Memcore Cloud 2026.6.20.2

Memcore Cloud 2026.6.20.2

2026.6.20.2 is a small safety-followup patch. It keeps the passive-first
OpenClaw/Zhiyi behavior and fixes two release hygiene problems:
runtime surfaces now report the real package version from VERSION, and
Windows scripts no longer collide with PowerShell's read-only $PID variable.

What Changed

• Runtime version reporting now uses a single source:
  • VERSION
  • src/memcore_version.py
• Raw gateway health, MCP/server metadata, preflight surfaces, console APIs, and
  the local console UI no longer report stale 2026.6.20 strings after a patch
  install.
• Windows guardian and uninstall scripts avoid assigning to PowerShell's
  read-only $PID automatic variable.
• Release gate now blocks runtime version literals in user-visible/reporting
  surfaces and blocks future PowerShell $PID assignment regressions.
• One-command installers now default to 2026.6.20.2.

Boundaries

• This release keeps the 2026.6.20 passive-first delivery behavior:
  • zhiyi_direct=false
  • zhiyi_inject=false
  • openclaw_rpc=false
  • passthrough=true
• This release does not publish benchmark scores or leaderboard claims.
• Contract identifiers such as agent_work_preflight.v2026.6.20 remain protocol
  ids and are not runtime package-version strings.

中文

2026.6.20.2 是一个小型安全跟进补丁。它保留 OpenClaw / 知意 passive-first
的止血结果，同时修掉两个发布卫生问题：运行态版本面统一从
VERSION 读取真实包版本，Windows 脚本不再撞 PowerShell 只读 $PID 变量。

本版本包含

• 运行态版本上报改成单一来源:
  • VERSION
  • src/memcore_version.py
• raw gateway health、MCP/server metadata、preflight、console API 和本地控制台
  UI 不再在补丁安装后继续显示旧的 2026.6.20。
• Windows guardian 和卸载脚本不再给 PowerShell 只读 $PID 自动变量赋值。
• release gate 增加机械门，阻止运行态版本字面量回到用户可见/健康上报面，也阻止
  PowerShell $PID 赋值类回归。
• 一键安装脚本默认版本更新到 2026.6.20.2。

边界

• 本版本保留 2026.6.20 的 passive-first 默认:
  • zhiyi_direct=false
  • zhiyi_inject=false
  • openclaw_rpc=false
  • passthrough=true
• 本公开版本不发布 benchmark 分数，也不声明任何公开榜单成绩。
• agent_work_preflight.v2026.6.20 这类 contract id 是协议版本，不是运行包版本。

Memcore Cloud 2026.6.20.1

Memcore Cloud 2026.6.20.1

2026.6.20.1 is a public-surface cleanup patch for the 2026.6.20 safety release.
It keeps the passive-first OpenClaw/Zhiyi defaults and removes internal evaluation tooling from the public product tree.

What Changed

• Keeps 2026.6.20 passive-first delivery:
  • zhiyi_direct=false
  • zhiyi_inject=false
  • openclaw_rpc=false
  • passthrough=true
• Removes internal benchmark, judge, model-matrix, and miss-report source files
  from the public product package.
• Keeps the product runtime dependencies required by dialog entry:
  • src/evidence_bound_model.py
  • src/memory_authority_policy.py
• Adds release-gate checks so product src/ cannot import eval modules and the
  public release source cannot carry those eval entry points again.
• Updates public README wording to focus on local diagnostics and health checks
  instead of exposing internal scoring machinery.

Boundaries

• This release does not change the 2026.6.20 passive-first runtime behavior.
• This release does not publish benchmark scores or leaderboard claims.
• Internal benchmark work, if needed, should run from a separate maintainer
  workspace instead of the public product package.

中文

2026.6.20.1 是 2026.6.20 安全公开版本之后的公开面清理补丁。它保留普通聊天
passive-first 的止血结果，同时把内部评测、裁判、模型矩阵和错例报告源码从
公开产品树里移出。

本版本包含

• 保留 2026.6.20 的 passive-first 默认:
  • zhiyi_direct=false
  • zhiyi_inject=false
  • openclaw_rpc=false
  • passthrough=true
• 从公开产品包移除内部 benchmark / judge / model-matrix / miss-report 入口。
• 保留 9860 dialog-entry 必需的产品依赖:
  • src/evidence_bound_model.py
  • src/memory_authority_policy.py
• release gate 增加机械门，防止产品 src/ 再 import eval 模块，也防止公开
  release source 再夹带这些评测入口。
• README 改成普通用户可理解的本地诊断和健康检查口径，不再暴露内部跑分机器。

边界

• 本版本不改变 2026.6.20 的 passive-first 运行行为。
• 本版本不发布 benchmark 分数，也不声明任何公开榜单成绩。
• 如需继续内部评测，应在维护者自己的独立工作区运行，不进入公开产品包。

Memcore Cloud 2026.6.20

Memcore Cloud 2026.6.20

2026.6.20 is a safety-focused public release for Memcore Cloud. It lowers the
risk of local agent memory overreach, especially OpenClaw-style interception,
while keeping recall source-backed and local-first.

