Every compute workload that matures eventually gets its own storage layer. Databases got SQL. Web apps got blob storage. ML pipelines got feature stores. Vector search got vector databases. AI agents are getting one too. We call it a context drive: a file-based, versioned, governed cloud drive for agent context. This post is why it has to exist, and why it has to look the way it does.
What follows isn’t a product pitch. It’s an infrastructure argument: if you’re building agents that run daily, touch real systems, and are expected to be explainable, you’ll eventually need a canonical place where their “working knowledge” lives—durably, permissionably, and with history.
The pattern: workloads grow up by getting a storage layer
Software categories don’t appear because someone coin-flips a name. They appear when a new workload becomes common enough that the same operational problem shows up everywhere.
In the 1980s, business data stopped fitting in ad‑hoc files and spreadsheets. Relational databases turned “data storage” into a repeatable discipline.
In the 2000s, the web turned media into a default workload. Images, video, logs, and backups needed storage that scaled without pretending everything was a table. Object storage, popularized by services like Amazon S3 (AWS docs), became the place where unstructured blobs could live reliably.
In the 2015+ era, ML teams learned the hard way that “features” aren’t just data—they’re reusable, governed artifacts that have to stay consistent across training and serving. That pain produced feature stores as a dedicated layer (Databricks’ definition in What is a Feature Store?).
In the 2020+ era, similarity search became a primitive. Embeddings needed systems that were built around approximate nearest neighbor indexing and metadata filters. Vector databases showed up to operationalize that.
2025+ is the same story: agent context is now the recurring workload.
A workload becomes a category when enough teams hit the same operational ceiling at the same time. AI agent context has hit that ceiling.
Three signs the ceiling has been hit
You don’t need deep architecture debates to spot a missing layer. You can hear it in the same three complaints, repeated across teams, tooling choices, and model providers.
1) “Every agent rebuilds its own memory from scratch.”
When every new agent begins by reinventing how it stores and reuses context, you’re not looking at a prompt problem. You’re looking at a missing storage primitive.
A reusable layer shows up when teams stop asking “what prompt template do you use?” and start asking “where does your context live?”
Concretely: the same concepts get reimplemented per agent—naming, chunking, summarization, retention rules, and “what counts as canonical.” Then the team adds a second agent, and the two systems drift. Then a third agent reads the wrong “latest summary” and produces a confidently wrong action. The failure mode isn’t intelligence; it’s entropy.
2) “Nobody can answer what the agent read.”
The moment an agent matters, the postmortem begins. And the first question is always the same: what did it see?
If you can’t reproduce an agent’s inputs—what context it read, which version, under which identity—then you don’t have an operational system. You have a demo with good days and bad days.
Auditability is not a compliance feature. It is the minimum requirement for debugging production agents.
And it’s not only about failures. Teams that want to improve an agent need a feedback loop: “When it did X, it had read Y, but it should have read Z.” Without a stable, reviewable record of context, improvement becomes guesswork.
3) “Vector DBs are being asked to be filesystems.”
When teams use a vector database as the canonical store for documents, they eventually run into basic questions that vector search was never designed to answer: What is the latest version? Who changed it? Can we diff it? Can we roll it back? Who is allowed to read it?
If your vector DB breaks the moment you ask it to behave like cat, diff, rollback, or permissions, the stack has a layer mismatch.
Vector databases solve retrieval. They do not solve ownership of the underlying artifacts.
Why it has to be file-shaped, not vector-shaped
A context drive is not a prettier database. It is a decision about the canonical form of agent context.
Files win because they are the one interface humans and agents both understand.
A file can be read. It can be reviewed. It can be diffed. It can be versioned. It can be permissioned. It can be moved across systems without losing meaning. A file is also the most honest boundary for governance: you can point to it, name it, and explain who touched it.
That is why the canonical layer has to look like a filesystem, even if the implementation underneath is distributed.
Vectors don’t have that property.
Vectors are an index over content, not the content itself. You don’t use a search engine as your database. You don’t store your source of truth in the same structure you use to retrieve it quickly.
There’s also a quiet technical tax in “vector-shaped storage”: you convert rich documents into chunks and embeddings, then pretend you can reconstruct the original truth later. That is a lossy transform—and every loss turns into downstream entropy: missing clauses, broken provenance, unclear ownership, and hard-to-explain behavior.
Vectors find the document. The drive stores it. They are not the same layer, and conflating them is the most expensive mistake of the 2024–2025 agent stack.
Three principles a context drive must obey
Context is an artifact, not a side effect.
If context only exists inside a session buffer or a transient tool call, it can’t be reviewed, shared, rolled back, or improved. Treat context like you treat build outputs: explicit files with names, structure, and ownership.
A useful mental model: prompts and tool calls are the “runtime.” Context files are the “compiled artifacts.” You can rerun the runtime; you can’t debug it unless the artifacts are stable.
Every read and write is a governed event.
Agent context isn’t “data access.” It is behavior. Every read and write needs a scoped identity, a version boundary, and an audit trail as native attributes—not bolted on after the first incident.
That means governance isn’t a separate admin panel. It’s embedded in the primitive: “this agent identity read these files at these versions” and “this agent identity wrote a new version of this file, with a diff you can review.”
The drive doesn’t replace memory or RAG. It gives them somewhere durable to point at.
Memory is an access pattern. RAG is a consumption pattern. A context drive is the storage substrate that makes those patterns reliable, portable, and reproducible across agents and across time.
This is why “AI agent memory” works in prototypes and breaks in production: memory needs a durable substrate.
What it looks like in practice
The simplest way to understand a context drive is to imagine a project repo and a shared drive had a child—then add agent identities and audit logs.
You might have:
- A human-readable folder like
policies/containing the current compliance rules in Markdown. - A machine-friendly folder like
state/containing compact JSON snapshots of “known facts” the agent relies on. - An
events/folder with append-only logs that explain how a state file was derived. - A
summaries/folder where an agent writes periodic digests that can be reviewed and corrected.
Not every team will choose the same structure, and that’s the point: files allow you to pick boundaries that match your workflow. The key is that the boundaries are explicit, reviewable, and versioned.
Minimal architecture for a real context drive
To stay useful beyond the first demo, the storage layer has to support a few boring, production-grade operations. The list below isn’t exhaustive, but it’s the minimum set that tends to show up once agents write anything you care about.
Canonical artifacts, derived indexes
Store canonical context as files (Markdown, JSON, raw attachments). Build search indexes—vectors, keywords, metadata—as derived views.
If the index is wrong, you rebuild it. If the file is wrong, you fix it and version it. That separation is what keeps debugging sane.
Identity and access at the file boundary
Agents don’t just need “API keys.” They need scoped, reviewable access:
- This agent can read
customers/public/but cannot seecustomers/enterprise/. - This agent can write only to
summaries/weekly/anddrafts/. - This agent can never read
secrets/.
The important part is that access rules map cleanly onto file paths and that reads/writes are logged with an identity you can reason about.
Versioning that matches agent behavior
Agent writes are different from human edits. They’re frequent, sometimes noisy, and often incremental. A context drive needs version semantics that make review cheap:
- Every write produces a new version (or commit).
- Diffs are first-class so humans can approve or revert.
- Rollback is easy and fast.
When rollback is painful, teams stop letting agents write. When rollback is trivial, teams start letting agents do real work.
Append-only audit logs
If you’re serious about running agents, you will eventually need to answer questions like:
- Which files did the agent read before it sent that email?
- What changed between the “good run” and the “bad run”?
- Which identity wrote this line of policy?
That’s why audit logs must exist as native events—ideally in a form you can query, export, and retain.
What this is not
Clear category boundaries are part of making a category real.
“Isn’t this just RAG?” No. RAG is consumption. The drive is storage.
“Isn’t this just memory?” No. Memory is one access pattern over the drive.
“Isn’t this just S3?” No. Object storage does not model agent identity, version semantics for agent-authored changes, or context-shaped governance. It stores blobs; it doesn’t make context operational.
“Isn’t this just MCP?” No. MCP is transport. The drive is what exists on the other side of the protocol.
For the practical comparison with memory, RAG, and context windows, see AI Agent Context Management: Where Context Should Live →.
Why we’re betting on this
We’ve spent the last two years watching the same pattern repeat: as soon as an agent graduates from “assistant” to “worker,” context stops being a prompt ingredient and starts behaving like a production artifact.
Once multiple agents collaborate—or one agent runs repeatedly over weeks—the hardest part isn’t model quality. It’s making sure every run has the right context, and that humans can explain and govern what happened.
We don’t think this is a tooling gap. It’s a missing layer.
That’s why we’re building puppyone as a context drive: a governed, versioned place where agent-readable context artifacts can live, so retrieval, memory, and orchestration have something durable to reference.
If you want a concrete example of what that looks like, puppyone is building exactly this: a Context Space that syncs from your existing tools, transforms content into agent-readable files, and exposes it through controlled access points with version history and audit trails. (If you’re curious, start at puppyone.ai.)
If you want the broader infrastructure argument for multi-agent systems, see puppyone 3 context infrastructure multi agent.
A practical adoption checklist
If you’re reading this while building agents, here’s a quick way to tell whether you’re already “past the ceiling.”
- You have more than one agent that needs to share context, or one agent that runs repeatedly over weeks.
- You’ve had at least one incident where the agent behaved oddly and nobody could reproduce its inputs.
- You’ve started writing glue code to move knowledge between Notion/Slack/docs/repos and whatever your agent framework expects.
- You’re debating where the source of truth lives for “facts” the agent should rely on.
If two or more are true, you’re very likely in context-drive territory.
Closing: A claim, not a question
The next decade of agent infrastructure won’t be decided by who has the smartest model. It will be decided by who has the cleanest place to put their context. We’re calling that place a context drive. We don’t think the name is the important part—we think the layer is.
FAQ
What is a context drive in one sentence?
A context drive is a file-shaped, versioned, governed storage layer where agent context lives as durable artifacts that can be reviewed, shared, and rolled back.
How is a context drive different from RAG?
RAG is a consumption pattern—how an agent pulls relevant information into a run. A context drive is storage—the canonical place the underlying artifacts live, with versions and access controls.
Why not store everything in a vector database?
Vector databases are great for retrieval, but they aren’t designed to be the source of truth for artifacts. Once you need “latest version,” diffs, rollback, and file-level permissions, you’re asking the index to behave like a filesystem.
What kinds of files belong in a context drive?
Typically a mix of human-readable documents (like Markdown policies), machine-friendly state (like compact JSON), append-only event logs for traceability, and periodic summaries that can be reviewed and corrected.
What does “governed reads and writes” mean for agents?
It means every access happens under a scoped identity with explicit permissions, and every read/write is recorded so you can answer “what did the agent see?” and “what changed?” later.
Does a context drive replace agent memory?
No. Memory is an access pattern over stored artifacts. A context drive provides the durable substrate so memory can be portable, reviewable, and reproducible over time.
When do teams usually need this layer?
When you have multiple agents sharing context, or a single agent that runs repeatedly over weeks—and especially once you’ve had an incident where behavior couldn’t be reproduced because the inputs weren’t captured as stable artifacts.

Top comments (0)