Abstract
A memory-augmented AI assistant control plane is disclosed, comprising five
technical methods combined and publicly released as a Visual Studio Code
extension since October 31, 2025: (A) bounded retrieval with a code-enforced per-
call cap and per-record character limits such that worst-case per-turn token injection
remains approximately constant regardless of total stored knowledge; (B) runtime
governance interception of AI agent tool calls using an INTERCEPT → PAUSE →
EVALUATE → ENFORCE pipeline mapped to nine OWASP LLM Top 10 (2025)
categories; (C) defense-in-depth credential scrubbing applied at five enforcement
boundaries (tool-call input, AI-generated output, persistence write, persistence read,
MCP tool-result) using twenty-seven provider-specific regex patterns and a
Shannon-entropy fallback empirically calibrated to 4.5 bits per character; (D) multi-
signal relationship inference between architectural decisions combining semantic,
temporal, and tag-set signals, with Markov chain prediction of next-decision topics
from tag-set transitions; and (E) an extended threat model naming a “Memory
Amplifier” attack class unique to memory-augmented AI assistants, in which a one-
shot credential exposure persists in a memory store and is re-injected into the model
context on every subsequent session.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Goncalves, Thiago, "Continuity: Persistent Decision-Centric AI Cognition with Runtime Governance, Bounded Retrieval, and Defense-in-Depth Credential Scrubbing — Defensive Technical Disclosure v2.0", Technical Disclosure Commons, (May 18, 2026)
https://www.tdcommons.org/dpubs_series/10157