Parent: #265
Goal
Add audit metadata and security/privacy tests for context and memory behavior.
Scope
- Track context sources per operation in
agent_context_sources or equivalent.
- Include context-source IDs in agent plan/audit payloads.
- Redact sensitive values in audit output.
- Add tests for:
- prompt injection in retrieved messages
- private-channel leaks
- response destination visibility
- deleted/expired memory facts
- unauthorized cross-user memory reads
- memory writes without confirmation
- tool calls still being re-authorized after context retrieval
Acceptance criteria
- Every agent operation records which context/memory sources were used.
- Audit payloads include source refs without leaking sensitive bodies unnecessarily.
- Prompt-injection tests prove retrieved content cannot grant scopes, change tools, or bypass confirmations.
- Privacy/security regressions fail tests.
Parent: #265
Goal
Add audit metadata and security/privacy tests for context and memory behavior.
Scope
agent_context_sourcesor equivalent.Acceptance criteria