Skip to content

[codex] Hosted review phase 5 secrets sync and retention#5

Draft
romgenie wants to merge 4 commits into
codex/hosted-review-phase-4from
codex/hosted-review-phase-5
Draft

[codex] Hosted review phase 5 secrets sync and retention#5
romgenie wants to merge 4 commits into
codex/hosted-review-phase-4from
codex/hosted-review-phase-5

Conversation

@romgenie

@romgenie romgenie commented Jul 5, 2026

Copy link
Copy Markdown

Hosted Review Phase 5 PR Notes

Linked issues

Fixes OpenCoven#102.
Fixes OpenCoven#103.
Fixes OpenCoven#111.
Fixes OpenCoven#109.

Summary

  • Enforces high-confidence secret scanning before hosted session-memory persistence or candidate creation, settings sync upload, team-memory upload, and team-memory pull apply.
  • Blocks secret-bearing memory by default and records only scanner labels/reason codes, never matched secret values.
  • Adds structured hosted team-memory sync scope with tenant id, installation id, repo id, repo full name, and domain metadata.
  • Replaces server-wins team-memory pull application with conflict-aware handling that preserves local changes and writes conflict records for both-changed cases.
  • Adds lifecycle metadata support for retention_class, redacted_at, and deleted_at.
  • Excludes deleted hosted memory, redacts hosted prompt content for redacted entries, and adds helpers for deleting a hosted memory scope or redacting a memory file.
  • Documents retention, redaction, secret scanning, and conflict workflows.

Test evidence

  • cargo fmt --all -- --check
  • cargo check --workspace
  • cargo clippy --workspace --all-targets -- -D warnings
  • cargo test -p claurst-core --lib claudemd --quiet
  • cargo test -p claurst-core --lib team_memory_sync --quiet
  • cargo test -p claurst-core --lib settings_sync --quiet
  • cargo test -p claurst-core --lib memdir --quiet
  • cargo test -p claurst-query session_memory --quiet
  • cargo test -p claurst-core --lib --quiet
  • cargo test --workspace --quiet

Risk notes

  • Hosted server authorization still must be enforced server-side; the client now sends structured scope metadata but does not treat client-side path construction as an authorization boundary.
  • Conflict records preserve local and remote memory text for operator review, so downstream tooling should apply the same access controls as memory storage.
  • Secret scanning is intentionally high-confidence and blocks by default; false positives require operator edit/redaction before retry.

 OpenCoven#109 OpenCoven#111)

Fixes OpenCoven#102.
Fixes OpenCoven#103.
Fixes OpenCoven#109.
Fixes OpenCoven#111.

- enforce secret scanning before hosted memory writes and sync
- key hosted team-memory sync by structured tenant/repo scope
- replace server-wins pull with conflict handling
- add retention, deletion, and redaction controls

Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
@romgenie romgenie closed this Jul 5, 2026
@romgenie romgenie reopened this Jul 5, 2026
romgenie added 3 commits July 5, 2026 17:12
…hase-5

Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
…hase-5

Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
…hase-5

Signed-off-by: Timothy Wayne Gregg <Timothy.Gregg@complete.tech>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant