{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:YIMYYIHNGO2E6M5DMR7WQM4MGE","short_pith_number":"pith:YIMYYIHN","schema_version":"1.0","canonical_sha256":"c2198c20ed33b44f33a3647f68338c312547f3d5467d07dd5eaa6c1bfa53b94a","source":{"kind":"arxiv","id":"2605.17444","version":1},"attestation_state":"computed","paper":{"title":"MemRepair: Hierarchical Memory for Agentic Repository-Level Vulnerability Repair","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"MemRepair equips LLM repair agents with three persistent memory layers so they can reuse past fixes, security patterns, and refinement paths when fixing vulnerabilities across large code repositories.","cross_cats":["cs.AI","cs.CL"],"primary_cat":"cs.SE","authors_text":"Fang Liu, Li Zhang, Simiao Liu, Xiaoli Lian, Yang Liu, Yinghao Zhu","submitted_at":"2026-05-17T13:29:46Z","abstract_excerpt":"Modern software ecosystems face a rapidly growing number of disclosed vulnerabilities, increasing the need for automated repair techniques that can operate reliably at repository scale. Although Large Language Model (LLM)-based agents have recently shown promise for automated vulnerability repair (AVR), most existing systems still treat repair as a single generation step over the currently visible code context. As a result, they lack a persistent mechanism for reusing prior fixes or learning from failed validation attempts, which limits their effectiveness on complex, multi-file repair tasks. "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":true,"formal_links_present":true},"canonical_record":{"source":{"id":"2605.17444","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2026-05-17T13:29:46Z","cross_cats_sorted":["cs.AI","cs.CL"],"title_canon_sha256":"031c8c3e5ebdf735586083681faccc786e1f5f9e0cb815361fb6675aecba481f","abstract_canon_sha256":"413214767acc6b2cb2cadb7eb39810c70c73388f2b1a75ec748238d21fe713c3"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-20T00:04:39.199339Z","signature_b64":"tXi1SplKXIIBuDz+v0Ul+Vwarjp80oqXs7W/wzOrInHZuFkKTB3TheccvQ+RQ+B/KbIorL62J3hctNuioHa5Bw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"c2198c20ed33b44f33a3647f68338c312547f3d5467d07dd5eaa6c1bfa53b94a","last_reissued_at":"2026-05-20T00:04:39.198116Z","signature_status":"signed_v1","first_computed_at":"2026-05-20T00:04:39.198116Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"MemRepair: Hierarchical Memory for Agentic Repository-Level Vulnerability Repair","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"MemRepair equips LLM repair agents with three persistent memory layers so they can reuse past fixes, security patterns, and refinement paths when fixing vulnerabilities across large code repositories.","cross_cats":["cs.AI","cs.CL"],"primary_cat":"cs.SE","authors_text":"Fang Liu, Li Zhang, Simiao Liu, Xiaoli Lian, Yang Liu, Yinghao Zhu","submitted_at":"2026-05-17T13:29:46Z","abstract_excerpt":"Modern software ecosystems face a rapidly growing number of disclosed vulnerabilities, increasing the need for automated repair techniques that can operate reliably at repository scale. Although Large Language Model (LLM)-based agents have recently shown promise for automated vulnerability repair (AVR), most existing systems still treat repair as a single generation step over the currently visible code context. As a result, they lack a persistent mechanism for reusing prior fixes or learning from failed validation attempts, which limits their effectiveness on complex, multi-file repair tasks. "},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"MemRepair achieves state-of-the-art resolution rates of 58.0%, 58.2%, and 30.58% on SEC-Bench, PatchEval (Python, Go, JavaScript), and the C++ subset of Multi-SWE-bench, outperforming OpenHands, SWE-agent, and InfCode-C++ while maintaining competitive repair cost.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The three memory layers can be retrieved and applied at runtime in a manner that produces net positive gains on complex multi-file repairs without introducing retrieval errors or excessive latency that would negate the benefit.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"MemRepair is a hierarchical memory-augmented agent framework that raises repository-level vulnerability repair rates to 58.0-58.2% on Python/Go/JS benchmarks and 30.58% on C++ by combining history, pattern, and refinement memories with iterative feedback.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"MemRepair equips LLM repair agents with three persistent memory layers so they can reuse past fixes, security patterns, and refinement paths when fixing vulnerabilities across large code repositories.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"6f3530240e5a75d1faf61851f08920cf1b6a5841db6ec539af3a42098c6656f4"},"source":{"id":"2605.17444","kind":"arxiv","version":1},"verdict":{"id":"0fab6137-e439-40f5-a434-3ca7057dcb6f","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-19T23:02:19.533275Z","strongest_claim":"MemRepair achieves state-of-the-art resolution rates of 58.0%, 58.2%, and 30.58% on SEC-Bench, PatchEval (Python, Go, JavaScript), and the C++ subset of Multi-SWE-bench, outperforming OpenHands, SWE-agent, and InfCode-C++ while maintaining competitive repair cost.","one_line_summary":"MemRepair is a hierarchical memory-augmented agent framework that raises repository-level vulnerability repair rates to 58.0-58.2% on Python/Go/JS benchmarks and 30.58% on C++ by combining history, pattern, and refinement memories with iterative feedback.