36 lines
1.6 KiB
Markdown
36 lines
1.6 KiB
Markdown
# User Memory Policy
|
|
|
|
This skill treats user preference memory as local, explicit, and reviewable.
|
|
|
|
## Principles
|
|
|
|
- **Explicit source only**: adaptive scans require a user-provided file path.
|
|
- **Local first**: no network access is needed for preference extraction.
|
|
- **No implicit private logs**: shell history, browser history, mail, and hidden chat logs are blocked by default.
|
|
- **Repeated signals only**: one-off statements are recorded as discarded signals unless they meet the configured support threshold.
|
|
- **Redacted evidence**: stored excerpts must remove secrets, tokens, email addresses, and local absolute paths.
|
|
- **Proposal before patch**: preference memory can generate proposals, not automatic source edits.
|
|
|
|
## Allowed Inputs
|
|
|
|
Recommended inputs are curated JSONL, Markdown, or text files prepared for review. JSONL records should use a field such as `text`, `message`, `content`, `excerpt`, `prompt`, `note`, or `body`.
|
|
|
|
## Blocked By Default
|
|
|
|
The scanner refuses common shell history files such as `.zsh_history`, `.bash_history`, and `.fish_history` unless an explicit override is added for a controlled test. Even with an override, the output remains redacted and proposal-only.
|
|
|
|
## Retention
|
|
|
|
Generated reports store only summarized patterns and short redacted excerpts. They should not be treated as a full transcript, chat archive, or durable personal memory store.
|
|
|
|
## Upgrade Path
|
|
|
|
A future patch-application stage must add:
|
|
|
|
- human approval ledger;
|
|
- allowlisted target files;
|
|
- dry-run diffs;
|
|
- regression command execution;
|
|
- rollback artifacts;
|
|
- reviewer-visible audit trail.
|