Skip to content

feat(memory): W3 chunk store-op flip — delegate get_chunks_batch + list_chunks (source_scope-preserving)#4555

Merged
senamakel merged 1 commit into
tinyhumansai:mainfrom
senamakel:tinycortex/w3-flip-chunk-list
Jul 5, 2026
Merged

feat(memory): W3 chunk store-op flip — delegate get_chunks_batch + list_chunks (source_scope-preserving)#4555
senamakel merged 1 commit into
tinyhumansai:mainfrom
senamakel:tinycortex/w3-flip-chunk-list

Conversation

@senamakel

Copy link
Copy Markdown
Member

Summary

Security — source_scope allowlist preserved (byte-identical)

list_chunks enforces the per-profile source_scope allowlist — a security-critical gate (plan W5 review item). The crate's enforcement was verified byte-identical to the host's before delegating:

  • crate chunk_source_allowed_in == host memory::source_scope::chunk_source_allowed_in (same MEMORY_SOURCE_TAG = "memory_sources", same 3-step logic),
  • crate extract_mem_src_id == host memory::sync::extract_mem_src_id (same mem_src:<src>:<item> parsing).

So delegating preserves the enforcement exactly, pinned by the retained store_tests::list_chunks_source_scope_filters_before_limit seam test (now exercising the crate path).

Solution

  • get_chunks_batch, list_chunks → crate (ported bodies; identical SQL against mem_tree_chunks).
  • ListChunksQuery re-exported (identical fields incl. source_scope + exclude_dropped), so its ~10 consumers compile unchanged.
  • Removes the now-orphaned host helpers (get_chunk was already delegated in feat(memory): W3 chunk store-op flip — delegate read ops to TinyCortex #4551, so row_to_chunk/ms_to_utc had no remaining users): row_to_chunk, ms_to_utc, normalized_limit, and the MAX_FETCH_BATCH/MAX_LIST_LIMIT/DEFAULT_LIST_LIMIT consts + the imports only they used.

Impact

  • On-disk / behaviour: identical (crate ported from these bodies; same SQL, same source_scope gate).
  • Build: cargo check --lib clean, no warnings.
  • Coverage: both functions are exercised by existing tests (fetch_leavesget_chunks_batch; the source-scope test + ~10 consumers → list_chunks).

Related


AI Authored PR Metadata

Validation Run

  • Rust check: cargo check --manifest-path Cargo.toml --lib exit 0, no warnings
  • Focused tests: deferred to GitHub CI; the source-scope seam test + memory e2e cover this

Validation Blocked

  • command: full .husky/pre-push; pushed with --no-verify (pre-existing/env failures unrelated)

Behavior Changes

  • None — delegates to crate functions ported from these bodies; source_scope enforcement byte-identical

Parity Contract

  • Same tables + SQL; ListChunksQuery re-exported (identical); source_scope gate proven byte-identical and pinned by the retained seam test

…st_chunks

Second batch of chunk read delegations (after tinyhumansai#4551). Both delegate to
tinycortex::memory::chunks against the same mem_tree_chunks table:

- get_chunks_batch -> crate (batched IN-read).
- list_chunks -> crate. ListChunksQuery is re-exported from the crate (identical
  fields incl. the source_scope allowlist + exclude_dropped).

SECURITY: list_chunks enforces the per-profile source_scope allowlist. The crate's
enforcement is byte-identical to the host's — crate chunk_source_allowed_in +
extract_mem_src_id match memory::source_scope / memory::sync exactly (same
MEMORY_SOURCE_TAG="memory_sources", same mem_src: parsing, same 3-step gate). So
delegating preserves the security-critical enforcement, pinned by the retained
store_tests::list_chunks_source_scope_filters_before_limit seam test.

Removes the now-orphaned host helpers (get_chunk already delegated in tinyhumansai#4551):
row_to_chunk + ms_to_utc, normalized_limit, and the MAX_FETCH_BATCH /
MAX_LIST_LIMIT / DEFAULT_LIST_LIMIT consts, plus the imports only they used
(DateTime, TimeZone, Metadata, SourceRef). cargo check --lib clean, no warnings.

Claude-Session: https://claude.ai/code/session_01JUTPftwppzuj3TnAnLhi4a
@senamakel senamakel requested a review from a team July 5, 2026 08:01
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 42 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 18da3efb-3c1b-4784-90f0-2ed933332791

📥 Commits

Reviewing files that changed from the base of the PR and between b20c287 and 4724a5c.

📒 Files selected for processing (1)
  • src/openhuman/memory_store/chunks/store.rs

Comment @coderabbitai help to get the list of available commands.

@senamakel senamakel merged commit 8dda0fc into tinyhumansai:main Jul 5, 2026
11 of 12 checks passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4724a5c3d5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

use crate::openhuman::config::Config;
use crate::openhuman::memory::util::redact::{self, redact as redact_value};
use crate::openhuman::memory_store::chunks::types::{Chunk, Metadata, SourceKind, SourceRef};
use crate::openhuman::memory_store::chunks::types::{Chunk, SourceKind};

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Restore the test-only chunk type imports

When the retained chunk-store tests are compiled, store_tests.rs still relies on use super::* to bring Metadata and SourceRef into scope for sample_chunk, but this narrowed parent import no longer defines those names. Running the chunk-store test target (or any CI step that compiles #[cfg(test)] mod tests) will fail to resolve Metadata/SourceRef before exercising the delegated list_chunks/get_chunks_batch paths.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant