hippo-memory 1.15.0 → 1.17.0

package/dist/src/db.js

@@ -6,7 +6,7 @@ import { cleanupArchivedMirrors } from './raw-archive-mirror-cleanup.js';
 import { PACKAGE_VERSION, compareSemver } from './version.js';
 const require = createRequire(import.meta.url);
 const { DatabaseSync } = require('node:sqlite');
-const CURRENT_SCHEMA_VERSION = 30;
+const CURRENT_SCHEMA_VERSION = 37;
 const MIGRATIONS = [
     {
         version: 1,
@@ -1092,6 +1092,736 @@ const MIGRATIONS = [
             }
         },
     },
+    {
+        version: 31,
+        up: (db) => {
+            // E2 incident first-class object (docs/plans/2026-05-29-e2-incident-object.md).
+            // Mirrors the v30 decisions block but for an open -> resolved -> closed
+            // lifecycle (NOT supersede): there is no superseded_by self-FK and no
+            // supersede trigger. An incident is a postmortem capsule: a recorded
+            // operational event with a lifecycle and optional linked receipts (the
+            // memories that are its evidence, stored as a JSON array of ids in
+            // linked_memory_ids). The memory mirror is kept for recall but is not
+            // authoritative; memory_id is NULLABLE with ON DELETE SET NULL so
+            // forget/consolidate/archive does not lose an incident.
+            //
+            // status (open|resolved|closed): resolved records a resolution_text +
+            // resolved_at and stays on record; closed is a terminal retire reachable
+            // from open or resolved. Cross-tenant safety: BEFORE INSERT + BEFORE
+            // UPDATE triggers enforce incidents.tenant_id == the referenced memory's
+            // tenant_id (verbatim mirror of the v30 decisions tenant-match triggers).
+            if (!tableExists(db, 'incidents')) {
+                db.exec(`
+          CREATE TABLE incidents (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            memory_id TEXT,
+            tenant_id TEXT NOT NULL,
+            incident_text TEXT NOT NULL,
+            context TEXT,
+            status TEXT NOT NULL DEFAULT 'open'
+              CHECK (status IN ('open', 'resolved', 'closed')),
+            resolution_text TEXT,
+            resolved_at TEXT,
+            closed_at TEXT,
+            linked_memory_ids TEXT NOT NULL DEFAULT '[]',
+            created_at TEXT NOT NULL,
+            FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE SET NULL
+          )
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_incidents_tenant_status
+          ON incidents(tenant_id, status)
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_incidents_memory
+          ON incidents(memory_id) WHERE memory_id IS NOT NULL
+        `);
+                // Cross-tenant safety vs the referenced memory (verbatim mirror of the
+                // v30 decisions tenant-match triggers; no supersede trigger).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_incidents_tenant_match_insert
+          BEFORE INSERT ON incidents
+          WHEN NEW.memory_id IS NOT NULL
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'incidents.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_incidents_tenant_match_update
+          BEFORE UPDATE ON incidents
+          WHEN NEW.memory_id IS NOT NULL
+            AND (NEW.memory_id IS NOT OLD.memory_id OR NEW.tenant_id IS NOT OLD.tenant_id)
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'incidents.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+            }
+        },
+    },
+    {
+        version: 32,
+        up: (db) => {
+            // E2 process first-class object (docs/plans/2026-05-29-e2-process-object.md).
+            // A process is a "living process map": a named, ordered list of steps that
+            // evolves. Unlike incident (open->resolved->closed, no supersede), process
+            // REUSES the v30 decisions supersede path as its delta mechanism: a process
+            // evolves by being superseded by a NEW VERSION that records what changed
+            // (change_summary) and the full new state (steps), carrying a derived
+            // version counter. So this table combines the v31 incidents tenant-match
+            // trigger pair (vs the referenced memory) WITH the v30 decisions
+            // superseded_by self-FK + supersede tenant-match trigger.
