Local source: coven-code/issues/07-add-provenance-to-every-memory-entry.md
Summary
Every durable memory entry used in hosted review mode should carry provenance: who or what created it, from which repo/PR/commit/session, when, and with what confidence. Without provenance, memory cannot be audited or safely cited.
Current Evidence
session_memory::ExtractedMemory stores content, category, and confidence.SessionMemoryExtractor::persist writes markdown bullets with category and confidence.- It does not persist source PR, commit, actor, branch, transcript id, session id, or evidence.
Problem
Review findings may depend on memory. If the memory is wrong or malicious, maintainers need to know where it came from. Current auto-extracted memories are not traceable enough to support a hosted reviewer.
Proposed Design
Introduce a structured memory record format, either frontmatter per file or a sidecar index:
id: mem_...
created_at: 2026-06-20T12:00:00Z
created_by: coven-code
source_kind: github_pr_review
source_repo: owner/repo
source_pr: 123
source_commit: abc123
source_actor: octocat
source_trust: maintainer
session_id: ...
transcript_ref: ...
confidence: 0.9
evidence:
- path: src/foo.rs
lines: 10-25The review runtime should preserve provenance whenever memory is loaded.
Acceptance Criteria
- Auto-extracted memories include structured provenance.
- Manually-authored memory can include provenance or be marked manual.
- Hosted review artifacts list memory IDs and provenance used.
- Tests verify persisted auto-extracted memory includes session id and source context.
- Tests verify missing provenance causes hosted mode to ignore memory unless policy permits.
Security Notes
Do not store secret values in provenance. Store references and hashes where possible.
Local source:
coven-code/issues/07-add-provenance-to-every-memory-entry.mdSummary
Every durable memory entry used in hosted review mode should carry provenance: who or what created it, from which repo/PR/commit/session, when, and with what confidence. Without provenance, memory cannot be audited or safely cited.
Current Evidence
session_memory::ExtractedMemorystorescontent,category, andconfidence.SessionMemoryExtractor::persistwrites markdown bullets with category and confidence.Problem
Review findings may depend on memory. If the memory is wrong or malicious, maintainers need to know where it came from. Current auto-extracted memories are not traceable enough to support a hosted reviewer.
Proposed Design
Introduce a structured memory record format, either frontmatter per file or a sidecar index:
The review runtime should preserve provenance whenever memory is loaded.
Acceptance Criteria
Security Notes
Do not store secret values in provenance. Store references and hashes where possible.