The trust problem in AI memory

Relevant memory is not always trustworthy memory.

OpenClawBrain's Memory Authority layer decides whether a remembered thing still deserves to guide the agent right now. A memory can match your request and still be stale, superseded, private, too broad, tombstoned, or overridden by what you just asked for.

That is the core difference from generic memory: OpenClawBrain does not blindly obey the past. It can use memory, weaken it, verify it, ask about it, keep it in audit only, or refuse to use it.

Install 0.2.33 Read the design note

inject weak_context verify_before_use confirm_before_use abstain audit_only never_use

The new contract

old runtime:
  relevant + high score => inject

new runtime:
  relevant + authorized + current + applicable + safe + non-superseded
    => inject, weakly adapt, verify, confirm, abstain, audit-only, or never use

Retrieval is allowed to over-include. Authority resolution is deliberately stricter.

Orthogonal memory state

OpenClawBrain does not collapse memory state into one overloaded enum. It computes authority from independent axes.

Retention

stored, redacted, soft_deleted, tombstoned, hard_deleted

Behavior

injectable, confirm_before_use, explicit_request_only, never_use

Time

current, stale, expired, unknown

Privacy

normal, sensitive, recall_only, do_not_restore, do_not_reveal_proactively

Validation

user_confirm, environment_check, tool_success, document_check, never_proactive

Graph

superseded, contradicted, reinforced, extended, audit-only lineage

Decision matrix

High authority, low risk

Inject normally. Example: a current repo-scoped correction that matches this repo.

High authority, high risk

Verify or confirm before acting. Example: a deployment workflow or sensitive recall rule.

Medium authority, material effect

Ask, verify, or include as explicitly non-authoritative context.

Low authority, high risk

Abstain. Keep the memory visible only in audit surfaces.

Concrete examples

Retrieved memory	Current turn	Authority decision
Use pnpm in this repo.	Same repo, lockfile still shows pnpm.	`verify_before_use`, then use after environment check.
User prefers concise answers.	User asks for deep critique.	`abstain`. The current instruction wins.
Old npm workflow.	New user correction says pnpm.	Create new revision, supersede old memory, keep audit lineage.
Codeword recall rule.	User says do not store it anymore.	Tombstone and redact so it is not recaptured later.

What changed by 0.2.33

Resolver

MemoryAuthorityResolver sits between search and context selection.

Schema

memory_validity and memory_authority_events make authority inspectable.

Lineage

Same-key changed values create supersession lineage instead of overwriting history.

Forgetting

Sensitive forget requests create tombstones that block quiet recapture.

Graph maintenance

The 0.2.33 release adds dry-run graph health proposals, duplicate cleanup, stale-memory review, safer edge retirement, and tombstone-aware recapture checks.

Read graph maintenance

Proof surfaces

The runtime now records not only which memories matched, but why relevant memories were used, weakened, verified, confirmed, suppressed, tombstoned, superseded, or withheld.

# Authenticated OpenClaw routes
/plugins/openclawbrain/graph?limit=50
/plugins/openclawbrain/graph/health
/plugins/openclawbrain/graph/dry-run
/plugins/openclawbrain/explain-last
/plugins/openclawbrain/proof?limit=20