aaronrene / knowtation public
docs companion feat/companion-app #1 / 15
aaronrene · 1 day ago · Jun 6, 2026 · Diff

docs(companion): Phase 6 derived-artifact storage & provenance gate (D6.1–D6.7, ratified)

Add the Phase 6 design/authorization gate fixing the binding contract for persisting derived artifacts (ai_summary, embeddings/vectors, discovery facets, insight events) produced by companion/local inference.

Decisions (owner-ratified 2026-06-06): - D6.1 per-tier/per-artifact storage routing; privacy-max never host-readable and never under the server-held KNOWTATION_MEMORY_SECRET key; fail-closed resolver. - D6.2 canonical provenance schema (generated_by/source/model/model_version| runtime_version/lane/privacy_tier/source_note_path/source_event_id/created_at); validated as a write precondition; no secret-bearing field; flag-not-lifecycle. - D6.3 write-back authorization via Phase 1 enforceConsentPolicy; the write is the gated event; delegatedEnrichmentAllowed default-OFF preserved; owner's tier governs (no downgrade); cross-partition writes gated on the tenancy prerequisite. - D6.4 ClientEncryptor hook INTERFACE ONLY; privacy-max requires it; no plaintext fallback ever; fail-closed when the ZK key hierarchy is absent. - D6.5 note-scoped artifacts inherit source-note retention + delete-on-delete; aggregate insights invalidated/re-derivable; crypto-shred for privacy-max. - D6.6 single DerivedArtifactWriter (authority group); migrate/remove the existing enrichIndexedNotes/runDiscoverPass direct writes; runtime group cannot write; build-blocking no-bypass architecture test (extends Phase 5 D5.8). - D6.7 re-enrichment writes fresh provenance (no silent rewrite); still flag-not- lifecycle.

Includes an 11-row adversarial threat model (P6-a…P6-k) and 7-tier test obligations. Decisions only — no storage/writer/encryption code. ZK key hierarchy and tenancy effective/owner identity remain hard prerequisites (fail-closed until they land). Muse-canonical on feat/companion-app.

