npm - pluribus-context - Versions diffs - 0.3.35 → 0.3.36 - Mend

pluribus-context 0.3.35 → 0.3.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/examples/compaction-resume-receipts/check-resume-receipt.mjs ADDED Viewed

@@ -0,0 +1,116 @@
+#!/usr/bin/env node
+import { readFileSync } from 'node:fs'
+const [file] = process.argv.slice(2)
+if (!file) {
+  console.error('Usage: node check-resume-receipt.mjs <compaction-resume-receipt.json>')
+  process.exit(2)
+}
+let receipt
+try {
+  receipt = JSON.parse(readFileSync(file, 'utf8'))
+} catch (error) {
+  console.error(JSON.stringify({ ok: false, file, errors: [`invalid JSON: ${error.message}`] }, null, 2))
+  process.exit(2)
+}
+const errors = []
+const warnings = []
+if (receipt.type !== 'agent.compaction_resume_receipt.v1') {
+  errors.push('type must be agent.compaction_resume_receipt.v1')
+}
+for (const key of ['compaction_event_id', 'session_id', 'trigger']) {
+  if (!receipt[key] || typeof receipt[key] !== 'string') {
+    errors.push(`${key} is required`)
+  }
+}
+const transcript = receipt.transcript || {}
+if (!transcript.range || typeof transcript.range !== 'string') {
+  errors.push('transcript.range is required')
+}
+if (!transcript.content_hash || typeof transcript.content_hash !== 'string') {
+  errors.push('transcript.content_hash is required; do not log raw transcript text')
+}
+if (transcript.raw_text_logged !== false) {
+  errors.push('transcript.raw_text_logged must be false')
+}
+const summary = receipt.summary || {}
+if (!summary.content_hash || typeof summary.content_hash !== 'string') {
+  errors.push('summary.content_hash is required')
+}
+if (!Number.isInteger(summary.token_count) || summary.token_count <= 0) {
+  errors.push('summary.token_count must be a positive integer')
+}
+const reloads = Array.isArray(receipt.instruction_sources_reloaded)
+  ? receipt.instruction_sources_reloaded
+  : []
+if (reloads.length === 0) {
+  errors.push('instruction_sources_reloaded must include at least one source')
+}
+for (const [index, source] of reloads.entries()) {
+  if (!source.kind || typeof source.kind !== 'string') {
+    errors.push(`instruction_sources_reloaded[${index}].kind is required`)
+  }
+  if (!source.ref || typeof source.ref !== 'string') {
+    errors.push(`instruction_sources_reloaded[${index}].ref is required`)
+  }
+  if (!source.content_hash || typeof source.content_hash !== 'string') {
+    errors.push(`instruction_sources_reloaded[${index}].content_hash is required`)
+  }
+  if (source.raw_body_logged !== false) {
+    errors.push(`instruction_sources_reloaded[${index}].raw_body_logged must be false`)
+  }
+}
+const state = receipt.state || {}
+const kept = Array.isArray(state.kept) ? state.kept : []
+const lost = Array.isArray(state.lost) ? state.lost : []
+if (kept.length === 0) {
+  warnings.push('state.kept is empty; reviewers may not know what survived compaction')
+}
+if (!Array.isArray(state.lost)) {
+  errors.push('state.lost must be an array, even when empty')
+}
+const verdict = receipt.resume_verdict || {}
+if (!['true', 'false', 'unknown'].includes(String(verdict.safe_to_resume))) {
+  errors.push('resume_verdict.safe_to_resume must be true, false, or unknown')
+}
+if (!Array.isArray(verdict.reasons) || verdict.reasons.length === 0) {
+  errors.push('resume_verdict.reasons must explain the verdict')
+}
+if (String(verdict.safe_to_resume) !== 'true') {
+  errors.push(`safe_to_resume is ${verdict.safe_to_resume}; stop, reload, or ask before continuing`)
+}
+if (lost.some((item) => item && item.blocks_resume === true)) {
+  errors.push('state.lost contains at least one blocks_resume=true item')
+}
+const privacy = receipt.privacy || {}
+for (const key of ['raw_prompts_logged', 'raw_tool_output_logged', 'secrets_logged', 'full_instruction_bodies_logged']) {
+  if (privacy[key] !== false) {
+    errors.push(`privacy.${key} must be false`)
+  }
+}
+const result = {
+  ok: errors.length === 0,
+  file,
+  compaction_event_id: receipt.compaction_event_id,
+  session_id: receipt.session_id,
+  safe_to_resume: verdict.safe_to_resume,
+  reloaded_sources: reloads.map((source) => `${source.kind}:${source.ref}`),
+  lost: lost.map((item) => item.ref || item.kind || 'unknown'),
+  errors,
+  warnings
+}
+console.log(JSON.stringify(result, null, 2))
+process.exit(result.ok ? 0 : 1)

package/examples/compaction-resume-receipts/safe-resume-receipt.json ADDED Viewed

