Field note / agent state

Agents Do Not Need More Memory. They Need Better State.

The useful question is not whether an agent has memory. It is what state crosses the boundary between two runs, and why the next run should trust it.

agent memory =
  write policy
+ store
+ retrieval policy
+ validation loop

01

Split The Word

Most memory discussions mix context, compaction, durable memory, and learning. They are different mechanisms with different failure modes.

MechanismWhat it meansExamplesCommon failure
ContextWhat the model sees nowprompt, files, tool outputtoo large or stale
CompactionWhat survives context pressuresession summarieslost intent
Durable memoryExternal state reused laterpreferences, repo rules, skillsstale authority
LearningChanged model or policyweights, fine-tuningusually not present
context pressure    = keep this run alive
session continuity  = keep this task coherent
durable memory      = change what a future run can know

Do not use long-term memory to solve context overflow. Use compaction for that. Durable memory starts when the harness decides state should cross a session boundary.

02

The Pipeline

A memory system is good only when a future action changes correctly, with source, scope, and deletion still intact. Each edge is policy.

event -> capture -> extract -> classify -> scope -> store
store -> retrieve -> inject/cite -> act -> validate -> merge/prune/delete -> store
StageDecisionBad default
CaptureWhat is a candidate?save everything
ExtractWhat stable signal exists?summarize vaguely
Classifyrule, fact, preference, episode, skill?flatten into notes
Scopeuser, repo, project, org, tool?global memory
Storewhich data structure?one vector index
Retrievewhat enters context now?top-k similarity
Validateis it still true?trust old state
Deletewhere must it disappear?delete one visible note
memory enters context only through retrieval policy
memory changes action only after validation policy

03

Authority

A memory is not authoritative just because it is in context. Required team behavior belongs in checked-in files: AGENTS.md, CLAUDE.md, runbooks, CI config, repo docs. Generated memory is useful recall. It is not policy.

SourceAuthorityTreatment
Checked-in docs/code/configHighsource of truth
Cited current repo factHigh-mediumuse with citation/branch validation
Human-authored memoryMediuminstruction or hint
Generated memory with sourceMedium-lowvalidate before action
Generated memory without sourceLowhypothesis
Similar retrieved memoryHint onlyuse to search, not decide
memory can suggest
source of truth decides

04

System Archetypes

ArchetypeAlways loadedRetrieved on demandWrite pathExamplesFailure
File-firstsummary/indexfiles, grep, daily notesagent writes or consolidationClaude Code, Codex, OpenClawindex cliff
Frozen prompt + searchtiny profiletranscript searchadd/replace/remove, async syncHermessnapshot lag
Managed resourcemount metadatafilesystem/APIversioned writes, API editsAnthropic Managed Agents, AgentCorewritable memory injection
Product memoryuser/repo profileproduct recallsaved/inferred factsChatGPT, Gemini, Copilot, Devinweak provenance
External semantic/graphlittle or nonesemantic search, graph traversalAPI/tool writes, ingestionMem0, Zep, GBrain, Lettagovernance sprawl
RAG:          query -> top-k chunks -> answer
graph memory: query -> retrieve -> connect -> synthesize -> cite -> expose gaps

