fix(agent,cli,publisher,scripts): OT-RFC-38 LU-6 — address Codex PR #610 R2

Three follow-ups from the second Codex pass on commit 730e58a:

1. memory.ts:765 — host-catchup applied counter was conflating
   envelope counts with triple counts. One SWM envelope can carry
   many quads, so summing the boolean `applied` flag undercounted
   recoveries whenever a publisher batched > 1 triple per share.

   Threaded `appliedTriples` through SharedMemoryApplyOutcome
   (`insertedTriples` from `quads.length` on the success path) →
   `catchupSwmFromHost` → `catchupSwmFromConnectedHosts` →
   `/api/shared-memory/catchup` + `/api/shared-memory/host-catchup`.
   `appliedTotal` now reports triples (the user-facing unit);
   `appliedEnvelopes` is exposed alongside for operators who want
   the envelope count. `totalInsertedTriples` is rolled up from
   the correct unit (verified end-to-end on the late-joiner devnet:
   appliedTriples=5 vs appliedEnvelopes=1 for a 5-quad batch).

2. dkg-agent.ts:8497 — reconciler re-entry was returning before
   `maybeMarkRegisteredForHostMode()` ran, so a core that
   subscribed while a CG was unregistered stayed on the 6h/1MiB
   pre-registration limits forever — even after the CG was later
   registered on chain — and pruned ciphertext from registered CGs
   much earlier than intended. Mirror the same fix R1 applied to
   `enableSwmHostModeFor()` on the periodic reconcile path.

3. workspace-handler.ts trustedReplay — the R1 bypass of the two
   transport identity checks had no focused coverage (only the
   SwmHostModeStore was unit-tested). New test file
   `workspace-handler-trusted-replay.test.ts` covers:
     a. valid host replay applies (publisher ≠ fromPeerId, allowlist
        only includes publisher, signature + CG binding all valid)
     b. control: same wire bytes WITHOUT trustedReplay are rejected
        (proves the bypass is the only thing letting (a) through)
     c. tampered envelope signature still rejects under trustedReplay
        (agent-gate verification runs first; bypass MUST NOT defeat
         cryptographic identity)
     d. encrypted payload bound to a different CG still rejects
        (CG binding check runs before decryption)
     e. missing decryptor state still rejects as retryable (agent-
        gated analogue of "no sender-key state yet")
   Bonus: tests assert `insertedTriples` is set on the apply
   outcome from (a), locking in the R2-1 contract.

Devnet hardening: scripts/devnet-test-rfc38-late-joiner.sh now
calls `wait_for_peer_link` before SCENARIO B's curator write to
both other members. SCENARIO A→B transition was flaking with
"All multiaddr dials failed" when run from a cold-started devnet
because stale dial cache entries from A weren't expired before
B's 3-way sender-key handshake fan-out.

Verification:
- All 5 new trustedReplay tests pass
- All 21 agent-gate tests still pass
- 9 host-mode-store tests still pass (incl. R1's seqno recovery)
- Pre-existing strict-equality test in workspace.test.ts updated
  to include the new `insertedTriples` field
- All 11 RFC-38 scenarios pass on a clean devnet
  (lu5-pub, lu5-cur, lu7..lu10, e2e, xcg, mm, scale, lj)
- Late-joiner SCENARIO D explicitly observes the R2-1 fix in
  hostCatchup.appliedTotal=5 (triples) vs appliedEnvelopes=1

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: 2 people

packages/agent/src/dkg-agent.ts

@@ -8494,7 +8494,17 @@ export class DKGAgent {
       // local consumption; no need to also opaquely store.
       return;
     }
-    if (this.swmHostModeSubscribed.has(contextGraphId)) return;
+    if (this.swmHostModeSubscribed.has(contextGraphId)) {
+      // Codex PR #610 R2: idempotent re-entry on the periodic
+      // reconcile path must still re-probe on-chain registration
+      // state. Without this, a core that subscribed while the CG
+      // was unregistered stays on the 6h/1MiB pre-registration
+      // limits forever — even after the CG is registered — and
+      // ciphertext gets pruned much earlier than intended.
+      // Mirrors the same safeguard in `enableSwmHostModeFor`.
+      await this.maybeMarkRegisteredForHostMode(contextGraphId);
+      return;
+    }
 
     // Only host curated CGs. Public CGs already have plaintext SWM
     // distribution and don't need an opaque ciphertext custodian.
@@ -8726,7 +8736,20 @@ export class DKGAgent {
   ): Promise<{
     rounds: number;
     fetched: number;
+    /**
+     * Number of envelopes whose apply path returned `applied: true`.
+     * NOT the same as triples — one envelope can carry many quads.
+     * For triples-applied accounting, callers MUST sum
+     * {@link appliedTriples}. Codex PR #610 R2 caught the previous
+     * conflation where `memory.ts` aggregated this count into a
+     * field named `totalInsertedTriples`.
+     */
     applied: number;
+    /**
+     * Total triples (N-Quads) inserted by successful replays.
+     * Summed from `SharedMemoryApplyOutcome.insertedTriples`.
+     */
+    appliedTriples: number;
     skipped: number;
     nextSeqno: number;
     denied?: string;
@@ -8738,6 +8761,7 @@ export class DKGAgent {
     let rounds = 0;
     let fetched = 0;
     let applied = 0;
+    let appliedTriples = 0;
     let skipped = 0;
     let lastDenied: string | undefined;
     while (rounds < maxRounds) {
@@ -8787,6 +8811,10 @@ export class DKGAgent {
           );
           if (outcome.applied) {
             applied += 1;
+            // Triples per envelope is variable; track it separately
+            // from the envelope count so callers reporting a
+            // triples total don't undercount. Codex PR #610 R2.
+            appliedTriples += outcome.insertedTriples ?? 0;
           } else {
             skipped += 1;
             const reason = 'reason' in outcome ? outcome.reason : 'unknown';
@@ -8804,7 +8832,7 @@ export class DKGAgent {
       sinceSeqno = resp.nextSeqno;
       if (!resp.truncated) break;
     }
-    return { rounds, fetched, applied, skipped, nextSeqno: sinceSeqno, ...(lastDenied ? { denied: lastDenied } : {}) };
+    return { rounds, fetched, applied, appliedTriples, skipped, nextSeqno: sinceSeqno, ...(lastDenied ? { denied: lastDenied } : {}) };
   }
 
   /**
@@ -8823,6 +8851,7 @@ export class DKGAgent {
     rounds: number;
     fetched: number;
     applied: number;
+    appliedTriples: number;
     skipped: number;
     nextSeqno: number;
     denied?: string;
@@ -8845,6 +8874,7 @@ export class DKGAgent {
       rounds: number;
       fetched: number;
       applied: number;
+      appliedTriples: number;
       skipped: number;
       nextSeqno: number;
       denied?: string;
@@ -8861,7 +8891,7 @@ export class DKGAgent {
       } catch (err) {
         const reason = err instanceof Error ? err.message : String(err);
         this.log.warn(ctx, `host-catchup peer=${peerId} cg=${contextGraphId} failed: ${reason}`);
-        results.push({ peerId, rounds: 0, fetched: 0, applied: 0, skipped: 0, nextSeqno: options?.sinceSeqno ?? 0, error: reason });
+        results.push({ peerId, rounds: 0, fetched: 0, applied: 0, appliedTriples: 0, skipped: 0, nextSeqno: options?.sinceSeqno ?? 0, error: reason });
       }
     }
     return results;

packages/cli/src/daemon/routes/memory.ts

@@ -750,6 +750,9 @@ WHERE {
     type HostCatchupLeg = {
       contextGraphId: string;
       peers: Awaited<ReturnType<typeof agent.catchupSwmFromConnectedHosts>>;
+      /** Envelope-level counter from the replay path. NOT a triples count. */
+      appliedEnvelopes: number;
+      /** Triples (N-Quads) inserted by successful replays. Maps to the public `appliedTotal`. */
       appliedTotal: number;
       error?: string;
     };
@@ -762,19 +765,30 @@ WHERE {
             peers: peerIdParam ? [peerIdParam] : undefined,
             maxRounds: 8,
           });
-          const appliedTotal = peerResults.reduce((sum: number, r: any) => sum + (r.applied ?? 0), 0);
-          hostCatchup.push({ contextGraphId: cg.contextGraphId, peers: peerResults, appliedTotal });
+          // Codex PR #610 R2: `r.applied` is the count of replayed
+          // envelopes (booleans), NOT inserted triples. One envelope
+          // can carry many quads, so summing `r.applied` here would
+          // undercount whenever a publisher batched > 1 triple per
+          // share. Use `r.appliedTriples` (threaded through
+          // `catchupSwmFromHost` / `SharedMemoryApplyOutcome`) for
+          // the triples total surfaced as `appliedTotal` and rolled
+          // into the top-level `totalInsertedTriples`.
+          const appliedTotal = peerResults.reduce((sum: number, r: any) => sum + (r.appliedTriples ?? 0), 0);
+          const appliedEnvelopes = peerResults.reduce((sum: number, r: any) => sum + (r.applied ?? 0), 0);
+          hostCatchup.push({ contextGraphId: cg.contextGraphId, peers: peerResults, appliedEnvelopes, appliedTotal });
         } catch (err: any) {
           hostCatchup.push({
             contextGraphId: cg.contextGraphId,
             peers: [],
+            appliedEnvelopes: 0,
             appliedTotal: 0,
             error: err?.message ?? String(err),
           });
         }
       }
     }
     const hostCatchupAppliedTotal = hostCatchup.reduce((sum, h) => sum + h.appliedTotal, 0);
+    const hostCatchupEnvelopesTotal = hostCatchup.reduce((sum, h) => sum + h.appliedEnvelopes, 0);
 
     // Codex PR #610 R1 comment 2: `totalInsertedTriples` must cover
     // BOTH the standard sync leg and the LU-6 host-catchup leg so
@@ -830,9 +844,13 @@ WHERE {
       hostCatchup: hostCatchupOpted ? {
         ranFallback: hostCatchup.length > 0,
         triggeredForContextGraphIds: hostCatchup.map((h) => h.contextGraphId),
+        // `appliedTotal` is triples (the user-facing unit); the
+        // separate `appliedEnvelopes` is exposed for operators who
+        // want to know how many discrete shares were replayed.
         appliedTotal: hostCatchupAppliedTotal,
+        appliedEnvelopes: hostCatchupEnvelopesTotal,
         perContextGraph: hostCatchup,
-      } : { ranFallback: false, triggeredForContextGraphIds: [], appliedTotal: 0, perContextGraph: [] },
+      } : { ranFallback: false, triggeredForContextGraphIds: [], appliedTotal: 0, appliedEnvelopes: 0, perContextGraph: [] },
     });
   }
 
@@ -868,12 +886,18 @@ WHERE {
         sinceSeqno,
         maxRounds,
       });
-      const appliedTotal = peerResults.reduce((sum: number, r: any) => sum + (r.applied ?? 0), 0);
+      // Codex PR #610 R2: report triples (`appliedTriples`) as the
+      // user-facing total; keep envelope count alongside as
+      // `appliedEnvelopes` for diagnostics. Same fix as the
+      // `/catchup` fallback leg above.
+      const appliedTotal = peerResults.reduce((sum: number, r: any) => sum + (r.appliedTriples ?? 0), 0);
+      const appliedEnvelopes = peerResults.reduce((sum: number, r: any) => sum + (r.applied ?? 0), 0);
       const fetchedTotal = peerResults.reduce((sum: number, r: any) => sum + (r.fetched ?? 0), 0);
       return jsonResponse(res, 200, {
         contextGraphId: cgId,
         peers: peerResults,
         appliedTotal,
+        appliedEnvelopes,
         fetchedTotal,
       });
     } catch (err: any) {

packages/publisher/src/workspace-handler.ts

@@ -111,6 +111,22 @@ export type SharedMemoryApplyOutcome =
        * Caller addresses the PROTOCOL_SWM_SHARE_ACK to this peer.
        */
       publisherPeerId?: string;
+      /**
+       * Number of N-Quads that were inserted into the SWM graph
+       * by this apply (i.e., `quads.length` after decode + decrypt).
+       *
+       * Distinct from "envelope was applied" (the boolean
+       * `applied` flag): one envelope can carry many quads, so
+       * callers aggregating per-triple counts (e.g. the LU-6
+       * host-catchup endpoint that reports `totalInsertedTriples`)
+       * MUST consume this field rather than counting `applied`
+       * booleans. Codex PR #610 R2 caught the undercount when
+       * `hostCatchup.appliedTotal` was being summed from envelope
+       * counts. Optional only because the false variant cannot
+       * carry it; the true variant always sets it from the same
+       * `quads.length` used in the success-path log line.
+       */
+      insertedTriples?: number;
     }
   | { applied: false; reason: string; retryable: boolean };
 
@@ -1020,6 +1036,7 @@ export class SharedMemoryHandler {
           cgId: contextGraphId,
           shareOperationId,
           publisherPeerId,
+          insertedTriples: quads.length,
         };
       }
       // `applied === false` from the withWriteLocks closure. PR-C