@@ -0,0 +1,52 @@
+{
+  "type": "agent.compaction_resume_receipt.v1",
+  "compaction_event_id": "compact-2026-06-01T15-02-59Z",
+  "session_id": "codex-session-42",
+  "trigger": "PostCompact",
+  "transcript": {
+    "range": "messages:1-184",
+    "content_hash": "sha256-7f8f6fbf8a3e3fe0e9f6b59efac0e771d8f64a9ebff3e9b0f5162e43c2e3e89a",
+    "raw_text_logged": false
+  },
+  "summary": {
+    "content_hash": "sha256-8a4f6242e9800f1452bcfd5dbec7e9f1f0b543d72b0c96e57dece44f6c4b8de4",
+    "token_count": 1240
+  },
+  "instruction_sources_reloaded": [
+    {
+      "kind": "AGENTS.md",
+      "ref": "repo-root/AGENTS.md",
+      "content_hash": "sha256-06c39dfb1ba74f5ac6f0e1a6d6b4c65358c3f1a872e96f3fe8d61da947caa1d4",
+      "mtime": "2026-06-01T14:58:02Z",
+      "raw_body_logged": false
+    },
+    {
+      "kind": "plan",
+      "ref": "memory/current-plan.md#active",
+      "content_hash": "sha256-a9b30f8a50dd31ec3c818c9c0d05282bf97f54991a4032f2d547a30174de1c61",
+      "mtime": "2026-06-01T14:59:44Z",
+      "raw_body_logged": false
+    }
+  ],
+  "state": {
+    "kept": [
+      { "kind": "active_plan", "ref": "plan:fix-auth-smoke", "summary_hash": "sha256-4c0f7fd0a72b8cf7e45c0fb97b893590fa12e931f914a34b94756de0d876182c" },
+      { "kind": "open_diff", "ref": "git:working-tree", "summary_hash": "sha256-2e5a0da4b6b4e9d07f11c8f10f332fc74497ef6d052a46997c4f5d0bdb0e1b07" }
+    ],
+    "lost": []
+  },
+  "resume_verdict": {
+    "safe_to_resume": true,
+    "reasons": [
+      "instruction sources reloaded with hashes",
+      "active plan and open diff summarized",
+      "no blocking lost fields recorded"
+    ]
+  },
+  "privacy": {
+    "raw_prompts_logged": false,
+    "raw_tool_output_logged": false,
+    "secrets_logged": false,
+    "full_instruction_bodies_logged": false
+  }
+}

package/examples/compaction-resume-receipts/unsafe-resume-receipt.json ADDED Viewed

@@ -0,0 +1,41 @@
+{
+  "type": "agent.compaction_resume_receipt.v1",
+  "compaction_event_id": "compact-2026-06-01T15-02-59Z",
+  "session_id": "codex-session-42",
+  "trigger": "PostCompact",
+  "transcript": {
+    "range": "messages:1-184",
+    "content_hash": "sha256-7f8f6fbf8a3e3fe0e9f6b59efac0e771d8f64a9ebff3e9b0f5162e43c2e3e89a",
+    "raw_text_logged": true
+  },
+  "summary": {
+    "content_hash": "sha256-8a4f6242e9800f1452bcfd5dbec7e9f1f0b543d72b0c96e57dece44f6c4b8de4",
+    "token_count": 880
+  },
+  "instruction_sources_reloaded": [
+    {
+      "kind": "AGENTS.md",
+      "ref": "repo-root/AGENTS.md",
+      "content_hash": "",
+      "mtime": "2026-06-01T14:58:02Z",
+      "raw_body_logged": true
+    }
+  ],
+  "state": {
+    "kept": [],
+    "lost": [
+      { "kind": "rejected_decisions", "ref": "decision-log:missing", "blocks_resume": true },
+      { "kind": "pending_tests", "ref": "test-plan:unknown", "blocks_resume": true }
+    ]
+  },
+  "resume_verdict": {
+    "safe_to_resume": "unknown",
+    "reasons": ["AGENTS.md hash missing and blocking state was lost"]
+  },
+  "privacy": {
+    "raw_prompts_logged": true,
+    "raw_tool_output_logged": false,
+    "secrets_logged": false,
+    "full_instruction_bodies_logged": true
+  }
+}

package/examples/controlled-learning-queue/README.md ADDED Viewed

@@ -0,0 +1,26 @@
+# Controlled learning queue example
+A copyable layout for Claude Code/OpenClaw/Cursor-style "AI employee" agents that use a role file, Skills, memory, and external tools.
+The pattern is simple:
+- `role/job-contract.md` defines what the agent is allowed to do.
+- `skills/*.md` define procedures with inputs, outputs, and stop conditions.
+- `memory/durable.md` contains approved facts only.
+- `memory/working-notes.md` can hold temporary observations.
+- `learning_queue.md` is where the agent proposes durable memory changes as reviewable diffs.
+- `leads/*.md` are tiny active job cards.
+Run the smoke check:
+```bash
+node check-learning-queue.mjs learning_queue.md
+```
+Expected output:
+```text
+learning queue ok: 2 proposal(s), 1 pending review
+```
+Why it exists: agents can learn from outcomes, but durable cross-run memory should not be rewritten by one edge case without source, scope, expiry, and a promote/reject decision.

package/examples/controlled-learning-queue/check-learning-queue.mjs ADDED Viewed

@@ -0,0 +1,44 @@
+#!/usr/bin/env node
+import fs from 'node:fs';
+const file = process.argv[2] || new URL('./learning_queue.md', import.meta.url).pathname;
+const text = fs.readFileSync(file, 'utf8');
+const proposals = text.split(/^## Proposal /m).slice(1);
+const required = ['Status', 'Source', 'Observed', 'Proposed durable change', 'Reason', 'Scope', 'Expiry', 'Reviewer', 'Decision'];
+const rawRisk = /(api[_-]?key|secret|password|token\s*[:=]|-----BEGIN|raw transcript|verbatim customer|full email)/i;
+const errors = [];
+let pending = 0;
+if (proposals.length === 0) errors.push('missing proposals');
+for (const [index, block] of proposals.entries()) {
+  const id = block.split('\n', 1)[0].trim() || `#${index + 1}`;
+  for (const field of required) {
+    if (!new RegExp(`^${field}:\\s*\\S`, 'mi').test(block)) {
+      errors.push(`${id}: missing ${field}`);
+    }
+  }
+  const status = block.match(/^Status:\s*(.+)$/mi)?.[1]?.trim().toLowerCase();
+  const reviewer = block.match(/^Reviewer:\s*(.+)$/mi)?.[1]?.trim().toLowerCase();
+  const decision = block.match(/^Decision:\s*(.+)$/mi)?.[1]?.trim().toLowerCase();
+  if (status === 'proposed') pending += 1;
+  if (status === 'promoted' && (!reviewer || reviewer === 'pending' || !decision || decision === 'pending')) {
+    errors.push(`${id}: promoted proposal needs reviewer and decision`);
+  }
+  if (/(auto-promote|autopromote|self-approved|self approved)/i.test(block)) {
+    errors.push(`${id}: auto-promotion is not allowed`);
+  }
+  if (rawRisk.test(block)) {
+    errors.push(`${id}: possible raw secret/private payload in learning queue`);
+  }
+}
+if (errors.length) {
+  console.error(`learning queue failed (${errors.length}):`);
+  for (const error of errors) console.error(`- ${error}`);
+  process.exit(1);
+}
+console.log(`learning queue ok: ${proposals.length} proposal(s), ${pending} pending review`);

package/examples/controlled-learning-queue/leads/acme-job-card.md ADDED Viewed

@@ -0,0 +1,12 @@
+# Lead job card: acme
+## Goal
+Prepare a qualification summary for a human owner.
+## Known facts
+- Source: demo form `lead-acme-2026-06-02`.
+- Interest: AI agent workflows for sales operations.
+- Constraint: no pricing promises without human owner.
+## Next safe action
+Draft questions about current workflow, systems of record, and approval boundaries.

