@cotal-ai/core 0.4.0 → 0.6.0

package/dist/streams.d.ts

@@ -3,6 +3,27 @@ import { type ConsumerConfig, type JetStreamManager } from "@nats-io/jetstream";
  *  oldest message on a subject is discarded (`DiscardPolicy.Old`). Also the horizon of focus
  *  recall: only the last {@link MAX_MSGS_PER_SUBJECT} per sender-subject are recallable. */
 export declare const MAX_MSGS_PER_SUBJECT = 1000;
+/** JetStream message-dedup window on the Plane-3 streams: a `Nats-Msg-Id`
+ *  (`<msgId>:<owner>:<generation>`) repeated within this window is collapsed. Sized generous (2h) so
+ *  an activation-catch-up copy and a racing fan-out copy of the same message dedup even for a slow/
+ *  backlogged owner. **This window IS the cross-path exactly-once correctness horizon** — two writes
+ *  of the same logical copy separated by more than it (e.g. a manager crash after a DLV publish, the
+ *  dinbox ack lost, the window expiring, then a re-transfer after restart) are NOT collapsed at the
+ *  stream. The connector's commit-aware id-cache (`MeshAgent.ingest`) coalesces live↔durable and
+ *  redelivery duplicates within a SESSION, but it is in-memory and reset on agent restart, so it is
+ *  NOT a cross-restart guarantee. A persistent per-owner delivery ledger would lift the bound; not
+ *  built (the 2h horizon covers the realistic crash/redelivery lag). Keep the window ≥ worst-case lag. */
+export declare const PLANE3_DEDUP_WINDOW_MS: number;
+/** Bound on the trusted reader's in-flight (un-acked) entries per owner — an offline owner with a large
+ *  backlog can't stall the reader's own redelivery by pinning unbounded pending. */
+export declare const DINBOX_MAX_ACK_PENDING = 1000;
+/** Delivery-daemon single-flight lease TTL (ms) — the bucket-level `max_age` on `cotal_delivery_<space>`.
+ *  A live holder renews at ~half this; a crashed holder stops renewing and the bucket TTL expires its
+ *  lease key, freeing it for a fresh daemon's CAS create. Sized well above the renew interval so a brief
+ *  GC/scheduling pause never self-evicts a healthy holder, yet short enough that a crash frees the shard
+ *  promptly. (The bucket holds ONLY lease keys, so a bucket TTL is exact here; per-key TTL is also
+ *  available on this stack — a deliberate simplicity choice, not a capability gap. See {@link deliveryBucket}.) */
+export declare const LEASE_TTL_MS = 30000;
 export interface ClearSpaceHistoryResult {
     chat: number;
     dm?: number;
@@ -35,29 +56,6 @@ export declare function dmDurableConfig(space: string, id: string, opts?: {
     ackWaitMs?: number;
     inactiveThresholdMs?: number;
 }): Partial<ConsumerConfig>;
-/**
- * The chat live-tail durable for an instance — ONE definition, used both by the privileged
- * pre-create (manager/provisioner, auth mode) and the endpoint's open-mode self-create, so an
- * idempotent re-add can't error on a config delta. `filter_subjects` binds it to the instance's
- * subscribe set (`chat.*.<ch>` per channel); only the privileged creator sets it under auth, which
- * is the whole point — the agent BINDS-only (denied CONSUMER.CREATE/UPDATE on CHAT) and so can
- * never widen its own read past `allowSubscribe`. `DeliverPolicy.New` (a tail): history is the
- * explicit per-channel backfill on join, the only shape that can honor per-channel replay policy
- * given `deliver_policy` is consumer-wide.
- *
- * Multi-channel ⇒ plural `filter_subjects`, which the client sends on the filter-less create
- * subject (`CONSUMER.CREATE.<stream>.<name>`) — so this durable's filter is NOT ACL-pinnable by
- * subject; bind-only + a trusted creator is the enforcement, exactly as for DM/TASK.
- *
- * `inactive_threshold` is set ONLY when the caller passes one — the open-mode self-create, where
- * the agent owns the durable. The privileged auth pre-create OMITS it (same bind-only reasoning as
- * {@link dmDurableConfig}): a threshold would retire the durable before a late/relaunched agent
- * binds it, and bind would then fail permanently.
- */
-export declare function chatDurableConfig(space: string, id: string, channels: string[], opts?: {
-    ackWaitMs?: number;
-    inactiveThresholdMs?: number;
-}): Partial<ConsumerConfig>;
 /**
  * The TASK work-queue durable for a role — ONE definition, shared by the privileged
  * pre-create (auth mode) and the endpoint's open-mode self-create. The durable is shared
@@ -68,6 +66,33 @@ export declare function chatDurableConfig(space: string, id: string, channels: s
 export declare function taskDurableConfig(space: string, role: string, opts?: {
     ackWaitMs?: number;
 }): Partial<ConsumerConfig>;
+/** The single privileged trusted-reader consumer over the WHOLE INBOX (mixed pre-auth) store
+ *  (`dinbox.>`, all owners) — created + bound only by the manager. Explicit ack: the reader holds an
+ *  entry un-acked until it has transferred the re-authorized copy to DLV (a crash before transfer
+ *  redelivers). `max_ack_pending` bounds the reader's in-flight set. The per-message owner is
+ *  recovered from the subject (`parseDinboxOwner`). */
+export declare function inboxReaderConfig(space: string, opts?: {
+    ackWaitMs?: number;
+    shard?: number;
+    shards?: number;
+}): Partial<ConsumerConfig>;
+/** An agent's bind-only per-member DELIVER consumer (mirrors {@link dmDurableConfig}): the provisioner
+ *  pre-creates it filtered to `dlv.<owner>`; the agent BINDS it (denied CREATE on DLV) and acks via
+ *  native JetStream — the §8 "equivalent per-member at-least-once mechanism with the same ack
+ *  semantics". `inactive_threshold` only for an open-mode self-create (none today; Plane-3 is
+ *  auth-only). */
+export declare function dlvDurableConfig(space: string, owner: string, opts?: {
+    ackWaitMs?: number;
+    inactiveThresholdMs?: number;
+}): Partial<ConsumerConfig>;
+/** The single privileged fan-out consumer on CHAT (manager-pumped; routing, not auth).
+ *  `DeliverPolicy.New` at creation (pre-existing backlog is pre-membership); a DURABLE, so on a
+ *  manager restart it resumes from its ack cursor and fans out the gap, idempotent via `Nats-Msg-Id`. */
+export declare function fanoutDurableConfig(space: string, opts?: {
+    ackWaitMs?: number;
+    shard?: number;
+    shards?: number;
+}): Partial<ConsumerConfig>;
 /** Connect with the given (privileged) creds, create the space's streams, and disconnect.
  *  Used by `cotal up` to pre-create streams once at setup. */
 export declare function setupSpaceStreams(opts: {

package/dist/streams.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"streams.d.ts","sourceRoot":"","sources":["../src/streams.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACtB,MAAM,oBAAoB,CAAC;AAuB5B;;4FAE4F;AAC5F,eAAO,MAAM,oBAAoB,OAAO,CAAC;AAEzC,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,gBAAgB,EACrB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CA2Bf;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,MAAM,EACb,EAAE,EAAE,MAAM,EACV,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAO,GAC9D,OAAO,CAAC,cAAc,CAAC,CAUzB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,EAAE,EAAE,MAAM,EACV,QAAQ,EAAE,MAAM,EAAE,EAClB,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAO,GAC9D,OAAO,CAAC,cAAc,CAAC,CAUzB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GAChC,OAAO,CAAC,cAAc,CAAC,CAOzB;AAED;8DAC8D;AAC9D,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,oGAAoG;IACpG,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC,IAAI,CAAC,CAgBhB;AAED;kDACkD;AAClD,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAcnC;AAED;;;;;oFAKoF;AACpF,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAsB/C"}
+{"version":3,"file":"streams.d.ts","sourceRoot":"","sources":["../src/streams.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACtB,MAAM,oBAAoB,CAAC;AA+B5B;;4FAE4F;AAC5F,eAAO,MAAM,oBAAoB,OAAO,CAAC;AAEzC;;;;;;;;;0GAS0G;AAC1G,eAAO,MAAM,sBAAsB,QAAqB,CAAC;AAEzD;oFACoF;AACpF,eAAO,MAAM,sBAAsB,OAAO,CAAC;AAE3C;;;;;mHAKmH;AACnH,eAAO,MAAM,YAAY,QAAS,CAAC;AAEnC,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,gBAAgB,EACrB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAkDf;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,MAAM,EACb,EAAE,EAAE,MAAM,EACV,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAO,GAC9D,OAAO,CAAC,cAAc,CAAC,CAUzB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GAChC,OAAO,CAAC,cAAc,CAAC,CAOzB;AAID;;;;uDAIuD;AACvD,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAO,GACjE,OAAO,CAAC,cAAc,CAAC,CASzB;AAED;;;;kBAIkB;AAClB,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAO,GAC9D,OAAO,CAAC,cAAc,CAAC,CAUzB;AAED;;yGAEyG;AACzG,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EACb,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAO,GACjE,OAAO,CAAC,cAAc,CAAC,CAQzB;AAED;8DAC8D;AAC9D,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,oGAAoG;IACpG,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC,IAAI,CAAC,CA2BhB;AAED;kDACkD;AAClD,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAcnC;AAED;;;;;oFAKoF;AACpF,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAsB/C"}

package/dist/streams.js

@@ -1,13 +1,34 @@
 import { jetstreamManager, AckPolicy, DeliverPolicy, RetentionPolicy, DiscardPolicy, StorageType, } from "@nats-io/jetstream";
 import { connect, credsAuthenticator, nanos } from "@nats-io/transport-node";
 import { Kvm } from "@nats-io/kv";
-import { spacePrefix, chatStream, chatSubject, chatDurable, collapseFilterSubjects, isConcreteChannel, dmStream, dmDurable, unicastSubject, taskStream, taskDurable, anycastSubject, presenceBucket, channelBucket, } from "./subjects.js";
+import { spacePrefix, chatStream, chatSubject, chatWildcard, isConcreteChannel, dmStream, dmDurable, unicastSubject, taskStream, taskDurable, anycastSubject, presenceBucket, channelBucket, membersBucket, aclBucket, deliveryBucket, inboxStream, dlvStream, dlvSubject, dlvDurable, fanoutDurable, readerDurable, } from "./subjects.js";
 /** Default presence-bucket entry TTL (ms) — matches the endpoint's default liveness window. */
 const PRESENCE_TTL_MS = 6_000;
 /** Per-(sender,channel)-subject retention cap on the chat stream — the bound past which the
  *  oldest message on a subject is discarded (`DiscardPolicy.Old`). Also the horizon of focus
  *  recall: only the last {@link MAX_MSGS_PER_SUBJECT} per sender-subject are recallable. */
 export const MAX_MSGS_PER_SUBJECT = 1000;
+/** JetStream message-dedup window on the Plane-3 streams: a `Nats-Msg-Id`
+ *  (`<msgId>:<owner>:<generation>`) repeated within this window is collapsed. Sized generous (2h) so
+ *  an activation-catch-up copy and a racing fan-out copy of the same message dedup even for a slow/
+ *  backlogged owner. **This window IS the cross-path exactly-once correctness horizon** — two writes
+ *  of the same logical copy separated by more than it (e.g. a manager crash after a DLV publish, the
+ *  dinbox ack lost, the window expiring, then a re-transfer after restart) are NOT collapsed at the
+ *  stream. The connector's commit-aware id-cache (`MeshAgent.ingest`) coalesces live↔durable and
+ *  redelivery duplicates within a SESSION, but it is in-memory and reset on agent restart, so it is
+ *  NOT a cross-restart guarantee. A persistent per-owner delivery ledger would lift the bound; not
+ *  built (the 2h horizon covers the realistic crash/redelivery lag). Keep the window ≥ worst-case lag. */
+export const PLANE3_DEDUP_WINDOW_MS = 2 * 60 * 60 * 1000;
+/** Bound on the trusted reader's in-flight (un-acked) entries per owner — an offline owner with a large
+ *  backlog can't stall the reader's own redelivery by pinning unbounded pending. */
+export const DINBOX_MAX_ACK_PENDING = 1000;
+/** Delivery-daemon single-flight lease TTL (ms) — the bucket-level `max_age` on `cotal_delivery_<space>`.
+ *  A live holder renews at ~half this; a crashed holder stops renewing and the bucket TTL expires its
+ *  lease key, freeing it for a fresh daemon's CAS create. Sized well above the renew interval so a brief
+ *  GC/scheduling pause never self-evicts a healthy holder, yet short enough that a crash frees the shard
+ *  promptly. (The bucket holds ONLY lease keys, so a bucket TTL is exact here; per-key TTL is also
+ *  available on this stack — a deliberate simplicity choice, not a capability gap. See {@link deliveryBucket}.) */
+export const LEASE_TTL_MS = 30_000;
 /**
  * Create (idempotently) the three backing streams for a space — CHAT (multicast backlog +
  * history), DM (per-instance inboxes), TASK (anycast work queue).
@@ -44,6 +65,29 @@ export async function createSpaceStreams(jsm, space) {
         retention: RetentionPolicy.Workqueue,
         storage: StorageType.File,
     });
+    // Plane-3 (SPEC §8). INBOX = the mixed pre-auth store (fan-out target; agents hold no grant — see
+    // permissionsFor). DLV = the per-member post-auth handoff the agent binds + acks. Both per-owner
+    // (one subject per owner), capped per-owner backlog (DiscardPolicy.Old; an evicted entry is a
+    // delivery miss, surfaced, never a satisfied durable guarantee — SPEC §7). `duplicate_window`
+    // collapses a catch-up/fan-out double of the same Nats-Msg-Id. No Direct Get on either.
