Phase 7 Step 3d (leaf 2/5): thread config into write-security [stacked on #19]#20
Closed
ethanj wants to merge 1 commit intophase7-3d-consensus-extractionfrom
Closed
Phase 7 Step 3d (leaf 2/5): thread config into write-security [stacked on #19]#20ethanj wants to merge 1 commit intophase7-3d-consensus-extractionfrom
ethanj wants to merge 1 commit intophase7-3d-consensus-extractionfrom
Conversation
Second leaf conversion. Drops write-security.ts from the singleton importer set (32 → 31). Stacked on PR #19 until it merges. - src/services/write-security.ts: dropped `import { config }`. Both exported functions now take config explicitly: - assessWriteSecurity(content, sourceSite, WriteSecurityAssessConfig) — reads trustScoringEnabled, trustScoreMinThreshold. - recordRejectedWrite(userId, content, sourceSite, decision, WriteSecurityRecordConfig, lessons?) — reads auditLoggingEnabled, lessonsEnabled, trustScoreMinThreshold (the last is used to build the `trust:below-threshold` audit payload, which previously read the singleton at emit time). Two new exported config interfaces (Pick-style) keep the contract narrow; IngestRuntimeConfig satisfies both structurally. - src/services/memory-ingest.ts:143 + src/services/ingest-fact- pipeline.ts:84/130/168/87/170: all 6 call sites thread deps.config. No signature ripple — every caller already had deps in scope. - src/services/memory-service-types.ts: IngestRuntimeConfig gains trustScoringEnabled + trustScoreMinThreshold so deps.config satisfies both new config interfaces structurally. - src/services/__tests__/write-security.test.ts: stopped importing and mutating the runtime config singleton; builds its own config object per test instead. Cleaner — the tests are now pure unit tests with explicit inputs. - src/__tests__/config-singleton-audit.test.ts: MAX_SINGLETON_IMPORTS ratcheted 32 → 31. 963/963 tests pass. tsc --noEmit clean. fallow --no-cache 0 above threshold. Plan: phase7-v1-parity item 3d. Three leaves remain: cost-telemetry.ts, embedding.ts, llm.ts. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Author
|
Superseded — bundling all 3d leaves (consensus-extraction + write-security + cost-telemetry + embedding + llm) into a single PR per updated review direction. |
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 7 Step 3d leaf 2/5 — thread config explicitly through
write-security.tsinstead of reading the module singleton. Second drop in theMAX_SINGLETON_IMPORTSratcheting sequence: 32 → 31.Plan:
atomicmemory-research/docs/core-repo/rearchitecture/phase7-v1-parity/phase7plan.mdItem 3d.What changed
src/services/write-security.ts— dropped theimport { config }binding. Both exported functions take config explicitly:assessWriteSecurity(content, sourceSite, WriteSecurityAssessConfig)— readstrustScoringEnabled,trustScoreMinThreshold.recordRejectedWrite(userId, content, sourceSite, decision, WriteSecurityRecordConfig, lessons?)— readsauditLoggingEnabled,lessonsEnabled,trustScoreMinThreshold. The last is used to rebuild thetrust:below-thresholdaudit payload — preserved from v1 behavior.src/services/memory-ingest.ts+src/services/ingest-fact-pipeline.ts— all 6 call sites threaddeps.config. No signature ripple upstream; every caller already haddepsin scope.src/services/memory-service-types.ts—IngestRuntimeConfiggainstrustScoringEnabledandtrustScoreMinThresholdsodeps.configsatisfies both new config interfaces structurally.src/services/__tests__/write-security.test.ts— stopped importing and mutating the config singleton in tests. Each test builds its ownWriteSecurityAssessConfigexplicitly. Pure unit tests now, no module-level side effects.src/__tests__/config-singleton-audit.test.ts—MAX_SINGLETON_IMPORTSratcheted 32 → 31.Behavior preservation
The v1 audit event
trust:below-thresholdincluded athresholdfield populated fromconfig.trustScoreMinThreshold. Dropping the singleton import required threading the threshold intorecordRejectedWriteso the payload can still be emitted.WriteSecurityRecordConfig.trustScoreMinThresholdexists specifically for this.Test plan
npx tsc --noEmitcleannpm test963/963 passfallow --no-cache0 above thresholdconfig-singleton-audit.test.tspasses at new threshold 31write-security.test.tsrewritten to not depend on singleton mutation; all 3 cases still passmemory-ingest-runtime-config.test.ts,ingest-fact-pipeline-workspace.test.ts) unchanged — their mocks accept the extra arg implicitlyOut of scope
cost-telemetry.ts,embedding.ts,llm.ts.🤖 Generated with Claude Code