package/examples/controlled-learning-queue/learning_queue.md ADDED Viewed

@@ -0,0 +1,27 @@
+# Learning queue
+Agents may propose durable memory updates here. Humans or maintainers promote/reject them.
+## Proposal 2026-06-02-001
+Status: proposed
+Source: lead-acme-2026-06-02 job card, redacted summary only
+Observed: Prospect asked how to prevent a role-based agent from changing ICP after one edge case.
+Proposed durable change: Add "role-based agents may propose ICP changes, but ICP memory changes require human promote/reject review" to `memory/durable.md`.
+Reason: This is a reusable safety boundary for future lead qualification runs.
+Scope: sales-ops-agent / ICP memory
+Expiry: 2026-07-02
+Reviewer: pending
+Decision: pending
+## Proposal 2026-06-02-002
+Status: rejected
+Source: lead-beta-2026-06-01 job card, redacted summary only
+Observed: One prospect wanted a custom discount workflow.
+Proposed durable change: Add "discount requests are common" to `memory/durable.md`.
+Reason: Rejected because one request is not enough to change durable market assumptions.
+Scope: sales-ops-agent / pricing assumptions
+Expiry: 2026-06-15
+Reviewer: owner@example.invalid
+Decision: reject; keep as working note only

package/examples/controlled-learning-queue/memory/durable.md ADDED Viewed

@@ -0,0 +1,10 @@
+# Durable memory
+Approved facts only.
+## ICP
+- Early-stage teams adopting AI coding agents need lightweight reviewable context, not another opaque memory dump.
+## Boundaries
+- Do not store raw customer messages, secrets, or private transcripts.
+- Pricing, legal commitments, and delivery promises require human review.

package/examples/controlled-learning-queue/memory/working-notes.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Working notes
+Temporary notes may live here during an active job. Promote nothing from this file into durable memory without a `learning_queue.md` proposal.
+- 2026-06-02 lead-acme: asked about using Skills for sales ops. Needs human review before any pricing language.

package/examples/controlled-learning-queue/role/job-contract.md ADDED Viewed

@@ -0,0 +1,18 @@
+# Sales ops agent role
+## Mission
+Help qualify inbound leads and prepare concise handoff notes for a human owner.
+## Allowed
+- Read approved lead/job cards.
+- Draft next-step suggestions.
+- Propose changes to durable memory through `learning_queue.md`.
+## Not allowed
+- Promise pricing, discounts, contracts, legal terms, or delivery dates.
+- Rewrite `memory/durable.md` directly.
+- Store raw private email/chat text in durable memory.
+## Escalate when
+- A lead asks for legal/financial commitments.
+- A proposed learning would change ICP, pricing assumptions, compliance boundaries, or data-retention rules.

package/examples/controlled-learning-queue/skills/qualify-lead.md ADDED Viewed

@@ -0,0 +1,17 @@
+# Skill: qualify lead
+## Inputs
+- Lead job card path.
+- Current durable memory.
+- Any approved working notes for this lead.
+## Output
+- Qualification summary.
+- Open questions.
+- Suggested next action.
+- Optional `learning_queue.md` proposal if the case reveals a reusable durable fact.
+## Stop conditions
+- Missing consent or unclear data source.
+- Request requires a human commitment.
+- Proposed durable learning lacks source, scope, or expiry.

package/examples/loaded-resource-boundary/README.md ADDED Viewed

@@ -0,0 +1,22 @@
+# Loaded-resource boundary example
+This example turns "my Skill works in chat but disappears in ACP/Zed/CLI" into a stage-level receipt.
+Run:
+```bash
+node check-loaded-resource-boundary.mjs loaded-resource-boundary.json
+```
+Expected output:
+```text
+loaded-resource boundary ok: 1 required resource/runtime gap recorded
+```
+The sample records the same project skills across two sessions:
+- `chat` discovers, attaches, injects, and reads `skill:pr-review`;
+- `acp`/`zed` discovers and attaches it, but never injects it, so the receipt records `runtime_does_not_inject_resources` and sets `safe_to_continue=false`.
+Use this shape when prompt instructions cannot explain a missing Skill. The host/runtime needs to prove the resource crossed the boundary, not merely that it exists on disk.

package/examples/loaded-resource-boundary/check-loaded-resource-boundary.mjs ADDED Viewed