+    await jsm.streams.add({
+        name: inboxStream(space),
+        subjects: [`${p}.dinbox.>`],
+        retention: RetentionPolicy.Limits,
+        storage: StorageType.File,
+        max_msgs_per_subject: MAX_MSGS_PER_SUBJECT,
+        discard: DiscardPolicy.Old,
+        duplicate_window: nanos(PLANE3_DEDUP_WINDOW_MS),
+    });
+    await jsm.streams.add({
+        name: dlvStream(space),
+        subjects: [`${p}.dlv.>`],
+        retention: RetentionPolicy.Limits,
+        storage: StorageType.File,
+        max_msgs_per_subject: MAX_MSGS_PER_SUBJECT,
+        discard: DiscardPolicy.Old,
+        duplicate_window: nanos(PLANE3_DEDUP_WINDOW_MS),
+    });
 }
 /**
  * The DM inbox durable for an instance — ONE definition, used both by the privileged
@@ -71,37 +115,6 @@ export function dmDurableConfig(space, id, opts = {}) {
         cfg.inactive_threshold = nanos(opts.inactiveThresholdMs);
     return cfg;
 }
-/**
- * The chat live-tail durable for an instance — ONE definition, used both by the privileged
- * pre-create (manager/provisioner, auth mode) and the endpoint's open-mode self-create, so an
- * idempotent re-add can't error on a config delta. `filter_subjects` binds it to the instance's
- * subscribe set (`chat.*.<ch>` per channel); only the privileged creator sets it under auth, which
- * is the whole point — the agent BINDS-only (denied CONSUMER.CREATE/UPDATE on CHAT) and so can
- * never widen its own read past `allowSubscribe`. `DeliverPolicy.New` (a tail): history is the
- * explicit per-channel backfill on join, the only shape that can honor per-channel replay policy
- * given `deliver_policy` is consumer-wide.
- *
- * Multi-channel ⇒ plural `filter_subjects`, which the client sends on the filter-less create
- * subject (`CONSUMER.CREATE.<stream>.<name>`) — so this durable's filter is NOT ACL-pinnable by
- * subject; bind-only + a trusted creator is the enforcement, exactly as for DM/TASK.
- *
- * `inactive_threshold` is set ONLY when the caller passes one — the open-mode self-create, where
- * the agent owns the durable. The privileged auth pre-create OMITS it (same bind-only reasoning as
- * {@link dmDurableConfig}): a threshold would retire the durable before a late/relaunched agent
- * binds it, and bind would then fail permanently.
- */
-export function chatDurableConfig(space, id, channels, opts = {}) {
-    const cfg = {
-        durable_name: chatDurable(id),
-        filter_subjects: collapseFilterSubjects(channels.map((ch) => chatSubject(space, "*", ch))),
-        ack_policy: AckPolicy.Explicit,
-        ack_wait: nanos(opts.ackWaitMs ?? 60_000),
-        deliver_policy: DeliverPolicy.New,
-    };
-    if (opts.inactiveThresholdMs)
-        cfg.inactive_threshold = nanos(opts.inactiveThresholdMs);
-    return cfg;
-}
 /**
  * The TASK work-queue durable for a role — ONE definition, shared by the privileged
  * pre-create (auth mode) and the endpoint's open-mode self-create. The durable is shared
@@ -117,6 +130,51 @@ export function taskDurableConfig(space, role, opts = {}) {
         ack_wait: nanos(opts.ackWaitMs ?? 60_000),
     };
 }
+// ---- Plane-3 consumers (SPEC §8) ----
+/** The single privileged trusted-reader consumer over the WHOLE INBOX (mixed pre-auth) store
+ *  (`dinbox.>`, all owners) — created + bound only by the manager. Explicit ack: the reader holds an
+ *  entry un-acked until it has transferred the re-authorized copy to DLV (a crash before transfer
+ *  redelivers). `max_ack_pending` bounds the reader's in-flight set. The per-message owner is
+ *  recovered from the subject (`parseDinboxOwner`). */
+export function inboxReaderConfig(space, opts = {}) {
+    return {
+        durable_name: readerDurable(opts.shard, opts.shards),
+        filter_subject: `${spacePrefix(space)}.dinbox.>`,
+        ack_policy: AckPolicy.Explicit,
+        ack_wait: nanos(opts.ackWaitMs ?? 60_000),
+        deliver_policy: DeliverPolicy.All,
+        max_ack_pending: DINBOX_MAX_ACK_PENDING,
+    };
+}
+/** An agent's bind-only per-member DELIVER consumer (mirrors {@link dmDurableConfig}): the provisioner
+ *  pre-creates it filtered to `dlv.<owner>`; the agent BINDS it (denied CREATE on DLV) and acks via
+ *  native JetStream — the §8 "equivalent per-member at-least-once mechanism with the same ack
+ *  semantics". `inactive_threshold` only for an open-mode self-create (none today; Plane-3 is
+ *  auth-only). */
+export function dlvDurableConfig(space, owner, opts = {}) {
+    const cfg = {
+        durable_name: dlvDurable(owner),
+        filter_subject: dlvSubject(space, owner),
+        ack_policy: AckPolicy.Explicit,
+        ack_wait: nanos(opts.ackWaitMs ?? 60_000),
+        deliver_policy: DeliverPolicy.All,
+    };
+    if (opts.inactiveThresholdMs)
+        cfg.inactive_threshold = nanos(opts.inactiveThresholdMs);
+    return cfg;
+}
+/** The single privileged fan-out consumer on CHAT (manager-pumped; routing, not auth).
+ *  `DeliverPolicy.New` at creation (pre-existing backlog is pre-membership); a DURABLE, so on a
+ *  manager restart it resumes from its ack cursor and fans out the gap, idempotent via `Nats-Msg-Id`. */
+export function fanoutDurableConfig(space, opts = {}) {
+    return {
+        durable_name: fanoutDurable(opts.shard, opts.shards),
+        filter_subject: chatWildcard(space),
+        ack_policy: AckPolicy.Explicit,
+        ack_wait: nanos(opts.ackWaitMs ?? 60_000),
+        deliver_policy: DeliverPolicy.New,
+    };
+}
 /** Connect with the given (privileged) creds, create the space's streams, and disconnect.
  *  Used by `cotal up` to pre-create streams once at setup. */
 export async function setupSpaceStreams(opts) {
@@ -132,6 +190,17 @@ export async function setupSpaceStreams(opts) {
         const kvm = new Kvm(nc);
         await kvm.create(presenceBucket(opts.space), { ttl: PRESENCE_TTL_MS });
         await kvm.create(channelBucket(opts.space));
+        // Durable-membership registry (Plane-3): privileged-write, no TTL (durable config, like the
+        // channel registry). Pre-created so the delivery daemon (and open-mode self) can OPEN it; agents
+        // hold no grant. Idempotent.
+        await kvm.create(membersBucket(opts.space));
+        // Durable read-ACL registry (Plane-3 keystone): privileged-write, no TTL. The manager records an
+        // agent's read ACL here at mint; the delivery daemon re-auths every durable entry against it.
+        await kvm.create(aclBucket(opts.space));
+        // Delivery-daemon single-flight lease + readiness bucket: bucket-level TTL (`max_age`) so a crashed
+        // holder's lease auto-expires and a fresh daemon can re-acquire. Holds ONLY lease keys, writable
+        // only by the `delivery` cred, world-readable (the non-gating delivery-health surface). Idempotent.
