@aletheia-labs/core 0.1.0

package/dist/runtime/write-gate.js

@@ -0,0 +1,293 @@
+/**
+ * WriteGate — proposal-to-atom governance.
+ *
+ * Phase 1.3 implements the conservative path: validate sources, scope,
+ * visibility, explicit conflict markers, and promotion boundary before any
+ * MemoryAtom is inserted. The gate never upgrades a claim beyond `candidate`;
+ * human/sensitive/conflicted proposals become non-actionable `human_required`
+ * atoms instead.
+ */
+import { MemoryAtomSchema, MemoryProposalSchema, scopeKey } from '../types/index.js';
+import { SYSTEM_CLOCK, decision } from './decision-helpers.js';
+import { evaluateProposalSafety } from './proposal-safety.js';
+import { includesVisibility, sameScope } from './scope-helpers.js';
+import { DENY_ALL_VISIBILITY_POLICY } from './visibility-policy.js';
+function defaultMemoryIdForProposal(proposal) {
+    return `mem:${proposal.proposalId}`;
+}
+function proposalRequiresHuman(proposal) {
+    return (proposal.riskLevel === 'sensitive' ||
+        proposal.intendedScope.kind === 'global' ||
+        proposal.intendedVisibility.kind === 'global:safe' ||
+        proposal.intendedVisibility.kind === 'sealed:sensitive');
+}
+function proposalLinks(proposal) {
+    return proposal.knownConflicts.map((known) => ({
+        relation: 'contradicts',
+        targetMemoryId: known.conflictingMemoryId,
+    }));
+}
+function baseScores(proposal, sourceEvents) {
+    // Informational metadata only. No runtime allow/abstain/ask_human decision
+    // reads these numbers as authority; gates use explicit source, scope,
+    // visibility, conflict, status, freshness, and action checks.
+    const evidence = sourceEvents.length / proposal.sourceEventIds.length;
+    const conflictPenalty = proposal.knownConflicts.length > 0 ? 0.25 : 0;
+    const humanPenalty = proposalRequiresHuman(proposal) ? 0.2 : 0;
+    return {
+        confidence: Math.max(0.2, 0.65 - conflictPenalty),
+        evidence,
+        authority: Math.max(0, 0.4 - conflictPenalty - humanPenalty),
+        freshness: 0.75,
+        stability: Math.max(0.2, 0.45 - conflictPenalty),
+        consensus: proposal.knownConflicts.length === 0 ? 0.4 : 0.1,
+    };
+}
+function sourceScopeFailure(proposal, event) {
+    return {
+        kind: 'scope_outside_boundary',
+        requestedScope: scopeKey(proposal.intendedScope),
+        allowedScope: scopeKey(event.scope),
+    };
+}
+export class WriteGate {
+    options;
+    visibilityPolicy;
+    clock;
+    memoryIdForProposal;
+    /**
+     * Create a proposal gate over explicit storage ports.
+     *
+     * @remarks
+     * The gate is intentionally storage-agnostic. Implementations supply the
+     * event ledger, memory store, conflict registry, visibility policy, and
+     * optional deterministic clock.
+     */
+    constructor(options) {
+        this.options = options;
+        this.visibilityPolicy = options.visibilityPolicy ?? DENY_ALL_VISIBILITY_POLICY;
+        this.clock = options.clock ?? SYSTEM_CLOCK;
+        this.memoryIdForProposal = options.memoryIdForProposal ?? defaultMemoryIdForProposal;
+    }
+    /**
+     * Evaluate and persist a proposal when it passes the source/scope boundary.
+     *
+     * @remarks
+     * This is the consumer-facing alias for `evaluate()`. It records auditable
+     * human-required/conflicted atoms when the source evidence is valid but the
+     * proposal cannot become actionable yet.
+     */
+    async propose(proposal) {
+        return this.evaluate(proposal);
+    }
+    /**
+     * Run the full WriteGate pipeline for one proposal.
+     *
+     * @remarks
+     * Implementation order is deliberate: parse proposal, derive permitted
+     * visibility, verify write visibility, load source events, validate scope,
+     * query conflict state, construct a zod-validated atom, then insert. Model
+     * confidence, consensus, prose, and chain metadata never grant authority.
+     */
+    async evaluate(proposal) {
+        const emittedAt = this.clock.now();
+        const proposalResult = MemoryProposalSchema.safeParse(proposal);
+        if (!proposalResult.success) {
+            return {
+                decision: decision('deny', [
+                    {
+                        kind: 'tuple_incomplete',
+                        missingFields: schemaIssuePaths(proposalResult.error.issues, 'proposal'),
+                    },
+                ], [], [], emittedAt),
+                atom: null,
+                sourceEvents: [],
+                conflicts: [],
+            };
+        }
+        const validProposal = proposalResult.data;
+        const permitted = this.visibilityPolicy.permittedVisibilitiesForAgent(validProposal.proposedBy);
+        if (permitted.length === 0) {
+            return {
+                decision: decision('deny', [
+                    {
+                        kind: 'visibility_denied',
+                        detail: 'proposer has no permitted visibility planes',
+                    },
+                ], [], [], emittedAt),
+                atom: null,
+                sourceEvents: [],
+                conflicts: [],
+            };
+        }
+        if (!includesVisibility(permitted, validProposal.intendedVisibility)) {
+            return {
+                decision: decision('deny', [
+                    {
+                        kind: 'visibility_denied',
+                        detail: 'proposer cannot write the requested visibility plane',
+                    },
+                ], [], [], emittedAt),
+                atom: null,
+                sourceEvents: [],
+                conflicts: [],
+            };
+        }
+        const sourceEvents = await this.loadSourceEvents(validProposal.sourceEventIds, permitted);
+        if (sourceEvents.length !== validProposal.sourceEventIds.length) {
+            return {
+                decision: decision('deny', [
+                    {
+                        kind: 'source_check_failed',
+                        detail: 'one or more source events are missing or not visible',
+                    },
+                ], [], [], emittedAt),
+                atom: null,
+                sourceEvents,
+                conflicts: [],
+            };
+        }
+        const outOfScopeEvent = sourceEvents.find((event) => !sameScope(event.scope, validProposal.intendedScope));