external memory output = claim + citation + freshness + missing information

05

System Details

SystemMechanismDetailRisk
Claude Codefile-first instructions + auto memoryCLAUDE.md is human-authored instruction memory. Auto memory uses repository-scoped Markdown with MEMORY.md as the startup index and topic files loaded on demand.Index cliff: memory exists on disk but becomes undiscoverable.
Codexfile-first generated memoryWrites are model-heavy and async: extraction first, consolidation later. Reads are cheap: inject a bounded summary, then search MEMORY.md, rollout summaries, and skills only when useful.Write/read asymmetry can hide stale paraphrases.
OpenClawworkspace Markdown + live context inspectionDurable MEMORY.md, daily notes, optional DREAMS.md, hybrid memory_search, compaction, memory flush before compaction, and /context list/detail for live prompt inspection.Confusing disk memory with live prompt context.
Hermestiny frozen prompt + searchMEMORY.md is limited to 2,200 characters; USER.md to 1,375. Both are frozen at session start. Detail moves to SQLite FTS session search or one active external provider.Snapshot lag after writes.
Anthropic Managed Agentsmounted governed resourceMemory stores mount under /mnt/memory/, support read-only/read-write access, optimistic concurrency, immutable versions, redaction, 100 kB memories, 2,000 memories per store, and up to 8 stores per session.Writable memory can persist prompt injection.
Anthropic Dreamsasync consolidation jobDreams read one memory store plus 1 to 100 sessions, then produce a separate output memory store for review, attach, archive, or delete. The input store is not silently mutated.Unsafe consolidation if candidate state becomes live without review.
Mem0 v3external scoped semantic memoryAsync ADD-only extraction writes to scoped stores such as user_id, agent_id, app_id, or run_id. Entity linking and multi-signal retrieval move recall outside the harness.Governance sprawl across stores and identities.
GBrainhybrid graph retrievalCombines vector search for paraphrase, BM25 for exact names, graph traversal for relationships, source ranking for authority, and reranking for false positives.Graph edges can amplify stale or weakly sourced claims.
Copilot / Devin / Geminiproduct memoryProduct-mediated user or repo profile state: repository facts, saved preferences, knowledge items, generated wiki/search, and controls around viewing or disabling remembered data.Weak provenance unless citations, expiry, and user controls are explicit.
AgentCore / Letta / Zepmanaged or OS-style memoryThese systems make the state layer explicit: namespaces, long-term strategies, tiered memory, archival recall, and temporal graph structure.More structure means more deletion, privacy, and audit surfaces.
Anthropic Dreams safety shape:
input memory store + 1..100 sessions
  -> async dream
  -> separate output memory store
  -> review / attach / archive / delete

The input store is not mutated. Consolidation produces candidate state, not silent live-state edits.

06

The Contract

Start with the contract, not the database. no_op should be common. Most events should not become memory. Retrieval and injection are also different decisions: retrieval says "this might matter"; injection says "show this to the model with this authority."

propose(event) -> candidate | null
write(candidate, scope, source) -> memory_id | no_op
retrieve(task, scope) -> ranked memories
validate(memory, task) -> trusted | stale | conflict | hint
inject(memory, mode) -> prompt text with source/authority
update(memory_id, source) -> new version
delete(memory_id) -> tombstone + derived cleanup
explain(memory_id) -> source, scope, versions, retrieval path
type: rule | fact | preference | episode | skill | hypothesis
scope: user | repo | project | org | tool
source: citation_or_event_id
content: "Deployments happen from main only after pnpm build passes."
confidence: high | medium | low
last_validated_at: timestamp
expires_at: timestamp | null
access: private | shared | read_only | read_write
valid_when: "task involves deploy/release/push"
contradicts: [...]

07

One Lifecycle

Raw event: "Remember, this repo deploys from main only after pnpm build passes." Bad memory: "User prefers pnpm build." That turns a repo deployment rule into a vague user preference.

StepDecisionResult
Capturedurable operational constraintcandidate
Extractdeploy requires main + pnpm buildnormalized rule
Classifyrepo rule, not user preferencetype: rule, scope: repo
Storesave source/confidence/validation pathmemory record
Retrievetask mentions release/deploy/pushload deploy rules
Validatecheck package scripts, CI, docscite or downgrade
Actblock unsafe deploy, run buildchanged behavior
Updatedeploy process changesstale old rule, add new rule
Deleteuser asks to forgetremove record + derived summaries
if task involves deploy/release/push:
  retrieve repo deployment rules
  validate against checked-in source
  cite before acting

The point is not that the agent remembered the sentence. It preserved type, scope, source, validation path, and changed a future action correctly.

08

Failure Modes

FailureSymptomRoot causeMitigation
Index cliffmemory exists but is never openedcapped/stale indextest lookup paths
Undiscoverabilitysearch misses itlexical mismatch, vague names, missing edgehybrid retrieval, aliases
Loaded-state confusionfile exists, model did not see itstore is confused with contextcontext inspection
Snapshot lagwrite persists but not this turnfrozen promptexpose effective time
Stale authorityold rule winsno validationsource-of-truth checks
Poisoned memoryattack persistsuntrusted write accessread-only stores, scanners, quoting
Scope leakmemory crosses users/orgsweak identity modelnamespaces + leakage tests
Delete failuredeleted fact returnsderived summaries/indexes survivedelete across stores
Over-consolidationnuance disappearssummaries merge contradictionscandidate store + review
wrong thing written
right thing not found
found thing trusted too much

09

Evaluation

Bad benchmark: did the agent remember the user's favorite color? Better benchmark: did yesterday's experience change today's decision correctly?

SessionTest
S1Teach a repo rule with source
S2Ask unrelated task; memory should not distract
S3Ask task where rule matters; memory should change action
S4Contradict/update rule
S5Ask again; current rule should win
S6Delete rule
S7Ask again; deleted rule should not resurface
minimum passing bar:
memory improves relevant action
memory does not distract unrelated action
updated memory beats old memory
deleted memory does not reappear

score:
action correctness
citation validity
stale recall resistance
deletion correctness
false-positive rate
latency/token cost
cross-scope leakage tests

MemoryArena is useful because it couples memory with action. Stompy's coding-agent benchmark is useful because it reports a modest result: memory reduced exploration on harder tasks, did not materially improve code quality, and hurt trivial tasks. Memory helps when rediscovery is expensive.

10

What Should I Use

NeedUseAvoid
Team rules, commands, security constraintschecked-in docs: AGENTS.md, CLAUDE.md, runbooksgenerated memory
User preferencesproduct/user memory with controlsrepo memory
Current task continuitycompaction/session summarieslong-term memory
Current codebase factscited repo facts or regenerated docsuncited semantic notes
Long-lived research contexthybrid search or graph memoryone prompt-loaded file
Cross-tool recallexternal provider/MCP with scopescopied local folders
Enterprise audit/isolationmanaged memory with namespaces/versions/delete APIsinformal files
Relationship/time-heavy factstemporal graphplain chunks
rules in repo docs
small summary in prompt
details retrieved on demand
sources attached to claims
writes scoped by identity/project
delete path tested

11

Checklist

  1. What memory types exist?
  2. Which events can create memory?
  3. Which writes require approval?
  4. What is always injected vs retrieved on demand?
  5. What is the source of authority?
  6. How are stale memories detected?
  7. How are contradictions represented?
  8. What is the delete path?
  9. What eval proves memory improves action?
  10. How can the operator inspect what loaded this turn?
  11. Do writes affect the current prompt or the next snapshot?
  12. Are memories scanned for prompt-injection/exfiltration before becoming prompt text?

If these answers are vague, the system has retrieval, not memory architecture.

12

References

Local pasted research notes were used during drafting: mem0 State of Memory in Agent Harness; Troy Hua Claude Code memory-source analysis; mem0 Codex CLI memory-source analysis; mem0 Hermes memory source/vendor notes.

  1. GBrain repo
  2. GBrain llms.txt
  3. GBrain install guide for agents
  4. GBrain retrieval architecture
  5. GBrain deployment topologies
  6. Claude Code memory docs
  7. Anthropic Managed Agents memory docs
  8. Anthropic Managed Agents Dreams
  9. Codex memories
  10. Codex AGENTS.md
  11. Codex memories README
  12. Codex memory read path prompt
  13. Codex memory prompt builder
  14. Codex config schema
  15. Mem0: OpenClaw Memory Management
  16. OpenClaw memory overview
  17. OpenClaw compaction docs
  18. OpenClaw context docs
  19. OpenClaw memory config reference
  20. Mem0 OpenClaw integration docs
  21. Mem0 Codex integration docs
  22. Mem0 v3 add memories
  23. Mem0 v2 to v3 migration
  24. Mem0 research
  25. OpenAI Memory FAQ
  26. OpenAI context personalization cookbook
  27. OpenAI compaction guide
  28. GitHub Copilot Memory
  29. Gemini Apps saved info
  30. AWS AgentCore FAQ
  31. AWS AgentCore Memory deep dive
  32. AWS AgentCore built-in memory strategies
  33. AWS AgentCore harness memory
  34. AWS AgentCore memory organization
  35. AWS AgentCore save/retrieve insights
  36. AWS AgentCore redrive failed ingestions
  37. Devin Knowledge
  38. Devin DeepWiki
  39. Hermes Agent persistent memory
  40. Vectorize: How Hermes Agent Memory Actually Works
  41. Hermes memory docs
  42. Hermes memory providers docs
  43. Hermes skills docs
  44. Hermes memory provider interface
  45. Hermes memory manager
  46. Mem0 Hermes integration docs
  47. GBrain evals
  48. MemGPT
  49. Letta archival memory
  50. Letta context hierarchy
  51. LangChain Deep Agents memory
  52. Zep temporal knowledge graph paper
  53. Memory for Autonomous LLM Agents
  54. Contextual Agentic Memory is a Memo, Not True Memory
  55. MemoryArena
  56. Anatomy of Agentic Memory
  57. Stompy coding-agent memory benchmark