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The three memory layers can be retrieved and applied at runtime in a manner that produces net positive gains on complex multi-file repairs without introducing retrieval errors or excessive latency that would negate the benefit.","pith_extraction_headline":"MemRepair equips LLM repair agents with three persistent memory layers so they can reuse past fixes, security patterns, and refinement paths when fixing vulnerabilities across large code repositories."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.17444/integrity.json","findings":[],"available":true,"detectors_run":[{"name":"doi_title_agreement","ran_at":"2026-05-19T23:31:19.953820Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_compliance","ran_at":"2026-05-19T23:12:25.591109Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"claim_evidence","ran_at":"2026-05-19T21:41:57.719657Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"ai_meta_artifact","ran_at":"2026-05-19T21:33:23.670465Z","status":"skipped","version":"1.0.0","findings_count":0}],"snapshot_sha256":"fcd5e1ce8fbd65ae08b78f7b06783f076cabdb02ab635b25f93390e1e0102741"},"references":{"count":60,"sample":[{"doi":"","year":2026,"title":"Common Weakness Enumeration","work_id":"0a2de53a-f5e1-46ce-97e6-d3b761051f6f","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2026,"title":"National Vulnerability Database (NVD)","work_id":"150306d9-2fd8-4b89-af98-19304828da3c","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2024,"title":"Aider. 2024. Introducing Aider. https://aider.chat/ Accessed: 2026-01-15","work_id":"072c399f-2f5a-4b18-8bad-83460c95338d","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"10.3390/make7040149","year":2025,"title":"Alfred Asare Amoah and Yan Liu. 2025. Explainable Recommendation of Soft- ware Vulnerability Repair Based on Metadata Retrieval and Multifaceted LLMs. Machine Learning and Knowledge Extraction7, 4 (20","work_id":"6306e8e0-11a6-48ad-86f8-9e997c237ddd","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2021,"title":"Guru Bhandari, Amara Naseer, and Leon Moonen. 2021. CVEfixes: automated collection of vulnerabilities and their fixes from open-source software. InProceed- ings of the 17th International Conference on","work_id":"086c9a03-3f63-40f3-8671-d581a89b9087","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":60,"snapshot_sha256":"e37a6a5945851af7040c9bc02a68ea0df2010ad523ea64f7884476df647ddda8","internal_anchors":7},"formal_canon":{"evidence_count":2,"snapshot_sha256":"a01e10d50d4b9d159e219d3a1ead4f50b0e98fc7d548892ab8c6bf52e84b459e"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.17444","created_at":"2026-05-20T00:04:39.198249+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.17444v1","created_at":"2026-05-20T00:04:39.198249+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.17444","created_at":"2026-05-20T00:04:39.198249+00:00"},{"alias_kind":"pith_short_12","alias_value":"YIMYYIHNGO2E","created_at":"2026-05-20T00:04:39.198249+00:00"},{"alias_kind":"pith_short_16","alias_value":"YIMYYIHNGO2E6M5D","created_at":"2026-05-20T00:04:39.198249+00:00"},{"alias_kind":"pith_short_8","alias_value":"YIMYYIHN","created_at":"2026-05-20T00:04:39.198249+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":2,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/YIMYYIHNGO2E6M5DMR7WQM4MGE","json":"https://pith.science/pith/YIMYYIHNGO2E6M5DMR7WQM4MGE.json","graph_json":"https://pith.science/api/pith-number/YIMYYIHNGO2E6M5DMR7WQM4MGE/graph.json","events_json":"https://pith.science/api/pith-number/YIMYYIHNGO2E6M5DMR7WQM4MGE/events.json","paper":"https://pith.science/paper/YIMYYIHN"},"agent_actions":{"view_html":"https://pith.science/pith/YIMYYIHNGO2E6M5DMR7WQM4MGE","download_json":"https://pith.science/pith/YIMYYIHNGO2E6M5DMR7WQM4MGE.json","view_paper":"https://pith.science/paper/YIMYYIHN","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.17444&json=true","fetch_graph":"https://pith.science/api/pith-number/YIMYYIHNGO2E6M5DMR7WQM4MGE/graph.json","fetch_events":"https://pith.science/api/pith-number/YIMYYIHNGO2E6M5DMR7WQM4MGE/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/YIMYYIHNGO2E6M5DMR7WQM4MGE/action/timestamp_anchor","attest_storage":"https://pith.science/pith/YIMYYIHNGO2E6M5DMR7WQM4MGE/action/storage_attestation","attest_author":"https://pith.science/pith/YIMYYIHNGO2E6M5DMR7WQM4MGE/action/author_attestation","sign_citation":"https://pith.science/pith/YIMYYIHNGO2E6M5DMR7WQM4MGE/action/citation_signature","submit_replication":"https://pith.science/pith/YIMYYIHNGO2E6M5DMR7WQM4MGE/action/replication_record"}},"created_at":"2026-05-20T00:04:39.198249+00:00","updated_at":"2026-05-20T00:04:39.198249+00:00"}