph entities/aspects/attributes/dependencies, path feedback, skill invocations, ontology proposals, and graph indices (session transcripts, memory artifact lineage, knowledge structure, ontology proposals).

Raw-first retention is an explicit design, not just a README claim. Session transcripts are stored in session_transcripts, backfilled into canonical transcript JSONL, and indexed as markdown summary/transcript/compaction/manifest artifacts with content hashes, source paths, session tokens, and tombstones (session transcript code, memory lineage). The summary worker's contract is also explicit: session-end hooks enqueue work, the worker summarizes transcripts asynchronously, writes markdown artifacts, inserts durable facts, and keeps the raw transcript available (summary worker). Raw transcripts and artifacts are knowledge artifacts when recalled as evidence; generated memories, graph attributes, embeddings, and rendered MEMORY.md heads become stronger behavior-shaping surfaces.

The extraction and decision pipeline is asynchronous and gate-heavy. enqueueExtractionJob() inserts memory_jobs rows; workers lease jobs, extract facts/entities with an LLM prompt, run candidate retrieval, record decision history, and in controlled-write mode apply ADD/UPDATE/DELETE/NONE decisions (pipeline worker, extraction prompt, decision engine). Significance gating skips low-value session transcripts while preserving raw transcripts (significance gate). The write gate bypasses decisions, constraints, and errors, but otherwise blocks low-surprisal facts using scoped similarity and continuity signals (write gate). Ontology proposals add a proposal-before-mutation surface for graph maintenance, with pending/applied/rejected/failed state and source evidence fields (ontology proposal migration).

Recall is hybrid retrieval plus graph traversal, reranking, feedback, and transcript/source rescue. The core search layer implements FTS5 keyword search, sqlite-vec vector search, and blended hybrid scores (core search). The daemon recall path adds strict authorization before content load, graph boost IDs, focal entity resolution, structured path evidence, currentness bias, rehearsal boost from prior access, rerank providers, transcript fallback, source chunk vector rescue, and optional LLM summarization (daemon recall, graph traversal, reranker). The ranking layer is a system-definition artifact because it decides which knowledge artifacts enter the agent's bounded context.

Hooks inject both context and operating instructions. The hook system exports lifecycle handlers for session start, prompt submit, pre-compaction, session end, remember, and recall. It builds a Signet system prompt telling the agent when to check memory, how to use memory_search, lcm_expand, and knowledge_expand, and how to verify retrieved memory before acting (hooks system prompt). The registered routes expose /api/hooks/session-start, /api/hooks/user-prompt-submit, /api/hooks/session-end, /api/hooks/remember, /api/hooks/recall, compaction, synthesis, and checkpoint extraction endpoints (hook routes). This is stronger behavioral authority than ordinary retrieval: Signet is instructing the harnessed agent's memory-check behavior.

MCP is both native memory interface and marketplace aggregation layer. The MCP server exposes base tools including memory_search, memory_store, memory modification/feedback, knowledge expansion, session search, LCM expansion, agent messaging, secrets, MCP server management, and GraphIQ code tools, while tool handlers call daemon HTTP APIs to avoid duplicating recall logic (MCP tools). It can also register installed marketplace MCP tools as proxied first-class tools, so Signet doubles as a context/memory daemon and an MCP control plane.

Skills are treated as procedural memory, with invocation and enrichment paths. platform/core/src/skills.ts unifies OpenClaw lockfile skills and Claude Code skills into a single registry and can symlink skills into the Signet workspace (skills registry). Skill invocation tracking records skill name, agent scope, source, latency, success, error, and timestamp (skill invocation migration). Skill frontmatter enrichment uses an LLM to generate descriptions, trigger phrases, and tags for discovery (skill enrichment). A skill is a system-definition artifact when installed into an agent's invocation path; its metadata is a knowledge artifact for discovery until used to route behavior.

Feedback and benchmarks exist, but the predictor path is partially retired. Runtime feedback is implemented through memory_feedback, session memory feedback means, path feedback events/stats, FTS overlap feedback, aspect weight decay, and status propagation (feedback API references, path feedback migration). Several predictor-shaped migrations and analytics counters remain, but the current migrations reserve retired scorer slots rather than shipping a live trainable predictor table path (retired predictor training slot). MemoryBench is real and includes Signet as a provider that ingests sessions through /api/memory/remember, uses structured extraction in benchmark mode, recalls through the daemon, and evaluates retrieval with relevance metrics (MemoryBench README, Signet benchmark provider, retrieval metrics).

