Decisions & open questions

A running log of what's locked for v0 and what still needs your call.

Locked for v0 (this commit)

Decision	Choice	Rationale
First deliverable	Schema + spec first	The transcript shape is the contract everything else depends on; pin it before building client/server.
Auth	Web signup issues a revocable key; no interactive login at submit time	Clean revocation + scoping; supports the hiring-signal identity angle.
Privacy model	Client-side redaction, configurable per use case via named profiles	Local-first; each use case (research, hiring, strict) carries its own posture.
Sources	Pluggable adapter interface, seeded with Claude Code + Codex	New agents = one adapter; no core changes.

Where does ingestion land? Managed API + object store (S3/GCS) vs. Supabase vs. a thin serverless function. Affects the upload-init flow.
Identity provider for signup — email magic-link vs. GitHub OAuth. GitHub strengthens the hiring signal but narrows the audience.
Default profile shipped with the CLI — strict (safest, less useful data) vs. research (richer, still redacted). Recommendation: strict, and nudge contributors toward research interactively.
Consent & licensing — what rights does a submitter grant on upload? This matters a lot for the hiring/commercial use cases and should be explicit at agentsync login time.
Reasoning/thinking content — include by default? It's high-value for research but can leak intent/PII. Currently gated behind includeReasoning.
Server-side re-scan posture — reject (422) vs. quarantine-and-notify on a detected secret. Recommendation: reject by default, quarantine opt-in.

End-to-end encryption to consumer-held keys (store ciphertext only).
Aggregate-only / differential-privacy submissions for sensitive orgs.
Self-hosted ingestion endpoint (--endpoint), so data never touches shared infra.
Adapter discovery via agentsync-adapter-* npm packages.