Local source: coven-code/issues/06-enforce-memory-frontmatter-scope-and-trust.md
Summary
Memory frontmatter fields such as scope and memory_type are currently informational. Hosted review mode needs enforceable metadata so memory can be filtered by trust level, source, scope, and intended use.
Current Evidence
claudemd::MemoryFrontmatter parses memory_type, priority, and scope.docs/configuration.md says memory_type and scope are informational only.memdir::MemoryType defines user, feedback, project, and reference types.
Problem
Informational metadata cannot enforce safety policy. A hosted reviewer needs to ask questions such as:
- Is this memory maintainer-approved?
- Is this memory allowed in public PR reviews?
- Is this memory valid for this repo or branch?
- Is this memory user preference, project fact, or security-private context?
The current metadata model does not answer these in a policy-enforceable way.
Proposed Design
Extend memory frontmatter:
memory_type: project
scope: repo
trust: maintainer_approved
visibility: public_review
source: github_pr
source_ref: owner/repo#123
expires_at: 2026-12-31
Add parser and validator support for:
trust: untrusted, model_inferred, maintainer_approved, system_policy.visibility: public_review, private_review, security_private.scope: user, tenant, installation, repo, branch, pr.expires_at.
Hosted mode should reject or ignore memory with invalid or insufficient metadata.
Acceptance Criteria
- Memory frontmatter supports trust, visibility, source, source_ref, and expiry.
- Hosted mode filters memory by enforced metadata.
- Local mode can tolerate missing metadata for backward compatibility.
- Tests cover expired memory exclusion.
- Tests cover public review excluding security-private memory.
- Tests cover untrusted memory exclusion unless explicitly allowed.
Migration Notes
Existing memory files without new fields should be treated as local-mode memory. Hosted mode should either reject them or treat them as lowest trust.
Local source:
coven-code/issues/06-enforce-memory-frontmatter-scope-and-trust.mdSummary
Memory frontmatter fields such as
scopeandmemory_typeare currently informational. Hosted review mode needs enforceable metadata so memory can be filtered by trust level, source, scope, and intended use.Current Evidence
claudemd::MemoryFrontmatterparsesmemory_type,priority, andscope.docs/configuration.mdsaysmemory_typeandscopeare informational only.memdir::MemoryTypedefines user, feedback, project, and reference types.Problem
Informational metadata cannot enforce safety policy. A hosted reviewer needs to ask questions such as:
The current metadata model does not answer these in a policy-enforceable way.
Proposed Design
Extend memory frontmatter:
Add parser and validator support for:
trust: untrusted, model_inferred, maintainer_approved, system_policy.visibility: public_review, private_review, security_private.scope: user, tenant, installation, repo, branch, pr.expires_at.Hosted mode should reject or ignore memory with invalid or insufficient metadata.
Acceptance Criteria
Migration Notes
Existing memory files without new fields should be treated as local-mode memory. Hosted mode should either reject them or treat them as lowest trust.