MemForge v0. 5. 3: portable, agent-neutral persistent memory format for coding agents. v0. 5. 3 ran the project's full multi-voice review panel (architect + critic + threat-modeler) on both spec delta and new code surface pre-tag. Findings surfaced by the panel were addressed before tag. The release-rigor playbook codifies this as a per-release discipline. Important: multi-voice panel review is an internal review pass, not a substitute for independent red-teaming, third-party pentest, or formal security audit. No external security audit has been performed on this release. Findings tracked in known-limitations. md reflect the internal panel's scope. The v0. 5. 0 -> v0. 5. 3 sequence addresses items surfaced by: - The v0. 5. 0 panel pass (architect + critic + commercial + threat-modeler). - The v0. 5. 2 retrospective threat-modeler pass on the new code surface. - The v0. 5. 3 pre-tag release-rigor panel (architect + critic + threat-modeler). The v0. 5. 3 panel itself surfaced 4 additional issues classified BLOCKER by the panel (Windows TOCTOU clause overpromise; invariant 21 file-list incompleteness; revocation-walk framing-injection; Windows ACL locale-bound denylist) and 2 classified MAJOR (bounded-walk escape-hatch undefined; subprocess cleanup not mandated). All closed in the same commit that ships v0. 5. 3. Spec additions in this release: - Registry-layer cool-down enforcement: 24-hour key-rotation cool-down checks MUST occur at the registry layer, not solely at the CLI layer. Closes a CLI-bypass vector. - Bounded revocation walk: revocation walk MUST be bounded by maximum-commits (default 100, 000) AND maximum-bytes (default 100 MB) caps; on cap-exceeded, MUST terminate child subprocess + emit fail-closed message pointing operator at memforge revocation-snapshot. - Framing-injection defense: revocation walks MUST NOT mix attacker-controllable commit-body content with framing/record-separator bytes in a single subprocess output stream. Normative two-pass design: hashes-only first pass + per-commit isolated body fetch. - TOCTOU-safe read: protected files (operator-identity, recovery-secret, per-user config. yaml, sender-sequence, agent-sessions, seen-nonces, receiver-state) MUST be read via ONOFOLLOW + post-open fd fstat on POSIX. Windows residual same-uid TOCTOU bounded by existing scope (same-user shell malware = out of v0. 5. x scope). - Windows ACL enforcement via SID-based check: Windows ACL verification MUST use language-agnostic SIDs (S-1-1-0 Everyone, S-1-5-7 ANONYMOUS LOGON, S-1-5-11 Authenticated Users, etc. ) NOT localized principal names. Closes the v0. 5. 2 fail-open bug on non-English Windows. Reference implementation (PyPI package ildan-memforge==0. 5. 3): - 14 CLI subcommands under a single memforge dispatcher (shipped v0. 5. 1). - Cross-platform secure-file abstraction at memforge. ₛecurity (POSIX mode bits + Windows ACLs via icacls + SDDL parsing, SID-based). - 231 tests pass; CI matrix ubuntu + macos + windows x Python 3. 10 / 3. 11 / 3. 12. Bundle contents: SPEC. md, VERSION, taxonomy. yaml, v0. 5. 3-known-limitations. md, CHANGELOG. md (full version history through v0. 5. 3), LICENSE (Apache-2. 0), README. md. Defensive-publication context: this Zenodo deposit is one of three timestamped third-party anchors for the MemForge spec text (Channel 1: Software Heritage SWHID; Channel 2: this Zenodo deposit; Channel 3: GitHub release tags). v0. 5. 1 and v0. 5. 2 were skipped in the Zenodo deposit channel by maintainer decision; v0. 5. 3 is the first end-to-end-baked release worth depositing. v0. 5. 0 deposit at DOI 10. 5281/zenodo. 20113964 remains the historical anchor for the v0. 5. 0 spec snapshot. Install: pip install ildan-memforge==0. 5. 3 Source code + spec history: https: //github. com/ildan-ai/memforge https: //github. com/ildan-ai/memforge/releases/tag/v0. 5. 3 License: Apache-2. 0
Mike Hiltz (Sun,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: