We want to tell you about a problem we couldn't stop thinking about, the system I built to solve it, and what the process taught me about building for correctness rather than for hype.
The Gap I Kept Seeing
We work on AI systems. The more time I spent with memory systems — MemGPT, LangChain Memory, Mem0, Zep — the more uncomfortable I became with one thing none of them mentioned in their marketing: the memories are stored in plaintext.
Not "we have weak encryption."Plaintext! In a database. Behind infrastructure encryption, yes — but if someone gets database access, they get everything. Every personal detail, every emotional disclosure, every behavioral pattern the chatbot has accumulated about every user.
These tools are being used to build mental health assistants. Elder care companions. Personal productivity systems. The data being stored is genuinely sensitive. And the industry has collectively decided that database-level encryption is sufficient.
I didn't agree. And I couldn't find anything that solved it properly.
So I built AURORA memory system.
What I Set Out to Build
My constraints were strict from the start, because I wanted AURORA to be usable in genuinely private contexts:
Every memory record individually encrypted before touching disk
Zero external dependencies — no PostgreSQL, no Neo4j, no cloud API
Pure Python stdlib only — runs on anything
No ML models — algorithmic throughout, so no model downloads, no inference costs, no vendor APIs
The encryption piece took the most work. I designed a proprietary dual-layer cipher — SES-2 — where each deployment generates its own unique cipher variant, and every single encryption call generates a fresh 128-bit salt and 256-bit nonce. The same plaintext never produces the same ciphertext twice. The output on disk is pure random integers.
Estimated brute-force resistance: greater than 2^4000 years. I'm aware that's an almost absurdly large number. It's also the honest result of the math.
**
The Scope Grew in Ways I Didn't Expect
**
I started with the encryption layer and basic fact/event memory. But as I built, I kept finding adjacent problems that needed solving.
Emotional context was the first expansion. A memory system that logs "user discussed their mother's illness" without any emotional metadata is missing critical information. It runs at under 0.02ms per call, entirely algorithmically, with throughput over 50,000 texts per second. No API.
Then came grief-stage classification. If you're building anything that handles sensitive conversations — and any sufficiently personal chatbot eventually will — you need the memory system to understand context, not just content. Five stages plus crisis detection, again algorithmic.
Then semantic search, cross-references, behavioral prediction, cross-session identity, memory portability with tamper rejection...
By the time I was done, AURORA had 34 integrated modules.
**
What "Zero Dependencies" Actually Means in Practice
**
The practical implications of stdlib-only are significant and underappreciated:
Deployment is an Integration Process. There's no pip install, no Docker setup, no database migration. We put the files on to the chatbot's codebase.
It runs everywhere an AI chatbot with Aurora integrated runs. Raspberry Pi, air-gapped server, old Windows laptop, any phone. I measured benchmarks on 32-bit Python on Windows specifically because I wanted to know the floor, not the ceiling.
There are no supply chain risks. Every dependency is a potential attack surface and a potential maintenance burden. AURORA has none beyond Python itself.
Latency is predictable. No network calls. No model inference. No database round trips. The full 34-module pipeline runs in ~15.9ms on average.
**
The Numbers After v3.0
**
187 tests. Zero failures. Audit completed June 14, 2026.
Performance on commodity hardware:
Encrypt a short memory: ~2.6ms
Full pipeline: ~15.9ms
Emotional analysis: <0.02ms
Semantic search (100 records): <1ms
10,000 encrypted memories on disk: ~5–7 MB
Bulk throughput: ~310 facts/second, ~300 events/second, ~385 encryption operations/second.
What I Learned Building This
Correctness is a higher bar than functionality. Getting memory storage to work took a week. Getting encryption to be provably correct across edge cases, tamper-evident, and leak-free took much longer. The 187 tests aren't a flex — they're the minimum I needed to trust the system.
"No dependencies" is a design philosophy, not just a constraint. Every time I was tempted to reach for a library, I had to ask: what does this dependency actually do, and can I implement that behavior correctly with stdlib? Usually the answer was yes. The process made the system more coherent, not less capable.
The unusual features matter most. Nobody's marketing deck leads with "grief-stage classification" or "tamper rejection on memory import." But those are the features that make the system trustworthy in sensitive contexts. Build for the hard cases first.
Nobody asked for this. I built AURORA because I believed the gap was real and important, not because there was validated demand. That's a risk. But sometimes the most useful things are the ones the market hasn't articulated yet.
AURORA is production ready. If you're building anything where user privacy in AI memory matters — I'd genuinely like to hear about your use case.
My or Our goal is to get every chatbot company or any chatbot developer to get in touch with and make sure Aurora is integrated to every AI chatbot that has privacy at first priority.
Top comments (0)