General Proposal · Proposed / Non-Authoritative
Architecture Level · HTML-only HDO dogfood variance

Agent-memory governance

A decision board for a durable, privacy-aware memory contract across governed repository artifacts, native harness recall, and raw transcript references.

Checkpoint
T101-PH000-AC002-CHECK000
Review cycle
1
Date
2026-07-11
Revision
v0.2.0
Status
Pending HDO disposition
Decision owner
HDO
Current state
0 / 15 dispositioned
Authority boundary. This is proposed, non-authoritative review material. It grants no policy acceptance, edit authority, affected-owner acknowledgement, cross-initiative coapproval, task execution, deployment, release, or downstream adoption. Only explicit HDO dispositions and later governed task authority can do so.
Dogfood variance pending #325. This single-file HTML is the proposed semantic review surface while the HDO dogfood variance remains pending. It does not establish a general HTML-source rule or resolve #325.
Infrastructure boundaryCloudflare staging review infrastructure remains pending #468. This governed source contains no staging-only robots metadata and does not authorize deployment; any staging copy owns its no-index control separately.
Architecture decisions0 / 8 dispositioned
Governance decisions0 / 7 dispositioned
1
Decision frame
The policy gap and non-authority boundary

Agent memory currently spans durable repository surfaces, harness-native recall, and transcripts with different authority, privacy, retention, and portability properties. CHECK000 asks the HDO to disposition the architecture and governance needed to keep those roles explicit.

Problem constraints

  • Recall must not silently become authority.
  • Raw transcripts may contain secrets or personal data.
  • Cwd-keyed native memory fragments across worktrees.
  • Cross-initiative adoption requires exact ownership and collision evidence.

Proposal constraints

  • T101-ADR-002 records rationale and decisions only; it creates no obligations or BCP14 rules.
  • Durable obligations require a CLAUSE-governed surface coordinated with AC001/#450 or an explicit HDO-approved P-STD-001-CLAUSE-011 variance.
  • T103 and T104 projections carry only rules traceable to that governing CLAUSE or approved variance.
  • The authority route and every target remain pending HDO disposition.
  • CHECK001 and GATE001 preserve independent assurance and terminal control.
2
Architecture synthesis
Three layers, one precedence rule

The model separates durable governed memory from local recall and raw source material. The relationship is reference and promotion, not automatic copying.

Durable authority
Governed memory
Repository policy, ADRs, plans, notes, and explicit projections governed by source lifecycle.
Recall and evidence
Native memory + raw transcripts
Harness/user-controlled cache and source material; referenced or promoted under explicit contracts, never authoritative by default.
3
Role comparison
Layer responsibilities
LayerAuthorityRetention ownerRepository defaultPortable carrier
Governed memorySource authorityRepository lifecyclePermitted by exact mandateYes
Native memoryNo · cache/projectionHarness / userNo implicit commitNot by itself
Raw transcriptNo · source evidenceHarness / userNo default commitReference when durable

Source surfaces prevail on conflict. Durable policy requires explicit promotion; transcript availability and expiry are represented honestly.

4
HDO calls
Independent Architecture and Governance lanes

All cards begin pending. An AD disposition does not set a GD disposition, and vice versa. “Change” requires an alternative selection; notes remain optional.

Show

Architecture lane · AD

Eight proposed semantic and operational rules

AD-01Rationale record and normative authority routePending
Where should rationale be recorded, and what surface may create durable normative memory obligations?

Recommendation

Use proposed T101-ADR-002 only as a rationale and decision record; it creates no obligations or BCP14 rules. Route durable normative memory obligations to a CLAUSE-governed surface coordinated with AC001/#450, unless HDO explicitly approves a P-STD-001-CLAUSE-011 variance. T103/T104 projections may carry only rules traceable to the governing CLAUSE or approved variance. The route remains a pending HDO decision, not preapproval.

Reasoning

Separating rationale from norm preserves ADR usefulness while keeping obligations in the CLAUSE architecture required for normative force, discoverability, and controlled variance.

Alternative + consequence delta

Encode obligations or BCP14 rules directly in T101-ADR-002; this is locally compact but makes a rationale record act as a normative surface and bypasses CLAUSE governance or explicit variance.

Downstream impact

TK001 drafts the rationale-only ADR and records the AC001/#450 coordination route or HDO-approved variance. TK002–TK004 must block every T103/T104 operational projection until its governing CLAUSE or approved-variance trace is recorded in the ledger.

