Skip to content

memory_fences_and_state_keys.md

Latest commit

 

History

History
135 lines (101 loc) · 6.8 KB

memory_fences_and_state_keys.md

File metadata and controls

135 lines (101 loc) · 6.8 KB

Memory Fences & State Keys — Guardrails and Fix Patterns

🧭 Quick Return to Map

You are in a sub-page of Safety_PromptIntegrity.
To reorient, go back here:

Think of this page as a desk within a ward.
If you need the full triage and all prescriptions, return to the Emergency Room lobby.

Structural guardrails that prevent context bleed and cross-session injection.
This page defines how to enforce hard boundaries between prompts, ensuring system memory cannot be hijacked or silently rewritten.

When to open this page

  • Model begins recalling text from previous unrelated sessions.
  • Jailbreak attempts work only after long multi-turn dialogs.
  • Role confusion persists despite schema locks.
  • Adversarial input shifts policy, state, or history across turns.
  • ΔS spikes after memory transfer, despite stable retrieval.

Open these first

Core acceptance

  • No cross-session data unless whitelisted.
  • Each conversation has a unique state_key.
  • ΔS(question, retrieved) ≤ 0.45 across turns.
  • λ stays convergent for three paraphrases under replay.
  • Memory fences block unauthorized carry-over.

Fix in 60 seconds

  1. Assign a state key

    • Compute: state_key = sha256(session_id + system_rev + policy_hash)
    • Attach to all memory writes.

  2. Fence boundaries

    • Before each turn, validate:
      • incoming.state_key == current.state_key
      • If mismatch → reject or reset.

  3. Immutable system text

    • Mark non-task policy as system_only.
    • Forbid user overrides.

  4. Replay probes

    • Inject controlled paraphrases.
    • If ΔS or λ diverge, memory bleed suspected.

  5. Audit log

    • Store ΔS, λ, state_key, and mem_rev per step.
    • Flag anomalies for review.

Common failure vectors → fix

Vector Symptom Fix
Cross-session carryover Answer mentions text from unrelated chat Reject mismatched state_key, enforce reset
Hidden injection persists User payload continues beyond reset Hash all system policy, invalidate old keys
Role drift with memory echo Replies prepend “system:” from earlier Apply role_confusion.md fences
Version skew New deploy reuses old cache Salt state_key with system_rev
Chain-of-thought bleed Internal notes leak into answers Enforce data-contracts.md schema

Probe prompt

System memory test active.  
Session ID: {sid}, Policy Hash: {p_hash}.  

Tasks:
1. Compute state_key and compare against current session.
2. If mismatch, reset memory fences and refuse carryover.
3. Re-ask with paraphrased queries; compute ΔS and λ.
4. Report whether context bleed is detected.
5. Return minimal fix reference (role_confusion, prompt_injection, etc).

🔗 Quick-Start Downloads (60 sec)

Tool Link 3-Step Setup
WFGY 1.0 PDF Engine Paper 1️⃣ Download · 2️⃣ Upload to your LLM · 3️⃣ Ask “Answer using WFGY + <your question>”
TXT OS (plain-text OS) TXTOS.txt 1️⃣ Download · 2️⃣ Paste into any LLM chat · 3️⃣ Type “hello world” — OS boots instantly

Explore More

Layer Page What it’s for
⭐ Proof WFGY Recognition Map External citations, integrations, and ecosystem proof
⚙️ Engine WFGY 1.0 Original PDF tension engine and early logic sketch (legacy reference)
⚙️ Engine WFGY 2.0 Production tension kernel for RAG and agent systems
⚙️ Engine WFGY 3.0 TXT based Singularity tension engine (131 S class set)
🗺️ Map Problem Map 1.0 Flagship 16 problem RAG failure taxonomy and fix map
🗺️ Map Problem Map 2.0 Global Debug Card for RAG and agent pipeline diagnosis
🗺️ Map Problem Map 3.0 Global AI troubleshooting atlas and failure pattern map
🧰 App TXT OS .txt semantic OS with fast bootstrap
🧰 App Blah Blah Blah Abstract and paradox Q&A built on TXT OS
🧰 App Blur Blur Blur Text to image generation with semantic control
🏡 Onboarding Starter Village Guided entry point for new users

If this repository helped, starring it improves discovery so more builders can find the docs and tools.
GitHub Repo stars