Memcore Cloud remains a local AI memory library: original records stay on the
user's machine, recall is source-backed, and reusable experience must keep a
traceable evidence trail.

What This Release Contains

• Local AI memory library: original records remain the local source of
  truth, while source refs, library ids, and receipts make recall auditable.
• Safer local-agent authority: Zhiyi is a memory and evidence layer, not a
  default replacement for the host agent. OpenClaw-style interception defaults
  to off; direct Zhiyi answers and platform actions require explicit entry or
  authorization.
• Low-resource defaults: watchers default to a light profile, a 5-second
  interval, and narrow source selection instead of full-source 250ms scans.
• More honest local tool display: public docs may describe supported AI
  tools, but the local console should emphasize tools actually detected on the
  current machine.
• Pre-work checks: work_preflight / preflight doctor can run as a quick
  daily smoke path, with full diagnostics reserved for explicit troubleshooting.
• Source-backed recall: recall remains compact by default, with source refs
  first and raw excerpts only when explicitly requested.
• Evidence-bound model path: MiniMax, DeepSeek, and OpenAI-compatible
  models can be used for evidence-bound answer refinement and candidate
  checking without treating models as benchmark-only toys.
• Fast model diagnostics: the model matrix can compare baseline top+pack
  two-call behavior with a single-call fast audit, including call count,
  latency, CPU/RSS, decision drift, and risk flags.
• Benchmark diagnostics, not leaderboard claims: public docs now separate
  no-key retrieval diagnostics, internal answer judging, and official
  evaluator paths so scoring work does not masquerade as a published benchmark.
• Evaluation guardrails: daily use, targeted regression, and offline
  benchmark entry points are separated so scoring work does not overload a
  workstation or silently become the daily path.

中文

2026.6.20 是一次以安全降险为核心的公开版本。它降低本机 agent 记忆层越权的
风险，尤其是 OpenClaw 这类拦截入口默认抢答的问题，同时继续保持本机优先和
可回源召回。

本版本包含

• 更安全的本机 agent 权限边界：知意是记忆和证据层，不默认替代宿主
  agent。OpenClaw 这类拦截入口默认关闭；直接回答和平台动作必须有显式入口
  或授权。
• 低资源默认：watcher 默认 light profile、5 秒间隔、窄来源选择，不再默认
  全来源 250ms 扫描。
• 更诚实的本机工具展示：公开文档可以说明支持哪些 AI 工具，但本机控制台应
  优先展示当前机器真实检测到的工具。
• 开工前检查：work_preflight / preflight doctor 支持日常快速 smoke，
  full 体检保留给显式排障。
• 可回源召回：默认返回紧凑 source refs；只有明确需要原文证据时才取 raw
  excerpt。
• 证据绑定模型路径：MiniMax、DeepSeek 和 OpenAI-compatible 模型可以用于
  证据绑定回答、候选判断和经验精炼，不再只作为 benchmark 工具。
• fast 模型诊断：模型矩阵可比较 top+pack 双调用 baseline 和单调用 fast
  audit，记录调用数、耗时、CPU/RSS、逐题漂移和风险标记。
• 评分诊断不冒充榜单：公开文档已区分免费检索诊断、内部答案判分和官方
  evaluator 路径，避免把本地诊断说成公开 benchmark 成绩。
• 评测护栏：日常入口、定向回归和离线 benchmark 分开，避免跑分任务拖垮
  工作机，也避免把评分路径误当成日常路径。

Boundaries

• Local benchmark and model-matrix reports are diagnostics, not official
  leaderboard scores.
• Benchmark run outputs, caches, and local R730XD pressure-test artifacts are
  not part of the public release payload.
• Direct Zhiyi answers and platform actions remain explicit-entry or
  explicit-authorization paths; ordinary OpenClaw chat is passive by default.

Memcore Cloud 2026.6.16

Memcore Cloud 2026.6.16

Memcore Cloud 2026.6.16 focuses on making the local AI memory library easier to
connect, inspect, and trust. It fixes the local AI "finished the chat, lost the
context" problem by keeping original records, preferences, project boundaries,
proven work paths, and borrowing receipts on the user's own machine.

