Your Knowledge Store Should
Govern, Not Just Store.
Trust tiers on every document. Integrity verification on every read. Lifecycle management. Point-in-time queries. Content-addressed storage. Not a vector database. A governed knowledge store.
Official company handbook. Approved by the executive team. This is the single source of truth for all company policies, procedures, and guidelines.
e9b1d4f2...Your Knowledge Store Should Govern,
Not Just Store.
Vector databases store embeddings. qp-vault governs knowledge: trust tiers, lifecycle management, integrity verification, and cryptographic audit trails.
All documents are equal. A meeting note ranks the same as an official SOP.
Who searched what? When? No record.
Documents never expire. Stale data pollutes results forever.
Everything goes to cloud APIs. No routing controls.
Data corruption goes undetected. No proof of authenticity.
CANONICAL (1.5x) outranks EPHEMERAL (0.7x) in every search.
SHA3-256 integrity check on every retrieval. Tamper = detected.
DRAFT -> REVIEW -> ACTIVE -> SUPERSEDED -> ARCHIVED. Auto-expiration.
CONFIDENTIAL stays on local models. RESTRICTED logs every read.
Full vault verification. Proof export for auditors.
vault.search("SOP", as_of=date(2024, 3, 15)) → v2.1Feature Comparison
| Feature | ChromaDB | Qdrant | Weaviate | qp-vault |
|---|---|---|---|---|
| Trust tiers on documents | ||||
| Cryptographic audit trail | ||||
| Content-addressed storage | ||||
| Knowledge lifecycle management | ||||
| Post-quantum encryption | ||||
| Air-gap first | ||||
| Integrity verification on read | ||||
| Merkle tree proof export |
Every Document Has a Trust Tier
Not all knowledge is equal. Official SOPs outrank meeting notes. Trust tiers encode institutional knowledge about document authority.
Search That Knows What to Trust
Combine vector similarity (0.7) and text rank (0.3), then multiply by trust weight and freshness. CANONICAL documents surface above EPHEMERAL, even with similar semantic match.
Knowledge That Evolves
Documents move through a governed lifecycle. Active policies supersede old ones. Expired documents auto-transition. Point-in-time queries retrieve what was true at any date.
In preparation
Transitions to: REVIEW
Three Layers of Organizational Memory
Separate operational procedures from strategic decisions from compliance evidence. Each layer has its own search context and access patterns.
Integrity Verification on Every Read
Content-addressed storage with SHA3-256 CIDs. A Merkle tree covers the entire vault. Verify one document, or export a cryptographic proof for auditors.
Content-Addressed Storage
Every document is referenced by its SHA3-256 hash. The address IS the content fingerprint.
vault://sha3-256/a7f3c2e9b1d4...Merkle Tree
Leaf hashes combine into branch hashes into a single root. Change one byte and the root changes.
root: e9b1d4f2c8a7...Proof Export
Extract a Merkle inclusion proof for any document. Hand it to an auditor. They verify independently.
vault.export_proof(resource_id)Three Lines to Governed Knowledge
Install. Add a document with a trust tier. Search with trust-weighted ranking. No configuration. No external services. Works offline.
pip install qp-vaultSQLite, text files, basic search
pip install qp-vault[postgres]PostgreSQL + pgvector hybrid search
pip install qp-vault[docling]25+ format document processing
pip install qp-vault[capsule]qp-capsule cryptographic audit trail
pip install qp-vault[encryption]AES-256-GCM + ML-KEM-768
pip install qp-vault[all]Everything
Command Line, Full Control
vault init ./org-knowledgeInitialize a new vault
vault add report.pdf --trust canonicalAdd a document with trust tier
vault search "revenue projections"Hybrid search across all documents
vault verifyVerify entire vault integrity (Merkle tree)
vault healthCompute composite health score
vault expiring --days 90List documents expiring soon
One Required Dependency. Storage Opt-In.
SHA3-256 hashing, canonical serialization, async I/O — all from Python's standard library. Pydantic is the only thing Vault always needs. A storage backend is a single pip extra.
Pydantic
requiredEvery document, every trust policy, every Merkle node is a typed Pydantic model. Runtime validation on every boundary, typed interfaces throughout, zero ORM pollution.
- Typed Vault models
- Runtime validation at boundaries
- Deterministic serialization
aiosqlite
sqlite extraVault storage with zero setup. A single file on disk, content-addressed by SHA3-256. Outgrow a single node? Swap to the postgres extra for Postgres plus pgvector, no code changes.
- Async document persistence
- Content-addressed storage
- Swap to Postgres without code changes
Everything else comes from Python's standard library:
pip install qp-vault[postgres] · [capsule] · [local] · [openai] · [pq]
Scale into Postgres, seal to Capsule, run local embeddings, add post-quantum signatures. Each one a single extra, each one opt-in.
Know Your Knowledge Health
Five metrics that tell you if your knowledge base is healthy, stale, redundant, disconnected, or misclassified. One composite score.
Built For People Who Need Governed Knowledge
Legal Teams
Trust tiers on contracts. Lifecycle management. Point-in-time queries for what was active on any date.
Healthcare
CONFIDENTIAL classification routes PHI to local models only. Every search on RESTRICTED data is logged.
Finance
Audit trail on every search. Merkle proof for regulators. Content-addressed storage for tamper evidence.
Researchers
Memory layers for strategic knowledge. Hybrid search across everything. Semantic chunking preserves context.
Compliance
Auto-expiration. Lifecycle transitions. Proof export. Every read verified. Capsule integration for audit trails.
Developers
Plugin architecture. 5 protocols: StorageBackend, EmbeddingProvider, AuditProvider, ParserProvider, PolicyProvider.
Every Fact Has Provenance.
Every Read Is Verified.
Trust tiers. Lifecycle management. Merkle tree integrity. Content-addressed storage. Your knowledge, governed and verifiable.