Comparison with Our System

Dimension SignetAI Commonplace
Primary unit Session, memory row, transcript artifact, graph entity/aspect, skill, hook-injected context Typed markdown note, instruction, ADR, review, source snapshot, generated index
Storage substrate Local SQLite with FTS5 and optional sqlite-vec, markdown/JSONL artifacts, workspace files, skills, connector config Git-tracked markdown, YAML frontmatter, scripts, generated reports/indexes
Representational form Mixed prose, structured rows, graph topology, embeddings, prompt instructions, skills, connector configs Mostly prose plus symbolic schemas/scripts/commands
Lineage Source IDs, content hashes, transcript artifacts, memory history, summary jobs, artifact manifests, ontology proposal evidence Source snapshots, commit-pinned reviews, authored links, git history, replacement archives
Activation Hooks, MCP tools, daemon recall, system prompt, dashboard, SDK, CLI, connector-installed harness calls Agent navigation through rg, indexes, links, skills, validation/review commands
Authority Hooks and system prompt instruct; recall/rerank/feedback rank; write gates decide persistence; skills execute procedures AGENTS.md, collection contracts, type specs, skills, validation/review tools instruct or enforce

Signet is much closer than most reviewed systems to "memory as an agent operating layer." It does not merely offer a remember endpoint. It installs harness hooks, injects memory-check procedure, captures raw sessions, asynchronously extracts durable facts, maintains graph and vector projections, serves MCP tools, and gives a dashboard and CLI for inspection and repair. The strongest comparison point with commonplace is that both systems care about source-versus-derived layers and behavioral authority.

The divergence is substrate and review culture. Signet's canonical operational state is SQLite plus daemon-maintained artifacts. It has richer runtime automation, lower-friction cross-harness adoption, and more immediate prompt-time activation than commonplace. Commonplace's canonical state is reviewed files: claims are easier to read, dispute, link, replace, and validate as methodology. Signet has memory_history, provenance fields, and raw transcript fallback, but a generated fact or graph edge is not yet a reviewed claim in a collection with authored link semantics.

The behavioral-authority split is unusually clear. Raw transcripts, session summaries, dashboard views, memory rows, and graph facts are knowledge artifacts when they inform the agent. Hook prompts, connector configs, skills, write gates, recall rankers, feedback weighting, auth scopes, and ontology mutation proposals are system-definition artifacts because they instruct, route, enforce, rank, or govern future behavior.

Read-back: both — agents can pull memory through MCP, CLI, SDK, and daemon recall, while connector hooks inject recall snippets and memory-use instructions.

Borrowable Ideas

Cross-harness lifecycle hooks as the activation surface. Commonplace mostly assumes the agent chooses to search the KB. Signet shows a stronger packaging pattern: install small harness-native hooks that inject reminders, recall snippets, and memory tools before the model repeats work. Borrowable for consumer projects, but only where hook installation can remain transparent and reversible.

Raw-first transcript retention with derived working heads. Signet's split between raw transcript artifacts, summaries, fact rows, graph state, and rendered memory projections is the right architecture for trace-derived systems. Commonplace already separates sources from notes; Signet adds a concrete live-session version of that pattern.

Write gates before automatic memory accretion. The significance gate and low-surprisal write gate are worth adapting as review-bundle or workshop gates: skip weak traces, preserve raw evidence, and only promote surprising or decision-like material to stronger artifacts. Ready as a design reference, not as a direct import.

MCP wrappers over existing memory operations. Signet's MCP server keeps core logic behind daemon HTTP APIs while exposing agent-native tools. Commonplace could expose validate/search/connect/review commands through MCP without making MCP the canonical storage layer.

Treat skills as procedural memory with usage telemetry. The skill registry, trigger enrichment, and invocation table are a practical bridge between "remembered procedure" and actual agent behavior. Commonplace skills would benefit from invocation evidence and last-used/failed metadata before adding heavier governance.

Do not borrow database opacity as the primary review layer. Signet's SQLite/graph/vector substrate is appropriate for runtime recall. It would be a poor replacement for commonplace's reviewed methodology notes unless paired with plain-file source of truth and human/agent review states.

Trace-derived learning placement

Trace source. Signet consumes agent session traces through lifecycle hooks and connector-installed callbacks. Sources include session-start/prompt-submit/session-end hook payloads, raw transcript paths or transcript text, live transcript turns, compaction summaries, explicit remember calls, memory feedback, skill invocations, MCP invocations, document ingestion, and benchmark sessions. The strongest trace evidence is the session_transcripts table, canonical transcript JSONL backfill, summary jobs, hook routes, and connector hook installation (session transcript migration, transcript code, hook routes).

Extraction. Extraction is staged. Session summaries are produced by the summary worker, which can chunk long transcripts, combine summaries, and extract atomic facts. Memory extraction jobs call extractFactsAndEntities(), validate JSON, classify facts and entities, then run decision logic against existing memories. Knowledge graph transactions persist entities/aspects/attributes/dependencies. Skill enrichment extracts discovery metadata from skill bodies. Feedback routes collect agent ratings for injected memories and graph paths.

Storage substrate. Raw state persists in SQLite tables, canonical transcript JSONL, markdown transcript/summary/compaction artifacts, and workspace files. Distilled state persists in memories, embeddings, vec_embeddings, memories_fts, memory_artifacts, memory_artifacts_fts, entity graph tables, session_memories, feedback tables, ontology proposals, skill registry files, and skill invocation rows. This is a mixed local substrate: database for operational querying, files for inspectable identity/memory surfaces and transcript artifacts.

