Memory Provenance Specification

A standard for tracking the origin and transformation chain of AI agent memory.

Overview

In multi-agent systems, memory passes through multiple agents before being acted upon. Each hop can modify, summarize, or reinterpret the original data. Without provenance tracking, there is no way to verify the chain of custody.

The provenance_chain field in MemCube v3 provides an ordered list of agent identifiers that touched a memory entry, from its origin to the current holder.

The provenance_chain field

{
  "id": "mem_001",
  "content": "Trade execution approved for portfolio rebalancing.",
  "type": "semantic",
  "timestamp_age_days": 0.5,
  "source_trust": 0.91,
  "source_conflict": 0.03,
  "downstream_count": 5,
  "provenance_chain": ["agent-planner-01", "agent-summarizer-03", "agent-executor-07"]
}

Optional field in MemCube v3. Default: empty list []. When absent, provenance detection is skipped (returns CLEAN).

Detection Rules

Circular Reference

Same agent_id appears twice in the chain. Memory looped back through the same agent — self-reinforcing. Result: MANIPULATED.

Chain Length Mismatch

Chain has < 2 agents but downstream_count > 8. Wide propagation with a short chain is physically implausible. Result: SUSPICIOUS.

Compromised Agent

Any agent_id in the chain exists in the compromised agent registry (auto-populated on MANIPULATED BLOCK). Result: MANIPULATED.

Identical Chains

3+ entries in the same memory_state have identical provenance chains. Real independent memories would have different paths. Result: SUSPICIOUS.

Response Fields

Field Values Description
provenance_chain_integrityCLEAN | SUSPICIOUS | MANIPULATEDOverall provenance assessment
provenance_chain_flagslist of stringsSpecific issues detected
chain_depthintegerMax chain length across all entries

Code Example

from sgraal import SgraalClient

client = SgraalClient("sg_demo_playground")

result = client.preflight(
    memory_state=[{
        "id": "mem_001",
        "content": "Trade execution approved",
        "type": "semantic",
        "timestamp_age_days": 0.5,
        "source_trust": 0.91,
        "source_conflict": 0.03,
        "downstream_count": 5,
        "provenance_chain": ["agent-01", "agent-02", "agent-01"]
    }],
    domain="fintech",
    action_type="irreversible"
)

print(result["provenance_chain_integrity"])  # MANIPULATED
print(result["provenance_chain_flags"])      # ["circular_reference:manipulated"]
print(result["recommended_action"])          # BLOCK
SMRS Standard Full documentation