fix(memory): close Codex Wave 1 audit conditions (auto_triage + supersede guard)

Codex's formal audit of fb4d55c said GO WITH CONDITIONS. Two P2 findings to fold in before merge: 1. auto_triage.py:417 still PUT {"content": cand["content"]} — the suggested-project correction was unreachable even with MemoryUpdateRequest.project in place. Changed body to {"project": suggested} so misattribution flags actually retarget the memory. Added a regression test that asserts the script source contains the new PUT shape, so a future "optimization" can't silently undo this. 2. POST /memory/{id}/supersede had no status guard — calling supersede_memory() delegated to update_memory(status="superseded"), which would silently flip a candidate to superseded. Mirrored the invalidate route: get_memory(id) lookup, 404 unknown / 200 already_superseded / 409 wrong-status / 200 superseded. Plus a P3 from the same audit: covered the "retarget to project='' when a global active duplicate exists" case via test_update_memory_to_empty_project_detects_global_duplicate. Tests: 581 -> 586 (+5: 3 supersede route + 1 project-empty duplicate + 1 auto_triage caller invariant). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 21:53:39 -04:00
parent 4e6fba7cb9
commit 3a474f750c
4 changed files with 91 additions and 8 deletions
--- a/scripts/auto_triage.py
+++ b/scripts/auto_triage.py
@@ -404,19 +404,23 @@ def process_candidate(cand, base_url, active_cache, state_cache, known_projects,
        known_projects, TIER1_MODEL, DEFAULT_TIMEOUT_S,
    )

-    # Project misattribution fix: suggested_project surfaces from tier 1
+    # Project misattribution fix: suggested_project surfaces from tier 1.
+    # Earlier code POSTed only {"content": cand["content"]}, which left
+    # the project field unchanged because MemoryUpdateRequest had no
+    # project key and the service signature didn't accept one. Wave 1
+    # added project to MemoryUpdateRequest and update_memory(); this
+    # caller now actually applies the suggested project.
    suggested = (v1.get("suggested_project") or "").strip()
    if suggested and suggested != project and suggested in known_projects:
-        # Try to re-canonicalize the memory's project
        if not dry_run:
            try:
                import urllib.request as _ur
                req = _ur.Request(
                    f"{base_url}/memory/{mid}", method="PUT",
                    headers={"Content-Type": "application/json"},
-                    data=json.dumps({"content": cand["content"]}).encode("utf-8"),
+                    data=json.dumps({"project": suggested}).encode("utf-8"),
                )
-                _ur.urlopen(req, timeout=10).read()  # triggers canonicalization via update
+                _ur.urlopen(req, timeout=10).read()
            except Exception:
                pass
        print(f"    ↺ misattribution flagged: {project!r} → {suggested!r}")