Dedicated MCP Tool for Sensitive Memory Access
under review
I
Ignacio Montenegro
Current behavior:
All stored memories appear to be retrieved through the same MCP tools, regardless of how sensitive they are.
User problem:
As users store increasingly personal context in AI memory systems, they need stronger control over sensitive information. Treating all memories the same creates trust and safety concerns.
Desired behavior:
Create a separate MCP tool (e.g., get_sensitive_memory) that sits behind a permission layer, giving users explicit control over when an AI can access their most private information.
Desired permission model (similar to Claude MCP tool permissions):
- Always ask for permission
- Always allow
- Never allow
Sensitive data classification - privacy-preserving approaches:
Option 1: User-controlled tagging
Users manually mark a memory as sensitive when storing or editing it. Simple to understand, gives full control, requires no server-side content analysis.
Option 2: AI-side lazy marking
When an AI retrieves a memory during normal use and identifies it as sensitive, it calls a tool like mark_as_sensitive. Membase only stores metadata ("this memory key = sensitive") without reading the content or knowing why it was flagged. Classification happens entirely in the AI layer.
Ideal solution: Use both approaches together - users can proactively tag sensitive memories, and the AI can flag sensitive memories when it encounters them during normal use.
Why it matters:
This would be a strong trust and safety differentiator for Membase, especially as users store more private and personal context in AI memory systems.
Autopilot
Merged in a post:
Sensitive Memory Classification and Access Control
I
Ignacio Montenegro
Create a dedicated MCP tool for accessing sensitive memories, such as get_sensitive_memory, protected by a permission layer so users have explicit control over when an AI can access private information. This tool could follow Claude's MCP permission model: always ask for permission, always allow, or never allow. Sensitive-memory classification should happen without Membase reading or analyzing encrypted user content server-side. To preserve privacy, Membase could support user-controlled tagging, where users manually mark a memory as sensitive when storing it, and AI-side lazy marking, where the AI identifies a memory as sensitive during normal use and calls a mark_as_sensitive tool. Membase would only store metadata saying that a specific memory key is sensitive, without reading the content or learning why it was flagged. Combining both approaches would let users proactively tag sensitive memories while allowing the AI to catch anything they miss.
Joshua Park
marked this post as
under review