feat(memory): persistent agent memory system (Phase 1) — foundation

[fanhongy]

First of 8 PRs splitting #179 (which exceeded GitHub's reviewable size — Copilot literally returned "exceeds the maximum number of lines (20,000)") and reviewer bandwidth. This PR ships Phase 1 only — file-based wiki storage, MCP store/recall/forget, CLI commands, and tiered retention.

Phases 2 onwards (SQLite metadata, BM25 search, hardening, plugin-based auto-save, LLM compilation, lint/heal, import/export, federation) follow in subsequent PRs.

What's in this PR

• File-based wiki storage at `~/.aws/cli-agent-orchestrator/memory/{project_hash}/wiki/`
• 4 scopes: `global`, `project` (cwd-hashed), `session`, `agent`
• MCP tools: `memory_store`, `memory_recall`, `memory_forget`
• CLI commands: `cao memory list/show/delete/clear`
• Auto-inject `` context block on first user message
• Tiered retention with background cleanup (`cleanup_service`)
• `fcntl.flock()` for concurrent-write safety
• 65 new tests, 100% pass

What's explicitly NOT in this PR

• Auto-save hooks — Phase 1 ships memory primitives only. Agents must call `memory_store` explicitly via MCP. Hook-driven auto-save is delivered in a later PR via per-provider plugins (`cao-memory-claude-code`, `cao-memory-kiro-cli`) per @patricka3125's recommendation in feat(memory): add persistent agent memory system (Phase 1) #179 (use Claude Code plugins rather than in-line `settings.local.json` edits).
• SQLite metadata layer → PR Inbox Service #2 (Phase 2)
• BM25 / semantic recall → PR Inbox Service #2
• Hardening (PreCompact safety, scope cap, ISO-8601, marker file) → PR Feature: async delegate #3 (Phase 2.5)
• LLM wiki compilation, cross-references, 3-factor scoring, daily audit log, Kimi extract → PR tmux install script #5 (Phase 3)
• Wiki self-healing, import/export, federation → PR update README: orchestration modes #6–Update issue templates #8 (Phase 4)

Resolves from #179

• 14 CodeQL findings on `hooks/registration.py` (#3097824340–#3097972567) — resolved by deletion. The Phase 1 hook-registration code was removed from this PR; auto-save is delegated to plugins in a subsequent PR. The CodeQL warnings vaporise with the file.
• @patricka3125 inline #3098337061 ("recommend Claude plugin instead of in-line settings.local.json") — Phase 1 no longer writes to `settings.local.json` at all. Plugin migration (separate PR) implements Pat's recommendation directly.
• @patricka3125 inline #3098438410 ("de-scope or defer auto-save hook") — explicitly deferred from this PR. Auto-save returns via plugins.
• @patricka3125 issue-comment #4266032266 (LLM memory-usage guidance) — partially addressed via agent-profile blocks in `developer.md`/`reviewer.md`/`code_supervisor.md`. Sub-points (scope rubric, exclusion list) will tighten in subsequent PRs.
• @haofeif Phase 1 deliverable matrix — items shipped: `Memory` model, `MemoryService` (store/recall/forget), MCP tools, scope precedence, retention cleanup, wiki layout, `index.md`. Items deferred: SQLite metadata, REST CRUD, per-scope cap → addressed in subsequent PRs.

Test plan

• `uv run pytest test/services/test_memory_service.py test/cli/commands/test_memory.py test/providers/test_memory_injection.py` → 65/65 pass
• `uv run black --check src/ test/` → clean
• `uv run isort --check-only src/ test/` → clean
• CI on this branch passes
• Manual smoke: `cao memory list` against a fresh `~/.aws/cli-agent-orchestrator/memory/` dir

Note for dogfood

Until the plugin migration PR lands, agents will not auto-save. They must call `memory_store` explicitly. The agent-profile guidance blocks instruct them to do so when storing facts that should outlive the session.

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Introduces Phase 1 of a persistent, file-backed “memory” subsystem for CLI Agent Orchestrator, including a new MemoryService, MCP tools (memory_store/recall/forget), CLI commands (cao memory ...), and first-message context injection (<cao-memory>), plus retention cleanup.

