Implement governed memory lifecycle for agentic graph sync

[mdheller]

Objective

Integrate Memory Mesh with the SourceOS/SociOS governed local-first agentic graph foundation.

Memory Mesh must treat durable memory as governed graph state, not ordinary settings.

Required lifecycle

observed -> proposed -> scoped -> approved -> promoted -> synced -> expired/revoked

Required memory fields

• memory ID
• origin
• author
• source agent/user/surface
• confidence
• scope
• sensitivity
• retention
• mutability
• policy class
• policy decision pointer
• audit pointer
• revocation state

Required work

• Define MemoryObject fixture examples for proposed, scoped, promoted, quarantined, expired, and revoked memory.
• Define memory provenance shape.
• Define memory quarantine behavior.
• Define review requirements for global or cross-profile promotion.
• Add audit events for proposal, approval, promotion, quarantine, expiry, and revocation.
• Add .sourceos/manifest.json declaring owned schemas, sync engine, policy classes, dangerous surfaces, and audit events.

Critical rule

Agents may propose memory. They may not silently globalize memory or mutate durable cross-device memory without policy and review.

Dangerous surfaces

• memory.promote
• memory.globalize
• memory.cross_profile_sync
• memory.rewrite
• memory.revoke
• memory.agent_proposed

Acceptance criteria

• Memory lifecycle is fixture-backed.
• Memory promotion requires policy decision and audit pointer.
• Untrusted memory writes are quarantined.
• .sourceos/manifest.json validates against the sourceos-spec manifest contract once available.

Related

• M1: Governed local-first agentic graph foundation SourceOS-Linux/sourceos-spec#86
• Define local-first agentic graph foundation SourceOS-Linux/sourceos-spec#85

[mdheller]

Progress update

Merged PR #25: Add SourceOS M1 repo manifest.

Memory Mesh is now scanner-visible for M1 via .sourceos/manifest.json.

Declared:

• domain: memory
• sync engine: sourceos.sync.memory-mesh
• policy class: high
• merge strategy: manual_review
• authority repos: SourceOS-Linux/sourceos-spec, SocioProphet/policy-fabric, SocioProphet/guardrail-fabric
• dangerous surfaces for memory promotion, globalization, cross-profile sync, rewrite, revocation, and agent-proposed memory

Remaining work on this issue:

• add lifecycle fixtures: observed, proposed, scoped, approved, promoted, synced, expired, revoked
• add memory provenance shape
• add quarantine fixtures and review requirements
• wire to canonical schemas after SourceOS-Linux/sourceos-spec#94 lands or is vendored
• add tests around agent-proposed memory not becoming durable memory automatically