Memory & sessions
Most assistants start every session with amnesia: the dead end you hit on Tuesday gets re-recommended on Thursday. rlat wires a memory into the session itself — what the assistant learned surfaces at the next prompt, what happened is captured when the session ends, and none of it asks for your labour. One command turns it on, and only one of its seventeen subcommands ever needs an API key.
A session with memory on
Three things happen around every session, all of them automatic:
| When | What runs | What you see |
|---|---|---|
| At each prompt | The recall hook asks the memory: does anything earned in past sessions bear on this? Relevant claims are injected into the assistant's context — gated, so an irrelevant lesson stays out. | The assistant already knows the fix that worked and the approach that failed. |
| At session end | The capture hook reads the transcript, scrubs it for credentials, and lands what happened as experience claims — deduplicated, workspace-scoped, fail-open. | One receipt line:
[rlat] Captured 1 row (0 redactions). |
| When you run it | A consolidation pass re-derives each claim's confidence from outcomes, then prunes what stopped earning its place. Fully mechanical — no LLM, no key. | A tighter store, not a bigger one. |
One split to hold onto: your lessons live in a per-user
store on your disk (~/.rlat/memory/<user>/),
never inside a knowledge model — the .rlat file is
built to be shared, so only world facts land there. This page is
the operational half: hooks, the recall daemon, the capture
pipeline, privacy, and the full command table. The conceptual half
— what a claim is, how it earns confidence, how it is retired — is
the claim system page.
One command
rlat memory install-hooks
That wires two hooks into the project's Claude Code
settings.json (an idempotent merge — safe to re-run,
never clobbers what's there):
| Hook | Command | Job |
|---|---|---|
UserPromptSubmit | rlat memory hook |
Recall — inject relevant past claims at the prompt. |
SessionEnd | rlat memory capture |
Capture — land what the session learned. |
Add --user to install into ~/.claude/settings.json
instead of the project's. Add --mine to also opt in to
world-fact mining (below). Both hooks fail open: if
memory breaks, your session never does — the hook exits clean and the
worst case is a session that simply isn't remembered.
Inside the pause
Recall has to fit inside the moment between you pressing enter and
the model starting to think — so it can't load an encoder per prompt.
A long-lived recall daemon holds the encoder and the
claim store warm; the hook is a local round-trip to it, not a cold
start. The daemon listens on a per-user named pipe (Windows) or Unix
socket, guarded by a random key written 0600 on first
boot — on a shared host, nobody else's hook can reach your memory.
rlat memory recall --daemon # boot the warm server
rlat memory recall "fabric auth" # one-shot query, no daemon needed
rlat memory doctor # one line per check: store, daemon, hooks
Injection is gated, not generous. A claim surfaces only when it is
relevant to the prompt, eligible for this workspace, and trusted
enough to be worth the tokens — the ranking is the claim system's
relevance-times-trust ordering. When an injection does fire, you can
grade it: rlat memory feedback good (or
bad) votes on the most recent one, and the vote feeds
the claim's record.
Zero-labour, by design
At session end the pipeline runs four steps, none of them yours:
- Gate — trivial sessions ("ok", "thanks", "continue") never land. A session must have said something durable to be worth a row.
- Scrub — every captured text passes the credential redactor before it touches disk (next section).
- Dedup — a lesson the store already holds isn't written twice; the existing claim's recurrence count goes up instead, which is evidence, not noise.
- Scope — the claim is tagged with the workspace it was learned in, so one project's lessons don't leak into another's recall.
The default path is fully mechanical — one claim per session, no LLM anywhere. Two opt-in extractors sharpen it, and both fall back to the mechanical path the moment the LLM is unavailable:
- Atomic capture (
RLAT_ATOMIC_CAPTURE=1) — an LLM splits the session into its specific facts and decisions, one claim each, so the same fact recurring in a future session recognises itself and lifts its trust. - World-fact mining (
install-hooks --mine) — a passive miner reads what you said and lands durable world facts into the project's knowledge model, behind four gates measured at 0.86 precision, 1.00 recall, and zero privacy leaks (E2c). Prefer no API key? The rlat-learn skill does the same job on your Claude subscription, and you approve every fact before it lands.
What never lands
Memory lives on your disk, under
~/.rlat/memory/<user>/ — no service, no telemetry,
nothing leaves the machine. Before any text lands there, the
redactor strips every credential shape it knows: AWS access keys,
Anthropic and OpenAI keys, GitHub tokens (classic and fine-grained),
JWTs, PEM private keys, long hex secrets. Files that exist to hold
secrets — .env, *.key, *.pem,
id_rsa, AWS credential files — are denylisted whole:
the capture keeps which file was read, never what was in
it. Every redaction is logged to redaction.log so you
can audit what was caught.
The redactor catches credentials, not PII — emails, phone numbers, and names pass through, because mechanical patterns over-flag that kind of text. The mining path adds its own person-fact gate on top (facts about you are dropped entirely; zero leaks across all seven planted traps in E2c) — but plain session capture has no semantic PII layer today.
Forgetting, and the line we won't cross
rlat memory consolidate is the whole maintenance story:
it re-derives each claim's confidence from the cumulative outcome
ledger, then applies the forget pass — decayed claims, redundant
events, stale rows. Protections override drops: a claim you wrote by
hand, a recently-corroborated claim, a severe warning, and every
falsification record are all held back. Mechanical end to end;
--dry-run shows what would change without touching
disk.
One thing it will not do is silently retire a claim because outcomes turned against it. We wanted that — a loop that cleans its own mistakes — and we tested it three ways. All three failed the pre-registered safety bar: every rule that cleared wrong facts also killed true ones. The full failure record is published, and the boundary it bought is in the product: outcome signals lower a claim's confidence and surface it, but retiring it stays your act, or re-verification's. A memory that quietly deletes true things is worse than one that asks.
Seventeen subcommands, one key
Everything under rlat memory, grouped by job. The key
column is the whole answer to "what does this cost me": one
subcommand calls an LLM, the rest never do.
| Command | What it does | API key? |
|---|---|---|
| Daily use | ||
add | Write a claim by hand (--polarity prefer|avoid|factual). | No |
list | See the store — text or JSON, filterable. | No |
recall | Query the memory; --daemon boots the warm server. | No |
feedback | Vote good/bad on the last recall injection. | No |
| Session plumbing | ||
install-hooks | Wire the recall + capture hooks (--user, --mine). | No |
hook | The UserPromptSubmit entry point the hook calls. | No |
capture | The SessionEnd entry point — the capture pipeline. | No — opt-in LLM extraction if a key is present; falls back without one |
doctor | Probe the store, daemon, and hooks — one line per check. | No |
| Trust & calibration | ||
corroborate | Confirm a claim — raises confidence one rung. | No |
verify | Judge low-confidence claims against a knowledge model; confirm raises, contradict drops. --cost-cap-usd bounds spend. | Yes |
train | Mutate a claim directly: --bad-vote / --good-vote / --corroborate. | No |
| Housekeeping | ||
consolidate | The session-end pass: confidence raise → forget. --dry-run previews. | No |
dedup | Retroactively collapse duplicate event claims. Idempotent. | No |
gc | Manual deletion, filter required (--polarity, --max-age-days, --is-bad…). | No |
| Scorecard | ||
eval | The longitudinal scorecard — is memory getting more useful over time? | No |
rollup | Weekly digest: this week vs last, PASS/FAIL. | No |
session-mark | Record a session boundary so eval slices by session. | No |