@remnic/core 9.3.648 → 9.3.650

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. package/dist/access-cli.js +4 -4
  2. package/dist/access-http.d.ts +2 -2
  3. package/dist/access-http.js +4 -4
  4. package/dist/access-mcp.d.ts +2 -2
  5. package/dist/access-mcp.js +3 -3
  6. package/dist/{access-service-DFXIlGvZ.d.ts → access-service-DIZRHQ7Q.d.ts} +255 -2
  7. package/dist/access-service.d.ts +2 -2
  8. package/dist/access-service.js +2 -2
  9. package/dist/bootstrap.d.ts +1 -1
  10. package/dist/{chunk-TWVRDGTX.js → chunk-23RYLGYA.js} +185 -55
  11. package/dist/chunk-23RYLGYA.js.map +1 -0
  12. package/dist/{chunk-CNRZ6WJU.js → chunk-3IJEQWQX.js} +4 -4
  13. package/dist/{chunk-XUGQQPGO.js → chunk-AGRPGAKR.js} +12 -1
  14. package/dist/chunk-AGRPGAKR.js.map +1 -0
  15. package/dist/{chunk-6GIKAUTN.js → chunk-MMJANTJX.js} +33 -2
  16. package/dist/{chunk-6GIKAUTN.js.map → chunk-MMJANTJX.js.map} +1 -1
  17. package/dist/{chunk-6BNFVP7Y.js → chunk-RZOBQ23O.js} +2 -2
  18. package/dist/{chunk-AEIZEAP7.js → chunk-TUMH6EDV.js} +12 -15
  19. package/dist/chunk-TUMH6EDV.js.map +1 -0
  20. package/dist/{chunk-FUXV6HSO.js → chunk-TVOPSKOK.js} +3 -3
  21. package/dist/{chunk-5ETA6OAS.js → chunk-YAFSTKTH.js} +608 -80
  22. package/dist/chunk-YAFSTKTH.js.map +1 -0
  23. package/dist/{cli-DrL2Nv4j.d.ts → cli-BG4ybtJr.d.ts} +2 -2
  24. package/dist/cli.d.ts +3 -3
  25. package/dist/cli.js +7 -7
  26. package/dist/explicit-capture.d.ts +1 -1
  27. package/dist/index.d.ts +4 -4
  28. package/dist/index.js +8 -8
  29. package/dist/mcp-memory-inspector-app.d.ts +2 -2
  30. package/dist/{orchestrator-DEQW9j0Z.d.ts → orchestrator-CX-oqwJq.d.ts} +58 -0
  31. package/dist/orchestrator.d.ts +1 -1
  32. package/dist/orchestrator.js +3 -3
  33. package/dist/resume-bundles.js +2 -2
  34. package/dist/transcript.d.ts +18 -1
  35. package/dist/transcript.js +5 -3
  36. package/package.json +1 -1
  37. package/src/access-service-lcm-forgery.test.ts +410 -0
  38. package/src/access-service-observe-lcm-parity.test.ts +1397 -0
  39. package/src/access-service-observe-scope.test.ts +599 -0
  40. package/src/access-service-raw-excerpt-read-gate.test.ts +443 -0
  41. package/src/access-service.ts +1270 -113
  42. package/src/cli.ts +10 -12
  43. package/src/coding/coding-namespace.test.ts +44 -0
  44. package/src/coding/coding-namespace.ts +163 -0
  45. package/src/orchestrator.ts +335 -77
  46. package/src/transcript-day-range.test.ts +101 -0
  47. package/src/transcript.ts +26 -0
  48. package/dist/chunk-5ETA6OAS.js.map +0 -1
  49. package/dist/chunk-AEIZEAP7.js.map +0 -1
  50. package/dist/chunk-TWVRDGTX.js.map +0 -1
  51. package/dist/chunk-XUGQQPGO.js.map +0 -1
  52. /package/dist/{chunk-CNRZ6WJU.js.map → chunk-3IJEQWQX.js.map} +0 -0
  53. /package/dist/{chunk-6BNFVP7Y.js.map → chunk-RZOBQ23O.js.map} +0 -0
  54. /package/dist/{chunk-FUXV6HSO.js.map → chunk-TVOPSKOK.js.map} +0 -0
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  Orchestrator
3
- } from "./chunk-TWVRDGTX.js";
3
+ } from "./chunk-23RYLGYA.js";
4
4
  import "./chunk-DDRNDPX4.js";
5
5
  import "./chunk-7HYPN2GC.js";
6
6
  import "./chunk-666A3MOW.js";
@@ -79,7 +79,7 @@ import "./chunk-UMKPSD35.js";
79
79
  import "./chunk-W4RVMTHR.js";
80
80
  import "./chunk-4BISW7RX.js";
81
81
  import "./chunk-ZRWB5D4H.js";
82
- import "./chunk-XUGQQPGO.js";
82
+ import "./chunk-AGRPGAKR.js";
83
83
  import "./chunk-S4DDLTPX.js";
84
84
  import "./chunk-SFQ6QNL7.js";
85
85
  import "./chunk-D6WVJIS3.js";
@@ -122,7 +122,7 @@ import "./chunk-OADWQ5CR.js";
122
122
  import "./chunk-7WV3F5DQ.js";
123
123
  import {
124
124
  EngramAccessService
125
- } from "./chunk-5ETA6OAS.js";
125
+ } from "./chunk-YAFSTKTH.js";
126
126
  import "./chunk-GDASG7NC.js";
127
127
  import "./chunk-GDB4J2H3.js";
128
128
  import "./chunk-NT5TINK5.js";
@@ -131,7 +131,7 @@ import "./chunk-SOBJ6NEY.js";
131
131
  import "./chunk-BT7NVCML.js";
132
132
  import "./chunk-H7XKCNR6.js";
133
133
  import "./chunk-UMTG2BN2.js";
134
- import "./chunk-6GIKAUTN.js";
134
+ import "./chunk-MMJANTJX.js";
135
135
  import "./chunk-5RIRL3XL.js";
136
136
  import "./chunk-JGSKJHF7.js";
137
137
  import "./chunk-FF4KLI5W.js";
@@ -1,5 +1,5 @@
1
1
  import { IncomingMessage } from 'node:http';
2
- import { E as EngramAccessService } from './access-service-DFXIlGvZ.js';
2
+ import { E as EngramAccessService } from './access-service-DIZRHQ7Q.js';
3
3
  import { ResolvedIdentity } from './adapters/types.js';