Rationale-only ADR · pending CLAUSE/variance route
Evidence boundary
The HDO has not chosen or approved a governing CLAUSE or P-STD-001-CLAUSE-011 variance. T101-ADR-002 remains rationale-only and cannot create obligations or BCP14 rules.
Detail · consequence and trace
Proposed rule
Rationale record and normative authority route
T101-ADR-002 records rationale only. Durable obligations require an AC001/#450-coordinated governing CLAUSE or explicit HDO-approved P-STD-001-CLAUSE-011 variance; projections require a trace to that authority.
Proof boundary
TK001 records rationale and the pending authority route; TK002–TK004 block untraceable projections.
Neither a governing CLAUSE nor a variance is preapproved, and the ADR creates no obligations or BCP14 rules.
AD-02Three-layer memory modelPending
What distinct roles should governed, native, and transcript memory play?

Recommendation

Use three explicit layers: governed memory is durable authority; native memory is harness-local recall and cache; raw transcripts are evidentiary source material, not policy.

Reasoning

Conflating authority, recall, and raw evidence makes precedence ambiguous and couples privacy and retention controls that belong to different owners.

Alternative + consequence delta

Collapse all three into one store; simpler retrieval would blur authority, retention, privacy, and portability responsibilities.

Downstream impact

TK001 records the layer roles in the rationale/authority route; TK002 updates workspace-note templates, and TK003 updates capture/runtime guidance only after each operational rule has a governing CLAUSE or approved-variance trace.

Authority / recall / source separation
Evidence boundary
Layer names define roles, not a mandate to copy content between them.
Detail · consequence and trace
Proposed rule
Three-layer memory model
Use three explicit layers: governed memory is durable authority; native memory is harness-local recall and cache; raw transcripts are evidentiary source material, not policy.
Proof boundary
TK001 defines the model; TK002 and TK003 project the contracts into note and runtime surfaces.
Layer names define roles, not a mandate to copy content between them.
AD-03Transcript-reference contractPending
How should a session note relate to a transcript?

Recommendation

When a durable reference is available, the session note indexes it. The transcript does not become authority. Unavailable or expired references are marked honestly.

Reasoning

A durable reference preserves evidentiary lineage without copying sensitive source material or falsely converting transcript availability into authority.

Alternative + consequence delta

Require every session note to embed or promise a transcript; this overstates durability and encourages raw-content duplication.

Downstream impact

TK002 changes guideline_workspace_notes.md, its changelog, and the activity/phase/stream session templates to represent available, unavailable, and expired transcript references.

Reference without authority transfer
Evidence boundary
A reference is evidence linkage only; governed conclusions must still be promoted to governed artifacts.
Detail · consequence and trace
Proposed rule
Transcript-reference contract
When a durable reference is available, the session note indexes it. The transcript does not become authority. Unavailable or expired references are marked honestly.
Proof boundary
TK002 updates the T104 note surfaces and contract while preserving honest absence and expiry states.
A reference is evidence linkage only; governed conclusions must still be promoted to governed artifacts.
AD-04Privacy and data minimizationPending
What is the default treatment of raw transcript content?

Recommendation

Do not commit raw transcripts by default. A governed export requires explicit authorization plus redaction and minimization; secrets and personal data are excluded.

Reasoning

Raw transcripts can contain secrets and personal data; default repository ingestion creates exposure and durable residue before authorization or minimization occurs.

Alternative + consequence delta

Commit transcripts for completeness and redact later; this creates avoidable exposure and repository residue.

Downstream impact

TK001 records the rationale and governing-rule trace; TK002 adds minimized reference/export fields to note surfaces, and TK003 constrains capture-session-notes behavior and proven affected references.

Minimized, explicitly authorized export only
Evidence boundary
This proposal neither authorizes an export nor asserts that transcript stores are safe for repository ingestion.
Detail · consequence and trace
Proposed rule
Privacy and data minimization
Do not commit raw transcripts by default. A governed export requires explicit authorization plus redaction and minimization; secrets and personal data are excluded.
Proof boundary
TK001 defines policy; TK002/TK003 enforce note and runtime behavior within their exact surfaces.
This proposal neither authorizes an export nor asserts that transcript stores are safe for repository ingestion.
AD-05Retention boundariesPending
Which lifecycle controls apply to each layer?

Recommendation

Governed artifacts follow repository lifecycle. Local harness transcript and native-memory retention stays harness/user-controlled. AC002 neither deletes data nor promises indefinite retention.

Reasoning

Repository lifecycle is governable by the program, while harness-native retention is controlled by product and user settings; one promise would exceed AC002 control.

Alternative + consequence delta

Impose one repository retention promise on all stores; AC002 lacks authority and control over native harness retention.

Downstream impact

TK001 captures the lifecycle distinction; TK003 documents only observed harness controls in capture/runtime surfaces, and CHECK001 rejects any deletion or indefinite-retention guarantee.

Repository lifecycle versus harness control
Evidence boundary
Deletion and indefinite retention are both outside this checkpoint’s authority.
Detail · consequence and trace
Proposed rule
Retention boundaries
Governed artifacts follow repository lifecycle. Local harness transcript and native-memory retention stays harness/user-controlled. AC002 neither deletes data nor promises indefinite retention.
Proof boundary
TK001 records the boundary; runtime integration must describe observed controls without inventing guarantees.
Deletion and indefinite retention are both outside this checkpoint’s authority.
AD-06Portability across cwd and worktreesPending
How does policy survive cwd-keyed native-memory fragmentation?

Recommendation

Canonical repository rules and pointers must work across cwd and linked worktrees. Native cwd-keyed memory is a cache/projection, never the sole carrier.

Reasoning

Cwd-keyed recall can fork silently between canonical checkout and linked worktrees, so it cannot reliably carry rules that every execution context must discover.

Alternative + consequence delta

Rely on each cwd’s native store as the durable carrier; this fragments policy and makes retrieval path-dependent.

Downstream impact

TK003 must prove runtime discovery from multiple cwd/worktree contexts; TK004 records per-target T103/T104 pointer proof and blocks adoption where only a cwd-local cache carries the rule.

Repo-carried rules with local cache
Evidence boundary
No native-store implementation is presumed; the portability requirement is architectural.
Detail · consequence and trace
Proposed rule
Portability across cwd and worktrees
Canonical repository rules and pointers must work across cwd and linked worktrees. Native cwd-keyed memory is a cache/projection, never the sole carrier.
Proof boundary
TK003 proves runtime discovery behavior; TK004 proves pointers across receiving initiatives and worktree contexts.
No native-store implementation is presumed; the portability requirement is architectural.
AD-07Non-authority and stalenessPending
What happens when native memory conflicts with governed sources?

Recommendation

Source surfaces prevail. Stale native facts are corrected or retired, and promotion is required before any fact becomes durable policy.

Reasoning

Native recall is optimized for convenience and can outlive its source, so treating it as self-validating would let stale facts override governed changes.

Alternative + consequence delta

Treat frequently recalled native memory as self-validating; this converts convenience into silent authority.

Downstream impact

TK001 records precedence/promotion rationale against the governing rule; TK003 adds stale-fact correction or retirement behavior to the runtime integration and supplies CHECK001 evidence.

Source precedence and explicit promotion
Evidence boundary
This does not authorize editing user-controlled native stores outside an exact runtime task mandate.
Detail · consequence and trace
Proposed rule
Non-authority and staleness
Source surfaces prevail. Stale native facts are corrected or retired, and promotion is required before any fact becomes durable policy.
Proof boundary
TK001 defines precedence and promotion; TK003 supplies correction/retirement integration evidence.
This does not authorize editing user-controlled native stores outside an exact runtime task mandate.
AD-08Adoption architecturePending
How should adoption remain collision-safe and auditable?

Recommendation

Use a complete adoption ledger, just-in-time collision checks, per-target proof, and an append-only freeze after execution.

Reasoning

Concurrent initiatives can change a target after commissioning, so a frozen initial scan cannot prove collision safety or complete receiving-surface adoption.

Alternative + consequence delta

Approve broad cross-initiative edits up front; faster, but it hides collision, ownership, and exact-target evidence.

Downstream impact

TK004 maintains the complete target ledger, timestamps each JIT check, attaches per-target proof, and append-only freezes results; CHECK001 challenges completeness before GATE001.

Ledger → JIT check → proof → freeze
Evidence boundary
Every target remains pending until exact authority and a passing JIT check exist.
Detail · consequence and trace
Proposed rule
Adoption architecture
Use a complete adoption ledger, just-in-time collision checks, per-target proof, and an append-only freeze after execution.
Proof boundary
TK004 owns proposed pointer adoption; CHECK001 adversarially tests the complete package before GATE001.
Every target remains pending until exact authority and a passing JIT check exist.

