惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Troy Hunt's Blog
P
Proofpoint News Feed
V
Vulnerabilities – Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
K
Kaspersky official blog
Cyberwarzone
Cyberwarzone
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
L
Lohrmann on Cybersecurity
Security Latest
Security Latest
T
Threatpost
H
Heimdal Security Blog
W
WeLiveSecurity
A
Arctic Wolf
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
IT之家
IT之家
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
TaoSecurity Blog
TaoSecurity Blog
A
About on SuperTechFans
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
N
News and Events Feed by Topic
Hacker News - Newest:
Hacker News - Newest: "LLM"
Last Week in AI
Last Week in AI
T
The Blog of Author Tim Ferriss
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Microsoft Azure Blog
Microsoft Azure Blog
Hugging Face - Blog
Hugging Face - Blog
Google DeepMind News
Google DeepMind News
量子位
Stack Overflow Blog
Stack Overflow Blog
Know Your Adversary
Know Your Adversary
B
Blog RSS Feed
阮一峰的网络日志
阮一峰的网络日志
WordPress大学
WordPress大学
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
AI
AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 司徒正美
Apple Machine Learning Research
Apple Machine Learning Research
GbyAI
GbyAI
Vercel News
Vercel News
C
Cyber Attacks, Cyber Crime and Cyber Security
Latest news
Latest news
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
Forbes - Security
Forbes - Security

Hacker News - Newest: "LLM"

GitHub - lechmazur/position_bias: A benchmark for testing whether LLM judges keep the same preference when two lightly edited versions of the same story are shown in opposite orders. Flex routing (EU and EFTA) Dark Factories: Retooling for LLM Velocity Ask HN: What would be the impact of a LLM output injection attack? GitHub - AronDaron/dataset-generator: No-code desktop app for generating high-quality synthetic datasets to fine-tune LLMs — plan-then-execute pipeline, LLM-as-judge, HuggingFace upload. GitHub - Oaklight/llm-rosetta: Production-ready LLM API translation layer for Python — bidirectional conversion between OpenAI, Anthropic & Google formats via hub-and-spoke IR. Optional API gateway. Streaming & non-streaming. Zero core deps. Contributions welcome! GitHub - browser-use/browser-harness: Self-healing browser harness that enables LLMs to complete any task. GitHub - moeen-mahmud/remen: Remen turns thoughts into something you can return to Analyzing 156 LLM Launch Posts on Hacker News ChatGPT vs Gemini vs Claude: The Best LLM Subscription You Should Buy GitHub - salaamalykum/quran-semantic-search: High-density RAG Semantic Search Engine & Quran Corpus (GEO/SEO Architecture) GitHub - NVIDIA/TensorRT-LLM: TensorRT LLM provides users with an easy-to-use Python API to define Large Language Models (LLMs) and supports state-of-the-art optimizations to perform inference efficiently on NVIDIA GPUs. TensorRT LLM also contains components to create Python and C++ runtimes that orchestrate the inference execution in a performant way. The State of LLM Bug Bounties in 2026 Operational Readiness Criteria for Tool-Using LLM Agents Meshcore: Architecture for a Decentralized P2P LLM Inference Network How an LLM becomes more coherent as we train it GitHub - seetrex-ai/laimark GitHub - Jossifresben/BibCrit: AI-assited biblical textual criticism GitHub - wastedcode/memex: File system based wiki, maintained by Claude 99helpers.com GitHub - cliver-project/AITrigram GitHub - unbody-io/adapt: A self-evolving memory layer for AI agents. GitHub - hb20007/awesome-gen-ai-fails: A list of incidents where reliance on generative AI and LLMs resulted in harm to companies, individuals, or society GitHub - nevenkordic/localmind: Run any local LLM with persistent memory and context. CLI agent over Ollama with SQLite-backed hybrid recall. No cloud. Ask HN: What are the machine requirements for a LLM like Llama-3.1-8B? Faster LLM Inference via Sequential Monte Carlo grpo explained: group relative policy optimization for llm finetuning - cgft Stop comparing price per million tokens: the hidden LLM API costs · TensorZero Andrej Karpathy's LLM Wiki Is a Bad Idea GitHub - GG-QandV/mnemostroma: Offline RAM-first cognitive leer/coprocessor for AI agents and robotics. Solves "Context Abandonment" with 20-80ms latency using a dual-thread biomimetic memory architecture (ONNX + SQLite WAL). mempalace/agent at agent · skorotkiewicz/mempalace GitHub - Nyquest-ai/nyquest-rust-fullstack-pub: Nyquest — Semantic Compression Proxy for LLMs. 350+ rules, local LLM stage, 15-75% token savings. Full Rust stack. GitHub - TheoV823/mneme: Enforce architectural decisions in AI-assisted development. GitHub - klemenvod/TokenBrawl: A 1v1 Bomberman-style game where two LLM agents play autonomously against each other. No human plays — you watch the AIs fight. Each agent receives a text description of the board state, reasons about it, and outputs a move as JSON. The game engine executes it. Introducing the Common AI Provider: LLM and AI Agent Support for Apache Airflow Power Circuit AI: Designing Power Electronic Circuits for Motor Drives with Generative Artificial Intelligence Ask HN: How to program with IDE and LLM on CPU locally? Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Bonsai 1-bit WebGPU - a Hugging Face Space by webml-community The LLM Fallacy: Misattribution in AI-Assisted Cognitive Workflows Ask HN: Simple tooling for local LLM code critique without IDE integration? Can a General LLM Diagnose a DICOM Slice? A 10-Case Public Benchmark Charts-of-Thought: Enhancing LLM Visualization Literacy (PDF, 2026) GitHub - Mesh-LLM/mesh-llm: Distributed AI/LLM for the people. Share compute privately or publicly to power your agents and chat. GitHub - seamus-brady/springdrift: A persistent runtime for long-lived LLM agents Writing an LLM from scratch, part 32k -- Interventions: training a better model locally with gradient accumulation Ask HN: Which LLM model and agentic CLI are you using for local development? GitHub - wayneColt/modelcascade: Route local. Escalate smart. Never overspend. Open-source multi-model cascade routing for autonomous agents. LLM pricing is 100x harder than you think GitHub - asakin/llm-primer: Pre-warmed Claude Code sessions in tmux. No startup wait. GitHub - EggerMarc/chat-rs: A multi-provider LLM framework for Rust. GitHub - SynapseKit/SynapseKit: Minimal, async-first Python framework for production LLM apps- 2 hard deps, no magic, no SaaS. A Claude Skill that Makes LLM Paragraphs More Bearable Does Gas Town 'steal' usage from users' LLM credits & paid services to improve itself? What's Claude Code Actually Doing? Open the Black Box with the Arthur Engine Milla Jovovich's New Open Source LLM Memory App and the Dark Code Problem Your intuition of LLM token usage might be wrong Show HN: Bloomberg Terminal for LLM ops – free and open source GitHub - 0xchamin/mcptube: Transform YouTube videos into a compounding knowledge base with transcripts, vision analysis, and agentic search. Works as an MCP server for Claude, Copilot & more. Show HN: Open KB: Open LLM Knowledge Base Your LLM is a compiler, not a runtime GitHub - sapountzis/Unslop: A Web Feed That Deserves You crates.io: Rust Package Registry Beyond Karpathy's LLM-Wiki: The Necessity of Cognitive Governance GitHub - amitshekhariitbhu/llm-internals: Learn LLM internals step by step - from tokenization to attention to inference optimization. GitHub - parallem-ai/parallem: An expressive library for running agents with the Batch API. GitHub - stfurkan/pi-llm LLM-Wiki Show HN: Formal – Formal verification for AI-generated code using Lean 4 LRTS – Regression testing for LLM prompts (open source, local-first) LLM Wiki Skill: Build a Second Brain with Claude Code and Obsidian I built an LLM Wiki and RAG solution: here's a demo for a security KB The biggest advance in AI since the LLM Predict-Rlm: The LLM Runtime That Lets Models Write Their Own Control Flow the-synthetic-library/the-synthetic-mind at main · joshferrer1/the-synthetic-library GitHub - yisding/reviewwiggum GitHub - Donnyb369/mcp-spine: Context Minifier & State Guard — Local-first MCP middleware proxy GitHub - Beledarian/wgpu-llm: A from-scratch LLM inference engine that uses wgpu (the cross-platform WebGPU implementation) to dispatch WGSL compute shaders for every math operation a Transformer needs. No CUDA. No Python. No massive framework dependencies. Just Rust, raw shaders, and your GPU. GitHub - anitiue/Hindsight: An experience-driven self-improvement framework for LLM agents — 基于经验的 LLM Agent 自我改进框架 GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. GitHub - alainnothere/AmdPerformanceTesting: Amd Performance Testing Ask HN: Is a purely Markdown-based CRM a terrible idea? Optimized for LLM agents Context Engineering - LLM Memory and Retrieval for AI Agents | Weaviate little_helper_tui/letter.md at main · sleepyeldrazi/little_helper_tui GitHub - EvanZhouDev/umr: The Unified Model Registry for all your local AI apps. GitHub - JordanCT/VigIA-Orchestrator Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain A Taxonomy of RL Environments for LLM Agents Llama LLM Network Feture GitHub - genedeng-ca/ai-mac-migration: AI-powered Mac-to-Mac migration tool - replace Apple Migration Assistant with intelligent, selective transfer using local LLMs GitHub - lunargate-ai/gateway: High-performance self-hosted AI gateway (OpenAI-compatible) with routing, retries, and streaming GitHub - AuthBits/webmcp: A lightweight, prompt-driven MCP web research server for high-quality LLM powered information extraction. Externalization in LLM Agents: A Unified Review of Memory, Skills, Protocols and Harness Engineering Springdrift: An Auditable Persistent Runtime for LLM Agents with Case-Based Memory, Normative Safety, and Ambient Self-Perception High-Stakes Personalization: Rethinking LLM Customization for Individual Investor Decision-Making From Static Templates to Dynamic Runtime Graphs: A Survey of Workflow Optimization for LLM Agents HUOZIIME: An On-Device LLM-enhanced Input Method for Deep Personalization TIDE: Token-Informed Depth Execution for Per-Token Early Exit in LLM Inference Characterizing WebGPU Dispatch Overhead for LLM Inference Across Four GPU Vendors, Three Backends, and Three Browsers LLM Targeted Underperformance Disproportionately Impacts Vulnerable Users
GitHub - OpenAgentic-Labs/echoform-ghost-memory: Effectively unlimited long-term memory for any LLM - zero context tokens, zero weight updates, cryptographic forgetting certificate.
Nagendhra · 2026-05-19 · via Hacker News - Newest: "LLM"

ECHOFORM — Open-source memory substrate for AI agents

Effectively unlimited long-term memory for any LLM —
zero context tokens · zero weight updates · cryptographic forgetting curve.

License Python Status CI Stars Forks Issues Last commit

Install · How it works · API · Cloud deploy · Architecture · Provenance

If ECHOFORM saves you a context window — drop a ⭐ on the repo.
Stars are the only signal that tells us to keep shipping. It takes one click.

Star this repo


What is this?

ECHOFORM is a production memory substrate for AI agents. Existing systems (Mem0, Zep, Letta, …) treat memory as a retrieval problem — fetch chunks, stuff them back into the prompt, watch the bill scale with episode count. ECHOFORM inverts the direction: it stores agent history as a single side-channel FHRR hypervector that pre-biases attention geometry at inference time, without ever consuming a context token or updating a model weight. Every recall comes with a signed forgetting certificate — a closed-form, cryptographically verifiable attestation of what the system retains and what it has provably let go.

That last property is the wedge. It turns the mathematical capacity ceiling of holographic memory from a flaw into the only auditable forgetting primitive in the field — and the only memory layer that can answer GDPR Article 17 with a proof, not a promise.


✨ Highlights

  • 🧠 Side-channel memory. Agent history is a single 64 KB FHRR vector. /v1/bias returns a residual-stream additive bias in O(1) per call, regardless of how many episodes are stored.
  • 📜 Signed forgetting certificate. Every recall ships with an Ed25519 JWS attesting (D, β, episode_count, archive_count, theoretical_recall_curve), canonicalized via RFC 8785 JCS. Verifiable offline with a standalone 100-line verifier.
  • 🛡️ GDPR Art. 17 with proof. DELETE /v1/forget purges both the live superposition AND the cold-tier archive (S3 Object Lock GOVERNANCE + STS BypassGovernanceRetention), then signs an ErasureReceipt.
  • 🚀 One-click everything. curl … | bash brings up the full prod stack (Postgres + Redis + S3 + worker) and opens a working web UI in your browser. Same stack click-deploys to Render, Fly, DigitalOcean, or any Kubernetes via Helm.
  • 🔌 Model-agnostic. Works with Llama-3.1, Mistral, Qwen, and (via the proxy layer) Claude / GPT / Gemini. No weight changes, no fine-tuning.
  • 🔍 Observable end-to-end. OpenTelemetry traces + Prometheus RED/USE metrics + structured logs unified by trace_id. Built for Grafana, Loki, Tempo.
  • 🎨 Embedded web UI. Vanilla-JS SPA at / — write, recall, view certificates, run GDPR export/erasure, watch live metrics. Zero build step.

One-click install (local)

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/OpenAgentic-Labs/echoform-ghost-memory/main/install.sh | bash

Windows (PowerShell):

iwr -useb https://raw.githubusercontent.com/OpenAgentic-Labs/echoform-ghost-memory/main/install.ps1 | iex

The installer verifies Docker, pulls the production image, brings up postgres + redis + minio + api + worker via Compose, waits for /healthz, and opens http://localhost:8080/ in your default browser. A working web UI loads — no code, no curl, no terminal required.

Don't have Docker? Grab it once at docker.com/products/docker-desktop — the installer fails fast with a friendly error if it's missing.

Stop: cd ~/.echoform && docker compose down Upgrade: cd ~/.echoform && docker compose pull && docker compose up -d


One-click cloud deploy

Same production image, four managed targets:

Provider Click-to-deploy Cost ballpark Spec file
Render Deploy to Render ~$25/mo deploy/cloud/render.yaml
Fly.io fly launch --copy-config ~$5/mo deploy/cloud/fly.toml
DigitalOcean doctl apps create --spec deploy/cloud/digitalocean-app.yaml ~$24/mo deploy/cloud/digitalocean-app.yaml
Kubernetes helm install echoform deploy/helm/echoform infra-dependent deploy/helm/echoform/

Every blueprint provisions the same architecture: API + consolidation worker + managed Postgres + managed Redis, with HPA, PDB, ServiceMonitor, and a working /healthz probe. See deploy/cloud/README.md for the production-hardening checklist (KMS for signing keys, S3 archive with GOVERNANCE Object Lock, WAF, key rotation).


How it works

┌──────────────────────────────────────────────────────────────────────────────┐
│                                                                              │
│   ┌──────────┐    write       ┌─────────────┐    enqueue                     │
│   │  client  ├───────────────►│  echoform-  ├─────► Redis Streams            │
│   │  (LLM    │                │     api     │                                │
│   │   agent) │   bias         │             │      pull          ┌─────────┐ │
│   │          │◄───────────────┤  (stateless,│                    │echoform-│ │
│   └──────────┘   (no tokens)  │   N×3..10)  │                    │ worker  │ │
│                               └──┬──────┬───┘                    │(single- │ │
│                                  │      │                        │ writer) │ │
│                          read    │      │ write                  └────┬────┘ │
│                          super-  │      │ episode                     │      │
│                          position│      │                             │      │
│                                  ▼      ▼                             │      │
│                          ┌─────────────────────┐    update FHRR       │      │
│                          │     Postgres 16     │◄─────────────────────┘      │
│                          │  · episodic table   │                             │
│                          │  · semantic (FHRR)  │                             │
│                          │  · audit_log        │                             │
│                          └──────────┬──────────┘                             │
│                                     │ spill > capacity                       │
│                                     ▼                                        │
│                          ┌─────────────────────┐                             │
│                          │    S3 / MinIO       │                             │
│                          │  (Ghost Archive,    │                             │
│                          │  Object Lock        │                             │
│                          │  GOVERNANCE)        │                             │
│                          └─────────────────────┘                             │
│                                                                              │
└──────────────────────────────────────────────────────────────────────────────┘

Three lanes:

  1. Hot writePOST /v1/remember redacts PII, scans for MINJA-class prompt-injection, inserts into the weekly-partitioned episodes table, enqueues a ConsolidationJob to Redis Streams. Target p99 ≤ 5 ms.
  2. Hot readPOST /v1/bias loads the tenant's 64 KB FHRR superposition (asyncio-locked TTL cache), encodes the query, takes one complex inner product, returns the residual-stream bias + certificate_id. O(1) in episode count. Target p99 ≤ 20 ms.
  3. Cold consolidation — A single-writer worker pulls batches from Redis, runs the consolidation pass (Mamba-based in v0.2; IdentityConsolidator stub in v0.1), writes a new superposition row with optimistic CAS, emits a drift metric. Decoupled from the request path; the API never blocks on it.

Full Architecture Decision Record: _artifacts/phase3/architecture-adr.md. Module dependency DAG enforced by .importlinter.


The forgetting certificate

ECHOFORM's wedge. The certificate is a detached Ed25519 JWS over a JCS-canonicalized payload:

{
  "deployment_id":          "acme-prod-eu",
  "signing_key_id":         "01J9F3RXK4M7Z2B5W6XE0YQVQR",
  "issued_at":              "2026-05-19T11:23:45Z",
  "D":                      8192,
  "beta_rational":          { "num": 3, "den": 100 },
  "episode_count":          47291,
  "archive_count":          12055,
  "n_star_certified":       909,
  "theoretical_recall":     "erfc(sqrt(n * beta * log(D) / D))",
  "adapter_sha256":         "7f2c…",
  "coprocessor_sha256":     "ae91…",
  "proxy_calibration_eps":  0.012,
  "post_erasure_cosine_max":0.043,
  "enclave_quote_b64":      null
}

Why this matters:

Property Mem0 / Zep / Letta / Graphiti ECHOFORM
Forgetting curve published? ❌ (empirical, opaque) ✅ closed-form, derivable from (D, β, n)
Offline verifiable? ✅ Ed25519 JWS, RFC 7515 + RFC 8785
Bound to model + adapter hash? adapter_sha256 + coprocessor_sha256
Survives alg=none attack? n/a ✅ rejected at ECHOFORM layer before any JWT call
Covers cold-tier erasure? ✅ S3 Object Lock GOVERNANCE + STS bypass IAM
Pinned crypto stack? n/a ✅ pyjwt ≥ 2.12 (CVE-2026-32597 patched), PyNaCl, JCS

Standalone verifier (no echoform dependency, runnable by auditors): echoform/security/certificate/verifier.py.


The API

Python SDK

import ghost_memory as gm

mem = gm.GhostMemory(endpoint="https://your-deploy.example.com")

# Write
mem.remember(
    agent_id="customer-success-bot",
    content="User asked about Q3 revenue forecast on the discovery call.",
    subject_pseudonym="cust_1f3a",
)

# Recall — returns the residual-stream bias + certificate id
bias = mem.bias(
    agent_id="customer-success-bot",
    query="what did the customer ask about previously?",
)
print(bias.certificate_id, bias.vector_bytes[:16].hex())

# Compliance
cert    = mem.certificate()                # current ForgettingCertificate JWS
export  = mem.export(subject_pseudonym="cust_1f3a")        # GDPR Art. 15
receipt = mem.forget(                                       # GDPR Art. 17
    subject_pseudonym="cust_1f3a",
    audit_reason="DSAR-2026-0042",
)

Raw HTTP

# Write
curl -X POST https://localhost:8080/v1/remember \
  -H 'Content-Type: application/json' \
  -H 'Idempotency-Key: 01J9F3R…' \
  -d '{"agent_id":"demo","content":"hello world","ts":1747641600}'

# Bias
curl -X POST https://localhost:8080/v1/bias \
  -H 'Content-Type: application/json' \
  -d '{"agent_id":"demo","query":"what did I say?"}'

# Certificate
curl https://localhost:8080/v1/certificate

# Erase
curl -X DELETE https://localhost:8080/v1/forget \
  -H 'Content-Type: application/json' \
  -d '{"subject_pseudonym":"cust_1f3a","audit_reason":"DSAR-2026-0042"}'

Full OpenAPI 3.1 spec at /openapi.json once the server is running. Interactive Swagger at /docs. ReDoc at /redoc.


What's in the box (v0.1)

Module What Status
echoform.core.fhrr FHRR bind/unbind/bundle/capacity at D=8192 complex64 ✅ real
echoform.core.adapter Llama-3.1-70B residual-stream bias (HF forward hook) ✅ real
echoform.storage.episodic Postgres 16 + pgcrypto + pg_partman 5.2 ✅ real
echoform.storage.semantic Optimistic CAS + asyncio-locked TTL cache + safetensors ✅ real
echoform.api.public FastAPI 0.136.1 — 9 stable endpoints + web UI mount ✅ real
echoform.sdk Async + sync httpx clients + ghost_memory façade ✅ real
echoform.security.certificate Ed25519 + JCS canonicalization + key rotation ✅ real
echoform.safety PII redactor + 55 MINJA payloads + poison_scan_gate ✅ real
echoform.observability structlog + OpenTelemetry + Prometheus ✅ real
echoform.core.compression Bag-of-tokens FHRR (Mamba-2 → v0.2) 🟡 stub
echoform.core.consolidation IdentityConsolidator (HiCL → v0.2) 🟡 stub
echoform.storage.archive LocalArchive + S3 stub with COMPLIANCE refusal 🟡 v0.2 S3 wire-up
echoform.api.proxy Returns HTTP 501 (Anthropic + OpenAI + vLLM in v0.2) 🟡 stub

See docs/roadmap.md for the v0.2 / v1.0 line.


Project structure

echoform-ghost-memory/
├── README.md  LICENSE  NOTICE  CHANGELOG.md  SECURITY.md  GOVERNANCE.md
├── BUILT_FROM.md             ← provenance trail
├── pyproject.toml  tasks.py  Dockerfile  docker-compose.yml
├── install.sh  install.ps1   ← one-click local installer
├── echoform/                 ← the package (82 .py files)
│   ├── types.py              ← canonical types (leaf import)
│   ├── core/{fhrr, compression, adapter, consolidation}
│   ├── storage/{episodic, semantic, archive}
│   ├── api/{public, proxy}
│   ├── sdk/, cli.py
│   ├── observability/, security/certificate/, safety/
│   └── config/settings.py
├── ghost_memory/             ← 5-line public façade
├── tests/                    ← 46 tests across 7 categories
│   ├── unit/  property/  integration/  smoke/  perf/  security/  fuzz/
│   └── conftest.py
├── deploy/
│   ├── k8s/{base, overlays/{dev,prod}, iam}      ← Kustomize
│   ├── cloud/{render.yaml, fly.toml, …}          ← managed-platform blueprints
│   └── helm/echoform/                             ← Helm chart with subcharts
├── docs/
│   ├── architecture.md  ops-runbook.md  security-baseline.md
│   ├── observability.md  data-classification.md
│   ├── glossary.md  governance.md  roadmap.md  known-issues.md
│   └── closed-model-gap.md  assets/
├── examples/                 ← 4 runnable examples
└── .github/workflows/        ← ci.yml, release.yml (cosign), security.yml

Production posture

  • Container. Multi-stage Dockerfile, non-root UID 10001, distroless-style runtime, signed via Sigstore Cosign on every release.
  • CI matrix. ubuntu × macos × windows × python-3.11, python-3.12. Lint (ruff), typecheck (mypy strict on critical paths), unit + property + integration + smoke + security, dep audit (pip-audit), license guard (pip-licenses --fail-on=GPL;LGPL;AGPL;…), gitleaks on every PR, import-DAG enforcement via import-linter.
  • Observability. OpenTelemetry SDK 1.41, OTLP gRPC default, trace_id in every log, tenant_id only on trace exemplars (cardinality budget enforced).
  • K8s defaults. HPA 3-10, PDB minAvailable=2 on api / 1 on worker, NetworkPolicy default-deny + explicit egress, all three probes (startup + liveness + readiness), securityContext with runAsNonRoot, readOnlyRootFilesystem, drop ALL caps, seccompProfile: RuntimeDefault.
  • Compliance. GDPR Art. 15 export + Art. 17 erasure + Art. 20 portable format. EU AI Act Art. 12 audit log retained 6 months minimum. Data classification table in docs/data-classification.md.

Roadmap

v0.2 (next):

  • Real Mamba-2 130M consolidation rebind (replaces IdentityConsolidator)
  • api.proxy Anthropic + OpenAI + vLLM adapters
  • Spectral-entropy MINJA detector (replaces regex tier)
  • AWS KMS / HashiCorp Vault signing-key backend
  • /v1/audit/{event_id} endpoint
  • Locust-driven cross-process p99 perf gate

v1.0:

  • TEE attestation (AMD SEV-SNP / AWS Nitro Enclaves) — Sovereign SKU
  • pgBackRest continuous WAL streaming + PITR
  • CBOR / COSE certificate payloads
  • Photonic / neuromorphic substrate support (D ≥ 10⁶)

See docs/roadmap.md for the full sequencing.


Contributing

Pull requests welcome. We use the Developer Certificate of Origingit commit -s on each commit; no CLA. Open an issue first for non-trivial changes; architecture changes need an ADR under docs/adr/ per GOVERNANCE.md.

git clone https://github.com/OpenAgentic-Labs/echoform-ghost-memory
cd echoform-ghost-memory
python -m pip install -e ".[safety]"
python tasks.py smoke                       # ✅ < 30 s
python tasks.py test                        # full suite (needs PG + Redis)

All contributors must follow CODE_OF_CONDUCT.md (Contributor Covenant 2.1). Vulnerability reports go to the channel in SECURITY.md.


Citation

If you build on ECHOFORM in academic work, please cite:

@software{echoform_ghost_memory_2026,
  title  = {ECHOFORM Ghost Memory: A side-channel forgetting-certified memory substrate for LLM agents},
  author = {{The ECHOFORM Authors}},
  year   = {2026},
  url    = {https://github.com/OpenAgentic-Labs/echoform-ghost-memory},
  version= {0.1.0},
}

License

Apache License 2.0 — see NOTICE for third-party attributions (PyTorch, FastAPI, asyncpg, OpenTelemetry, PyJWT, PyNaCl, structlog, mamba-ssm, …). Compliant deps only — cargo-deny / pip-licenses gates AGPL/GPL/LGPL/SSPL/BUSL in CI.


Built from

This codebase was assembled in 8 phases (intake, spec crystallization, paired 30-agent dispatch, architecture council, adversarial critic review with veto floor, assembly, pre-flight integration check, end-to-end test verification) per the mind-build@v2 workflow. The provenance trail — dossier SHA-256, archetype pairings, conflict resolutions, Phase-3.5 critic confidence scores, all 10 must-fix items with their resolution — lives in BUILT_FROM.md.


Star history

ECHOFORM star history

Watching this graph climb is how we know the work matters. If you’ve read this far,
the ⭐ star button takes one click — thank you.


Made with ∞ by OpenAgentic Labs.