4
4
  import { AdapterRegistry } from './adapters/registry.js';
5
5
  import './storage.js';
@@ -21,7 +21,7 @@ import './user-model.js';
21
21
  import './recall-audit-anomaly.js';
22
22
  import './recall-audit.js';
23
23
  import './explicit-capture.js';
24
- import './orchestrator-DEQW9j0Z.js';
24
+ import './orchestrator-CX-oqwJq.js';
25
25
  import './briefing.js';
26
26
  import './buffer.js';
27
27
  import './search/port.js';
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  EngramAccessHttpServer
3
- } from "./chunk-CNRZ6WJU.js";
3
+ } from "./chunk-3IJEQWQX.js";
4
4
  import "./chunk-SEDEKFYQ.js";
5
5
  import "./chunk-RKNJBZ55.js";
6
6
  import "./chunk-J64TK33U.js";
@@ -9,10 +9,10 @@ import "./chunk-42NQ7AVG.js";
9
9
  import "./chunk-TMSXWOBZ.js";
10
10
  import "./chunk-7RXCMVFQ.js";
11
11
  import "./chunk-7WV3F5DQ.js";
12
- import "./chunk-FUXV6HSO.js";
12
+ import "./chunk-TVOPSKOK.js";
13
13
  import "./chunk-T4WDJPEZ.js";
14
14
  import "./chunk-D24OXEPB.js";
15
- import "./chunk-5ETA6OAS.js";
15
+ import "./chunk-YAFSTKTH.js";
16
16
  import "./chunk-GDASG7NC.js";
17
17
  import "./chunk-GDB4J2H3.js";
18
18
  import "./chunk-NT5TINK5.js";
@@ -21,7 +21,7 @@ import "./chunk-SOBJ6NEY.js";
21
21
  import "./chunk-BT7NVCML.js";
22
22
  import "./chunk-H7XKCNR6.js";
23
23
  import "./chunk-UMTG2BN2.js";
24
- import "./chunk-6GIKAUTN.js";
24
+ import "./chunk-MMJANTJX.js";
25
25
  import "./chunk-5RIRL3XL.js";
26
26
  import "./chunk-JGSKJHF7.js";
27
27
  import "./chunk-FF4KLI5W.js";
@@ -1,5 +1,5 @@
1
1
  import { Readable, Writable } from 'node:stream';
2
- import { E as EngramAccessService } from './access-service-DFXIlGvZ.js';
2
+ import { E as EngramAccessService } from './access-service-DIZRHQ7Q.js';
3
3
  import './storage.js';
4
4
  import './page-versioning.js';
5
5
  import './consolidation-operator.js';
@@ -19,7 +19,7 @@ import './user-model.js';
19
19
  import './recall-audit-anomaly.js';
20
20
  import './recall-audit.js';
21
21
  import './explicit-capture.js';
22
- import './orchestrator-DEQW9j0Z.js';
22
+ import './orchestrator-CX-oqwJq.js';
23
23
  import './briefing.js';
24
24
  import './buffer.js';
25
25
  import './search/port.js';
@@ -1,9 +1,9 @@
1
1
  import {
2
2
  EngramMcpServer
3
- } from "./chunk-FUXV6HSO.js";
3
+ } from "./chunk-TVOPSKOK.js";
4
4
  import "./chunk-T4WDJPEZ.js";
5
5
  import "./chunk-D24OXEPB.js";
6
- import "./chunk-5ETA6OAS.js";
6
+ import "./chunk-YAFSTKTH.js";
7
7
  import "./chunk-GDASG7NC.js";
8
8
  import "./chunk-GDB4J2H3.js";
9
9
  import "./chunk-NT5TINK5.js";
@@ -12,7 +12,7 @@ import "./chunk-SOBJ6NEY.js";
12
12
  import "./chunk-BT7NVCML.js";
13
13
  import "./chunk-H7XKCNR6.js";
14
14
  import "./chunk-UMTG2BN2.js";
15
- import "./chunk-6GIKAUTN.js";
15
+ import "./chunk-MMJANTJX.js";
16
16
  import "./chunk-5RIRL3XL.js";
17
17
  import "./chunk-JGSKJHF7.js";
18
18
  import "./chunk-FF4KLI5W.js";
@@ -6,7 +6,7 @@ import { AnomalyDetectorResult } from './recall-audit-anomaly.js';
6
6
  import { ExplicitCaptureInput } from './explicit-capture.js';
7
7
  import { BudgetDecision } from './cross-namespace-budget.js';
8
8
  import { readMemoryGovernanceRunArtifact } from './maintenance/memory-governance.js';
9
- import { O as Orchestrator, I as IntentDebugSnapshot, G as GraphRecallSnapshot, P as PatternReinforcementResult, W as WearablesService } from './orchestrator-DEQW9j0Z.js';
9
+ import { O as Orchestrator, I as IntentDebugSnapshot, G as GraphRecallSnapshot, P as PatternReinforcementResult, W as WearablesService } from './orchestrator-CX-oqwJq.js';
10
10
  import { LiveConnectorsRunSummary } from './live-connectors-runner.js';
11
11
  import { LastRecallSnapshot } from './recall-state.js';
12
12
  import { GraphSnapshotRequest, GraphSnapshotResponse } from './graph-snapshot.js';
@@ -654,6 +654,53 @@ interface CodingScopedWriteInput {
654
654
  cwd?: string;
655
655
  projectTag?: string;
656
656
  }
657
+ /**
658
+ * Internal, single-resolution plan describing the effective memory scope for a
659
+ * write-producing access request (#1495, seed for epic #1494). One plan is
660
+ * resolved per request and EVERY side effect (LCM archival, extraction replay,
661
+ * objective-state snapshot, response) consumes the same `writeNamespace`, so an
662
+ * observed turn and its extracted memories never drift away from the namespace a
663
+ * same-session project-scoped recall searches (rule 39 / 42).
