# 001 — Enforce UCXL Address Validation at Boundaries

- Area: `pkg/dht/encrypted_storage.go`, `pkg/ucxi/server.go`, `pkg/ucxl/*`
- Priority: High

## Background
Current DHT storage and UCXI endpoints accept any string as an address. In `encrypted_storage.go` the `ucxl.Parse` validation is commented out, and UCXI relies on downstream behavior. This allows malformed inputs to enter storage and makes discovery/search unreliable.

## Scope / Deliverables
- Enforce strict `ucxl.Parse` validation in:
  - `EncryptedDHTStorage.StoreUCXLContent` and `RetrieveUCXLContent`.
  - UCXI handlers (`handleGet/Put/Post/Delete/Navigate`).
- Return structured UCXL validation errors (see Issue 004 for payloads).
- Add unit tests for valid/invalid examples, including temporal segments and paths.
- Document accepted grammar in README + link to CHORUS knowledge pack.

## Acceptance Criteria / Tests
- Invalid addresses return UCXL-400-INVALID_ADDRESS with details.field=address.
- Valid addresses round-trip through UCXI and DHT without errors.
- Tests cover: agent:role@project:task, temporal segments, and path edge cases.

## Notes
- Align temporal grammar with Issue 011 decisions.