Governance lane · GD

Seven proposed mandate, ownership, and proof controls

GD-01Bounded direct-edit mandatePending
What exact surfaces may later tasks propose to edit?

Recommendation

Limit the mandate to the direct-edit candidate ledger shown in Detail. Every edit still requires its owning task, HDO disposition, and target-level proof.

Reasoning

An exact allowlist makes scope drift observable and prevents discovery of a related file from becoming self-authorizing work.

Alternative + consequence delta

Authorize any memory-adjacent file discovered during execution; this would erase scope boundaries.

Downstream impact

TK001–TK004 may touch only their ledger rows after exact authority and JIT clearance; CHECK001 must fail the package for any unlisted edit or missing target proof.

Exact-target allowlist
Evidence boundary
Candidate listing is not edit authority and does not preapprove any target.
Detail · proposed direct-edit candidate ledger

Non-authoritative candidate set. Listing is not permission. Each row requires its named task authority, a passing JIT collision check, and per-target proof.

Candidate targetProposed ownerConstraint
artifacts/tasks/T101/ssot/adr/adr_T101-ADR-002_agent-memory-governance.mdTK001Rationale/decision record only; no obligations or BCP14 rules
artifacts/tasks/T101/ssot/sps_T101.md + artifacts/tasks/T101/ssot/changelog/changelog_sps_T101.mdTK001Pointer to governing CLAUSE or HDO-approved P-STD-001-CLAUSE-011 variance; coordinated with AC001/#450
templates/consultant/workspace/guideline_workspace_notes.md + templates/consultant/workspace/changelog/changelog_guideline_workspace_notes.mdTK002T104 note contract projection
templates/consultant/workspace/template_workspace_notes_session_activity.mdTK002Session-note reference contract
templates/consultant/workspace/template_workspace_notes_session_phase.mdTK002Session-note reference contract
templates/consultant/workspace/template_workspace_notes_session_stream.mdTK002Session-note reference contract
skills/capture-session-notes/SKILL.mdTK003Capture/runtime projection; no unnamed reference files enter scope
artifacts/tasks/T103/ssot/sps_T103.md + artifacts/tasks/T103/ssot/changelog/changelog_sps_T103.mdTK004Proposed pointer edit only if CHECK000 grants exact authority and JIT check passes
artifacts/tasks/T104/ssot/sps_T104.md + artifacts/tasks/T104/ssot/changelog_sps_T104.mdTK004Proposed pointer edit only if CHECK000 grants exact authority and JIT check passes
GD-02Reference-only targetsPending
How are context surfaces outside the direct mandate handled?

Recommendation

Treat issue #190/T102 SPS-PID surfaces, native ~/.claude memory/transcript stores, issues #328/#478/#325/#468, AC001 surfaces, and unnamed Program standards/templates as reference-only. No affected-owner acknowledgement or coapproval is claimed.

Reasoning

Citation supplies context without transferring ownership; treating it as permission would make scope depend on proximity rather than an explicit mandate.

Alternative + consequence delta

Treat reference as implicit permission; that would bypass ownership and collision controls.

Downstream impact

TK001 may coordinate with AC001/#450 and cite Program clauses; TK002–TK004 may cite #190, native stores, and related issues, but their ledgers must record no edit or receiving-owner assent for reference-only targets.

Context without mutation
Evidence boundary
Reference-only means no edit and no claim of receiving-owner assent.
Detail · consequence and trace
Proposed rule
Reference-only targets
Treat issue #190/T102 SPS-PID surfaces, native ~/.claude memory/transcript stores, issues #328/#478/#325/#468, AC001 surfaces, and unnamed Program standards/templates as reference-only. No affected-owner acknowledgement or coapproval is claimed.
Proof boundary
Tasks may cite these surfaces but cannot mutate them under AC002 unless a later exact authority explicitly changes scope.
Reference-only means no edit and no claim of receiving-owner assent.
GD-03T101 / T103 / T104 ownership splitPending
Which initiative owns rationale/authority coordination, runtime, and note projections?

Recommendation

T101 owns the rationale/decision record and coordination of the governing CLAUSE or approved variance; T103 owns capture/runtime projections; T104 owns workspace-note and transcript-reference projections. Operational projections may carry only traceable governing rules.

Reasoning

Separating rationale, normative authority, runtime, and notes prevents operational owners from silently manufacturing policy while preserving accountable projections.

Alternative + consequence delta

Place all edits under T101 for convenience; this would obscure operational ownership.

Downstream impact

TK001 owns the rationale ADR and AC001/#450 CLAUSE-or-variance coordination; TK002 changes T104 note surfaces, TK003 changes T103 runtime surfaces, and TK004 records governing-rule traces for every pointer.

Rationale / governing CLAUSE / runtime / notes
Evidence boundary
Ownership remains subject to exact target authority and does not create cross-initiative preapproval.
Detail · consequence and trace
Proposed rule
T101 / T103 / T104 ownership split
T101 owns the rationale ADR and governing-CLAUSE/variance coordination; T103 owns capture/runtime projections; T104 owns workspace-note and transcript-reference projections.
Proof boundary
TK001 records rationale and the authority route; TK002 and TK003 project only traceable rules; TK004 coordinates and proves pointers.
Ownership remains subject to exact target authority and does not create cross-initiative preapproval.
GD-04T102 / #190 interface restraintPending
How may AC002 touch the T102 #190 SPS/PID interface?

Recommendation

Reserve IF/DEP pointer candidates only. Do not edit SPS/PID surfaces without explicit collision-safe CHECK000 authority.

Reasoning

The #190 interface belongs to T102 and may be collision-sensitive; reserving a pointer preserves discoverability without claiming authority over SPS/PID structure.

Alternative + consequence delta

Normalize T102 surfaces during AC002; this would exceed the bounded direct mandate and presume interface ownership.

Downstream impact

TK004 records IF/DEP candidates as non-edit ledger entries; any T102 SPS/PID mutation stops and returns for explicit collision-safe CHECK000 authority.

Reserved pointer candidate only
Evidence boundary
Issue #190 and T102 SPS/PID surfaces remain reference-only.
Detail · consequence and trace
Proposed rule
T102 / #190 interface restraint
Reserve IF/DEP pointer candidates only. Do not edit SPS/PID surfaces without explicit collision-safe CHECK000 authority.
Proof boundary
TK004 may record a candidate pointer and evidence the restraint; no T102 SPS/PID direct edit is commissioned here.
Issue #190 and T102 SPS/PID surfaces remain reference-only.
GD-05Frozen task and control decompositionPending
What child structure should CHECK000 commission if approved?

Recommendation

Freeze the proposal at TK001 rationale ADR plus CLAUSE/variance coordination, TK002 session-note/transcript contract, TK003 native-memory runtime integration, TK004 adoption pointers/ledger, CHECK001 AFK full-package conformance/adversarial disposition, and GATE001 HDO terminal disposition.

Reasoning

A frozen decomposition keeps authority, operational projection, adversarial assurance, and terminal disposition independently reviewable.

Alternative + consequence delta

Allow tasks to split or absorb new authority during execution; this weakens checkpoint control.

Downstream impact

TK001–TK004 retain their named surfaces and proofs; CHECK001 returns one full-package adversarial disposition, and any decomposition change reopens CHECK000 before GATE001.

Six bounded children
Evidence boundary
The decomposition is proposed and creates no child execution authority before HDO disposition.
Detail · consequence and trace
Proposed rule
Frozen task and control decomposition
Freeze the proposal at TK001 policy/ADR, TK002 session-note/transcript contract, TK003 native-memory runtime integration, TK004 adoption pointers/ledger, CHECK001 AFK full-package conformance/adversarial disposition, and GATE001 HDO terminal disposition.
Proof boundary
Each child has a distinct owner surface and proof obligation; changes return to HDO instead of silently expanding.
The decomposition is proposed and creates no child execution authority before HDO disposition.
GD-06JIT collision and escalation protocolPending
How are late collisions handled?

Recommendation

Run a just-in-time check immediately before each target edit. If ownership, content, or mandate collides, stop that target, preserve the ledger state, and escalate; do not infer cross-initiative preapproval.

Reasoning

Commissioning evidence becomes stale as branches and owners move; a last-responsible-moment check catches collisions before mutation.

Alternative + consequence delta

Rely on the commissioning-time scan alone; concurrent work can make that evidence stale.

Downstream impact

TK004 adds check timestamp, target state, governing-rule trace, proof link, and escalation outcome to each ledger row; CHECK001 rejects missing or reused checks.

