Skip to main content
Use this guide before running Memproof in production.

Security Hardening

  • Enable auth hooks for all operations (remember, update, forget, search).
  • Keep redaction enabled and test custom redaction patterns for sensitive fields.
  • Use Trailproof audit trail signing (trail_signing_key) with a key from a secret manager.
  • Use private vulnerability reporting (SECURITY.md) and rotate compromised keys quickly.

Reliability Hardening

  • Prefer durable audit trail storage (trail_store="jsonl" with a trail_store_path).
  • Run verify_audit_trail() periodically to detect tampering in the hash chain.
  • Set idempotency keys for client retries on mutating calls.
  • Define incident runbooks for policy denials, quarantine growth, and provider outages.

Operability Baseline

  • Track p95/p99 latency by operation (remember, update, search, forget).
  • Monitor audit trail size and verify hash chain integrity.
  • Monitor approval backlog and blocked/quarantined rates.
  • Run benchmark workflows periodically (perf-baseline.yml).

Change Management

  • Require CI gates before merge (ci.yml).
  • Require reviewed PRs for policy/schema/audit trail changes.
  • Keep release and deprecation notes current (CHANGELOG.md).

Release Governance

  • Use tag-driven releases (vX.Y.Z) through release.yml.
  • Verify package version parity before publish.
  • Enable branch protection and required checks on default branch.