chore: hook temporal persistence to dht

docs/development/prompt-derived-role-policy-brief.md

@@ -0,0 +1,54 @@
+# Prompt-Derived Role Policy Design Brief
+
+## Background
+WHOOSH currently loads a curated library of role prompts at startup. These prompts already capture the intended responsibilities, guardrails, and collaboration patterns for each role. SLURP and SHHH need a consistent access-control baseline so that temporal records, UCXL snapshots, and DHT envelopes stay enforceable without depending on ad-hoc UI configuration. Today the access policies are loosely defined, leading to drift between runtime behaviour and storage enforcement.
+
+## Goals
+- Use the existing prompt catalog as the authoritative source of role definitions and minimum privileges.
+- Generate deterministic ACL templates that SLURP, SHHH, and distribution workers can rely on without manual setup.
+- Allow optional administrator overrides via WHOOSH UI while keeping the default hierarchy intact and auditable.
+- Provide a migration path so temporal/DHT writers can seal envelopes with correct permissions immediately.
+
+## Proposed Architecture
+
+### 1. Prompt → Policy Mapper
+- Build a WHOOSH service that parses the runtime prompt bundle and emits structured policy descriptors (per role, per project scope).
+- Each descriptor should include: capability tags (read scope, write scope, pin, prune, audit), allowed UCXL address patterns, and SHHH classification levels.
+- Output format: versioned JSON or YAML stored under UCXL (e.g., `ucxl://whoosh:policy@global:roles/#/policy/v1`).
+
+### 2. Override Layer (Optional)
+- WHOOSH UI can expose an editor that writes delta documents back to UCXL (`…/policy-overrides/v1`).
+- Overrides apply as additive or subtractive modifiers; the base policy always comes from the prompt-derived descriptor.
+- Store change history in UCXL so BUBBLE can audit adjustments.
+
+### 3. Consumer Integrations
+- **SLURP**: when sealing temporal/DHT envelopes, reference the policy descriptors to choose ACLs and derive role-based encryption keys.
+- **SHHH**: load the same descriptors to provision/rotate keys per capability tier; reject envelopes that lack matching policy entries.
+- **WHOOSH runtime**: cache the generated descriptors and refresh if prompts or overrides change; surface errors if a prompt lacks policy metadata.
+
+## Deliverables
+1. Policy mapper module with tests (likely Go for WHOOSH backend; consider reusing ucxl-validator helpers).
+2. Schema definition for policy documents (include example for engineer, curator, archivist roles).
+3. SLURP + SHHH integration patches that read the policy documents during startup.
+4. Migration script that seeds the initial policy document from the current prompt set.
+
+## Implementation Notes
+- Keep everything ASCII and version the schema so future role prompts can introduce new capability tags safely.
+- For MVP, focus on read/write/pin/prune/audit capabilities; expand later for fine-grained scopes (e.g., project-only roles).
+- Ensure policy documents are sealed/encrypted with SHHH before storing in DHT/UCXL.
+- Expose metrics/logging when mismatches occur (e.g., temporal writer cannot find a policy entry for a role).
+
+## Risks & Mitigations
+- **Prompt drift**: If prompts change without regenerating policies, enforcement lags. Mitigate with a checksum check when WHOOSH loads prompts; regenerate automatically on change.
+- **Override misuse**: Admins could over-provision. Mitigate with BUBBLE alerts when overrides expand scope beyond approved ranges.
+- **Performance**: Policy lookups must be fast. Cache descriptors in memory and invalidate on UCXL changes.
+
+## Open Questions
+- Do we need per-project or per-tenant policy branches, or is a global default sufficient initially?
+- Should BACKBEAT or other automation agents be treated as roles in this hierarchy or as workflow triggers referencing existing roles?
+- How will we bootstrap SHHH keys for new roles created solely via overrides?
+
+## References
+- Existing prompt catalog: `project-queues/active/WHOOSH/prompts/`
+- Temporal wiring roadmap: `project-queues/active/CHORUS/docs/development/sec-slurp-ucxl-beacon-pin-steward.md`
+- Prior policy discussions (for context): `project-queues/active/CHORUS/docs/progress/report-SEC-SLURP-1.1.md`

docs/progress/report-SEC-SLURP-1.1.md

@@ -1,6 +1,7 @@
 # SEC-SLURP 1.1 Persistence Wiring Report
 
 ## Summary of Changes
+- Wired the distributed storage adapter to the live DHT interface and taught the temporal persistence manager to load and synchronise graph snapshots from remote replicas, enabling `SynchronizeGraph` and cold starts to use real replication data.
 - Restored the `slurp_full` temporal test suite by migrating influence adjacency across versions and cleaning compaction pruning to respect historical nodes.
 - Connected the temporal graph to the persistence manager so new versions flush through the configured storage layers and update the context store when role metadata is available.
 - Hardened the temporal package for the default build by aligning persistence helpers with the storage API (batch items now feed context payloads, conflict resolution fields match `types.go`), and by introducing a shared `storage.ErrNotFound` sentinel for mock stores and stub implementations.
@@ -16,7 +17,7 @@
 - Attempted `GOWORK=off go test ./pkg/slurp`; the original authority-level blocker is resolved, but builds still fail in storage/index code due to remaining stub work (e.g., Bleve queries, DHT helpers).
 
 ## Recommended Next Steps
-- Connect temporal persistence with the real distributed/DHT layers once available so sync/backup workers run against live replication targets.
+- Wire SLURP runtime initialisation to instantiate the DHT-backed temporal system (context store, encryption hooks, replication tests) so the live stack exercises the new adapter.
 - Stub the remaining storage/index dependencies (Bleve query scaffolding, UCXL helpers, `errorCh` queues, cache regex usage) or neutralize the heavy modules so that `GOWORK=off go test ./pkg/slurp` compiles and runs.
 - Feed the durable store into the resolver and temporal graph implementations to finish the SEC-SLURP 1.1 milestone once the package builds cleanly.
 - Extend Prometheus metrics/logging to track cache hit/miss ratios plus persistence errors for observability alignment.