Pre-checks
What problem does this solve?
目前用户可以通过提示词交互,例如“把 XX 记到你的记忆中”,直接触发长期记忆的写入或修改。该机制在企业或多人使用场景下,可能存在记忆内容被误写、误改或非授权修改的风险。
Currently, users can trigger the writing or modification of long-term memory through prompt-based interactions, such as “remember XX.” While this mechanism improves personalization, it may also create risks in enterprise or multi-user scenarios, including accidental memory updates, unintended modifications, or unauthorized changes.
Proposed solution
建议增加长期记忆文件的权限管理机制,对记忆的写入、编辑、删除等操作进行权限校验。例如,仅管理员或授权角色可直接修改记忆内容;普通用户提交的记忆变更需经确认后生效。同时建议增加变更留痕能力,记录修改人、时间、内容及操作类型,便于后续审计和问题追溯。
该功能可提升长期记忆能力的安全性、可控性和企业级使用可靠性。
It is recommended to add a permission management mechanism for long-term memory files, with access control applied to memory writing, editing, and deletion operations. For example, only administrators or authorized roles should be allowed to directly modify long-term memory. Memory change requests submitted by regular users could require approval before taking effect.
In addition, it is suggested to introduce change logging capabilities, including records of the operator, modification time, modified content, and operation type, to support auditing and issue tracking.
This feature would help improve the security, controllability, and enterprise-level reliability of long-term memory capabilities.
Willing to contribute?
Pre-checks
What problem does this solve?
目前用户可以通过提示词交互,例如“把 XX 记到你的记忆中”,直接触发长期记忆的写入或修改。该机制在企业或多人使用场景下,可能存在记忆内容被误写、误改或非授权修改的风险。
Currently, users can trigger the writing or modification of long-term memory through prompt-based interactions, such as “remember XX.” While this mechanism improves personalization, it may also create risks in enterprise or multi-user scenarios, including accidental memory updates, unintended modifications, or unauthorized changes.
Proposed solution
建议增加长期记忆文件的权限管理机制,对记忆的写入、编辑、删除等操作进行权限校验。例如,仅管理员或授权角色可直接修改记忆内容;普通用户提交的记忆变更需经确认后生效。同时建议增加变更留痕能力,记录修改人、时间、内容及操作类型,便于后续审计和问题追溯。
该功能可提升长期记忆能力的安全性、可控性和企业级使用可靠性。
It is recommended to add a permission management mechanism for long-term memory files, with access control applied to memory writing, editing, and deletion operations. For example, only administrators or authorized roles should be allowed to directly modify long-term memory. Memory change requests submitted by regular users could require approval before taking effect.
In addition, it is suggested to introduce change logging capabilities, including records of the operator, modification time, modified content, and operation type, to support auditing and issue tracking.
This feature would help improve the security, controllability, and enterprise-level reliability of long-term memory capabilities.
Willing to contribute?