# Memory API — Single Access Point Policy ## Rule: All data access ONLY through Memory API :8000 ### Allowed ``` Router ──► Memory API ──► Qdrant/Neo4j/Postgres Parser ──► Memory API ──► Qdrant Gateway ──► Memory API ──► facts/sessions CrewAI ──► Memory API ──► context retrieval ``` ### Forbidden (direct DB access) ``` Router ──✗──► Qdrant (direct) Parser ──✗──► Neo4j (direct) Swapper ──✗──► Postgres (direct) ``` ### Exceptions 1. **Migrations** — admin scripts only 2. **Backups** — scheduled jobs 3. **Health checks** — read-only probes ## Memory API Endpoints | Endpoint | Purpose | Consumers | |----------|---------|-----------| | POST /retrieve | Vector + graph search | Router | | POST /store | Save message/document | Router, Parser | | POST /artifacts/store | RAG document indexing | Parser | | GET /facts/{key} | Get user facts | Gateway | | POST /facts/upsert | Update user facts | Gateway | | POST /agents/{id}/memory | Agent-scoped storage | Gateway | ## Benefits 1. **Unified ACL** — one place for access control 2. **Privacy enforcement** — mode/confidential checks 3. **Audit trail** — all access logged 4. **Schema consistency** — Memory API validates 5. **Easy migration** — change DB without touching services ## Enforcement ### Network Level (Docker) ```yaml # Only Memory API can reach DBs services: qdrant: networks: - data-internal # Not exposed to dagi-network memory-service: networks: - data-internal - dagi-network # Exposed to services ``` ### Code Level - Router: use ToolManager with Memory API calls - Parser: use Memory API for indexing - No direct Qdrant/Neo4j imports in Router/Parser ## Migration Plan 1. ✅ Router already uses Memory API via tool_manager 2. ✅ Parser uses Memory API for indexing 3. ⏳ Audit all direct DB connections 4. ⏳ Move to internal network for DBs ## Tech Debt: Router Direct Neo4j Access **Current state:** Router has direct Neo4j access for `graph_query` tool. **Why:** Performance optimization for real-time graph traversal. **Plan:** 1. Add `/graph/query` endpoint to Memory API 2. Migrate Router to use Memory API 3. Remove direct Neo4j driver from Router **Priority:** Medium (after MVP stabilization)