Heartwood Memory comparison

Governed agent memory vs Mem0, Zep, Cognee & Letta

TL;DR

Mem0, Zep, Cognee, and Letta are strong, established agent-memory tools, and each documents real governance controls. Heartwood Memory's distinction is narrower and deeper: record-level cryptographic proof — per-memory signatures, policy-before-ranking recall, and a per-subject key-destruction proof on erasure — that you can re-execute yourself by cloning the source-available core and running its trust suite. If you need fast, flexible, mature recall, the incumbents are excellent. If you need to prove — cryptographically, per record — what an agent remembered, why it was recalled, and that a deletion actually destroyed the key, that re-executable proof is Heartwood's lane.

Why teams compare agent-memory tools

You're likely evaluating because “just add memory” turned into real questions: who can read a memory, can you audit why one was recalled, can you prove one was deleted, and does any of it hold up under compliance review. All five tools here answer the first questions well. They diverge on the last one — provability — which is where this comparison focuses.

What to compare (the criteria that matter)

The ten axes in the table below: governance granularity (where the rules live), provenance signing, tamper-evident audit, policy-before-ranking recall, erasure / right-to-be-forgotten, interface, deployment, license, pricing, and best-fit. We add one more Heartwood-specific axis — a re-executable proof suite — because it's the capability that separates “documented governance” from “governance you can verify yourself.”

At-a-glance comparison

Read the columns honestly. Each competitor is split by product surface where its license, deployment, or controls differ (managed vs open-source engine). “Not evaluated in public docs” means the capability was not found in that vendor's current primary documentation as of 2026-07-15 — it is not an assertion that the feature is absent.

Heartwood Memory compared with Mem0, Zep, Cognee, and Letta
AxisHeartwood MemoryMem0ZepCogneeLetta
Governance granularity (where rules live)Per individual memory record — policy travels with each recordOrg/project membership + entity IDs (user, agent, app, session); not documented as per-record policyAccount/project RBAC across managed Context Graphs; Enterprise adds audit, retention, customer-key controlsTenant roles + direct dataset-level read/write/delete grants for users and agentsNot evaluated in public docs (pricing lists RBAC; the detailed RBAC page currently 404s)
Provenance signingPer-record Ed25519 signature, verified fail-closed at readNot evaluated in public docs (full change history documented; no per-record signing found)Not evaluated in public docs (Graphiti traces derived facts to episodes; no per-record signing found)Not evaluated in public docs (document-level metadata/provenance; no per-record signing found)Not evaluated in public docs
Tamper-evident auditHash-chained, tamper-evident audit logNot evaluated in public docs (self-hosting includes a live audit log; no hash-chain claim found)Not evaluated in public docs (API logs = complete audit trail; no hash-chain claim found)Not evaluated in public docs (Cloud lists audit logging; no hash-chain claim found)Not evaluated in public docs
Policy-before-ranking recallPolicy gates recall before ranking; constant-shape (no existence leak)Not evaluated in public docsNot evaluated in public docs (authorization documented across queries; ordering vs ranking not stated)Not evaluated in public docs (results limited to accessible datasets; ranking order not stated)Not evaluated in public docs (core blocks are always-visible; no policy-before-ranking control found)
Erasure / right-to-be-forgottenCrypto-shred of the per-subject key + derived-artifact purge; per-subject key-destruction proofRecord, batch, entity-filtered, and project deletion documented (no cryptographic proof claimed)Single-operation user deletion removes threads, artifacts, and the user graph (no cryptographic proof claimed)Item/dataset/all deletion removes graph, vector, and relational data, with storage/shared-node caveats (no cryptographic proof claimed)Block, archival-passage, and agent deletion APIs (not cryptographic or verified RTBF)
InterfacePython library + governed MCP serverPython/TypeScript SDKs, REST API, MCP/integrations, self-hosted serverManaged API with Python/TS/Go SDKs; Graphiti is a separate OSS engine + MCP serverPython API, HTTP API, CLI, and MCP toolsTypeScript/Python SDKs and REST API; MCP/external DBs connectable as tools
DeploymentSelf-hosted, embedded beside your system of record (source-available core)Managed Platform or Apache-2.0 self-hosted library/REST stackZep Cloud / Cloud+BYOK / BYOC (managed); Graphiti is the separate self-hosted OSS engine (managed Zep is not embedded)Local/embedded, self-hosted Docker, managed Cloud, or Enterprise BYO cloudOpen-source self-hosted Docker/server, or managed Letta cloud features
LicenseSource-available — BSL 1.1 (converts to Apache-2.0 four years after each release; 0.1.x tail remains MIT). Never “open source.”Apache-2.0 (Mem0 OSS repo); managed Platform terms separateGraphiti + getzep/zep repo Apache-2.0; managed Zep Context Graph Engine proprietaryApache-2.0 OSS engine; hosted Cognee Cloud + Enterprise separateApache-2.0 (Letta repo); managed service terms separate
Pricing entryFree (Community, source-available, self-hosted); Team $349/mo, Professional $6,000/yr — early access, no live checkout; Enterprise Let's talkHobby Free; Starter $19/mo; Growth $79/mo; Pro $249/mo; Enterprise custom (vendor pricing — reverify at publish)Free trial; Flex $1,250/yr; Flex Plus $3,750/yr; Enterprise custom (vendor pricing; credit overages apply)Free ($0, one workspace/1M tokens); Standard $2.50 / 1M tokens + $5/additional workspace; Enterprise custom (vendor pricing)Free $0; Pro $20/mo; API Plan $20/mo + usage; Enterprise custom (vendor pricing)
Primary job / best-forRecord-level, re-executable proof for regulated / compliance-driven teamsDrop-in managed or self-hosted memory layer with broad integrationsManaged temporal Context Graphs at enterprise scale, with documented governance/deployment controlsGraph/ontology-centered memory pipelines, OSS + managedBuilding and operating stateful agents with self-editing, persistent memory
Re-executable proof suiteYes — the executable gates behind every claim; clone the core and run them yourselfNot evaluated in public docsNot evaluated in public docsNot evaluated in public docsNot evaluated in public docs

