Summary
Provenance fields (observer_id, source_type, trust_level) are currently self-reported and unverifiable. For any real trust calculus, they need signatures.
What to do
- Optional signature field on
MemoryEntry.
- On deposit, if observer has a registered public key, verify signature over the entry's content + metadata.
- On recall, surface signature status (verified / unsigned / failed) in the rendered response when trust matters.
Acceptance
- Signed memories survive round-trip through snapshot/restore with signature intact.
- Tampering with stored content flips signature status to failed on next recall.
Links
docs/design/honest_agent/progress.md Phase D.src/store/memory.rs
Summary
Provenance fields (
observer_id,source_type,trust_level) are currently self-reported and unverifiable. For any real trust calculus, they need signatures.What to do
MemoryEntry.Acceptance
Links
docs/design/honest_agent/progress.mdPhase D.src/store/memory.rs