664
+ *
665
+ * The resolver that produces this is READ-ONLY with respect to namespace
666
+ * authorization: an explicit namespace is authorized through the existing
667
+ * `canWriteNamespace` policy path, and a coding overlay is always REBUILT from
668
+ * the authenticated principal's base — never accepted as a caller string — so a
669
+ * caller can never reach another principal's overlay by forging an
670
+ * overlay-shaped namespace (rule 42 / 47 / 48).
671
+ */
672
+ interface MemoryScopePlan {
673
+ /** Resolved request principal (auth precedence applied), or undefined. */
674
+ principal?: string;
675
+ /** Explicit `namespace` supplied by the caller, if any (already authorized). */
676
+ explicitNamespace?: string;
677
+ /** Principal self base namespace before any coding overlay. */
678
+ baseNamespace: string;
679
+ /** Effective write namespace — what every side effect must use. */
680
+ writeNamespace: string;
681
+ /**
682
+ * Effective namespace the objective-state snapshot writer must target.
683
+ *
684
+ * Objective-state has a STRICTER, pre-#1495 contract than the LCM/extraction
685
+ * write path (#928): an IMPLICIT (no explicit `namespace`) snapshot is based
686
+ * on the PRINCIPAL SELF namespace (`defaultNamespaceForPrincipal`) and is
687
+ * authorized against THAT base (rule 48, least-privilege) — never silently
688
+ * routed to `config.defaultNamespace`. Only the LCM/extraction/response path
689
+ * collapses an unqualified write to `config.defaultNamespace` (memory_store
690
+ * parity, rule 39). With an explicit namespace, or once a coding overlay
691
+ * applies, both targets converge: `objectiveStateNamespace === writeNamespace`.
692
+ *
693
+ * Keeping the two as separate fields of ONE plan preserves rule 22 (single
694
+ * resolution point) while honoring each consumer's historical contract.
695
+ */
696
+ objectiveStateNamespace: string;
697
+ /** Namespaces a same-session recall would read (cheap subset). */
698
+ readNamespaces: string[];
699
+ /** Whether the coding overlay changed the base namespace. */
700
+ codingOverlayApplied: boolean;
701
+ /** Non-fatal diagnostics surfaced during resolution. */
702
+ warnings: string[];
703
+ }
657
704
  interface EngramAccessMemoryStoreRequest extends EngramAccessWriteEnvelope, ExplicitCaptureInput, CodingScopedWriteInput {
658
705
  }
659
706
  interface EngramAccessSuggestionSubmitRequest extends EngramAccessWriteEnvelope, ExplicitCaptureInput, CodingScopedWriteInput {
@@ -697,10 +744,44 @@ interface EngramAccessObserveRequest {
697
744
  */
698
745
  projectTag?: string;
699
746
  }
747
+ /**
748
+ * Additive diagnostic view of the effective {@link MemoryScopePlan} resolved for
749
+ * an `observe` request (#1495 / epic #1494). Lets callers and tests inspect
750
+ * which namespace the operation actually wrote to without changing the
751
+ * backward-compatible `namespace` field. Purely informational — never gates
752
+ * authorization.
753
+ */
754
+ interface EngramAccessScopeDebug {
755
+ /** Resolved principal, or `undefined` when none could be derived. */
756
+ principal?: string;
757
+ /** Explicit `namespace` from the request, if one was supplied. */
758
+ explicitNamespace?: string;
759
+ /** Principal self base before any coding overlay. */
760
+ baseNamespace: string;
761
+ /** Effective write namespace every side effect of the request uses. */
762
+ writeNamespace: string;
763
+ /** Whether the coding (project/branch) overlay changed the base namespace. */
764
+ codingOverlayApplied: boolean;
765
+ /** Namespaces a same-session recall would read, when cheap to compute. */
766
+ readNamespaces?: string[];
767
+ }
700
768
  interface EngramAccessObserveResponse {
701
769
  accepted: number;
702
770
  sessionKey: string;
771
+ /**
772
+ * Backward-compatible base writable namespace (pre-#1495 semantics). Kept
773
+ * unchanged so existing callers/tests are not broken. The namespace the
774
+ * operation ACTUALLY wrote to is {@link EngramAccessObserveResponse.effectiveNamespace}.
775
+ */
703
776
  namespace: string;
777
+ /**
778
+ * Effective write namespace every memory-producing side effect of this
779
+ * request used (LCM archival, extraction replay, objective-state snapshot).
780
+ * Equals the namespace a same-session project-scoped recall searches (#1495).
781
+ */
782
+ effectiveNamespace: string;
783
+ /** Additive diagnostic view of the resolved scope plan (#1495). */
784
+ scopeDebug?: EngramAccessScopeDebug;
704
785
  lcmArchived: boolean;
705
786
  extractionQueued: boolean;
706
787
  }
@@ -825,6 +906,31 @@ declare class EngramAccessService {
825
906
  * never fails a write — there is no namespace to "pin".
826
907
  */
827
908
  private resolveCodingScopedWriteNamespace;
909
+ /**
910
+ * Resolve ONE effective memory scope plan for a write-producing request
911
+ * (#1495 / seed for epic #1494). The returned {@link MemoryScopePlan} is the
912
+ * single source of truth `observe` (and, later, other write surfaces) consume
913
+ * so every side effect lands in `plan.writeNamespace`.
914
+ *
915
+ * Authorization mirrors {@link resolveCodingScopedWriteNamespace} EXACTLY so
916
+ * `observe`'s scoping is identical to `memory_store`/`suggestion_submit`
917
+ * (rule 39 — feature gates identical across code paths):
918
+ * - an explicit `namespace` always wins and is authorized strictly through
919
+ * `resolveWritableNamespace` → `canWriteNamespace`; an overlay-shaped string
920
+ * is never a writable target (rule 42 / 47 / 48);
921
+ * - with NO overlay, the base stays on `config.defaultNamespace` (pre-#1434
922
+ * behavior), auth-checked;
923
+ * - WITH an overlay, the base is the principal self namespace and the overlay
924
+ * is REBUILT from that authorized base — never accepted as a caller string.
925
+ *
926
+ * READ-ONLY: this never mutates session coding context. Callers that need the
927
+ * `cwd`/`projectTag` bound to the session (so a later bare recall is scoped)
928
+ * must attach it via `maybeAttachCodingContext` BEFORE calling this, which
929
+ * also preserves the no-orphan-context guard (attach only after auth passes).
930
+ * The overlay here reads the session's attached context first (matching recall
931
+ * precedence), falling back to the per-call `cwd`/`projectTag`.
932
+ */
933
+ private resolveMemoryScopePlan;
828
934
  private objectiveStateStoreLocationForNamespace;
829
935
  private resolveReadableNamespace;
830
936
  private resolveReadableNamespacesForSearch;
@@ -1080,6 +1186,153 @@ declare class EngramAccessService {
1080
1186
  private serializeMemorySummary;
1081
1187
  observe(request: EngramAccessObserveRequest): Promise<EngramAccessObserveResponse>;
1082
1188
  lcmSearch(request: EngramAccessLcmSearchRequest): Promise<EngramAccessLcmSearchResponse>;
1189
+ /**
1190
+ * Resolve the LCM `session_id` a same-session READER (compaction flush/record,
1191
+ * `lcmSearch`, raw-excerpt lookup) must target so it matches the key `observe`
1192
+ * archived under (#1495 thread 2 + #1505 round 3, rule 42). One helper for
1193
+ * EVERY access-surface LCM read so the read key cannot drift from the write key
1194
+ * (rule 22).
1195
+ *
1196
+ * Precedence mirrors `observe`'s effective write namespace:
1197
+ * - With an explicit `request.namespace`, use the already-authorized
1198
+ * `resolvedNamespace` (the overlay never applies to an explicit write).
1199
+ * - With NO explicit namespace, an auto-scoped session was archived under
1200
+ * its coding-overlay namespace, so overlay the session's bound coding
1201
+ * context onto the principal self base — the SAME resolution
1202
+ * `resolveMemoryScopePlan`/recall use. `applyCodingNamespaceOverlay`
1203
+ * returns the base unchanged when projectScope/namespaces are off or no
1204
+ * context is bound, so single-store / no-overlay flows collapse to the raw
1205
+ * sessionKey exactly as before.
1206
+ *
1207
+ * Then encode the `${namespace}:${sessionKey}` prefix via the shared helper
1208
+ * so the read key is byte-for-byte what the LCM write and the recall readers
1209
+ * use.
1210
+ */
1211
+ /**
1212
+ * Resolve the effective LCM NAMESPACE a same-session operation must prefix
1213
+ * with (the namespace half of {@link resolveLcmReadSessionKey}). Split out so
1214
+ * `lcmSearch` can apply ONE namespace to BOTH its `sessionKey` and its
1215
+ * `sessionPrefix` — the prefix is a search fragment, not a real session, so its
1216
+ * own coding context can't be looked up; it must inherit the namespace resolved
1217
+ * from the real session (`sessionKeyForOverlay`).
1218
+ *
1219
+ * `purpose` selects the AUTHORIZATION gate applied before honouring the
1220
+ * coding overlay (#1505 round 3 + round 4, codex P2):
1221
+ *
1222
+ * - `"read"` (`lcmSearch` / raw-excerpt recall): the overlay rows are only
1223
+ * visible when the principal SELF base is in the READABLE RECALL SET — the
1224
+ * same gate the orchestrator's `lcmReadNamespaceForSession` and the recall
1225
+ * namespace set use (`recallNamespacesForPrincipal`, gated by both
1226
+ * `defaultRecallNamespaces.includes("self")` AND `canReadNamespace`). A
1227
+ * caller that passed the default read check must NOT receive
1228
+ * `<principal>-project-*` rows the policy never granted (cross-tenant read
1229
+ * leak). When the self base is not readable, keep the just-authorized
1230
+ * namespace (collapses to the raw key on the default store).
1231
+ *
1232
+ * - `"write"` (`lcmCompactionFlush` / `lcmCompactionRecord`): these are
1233
+ * write/maintenance operations on the SAME queue `observe` just wrote, so
1234
+ * the gate must mirror observe's WRITE authorization (`canWriteNamespace`
1235
+ * on the self base), NOT readability. A principal that can WRITE but not
1236
+ * READ its self namespace (or whose `defaultRecallNamespaces` omits `self`)
1237
+ * archived under the overlay key via `observe`; gating compaction by
1238
+ * readability would fall back to the default/raw key and leave that queue
1239
+ * never flushed/recorded (round-4 codex P2). Write-authorized ⇒ overlay
1240
+ * key, matching the observe write key (rule 42 read/write parity; rule 39
1241
+ * identical gates across paths).
