{"ok":true,"data":{"version":"onefield.p8-safe-persistence-foundation.v1","generatedAt":"2026-06-11T01:08:32.350Z","readOnly":true,"state":"blocked","score":42,"backupGate":{"version":"onefield.backup-gate.v1","readOnly":true,"status":"blocked","required":true,"recommendedCommand":"pg_dump \"$DATABASE_URL\" > backups/onefield-before-p6-$(date +%Y%m%d%H%M%S).sql","restoreDrillRequired":true,"lastBackupKnown":null,"action":"Confirm a fresh backup and restore drill outside the app before enabling P8.1 writes."},"schemaPlan":{"version":"onefield.memory-lifecycle-schema-plan.v1","readOnly":true,"mode":"additive-plan-only","tables":[{"name":"MemoryLifecycle","purpose":"Track candidate, confirmed, decayed, conflict, revoked, and archived memory state.","preservesExistingData":true},{"name":"MemoryVersion","purpose":"Append new memory versions instead of overwriting existing FieldMemory records.","preservesExistingData":true},{"name":"MemoryConflict","purpose":"Record conflicting claims, evidence ids, and resolution status.","preservesExistingData":true},{"name":"MemoryRevocation","purpose":"Record consent revocation and future access blocks.","preservesExistingData":true},{"name":"MemoryArchive","purpose":"Archive memory references without deleting historical audit trails.","preservesExistingData":true}],"destructiveCommandsBlocked":["prisma db push --force-reset","prisma migrate reset","DROP TABLE","TRUNCATE","DELETE without target and audit"]},"scopedAgentIdentityPlan":{"version":"onefield.scoped-agent-identity-plan.v1","readOnly":true,"agents":[{"id":"oneai","allowedScopes":["read scoped context","draft coordination","draft write intents"],"blockedScopes":["commit writes","self approve","read raw secrets"],"rateLimit":"operator-defined per environment","auditPolicy":"Log every context pack and proposal id."},{"id":"telegram","allowedScopes":["ingest community signals","cite message-derived evidence ids"],"blockedScopes":["read private DMs","create durable memory directly"],"rateLimit":"webhook replay protection required","auditPolicy":"Log source, channel scope, and signal id."},{"id":"onemission","allowedScopes":["sync mission status","link delivery proof"],"blockedScopes":["approve missions","override memory policy"],"rateLimit":"sync job scoped","auditPolicy":"Log mission id, builder id, and status delta."},{"id":"external-ai","allowedScopes":["read scoped memory API","request write-intent preview"],"blockedScopes":["direct database access","unscoped private memory","production mutation"],"rateLimit":"API-key and tenant scoped","auditPolicy":"Log key id, scope, endpoint, and evidence ids."},{"id":"operator","allowedScopes":["review","approve future write intents","confirm backup"],"blockedScopes":["destructive reset","skip audit","skip rollback"],"rateLimit":"session and role scoped","auditPolicy":"Log every approval, rejection, and backup confirmation."}]},"writeIntentConsole":{"version":"onefield.write-intent-console.v1","readOnly":true,"previewCount":1,"actions":["approve","reject","request_more_evidence","inspect_rollback","confirm_backup"],"submitEndpoint":"/api/production/write-intents","submitEnabled":false},"operatorWriteConsole":{"version":"onefield.operator-write-console.v1","generatedAt":"2026-06-11T01:08:32.350Z","readOnly":true,"state":"blocked","inbox":[{"id":"ai-write-preview-1","title":"Review memory from Agent memory candidate loop ready","source":"ai_draft","targetType":"memory","approvalState":"blocked","riskLevel":"medium","evidenceIds":["agent:memory-candidate-loop"],"missingEvidence":[],"blockedGates":["Manual submission requires an authenticated admin or steward session.","backupConfirmed must remain false until an operator confirms a fresh database backup.","ONEFIELD_P6_WRITES_ENABLED must be true and database mode must be active before POST.","Human operator approval required."],"dryRunId":"dry-run:ai-write-preview-1","dryRunResult":{"endpoint":"/api/production/write-intents/dry-run","version":"onefield.write-intent-dry-run.v1","riskScore":54,"blockedGateCount":3,"gateSummary":"Dry-run evaluated memory with 3 blocked gates and risk score 54. No data was written.","noTouchProof":["Dry-run does not call productionWriteService.createWriteIntent.","Dry-run does not call db.$transaction.","Dry-run does not execute Prisma writes.","Dry-run returns validation and gate results only."]},"rollbackHint":"Do not mutate existing records directly. If promoted, create additive memory records or versions linked to review:local:local-signal-memory-candidate.","submitDisabledReason":"Manual submission requires an authenticated admin or steward session."}],"evidenceReview":[{"itemId":"ai-write-preview-1","evidenceIds":["agent:memory-candidate-loop"],"status":"sufficient","summary":"1 evidence ids are attached."}],"approvalStateMachine":[{"state":"pending","meaning":"Operator can review but cannot submit until all gates pass.","canSubmit":false},{"state":"needs_evidence","meaning":"Evidence is missing or insufficient.","canSubmit":false},{"state":"approved","meaning":"Future state only; approval alone still cannot bypass backup, audit, and P6 gates.","canSubmit":false},{"state":"rejected","meaning":"Operator rejected the proposed write intent.","canSubmit":false},{"state":"expired","meaning":"Intent is outside its review window.","canSubmit":false},{"state":"revoked","meaning":"Consent or authorization was revoked.","canSubmit":false},{"state":"blocked","meaning":"One or more blocking gates remain active.","canSubmit":false}],"backupConfirmation":{"required":true,"confirmed":false,"restoreDrillConfirmed":false,"action":"Confirm backup and restore drill outside the app before any future submit-ready state."