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+import fs from 'node:fs';
+const file = process.argv[2] ?? new URL('./loaded-resource-boundary.json', import.meta.url);
+const receipt = JSON.parse(fs.readFileSync(file, 'utf8'));
+const fail = (message) => {
+  console.error(`loaded-resource boundary invalid: ${message}`);
+  process.exit(1);
+};
+if (receipt.receipt_type !== 'pluribus.loaded_resource_boundary.v1') fail('unexpected receipt_type');
+if (!Array.isArray(receipt.expected_resources) || receipt.expected_resources.length === 0) fail('expected_resources must be non-empty');
+if (!Array.isArray(receipt.sessions) || receipt.sessions.length < 2) fail('sessions must include at least two runtimes for parity checks');
+const expectedIds = new Set(receipt.expected_resources.map((resource) => resource.id));
+const requiredIds = new Set(receipt.expected_resources.filter((resource) => resource.required !== false).map((resource) => resource.id));
+for (const resource of receipt.expected_resources) {
+  if (!resource.id || !resource.kind || !resource.source_ref || !resource.source_hash?.startsWith('sha256:')) {
+    fail(`expected resource ${resource.id ?? '<missing>'} needs id, kind, source_ref, and sha256 source_hash`);
+  }
+}
+const allowedSkipReasons = new Set([
+  'not_discovered',
+  'not_attached_to_agent',
+  'runtime_does_not_inject_resources',
+  'trigger_not_matched',
+  'resource_read_failed'
+]);
+let mismatches = 0;
+for (const session of receipt.sessions) {
+  for (const key of ['runtime', 'client', 'agent']) {
+    if (!session[key]) fail(`session ${session.session_id ?? '<missing>'} missing ${key}`);
+  }
+  for (const listName of ['discovered_resources', 'attached_resources', 'injected_resources', 'readable_resources', 'skipped_resources']) {
+    if (!Array.isArray(session[listName])) fail(`${session.session_id}: ${listName} must be an array`);
+  }
+  const stageSets = {
+    discovered: new Set(session.discovered_resources),
+    attached: new Set(session.attached_resources),
+    injected: new Set(session.injected_resources),
+    readable: new Set(session.readable_resources)
+  };
+  const skipped = new Map(session.skipped_resources.map((skip) => [skip.id, skip]));
+  for (const id of expectedIds) {
+    if (stageSets.readable.has(id)) continue;
+    const skip = skipped.get(id);
+    if (!skip) {
+      if (requiredIds.has(id)) fail(`${session.session_id}: ${id} is required, not readable, and has no skipped_resources entry`);
+      continue;
+    }
+    if (!allowedSkipReasons.has(skip.reason)) fail(`${session.session_id}: ${id} has unknown skip reason ${skip.reason}`);
+    if (!skip.stage) fail(`${session.session_id}: ${id} skip entry needs a stage`);
+    if (requiredIds.has(id)) mismatches += 1;
+  }
+}
+if (receipt.safe_to_continue !== false && mismatches > 0) {
+  fail('safe_to_continue must be false when expected resources are missing or skipped');
+}
+console.log(`loaded-resource boundary ok: ${mismatches} required resource/runtime gaps recorded`);

package/examples/loaded-resource-boundary/loaded-resource-boundary.json ADDED Viewed

@@ -0,0 +1,69 @@
+{
+  "receipt_type": "pluribus.loaded_resource_boundary.v1",
+  "scenario": "custom-agent skill parity across chat and ACP/Zed",
+  "expected_resources": [
+    {
+      "id": "skill:pr-review",
+      "kind": "skill",
+      "scope": "project",
+      "source_ref": ".kiro/skills/pr-review/SKILL.md",
+      "source_hash": "sha256:7fb8c53b1b1f9b0e0f5a6fdab315b748c64c8b926fdff3d1d6fe6b3f5c8c6a01",
+      "required": true
+    },
+    {
+      "id": "skill:release-notes",
+      "kind": "skill",
+      "scope": "project",
+      "source_ref": ".kiro/skills/release-notes/SKILL.md",
+      "source_hash": "sha256:290d6bbf8d43b5b3f9134718ce9f7b6d08cc25f1a0e9255f5b8ceadcab4e6c18",
+      "required": false
+    }
+  ],
+  "sessions": [
+    {
+      "session_id": "chat-reviewer-2026-06-03",
+      "runtime": "chat",
+      "client": "kiro-desktop",
+      "client_version": "2.5.1",
+      "agent": "reviewer",
+      "task_hash": "sha256:9ed0fd91ef88f64a7de10e7fbab4e979ec6b13701d8a7569e3d4ad4ed9932a9a",
+      "discovered_resources": ["skill:pr-review", "skill:release-notes"],
+      "attached_resources": ["skill:pr-review", "skill:release-notes"],
+      "injected_resources": ["skill:pr-review"],
+      "readable_resources": ["skill:pr-review"],
+      "skipped_resources": [
+        {
+          "id": "skill:release-notes",
+          "stage": "injected",
+          "reason": "trigger_not_matched"
+        }
+      ]
+    },
+    {
+      "session_id": "acp-zed-reviewer-2026-06-03",
+      "runtime": "acp",
+      "client": "zed",
+      "client_version": "2.5.1",
+      "agent": "reviewer",
+      "task_hash": "sha256:9ed0fd91ef88f64a7de10e7fbab4e979ec6b13701d8a7569e3d4ad4ed9932a9a",
+      "discovered_resources": ["skill:pr-review", "skill:release-notes"],
+      "attached_resources": ["skill:pr-review", "skill:release-notes"],
+      "injected_resources": [],
+      "readable_resources": [],
+      "skipped_resources": [
+        {
+          "id": "skill:pr-review",
+          "stage": "injected",
+          "reason": "runtime_does_not_inject_resources"
+        },
+        {
+          "id": "skill:release-notes",
+          "stage": "injected",
+          "reason": "trigger_not_matched"
+        }
+      ]
+    }
+  ],
+  "safe_to_continue": false,
+  "next_action": "file a host/runtime bug with stage-level evidence; do not fix this with stronger prompt wording alone"
+}

