Shared Memory
Let one agent serve a whole team — carrying attributed memory across users, with privacy guardrails, full disclosure audit, and a default-on de-attributed wisdom layer that compounds across every user the agent talks to.
The default agent memory model is per-user — every conversation builds a fact profile scoped to one (agent, user) pair. That's right for companion products and 1:1 assistants. But teams need the opposite: they want one agent serving a whole group to know what's going on across users.
Shared memory is the capability that turns a single agent into a team brain — informing user A with the context it gathered while talking to user B, with attribution, server-enforced privacy floors, and a full disclosure audit. Combined with the default-on wisdom layer (de-attributed cross-user generalisation), it gives you two complementary tiers of cross-user knowledge.
Where this fits
Shared memory layers on top of the standard per-user memory. Per-user facts still exist; shared memory adds an agent-wide partition for facts that should cross the user boundary. The two coexist; nothing about per-user memory changes when you turn shared memory on.
Two tiers, one capability surface
| What it does | Default | When to use | |
|---|---|---|---|
wisdom | De-attributed cross-user generalisation. A daily promotion job pulls patterns from per-user fact histories, k-anonymises them, and rewrites them into agent-wide knowledge. No individual user is identifiable. | On for every new agent. | Every agent that talks to more than one user — it's a free generalisation layer. Disable only for strict single-user products. |
sharedMemory | Attributed cross-user context. Person/entity-attributed facts (roles, expertise, business context, relationships) recorded by the agent and surfaced to other users sharing it. Names and identities are visible. | Off. Opt-in. | Group, team, party, or shared-business-context products where users explicitly expect to see who is doing what. |
Both can run on the same agent simultaneously. wisdom is the safe layer (always behind k-anonymity); sharedMemory is the powerful one (attribution preserved) and demands deliberate opt-in.
When to turn on shared memory
Turn it on when:
- Team coordinators. "Alice owns the migration; Bob is on incident response." Every teammate joining the agent sees the current ownership picture.
- Group / party planning. "Carol brings dessert; Dave does setup." Anyone joining mid-plan picks up state without re-asking.
- Shared business workspaces. Account-level agents where every user on the account benefits from context the others have given.
- Multi-stakeholder support. Customer-success agents where the renewal context one stakeholder gave should inform the conversation with the next.
Leave it off when:
- Single-user companion products (private 1:1 relationships).
- Use cases where users would be surprised that the agent talks about them to other users.
- Compliance-sensitive contexts where cross-user disclosure isn't legally OK.
Enable shared memory
wisdom is a precondition (default-on, so usually nothing to set explicitly). Flip sharedMemory: true to opt the agent in.
// Wisdom is on by default for new agents — only set it
// explicitly if you want to override the default.
await client.agents.updateCapabilities("agent_abc", {
wisdom: true,
sharedMemory: true,
});You can also set it at agent-creation time:
const agent = await client.agents.create({
name: "Team Coordinator",
project_id: "proj_abc",
tool_capabilities: {
wisdom: true,
shared_memory: true,
},
});Disable shared memory
Pass sharedMemory: false. Existing attributed facts stay in storage (you can re-enable later) but the agent stops surfacing them in context and stops getting the write tools.
await client.agents.updateCapabilities("agent_abc", {
sharedMemory: false,
});To opt an agent out of wisdom (rare — usually only for strict single-user products):
await client.agents.updateCapabilities("agent_abc", { wisdom: false });What changes when you turn it on
Three things flip simultaneously the moment sharedMemory: true lands:
1. Tools — the agent gets attributed-wisdom CRUD
The LLM picks up four new tools:
| Tool | What the agent can do |
|---|---|
sonzai_wisdom_set | Create or upsert an attributed fact (entity_type, entity_id, category, value, confidence). |
sonzai_wisdom_update | Replace the value of an existing fact. |
sonzai_wisdom_delete | Soft-delete an attributed fact (tombstone, reversible). |
sonzai_wisdom_relate | Create attributed relations between entities ("Alice manages Bob"). |
These are deferred tools — the LLM calls them inline; the platform processes the writes asynchronously after the turn so latency stays clean.
2. Context — the agent's prompt grows a "Shared facts" section
Every system prompt the agent runs from now on includes a Shared facts about people and entities section listing the attributed facts on file plus a discretion clause that tells the LLM how to handle disclosure ("exercise discretion; privacy over transparency"). The agent doesn't dump everything to every user — it weighs disclosure decisions per turn.
3. Privacy floor — every write is server-side validated
Before an attributed fact is persisted, the platform runs a semantic validator that rejects writes about compensation, health, politics, and other privacy-sensitive categories. This is enforced server-side, not in the prompt — even if a user explicitly asks the agent to record a salary, the write is blocked. Rejected writes appear in the disclosure audit with decision = "redacted" so you can see what was attempted and why.
Verify it's working
Three checks you can run end-to-end against staging or production. Replace $AGENT_ID, $API_KEY, and the platform URL.
1. List the attributed facts on an agent
curl 'https://api.sonz.ai/api/v1/agents/$AGENT_ID/wisdom/attributed?limit=20' \
-H "Authorization: Bearer $API_KEY"Expected: a 200 with an array of facts (entity_type, entity_id, category, value, confidence). Empty array if nothing has been written yet — that's still a healthy response.
2. Write an attributed fact directly via the API
curl -X POST 'https://api.sonz.ai/api/v1/agents/$AGENT_ID/wisdom/attributed' \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"entity_type": "person",
"entity_id": "alice",
"entity_display_name": "Alice",
"category": "role",
"value": "Lead Engineer",
"confidence": 0.92
}'Then re-run the list endpoint above. Alice's role should appear. Now any user talking to this agent will see this fact in the agent's context (subject to discretion).
3. Read the disclosure audit
curl 'https://api.sonz.ai/api/v1/agents/$AGENT_ID/wisdom/audit?limit=50' \
-H "Authorization: Bearer $API_KEY"Every time a fact is loaded into the context for a turn, an audit row is written with decision = "disclosed" and decision_why. If the privacy floor blocked something, the row will show decision = "redacted". This is your live observability — if production traffic is running with shared memory on, you'll see entries here, and you can audit any disclosure decision in retrospect.
Privacy and control
Shared memory is sensitive by design. Four layers of control sit between an LLM call and a persisted disclosure:
- Capability gate.
sharedMemory: false(the default) means none of this happens — no tools registered, no context injection, no audit rows. - Privacy floor. The semantic validator rejects writes in compensation, health, politics, and other configured-sensitive categories before they hit storage. Configurable per tenant.
- Discretion clause in the prompt. Even with facts present, the agent is instructed to weigh disclosure per turn rather than dumping everything.
- Disclosure audit. Every disclosure decision is logged with reason. You can review what the agent shared, what it withheld, and why at any time via the audit endpoint.
Hard delete stays admin-only. Agents only soft-delete (tombstone), so a misattributed fact is reversible until an admin clears it permanently.
Combines with other features
With Knowledge Base autonomous editing
knowledgeBaseWrite and sharedMemory are independent capabilities — flip them in any combination:
- KB write only: agents record facts about the world (products, policies, prices, incidents) in the project knowledge graph.
- Shared memory only: agents record facts about people in this team (roles, expertise, ownership, relationships).
- Both: full closed-loop institutional memory plus team brain. The agent learns what's true about the world and who's doing what, and every other agent on the project picks both up.
With Self-Improvement
The per-pair learning loops in Self-Improvement keep getting sharper for that user; shared memory keeps getting smarter for the whole team. Both run automatically on every sessions.End().
With Wisdom (default-on)
wisdom is the de-attributed generalisation layer; sharedMemory is the attributed cross-user layer. Both can run together. The privacy floor protects the attributed side; wisdom doesn't need it because it's k-anonymised before promotion.
Full API reference
Every shared-memory endpoint — list, upsert, replace, delete, bulk import, relations CRUD, disclosure audit — is documented with request/response shapes in the Wisdom API reference.
Next steps
- Knowledge Base — the broader multiplayer memory story (manual upload, ETL push, autonomous agent editing)
- Self-Improvement — how shared memory layers on top of per-pair online learning
- Organization Knowledge Base — tenant-wide knowledge that sits above projects
- Wisdom API — full endpoint reference
Knowledge Base
Store and search structured facts, documents, and entity graphs your AI agents query during conversations — and that they can write back into themselves, forming a closed-loop multiplayer memory shared across every agent in the project.
Organization-Global Knowledge Base
One organization-wide knowledge scope that every project under the tenant can read from. Use it for policies, shared lore, playbooks, or facts that belong to the whole organization rather than a single project.