Changes:

• Added file-based wiki storage + indexing for scoped memories (global/project/session/agent) via MemoryService.
• Exposed memory operations through MCP tools and added CLI commands to inspect/manage stored memories.
• Added background cleanup for retention and extensive unit/integration test coverage.

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 11 comments.

Show a summary per file

File	Description
src/cli_agent_orchestrator/services/memory_service.py	Core file-based storage/recall/forget + context block generation.
src/cli_agent_orchestrator/services/terminal_service.py	Injects <cao-memory> into first message (provider-dependent) and cleans up injection state on terminal deletion.
src/cli_agent_orchestrator/services/cleanup_service.py	Adds memory retention cleanup pass.
src/cli_agent_orchestrator/models/memory.py	Introduces Memory, MemoryScope, MemoryType model/enums.
src/cli_agent_orchestrator/mcp_server/server.py	Adds MCP tools: memory_store, memory_recall, memory_forget.
src/cli_agent_orchestrator/cli/commands/memory.py	Adds cao memory list/show/delete/clear commands.
src/cli_agent_orchestrator/cli/main.py	Registers the new memory CLI command group.
src/cli_agent_orchestrator/api/main.py	Runs memory cleanup on startup; adds /terminals/{id}/memory-context endpoint.
src/cli_agent_orchestrator/constants.py	Adds MEMORY_BASE_DIR constant under CAO home directory.
docs/memory.md	Documents scopes, types, tools, injection behavior, storage layout, retention.
README.md	Adds memory system feature to top-level project feature list.
CHANGELOG.md	Adds Unreleased entry describing Phase 1 memory functionality.
src/cli_agent_orchestrator/agent_store/developer.md	Adds guidance to use memory tools.
src/cli_agent_orchestrator/agent_store/reviewer.md	Adds guidance to use memory tools.
src/cli_agent_orchestrator/agent_store/code_supervisor.md	Adds guidance to use memory tools.
test/services/test_memory_service.py	Extensive store/recall/forget/cleanup/security tests for MemoryService.
test/providers/test_memory_injection.py	Tests first-message injection behavior + “no config file mutation” guarantees.
test/cli/commands/test_memory.py	Tests CLI command behaviors with mocked MemoryService.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[haofeif]

PR Review — Memory System Phase 1

Combined findings — Copilot + manual review (verified)

All findings re-verified against PR head (f05ee6b). The "Copilot" column shows whether the finding came from the automated reviewer; items marked "—" are additional from manual review.

P0 — block merge; ships the feature broken

ID	Copilot	Issue	File:Line
P0-A	yes	Project cwd always None → project scope routes to global dir	memory_service.py:652
P0-B	yes	Kiro (default provider) skipped from memory injection with no replacement hook	terminal_service.py:353

Why P0:

• P0-A — _get_terminal_context() returns {"cwd": None, ...} hardcoded (line 651-652). The comment claims "resolved dynamically via tmux"; no such resolution is wired. With cwd=None, resolve_scope_id("project", ctx) returns None, then _get_project_dir (line 117-122) falls back to base_dir / "global". Tests pass only because they monkeypatch _get_terminal_context. Production silently broken.
• P0-B — terminal_service.py:353 skips inject_memory_context when provider == kiro_cli, comment says "Kiro uses the AgentSpawn hook for injection." But commit f05ee6b deleted the entire hooks/ directory, including cao_kiro_prompt_hook.sh. Kiro is the default provider; on main after this lands, most users get zero memory injection.

P1 — block merge; user-visible correctness bugs

ID	Copilot	Issue	File:Line
P1-A	yes	scope_id computed but ignored on disk for session/agent scopes	memory_service.py:123
P1-B	yes	Retention keyed on memory_type, not scope	cleanup_service.py:197
P1-C	yes	scope="project" + missing cwd silently falls back to global directory	memory_service.py:177

Why P1:

• P1-A — resolve_scope_id (lines 53-58) computes session_name / agent_profile as scope_id, but _get_project_dir (lines 117-122) ignores them and returns base_dir / "global". Different sessions and different agents collide on the same global/wiki/{session,agent}/<key>.md path. Cross-leakage on key collision; isolation API contract is misleading.
• P1-B — cleanup_service.py:73-79 keys retention dict on memory_type (user/feedback/project/reference). docs/memory.md claims scope-based retention (global/agent never expire, project 90d, session 14d). A global-scoped memory with memory_type="project" expires at 90d, contradicting the doc.
• P1-C — Same code path as P0-A. Even after P0-A is fixed, this remains the secondary safety net: when caller passes scope="project" without resolvable cwd, raise rather than silently mixing into global.

