MemGuard
An AI agent memory validation platform that continuously verifies whether facts stored in agent memory are still true - guarding writes and re-validating stored knowledge instead of trusting it forever.
View source on GitHubKey takeaways
- 01
Validate memory at write time AND re-verify on a schedule
- 02
Stale 'facts' are a memory-poisoning vector, not just a quality issue
- 03
Treat memory writes like untrusted user input
Flows built on this research
Memory & Context
Memory Write Policies
Decide what gets remembered: write gates, provenance, confidence, and validation - because memory quality is set at write time.
4 steps · 60-90 minutes
Agent QA & Security
Guard Memory Writes Against Injection
Stop poisoned data from becoming persistent agent beliefs: validate, attribute, and quarantine memory writes as untrusted input.
4 steps · 90-120 minutes
Agent QA & Security
Prompt Injection Defense Checklist
Systematically defend your agent against prompt injection: trust boundaries, content isolation, and defense-in-depth that assumes injection will happen.
4 steps · 90-150 minutes
From the archive
Verbatim excerpts mined from our local archive of this repository — the prompts, schemas, and patterns worth stealing.
The semantic-drift validation prompt
You are a memory validation system. Determine whether a stored memory is likely still accurate given recent context.
STORED MEMORY (recorded {days_ago} days ago):
{memory_content}
RECENT AGENT CONTEXT (last {n_sessions} sessions):
{recent_context_summary}
Assess:
1. Does any recent context directly contradict this memory? (yes/no)
2. Does recent context suggest circumstances have changed enough that this memory may be outdated? (yes/no)
3. Confidence that this memory is STILL ACCURATE (0.0 to 1.0)
4. Brief reasoning (1-2 sentences)
Respond in JSON: {"contradicted": bool, "likely_stale": bool, "confidence": float, "reasoning": str} A production prompt for detecting stale agent memories - it separates direct contradiction from circumstantial drift, and demands a calibrated confidence.
src/engine/prompts.py
validate_memory: check trust before acting on a fact
Tool(
name="validate_memory",
description=(
"Check if a specific memory is still accurate before acting on it. "
"Returns trust score and validation status. Call this before making "
"decisions based on stored facts that might be outdated."
),
inputSchema={ "memory_id": ..., "strategy": {
"enum": ["source_linked", "semantic", "quick"], "default": "quick" } }
) The 'Datadog for agent memory' idea as an MCP tool: three validation strategies, from a cheap trust-score check to re-fetching the original source.
src/mcp/server.py
Memory records carry trust scores, not just content
class MemoryRecord(BaseModel):
content: Mapped[str]
fact_type: Mapped[str | None]
retrieval_count: Mapped[int] = 0
last_retrieved_at: Mapped[datetime | None]
trust_score: Mapped[float] = 1.0
status: Mapped[str] = "active"
last_validated_at: Mapped[datetime | None]
validation_count: Mapped[int] = 0
Core insight from the README: "Memory systems decay facts by access frequency or TTL timers. But a frequently-retrieved memory about a user's employer is highly relevant until it's wrong." The schema argument against TTL-based decay: relevance and truth are different axes, so every fact gets a trust score that validation - not time - moves.
src/models/memory_record.py