Require review output to cite memory entries used

[romgenie]

Local source: coven-code/issues/15-cite-memory-entries-used-in-review-output.md

Summary

When Coven Code uses memory to produce a review finding or recommendation, the review artifact should cite the memory entries that influenced the result.

Current Evidence

• system_prompt.rs injects memory content into a <memory> section.
• Memory is concatenated into the prompt, but there is no structured mechanism requiring the model to cite memory IDs.
• Existing auto-extracted memory bullets may not have stable IDs.

Problem

Memory makes reviews more useful, but also harder to audit. If a finding depends on a learned code pattern or project decision, maintainers need to inspect the exact memory that influenced it.

Proposed Design

Change memory prompt injection to include stable IDs:

<memory id="mem_123" trust="maintainer_approved" source="owner/repo#123">
...
</memory>

Require structured review output:

{
  "findings": [
    {
      "title": "...",
      "evidence": [...],
      "memory_refs": ["mem_123"]
    }
  ]
}

Findings with memory-dependent reasoning should cite memory refs. The app should preserve those refs in review artifacts and optionally in collapsed GitHub comment details.

Acceptance Criteria

• Memory entries have stable IDs in hosted mode.
• Review prompt includes memory IDs and provenance metadata.
• Structured review output supports memory_refs.
• Revalidation fails or warns when a memory-dependent finding has no refs.
• Tests cover prompt rendering and JSON parsing for memory refs.

Product Notes

Public comments can cite concise memory labels while the dashboard exposes full provenance.