Module 4 · Phase 2: Knowledge & state · Weeks 9–11

Memory & Context Engineering

"How would you design agent memory?" is now a standard senior interview question. This module gives you a real implementation to talk about: context-window budgeting, compaction, a persistent memory store with disciplined write and read paths, contradiction resolution — and defenses against memory injection, where a prompt attack becomes a persistent compromise.

After this module you can
  • Treat the context window as a budgeted resource with an explicit allocation policy per call
  • Implement compaction that summarizes old turns without breaking tool-call pairing or losing task state
  • Explain the memory taxonomy — working, episodic, semantic, procedural — and map each to storage + recall
  • Build a write path: extract candidate facts, deduplicate, detect contradictions, store with provenance
  • Build a read path scoring relevance + recency + importance, injecting sparingly as delimited untrusted data
  • Describe a concrete memory-injection attack and implement layered defenses your own red-team test can't beat

Lessons

1
The Context Window Is a Budget
Context engineering is deciding what's in the window on each call: system prompt, recalled memories, summarized history, recent turns, tool results. Big windows made the problem subtler, not smaller — you're writing an allocator, not stuffing a suitcase.
25 min
2
Compaction: Summarizing Without Losing the Plot
Long sessions overflow any window. Truncation forgets; compaction summarizes the oldest turns into a dense digest while recent turns stay verbatim. The craft is in what must survive untouched — and in never splitting a tool_use from its tool_result.
25 min
3
The Memory Taxonomy & Persistent Stores
Compaction manages one session; the moment the process exits, everything is gone. Persistent memory means deciding what to keep across sessions — and the interview-standard taxonomy (working, episodic, semantic, procedural) tells you what to store where and how to get it back.
25 min
4
The Write Path & the Read Path
Between 'candidate fact' and 'stored fact' sits a gauntlet: dedupe, contradiction check, provenance gate. Between 'stored fact' and 'in the prompt' sits another: relevance + recency + importance scoring, with a stingy top-k. Both gauntlets exist because recalled junk is context poisoning.
30 min
5
Memory Injection & Context Poisoning Defenses
Prompt injection in a stateless agent is a one-shot problem — the session ends, the attack dies. Give the agent memory and injection becomes persistent: a poisoned 'fact' recalled into every future session is a standing backdoor. This lesson is why your write path is a security boundary.
25 min

Best external resources

Curated reading, docs, and tools that pair with this module.