Memory you can audit.
Black-box memory asks you to trust that it stored the right thing and will surface it for the right reason. Remnic makes that inspectable: the files are plain markdown you can read, new memories are quarantined before they earn recall, every recall can explain itself, and corrections stick. Trust here is a set of mechanisms, not a promise.
Plain-markdown storage
Remnic writes memories as markdown with YAML frontmatter to a
directory on your own disk. You can cat, grep,
version, or delete them with ordinary tools. The search index is
derived and rebuildable, so the files are the source of truth, not a
proprietary database. No telemetry, MIT licensed.
Trust zones
New memories do not go straight into recall. They move through a three-tier provenance model: quarantine → working → trusted. A memory promotes based on provenance and corroboration, so an unverified claim cannot masquerade as an established fact. Recall weighting and optional hard filtering follow the tier, so a quarantined memory earns its place before it influences an answer.
Recall X-ray
Every recall can emit a single snapshot that shows why each memory
appeared: the tier that served it (servedBy), a filter
trace with considered and admitted counts per gate, the score
decomposition, and a link back to the durable audit entry. Capture
is opt-in and adds no retrieval cost. The full breakdown lives on
the Recall X-ray page.
Correction contract and review queue
When a memory is wrong, you correct it and the correction sticks: the superseded belief is recorded, not silently overwritten, and the replacement carries provenance. The governance review queue lets an operator confirm, reject, or archive candidates, so what enters the trusted zone is a decision you can see and reverse.
At-rest encryption (opt-in)
Set secureStoreEnabled: true and Remnic encrypts
memory files with AES-256-GCM, deriving the key from a passphrase
with Argon2id. Enable it when the machine holding your memory is not
fully trusted: a laptop that can be lost, or backups that leave your
control. Passphrase loss means data loss; there is no recovery path,
so back up before you migrate.
Capsules with checksums
Capsules are portable, versioned archives of a memory directory. The manifest records a SHA-256 checksum for every file, so an import is tamper-evident: a modified archive does not match its manifest. Capsules can be encrypted with the same secure-store key for transfer between machines.
Posture
No telemetry, no phone-home, MIT licensed. For the adversarial view, read the read-surface threat model. For the data-handling stance, read the privacy page.