Skip to content

fix(memory): collapse per-channel memory domains to project:default#557

Merged
Aaronontheweb merged 6 commits into
devfrom
claude-wt-init-wizard-0.10.1
Apr 7, 2026
Merged

fix(memory): collapse per-channel memory domains to project:default#557
Aaronontheweb merged 6 commits into
devfrom
claude-wt-init-wizard-0.10.1

Conversation

@Aaronontheweb

@Aaronontheweb Aaronontheweb commented Apr 7, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

Fixes cross-channel memory isolation, audience enforcement, and recall observability.

  • Fixes Add access-aware memory scoping beyond channel/session boundaries #203: Collapses per-channel memory domains to project:default — memory is no longer siloed by Slack channel ID. Switches find_memories to cross-domain search matching what automatic recall already does.
  • Fixes fix(memory): records INSERT omits audience and boundary columns #558: Adds audience and boundary to all record INSERT paths (ApplyInlineCurationBatchAsync, SupersedeRecordAsync). Changes NULL audience fallback from requesting audience (most permissive) to Personal (most restrictive) — untagged records fail closed. Makes Audience a required TrustAudience enum on SQLiteMemoryCurationOperation and MemoryCheckpointCandidate — omitting audience is now a compile error.
  • Fixes feat(memory): add recall observability for precision diagnosis #561: Adds session ID correlation to all recall coordinator logs. Surfaces per-candidate selector scores and a new memory_retrieval_final log with injected item titles and RecallRank scores.
  • Extracts SecurityPolicyDefaults.DefaultMemoryDomain constant replacing 10+ scattered string literals.
  • Preserves memory_class through SupersedeRecordAsync (was silently defaulting to 'evidence').
  • Uses resolvedBoundary for inline curation document INSERTs (was passing raw nullable value).

Test plan

  • All 803 tests pass
  • dotnet slopwatch analyze — 0 violations
  • Binary swap eval: Memory Pipeline GREEN (recall active + formation working)
  • Live audit: verified recalled memories in #openclaw channel
  • Verify new recall logs appear with session correlation in daemon log
  • Verify NULL-audience records no longer surface in Team channel queries

@Aaronontheweb
fix(memory): collapse per-channel memory domains to project:default (#…
290512d 
…203)

ToMemoryDomain() derived per-channel domains from session ID prefixes
(e.g. project:c0agm484p0q), causing memories stored in one Slack
channel to be invisible to find_memories searches from another.

Collapse all domains to project:default until a proper domain-scoping
mechanism is designed. Switch find_memories to SearchAcrossDomainsByPlanAsync
(cross-domain search) to match what automatic recall already does.
Audience and boundary remain the security gates.
@Aaronontheweb
refactor(memory): extract DefaultMemoryDomain constant
7834f4f 
Replace 10 scattered "project:default" string literals with
SecurityPolicyDefaults.DefaultMemoryDomain. The one remaining
literal in Netclaw.Tools.Abstractions stays because that project
has no dependency on Netclaw.Configuration.
@Aaronontheweb Aaronontheweb mentioned this pull request Apr 7, 2026
Closed
@Aaronontheweb
fix(memory): add audience/boundary to record INSERTs and fail-close N…
ae6e645 
…ULL audience (#558)

Record INSERT paths in ApplyInlineCurationBatchAsync and
SupersedeRecordAsync omitted audience and boundary columns,
leaving all records with NULL audience. Combined with the
COALESCE fallback defaulting to the requesting audience,
this caused personal DM memories to leak into Team channels.

Fix:
- Add boundary/audience to inline curation and supersede record INSERTs
- Change COALESCE fallback for NULL audience from requesting audience
  to Personal (most restrictive) — untagged records fail closed
- Change all NULL audience reader fallbacks from Public to Personal
@Aaronontheweb
fix(memory): preserve memory_class on supersede, use resolvedBoundary…
5e4409c 
… for inline docs

SupersedeRecordAsync now reads and carries forward memory_class from
the original record instead of silently defaulting to 'evidence'.

ApplyInlineCurationBatchAsync document path now uses resolvedBoundary
and operation.Audience directly, matching ApplyCurationBatchAsync.
@Aaronontheweb
refactor(memory): make Audience a required TrustAudience enum on cura…
a47b7fa 
…tion DTOs

Replace string Audience with default "public" on SQLiteMemoryCurationOperation
and MemoryCheckpointCandidate with required TrustAudience enum parameter.
Omitting audience is now a compile error, not a silent default to the most
permissive level.

- Boundary also made required (no default) on SQLiteMemoryCurationOperation
- INSERT paths call .ToWireValue() to convert enum to wire string
- All test callers updated with explicit audience and boundary values
This was referenced Apr 7, 2026
Closed
Closed
@Aaronontheweb
feat(memory): add recall observability with session correlation and s…
a95e003 
…cores (#561)

All recall coordinator logs now include the session ID for
correlation with turn-level logs. Added per-candidate selector
scores to the candidate selection log and a new
memory_retrieval_final log showing injected items with their
RecallRank scores.

DeterministicCandidateSelector exposes SelectWithScores() to
surface scoring details without changing the existing Select() API.
@Aaronontheweb Aaronontheweb force-pushed the claude-wt-init-wizard-0.10.1 branch from d56739c to a95e003 Compare April 7, 2026 16:18
@Aaronontheweb Aaronontheweb marked this pull request as ready for review April 7, 2026 16:22
@Aaronontheweb Aaronontheweb enabled auto-merge (squash) April 7, 2026 16:22
@Aaronontheweb Aaronontheweb merged commit b5d85be into dev Apr 7, 2026
3 checks passed
@Aaronontheweb Aaronontheweb deleted the claude-wt-init-wizard-0.10.1 branch April 7, 2026 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

1 participant

@Aaronontheweb