+            //
+            // status (active|superseded|closed): superseded carries a self-FK
+            // superseded_by to the successor version; closed is a terminal
+            // retire-without-successor (only an active head closes). The memory mirror
+            // is kept for recall but is not authoritative; memory_id is NULLABLE with
+            // ON DELETE SET NULL so forget/consolidate/archive does not lose a process.
+            // steps is a JSON-encoded array of step strings (scoped v1; a normalized
+            // process_steps table is deferred). version is server-derived
+            // (predecessor.version + 1); change_summary is set on a successor row only.
+            if (!tableExists(db, 'processes')) {
+                db.exec(`
+          CREATE TABLE processes (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            memory_id TEXT,
+            tenant_id TEXT NOT NULL,
+            process_name TEXT NOT NULL,
+            description TEXT,
+            steps TEXT NOT NULL DEFAULT '[]',
+            version INTEGER NOT NULL DEFAULT 1,
+            status TEXT NOT NULL DEFAULT 'active'
+              CHECK (status IN ('active', 'superseded', 'closed')),
+            superseded_by INTEGER,
+            superseded_at TEXT,
+            change_summary TEXT,
+            closed_at TEXT,
+            created_at TEXT NOT NULL,
+            FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE SET NULL,
+            FOREIGN KEY (superseded_by) REFERENCES processes(id) ON DELETE SET NULL
+          )
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_processes_tenant_status
+          ON processes(tenant_id, status)
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_processes_memory
+          ON processes(memory_id) WHERE memory_id IS NOT NULL
+        `);
+                // Cross-tenant safety vs the referenced memory (verbatim mirror of the
+                // v31 incidents / v30 decisions tenant-match triggers).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_processes_tenant_match_insert
+          BEFORE INSERT ON processes
+          WHEN NEW.memory_id IS NOT NULL
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'processes.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_processes_tenant_match_update
+          BEFORE UPDATE ON processes
+          WHEN NEW.memory_id IS NOT NULL
+            AND (NEW.memory_id IS NOT OLD.memory_id OR NEW.tenant_id IS NOT OLD.tenant_id)
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'processes.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                // Cross-tenant safety vs the successor process (self-FK; verbatim mirror
+                // of the v30 decisions supersede trigger). superseded_by is set only via
+                // the supersede UPDATE; the successor must share the tenant. The successor
+                // row already exists in the same transaction when this fires.
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_processes_supersede_tenant_match_update
+          BEFORE UPDATE ON processes
+          WHEN NEW.superseded_by IS NOT NULL
+            AND NEW.superseded_by IS NOT OLD.superseded_by
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM processes WHERE id = NEW.superseded_by)
+              THEN RAISE(ABORT, 'processes.superseded_by must reference a process in the same tenant')
+            END;
+          END
+        `);
+            }
+        },
+    },
+    {
+        version: 33,
+        up: (db) => {
+            // E2 policy first-class object (docs/plans/2026-05-30-e2-policy-object.md).
+            // The "bi-temporal-first" object type: a named rule/statement that is in
+            // force over an EFFECTIVE-TIME range (valid_from required, valid_to nullable
+            // = open-ended) and evolves via the v32 processes supersede machinery
+            // (superseded_by self-FK + supersede tenant-match trigger + version +
+            // change_summary). This table = the v32 processes table MINUS `steps`
+            // (a policy has policy_text, not an ordered step list) PLUS the first-class
+            // effective-time columns valid_from/valid_to. Valid-time is the queryable
+            // axis (the as-of query loadPoliciesAsOf); transaction-time is present via
+            // created_at + the supersede chain's superseded_at (time-travel deferred).
+            //
+            // All date inputs are normalized to canonical ISO-8601 datetime
+            // (toISOString) at the store boundary before persist/compare, so the
+            // fixed-width values sort lexically and the half-open [valid_from, valid_to)
+            // as-of comparison is correct (plan-eng-critic round-1 CRIT fix).
