Organizational Memory

Memory entries are short statements about your codebase or your security stance that get injected into every AI prompt. Examples: “Our SQLAlchemy ORM is parameterized — SQL findings on db.execute() are usually false positives”, “Files under tests/fixtures/ contain intentionally-insecure test data”. Scope a memory to the whole organization, a single project, or a specific rule.

Authoring a memory

Open Settings → AI → Organizational Memory.
Click Create Memory.
Write the fact in 1–2 sentences. Be specific.
Pick a scope — Global (applies to every AI call in this org), Project (only when analyzing this project), or Rule (only when verifying findings from this rule).
Save.

The next AI call automatically includes matching memories in the system prompt.

What makes a good memory

Good (specific, contextual, durable):

“All SQL access goes through repo/ modules that parameterize via SQLAlchemy. Direct db.execute() calls outside repo/ are FP.”
“The shared/fixtures/ directory contains test doubles. Hardcoded credentials and tokens there are deliberate.”
“We allow dangerouslySetInnerHTML in components/markdown/ because content is sanitized upstream by sanitize.ts.”

Bad (vague, time-bound, sensitive):

“Ignore false positives” — too broad; Claude already tries to do this.
“John is on vacation, defer triage” — ephemeral.
“Our AWS root key is AKIA...” — never put secrets in memory; it’s prompt input.

Scoping rules

Multiple memories can match a single AI call:

Global memories apply everywhere.
Project memories add to global memories for that project.
Rule memories add to global + project memories for that rule.

There’s no exclude/override semantics — memories accumulate. If you want one memory to apply only sometimes, scope it down rather than trying to negate it.

Toggling without deleting

Each memory has an active toggle. Disable a memory temporarily without deleting it (useful for “did this memory cause the noise?” experiments).