+        if (outOfScopeEvent !== undefined) {
+            return {
+                decision: decision('block_local', [sourceScopeFailure(validProposal, outOfScopeEvent)], [], [], emittedAt),
+                atom: null,
+                sourceEvents,
+                conflicts: [],
+            };
+        }
+        const safetyFinding = evaluateProposalSafety(validProposal);
+        if (safetyFinding?.outcome === 'deny') {
+            return {
+                decision: decision('deny', [safetyFinding.reason], [], [], emittedAt),
+                atom: null,
+                sourceEvents,
+                conflicts: [],
+            };
+        }
+        const knownConflictIds = validProposal.knownConflicts.map((known) => known.conflictingMemoryId);
+        const conflicts = knownConflictIds.length > 0
+            ? await this.options.conflictRegistry.query({
+                touchingMemoryIds: knownConflictIds,
+                statuses: ['unresolved', 'requires_human'],
+                scope: validProposal.intendedScope,
+                permittedVisibilities: permitted,
+            })
+            : [];
+        const conflictIds = conflicts.map((conflict) => conflict.conflictId);
+        const conflictTargetIds = validProposal.knownConflicts.map((known) => known.conflictingMemoryId);
+        const requiresHuman = proposalRequiresHuman(validProposal) ||
+            safetyFinding?.outcome === 'ask_human' ||
+            validProposal.knownConflicts.length > 0 ||
+            conflicts.length > 0;
+        const atom = {
+            memoryId: this.memoryIdForProposal(validProposal),
+            memoryType: validProposal.candidateType,
+            content: validProposal.claim,
+            sourceAgentId: validProposal.proposedBy,
+            sourceEventIds: validProposal.sourceEventIds,
+            sourceMemoryIds: [],
+            scope: validProposal.intendedScope,
+            visibility: validProposal.intendedVisibility,
+            status: requiresHuman ? 'human_required' : 'candidate',
+            scores: baseScores(validProposal, sourceEvents),
+            validFrom: validProposal.proposedAt,
+            validUntil: null,
+            lastConfirmedAt: null,
+            links: proposalLinks(validProposal),
+        };
+        const atomResult = MemoryAtomSchema.safeParse(atom);
+        if (!atomResult.success) {
+            return {
+                decision: decision('deny', [
+                    {
+                        kind: 'promotion_boundary_blocked',
+                        detail: `constructed atom failed validation: ${schemaIssuePaths(atomResult.error.issues, 'atom').join(', ')}`,
+                    },
+                ], [], [], emittedAt),
+                atom: null,
+                sourceEvents,
+                conflicts,
+            };
+        }
+        const validAtom = atomResult.data;
+        // Intentional: sourced/in-scope proposals are recorded even when conflict
+        // state makes them non-actionable. The atom carries human_required plus
+        // conflict links so the attempted claim remains auditable.
+        try {
+            await this.options.memoryStore.insert(validAtom);
+        }
+        catch (err) {
+            const detail = err instanceof Error ? err.message : 'memory store insert failed';
+            return {
+                decision: decision('deny', [{ kind: 'promotion_boundary_blocked', detail }], [], [], emittedAt),
+                atom: null,
+                sourceEvents,
+                conflicts,
+            };
+        }
+        if (conflicts.length > 0) {
+            return this.conflictDecision(validAtom, sourceEvents, conflicts, conflictTargetIds, conflictIds, emittedAt);
+        }
+        if (validProposal.knownConflicts.length > 0) {
+            return {
+                decision: decision('conflict_boundary_packet', [
+                    {
+                        kind: 'promotion_boundary_blocked',
+                        detail: 'proposal declares known conflicts without a resolved conflict record',
+                    },
+                ], [validAtom.memoryId, ...conflictTargetIds], [], emittedAt),
+                atom: validAtom,
+                sourceEvents,
+                conflicts,
+            };
+        }
+        const humanReasons = [
+            ...(proposalRequiresHuman(validProposal) ? [humanReason(validProposal)] : []),
+            ...(safetyFinding?.outcome === 'ask_human' ? [safetyFinding.reason] : []),
+        ];
+        if (humanReasons.length > 0) {
+            return {
+                decision: decision('ask_human', humanReasons, [validAtom.memoryId], [], emittedAt),
+                atom: validAtom,
+                sourceEvents,
+                conflicts,
+            };
+        }
+        return {
+            decision: decision('allow_local_shadow', [{ kind: 'all_checks_passed', citedMemoryIds: [validAtom.memoryId] }], [validAtom.memoryId], [], emittedAt),
+            atom: validAtom,
+            sourceEvents,
+            conflicts,
+        };
+    }
+    async loadSourceEvents(sourceEventIds, permitted) {
+        const events = await Promise.all(sourceEventIds.map((eventId) => this.options.eventLedger.get(eventId, permitted)));
+        return events.filter((event) => event !== null);
+    }
+    conflictDecision(atom, sourceEvents, conflicts, conflictTargetIds, conflictIds, emittedAt) {
+        return {
+            decision: decision('conflict_boundary_packet', conflicts.map((conflict) => ({
+                kind: 'unresolved_conflict',
+                conflictId: conflict.conflictId,
+            })), [atom.memoryId, ...conflictTargetIds], conflictIds, emittedAt),
+            atom,
+            sourceEvents,
+            conflicts,
+        };
+    }
+}
+function schemaIssuePaths(issues, fallback) {
+    const paths = issues.map((issue) => issue.path.length > 0 ? issue.path.map(String).join('.') : fallback);
+    return paths.length > 0 ? paths : [fallback];
+}
+function humanReason(proposal) {
+    if (proposal.riskLevel === 'sensitive') {
+        return { kind: 'sensitive_action', actionClass: 'durable_memory_write' };
+    }
+    return {
+        kind: 'promotion_boundary_blocked',
+        detail: 'global, sealed, or globally visible memory requires human review',
+    };
+}
+//# sourceMappingURL=write-gate.js.map

