Consolidate the agent publish/share surface onto the canonical KA lifecycle (#1087)#1265
Open
Jurij89 wants to merge 21 commits into
Open
Consolidate the agent publish/share surface onto the canonical KA lifecycle (#1087)#1265Jurij89 wants to merge 21 commits into
Jurij89 wants to merge 21 commits into
Conversation
…the assertionName fork W1 of the #1087 agent-tooling cleanup. ApiClient.publishFromFinalizedAssertion now delegates to knowledgeAssetPublish (POST /api/knowledge-assets/:name/vm/publish), so `dkg shared-memory publish`, `dkg index`, and the publishAssertion composite re-point with unchanged signatures + typed returns. The assertionName fork of /api/shared-memory/publish (it duplicated /vm/publish) is removed and replaced with a 400 guard that rejects a stray `assertionName` body (so it can't fall through to the selection fork). network-sim + node-ui e2e publish helpers re-pointed. The selection fork, the #1179 numeric-publishContextGraphId branch, /write, /conditional-write, and all sync/host routes are untouched (handled in later waves). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…share; add the create one-shot [D3] W2 of the #1087 agent-tooling cleanup, across MCP, OpenClaw, Hermes. Removed the three agent tools and their dead client methods: - MCP: deleted tools/publish.ts wholesale + registerPublishTools wiring + dead client.publishQuads/publishSharedMemory (createKnowledgeAsset kept for D3). - OpenClaw: deleted dkg_publish/dkg_shared_memory_publish/dkg_share defs + handlers + tool-host wiring. The dkg-client/publisher-extension publish methods are now caller-less but KEPT (daemon/CLI call — flagged for the daemon wave). - Hermes: deleted the 3 tool schemas/handlers + dead client methods + _annotate_207_partial; narrowed the publish gate 3 tools -> 1 (the _direct_publish_allowed gate preserved for the surviving canonical publish); system-prompt surgery to teach the named-KA path. dkg_memory + shared helpers untouched. [D3] Extended dkg_knowledge_asset_create (x3 adapters) with optional quads + alsoShareSwm/also_share_swm (default FALSE, passed explicitly so the helper's seal-true default can't leak; no alsoPublishVm). One daemon call: POST /api/knowledge-assets {quads, finalize, alsoShareSwm}. Modes: draft / wm-sealed / swm-shared. Tests updated across all 3 adapters incl. D3 3-mode + default-false regression + no-alsoPublishVm guards. MCP 227 / OpenClaw 1098 / Hermes pytest 109 + vitest 90 green (excl. 2 pre-existing MCP inject-hook flakes + the pre-existing part-11 python3 host issue). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…iant at the wire Adds 4 body-level guard tests proving a default/false create never emits alsoShareSwm:true on the wire (parity with the TS adapters, where the createKnowledgeAsset client helper would otherwise force-share on seal). Locks in the no-auto-share invariant against future body-builder changes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…th the TS adapters)
Aligns Hermes to the plan's create-tool contract ("ignored when there are no
quads") and the two TS adapters: a bare dkg_knowledge_asset_create with
also_share_swm but no quads is now a plain WM draft (no error, no share) instead
of a hard-reject. All 3 adapters are now byte-parallel; the daemon's
non-finalized-share guard remains the backstop.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… loose-SWM/bridge dead code W3 of the #1087 agent-tooling cleanup. - CTA-1 (MemoryLayerView "Publish all/selected in SWM"): data source switched from listSwmEntities (raw SWM roots) to listAssertions(cg,'swm') (named), publishing per-ASSERTION via /vm/publish -- fixes the latent >=2-root "exactly one root entity" throw. - CTA-2 (ka.tsx "Ratify"): named-only -- publishes via /vm/publish when the entity resolves to a named SWM assertion; un-named loose roots get no publish button. - Added knowledgeAssetPublishWithSeal: the single catch->seal->retry chokepoint (catch the /vm/publish 409 PUBLISH_NOT_FULL_SHARE|VM_PUBLISH_PRECONDITION -> wm/finalize{layer:swm} -> retry once; SWM_SUBSET_NOT_SEALABLE -> typed throw, no loop). Extended knowledgeAssetFinalize with the swm layer. - Removed now-dead loose-SWM code: publishTriples, writeSharedMemory, the publishSharedMemory bridge caller, listSwmEntities/SwmRootEntity + 3 helpers, and their tests/mocks/stale comments. None touch the /api/shared-memory/write ROUTE (kept; daemon-level, tracked in #1260). tsc --noEmit clean; ui-api-pure + affected component tests green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…1179 authz-bypass branch W3.5 of the #1087 agent-tooling cleanup -- the bridge is now caller-free (adapters deleted in W2, node-UI migrated in W3). - Deleted the entire POST /api/shared-memory/publish route handler block (the W1 stray-assertionName 400 guard + the selection fork + the #1179 numeric- publishContextGraphId authz-bypass branch -- SECURITY: gone, NOT migrated) + the helpers it solely used (resolvePublishRootEntities & friends, publishResponsePayload, MAX_PUBLISH_EPOCHS) + now-unused imports. - Deleted ApiClient.publishFromSharedMemory (the internal CLI shim for the selection fork) + its test (publish-from-swm-readboth.test.ts). - Migrated the publish-get benchmark's sync leg off the removed loose-write+selection path onto the canonical named-KA publishAssertion. KEPT (verified): engine agent.publishFromSharedMemory (hard dep of /vm/publish), agent.publishFromFinalizedAssertion, route (ii) /api/knowledge-assets/publish, ALL sibling routes (/write, /conditional-write, /memory/turn + sync/host routes), and the 5 now-dead-but-publicly-re-exported facade/transport methods (left for a future library-API cleanup). cli build green; api-client 46/46. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…crub loose-SWM/bridge refs W4 of the #1087 agent-tooling cleanup. - dkg-node + dkg-importer SKILL.md: deleted the dkg_publish/dkg_shared_memory_publish/ dkg_share rows; replaced the "three publish tools / two forks" framing with the single canonical create -> write -> seal -> share -> publish flow; removed the agent-facing /api/shared-memory/{write,publish,conditional-write} prose (now a "non-agent primitive, tracked in #1260" note); reframed route (ii) as CLI/programmatic; [D3] documented dkg_knowledge_asset_create({quads, alsoShareSwm}) (default-false, stops at SWM) as the one-shot; added the consequence note (loose SWM is non-publishable via the canonical path -> author a named KA). KEPT swm/share, dkg_query view:shared-working-memory, and the seal-error rows. - .cursor/rules/dkg-annotate.mdc: dropped dkg_share from the Write list; retired-tools note; human-gated publish -> dkg_knowledge_asset_publish. - Flipped cli/test/skill-endpoint.test.ts (canonical endpoints present; /api/shared-memory/publish absent). - Tidy-ups: 2 now-stale code comments (memory.ts, api-client.ts) + auth.test.ts's route-agnostic sample path -> a surviving route. Release note: OpenClaw copies SKILL.md into the workspace at `dkg openclaw setup`; existing OpenClaw nodes need a re-run to pick up the new docs. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… doc-truth parity) Fixes the 2 majors + cosmetic stale comments surfaced by the pre-push adversarial review. - network-sim (MAJOR): deleted publishFromSharedMemory + its "Publish to Chain" ControlPanel button -- it POSTed the now-deleted /api/shared-memory/publish selection fork (TS-silent, would break at runtime). It modeled the removed loose-then-publish-by-selection flow; named-KA publish already lives in the separate Publish tab (-> /vm/publish). SharedMemoryTab is now Write+Query SWM only. - MCP + OpenClaw (MAJOR): stripped "Prefer this over dkg_shared_memory_publish" from the surviving dkg_knowledge_asset_publish description (a deleted tool named in agent-facing copy); replaced with Hermes-parallel positive wording. Restores cross-adapter parity. - Stale-comment tidy: mcp/openclaw handler comments, the CLI shared-memory publish comment, a test doc-comment, and the node-ui VM-graph comment -- repointed off the deleted route/tools. Verified: zero deleted-route/tool refs in network-sim or MCP/OpenClaw src; adapters tsc-clean + targeted tests green; network-sim build green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… the deleted bridge Pre-push follow-up to the review-fix pass. The repo-wide grep showed 2 of the 5 "kept" facade methods still POST the now-deleted /api/shared-memory/publish route, so they would 404 if used -- keeping a public method that calls a deleted route is worse than removing it. - Deleted DkgClient.publishSharedMemory (adapter-openclaw) + its 5 test blocks + the index.ts re-export. - Deleted DkgPublisherExtension.publishSharedMemory (core) + the transport-interface member + the dead SharedMemoryPublishRequest interface + the mock-transport stub; folded the shared test onto its surviving publishVerifiableMemory half. KEPT (call surviving routes): DkgClient.publish + DkgClient.share, and DkgPublisherExtension.publishVerifiableMemory + writeSharedMemory. tsc clean; core 1084/1084, OpenClaw 1093 pass/1 skip. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…eted bridge route CI caught this real-daemon-route test asserting 400 on POST /api/shared-memory/publish (deleted in this PR -> now 404). Repointed to the canonical per-KA /api/knowledge-assets/:name/vm/publish, which rejects an unknown CG with the same CONTEXT_GRAPH_NOT_FOUND via the shared resolveRequiredWriteContextGraphId preflight -- preserving unknown-CG validation coverage (no sibling test covered it on a surviving publish route). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… seal-retry recovery Addresses the PR #1265 review (otReviewAgent). - Removed the ensureContextGraphOnChain pre-call (+ unused import) from both publish CTAs (MemoryLayerView publishAssertions, ka.tsx VerifyOnDkgButton). The daemon /vm/publish route deliberately runs local preconditions FIRST and only registers the CG on the CG_NOT_REGISTERED retry path, rehydrating the STORED publishPolicy. The pre-call burned registration gas on a doomed publish and risked the #1085 default-policy (the UI register call sends no policy). The CTAs now call knowledgeAssetPublishWithSeal directly and let the daemon register at the right time. - Added 3 tests for the recovery contract: 409 PUBLISH_NOT_FULL_SHARE and VM_PUBLISH_PRECONDITION each -> wm/finalize{layer:'swm'} -> retry-once succeeds; SWM_SUBSET_NOT_SEALABLE -> typed throw, no retry loop. tsc clean; ui-api-pure 52/52. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Deep-review caught the package README still documenting dkg_publish + dkg_shared_memory_publish as live (the publish-bridges table, a prose recommendation, and the deleted src/tools/publish.ts package-layout row) with a stale "31 tools" count -- both prior reviews audited SKILL.md + tool descriptions but not the README. Collapsed the publish section to the single canonical dkg_knowledge_asset_publish + a removed-in-#1087 note; fixed the count to 29 (matches the drop-sweep.test.ts locked surface). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…deleted publish route Addresses 2 PR #1265 review comments. - publish-get benchmark: the sync-leg KA name was benchmark-sync-<runId>-<iteration>, but runIteration runs for both warmup and measured phases with the same numeric iteration, so warmup-N and measured-N collided (name/idempotency-based create) and the GET validated the wrong marker. Name now includes the phase (benchmark-sync-<runId>-<warmup|measured>-<iteration>), mirroring the payload's own warmup-/measured- root+marker uniqueness. - context-graph-write-path-validation: added a negative test that POSTs the deleted /api/shared-memory/publish with a VALID CG and asserts 404 (unambiguous route-not-found) -- guards the route deletion against accidental reintroduction. cli tsc clean; the benchmark unique-roots + marker tests pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…te the api mocks Addresses 2 PR #1265 review comments. - /api/knowledge-assets/:name/vm/publish returns 207 when the KA minted on-chain but the CG binding failed (contextGraphError in the body; post() treats 207 as ok, so it rides through un-thrown). Typed contextGraphError on PublishResult + knowledgeAssetPublishWithSeal, and surfaced it: ka.tsx Verify CTA renders a warning ("binding incomplete") instead of a clean check; MemoryLayerView counts a `partial` tally, prefers a clean sample, and downgrades the result card to a warning when partial>0. Added a ui-api-pure test (207+contextGraphError resolves, no seal/retry). - Completed the full vi.mock('../src/ui/api.js') in the two component tests that load the components barrel (-> ka.tsx) with the new exports it imports (knowledgeAssetPublishWithSeal + the real SwmSubsetNotSealableError class), avoiding a missing-mock module-load failure. tsc clean; ui-api-pure 53/53; component-mock suites green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Follow-up doc-truth pass from the deep adversarial review: - docs/agent-context/task-packs/publish-query.md + docs/use-dkg/publish-and-query.md: dropped dkg_shared_memory_publish from the live Node Skill tool lists (archive/ docs left as historical record). - mcp-dkg/src/client.ts: reworded the registerContextGraph JSDoc off the deleted publishSharedMemory/register_if_needed flow (vm/publish auto-registers). - knowledge-assets.ts: the migration-alias comment no longer cites the deleted MCP publishQuads / OpenClaw publish callers (the alias remains for publishAssertion + network-sim). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…d wire tests
otReviewAgent nit: the 4 new no-leak guard tests passed create_assertion('ka','cg1')
positionally, but the signature is (context_graph_id, name) -- so they recorded a
reversed contextGraphId/name and only checked quads/alsoShareSwm. Switched to keyword
args (context_graph_id='cg1', name='ka') and added assertions on the recorded
contextGraphId + name so an arg-order/serialization regression now fails. (The
pre-existing write_assertion test uses the distinct (assertion_name, context_graph_id)
signature -- left unchanged.)
pytest 113/113 (PYTHON=python).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…o false republish advice)
otReviewAgent: the round-2 partial-publish warning told the user to republish, but a
207 means the KA is already minted on-chain and re-running publish won't re-attempt the
failed context-graph binding (no re-bind endpoint exists). Centralized the copy in
api.ts -- partialPublishWarning(contextGraphError) ("Published on-chain, but linking it
into the context graph did not complete, so context-graph views may be incomplete" +
the daemon detail) + PARTIAL_PUBLISH_STATUS_SUFFIX -- and wired both CTAs (ka.tsx +
MemoryLayerView) to the single source. Added a unit test asserting the copy never
suggests republish/retry, and stubbed the new exports in both component mocks.
tsc clean; ui-api-pure 54/54.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ed") otReviewAgent nit: the part-14 create test's doc comment said also_share_swm WITHOUT quads is "rejected", contradicting the test's own assertion (and the §2.6 contract) that it is IGNORED -- no error, plain draft. Comment-only; aligns the validation evidence with the pinned contract. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…"Requires quads") otReviewAgent nit: the also_share_swm schema description claimed it "Requires quads", contradicting the handler (and the MCP/OpenClaw wording), which IGNORES the flag when no quads are supplied. Reworded to "Default false. Ignored when there are no quads." Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…) param spelling otReviewAgent: the shared dkg-node SKILL documents the D3 flag as camelCase `alsoShareSwm`, but the OpenClaw + Hermes tools expose all fields in snake_case (`also_share_swm`, `context_graph_id`, `sub_graph_name`). An agent copying the example on those adapters would pass a key they ignore -- sealing the asset but silently not sharing it. Added a parameter-spelling note to the Tool-vs-HTTP section (the systemic fix; applies to every param, not just this flag). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
| } | ||
| } | ||
|
|
||
| // POST /api/shared-memory/conditional-write { contextGraphId, quads, conditions, subGraphName? } |
There was a problem hiding this comment.
🔴 Bug: Removing the /api/shared-memory/publish handler makes that endpoint fall through to 404, but active integration/devnet callers in this repo still post to it with the finalized-assertion shape ({ contextGraphId, assertionName }), for example devnet/v10-core-flows/automated.test.ts and multiple devnet/bootstrap scripts. Those flows will now fail before reaching the new /api/knowledge-assets/:name/vm/publish path. Either keep a compatibility handler for the assertion-name publish shape or update the remaining active callers in the same change.
Contributor
Author
There was a problem hiding this comment.
Partly taken, partly explained — thanks, this is a fair push.
Re-pointed (6c0203c) the pure-assertionName callers — the ones with no selection sibling, so they become fully working — to /api/knowledge-assets/:name/vm/publish: devnet/v10-core-flows/automated.test.ts (the file named here), scripts/testnet-publish-stress/publish-loop.mjs, and devnet/_bootstrap/bootstrap.cjs. The .test.ts assertions hold unchanged — /vm/publish returns kaId/status/txHash/blockNumber via the same engine publishFromFinalizedAssertion as the deleted fork (verified statically; the W1 in-CI ApiClient.publishFromFinalizedAssertion → /vm/publish migration is the proof the response shape is compatible).
Still deferred (tracked with #1260): the remaining callers are either mixed (an assertionName and a selection POST in the same file — re-pointing only the assertionName half leaves the file 404-ing on the selection call) or pure-selection (loose publish-by-selection). The selection shape has no named assertion to point at, so migrating it is the named-KA rework this PR deliberately scopes out — it's the same loose-SWM boundary as the kept /api/shared-memory/write. These are devnet/ops tooling; none are in a CI lane.
On the compatibility-handler alternative — declining it deliberately: keeping an assertionName handler would re-introduce the /api/shared-memory/publish route this PR's core purpose is to delete, and the #1179 numeric-publishContextGraphId authz-bypass lived in that exact handler. The whole devnet/ops validation surface wants one coherent named-KA re-validation pass rather than a resurrected bridge; that's the deferred follow-up noted in the PR description (now updated to reflect the 3 re-pointed files).
…deleted bridge route otReviewAgent (escalated): the deleted /api/shared-memory/publish left active devnet callers 404-ing. Re-pointed the 3 PURE-assertionName files (no selection sibling, so they become fully working) to /api/knowledge-assets/:name/vm/publish, mirroring the W1 ApiClient migration: - devnet/v10-core-flows/automated.test.ts (:283, :448) - scripts/testnet-publish-stress/publish-loop.mjs (:299) - devnet/_bootstrap/bootstrap.cjs (:353, :375) Response shape verified statically: /vm/publish returns kaId/status/txHash/blockNumber via the same engine publishFromFinalizedAssertion as the deleted fork, so the test assertions hold unchanged. The remaining callers are MIXED (assertionName + selection in one file) or pure selection (loose publish-by-selection) -- they need the named-KA rework deferred to #1260; a compat handler is rejected (it would re-introduce the bridge route + the #1179 authz-bypass). Devnet-only, not in CI. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
| // daemon must no longer recognize the route at all (route-not-found 404), | ||
| // rather than reach a handler. | ||
| it('no longer serves the removed /api/shared-memory/publish route (404)', async () => { | ||
| const res = await postJson(daemon, '/api/shared-memory/publish', { contextGraphId: LOCAL_CG }); |
There was a problem hiding this comment.
🔴 Bug: This removal is not matched by a complete caller migration. Several non-archive devnet/validation paths still POST to /api/shared-memory/publish (for example scripts/v10-rc-validation.sh, devnet/agent-provenance/automated.test.ts, and devnet/rich-scenario/automated.test.ts), so after this 404 assertion those flows will fail rather than exercising the new per-KA /api/knowledge-assets/{name}/vm/publish route. Please migrate or deliberately retire those callers in the same cleanup so the route deletion is internally consistent.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
create → write → seal → share → publish). This deletes the bypass/loose agent toolsdkg_publish(direct raw-quad mint),dkg_shared_memory_publish, anddkg_shareacross all three adapters (MCP, OpenClaw, Hermes), and re-points every internal caller onto the canonical per-KAPOST /api/knowledge-assets/:name/vm/publish.POST /api/shared-memory/publishentirely — both theassertionNameandselectionforks — and with it the Track C follow-up: numeric publishContextGraphId preflight bypass #1179 numeric-publishContextGraphIdbranch that trusted a caller-supplied on-chain CG id without an ownership check. The surviving publish routes enforce the ownership check.dkg_knowledge_asset_createwith optionalquads+alsoShareSwmso an agent cancreate → write → seal → sharein one call. It is default-false (sharing must be explicit), stops at SWM (never mints to VM), and is byte-parallel across all three adapters — so it cannot reintroduce a one-call bypass./vm/publish(named-only), with acatch 409 → seal-in-SWM → retry-oncesafety net; this also fixes a latent crash when a CG held ≥2 SWM roots.SKILL.mdfiles teach the single canonical flow and scrub every agent-facing loose-SWM/bridge reference;.cursor/rulesupdated; the skill-endpoint contract test is flipped to assert the bridge route is absent./api/shared-memory/write+/conditional-write) is kept — it is the staging buffer the source-worker bulk-ingest + async-LIFT pipeline depends on, and a live consumed channel (dkg_querySWM view, node-UI, gossip/sync). The SWM gossip/sync receive fabric (sync/host routes + handlers) is untouched. Three now-dead but publicly re-exported facade methods (DkgClient.publish,DkgPublisherExtension.publishVerifiableMemory/writeSharedMemory) that still call surviving routes are left for that follow-up.This change was implemented in waves and gated by a multi-angle adversarial review (plan-conformance, over-deletion, #1179 security, correctness, doc-truth, cross-adapter parity) before opening.
Related
publishContextGraphIdauthz-bypass branch (with the deleted bridge route)Files changed
packages/cli/src/daemon/routes/memory.tsPOST /api/shared-memory/publishroute (both forks) + the #1179 numeric-CG authz-bypass branch + the helpers it solely used; keep/write,/conditional-write,/memory/turn, and all sync/host routespackages/cli/src/api-client.tspublishFromFinalizedAssertiondelegates to/vm/publish; deleted thepublishFromSharedMemoryselection-fork shimpackages/cli/src/commands/shared-memory.ts,benchmark/publish-get/*/vm/publishflowpackages/mcp-dkg/src/tools/publish.ts(deleted),tools/assertions.ts,index.ts,client.tsdkg_publish/dkg_shared_memory_publish; extenddkg_knowledge_asset_create(D3); scrub the surviving publish descriptionpackages/adapter-openclaw/src/{tools/*,DkgNodePlugin.ts,dkg-client.ts,index.ts}dkg_publish/dkg_shared_memory_publish/dkg_share; extend create (D3); delete the 2 bridge-calling facade methodspackages/adapter-hermes/hermes-plugin/{__init__.py,client.py},src/types.ts,README.mddkg_memorypackages/core/src/publisher-extension.tspublishSharedMemoryfacade method + its transport member + dead request typepackages/node-ui/src/ui/{api.ts,views/MemoryLayerView.tsx,views/project/components/ka.tsx,hooks/useMemoryEntities.ts}/vm/publish(named-only) with a seal-retry chokepoint; remove dead loose-write codepackages/network-sim/src/{api.ts,components/ControlPanel.tsx,server/sim-engine.ts}/vm/publish; delete the loose-publish-by-selection helper + its buttonpackages/cli/skills/dkg-node/SKILL.md,dkg-importer/SKILL.md,.cursor/rules/dkg-annotate.mdcTest plan
dkg-core/dkg-storage/dkg-query, then run the impacted suites:pnpm -C packages/mcp-dkg test(227 pass; 2 known unicode inject-hook flakes)pnpm -C packages/adapter-openclaw test(1093 pass / 1 skip)PYTHON=python pnpm -C packages/adapter-hermes test(vitest 90) +pytest(113)pnpm -C packages/node-ui test(1273 pass; the better-sqlite3 native-binding suites are pre-existing env failures)pnpm -C packages/cli test(PR-touched suites green: auth, api-client, skill-endpoint)pnpm -C packages/core test(1084/1084)knowledge-assets-1116-share-errors,share-warning-parity, agente2e-memory-layers.SKILL.md; the D3 default-false / no-leak guard tests are green; cross-adapter parity holds.dkg_knowledge_asset_create({quads, alsoShareSwm:true})stops at SWM (no VM mint); publishing a named SWM assertion via/vm/publishworks; the node-UI publish button works for a named SWM root and is absent for un-named loose roots.Notes / known risks
dkg openclaw setupto pick up the newSKILL.md— the daemon serves/.well-known/skill.mdlive (MCP/Hermes/HTTP get it immediately), but OpenClaw copies the file into the agent workspace at setup./api/shared-memory/write+/conditional-write) — kept; the source-worker bulk-ingest + async-LIFT pipeline depends on it. Consolidating it onto the named-KA model is tracked in Consolidate daemon-level loose SWM writes onto the named-KA lifecycle (post agent-tooling cleanup) #1260.assertionNamecallers are re-pointed to/vm/publishhere (devnet/v10-core-flows/automated.test.ts,scripts/testnet-publish-stress/publish-loop.mjs,devnet/_bootstrap/bootstrap.cjs; response shape verified compatible — same engine as W1). The remaining callers are mixed (assertionName+selectionin one file) or pure-selection(loose publish-by-selection) —devnet/v10-stress+rich-scenario+agent-provenancetests,scripts/redistribute-memory.mjs+drain-swm-duplicates.mjs+seed-dkg-code-project.mjs, and the.shvalidators. Theselectionshape has no named assertion to point at, so it needs the named-KA rework (the same loose-SWM boundary as the kept/write); none are in a CI lane. Deferred with the Consolidate daemon-level loose SWM writes onto the named-KA lifecycle (post agent-tooling cleanup) #1260 / devnet-rework follow-up. (A compat handler was rejected — it would resurrect the bridge route + the Track C follow-up: numeric publishContextGraphId preflight bypass #1179 authz-bypass.)entities.tsx,layer-widgets.tsx) carry the same pre-register pattern fixed in the two migrated CTAs, but it is pre-existing (not introduced here) and shared with the finalize/promote branch — separate analysis.DkgClient.publish,DkgPublisherExtension.publishVerifiableMemory/writeSharedMemory) that still call surviving routes — left for a future library-API cleanup.