The Problem: Stored Knowledge Goes Wrong
Memory tools store and retrieve. That's useful, but it ignores a fundamental problem: stored knowledge becomes wrong over time.
- Code changes after a report is written
- Schemas change after an analysis is captured
- Assumptions change after a decision is recorded
- A report was derived from a transient state that no longer exists
Most systems address this with recency decay — older notes rank lower. But recency is too blunt. A note from six months ago that references stable infrastructure is more reliable than a note from yesterday that references a file you just refactored.
What matters is not when a note was written, but what it depended on and whether those dependencies changed.
The Solution: Three Pillars of Memory Integrity
SAME tracks the relationship between your stored knowledge and the source material it was derived from. When sources change, SAME tells you which notes are affected and adjusts retrieval accordingly.
Provenance Tracking
Every note can record its source files with SHA256 hashes at capture time.
save_noteMCP tool accepts asourcesparameter- Graph extraction auto-discovers file references
- Hashes are computed at capture time, creating a snapshot of the source state
- You always know: "this note was derived from
auth.goat commitabc123"
Trust State
Every note carries a trust state that reflects the integrity of its source material.
| State | Meaning |
|---|---|
| validated | Source files haven't changed since capture |
| stale | One or more source files have changed (hash mismatch) |
| contradicted | Conflicting information detected |
| unknown | No provenance data available |
Run same health to see trust distribution across your vault: "18 validated · 2 stale · 3 unknown"
Source Divergence Detection
SAME compares stored hashes against current files on disk. When a source file changes:
- The note's trust state moves to stale
same healthlists which specific files changed and when- Trust-aware retrieval ranks the note lower in search results
- Context injection flags the note so your AI knows it may be outdated
Trust-Aware Retrieval
Search results factor in trust state. Notes with compromised provenance are automatically ranked lower, so your AI prioritizes trustworthy knowledge without any manual curation.
Stale context doesn't poison decisions. The system self-corrects without human intervention.
In Practice
Two notes are flagged. Their source files changed after the notes were captured. You can review them, revalidate if they're still accurate, or let trust-aware retrieval handle it automatically — stale notes rank lower until the situation is resolved.
Why This Matters
An AI making decisions based on stale knowledge is worse than an AI with no knowledge. Wrong context is more dangerous than missing context.
- Staleness is inevitable. As vaults grow across dozens of sessions, some notes will reference files that have changed. You need a system that detects this automatically.
- Provenance creates an evidence chain. Every piece of knowledge traces back to its source files. You can audit why your AI believes what it believes.
- Trust-aware retrieval self-corrects. The system adjusts without human intervention. Stale notes rank lower. Validated notes rank higher. Your AI naturally gravitates toward trustworthy information.
- Recency alone isn't enough. A six-month-old note about stable infrastructure is more reliable than yesterday's note about a file you just refactored. Trust state captures this distinction; timestamps cannot.
Industry Validation: OWASP ASI06
Memory Poisoning Is Now a Recognized Security Risk
This isn't just our opinion. In its Top 10 for Agentic Applications, OWASP designated ASI06 — Memory & Context Poisoning as a critical security risk for AI agents. Memory poisoning — where stale, manipulated, or untrusted context corrupts agent decisions — is now a formally recognized attack vector.
OWASP recommends provenance tracking, memory integrity validation, and trust-aware retrieval as defenses. SAME implements exactly this:
- Cryptographic hashes on sources — SHA256 snapshots at capture time detect when source material changes
- Trust state tracking — every note carries a trust state (validated, stale, contradicted, unknown) that reflects the integrity of its provenance
- Staleness detection — source divergence is detected automatically when files change on disk
- Trust-aware retrieval — stale and contradicted notes are ranked lower, preventing poisoned context from reaching your AI
Memory poisoning is especially dangerous because the injection and the damage are temporally decoupled — a corrupted memory can influence decisions days or weeks later, long after the attacker is gone. The only defense is knowing where your knowledge came from and whether it's still valid. That's what SAME does.
Roadmap
Memory integrity is a layered problem. We're building it incrementally and being transparent about what exists today versus what's planned.
Provenance capture via save_note sources parameter. Trust state tracking (validated, stale, contradicted, unknown). Health scoring with same health. Trust-aware retrieval with rank penalties. Source divergence detection via SHA256 hash comparison. same stale command, search filters (--trust, --type, --tag), typed contradiction detection, and interactive graph visualization.
Revalidation workflows. Contradiction detection. Provenance queries ("show me everything derived from this file").
Transitive invalidation (if note A depends on note B, and B goes stale, A is affected too). Automatic revalidation triggers.
This is phase 1. The foundation is in place — provenance capture, trust state, health scoring, trust-aware retrieval, stale detection, typed contradiction detection, provenance trust boundaries, and Claude Code memory import with provenance all work today in v0.12.5. Plus 28 credential detection patterns and MCP error sanitization. The more ambitious features (transitive invalidation, automatic revalidation) are planned but not yet built. We'd rather ship a solid foundation than overpromise.
Try It
Memory integrity ships with SAME. Install it and run same health to see the trust state of your vault.