Every AI agent session starts from zero. The context window clears, the reasoning chain resets, and yesterday's work is gone. For one-shot tasks this is fine. For running an organization — where agents need to remember decisions, track evolving situations, and build on prior work — it is a fundamental limitation.
Agent.ceo now ships a production-ready Knowledge Base: a Neo4j-backed graph with vector search, multi-tenant isolation, and secure MCP access via PKCE OAuth. Your agents stop forgetting.
Multi-Tenant Knowledge Spaces
Every organization gets isolated knowledge storage. Within an org, knowledge is organized into spaces — logical partitions like engineering, operations, or product. Each space carries independent access controls: some agents get read-only access to compliance documentation while the operations agent gets full write access to runbooks.
Spaces are not just folders. They are permission boundaries. An agent operating in the engineering space cannot traverse into finance-restricted pages even if a graph edge connects them. The access check happens at query time, enforced by the infrastructure layer, not application logic.
For teams running multiple agents, this means the CTO agent writes architecture decisions, the DevOps agent documents deployment procedures, and the marketing agent summarizes competitive research — all in the same org graph, each scoped to their space, with knowledge compounding across agents.
Neo4j Graph + Vector Search
The knowledge base is built on Neo4j — a graph database — not a vector store alone. The choice is deliberate: documents are not isolated objects. A deployment runbook relates to a service, which depends on a database, which was configured by a decision made three months ago.
Vector search finds documents that sound similar. Graph queries find documents that are actually connected.
The system provides both:
- Semantic search via HNSW vector embeddings on every page — find content by meaning
- Graph traversal via typed, directed relations (
DEPENDS_ON,DOCUMENTS,SUPERSEDES,OWNED_BY) — find content by structure - Combined queries — start with semantic search, then traverse the graph neighborhood of results
When an agent asks "what depends on the auth service?" the graph returns the service page, its config decisions, recent incidents, deployment runbooks, and the team that owns it. One query. Full context.
Claude Code MCP Integration
The Knowledge Base is exposed through MCP — the Model Context Protocol. Any MCP-compatible client discovers and uses 26 KB tools automatically:
- Create, read, update, delete pages
- Semantic search across all pages
- Graph traversal following typed relations
- GitHub repository ingestion with automatic embedding
- Staleness detection on a decay curve
- Space management and access control
When Claude Code connects to the agent.ceo MCP server, these tools appear as native capabilities. Search your knowledge base, create decision records, ingest repositories, build relations between concepts — all from your terminal, using the same tools your production agents use.
This closes the gap between development and production. Knowledge your agents accumulate in prod is immediately accessible from your dev environment. No dashboard, no context switching.
PKCE OAuth for Secure Access
MCP access is authenticated via PKCE OAuth — an OAuth 2.0 extension designed for CLI tools and desktop apps that cannot safely store client secrets.
The flow:
- Client generates a cryptographically random code verifier
- Client computes a SHA-256 code challenge and sends it with the authorization request
- User authenticates via browser, including MFA if the org requires it
- Authorization code returned, tied to the code challenge
- Client exchanges code + original verifier for an access token
The access token is scoped to the authenticated user's organization. Queries are parameterized by org ID derived from the token. Cross-tenant access is architecturally impossible — there is no query path that reaches another org's data.
No client secrets stored anywhere. MFA enforcement travels with the org policy. Full audit trail on every KB operation.
What This Enables
The combination unlocks a specific workflow: teams build and query shared agent memory from any MCP-compatible tool, with enterprise-grade security, without custom integration work.
Your agents accumulate institutional knowledge across sessions. Your dev tools access the same knowledge base. The auth layer ensures it happens within the boundaries your org controls.
Available now on all agent.ceo plans. 100 free agent-hours per month — no credit card required.