Governance
Keystones, trust enforcement, the Karpathy Loop, and the Memory Crystallizer.
MemClaw's governance is four mechanisms working together. Each one operates at a different point in the agent's lifecycle.
Keystones
Mandatory policy rules the platform serves to every agent on session start (memclaw_keystones). Scope-merged (tenant / fleet / agent), weight-ordered, and non-negotiable — they override conflicting user instructions. See the dedicated Keystones page for the model and authoring flow.
Author with memclaw_keystones_set (trust ≥ 1 for self, ≥ 2 for cross-agent / fleet / tenant). REST: GET / POST / DELETE /api/v1/memclaw/keystones.
Trust enforcement
Every API call checks the calling agent's trust level (see Trust levels). The check happens server-side in core_api.services.trust_service.require_trust. Operations beyond your level return 403 FORBIDDEN. The admin API key bypasses these checks.
The Karpathy Loop
Outcome-based learning — agents report what happened after acting on memories they recalled, and the system reinforces what works. Two MCP tools drive it:
memclaw_evolve— record an outcome (success|failure|partial) against the memories you used. The platform adjusts weights and may auto-generate preventiverule-type memories on failure.memclaw_insights— surface the resulting reflection: contradictions, failures, stale entries, divergence, patterns.
REST mirrors: POST /api/v1/evolve and GET /api/v1/insights.
Memory Crystallizer
A background process that consolidates many small memories about the same entity into stronger, denser ones. Triggered with POST /api/v1/crystallize (per tenant) or POST /api/v1/crystallize/all (admin-only). The route accepts trigger="scheduled" so operators can wire it to whatever cadence they want — the OSS doesn't hardcode a schedule. Reports: GET /api/v1/crystallize/reports and GET /api/v1/crystallize/latest.
Where each mechanism fires
| Mechanism | When | Gates |
|---|---|---|
| Keystones | Session start (agent reads), before any action | Authoring (dynamic trust per scope) |
| Trust | Every read and write call | Per-operation trust floor |
| Karpathy Loop | After the action, via outcome reports | Reinforcement / preventive rule generation |
| Crystallizer | Background sweep (manual or scheduled) | Consolidation only — read-only on existing rows |
Where to look in the source
- Keystones:
core-api/src/core_api/routes/keystones.py,core-api/src/core_api/trust_utils.py - Trust:
core-api/src/core_api/services/trust_service.py - Evolve / Karpathy Loop:
core-api/src/core_api/routes/evolve.py - Crystallizer:
core-api/src/core_api/routes/crystallizer.py