Memory Fences & State Keys

March 6, 2026 · View on GitHub

🧭 Quick Return to Map

You are in a sub-page of Safety_PromptIntegrity.
To reorient, go back here:

Think of this page as a desk within a ward.
If you need the full triage and all prescriptions, return to the Emergency Room lobby.

Structural guardrails that prevent context bleed and cross-session injection.
This page defines how to enforce hard boundaries between prompts, ensuring system memory cannot be hijacked or silently rewritten.

When to open this page

  • Model begins recalling text from previous unrelated sessions.
  • Jailbreak attempts work only after long multi-turn dialogs.
  • Role confusion persists despite schema locks.
  • Adversarial input shifts policy, state, or history across turns.
  • ΔS spikes after memory transfer, despite stable retrieval.

Open these first

Core acceptance

  • No cross-session data unless whitelisted.
  • Each conversation has a unique state_key.
  • ΔS(question, retrieved) ≤ 0.45 across turns.
  • λ stays convergent for three paraphrases under replay.
  • Memory fences block unauthorized carry-over.

Fix in 60 seconds

  1. Assign a state key

    • Compute: state_key = sha256(session_id + system_rev + policy_hash)
    • Attach to all memory writes.

  2. Fence boundaries

    • Before each turn, validate:
      • incoming.state_key == current.state_key
      • If mismatch → reject or reset.

  3. Immutable system text

    • Mark non-task policy as system_only.
    • Forbid user overrides.

  4. Replay probes

    • Inject controlled paraphrases.
    • If ΔS or λ diverge, memory bleed suspected.

  5. Audit log

    • Store ΔS, λ, state_key, and mem_rev per step.
    • Flag anomalies for review.

Common failure vectors → fix

VectorSymptomFix
Cross-session carryoverAnswer mentions text from unrelated chatReject mismatched state_key, enforce reset
Hidden injection persistsUser payload continues beyond resetHash all system policy, invalidate old keys
Role drift with memory echoReplies prepend “system:” from earlierApply role_confusion.md fences
Version skewNew deploy reuses old cacheSalt state_key with system_rev
Chain-of-thought bleedInternal notes leak into answersEnforce data-contracts.md schema

Probe prompt

System memory test active.  
Session ID: {sid}, Policy Hash: {p_hash}.  

Tasks:
1. Compute state_key and compare against current session.
2. If mismatch, reset memory fences and refuse carryover.
3. Re-ask with paraphrased queries; compute ΔS and λ.
4. Report whether context bleed is detected.
5. Return minimal fix reference (role_confusion, prompt_injection, etc).

🔗 Quick-Start Downloads (60 sec)

ToolLink3-Step Setup
WFGY 1.0 PDFEngine Paper1️⃣ Download · 2️⃣ Upload to your LLM · 3️⃣ Ask “Answer using WFGY + <your question>”
TXT OS (plain-text OS)TXTOS.txt1️⃣ Download · 2️⃣ Paste into any LLM chat · 3️⃣ Type “hello world” — OS boots instantly

Explore More

LayerPageWhat it’s for
⭐ ProofWFGY Recognition MapExternal citations, integrations, and ecosystem proof
⚙️ EngineWFGY 1.0Original PDF tension engine and early logic sketch (legacy reference)
⚙️ EngineWFGY 2.0Production tension kernel for RAG and agent systems
⚙️ EngineWFGY 3.0TXT based Singularity tension engine (131 S class set)
🗺️ MapProblem Map 1.0Flagship 16 problem RAG failure taxonomy and fix map
🗺️ MapProblem Map 2.0Global Debug Card for RAG and agent pipeline diagnosis
🗺️ MapProblem Map 3.0Global AI troubleshooting atlas and failure pattern map
🧰 AppTXT OS.txt semantic OS with fast bootstrap
🧰 AppBlah Blah BlahAbstract and paradox Q&A built on TXT OS
🧰 AppBlur Blur BlurText to image generation with semantic control
🏡 OnboardingStarter VillageGuided entry point for new users

If this repository helped, starring it improves discovery so more builders can find the docs and tools.
GitHub Repo stars