Hosted Review Mode — security & memory hardening track

[BunsDev]

Hosted Review Mode — security & memory hardening track

Tracking issue for the 16-part design audit filed on 2026-06-20 by @romgenie. The goal of this track is to make Coven Code safe to run as a hosted GitHub App reviewer, where one process reviews many repositories across many tenants. The current memory and session model is correct for a single local user but lacks the tenant/installation/repo/branch isolation, trust classification, provenance, and audit controls required for hosted operation.

The 16 issues form a coherent spec when read in this suggested order. They reference the source files most affected: src-rust/crates/core/src/memdir.rs, claudemd.rs, session_storage.rs, session_memory.rs, team_memory_sync.rs, settings_sync.rs, system_prompt.rs, and query/src/lib.rs.

Suggested order of attack

1. Hosted-mode foundation

The flag/mode everything else conditions on.

• Add a hosted-mode memory isolation model #97 — Add a hosted-mode memory isolation model
• Disable global user memory in hosted review mode #100 — Disable global user memory in hosted review mode

2. Identity & scoping (multi-tenant correctness)

Replace path-keyed identity with canonical GitHub identity.

• Scope hosted memory by canonical repo identity instead of local path #99 — Scope hosted memory by canonical repo identity instead of local path
• Derive and verify project_id from canonical GitHub repo identity #104 — Derive and verify project_id from canonical GitHub repo identity
• Scope hosted memory by GitHub App installation or tenant #98 — Scope hosted memory by GitHub App installation or tenant
• Split hosted memory by branch and security domain #110 — Split hosted memory by branch and security domain

3. Trust & poisoning defense (core security work)

The memory-poisoning defense.

• Block untrusted PR and fork input from durable memory writes #101 — Block untrusted PR and fork input from durable memory writes
• Add trust classification for memory sources #107 — Add trust classification for memory sources
• Add an approval gate for auto-extracted memories #108 — Add an approval gate for auto-extracted memories

4. Metadata & provenance (audit & inspection)

• Make memory frontmatter scope and trust enforceable #105 — Make memory frontmatter scope and trust enforceable
• Add provenance metadata to every memory entry #106 — Add provenance metadata to every memory entry
• Require review output to cite memory entries used #112 — Require review output to cite memory entries used

5. Secrets, sync, retention (operational hygiene)

• Enforce secret scanning before memory write or sync #102 — Enforce secret scanning before memory write or sync
• Harden team-memory sync auth and keying for tenant and repo isolation #103 — Harden team-memory sync auth and keying for tenant and repo isolation
• Replace server-wins team-memory pull with conflict handling #111 — Replace server-wins team-memory pull with conflict handling
• Add memory retention, deletion, and redaction controls #109 — Add memory retention, deletion, and redaction controls

Notes for whoever picks this up

• The 16 issue bodies reference local markdown sources at coven-code/issues/NN-*.md that were never committed to the repo — only the GH issues exist. If @romgenie still has the markdown, landing it in coven-code/issues/ would be useful for offline review and version control.
• Each issue cites concrete source files and acceptance criteria, so individual issues are estimable.
• Pairing suggestion: the four sub-tracks (foundation / identity / trust / metadata / hygiene) are roughly independent at the API layer, so 2-3 of them could be developed in parallel after the foundation lands.
• Tests for hosted mode behavior should live next to local mode tests in each affected crate; do not regress local CLI behavior.

Status

• 2026-06-27: 16 issues labeled security + hosted-mode. No PRs yet.

[romgenie]

issues.zip @BunsDev Attached includes the .md files and the diagrams for the architecture.