Skip to content

[codex] Hosted review phase 3 trust and poisoning defense#3

Draft
romgenie wants to merge 4 commits into
codex/hosted-review-phase-2from
codex/hosted-review-phase-3
Draft

[codex] Hosted review phase 3 trust and poisoning defense#3
romgenie wants to merge 4 commits into
codex/hosted-review-phase-2from
codex/hosted-review-phase-3

Conversation

@romgenie

@romgenie romgenie commented Jul 5, 2026

Copy link
Copy Markdown

Hosted Review Phase 3 PR Notes

Linked issues

Fixes OpenCoven#101.
Fixes OpenCoven#107.
Fixes OpenCoven#108.

Summary

  • Adds hosted memory source trust classification with configurable memorySourceTrust, memoryTrustThreshold, and allowAutoMemoryPersistence.
  • Routes hosted session memory extraction through a policy gate instead of always appending to durable .coven-code/AGENTS.md.
  • Writes untrusted or unapproved hosted extractions as reviewable JSON candidates under .coven-code/memory-candidates/.
  • Adds candidate approval and rejection APIs; approval promotes candidates to durable memory as maintainer-approved entries, while rejection records a reason without durable writes.
  • Preserves local mode direct memory persistence.

Test evidence

  • cargo fmt --all -- --check
  • cargo check --workspace
  • cargo clippy --workspace --all-targets -- -D warnings
  • cargo test -p claurst-core --lib hosted --quiet
  • cargo test -p claurst-query session_memory --quiet
  • cargo test --workspace --quiet

Risk notes

  • Candidate approval/rejection is exposed as Rust API surface in this phase; hosted dashboard or CLI wiring can call it in a later integration PR.
  • Hosted direct durable writes remain disabled by default and require both explicit policy and sufficient source trust.
  • Candidate artifacts are not loaded into prompts by the existing memory loader, so rejected or pending candidates do not affect future sessions.

OpenCoven#108)

Fixes OpenCoven#101.
Fixes OpenCoven#107.
Fixes OpenCoven#108.

- gate hosted durable memory writes by source trust
- add hosted memory candidate approval flow
- keep local memory extraction behavior unchanged

Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
@romgenie romgenie closed this Jul 5, 2026
@romgenie romgenie reopened this Jul 5, 2026
romgenie added 3 commits July 5, 2026 17:12
…hase-3

Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
…hase-3

Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
…hase-3

Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant