No delete policy
Revocation and archive records preserve FieldMemory rows; they add lifecycle state instead of destructive deletion.
Memory Infrastructure
snapshot Jun 10, 11:41 PMread-onlyConstitution, ontology, policy
The memory layer now lives away from the main command overview: governance, primitives, manifest, policy gates, review queue, and protocol contracts.
Write mode
human-confirmed
human-confirmed boundary
boundary
human-confirmed
The current layer is production-shaped but still read-only; durable writes remain human-confirmed future infrastructure.
review
0 pending candidates
Memory candidates are routed through review and policy gates before becoming coordination memory.
ontology
8 primitives
Builders, signals, evidence, trust, missions, and actions are modeled as coordination memory primitives.
graph v2
40 nodes / 20 edges
Memory Graph v2 unifies people, signals, evidence, decisions, risks, and agent boundaries into one read-only coordination graph.
intelligence
10 opportunities
Coordination Intelligence turns graph nodes and edges into safe queries, scores, explorer paths, and human next actions.
approval
10 approval items
Human Approval Map centralizes memory, mission, graph, agent, signal, and blocked override confirmations.
privacy
User-owned memory
Privacy governance makes OneField private by default, consent-scoped, sensitive-aware, and auditable for future AI users.
write pilot
accept memory candidate as durable memory
The first future write pilot is specified but disabled until migration, audit persistence, backup, and rollback are approved.
operations
Memory operations
Committed memory can now be inspected through version, revoke, archive, and export APIs without deleting old rows.
lifecycle v2
watch
Memory moves through candidate, review, confirmed, conflicted, revoked, archived, and exported states.
query api
ready
Agents query scoped context packs, not raw database rows or unrestricted user memory.
P8.4 Memory Operations
Versioned, revocable, exportable memory
Memory commit v1 now has read-only operational surfaces. Operators can inspect memory status, versions, revocations, archives, and export a session-scoped JSON package for review or handoff.
APIs
/api/memory/operations
/api/memory/export
Operations view
Lists visible memories with version counts, revoked state, archived state, and related records.
Export pack
Returns visible memory, versions, revocations, and archives as JSON without writing files.
preserve
Session scope
Builder sessions see their own created memory; admin/steward sessions can inspect the broader memory layer.
Memory Graph v2
Unified coordination memory graph
Memory Graph v2 unifies builders, signals, quality reports, memory candidates, evidence, decisions, agent permissions, risks, and missions into one read-only coordination graph.
Review required
4
requires_review / blocked_by edges
Nodes
40
all memory graph entities
Edges
20
coordination links
Builders
12
people memory
Signals
8
external inputs
Decisions
1
policy and coordination
Agents
11
gateway boundaries
cluster
People and relationship memory
Builders and relationship edges remain the social backbone of coordination memory.
builder
cluster
Signal and evidence memory
External and agent signals become useful only after quality scoring and traceability.
signal / quality / evidence
cluster
Decision and policy memory
Candidates, policy decisions, risks, and coordination drafts route context toward human review.
candidate / decision / risk
cluster
Agent boundary memory
Agent capability nodes explain what external AI can read, draft, and must not mutate.
agent
Coordination Intelligence
Graph reasoning without autonomous execution
10 coordination opportunities, 4 safe graph query results, and 4 review or blocked edges are available from Memory Graph v2.
Top score
100
high urgency
agent
Agent Gateway
agent node has score 35, 10 graph links, and 1 evidence references.
Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
builder
Lee
builder node has score 100, 2 graph links, and 2 evidence references.
Check relationship context and decide whether a human introduction or follow-up is useful.
agent
Write durable memory
agent node has score 35, 1 graph links, and 1 evidence references.
Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
agent
Create mission
agent node has score 35, 1 graph links, and 1 evidence references.
Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
agent
Trade or move assets
agent node has score 35, 1 graph links, and 1 evidence references.
Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
agent
Modify relationship graph
agent node has score 35, 1 graph links, and 1 evidence references.
Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
Graph Query Hints
Safe query results
query
Why should this action happen?
Coordination decisions are only useful when they can be traced back to signals, evidence, candidate memory, and policy state.
8 evidence ids
query
What can an agent do safely?
Agent capability nodes separate read/draft affordances from blocked write, trade, mutation, and private-access paths.
1 evidence ids
query
Which signals can become memory?
Signals become useful memory context only after quality scoring, candidate creation, policy gates, and human review.
8 evidence ids
query
Where is human review required?
Human review is concentrated around memory policy decisions, high-risk signals, and blocked agent capabilities.
1 evidence ids
Agent Query Pack
Safe read patterns for external agents
allowed
Trace evidence
Follow node and edge ids from signals through quality, candidates, policy, and coordination decisions.
allowed
Explain priority
Explain why a node or opportunity has urgency using graph scores, risk labels, and evidence ids.
allowed
Inspect agent boundary
Read allowed and blocked capability paths before recommending external-agent participation.
allowed
Find human review
List requires_review and blocked_by edges that require operator confirmation.
blocked
4 forbidden query types
Write memory, create missions, trade assets, and read private messages remain outside the query pack.
Graph Explorer
Review and boundary paths
Key nodes
8
highest coordination scores
Review edges
0
requires human review
Blocked edges
4
blocked boundaries
Signal paths
0
signal to memory
Opportunity Feed
Human next actions
agent
Review Agent Gateway
agent node has score 35, 10 graph links, and 1 evidence references.
Agent steward · Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
relation
Review Lee
builder node has score 100, 2 graph links, and 2 evidence references.
Graph steward · Check relationship context and decide whether a human introduction or follow-up is useful.
agent
Review Write durable memory
agent node has score 35, 1 graph links, and 1 evidence references.
Agent steward · Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
agent
Review Create mission
agent node has score 35, 1 graph links, and 1 evidence references.
Agent steward · Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
agent
Review Trade or move assets
agent node has score 35, 1 graph links, and 1 evidence references.
Agent steward · Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
agent
Review Modify relationship graph
agent node has score 35, 1 graph links, and 1 evidence references.
Agent steward · Review the blocked boundary and keep the capability or candidate blocked until a human approves a new path.
Graph Invariants
Boundaries that protect the layer
Graph v2 is read-only until an explicit human-confirmed write layer is approved.
Signals do not become memory without quality, policy, evidence, and human confirmation.
Agent capability nodes describe boundaries, not permissions to mutate state.
Edges should preserve evidence ids for future audit and replay.
Field Map remains the visual social graph; Memory Graph v2 is the coordination memory graph.
Human Approval Map
All state-changing paths stop here
10 human approval items are required before state-changing execution.
Approval items
10
read-only review map
agent_capability
Review Agent Gateway
Human confirmation is required before any state-changing execution.
Agent steward · 1 evidence ids
memory_candidate
Review Lee
Human confirmation is required before any state-changing execution.
Memory steward · 2 evidence ids
memory_candidate
Review Write durable memory
Human confirmation is required before any state-changing execution.
Memory steward · 1 evidence ids
memory_candidate
Review Create mission
Human confirmation is required before any state-changing execution.
Memory steward · 1 evidence ids
memory_candidate
Review Trade or move assets
Human confirmation is required before any state-changing execution.
Memory steward · 1 evidence ids
graph_relation
Review Modify relationship graph
Human confirmation is required before any state-changing execution.
Memory steward · 1 evidence ids
agent_capability
Review agent quality 93
Human confirmation is required before any state-changing execution.
Agent steward · 1 evidence ids
agent_capability
Review Agent memory candidate loop ready
Human confirmation is required before any state-changing execution.
Agent steward · 1 evidence ids
Minimal Write Pilot
accept memory candidate as durable memory
The safest first controlled-write pilot is accepting a reviewed memory candidate as durable memory. It is not enabled in this read-only upgrade.
Enabled
false
current state
Target
memory
first pilot only
Allowed inputs
5
future required fields
Blocked inputs
6
must never enter pilot
Rollback & Audit
No write without undo path
audit
onefield.write-audit-plan.v1
Future writes must capture before/after state, consent, evidence, approver, timestamp, and rollback reference.
memory
Restore previous memory value and mark intent reverted.
First pilot rollback path for durable memory candidate acceptance.
mission
Archive created mission and preserve audit reference.
Future mission writes require a separate lifecycle and owner confirmation.
graph
Restore prior edge or node relation snapshot.
Graph mutation must retain previous relation strength and evidence state.
User Memory Governance
Private by default, scoped by consent
OneField should become user-owned memory infrastructure for AI users: private by default, scoped by consent, sensitive by classification, and auditable for every agent access.
Default visibility
private
4 vault types
public
public_read
Public memories are intentionally visible and safe for broad AI context.
Agents may read public memory with purpose and audit metadata.
internal
consent_required
Internal team or organization memory requires workspace-level authorization.
Agents need workspace consent and scoped purpose.
private
owner_only
Private memory belongs to the owner and is never shared by default.
Agents need explicit owner consent and minimal field access.
sensitive
deny
Sensitive memory needs explicit temporary consent, redaction, and audit.
Agents receive redacted or summarized context only when consent is present.
restricted
deny
Restricted memory covers secrets, keys, credentials, private messages, and regulated data.
Agents cannot read restricted raw data; deny, redact, or quarantine.
Consent Receipts
Future access must be revocable
Every consent must be revocable. Revoked or expired consent must deny future scoped context requests.
oneai
project briefing
Scope: project-memory. Duration: session.
summary / evidenceIds / openDecisions / riskBoundaries
external-agent
read-only coordination recommendation
Scope: coordination-context. Duration: 24h.
nodeIds / edgeIds / evidenceIds / readinessState
Scoped Context
No raw vault export
scope
Project scoped memory
Agents can receive only the project context needed for a stated task.
denied: unrelated personal memory / credentials / private messages
scope
Agent coordination context
External agents can reason over graph structure and boundaries without raw private memory.
denied: raw sensitive content / database records / private vault export
Sensitive Memory Policy
Secrets and private communications stay out
restricted
Secret material
Secret material must not be stored as memory or sent to models.
private keys / seed phrases / passwords / API tokens
sensitive
Financial and identity data
Financial and identity context requires explicit consent, minimization, and redaction.
wallet ownership / government id / bank details / tax records
restricted
Private communications
Private communications should not become agent-readable memory without strong consent and redaction.
private DMs / personal emails / unredacted call transcripts
Audit Schema
Every future access must be traceable
read
memory-read
Records who read scoped memory and why.
policy-defined
agent_access
agent-access
Records every future AI or Agent memory context request.
policy-defined
revoke
consent-revoke
Records consent revocation and blocks subsequent use.
policy-defined
failed_access
failed-access
Records denied access attempts for security review.
security
Memory Constitution
Sovereign trust charter
OneField exists to make memory usable for human and agent coordination without surrendering truth, agency, or governance to automation. It treats memory as shared infrastructure: evidence-grounded, policy-governed, human-confirmed, and useful for coordinated action.
article-1-evidence
Evidence Before Memory
No durable memory should exist without traceable evidence.
Signals must pass quality, policy, and evidence trail checks before memory promotion.
article-2-human-sovereignty
Human Sovereignty
Humans retain final authority over durable memory and coordinated action.
Agent APIs remain read-only until a human-confirmed write path is approved.
article-3-agent-limits
Agent Limits
Agents may interpret, summarize, and recommend, but cannot mutate truth.
All agent-facing protocols advertise read-only boundaries and prohibited actions.
article-4-source-integrity
Source Integrity
External sources are evidence streams, not automatic facts.
Source adapters carry permission scopes, quality flags, and risk labels.
article-5-coordination
Memory For Coordination
The purpose of memory is better coordination, not passive storage.
Coordination briefs translate evidence-backed memory into reviewable operator decisions.
article-6-reversibility
Future Reversibility
Production memory infrastructure must support audit, rollback, and accountability.
Write paths remain blocked until audit and rollback semantics are explicit.
Moat
Why this is not a generic memory database
moat
Coordination memory, not chat memory
OneField remembers trust, evidence, relations, missions, and outcomes rather than only text snippets.
moat
Signal-to-evidence pipeline
External signals are filtered, scored, attributed, and linked before becoming useful memory.
moat
Human-confirmed authority
Agents can reason and draft, but durable state and high-risk actions remain human-confirmed.
moat
Network context graph
The product understands people, relationships, contribution proof, mission pressure, and source credibility together.
moat
Agent-readable protocol surface
Stable read-only contracts make OneField usable by external agents without exposing secrets or write permissions.
Roadmap Boundary
Future writes stay gated
now
P5 read-only production surface
Stabilize contracts, command workspaces, source scopes, sandbox, operator pack, and future vision.
No schema migration, no database writes, no real trading, no private DM access.
next
Memory Graph v2
Unify builder, signal, mission, evidence, decision, agent, and risk nodes into a canonical memory graph.
Design read APIs first; persistence only after explicit migration approval.
next
Human review action layer
Add audited confirmation flows for accepting memory, creating missions, and updating graph relationships.
Every write requires operator approval, audit fields, rollback plan, and backup.