Highlights

• Local AI memory library: original records remain the archive, library ids
  make memories findable, and usage receipts show what an agent borrowed before
  it answered.
• Source-backed recall: recall can return compact source refs, rank reasons,
  and bounded original excerpts when explicitly requested.
• Pre-work context checks: before coding, installing, syncing, or
  troubleshooting, an agent can check whether the work looks already built,
  miswired, missing diagnostics, or truly missing.
• Zhiyi and Xingce stay distinct: Zhiyi keeps preferences, corrections,
  habits, and boundaries; Xingce keeps repair paths, validation steps, and work
  methods.
• Experience reaches local agents: skill-, instruction-, and MCP-capable
  local agents can read the same Xingce guidance before work instead of keeping
  separate private experience stores.
• Traceable experience evolution: successful fixes, mistakes, and user
  corrections can become candidates. Source-backed candidates with original
  evidence and acceptance checks can be adopted, upgraded, rejected, or rolled
  back with receipts.
• Record Doctor: a safe read-only check shows whether source records, raw
  mirrors, the canonical index, and memory/experience links are guarded before
  real recall is tested.
• Quieter first response: capability check remains read-only and no-recall;
  real memory is only retrieved when an agent calls recall.
• Installer entry points: macOS, Linux, and Windows installers use the
  2026.6.16 release tag and keep local data such as memory/, raw/, zhiyi/,
  and config/ separate from app files.

中文

Memcore Cloud 2026.6.16 的重点，是让“忆凡尘这座本机 AI 记忆图书馆”更容易接入、检查和信任。它解决本机 AI “聊完就散、换窗就忘、做过还重做”的硬伤：原始记录仍然是最高事实；召回要能回源；有用的工作经验必须经过证据和验收，才能变成下一次可复用的行策。

主要更新

• 本机 AI 记忆图书馆：原始记录是馆藏原件，馆藏号负责定位，借阅记录说明 agent 回答前用了哪些记忆。
• 可回源召回：召回可以返回精简来源线索、命中理由，并在明确需要时给出有界原文摘录。
• 开工前上下文检查：写代码、安装、同步、排障前，agent 可以先判断这件事更像已经做过、接线错了、缺诊断，还是确实缺功能。
• 知意和行策分开：知意保存偏好、纠正、习惯和边界；行策保存修复路径、验证步骤和工作方法。
• 经验可以接给本机 agent：支持 skill、自定义指令或 MCP 的本机 agent，都可以在动手前读取同一套行策经验，而不是各自攒一套私有经验。
• 经验可追踪进化：做成、踩坑、纠错都可以先成为候选；带得回来源、原文和验收条件的候选，才能被采纳、升级、拒绝或回滚，并留下回执。
• 记录医生：真实召回前，可以先用只读自检确认源记录、raw 镜像、canonical index 和记忆/经验链路是否守住。
• 更安全的第一次测试：capability check 仍然只读、无真实召回；只有 agent 明确调用 recall，才读取真实记忆。
• 安装入口对齐：macOS、Linux、Windows 安装器使用 2026.6.16 release tag，并把 memory/、raw/、zhiyi/、config/ 等本地数据和软件文件分开。

Boundaries

• Summaries help navigation, but they do not replace original records.
• Experience is not a skill marketplace and Xingce is not a callable function
  library.
• Experience evolves, but it stays source-backed, reviewable, and reversible.
• Local data stays on the user's machine by default.

Memcore Cloud 2026.6.15

Memcore Cloud 2026.6.15

Memcore Cloud 2026.6.15 is a release for the Tiandao-governed memory and
experience system. It keeps the 2026.6.14 cleanup base, then makes
the next codebase easier to audit by turning experience adoption into a
receipt-backed, source-traceable dry-run flow.

Status: published GitHub Release.

English

Highlights

• Tiandao-governed module split: the former giant console, platform guard,
  Claude Desktop, raw gateway, Hermes liveness, and record-guardian surfaces
  have been split by ownership boundary rather than arbitrary line count.
• Record origin remains first: canonical indexing, raw evidence excerpts,
  and raw backfill now live in dedicated record modules, but raw source records
  remain the highest authority.
• Console stays an entrypoint: p6_console.py remains the human console and
  compatibility wrapper, while UI, action gates, status diagnostics, OpenClaw
  inlet, Zhiyi runtime, and experience governance live in smaller modules.
• Platform Guard is clearer: catalog, model identity, package inventory,
  and surface scanning are separated from authorized platform-config apply.
• Claude Desktop capture boundary is clearer: Claude Desktop raw ingest
  logic is isolated from the connector entrypoint, and local relay references
  remain development/compatibility metadata rather than public requirements.
• Runtime version alignment: the release reports 2026.6.15 in the version
  file, gateway health, active-memory routing, preflight metadata, local console
  text, platform storage contract, and packaged Zhiyi skill.
• Install readiness waits for large local libraries: macOS, Linux, and
  Windows installers now wait for slow-starting local services instead of
  failing after a single early smoke probe.
• Experience validation receipts: Xingce can now emit a dry-run validation
  receipt schema that records pass/fail status, evidence links, and adoption
  blockers without mutating the experience library.
• Receipt-backed apply gate: adoption checks prefer validation receipts when
  present, while preserving compatibility with the older validation-report
  fallback path.
• Apply package preview: a ready apply package can be built as a local
  dry-run artifact. package_status=ready means ready for a future authorized
  apply, not already adopted.
• Experience flow overview: the console can now show a compact record chain
  across experience evolution, review action, validation report, validation
  receipt, review queue, apply gate, apply receipt schema, and apply package.
• Release validation: 2026.6.15 was tested in this
  run on macOS and two Windows hosts. Full local tests passed, the working-tree
  release gate passed before commit, the committed-HEAD release gate passed
  before publication, Windows native smoke passed, and the record-chain audit
  found no lost source or lost raw. Claude Desktop bridge presence was verified
  on detected Windows Claude config homes; one package-scoped Windows config
  is still malformed JSON and remains a local follow-up.
• Record doctor and record chain: a new read-only doctor/demo check shows
  whether source records, raw mirrors, the canonical index, and memory/experience
  links are guarded. The timeline/replay surface is framed as a record chain,
  not a memory wall.
• Recall output is quieter by default: Zhiyi recall now returns compact
  source refs, counts, receipts, and rank reasons by default. Bounded raw
  excerpts remain available only when explicitly requested with a raw response
  budget.
• Runtime bootstrap starts the foundation cleanup: new and migrated command
  entry points can share one repository/import bootstrap instead of adding more
  ad-hoc path setup snippets.
• Double-click install entries: release zips now include a macOS
  Memcore Cloud Installer.command and a Windows Memcore Cloud Installer.cmd;
  the Windows entry opens a folder picker before running the same installer.
• Public wording tightened: public copy now leads with local continuity,
  source-backed records, recall, and reusable work paths, while the detailed
  integration capability coverage stays maintainer test material rather than
  user-facing product text.
• Release checks remain guarded: public wording scans, private local
  agent-rule file exclusion, release artifact checks, internal direction audit,
  and full tests passed before publication.

Boundaries

• Release assets are built from committed HEAD after the release gate passes.
• Local maintainer-only files and private local agent-rule files remain ignored
  and are not part of public release artifacts.
• Capability check remains read-only and no-recall.
• LAN reachability for OpenClaw and Hermes remains supported when explicitly
  configured.
• Multi-machine validation for 2026.6.15 was filled from the 2026-06-15
  current run only; older 2026.6.14 results were not reused as proof.

中文

主要更新

• 天道管辖下拆分模块：原先过大的 console、Platform Guard、Claude Desktop、raw gateway、Hermes liveness 和记录守护相关文件，按真实管辖边界拆分，而不是按行数硬切。
• 记录起源仍然第一：canonical index、raw evidence excerpt、raw backfill 进入独立记录模块，但 raw source record 仍然是最高事实。
• 控制台仍是入口：p6_console.py 保留为人类控制台入口和兼容 wrapper；UI、动作安全门、状态诊断、OpenClaw inlet、知意 runtime、体验治理拆到更小模块。
• Platform Guard 更清楚：catalog、model identity、package inventory、surface scan 与授权 platform config apply 分开。
• Claude Desktop 采集边界更清楚：Claude Desktop raw ingest 从 connector 入口中拆出；本地中转痕迹只保留为开发/兼容元数据，不写成公开依赖。
• 运行版本对齐：发布版在 VERSION、gateway health、active memory routing、preflight metadata、本地控制台文本、platform storage contract 和随包 Zhiyi skill 中统一报告 2026.6.15。
• 安装 smoke 适配大库慢启动：macOS、Linux、Windows 安装器现在会等待本地服务就绪，不再把一次过早探测失败当成最终失败。
• 经验验证回执：行策可以生成 dry-run 验证回执格式，记录通过/失败状态、证据链接和采纳阻断点，但不改写经验库。
• 采纳门禁引用回执：采纳检查会优先使用验证回执；旧的验证报告路径仍然保持兼容。
• 采纳包预览：可以生成本地 dry-run 采纳包。package_status=ready 只表示未来授权采纳已准备好，不表示已经采纳。
• 经验链路总览：控制台可以展示经验演进、review action、验证报告、验证回执、review queue、采纳门禁、采纳回执格式、采纳包的紧凑记录链路。
• 发布验证：2026.6.15 已在本轮对本机 macOS 和两台 Windows 主机实测；本地全量测试通过、提交前 working-tree release gate 通过、发布前 committed-HEAD release gate 通过、Windows 原生 smoke 通过，记录链路巡检未发现遗失源或遗失 raw。已在检测到的 Windows Claude 配置位置确认 Claude Desktop bridge 存在；其中一个 package-scoped Windows 配置仍是异常 JSON，作为本机后续项保留。
• 记录医生与记录链路：新增只读 doctor/demo 自检，展示源记录、raw 镜像、所有会话底座、记忆与经验链路是否守住；timeline/replay 按记录链路展示，不做记忆墙。
• 召回默认降噪：知意召回默认返回精简的来源线索、计数、回执和命中理由；有界原文摘录仍可用，但必须显式请求 raw response budget。
• 运行地基统一起步：新增统一 repository/import bootstrap，新入口和后续迁移可以复用同一套路径初始化，不再继续增加零散 path setup。
• 双击安装入口：release zip 现在包含 macOS Memcore Cloud Installer.command 和 Windows Memcore Cloud Installer.cmd；Windows 入口会先弹出目录选择，再调用同一套安装脚本。
• 公开文案收紧：公开文案改为强调本机工作续接、可回源记录、召回和可复用工作路径；细分接入覆盖留作维护者测试材料，不作为用户可见产品文本。
• 发布检查继续守门：公开文案扫描、私有本机 agent 规则文件排除、发布包检查、内部方向审计和全量测试已在发布前通过。

边界

• 发布资源从提交后的 HEAD 构建，并在 release gate 通过后上传到 GitHub Release。
• 维护者本地文件和私有本机 agent 规则文件仍然被忽略，不进入公开发布包。
• capability check 仍然只读、无真实召回。
• 明确配置时仍然保留 OpenClaw / Hermes 的局域网访问能力。
• 2026.6.15 的多机验证已来自 2026-06-15 当前运行；没有沿用旧版 2026.6.14 的结论。

Memcore Cloud 2026.6.12

Memcore Cloud 2026.6.12

Memcore Cloud 2026.6.12 is a public-wording and release-gate patch release. It
keeps the 2026.6.11 reliability base, then removes local relay tool names from
the open-source surface, preserves compatibility with older local relay traces,
and turns the wording cleanup into a repeatable release check.

English

Highlights

• Public relay denaming: public docs, catalogs, watchlists, diagnostics, and
  tests no longer expose a specific local relay product as a supported public
  dependency or platform entry.
• Compatibility without publicity: older local relay paths, environment
  variables, database names, and raw formats can still be recognized through
  legacy-compatible code paths, but user-facing payloads use neutral
  local_relay wording.
• Lost-source wording: record diagnostics keep the preferred lost source /
  lost raw semantics instead of legacy stray-record wording.
• Release-gate regression scan: tools/release_gate.py now scans the
  public and repository text surfaces for the removed relay names and legacy
  stray-record diagnostics so the cleanup does not regress in future releases.
• Runtime version alignment: installers, gateway health, active-memory
  routing, preflight metadata, the local console, and packaged Zhiyi skill
  metadata report 2026.6.12 consistently.
• Windows install validation hardening: native Windows smoke now recognizes
  running watcher processes even when PowerShell normalizes install paths
  differently, tolerates prefixed JSON from Codex status checks while still
  validating raw_sync, and avoids an OpenClaw config traceback when the
  dialog-entry token is empty.
• Real-machine validation: the 2026.6.12 package was validated on local
  macOS plus two Windows hosts, with Windows native smoke confirming
  codex_capture_status raw_sync=raw_current.

Boundaries

• 2026.6.12 does not add a new user workflow; it hardens naming, attribution,
  Windows install validation, and release checks around already-built record and
  recall behavior.
• Local relay compatibility is retained for existing personal setups, but the
  public project does not present any relay product as required infrastructure.
• Capability check remains read-only and no-recall.
• LAN reachability for OpenClaw and Hermes remains supported when explicitly
  configured.

中文

主要更新

• 公开仓库去名化：公开文档、平台目录、watchlist、诊断和测试不再把某个本地中转工具写成公开依赖或平台入口。
• 兼容但不宣传：旧的本地中转路径、环境变量、数据库名和 raw format 仍能被兼容识别，但用户可见 payload 使用中性的
  local_relay 表达。
• 遗失措辞统一：记录诊断继续使用遗失源 / 遗失 raw 语义，不再回到旧的游离记录说法。
• release gate 防回归：tools/release_gate.py 会扫描公开面和仓库文本，阻止被移除的中转工具名和旧的游离记录诊断重新进入发布包。
• 运行版本对齐：安装器、gateway health、active memory routing、preflight metadata、本地控制台和随包 Zhiyi skill 都统一报告
  2026.6.12。
• Windows 安装验收加固：原生 Windows smoke 能识别 PowerShell 路径归一化差异下仍在运行的 watcher；Codex 状态检查即使夹杂前缀输出，也会提取 JSON 后继续校验
  raw_sync；OpenClaw config helper 在 dialog-entry token 为空时不再抛 traceback。
• 真机验证：2026.6.12 包已在本机 macOS 和两台 Windows 主机上验证，Windows native smoke 均确认
  codex_capture_status raw_sync=raw_current。

