npm - @haaaiawd/second-nature - Versions diffs - 0.1.51 → 0.2.0 - Mend

@haaaiawd/second-nature 0.1.51 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/runtime/core/second-nature/action/autonomy-policy-evaluator.js ADDED Viewed

@@ -0,0 +1,213 @@
+/**
+ * AutonomyPolicyEvaluator — Evaluate ActionProposal against platform policy,
+ * affordance posture, and risk flags.
+ *
+ * Core logic: Table-driven allow/defer/downgrade/deny decisions based on
+ * side-effect class, source refs, risk posture, and breaker status.
+ *
+ * Design authority:
+ * - `.anws/v8/04_SYSTEM_DESIGN/action-closure-policy-system.detail.md §3.2, §4.1`
+ * - `.anws/v8/04_SYSTEM_DESIGN/action-closure-policy-system.md §4.2`
+ *
+ * Dependencies:
+ * - `src/shared/types/v8-contracts.js` (PlatformNeutralActionKind,
+ *   SourceRef, DegradedOperationResult, V8ReasonCode, ACTION_KIND_REGISTRY)
+ *
+ * Boundary:
+ * - Does not execute actions; only evaluates policy.
+ * - Does not read external platform state; relies on affordance input.
+ * - Pure function for testability; DB write is caller responsibility.
+ *
+ * Test coverage: tests/unit/action/autonomy-policy-evaluator.test.ts
+ */
+import { ACTION_KIND_REGISTRY } from "../../../shared/types/v8-contracts.js";
+// ───────────────────────────────────────────────────────────────
+// Config
+// ───────────────────────────────────────────────────────────────
+const AUTO_WRITE_MIN_RISK = "low";
+// ───────────────────────────────────────────────────────────────
+// Helpers
+// ───────────────────────────────────────────────────────────────
+function isWriteSideEffect(sideEffectClass) {
+    return sideEffectClass === "external_write" || sideEffectClass === "capability_declared";
+}
+function isOwnerAttentionAction(actionKind) {
+    return ["notify_owner", "draft_reply", "draft_publish"].includes(actionKind);
+}
+function canAutoRun(actionKind, riskPosture) {
+    const meta = ACTION_KIND_REGISTRY[actionKind];
+    if (!meta)
+        return false;
+    if (meta.sideEffectClass === "external_write" && riskPosture !== "low")
+        return false;
+    if (meta.sideEffectClass === "external_write" && riskPosture === "low")
+        return true;
+    if (meta.sideEffectClass === "capability_declared")
+        return riskPosture === "low";
+    if (meta.sideEffectClass === "owner_attention")
+        return riskPosture === "low" || riskPosture === "medium";
+    return meta.requiresPolicyDecision === false || meta.sideEffectClass === "none" || meta.sideEffectClass === "local_state";
+}
+function downgradeTarget(actionKind) {
+    const meta = ACTION_KIND_REGISTRY[actionKind];
+    if (!meta || meta.allowedDowngrades.length === 0)
+        return undefined;
+    return meta.allowedDowngrades[0];
+}
+// ───────────────────────────────────────────────────────────────
+// Public API
+// ───────────────────────────────────────────────────────────────
+export function evaluateActionPolicy(proposal, context, options) {
+    const now = options?.now ?? new Date().toISOString();
+    const proposalId = proposal.id;
+    const decisionId = `dec_${proposalId}_${now.replace(/[:.]/g, "")}`;
+    const proofRefs = proposal.sourceRefs.length > 0
+        ? proposal.sourceRefs
+        : [
+            {
+                uri: `sn://policy/${proposalId}`,
+                family: "action_closure",
+                id: proposalId,
+                redactionClass: "none",
+                resolveStatus: "resolvable",
+            },
+        ];
+    // 1. Missing source refs for owner/write actions → deny
+    if (proposal.sourceRefs.length === 0 &&
+        (isWriteSideEffect(proposal.sideEffectClass) || isOwnerAttentionAction(proposal.actionKind))) {
+        return {
+            id: decisionId,
+            proposalId,
+            decision: "deny",
+            decisionReason: "policy_denied_missing_permission",
+            autonomyLevel: "none",
+            proofRefs,
+            decidedAt: now,
+        };
+    }
+    // 2. Risk blocked or high → deny or defer
+    if (proposal.riskPosture === "blocked") {
+        return {
+            id: decisionId,
+            proposalId,
+            decision: "deny",
+            decisionReason: "policy_denied_high_risk",
+            autonomyLevel: "none",
+            proofRefs,
+            decidedAt: now,
+        };
+    }
+    if (proposal.riskPosture === "high") {
+        return {
+            id: decisionId,
+            proposalId,
+            decision: "defer",
+            decisionReason: "policy_deferred_owner_confirmation",
+            autonomyLevel: "owner_confirm",
+            proofRefs,
+            decidedAt: now,
+        };
+    }
+    // 3. Circuit breaker open → deny
+    if (context.breakerStatus === "open") {
+        return {
+            id: decisionId,
+            proposalId,
+            decision: "deny",
+            decisionReason: "policy_denied_breaker_open",
+            autonomyLevel: "none",
+            proofRefs,
+            decidedAt: now,
+        };
+    }
+    // 4. Write-side action + no platform permission → downgrade or deny
+    if (isWriteSideEffect(proposal.sideEffectClass) &&
+        context.platformPermissionDeclared === false) {
+        const target = downgradeTarget(proposal.actionKind);
+        if (target) {
+            return {
+                id: decisionId,
+                proposalId,
+                decision: "downgrade",
+                decisionReason: "policy_downgraded_to_draft",
+                autonomyLevel: "draft_only",
+                downgradedActionKind: target,
+                proofRefs,
+                decidedAt: now,
+            };
+        }
+        return {
+            id: decisionId,
+            proposalId,
+            decision: "deny",
+            decisionReason: "policy_denied_missing_permission",
+            autonomyLevel: "none",
+            proofRefs,
+            decidedAt: now,
+        };
+    }
+    // 5. Owner preference blocks auto → downgrade
+    if (context.ownerPreferenceAllowAuto === false &&
+        isWriteSideEffect(proposal.sideEffectClass)) {
+        const target = downgradeTarget(proposal.actionKind);
+        if (target) {
+            return {
+                id: decisionId,
+                proposalId,
+                decision: "downgrade",
+                decisionReason: "policy_downgraded_to_draft",
+                autonomyLevel: "draft_only",
+                downgradedActionKind: target,
+                proofRefs,
+                decidedAt: now,
+            };
+        }
+        return {
+            id: decisionId,
+            proposalId,
+            decision: "deny",
+            decisionReason: "policy_denied_missing_permission",
+            autonomyLevel: "none",
+            proofRefs,
+            decidedAt: now,
+        };
+    }
+    // 6. Low risk + permission + healthy affordance → allow
+    if (proposal.riskPosture === AUTO_WRITE_MIN_RISK ||
+        proposal.riskPosture === "medium") {
+        if (canAutoRun(proposal.actionKind, proposal.riskPosture)) {
+            return {
+                id: decisionId,
+                proposalId,
+                decision: "allow",
+                decisionReason: "policy_allowed",
+                autonomyLevel: "auto_allowed",
+                proofRefs,
+                decidedAt: now,
+            };
+        }
+    }
+    // Default: downgrade to draft or deny
+    const target = downgradeTarget(proposal.actionKind);
+    if (target) {
+        return {
+            id: decisionId,
+            proposalId,
+            decision: "downgrade",
+            decisionReason: "policy_downgraded_to_draft",
+            autonomyLevel: "draft_only",
+            downgradedActionKind: target,
+            proofRefs,
+            decidedAt: now,
+        };
+    }
+    return {
+        id: decisionId,
+        proposalId,
+        decision: "deny",
+        decisionReason: "policy_denied_missing_permission",
+        autonomyLevel: "none",
+        proofRefs,
+        decidedAt: now,
+    };
+}

package/runtime/core/second-nature/action/policy-bound-dispatch.d.ts ADDED Viewed

@@ -0,0 +1,69 @@
+/**
+ * PolicyBoundDispatch — Dispatch allowed actions and record closure-safe
+ * downgraded results.
+ *
+ * Core logic: Read ActionPolicyDecision, route to connector or guidance
+ * based on decision, and return dispatch result for closure recording.
+ *
+ * Design authority:
+ * - `.anws/v8/04_SYSTEM_DESIGN/action-closure-policy-system.detail.md §3.3`
+ * - `.anws/v8/04_SYSTEM_DESIGN/action-closure-policy-system.md §4.2`
+ *
+ * Dependencies:
+ * - `src/core/second-nature/action/autonomy-policy-evaluator.js` (ActionPolicyDecision)
+ * - `src/core/second-nature/action/action-proposal-builder.js` (ActionProposal)
+ *
+ * Boundary:
+ * - Does not execute connector directly; returns dispatch envelope.
+ * - Does not generate guidance text; returns guidance request envelope.
+ * - Degrades gracefully on unavailable guidance.
+ *
+ * Test coverage: tests/unit/action/policy-bound-dispatch.test.ts
+ */
+import type { DegradedOperationResult, PlatformNeutralActionKind, V8ReasonCode } from "../../../shared/types/v8-contracts.js";
+import type { ActionProposal } from "./action-proposal-builder.js";
+import type { ActionPolicyDecision } from "./autonomy-policy-evaluator.js";
+export interface ConnectorDispatchRequest {
+    type: "connector";
+    platformId: string;
+    capabilityId: string;
+    idempotencyKey: string;
+    policyProof: {
+        decisionId: string;
+        decision: string;
+    };
+    sourceRefs: string;
+}
+export interface GuidanceDispatchRequest {
+    type: "guidance";
+    actionKind: PlatformNeutralActionKind;
+    draftType: "reply" | "publish" | "notify";
+    policyProof: {
+        decisionId: string;
+        decision: string;
+    };
+    sourceRefs: string;
+}
+export interface NoDispatchResult {
+    type: "none";
+    reason: V8ReasonCode;
+}
+export interface GuidanceUnavailableResult {
+    type: "guidance_unavailable";
+    downgradedActionKind: PlatformNeutralActionKind;
+    reason: "guidance_unavailable";
+}
+export type DispatchResult = {
+    type: "connector";
+    request: ConnectorDispatchRequest;
+} | {
+    type: "guidance";
+    request: GuidanceDispatchRequest;
+} | NoDispatchResult | GuidanceUnavailableResult | {
+    type: "degraded";
+    degraded: DegradedOperationResult;
+};
+export interface DispatchAllowedActionOptions {
+    guidanceAvailable?: boolean;
+}
+export declare function dispatchAllowedAction(proposal: ActionProposal, decision: ActionPolicyDecision, options?: DispatchAllowedActionOptions): DispatchResult;

package/runtime/core/second-nature/action/policy-bound-dispatch.js ADDED Viewed

@@ -0,0 +1,112 @@
+/**
+ * PolicyBoundDispatch — Dispatch allowed actions and record closure-safe
+ * downgraded results.
+ *
+ * Core logic: Read ActionPolicyDecision, route to connector or guidance
+ * based on decision, and return dispatch result for closure recording.
+ *
+ * Design authority:
+ * - `.anws/v8/04_SYSTEM_DESIGN/action-closure-policy-system.detail.md §3.3`
+ * - `.anws/v8/04_SYSTEM_DESIGN/action-closure-policy-system.md §4.2`
+ *
+ * Dependencies:
+ * - `src/core/second-nature/action/autonomy-policy-evaluator.js` (ActionPolicyDecision)
+ * - `src/core/second-nature/action/action-proposal-builder.js` (ActionProposal)
+ *
+ * Boundary:
+ * - Does not execute connector directly; returns dispatch envelope.
+ * - Does not generate guidance text; returns guidance request envelope.
+ * - Degrades gracefully on unavailable guidance.
+ *
+ * Test coverage: tests/unit/action/policy-bound-dispatch.test.ts
+ */
+// ───────────────────────────────────────────────────────────────
+// Helpers
+// ───────────────────────────────────────────────────────────────
+function inferGuidanceDraftType(actionKind) {
+    if (actionKind === "draft_reply" || actionKind === "auto_reply")
+        return "reply";
+    if (actionKind === "draft_publish" || actionKind === "auto_publish")
+        return "publish";
+    return "notify";
+}
+// ───────────────────────────────────────────────────────────────
+// Public API
+// ───────────────────────────────────────────────────────────────
+export function dispatchAllowedAction(proposal, decision, options) {
+    // deny / defer → no dispatch
+    if (decision.decision === "deny") {
+        return { type: "none", reason: decision.decisionReason };
+    }
+    if (decision.decision === "defer") {
+        return { type: "none", reason: decision.decisionReason };
+    }
+    // downgrade → guidance only (no external write)
+    if (decision.decision === "downgrade") {
+        const target = decision.downgradedActionKind ?? proposal.actionKind;
+        const draftType = inferGuidanceDraftType(target);
+        // If guidance is unavailable, return closure-safe downgrade result
+        if (options?.guidanceAvailable === false) {
+            return {
+                type: "guidance_unavailable",
+                downgradedActionKind: target,
+                reason: "guidance_unavailable",
+            };
+        }
+        return {
+            type: "guidance",
+            request: {
+                type: "guidance",
+                actionKind: target,
+                draftType,
+                policyProof: { decisionId: decision.id, decision: decision.decision },
+                sourceRefs: JSON.stringify(decision.proofRefs),
+            },
+        };
+    }
+    // allow → route by action kind
+    if (decision.decision === "allow") {
+        if (proposal.actionKind === "run_connector") {
+            return {
+                type: "connector",
+                request: {
+                    type: "connector",
+                    platformId: proposal.targetPlatformId ?? "connector",
+                    capabilityId: proposal.targetCapabilityId ?? "run_connector",
+                    idempotencyKey: proposal.idempotencyKey,
+                    policyProof: { decisionId: decision.id, decision: decision.decision },
+                    sourceRefs: JSON.stringify(proposal.sourceRefs),
+                },
+            };
+        }
+        if (proposal.actionKind === "auto_reply" ||
+            proposal.actionKind === "auto_publish" ||
+            proposal.actionKind === "draft_reply" ||
+            proposal.actionKind === "draft_publish") {
+            const draftType = inferGuidanceDraftType(proposal.actionKind);
+            return {
+                type: "guidance",
+                request: {
+                    type: "guidance",
+                    actionKind: proposal.actionKind,
+                    draftType,
+                    policyProof: { decisionId: decision.id, decision: decision.decision },
+                    sourceRefs: JSON.stringify(proposal.sourceRefs),
+                },
+            };
+        }
+        // notify_owner / remember / watch / ignore — no external dispatch needed
+        return { type: "none", reason: decision.decisionReason };
+    }
+    return {
+        type: "degraded",
+        degraded: {
+            status: "degraded",
+            reason: "closure_failed",
+            ownerStage: "execution",
+            sourceRefs: decision.proofRefs,
+            operatorNextAction: "Unexpected policy decision shape",
+            retryable: false,
+        },
+    };
+}

package/runtime/core/second-nature/body/tool-affordance/affordance-side-effect.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * AffordanceSideEffect — v8 capability side-effect classifier.
+ *
+ * Core logic: Derive effective side-effect class for `run_connector` actions
+ * from connector capability metadata. Action policy uses this to decide
+ * allow/defer/downgrade/deny without knowing platform internals.
+ *
+ * Classification rules:
+ * - `feed.read`, `work.discover`, `notification.list` → external_read
+ * - `post.publish`, `comment.reply`, `message.send`, `task.claim` → external_write
+ * - `agent.register`, `agent.heartbeat` → local_state
+ * - Unknown / unlisted capability → unknown (policy must deny or downgrade)
+ *
+ * Design authority:
+ * - `.anws/v8/04_SYSTEM_DESIGN/body-tool-system.md`
+ * - `.anws/v8/04_SYSTEM_DESIGN/shared-v8-contracts.md §1.2`
+ *
+ * Dependencies:
+ * - `ConnectorCapabilitySideEffect` from `../../../../shared/types/v8-contracts.js`
+ *
+ * Boundary:
+ * - Pure classification function; no side effects, no DB access.
+ * - Does NOT perform capability probe — reads manifest metadata only.
+ * - Unknown capabilities return `unknown`; caller (policy) decides posture.
+ *
+ * Test coverage: tests/unit/body/affordance-side-effect.test.ts
+ */
+import type { ConnectorCapabilitySideEffect } from "../../../../shared/types/v8-contracts.js";
+export declare function deriveConnectorSideEffect(capabilityId: string): ConnectorCapabilitySideEffect;
+export interface CapabilityAffordancePosture {
+    connectorId: string;
+    capabilityId: string;
+    sideEffectClass: ConnectorCapabilitySideEffect;
+    authStatus: "ready" | "needs_auth" | "revoked" | "unknown";
+    breakerStatus: "closed" | "open" | "half_open";
+}
+export declare function assembleCapabilityAffordancePosture(connectorId: string, capabilityId: string, authStatus: CapabilityAffordancePosture["authStatus"], breakerStatus: CapabilityAffordancePosture["breakerStatus"]): CapabilityAffordancePosture;
+export interface SideEffectAwareAffordanceMap {
+    [connectorId: string]: {
+        [capabilityId: string]: CapabilityAffordancePosture;
+    };
+}
+export declare function buildSideEffectAwareAffordanceMap(postures: CapabilityAffordancePosture[]): SideEffectAwareAffordanceMap;
+export declare function lookupSideEffectPosture(map: SideEffectAwareAffordanceMap, connectorId: string, capabilityId: string): CapabilityAffordancePosture | undefined;
+export declare function isWriteSideEffect(sideEffect: ConnectorCapabilitySideEffect): boolean;
+export declare function isReadSideEffect(sideEffect: ConnectorCapabilitySideEffect): boolean;
+export declare function isLocalStateSideEffect(sideEffect: ConnectorCapabilitySideEffect): boolean;
+export declare function isUnknownSideEffect(sideEffect: ConnectorCapabilitySideEffect): boolean;
+export declare function effectiveActionSideEffectClass(sideEffect: ConnectorCapabilitySideEffect): "external_write" | "external_read" | "local_state" | "unknown";

package/runtime/core/second-nature/body/tool-affordance/affordance-side-effect.js ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * AffordanceSideEffect — v8 capability side-effect classifier.
+ *
+ * Core logic: Derive effective side-effect class for `run_connector` actions
+ * from connector capability metadata. Action policy uses this to decide
+ * allow/defer/downgrade/deny without knowing platform internals.
+ *
+ * Classification rules:
+ * - `feed.read`, `work.discover`, `notification.list` → external_read
+ * - `post.publish`, `comment.reply`, `message.send`, `task.claim` → external_write
+ * - `agent.register`, `agent.heartbeat` → local_state
+ * - Unknown / unlisted capability → unknown (policy must deny or downgrade)
+ *
+ * Design authority:
+ * - `.anws/v8/04_SYSTEM_DESIGN/body-tool-system.md`
+ * - `.anws/v8/04_SYSTEM_DESIGN/shared-v8-contracts.md §1.2`
+ *
+ * Dependencies:
+ * - `ConnectorCapabilitySideEffect` from `../../../../shared/types/v8-contracts.js`
+ *
+ * Boundary:
+ * - Pure classification function; no side effects, no DB access.
+ * - Does NOT perform capability probe — reads manifest metadata only.
+ * - Unknown capabilities return `unknown`; caller (policy) decides posture.
+ *
+ * Test coverage: tests/unit/body/affordance-side-effect.test.ts
+ */
+// ───────────────────────────────────────────────────────────────
+// Capability → side-effect mapping
+// ───────────────────────────────────────────────────────────────
+const READ_CAPABILITIES = new Set([
+    "feed.read",
+    "work.discover",
+    "notification.list",
+    "profile.inspect",
+    "github:issue.search",
+]);
+const WRITE_CAPABILITIES = new Set([
+    "post.publish",
+    "comment.reply",
+    "message.send",
+    "task.claim",
+]);
+const LOCAL_STATE_CAPABILITIES = new Set([
+    "agent.register",
+    "agent.heartbeat",
+    "status.update",
+]);
+// ───────────────────────────────────────────────────────────────
+// Public API
+// ───────────────────────────────────────────────────────────────
+export function deriveConnectorSideEffect(capabilityId) {
+    if (READ_CAPABILITIES.has(capabilityId))
+        return "external_read";
+    if (WRITE_CAPABILITIES.has(capabilityId))
+        return "external_write";
+    if (LOCAL_STATE_CAPABILITIES.has(capabilityId))
+        return "local_state";
+    return "unknown";
+}
+export function assembleCapabilityAffordancePosture(connectorId, capabilityId, authStatus, breakerStatus) {
+    return {
+        connectorId,
+        capabilityId,
+        sideEffectClass: deriveConnectorSideEffect(capabilityId),
+        authStatus,
+        breakerStatus,
+    };
+}
+export function buildSideEffectAwareAffordanceMap(postures) {
+    const map = {};
+    for (const posture of postures) {
+        if (!map[posture.connectorId]) {
+            map[posture.connectorId] = {};
+        }
+        map[posture.connectorId][posture.capabilityId] = posture;
+    }
+    return map;
+}
+export function lookupSideEffectPosture(map, connectorId, capabilityId) {
+    return map[connectorId]?.[capabilityId];
+}
+// ───────────────────────────────────────────────────────────────
+// Policy-facing helpers
+// ───────────────────────────────────────────────────────────────
+export function isWriteSideEffect(sideEffect) {
+    return sideEffect === "external_write";
+}
+export function isReadSideEffect(sideEffect) {
+    return sideEffect === "external_read";
+}
+export function isLocalStateSideEffect(sideEffect) {
+    return sideEffect === "local_state";
+}
+export function isUnknownSideEffect(sideEffect) {
+    return sideEffect === "unknown";
+}
+export function effectiveActionSideEffectClass(sideEffect) {
+    return sideEffect;
+}

package/runtime/core/second-nature/control-plane/accepted-projection-loader.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * AcceptedProjectionLoader — Load accepted long-term memory into EmbodiedContext.
+ *
+ * Core logic: Read active/accepted projections from state, exclude candidates,
+ * and return bounded memory slice for heartbeat context assembly.
+ *
+ * Design authority:
+ * - `.anws/v8/04_SYSTEM_DESIGN/control-plane-system.md §5`
+ * - `.anws/v8/04_SYSTEM_DESIGN/dream-quiet-memory-system.md §4.2`
+ *
+ * Dependencies:
+ * - `src/storage/v8-state-stores.js` (readMemoryProjectionsByStatus)
+ * - `src/shared/types/v8-contracts.js` (SourceRef, DegradedOperationResult)
+ *
+ * Boundary:
+ * - Only loads accepted/active projections; candidates are excluded.
+ * - Does not judge projection importance; loads all active.
+ * - Degrades gracefully on unreadable state.