+        await kvm.create(deliveryBucket(opts.space), { ttl: LEASE_TTL_MS });
     }
     finally {
         await nc.drain();

package/dist/streams.js.map

@@ -1 +1 @@
-{"version":3,"file":"streams.js","sourceRoot":"","sources":["../src/streams.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,eAAe,EACf,aAAa,EACb,WAAW,GAGZ,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAC7E,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,EACL,WAAW,EACX,UAAU,EACV,WAAW,EACX,WAAW,EACX,sBAAsB,EACtB,iBAAiB,EACjB,QAAQ,EACR,SAAS,EACT,cAAc,EACd,UAAU,EACV,WAAW,EACX,cAAc,EACd,cAAc,EACd,aAAa,GACd,MAAM,eAAe,CAAC;AAEvB,+FAA+F;AAC/F,MAAM,eAAe,GAAG,KAAK,CAAC;AAE9B;;4FAE4F;AAC5F,MAAM,CAAC,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAOzC;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,GAAqB,EACrB,KAAa;IAEb,MAAM,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAC7B,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QACpB,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC;QACvB,QAAQ,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;QACzB,SAAS,EAAE,eAAe,CAAC,MAAM;QACjC,OAAO,EAAE,WAAW,CAAC,IAAI;QACzB,oBAAoB,EAAE,oBAAoB,EAAE,gDAAgD;QAC5F,OAAO,EAAE,aAAa,CAAC,GAAG;QAC1B,gGAAgG;QAChG,+FAA+F;QAC/F,4FAA4F;QAC5F,+EAA+E;QAC/E,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QACpB,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC;QACrB,QAAQ,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;QACzB,SAAS,EAAE,eAAe,CAAC,MAAM;QACjC,OAAO,EAAE,WAAW,CAAC,IAAI;KAC1B,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QACpB,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC;QACvB,QAAQ,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC;QACxB,SAAS,EAAE,eAAe,CAAC,SAAS;QACpC,OAAO,EAAE,WAAW,CAAC,IAAI;KAC1B,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,eAAe,CAC7B,KAAa,EACb,EAAU,EACV,OAA6D,EAAE;IAE/D,MAAM,GAAG,GAA4B;QACnC,YAAY,EAAE,SAAS,CAAC,EAAE,CAAC;QAC3B,cAAc,EAAE,cAAc,CAAC,KAAK,EAAE,EAAE,EAAE,GAAG,CAAC;QAC9C,UAAU,EAAE,SAAS,CAAC,QAAQ;QAC9B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;QACzC,cAAc,EAAE,aAAa,CAAC,GAAG;KAClC,CAAC;IACF,IAAI,IAAI,CAAC,mBAAmB;QAAE,GAAG,CAAC,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACvF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAAa,EACb,EAAU,EACV,QAAkB,EAClB,OAA6D,EAAE;IAE/D,MAAM,GAAG,GAA4B;QACnC,YAAY,EAAE,WAAW,CAAC,EAAE,CAAC;QAC7B,eAAe,EAAE,sBAAsB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1F,UAAU,EAAE,SAAS,CAAC,QAAQ;QAC9B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;QACzC,cAAc,EAAE,aAAa,CAAC,GAAG;KAClC,CAAC;IACF,IAAI,IAAI,CAAC,mBAAmB;QAAE,GAAG,CAAC,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACvF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAAa,EACb,IAAY,EACZ,OAA+B,EAAE;IAEjC,OAAO;QACL,YAAY,EAAE,WAAW,CAAC,IAAI,CAAC;QAC/B,cAAc,EAAE,cAAc,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC;QAChD,UAAU,EAAE,SAAS,CAAC,QAAQ;QAC9B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED;8DAC8D;AAC9D,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAKvC;IACC,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,kBAAkB,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnG,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,MAAM,gBAAgB,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QACjE,yFAAyF;QACzF,yFAAyF;QACzF,yCAAyC;QACzC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;QACxB,MAAM,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC,CAAC;QACvE,MAAM,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9C,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAED;kDACkD;AAClD,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAKvC;IACC,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,kBAAkB,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnG,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACtE,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACtC,MAAM,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAClE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IACtB,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;;oFAKoF;AACpF,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAKlC;IACC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,0CAA0C,CAAC,CAAC;IAC9E,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,kBAAkB,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnG,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;YACjE,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC;SACnD,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACnE,MAAM,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,yFAAyF;QAC3F,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAC3C,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;AACH,CAAC"}
+{"version":3,"file":"streams.js","sourceRoot":"","sources":["../src/streams.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,eAAe,EACf,aAAa,EACb,WAAW,GAGZ,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAC7E,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,EACL,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,QAAQ,EACR,SAAS,EACT,cAAc,EACd,UAAU,EACV,WAAW,EACX,cAAc,EACd,cAAc,EACd,aAAa,EACb,aAAa,EACb,SAAS,EACT,cAAc,EACd,WAAW,EACX,SAAS,EACT,UAAU,EACV,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,eAAe,CAAC;AAEvB,+FAA+F;AAC/F,MAAM,eAAe,GAAG,KAAK,CAAC;AAE9B;;4FAE4F;AAC5F,MAAM,CAAC,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAEzC;;;;;;;;;0GAS0G;AAC1G,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEzD;oFACoF;AACpF,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAE3C;;;;;mHAKmH;AACnH,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,CAAC;AAOnC;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,GAAqB,EACrB,KAAa;IAEb,MAAM,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAC7B,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QACpB,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC;QACvB,QAAQ,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;QACzB,SAAS,EAAE,eAAe,CAAC,MAAM;QACjC,OAAO,EAAE,WAAW,CAAC,IAAI;QACzB,oBAAoB,EAAE,oBAAoB,EAAE,gDAAgD;QAC5F,OAAO,EAAE,aAAa,CAAC,GAAG;QAC1B,gGAAgG;QAChG,+FAA+F;QAC/F,4FAA4F;QAC5F,+EAA+E;QAC/E,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QACpB,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC;QACrB,QAAQ,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;QACzB,SAAS,EAAE,eAAe,CAAC,MAAM;QACjC,OAAO,EAAE,WAAW,CAAC,IAAI;KAC1B,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QACpB,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC;QACvB,QAAQ,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC;QACxB,SAAS,EAAE,eAAe,CAAC,SAAS;QACpC,OAAO,EAAE,WAAW,CAAC,IAAI;KAC1B,CAAC,CAAC;IACH,kGAAkG;IAClG,iGAAiG;IACjG,8FAA8F;IAC9F,8FAA8F;IAC9F,wFAAwF;IACxF,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QACpB,IAAI,EAAE,WAAW,CAAC,KAAK,CAAC;QACxB,QAAQ,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC;QAC3B,SAAS,EAAE,eAAe,CAAC,MAAM;QACjC,OAAO,EAAE,WAAW,CAAC,IAAI;QACzB,oBAAoB,EAAE,oBAAoB;QAC1C,OAAO,EAAE,aAAa,CAAC,GAAG;QAC1B,gBAAgB,EAAE,KAAK,CAAC,sBAAsB,CAAC;KAChD,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;QACpB,IAAI,EAAE,SAAS,CAAC,KAAK,CAAC;QACtB,QAAQ,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC;QACxB,SAAS,EAAE,eAAe,CAAC,MAAM;QACjC,OAAO,EAAE,WAAW,CAAC,IAAI;QACzB,oBAAoB,EAAE,oBAAoB;QAC1C,OAAO,EAAE,aAAa,CAAC,GAAG;QAC1B,gBAAgB,EAAE,KAAK,CAAC,sBAAsB,CAAC;KAChD,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,eAAe,CAC7B,KAAa,EACb,EAAU,EACV,OAA6D,EAAE;IAE/D,MAAM,GAAG,GAA4B;QACnC,YAAY,EAAE,SAAS,CAAC,EAAE,CAAC;QAC3B,cAAc,EAAE,cAAc,CAAC,KAAK,EAAE,EAAE,EAAE,GAAG,CAAC;QAC9C,UAAU,EAAE,SAAS,CAAC,QAAQ;QAC9B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;QACzC,cAAc,EAAE,aAAa,CAAC,GAAG;KAClC,CAAC;IACF,IAAI,IAAI,CAAC,mBAAmB;QAAE,GAAG,CAAC,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACvF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAAa,EACb,IAAY,EACZ,OAA+B,EAAE;IAEjC,OAAO;QACL,YAAY,EAAE,WAAW,CAAC,IAAI,CAAC;QAC/B,cAAc,EAAE,cAAc,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC;QAChD,UAAU,EAAE,SAAS,CAAC,QAAQ;QAC9B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED,wCAAwC;AAExC;;;;uDAIuD;AACvD,MAAM,UAAU,iBAAiB,CAC/B,KAAa,EACb,OAAgE,EAAE;IAElE,OAAO;QACL,YAAY,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC;QACpD,cAAc,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,WAAW;QAChD,UAAU,EAAE,SAAS,CAAC,QAAQ;QAC9B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;QACzC,cAAc,EAAE,aAAa,CAAC,GAAG;QACjC,eAAe,EAAE,sBAAsB;KACxC,CAAC;AACJ,CAAC;AAED;;;;kBAIkB;AAClB,MAAM,UAAU,gBAAgB,CAC9B,KAAa,EACb,KAAa,EACb,OAA6D,EAAE;IAE/D,MAAM,GAAG,GAA4B;QACnC,YAAY,EAAE,UAAU,CAAC,KAAK,CAAC;QAC/B,cAAc,EAAE,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC;QACxC,UAAU,EAAE,SAAS,CAAC,QAAQ;QAC9B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;QACzC,cAAc,EAAE,aAAa,CAAC,GAAG;KAClC,CAAC;IACF,IAAI,IAAI,CAAC,mBAAmB;QAAE,GAAG,CAAC,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACvF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;yGAEyG;AACzG,MAAM,UAAU,mBAAmB,CACjC,KAAa,EACb,OAAgE,EAAE;IAElE,OAAO;QACL,YAAY,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC;QACpD,cAAc,EAAE,YAAY,CAAC,KAAK,CAAC;QACnC,UAAU,EAAE,SAAS,CAAC,QAAQ;QAC9B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;QACzC,cAAc,EAAE,aAAa,CAAC,GAAG;KAClC,CAAC;AACJ,CAAC;AAED;8DAC8D;AAC9D,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAKvC;IACC,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,kBAAkB,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnG,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,MAAM,gBAAgB,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QACjE,yFAAyF;QACzF,yFAAyF;QACzF,yCAAyC;QACzC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;QACxB,MAAM,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC,CAAC;QACvE,MAAM,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5C,4FAA4F;QAC5F,iGAAiG;QACjG,6BAA6B;QAC7B,MAAM,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5C,iGAAiG;QACjG,8FAA8F;QAC9F,MAAM,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACxC,oGAAoG;QACpG,iGAAiG;QACjG,oGAAoG;QACpG,MAAM,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC;IACtE,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAED;kDACkD;AAClD,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAKvC;IACC,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,kBAAkB,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnG,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACtE,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACtC,MAAM,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAClE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IACtB,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;;oFAKoF;AACpF,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAKlC;IACC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,0CAA0C,CAAC,CAAC;IAC9E,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,kBAAkB,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnG,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;YACjE,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC;SACnD,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACnE,MAAM,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,yFAAyF;QAC3F,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAC3C,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/subjects.d.ts

@@ -69,6 +69,15 @@ export declare function controlServiceSubject(space: string, service: string, se
 export declare const CONTROL_PRIVILEGED: "manager";
 export declare const CONTROL_SELF_SERVICE: "self";
 export declare const CONTROL_ADMIN: "admin";
+/** The delivery service — a control service served by the server-side **delivery daemon** (NOT the
+ *  manager), carrying the runtime durable `join` / `leave` / `listMemberships` ops agents call. Agents
+ *  publish a request to `ctl.delivery.<agentId>` and receive the reply on `ctl.delivery.<agentId>.…`,
+ *  a subtree both sides scope tightly: the agent gets pub on `ctl.delivery.<id>` + sub on
+ *  `ctl.delivery.<id>.>`, and the daemon gets sub on `ctl.delivery.*` (queue) + pub on `ctl.delivery.>`
+ *  (replies). This keeps the daemon least-privilege — it never needs broad inbox-publish to answer an
+ *  agent (only the allow-all manager could reply into the per-id `_INBOX_<id>` prefix). Lifecycle ops
+ *  (spawn/stop/despawn) stay on the manager's tiers; durable membership is the daemon's. */
+export declare const CONTROL_DELIVERY: "delivery";
 /** The three control-plane tiers the manager serves — values tie to the `CONTROL_*` service
  *  names so handler routing can't drift from the subject names. */
 export type ControlTier = typeof CONTROL_PRIVILEGED | typeof CONTROL_SELF_SERVICE | typeof CONTROL_ADMIN;
@@ -114,18 +123,90 @@ export declare function channelBucket(space: string): string;
  *  character (`/^[-/=.\w]+$/`) but one `token()` can never produce (it maps every char
  *  outside `[A-Za-z0-9_-]` to `_`), so this key can never collide with a real channel. */
 export declare const CHANNEL_DEFAULTS_KEY = "=defaults";
+/** Name of the KV bucket holding the durable-membership registry (Plane-3) for a space — a
+ *  privileged-write sibling of the channels/presence buckets. One record per (concrete channel,
+ *  owner) under {@link memberKey}; the source of truth for `channelMembers()` and the fan-out's
+ *  member list, moved off JetStream consumer topology (which core-sub joins don't create). */
+export declare function membersBucket(space: string): string;
+/** KV key for one membership record: `<channel>/<owner>`. The channel is concrete (no `*`/`>`,
+ *  validated at the write path) so it is dotted-but-`/`-free, and an owner id is an nkey
+ *  (`[A-Z0-9]`, also `/`-free), so the single `/` separates them unambiguously — both halves
+ *  recover via {@link parseMemberKey}. `/`, `.`, and `[A-Za-z0-9_-]` are all legal KV-key chars
+ *  (`/^[-/=.\w]+$/`), so no encoding is needed. */
+export declare function memberKey(channel: string, owner: string): string;
+/** Inverse of {@link memberKey}: split a member key back into `{ channel, owner }`, or `null` if
+ *  it isn't one (no `/`). Splits on the single separator — channels and owner ids are both `/`-free. */
+export declare function parseMemberKey(key: string): {
+    channel: string;
+    owner: string;
+} | null;
+/** Name of the KV bucket holding the durable read-ACL registry (Plane-3) for a space — a
+ *  privileged-write sibling of the members/channels buckets. One record per OWNER (key = owner id),
+ *  holding that owner's current read ACL (`allowSubscribe`). The delivery daemon's trusted reader
+ *  re-authorizes every durable entry against this — moved off the manager's in-memory ledger so a
+ *  stateless, server-side daemon re-reads it on boot (fixes the restart-fragility nak-loop). It is
+ *  ALSO what the daemon validates a runtime durable-join against (channel ∈ the owner's ACL). */
+export declare function aclBucket(space: string): string;
