DEV Community: Zayd Mulani

I built a local-first AI memory layer for LLMs in Rust (no cloud, no API keys)

Zayd Mulani — Wed, 03 Jun 2026 20:33:22 +0000

Every LLM app has the same problem — the model forgets everything between
conversations. Cloud solutions like Mem0 exist but they send your data
to their servers. I built mnemo to solve this locally.

What it does

mnemo runs as a sidecar process next to your app. You POST text to it,
it extracts named entities and relationships using a local LLM (Ollama),
builds a persistent knowledge graph, and injects relevant context back
into your prompts automatically.

The stack

Rust — core engine, 4 crates (mnemo-core, mnemo-api, mnemo-cli, mnemo-bench)
SQLite + WAL mode — persistent storage, survives restarts
petgraph — in-memory knowledge graph with BFS traversal
Axum — REST API sidecar any app can call
Ollama — fully local LLM, zero API costs

Fully free by default

docker compose up -d
docker exec mnemo-ollama ollama pull llama3
curl http://localhost:8080/health

Works with OpenAI or Anthropic too if you bring your own key.

Python SDK

from mnemo import MnemoClient

client = MnemoClient()
client.ingest("I'm building a Rust vector database called vecdb")
print(client.get_context("what am I working on?"))

Numbers

122 Rust tests, 21 Python SDK tests
Sub-millisecond entity lookup
~4ms full retrieval pipeline (debug build)

Links

GitHub: https://github.com/zaydmulani09/mnemo

Would love feedback, especially on the retrieval scoring and graph
traversal approach.

I built an open-source dependency intelligence platform in TypeScript — here's how it works

Zayd Mulani — Fri, 29 May 2026 12:13:27 +0000

Most teams find out their dependencies are risky after something breaks. A maintainer disappears, a vulnerability sits unpatched for months, or a single package with one contributor becomes a hidden outage waiting to happen. I wanted a tool that told you this stuff before it became a problem.
So I built depgraph — an open-source dependency intelligence platform that crawls npm, PyPI, and Cargo registries, builds a live risk-scored dependency graph, and tells you exactly which packages in your supply chain are about to cause you pain.
What it does
Risk scoring across 6 dimensions
Every package gets scored on security (open advisories, CVSS scores), maintenance (commit recency, release cadence), compatibility (semver violation rate), concentration (bus factor, single-maintainer risk), blast radius (how many downstream packages break if this one changes), and operational health (issue response latency, PR merge time).
These combine into a single composite score with full explanations — not just a number, but "35% because maintainer activity fell 80% in 120 days."
Interactive dependency graph
Built with Cytoscape.js. Click any package to see its full transitive dependency tree, blast radius stats, and which packages it would take down if it disappeared. Chokepoint detection highlights the packages that are structurally too central to ignore.
Policy engine with CI gate
Define rules like "block packages with one maintainer and no release in 180 days" or "require approval for anything with 500+ downstream dependents." A GitHub Action runs the policy check on every PR and fails the build on violations — with a formatted comment showing exactly what triggered and how to fix it.
Abandonment detection
Time-series signals track commit frequency trends, maintainer count decay, and bus factor over time. A weighted model produces an abandonment probability score per package so you can see which ones are quietly dying before they become your problem.
Historical snapshot diffs
Every scan creates a full risk snapshot. Compare any two snapshots to see which packages degraded, which improved, what new vulnerability chains appeared, and how your overall supply chain health changed over time.
Tech stack
TypeScript monorepo with pnpm workspaces. Hono API, React + Vite frontend, PostgreSQL + Drizzle ORM, BullMQ workers, MinIO for raw storage. Fully self-hostable — one docker compose up and you're running. Zero paid services required.
Supports npm, PyPI, and Cargo with a shared normalization layer that maps all three ecosystems to a canonical data model.
Running it locally
bashgit clone https://github.com/zaydmulani09/depgraph
cd depgraph
pnpm install --ignore-scripts
cp .env.example .env
docker compose up -d
pnpm db:migrate
pnpm --filter @depgraph/api dev &
pnpm --filter @depgraph/crawler dev &
pnpm --filter @depgraph/ui dev
Open localhost:5173. The crawler seeds 10 packages immediately and starts processing — within a few minutes you'll see risk scores, graphs, and explanations populating in the UI.
What I learned building this
The hardest part wasn't the risk scoring or the UI — it was maintaining a living graph. Getting data once is easy. Keeping it fresh, detecting drift, diffing snapshots, and making all of that fast enough to be useful is where the real complexity lives.
The second hardest part was normalization. npm, PyPI, and Cargo all have wildly different versioning semantics, dependency specifier formats, and registry API shapes. Building a canonical model that works cleanly across all three took longer than any other single component.

Check it out, open issues, and PRs are welcome.
GitHub: https://github.com/zaydmulani09/depgraph

I built a local-first hybrid vector database in Rust from scratch

Zayd Mulani — Tue, 19 May 2026 01:29:22 +0000

A few months ago I started building vecdb — a vector database that
runs entirely on your own machine. No cloud, no API keys, no subscription.

The problem

Most vector databases make you choose — semantic search OR keyword search.
Semantic search finds meaning but misses exact keywords. Keyword search
finds exact matches but misses meaning.

vecdb combines both in a two-stage pipeline:

HNSW dense index retrieves candidates by meaning
BM25 sparse index re-scores by keyword relevance
A fusion function combines both scores

What it can do

Hybrid HNSW + BM25 retrieval
SQL-like query language with VECTOR_SIM predicate
Python and TypeScript SDKs
Single binary, Docker support
187 tests
MIT license

Example query

SELECT * FROM documents
WHERE VECTOR_SIM(vec, [0.1, 0.2, 0.3]) > 0.75
AND payload->>'region' = 'US'
LIMIT 10;

Try it

GitHub: https://github.com/zaydmulani09/vecdb

Would love feedback from the community — especially on the
architecture and what to tackle in v0.2.0.