“Not evaluated in public docs” = not found in that vendor's current primary documentation as of 2026-07-15; it is not a claim the feature is absent. Vendor pricing reverified immediately before publish. Managed products and open-source engines are listed separately where they differ.

Where each tool fits best (honest best-for)

Mem0

best if you want a drop-in memory layer with broad framework integrations, managed or self-hosted.

Zep

best for managed temporal Context Graphs at enterprise scale with documented governance and deployment controls (Cloud/BYOK/BYOC). Zep publishes a sub-200ms-at-scale retrieval figure — treat it as a vendor claim, not an independent benchmark.

Cognee

best for graph/ontology-centered memory pipelines; it leads on graph and ontology depth and has a longer public history than Heartwood.

Letta

best for building and operating stateful agents with self-editing, persistent memory (the framework formerly known as MemGPT; “MemGPT” now names the original research pattern).

Heartwood Memory

best when you must prove governance at the record level and re-execute that proof yourself: per-memory signatures, policy-before-ranking, and a key-destruction proof on erasure. Heartwood is the younger entrant; the others have longer public histories and established ecosystems.

Where Heartwood is different

Mem0, Zep, Cognee, and Letta all document governance features. Heartwood differentiates through record-level cryptographic and re-executable proof. The rules don't live in your app code or a dashboard policy — they live on the memory record itself: every write is Ed25519-signed and re-verified fail-closed at read, recall is policy-gated before ranking, and a hard delete crypto-shreds the per-subject key and records a key-destruction proof in a hash-chained audit log. And because the core is source-available, you don't have to take any of that on faith — you clone it and run the trust suite.

See how governed agent memory works

Where Heartwood loses today (we say so)

  • Adoption & ecosystem. Heartwood is the younger entrant; Mem0, Zep/Graphiti, Cognee, and Letta have longer public project histories and more established ecosystems and integrations.
  • Self-serve hosted recall. Heartwood's hosted Team and Professional tiers are early access — the production gateway and several features are “in development,” and CTAs route to the design-partner program, not a live self-serve checkout. If you want turnkey managed memory today, that's a real gap; several competitors ship managed platforms now.
  • Breadth of recall features. If your only need is fast, flexible recall with no record-level proof requirement, a mature incumbent may be the simpler fit. Heartwood's value shows up when you must prove governance.

Who should choose which (fit, not “governance vs none”)

Choose by fit: Mem0 for a drop-in memory layer and integrations; Zep for managed temporal Context Graphs, enterprise scale, and documented governance; Cognee for graph/ontology-centered memory; Letta for stateful agents with self-editing memory; Heartwood for record-level cryptographic proof you can re-execute. If you operate in a regulated or audited context and need per-record provenance and a defensible deletion proof, that's Heartwood's design center — free to self-host for non-production at any size, and free in production for small orgs (see licensing).

FAQ

What's the difference between Heartwood and Mem0, Zep, Cognee, or Letta?

Mem0, Zep, Cognee, and Letta all document governance features. Heartwood's distinction is not governance versus none — it is source-auditable, record-level cryptographic proof that you can re-execute: per-memory Ed25519 signatures, policy-before-ranking recall, and a per-subject key-destruction proof on erasure, all behind a trust suite you run yourself.

Do these tools have governance at all?

Yes — each documents real governance: Mem0 has organization/project isolation and workspace governance; Zep documents RBAC, audit logging, retention, and multi-tenant isolation; Cognee documents tenant/dataset permissions and audit logging; Letta lists role-based access control. Heartwood's difference is where governance lives (on each record) and that you can re-execute the proof yourself.

Can I verify Heartwood's claims myself?

Yes — that's the point of the model. Heartwood's core is source-available, and it ships a re-executable trust suite: the executable gates behind every claim, which you clone and run. It's the rare comparison asset you can falsify rather than take on faith.

Is Heartwood open source?

The core is source-available, not OSI "open source." From version 0.2.0 it is licensed under the Business Source License 1.1: you can read the source, run it locally, develop against it, and evaluate and self-host it for non-production use at no charge — and small organizations can run it in production at no charge too. Larger organizations need a commercial license for production use. Each release becomes Apache-2.0 licensed four years after it ships. (Versions 0.1.0–0.1.2 remain MIT-licensed and always will.)