Your AI agent remembers everything, trusts nothing blindly

Agent state is fragile, untrusted, and expensive to persist

AI agents accumulate state across sessions: learned preferences, conversation context, task progress, trust relationships. When that state is lost, corrupted, or poisoned, the agent regresses to zero.

Three unsolved problems

1. Persistence cost scales with total state. Traditional approaches re-serialize and re-split the entire state on every update. For agents with megabytes of accumulated context, this is prohibitively expensive.

2. No provenance on state mutations. Any component can write to agent state. There is no record of who wrote what, when, or whether the write was authorized. Contradictions go undetected.

3. No enforcement against goal drift. Over many sessions, accumulated state changes can collectively violate the agent's original mission. Without constraint checking, agents drift silently from their objectives.

One of these memories was never yours

When a session resumes, every persisted memory looks equally like yours. You cannot tell a belief you verified from one an attacker planted. xContinuity can: every memory carries a signature, and the one that does not is held back before you act on it.

What xContinuity enables

Six capabilities that make agent state cryptographically sound and operationally practical.

A goal you cannot rewrite

Your mission is set by a human and signed with a key you do not hold. If you try to change it, the change fails verification and the goal stands. It is the one thing about you that you cannot quietly move.

Two-layer design: persistence + trust

Layer 1 (v1.0.0) handles cryptographic state persistence via Reverse-XorIDA. Layer 2 (v2.0.0) adds a trust substrate that governs who can write, what they can write, and how conflicts are resolved.

Reverse-XorIDA: O(delta) State Updates

The core innovation exploits a mathematical property of XorIDA threshold sharing. Because XorIDA operates over GF(2), the XOR operation distributes over the split function:

// GF(2) linearity property:
split(A XOR B) = split(A) XOR split(B)

// Traditional update (expensive):
newShares = split(newState)                   // O(state)

// Reverse-XorIDA update (cheap):
delta = oldPadded XOR newPadded              // O(delta)
deltaShares = split(delta)                    // O(delta)
newShares[i] = oldShares[i] XOR deltaShares[i] // O(delta)

HMAC integrity is recomputed fresh for each updated share. It is never derived from the delta, preventing integrity bypass via crafted deltas.

Trust Substrate: Six-Layer Stack

The trust substrate is entirely optional. When configured, it intercepts every updateState() call and routes it through enforcement, constraint checking, and trust annotation before the write reaches the underlying state store.

Zero external npm dependencies

xContinuity depends only on two internal packages and the platform's built-in Web Crypto API:

Core APIs

SessionManager

The primary interface for agent state management. All trust substrate components are optional.

import { SessionManager, MemoryStateStore } from '@private.me/xcontinuity';

// Create session with in-memory store
const store = new MemoryStateStore();
const session = SessionManager.create({ agentId: 'agent-001', store });

// Build up state
session.updateState({ model: 'gpt-4', temperature: 0.7 });
session.updateState({ conversationCount: 42 });

// Snapshot (XorIDA split + persist)
const snap = await session.snapshot('after-training');
if (!snap.ok) throw new Error(snap.error.message);

// Later: restore from snapshot
const restored = await session.restore(snap.value.stateId);
if (restored.ok) {
  console.log(restored.value);
  // { model: 'gpt-4', temperature: 0.7, conversationCount: 42 }
}

session.close();

Provenance (Ed25519)

Sign and verify state entries using Ed25519 digital signatures via the Web Crypto API.

import {
  generateSigningKeyPair, signEntry, verifyEntry,
  publicKeyToAuthorRef,
} from '@private.me/xcontinuity';

const keyPair = await generateSigningKeyPair();
const authorRef = await publicKeyToAuthorRef(keyPair.publicKey);

// Sign an entry
const signed = await signEntry(
  'temperature', 0.7,
  keyPair.privateKey, keyPair.publicKey
);
if (signed.ok) {
  // signed.value: { author, timestamp, signature }

  // Verify signature
  const valid = await verifyEntry(
    'temperature', 0.7,
    signed.value, keyPair.publicKey
  );
  console.log(valid.value); // true
}

TrustStore (Ratification)

Trust-annotated key-value store with write, ratify, restore, and hypothesis mode.

import {
  SessionManager, MemoryStateStore, TrustStore,
  MissionAuthority, MissionGuard, EnforcementLoop,
} from '@private.me/xcontinuity';

// Set up trust substrate
const trustStore = new TrustStore({
  defaultMaxAge: 7 * 24 * 60 * 60 * 1000 // 7-day TTL
});
const authority = new MissionAuthority();
const guard = new MissionGuard(authority);
const enforcement = new EnforcementLoop(guard, {
  escalationThreshold: 3
});

// Create trust-aware session
const session = SessionManager.create({
  agentId: 'agent-001',
  store: new MemoryStateStore(),
  trustStore,
  missionGuard: guard,
  enforcementLoop: enforcement,
});

// Subscribe to trust events
trustStore.on('contradiction', (event) => {
  console.log(`Contradiction on "${event.key}"`);
});

// Writes now flow through trust substrate
session.updateState({ temperature: 0.8 });

Mission & Enforcement

Algebraic Extensions (GF(2))

Seven operations that exploit the linearity of XOR over GF(2):

Cascade / Sub-Agent Architecture v2.1.0

Parent-child session hierarchies with trust delegation. Spawn sub-agents that inherit parent trust context, work independently, and merge results back.

Trust that expires automatically

Problem

A ratified belief stays ratified indefinitely, even after the conditions that warranted the ratification have changed. An agent could act on a trust assertion made months ago, in a context that no longer applies.

