TL;DR
Anthropic shipped Memory Stores for Claude Managed Agents on 2026-04-23 (Public Beta). Instead of standing up your own RAG stack, memory is mounted as a filesystem directory at /mnt/memory/{store-name} and the agent uses standard Read/Write/Bash tools.
Production metrics so far:
- Rakuten: 97% fewer first-try errors, 27% lower cost, 34% lower latency
- Wisedocs: 30% faster document validation
- Netflix: eliminated manual prompt/skill updates
- Ando: stopped building memory infra entirely
The problem before
Managed Agents reset every session. Anything an agent learned about a user, a project, or a workflow vanished when the conversation ended. To bridge the gap, teams had to build:
- A vector database
- An embedding pipeline
- A retrieval API
- Custom audit logs
- Custom permission scoping
- Custom concurrency controls
That's a lot of yak shaving for what is essentially "remember what you learned yesterday".
What Memory Stores actually is
A Memory Store is a workspace-scoped collection of text documents, mounted into the agent's session container as a directory. The agent doesn't learn a new memory API — it just uses the filesystem.
Three concepts:
| Concept | Description |
|---|---|
| Memory Store | Container holding text documents |
| Memory | Path-addressable text file (max 100 KB / ~25K tokens) |
| Memory Version | Immutable snapshot created on every change |
The mount path, access mode, description, and instructions are auto-injected into the system prompt. No prompting tricks needed.
Quickstart (Python SDK)
1. Set the beta header
If you use the SDK, this is automatic:
managed-agents-2026-04-01
2. Create a store
store = client.beta.memory_stores.create(
name="User Preferences",
description="Per-user preferences and project context.",
)
3. (Optional) Seed with reference content
client.beta.memory_stores.memories.create(
store.id,
path="/formatting_standards.md",
content="All reports use GAAP formatting...",
)
4. Attach to a session
session = client.beta.sessions.create(
agent=agent.id,
environment_id=environment.id,
resources=[
{
"type": "memory_store",
"memory_store_id": store.id,
"access": "read_write", # or "read_only"
"instructions": "User preferences and project context. Check before starting any task.",
}
],
)
Critical constraint: stores can only be attached at session creation time. No runtime add/remove.
5. Agent-side usage
The agent just runs:
ls /mnt/memory/user-preferences/
cat /mnt/memory/user-preferences/formatting_standards.md
The prompt-injection footgun
Default access is read_write. If your agent processes untrusted input — user prompts, web content, third-party tool output — malicious content can land in memory and the next session reads it as trusted reference material.
This is the kind of bug that doesn't show up in your dev environment.
Mitigation rule of thumb: any store the agent doesn't strictly need to write to should be read_only. Examples:
- Standards / conventions
- Domain glossaries
- Shared lookup data
- External reference docs
Concurrency: optimistic locking built in
Multiple agents can hit the same store simultaneously. To avoid lost updates, use content_sha256 as a precondition:
client.beta.memory_stores.memories.update(
memory_id=mem.id,
memory_store_id=store.id,
content="CORRECTED: " + new_content,
precondition={
"type": "content_sha256",
"content_sha256": mem.content_sha256,
},
)
If another session updated first, the call fails with a hash mismatch — re-read and retry.
Audit and rollback
Every change creates an immutable version, retained for 30 days.
versions = client.beta.memory_stores.memory_versions.list(
store.id,
memory_id=mem.id,
)
old = client.beta.memory_stores.memory_versions.retrieve(
version_id=versions.data[1].id,
memory_store_id=store.id,
)
# Restore by writing the old content back via memories.update()
There's no dedicated restore endpoint — you update() with the old content. PII can be scrubbed via memory_versions.redact() while keeping the audit trail.
Memory Stores vs traditional RAG
| Aspect | Traditional RAG | Memory Stores |
|---|---|---|
| Access | Separate search API | Filesystem mount |
| Learning curve | Embeddings, indexing, retrieval queries | bash/Read/Write |
| Infra | Vector DB + embedding model | Managed by Claude Platform |
| Audit | DIY | Built-in immutable versions |
| Permissions | DIY | scoped (read_only/read_write) |
| Concurrency | DIY locking |
content_sha256 precondition |
Beta limits
| Limit | Value |
|---|---|
| Memory stores per organization | 1,000 |
| Memories per store | 2,000 |
| Storage per store | 100 MB |
| Versions per store | 250,000 |
| Size per memory | 100 KB |
| Version retention | 30 days |
| Stores per session | 8 |
instructions field |
4,096 chars |
The 30-day version retention is the one to plan around. If you need longer audit trails, export via the API.
Closing thought
"Memory lets us stop building memory infra and focus on the product itself" — Sara Du, Founder, Ando
Persistent learning is now a platform primitive, not a side project. Two-digit operational wins (Rakuten 97%, Wisedocs 30%, Netflix's eliminated manual updates) suggest this isn't marginal.
Worth integrating, especially for any agent that already has the same conversation with the same user every day.
Source: Claude Managed Agents — Memory (official docs)
Launch blog: Anthropic — Claude Managed Agents Memory (2026-04-23)
Top comments (0)