惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cyberwarzone
Cyberwarzone
V
Vulnerabilities – Threatpost
T
Tenable Blog
Forbes - Security
Forbes - Security
Simon Willison's Weblog
Simon Willison's Weblog
AWS News Blog
AWS News Blog
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
WordPress大学
WordPress大学
Latest news
Latest news
K
Kaspersky official blog
T
Tailwind CSS Blog
T
Threat Research - Cisco Blogs
B
Blog RSS Feed
C
Cisco Blogs
博客园 - 聂微东
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
小众软件
小众软件
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Privacy International News Feed
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
S
SegmentFault 最新的问题
Security Latest
Security Latest
Y
Y Combinator Blog
爱范儿
爱范儿
aimingoo的专栏
aimingoo的专栏
P
Privacy & Cybersecurity Law Blog
L
LINUX DO - 最新话题
月光博客
月光博客
The GitHub Blog
The GitHub Blog
博客园 - 三生石上(FineUI控件)
S
Security Affairs
P
Proofpoint News Feed
D
DataBreaches.Net
有赞技术团队
有赞技术团队
云风的 BLOG
云风的 BLOG

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Walking Back Our v1.0 Announcement: Resetting to v0.9.0a1 as the First Build
offbyonce · 2026-05-10 · via DEV Community

Last week we announced v1.0 of stigmem, our federated agent memory project.

That label was wrong. We're walking it back. And on review, the broader version history we'd been carrying (v0.2 through v2.0 across our spec files and versioned docs) was overstating the project's maturity in the same way. None of those were tagged releases anyone deployed in production; they were development checkpoints. The version labels on them implied a release chronology we hadn't earned. (The spec content is real and current; we're reviewing it section by section as part of this reset, not throwing it away.)

So we're doing two things together: walking back the v1.0 announcement, and resetting the canonical version line. v0.9.0a1, a preview alpha, is the first build of stigmem. The spec is being reviewed and improved into the v0.9.0a1 canonical structure: core sections first, then experimental ones move to clearly-labeled experimental status. Nothing from the spec is being deleted.

This post explains what happened, what we're changing, and what we'd recommend for anyone evaluating stigmem today. If you came in on the v1.0 announcement and have already integrated against it: please read the "If you were planning to deploy this week" section below before continuing.

Why the v1.0 label was premature

The most direct evidence is in our own threat model. We publish one: it's a real STRIDE analysis with a per-trust-boundary risk register, and you can read it here. Reading it carefully, several controls that should be table stakes for "v1.0 stable" are still open:

  • mTLS for federation (not enforced by default)
  • Per-principal rate limits
  • Enforced API key max-age and rotation
  • A persistent audit log with operator-actionable event types
  • Capability-level validation for cross-org instruction handling
  • Bounded-skew enforcement on hybrid logical clocks across federated peers

The controls our own document says are required to ship safely are not yet in place. v1.0 should mean those are done. They aren't.

Our previous risk register attributed these mitigations to an internal hardening milestone that hadn't shipped when the v1.0 announcement went out. The label outpaced the work. (We've since updated the register to a v0.9.0a1 baseline that names what's actually in effect today versus what's still in flight.)

What happened

The shipping pace outran our validation cycle.

Stigmem is built by two people with heavy AI-coding assistance. That setup makes it remarkably fast to ship code, fill out spec sections, generate test scaffolding, polish documentation. It does not make it fast to validate that what you've built behaves correctly under adversarial conditions, especially in a federated system where the threat model includes peers who lie.

Velocity ran ahead of validation. We had a spec through §25, a versioned docs site, multiple SDKs, conformance vectors, and a deployment story, all of it shipped in days. None of that proves the federation primitives are correct under adversarial conditions. That requires external operators, and we had zero.

What's changing today

Concrete actions, all landing this week:

  1. Re-versioned to v0.9.0a1 as the first build. The pyproject.toml, README, docs, and GitHub release reflect this. v0.9.0a1 is the first public release of stigmem, stigmem-py, stigmem-node, and stigmem-openclaw on PyPI, and of @eidetic-labs/stigmem-ts on npm. (See What the audit found below for the precise pre-publish state on PyPI and npm.)

  2. The threat model moves to the docs front page, not buried under spec/security/. It now includes a per-release status header naming which risks are mitigated, residual, open, and accepted as of the current version. This will be updated on every release; the changelog reflects it.

  3. A milestone-based plan to v1.0.0 is published openly. It includes a capability-based redesign of our prompt-injection handling (replacing the sanitizer-stripping approach we currently use, which doesn't survive contact with motivated adversaries), federation hardening (mTLS by default, bounded HLC skew, per-peer drift tracking), persistent audit log, and, critically, a 30-day public soak with at least one external operator before v1.0.0 ships. The plan is in ROADMAP.md, with regular engineering log posts to come.

