Context
Self-hosting agentmemory at production scale (143 active agents across 6 companies in our Paperclip deployment), I wanted to add a per-agent rate-limit / anomaly detector to catch a single agent over-saving and polluting the index.
Current state of GET /agentmemory/audit:
{
"entries": [
{
"id": "aud_mp8pt2b1_faaae246ad66",
"operation": "lesson_save",
"functionId": "mem::lesson-save",
"targetIds": ["lsn_79b51e5d6eb50cef"],
"details": {},
"timestamp": "2026-05-16T19:04:04.333Z"
}
]
}The details object is empty on save and lesson_save operations, and there is no agent / session attribution anywhere on the entry. From outside the server, I cannot tell which caller did the save — all calls share the single AGENTMEMORY_SECRET bearer.
Ask
Could audit.entries[].details (or a top-level field) include the following when the calling tool provides them:
sessionId (already a parameter to memory_save / memory_lesson_save)tags (already a parameter)- Optionally: an opaque
clientId derived from a X-Agentmemory-Client-Id request header that the shim could set per-process
The first two require no protocol change — they're already in the request payload, just not surfaced in the audit log. That alone is enough to build a per-tag anomaly detector externally.
Why this matters
- Pollution detection: a runaway agent looping
memory_save should be visible from the audit log
- Per-tenant accounting in multi-company hosts (we have 6 companies sharing one agentmemory instance)
- External rate-limiting via Traefik / proxy middleware becomes feasible (current options are global-only or require patching the binary)
Happy to send a PR if you'd like — wanted to check first that you'd accept surfacing sessionId + tags in audit.entries[].details without privacy concerns.
Environment
- agentmemory
@0.9.12 (via iiidev/iii:0.11.2)
- Self-hosted on Coolify, 143 active agents, ~50 ops/h sustained
- Bearer auth via
AGENTMEMORY_SECRET
Context
Self-hosting agentmemory at production scale (143 active agents across 6 companies in our Paperclip deployment), I wanted to add a per-agent rate-limit / anomaly detector to catch a single agent over-saving and polluting the index.
Current state of
GET /agentmemory/audit:{ "entries": [ { "id": "aud_mp8pt2b1_faaae246ad66", "operation": "lesson_save", "functionId": "mem::lesson-save", "targetIds": ["lsn_79b51e5d6eb50cef"], "details": {}, "timestamp": "2026-05-16T19:04:04.333Z" } ] }The
detailsobject is empty onsaveandlesson_saveoperations, and there is no agent / session attribution anywhere on the entry. From outside the server, I cannot tell which caller did the save — all calls share the singleAGENTMEMORY_SECRETbearer.Ask
Could
audit.entries[].details(or a top-level field) include the following when the calling tool provides them:sessionId(already a parameter tomemory_save/memory_lesson_save)tags(already a parameter)clientIdderived from aX-Agentmemory-Client-Idrequest header that the shim could set per-processThe first two require no protocol change — they're already in the request payload, just not surfaced in the audit log. That alone is enough to build a per-tag anomaly detector externally.
Why this matters
memory_saveshould be visible from the audit logHappy to send a PR if you'd like — wanted to check first that you'd accept surfacing
sessionId+tagsinaudit.entries[].detailswithout privacy concerns.Environment
@0.9.12(viaiiidev/iii:0.11.2)AGENTMEMORY_SECRET