feat(safety): T04 complete — memory signals integrated into rule-based risk classifier (conservative only; never bypasses confirmation). Verified live. T01-T04 now done.

This commit is contained in:
2026-05-26 03:17:38 +02:00
parent 66c7ed3806
commit 98a43f5671
3 changed files with 94 additions and 13 deletions

View File

@@ -116,17 +116,22 @@ T04 will extend risk with memory signals; T05 tests the integration; T06 docs +
```task
id: CYA-WP-0002-T04
status: todo
status: done
priority: medium
state_hub_task_id: "bc77e793-b453-46b4-9442-4461af1ef43d"
started: "2026-05-26 ralph continuation (after T03)"
completed: "2026-05-26"
```
- Extend the rule-based risk classifier (or add a memory-aware layer) to consider signals coming from memory (e.g., user has previously approved a pattern, or has a standing "never auto-run" preference).
- Ensure memory cannot be used to bypass safety.
**Done (verified).**
**Acceptance criteria**:
- Memory-influenced suggestions still respect the mandatory confirmation rules.
- Tests cover memory + safety interaction.
- Extended `classify()` (backward-compatible `memory: dict | None` param) + added `_apply_memory_signals` helper.
- Memory signals can append rationale / force `requires_confirmation=True` for matching "never" prefs.
- Hard invariant preserved: memory **never** downgrades a non-SAFE level or clears confirmation (proven by test).
- Wired the call in orchestrator (T03 already had memory in scope).
- Live verification: destructive + "never_auto_run" memory → still requires confirmation; approved signals add friendly note only.
**Acceptance criteria met** (and the core safety promise strengthened).
### T05 — Tests, observability, and graceful degradation