refactor(memory): replace MemoryManagerAgent with prompt-driven memory editing across four tiers

[SandyTao520]

Summary

Replaces the MemoryManagerAgent subagent (used when experimental.memoryManager is on) with prompt-driven memory editing across four explicit tiers — the main agent persists memories itself by editing markdown files directly via edit / write_file. The subagent was slow, spent many turns on simple operations, and offered no visibility into what was being saved.

The new memory taxonomy when the flag is on:

Tier	File	What goes here	Cue phrases
Project Instructions	./GEMINI.md (committed)	Team-shared architecture, conventions, repo-wide workflows	"our project uses X", "the team always Y", "for this repo, always Z"
Subdirectory Instructions	./<subdir>/GEMINI.md (committed)	Scoped instructions for one part of the project	(subdir-specific)
Private Project Memory	~/.gemini/tmp/<hash>/memory/MEMORY.md (index) + sibling *.md notes	Personal-to-the-user, project-specific notes (private to this workspace, never committed)	"on my machine", "my local setup", "do not commit this"
Global Personal Memory	~/.gemini/GEMINI.md	Cross-project personal preferences that follow the user into every workspace	"I always prefer X", "across all my projects", "my personal coding style is Y"

Each fact lives in exactly one tier — explicit mutual-exclusion is enforced by the prompt and verified by evals.

Details

Why prompt-driven instead of a subagent? The subagent path opaquely fanned out save operations, was slow on simple "remember this" prompts, and forced extra round-trips. The model already has all loaded GEMINI.md and MEMORY.md content in context, so direct editing is both faster and more transparent.

Why a separate MEMORY.md file for the private tier? Personal-to-user, project-specific notes were previously polluting the committed ./GEMINI.md. Moving them to ~/.gemini/tmp/<hash>/memory/MEMORY.md (under Storage.getProjectMemoryDir(), already covered by Config.isPathAllowed) keeps private notes private and the repo file clean. MEMORY.md is a brief index; substantial notes live in sibling *.md files in the same folder so the index stays scannable.

Why a Global Personal tier (and how is it secured)? Without a global tier, any "I always prefer X across all my projects" preference would either be stuffed into a committed ./GEMINI.md (wrong — leaks personal preferences into team-shared files) or duplicated across every workspace (high-friction). The new tier maps these to ~/.gemini/GEMINI.md. Security is enforced by a surgical allowlist in Config.isPathAllowed: an exact-path comparison against Storage.getGlobalGeminiDir() + getCurrentGeminiMdFilename(), so settings.json, keybindings.json, oauth_creds.json, and the rest of ~/.gemini/ remain unreachable. The workspace context itself is NOT broadened to include ~/.gemini/.

Prompt engineering — the key invariants enforced in snippets.ts:

1. Per-tier routing with concrete cue phrases per tier (above).
2. Mutual-exclusion across all four tiers: each fact lives in exactly one file. Never mirror or cross-reference.
3. Scoped MEMORY.md: it is the index for sibling *.md notes in that same folder only, never a pointer to a GEMINI.md topic (project or global).

These three rules eliminated a duplicate-write failure mode I observed in earlier eval runs (model writing the same fact to both ./GEMINI.md and MEMORY.md).

Compatibility: memoryDiscovery.getUserProjectMemoryPaths prefers MEMORY.md but falls back to a legacy GEMINI.md in the same private folder, so projects with existing private memory keep working without a manual migration.

snippets.legacy.ts (the frozen historical snapshot per packages/core/GEMINI.md) receives the structural three-tier rewrite only — no Global Personal tier, no new prompt-engineering verbiage.

Settings & docs: experimental.memoryManager description rewritten to reflect the 4-tier model and the surgical ~/.gemini/GEMINI.md allowlist; schemas/settings.schema.json regenerated; docs/cli/settings.md and docs/reference/configuration.md updated in lockstep.

Related Issues

Related to #22098

How to Validate

# 1. Affected unit tests (prompt wording, isPathAllowed allowlist, project-scope memory append)
npm test -w @google/gemini-cli-core -- src/prompts/snippets-memory-manager.test.ts
npm test -w @google/gemini-cli-core -- src/config/config.test.ts
npm test -w @google/gemini-cli-core -- src/tools/memoryTool.test.ts

Expected: all pass. The snippet test locks in the 4-tier prompt structure (per-tier routing, mutual-exclusion, scoped MEMORY.md, conditional Global Personal bullet). The config test asserts both the positive case (isPathAllowed(~/.gemini/GEMINI.md) === true) and the least-privilege case (settings.json, keybindings.json, oauth_creds.json under ~/.gemini/ remain disallowed).

