Trust and security

Memory you can audit.

Black-box memory asks you to trust that it stored the right thing and will surface it for the right reason. Remnic makes that inspectable: the files are plain markdown you can read, new memories are quarantined before they earn recall, every recall can explain itself, and corrections stick. Trust here is a set of mechanisms, not a promise.

Plain-markdown storage

Remnic writes memories as markdown with YAML frontmatter to a directory on your own disk. You can cat, grep, version, or delete them with ordinary tools. The search index is derived and rebuildable, so the files are the source of truth, not a proprietary database. No telemetry, MIT licensed.

Trust zones

New memories do not go straight into recall. They move through a three-tier provenance model: quarantine → working → trusted. A memory promotes based on provenance and corroboration, so an unverified claim cannot masquerade as an established fact. Recall weighting and optional hard filtering follow the tier, so a quarantined memory earns its place before it influences an answer.

Recall X-ray

Every recall can emit a single snapshot that shows why each memory appeared: the tier that served it (servedBy), a filter trace with considered and admitted counts per gate, the score decomposition, and a link back to the durable audit entry. Capture is opt-in and adds no retrieval cost. The full breakdown lives on the Recall X-ray page.

Correction contract and review queue

When a memory is wrong, you correct it and the correction sticks: the superseded belief is recorded, not silently overwritten, and the replacement carries provenance. The governance review queue lets an operator confirm, reject, or archive candidates, so what enters the trusted zone is a decision you can see and reverse.

At-rest encryption (opt-in)

Set secureStoreEnabled: true and Remnic encrypts memory files with AES-256-GCM, deriving the key from a passphrase with Argon2id. Enable it when the machine holding your memory is not fully trusted: a laptop that can be lost, or backups that leave your control. Passphrase loss means data loss; there is no recovery path, so back up before you migrate.

Honest caveat. The QMD search index is not encrypted by this module. Content is recoverable from the index even when the memory files themselves are ciphertext. Encryption also does not protect a running daemon whose key is loaded in memory: once the store is open, any process that can reach the daemon can read plaintext. Treat at-rest encryption as protection against a stolen disk or leaked backup, not as a guarantee about a live process.

Capsules with checksums

Capsules are portable, versioned archives of a memory directory. The manifest records a SHA-256 checksum for every file, so an import is tamper-evident: a modified archive does not match its manifest. Capsules can be encrypted with the same secure-store key for transfer between machines.

Posture

No telemetry, no phone-home, MIT licensed. For the adversarial view, read the read-surface threat model. For the data-handling stance, read the privacy page.