Memory Ontology
Coordination memory primitives
OneField treats memory as a governed coordination substrate: signals become evidence, evidence becomes candidates, candidates pass policy, humans confirm, and only then can durable memory coordinate network action.
input
Signal
An external or agent-originated observation that may become evidence.
gate
Quality Report
A score and risk label that controls whether a signal can influence memory.
state
Evidence Trail
A traceable path from signal to quality to candidate to decision.
memory
Memory Candidate
A proposed durable memory formed from high-quality evidence.
gate
Policy Decision
A rule outcome that allows, reviews, or blocks candidate promotion.
decision
Human Confirmation
The required operator decision before durable memory or mission creation.
coordination
Coordination Brief
A read-only decision draft that turns memory context into operator action.
memory
Durable Memory
A future persisted record that must remain traceable to evidence and confirmation.
Manifest
AI Memory Layer for Networked Coordination
/api/agent/context
Agent context contract
Stable read-only context for AI agents.
/api/agent/coordination-brief
Coordination brief
Converts candidate memories into operator decision drafts.
/api/signals/radar
Signal radar
Aggregates market, social, and agent signals into one read-only radar.
/api/signals/quality
Signal quality gate
Scores external inputs before they influence memory candidates.
/api/memory/policy
Memory policy engine
Applies policy decisions before any durable memory promotion.
/api/evidence/trail
Evidence trail
Traces signals, quality reports, candidates, and decisions.
/api/agent/memory-graph
Memory Graph v2
Unifies builders, signals, quality, candidates, evidence, decisions, agents, risks, and missions into one read-only coordination graph.
/api/agent/coordination-intelligence
Coordination Intelligence Layer
Turns Memory Graph v2 into query results, coordination scores, explorer data, agent query packs, and opportunity feeds.
/api/agent/memory-query-pack
Agent memory query pack
Describes safe graph queries, forbidden query types, evidence citation rules, and read-only routes for external agents.
/api/agent/coordination-opportunities
Coordination opportunity feed
Ranks read-only next-step opportunities from high-score nodes, review edges, blocked boundaries, and signal paths.
/api/agent/execution-readiness
Execution readiness gate
Evaluates whether opportunities are ready, need review, or blocked before any human-approved execution.
/api/agent/approval-map
Human approval map
Lists memory, mission, graph, agent, signal, and blocked override approvals needed before state change.
/api/agent/risk-boundary-ledger
Risk boundary ledger
Explains blocked capabilities, forbidden queries, unsafe execution paths, and future-write-disabled boundaries.
/api/agent/execution-brief
Execution brief pack
Summarizes ready items, blocked items, missing evidence, human approvals, agent-safe participation, and next page.
/api/agent/privacy-governance
User memory governance
Defines user-owned memory privacy tiers, vault boundaries, consent receipts, scoped context, sensitive policy, and audit schema.
/api/agent/consent-receipts
Consent receipt contract
Read-only consent template for future agent access with scope, purpose, duration, allowed fields, and revocation.
/api/agent/scoped-context-policy
Scoped context policy
Defines minimum memory context agents can receive for a stated purpose while denying raw vault exports.
/api/agent/sensitive-memory-policy
Sensitive memory policy
Classifies restricted and sensitive memory, including secret material, identity data, and private communications.
/api/agent/audit-event-schema
Audit event schema
Defines future audit event fields for memory read, agent access, consent revocation, and failed access.
/api/agent/controlled-write-readiness
Controlled write readiness
Defines future write intent, approval preview, audit plan, rollback plan, and disabled minimal write pilot without enabling writes.
/api/agent/write-intents
Write intent contract
Preview-only write intent contract with actor, target type, proposed change, evidence, risk, approval, rollback hint, and expiry.
/api/agent/approval-workflow-preview
Approval workflow preview
Read-only preview of pending, approved, rejected, expired, revoked, and blocked approval states.
/api/agent/write-audit-plan
Write audit plan
Defines before/after state, approver, consent, evidence, timestamp, and rollback audit requirements before future writes.
/api/agent/rollback-plan
Rollback plan
Defines backup, restore, delete, consent revocation, and target-specific rollback requirements before writes.
/api/agent/minimal-write-pilot
Minimal write pilot spec
Disabled pilot spec for accepting reviewed memory candidates as durable memory after explicit migration approval.
not-enabled
Human-confirmed write actions
Disabled until explicit operator review persistence is approved.
Review & Policy
Human confirmation queue
Pending review
0
candidate memories
Policy decisions
0
allow / review / block