+/** KV key for one owner's read-ACL record: the owner id (an nkey — `[A-Z0-9]`, `/`-free, a `token()`
+ *  no-op; keyed like presence, which uses the bare id). */
+export declare function aclKey(owner: string): string;
+/** Name of the KV bucket holding the delivery daemon's single-flight lease + readiness signal for a
+ *  space. One key per shard ({@link leaseKey}); writable only by the `delivery` cred, world-readable
+ *  (an agent reads it for the non-gating delivery-health surface). The bucket holds ONLY lease keys,
+ *  so a bucket-level TTL (`max_age`) cleanly expires a crashed holder's lease. (Per-key KV TTL via
+ *  `Nats-TTL`/marker TTL is also available on this stack — `@nats-io/kv` 3.4 + server 2.14 — so the
+ *  bucket-level TTL is a deliberate simplicity choice for a one-purpose bucket, not a capability gap.) */
+export declare function deliveryBucket(space: string): string;
+/** KV key for one shard's delivery lease/readiness (N=1 → `lease.0`). */
+export declare function leaseKey(shardIndex: number): string;
+/** Deterministic FNV-1a (32-bit) hash of `key` into `[0, n)` — stable across processes/restarts, so a
+ *  shard assignment never moves under a running daemon. The Plane-3 partition seam (sharding):
+ *  **N=1 is the only operating mode shipped** (`shards > 1` is hard-rejected at the daemon entrypoint)
+ *  because a hash partition is not expressible as a NATS `sub.allow`/durable filter under the flat chat
+ *  grammar — see core-sub-fabric.md. Present so the N>1 follow-up (with a channel-prefix grammar) is a
+ *  small diff. */
+export declare function partition(n: number, key: string): number;
 /** Stream capturing `chat.>` — multicast backlog + history. */
 export declare function chatStream(space: string): string;
 /** Stream capturing `inst.>` — per-instance direct-message inboxes. */
 export declare function dmStream(space: string): string;
 /** Stream capturing `svc.>` — anycast work queue. */
 export declare function taskStream(space: string): string;
-/** Durable consumer name for an instance's view of the chat stream — its live tail. */
+/** Stream capturing `dinbox.>` — the per-owner mixed durable inbox (fan-out target; agent unreadable). */
+export declare function inboxStream(space: string): string;
+/** Stream capturing `dlv.>` — the per-member post-auth delivery store (agent binds + acks). */
+export declare function dlvStream(space: string): string;
+/** Subject of an owner's mixed durable inbox: `cotal.<space>.dinbox.<owner>` (one per owner). */
+export declare function dinboxSubject(space: string, owner: string): string;
+/** Subject of an owner's post-auth delivery: `cotal.<space>.dlv.<owner>` (one per owner). */
+export declare function dlvSubject(space: string, owner: string): string;
+/** Parse the owner id out of an owner's mixed-inbox subject `cotal.<space>.dinbox.<owner>`, or null.
+ *  The trusted reader is a SINGLE consumer over `dinbox.>` (all owners), so it recovers the per-message
+ *  owner from the subject (the routing token is `routeToken(owner)` — an nkey, a `token()` no-op). */
+export declare function parseDinboxOwner(subject: string): string | null;
+/** An agent's bind-only per-owner consumer on {@link dlvStream} (filter `dlv.<owner>`). */
+export declare function dlvDurable(owner: string): string;
+/** The single privileged fan-out consumer on the CHAT stream (delivery-daemon-pumped; routing, not
+ *  auth). N=1 keeps this exact name (see {@link fanoutDurable}). */
+export declare const FANOUT_DURABLE: "fanout";
+/** The single privileged trusted-reader consumer on {@link inboxStream} (filter `dinbox.>`,
+ *  delivery-daemon-pumped). It re-authorizes each entry and transfers the authorized copy to
+ *  `dlv.<owner>`. N=1 keeps this exact name (see {@link readerDurable}). */
+export declare const INBOX_READER_DURABLE: "reader";
+/** Per-shard fan-out durable name (the sharding seam). N=1 (`shards <= 1`) keeps the exact legacy
+ *  name `fanout` so a running space's existing durable + ack cursor carry over; N>1 (deferred until
+ *  the channel-prefix grammar) → `fanout_<i>`. */
+export declare function fanoutDurable(shard?: number, shards?: number): string;
+/** Per-shard trusted-reader durable name (the sharding seam). N=1 keeps `reader`; N>1 → `reader_<i>`. */
+export declare function readerDurable(shard?: number, shards?: number): string;
+/** Name of the REMOVED per-instance chat live-tail durable. Retained only as the canonical name the
+ *  read-ACL conformance test asserts an agent can NOT create — it has no live callers, the live read is
+ *  now a native core subscription. */
 export declare function chatDurable(instance: string): string;
 /** Consumer name for an instance's short-lived chat **history** reads (join-backfill, focus-recall,
- *  drop-marker). A single per-instance name (not the live `chat_<id>`) so its create/info/fetch/
- *  delete grants are name-scoped to the agent's own id — a peer can never bind it — while the
- *  per-read single `filter_subject` is what the create-time ACL pins to `allowSubscribe`. */
+ *  drop-marker). A single per-instance name, scoped to the agent's own id so its create/info/fetch/
+ *  delete grants name-scope to that id — a peer can never bind it — while the per-read single
+ *  `filter_subject` is what the create-time ACL pins to `allowSubscribe`. */
 export declare function chatHistDurable(instance: string): string;
 /** Durable consumer name for an instance's private DM inbox. */
 export declare function dmDurable(instance: string): string;

package/dist/subjects.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"subjects.d.ts","sourceRoot":"","sources":["../src/subjects.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,gEAAgE;AAChE,wBAAgB,KAAK,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAGvC;AAED,eAAO,MAAM,IAAI,UAAU,CAAC;AAE5B,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED;;gFAEgF;AAChF,wBAAgB,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,GAAG,SAAS,CAI3E;AAgCD,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAElF;AAED;iFACiF;AACjF,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE1D;AAED;;iCAEiC;AACjC,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAUxE;AAED;;;;;;;;;;yDAUyD;AACzD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAiB1D;AAED;;;;2FAI2F;AAC3F,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAExE;AAED;;;;2FAI2F;AAC3F,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAGnE;AAED;iGACiG;AACjG,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAEpF;AAED,kHAAkH;AAClH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAErF;AAED,8GAA8G;AAC9G,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAE5F;AAED;;;;;;;;8DAQ8D;AAC9D,eAAO,MAAM,kBAAkB,EAAG,SAAkB,CAAC;AACrD,eAAO,MAAM,oBAAoB,EAAG,MAAe,CAAC;AACpD,eAAO,MAAM,aAAa,EAAG,OAAgB,CAAC;AAC9C;mEACmE;AACnE,MAAM,MAAM,WAAW,GAAG,OAAO,kBAAkB,GAAG,OAAO,oBAAoB,GAAG,OAAO,aAAa,CAAC;AAEzG,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAEnE;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAErE;AAED,sDAAsD;AACtD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;0DAC0D;AAC1D,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAElD;AAED,yFAAyF;AACzF,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,SAAS,GAAG,SAAS,CAAC;AAE1D;qFACqF;AACrF,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,wFAAwF;IACxF,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAalE;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI,CAI/D;AAED,0DAA0D;AAC1D,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;wFACwF;AACxF,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;;0FAE0F;AAC1F,eAAO,MAAM,oBAAoB,cAAc,CAAC;AAIhD,+DAA+D;AAC/D,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,uEAAuE;AACvE,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE9C;AAED,qDAAqD;AACrD,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,uFAAuF;AACvF,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;;;6FAG6F;AAC7F,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAExD;AAED,gEAAgE;AAChE,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAElD;AAED,oFAAoF;AACpF,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEnD"}
