4.10 Memory safety
4.10 Memory safety
hygiene (staleness, contradiction, decay), access control (PII safety, tenant scoping), write-path validation (adversarial-write protection), and retention discipline over the memory substrate (`PL3-memory-substrate`)
Levels
Level 0
No hygiene, no access controls, no write-path validation, no retention discipline; memory may leak PII, cross tenants, persist adversarial content from feedback-loop writes, or accumulate past commitments
Level 1
Manual cleanup occasionally; application-layer scoping only; no write-path validation; retention ad hoc
Level 2
Stale items flagged with ownership routing; tenant-scoped retrieval; PII-safe memory contents enforced at substrate layer; write-path sanitization applied at ingestion using the same policy as `PL4-prompt-injection-defence`. Retention discipline: the primary disposal trigger is relevance decay — items lose their place in memory when they stop being useful for retrieval. Where the project carries time-bound commitments (customer contracts, privacy obligations, regulated data), those define floors and ceilings that operate as backstops: items are retained at least until their floor, disposed no later than their ceiling, with relevance decay as the default trigger in between. The retention policy (relevance definition, time-bound backstops, override events) is documented and testable; disposal events are logged
Level 3
Hygiene runs continuously; contradiction rate measured; memory corpus self-prunes; cross-tenant leak attempts auto-flagged; scope rules evolve with new data classes; write-path evasion tracked and policy auto-updates; retention policy auto-tunes from observed retrieval patterns (relevance thresholds calibrate; backstops update as commitments change)