codex-mem should be local-first and store only durable, high-value, necessary memory by default.
Sensitive material should not enter the main memory index by default.
Examples:
- API keys
- tokens
- passwords
- credentials
- raw personal data
- private customer payloads
The system should support a privacy intent equivalent to:
privatedo_not_storeephemeral_only
Rules:
- Marked private content must not be written into durable searchable memory.
- Private exclusions outrank automated enrichment.
- Imports must not reintroduce excluded content.
Includes:
- handoffs
- high-value notes
- scope metadata
Retention:
- retained by default until user deletion or archival
Includes:
- import tracking
- payload hashes
- external ids
Retention:
- retained long enough for dedupe usefulness
Includes:
- recovery handoffs
- inferred summaries
Retention:
- retained with clear provenance labels
Includes:
- raw imports
- event fragments
- temporary parsed cache content
Retention:
- not part of the primary memory index by default
- may have shorter retention windows
Preferred behavior:
- state transitions for normal lifecycle
- hard deletion only for explicit user request, sensitive data removal, or maintenance cleanup
Rules:
- Do not use hard deletion as the normal way to complete work.
If a stored record contains sensitive data:
- redact or replace sensitive fields when possible
- preserve non-sensitive structure if still useful
- record provenance of modification
- hard delete if redaction is insufficient
Search must not surface records that are:
- explicitly private
- redacted into non-retrievable form
- moved to a non-searchable archival tier
AGENTS.md must not instruct Codex to persist secrets or private payloads.