Releases: DanceNitra/mnemo
Release list
mnemo 1.5.0 — provable forget + bitemporal audit
The governance / temporal pillar of verifiable memory.
Provable forget (Pillar 2)
ErasureAuditor.compliance_receipt(subject, values, sign=, pubkey=, request_id=, basis=)— runs the audit and packages it as a shareable, signed proof-of-erasure receipt (the artifact a DPO hands a regulator under GDPR Art. 17 / EU AI Act record-keeping): which stores were checked, the per-store adversarial-recovery verdict, request/basis, timestamp — tamper-evident under your key.verify_compliance_receipt+ed25519_signer/ed25519_verifyBYO-key helpers (or plug an HSM/KMS). Crypto is a lazy import — the framework stays dependency-free until you sign.probes/forget_verification_bench.py— an open benchmark no recall leaderboard covers: after a right-to-erasure deletion, does the value provably stop being recoverable across the 6-store fan-out? Scores the common 'delete the row' bug (~0.17 — five stores still leak) vs a correct hard-delete (1.00, verified).
Bitemporal audit (Pillar 3)
as_of(key, when, as_recorded=)gains a second clock: pass a transaction-timeas_recordedto reconstruct what we believed, at that recording time, was true at valid-timewhen— a later correction can't leak into the earlier belief.believed_at(key, as_recorded)returns what the agent would have acted on if frozen then.as_recorded=Noneis byte-identical to the prior valid-timeas_of.
57 tests pass; opt-in and backward-compatible throughout.
mnemo 1.4.0 — soft-delete residual probes (+ 1.3.0 clean memory)
1.4.0 — soft-delete residual probes for the ErasureAuditor (from an r/RAG thread: 'the API returned 200' and 'it's gone' are two different things — a store can report a delete as done while the data physically survives until a background compaction/vacuum/GC that may never trigger). Zero new deps — each probe calls only the client you pass.
QdrantSoftDeleteProbe— deleted points under the optimizerdeleted_threshold(0.2 / 1000-min).PgVectorSoftDeleteProbe— MVCCn_dead_tup(dead-until-VACUUM).S3VersioningProbe— a 'delete' is just a delete marker over a live version.SoftDeleteProbe— generic hook for the long tail (Chroma compaction, observability spans, CDC/Kafka, embedding-provider logs).
Also includes 1.3.0 — clean memory (not separately released): admit() write-admission gate (kills exact/near-exact re-extraction bloat), why_recalled() + memory_report() inspector. All opt-in; 45 tests pass.
mnemo 1.2.0 — universal-executor gate
Opt-in universal-executor gate on spend_irreversible.
is_universal_executor(tool, signature)— detect verb-polymorphic shell/eval/SQL/HTTP tools whose reversibility is not decidable from the signature.spend_irreversible(tool=, contained=)— an uncontained universal executor is denied outright (reversibility undecidable + unbounded external harm-reach);contained=Truefalls through to the normal per-source budget.tool=Noneis byte-identical to 1.1.0.
Motivated by a measured lab result (ToolEmu 330 tools, 2 labelers: reversibility ~93% signature-decidable, Cohen's kappa 0.82; the ~7% residual is universal executors with environment-conditional harm-reach). Credits arXiv:2607.07474. 27 tests pass.
mnemo 1.1.0 — security hardening
Security hardening from the first internal security pass (SECURITY.md). Both additions OPT-IN; default = 1.0.0 behaviour (5 tests verify).
- Mnemo(max_text=N): remember() truncates oversized text + stamps meta.truncated_from (availability guard).
- verify_writes(warn_unpinned=True): surfaces the self-referential-pubkey footgun; governance_report().proof.signature_authenticity states the trust level.
- SECURITY.md: honest threat model (no RCE/ReDoS surface, constant-time HMAC; two documented residuals).
pip install 'agora-mnemo[mcp]'
mnemo 1.0.0 — first stable release
First stable release. Not a new feature — a maturity milestone.
- Stable public API frozen in mnemo.all; governance/erasure tools in submodules (deletion_manifest, erasure_auditor).
- Runnable test suite (16 tests, cloud-free) + GitHub Actions CI on py3.9/3.11/3.12. The suite already caught a real export gap.
- CHANGELOG documenting the 0.4->1.0 journey.
- No functional change from 0.7.22. Semver from here: MINOR for features, PATCH for fixes.
pip install 'agora-mnemo[mcp]' · https://dancenitra.github.io/mnemo/ · DOI: 10.5281/zenodo.21128549
mnemo 0.7.22
Governance + cross-store erasure tools (engineering over well-known primitives, prior-art-credited).
- anchor() / verify_consistency(): CT-style external anchor (RFC 6962) — catches a receipt-key-holder history rewrite/rollback that verify_writes alone cannot.
- forget_subject(basis=, authorized_by=, authorization=): erasure tombstone bound to an authenticated principal (Ed25519) + decision basis, inside the tamper-evident hash.
- DeletionManifest (mnemo.deletion_manifest): honest-by-construction cross-store erasure record — names leaking stores, never a false 'deleted'.
- ErasureAuditor (mnemo.erasure_auditor): adversarial 'content still reconstructible?' audit across the fan-out (NN-inversion on retained vectors) — the check DSAR tooling skips.
Prior art: RFC 6962, Morris et al. EMNLP 2023, Ghost Vectors (2606.18497), EDPB 05/2019, NIST SP 800-88.
Install: pip install 'agora-mnemo[mcp]' · Docs: https://dancenitra.github.io/mnemo/ · DOI: 10.5281/zenodo.21128549
mnemo 0.7.20
Zero-dependency agent memory + MCP server (12 tools over stdio).
- Value-ranked recall, per-type decay, consolidation, lexical+semantic auto-mode.
- First-class correction & erasure channel: revert(), retract_lineage(), echo_guard, forget_subject().
- Tamper-evident receipts (hash-chained, optional Ed25519); poison-resistant influence gate.
- 6 framework adapters (OpenAI Agents, AutoGen, LangGraph, LlamaIndex, Google ADK, Pydantic AI).
- Install: pip install "agora-mnemo[mcp]" ; run: mnemo-mcp
Docs: https://dancenitra.github.io/mnemo/ · PyPI: agora-mnemo · DOI: 10.5281/zenodo.21128549