sha256:b9ddd4d2190dfc4b067fee232306b0f6893a145ba05da5e5192b7120553b7efb sha
sha256:0ea4a431a9629cf4c8dee2519372a36bf44bff101d670127d7312bbfd52b8c69 parent
+45 symbols
1 changed · 796 in snapshot files
sha256:8cc4cd934f76da5e4a511de47eb69ca5642078adbf4359130bcdfb68736dc0c3 snapshot
+45
symbols added
1
file changed
796
files in snapshot
0
dead code introduced
Semantic Changes 45 symbols
~ docs/COMPANION-APP-PHASE-6-DERIVED-ARTIFACT-STORAGE-GATE.md .md 45 symbols added
+ Companion App — Phase 6: Derived-Artifact Storage & Provenance Enforcement Gate section Companion App — Phase 6: Derived-Artifact Storage & Provenance Enforcement Gate L1–606
+ What this gate lifts — and what it deliberately does not section 0. What this gate lifts — and what it deliberately does not L96–119
+ table section table L103–112
+ Adversarial threat model (the storage/write-back surface) section 1. Adversarial threat model (the storage/write-back surface) L119–141
+ table section table L125–138
+ 7-tier test obligations (Phase 6 derived-artifact storage layer) section 10. 7-tier test obligations (Phase 6 derived-artifact storage layer) L547–564
+ table section table L552–561
+ Constraints honored section 11. Constraints honored L564–587
+ Approval table section 12. Approval table L587–606
+ table section table L589–598
+ 1 — Per-tier, per-artifact storage location (binding routing) section 2. Decision D6.1 — Per-tier, per-artifact storage location (binding routing) L141–198
+ Decision — Routing table is binding; privacy-max never resolves to a host-readable or server-held-key location; resoluti section Decision — Routing table is binding; privacy-max never resolves to a host-readable or server-held-key location; resoluti L163–189
+ table section table L165–171
+ Fail-closed section Fail-closed L189–198
+ Verified state section Verified state L146–163
+ 2 — Provenance schema (required fields, placement, semantics) section 3. Decision D6.2 — Provenance schema (required fields, placement, semantics) L198–264
+ Decision — A single canonical provenance record, validated as a write precondition, stamped by the authority group section Decision — A single canonical provenance record, validated as a write precondition, stamped by the authority group L211–255
+ table section table L216–230
+ Fail-closed section Fail-closed L255–264
+ Verified state section Verified state L203–211
+ 3 — Write-back authorization (owner/delegate; default-OFF; no downgrade) section 4. Decision D6.3 — Write-back authorization (owner/delegate; default-OFF; no downgrade) L264–325
+ Decision — Every write-back is gated by `enforceConsentPolicy`; the owner's tier governs; delegated writes stay default- section Decision — Every write-back is gated by `enforceConsentPolicy`; the owner's tier governs; delegated writes stay default- L279–316
+ Fail-closed section Fail-closed L316–325
+ Verified state section Verified state L269–279
+ 4 — Client-encryption hook interface (privacy-max; fail-closed; no plaintext fallback) section 5. Decision D6.4 — Client-encryption hook interface (privacy-max; fail-closed; no plaintext fallback) L325–392
+ Decision — Define the `ClientEncryptor` hook; privacy-max writes require it; absence/failure fails closed; never a plain section Decision — Define the `ClientEncryptor` hook; privacy-max writes require it; absence/failure fails closed; never a plain L338–383
+ code[text] variable variable code[text] L343–354
+ Fail-closed section Fail-closed L383–392
+ Verified state section Verified state L330–338
+ 5 — Retention & deletion (inherit source; delete-on-delete; crypto-shred) section 6. Decision D6.5 — Retention & deletion (inherit source; delete-on-delete; crypto-shred) L392–442
+ Decision — Note-scoped artifacts inherit the note 1:1 and are deleted on delete; aggregate artifacts are invalidated/re- section Decision — Note-scoped artifacts inherit the note 1:1 and are deleted on delete; aggregate artifacts are invalidated/re- L405–434
+ Fail-closed section Fail-closed L434–442
+ Verified state section Verified state L397–405
+ 6 — Single derived-artifact writer (object-capability enforcement) section 7. Decision D6.6 — Single derived-artifact writer (object-capability enforcement) L442–488
+ Decision — Exactly one `DerivedArtifactWriter` in the authority group; all stores reached only through it; enforced by a section Decision — Exactly one `DerivedArtifactWriter` in the authority group; all stores reached only through it; enforced by a L454–480
+ Fail-closed section Fail-closed L480–488
+ Verified state section Verified state L447–454
+ 7 — Provenance integrity & re-enrichment on model upgrade section 8. Decision D6.7 — Provenance integrity & re-enrichment on model upgrade L488–527
+ Decision — Re-enrichment writes a fresh provenance record; never rewrites history silently; never a lifecycle state section Decision — Re-enrichment writes a fresh provenance record; never rewrites history silently; never a lifecycle state L498–519
+ Fail-closed section Fail-closed L519–527
+ Verified state section Verified state L493–498
+ How Phase 6 discharges the prior phases' deferred obligations section 9. How Phase 6 discharges the prior phases' deferred obligations L527–547
+ table section table L529–539
+ Simple summary section Simple summary L42–70
+ Technical summary section Technical summary L70–96
Files Changed
+1
796 in snapshot
+ docs/COMPANION-APP-PHASE-6-DERIVED-ARTIFACT-STORAGE-GATE.md .md
Older Add companion app phase session prompts sha256:0ea4a431a9629cf4c8dee2519372a36bf44bff101d670127d7312bbfd52b8c69 All commits
Newer → Latest on feat/companion-app

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:b9ddd4d2190dfc4b067fee232306b0f6893a145ba05da5e5192b7120553b7efb --body "your comment"