Governance Patterns

Use this guide to apply access, consent, and risk controls consistently across memory workflows.

Scope Boundaries

Always set:

• organization_id
• namespace_id
• external_user_id

on both writes and searches in multi-tenant systems.

ACL Pattern

Use memory_policy.acl to define read/write entities.

{
  "memory_policy": {
    "acl": {
      "read": ["organization:org_acme"],
      "write": ["external_user:admin_001"]
    }
  }
}

Consent and Risk Pattern

{
  "memory_policy": {
    "consent": "terms",
    "risk": "none"
  }
}

Use stricter ACL and review flow for risk: "sensitive" and risk: "flagged".

Recommended Production Contract

Define reusable policy presets in app code:

• standard
• sensitive
• tenant-admin

This avoids ad hoc ACL differences across endpoints.

Related

• Multi-Tenant Architecture
• Security
• Compliance