Target-local stop-and-escalate
Evidence boundary
A passing check for one target cannot authorize another target.
Detail · consequence and trace
Proposed rule
JIT collision and escalation protocol
Run a just-in-time check immediately before each target edit. If ownership, content, or mandate collides, stop that target, preserve the ledger state, and escalate; do not infer cross-initiative preapproval.
Proof boundary
TK004 records check time, result, proof, and escalation state per target; CHECK001 challenges omissions.
A passing check for one target cannot authorize another target.
GD-07Adoption proof and terminal gatePending
What closes the package, and what remains excluded?

Recommendation

Require per-target adoption evidence and GATE001 HDO terminal disposition. Exclude legacy retirement, board mutation, downstream execution, deployment, and release.

Reasoning

Edits and local tests prove implementation, not package-level authority; independent adversarial review and HDO disposition prevent execution from self-closing.

Alternative + consequence delta

Treat completed edits as self-closing and proceed downstream; this bypasses terminal HDO control.

Downstream impact

CHECK001 assembles target proofs and governing-rule traces for AFK disposition; GATE001 controls terminal outcome and leaves legacy retirement, board mutation, downstream execution, deployment, and release excluded.

Evidence before terminal HDO gate
Evidence boundary
No legacy retirement, board mutation, downstream execution, release, or deployment is commissioned.
Detail · consequence and trace
Proposed rule
Adoption proof and terminal gate
Require per-target adoption evidence and GATE001 HDO terminal disposition. Exclude legacy retirement, board mutation, downstream execution, deployment, and release.
Proof boundary
CHECK001 returns full-package conformance/adversarial disposition; GATE001 alone makes the terminal call.
No legacy retirement, board mutation, downstream execution, release, or deployment is commissioned.
8
Conditional checks
Open dependencies and infrastructure boundaries
Governing CLAUSE or P-STD-001-CLAUSE-011 variance routePending HDO decision
HDO dogfood variance #325Pending
Cloudflare staging infrastructure #468Pending
T102 / #190 exact edit authorityNot granted
T103/T104 pointer JIT collision checksPending execution
CHECK001 AFK full-package dispositionNot started
GATE001 HDO terminal dispositionNot started

None of these states is concealed or treated as implicit approval. A pending infrastructure dependency does not weaken the governed-source boundary or authorize staging.

9
Never hidden
Open residue
HDO calls

All eight AD and seven GD decisions remain pending until explicitly dispositioned.

Authority route

HDO has not selected a CLAUSE-governed surface coordinated with AC001/#450 or approved a P-STD-001-CLAUSE-011 variance. T101-ADR-002 remains rationale-only; T103/T104 projections stay blocked without a governing-rule trace.

Dogfood #325

The HTML-only HDO dogfood variance is pending and cannot establish a reusable source-of-truth rule.

Staging #468

Cloudflare staging review infrastructure is pending. Deployment and staging-copy metadata are outside this governed source.

Reference only

Issue #190/T102 SPS-PID surfaces, native ~/.claude memory/transcript stores, issues #328/#478/#325/#468, AC001 surfaces, and Program standards/templates not named by the direct mandate remain reference-only.

Collision proof

T103/T104 SPS pointers and every other candidate remain conditional on exact CHECK000 authority plus a passing target-local JIT check.

Retention

AC002 does not delete harness data and does not promise indefinite transcript or native-memory retention.

Terminal scope

No legacy retirement, board mutation, downstream execution, deployment, release, or affected-owner coapproval is included.

HDO controls and exportable decision record

All 15 cards load pending. The two lanes remain independent. Build or copy exports every disposition, open residue, checkpoint, revision, and date; it does not create authority or download a file.

Architecture lane

0 Accept · 0 Change · 0 Other · 8 pending

Governance lane

0 Accept · 0 Change · 0 Other · 7 pending

11
Traceability
Provenance and candidate surface register

These paths identify the proposal, rationale-only ADR, CLAUSE/approved-variance-traceable note/runtime projections, and cross-initiative pointer candidates. Copying a path has no authority effect.

artifacts/tasks/T101/workspace/PH000/AC002/proposal/proposal_T101-PH000-AC002-CHECK000_agent-memory-governance.html
artifacts/tasks/T101/ssot/adr/adr_T101-ADR-002_agent-memory-governance.md
templates/consultant/workspace/guideline_workspace_notes.md
skills/capture-session-notes/SKILL.md
artifacts/tasks/T103/ssot/sps_T103.md
artifacts/tasks/T104/ssot/sps_T104.md