惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
P
Proofpoint News Feed
Apple Machine Learning Research
Apple Machine Learning Research
WordPress大学
WordPress大学
博客园 - Franky
V
V2EX
爱范儿
爱范儿
J
Java Code Geeks
小众软件
小众软件
Last Week in AI
Last Week in AI
The Cloudflare Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hugging Face - Blog
Hugging Face - Blog
T
The Blog of Author Tim Ferriss
酷 壳 – CoolShell
酷 壳 – CoolShell
The Register - Security
The Register - Security
GbyAI
GbyAI
Vercel News
Vercel News
Y
Y Combinator Blog
腾讯CDC
F
Fortinet All Blogs
I
InfoQ
N
Netflix TechBlog - Medium
B
Blog RSS Feed
D
Docker
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
量子位
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
Microsoft Security Blog
Microsoft Security Blog
V
Visual Studio Blog
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
Blog — PlanetScale
Blog — PlanetScale
H
Help Net Security
云风的 BLOG
云风的 BLOG
A
About on SuperTechFans
Scott Helme
Scott Helme
T
Tor Project blog
U
Unit 42
Google Online Security Blog
Google Online Security Blog
PCI Perspectives
PCI Perspectives
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
NISL@THU
NISL@THU
D
Darknet – Hacking Tools, Hacker News & Cyber Security
aimingoo的专栏
aimingoo的专栏
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Stack Overflow Blog
Stack Overflow Blog
Security Archives - TechRepublic
Security Archives - TechRepublic

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
AI memory should be a product state, not a prompt trick
Yana Li · 2026-06-20 · via DEV Community

I ran into a memory problem while building a reflective AI product.

The easy version of AI memory is tempting:

Save useful facts about the user.
Put them back into the next prompt.
Call it memory.

That can work for low-risk personalization.

It is probably fine if an assistant remembers that a repo uses pnpm, or that a user prefers short answers, or that a team calls its staging branch preview.

But the problem changes when the user is bringing personal material into the product.

In my case, the product lets people explore dreams, moods, relationship patterns, recurring symbols, and private reflections. I did not want meaningful sessions to disappear into raw chat history. But I also did not want every sentence the user typed to quietly become permanent memory.

That changed the architecture for me.

The question stopped being:

What can the model remember?

It became:

What does the user own?
What did they approve?
When is it stored?
When is it used?
When can it be paused, exported, or deleted?

That distinction sounds like product design, but it quickly becomes system design.

The common mistake: treating memory as one bucket

Many AI products describe memory as if it were one thing:

Memory: on/off

That is simple, but it hides too much.

In practice, "memory" usually mixes several different jobs:

  • short-term conversation context
  • a summary of the last session
  • facts the user explicitly wants remembered
  • model-inferred patterns
  • user-authored background context
  • retrieval results selected for the current turn
  • account data that must be exportable or deletable

If all of that becomes one invisible bucket, the developer gets a simpler implementation and the user gets a murkier product.

You also lose the ability to answer basic questions:

  • Why did the assistant bring this up?
  • Did it save that automatically?
  • Is this being used in future prompts?
  • Can I delete this one thing without deleting everything?
  • What happens if I pause memory?
  • What happens if my subscription ends?

Those are not only UX questions. They are architecture questions.

Stored memory and prompt memory are different

The biggest architectural shift for me was separating stored memory from prompt-time memory.

A user may own saved memory assets, but that does not mean the model should always be allowed to use them.

I ended up thinking about memory in two different states:

This belongs to the user.
This is currently allowed to enter the prompt.

Those are not the same promise.

A user should be able to view, export, or delete saved memory without the assistant automatically using it in every future session.

That separation led to a small but important access layer:

type MemoryAccessState = {
  userMemoryEnabled: boolean;
  planKey: string;
  entitlementState: string;
  subscriptionActive: boolean;
  canUsePromptMemory: boolean;
  pendingMemoryActivation: boolean;
  memoryExpiresAt: string | null;
};

function getCanUsePromptMemory(state: MemoryAccessState) {
  return state.userMemoryEnabled && state.subscriptionActive;
}

The important field is not userMemoryEnabled.

It is canUsePromptMemory.

That field answers the real runtime question: should memory be included in the prompt for this turn?

This avoids a confusing product promise.

For example:

  • a free user may have memory assets saved, but not active in future prompts
  • a paid user may allow long-term memory into sessions
  • a user may pause memory without deleting the assets
  • an interrupted subscription may retain memory for a defined period without letting the model call it
  • deletion and export can still work even when prompt memory is disabled

Without this separation, memory becomes a hidden privilege state. The data exists, the user sees some of it, the model may or may not use it, and nobody can explain the boundary clearly.

The pattern: split memory by lifecycle

I stopped treating memory as one feature and started treating it as a set of product states.

The simplified shape looks like this:

conversation
-> session note
-> user-approved memory item
-> user-authored room context
-> long-term inner map
-> retrieval evidence
-> prompt context

Each layer has a different lifecycle.

conversation is the raw exchange. It is useful for same-session continuity, but too noisy to become long-term memory by itself.

session note is a structured artifact created after a session. It can summarize themes, symbols, conflicts, and useful continuity points.

memory item is smaller and more explicit. It is the kind of thing the user can inspect and approve.

room context is user-authored background. I treat this as higher-trust than inferred memory because the user wrote it directly.

inner map is a versioned long-term snapshot of recurring themes. This layer needs caution because it can easily sound more authoritative than it is.

retrieval evidence is what the system selected for the current turn.

prompt context is the final compiled memory that the model sees.