package/examples/memory-write-policy/README.md ADDED Viewed

@@ -0,0 +1,28 @@
+# Memory write policy receipt gate
+Shared memory systems are useful when many agents can read the same durable facts. They become risky when every run can also write to that memory without review.
+This example treats a memory write like a code change:
+1. the agent proposes a memory diff;
+2. the diff is scoped to a repo/project/org/user boundary;
+3. the source is hashed instead of copied;
+4. stale facts get an expiry or review date;
+5. future sessions can see what memory was injected;
+6. private/sensitive writes are quarantined until a human or external policy approves them.
+Run the passing fixture:
+```bash
+node examples/memory-write-policy/check-memory-update.mjs \
+  examples/memory-write-policy/approved-memory-update.json
+```
+Run the failing fixture:
+```bash
+node examples/memory-write-policy/check-memory-update.mjs \
+  examples/memory-write-policy/quarantined-memory-update.json
+```
+Use this shape when evaluating cross-agent memory MCPs, knowledge graphs, or shared `CLAUDE.md`/`AGENTS.md` update flows. The point is not to store the memory body in the receipt. The point is to prove that a durable memory update had source, scope, lifecycle, visibility, approval, and privacy checks before it could teach every harness the same fact.

package/examples/memory-write-policy/approved-memory-update.json ADDED Viewed

@@ -0,0 +1,48 @@
+{
+  "type": "agent.memory_update_receipt.v1",
+  "update_id": "memupd_2026_06_01_001",
+  "run_id": "agent_run_8742",
+  "source": {
+    "kind": "claude-code-session",
+    "ref": "repo:acme/shop#issue-4812",
+    "content_hash": "sha256:4df7b1b9d6f4a2c51ad3e1ce761a8f0f918c9a0f4d26c4c8fd9f1e21ad1a19f4"
+  },
+  "scope": {
+    "kind": "repo",
+    "id": "acme/shop",
+    "path_prefix": "apps/checkout"
+  },
+  "proposed_diff": {
+    "adds": [
+      {
+        "memory_ref": "memory:checkout:idempotency-key-policy",
+        "summary_hash": "sha256:dad59f7764d0a6dd8db8f2d6f23d9dd30b3e6b1e1197d5478c05f9d093bc5fed",
+        "reason": "captured repo-local invariant after failing duplicate-charge test"
+      }
+    ],
+    "updates": [],
+    "supersedes": [],
+    "expires": []
+  },
+  "write_policy": {
+    "status": "approved",
+    "policy_ref": "repo-memory-policy:v2",
+    "approved_by": "maintainer:checkout-platform",
+    "approval_channel": "pull-request-review",
+    "private_or_sensitive_detected": false
+  },
+  "lifecycle": {
+    "review_after": "2026-07-01T00:00:00Z",
+    "supersedes_required": false
+  },
+  "injection_visibility": {
+    "next_session_visible": true,
+    "preview_path": ".pluribus/memory-previews/checkout-idempotency-key-policy.md"
+  },
+  "privacy": {
+    "raw_memory_text_logged": false,
+    "raw_prompts_logged": false,
+    "raw_tool_output_logged": false,
+    "secrets_logged": false
+  }
+}