Require operator.admin for /dreaming persistence

[eleqtrizit]

Summary

• Requires operator.admin before /dreaming on|off persists config for scoped gateway callers
• Keeps /dreaming status and non-gateway command behavior unchanged

Changes

• Added a gateway-scope guard in the memory-core dreaming command before writing config
• Added regression coverage for write-scoped gateway callers and admin-scoped gateway callers

Validation

• Ran pnpm test extensions/memory-core/src/dreaming-command.test.ts
• Ran pnpm check
• Ran pnpm build

Notes

• The local claude -p "/review" step was attempted but blocked in this environment because the tool requested interactive approval to inspect PR state

[greptile-apps]

Greptile Summary

This PR adds an operator.admin scope guard to the /dreaming on|off command in the memory-core extension, preventing gateway clients without admin scopes from persisting dreaming config. The guard is correctly scoped: non-gateway callers (undefined gatewayClientScopes) pass through unchanged, while array-typed scopes from gateway clients require "operator.admin". Test coverage is thorough, covering write-scoped, unscoped, admin, and status-only gateway paths.

Confidence Score: 5/5

Safe to merge — the guard is correct, well-tested, and non-gateway behavior is preserved.

All findings are P2 or lower. The requiresAdminToMutateDreaming logic correctly handles the three cases (undefined = non-gateway allow, empty array = block, admin scope = allow). Tests cover all relevant gateway paths. No regressions to existing non-gateway behavior.

No files require special attention.

Vulnerabilities

No security concerns identified. The PR strengthens the security posture by gating config-write access behind operator.admin for gateway callers, consistent with similar guards elsewhere (e.g., canBypassConfigWritePolicyShared, Telegram's target-writeback.ts).

_{Reviews (2): Last reviewed commit: "fix(dreaming): normalize gateway scopes ..." | Re-trigger Greptile}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7c355d35ea

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[eleqtrizit]

@codex review

[eleqtrizit]

@greptile review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 🚀

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".