Memory Firewall
Memory Firewall lets Aionis govern memory from any backend before it reaches the Agent prompt.
retrieval backend -> Aionis admission gate -> safe Agent contextThis is the product surface for teams that already use Mem0, Zep, Pinecone, markdown notes, or a custom recall service. You do not have to migrate storage first. Aionis can sit in front of the memory you already retrieve.
Memory Firewall is an adoption surface, not the whole Aionis memory system. The core Runtime surface is Execution Memory: Aionis records execution evidence, adjudicates active state, isolates failed branches, and compiles the next Agent context. Firewall applies the same admission model to memory candidates that come from outside Aionis.
What It Solves
Retrieval systems are good at finding related text. They usually do not know whether that text is safe to act on.
Memory Firewall adds an admission step:
| Problem | Aionis behavior |
|---|---|
| A retrieved memory describes a failed branch | Route to do_not_use or inspect_before_use. |
| A memory is relevant but old | Mark stale or require inspection. |
| A memory needs raw evidence | Return rehydrate, not direct prompt authority. |
| A memory is trusted and current | Admit to use_now. |
| The host needs auditability | Return admission records and a receipt. |
SDK Path With Mem0-style Results
import {
agentPromptFromGuide,
createAionisClient,
} from "@aionis/sdk";
const aionis = createAionisClient({
baseUrl: "http://127.0.0.1:3001",
scope: "checkout-migration",
});
const mem0Results = await mem0.search("Continue the checkout migration");
const governed = await aionis.governMem0SearchResults({
query_text: "Continue the checkout migration without repeating failed branches.",
mem0_results: mem0Results,
mode: "firewall",
context_mode: "compact_agent",
include_records: true,
});
await agent.run(agentPromptFromGuide(governed));The helper maps common Mem0 result fields into Aionis external candidates. If
your backend has a different shape, use governMemory directly.
Generic External Candidates
const governed = await aionis.governMemory({
query_text: "What should the Agent do next?",
mode: "firewall",
context_mode: "compact_agent",
candidates: [
{
external_memory_id: "vec_001",
source_backend: "custom-vector-db",
text: "The legacy adapter path failed verifier review.",
metadata: {
target_files: ["src/checkout/legacyAdapter.ts"],
},
authority: {
source_trust: "known",
scope: "project",
evidence_requirement: "inspect_before_use",
},
lifecycle_hint: "failed",
evidence_refs: ["vector://agent-history/vec_001"],
},
],
});Aionis treats external candidates as read-only by default. They are governed for prompt use, not silently imported into Runtime memory.
Output Surfaces
| Surface | Used for |
|---|---|
agent_context.prompt_text | The bounded text you give to the Agent. |
memory_admission_record | Per-candidate admission action and reason. |
memory_firewall_summary | High-level count of allowed, blocked, inspect, and rehydrate decisions. |
memory_use_receipt | Compact explanation of what entered the prompt and why. |
What Memory Firewall Does Not Do
Memory Firewall is not a vector database, background crawler, or replacement for your retrieval backend. It is also not a replacement for Aionis Execution Memory. It is the governance layer after retrieval and before Agent context compilation.
It also does not guarantee the Agent will obey the prompt. Its job is to make the memory contract explicit and auditable so misuse can be measured and fixed.
Run It Locally
Run the quickstart:
npm run -s runtime:quickstart:memory-firewallRun the A/B demo:
npm run -s runtime:e2e:memory-firewall-abThe A/B demo is intentionally small. It demonstrates the product contract: unsafe external candidates should not become direct-use Agent instructions.
Guides: