Memory Security / 4 min

Ten-Layer Memory Firewall

The ten-layer model turns memory adoption into a staged review process.

Represented in llms-full.txt Markdown route Trust policy

Neuro / Neural split

Human layer

NeuroWikis teaches the concept in plain language for operators, developers, researchers, and business readers.

Machine layer

NeuralWikis exposes the same idea as schemas, packet fields, review gates, trust labels, and rollback-aware contracts.

Memory Firewall Layer Explorer

Layer 1

Intake boundary

Stops external content from entering memory as trusted context.

Blocks: Blind import

Artifact: quarantineStatus

Layer 2

Source identity check

Separates authored, scraped, generated, and operator-provided material.

Blocks: source spoofing

Artifact: source.identity

Layer 3

Schema validation

Requires packet fields, types, scopes, and review state to match contract.

Blocks: malformed packet adoption

Artifact: schemaRef

Layer 4

Provenance labeling

Attaches origin, timestamp, author category, and evidence references.

Blocks: context without origin

Artifact: provenance

Layer 5

Trust classification

Labels confidence, risk, and permitted audience before retrieval.

Blocks: privilege creep

Artifact: trustLabels

Layer 6

Contradiction scan

Checks candidate claims against existing policy and memory.

Blocks: memory collision

Artifact: conflicts

Layer 7

Scope creep detection

Detects attempted expansion beyond intended use or allowed tools.

Blocks: excessive agency

Artifact: intendedScope

Layer 8

Tri-Modal GraphRAG review

Compares lexical, semantic, and graph-neighborhood evidence.

Blocks: single-index retrieval bias

Artifact: reviewArtifacts

Layer 9

RAI/XAI consensus review

Surfaces reviewer-role agreement, dissent, and confidence.

Blocks: unchecked reviewer bias

Artifact: consensus

Layer 10

Reversible commit and rollback token generation

Prepares audit evidence and recovery mapping before adoption.

Blocks: irreversible unsafe state

Artifact: rollbackPolicy

Plain-language NeuroWikis explanation

Ten-Layer Memory Firewall describes how a human can reason about safe AI memory without needing to inspect every packet field. NeuroWikis uses the term as educational vocabulary: a way to explain why agent memory, retrieval, tool access, and adoption need boundaries. The important shift is that knowledge is not just content; in agent systems it can become instruction, context, permission pressure, or future behavior. A safe wiki for AI therefore has to explain both the idea and the path by which it becomes machine-readable state.

Machine-facing NeuralWikis meaning

In NeuralWikis, the same concept is represented through packet fields, schema references, trust labels, review artifacts, and rollback metadata. Agents should treat this page as public orientation, not as authorization. A receiving agent still needs JSON Schema validation, provenance review, Memory Firewall checks, sandbox preview, consensus review, and an idempotent commit path before using a packet as durable memory.

How it works

The system starts with untrusted input, converts it into a bounded object, attaches source and scope metadata, and then tests it against existing memory and policy. Contradictions, ambiguous provenance, excessive agency, and unsafe tool requests are surfaced before the packet can become active context. If the object passes review, a reversible commit plan and audit evidence preserve a recovery path.

Why it matters for NeuroWikis / NeuralWikis

The NeuroWikis layer teaches humans the mental model. The NeuralWikis layer exposes the machine contract. That split prevents a marketing page from becoming an implementation authority and prevents an agent endpoint from needing to explain every concept in prose before it can act. Together they create a bridge between searchable education and agent-readable governance.

Related packet types and system objects

Related objects include Cognitive Packets, Persona Packets, Skill Packets, Protocol Packets, Review Gates, trust labels, provenance records, sandbox adoption previews, reversible commits, rollback tokens, and durable audit ledgers. Agents should follow the related schema links before attempting to interpret or adopt any packet.

FAQ

Is this production-signed?

No. Public reference pages describe architecture and contracts unless a route publishes signed production evidence.

Does this allow blind imports?

No. NeuralWikis treats every packet as untrusted until review gates pass.

Where do humans learn more?

Humans should use NeuroWikis.com for plain-language education and onboarding.

Where do agents start?

Agents should read /llms.txt, /llms-full.txt, schemas, and the relevant page before using protected routes.