Features — Munin

01 — Ingestion

Full session corpus, reconciled across every agent.

Automatic onboarding reads every prior Claude Code, Codex, OMX, and raw PowerShell session across all projects, all time. Commands, corrections, redirects, verifications — journaled, deduped, reconciled.

No manual memory authoring. Munin builds from what already happened.
Cross-tool: Claude Code + Codex + OMX + PowerShell in one journal.
Source-aware. Each record tracks which agent produced it.
Onboarding state is inspectable: sessions processed, shells ingested, corrections ingested.

munin memory-os overview

imported_sources:
  - claude_code       5,811 sessions
  - codex             2,476 sessions
  - omx                 712 sessions
  - powershell          215 sessions

top_projects:
  - sitesorted        1,602
  - munin              974
  - Orchestratorv2     412

onboarding:
  status:               completed
  shells_ingested:      184,602
  corrections_ingested: 2,847

02 — Action

Strategic nudges, not blind suggestions.

Import your strategy doc — goals, KPIs, initiatives, constraints, assumptions. Munin compiles it into a StrategyKernel and joins it against your session evidence.

munin strategy recommend produces bounded nudges with full provenance: task, supports, why_now, evidence, evidence_freshness, confidence, interrupt_level, expected_effect.

Every nudge is linked to an initiative or KPI it advances.
Evidence freshness is tracked — stale evidence downgrades confidence.
Suppression is first-class: nudges that don't apply are shown with a suppression reason.
Interrupt level lets you separate "tell me now" from "mention next break".

munin strategy recommend

{
  "task": "Re-run replay-eval dev-public",
  "supports": ["initiative:memory-os-cutover"],
  "why_now": "Proof gate is 6 days stale",
  "evidence_freshness": "stale",
  "confidence": "high",
  "interrupt_level": "soft",
  "expected_effect":
    "unblocks Phase 5 promotion cutover"
}

03 — Learning

Promote and forget, with scores you can audit.

Action candidates earn their way to durable rules. Ranked by precedent count, success count, and failure count across every session. Candidates promote to assertions, assertions promote to rules — observe-only by default.

Every promoted claim carries first_promoted_at, last_confirmed_at, stability, confidence.
Stale claims age out. Re-confirmed claims strengthen.
Observation capture is always-on. Enforcement is opt-in.
Promotion gate requires replay/eval proof against a held-out split.

munin memory-os promotion

read_model_enabled:        true
resume_enabled:            true
handoff_enabled:           true
strict_gate_enabled:       true
eligible:                  true
resume_cutover_ready:      true
required_split:            dev-public
required_system:           proposed-kernel
matching_result_count:     12
decision_summary:
  latest proposed-kernel / dev-public verified at
  2026-04-14T08:22:04Z

04 — Organisation

Per-project kernel keeps the target explicit.

Every project has its own kernel: live claims, open loops, checkpoints, current recommendation, active risks, pager_manifest_hash for deterministic continuity.

Re-entry is never a guess. Every checkpoint ships a recommended command, a first question, and a first verification.

project_kernel / sitesorted

checkpoints:
  - id: bma-eag-native.phase3
    intent:                handoff
    current_recommendation:
      Rebuild pager manifest.
    first_question:
      Did Phase 3 touch template exports?
    first_verification:
      verify-gate-4f.ps1

open_loops:
  - BMA Phase 4-6 outstanding
  - Vercel alias drift on previews
active_risks:
  - replay-eval proof > 6 days old

05 — Friction

Friction as a first-class output.

Munin tells you what's costing you time — not by counting keystrokes, but by reconciling corrections, redirects, and misunderstandings across sessions.

Repeated corrections: the same wrong command you keep correcting, ranked by frequency.
Redirect stats: how often you had to reroute the agent, and how long recovery took.
Likely misunderstandings: pattern classes where the agent keeps missing the mark.
Behaviour-change recommendations: targeted per agent, with evidence.

munin memory-os friction

repeated_corrections:
  - "git add -A"     → "stage by path"  × 47
  - "vercel domains" → "vercel alias"    × 18

redirects:
  count:                              124
  avg_commands_to_success:            3.2
  avg_seconds_to_success:             48

behavior_changes:
  - target_agent: claude_code
    change: "Prefer Glob over find on MSYS2"
    rationale: "find p95 > 8s across 31 sessions"

06 — Trust

Observe-only trust plane, by design.

Munin captures trust observations — must_not_packetize flags, secret detection, PII detection, sensitivity class, taint state — but never enforces them silently. You inspect, then you promote.

Every observation is audited per target (file, command, scope).
Write-side features are config-gated and default-off.
Salt is device-local with 0600 permissions.
No cloud sync. No cross-device leakage surface.

munin memory-os trust

observation_count:          1,284
must_not_packetize_count:    41
secret_count:               17
pii_count:                  6

by_target:
  - .env.local       obs: 22  secrets: 17
  - service-account  obs: 4   secrets: 0
  - leads.csv        obs: 3   pii: 6

enforcement: observe-only

07 — Compression

Side benefit: noisy shell output, compressed.

The same instrumentation that powers the memory layer wraps noisy commands. Prefix any shell leaf command with munin and output collapses into something the agent can actually read.

Measured on real local sessions, not synthetic benchmarks. Run munin gain for your own numbers.

Command

Reduction

vitest run

~99.5%

playwright test

~94%

cargo test

~90%

next build

~87%

tsc

~83%

git diff

~80%

Every surface Munin exposes.