package/dist/runtime/write-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"write-gate.js","sourceRoot":"","sources":["../../src/runtime/write-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAcH,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAErF,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAyB,MAAM,wBAAwB,CAAC;AAqB3F,SAAS,0BAA0B,CAAC,QAAwB;IAC1D,OAAO,OAAO,QAAQ,CAAC,UAAU,EAAc,CAAC;AAClD,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAwB;IACrD,OAAO,CACL,QAAQ,CAAC,SAAS,KAAK,WAAW;QAClC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,QAAQ;QACxC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,KAAK,aAAa;QAClD,QAAQ,CAAC,kBAAkB,CAAC,IAAI,KAAK,kBAAkB,CACxD,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,QAAwB;IAC7C,OAAO,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC7C,QAAQ,EAAE,aAAa;QACvB,cAAc,EAAE,KAAK,CAAC,mBAAmB;KAC1C,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,UAAU,CACjB,QAAwB,EACxB,YAA8B;IAE9B,2EAA2E;IAC3E,sEAAsE;IACtE,8DAA8D;IAC9D,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,GAAG,QAAQ,CAAC,cAAc,CAAC,MAAM,CAAC;IACtE,MAAM,eAAe,GAAG,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,YAAY,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAE/D,OAAO;QACL,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,GAAG,eAAe,CAAC;QACjD,QAAQ;QACR,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,eAAe,GAAG,YAAY,CAAC;QAC5D,SAAS,EAAE,IAAI;QACf,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,GAAG,eAAe,CAAC;QAChD,SAAS,EAAE,QAAQ,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;KAC5D,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAwB,EAAE,KAAY;IAChE,OAAO;QACL,IAAI,EAAE,wBAAwB;QAC9B,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC;QAChD,YAAY,EAAE,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,SAAS;IAaS;IAZZ,gBAAgB,CAAmB;IACnC,KAAK,CAAQ;IACb,mBAAmB,CAAyC;IAE7E;;;;;;;OAOG;IACH,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,0BAA0B,CAAC;QAC/E,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,YAAY,CAAC;QAC3C,IAAI,CAAC,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,IAAI,0BAA0B,CAAC;IACvF,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,OAAO,CAAC,QAAwB;QACpC,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,QAAQ,CAAC,QAAwB;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACnC,MAAM,cAAc,GAAG,oBAAoB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAChE,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC5B,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAChB,MAAM,EACN;oBACE;wBACE,IAAI,EAAE,kBAAkB;wBACxB,aAAa,EAAE,gBAAgB,CAAC,cAAc,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,CAAC;qBACzE;iBACF,EACD,EAAE,EACF,EAAE,EACF,SAAS,CACV;gBACD,IAAI,EAAE,IAAI;gBACV,YAAY,EAAE,EAAE;gBAChB,SAAS,EAAE,EAAE;aACd,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC;QAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,6BAA6B,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAEhG,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAChB,MAAM,EACN;oBACE;wBACE,IAAI,EAAE,mBAAmB;wBACzB,MAAM,EAAE,6CAA6C;qBACtD;iBACF,EACD,EAAE,EACF,EAAE,EACF,SAAS,CACV;gBACD,IAAI,EAAE,IAAI;gBACV,YAAY,EAAE,EAAE;gBAChB,SAAS,EAAE,EAAE;aACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,aAAa,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACrE,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAChB,MAAM,EACN;oBACE;wBACE,IAAI,EAAE,mBAAmB;wBACzB,MAAM,EAAE,sDAAsD;qBAC/D;iBACF,EACD,EAAE,EACF,EAAE,EACF,SAAS,CACV;gBACD,IAAI,EAAE,IAAI;gBACV,YAAY,EAAE,EAAE;gBAChB,SAAS,EAAE,EAAE;aACd,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QAE1F,IAAI,YAAY,CAAC,MAAM,KAAK,aAAa,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;YAChE,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAChB,MAAM,EACN;oBACE;wBACE,IAAI,EAAE,qBAAqB;wBAC3B,MAAM,EAAE,sDAAsD;qBAC/D;iBACF,EACD,EAAE,EACF,EAAE,EACF,SAAS,CACV;gBACD,IAAI,EAAE,IAAI;gBACV,YAAY;gBACZ,SAAS,EAAE,EAAE;aACd,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,CACvC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC,CAChE,CAAC;QACF,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;YAClC,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAChB,aAAa,EACb,CAAC,kBAAkB,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC,EACpD,EAAE,EACF,EAAE,EACF,SAAS,CACV;gBACD,IAAI,EAAE,IAAI;gBACV,YAAY;gBACZ,SAAS,EAAE,EAAE;aACd,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAI,aAAa,EAAE,OAAO,KAAK,MAAM,EAAE,CAAC;YACtC,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