+            if (!tableExists(db, 'policies')) {
+                db.exec(`
+          CREATE TABLE policies (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            memory_id TEXT,
+            tenant_id TEXT NOT NULL,
+            policy_name TEXT NOT NULL,
+            policy_text TEXT NOT NULL,
+            valid_from TEXT NOT NULL,
+            valid_to TEXT,
+            version INTEGER NOT NULL DEFAULT 1,
+            status TEXT NOT NULL DEFAULT 'active'
+              CHECK (status IN ('active', 'superseded', 'closed')),
+            superseded_by INTEGER,
+            superseded_at TEXT,
+            change_summary TEXT,
+            closed_at TEXT,
+            created_at TEXT NOT NULL,
+            FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE SET NULL,
+            FOREIGN KEY (superseded_by) REFERENCES policies(id) ON DELETE SET NULL
+          )
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_policies_tenant_status
+          ON policies(tenant_id, status)
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_policies_memory
+          ON policies(memory_id) WHERE memory_id IS NOT NULL
+        `);
+                // Supports the as-of query (active policies in force at a valid-time).
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_policies_asof
+          ON policies(tenant_id, valid_from)
+        `);
+                // Cross-tenant safety vs the referenced memory (verbatim mirror of the
+                // v32 processes tenant-match triggers).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_policies_tenant_match_insert
+          BEFORE INSERT ON policies
+          WHEN NEW.memory_id IS NOT NULL
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'policies.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_policies_tenant_match_update
+          BEFORE UPDATE ON policies
+          WHEN NEW.memory_id IS NOT NULL
+            AND (NEW.memory_id IS NOT OLD.memory_id OR NEW.tenant_id IS NOT OLD.tenant_id)
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'policies.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                // Cross-tenant safety vs the successor policy (self-FK; verbatim mirror of
+                // the v32 processes supersede trigger).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_policies_supersede_tenant_match_update
+          BEFORE UPDATE ON policies
+          WHEN NEW.superseded_by IS NOT NULL
+            AND NEW.superseded_by IS NOT OLD.superseded_by
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM policies WHERE id = NEW.superseded_by)
+              THEN RAISE(ABORT, 'policies.superseded_by must reference a policy in the same tenant')
+            END;
+          END
+        `);
+            }
+        },
+    },
+    {
+        version: 34,
+        up: (db) => {
+            // E2 skill first-class object (docs/plans/2026-05-30-e2-skill-object.md).
+            // A skill is a reusable, agent-followable capability: an `instructions` body
+            // + an optional `trigger_text` (when to apply), evolving via the v32
+            // processes supersede machinery (superseded_by self-FK + supersede
+            // tenant-match trigger + version + change_summary). This table = the v32
+            // processes table MINUS `steps` (a skill's content is a single instructions
+            // body) PLUS `instructions` (NOT NULL) and `trigger_text`. "Executable" is
+            // scoped to an agent-followable instruction that EXPORTS into the agent's
+            // in-force rules (AGENTS.md / CLAUDE.md) via exportSkills; literal code
+            // execution is deferred. NOTE: the column is `trigger_text`, NOT `trigger`,
+            // because TRIGGER is a SQLite reserved keyword.