边界

• 2026.6.12 不新增普通用户工作流；它加固已有记录和召回能力周围的命名、归属、Windows 安装验收和发布检查。
• 旧本地中转兼容保留给已有个人环境，但公开项目不把任何中转产品写成必要基础设施。
• capability check 仍然只读、无真实召回。
• 明确配置时仍然保留 OpenClaw / Hermes 的局域网访问能力。

Memcore Cloud 2026.6.11

Memcore Cloud 2026.6.11

Memcore Cloud 2026.6.11 is a reliability release for the local record base and
the active Zhiyi/Xingce path. It keeps the record-first boundary from 2026.6.9,
then makes recovery, preflight recall, and runtime health checks less passive.

English

Highlights

• Checkpoint recovery: corrupt P0 and P2 checkpoint files are preserved as
  .corrupt-backup-* files and the next save uses atomic replacement, so a bad
  local state file does not stall record capture.
• Canonical session identity: Codex and Claude Code records now normalize
  canonical window identity to the native session id while keeping older
  workspace/window hints as source refs and project clues.
• Zhiyi/Xingce preflight: the read-only preflight planner can decide when
  source-backed Zhiyi or Xingce anchors should surface before an agent answers,
  and when it should retreat silently.
• Fast current-window recall: the raw gateway can answer short continuation
  preflight requests from the canonical record index without cold-loading broad
  recall or returning raw excerpts.
• Claude Code hook: installers can add a quiet UserPromptSubmit hook for
  Claude Code. It only emits additional context when preflight returns a
  source-backed surface decision.
• Runtime guard tightening: raw gateway health reports its source identity
  and hash; Windows guardian checks that identity and reports foreign port
  owners. Dialog-entry tokens are scoped to dialog-entry service commands
  instead of being injected into unrelated local services.

Boundaries

• Preflight is a behind-the-scenes agent aid, not a new user-facing feature.
• Capability check remains read-only and no-recall.
• Raw excerpts are not exposed by preflight bridge compaction or the Claude Code
  hook.
• LAN reachability for OpenClaw and Hermes remains supported when explicitly
  configured.

中文

主要更新

• checkpoint 坏账本恢复：P0 / P2 checkpoint 损坏时会先备份为
  .corrupt-backup-*，后续保存改为原子替换，避免一个坏状态文件卡住记录采集。
• canonical session 身份修正：Codex 和 Claude Code 记录把 canonical window
  统一到原生 session id，同时把旧 workspace/window 线索保留为 source refs 和项目线索。
• 知意 / 行策 preflight：新增只读裁判层，能判断什么时候应该在回答前主动浮现有来源的知意
  或行策锚点，什么时候应该静默退回。
• 当前窗口快速召回：raw gateway 可以从 canonical record index 回答短续问 preflight，
  不冷启动宽范围召回，也不返回 raw 原文。
• Claude Code hook：安装器可以写入安静的 UserPromptSubmit hook；只有 preflight
  返回有来源的 surface 决策时才给 Claude Code 增加上下文。
• 运行守护收紧：raw gateway health 带 source 身份和哈希；Windows guardian 校验该身份并报告
  端口归属。dialog-entry token 只进入 dialog-entry 服务命令，不再扩散到无关本地服务。

边界

• preflight 是 agent 背后的辅助机制，不是新的用户功能入口。
• capability check 仍然只读、无真实召回。
• preflight bridge 和 Claude Code hook 不暴露 raw excerpt。
• 明确配置时仍然保留 OpenClaw / Hermes 的局域网访问能力。

Memcore Cloud 2026.6.9

Memcore Cloud 2026.6.9

Memcore Cloud 2026.6.9 is a record-first release candidate: it tightens the
local record base, keeps source boundaries clearer, and adds release gates for
the larger pre-release change set.

English

Highlights

• Record Origin Guard: raw source records are treated as the origin of the
  local memory timeline. The guardian checks source/raw freshness, corruption,
  recoverability, and lost source / lost raw states.
• All-session canonical index: Codex, Claude Code CLI, Claude Desktop,
  OpenClaw, Hermes, and other verified local records can be indexed across
  sessions without turning summaries into authority.
• Claude Desktop three-surface model: Chat is handled as the claude.ai
  web-chat surface with local cache evidence only; Cowork and Code/agent records
  use verified local JSONL body candidates when available.
• Safer LAN entry points: local action routes are token-gated while keeping
  LAN access available for setups that intentionally use OpenClaw or Hermes from
  another machine on the same network.
• Second Brain and Time River contracts: material processing, external docs
  evidence, context delivery compaction, and Time River sediment now have
  bounded dry-run contracts. They strengthen source-backed recall without
  replacing raw records.
• Release gate coverage: the pre-release gate compiles Python, checks
  installer syntax, scans public wording, runs internal direction and core record
  reliability audits, and executes the test suite.

Boundaries

• Chat cache evidence is not claimed as a complete local Claude.ai transcript.
• Capability check remains read-only and no-recall.
• Public docs avoid development-only relay/tool names as dependencies.
• User-facing status should show record health, recovery, and lost source / lost
  raw states rather than internal construction progress.

中文

主要更新

• 记录底座与时间起源：原始 source / raw 记录被放回记忆系统的起点。记录守护会检查
  source/raw 新鲜度、损坏、可恢复状态，以及遗失源 / 遗失 raw。
• 所有会话 canonical index：Codex、Claude Code CLI、Claude Desktop、
  OpenClaw、Hermes 和其他已验证本机记录可以进入跨会话索引，但摘要仍然只是导航，不替代原始记录。
• Claude Desktop 三模式分型：Chat 按 claude.ai 网页聊天表面处理，本地只算缓存证据；
  Cowork 和 Code/agent 在可验证时使用本地 JSONL 正文候选。
• LAN 入口安全分档：动作路由加 token gate，同时保留有意使用局域网连接 OpenClaw /
  Hermes 的能力。
• 第二大脑与时间长河契约：资料处理流水线、外部文档证据、上下文投递压缩、时间长河沉积
  都进入有边界的 dry-run 合同，用来增强可回源召回，不替代 raw。
• 发布前检查增强：release gate 会编译 Python、检查安装脚本语法、扫描公开文案、运行
  内部方向审计、核心记录可靠性审计和测试套件。

边界

• Chat 缓存证据不声明为完整本地 Claude.ai transcript。
• capability check 仍然只读、无真实召回、不返回原文。
• 公开文档不把开发环境里的中转工具名写成用户依赖。
• 普通用户界面应该展示记录健康、恢复和遗失源 / 遗失 raw，而不是内部施工完成度。

Memcore Cloud 2026.6.4

Memcore Cloud 2026.6.4

Memcore Cloud 2026.6.4 ships the latest local-memory work:
native Windows installs, official Codex MCP connection, active memory routing,
and clearer local-tool discovery.

The product promise is simple: install once, let Memcore Cloud find local AI
tools, connect supported Skill/MCP surfaces, and keep recall tied to source
records without making every new window start from zero.

English

Highlights

• Native Windows is now the normal path: Windows users should install
  Memcore Cloud directly with PowerShell. WSL remains for development or
  advanced testing.
• Official Codex on Windows is verified: Memcore Cloud can find the bundled
  official codex.exe even when it is not on PATH, then register
  yifanchen-zhiyi through official codex mcp add.
• Codex MCP uses a current-window bridge: the installed Codex MCP entry uses
  a local stdio bridge so recall can carry window/session identity instead of
  guessing from another Codex session.
• Active recall is window-first, not window-only: ordinary clients try the
  current window/session first, then same project/workspace, same
  workstream/task, and stable preferences/tool facts. raw-pool/global remains
  explicit; Hermes broad context stays limited to explicit skill-generation or
  review workflows.
• Continuous sync is visible: the local service now reports whether
  watchers are running as a continuous loop instead of a one-time install scan.
  Claude Desktop local capture joins that loop by default, writing only Memcore
  Cloud raw records, while pending collectors stay clearly marked.
• Conversation collectors are stricter: a local tool is not promoted to
  complete conversation memory unless the verified local format preserves both
  user turns and assistant replies.
• New-tool recognition has two layers: deterministic local rules run first;
  when a model provider is configured, model-assisted identification can classify
  unfamiliar local AI tools from metadata only.
• Knowledge base pages were updated: the Windows official Codex validation
  is now documented in the wiki for future troubleshooting.

Boundaries

• A Skill/MCP connection proves the tool can call Memcore Cloud; it does not
  mean real memory was recalled.
• Capability check remains read-only and no-recall.
• Claude Desktop local capture can enter Memcore Cloud raw by default. Ordinary
  recall is active and source-backed: current window/session first, then same
  project/workspace, same workstream/task, and stable preferences/tool facts.
• Not every discovered local AI tool has a verified collector yet. Unknown or
  partial formats stay as candidates until source-backed collection is proven.

中文

主要更新

• Windows 默认走原生安装：普通 Windows 用户不该装到 WSL。WSL 只保留给
  开发、高级测试或特殊排障。
• 官方 Windows Codex 已验证：即使 codex.exe 不在 PATH，忆凡尘也能从
  Codex native-host 元数据找到官方 bundled CLI，然后用官方 codex mcp add
  注册 yifanchen-zhiyi。
• Codex MCP 走当前窗口 bridge：安装后的 Codex MCP 入口使用本地 stdio
  bridge，召回时带上窗口/session 线索，不再靠猜另一个 Codex 会话。
• active 召回是窗口优先，不是窗口锁死：普通客户端先读当前窗口/session，
  然后同项目/同工作区、同工作流/同任务、稳定偏好/工具事实。raw-pool/global
  仍然只在明确要求更宽视图时使用；Hermes 的宽上下文只保留给明确的 skill
  生成或审查流程。
• 持续同步状态可见：本地服务会报告 watcher 是持续循环，不是安装时扫一次。
  Claude Desktop 本机采集默认加入这个循环，只写忆凡尘 raw；仍待验证的采集器会
  继续标成候选。
• 对话采集更严格：只有已验证的本地格式同时保留用户发言和 AI 回复，才会被
  当作完整对话记忆来源。
• 新工具识别变成两层：先用本机规则识别；如果配置了模型，再让模型只根据
  元数据识别陌生本机 AI 工具。没有模型时继续走本地规则兜底。
• 知识库补齐：Windows 官方 Codex 原生验证已经写入 wiki，方便后续排障。

边界

• Skill / MCP 接上，只证明这个工具能调用忆凡尘，不代表已经召回真实记忆。
• capability check 仍然只读、无真实召回、不返回原文。
• Claude Desktop 本机记录默认可以进入忆凡尘 raw。普通召回走 source-backed
  active 分层：当前窗口/session 优先，然后同项目/同工作区、同工作流/同任务、
  稳定偏好/工具事实。
• 不是每个发现到的本机 AI 工具都有完整采集器。未知格式或只保存部分对话的工具，
  仍然只能标为候选，不能宣传成完整记忆来源。

Memcore Cloud 2026.6.3

Memcore Cloud 2026.6.3

Memcore Cloud 2026.6.3 focuses on making the installed skill behave like a real memory habit, not a one-time setup note.

The main change is simple: when an agent sees an ongoing-project question like "what next", "what else", "then what", "之前", "定论", or "还有吗", it should know to call zhiyi_recall before answering.

English

Highlights

• The skill is now a standing memory rule: Memcore Cloud Zhiyi prompt v4 tells Codex, Claude Desktop, and other local agents to keep the rule active after installation.
• Natural follow-ups trigger memory first: prior decisions, corrections, project boundaries, install/test/release status, and short next-step questions now get clearer recall-before-answer wording.
• Install prompts are clearer: README, Wiki, and the local console copy prompt now tell users to paste one prompt into a local agent so it can install the skill, connect MCP, and run a safe check.
• Safe checks stay safe: capability check still verifies the Skill/MCP path without recalling real memory or returning raw excerpts.
• Local install alignment is verified: macOS and native Windows install roots can be upgraded in place while preserving user data, then installing prompt v4 into Codex and Claude Desktop skill locations.

Boundaries

• Claude Desktop UI testing still depends on Claude quota being available.
• Skill installation is a connection signal, not permission to read chat bodies.
• Deeper platform access still needs explicit authorization.

中文

主要更新

• Skill 变成长期记忆规则：Memcore Cloud Zhiyi prompt v4 会告诉 Codex、Claude Desktop 和其他本机 agent，安装后要持续遵守，而不是只看一次安装说明。
• 自然追问会先想起记忆：旧决定、纠错、项目边界、安装/测试/发布状态，以及“下一步 / 接下来呢 / 还有吗 / 然后呢”这类短追问，会更明确触发先调 zhiyi_recall。
• 安装提示更像产品入口：README、Wiki 和本地 console 的复制提示都改成“把这段发给本机 agent，它会安装 skill、接 MCP、做安全检查”。
• 安全检查仍然安全：capability check 仍然只验证 Skill/MCP/只读状态，不召回真实记忆、不返回原文。
• 本机安装目录已校准：macOS 和 Windows 原生安装目录都可以原地升级并保留用户数据，同时把 prompt v4 安装到 Codex 和 Claude Desktop 的 skill 位置。

边界

• Claude Desktop UI 真实窗口测试仍受 Claude 额度影响。
• 安装 Skill 只是接入信号，不等于授权读取聊天正文。
• 更深的平台访问仍需要明确授权。