P2 — fix in this PR; cheap correctness

ID	Copilot	Issue	File:Line
P2-A	yes	tags: regex truncates hyphenated tags (ci-cd → ci)	memory_service.py:486
P2-B	yes	forget() blanks the index <!-- Updated: --> header	memory_service.py:561
P2-C	yes	Bad ISO8601: isoformat() + "Z" produces +00:00Z	mcp_server/server.py:868
P2-D	yes	"action" inferred via timestamp comparison; can mis-report on same-second upsert	mcp_server/server.py:813
P2-E	yes	CLI accepts longer keys than service truncates (60-char limit)	cli/commands/memory.py:36
P2-F	yes	Synchronous cleanup task on event loop at startup	api/main.py:166

Verification notes:

• P2-A — regex literal at line 486 is r"tags: ([^-\n|]+?)(?:\s*-->|\s*\|)". The negated class excludes -. Confirmed.
• P2-B — forget() at line 561 calls _update_index(..., "", "", "", "", "remove"). _update_index at line 290 unconditionally rewrites <!-- Updated: {timestamp} -->. Empty timestamp produces <!-- Updated: -->.
• P2-C — Memory's updated_at is parsed with replace(tzinfo=timezone.utc), so it is tz-aware. datetime.isoformat() on a tz-aware UTC time produces 2026-05-19T06:00:00+00:00. Concatenating "Z" yields invalid 2026-05-19T06:00:00+00:00Z.
• P2-D — Storage timestamp format is %Y-%m-%dT%H:%M:%SZ (second granularity). Recommended fix: have MemoryService.store() (which already computes action = "updated" if is_update else "created" at line 213) return the action so the MCP layer doesn't re-infer.
• P2-E — _VALID_KEY_RE is r"^[a-z0-9\-]+$" — character set only. _sanitize_key truncates at 60 (line 105). Add length check at the CLI boundary too.
• P2-F — cleanup_expired_memories at cleanup_service.py:82 is async def but the body uses sync Path.glob, read_text, regex. The companion call cleanup_old_data two lines above uses asyncio.to_thread — match that pattern.

P3 — defer; nits and process

ID	Copilot	Issue	Note
P3-A	—	Stale GHAS CodeQL bot comment on deleted hooks/registration.py	Commit f05ee6b removed the file; bot finding stale. Dismiss in UI; no code change.
P3-B	—	No production-path test for _get_terminal_context()	Once P0-A is fixed, add a test that exercises real tmux lookup so it can't silently regress.
P3-C	—	Verify docs/memory.md reflects actual retention policy after P1-B fix	Doc-only; required when resolving P1-B.

(Earlier draft had a separate "file roundtrip in store()" finding; on re-verification this is the same fix as P2-D — store() already knows action and should return it. Merged into P2-D. Not a separate finding.)

Tally

Source	P0	P1	P2	P3	Total
Copilot	2	3	6	0	11
Manual	0	0	0	3	3
Combined	2	3	6	3	14

Merge gate summary

• 5 issues block merge (2× P0, 3× P1) — all from Copilot.
• 6 issues should land in this PR (P2 — all cheap, all from Copilot).
• 3 are deferable (P3 — all from manual review; primarily test/doc/process).

Copilot's review accuracy on this PR was 100% — every cited line was verified against actual code at PR head f05ee6b. The manual review contribution is severity framing, test coverage gap, doc consistency, and the GHAS bot stale-comment cleanup — not safety-critical, but useful.

Process notes (not findings)

• The 8-PR split structure is sensible. Approve the split independent of code review; remaining 7 PRs will be reviewable in isolation.

Suggested fix order

1. Wire cwd into _get_terminal_context() from tmux (P0-A)
2. Re-enable memory injection for Kiro until the plugin PR lands, or explicitly scope this PR to non-Kiro providers in the description (P0-B)
3. Decide: nest scope_id in the path, or strip it from the API (P1-A, P1-C)
4. Key retention on scope, not type; update docs/memory.md to match (P1-B, P3-C)
5. Sweep P2: tags regex / forget timestamp / ISO8601 / store() returns action / CLI key length / to_thread cleanup task
6. Add the missing _get_terminal_context smoke test (P3-B)
7. Dismiss the stale GHAS comment in GitHub UI (P3-A)

Net ask: ~10–15 lines of substantive code change to clear P0+P1, ~30–40 lines to also clear P2, plus one doc update. Reasonable in a single revision.

[fanhongy]

Thanks for the input @haofeif. All 12 findings addressed in 5af8217 except P3-A (stale CodeQL bot comment, dismissed in UI). Per-row resolution:

ID	Resolution
P0-A	_get_terminal_context() now resolves cwd via terminal_service.get_working_directory() (lazy import to break the cycle). Production path no longer silently routes project-scoped stores into the global container.
P0-B	send_input() injects memory context for every provider, including Kiro. The skip was predicated on the AgentSpawn hook handling injection; that hook ships in the plugin-migration PR (#4 in the 8-PR plan), so inline is the right Phase 1 path.
P1-A	get_wiki_path() and _update_index() now nest scope_id for session and agent scopes (session/<scope_id>/<key>.md). No more cross-session/cross-agent collisions on identical keys.
P1-B	Retention is now scope-keyed: SCOPE_RETENTION_DAYS = {global: None, agent: None, project: 90, session: 14}. user/feedback memory_types are a scope-independent override that never expires. Matches docs/memory.md.
P1-C	store(scope="project") now raises ValueError when scope_id cannot be resolved, rather than silently demoting to global/.
P2-A	tags: regex changed from `[^-\n
P2-B	forget() passes the current timestamp into _update_index, so deletes update the <!-- Updated: --> header rather than blanking it.
P2-C	updated_at serializes via strftime("%Y-%m-%dT%H:%M:%SZ") — no more +00:00Z malformed strings for tz-aware datetimes.
P2-D	Memory model gained an action: Optional[str] field (excluded from on-disk serialization). store() sets it; the MCP layer reads it directly instead of inferring from same-second timestamp comparison.
P2-E	_validate_key() in cli/commands/memory.py enforces the 60-char ceiling that MemoryService._sanitize_key() already silently truncates to. CLI no longer accepts keys it can never look up.
P2-F	cleanup_expired_memories() wraps the sync Path.glob and _find_expired_entries in asyncio.to_thread, matching the pattern in the sibling cleanup_old_data task. No more blocking the event loop on startup with a populated memory dir.
P3-A	Stale GHAS CodeQL comment on the deleted hooks/registration.py — will dismiss in the UI. The file vaporised in f05ee6b.
P3-B	New TestTerminalContextResolution class in test_memory_service.py exercises _get_terminal_context() end-to-end with database + tmux helpers stubbed (NOT the function itself), so a P0-A regression surfaces immediately.
P3-C	docs/memory.md updated to describe scope-keyed retention with the user/feedback override.

Test plan: 67 tests pass locally (65 + 2 new for P3-B). black --check and isort --check-only clean. Will re-verify against CI.

Implementation notes worth flagging:

• For P1-A I went with the "actually fix isolation" option (nest scope_id in path) rather than the "strip the misleading return" option. Slightly more code (~15 lines) but it preserves the API contract that session/agent are isolated tiers.
• For P2-D I extended the Memory Pydantic model with an action field rather than changing store()'s return type to a tuple. Less invasive for the existing test fixtures and other callers.

Ready for re-review.

[Copilot]

Pull request overview

Copilot reviewed 18 out of 18 changed files in this pull request and generated 6 comments.

[Copilot]

Pull request overview

Copilot reviewed 18 out of 18 changed files in this pull request and generated 5 comments.

[Copilot]

Pull request overview

Copilot reviewed 18 out of 18 changed files in this pull request and generated 5 comments.

[fanhongy]

One last High issue fixed in last commit, should be good to merge

[Copilot]

Pull request overview

Copilot reviewed 18 out of 18 changed files in this pull request and generated 5 comments.

[haofeif]

@fanhongy LGTM, thanks for the great one