Memory Firewall

Memory Firewall lets Aionis govern memory from any backend before it reaches the Agent prompt.


retrieval backend -> Aionis admission gate -> safe Agent context

This is the product surface for teams that already use Mem0, Zep, Pinecone, markdown notes, or a custom recall service. You do not have to migrate storage first. Aionis can sit in front of the memory you already retrieve.

Memory Firewall is an adoption surface for existing retrieval backends. The core Runtime surface is Execution Memory: Aionis records execution evidence, adjudicates active state, isolates failed branches, and compiles the next Agent context. Firewall applies the same admission model to memory candidates that come from outside Aionis.

What It Solves

Retrieval systems are good at finding related text. Memory Firewall adds the state judgment that decides whether that text is safe to act on.

Memory Firewall adds an admission step:

Problem	Aionis behavior
A retrieved memory describes a failed branch	Route to `do_not_use` or `inspect_before_use`.
A memory is relevant but old	Mark stale or require inspection.
A memory needs raw evidence	Return `rehydrate` instead of direct prompt authority.
A memory is trusted and current	Admit to `use_now`.
The host needs auditability	Return admission records and a receipt.

SDK Path With Mem0-style Results


import {
  agentPromptFromGuide,
  createAionisClient,
} from "@aionis/sdk";
 
const aionis = createAionisClient({
  baseUrl: "http://127.0.0.1:3001",
  scope: "checkout-migration",
});
 
const mem0Results = await mem0.search("Continue the checkout migration");
 
const governed = await aionis.governMem0SearchResults({
  query_text: "Continue the checkout migration without repeating failed branches.",
  mem0_results: mem0Results,
  mode: "firewall",
  context_mode: "compact_agent",
  include_records: true,
});
 
await agent.run(agentPromptFromGuide(governed));

The helper maps common Mem0 result fields into Aionis external candidates. If your backend has a different shape, use governMemory directly.

Generic External Candidates


const governed = await aionis.governMemory({
  query_text: "What should the Agent do next?",
  mode: "firewall",
  context_mode: "compact_agent",
  candidates: [
    {
      external_memory_id: "vec_001",
      source_backend: "custom-vector-db",
      text: "The legacy adapter path failed verifier review.",
      metadata: {
        target_files: ["src/checkout/legacyAdapter.ts"],
      },
      authority: {
        source_trust: "known",
        scope: "project",
        evidence_requirement: "inspect_before_use",
      },
      lifecycle_hint: "failed",
      evidence_refs: ["vector://agent-history/vec_001"],
    },
  ],
});

Aionis treats external candidates as read-only by default. They are governed for prompt use while Runtime memory remains under explicit observe/write paths.

Output Surfaces

Surface	Used for
`agent_context.prompt_text`	The bounded text you give to the Agent.
`memory_admission_record`	Per-candidate admission action and reason.
`memory_firewall_summary`	High-level count of allowed, blocked, inspect, and rehydrate decisions.
`memory_use_receipt`	Compact explanation of what entered the prompt and why.

Where It Fits

Memory Firewall sits after retrieval and before Agent context compilation. Use your existing store for candidate retrieval; use Aionis for lifecycle, authority, trust, rehydrate, and direct-use admission.

Its job is to make the memory contract explicit and auditable so misuse can be measured and fixed.

Run It Locally

Run the quickstart:


npm run -s runtime:quickstart:memory-firewall

Run the A/B demo:


npm run -s runtime:e2e:memory-firewall-ab

The A/B demo is intentionally small. It demonstrates the product contract: unsafe external candidates are routed away from direct-use Agent instructions.

Guides: