research(memory): collaborative memory with multi-agent access control (CollabMem) #1864
Description
Summary
Two-tier memory (private + shared) with immutable provenance tracking and dynamic bipartite-graph access control for multi-user/multi-agent scenarios. Enables safe cross-agent knowledge transfer without permission leaks.
Source: arXiv 2505.18279 — Collaborative Memory: Multi-User Memory Sharing in LLM Agents with Dynamic Access Control
Alireza Rezazadeh et al., Accenture Center for Advanced AI. Published 2025-05-23.
Key Results
- Bipartite graph encodes user ↔ agent ↔ resource permissions, updated dynamically
- Each fragment carries immutable provenance: contributing agent, accessed resource, timestamp
- Retrospective permission checks: can revoke access to historical fragments
- Significant overhead reduction vs. per-user context duplication
Applicability to Zeph
Current gap: Zeph's SQLite+Qdrant memory has no per-agent or per-user boundaries. Subagent memory writes go into the same key_facts / episodes tables as the root agent. A malicious subagent could pollute root agent memory.
Integration points:
- A2A multi-agent: incoming A2A agent sessions should have scoped memory access — read shared pool, write only to their private scope
- Subagents: each spawned subagent gets a memory scope bound to its task; on completion, root agent promotes approved facts to shared memory
- ACP multi-session: IDE sessions share a read-only knowledge base but write to session-private memory
Schema changes: Add memory_scope column to key_facts + episodes; MemoryAccessPolicy struct maps agent_id → (read_scopes, write_scope).
Complements: #1608 (episodic-to-semantic promotion), #2603.10062 memory architecture vision paper.
Implementation Sketch
MemoryScope { public, private(agent_id), shared(session_id) }enumSemanticMemory::search()accepts scope filter;save()tags with agent_id scope- Config:
[memory.access_control] enabled = false, default_scope = "public" - Migration: add
scope TEXT NOT NULL DEFAULT 'public'to relevant tables