+            if (!tableExists(db, 'skills')) {
+                db.exec(`
+          CREATE TABLE skills (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            memory_id TEXT,
+            tenant_id TEXT NOT NULL,
+            skill_name TEXT NOT NULL,
+            instructions TEXT NOT NULL,
+            trigger_text TEXT,
+            version INTEGER NOT NULL DEFAULT 1,
+            status TEXT NOT NULL DEFAULT 'active'
+              CHECK (status IN ('active', 'superseded', 'closed')),
+            superseded_by INTEGER,
+            superseded_at TEXT,
+            change_summary TEXT,
+            closed_at TEXT,
+            created_at TEXT NOT NULL,
+            FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE SET NULL,
+            FOREIGN KEY (superseded_by) REFERENCES skills(id) ON DELETE SET NULL
+          )
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_skills_tenant_status
+          ON skills(tenant_id, status)
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_skills_memory
+          ON skills(memory_id) WHERE memory_id IS NOT NULL
+        `);
+                // Cross-tenant safety vs the referenced memory (verbatim mirror of the
+                // v32 processes tenant-match triggers).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_skills_tenant_match_insert
+          BEFORE INSERT ON skills
+          WHEN NEW.memory_id IS NOT NULL
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'skills.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_skills_tenant_match_update
+          BEFORE UPDATE ON skills
+          WHEN NEW.memory_id IS NOT NULL
+            AND (NEW.memory_id IS NOT OLD.memory_id OR NEW.tenant_id IS NOT OLD.tenant_id)
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'skills.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                // Cross-tenant safety vs the successor skill (self-FK; verbatim mirror of
+                // the v32 processes supersede trigger).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_skills_supersede_tenant_match_update
+          BEFORE UPDATE ON skills
+          WHEN NEW.superseded_by IS NOT NULL
+            AND NEW.superseded_by IS NOT OLD.superseded_by
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM skills WHERE id = NEW.superseded_by)
+              THEN RAISE(ABORT, 'skills.superseded_by must reference a skill in the same tenant')
+            END;
+          END
+        `);
+            }
+        },
+    },
+    {
+        version: 35,
+        up: (db) => {
+            // E2 project_brief first-class object
+            // (docs/plans/2026-05-30-e2-project-brief-object.md). A project_brief is the
+            // living, repo-scoped summary of a repository's state: a `summary` body
+            // scoped to a `repo`, evolving via the v34 skills supersede machinery
+            // (superseded_by self-FK + supersede tenant-match trigger + version +
+            // change_summary). This table = the v34 skills table with
+            // skill_name/trigger_text replaced by `repo` (the repo-scoping dimension)
+            // PLUS `summary` (the brief body). The distinguishing op (refreshBrief, in
+            // src/project-briefs.ts) auto-assembles the summary from the repo's receipts
+            // (memory rows tagged path:<repo>); it needs no schema support beyond `repo`.
+            // All column names were checked against SQLite reserved words (skill-episode
+            // lesson re: `trigger`): repo/summary/version/status/etc. are non-reserved.
+            if (!tableExists(db, 'project_briefs')) {
+                db.exec(`
+          CREATE TABLE project_briefs (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            memory_id TEXT,
+            tenant_id TEXT NOT NULL,
+            repo TEXT NOT NULL,
+            summary TEXT NOT NULL,
+            version INTEGER NOT NULL DEFAULT 1,
+            status TEXT NOT NULL DEFAULT 'active'
+              CHECK (status IN ('active', 'superseded', 'closed')),
+            superseded_by INTEGER,
+            superseded_at TEXT,
+            change_summary TEXT,
+            closed_at TEXT,
+            created_at TEXT NOT NULL,
+            FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE SET NULL,
+            FOREIGN KEY (superseded_by) REFERENCES project_briefs(id) ON DELETE SET NULL
+          )
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_project_briefs_tenant_status
+          ON project_briefs(tenant_id, status)
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_project_briefs_memory
+          ON project_briefs(memory_id) WHERE memory_id IS NOT NULL
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_project_briefs_repo
+          ON project_briefs(tenant_id, repo, status)
+        `);
+                // Cross-tenant safety vs the referenced memory (verbatim mirror of the
+                // v34 skills tenant-match triggers).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_project_briefs_tenant_match_insert
+          BEFORE INSERT ON project_briefs
+          WHEN NEW.memory_id IS NOT NULL
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'project_briefs.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_project_briefs_tenant_match_update
+          BEFORE UPDATE ON project_briefs
+          WHEN NEW.memory_id IS NOT NULL
+            AND (NEW.memory_id IS NOT OLD.memory_id OR NEW.tenant_id IS NOT OLD.tenant_id)
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'project_briefs.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                // Cross-tenant safety vs the successor brief (self-FK; verbatim mirror of
+                // the v34 skills supersede trigger).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_project_briefs_supersede_tenant_match_update
+          BEFORE UPDATE ON project_briefs
+          WHEN NEW.superseded_by IS NOT NULL
+            AND NEW.superseded_by IS NOT OLD.superseded_by
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM project_briefs WHERE id = NEW.superseded_by)
+              THEN RAISE(ABORT, 'project_briefs.superseded_by must reference a project_brief in the same tenant')
+            END;
+          END
+        `);
+            }
+        },
+    },
+    {
+        version: 36,
+        up: (db) => {
+            // E2 customer_note first-class object (the LAST E2 object)
+            // (docs/plans/2026-06-01-e2-customer-note-object.md). A customer_note is a
+            // discrete note recorded against an account/customer entity, evolving via the
+            // v35 project_briefs supersede machinery (superseded_by self-FK + supersede
+            // tenant-match trigger + version + change_summary). This table = the v35
+            // project_briefs table with repo/summary replaced by `customer` (the
+            // entity-scoping dimension; a free-form account/customer id - the entities
+            // table is unbuilt E3.1, so a FK is deferred) PLUS `note` (the note body).
+            // MANY notes per customer (each its own supersede chain), unlike the
+            // one-summary-per-repo project_brief. All column names checked against SQLite
+            // reserved words (skill-episode lesson, codebase-audit rule 10): customer/note/
+            // version/status/etc. are non-reserved.
+            if (!tableExists(db, 'customer_notes')) {
+                db.exec(`
+          CREATE TABLE customer_notes (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            memory_id TEXT,
+            tenant_id TEXT NOT NULL,
+            customer TEXT NOT NULL,
+            note TEXT NOT NULL,
+            version INTEGER NOT NULL DEFAULT 1,
+            status TEXT NOT NULL DEFAULT 'active'
+              CHECK (status IN ('active', 'superseded', 'closed')),
+            superseded_by INTEGER,
+            superseded_at TEXT,
+            change_summary TEXT,
+            closed_at TEXT,
+            created_at TEXT NOT NULL,
+            FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE SET NULL,
+            FOREIGN KEY (superseded_by) REFERENCES customer_notes(id) ON DELETE SET NULL
+          )
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_customer_notes_tenant_status
+          ON customer_notes(tenant_id, status)
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_customer_notes_memory
+          ON customer_notes(memory_id) WHERE memory_id IS NOT NULL
+        `);
+                db.exec(`
+          CREATE INDEX IF NOT EXISTS idx_customer_notes_customer
+          ON customer_notes(tenant_id, customer, status)
+        `);
+                // Cross-tenant safety vs the referenced memory (verbatim mirror of the
+                // v35 project_briefs tenant-match triggers).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_customer_notes_tenant_match_insert
+          BEFORE INSERT ON customer_notes
+          WHEN NEW.memory_id IS NOT NULL
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'customer_notes.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_customer_notes_tenant_match_update
+          BEFORE UPDATE ON customer_notes
+          WHEN NEW.memory_id IS NOT NULL
+            AND (NEW.memory_id IS NOT OLD.memory_id OR NEW.tenant_id IS NOT OLD.tenant_id)
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'customer_notes.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                // Cross-tenant safety vs the successor note (self-FK; verbatim mirror of the
+                // v35 project_briefs supersede trigger).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_customer_notes_supersede_tenant_match_update
+          BEFORE UPDATE ON customer_notes
+          WHEN NEW.superseded_by IS NOT NULL
+            AND NEW.superseded_by IS NOT OLD.superseded_by
+          BEGIN
+            SELECT CASE
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM customer_notes WHERE id = NEW.superseded_by)
+              THEN RAISE(ABORT, 'customer_notes.superseded_by must reference a customer_note in the same tenant')
+            END;
+          END
+        `);
+            }
+        },
+    },
+    {
+        version: 37,
+        up: (db) => {
+            // E3.3 graph-on-consolidated guard (docs/plans/2026-06-01-e3-graph-guard.md).
+            // The graph layer (entities + relations) sits ON TOP OF consolidated state and
+            // must NEVER index the raw layer. The substrate: entities + relations +
+            // graph_extraction_queue, each FK-ing to memories and guarded so they can only
+            // reference CONSOLIDATED memories (kind IN ('distilled','superseded')), never
+            // kind='raw'. New tables -> real CHECK constraints (unlike the ALTER'd memories,
+            // whose kind CHECK lives in triggers). The kind/source MATCH (source_kind ==
+            // the FK'd memory's actual kind) cannot be a CHECK (CHECK can't subquery), so it
+            // is a BEFORE INSERT *and* BEFORE UPDATE trigger (the subquery-capable pattern
+            // from the v30 decisions / predictions tenant-match triggers). Both INSERT and
+            // UPDATE are guarded: an INSERT-only guard is bypassable via a raw SQL UPDATE
+            // that moves a row onto a raw memory (plan-eng-critic 2026-06-01). All column
+            // names checked vs SQL reserved words (rule 10): rel_type avoids REFERENCES.
+            if (!tableExists(db, 'entities')) {
+                db.exec(`
+          CREATE TABLE entities (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            tenant_id TEXT NOT NULL,
+            entity_type TEXT NOT NULL
+              CHECK (entity_type IN ('person', 'project', 'customer', 'system', 'policy', 'decision')),
+            name TEXT NOT NULL,
+            memory_id TEXT NOT NULL,
+            source_kind TEXT NOT NULL CHECK (source_kind IN ('distilled', 'superseded')),
+            created_at TEXT NOT NULL,
+            FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE CASCADE
+          )
+        `);
+                db.exec(`CREATE INDEX IF NOT EXISTS idx_entities_tenant ON entities(tenant_id)`);
+                db.exec(`CREATE INDEX IF NOT EXISTS idx_entities_memory ON entities(memory_id)`);
+                db.exec(`
+          CREATE TABLE relations (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            tenant_id TEXT NOT NULL,
+            from_entity_id INTEGER NOT NULL,
+            to_entity_id INTEGER NOT NULL,
+            rel_type TEXT NOT NULL
+              CHECK (rel_type IN ('owns', 'supersedes', 'depends-on', 'blocked-by', 'references')),
+            memory_id TEXT NOT NULL,
+            source_kind TEXT NOT NULL CHECK (source_kind IN ('distilled', 'superseded')),
+            created_at TEXT NOT NULL,
+            FOREIGN KEY (from_entity_id) REFERENCES entities(id) ON DELETE CASCADE,
+            FOREIGN KEY (to_entity_id) REFERENCES entities(id) ON DELETE CASCADE,
+            FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE CASCADE
+          )
+        `);
+                db.exec(`CREATE INDEX IF NOT EXISTS idx_relations_tenant ON relations(tenant_id)`);
+                db.exec(`CREATE INDEX IF NOT EXISTS idx_relations_from ON relations(from_entity_id)`);
+                db.exec(`CREATE INDEX IF NOT EXISTS idx_relations_to ON relations(to_entity_id)`);
+                db.exec(`CREATE INDEX IF NOT EXISTS idx_relations_memory ON relations(memory_id)`);
+                db.exec(`
+          CREATE TABLE graph_extraction_queue (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            tenant_id TEXT NOT NULL,
+            memory_id TEXT NOT NULL,
+            kind TEXT NOT NULL CHECK (kind IN ('distilled', 'superseded')),
+            status TEXT NOT NULL DEFAULT 'pending'
+              CHECK (status IN ('pending', 'processed', 'skipped')),
+            enqueued_at TEXT NOT NULL,
+            processed_at TEXT,
+            FOREIGN KEY (memory_id) REFERENCES memories(id) ON DELETE CASCADE
+          )
+        `);
+                db.exec(`CREATE INDEX IF NOT EXISTS idx_graph_queue_status ON graph_extraction_queue(tenant_id, status)`);
+                // entities guard: source_kind must equal the FK'd memory's actual kind (so a
+                // raw memory or a lying source_kind both ABORT), and tenant must match. Both
+                // INSERT and UPDATE (UPDATE fires when memory_id/source_kind/tenant_id change).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_entities_consolidated_only_insert
+          BEFORE INSERT ON entities
+          BEGIN
+            SELECT CASE
+              WHEN NEW.source_kind != (SELECT kind FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'entities.source_kind must equal the referenced memory kind; the graph indexes consolidated state only (no raw)')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'entities.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_entities_consolidated_only_update
+          BEFORE UPDATE ON entities
+          WHEN NEW.memory_id IS NOT OLD.memory_id
+            OR NEW.source_kind IS NOT OLD.source_kind
+            OR NEW.tenant_id IS NOT OLD.tenant_id
+          BEGIN
+            SELECT CASE
+              WHEN NEW.source_kind != (SELECT kind FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'entities.source_kind must equal the referenced memory kind; the graph indexes consolidated state only (no raw)')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'entities.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                // relations guard: source_kind must equal the FK'd memory's kind; tenant must
+                // match the memory AND both endpoint entities (no cross-tenant edges).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_relations_consolidated_only_insert
+          BEFORE INSERT ON relations
+          BEGIN
+            SELECT CASE
+              WHEN NEW.source_kind != (SELECT kind FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'relations.source_kind must equal the referenced memory kind; the graph indexes consolidated state only (no raw)')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'relations.tenant_id must match memories.tenant_id for the referenced memory')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM entities WHERE id = NEW.from_entity_id)
+              THEN RAISE(ABORT, 'relations.tenant_id must match the from_entity tenant (no cross-tenant edges)')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM entities WHERE id = NEW.to_entity_id)
+              THEN RAISE(ABORT, 'relations.tenant_id must match the to_entity tenant (no cross-tenant edges)')
+            END;
+          END
+        `);
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_relations_consolidated_only_update
+          BEFORE UPDATE ON relations
+          WHEN NEW.memory_id IS NOT OLD.memory_id
+            OR NEW.source_kind IS NOT OLD.source_kind
+            OR NEW.tenant_id IS NOT OLD.tenant_id
+            OR NEW.from_entity_id IS NOT OLD.from_entity_id
+            OR NEW.to_entity_id IS NOT OLD.to_entity_id
+          BEGIN
+            SELECT CASE
+              WHEN NEW.source_kind != (SELECT kind FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'relations.source_kind must equal the referenced memory kind; the graph indexes consolidated state only (no raw)')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'relations.tenant_id must match memories.tenant_id for the referenced memory')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM entities WHERE id = NEW.from_entity_id)
+              THEN RAISE(ABORT, 'relations.tenant_id must match the from_entity tenant (no cross-tenant edges)')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM entities WHERE id = NEW.to_entity_id)
+              THEN RAISE(ABORT, 'relations.tenant_id must match the to_entity tenant (no cross-tenant edges)')
+            END;
+          END
+        `);
+                // graph_extraction_queue guard: kind must equal the FK'd memory's actual kind
+                // (so a raw memory ABORTs), and tenant must match. INSERT and UPDATE.
