Local source: coven-code/issues/03-scope-memory-by-canonical-repo-identity.md
Summary
Hosted review memory should be keyed by canonical GitHub repository identity, not by local checkout path. The current local memory and transcript stores use project root paths, which is fragile in CI, worker pools, and hosted GitHub App deployments.
Current Evidence
session_storage::transcript_dir(project_root) uses base64url of the local project root.
memdir::auto_memory_path(project_root) uses a sanitized local project root component.
settings_sync comments mention project memory keyed by git-remote hash, but helpers accept a caller-supplied project_id.
Problem
Path-derived identity causes several risks:
- Two checkouts of the same repo under different paths do not share correct memory.
- A reused workspace path can inherit memory from a different repo.
- Fork checkouts and upstream checkouts can collide or diverge incorrectly depending on path layout.
- Hosted workers cannot rely on filesystem path as a security boundary.
Proposed Design
Add a canonical repo identity resolver for hosted mode:
pub struct CanonicalRepoIdentity {
pub provider: String, // github
pub host: String, // github.com or enterprise host
pub owner: String,
pub name: String,
pub repo_id: Option<String>,
pub node_id: Option<String>,
pub default_branch: Option<String>,
}
The GitHub App control plane should pass repo_id, node_id, and full_name from webhook payloads or REST responses. Coven Code should not trust git remote as the only source in hosted mode.
Acceptance Criteria
- Hosted mode accepts canonical repo identity as structured input.
- Memory and transcript paths use canonical repo identity, not local checkout path.
- If canonical identity is missing in hosted mode, durable memory read/write fails closed.
- Tests cover same repo at two paths mapping to the same hosted memory namespace.
- Tests cover different repos at the same path mapping to different namespaces.
- Documentation explains local path identity versus hosted canonical identity.
Implementation Notes
Local interactive mode can continue using project_root. Hosted mode should use GitHub payload identity first, with git remote only as a fallback for diagnostics.
Local source:
coven-code/issues/03-scope-memory-by-canonical-repo-identity.mdSummary
Hosted review memory should be keyed by canonical GitHub repository identity, not by local checkout path. The current local memory and transcript stores use project root paths, which is fragile in CI, worker pools, and hosted GitHub App deployments.
Current Evidence
session_storage::transcript_dir(project_root)uses base64url of the local project root.memdir::auto_memory_path(project_root)uses a sanitized local project root component.settings_synccomments mention project memory keyed by git-remote hash, but helpers accept a caller-suppliedproject_id.Problem
Path-derived identity causes several risks:
Proposed Design
Add a canonical repo identity resolver for hosted mode:
The GitHub App control plane should pass
repo_id,node_id, andfull_namefrom webhook payloads or REST responses. Coven Code should not trustgit remoteas the only source in hosted mode.Acceptance Criteria
Implementation Notes
Local interactive mode can continue using
project_root. Hosted mode should use GitHub payload identity first, with git remote only as a fallback for diagnostics.