Skip to main content
Version: v0.9.0a2
Operator
Archived — retracted v2.0 release notes

This document describes a v2.0 release that was announced publicly but withdrawn. Per ADR-001, the canonical version line of stigmem begins at v0.9.0a1 (2026-05-09). The features described below were either deferred to experimental/<feature>/ per ADR-002 or remain in the codebase but are not part of v0.9.0a1's default install.

This document is preserved as the historical record. For current state, see CHANGELOG.md, ROADMAP.md, and Features.

Stigmem v2.0 Release Notes

5 min readOperator · ImplementerArchived 2026-05-05

What this document is

Historical release notes for the withdrawn v2.0 line. Preserved as the record of what was publicly announced before retraction.

Published: 2026-05-05 Spec: stigmem-spec-v2.0.md Audience: Node operators, SDK consumers, and protocol implementers.

Summary

Stigmem v2.0 promoted seven specification sections (§19§25) from draft to normative, completing the protocol's federation security, semantic recall, data protection, and content-integrity layers across eight development phases (8–14).

What shipped

Phase
Spec
Highlights
8 — Storage adapter + libSQL
backend trait
StorageBackend abstraction, LibSQLBackend for Turso embedded replicas, parameterized test runner.
9 — Graph memory & recall
§20
Materialized entity_edges, sqlite-vec embeddings (nomic 768-dim), hybrid lexical+ANN+graph pipeline with MMR packing, memory cards, subscriptions, derived_from DAG.
10 — Lazy instruction discovery
§21
Boot stub (≤500 tokens) + manifest (≤1000 tokens), recall_instruction tool, task-type preloads with guarantee_load (max 5), discovery audit metrics, migration CLI.
11 — Federation trust
§19
Org manifest signing (Ed25519 + RFC 8785 JCS), Rekor-compatible transparency log, capability tokens with 90-day ceiling, source-trust scoring, recall-time sanitizer.
12 — Security hardening
§22
Mutual TLS (TLS 1.3 floor), Ed25519 key rotation with 90-day dual-trust, structured audit log (13 events, 90-day floor), per-principal token-bucket quotas, ±5 min replay window, distroless non-root containers.
13 — RTBF, time-travel, CIDs
§23–§25
Signed tombstones with federation propagation; as_of queries with append-only retraction log; sha256: CIDs over canonical 6-field body with 12-month migration window.
14 — Spec v2.0 publication
conformance
All §19§25 promoted to normative, OpenAPI 2.0.0, v2.0 conformance vectors published, docs IA restructured.

Conformance

The v2.0 conformance suite (data/conformance/v2.0/) covered all normative sections. CI enforced zero-skip conformance.

Experimental features

Feature
Section · Risk
Constraint
Lazy Instruction Discovery
§21 · prompt injection
Do not use for sensitive/irreversible agents until GA.
RTBF Tombstones
§23 · federation erasure
Do not rely on tombstone federation for GDPR/CCPA in multi-node deployments.
Time-Travel Queries
§24 · post-erased data
Test isolation on your production backend before compliance use.
Content-Addressed Fact IDs
§25 · CID-less accepted
Do not rely on CID as sole tamper control in untrusted federation.

GA features with operator warnings:

Feature
Risk
Required action
§22.1 mTLS
silent plaintext fallback
Set STIGMEM_MTLS_REQUIRED=true behind reverse proxies.
§19.4 Source-trust cache
per-worker incoherence
Set STIGMEM_TRUST_CACHE_BACKEND=redis for multi-worker.
§19.5 Quarantine Garden
silent data loss
Pre-create quarantine garden before enabling trust_mode=strict.
§6.7§6.8 N-node backpressure
draft spec
Test N-node topology in staging.

Known caveats

  1. Embedding model lock-in. Changing STIGMEM_EMBED_DIMENSIONS after indexing requires a full re-index.
  2. Mixed-version federation. v1.x and v2.0 nodes cannot federate. All nodes must upgrade together.
  3. CID backfill duration. Large fact stores (>1M facts) may take hours. Backfill runs concurrently with live writes.
  4. Tombstone propagation latency. Up to 5 minutes via polling; ~60 seconds via the tombstone_new subscription channel.
  5. Transparency log dependency. In trust_mode: strict, federation connections fail if the log is unreachable.

Upgrade path

See the v1.x → v2.0 migration guide (carries its own retraction header).