Weaviate Vector Database

1. Weaviate Reality

Weaviate, developed by Weaviate B.V. (Amsterdam) and released under the BSD-3-Clause license, is the schema-centric, GraphQL-native vector database that distinguished itself early by treating vectors as one property of a richly-typed object rather than as the primitive unit. A Weaviate class definition specifies properties with types, references between classes, vectorizer modules (text2vec-openai, text2vec-cohere, text2vec-transformers, multi2vec-clip, ref2vec), and tenant configuration; queries are GraphQL with hybrid search combining BM25, dense vector, and graph-traversal predicates. The architecture targets production RAG workloads at scale: multi-tenant collections, replication and sharding under Raft consensus, named-vector support for multi-embedding objects, and a generative-search module that pipes results directly into LLM completions.

The commercial business is Weaviate Cloud (managed, with serverless and dedicated tiers), Weaviate Enterprise (BYOC and on-prem support), and a Series B-funded go-to-market into financial services, healthcare, and government. Customers cited in case studies — Stack Overflow's OverflowAI, Instabase, Morningstar — use Weaviate where Chroma's developer-ergonomics-first posture is insufficient: large-corpus retrieval, multi-tenant SaaS, and hybrid lexical-semantic search at production QPS.

Weaviate's architectural strengths are real and specific: a published schema as a first-class artifact, multi-tenancy as a substrate concern (not an application concern), modular vectorizers that decouple embedding generation from storage, and a clear path from prototype to scaled deployment. The product is the most schema-rich of the OSS vector databases, which is what makes its policy gap structurally interesting rather than incidental.

2. The Architectural Gap

Weaviate has schema, but its schema does not carry policy. A class definition declares property types and vectorizer bindings; it does not declare which authority may write a property, which credential is required to read, what redaction profile applies under partial trust, what retention boundary attaches, or what jurisdiction the object's data residency must respect. Multi-tenancy is enforced as namespace isolation — tenant A cannot read tenant B's objects — but within a tenant, every credential with read permission gets the full payload. Authentication is OIDC/API-key; authorization is role-based at the collection level, not object-level and not policy-aware.

The structural property absent is object-carried policy bound to schema-bound mutation. Weaviate's schema-bound mutation is partial: a write must conform to the property types declared in the class, but the class schema is not itself a credentialed object — schema changes are administrative operations performed by anyone with the appropriate role, without composite admissibility evaluation, without lineage of why the change was admitted, and without governed-actuation graduation. The schema is metadata, not a credentialed primitive under an authority taxonomy.

The consequence in regulated production is that Weaviate's schema posture becomes a false reassurance. Because the schema looks rigorous, customers assume the substrate enforces policy; in reality, every regulated tenant — a hospital running RAG over EHR-derived embeddings, a bank running entity resolution over PII, a federal agency running search over CUI — must rebuild policy enforcement at the GraphQL access layer or at an upstream service, per use-case, with no architectural contract that the substrate respects. As EU AI Act, NIS2, HIPAA-modernization, and CMMC 2.0 obligations harden, this posture exposes Weaviate's enterprise customers to substrate-rooted risk that schema does not contain.

3. What The AQ Primitive Provides

The AQ memory-native-protocol primitive resolves Weaviate's gap by elevating the schema from a typing artifact to a credentialed authority object, and by binding policy to the memory object as a load-bearing structural property. The two inventive elements — object-carried policy and schema-bound mutation under credential — compose tightly with Weaviate's existing class model, so the architectural reach is direct.

Object-carried policy: every Weaviate object — vector, properties, references — is augmented with a policy reference whose contents are mediated by the substrate. The policy declares authority-class read permissions (operator, regulator, partner, end-user, adversarial), redaction profiles per property, retention boundaries, jurisdiction constraints, consent state, and downstream-derivation rules (whether an embedding generated from this object may be used to generate another). Reads compose the requester's credential with the policy and the object's lineage to produce a graduated response — full, redacted, derived-only, deferred, or denied — under composite admissibility per the umbrella chain.

Schema-bound mutation: a class schema is itself a credentialed object signed under a tenant's authority root. Schema changes — adding a property, changing a vectorizer, altering a reference — are governed actuations: they pass property-1 authority observation (who proposed the change, with what credential), property-2 evidential weighting (impact on downstream consumers), property-3 composite admissibility (does the change violate downstream policy contracts), property-4 governed execution (admit, defer, refuse, partial), and property-5 lineage. Schema migration becomes auditable rather than administrative.

Recursive closure binds the two: a write under a new schema version is itself an observation under the schema-mutation lineage; a read whose policy changes mid-retention surfaces as a lineage event downstream consumers can observe. The named-vector and multi-tenancy features Weaviate already implements compose naturally — tenancy becomes an authority scope, named vectors become policy-tagged derivations, and the GraphQL surface becomes the natural carrier for credential and policy negotiation.

4. Composition Pathway

Weaviate composes the primitive at four integration points. First, the class schema gains a policy section alongside its properties and vectorizer; existing schemas continue to function under a permissive default while regulated customers opt into stricter policy. Second, the GraphQL query and mutation interfaces gain credential negotiation as a header-level concern, with the resolver layer mediating object-carried policy before returning fields; this preserves the GraphQL contract while routing admissibility through the substrate. Third, the Raft-replicated metadata store becomes the schema-as-credentialed-object catalog, with schema migrations recorded as lineage events queryable through a new admin GraphQL surface.

Fourth, the modular vectorizer architecture composes with policy: a vectorizer that derives an embedding from a regulated source carries the source's policy forward, so derived vectors inherit retention and redaction obligations. The generative-search module — which pipes retrieved context to an LLM — becomes a governed actuation: the LLM call is gated by the composite admissibility of every retrieved object's policy, and the prompt construction respects per-object redaction directives. This closes the "RAG leaks PII into the prompt" failure mode at the substrate.

Operational existing-feature composition is clean: Weaviate Cloud's serverless tiers expose policy as a tenant configuration; BYOC deployments root authority in the customer's KMS; multi-tenancy maps directly to authority scopes; replication preserves lineage across replicas. The composition does not require the customer to rewrite applications — the GraphQL contract is preserved and policy is opt-in per class.

5. Commercial / Licensing Implication

The fitting arrangement is a non-exclusive memory-native-protocol substrate license to Weaviate B.V. covering Weaviate OSS, Weaviate Cloud, and Weaviate Enterprise, structured as a permissive OSS grant coupled with commercial royalty on managed and enterprise tiers. Field-of-use covers vector and hybrid memory for AI applications and agentic systems; sublicensing extends to BYOC and on-prem deployments so regulated customers carry the substrate into their own environments. Pricing as a per-tenant or per-collection uplift on existing managed tiers preserves Weaviate's commercial structure.

Weaviate gains the architectural answer to the production-RAG governance problem its enterprise pipeline already encounters: financial-services, healthcare, and government accounts that bounce off because schema is not enough. Defensible against Pinecone (closed, no schema-as-authority), Chroma (developer-first, no enforcement), Qdrant (performance-first, payload-naive), and pgvector / MongoDB Vector Search / Elastic kNN (where the host database's policy model never extended to vectors). The customer gains EU AI Act, HIPAA, GDPR, and CMMC 2.0 substrate compliance without bolting policy at the GraphQL layer per application. The licensing structure converts Weaviate's schema-rich position from a marketing differentiator into an architectural moat.