This adds work, but it makes the system easier to reason about.

The user can own assets without every asset being active in the prompt. The assistant can use relevant memory without pretending all saved history is equally important. The product can pause, retain, export, or delete different layers without inventing a new exception every time.

Retrieval should return evidence, not vibes

Once memory is layered, retrieval should also become more explicit.

A memory result should not just be text pasted into a prompt. It should carry enough metadata to explain why it was selected.

A simplified version:

type MemoryEvidence = {
  source: "session-note" | "memory-item";
  id: string;
  title: string;
  excerpt: string;
  score: number;
  reason: string;
  createdAt?: string;
};

The reason field is not fancy, but it is useful.

It can say things like:

semantic long-memory match
strong theme/symbol overlap
partial approved-memory overlap
recent continuity evidence

This helps debugging, but it also keeps the product honest.

If the assistant brings a memory into the current turn, the system should be able to explain why that memory was selected.

For a first version, retrieval does not need to be magical. I prefer a conservative hybrid approach:

user-authored context
+ latest long-term snapshot
+ relevant session notes
+ recent notes as fallback
+ approved memory items
-> compact prompt memory

Vector search is useful, but it should not be the only rule.

For personal or reflective products, recency, explicit approval, user-authored context, and clear fallback behavior matter just as much as similarity score.

A small failure case: the creepy callback

Here is the kind of behavior I wanted to avoid.

Suppose a user once wrote:

I keep dreaming about a locked garden gate.

Two weeks later they write:

I felt ashamed today when I wanted to ask for help.

Bad memory behavior:

This connects to your locked garden gate dream.

Maybe it does. Maybe it does not.

The callback may be clever, but if the user did not invite that connection, and the system cannot explain why it surfaced the memory, it can feel creepy.

Better behavior:

There may be a threshold theme here, but I would not force it.
If it feels connected, we can compare today's shame with the earlier gate image.
If not, we can stay with what happened today.

The wording is different, but the real difference is architectural.

The system needs to know:

  • Was the earlier note user-approved or model-inferred?
  • Was it selected because of semantic similarity, theme overlap, or mere recency?
  • Can the user inspect it?
  • Can the user delete it?
  • Can memory be paused before the next turn?

If those answers only exist inside the model response, the product is too soft in the wrong place.

The memory boundary needs to exist outside the prompt.

Retention is also part of memory design

Another mistake is treating retention as a legal/privacy page problem only.

For memory-heavy products, retention is part of the product behavior.

I prefer making the rules boring and explicit:

Active subscription:
  memory can accumulate
  memory can enter prompts if enabled

Paused or interrupted subscription:
  memory assets are retained for a defined period
  memory does not enter prompts

Memory disabled:
  existing assets remain manageable
  new long-term memory writes stop

Deletion:
  individual memory items can be deleted
  account-owned data can be exported or removed

The important part is not the exact number of days. The important part is that the product does not blur ownership, access, and usage.

A user should not have to guess whether saved memory is currently active.

They should not have to delete everything just to stop the assistant from using it.

Guardrails I would keep

For sensitive or reflective AI products, I would start with these guardrails:

  1. Do not treat the raw transcript as the long-term memory layer.
  2. Create a structured session note before creating smaller memory items.
  3. Require explicit approval for strong long-term memory items.
  4. Separate stored memory from prompt-time memory.
  5. Show memory state in account or session UI.
  6. Let users pause memory without deleting saved assets.
  7. Let users delete individual memory items.
  8. Keep export and deletion paths boring and reliable.
  9. Record why retrieved memory entered the prompt.
  10. Make retention rules explicit when billing or account state changes.

None of this requires a complicated agent framework.

It requires treating memory as product state instead of prompt decoration.

Where this is probably overkill

This pattern is too heavy for some products.

I would not build all of this for:

  • a throwaway demo
  • a stateless assistant
  • a tool that only remembers harmless UI preferences
  • a private local prototype where the user and developer are the same person

It becomes worth it when:

  • users bring sensitive or personal material
  • memory changes future model behavior
  • the product has accounts, billing, export, or deletion promises
  • users may reasonably ask why the AI remembered something
  • continuity is part of the paid value

That last point matters.

If memory is part of what people pay for, it cannot just be a prompt trick.

How I am applying this

I built this pattern while working on Jung Room, a non-clinical AI self-exploration room for dreams, moods, symbols, and recurring patterns.

The product-specific version has:

session notes
+ saved memory items
+ user-authored room context
+ inner-map snapshots
+ account memory controls
+ subscription-gated prompt-time memory
+ retention and deletion paths

The general lesson is broader than this product:

Memory should be inspectable before it becomes powerful.

Builder checklist

If you are adding memory to an AI product, these are the questions I would ask early:

  • What exactly is being stored?
  • Which parts were written by the user?
  • Which parts were inferred by the model?
  • Which parts require explicit approval?
  • Which parts can enter future prompts?
  • Can the user pause prompt-time memory?
  • Can the user delete one memory without deleting the account?
  • What happens when billing state changes?
  • What is the fallback when retrieval fails?
  • Can you explain why a memory was selected?

If those answers are unclear, the memory feature may work technically while still feeling untrustworthy.

Open question

How are you handling memory in your own AI apps?

Are you treating it as private prompt context, user-owned product state, retrieval evidence, or something else entirely?