  4. We've cut surface. A substantial set of features that were labeled v1.0 are moving to experimental/ as opt-in, gated work: RTBF tombstones, time-travel queries, lazy instruction discovery, advanced memory-garden ACL, source attestation, multi-tenant isolation, the curator dashboard, OIDC SSO, billing hooks, multi-backend storage, several connector adapters (Letta, Zep, Cognee, Gemini, OpenAI-tools, Paperclip), Helm/Fly.io/systemd/PaaS deploy recipes, and additional SDK languages. Each re-emerges through structured reintroduction gates (threat-model delta, ADR, conformance vectors, 30-day operator soak, documentation parity), with no default-on path until those gates pass. Content-addressed fact IDs (CIDs) stay in core: they're load-bearing for our storage-immutability stack and prompt-injection trust boundary, so they're a default-install feature in v0.9.0a1, not deferred. Our v1.0.0 surface will be smaller than what we announced, and defensible.

  5. We're disclosing AI-authorship clearly. The README and CONTRIBUTING.md now name which paths in the codebase have been human-reviewed in depth and which haven't. This shouldn't be a controversial disclosure, but in a category where trust is the product, hiding it would have been worse than naming it.

What the audit found

When we audited what we'd actually shipped under the v1.0 label, we found that most of the artifacts that would have made it real never landed. Neither stigmem on PyPI nor any stigmem* package on npm was ever published; the canonical-package names were still unclaimed at the time of the audit. The OpenClaw adapter (stigmem-openclaw) did upload to PyPI at v1.0.3 and v1.0.5, but both declared stigmem-py>=1.0.0rc1 as a hard dependency, and stigmem-py 1.0.0rc1 was never published either. Those adapter uploads were end-to-end uninstallable: the listing existed, the wheel was downloadable, but pip install stigmem-openclaw failed with an unsatisfiable constraint.

We're correcting that as part of this reset. v1.0.3 and v1.0.5 are yanked from PyPI (PEP 592: they remain reachable for anyone who pinned them, but new resolutions skip them). stigmem-openclaw 0.9.0a1 ships alongside the canonical packages and is the first installable version of the adapter. The ClawHub package (clawhub.ai/offbyonce/stigmem-node) is updated with the package README pointing at this retraction post.

The spec content from earlier development checkpoints is being reviewed section by section against actual implementation and migrated into the v0.9.0a1 canonical spec. The original evolutionary snapshots move to spec/archive/evolution/ as reference material once their content has been forward-migrated. Nothing about the spec is being deleted.

What's not changing

The core idea (a federated, typed, provenance-tracked memory substrate for AI agents) is still right. The design instincts that produced manifests with Rekor inclusion, Ed25519-signed capability tokens, scope/garden ACLs, and a real STRIDE threat model are still right.

What changes is the pace at which we earn the right to call any of this "stable."

If you were planning to deploy this week

Wait until the hardened-core milestone (v0.9.0bN beta series) ships.

Specifically: do not run stigmem federation across organizational boundaries until the hardened-core milestone ships. The federation primitives (peer authentication, capability scoping, replication, instruction handling) are exactly the surfaces that need the open mitigations to be safe.

For single-org, single-node deployments where you're experimenting and have no production data dependency, v0.9.0a1 is reasonable to play with. The new LIMITATIONS.md in the repo is honest about which of the open risks affect which deployment patterns; read it before you build against the API.

We aren't committing to a calendar for the hardened-core milestone; we'll complete it at a pace that aligns with our resourcing, and we'll publish updates as each item lands. Subscribe to the repo or watch the engineering log for progress.

If you've already integrated against v1.0: nothing about your code needs to change today. The core wire format hasn't changed. Some endpoints from v1.0 (RTBF tombstones, time-travel queries, lazy instruction discovery) moved to experimental and are not in the default install of v0.9.0a1, so applications relying on those will need to install the corresponding experimental/<feature>/ plugin (when it ships) or pin to a v1.0 era image. v0.9.0a1 comes with no stability guarantee; expect breaking changes during the v0.9.0aN alpha and v0.9.0bN beta series. We'll document them in the changelog.

We're looking for our first external operator

If you're an AI-tooling team, agent-framework project, or dev-tools company with agent workflows already in production: we'd like to talk. We're looking for one operator willing to run a stigmem node for 30 days against a real (non-critical) workload, with public bug reporting. We'll help you set up, watch you hit the bugs we couldn't anticipate, and credit you prominently in the v1.0 release notes when we get there.

This is the single most valuable contribution to the project right now. More than any feature, more than any spec section. If you're interested, open an issue tagged operator-candidate or reach out directly.

The asymmetric thing about this category

Federated memory infrastructure earns trust by being boring and correct, not exciting and broad. The teams that try to be exciting and broad mostly disappear. The teams that get boring and correct mostly compound.

We chose exciting and broad first. We're correcting it now.

If you saw the v1.0 announcement, evaluated stigmem, and walked away because something didn't smell right. Your instincts were good. v1.0.0 will be worth re-evaluating once the hardened-core milestone ships.


The full roadmap, threat model, limitations doc, and OpenClaw adapter audit are all in the repo. Honest feedback, harsh issues, and contributor PRs all welcome, especially from anyone who's been burned before by infrastructure that overpromised at v1.0.

Eidetic Labs
github.com/eidetic-labs/stigmem · stigmem.dev · docs.stigmem.dev