Problem
No way to mark memories as:
- Private (don't include in shared contexts)
- Sensitive (require human approval before loading)
- Excluded from recall (manual-access-only)
- Redacted fields (API keys, passwords)
All memory entries are treated equally regardless of content sensitivity.
Proposal (from AIGNE paper analysis)
Extend memory schema with access metadata:
{
"id": "m_sensitive_data",
"summary": "Production API keys",
"tags": ["credentials", "prod"],
"access": {
"visibility": "private",
"exclude_from": ["recall"],
"require_human_approval": true,
"redact_fields": ["api_key", "password"]
}
}Enforce in:
- Search: skip entries with
exclude_from: ["recall"]
- Display: redact sensitive fields unless approved
- Recall: prompt for confirmation before loading
require_human_approval entries
Implementation
- Add
access JSON field to memory schema
- Update search logic to respect
exclude_from
- Add redaction logic to
memory_extract
- CLI:
rlm memory set-access <entry_id> --visibility private
- User prompts for approval when needed
Impact
- Security (prevent accidental leakage)
- Privacy (GDPR/HIPAA compliance)
- Trust (explicit control over sensitive data)
- Multi-user support (team vs private memories)
Effort
2-3 days
Related
- Access control/governance from 'Everything is Context' paper
- Metadata-driven permissions
Problem
No way to mark memories as:
All memory entries are treated equally regardless of content sensitivity.
Proposal (from AIGNE paper analysis)
Extend memory schema with
accessmetadata:{ "id": "m_sensitive_data", "summary": "Production API keys", "tags": ["credentials", "prod"], "access": { "visibility": "private", "exclude_from": ["recall"], "require_human_approval": true, "redact_fields": ["api_key", "password"] } }Enforce in:
exclude_from: ["recall"]require_human_approvalentriesImplementation
accessJSON field to memory schemaexclude_frommemory_extractrlm memory set-access <entry_id> --visibility privateImpact
Effort
2-3 days
Related