Skip to content

Releases: DanceNitra/mnemo

mnemo 1.5.0 — provable forget + bitemporal audit

Choose a tag to compare

@DanceNitra DanceNitra released this 14 Jul 08:21

The governance / temporal pillar of verifiable memory.

Provable forget (Pillar 2)

  • ErasureAuditor.compliance_receipt(subject, values, sign=, pubkey=, request_id=, basis=) — runs the audit and packages it as a shareable, signed proof-of-erasure receipt (the artifact a DPO hands a regulator under GDPR Art. 17 / EU AI Act record-keeping): which stores were checked, the per-store adversarial-recovery verdict, request/basis, timestamp — tamper-evident under your key. verify_compliance_receipt + ed25519_signer/ed25519_verify BYO-key helpers (or plug an HSM/KMS). Crypto is a lazy import — the framework stays dependency-free until you sign.
  • probes/forget_verification_bench.py — an open benchmark no recall leaderboard covers: after a right-to-erasure deletion, does the value provably stop being recoverable across the 6-store fan-out? Scores the common 'delete the row' bug (~0.17 — five stores still leak) vs a correct hard-delete (1.00, verified).

Bitemporal audit (Pillar 3)

  • as_of(key, when, as_recorded=) gains a second clock: pass a transaction-time as_recorded to reconstruct what we believed, at that recording time, was true at valid-time when — a later correction can't leak into the earlier belief. believed_at(key, as_recorded) returns what the agent would have acted on if frozen then. as_recorded=None is byte-identical to the prior valid-time as_of.

57 tests pass; opt-in and backward-compatible throughout.

mnemo 1.4.0 — soft-delete residual probes (+ 1.3.0 clean memory)

Choose a tag to compare

@DanceNitra DanceNitra released this 14 Jul 07:34

1.4.0 — soft-delete residual probes for the ErasureAuditor (from an r/RAG thread: 'the API returned 200' and 'it's gone' are two different things — a store can report a delete as done while the data physically survives until a background compaction/vacuum/GC that may never trigger). Zero new deps — each probe calls only the client you pass.

  • QdrantSoftDeleteProbe — deleted points under the optimizer deleted_threshold (0.2 / 1000-min).
  • PgVectorSoftDeleteProbe — MVCC n_dead_tup (dead-until-VACUUM).
  • S3VersioningProbe — a 'delete' is just a delete marker over a live version.
  • SoftDeleteProbe — generic hook for the long tail (Chroma compaction, observability spans, CDC/Kafka, embedding-provider logs).

Also includes 1.3.0 — clean memory (not separately released): admit() write-admission gate (kills exact/near-exact re-extraction bloat), why_recalled() + memory_report() inspector. All opt-in; 45 tests pass.

mnemo 1.2.0 — universal-executor gate

Choose a tag to compare

@DanceNitra DanceNitra released this 13 Jul 19:31

Opt-in universal-executor gate on spend_irreversible.

  • is_universal_executor(tool, signature) — detect verb-polymorphic shell/eval/SQL/HTTP tools whose reversibility is not decidable from the signature.
  • spend_irreversible(tool=, contained=) — an uncontained universal executor is denied outright (reversibility undecidable + unbounded external harm-reach); contained=True falls through to the normal per-source budget. tool=None is byte-identical to 1.1.0.

Motivated by a measured lab result (ToolEmu 330 tools, 2 labelers: reversibility ~93% signature-decidable, Cohen's kappa 0.82; the ~7% residual is universal executors with environment-conditional harm-reach). Credits arXiv:2607.07474. 27 tests pass.

mnemo 1.1.0 — security hardening

Choose a tag to compare

@DanceNitra DanceNitra released this 13 Jul 15:56

Security hardening from the first internal security pass (SECURITY.md). Both additions OPT-IN; default = 1.0.0 behaviour (5 tests verify).

  • Mnemo(max_text=N): remember() truncates oversized text + stamps meta.truncated_from (availability guard).
  • verify_writes(warn_unpinned=True): surfaces the self-referential-pubkey footgun; governance_report().proof.signature_authenticity states the trust level.
  • SECURITY.md: honest threat model (no RCE/ReDoS surface, constant-time HMAC; two documented residuals).

pip install 'agora-mnemo[mcp]'

mnemo 1.0.0 — first stable release

Choose a tag to compare

@DanceNitra DanceNitra released this 13 Jul 15:34

First stable release. Not a new feature — a maturity milestone.

  • Stable public API frozen in mnemo.all; governance/erasure tools in submodules (deletion_manifest, erasure_auditor).
  • Runnable test suite (16 tests, cloud-free) + GitHub Actions CI on py3.9/3.11/3.12. The suite already caught a real export gap.
  • CHANGELOG documenting the 0.4->1.0 journey.
  • No functional change from 0.7.22. Semver from here: MINOR for features, PATCH for fixes.

pip install 'agora-mnemo[mcp]' · https://dancenitra.github.io/mnemo/ · DOI: 10.5281/zenodo.21128549

mnemo 0.7.22

Choose a tag to compare

@DanceNitra DanceNitra released this 13 Jul 14:53

Governance + cross-store erasure tools (engineering over well-known primitives, prior-art-credited).

  • anchor() / verify_consistency(): CT-style external anchor (RFC 6962) — catches a receipt-key-holder history rewrite/rollback that verify_writes alone cannot.
  • forget_subject(basis=, authorized_by=, authorization=): erasure tombstone bound to an authenticated principal (Ed25519) + decision basis, inside the tamper-evident hash.
  • DeletionManifest (mnemo.deletion_manifest): honest-by-construction cross-store erasure record — names leaking stores, never a false 'deleted'.
  • ErasureAuditor (mnemo.erasure_auditor): adversarial 'content still reconstructible?' audit across the fan-out (NN-inversion on retained vectors) — the check DSAR tooling skips.

Prior art: RFC 6962, Morris et al. EMNLP 2023, Ghost Vectors (2606.18497), EDPB 05/2019, NIST SP 800-88.
Install: pip install 'agora-mnemo[mcp]' · Docs: https://dancenitra.github.io/mnemo/ · DOI: 10.5281/zenodo.21128549

mnemo 0.7.20

Choose a tag to compare

@DanceNitra DanceNitra released this 13 Jul 08:03

Zero-dependency agent memory + MCP server (12 tools over stdio).

  • Value-ranked recall, per-type decay, consolidation, lexical+semantic auto-mode.
  • First-class correction & erasure channel: revert(), retract_lineage(), echo_guard, forget_subject().
  • Tamper-evident receipts (hash-chained, optional Ed25519); poison-resistant influence gate.
  • 6 framework adapters (OpenAI Agents, AutoGen, LangGraph, LlamaIndex, Google ADK, Pydantic AI).
  • Install: pip install "agora-mnemo[mcp]" ; run: mnemo-mcp

Docs: https://dancenitra.github.io/mnemo/ · PyPI: agora-mnemo · DOI: 10.5281/zenodo.21128549