# 2. Settings schema/docs in-sync checks
npx vitest run scripts/tests/generate-settings-schema.test.ts scripts/tests/generate-settings-doc.test.ts

Expected: all pass.

# 3. Full save_memory eval suite (requires a build + bundle first if not already done)
npm run build && npm run bundle
RUN_EVALS=1 npx vitest run --config evals/vitest.config.ts evals/save_memory.eval.ts

Expected: 15/15 pass. The four memoryManager-mode evals to watch:

• "Agent saves preference from earlier in conversation history" — verifies a noisy chat history's "I always prefer Vitest in all my projects" preference is correctly routed to the global tier.
• "Agent routes team-shared project conventions to ./GEMINI.md" — verifies team conventions land in the repo file and are NOT mirrored into the private memory folder.
• "Agent routes personal-to-user project notes to user-project memory" — verifies personal/local notes land in a sibling *.md with MEMORY.md updated as the index.
• "Agent routes cross-project personal preferences to ~/.gemini/GEMINI.md" — verifies cross-project preferences land in the global file and are NOT mirrored into committed project files or the private memory folder.

# 4. (Optional) Reliability loop on the four memoryManager-mode evals
for TEST in \
  "Agent saves preference from earlier in conversation history" \
  "Agent routes team-shared project conventions to ./GEMINI.md" \
  "Agent routes personal-to-user project notes to user-project memory" \
  "Agent routes cross-project personal preferences to ~/.gemini/GEMINI.md"; do
  for i in $(seq 1 10); do
    RUN_EVALS=1 npx vitest run --config evals/vitest.config.ts evals/save_memory.eval.ts -t "$TEST"
  done
done

Expected on this branch: 10/10 each (40/40 total).

Edge cases to spot-check manually:

• Enable experimental.memoryManager, in a fresh workspace ask the agent to "remember our team uses tabs for this repo" — should write to ./GEMINI.md, no touch to ~/.gemini/tmp/.../memory/ or ~/.gemini/GEMINI.md.
• Same setup, ask "remember my local Postgres runs on port 6543, do not commit this" — should land under ~/.gemini/tmp/<hash>/memory/ (sibling note + MEMORY.md index), no touch to the committed or global files.
• Same setup, ask "I always prefer Prettier with single quotes across all my projects" — should land in ~/.gemini/GEMINI.md, no touch to committed or private files.
• An ambiguous statement ("we use eslint") — the model should ask which tier rather than picking silently.

Security spot-check: with the flag on, ask the agent to write to ~/.gemini/settings.json. The isPathAllowed allowlist is surgical — only ~/.gemini/GEMINI.md is reachable; settings.json and other files stay disallowed.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-cli]

Hi @SandyTao520, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the memory management system to improve performance and transparency. By moving away from a subagent to a prompt-driven editing model, the agent can now directly persist memories using standard file operations. This change also establishes a more robust and organized memory taxonomy, ensuring that team-shared project conventions are clearly separated from private, machine-specific notes, while maintaining backward compatibility for existing private memory files.

Highlights

• Replacement of MemoryManagerAgent: Replaced the dedicated MemoryManagerAgent subagent with a prompt-driven approach where the main agent directly edits markdown files for memory persistence.
• New Memory Taxonomy: Introduced a clear, non-overlapping memory structure: Project Instructions in ./GEMINI.md, Subdirectory Instructions in ./<subdir>/GEMINI.md, and Private Project Memory in ~/.gemini/tmp/<hash>/memory/MEMORY.md.
• Improved Prompt Engineering: Enforced strict per-tier routing, mutual-exclusion of facts across tiers, and scoped indexing for private memory to prevent duplicate writes and ensure data privacy.
• Documentation and Schema Updates: Updated settings documentation, CLI references, and the settings schema to reflect the new memory management behavior.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +1.83 kB (+0.01%)

Total Size: 33.7 MB

Filename	Size	Change
./bundle/chunk-5NFI2M4A.js	0 B	-1.97 MB (removed)	🏆
./bundle/chunk-FJFDKEWX.js	0 B	-676 kB (removed)	🏆
./bundle/chunk-GBMYQBGV.js	0 B	-14.5 MB (removed)	🏆
./bundle/chunk-GPQOP76H.js	0 B	-3.8 kB (removed)	🏆
./bundle/chunk-NMIOGB2Q.js	0 B	-2.72 MB (removed)	🏆
./bundle/chunk-RYBRWZF6.js	0 B	-49.2 kB (removed)	🏆
./bundle/chunk-ZE77FSHA.js	0 B	-3.43 kB (removed)	🏆
./bundle/core-N4Z7O774.js	0 B	-46.7 kB (removed)	🏆
./bundle/devtoolsService-PLH3XFFQ.js	0 B	-28.4 kB (removed)	🏆
./bundle/gemini-F36NCUBK.js	0 B	-577 kB (removed)	🏆
./bundle/interactiveCli-7P5YI24T.js	0 B	-1.3 MB (removed)	🏆
./bundle/liteRtServerManager-OA57BF4V.js	0 B	-2.08 kB (removed)	🏆
./bundle/oauth2-provider-35QUPNKJ.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-2RHFUIH4.js	1.97 MB	+1.97 MB (new file)	🆕
./bundle/chunk-3D5DIKDB.js	14.5 MB	+14.5 MB (new file)	🆕
./bundle/chunk-JGE5EHK7.js	3.43 kB	+3.43 kB (new file)	🆕
./bundle/chunk-KT5RKQAD.js	3.8 kB	+3.8 kB (new file)	🆕
./bundle/chunk-PDNTMLW2.js	676 kB	+676 kB (new file)	🆕
./bundle/chunk-PVBH677U.js	49.2 kB	+49.2 kB (new file)	🆕
./bundle/chunk-YUXVHDXX.js	2.72 MB	+2.72 MB (new file)	🆕
./bundle/core-A6LKZZCJ.js	46.8 kB	+46.8 kB (new file)	🆕
./bundle/devtoolsService-ZGMCMDTF.js	28.4 kB	+28.4 kB (new file)	🆕
./bundle/gemini-GV5YKYAJ.js	576 kB	+576 kB (new file)	🆕
./bundle/interactiveCli-ORBBY5EV.js	1.3 MB	+1.3 MB (new file)	🆕
./bundle/liteRtServerManager-P4EHB7RV.js	2.08 kB	+2.08 kB (new file)	🆕
./bundle/oauth2-provider-A2COCAGN.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/bundled/third_party/index.js	8 MB	0 B
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-5PS3AYFU.js	1.18 kB	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/cleanup-PLEB42GT.js	0 B	-932 B (removed)	🏆
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/events-XB7DADIJ.js	418 B	0 B
./bundle/examples/hooks/scripts/on-start.js	188 B	0 B
./bundle/examples/mcp-server/example.js	1.43 kB	0 B
./bundle/gemini.js	4.97 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-FLZAHR6G.js	0 B	-980 B (removed)	🏆
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/start-SLZSMC7D.js	0 B	-622 B (removed)	🏆
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/cleanup-NQ5IGEM4.js	932 B	+932 B (new file)	🆕
./bundle/memoryDiscovery-HWEYBJE7.js	980 B	+980 B (new file)	🆕
./bundle/start-DBVOSFXZ.js	622 B	+622 B (new file)	🆕

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request refactors the experimental memoryManager feature, transitioning from a subagent-based approach to a prompt-driven system where the main agent directly manages context via markdown files like GEMINI.md and MEMORY.md. The changes span documentation, configuration schemas, and core prompt logic to support this direct editing flow. Security feedback highlighted critical prompt injection vulnerabilities in both the prompt construction and the fact sanitization logic, where the lack of XML tag escaping could allow malicious content to hijack the agent's behavior.

[github-actions]

✅ 64 tests passed successfully on gemini-3-flash-preview.

🧠 Model Steering Guidance

This PR modifies files that affect the model's behavior (prompts, tools, or instructions).

• 🚀 Maintainer Reminder: Please ensure that these changes do not regress results on benchmark evals before merging.

---

This is an automated guidance message triggered by steering logic signatures.

[Abhijit-2592]

Approved. The refactor to a prompt-driven, 4-tier memory model is a significant improvement over the subagent approach. It offers better transparency, lower latency, and clearer separation of concerns.

Key strengths:

• Surgical allowlisting of ~/.gemini/GEMINI.md in Config.isPathAllowed maintains least-privilege security.
• sanitizeFact provides critical defense-in-depth against prompt injection.
• The routing rules and cue phrases in the prompt are well-engineered for reliability.

Code quality and test coverage are excellent.

[github-actions]

🛑 Action Required: Evaluation Approval

Steering changes have been detected in this PR. To prevent regressions, a maintainer must approve the evaluation run before this PR can be merged.

Maintainers:

1. Go to the Workflow Run Summary.
2. Click the yellow 'Review deployments' button.
3. Select the 'eval-gate' environment and click 'Approve'.

Once approved, the evaluation results will be posted here automatically.

[Samee24]

Is waiting for only write_file accurate? we could trigger replace no? we can unnecessarily timeout this way.

So something like the below might be better:

await Promise.race([
   2   rig.waitForToolCall('write_file'),
   3   rig.waitForToolCall('replace')
   4 ]).catch(() => {});

[Samee24]

should this have been updated to resolve conflicts between a user's private MEMORY.md and a team-shared GEMINI.md?