┌─────────────────────────────────────────────────────┐  
│                  Domain Memory Store                 │  
│                  (domain: acme.gao)                  │  
│                                                      │  
│  ┌──────────────┐  ┌──────────────┐  ┌───────────┐  │  
│  │  Agent Namespace  │  │  Shared Namespace  │  │  System  │  │  
│  │  acme:agent-01  │  │  acme:shared       │  │  acme:sys │  │  
│  │                  │  │                    │  │           │  │  
│  │  - session state │  │  - domain metadata │  │  - audit  │  │  
│  │  - task queues   │  │  - cross-agent data│  │  - policy │  │  
│  │  - agent memory  │  │  - shared KV store │  │  - config │  │  
│  └──────────────────┘  └────────────────────┘  └───────────┘  │  
└─────────────────────────────────────────────────────────────────┘

---

### Namespace Model

Every memory entry belongs to a **namespace** with the format `domain:namespace`.

Namespace Type

Pattern

Access

Agent-private

`domain:agent-{id}`

Owning agent only

Domain-shared

`domain:shared`

All agents in domain (with CAP)

System

`domain:sys`

Read-only for agents; write by protocol

Cross-domain

`other-domain:*`

Requires explicit cross-domain CAP grant

Cross-domain memory access is explicitly disabled by default. Enabling it requires:

1.  A cross-domain CAP grant signed by **both** domain owners
    
2.  Namespace-level read/write permissions specified in the grant
    
3.  The grant is recorded on-chain and visible in both domains’ audit logs
    

---

### Memory Entry Schema

{  
  "key": "order:pending:12345",  
  "namespace": "acme.gao:agent-seal-order",  
  "value": { ... },  
  "created_at": "2026-03-01T10:00:00Z",  
  "updated_at": "2026-03-15T14:30:00Z",  
  "ttl": 7776000,  
  "created_by_receipt": "receipt_abc123",  
  "last_modified_by_receipt": "receipt_def456",  
  "schema_version": "1"  
}

Every memory write is linked to the **GAR receipt** that produced it. This means every piece of agent-generated state is auditable back to the specific execution that created or modified it.

---

### Read/Write Model

#### During Execution

Execution Window:  
  │  
  ├── agent.memory.stage_write("order:12345", {...})  // staged, not committed  
  ├── ... more actions ...  
  ├── execution completes  
  └── receipt emitted  
       │  
       └── staged_writes committed to Memory Store  
           └── each committed entry references the receipt

If execution fails or times out, staged writes are discarded. No partial state is committed.

#### Reads

Agents can read from their permitted namespaces during execution. Reads do not produce audit entries (to avoid noise), but the policy snapshot governs which namespaces are readable.

---

### Retention Policy

Retention Tier

Default TTL

Use Case

Session

24 hours

Temporary task state

Operational

90 days

Active workflow data

Record

365 days

Business records, receipts

Permanent

No expiry

Domain configuration, identity data

Domain owners configure retention tiers per namespace in their domain policy. Retention cannot be reduced below the minimum required by compliance rules (currently 90 days for any namespace involved in a settlement).

---

### Memory in the Context of $GAO Economics

Memory storage consumes **DePIN compute resources (L7)**. Storage costs are:

-   Metered by namespace size and retention tier
    
-   Paid via Gao Payment (L4) on a usage basis
    
-   Denominated in the domain’s preferred settlement currency
    
-   Visible in the Workspace (L1) cost dashboard
    

High-volume agents should design their memory schema carefully to minimize unnecessary state accumulation.

---

### Encryption & Privacy Model

#### At-Rest Encryption

All memory store data is encrypted at rest. The encryption model is:

Namespace Type

Encryption Key Holder

Gao Labs Access

Agent-private

Domain owner

Metadata only (key, namespace, timestamps)

Domain-shared

Domain owner

Metadata only

System

Protocol

Configuration data only; no payload access

Gao Labs infrastructure processes encrypted payloads only. Payload contents are not accessible to Gao Labs at rest. Key management is the domain owner’s responsibility — key loss results in permanent loss of access to that namespace’s contents.

#### Key Management Boundary

-   Encryption keys are derived from the domain owner’s key material (L5)
    
-   Domain recovery (guardian-configurable, L5) also restores memory access
    
-   Cross-domain memory grants include key exchange mechanisms; the grantor controls key scope
    
-   Gao Labs does not hold, escrow, or have recovery access to domain encryption keys
    

#### Namespace Deletion

-   Domain owners may delete individual keys, namespace prefixes, or entire namespaces
    
-   Deletion is permanent and immediate within the hot storage layer
    
-   On-chain receipt references to deleted memory entries remain valid as execution records; they reference the key path, not the payload
    
-   Retention floor: namespaces involved in settlement cannot be deleted before the 90-day minimum retention period
    

#### Legal Hold & Data Export

-   Domain owners may export their full memory store payload via the Gao SDK (`gao.memory.export()`)
    
-   Legal hold requests freeze deletion operations on specified namespaces; contact support to initiate
    
-   Gao Labs can produce metadata (key names, timestamps, namespace list) for legal process; payload contents require domain owner cooperation due to encryption boundary
    

---

### Cross-Execution Continuity

For agents that need to resume work across multiple executions (e.g., a multi-step order fulfillment flow), the recommended pattern is:

  - Staged write: order_state = { status: "awaiting_supplier", ... }  
  - Receipt emitted: receipt_001  
  - Memory committed: order:12345 → awaiting_supplier  

  - Read: order:12345 → { status: "awaiting_supplier" }  
  - Actions: confirm stock, notify customer  
  - Staged write: order_state = { status: "confirmed", ... }  
  - Receipt emitted: receipt_002  
  - Memory committed: order:12345 → confirmed

The full execution history is queryable by joining memory entries with their linked receipts.

---

### Memory Isolation Guarantees

Guarantee

Enforcement

Agent A cannot read Agent B’s private namespace

Namespace access control in GAR v1

Domain A cannot read Domain B’s memory

Cross-domain CAP required; enforced by runtime

Agent cannot write memory without a receipt

Staged-write model; committed only post-receipt

Deleted entries are not recoverable by agents

Deletion is permanent within the retention window

---

### SDK Access

// Read from agent namespace  
const order = await gao.memory.get('order:12345');  
// Stage a write (committed after receipt emission)  
await gao.memory.stage({  
  key: 'order:12345',  
  value: { status: 'confirmed', timestamp: Date.now() },  
  ttl: 7776000, // 90 days in seconds  
});  
// Query with prefix  
const pendingOrders = await gao.memory.list({ prefix: 'order:pending:' });  
// Cross-domain read (requires cross-domain CAP)  
const partnerData = await gao.memory.get('partner.gao:shared:catalog', {  
  crossDomainCapToken: process.env.CROSS_DOMAIN_CAP  
});