instar 1.3.573 → 1.3.575

package/dist/core/ws2SendWiring.d.ts

@@ -21,9 +21,9 @@ export declare const WS2_SEND_WIRED_STORES: ReadonlyArray<string>;
 /**
  * Stores registered for RECEIVE but whose SEND wiring is a KNOWN, enumerated
  * follow-up — NOT a silent omission. Each is here for a stated reason:
- *  - evolutionActions / userRegistry: fully seamed
- *    managers (emitPut + emitDelete); table-row wiring onto the same emitter (WS2-SEND-2).
- *  - topicOperator: seamed put-only (no emitDelete in its manager interface yet) (WS2-SEND-3).
+ *  - userRegistry: fully seamed manager (emitPut + emitDelete); its canonical write
+ *    instance lives in the AgentServer, so it needs the emitter plumbed there before it
+ *    can be wired (WS2-SEND-2b).
  *  - preferences: NO manager emit seam yet — it rode the deprecated `preferences-sync`
  *    verb; needs a manager emit hook before it can be wired (WS2-SEND-3).
  */

package/dist/core/ws2SendWiring.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ws2SendWiring.d.ts","sourceRoot":"","sources":["../../src/core/ws2SendWiring.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH;;+CAE+C;AAC/C,eAAO,MAAM,qBAAqB,EAAE,aAAa,CAAC,MAAM,CAItD,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,uBAAuB,EAAE,aAAa,CAAC,MAAM,CAKxD,CAAC;AAEH,uDAAuD;AACvD,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,SAAS,GAAG,cAAc,CAAC;AAEjE,wDAAwD;AACxD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,CAI1D;AAED,kFAAkF;AAClF,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,6FAA6F;IAC7F,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,EAAE,EAAE,OAAO,CAAC;CACb;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,gBAAgB,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,kBAAkB,CAW9F"}
+{"version":3,"file":"ws2SendWiring.d.ts","sourceRoot":"","sources":["../../src/core/ws2SendWiring.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH;;+CAE+C;AAC/C,eAAO,MAAM,qBAAqB,EAAE,aAAa,CAAC,MAAM,CAMtD,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,uBAAuB,EAAE,aAAa,CAAC,MAAM,CAGxD,CAAC;AAEH,uDAAuD;AACvD,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,SAAS,GAAG,cAAc,CAAC;AAEjE,wDAAwD;AACxD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,CAI1D;AAED,kFAAkF;AAClF,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,6FAA6F;IAC7F,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,EAAE,EAAE,OAAO,CAAC;CACb;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,gBAAgB,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,kBAAkB,CAW9F"}

package/dist/core/ws2SendWiring.js

@@ -21,20 +21,20 @@ export const WS2_SEND_WIRED_STORES = Object.freeze([
     'learnings',
     'relationships',
     'knowledge',
+    'evolutionActions',
+    'topicOperator',
 ]);
 /**
  * Stores registered for RECEIVE but whose SEND wiring is a KNOWN, enumerated
  * follow-up — NOT a silent omission. Each is here for a stated reason:
- *  - evolutionActions / userRegistry: fully seamed
- *    managers (emitPut + emitDelete); table-row wiring onto the same emitter (WS2-SEND-2).
- *  - topicOperator: seamed put-only (no emitDelete in its manager interface yet) (WS2-SEND-3).
+ *  - userRegistry: fully seamed manager (emitPut + emitDelete); its canonical write
+ *    instance lives in the AgentServer, so it needs the emitter plumbed there before it
+ *    can be wired (WS2-SEND-2b).
  *  - preferences: NO manager emit seam yet — it rode the deprecated `preferences-sync`
  *    verb; needs a manager emit hook before it can be wired (WS2-SEND-3).
  */
 export const WS2_SEND_PENDING_STORES = Object.freeze([
-    'evolutionActions',
     'userRegistry',
-    'topicOperator',
     'preferences',
 ]);
 /** Classify a registered store's send-wiring status. */