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_graph_queue_consolidated_only_insert
+          BEFORE INSERT ON graph_extraction_queue
+          BEGIN
+            SELECT CASE
+              WHEN NEW.kind != (SELECT kind FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'graph_extraction_queue.kind must equal the referenced memory kind; only consolidated memories are queued (no raw)')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'graph_extraction_queue.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_graph_queue_consolidated_only_update
+          BEFORE UPDATE ON graph_extraction_queue
+          WHEN NEW.memory_id IS NOT OLD.memory_id
+            OR NEW.kind IS NOT OLD.kind
+            OR NEW.tenant_id IS NOT OLD.tenant_id
+          BEGIN
+            SELECT CASE
+              WHEN NEW.kind != (SELECT kind FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'graph_extraction_queue.kind must equal the referenced memory kind; only consolidated memories are queued (no raw)')
+              WHEN NEW.tenant_id != (SELECT tenant_id FROM memories WHERE id = NEW.memory_id)
+              THEN RAISE(ABORT, 'graph_extraction_queue.tenant_id must match memories.tenant_id for the referenced memory')
+            END;
+          END
+        `);
+                // Reverse guard (codex-review-critic 2026-06-01, P1): the graph-table triggers
+                // only fire on writes to the GRAPH tables. They do NOT fire when an
+                // already-indexed memory is later mutated. So 'UPDATE memories SET kind=raw'
+                // (or a tenant change) on a memory the graph references would silently leave
+                // entity/relation/queue rows pointing at a raw / cross-tenant memory while
+                // their source_kind stays 'distilled' - bypassing the central 'graph never
+                // indexes raw' invariant after insertion. This trigger closes that direction:
+                // a memory cannot be reclassified to raw, nor moved cross-tenant, WHILE the
+                // graph references it (rebuild/remove the graph rows first). Cheap: the EXISTS
+                // checks are only evaluated when kind actually becomes raw or tenant changes.
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_memories_graph_referenced_guard
+          BEFORE UPDATE ON memories
+          WHEN (NEW.kind IS NOT OLD.kind OR NEW.tenant_id IS NOT OLD.tenant_id)
+            AND (
+              EXISTS (SELECT 1 FROM entities WHERE memory_id = OLD.id)
+              OR EXISTS (SELECT 1 FROM relations WHERE memory_id = OLD.id)
+              OR EXISTS (SELECT 1 FROM graph_extraction_queue WHERE memory_id = OLD.id)
+            )
+          BEGIN
+            SELECT RAISE(ABORT, 'cannot change the kind or tenant of a memory while the graph references it (E3.3 graph-on-consolidated guard); a graph-referenced memory is immutable in kind/tenant - rebuild/remove the graph rows first, or rebuild them after supersession');
+          END
+        `);
+                // Reverse guard #2 (codex-review-critic 2026-06-01 retry, P2): an entity that is
+                // a relation endpoint cannot be moved cross-tenant. The entity UPDATE trigger
+                // validates the entity against its source memory, but an existing relation
+                // pointing at the entity is NOT re-validated, so a raw 'UPDATE entities SET
+                // tenant_id=?, memory_id=?' to another tenant would leave a tenant-A relation
+                // pointing at a tenant-B entity. Block the tenant move while the entity is
+                // referenced by any relation (rebuild the relations first).
+                db.exec(`
+          CREATE TRIGGER IF NOT EXISTS trg_entities_no_tenant_move_when_referenced
+          BEFORE UPDATE ON entities
+          WHEN NEW.tenant_id IS NOT OLD.tenant_id
+            AND EXISTS (SELECT 1 FROM relations WHERE from_entity_id = OLD.id OR to_entity_id = OLD.id)
+          BEGIN
+            SELECT RAISE(ABORT, 'cannot move an entity cross-tenant while a relation references it as an endpoint (E3.3 graph-on-consolidated guard); rebuild/remove the relations first');
+          END
+        `);
+            }
+        },
+    },
 ];
 function tableHasColumn(db, tableName, columnName) {
     if (!/^[a-z_]+$/i.test(tableName))