+{"version":3,"file":"subjects.d.ts","sourceRoot":"","sources":["../src/subjects.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,gEAAgE;AAChE,wBAAgB,KAAK,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAGvC;AAED,eAAO,MAAM,IAAI,UAAU,CAAC;AAE5B,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED;;gFAEgF;AAChF,wBAAgB,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,GAAG,SAAS,CAI3E;AAgCD,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAElF;AAED;iFACiF;AACjF,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE1D;AAED;;iCAEiC;AACjC,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAUxE;AAED;;;;;;;;;;yDAUyD;AACzD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAiB1D;AAED;;;;2FAI2F;AAC3F,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAExE;AAED;;;;2FAI2F;AAC3F,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAGnE;AAED;iGACiG;AACjG,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAEpF;AAED,kHAAkH;AAClH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAErF;AAED,8GAA8G;AAC9G,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAE5F;AAED;;;;;;;;8DAQ8D;AAC9D,eAAO,MAAM,kBAAkB,EAAG,SAAkB,CAAC;AACrD,eAAO,MAAM,oBAAoB,EAAG,MAAe,CAAC;AACpD,eAAO,MAAM,aAAa,EAAG,OAAgB,CAAC;AAC9C;;;;;;;4FAO4F;AAC5F,eAAO,MAAM,gBAAgB,EAAG,UAAmB,CAAC;AACpD;mEACmE;AACnE,MAAM,MAAM,WAAW,GAAG,OAAO,kBAAkB,GAAG,OAAO,oBAAoB,GAAG,OAAO,aAAa,CAAC;AAEzG,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAEnE;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAErE;AAED,sDAAsD;AACtD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;0DAC0D;AAC1D,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAElD;AAED,yFAAyF;AACzF,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,SAAS,GAAG,SAAS,CAAC;AAE1D;qFACqF;AACrF,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,wFAAwF;IACxF,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAalE;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI,CAI/D;AAED,0DAA0D;AAC1D,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;wFACwF;AACxF,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;;0FAE0F;AAC1F,eAAO,MAAM,oBAAoB,cAAc,CAAC;AAEhD;;;8FAG8F;AAC9F,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;;;;mDAImD;AACnD,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED;wGACwG;AACxG,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAIrF;AAED;;;;;iGAKiG;AACjG,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;2DAC2D;AAC3D,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED;;;;;0GAK0G;AAC1G,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,yEAAyE;AACzE,wBAAgB,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;;;;;kBAKkB;AAClB,wBAAgB,SAAS,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAQxD;AAID,+DAA+D;AAC/D,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,uEAAuE;AACvE,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE9C;AAED,qDAAqD;AACrD,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEhD;AAWD,0GAA0G;AAC1G,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED,+FAA+F;AAC/F,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED,iGAAiG;AACjG,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAElE;AAED,6FAA6F;AAC7F,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/D;AAED;;sGAEsG;AACtG,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAI/D;AAED,2FAA2F;AAC3F,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;oEACoE;AACpE,eAAO,MAAM,cAAc,EAAG,QAAiB,CAAC;AAEhD;;4EAE4E;AAC5E,eAAO,MAAM,oBAAoB,EAAG,QAAiB,CAAC;AAEtD;;kDAEkD;AAClD,wBAAgB,aAAa,CAAC,KAAK,SAAI,EAAE,MAAM,SAAI,GAAG,MAAM,CAE3D;AAED,yGAAyG;AACzG,wBAAgB,aAAa,CAAC,KAAK,SAAI,EAAE,MAAM,SAAI,GAAG,MAAM,CAE3D;AAED;;sCAEsC;AACtC,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;;;6EAG6E;AAC7E,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAExD;AAED,gEAAgE;AAChE,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAElD;AAED,oFAAoF;AACpF,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEnD"}

package/dist/subjects.js

@@ -155,6 +155,15 @@ export function controlServiceSubject(space, service, sender) {
 export const CONTROL_PRIVILEGED = "manager";
 export const CONTROL_SELF_SERVICE = "self";
 export const CONTROL_ADMIN = "admin";
+/** The delivery service — a control service served by the server-side **delivery daemon** (NOT the
+ *  manager), carrying the runtime durable `join` / `leave` / `listMemberships` ops agents call. Agents
+ *  publish a request to `ctl.delivery.<agentId>` and receive the reply on `ctl.delivery.<agentId>.…`,
+ *  a subtree both sides scope tightly: the agent gets pub on `ctl.delivery.<id>` + sub on
+ *  `ctl.delivery.<id>.>`, and the daemon gets sub on `ctl.delivery.*` (queue) + pub on `ctl.delivery.>`
+ *  (replies). This keeps the daemon least-privilege — it never needs broad inbox-publish to answer an
+ *  agent (only the allow-all manager could reply into the per-id `_INBOX_<id>` prefix). Lifecycle ops
+ *  (spawn/stop/despawn) stay on the manager's tiers; durable membership is the daemon's. */
+export const CONTROL_DELIVERY = "delivery";
 export function traceSubject(space, agentId) {
     return `${spacePrefix(space)}.trace.${token(agentId)}`;
 }
@@ -220,6 +229,72 @@ export function channelBucket(space) {
  *  character (`/^[-/=.\w]+$/`) but one `token()` can never produce (it maps every char
  *  outside `[A-Za-z0-9_-]` to `_`), so this key can never collide with a real channel. */
 export const CHANNEL_DEFAULTS_KEY = "=defaults";
+/** Name of the KV bucket holding the durable-membership registry (Plane-3) for a space — a
+ *  privileged-write sibling of the channels/presence buckets. One record per (concrete channel,
+ *  owner) under {@link memberKey}; the source of truth for `channelMembers()` and the fan-out's
+ *  member list, moved off JetStream consumer topology (which core-sub joins don't create). */
+export function membersBucket(space) {
+    return `cotal_members_${token(space)}`;
+}
+/** KV key for one membership record: `<channel>/<owner>`. The channel is concrete (no `*`/`>`,
+ *  validated at the write path) so it is dotted-but-`/`-free, and an owner id is an nkey
+ *  (`[A-Z0-9]`, also `/`-free), so the single `/` separates them unambiguously — both halves
+ *  recover via {@link parseMemberKey}. `/`, `.`, and `[A-Za-z0-9_-]` are all legal KV-key chars
+ *  (`/^[-/=.\w]+$/`), so no encoding is needed. */
+export function memberKey(channel, owner) {
+    return `${channel}/${owner}`;
+}
+/** Inverse of {@link memberKey}: split a member key back into `{ channel, owner }`, or `null` if
+ *  it isn't one (no `/`). Splits on the single separator — channels and owner ids are both `/`-free. */
+export function parseMemberKey(key) {
+    const i = key.indexOf("/");
+    if (i <= 0 || i >= key.length - 1)
+        return null;
