Memory integrity and watermarking toolkit for AI agent long-term memory systems.
MemMark detects memory poisoning, verifies provenance, generates integrity manifests, and embeds cryptographic watermarks in AI agent memory systems β ensuring the memories your agent trusts are actually legitimate.
Documentation: carlos-projects.github.io/memmark
| Feature | Description |
|---|---|
| π·οΈ Memory Watermarking | HMAC-SHA256 + PBKDF2 watermarks with entropy salt |
| π‘οΈ Poisoning Detection | Configurable pattern-based injection & manipulation detection |
| π Provenance Tracking | SHA-256 chain hashing with cycle-safe graph analysis |
| π Integrity Manifests | Generate & verify SHA-256 manifests per entry & state |
| π Memory Diff | Compare memory states (added, removed, modified entries) |
| π¬ Memory Forensics | Temporal, content & source anomaly scoring |
| π Policy Generation | MCPGuard-compatible YAML policies from scan results |
| π Pluggable Store | FileMemoryStore, InMemoryMemoryStore, custom backends |
| 𧩠Composable Pipeline | ScanPipeline + ScanStage for custom analysis workflows |
| π Structured Logging | JSON logging with correlation IDs for pipeline tracing |
pip install memmark-agentmemmark scan memory.json -k my-secret-key# Inject watermarks
memmark watermark memory.json --action inject --key my-key -o watermarked.json
# Detect watermarks
memmark watermark watermarked.json --action detect --key my-key
# Integrity manifest
memmark manifest memory.json -o manifest.json
# Verify against manifest
memmark verify memory.json --manifest manifest.json
# Generate MCPGuard policy
memmark generate-policy memory.json -o policy.yamlfrom memmark import run_full_scan
memories = [{"id": "mem-001", "content": "User likes dark mode"}]
result = run_full_scan(memories, watermark_key="my-secret")
for f in result.findings:
print(f" [{f.severity}] {f.description}")from memmark import ScanPipeline
pipeline = ScanPipeline.with_default_stages(watermark_key="my-secret")
result = pipeline.run(memories, scan_id="custom-scan")
# Async variant
result = await pipeline.arun(memories)from memmark import ScanStage, PipelineContext
class CustomStage(ScanStage):
def run(self, ctx: PipelineContext) -> None:
# Access ctx.memories, ctx.findings, ctx.metadata
...
pipeline = ScanPipeline.with_default_stages(watermark_key="k")
pipeline.add_stage(CustomStage())from memmark import FileMemoryStore, InMemoryMemoryStore, MemoryScanner
store = FileMemoryStore("memories.json")
memories = store.read()
scanner = MemoryScanner()
memories = scanner.load_memory(store) # auto-detects MemoryStoreCLI (typer)
ββ ScanPipeline (composable stages)
ββ PoisoningStage β configurable pattern injection/manipulation detection
ββ WatermarkStage β HMAC-SHA256 + PBKDF2 verification
ββ ForensicsStage β temporal/content/source anomaly scoring
ββ WatermarkInjector / WatermarkDetector
ββ PoisoningDetector / PoisoningClassifier / PoisoningRemediation
ββ ProvenanceTracker / ProvenanceVerifier / ProvenanceGraph
ββ IntegrityManifest / MemoryDiff / MemoryForensics
ββ MCPGuardPolicy
ββ MemoryStore (FileMemoryStore / InMemoryMemoryStore)
# Install dev + docs dependencies
pip install -e ".[dev,docs]
# Run tests with coverage
make test # or: python -m pytest tests/ -v
# Lint + type check
make lint # ruff check src/ tests/
make typecheck # mypy src/
# Build docs
make serve-docs # mkdocs serve β localhost:8000
# Build package
make build # python -m build
# Run pre-commit hooks
make precommit # pre-commit run --all-files
# Full CI pipeline
make all # install β lint β typecheck β test β coverage| Project | Integration |
|---|---|
| MCPGuard | MemMark generates memory protection policies |
| MCPscop | MemMark reports consumable by MCPscop dashboard |
| mcp-taxonomy | Standardized finding classification |
- arXiv:2605.25073 β State-Evolution Attribution Watermarking (Zhang et al.)
- arXiv:2605.24941 β Memory-Induced Tool-Drift in LLM Agents (Dabas et al.)
- arXiv:2605.25717 β SAMark: Self-Anchored Text Watermarking
- MITRE ATLAS β Agent Memory Attack Patterns
MIT β See LICENSE.
Carlos-Projects β GitHub