Review-before-save

The contract

AI-generated, imported, and agent-proposed writes enter a candidate row first.
A workspace member reviews each candidate.
Only approved candidates become trusted project memory.
There is no token bypass.

What gets checked around the gate

Human approval is the decision point, not the whole system. Checks run before, around, and after it.

• Before review: every candidate arrives pre-scored. Confidence, goal match, and source backing are computed and shown to the reviewer, and credential-shaped or instruction-like wording is flagged for a careful read.
• After approval: memory keeps being checked. Stale, conflicting, expired, and weakly-sourced items are surfaced, retire from context packs, and are named in the pack preview instead of briefing the next tool as current truth.
• Around every handoff: a pack is checked against open conflicts and the stated task before it leaves, and the outcome that comes back, including failure, is recorded against the export.
• Underneath: the capture, extraction, and scoring machinery is exercised against fixture suites with scored pass/fail runs, so the pipeline itself is tested like code.

Where this applies

• REST API writes, POST /candidates lands in the review queue.
• MCP writes, the same service function as REST.
• Connector sync, every imported row enters as a candidate.
• Browser Capture, captures route through the same queue.

What this prevents

• Agents writing claims that look authoritative without human approval.
• Connectors flooding memory with low-confidence content.
• Tokens being used as a backdoor for unsupervised writes.