fix(wiki): reject audit artefacts (backfill, stage-N, path/URL titles)

cdeust · claude · cdeust · commit be528556f55e · 2026-04-15T14:45:08.000+02:00
The wiki should only contain curated knowledge (specs, ADRs, architecture,
security, lessons, conventions). Before this change, backfill imports,
session summaries, code-review reports, and file/URL access logs were
leaking through the classifier and polluting the wiki view.

Three new rejection gates in classify_memory:

  1. Audit-tag gate (runs BEFORE user rules, so even "Decision:"-shaped
     backfills are rejected): _backfill, imported, session-summary,
     tool-output, code-review, stage-1..11, audit, automated, wip, progress.

  2. Path/URL title gate: titles starting with /, ~, drive-letter,
     https://, ftp://, file://, or bare filenames like "resume.pdf"
     are audit records, not curated pages.

  3. Audit-title gate: titles containing "stage N", "code review",
     "audit report", "session summary" are work-product reports.

Also ran a one-shot purge on the existing wiki: 144 → 63 pages.
81 pages removed were session artefacts; memories remain in the store
for recall and audit, only the wiki files were deleted.

Added 11 regression tests (tests_py/core/test_wiki_classifier.py)
covering each new rejection plus positive controls (valid ADR and
lesson still admitted).

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/mcp_server/core/wiki_classifier.py b/mcp_server/core/wiki_classifier.py
@@ -155,6 +155,59 @@
     ),
 ]
 
+# Path- or URL-shaped titles — these are file/URL access audit records,
+# not curated knowledge. Keep them as memories (for recall), refuse
+# promotion to the wiki.
+_PATH_OR_URL_TITLE_PATTERNS = [
+    # Absolute POSIX / Windows path as title
+    re.compile(r"^\s*#*\s*[/~]"),
+    re.compile(r"^\s*#*\s*[A-Za-z]:[\\/]"),  # Windows drive letter
+    # URL as title
+    re.compile(r"^\s*#*\s*(https?|ftp|file|ssh|git)://", re.IGNORECASE),
+    # Lone filename as the bulk of the title
+    re.compile(
+        r"^\s*#*\s*[\w.-]+\.(pdf|png|jpg|jpeg|svg|gif|zip|tar\.gz|docx?|xlsx?|csv|log|yaml|yml)\b",
+        re.IGNORECASE,
+    ),
+]
+
+# Session / audit artefact tags — these are recall-fodder, not wiki-worthy.
+# Any hit in tags auto-rejects from the wiki (memory is preserved separately).
+_AUDIT_TAGS = frozenset(
+    {
+        "_backfill",
+        "imported",
+        "session-summary",
+        "tool-output",
+        "code-review",
+        "stage-1",
+        "stage-2",
+        "stage-3",
+        "stage-4",
+        "stage-5",
+        "stage-6",
+        "stage-7",
+        "stage-8",
+        "stage-9",
+        "stage-10",
+        "stage-11",
+        "audit",
+        "automated",
+        "wip",
+        "progress",
+    }
+)
+
+# Audit/review-shaped title patterns — "stage N:", "code review", "audit:",
+# "session N" — these are work-product reports, not durable knowledge.
+_AUDIT_TITLE_PATTERNS = [
+    re.compile(r"\bstage[ -]?\d+\b", re.IGNORECASE),
+    re.compile(
+        r"\b(code[ -]?review|audit[ -]?report|review[ -]?notes?)\b", re.IGNORECASE
+    ),
+    re.compile(r"\bsession[ -]?(summary|log|report|\d+)\b", re.IGNORECASE),
+]
+
 
 def _fails_hard_negatives(content: str, first_line: str) -> bool:
     """Return True if content hits any hard-negative pattern.
@@ -177,9 +230,25 @@ def _fails_hard_negatives(content: str, first_line: str) -> bool:
     for pat in _DEIXIS_PATTERNS:
         if pat.search(first_line):
             return True
+    for pat in _PATH_OR_URL_TITLE_PATTERNS:
+        if pat.search(first_line):
+            return True
+    for pat in _AUDIT_TITLE_PATTERNS:
+        if pat.search(first_line):
+            return True
     return False
 
 
+def _fails_audit_tag_gate(tags: set[str]) -> bool:
+    """Return True if any audit/session tag is present.
+
+    Audit-tagged memories are valuable for recall but should never be
+    promoted to the wiki — the wiki is for curated specs, ADRs,
+    architecture, security, and lessons.
+    """
+    return bool(tags & _AUDIT_TAGS)
+
+
 # ── Positive quality signals (admit only if ≥ threshold) ──────────────
 
 _STRUCTURE_HEADING = re.compile(r"^#{1,4}\s+\S", re.MULTILINE)
@@ -374,6 +443,16 @@ def classify_memory(content: str, tags: list[str] | None = None) -> str | None:
     stripped = content.strip()
     first_line = stripped.split("\n", 1)[0].strip()
 
+    # Gate -1 — Audit-tag gate (runs BEFORE user rules).
+    # Session artefacts (backfill, imports, tool output, code reviews,
+    # stage reports) are memory-only. They are valuable for recall but
+    # noise in the wiki. This runs first because even a user rule that
+    # matches "Decision:" should not override the audit-tag disqualifier:
+    # backfilled decisions are still backfill, not curated knowledge.
+    tag_set_pre = {t.lower() for t in (tags or [])}
+    if _fails_audit_tag_gate(tag_set_pre):
+        return None
+
     # Gate 0 — User-editable rules (Phase 5.1).
     # If the wiki has rules in `_rules/*.md`, they fire BEFORE the
     # hardcoded defaults so the user can override any built-in
@@ -398,13 +477,14 @@ def classify_memory(content: str, tags: list[str] | None = None) -> str | None:
     if slug in _REJECT_TITLES:
         return None
 
-    # Gate 2 — Hard-negative gate (task-shape, narration, status, deixis)
+    # Gate 2 — Hard-negative gate (task-shape, narration, status, deixis,
+    # path/URL titles, audit-shaped titles)
     if _fails_hard_negatives(content, first_line):
         return None
 
     # Tag-based fast-path: explicit knowledge tags bypass positive scoring.
     # The caller has declared intent; trust the declaration.
-    tag_set = {t.lower() for t in (tags or [])}
+    tag_set = tag_set_pre
     _EXPLICIT_KNOWLEDGE_TAGS = {
         "decision",
         "adr",
diff --git a/tests_py/core/test_wiki_classifier.py b/tests_py/core/test_wiki_classifier.py
@@ -0,0 +1,99 @@
+"""Regression tests for wiki_classifier audit-gate and path/URL rejection."""
+
+from __future__ import annotations
+
+from mcp_server.core.wiki_classifier import classify_memory
+
+
+# ── Audit-tag gate ────────────────────────────────────────────────────
+
+
+def test_backfill_tag_rejects_even_with_rich_content() -> None:
+    content = (
+        "Decision: adopt pgvector with HNSW (m=16, ef_construction=64) "
+        "because benchmarks show 3x improvement over IVFFlat at this scale. "
+        "Consequences: Postgres becomes a hard dependency."
+    )
+    assert classify_memory(content, tags=["imported", "_backfill"]) is None
+
+
+def test_session_summary_tag_rejects() -> None:
+    content = (
+        "Session abc-123 in domain 'cortex' | category: bug-fix | "
+        "topics: recall, regression, pgvector"
+    )
+    assert classify_memory(content, tags=["session-summary"]) is None
+
+
+def test_stage_tag_rejects_audit_artefact() -> None:
+    content = (
+        "ai-architect-mcp stage 1 code review (src/main.rs, 1042 LOC): "
+        "APPROVED-WITH-CHANGES. Five engineer-flagged concerns: "
+        "MergeMode::PreserveRefined CORRECT, validate_safe_id CORRECT..."
+    )
+    assert classify_memory(content, tags=["stage-1", "code-review"]) is None
+
+
+# ── Path/URL title gate ───────────────────────────────────────────────
+
+
+def test_posix_path_title_rejects() -> None:
+    content = (
+        "/Users/alice/Downloads/resume.pdf\nhttps://linkedin.com/in/alice/\n\n"
+        "Context note about the file."
+    )
+    assert classify_memory(content, tags=["paper"]) is None
+
+
+def test_home_path_title_rejects() -> None:
+    content = "~/code/cortex/mcp_server/core/pg_recall.py has a bug."
+    assert classify_memory(content, tags=["bug-fix"]) is None
+
+
+def test_url_title_rejects() -> None:
+    content = (
+        "https://arxiv.org/abs/2310.12345\n\n"
+        "This paper proposes WRRF fusion. Results show R@10 = 97.8%."
+    )
+    assert classify_memory(content, tags=["paper", "research"]) is None
+
+
+def test_lone_filename_title_rejects() -> None:
+    content = "resume-v3.pdf contains my latest CV as of April 2026."
+    assert classify_memory(content, tags=[]) is None
+
+
+# ── Audit-shaped titles ───────────────────────────────────────────────
+
+
+def test_stage_n_in_title_rejects() -> None:
+    content = "stage 3 research verdict: GitNexus is MIT licensed and usable."
+    assert classify_memory(content, tags=["research"]) is None
+
+
+def test_code_review_title_rejects() -> None:
+    content = "Code review notes for PR #42: three concerns raised around SRP."
+    assert classify_memory(content, tags=["review"]) is None
+
+
+# ── Positive control: real ADR/lesson still admitted ─────────────────
+
+
+def test_valid_adr_admitted() -> None:
+    content = (
+        "Decision: use pgvector over IVFFlat for ANN search. Context: "
+        "100k memories need sub-100ms cosine retrieval. Decided to adopt "
+        "HNSW (m=16, ef_construction=64) because benchmarks show 3x improvement. "
+        "Consequences: Postgres becomes mandatory."
+    )
+    assert classify_memory(content, tags=["decision", "architecture"]) == "adr"
+
+
+def test_valid_lesson_admitted() -> None:
+    content = (
+        "The bug was that FlashRank ONNX cache persisted stale weights across "
+        "container restarts. Root cause: cache key did not include model hash. "
+        "Fix: include model SHA in the cache key. Never ship a cache keyed only "
+        "on path again."
+    )
+    assert classify_memory(content, tags=["lesson", "bug-fix"]) == "lesson"