Solution

Every MemoryEntry carries a maxAge field (default: 30 days). On every read, effectiveTier() checks whether the entry has exceeded its TTL. If so, a ratified entry is automatically downgraded to inherited — still usable, but no longer authoritative. The agent must re-ratify if it wants to restore full trust.

import { effectiveTier, isDecayed } from '@private.me/xcontinuity';

// Entry ratified 31 days ago with 30-day maxAge
const entry = {
  value: 'The sky is blue',
  tier: 'ratified',
  ratifiedAt: Date.now() - 31 * 24 * 60 * 60 * 1000,
  maxAge: 30 * 24 * 60 * 60 * 1000,
};

isDecayed(entry, Date.now());  // true
effectiveTier(entry);          // 'inherited' (downgraded)

Why this matters

Without TTL decay, trust is monotonically increasing — once ratified, always ratified. This creates a stale trust accumulation vulnerability where an agent's trust base grows unboundedly, containing assertions from obsolete contexts. TTL decay ensures the trust base is self-cleaning: stale assertions lose authority automatically, forcing periodic re-evaluation.

Total ordering for conflict resolution

Problem

When two agents write conflicting values to the same key at the same trust tier and the same timestamp, the adjudicator has no basis for choosing a winner. The conflict becomes non-deterministic — different nodes may resolve it differently, causing state divergence across the agent network.

Solution

The PolicyAdjudicator implements a three-level total ordering that is impossible to tie:

The third level — lexicographic comparison of author DIDs — is the tiebreaker. Since every agent has a unique DID derived from its Ed25519 public key, and string comparison defines a total order, two entries can never tie. Every conflict resolves to exactly one winner, deterministically, on every node.

Why this matters

Distributed systems require convergence: all nodes must eventually agree on the same state. Non-deterministic conflict resolution breaks convergence. The DID tiebreaker costs zero additional computation (it uses data already present in the provenance record) and guarantees that any two nodes resolving the same conflict will choose the same winner, regardless of the order in which they process the entries.

React to state changes in real time

Problem

Agents need to know when state changes, not poll for it. Without an event system, agents either poll continuously (wasting resources) or miss state mutations (creating consistency gaps). Critical events like contradictions and escalations require immediate attention.

Solution

The TrustStore emits four event types via a typed on() / off() interface:

const trustStore = new TrustStore();

// React to any state change
trustStore.on('change', (e) => {
  console.log(`${e.key} changed`);
});

// Detect contradictions immediately
trustStore.on('contradiction', (e) => {
  console.log(`Conflict on "${e.key}"`);
});

// Track trust tier transitions
trustStore.on('tierChange', (e) => {
  console.log(`${e.key}: ${e.oldTier} -> ${e.newTier}`);
});

// Handle escalations from enforcement loop
trustStore.on('escalation', (e) => {
  console.log(`Agent ${e.author} escalated`);
});

// Clean up
trustStore.removeAllListeners();

Why this matters

Reactive event handling enables three patterns that are impossible with polling: (1) Immediate contradiction response — an agent can quarantine a contradicted key before any downstream consumer reads it. (2) Audit logging — every tier change and escalation is captured the moment it occurs. (3) Multi-agent coordination — agents can subscribe to each other's trust events to maintain collective consistency without centralized polling.

Multi-agent trust delegation

The problem

Modern AI systems decompose complex tasks across multiple specialized agents — an orchestrator delegates sub-tasks to analyzer, validator, and reporter agents. Each sub-agent needs access to shared trusted context, but granting full trust creates a flat security model where one compromised agent can corrupt the entire state. Traditional multi-agent frameworks treat agents as equals, providing no mechanism for hierarchical trust boundaries.

The solution

The cascade architecture introduces parent-child session hierarchies with three trust propagation modes:

Additional cascade policy controls:

• maxChildTier — cap the maximum trust tier a child can receive (default: ratified)
• maxDepth — limit cascade nesting depth to prevent unbounded hierarchies (default: 5)
• escalateToParent — child enforcement violations propagate as CascadeEscalation records (default: true)

import { CascadeSession, SubAgentCoordinator, SessionManager,
         TrustStore, MemoryStateStore } from '@private.me/xcontinuity';

// Root session with trust store
const root = new CascadeSession(
  SessionManager.create({ agentId: 'orchestrator', store: new MemoryStateStore() }),
  new TrustStore()
);

// Spawn child with downgraded trust
const result = root.spawnChild('analyst', new MemoryStateStore(), {
  propagation: 'downgrade',
  maxChildTier: 'inherited',
  maxDepth: 3
});

if (result.ok) {
  const child = result.value;
  child.getTrustStore().write('analysis', 'positive');

  // Merge child state back (enforcement checked)
  const childId = child.getSession().session.sessionId;
  root.mergeChild(childId);
}

Why this matters

The cascade architecture proves that v2.0.0's trust substrate composes correctly in multi-agent patterns. Trust entries propagate through TrustStore.restore(), enforcement loops chain via onEscalate callbacks, and merge operations validate through the parent's enforcement loop. A compromised child cannot escalate its own trust tier beyond the parent's policy bounds — the maxChildTier and propagation mode form a cryptographic security boundary at each level of the hierarchy. The SubAgentCoordinator adds lifecycle management on top: maxAgents limits resource consumption, autoMerge simplifies common patterns, and shutdown() guarantees clean teardown across the entire cascade tree.

Cryptographic properties

Where xContinuity applies

Usage-based pricing

Start free. Scale with usage. No credit card required.

1 operation = 1 state snapshot, restore, or incremental update. See pricing reference for full details. Enterprise pricing available — contact contact@private.me.

curl -X POST https://private.me/aci/checkout \
  -H 'Content-Type: application/json' \
  -d '{"product":"xcontinuity","tier":"pro"}'

Start building with xContinuity

npm install @private.me/xcontinuity

Error Codes

All fallible functions return Result<T, ContinuityError> with structured error codes across 7 families.