@enbox/agent 0.7.7 → 0.7.8

package/src/sync-closure-resolver.ts

@@ -4,12 +4,14 @@ import type {
   ClosureEvaluationContext,
   ClosureResult,
 } from './sync-closure-types.js';
-import type { GenericMessage, MessageStore } from '@enbox/dwn-sdk-js';
-
-import { Message, PermissionsProtocol } from '@enbox/dwn-sdk-js';
+import type { GenericMessage, MessageStore, ProtocolDefinition, ProtocolRuleSet } from '@enbox/dwn-sdk-js';
 
+import { classifySyncMessageScope } from './sync-scope-acceptance.js';
+import { getInvokedPermissionGrantIds } from './sync-permission-grants.js';
 import { isMultiPartyContext } from './protocol-utils.js';
+import { protocolsForSyncScope } from './types/sync.js';
 import { ClosureFailureCode, createClosureContext } from './sync-closure-types.js';
+import { Message, PermissionScopeMatcher, PermissionsProtocol } from '@enbox/dwn-sdk-js';
 
 // ---------------------------------------------------------------------------
 // Dependency extraction helpers (one per dependency class)
@@ -44,111 +46,173 @@ function extractProtocolDeps(message: GenericMessage): ClosureDependencyEdge[] {
  * - initialWrite (for non-initial writes)
  * - parentId chain
  */
-function extractAncestryDeps(message: GenericMessage): ClosureDependencyEdge[] {
+function extractAncestryDeps(message: GenericMessage, protocolDef?: ProtocolDefinition): ClosureDependencyEdge[] {
   const desc = message.descriptor as Record<string, unknown>;
-  const edges: ClosureDependencyEdge[] = [];
 
   // Only Records interface messages have ancestry dependencies.
   if (desc.interface !== 'Records') { return []; }
 
-  const recordId = (message as any).recordId as string | undefined;
+  const context = createAncestryContext(message, desc, protocolDef);
+  return [
+    createParentRecordDependency(context),
+    createContextRootDependency(context),
+    createInitialWriteDependency(context),
+  ].filter((edge): edge is ClosureDependencyEdge => edge !== undefined);
+}
 
-  // parentId dependency — the parent record must be present.
-  const parentId = desc.parentId as string | undefined;
-  if (parentId) {
-    edges.push({
-      dependencyClass : 2,
-      label           : 'parentRecord',
-      identifier      : parentId,
-      identifierType  : 'recordId',
-    });
+function expectedProtocol(protocol: string | undefined): Partial<Pick<ClosureDependencyEdge, 'expectedProtocol'>> {
+  return protocol === undefined ? {} : { expectedProtocol: protocol };
+}
+
+type AncestryContext = {
+  descriptor: Record<string, unknown>;
+  recordId?: string;
+  protocol?: string;
+  parentId?: string;
+  contextId?: string;
+  rootRefProtocol?: string;
+  parentResolvedByCrossProtocolRef: boolean;
+};
+
+function createAncestryContext(
+  message: GenericMessage,
+  descriptor: Record<string, unknown>,
+  protocolDef: ProtocolDefinition | undefined,
+): AncestryContext {
+  const rootRefProtocol = getRootRefProtocol(descriptor, protocolDef);
+
+  return {
+    descriptor,
+    recordId                         : (message as any).recordId as string | undefined,
+    protocol                         : descriptor.protocol as string | undefined,
+    parentId                         : descriptor.parentId as string | undefined,
+    contextId                        : (message as any).contextId as string | undefined,
+    rootRefProtocol,
+    parentResolvedByCrossProtocolRef : rootRefProtocol !== undefined && isDirectChildOfRootRef(descriptor),
+  };
+}
+
+function createParentRecordDependency(context: AncestryContext): ClosureDependencyEdge | undefined {
+  if (!context.parentId || context.parentResolvedByCrossProtocolRef) { return undefined; }
+
+  return {
+    dependencyClass : 2,
+    label           : 'parentRecord',
+    identifier      : context.parentId,
+    identifierType  : 'recordId',
+    ...expectedProtocol(context.protocol),
+  };
+}
+
+function createContextRootDependency(context: AncestryContext): ClosureDependencyEdge | undefined {
+  const contextRootId = getContextRootId(context);
+  if (!contextRootId || contextRootIsCrossProtocolParent(context, contextRootId)) {
+    return undefined;
   }
 
-  // contextId dependency — if the record has a contextId that differs from
-  // its own recordId, the context root record must be present. The contextId
-  // is a hierarchical path of recordIds (e.g., "rootId/childId/grandchildId").
-  // The context root is the first segment.
-  const contextId = (message as any).contextId as string | undefined;
-  if (contextId && recordId && contextId !== recordId) {
-    const contextRootId = contextId.split('/')[0];
-    edges.push({
-      dependencyClass : 2,
-      label           : 'contextRoot',
-      identifier      : contextRootId,
-      identifierType  : 'recordId',
-    });
+  return {
+    dependencyClass : 2,
+    label           : 'contextRoot',
+    identifier      : contextRootId,
+    identifierType  : 'recordId',
+    ...expectedProtocol(context.rootRefProtocol ?? context.protocol),
+  };
+}
+
+function getContextRootId(context: AncestryContext): string | undefined {
+  if (!context.contextId || !context.recordId || context.contextId === context.recordId) {
+    return undefined;
   }
 
-  // initialWrite dependency — non-initial writes need their initialWrite.
-  // An initial write has entryId === recordId, but we can't compute entryId here
-  // without the full CID computation. Instead, check dateCreated vs messageTimestamp
-  // as a heuristic, then the resolver will verify via the message store.
-  if (recordId && desc.method === 'Write') {
-    const dateCreated = desc.dateCreated as string | undefined;
-    const messageTimestamp = desc.messageTimestamp as string | undefined;
-    if (dateCreated && messageTimestamp && dateCreated !== messageTimestamp) {
-      // Non-initial write — needs the initialWrite.
-      edges.push({
-        dependencyClass : 2,
-        label           : 'initialWrite',
-        identifier      : recordId,
-        identifierType  : 'recordId',
-      });
-    }
+  return context.contextId.split('/')[0];
+}
+
+function contextRootIsCrossProtocolParent(context: AncestryContext, contextRootId: string): boolean {
+  return context.parentResolvedByCrossProtocolRef && contextRootId === context.parentId;
+}
+
+function createInitialWriteDependency(context: AncestryContext): ClosureDependencyEdge | undefined {
+  if (!context.recordId) { return undefined; }
+
+  if (isNonInitialWrite(context.descriptor)) {
+    return {
+      dependencyClass : 2,
+      label           : 'initialWrite',
+      identifier      : context.recordId,
+      identifierType  : 'recordId',
+      ...expectedProtocol(context.protocol),
+    };
   }
 
-  // RecordsDelete also needs the initialWrite for authorization and index construction.
-  if (recordId && desc.method === 'Delete') {
-    edges.push({
+  if (context.descriptor.method === 'Delete') {
+    return {
       dependencyClass : 2,
       label           : 'initialWrite',
-      identifier      : recordId,
+      identifier      : context.recordId,
       identifierType  : 'recordId',
-    });
+    };
   }
 
-  return edges;
+  return undefined;
+}
+
+function isNonInitialWrite(descriptor: Record<string, unknown>): boolean {
+  if (descriptor.method !== 'Write') { return false; }
+
+  const dateCreated = descriptor.dateCreated as string | undefined;
+  const messageTimestamp = descriptor.messageTimestamp as string | undefined;
+  return dateCreated !== undefined &&
+    messageTimestamp !== undefined &&
+    dateCreated !== messageTimestamp;
+}
+
+function isDirectChildOfRootRef(descriptor: Record<string, unknown>): boolean {
+  const protocolPath = descriptor.protocolPath as string | undefined;
+  return protocolPath?.split('/').length === 2;
+}
+
+function getRootRefProtocol(
+  descriptor: Record<string, unknown>,
+  protocolDef: ProtocolDefinition | undefined,
+): string | undefined {
+  const protocolPath = descriptor.protocolPath as string | undefined;
+  if (!protocolPath) { return undefined; }
+
+  const pathSegments = protocolPath.split('/');
+  const rootRuleSet = protocolDef?.structure?.[pathSegments[0]];
+  if (typeof rootRuleSet?.$ref !== 'string') { return undefined; }
+
+  const colonIdx = rootRuleSet.$ref.indexOf(':');
+  if (colonIdx <= 0) { return undefined; }
+
+  const alias = rootRuleSet.$ref.substring(0, colonIdx);
+  const referencedProtocol = protocolDef?.uses?.[alias];
+  return typeof referencedProtocol === 'string' ? referencedProtocol : undefined;
 }
 
 /**
  * Class 3: Authorization closure.
- * If the message uses a permissionGrantId, the grant record must be present.
+ * If the message invokes permission grant IDs, each grant record must be present.
  */
 function extractAuthorizationDeps(message: GenericMessage): ClosureDependencyEdge[] {
   const edges: ClosureDependencyEdge[] = [];
-  const auth = (message as any).authorization;
-  if (!auth) { return []; }
-
-  // The signature payload is at authorization.signature.payload (GeneralJws).
-  // This is the base64url-encoded JSON containing permissionGrantId, protocolRole, etc.
-  const payload = auth.signature?.payload;
-  if (payload) {
-    try {
-      // Payload is base64url-encoded JSON.
-      const decoded = JSON.parse(
-        Buffer.from(payload, 'base64url').toString('utf-8')
-      );
-      if (decoded.permissionGrantId) {
-        edges.push({
-          dependencyClass : 3,
-          label           : 'permissionGrant',
-          identifier      : decoded.permissionGrantId,
-          identifierType  : 'grantId',
-        });
-        // Also require the grant's revocation state to be resolvable.
-        // The revocation is a child record at protocolPath 'grant/revocation'
-        // with parentId === grantId. We add it as a separate edge so the
-        // resolver can check for its presence (or confirmed absence).
-        edges.push({
-          dependencyClass : 3,
-          label           : 'grantRevocation',
-          identifier      : decoded.permissionGrantId,
-          identifierType  : 'grantId',
-        });
-      }
-    } catch {
-      // If we can't decode, skip — authorization will fail at apply time.
-    }
+  for (const permissionGrantId of getInvokedPermissionGrantIds(message)) {
+    edges.push({
+      dependencyClass : 3,
+      label           : 'permissionGrant',
+      identifier      : permissionGrantId,
+      identifierType  : 'grantId',
+    });
+    // Also require the grant's revocation state to be resolvable.
+    // The revocation is a child record at protocolPath 'grant/revocation'
+    // with parentId === grantId. We add it as a separate edge so the
+    // resolver can check for its presence (or confirmed absence).
+    edges.push({
+      dependencyClass : 3,
+      label           : 'grantRevocation',
+      identifier      : permissionGrantId,
+      identifierType  : 'grantId',
+    });
   }
 
   return edges;
@@ -170,24 +234,30 @@ function extractAuthorizationDeps(message: GenericMessage): ClosureDependencyEdg
  * (not in public API, reimplemented here to avoid internal path coupling).
  */
 function getRuleSetAtProtocolPath(
-  structure: Record<string, any> | undefined,
+  structure: ProtocolDefinition['structure'] | undefined,
   protocolPath: string,
-): any | undefined {
+): ProtocolRuleSet | undefined {
   if (!structure || !protocolPath) { return undefined; }
 
   const segments = protocolPath.split('/');
-  let currentLevel: Record<string, any> = structure;
-  let current: any;
+  let currentLevel: Record<string, unknown> = structure;
+  let current: ProtocolRuleSet | undefined;
 
   for (const segment of segments) {
     if (!Object.hasOwn(currentLevel, segment)) { return undefined; }
-    current = currentLevel[segment];
+    const next = currentLevel[segment];
+    if (!isProtocolRuleSet(next)) { return undefined; }
+    current = next;
     currentLevel = current;
   }
 
   return current;
 }
 
+function isProtocolRuleSet(value: unknown): value is ProtocolRuleSet {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+
 /**
  * Extract protocol-definition-aware dependencies for classes 4, 5, and 6.
  * Called during BFS traversal after the ProtocolDefinition has been fetched
@@ -199,7 +269,7 @@ function getRuleSetAtProtocolPath(
  */
 function extractProtocolAwareDeps(
   message: GenericMessage,
-  protocolDef: any,
+  protocolDef: ProtocolDefinition,
   isDelegateSession?: boolean,
 ): ClosureDependencyEdge[] {
   const desc = message.descriptor as Record<string, unknown>;
@@ -342,10 +412,11 @@ function extractProtocolAwareDeps(
         const parentId = desc.parentId as string | undefined;
         if (pathSegments.length === 2 && parentId) {
           edges.push({
-            dependencyClass : 6,
-            label           : 'crossProtocolParent',
-            identifier      : `${referencedProtocol}|${parentId}`,
-            identifierType  : 'recordId',
+            dependencyClass  : 6,
+            label            : 'crossProtocolParent',
+            identifier       : `${referencedProtocol}|${parentId}`,
+            identifierType   : 'recordId',
+            expectedProtocol : referencedProtocol,
           });
         }
       }
@@ -421,11 +492,12 @@ function extractProtocolAwareDeps(
               const contextPrefix = roleFilter.contextId
                 ? JSON.stringify(roleFilter.contextId) : 'no-context';
               edges.push({
-                dependencyClass : 6,
-                label           : 'crossProtocolRoleRecord',
-                identifier      : `${roleProtocol}|${roleProtocolPath}|${messageAuthor}|${contextPrefix}`,
-                identifierType  : 'filter',
-                filter          : roleFilter,
+                dependencyClass  : 6,
+                label            : 'crossProtocolRoleRecord',
+                identifier       : `${roleProtocol}|${roleProtocolPath}|${messageAuthor}|${contextPrefix}`,
+                identifierType   : 'filter',
+                expectedProtocol : roleProtocol,
+                filter           : roleFilter,
               });
             }
           }
@@ -498,38 +570,41 @@ export async function evaluateClosure(
     for (let i = 0; i < batchSize; i++) {
       const current = queue.shift()!;
 
-      // Phase 1: Extract and resolve static dependency edges (classes 1-3).
-      // This populates the protocolCache when class 1 (ProtocolsConfigure)
-      // is resolved, which is needed by classes 4-6.
-      const staticEdges = [
-        ...extractProtocolDeps(current),
-        ...extractAncestryDeps(current),
-        ...extractAuthorizationDeps(current),
-      ];
-
-      const resolveResult = await resolveEdges(
-        staticEdges, allEdges, messageStore, context, visited, queue, rootCid, currentDepth
+      // Resolve protocol metadata first. This populates the protocol
+      // cache when a ProtocolsConfigure dependency is resolved, which is
+      // needed to distinguish normal parent records from $ref parents.
+      const protocolResult = await resolveEdges(
+        extractProtocolDeps(current), allEdges, messageStore, scope, context, visited, queue, rootCid, currentDepth
       );
-      if (resolveResult) { return resolveResult; } // Early failure.
+      if (protocolResult) { return protocolResult; } // Early failure.
 
-      // Phase 2: Extract protocol-definition-aware edges (classes 4-6).
-      // Runs AFTER static resolution so the ProtocolDefinition is in the cache.
       const currentDesc = current.descriptor as Record<string, unknown>;
       const currentProtocol = currentDesc.protocol as string | undefined;
-      if (currentProtocol) {
-        const cachedProtocolMsg = context.protocolCache.get(currentProtocol);
-        const protocolDef = cachedProtocolMsg?.descriptor?.definition;
-        if (protocolDef) {
-          const protoAwareEdges = extractProtocolAwareDeps(current, protocolDef, context.isDelegateSession);
-          const protoResult = await resolveEdges(
-            protoAwareEdges, allEdges, messageStore, context, visited, queue, rootCid, currentDepth
-          );
-          if (protoResult) { return protoResult; }
-        }
+      const cachedProtocolMsg = currentProtocol ? context.protocolCache.get(currentProtocol) : undefined;
+      const protocolDef = cachedProtocolMsg?.descriptor?.definition as ProtocolDefinition | undefined;
+
+      const structuralEdges = [
+        ...extractAncestryDeps(current, protocolDef),
+        ...extractAuthorizationDeps(current),
+      ];
+
+      const structuralResult = await resolveEdges(
+        structuralEdges, allEdges, messageStore, scope, context, visited, queue, rootCid, currentDepth
+      );
+      if (structuralResult) { return structuralResult; } // Early failure.
+
+      // Resolve protocol-definition-aware edges after static dependencies so
+      // the ProtocolDefinition is in the cache.
+      if (protocolDef) {
+        const protoAwareEdges = extractProtocolAwareDeps(current, protocolDef, context.isDelegateSession);
+        const protoResult = await resolveEdges(
+          protoAwareEdges, allEdges, messageStore, scope, context, visited, queue, rootCid, currentDepth
+        );
+        if (protoResult) { return protoResult; }
       }
 
-      // Phase 3: Validate grant temporal ordering (causal grant check).
-      // After all edges are resolved, if this message uses a grant, verify
+      // Validate grant temporal ordering after all dependency edges resolve.
+      // If this message uses a grant, verify
       // that the grant is temporally valid at the message's commit point:
       //   - grant.dateGranted <= message.messageTimestamp < grant.dateExpires
       //   - no revocation exists with revocation.messageTimestamp <= message.messageTimestamp
@@ -684,6 +759,7 @@ async function resolveEdges(
   edges: ClosureDependencyEdge[],
   allEdges: ClosureDependencyEdge[],
   messageStore: MessageStore,
+  scope: SyncScope,
   context: ClosureEvaluationContext,
   visited: Set<string>,
   queue: GenericMessage[],
@@ -696,7 +772,7 @@ async function resolveEdges(
     // Include label in dep key to distinguish edges with the same identifier
     // but different semantics (e.g., permissionGrant vs grantRevocation both
     // use identifierType:'grantId' with the same grantId).
-    const depKey = `${edge.label}:${edge.identifierType}:${edge.identifier}`;
+    const depKey = dependencyCacheKey(edge, scope);
     if (context.satisfiedDeps.has(depKey)) { continue; }
     if (context.missingDeps.has(depKey)) {
       return {
@@ -728,6 +804,20 @@ async function resolveEdges(
       };
     }
 
+    if (!isResolvedDependencyAllowed(edge, resolved, scope)) {
+      return {
+        complete       : false,
+        rootMessageCid : rootCid,
+        edges          : allEdges,
+        failure        : {
+          code   : ClosureFailureCode.DependencyForbidden,
+          edge,
+          detail : `dependency '${edge.label}' (${edge.identifier}) is outside the current sync scope`,
+        },
+        depth: currentDepth,
+      };
+    }
+
     context.satisfiedDeps.add(depKey);
 
     // Add resolved record to the BFS queue for transitive dependency evaluation,
@@ -750,6 +840,96 @@ async function resolveEdges(
   return null; // All edges resolved successfully.
 }
 
+function dependencyCacheKey(edge: ClosureDependencyEdge, scope: SyncScope): string {
+  const expectedProtocolSegment = edge.expectedProtocol === undefined
+    ? ''
+    : `expectedProtocol:${edge.expectedProtocol}:`;
+  return `${scopeCacheKey(scope)}:${expectedProtocolSegment}${edge.label}:${edge.identifierType}:${edge.identifier}`;
+}
+
+function scopeCacheKey(scope: SyncScope): string {
+  if (scope.kind === 'full') {
+    return 'full';
+  }
+
+  if (scope.kind === 'protocolSet') {
+    return `protocolSet:${scope.protocols.join('\u001f')}`;
+  }
+
+  return `recordsProjection:${scope.scopes.map(scopeEntry => JSON.stringify(scopeEntry)).join('\u001f')}`;
+}
+
+function isResolvedDependencyAllowed(
+  edge: ClosureDependencyEdge,
+  resolved: GenericMessage,
+  scope: SyncScope,
+): boolean {
+  if (isSyntheticDependency(resolved)) {
+    return true;
+  }
+
+  // Protocol metadata is re-derived from an accepted primary and is safe to
+  // use as closure metadata even when it is not itself a primary in the scope.
+  if (edge.identifierType === 'protocol') {
+    return true;
+  }
+
+  if (edge.expectedProtocol !== undefined) {
+    return getMessageProtocol(resolved) === edge.expectedProtocol;
+  }
+
+  if (edge.label === 'contextKeyRecord') {
+    return isContextKeyDependencyAllowed(edge, resolved, scope);
+  }
+
+  return classifySyncMessageScope({ message: resolved, scope }) === 'in-scope';
+}
+
+function isSyntheticDependency(message: GenericMessage): boolean {
+  return (message.descriptor as Record<string, unknown>).interface === 'Synthetic';
+}
+
+function getMessageProtocol(message: GenericMessage): string | undefined {
+  const descriptor = message.descriptor as Record<string, unknown>;
+  return typeof descriptor.protocol === 'string' ? descriptor.protocol : undefined;
+}
+
+function isContextKeyDependencyAllowed(
+  edge: ClosureDependencyEdge,
+  message: GenericMessage,
+  scope: SyncScope,
+): boolean {
+  if (scope.kind === 'full') { return true; }
+
+  const separatorIdx = edge.identifier.indexOf('|');
+  if (separatorIdx <= 0) { return false; }
+
+  const sourceProtocol = edge.identifier.substring(0, separatorIdx);
+  const rootContextId = edge.identifier.substring(separatorIdx + 1);
+  const descriptor = message.descriptor as Record<string, unknown>;
+  const tags = descriptor.tags as Record<string, unknown> | undefined;
+
+  const isContextKeyRecord = descriptor.interface === 'Records' &&
+    descriptor.method === 'Write' &&
+    descriptor.protocol === 'https://identity.foundation/protocols/key-delivery' &&
+    descriptor.protocolPath === 'contextKey' &&
+    tags?.protocol === sourceProtocol &&
+    tags?.contextId === rootContextId;
+  if (!isContextKeyRecord) {
+    return false;
+  }
+
+  if (scope.kind === 'recordsProjection') {
+    return scope.scopes.some(scopeEntry => PermissionScopeMatcher.matches(scopeEntry, {
+      protocol  : sourceProtocol,
+      contextId : rootContextId,
+    }));
+  }
+
+  const coveredProtocols = protocolsForSyncScope(scope);
+  return coveredProtocols?.includes(sourceProtocol) === true;
+}
+
 /**
  * Resolve a dependency edge by querying the local MessageStore.
  * Returns the resolved message or null if not found.

package/src/sync-closure-types.ts

@@ -17,7 +17,7 @@ export enum ClosureFailureCode {
   ParentChainMissing = 'ClosureParentChainMissing',
   /** Class 2: A context ancestor record is missing. */
   ContextChainMissing = 'ClosureContextChainMissing',
-  /** Class 3: A permission grant referenced by permissionGrantId is missing. */
+  /** Class 3: A permission grant referenced by a grant invocation is missing. */
   GrantMissing = 'ClosureGrantMissing',
   /** Class 3: The grant exists but is not yet active at the message's timestamp. */
   GrantNotYetActive = 'ClosureGrantNotYetActive',
@@ -37,6 +37,18 @@ export enum ClosureFailureCode {
   DepthExceeded = 'ClosureDepthExceeded',
 }
 