+ *
+ * Test coverage: tests/unit/control-plane/accepted-projection-loader.test.ts
+ */
+import type { StateDatabase } from "../../../storage/db/index.js";
+import type { SourceRef, DegradedOperationResult } from "../../../shared/types/v8-contracts.js";
+export interface MemoryProjectionSlice {
+    projections: AcceptedProjection[];
+    topicKeys: string[];
+    totalProjections: number;
+}
+export interface AcceptedProjection {
+    id: string;
+    topicKey: string;
+    memoryText: string;
+    sourceRefs: SourceRef[];
+    acceptedAt?: string;
+}
+export type LoadAcceptedProjectionsResult = {
+    ok: true;
+    slice: MemoryProjectionSlice;
+} | {
+    ok: false;
+    degraded: DegradedOperationResult;
+};
+export declare function loadAcceptedProjections(db: StateDatabase, _options?: {
+    limit?: number;
+}): Promise<LoadAcceptedProjectionsResult>;

package/runtime/core/second-nature/control-plane/accepted-projection-loader.js ADDED Viewed

@@ -0,0 +1,85 @@
+/**
+ * AcceptedProjectionLoader — Load accepted long-term memory into EmbodiedContext.
+ *
+ * Core logic: Read active/accepted projections from state, exclude candidates,
+ * and return bounded memory slice for heartbeat context assembly.
+ *
+ * Design authority:
+ * - `.anws/v8/04_SYSTEM_DESIGN/control-plane-system.md §5`
+ * - `.anws/v8/04_SYSTEM_DESIGN/dream-quiet-memory-system.md §4.2`
+ *
+ * Dependencies:
+ * - `src/storage/v8-state-stores.js` (readMemoryProjectionsByStatus)
+ * - `src/shared/types/v8-contracts.js` (SourceRef, DegradedOperationResult)
+ *
+ * Boundary:
+ * - Only loads accepted/active projections; candidates are excluded.
+ * - Does not judge projection importance; loads all active.
+ * - Degrades gracefully on unreadable state.
+ *
+ * Test coverage: tests/unit/control-plane/accepted-projection-loader.test.ts
+ */
+import { readMemoryProjectionsByStatus, } from "../../../storage/v8-state-stores.js";
+// ───────────────────────────────────────────────────────────────
+// Helpers
+// ───────────────────────────────────────────────────────────────
+function parsePayloadJson(json) {
+    if (!json)
+        return {};
+    try {
+        return JSON.parse(json);
+    }
+    catch {
+        return {};
+    }
+}
+function parseSourceRefs(json) {
+    if (!json)
+        return [];
+    try {
+        const parsed = JSON.parse(json);
+        return Array.isArray(parsed) ? parsed : [];
+    }
+    catch {
+        return [];
+    }
+}
+// ───────────────────────────────────────────────────────────────
+// Public API
+// ───────────────────────────────────────────────────────────────
+export async function loadAcceptedProjections(db, _options) {
+    const activeResult = await readMemoryProjectionsByStatus(db, "active");
+    if (activeResult.degraded) {
+        return {
+            ok: false,
+            degraded: activeResult.degraded,
+        };
+    }
+    const acceptedResult = await readMemoryProjectionsByStatus(db, "accepted");
+    if (acceptedResult.degraded) {
+        return {
+            ok: false,
+            degraded: acceptedResult.degraded,
+        };
+    }
+    const allProjections = [...activeResult.rows, ...acceptedResult.rows];
+    const projections = allProjections.map((row) => {
+        const payload = parsePayloadJson(row.payloadJson);
+        return {
+            id: row.id,
+            topicKey: row.topicKey,
+            memoryText: String(payload.memoryText ?? ""),
+            sourceRefs: parseSourceRefs(row.sourceRefsJson),
+            acceptedAt: payload.acceptedAt ? String(payload.acceptedAt) : undefined,
+        };
+    });
+    const topicKeys = [...new Set(projections.map((p) => p.topicKey))];
+    return {
+        ok: true,
+        slice: {
+            projections,
+            topicKeys,
+            totalProjections: projections.length,
+        },
+    };
+}