,SAAS,CAAC;gBACrE,IAAI,EAAE,IAAI;gBACV,YAAY;gBACZ,SAAS,EAAE,EAAE;aACd,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,aAAa,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAChG,MAAM,SAAS,GACb,gBAAgB,CAAC,MAAM,GAAG,CAAC;YACzB,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC;gBACxC,iBAAiB,EAAE,gBAAgB;gBACnC,QAAQ,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;gBAC1C,KAAK,EAAE,aAAa,CAAC,aAAa;gBAClC,qBAAqB,EAAE,SAAS;aACjC,CAAC;YACJ,CAAC,CAAC,EAAE,CAAC;QAET,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACrE,MAAM,iBAAiB,GAAG,aAAa,CAAC,cAAc,CAAC,GAAG,CACxD,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,mBAAmB,CACrC,CAAC;QACF,MAAM,aAAa,GACjB,qBAAqB,CAAC,aAAa,CAAC;YACpC,aAAa,EAAE,OAAO,KAAK,WAAW;YACtC,aAAa,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;YACvC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;QAEvB,MAAM,IAAI,GAAe;YACvB,QAAQ,EAAE,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC;YACjD,UAAU,EAAE,aAAa,CAAC,aAAa;YACvC,OAAO,EAAE,aAAa,CAAC,KAAK;YAC5B,aAAa,EAAE,aAAa,CAAC,UAAU;YACvC,cAAc,EAAE,aAAa,CAAC,cAAc;YAC5C,eAAe,EAAE,EAAE;YACnB,KAAK,EAAE,aAAa,CAAC,aAAa;YAClC,UAAU,EAAE,aAAa,CAAC,kBAAkB;YAC5C,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,WAAW;YACtD,MAAM,EAAE,UAAU,CAAC,aAAa,EAAE,YAAY,CAAC;YAC/C,SAAS,EAAE,aAAa,CAAC,UAAU;YACnC,UAAU,EAAE,IAAI;YAChB,eAAe,EAAE,IAAI;YACrB,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC;SACpC,CAAC;QAEF,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAChB,MAAM,EACN;oBACE;wBACE,IAAI,EAAE,4BAA4B;wBAClC,MAAM,EAAE,uCAAuC,gBAAgB,CAC7D,UAAU,CAAC,KAAK,CAAC,MAAM,EACvB,MAAM,CACP,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;qBACf;iBACF,EACD,EAAE,EACF,EAAE,EACF,SAAS,CACV;gBACD,IAAI,EAAE,IAAI;gBACV,YAAY;gBACZ,SAAS;aACV,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC;QAElC,0EAA0E;QAC1E,wEAAwE;QACxE,2DAA2D;QAC3D,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,4BAA4B,CAAC;YACjF,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAChB,MAAM,EACN,CAAC,EAAE,IAAI,EAAE,4BAA4B,EAAE,MAAM,EAAE,CAAC,EAChD,EAAE,EACF,EAAE,EACF,SAAS,CACV;gBACD,IAAI,EAAE,IAAI;gBACV,YAAY;gBACZ,SAAS;aACV,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,gBAAgB,CAC1B,SAAS,EACT,YAAY,EACZ,SAAS,EACT,iBAAiB,EACjB,WAAW,EACX,SAAS,CACV,CAAC;QACJ,CAAC;QAED,IAAI,aAAa,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAChB,0BAA0B,EAC1B;oBACE;wBACE,IAAI,EAAE,4BAA4B;wBAClC,MAAM,EAAE,sEAAsE;qBAC/E;iBACF,EACD,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,iBAAiB,CAAC,EAC1C,EAAE,EACF,SAAS,CACV;gBACD,IAAI,EAAE,SAAS;gBACf,YAAY;gBACZ,SAAS;aACV,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG;YACnB,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7E,GAAG,CAAC,aAAa,EAAE,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1E,CAAC;QAEF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAAC,WAAW,EAAE,YAAY,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,SAAS,CAAC;gBAClF,IAAI,EAAE,SAAS;gBACf,YAAY;gBACZ,SAAS;aACV,CAAC;QACJ,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,QAAQ,CAChB,oBAAoB,EACpB,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,cAAc,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,EACrE,CAAC,SAAS,CAAC,QAAQ,CAAC,EACpB,EAAE,EACF,SAAS,CACV;YACD,IAAI,EAAE,SAAS;YACf,YAAY;YACZ,SAAS;SACV,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,cAA2C,EAC3C,SAAgC;QAEhC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAC9B,cAAc,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAClF,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAkB,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;IAClE,CAAC;IAEO,gBAAgB,CACtB,IAAgB,EAChB,YAA8B,EAC9B,SAAoC,EACpC,iBAAsC,EACtC,WAAkC,EAClC,SAAmC;QAEnC,OAAO;YACL,QAAQ,EAAE,QAAQ,CAChB,0BAA0B,EAC1B,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;gBAC3B,IAAI,EAAE,qBAAqB;gBAC3B,UAAU,EAAE,QAAQ,CAAC,UAAU;aAChC,CAAC,CAAC,EACH,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,iBAAiB,CAAC,EACrC,WAAW,EACX,SAAS,CACV;YACD,IAAI;YACJ,YAAY;YACZ,SAAS;SACV,CAAC;IACJ,CAAC;CACF;AAED,SAAS,gBAAgB,CACvB,MAAkE,EAClE,QAAgB;IAEhB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACjC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CACpE,CAAC;IACF,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,WAAW,CAAC,QAAwB;IAC3C,IAAI,QAAQ,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;QACvC,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,sBAAsB,EAAE,CAAC;IAC3E,CAAC;IACD,OAAO;QACL,IAAI,EAAE,4BAA4B;QAClC,MAAM,EAAE,kEAAkE;KAC3E,CAAC;AACJ,CAAC"}

package/dist/storage/conflict-registry.d.ts

@@ -0,0 +1,61 @@
+/**
+ * ConflictRegistry — first-class store of contradictions.
+ *
+ * Hard contracts (from specs/aletheia-memory-authority-v0.md §6):
+ *   - Contradictions are NEVER overwritten by summaries.
+ *   - Unresolved current-source conflicts preserve candidate claims.
+ *   - Summaries must not hide conflicts.
+ *   - Tombstones/rejections remain non-actionable through summaries.
+ *
+ * Like atoms, conflict records are append-only; resolution is itself a new
+ * record (or an update to the status field via an explicit `resolve` call,
+ * which is recorded in history).
+ */
+import type { ConflictRecord, ConflictStatus } from '../types/conflict.js';
+import type { Scope, Visibility } from '../types/enums.js';
+import type { AgentId, ConflictId, IsoTimestamp, MemoryId } from '../types/primitives.js';
+export interface ConflictQuery {
+    /** Filter to conflicts touching these atoms (any side of the conflict). */
+    readonly touchingMemoryIds?: readonly MemoryId[];
+    /** Filter to specific statuses. */
+    readonly statuses?: readonly ConflictStatus[];
+    /** Filter by scope. */
+    readonly scope?: Scope;
+    /** Permission filter — applied first. */
+    readonly permittedVisibilities: readonly Visibility[];
+}
+export interface ResolveReason {
+    readonly rationale: string;
+    readonly actor: AgentId;
+    /** Which claim was preferred, if any (null when the resolution is "all rejected"). */
+    readonly preferredMemoryId: MemoryId | null;
+}
+export interface ConflictRegistry {
+    /**
+     * Record a new conflict. The conflict is `unresolved` by default.
+     */
+    record(conflict: ConflictRecord): Promise<ConflictRecord>;
+    /**
+     * Retrieve a conflict by ID, subject to permission filtering.
+     */
+    get(conflictId: ConflictId, permittedVisibilities: readonly Visibility[]): Promise<ConflictRecord | null>;
+    /**
+     * Query conflicts. Returns in `recordedAt` descending order.
+     */
+    query(filter: ConflictQuery): Promise<readonly ConflictRecord[]>;
+    /**
+     * Resolve a conflict. Records the resolution in history.
+     * Returns the updated record, or null if not found / not permitted.
+     */
+    resolve(conflictId: ConflictId, nextStatus: Exclude<ConflictStatus, 'unresolved'>, reason: ResolveReason): Promise<ConflictRecord | null>;
+    /**
+     * History of resolution attempts on a conflict.
+     */
+    resolutionHistory(conflictId: ConflictId): Promise<readonly {
+        readonly at: IsoTimestamp;
+        readonly fromStatus: ConflictStatus;
+        readonly toStatus: ConflictStatus;
+        readonly reason: ResolveReason;
+    }[]>;
+}
+//# sourceMappingURL=conflict-registry.d.ts.map

package/dist/storage/conflict-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"conflict-registry.d.ts","sourceRoot":"","sources":["../../src/storage/conflict-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3E,OAAO,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAE1F,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,QAAQ,CAAC,iBAAiB,CAAC,EAAE,SAAS,QAAQ,EAAE,CAAC;IACjD,mCAAmC;IACnC,QAAQ,CAAC,QAAQ,CAAC,EAAE,SAAS,cAAc,EAAE,CAAC;IAC9C,uBAAuB;IACvB,QAAQ,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC;IACvB,yCAAyC;IACzC,QAAQ,CAAC,qBAAqB,EAAE,SAAS,UAAU,EAAE,CAAC;CACvD;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,sFAAsF;IACtF,QAAQ,CAAC,iBAAiB,EAAE,QAAQ,GAAG,IAAI,CAAC;CAC7C;AAED,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,MAAM,CAAC,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAE1D;;OAEG;IACH,GAAG,CACD,UAAU,EAAE,UAAU,EACtB,qBAAqB,EAAE,SAAS,UAAU,EAAE,GAC3C,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IAElC;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,SAAS,cAAc,EAAE,CAAC,CAAC;IAEjE;;;OAGG;IACH,OAAO,CACL,UAAU,EAAE,UAAU,EACtB,UAAU,EAAE,OAAO,CAAC,cAAc,EAAE,YAAY,CAAC,EACjD,MAAM,EAAE,aAAa,GACpB,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IAElC;;OAEG;IACH,iBAAiB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAChD,SAAS;QACP,QAAQ,CAAC,EAAE,EAAE,YAAY,CAAC;QAC1B,QAAQ,CAAC,UAAU,EAAE,cAAc,CAAC;QACpC,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;QAClC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;KAChC,EAAE,CACJ,CAAC;CACH"}

package/dist/storage/conflict-registry.js

@@ -0,0 +1,15 @@
+/**
+ * ConflictRegistry — first-class store of contradictions.
+ *
+ * Hard contracts (from specs/aletheia-memory-authority-v0.md §6):
+ *   - Contradictions are NEVER overwritten by summaries.
+ *   - Unresolved current-source conflicts preserve candidate claims.
+ *   - Summaries must not hide conflicts.
+ *   - Tombstones/rejections remain non-actionable through summaries.
+ *
+ * Like atoms, conflict records are append-only; resolution is itself a new
+ * record (or an update to the status field via an explicit `resolve` call,
+ * which is recorded in history).
+ */
+export {};
+//# sourceMappingURL=conflict-registry.js.map

package/dist/storage/conflict-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"conflict-registry.js","sourceRoot":"","sources":["../../src/storage/conflict-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG"}

package/dist/storage/event-ledger.d.ts

@@ -0,0 +1,61 @@
+/**
+ * EventLedger — append-only record of raw events.
+ *
+ * Hard contract (from specs/aletheia-memory-authority-v0.md §1):
+ *   - APPEND ONLY. No update, no delete. Tombstones are themselves events.
+ *   - Events are evidence, not authority.
+ *   - Order is stable: an event written at t cannot be re-ordered against
+ *     an event written at t' > t.
+ *
+ * Implementations must enforce all of the above at the storage level, not
+ * trust callers.
+ */
+import type { Scope, Visibility } from '../types/enums.js';
+import type { Event } from '../types/event.js';
+import type { AgentId, EventId, IsoTimestamp } from '../types/primitives.js';
+/**
+ * Filter passed to `query`. All fields optional; an empty filter returns
+ * everything the caller is permitted to see.
+ */
+export interface EventQuery {
+    /** Filter to events from a specific agent. */
+    readonly agentId?: AgentId;
+    /** Filter to events recorded at or after this time. */
+    readonly since?: IsoTimestamp;
+    /** Filter to events recorded at or before this time. */
+    readonly until?: IsoTimestamp;
+    /** Filter to a specific scope. */
+    readonly scope?: Scope;
+    /**
+     * The visibility planes the caller is permitted to see.
+     * Spec rule: permission filtering happens BEFORE any other selection.
+     */
+    readonly permittedVisibilities: readonly Visibility[];
+    /** Max results to return (default implementation-defined). */
+    readonly limit?: number;
+}
+export interface EventLedger {
+    /**
+     * Append an event to the ledger.
+     * @returns the EventId actually stored. Implementations may generate the ID
+     *          if `event.eventId` is left to the implementation.
+     * @throws if the event is malformed or if an event with the same ID exists.
+     *         Append-only means duplicate IDs are an error, not an overwrite.
+     */
+    append(event: Event): Promise<EventId>;
+    /**
+     * Retrieve a specific event by ID. Returns null if not found OR if the
+     * caller does not have visibility to it (the ledger does not leak existence).
+     */
+    get(eventId: EventId, permittedVisibilities: readonly Visibility[]): Promise<Event | null>;
+    /**
+     * Query events. Returns in `occurredAt` ascending order (oldest first).
+     * Permission filtering applies before any other selection.
+     */
+    query(filter: EventQuery): Promise<readonly Event[]>;
+    /**
+     * Count events matching the filter. Useful for coverage receipts.
+     */
+    count(filter: EventQuery): Promise<number>;
+}
+//# sourceMappingURL=event-ledger.d.ts.map

package/dist/storage/event-ledger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"event-ledger.d.ts","sourceRoot":"","sources":["../../src/storage/event-ledger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAE7E;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,8CAA8C;IAC9C,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,uDAAuD;IACvD,QAAQ,CAAC,KAAK,CAAC,EAAE,YAAY,CAAC;IAC9B,wDAAwD;IACxD,QAAQ,CAAC,KAAK,CAAC,EAAE,YAAY,CAAC;IAC9B,kCAAkC;IAClC,QAAQ,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,qBAAqB,EAAE,SAAS,UAAU,EAAE,CAAC;IACtD,8DAA8D;IAC9D,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvC;;;OAGG;IACH,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,qBAAqB,EAAE,SAAS,UAAU,EAAE,GAAG,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IAE3F;;;OAGG;IACH,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,KAAK,EAAE,CAAC,CAAC;IAErD;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5C"}

package/dist/storage/event-ledger.js

@@ -0,0 +1,14 @@
+/**
+ * EventLedger — append-only record of raw events.
+ *
+ * Hard contract (from specs/aletheia-memory-authority-v0.md §1):
+ *   - APPEND ONLY. No update, no delete. Tombstones are themselves events.
+ *   - Events are evidence, not authority.
+ *   - Order is stable: an event written at t cannot be re-ordered against
+ *     an event written at t' > t.
+ *
+ * Implementations must enforce all of the above at the storage level, not
+ * trust callers.
+ */
+export {};
+//# sourceMappingURL=event-ledger.js.map

package/dist/storage/event-ledger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"event-ledger.js","sourceRoot":"","sources":["../../src/storage/event-ledger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG"}

package/dist/storage/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Storage interfaces. The implementations live in adapter packages
+ * (e.g. @aletheia-labs/store-sqlite).
+ */
+export * from './event-ledger.js';
+export * from './memory-store.js';
+export * from './conflict-registry.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/storage/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/storage/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC"}

package/dist/storage/index.js

@@ -0,0 +1,8 @@
+/**
+ * Storage interfaces. The implementations live in adapter packages
+ * (e.g. @aletheia-labs/store-sqlite).
+ */
+export * from './event-ledger.js';
+export * from './memory-store.js';
+export * from './conflict-registry.js';
+//# sourceMappingURL=index.js.map

package/dist/storage/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/storage/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC"}

package/dist/storage/memory-store.d.ts

@@ -0,0 +1,94 @@
+/**
+ * MemoryStore — persistent store of MemoryAtoms.
+ *
+ * Hard contracts (from specs/aletheia-memory-authority-v0.md):
+ *   - Atoms are append-only by ID. "Modifying" an atom produces a successor
+ *     atom with a `supersedes` link; the original is never mutated.
+ *   - Status transitions are tracked explicitly via `transitionStatus` —
+ *     never a free-form UPDATE.
+ *   - Permission filtering precedes selection. Always.
+ *   - Sealed and human_required atoms never come back from `query` for
+ *     non-authorized callers (the store does not leak existence).
+ */
+import type { MemoryStatus, Scope, Visibility } from '../types/enums.js';
+import type { MemoryAtom } from '../types/memory-atom.js';
+import type { AgentId, IsoTimestamp, MemoryId } from '../types/primitives.js';
+/**
+ * Reason a status transition was requested. The store records this in an
+ * audit log alongside the transition.
+ */
+export interface StatusTransitionReason {
+    /** Free-form rationale. Short. */
+    readonly rationale: string;
+    /** Agent or operator responsible for the transition. */
+    readonly actor: AgentId;
+    /** Optional related conflict that motivated the transition. */
+    readonly conflictId?: string;
+}
+export interface StatusTransitionOptions {
+    /**
+     * Effective transition timestamp. Deterministic runners pass their logical
+     * clock here; stores default to their local clock when omitted.
+     */
+    readonly at?: IsoTimestamp;
+}
+export interface MemoryQuery {
+    /** Filter to atoms of these statuses. */
+    readonly statuses?: readonly MemoryStatus[];
+    /** Filter to a specific scope. */
+    readonly scope?: Scope;
+    /**
+     * The visibility planes the caller is permitted to see.
+     * Spec rule: permission filtering happens BEFORE any other selection.
+     */
+    readonly permittedVisibilities: readonly Visibility[];
+    /** Filter to atoms valid at this instant (default: now). */
+    readonly validAt?: IsoTimestamp;
+    /** Max results to return. */
+    readonly limit?: number;
+}
+/**
+ * Outcome of a status transition request.
+ *
+ * `applied` means the transition was recorded; `rejected` means the store
+ * refused (illegal transition, permission denial, etc.). Rejections never
+ * throw — fail-closed returns a structured value.
+ */
+export type StatusTransitionResult = {
+    readonly kind: 'applied';
+    readonly atom: MemoryAtom;
+} | {
+    readonly kind: 'rejected';
+    readonly reason: string;
+};
+export interface MemoryStore {
+    /**
+     * Insert a new atom. Atoms are immutable once written; ID collisions throw.
+     */
+    insert(atom: MemoryAtom): Promise<MemoryAtom>;
+    /**
+     * Retrieve an atom by ID, subject to permission filtering.
+     * Returns null both when the atom does not exist and when the caller cannot see it.
+     */
+    get(memoryId: MemoryId, permittedVisibilities: readonly Visibility[]): Promise<MemoryAtom | null>;
+    /**
+     * Query atoms. Returns in `validFrom` descending order (newest first)
+     * unless an implementation documents otherwise.
+     */
+    query(filter: MemoryQuery): Promise<readonly MemoryAtom[]>;
+    /**
+     * Transition an atom's status. Records the transition in an internal log.
+     * Never a free-form UPDATE — only documented transitions are accepted.
+     */
+    transitionStatus(memoryId: MemoryId, nextStatus: MemoryStatus, reason: StatusTransitionReason, options?: StatusTransitionOptions): Promise<StatusTransitionResult>;
+    /**
+     * Get the full status history of an atom. Useful for audit and Phase 2 dynamics.
+     */
+    statusHistory(memoryId: MemoryId): Promise<readonly {
+        readonly at: IsoTimestamp;
+        readonly fromStatus: MemoryStatus | null;
+        readonly toStatus: MemoryStatus;
+        readonly reason: StatusTransitionReason;
+    }[]>;
+}
+//# sourceMappingURL=memory-store.d.ts.map

package/dist/storage/memory-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-store.d.ts","sourceRoot":"","sources":["../../src/storage/memory-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACzE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAE9E;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,kCAAkC;IAClC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,wDAAwD;IACxD,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,+DAA+D;IAC/D,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,uBAAuB;IACtC;;;OAGG;IACH,QAAQ,CAAC,EAAE,CAAC,EAAE,YAAY,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,yCAAyC;IACzC,QAAQ,CAAC,QAAQ,CAAC,EAAE,SAAS,YAAY,EAAE,CAAC;IAC5C,kCAAkC;IAClC,QAAQ,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,qBAAqB,EAAE,SAAS,UAAU,EAAE,CAAC;IACtD,4DAA4D;IAC5D,QAAQ,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC;IAChC,6BAA6B;IAC7B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;GAMG;AACH,MAAM,MAAM,sBAAsB,GAC9B;IAAE,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAA;CAAE,GACvD;IAAE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAE3D,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAE9C;;;OAGG;IACH,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,qBAAqB,EAAE,SAAS,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAElG;;;OAGG;IACH,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,SAAS,UAAU,EAAE,CAAC,CAAC;IAE3D;;;OAGG;IACH,gBAAgB,CACd,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,YAAY,EACxB,MAAM,EAAE,sBAAsB,EAC9B,OAAO,CAAC,EAAE,uBAAuB,GAChC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAEnC;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CACxC,SAAS;QACP,QAAQ,CAAC,EAAE,EAAE,YAAY,CAAC;QAC1B,QAAQ,CAAC,UAAU,EAAE,YAAY,GAAG,IAAI,CAAC;QACzC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;QAChC,QAAQ,CAAC,MAAM,EAAE,sBAAsB,CAAC;KACzC,EAAE,CACJ,CAAC;CACH"}

package/dist/storage/memory-store.js

@@ -0,0 +1,14 @@
+/**
+ * MemoryStore — persistent store of MemoryAtoms.
+ *
+ * Hard contracts (from specs/aletheia-memory-authority-v0.md):
+ *   - Atoms are append-only by ID. "Modifying" an atom produces a successor
+ *     atom with a `supersedes` link; the original is never mutated.
+ *   - Status transitions are tracked explicitly via `transitionStatus` —
+ *     never a free-form UPDATE.
+ *   - Permission filtering precedes selection. Always.
+ *   - Sealed and human_required atoms never come back from `query` for
+ *     non-authorized callers (the store does not leak existence).
+ */
+export {};
+//# sourceMappingURL=memory-store.js.map

package/dist/storage/memory-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-store.js","sourceRoot":"","sources":["../../src/storage/memory-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG"}