Security Documentation

Oceum Recall — Security Architecture

Oceum Recall compresses agent fleet memory using quantized vector representations. This document describes the security properties of the system.

1. Overview

Recall is Oceum's compressed semantic memory infrastructure. It takes high-dimensional embedding vectors generated by AI agents and compresses them to 2–4 bit representations, reducing storage by up to 12x while preserving similarity search accuracy.

Because these compressed vectors encode organizational knowledge — customer interactions, internal documents, decision context — Recall implements keyed rotation encryption that provides per-tenant mathematical isolation. This document covers the cryptographic design, isolation guarantees, key management, and known limitations.

2. Keyed Rotation Encryption

Per-organization rotation keys. Each organization's rotation key is derived via HMAC-SHA256 from a master secret and the organization's org_id. No two organizations share a rotation matrix.
Orthogonal rotation transform. The derived key seeds a deterministic orthogonal rotation matrix. This rotation transforms vectors into an organization-specific coordinate space before quantization. Without the rotation key, compressed indices cannot be mapped back to meaningful vector positions.
Similarity preservation. Dot products (and therefore cosine similarity) are preserved under orthogonal rotation. This means Recall can perform similarity search on rotated, compressed vectors without ever decrypting them back to the original coordinate space.
Key rotation support. When a master secret is rotated, all existing compressed vectors can be batch re-encrypted via the rekey() function. This decodes vectors with the old rotation, then re-encodes with the new rotation, without exposing unrotated vectors at rest.

3. Tenant Isolation

Mathematical isolation. Each org_id produces a unique rotation matrix. Even if compressed data from two organizations is co-located in the same database table, cross-org similarity search produces meaningless results because the coordinate spaces are incompatible.
Defense in depth. Keyed rotation is an additional isolation layer, not a replacement for standard database-level controls. Oceum enforces Row-Level Security (RLS) and org_id scoping on every query. The rotation provides a second, mathematically independent barrier.
No shared state. Rotation matrices are derived on-the-fly from the master secret and org_id. No per-tenant key material is stored in the database.

4. Data at Rest

Storage format. Compressed embeddings are stored as BYTEA columns in PostgreSQL. Each compressed vector contains quantized indices and normalization metadata, but no plaintext vector values.
Database encryption. Standard Supabase/PostgreSQL encryption at rest applies to all stored data, including compressed vectors.
Layered protection. The keyed rotation adds a second layer on top of database encryption. Even if an attacker obtains a raw database dump, the compressed data is computationally useless without the organization-specific rotation key derived from the master secret.

5. Key Management

Master secret. The master secret is read from the RECALL_SECRET environment variable. If not set, Recall falls back to OAUTH_ENCRYPTION_KEY. The master secret should be a high-entropy string of at least 32 characters.
Deterministic derivation. Per-org keys are derived deterministically from the master secret and org_id. No additional key storage is required — the same inputs always produce the same rotation matrix.
Key rotation procedure. To rotate the master secret: (1) set the new secret in the environment, (2) run the batch re-encryption via the rekey() function, which re-encodes all compressed vectors under the new key. During rotation, both old and new secrets must be available.

6. Compression Fidelity

Recall supports three quantization bit-widths, each trading storage for fidelity. Cosine similarity is measured against the original uncompressed vector:

Bit-Width	Tier	Cosine Fidelity	Compression
`4-bit`	Hot	> 0.90	~4x
`3-bit`	Warm	> 0.85	~7.7x
`2-bit`	Cold	> 0.80	~12x

Recall supports cascading decay (4-bit to 3-bit to 2-bit) for time-based memory tiering. After two rounds of cascading decay, fidelity remains above 0.70 cosine similarity to the original vector.

7. Limitations

Computational security, not information-theoretic. The keyed rotation provides computational security. The seed space derived from HMAC-SHA256 is used to generate a 32-bit seeded random rotation. For adversaries with knowledge of the algorithm and sufficient compute, brute-force recovery of the rotation is theoretically possible. The rotation is a practical isolation barrier, not a cryptographic guarantee equivalent to AES.
Use AES-256 for classified data. For regulated or classified data that requires information-theoretic encryption guarantees, standard AES-256 encryption should be applied in addition to Recall's keyed rotation. Recall's rotation is designed for tenant isolation and defense-in-depth, not as a standalone encryption layer for sensitive data classifications.
Lossy compression. Compressed vectors are lossy by design. Exact recovery of the original vector values is not possible after quantization. The fidelity guarantees in Section 6 represent the expected cosine similarity range, not exact reconstruction.

8. Contact

Questions about Recall's security architecture can be directed to hello@oceum.ai.