package/dist/core/ws2SendWiring.js.map

@@ -1 +1 @@
-{"version":3,"file":"ws2SendWiring.js","sourceRoot":"","sources":["../../src/core/ws2SendWiring.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH;;+CAE+C;AAC/C,MAAM,CAAC,MAAM,qBAAqB,GAA0B,MAAM,CAAC,MAAM,CAAC;IACxE,WAAW;IACX,eAAe;IACf,WAAW;CACZ,CAAC,CAAC;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAA0B,MAAM,CAAC,MAAM,CAAC;IAC1E,kBAAkB;IAClB,cAAc;IACd,eAAe;IACf,aAAa;CACd,CAAC,CAAC;AAKH,wDAAwD;AACxD,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,qBAAqB,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAC1D,IAAI,uBAAuB,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC9D,OAAO,cAAc,CAAC;AACxB,CAAC;AAWD;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAAC,gBAAuC;IACxE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,MAAM,KAAK,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;aACrC,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;;YAC9C,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,EAAE,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;AACzE,CAAC"}
+{"version":3,"file":"ws2SendWiring.js","sourceRoot":"","sources":["../../src/core/ws2SendWiring.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH;;+CAE+C;AAC/C,MAAM,CAAC,MAAM,qBAAqB,GAA0B,MAAM,CAAC,MAAM,CAAC;IACxE,WAAW;IACX,eAAe;IACf,WAAW;IACX,kBAAkB;IAClB,eAAe;CAChB,CAAC,CAAC;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAA0B,MAAM,CAAC,MAAM,CAAC;IAC1E,cAAc;IACd,aAAa;CACd,CAAC,CAAC;AAKH,wDAAwD;AACxD,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,qBAAqB,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAC1D,IAAI,uBAAuB,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC9D,OAAO,cAAc,CAAC;AACxB,CAAC;AAWD;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAAC,gBAAuC;IACxE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,MAAM,KAAK,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;aACrC,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;;YAC9C,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,EAAE,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;AACzE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "instar",
-  "version": "1.3.573",
+  "version": "1.3.575",
   "description": "Coherence infrastructure for self-evolving AI agents — on the Claude Code or Codex subscription you already have.",
   "type": "module",
   "main": "dist/index.js",

package/src/data/builtin-manifest.json

@@ -1,8 +1,8 @@
 {
   "$schema": "./builtin-manifest.schema.json",
   "schemaVersion": 1,
-  "generatedAt": "2026-06-15T17:50:05.433Z",
-  "instarVersion": "1.3.573",
+  "generatedAt": "2026-06-15T18:40:34.283Z",
+  "instarVersion": "1.3.575",
   "entryCount": 201,
   "entries": {
     "hook:session-start": {

package/upgrades/1.3.574.md

@@ -0,0 +1,47 @@
+# Upgrade Guide — vNEXT
+
+<!-- assembled-by: assemble-next-md -->
+<!-- bump: patch -->
+
+## What Changed
+
+The `evolutionActions` memory store is now wired into the WS2 send-side — the next of the
+WS2-SEND-2 table-row stores (after `relationships` + `knowledge`). The generic emitter
+from #1168 is attached to `EvolutionManager`'s existing action-queue hooks (the manager
+already fired `emitPut` per surviving action + `emitDelete` per pruned action in
+`saveActions`; the emitter was a `void` placeholder), and `evolutionActions` flips
+PENDING→WIRED in the send-wiring ratchet. The evolution-actions union reader and the
+disclosure-minimized projection already shipped (WS2.5); this is the send attachment +
+its end-to-end proof. Dark by default (`multiMachine.stateSync.evolutionActions`). No new
+route/verb/config-default/migration. Only the enumerated action projection crosses — never
+the local internal id.
+
+## What to Tell Your User
+
+- **Cross-machine self-improvement queue now actually crosses**: "If you run me on more
+  than one machine, a self-improvement action I raise on one now shows up on the others —
+  one shared action queue instead of one per machine. The load-bearing part: a peer SEES
+  when an action was already completed or is in progress elsewhere, so I don't redo work
+  another of my machines already did. Only the action's content crosses (title,
+  description, priority, status, tags) — never the local internal id. It stays off until
+  you ask me to turn on multi-machine sync." ⚗️ Experimental — ships dark.
+
+## Summary of New Capabilities
+
+| Capability | How to Use |
+|-----------|-----------|
+| Cross-machine replication of the evolution action queue | Automatic once `multiMachine.stateSync.evolutionActions` is enabled (off by default) |
+| Status visibility — a peer sees completed/in_progress and won't redo a finished action | Automatic (a status change re-emits) |
+| Removal (prune-over-maxActions) propagates as a fingerprint-keyed tombstone (no resurrection) | Automatic (save path); a RETAINED terminal action is never tombstoned |
+
+## Evidence
+
+Verified by a two-instance in-process E2E
+(`tests/e2e/ws2-evolution-actions-cross-instance.test.ts`): an action raised on instance A
+is read back on B through the bypass-proof union reader as a foreign-origin record — with
+the local `ACT-NNN` id confirmed ABSENT from the projection — and a status change
+(updateAction → completed) on A re-replicates so B's latest read shows `status:'completed'`
+(the peer-won't-redo-it behavior), all over the real journal serve/apply path. `tsc
+--noEmit` clean; the new e2e (2) passes; the ws2-send-wiring integration ratchet (4)
+accepts the PENDING→WIRED move; the unified-trust-system integration suite is green with
+the de-flaked PoW test.

package/upgrades/1.3.575.md

@@ -0,0 +1,44 @@
+# Upgrade Guide — vNEXT
+
+<!-- assembled-by: assemble-next-md -->
+<!-- bump: patch -->
+
+## What Changed
+
+The `topicOperator` store is now wired into the WS2 send-side (a PII kind; WS2-SEND-2b).
+Its authoritative writer is the AgentServer's own `TopicOperatorStore`, so the generic
+emitter (#1168) is attached to `server.getTopicOperatorStore()` right after the AgentServer
+is constructed, and `topicOperator` flips PENDING→WIRED in the send-wiring ratchet. The
+union reader + disclosure-minimized projection already shipped (WS2.6). PUT-ONLY by
+construction — a topic rebinds, never unbinds. Dark by default
+(`multiMachine.stateSync.topicOperator`). No new route/verb/config-default/migration.
+
+## What to Tell Your User
+
+- **Who-runs-which-topic now travels across machines**: "If you run me on more than one
+  machine, the verified operator I bound for a topic on one machine is visible as advisory
+  context on the others — so a topic's operator isn't re-learned from scratch per machine.
+  Only the platform-verified identity crosses (the verified user id + display name) — a name
+  that merely appears in a message can never become an operator. Crucially, a binding that
+  arrives from another machine is treated as a HINT, never as the final word on 'who is my
+  operator here' — only a binding I make locally from an authenticated sender is
+  authoritative. It stays off until you ask me to turn on multi-machine sync." ⚗️
+  Experimental — ships dark.
+
+## Summary of New Capabilities
+
+| Capability | How to Use |
+|-----------|-----------|
+| Cross-machine visibility of verified topic-operator bindings (advisory) | Automatic once `multiMachine.stateSync.topicOperator` is enabled (off by default) |
+| Put-only by construction — a rebind supersedes by HLC; a topic never unbinds | Automatic |
+| Know-Your-Principal preserved — a replicated record is never authoritative for inbound resolution | Automatic (local authenticated bind always wins) |
+
+## Evidence
+
+Verified by a two-instance in-process E2E
+(`tests/e2e/ws2-topicoperator-cross-instance.test.ts`): a `setOperator` bind on instance A
+is read back on B through the bypass-proof union reader as a foreign-origin record keyed on
+(topicId + verified uid), carrying only the verified uid + lowercased names + platform; and
+an idempotent re-bind with a later `boundAt` re-replicates the latest record (put-only —
+there is no delete path). `tsc --noEmit` clean; the new e2e (2) passes; the ws2-send-wiring
+integration ratchet (4) accepts the PENDING→WIRED move.

package/upgrades/side-effects/ws2-send-2-evolution-actions.md

@@ -0,0 +1,57 @@
+# Side-Effects Review — WS2-SEND-2: evolutionActions send-side replication (+ PoW test flake fix)
+
+**Version / slug:** `ws2-send-2-evolution-actions`
+**Date:** `2026-06-15`
+**Author:** `Instar Agent (echo)`
+**Second-pass reviewer:** `not required` (no block/allow/lifecycle authority — additive, dark-gated data-replication wiring; see §4)
+
+## Summary of the change
+
+Extends WS2 send-side emission to the `evolutionActions` store (the next WS2-SEND-2 table-row store after `relationships` + `knowledge`). Mirrors the proven pattern: `src/commands/server.ts` adds `buildEvolutionActionRecordData` + `buildEvolutionActionTombstoneData` to the existing `EvolutionActionsReplicatedStore` destructure and attaches the generic `ReplicatedRecordEmitter` to `evolution.setEvolutionActionReplicationEmitter` (replacing the prior `void` placeholder), gated `if (replicatedRecordEmitter)`; `src/core/ws2SendWiring.ts` moves `evolutionActions` PENDING→WIRED; a new e2e round-trip `tests/e2e/ws2-evolution-actions-cross-instance.test.ts`. The evolution-actions union reader already existed (@8673). `evolution` is the canonical EvolutionManager handed to the AgentServer, so the action-queue routes' real writes flow through the attached hooks (verified: the emit funnel lives in `EvolutionManager.saveActions`, which both addAction and updateAction route through).
+
+**Re-scoping note (honest):** the prior plan batched evolutionActions + userRegistry + topicOperator as one PR on the assumption all three were "just replace the void line." Grounding disproved that for the other two: `userRegistry`'s writes go through ad-hoc UserManager instances + the CLI, and `topicOperator`'s authoritative writer is the AgentServer's own `TopicOperatorStore` — both need the emitter plumbed INTO the AgentServer, not the server.ts mirror. Only `evolutionActions` is a clean canonical-instance attachment. So this PR ships `evolutionActions` alone (high-confidence, the emit genuinely fires on real writes); userRegistry + topicOperator follow in WS2-SEND-2b with the AgentServer plumbing. This is correctness-driven granularity, not deferral — both remain in `WS2_SEND_PENDING_STORES` with their real blocker stated.
+
+**Bundled fix (suite integrity):** `tests/integration/unified-trust-system.test.ts` "rejects PoW for wrong IP" was probabilistically flaky — it solved a PoW at difficulty 8 for one IP and asserted the same nonce is invalid for another IP, but a random hash clears 8 leading-zero bits with probability 1/256, so ~0.4% of CI runs false-accepted and the assertion flipped (observed blocking this very PR train). Raised that one test's difficulty to 16 (false-accept ≈ 1.5e-5, negligible; solve stays <60ms). Zero-Failure-Standard fix encountered while merging — included here rather than left to flake the train again.
+
+## Decision-point inventory
+
+- `ReplicatedRecordEmitter.emit` dark gate (`stateSync.evolutionActions.enabled`) — **pass-through** — pre-existing; `evolutionActions` is now a registered emit target. Default false ⇒ no-op.
+- `EvolutionManager.saveActions` emit funnel — **pass-through** — the manager already fires emitPut per survivor + emitDelete per pruned action (@1212); this attaches a real emitter where there was a no-op.
+- `ws2SendWiring` ratchet — **modify** — `evolutionActions` reclassified PENDING→WIRED.
+- PoW wrong-IP test difficulty 8→16 — **modify (test only)** — no production behavior; removes a probabilistic CI flake.
+
+---
+
+## 1. Over-block
+
+No block/allow surface — over-block not applicable. The emitter never rejects an action write; a null recordKey / null projection / over-cap action is a counted no-op and the local action-queue write always succeeds.
+
+## 2. Under-block
+
+Not applicable (no block surface). An action with an empty identity anchor (no title/createdAt ⇒ `deriveEvolutionActionRecordKey` null) has no cross-machine fingerprint and is intentionally not replicated — local-only. A terminal completed/cancelled action that is RETAINED is NOT tombstoned; only a real queue-removal (prune-over-maxActions) emits a delete — the resurrection guard is preserved.
+
+## 3. Level-of-abstraction fit
+
+Correct layer. Table-row registration onto the generic #1168 substrate, exactly as the spec's WS2-SEND-2 prescribes. The disclosure-minimized projection lives in `EvolutionActionsReplicatedStore` alongside the receive-side schema.
+
+## 4. Signal vs authority compliance
+
+Compliant. No blocking authority. The emitter is additive/best-effort: a builder/journal failure is swallowed + counted (the `saveActions` try/catch guards each emit), never propagated, so an action write can never fail because replication did. The union read is advisory (HIGH tier append-both-and-flag — two divergent states, e.g. completed vs in_progress, inject BOTH as hints rather than silently clobbering). Per `docs/signal-vs-authority.md`, a replicator with no gate authority.
+
+## 5. Interactions
+
+- Shares `server.ts`'s single `replicatedRecordEmitter` + the existing `evolutionActionsUnionReader`. No double-fire: emitPut/emitDelete ride the single `saveActions` path. Distinct store key/kind from learnings + relationships + knowledge.
+- `evolution` (EvolutionManager) is the SAME instance that owns learnings replication (already WIRED) — the two seams are independent (`setLearningReplicationEmitter` vs `setEvolutionActionReplicationEmitter`), distinct store keys, no cross-talk.
+- Touches the same `server.ts` + `ws2SendWiring.ts` as the other WS2-SEND stores → serialized (built on top of merged #1170 knowledge; no parallel WS2-SEND PRs).
+
+## 6. External surfaces
+
+Dark by default (`multiMachine.stateSync.evolutionActions.enabled`). Off ⇒ byte-identical single-machine behavior. On (multi-machine, opt-in): only the enumerated action projection crosses (title, description, priority, status, createdAt, tags, optional commitTo/resolution/dueBy/completedAt/source) — NEVER the local `ACT-NNN` id (fork #1). The load-bearing field is `status`: a peer SEES an action was already completed/in_progress elsewhere so it does not redo it. A received record is quoted `<replicated-untrusted-data>`, advisory work-item only.
+
+## 7. Multi-machine posture (Cross-Machine Coherence)
+
+**Replicated.** Path: `EvolutionManager.addAction/updateAction → saveActions` → `ReplicatedRecordEmitter.emit` → `CoherenceJournal.emitReplicatedRecord` → peer serve/apply → `ReplicatedPeerStreamReader.loadOriginRecords` → `evolutionActionsUnionReader` (no-clobber union, conflict-flagged). Identity = content fingerprint (title + commitTo + createdAt). A STATUS CHANGE re-emits (saveActions re-emits every survivor), so a peer sees the latest status. An actual queue-removal propagates a fingerprint-keyed tombstone (a later `delete` hlc wins — no resurrection). No user-facing notice surface; no topic-transfer state; no generated URLs. Verified end-to-end by the new e2e (put round-trip + status-change re-replication on real journal serve/apply).
+
+## 8. Rollback cost
+
+Trivial. Dark by default; affects only agents that enable `stateSync.evolutionActions`. Back-out = revert the three-file change or set the flag false (instant, no migration). Receive-side + envelope schema already shipped, unaffected. The test-difficulty bump is pure test hygiene, independently revertible.