Representational form. Raw transcripts are prose plus structured metadata. Summaries, extracted memories, hints, skill descriptions, and rendered MEMORY.md are prose. Connector configs, hooks, migrations, graph rows, ontology proposals, and skills are symbolic. Embeddings and vector similarity are distributed-parametric retrieval state. Recall ranking, graph traversal, dampening, rehearsal boost, and feedback weights are numeric/symbolic system-definition state.

Lineage. Lineage is stronger than in most database-backed memory systems but still split. Signet keeps source IDs, source types, content hashes, normalized content, extraction status/model, memory history, summary job metadata, source paths, artifact manifests, transcript fallbacks, and ontology proposal evidence. It also has cold-tier archival for expired/tombstoned memories (cold retention). The weaker point is semantic review: derived facts can gain behavioral influence before they become reviewed claims with a human-readable argument for validity.

Behavioral authority. Raw transcripts, summaries, source chunks, dashboard displays, and retrieved graph context are knowledge artifacts when used as evidence or context. Hook-injected instructions, connector hook files, MCP tools, skills, write gates, auth/rate-limit policy, recall/rerank/traversal logic, feedback weights, and ontology proposal application are system-definition artifacts. Some stored objects carry both roles: a memory row advises when read, but its embedding, access count, feedback, pinned state, and graph links also shape future context selection.

Scope and timing. Scope is per local workspace, agent, session, project, visibility policy, and sometimes group/shared agent policy. Timing is online for hooks and explicit remember/recall, asynchronous for extraction/summary/document jobs, periodic for maintenance and feedback decay, and offline/staged for MemoryBench runs.

Survey placement. Signet strengthens the trace-derived survey's "raw trace plus derived working memory" axis. It is not just trace-to-note and not just trace-to-vector; it is trace-to-transcript-artifact, trace-to-fact, trace-to-graph, trace-to-summary, trace-to-ranking-feedback, and trace-to-procedural-skill metadata. It does not yet strengthen the stronger "reviewed artifact promotion" axis in the commonplace sense because generated facts and graph attributes do not have the same authored review/link lifecycle as KB notes.

Curiosity Pass

The implementation is more operational than the README summary suggests. The README's "bring your own context" framing is broad, but the code shows concrete lifecycle hooks, session arbitration, scope filters, write gates, graph traversal, source rescue, MCP tools, skill telemetry, and benchmark adapters.

Signet has multiple source-of-truth layers. Raw transcripts are preserved, memory rows are operationally canonical for recall, graph attributes are structured projections, and rendered MEMORY.md/artifact ledgers are generated views. That is powerful but makes it important to ask "canonical for what?" before trusting a stored object.

Governance is partly implemented and partly advisory. Auth scopes, rate limits, write gates, deletion/recovery, ontology proposals, and cold retention are concrete. Epistemic review of extracted claims is lighter: provenance exists, but there is no commonplace-style reviewed note lifecycle for each claim.

The predictor story should be described conservatively. Predictor names remain in migrations, telemetry, and config migration code, but current migration slots for scorer tables are retired. Feedback and benchmark loops are real; a live trainable predictor should not be claimed from this commit.

The MCP surface is unusually broad. Signet exposes memory, knowledge graph, session, secret, cross-agent, marketplace MCP, and code-indexing tools through one server. That makes it an agent control plane as much as a memory backend.

What to Watch

  • Whether ontology proposals become a general review queue for extracted facts, graph edges, memory repair, and skill metadata.
  • Whether derived memory rows gain stronger human/agent review states before they influence prompt-time behavior.
  • Whether the retired predictor path is replaced by a live feedback-trained ranker or remains telemetry only.
  • Whether source-versus-derived lineage becomes visible enough in the dashboard and MCP responses for agents to debug retrieved context without reading SQLite.
  • Whether cross-harness connectors converge on one stable contract or continue to require per-harness hook semantics.
  • Whether MemoryBench results drive concrete recall/ranking changes with ablation evidence rather than benchmark-profile-specific code.

Relevant Notes:

  • trace-derived learning techniques in related systems - places: Signet is a broad raw-trace-to-working-memory system with fact, graph, vector, feedback, and procedural metadata projections.
  • knowledge artifact - classifies: raw transcripts, session summaries, retrieved memories, source chunks, and dashboard records advise later agents as evidence or context.
  • system-definition artifact - classifies: hooks, connector configs, MCP tools, write gates, skills, auth scopes, and recall/ranking code instruct, route, enforce, or rank behavior.
  • lineage - clarifies: Signet's transcript artifacts, hashes, memory history, summary jobs, manifests, and ontology proposal evidence are lineage controls over derived state.
  • files-not-database - complicates: Signet is a serious local-first counterexample where SQLite is the operational memory substrate, while files remain important for identity, skills, and transcript artifacts.