🧠 Add Agent Memory System with PostgreSQL + Qdrant + Cohere

Features:
- Three-tier memory architecture (short/mid/long-term)
- PostgreSQL schema for conversations, events, memories
- Qdrant vector database for semantic search
- Cohere embeddings (embed-multilingual-v3.0, 1024 dims)
- FastAPI Memory Service with full CRUD
- External Secrets integration with Vault
- Kubernetes deployment manifests

Components:
- infrastructure/database/agent-memory-schema.sql
- infrastructure/kubernetes/apps/qdrant/
- infrastructure/kubernetes/apps/memory-service/
- services/memory-service/ (FastAPI app)

Also includes:
- External Secrets Operator
- Traefik Ingress Controller
- Cert-Manager with Let's Encrypt
- ArgoCD for GitOps

infrastructure/ansible/templates/patroni.yml.j2

@@ -0,0 +1,120 @@
+# Patroni Configuration for {{ inventory_hostname }}
+# Generated by Ansible
+
+scope: {{ patroni_scope }}
+namespace: {{ patroni_namespace }}
+name: {{ inventory_hostname }}
+
+restapi:
+  listen: 0.0.0.0:8008
+  connect_address: {{ ansible_host }}:8008
+
+consul:
+  host: {{ consul_host }}:8500
+  register_service: true
+
+bootstrap:
+  dcs:
+    ttl: 30
+    loop_wait: 10
+    retry_timeout: 10
+    maximum_lag_on_failover: 1048576
+    postgresql:
+      use_pg_rewind: true
+      use_slots: true
+      parameters:
+        # Performance
+        max_connections: 200
+        shared_buffers: 256MB
+        effective_cache_size: 768MB
+        maintenance_work_mem: 64MB
+        checkpoint_completion_target: 0.9
+        wal_buffers: 16MB
+        default_statistics_target: 100
+        random_page_cost: 1.1
+        effective_io_concurrency: 200
+        work_mem: 2621kB
+        huge_pages: off
+        min_wal_size: 1GB
+        max_wal_size: 4GB
+        max_worker_processes: 4
+        max_parallel_workers_per_gather: 2
+        max_parallel_workers: 4
+        max_parallel_maintenance_workers: 2
+        
+        # Replication
+        wal_level: replica
+        hot_standby: "on"
+        max_wal_senders: 10
+        max_replication_slots: 10
+        hot_standby_feedback: "on"
+        
+        # Logging
+        log_destination: 'stderr'
+        logging_collector: 'on'
+        log_directory: 'log'
+        log_filename: 'postgresql-%Y-%m-%d_%H%M%S.log'
+        log_rotation_age: '1d'
+        log_rotation_size: '100MB'
+        log_min_duration_statement: 1000
+        log_checkpoints: 'on'
+        log_connections: 'on'
+        log_disconnections: 'on'
+        log_lock_waits: 'on'
+        
+        # Archive (for pgBackRest)
+        archive_mode: "on"
+        archive_command: 'pgbackrest --stanza={{ patroni_scope }} archive-push %p'
+        
+  initdb:
+    - encoding: UTF8
+    - data-checksums
+
+  pg_hba:
+    - host replication replicator 0.0.0.0/0 scram-sha-256
+    - host all all 0.0.0.0/0 scram-sha-256
+
+  users:
+    {{ postgres_user }}:
+      password: {{ postgres_password }}
+      options:
+        - createrole
+        - createdb
+    replicator:
+      password: {{ replicator_password | default('replicator_secret') }}
+      options:
+        - replication
+
+postgresql:
+  listen: 0.0.0.0:5432
+  connect_address: {{ ansible_host }}:5432
+  data_dir: {{ postgres_data_dir }}
+  bin_dir: /usr/lib/postgresql/{{ postgres_version }}/bin
+  config_dir: {{ postgres_config_dir }}
+  pgpass: /var/lib/postgresql/.pgpass
+  
+  authentication:
+    replication:
+      username: replicator
+      password: {{ replicator_password | default('replicator_secret') }}
+    superuser:
+      username: postgres
+      password: {{ postgres_superuser_password | default('postgres_secret') }}
+    rewind:
+      username: rewind
+      password: {{ rewind_password | default('rewind_secret') }}
+
+  parameters:
+    unix_socket_directories: '/var/run/postgresql'
+
+  pg_hba:
+    - local all all peer
+    - host all all 127.0.0.1/32 scram-sha-256
+    - host all all 0.0.0.0/0 scram-sha-256
+    - host replication replicator 0.0.0.0/0 scram-sha-256
+
+tags:
+  nofailover: false
+  noloadbalance: false
+  clonefrom: false
+  nosync: false

infrastructure/ansible/templates/pgbackrest.conf.j2

@@ -0,0 +1,40 @@
+# pgBackRest Configuration for {{ inventory_hostname }}
+# Generated by Ansible
+
+[global]
+# Repository
+repo1-path={{ pgbackrest_repo_path }}
+repo1-retention-full=2
+repo1-retention-diff=7
+
+# S3 (optional - uncomment for cloud backups)
+# repo2-type=s3
+# repo2-path=/backup
+# repo2-s3-bucket={{ pgbackrest_s3_bucket }}
+# repo2-s3-endpoint=s3.eu-central-1.amazonaws.com
+# repo2-s3-region=eu-central-1
+# repo2-s3-key={{ pgbackrest_s3_key | default('') }}
+# repo2-s3-key-secret={{ pgbackrest_s3_secret | default('') }}
+# repo2-retention-full=4
+# repo2-retention-diff=14
+
+# Compression
+compress-type=zst
+compress-level=3
+
+# Parallel
+process-max=4
+
+# Logging
+log-level-console=info
+log-level-file=detail
+log-path=/var/log/pgbackrest
+
+# Archive
+archive-async=y
+archive-push-queue-max=4GB
+
+[{{ patroni_scope }}]
+pg1-path={{ postgres_data_dir }}
+pg1-port=5432
+pg1-user=postgres

infrastructure/ansible/templates/pgbouncer.ini.j2

@@ -0,0 +1,44 @@
+# PgBouncer Configuration for {{ inventory_hostname }}
+# Generated by Ansible
+
+[databases]
+{{ postgres_db }} = host=127.0.0.1 port=5432 dbname={{ postgres_db }}
+* = host=127.0.0.1 port=5432
+
+[pgbouncer]
+listen_addr = 0.0.0.0
+listen_port = {{ pgbouncer_port }}
+unix_socket_dir = /var/run/postgresql
+
+auth_type = scram-sha-256
+auth_file = /etc/pgbouncer/userlist.txt
+
+# Pool settings
+pool_mode = transaction
+max_client_conn = {{ pgbouncer_max_client_conn }}
+default_pool_size = {{ pgbouncer_default_pool_size }}
+min_pool_size = 10
+reserve_pool_size = 5
+reserve_pool_timeout = 3
+
+# Timeouts
+server_connect_timeout = 15
+server_idle_timeout = 600
+server_lifetime = 3600
+client_idle_timeout = 0
+client_login_timeout = 60
+query_timeout = 0
+query_wait_timeout = 120
+
+# Logging
+log_connections = 1
+log_disconnections = 1
+log_pooler_errors = 1
+stats_period = 60
+
+# Admin
+admin_users = pgbouncer,{{ postgres_user }}
+stats_users = pgbouncer,{{ postgres_user }}
+
+# Security
+ignore_startup_parameters = extra_float_digits