Extension Name
Jeli - An optional security Layer for OB1
Why does this matter?
You're capturing your life into OB1—conversations, decisions, preferences,
memories. But how do you know those memories are trustworthy? In 2026, memory
poisoning attacks are documented and active (MINJA, Microsoft Rec Poisoning,
Palo Alto IJPI). Users need to verify their memories haven't been silently
corrupted or manipulated by agents. Without that guarantee, personal memory
systems become another vendor lock-in trap.
What does it do?
Jeli wraps OB1's thoughts with cryptographic integrity. Hash-chained memories
detect silent corruption. Contradiction detection flags poisoned facts. Temporal
boundaries track how facts evolve. Trust scores distinguish user-stated from
agent-inferred facts. Amendment tracking audits all changes. Result: OB1's
flexibility + cryptographic guarantees.
What new concepts does it teach?
- Cryptographic integrity for personal memory (hash-chains, HMAC-SHA256)
- Contradiction detection and conflict resolution
- Temporal fact invalidation (facts age and supersede, never delete)
- Trust scoring and source attribution
- Amendment tracking and audit trails
- Injection defense patterns for AI systems
- User veto on irreversible agent actions
Proposed tables
- memory_entry (hash-chained memories with provenance)
- memory_audit_log (immutable audit trail)
- memory_contradiction (unresolved contradictions for judicial review)
Required primitives
- RLS (Row-Level Security) — for multi-user per-user isolation
- Shared MCP (for Scoped MCP access control)
- Timestamps and temporal boundaries (built-in)
Estimated difficulty
Advanced
Do you have this working?
Partially — I have a working prototype
Extension Name
Jeli - An optional security Layer for OB1
Why does this matter?
You're capturing your life into OB1—conversations, decisions, preferences,
memories. But how do you know those memories are trustworthy? In 2026, memory
poisoning attacks are documented and active (MINJA, Microsoft Rec Poisoning,
Palo Alto IJPI). Users need to verify their memories haven't been silently
corrupted or manipulated by agents. Without that guarantee, personal memory
systems become another vendor lock-in trap.
What does it do?
Jeli wraps OB1's thoughts with cryptographic integrity. Hash-chained memories
detect silent corruption. Contradiction detection flags poisoned facts. Temporal
boundaries track how facts evolve. Trust scores distinguish user-stated from
agent-inferred facts. Amendment tracking audits all changes. Result: OB1's
flexibility + cryptographic guarantees.
What new concepts does it teach?
Proposed tables
Required primitives
Estimated difficulty
Advanced
Do you have this working?
Partially — I have a working prototype