},"dryRunDiffs":[{"itemId":"ai-write-preview-1","wouldCreate":["WriteIntent draft","AuditEventLog entry","ApprovalDecision pending record"],"wouldNotTouch":["Existing FieldMemory rows","Existing Builder rows","Existing Relation rows","External accounts"],"rollback":"Rollback would mark the write intent reverted and preserve existing records."}],"roleBoundary":[{"role":"admin","canReview":true,"canConfirmBackup":true,"canSubmitWhenReady":false,"blockedActions":["skip audit","skip rollback","run destructive migration"]},{"role":"steward","canReview":true,"canConfirmBackup":false,"canSubmitWhenReady":false,"blockedActions":["confirm backup","submit production write","approve own unsafe change"]},{"role":"agent","canReview":false,"canConfirmBackup":false,"canSubmitWhenReady":false,"blockedActions":["approve","confirm backup","submit","read raw secrets"]},{"role":"external_ai","canReview":false,"canConfirmBackup":false,"canSubmitWhenReady":false,"blockedActions":["approve","confirm backup","submit","access unscoped private memory"]}],"submitPolicy":{"enabled":false,"reason":"Submit is disabled until backup, restore drill, additive migration, scoped roles, audit persistence, and explicit operator enablement are all complete.","futureEnablement":["Backup gate passes","Restore drill passes","Additive migration is applied","P6 write env is enabled","Authenticated admin session exists","Evidence and approval gates pass"]},"summary":"1 write-intent inbox items are reviewable in dry-run mode; submit remains disabled."},"consentPrivacyGate":{"version":"onefield.consent-privacy-gate.v1","readOnly":true,"defaultVisibility":"private","requiredChecks":["consent receipt exists","privacy tier is allowed for requesting agent","sensitive raw material is redacted","revocation policy is visible","audit event schema is attached"],"neverStoreRaw":["private keys","seed phrases","passwords","raw access tokens","full bank credentials","unredacted private message dumps"],"revocationPath":"Every consent must be revocable. Revoked or expired consent must deny future scoped context requests."},"dryRunWriteSimulator":{"version":"onefield.dry-run-write-simulator.v1","readOnly":true,"simulations":[{"id":"dry-run:ai-write-preview-1","targetType":"memory","wouldCreate":["WriteIntent draft","AuditEventLog entry","ApprovalDecision pending record"],"wouldNotTouch":["Existing FieldMemory rows","Existing Builder rows","Existing Relation rows","External accounts"],"requiredApprovals":["Manual submission requires an authenticated admin or steward session.","backupConfirmed must remain false until an operator confirms a fresh database backup.","ONEFIELD_P6_WRITES_ENABLED must be true and database mode must be active before POST.","Human operator approval required."],"result":"blocked"}]},"launchChecklist":{"version":"onefield.persistence-launch-checklist.v1","readOnly":true,"checks":[{"id":"backup","label":"Backup and restore drill","status":"blocked","action":"Take a fresh production backup and verify restore before enabling any write path."},{"id":"schema_plan","label":"Additive schema plan","status":"pass","action":"Schema plan is additive-only and does not alter existing business tables."},{"id":"agent_identity","label":"Scoped agent identity","status":"watch","action":"Create per-agent identities and scoped grants before external AI access."},{"id":"audit","label":"Audit event persistence","status":"watch","action":"Persist every future write intent, approval, rejection, and rollback as audit events."},{"id":"rollback","label":"Rollback readiness","status":"watch","action":"Attach rollback hints and target-specific recovery paths to every write intent."},{"id":"privacy","label":"Consent and privacy gate","status":"pass","action":"Keep private visibility as default and block raw sensitive material."},{"id":"tests","label":"Type, contract, build checks","status":"watch","action":"Run typecheck, contract snapshots, build, and a dry-run write simulation before launch."}]},"summary":"P8.1 Safe Persistence Foundation is blocked by backup gate with 1 write-intent previews, 7 P8 tracks, and 7 launch checks.","guardrails":[{"id":"p8-1-is-dry-run-only","severity":"blocking","rule":"Safe Persistence Foundation must not execute migrations, create write intents, approve changes, or mutate durable records.","action":"Use this layer to inspect backup, schema, privacy, identity, dry-run, and launch readiness before enabling persistence."},{"id":"old-data-is-preserved","severity":"blocking","rule":"Existing builders, memories, circles, relations, missions, users, and insights must not be deleted, reset, or overwritten.","action":"Only proceed with additive tables after backup and restore drill are confirmed."},{"id":"secrets-never-enter-memory","severity":"blocking","rule":"API keys, private keys, passphrases, tokens, seed phrases, and raw private exports must never be stored as memory.","action":"Route secrets through environment configuration and rotate any key that was pasted into chat or logs."}]},"meta":{"generatedAt":"2026-06-11T01:08:32.492Z","version":"onefield.p8-safe-persistence-foundation.v1","readOnly":true}}