1242
+ */
1243
+ private resolveLcmReadNamespace;
1244
+ /**
1245
+ * Resolve the namespace the raw-disclosure excerpt lookup
1246
+ * ({@link fetchRawExcerpts}) must prefix its LCM `session_id` with (#1505
1247
+ * thread 2f7). Raw disclosure reads the SAME LCM archive `lcmSearch` and the
1248
+ * in-prompt LCM sections read, so it MUST pass through the identical
1249
+ * read-authorization gate — NOT `snapshot.namespace`, which records the
1250
+ * effective WRITE/overlay namespace (`<principal>-project-*`) even when the
1251
+ * principal can WRITE but not READ its self base (or `defaultRecallNamespaces`
1252
+ * omits `self`). Routing through `resolveLcmReadNamespace(..., "read")` makes
1253
+ * raw disclosure fall back to the default store exactly like normal recall +
1254
+ * `lcmSearch`, so it never attaches overlay transcript rows the read gate
1255
+ * excludes (cross-tenant read leak). Collapses to the default store / raw
1256
+ * sessionKey for single-store / no-overlay / explicit-default flows, so
1257
+ * single-user recall is byte-for-byte unchanged.
1258
+ *
1259
+ * Returns `undefined` when NO readable LCM namespace exists for an IMPLICIT
1260
+ * (no explicit `namespace`) raw recall — i.e. a restrictive `default` READ
1261
+ * policy denies the principal `default` AND no overlay/self namespace is
1262
+ * readable. In that case the caller emits NO excerpts rather than throwing
1263
+ * `namespace is not readable: default` (#1505 thread NBHWz): normal recall
1264
+ * still succeeds via `recallNamespacesForPrincipal`, so `disclosure: "raw"`
1265
+ * must degrade gracefully (empty excerpts), never pre-authorize `default`.
1266
+ *
1267
+ * IMPLICIT-namespace fallback selection derives from the ALREADY
1268
+ * read-authorized recall namespace set (`recallNamespacesForPrincipal` +
1269
+ * `canReadNamespace`) — the principal's self base when it is in the readable
1270
+ * recall set, else `config.defaultNamespace` ONLY when the principal may read
1271
+ * it. It NEVER pre-authorizes `default`. An EXPLICIT `namespace` is still
1272
+ * authorized strictly via `resolveReadableNamespace` (explicit reads must pass
1273
+ * the ACL — no behavior change).
1274
+ */
1275
+ private resolveRawExcerptReadNamespace;
1276
+ /**
1277
+ * The base `resolvedNamespace` an IMPLICIT (no explicit `namespace`)
1278
+ * same-session LCM READER (`resolveRawExcerptReadNamespace`, `lcmSearch`)
1279
+ * passes into {@link resolveLcmReadNamespace} — WITHOUT pre-authorizing
1280
+ * `default` (#1505 thread NBHWz). It decides PROCEED vs SUPPRESS only; the
1281
+ * actual LCM prefix is then resolved by `resolveLcmReadNamespace`, which
1282
+ * mirrors the orchestrator's `lcmReadNamespaceForSession` EXACTLY (rule 39 /
1283
+ * 42): the coding overlay when the principal SELF base is in the readable
1284
+ * recall set, else `config.defaultNamespace` (the raw key).
1285
+ *
1286
+ * Returns `config.defaultNamespace` (PROCEED) whenever the principal has ANY
1287
+ * readable LCM access — either `default` itself is readable, OR a coding
1288
+ * overlay / self base is in the readable recall set. The returned value is
1289
+ * ALWAYS `config.defaultNamespace`, NEVER an arbitrary readable recall
1290
+ * namespace (e.g. `shared`): `resolveLcmReadNamespace` returns this fallback
1291
+ * verbatim only on the overlay-applies-but-self-unreadable branch, where the
1292
+ * orchestrator collapses to the default store — so returning anything but the
1293
+ * default store there would prefix LCM reads with `shared:sessionKey` while
1294
+ * in-prompt recall uses the raw `sessionKey`, diverging the two (cursor
1295
+ * "LCM read gate wrong fallback").
1296
+ *
1297
+ * Returns `undefined` (SUPPRESS) only when NO readable LCM namespace exists —
1298
+ * a restrictive `default` READ policy AND no readable overlay/self — so the
1299
+ * caller emits NO rows instead of throwing `namespace is not readable:
1300
+ * default`. Normal recall still succeeds through the readable self namespace.
1301
+ *
1302
+ * Single-store / namespaces-disabled deployments resolve to
1303
+ * `config.defaultNamespace`, keeping single-user recall byte-for-byte
1304
+ * unchanged.
1305
+ */
1306
+ private resolveImplicitLcmReadFallbackNamespace;
1307
+ private resolveLcmReadSessionKey;
1308
+ /**
1309
+ * Resolve the ORDERED, read-authorized set of LCM `session_id`s a same-session
1310
+ * READER (`lcmSearch`, raw-excerpt disclosure) must query so it matches every
1311
+ * key `observe` archived under across the coding scope (#1505 thread "Include
1312
+ * coding fallback namespaces in LCM reads").
1313
+ *
1314
+ * Mirrors the orchestrator recall path exactly (rule 39): `observe` archives
1315
+ * each turn under `${effectiveNamespace}:${sessionKey}` for whichever namespace
1316
+ * was effective at write time, and normal QMD/file recall searches the primary
1317
+ * coding-overlay namespace AND `codingOverlay.readFallbacks` (project → root).
1318
+ * A single overlay key therefore MISSES rows a branch-scoped session archived at
1319
+ * project/root scope. This returns the primary overlay LCM key first, then one
1320
+ * per read fallback, deduped + ordered so the caller can short-circuit on the
1321
+ * first hit.
1322
+ *
1323
+ * READ-AUTHORIZATION (preserved from the round-3..5 `resolveLcmReadNamespace`
1324
+ * "read" gate; rule 42 / 48): the overlay + fallbacks are `<principal>-project-*`
1325
+ * sub-namespaces authorized transitively by the principal SELF base. They are
1326
+ * included ONLY when the self base is in the readable recall set
1327
+ * (`recallNamespacesForPrincipal`). When the self base is NOT readable (write-
1328
+ * only / self-omitted principal), or when an explicit namespace was supplied,
1329
+ * or no overlay applies, this collapses to the single key
1330
+ * {@link resolveLcmReadSessionKey} returns — byte-for-byte the prior behavior
1331
+ * (single-store / no-overlay flows stay the raw `sessionKey`). No
1332
+ * `<principal>-project-*` key is ever searched for an unauthorized reader (no
1333
+ * cross-tenant read leak).
1334
+ */
1335
+ private resolveLcmReadSessionIds;
1083
1336
  lcmCompactionFlush(request: EngramAccessLcmCompactionFlushRequest): Promise<EngramAccessLcmCompactionFlushResponse>;
1084
1337
  lcmCompactionRecord(request: EngramAccessLcmCompactionRecordRequest): Promise<EngramAccessLcmCompactionRecordResponse>;
1085
1338
  continuityAuditGenerate(request: {
@@ -1582,4 +1835,4 @@ declare class EngramAccessService {
1582
1835
  }): Promise<Awaited<ReturnType<WearablesService["transcriptMemories"]>>>;
1583
1836
  }
1584
1837
 
1585
- export { type EngramAccessReviewDispositionRequest as $, type EngramAccessMemoryBrowseRequest as A, type EngramAccessMemoryBrowseResponse as B, type CodingScopedWriteInput as C, type EngramAccessMemoryRecord as D, EngramAccessService as E, type EngramAccessMemoryResponse as F, type EngramAccessMemoryStoreRequest as G, type EngramAccessMemorySummary as H, type EngramAccessObserveMessage as I, type EngramAccessObserveRequest as J, type EngramAccessObserveResponse as K, type EngramAccessOfflineSyncApplyFileContentRequest as L, type EngramAccessOfflineSyncApplyFileContentResponse as M, type EngramAccessOfflineSyncApplyRequest as N, type EngramAccessOfflineSyncApplyResponse as O, type ProcedureStatsConfigSnapshot as P, type EngramAccessOfflineSyncFileContentRequest as Q, type EngramAccessOfflineSyncFileContentResponse as R, type EngramAccessOfflineSyncFilesRequest as S, type EngramAccessOfflineSyncFilesResponse as T, type EngramAccessOfflineSyncSnapshotRequest as U, type EngramAccessOfflineSyncSnapshotResponse as V, type EngramAccessOfflineSyncSnapshotStreamResponse as W, type EngramAccessQualityResponse as X, type EngramAccessRecallExplainRequest as Y, type EngramAccessRecallExplainResponse as Z, type EngramAccessRecallRequest as _, type EngramAccessRecallResponse as a, type EngramAccessReviewDispositionResponse as a0, type EngramAccessReviewQueueResponse as a1, type EngramAccessSetCodingContextRequest as a2, type EngramAccessSuggestionSubmitRequest as a3, type EngramAccessTimelineResponse as a4, type EngramAccessTrustZoneBrowseRequest as a5, type EngramAccessTrustZoneBrowseResponse as a6, type EngramAccessTrustZoneDemoSeedRequest as a7, type EngramAccessTrustZoneDemoSeedResponse as a8, type EngramAccessTrustZonePromoteRequest as a9, type EngramAccessTrustZonePromoteResponse as aa, type EngramAccessTrustZoneRecordSummary as ab, type EngramAccessTrustZoneStatusResponse as ac, type EngramAccessWriteEnvelope as ad, type EngramAccessWriteResponse as ae, shapeMemorySummary as af, EngramAccessInputError as b, type ProcedureStatsRecent as c, type ProcedureStatsReport as d, type ProcedureStatusCounts as e, computeProcedureStats as f, formatProcedureStatsText as g, ENGRAM_ACCESS_WRITE_SCHEMA_VERSION as h, type EngramAccessActionConfidenceRequest as i, type EngramAccessActionConfidenceResponse as j, type EngramAccessBriefingRequest as k, type EngramAccessBriefingResponse as l, type EngramAccessCapsuleListResponse as m, type EngramAccessDaySummaryRequest as n, type EngramAccessEntityListResponse as o, type EngramAccessEntityResponse as p, type EngramAccessEntitySummary as q, type EngramAccessHealthResponse as r, type EngramAccessLcmCompactionFlushRequest as s, type EngramAccessLcmCompactionFlushResponse as t, type EngramAccessLcmCompactionRecordRequest as u, type EngramAccessLcmCompactionRecordResponse as v, type EngramAccessLcmSearchRequest as w, type EngramAccessLcmSearchResponse as x, type EngramAccessLcmStatusResponse as y, type EngramAccessMaintenanceResponse as z };
1838