package/upgrades/side-effects/ws2-send-2b-topicoperator.md

@@ -0,0 +1,45 @@
+# Side-Effects Review — WS2-SEND-2b: topicOperator send-side replication
+
+**Version / slug:** `ws2-send-2b-topicoperator`
+**Date:** `2026-06-15`
+**Author:** `Instar Agent (echo)`
+**Second-pass reviewer:** `not required` (no block/allow/lifecycle authority — additive, dark-gated data-replication wiring; see §4)
+
+## Summary of the change
+
+Extends WS2 send-side emission to the `topicOperator` store (a PII kind; WS2-SEND-2b). Unlike the seamed memory stores, topicOperator's authoritative writer is the AgentServer's OWN `TopicOperatorStore` (constructed internally at `AgentServer.ts:1092`, bound from the authenticated sender via `setOperator`). server.ts has no canonical instance of its own, so the emitter is attached AFTER the AgentServer exists, in server.ts right after `_agentServerRef = server`, via `server.getTopicOperatorStore()?.setOperatorReplicationEmitter(...)`. `ws2SendWiring.ts` moves `topicOperator` PENDING→WIRED. The union reader + projection already shipped (WS2.6). New e2e round-trip.
+
+**PUT-ONLY by construction** — a topic-operator binding is rebound, never erased (the manager has no emitDelete path; the receive side resolves the latest binding by HLC). Wiring put-only is the COMPLETE correct behavior, not a deferred gap.
+
+## Decision-point inventory
+
+- `ReplicatedRecordEmitter.emit` dark gate (`stateSync.topicOperator.enabled`) — **pass-through** — pre-existing; `topicOperator` becomes a registered emit target. Default false ⇒ no-op.
+- `TopicOperatorStore.setOperator` emit funnel — **pass-through** — already fires emitPut on a real bind/rebind; this attaches a real emitter.
+- `ws2SendWiring` ratchet — **modify** — `topicOperator` reclassified PENDING→WIRED.
+
+---
+
+## 1. Over-block
+No block/allow surface. The emitter never rejects a bind; null recordKey / null projection / over-cap is a counted no-op and the local bind always succeeds.
+
+## 2. Under-block
+Not applicable (no block surface). PUT-ONLY is the correct, complete design: a topic rebinds (a new put supersedes by HLC), never unbinds, so there is no emitDelete to wire. A `buildTopicOperatorTombstoneData` helper exists for symmetry but no manager event fires it — by construction, not omission.
+
+## 3. Level-of-abstraction fit
+Correct layer. The attach point is at the server-composition layer (where the AgentServer and its store exist), which is the only place the authoritative TopicOperatorStore is reachable. The projection lives in `TopicOperatorReplicatedStore` beside the receive-side schema.
+
+## 4. Signal vs authority compliance
+Compliant. No blocking authority. The emitter is additive/best-effort (the funnel swallows + counts faults; a bind can never fail because replication did). **Know Your Principal (REQ-M14):** only the platform-verified `uid` + lowercased display names are emitted — a content name can NEVER become an operator. A replicated topic-operator record is UNTRUSTED peer data and is NEVER the authoritative answer to "who is my verified operator of this topic?" — only the LOCAL bind from an authenticated sender is authoritative. The union read is advisory HIGH-tier. Per `docs/signal-vs-authority.md`.
+
+## 5. Interactions
+- Uses server.ts's single `replicatedRecordEmitter` (in scope at the attach point, constructed earlier). Distinct store key/kind from the other WS2 stores. No double-fire (rides the single setOperator funnel).
+- Touches `server.ts` + `ws2SendWiring.ts` (the shared WS2-SEND files) → serialized on top of merged evolutionActions; no parallel WS2-SEND PRs.
+
+## 6. External surfaces
+Dark by default (`multiMachine.stateSync.topicOperator`). Off ⇒ byte-identical single-machine behavior. On (multi-machine, opt-in): crosses the sha-keyed (topicId + verified uid) projection — platform, uid, lowercased names, boundAt. Same at-rest honesty as relationships (transit encrypted; at-rest plaintext per machine). A received record is quoted `<replicated-untrusted-data>`, advisory only — never adopted as the operator.
+
+## 7. Multi-machine posture (Cross-Machine Coherence)
+**Replicated (put-only).** Path: `TopicOperatorStore.setOperator → emit → CoherenceJournal.emitReplicatedRecord → peer serve/apply → ReplicatedPeerStreamReader → topicOperatorUnionReader`. Identity = sha(topicId + verified uid). A rebind re-emits the latest record (HLC-ordered); there is no delete (a topic never unbinds). Verified end-to-end by the new e2e (put round-trip + idempotent rebind replicates the latest boundAt).
+
+## 8. Rollback cost
+Trivial. Dark by default. Back-out = revert the server.ts + ws2SendWiring.ts change or set the flag false (instant, no migration). Receive-side + envelope schema already shipped, unaffected.