aaronrene / knowtation public
fix BREAKING companion/phase1 feat/companion-app #11 / 15
aaronrene · 4 days ago · Jun 5, 2026 · Diff

fix(companion/phase1): close D1.3(2) delegated-enrichment gate + org-privacy egress ordering

Thinking-tier review (Opus) of the Phase 1 Hybrid seam found one real defect and one ordering issue; both fixed. Lane selection, metering, and the other tiers were sound.

enforceConsentPolicy (lib/model-runtime-lane.mjs): - DEFECT closed: a delegate writing enrichment back to an owner's partition via a non-managed off-owner-infra lane (local companion OR openrouter BYO) was silently allowed — the gate §12 canonical defect ("a member's companion silently enriching an owner's notes"). Now fail-closed behind D1.3(2) delegatedEnrichmentAllowed (default OFF). - New params: enrichesDelegatedPartition, delegatedEnrichmentAllowed (both default false). - Org lanes (self_hosted/enterprise) governed by org policy, not this opt-in; managed stays under D1.4. Ephemeral (non-write-back) delegate completions remain allowed.

selectLane orgPrivacyMode ordering: - Flipped to self_hosted -> enterprise -> local -> openrouter -> disabled. In privacy mode, zero-egress local now outranks third-party openrouter egress (org-controlled infra still first; managed never selected).

Owner ratification (2026-06-05): the openrouter extension of D1.3 (beyond its literal "companion" wording) is accepted — a delegate's BYO key routes owner text to a third party (higher egress than on-device), so it is gated identically. Recorded in gate §13 D1.3.

Tests: 120 cases across 7 tiers, all green (+13 from the 107 baseline). New coverage: D1.3(2) gate (local + openrouter, default-OFF, consentId-cannot-override), org-privacy local-over-openrouter ordering, ephemeral-vs-enrichment distinction.

Docs: seam contract §1.3/§1.5 + threat table updated; gate §13 D1.3 clarification ratified.

sha256:d2354ecae46b55a993ec9652b667bef9178c73a5b79d13fdcffa146ead63452e sha
sha256:06bcc4854a5644481fef328207c64092d93bb8da3e8f6d25949496fa9cb2965d parent
+2 ~13 −1 symbols
sha256:a4dcd77edb24640d28e020dd6be95c45830aa3914198dc0a96c5cf01cffb64a7 snapshot
+2
symbols added
~13
symbols modified
−1
symbol removed
0
dead code introduced
Semantic Changes 16 symbols
~ docs/COMPANION-APP-DESIGN-AND-AUTHORIZATION-GATE.md .md 5 symbols modified
~ table@L432
~ table@L465
~ Companion App — Design & Authorization Gate
~ Phase 0 — Decision Record (the three hard dependencies)
~ D1 — Hosted tenancy + owner-vs-member billing/consent
~ docs/COMPANION-APP-PHASE-1-ADAPTER-SEAM.md .md 2 symbols added, 1 symbol removed, 6 symbols modified
~ code
4 consent/policy gate section 1.5 enforceConsentPolicy(params) — D1.4 consent/policy gate L88–110
+ code@L73 variable variable code@L73 L73–76
+ 3(2) consent/policy gate section 1.5 enforceConsentPolicy(params) — D1.4 + D1.3(2) consent/policy gate L95–136
~ Companion App — Phase 1 Adapter Seam Contract
~ mjs
~ 2 default-lane logic
~ Threat model and security properties (invariants under test)
~ table
~ lib/model-runtime-lane.mjs .mjs 2 symbols modified
~ enforceConsentPolicy
~ selectLane
~ test/model-runtime-lane-e2e.test.mjs .mjs
~ test/model-runtime-lane-security.test.mjs .mjs
~ test/model-runtime-lane-unit.test.mjs .mjs
Older feat(companion/phase1): ModelRuntimeAdapter lane selector + cons… sha256:06bcc4854a5644481fef328207c64092d93bb8da3e8f6d25949496fa9cb2965d All commits Newer feat(companion): Phase 2 loopback endpoint security core (pure r… sha256:edea42a90bef97963a66d35a47cb95a157c8b8469f11c4be01cedcfb9e0701ad

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:d2354ecae46b55a993ec9652b667bef9178c73a5b79d13fdcffa146ead63452e --body "your comment"