coulomb/phase-memory
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
phase-memory/workplans/PMEM-WP-0004-policy-audit-and-review-gates.md

6.6 KiB
Raw Permalink Blame History

id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, related_workplans, created, updated, state_hub_workstream_id
id type title domain repo status owner topic_slug planning_priority planning_order related_workplans created updated state_hub_workstream_id
PMEM-WP-0004 workplan Policy, Audit, And Review Gates markitect phase-memory finished phase-memory policy-audit P1 40
PMEM-WP-0002
PMEM-WP-0003
2026-05-18 2026-05-18 e8d405a3-3ddd-4353-81a2-518850033b8e

PMEM-WP-0004: Policy, Audit, And Review Gates

Goal

Make policy-aware memory behavior concrete enough that phase-memory can safely plan and apply memory lifecycle changes.

The project intent calls for provenance, confidence, freshness, policy metadata, reauthorization, audit, redaction, and trust-zone boundaries. The current implementation surfaces policy gates, but it does not yet enforce review gates beyond planner metadata.

Current Evidence

Current code includes:

  • PolicyDecision
  • PolicyGateway protocol
  • AuditSink protocol
  • AllowAllPolicyGateway
  • RecordingAuditSink
  • policy gate strings in profile execution plans
  • review-required flags on stabilization, compaction, refresh, and deletion proposals

The next step is an explicit authorization and audit workflow for reads, activations, writes, compactions, and phase transitions.

Non-Goals

  • Do not build a full identity platform.
  • Do not implement enterprise authorization policy languages.
  • Do not make flex-auth a hard dependency.
  • Do not store or expose secrets in test fixtures.

Implementation Update - 2026-05-18

The policy, audit, and review-gate slice is complete.

Implemented outputs:

  • phase_memory.policy defines canonical memory operation points, audit event schema helpers, review-record helpers, activation policy checks, and deterministic redaction.
  • ReviewRecord and ReviewDecision model structured local approvals and rejections for review-gated lifecycle actions.
  • Runtime audit events now use phase_memory.audit.event.v1 and carry policy decisions, source references, dry-run flags, actor labels, and subjects.
  • apply_lifecycle_actions rejects review-required actions unless the caller provides a matching approved review record or explicit local approval marker.
  • Activation planning can evaluate required labels, denied labels, trust zones, secret denial, reauthorization, and freshness policy context before package selection.
  • Policy-denied activation nodes are omitted and returned as redacted denial records with diagnostics.
  • docs/policy-audit.md documents operation points, review records, activation policy, audit envelopes, and ownership boundaries.

Validation:

  • python3 -m pytest -> 36 passed.

T01 - Define memory operation policy points

id: PMEM-WP-0004-T01
status: done
priority: high
state_hub_task_id: "1231b7bf-b23c-498d-a9d6-a6ee307aa3d4"

Define the canonical policy check points for:

  • profile import
  • graph import
  • node read
  • event read
  • activation
  • stabilization
  • compaction
  • refresh
  • delete request
  • archive
  • export

Output: operation vocabulary and tests that runtime operations call policy at the right boundary.

T02 - Add review authorization records

id: PMEM-WP-0004-T02
status: done
priority: high
state_hub_task_id: "b989d43c-eb25-4663-afd1-a54673ad565a"

Add structured review records for actions that move memory into stabilized or rigid states, compact source records, refresh source-backed facts, or request deletion.

Records should capture:

  • reviewer id or local reviewer label
  • reviewed action id
  • approval or rejection
  • timestamp
  • reason
  • policy obligations
  • source digests

Output: review record model and approval checks in the runtime facade.

T03 - Enforce durable write gates

id: PMEM-WP-0004-T03
status: done
priority: high
state_hub_task_id: "6b677c18-7135-4d54-9e46-5116645d2ebe"

Make durable write operations fail closed when profile policy declares review-gated durable writes.

Output: runtime tests proving that stabilization, rigid updates, compaction, and deletion requests cannot be applied silently.

T04 - Add activation policy checks

id: PMEM-WP-0004-T04
status: done
priority: high
state_hub_task_id: "6f07087b-e6e2-469a-9bce-71bfd21cb633"

Before memory nodes or events are included in activation packages, check:

  • required labels
  • denied labels
  • trust zone compatibility
  • secrets allowance
  • reauthorization requirements
  • source freshness requirements

Output: activation planner/runtime policy tests and omitted-item diagnostics for policy-denied records.

T05 - Add audit event schema

id: PMEM-WP-0004-T05
status: done
priority: medium
state_hub_task_id: "bb6461a8-9181-4b88-a152-334668b22208"

Define a stable audit event envelope for memory operations:

  • operation id
  • operation kind
  • subject id
  • profile id
  • graph id
  • policy decision
  • dry-run flag
  • planned action id
  • actor label
  • timestamp
  • source contract references

Output: audit schema helpers and tests for profile, lifecycle, activation, and apply operations.

T06 - Add redaction and denial diagnostics

id: PMEM-WP-0004-T06
status: done
priority: medium
state_hub_task_id: "dcdec3af-d20f-43ba-b12e-6febc4347d38"

Add deterministic redaction behavior for denied fields and policy-sensitive metadata. Redaction should be visible in diagnostics and audit events.

Output: redaction utility, denied activation examples, and regression tests.

T07 - Document policy and audit guarantees

id: PMEM-WP-0004-T07
status: done
priority: medium
state_hub_task_id: "c4e0bdff-5047-4fe5-ab86-e422d4b1a17e"

Document what the local runtime guarantees and what remains delegated to external policy infrastructure.

Output: policy architecture note with examples of allowed, denied, and review-required operations.

Acceptance Criteria

  • python3 -m pytest passes.
  • Every apply-capable operation has policy and audit coverage.
  • Activation explains policy-denied and redacted items.
  • Review-required actions fail closed without an explicit review record.
  • The policy layer remains adapter-based and does not become an identity platform.

Closure Review - 2026-05-18

Outcome: All tasks completed.

Completed

  • PMEM-WP-0004-T01 - Define memory operation policy points
  • PMEM-WP-0004-T02 - Add review authorization records
  • PMEM-WP-0004-T03 - Enforce durable write gates
  • PMEM-WP-0004-T04 - Add activation policy checks
  • PMEM-WP-0004-T05 - Add audit event schema
  • PMEM-WP-0004-T06 - Add redaction and denial diagnostics
  • PMEM-WP-0004-T07 - Document policy and audit guarantees

Cancelled

None.

Carried Forward

Optional Markitect validation and context-package compiler bridge behavior remain in PMEM-WP-0005.

Reference in New Issue View Git Blame Copy Permalink