+const TERMINAL_CLOSURE_FAILURE_CODES = new Set<string>([
+  ClosureFailureCode.DependencyForbidden,
+  ClosureFailureCode.GrantExpired,
+  ClosureFailureCode.GrantNotYetActive,
+  ClosureFailureCode.GrantRevocationMissing,
+]);
+
+/** Returns true when repair cannot make the closure failure complete. */
+export function isTerminalClosureFailureCode(failureCode: string): boolean {
+  return TERMINAL_CLOSURE_FAILURE_CODES.has(failureCode);
+}
+
 // ---------------------------------------------------------------------------
 // Closure dependency edge
 // ---------------------------------------------------------------------------
@@ -57,6 +69,13 @@ export type ClosureDependencyEdge = {
   identifier: string;
   /** The type of identifier — determines the fetch strategy. */
   identifierType: 'messageCid' | 'recordId' | 'protocol' | 'grantId' | 'filter';
+  /**
+   * Protocol the resolved dependency must belong to when the dependency is
+   * expected to resolve outside the current primary sync scope. This is used
+   * for protocol-derived support records such as cross-protocol `$ref` parents
+   * and role records.
+   */
+  expectedProtocol?: string;
   /**
    * When `identifierType` is `'filter'`, this carries the full query filter
    * as a structured object. Used for dependencies that require multi-field
@@ -111,8 +130,10 @@ export type ClosureEvaluationContext = {
   grantCache: Map<string, GenericMessage | null>;
   /**
    * Set of dependency identifiers already known to be locally present.
-   * Keyed by `${identifierType}:${identifier}` to prevent cross-namespace
-   * collisions (e.g., a recordId and a grantId with the same string value).
+   * Keys include the sync scope, expected dependency protocol when one is
+   * known, and `${label}:${identifierType}:${identifier}` so dependencies
+   * proven under one scoped link cannot satisfy another link's closure check
+   * without being revalidated for that scope and dependency policy.
    */
   satisfiedDeps: Set<string>;
   /**
@@ -196,8 +217,8 @@ export function invalidateClosureCache(
     if (protocolPath === 'grant' && recordId) {
       // Grant write → invalidate the grant cache and dep keys.
       context.grantCache.delete(recordId);
-      context.satisfiedDeps.delete(`permissionGrant:grantId:${recordId}`);
-      context.missingDeps.delete(`permissionGrant:grantId:${recordId}`);
+      deleteDependencyCacheEntries(context.satisfiedDeps, `permissionGrant:grantId:${recordId}`);
+      deleteDependencyCacheEntries(context.missingDeps, `permissionGrant:grantId:${recordId}`);
     }
 
     if (protocolPath === 'grant/revocation') {
@@ -205,11 +226,11 @@ export function invalidateClosureCache(
       const parentId = desc.parentId as string | undefined;
       if (parentId) {
         context.grantCache.delete(`revocation:${parentId}`);
-        context.satisfiedDeps.delete(`grantRevocation:grantId:${parentId}`);
-        context.missingDeps.delete(`grantRevocation:grantId:${parentId}`);
+        deleteDependencyCacheEntries(context.satisfiedDeps, `grantRevocation:grantId:${parentId}`);
+        deleteDependencyCacheEntries(context.missingDeps, `grantRevocation:grantId:${parentId}`);
         // Also invalidate the grant itself since its revocation state changed.
-        context.satisfiedDeps.delete(`permissionGrant:grantId:${parentId}`);
-        context.missingDeps.delete(`permissionGrant:grantId:${parentId}`);
+        deleteDependencyCacheEntries(context.satisfiedDeps, `permissionGrant:grantId:${parentId}`);
+        deleteDependencyCacheEntries(context.missingDeps, `permissionGrant:grantId:${parentId}`);
       }
     }
   }
@@ -291,3 +312,11 @@ export function invalidateClosureCache(
     }
   }
 }
+
+function deleteDependencyCacheEntries(cache: Set<string>, dependencyKeySuffix: string): void {
+  for (const key of cache) {
+    if (key.endsWith(dependencyKeySuffix)) {
+      cache.delete(key);
+    }
+  }
+}