+    return { channel: key.slice(0, i), owner: key.slice(i + 1) };
+}
+/** Name of the KV bucket holding the durable read-ACL registry (Plane-3) for a space — a
+ *  privileged-write sibling of the members/channels buckets. One record per OWNER (key = owner id),
+ *  holding that owner's current read ACL (`allowSubscribe`). The delivery daemon's trusted reader
+ *  re-authorizes every durable entry against this — moved off the manager's in-memory ledger so a
+ *  stateless, server-side daemon re-reads it on boot (fixes the restart-fragility nak-loop). It is
+ *  ALSO what the daemon validates a runtime durable-join against (channel ∈ the owner's ACL). */
+export function aclBucket(space) {
+    return `cotal_acl_${token(space)}`;
+}
+/** KV key for one owner's read-ACL record: the owner id (an nkey — `[A-Z0-9]`, `/`-free, a `token()`
+ *  no-op; keyed like presence, which uses the bare id). */
+export function aclKey(owner) {
+    return token(owner);
+}
+/** Name of the KV bucket holding the delivery daemon's single-flight lease + readiness signal for a
+ *  space. One key per shard ({@link leaseKey}); writable only by the `delivery` cred, world-readable
+ *  (an agent reads it for the non-gating delivery-health surface). The bucket holds ONLY lease keys,
+ *  so a bucket-level TTL (`max_age`) cleanly expires a crashed holder's lease. (Per-key KV TTL via
+ *  `Nats-TTL`/marker TTL is also available on this stack — `@nats-io/kv` 3.4 + server 2.14 — so the
+ *  bucket-level TTL is a deliberate simplicity choice for a one-purpose bucket, not a capability gap.) */
+export function deliveryBucket(space) {
+    return `cotal_delivery_${token(space)}`;
+}
+/** KV key for one shard's delivery lease/readiness (N=1 → `lease.0`). */
+export function leaseKey(shardIndex) {
+    return `lease.${shardIndex}`;
+}
+/** Deterministic FNV-1a (32-bit) hash of `key` into `[0, n)` — stable across processes/restarts, so a
+ *  shard assignment never moves under a running daemon. The Plane-3 partition seam (sharding):
+ *  **N=1 is the only operating mode shipped** (`shards > 1` is hard-rejected at the daemon entrypoint)
+ *  because a hash partition is not expressible as a NATS `sub.allow`/durable filter under the flat chat
+ *  grammar — see core-sub-fabric.md. Present so the N>1 follow-up (with a channel-prefix grammar) is a
+ *  small diff. */
+export function partition(n, key) {
+    if (n <= 1)
+        return 0;
+    let h = 0x811c9dc5;
+    for (let i = 0; i < key.length; i++) {
+        h ^= key.charCodeAt(i);
+        h = Math.imul(h, 0x01000193);
+    }
+    return (h >>> 0) % n;
+}
 // ---- JetStream streams (the durable backing for the three delivery modes) ----
 /** Stream capturing `chat.>` — multicast backlog + history. */
 export function chatStream(space) {
@@ -233,14 +308,69 @@ export function dmStream(space) {
 export function taskStream(space) {
     return `TASK_${token(space)}`;
 }
-/** Durable consumer name for an instance's view of the chat stream — its live tail. */
+// ---- Plane-3 (durable backstop, SPEC §8) — two per-space streams ----
+//
+// `dinbox.<owner>` is the MIXED pre-auth store (fan-out target): the agent holds NO grant on
+// {@link inboxStream} and the trusted reader (the delivery daemon) is its only consumer. `dlv.<owner>` is the
+// per-member POST-auth handoff: the reader transfers each re-authorized copy here and the agent binds
+// {@link dlvDurable} bind-only and acks it via native JetStream (§8 "an equivalent per-member
+// at-least-once mechanism with the same ack semantics"). `dlv` carries channel messages only, so the
+// receiver derives `kind=channel` from the delivery path — no payload/header kind (SPEC §4).
+/** Stream capturing `dinbox.>` — the per-owner mixed durable inbox (fan-out target; agent unreadable). */
+export function inboxStream(space) {
+    return `INBOX_${token(space)}`;
+}
+/** Stream capturing `dlv.>` — the per-member post-auth delivery store (agent binds + acks). */
+export function dlvStream(space) {
+    return `DLV_${token(space)}`;
+}
+/** Subject of an owner's mixed durable inbox: `cotal.<space>.dinbox.<owner>` (one per owner). */
+export function dinboxSubject(space, owner) {
+    return `${spacePrefix(space)}.dinbox.${routeToken(owner)}`;
+}
+/** Subject of an owner's post-auth delivery: `cotal.<space>.dlv.<owner>` (one per owner). */
+export function dlvSubject(space, owner) {
+    return `${spacePrefix(space)}.dlv.${routeToken(owner)}`;
+}
+/** Parse the owner id out of an owner's mixed-inbox subject `cotal.<space>.dinbox.<owner>`, or null.
+ *  The trusted reader is a SINGLE consumer over `dinbox.>` (all owners), so it recovers the per-message
+ *  owner from the subject (the routing token is `routeToken(owner)` — an nkey, a `token()` no-op). */
+export function parseDinboxOwner(subject) {
+    const parts = subject.split(".");
+    // cotal.<space>.dinbox.<owner>
+    return parts.length === 4 && parts[0] === ROOT && parts[2] === "dinbox" ? parts[3] : null;
+}
+/** An agent's bind-only per-owner consumer on {@link dlvStream} (filter `dlv.<owner>`). */
+export function dlvDurable(owner) {
+    return `dlv_${token(owner)}`;
+}
+/** The single privileged fan-out consumer on the CHAT stream (delivery-daemon-pumped; routing, not
+ *  auth). N=1 keeps this exact name (see {@link fanoutDurable}). */
+export const FANOUT_DURABLE = "fanout";
+/** The single privileged trusted-reader consumer on {@link inboxStream} (filter `dinbox.>`,
+ *  delivery-daemon-pumped). It re-authorizes each entry and transfers the authorized copy to
+ *  `dlv.<owner>`. N=1 keeps this exact name (see {@link readerDurable}). */
+export const INBOX_READER_DURABLE = "reader";
+/** Per-shard fan-out durable name (the sharding seam). N=1 (`shards <= 1`) keeps the exact legacy
+ *  name `fanout` so a running space's existing durable + ack cursor carry over; N>1 (deferred until
+ *  the channel-prefix grammar) → `fanout_<i>`. */
+export function fanoutDurable(shard = 0, shards = 1) {
+    return shards <= 1 ? FANOUT_DURABLE : `${FANOUT_DURABLE}_${shard}`;
+}
+/** Per-shard trusted-reader durable name (the sharding seam). N=1 keeps `reader`; N>1 → `reader_<i>`. */
+export function readerDurable(shard = 0, shards = 1) {
+    return shards <= 1 ? INBOX_READER_DURABLE : `${INBOX_READER_DURABLE}_${shard}`;
+}
+/** Name of the REMOVED per-instance chat live-tail durable. Retained only as the canonical name the
+ *  read-ACL conformance test asserts an agent can NOT create — it has no live callers, the live read is
+ *  now a native core subscription. */
 export function chatDurable(instance) {
     return `chat_${token(instance)}`;
 }
 /** Consumer name for an instance's short-lived chat **history** reads (join-backfill, focus-recall,
- *  drop-marker). A single per-instance name (not the live `chat_<id>`) so its create/info/fetch/
- *  delete grants are name-scoped to the agent's own id — a peer can never bind it — while the
- *  per-read single `filter_subject` is what the create-time ACL pins to `allowSubscribe`. */
+ *  drop-marker). A single per-instance name, scoped to the agent's own id so its create/info/fetch/
+ *  delete grants name-scope to that id — a peer can never bind it — while the per-read single
+ *  `filter_subject` is what the create-time ACL pins to `allowSubscribe`. */
 export function chatHistDurable(instance) {
     return `chathist_${token(instance)}`;
 }