Summary
The long-term memory design specified that memory.writes: "auto" writes pass through @dawn-ai/permissions with a HITL gate (Once / Always / Deny), interrupting on the first write of a pattern — "like runBash". This was not shipped in #250. Today, in auto mode the remember tool writes records as active immediately with no permission interrupt.
Design refs: docs/superpowers/specs/2026-06-18-long-term-memory-design.md (write governance, ~L118; phasing step 4, ~L170).
Current behavior: packages/core/src/capabilities/built-in/memory.ts — status = mem.writes === "auto" ? "active" : "candidate", no gate.
Docs already disclose the gap: apps/web/content/docs/memory.mdx ("auto writes are not gated by permissions" callout).
Why this is deferred, not a quick fix
The existing permissions system models only two interrupt kinds — command (bash) and path (filesystem). See packages/permissions/src/types.ts (PermissionRequest) and packages/core/src/capabilities/permission-gate.ts. A memory write is neither, so this requires real design + cross-cutting work.
Scope of work to implement
- New permission kind
memory across:
packages/permissions/src/types.ts — extend PermissionRequest.kind + a MemoryDetail.packages/core/src/capabilities/permission-gate.ts — a gateMemoryWrite(...) + interrupt payload.packages/permissions/src/suggested-pattern.ts — a suggestedMemoryPattern(...).- Dev-server interrupt UI / resume:
packages/cli/src/lib/runtime/pending-interrupts.ts, packages/cli/src/lib/dev/runtime-server.ts.
- Thread
PermissionsStore into MemoryContext and wire it in packages/cli/src/lib/runtime/execute-route.ts (mirror workspace).
- Gate the
auto branch of remember in packages/core/src/capabilities/built-in/memory.ts before store.put.
- Tests: gate-allow / gate-deny / always-persists-rule; aimock e2e that an
auto write interrupts on first pattern and replays.
Open design question (must resolve first)
What is the pattern granularity for an "Always" memory decision? Bash patterns are command-prefix globs; path patterns are filesystem globs; a memory write has no natural analog. Candidates: per-namespace, per-kind, per-route, or per-identity-key. This needs a brainstorming/design pass before implementation — the original spec said "like runBash" without defining it.
Acceptance
writes: "auto" first write of a pattern emits a HITL interrupt with Once/Always/Deny.- "Always" persists a rule; subsequent matching writes don't interrupt.
- "Deny" blocks the write and returns a clear message to the agent.
- Spec +
memory.mdx callout updated to reflect shipped behavior.
🤖 Generated with Claude Code
Summary
The long-term memory design specified that
memory.writes: "auto"writes pass through@dawn-ai/permissionswith a HITL gate (Once / Always / Deny), interrupting on the first write of a pattern — "likerunBash". This was not shipped in #250. Today, inautomode theremembertool writes records asactiveimmediately with no permission interrupt.Design refs:
docs/superpowers/specs/2026-06-18-long-term-memory-design.md(write governance, ~L118; phasing step 4, ~L170).Current behavior:
packages/core/src/capabilities/built-in/memory.ts—status = mem.writes === "auto" ? "active" : "candidate", no gate.Docs already disclose the gap:
apps/web/content/docs/memory.mdx("auto writes are not gated by permissions" callout).Why this is deferred, not a quick fix
The existing permissions system models only two interrupt kinds —
command(bash) andpath(filesystem). Seepackages/permissions/src/types.ts(PermissionRequest) andpackages/core/src/capabilities/permission-gate.ts. A memory write is neither, so this requires real design + cross-cutting work.Scope of work to implement
memoryacross:packages/permissions/src/types.ts— extendPermissionRequest.kind+ aMemoryDetail.packages/core/src/capabilities/permission-gate.ts— agateMemoryWrite(...)+ interrupt payload.packages/permissions/src/suggested-pattern.ts— asuggestedMemoryPattern(...).packages/cli/src/lib/runtime/pending-interrupts.ts,packages/cli/src/lib/dev/runtime-server.ts.PermissionsStoreintoMemoryContextand wire it inpackages/cli/src/lib/runtime/execute-route.ts(mirror workspace).autobranch ofrememberinpackages/core/src/capabilities/built-in/memory.tsbeforestore.put.autowrite interrupts on first pattern and replays.Open design question (must resolve first)
What is the pattern granularity for an "Always" memory decision? Bash patterns are command-prefix globs; path patterns are filesystem globs; a memory write has no natural analog. Candidates: per-namespace, per-
kind, per-route, or per-identity-key. This needs a brainstorming/design pass before implementation — the original spec said "like runBash" without defining it.Acceptance
writes: "auto"first write of a pattern emits a HITL interrupt with Once/Always/Deny.memory.mdxcallout updated to reflect shipped behavior.🤖 Generated with Claude Code