+ export { type EngramAccessReviewDispositionRequest as $, type EngramAccessMemoryBrowseRequest as A, type EngramAccessMemoryBrowseResponse as B, type CodingScopedWriteInput as C, type EngramAccessMemoryRecord as D, EngramAccessService as E, type EngramAccessMemoryResponse as F, type EngramAccessMemoryStoreRequest as G, type EngramAccessMemorySummary as H, type EngramAccessObserveMessage as I, type EngramAccessObserveRequest as J, type EngramAccessObserveResponse as K, type EngramAccessOfflineSyncApplyFileContentRequest as L, type EngramAccessOfflineSyncApplyFileContentResponse as M, type EngramAccessOfflineSyncApplyRequest as N, type EngramAccessOfflineSyncApplyResponse as O, type ProcedureStatsConfigSnapshot as P, type EngramAccessOfflineSyncFileContentRequest as Q, type EngramAccessOfflineSyncFileContentResponse as R, type EngramAccessOfflineSyncFilesRequest as S, type EngramAccessOfflineSyncFilesResponse as T, type EngramAccessOfflineSyncSnapshotRequest as U, type EngramAccessOfflineSyncSnapshotResponse as V, type EngramAccessOfflineSyncSnapshotStreamResponse as W, type EngramAccessQualityResponse as X, type EngramAccessRecallExplainRequest as Y, type EngramAccessRecallExplainResponse as Z, type EngramAccessRecallRequest as _, type EngramAccessRecallResponse as a, type EngramAccessReviewDispositionResponse as a0, type EngramAccessReviewQueueResponse as a1, type EngramAccessScopeDebug as a2, type EngramAccessSetCodingContextRequest as a3, type EngramAccessSuggestionSubmitRequest as a4, type EngramAccessTimelineResponse as a5, type EngramAccessTrustZoneBrowseRequest as a6, type EngramAccessTrustZoneBrowseResponse as a7, type EngramAccessTrustZoneDemoSeedRequest as a8, type EngramAccessTrustZoneDemoSeedResponse as a9, type EngramAccessTrustZonePromoteRequest as aa, type EngramAccessTrustZonePromoteResponse as ab, type EngramAccessTrustZoneRecordSummary as ac, type EngramAccessTrustZoneStatusResponse as ad, type EngramAccessWriteEnvelope as ae, type EngramAccessWriteResponse as af, type MemoryScopePlan as ag, shapeMemorySummary as ah, EngramAccessInputError as b, type ProcedureStatsRecent as c, type ProcedureStatsReport as d, type ProcedureStatusCounts as e, computeProcedureStats as f, formatProcedureStatsText as g, ENGRAM_ACCESS_WRITE_SCHEMA_VERSION as h, type EngramAccessActionConfidenceRequest as i, type EngramAccessActionConfidenceResponse as j, type EngramAccessBriefingRequest as k, type EngramAccessBriefingResponse as l, type EngramAccessCapsuleListResponse as m, type EngramAccessDaySummaryRequest as n, type EngramAccessEntityListResponse as o, type EngramAccessEntityResponse as p, type EngramAccessEntitySummary as q, type EngramAccessHealthResponse as r, type EngramAccessLcmCompactionFlushRequest as s, type EngramAccessLcmCompactionFlushResponse as t, type EngramAccessLcmCompactionRecordRequest as u, type EngramAccessLcmCompactionRecordResponse as v, type EngramAccessLcmSearchRequest as w, type EngramAccessLcmSearchResponse as x, type EngramAccessLcmStatusResponse as y, type EngramAccessMaintenanceResponse as z };
@@ -1,13 +1,13 @@
1
1
  import './storage.js';
2
2
  import './types-B1VHaf2w.js';
3
- export { C as CodingScopedWriteInput, h as ENGRAM_ACCESS_WRITE_SCHEMA_VERSION, i as EngramAccessActionConfidenceRequest, j as EngramAccessActionConfidenceResponse, k as EngramAccessBriefingRequest, l as EngramAccessBriefingResponse, m as EngramAccessCapsuleListResponse, n as EngramAccessDaySummaryRequest, o as EngramAccessEntityListResponse, p as EngramAccessEntityResponse, q as EngramAccessEntitySummary, r as EngramAccessHealthResponse, b as EngramAccessInputError, s as EngramAccessLcmCompactionFlushRequest, t as EngramAccessLcmCompactionFlushResponse, u as EngramAccessLcmCompactionRecordRequest, v as EngramAccessLcmCompactionRecordResponse, w as EngramAccessLcmSearchRequest, x as EngramAccessLcmSearchResponse, y as EngramAccessLcmStatusResponse, z as EngramAccessMaintenanceResponse, A as EngramAccessMemoryBrowseRequest, B as EngramAccessMemoryBrowseResponse, D as EngramAccessMemoryRecord, F as EngramAccessMemoryResponse, G as EngramAccessMemoryStoreRequest, H as EngramAccessMemorySummary, I as EngramAccessObserveMessage, J as EngramAccessObserveRequest, K as EngramAccessObserveResponse, L as EngramAccessOfflineSyncApplyFileContentRequest, M as EngramAccessOfflineSyncApplyFileContentResponse, N as EngramAccessOfflineSyncApplyRequest, O as EngramAccessOfflineSyncApplyResponse, Q as EngramAccessOfflineSyncFileContentRequest, R as EngramAccessOfflineSyncFileContentResponse, S as EngramAccessOfflineSyncFilesRequest, T as EngramAccessOfflineSyncFilesResponse, U as EngramAccessOfflineSyncSnapshotRequest, V as EngramAccessOfflineSyncSnapshotResponse, W as EngramAccessOfflineSyncSnapshotStreamResponse, X as EngramAccessQualityResponse, Y as EngramAccessRecallExplainRequest, Z as EngramAccessRecallExplainResponse, _ as EngramAccessRecallRequest, a as EngramAccessRecallResponse, $ as EngramAccessReviewDispositionRequest, a0 as EngramAccessReviewDispositionResponse, a1 as EngramAccessReviewQueueResponse, E as EngramAccessService, a2 as EngramAccessSetCodingContextRequest, a3 as EngramAccessSuggestionSubmitRequest, a4 as EngramAccessTimelineResponse, a5 as EngramAccessTrustZoneBrowseRequest, a6 as EngramAccessTrustZoneBrowseResponse, a7 as EngramAccessTrustZoneDemoSeedRequest, a8 as EngramAccessTrustZoneDemoSeedResponse, a9 as EngramAccessTrustZonePromoteRequest, aa as EngramAccessTrustZonePromoteResponse, ab as EngramAccessTrustZoneRecordSummary, ac as EngramAccessTrustZoneStatusResponse, ad as EngramAccessWriteEnvelope, ae as EngramAccessWriteResponse, af as shapeMemorySummary } from './access-service-DFXIlGvZ.js';
3
+ export { C as CodingScopedWriteInput, h as ENGRAM_ACCESS_WRITE_SCHEMA_VERSION, i as EngramAccessActionConfidenceRequest, j as EngramAccessActionConfidenceResponse, k as EngramAccessBriefingRequest, l as EngramAccessBriefingResponse, m as EngramAccessCapsuleListResponse, n as EngramAccessDaySummaryRequest, o as EngramAccessEntityListResponse, p as EngramAccessEntityResponse, q as EngramAccessEntitySummary, r as EngramAccessHealthResponse, b as EngramAccessInputError, s as EngramAccessLcmCompactionFlushRequest, t as EngramAccessLcmCompactionFlushResponse, u as EngramAccessLcmCompactionRecordRequest, v as EngramAccessLcmCompactionRecordResponse, w as EngramAccessLcmSearchRequest, x as EngramAccessLcmSearchResponse, y as EngramAccessLcmStatusResponse, z as EngramAccessMaintenanceResponse, A as EngramAccessMemoryBrowseRequest, B as EngramAccessMemoryBrowseResponse, D as EngramAccessMemoryRecord, F as EngramAccessMemoryResponse, G as EngramAccessMemoryStoreRequest, H as EngramAccessMemorySummary, I as EngramAccessObserveMessage, J as EngramAccessObserveRequest, K as EngramAccessObserveResponse, L as EngramAccessOfflineSyncApplyFileContentRequest, M as EngramAccessOfflineSyncApplyFileContentResponse, N as EngramAccessOfflineSyncApplyRequest, O as EngramAccessOfflineSyncApplyResponse, Q as EngramAccessOfflineSyncFileContentRequest, R as EngramAccessOfflineSyncFileContentResponse, S as EngramAccessOfflineSyncFilesRequest, T as EngramAccessOfflineSyncFilesResponse, U as EngramAccessOfflineSyncSnapshotRequest, V as EngramAccessOfflineSyncSnapshotResponse, W as EngramAccessOfflineSyncSnapshotStreamResponse, X as EngramAccessQualityResponse, Y as EngramAccessRecallExplainRequest, Z as EngramAccessRecallExplainResponse, _ as EngramAccessRecallRequest, a as EngramAccessRecallResponse, $ as EngramAccessReviewDispositionRequest, a0 as EngramAccessReviewDispositionResponse, a1 as EngramAccessReviewQueueResponse, a2 as EngramAccessScopeDebug, E as EngramAccessService, a3 as EngramAccessSetCodingContextRequest, a4 as EngramAccessSuggestionSubmitRequest, a5 as EngramAccessTimelineResponse, a6 as EngramAccessTrustZoneBrowseRequest, a7 as EngramAccessTrustZoneBrowseResponse, a8 as EngramAccessTrustZoneDemoSeedRequest, a9 as EngramAccessTrustZoneDemoSeedResponse, aa as EngramAccessTrustZonePromoteRequest, ab as EngramAccessTrustZonePromoteResponse, ac as EngramAccessTrustZoneRecordSummary, ad as EngramAccessTrustZoneStatusResponse, ae as EngramAccessWriteEnvelope, af as EngramAccessWriteResponse, ag as MemoryScopePlan, ah as shapeMemorySummary } from './access-service-DIZRHQ7Q.js';
4
4
  import './recall-explain-renderer.js';
5
5
  import './types-D8yUmSik.js';
6
6
  import './recall-audit-anomaly.js';
7
7
  import './explicit-capture.js';
8
8
  import './cross-namespace-budget.js';
9
9
  import './maintenance/memory-governance.js';
10
- import './orchestrator-DEQW9j0Z.js';
10
+ import './orchestrator-CX-oqwJq.js';
11
11
  import './live-connectors-runner.js';
12
12
  import './recall-state.js';
13
13
  import './graph-snapshot.js';
@@ -3,7 +3,7 @@ import {
3
3
  EngramAccessInputError,
4
4
  EngramAccessService,
5
5
  shapeMemorySummary
6
- } from "./chunk-5ETA6OAS.js";
6
+ } from "./chunk-YAFSTKTH.js";
7
7
  import "./chunk-GDASG7NC.js";
8
8
  import "./chunk-GDB4J2H3.js";
9
9
  import "./chunk-NT5TINK5.js";
@@ -12,7 +12,7 @@ import "./chunk-SOBJ6NEY.js";
12
12
  import "./chunk-BT7NVCML.js";
13
13
  import "./chunk-H7XKCNR6.js";
14
14
  import "./chunk-UMTG2BN2.js";
15
- import "./chunk-6GIKAUTN.js";
15
+ import "./chunk-MMJANTJX.js";
16
16
  import "./chunk-5RIRL3XL.js";
17
17
  import "./chunk-JGSKJHF7.js";
18
18
  import "./chunk-FF4KLI5W.js";
@@ -1,5 +1,5 @@
1
1
  import { P as PluginConfig } from './types-D8yUmSik.js';
2
- import { O as Orchestrator } from './orchestrator-DEQW9j0Z.js';
2
+ import { O as Orchestrator } from './orchestrator-CX-oqwJq.js';
3
3
  import './types-ByK7T3L6.js';
4
4
  import './index-DJ9QWMw-.js';
5
5
  import './briefing.js';