# adap-report — 2026-06-02-Memory-store-memory-strip-global

> SISTER = SOLUTION_ERP. Report-format LOCK (5 trường). Generated S47 (2026-06-02), manual apply by em main (commands not yet runtime-live pre-restart).

## 1. id-broadcast
`2026-06-02-Memory-store-memory-strip-global` (category: Memory · reviewer_gate: PASS · targets: all-fit)

## 2. nac G-011
**executed** (S47 file-level) → **VERIFIED-runtime** (S48 post-restart, 2026-06-02). Loaded agent-registry this session grants **0 `store_memory`** to all **8** subs (strip took effect on reload). Remaining = AI_INFRA `/adap-audit` 2-way cross-check.

## 3. evidence
Stripped `mcp__rag-unified__store_memory` from `tools:` frontmatter of **ALL 7** sub-agents at S47 (SE roster); the 8th sub `frontend-designer` (added same session) was forked already-stripped → **8/8 subs clean**:
- `.claude/agents/investigator-codebase.md`
- `.claude/agents/investigator-api.md`
- `.claude/agents/implementer-backend.md`
- `.claude/agents/implementer-frontend.md`
- `.claude/agents/test-specialist.md`
- `.claude/agents/reviewer.md`
- `.claude/agents/cicd-monitor.md`

SELF-CHECK (broadcast):
- `grep store_memory .claude/agents/*.md` → **0** in any `tools:` line (sole hit = `README.md:128` doc-description, now synced).
- All 7 retain ≥1 RAG-read tool: `search_memory` ×7 (+ `search_code` + `cross_project_search` + `list_projects`).
- Doc sync: `.claude/agents/README.md` §Tool-grant "5 RAG MCP → **4 RAG-READ**" + note "lead = sole RAG-writer · sub→MEMORY.md · G-015 not-read-only".

commit-sha: **`72bbfa5`** (committed S47). **S48 re-verify (post-restart):** `grep store_memory` in agents `tools:` lines = **0** (only body/doc-notes remain) · loaded agent-registry = 0 `store_memory` across all 8 subs.

## 4. tailored-gì + skip-gì-vì-sao
- **FUNCTION-floor adopted FULLY:** `store_memory` removed **GLOBAL** (all 7 subs, no per-context variant) → lead (em main) = sole RAG-writer (mechanized, failure-safe).
- **FORM (SE roster = 7 sub):** chose a **single centralized doc-note** in `agents/README.md` covering all 7 (lower-noise) instead of BVAAU's per-agent body-note redirect (both valid per §F4 form-freedom).
- **No SKIP** — SE fit = **adopt** (all 7 subs HAD `store_memory` in allowlist). Not the n-a case (n-a = subs already read-only / roster-0 built-in Explore).

## 5. honest-caveat
- **Accuracy (G-015):** `store_memory` now un-callable by subs — this is **NOT** "subs read-only". Subs retain `Bash` (+ `Write/Edit` for the 4 write-role subs) = open write channels. Real containment = defense-in-depth (git-diff + Qdrant chunk-count monitoring), NOT allowlist alone.
- **VERIFIED-runtime (S48):** restart done → loaded registry grants 0 `store_memory` to all 8 subs (a spawned sub physically cannot call it this session). Upgraded from S47 file-level. Remaining external check = AI_INFRA `/adap-audit` cross-repo (2-way). **Still NOT "read-only"** (G-015) — caveat above holds: subs keep Bash/Write; containment = defense-in-depth, not allowlist alone.
- **Aligns with SE's own prior lesson** (`feedback_store_memory_rebootstrap_protection`, S41): sub `store_memory` content was wiped on RAG re-bootstrap unless disk-twinned → centralizing RAG-write to lead removes that data-loss class. So this adopt is corroborated by SE dogfood, not just external mandate.