Structured OperationFailure, BatchItemResult, and BatchOperationResult envelopes

docs/asset-registry-implementation.md

@@ -44,6 +44,12 @@ and SQLite repositories are adapters behind those ports.
 - Fail-closed policy denial through `AuthorizationError`.
 - Audit events for create, metadata update, representation update, lifecycle
   transition, and denied mutations.
+- SQLite actor references for audit events and ingestion jobs are enforced with
+  structured validation errors.
+- Structured operation failures with code, message, operation, correlation ID,
+  details, and remediation hints where practical.
+- Metadata batch updates with compact per-item success/failure envelopes and a
+  final `success`, `failed`, or `partial` batch audit event.
 - Asset version records for create, content/representation changes, metadata
   changes, and lifecycle changes.
 - Optimistic `expected_current_version_id` conflict checks on stale-sensitive
@@ -61,6 +67,8 @@ and SQLite repositories are adapters behind those ports.
 - SQLite repository for local-first durable asset registry state.
 - SQLite foreign-key enforcement for representation and metadata asset
   references.
+- SQLite durable reference checks for asset versions, audit actors, ingestion
+  job actors, metadata schema assignments, and relationship targets.
 
 ## Current SQLite Tables
 
@@ -83,11 +91,17 @@ idempotency key.
 
 ## Not Yet Implemented
 
-- Policy assignment storage and enterprise policy adapters.
-- Conflict detection beyond service-level optimistic version guards.
-- Batch partial-failure envelopes.
+Enterprise policy adapters and richer policy-assignment language remain
+adjacent enterprise-readiness work. The registry persists policy decisions in
+audit payloads and policy references in metadata schema assignments, but policy
+evaluation itself remains behind the `PolicyGateway` port.
 
-These remain in scope for later `KONT-WP-0005` tasks or adjacent workplans.
+Conflict detection is implemented through service-level optimistic version
+guards. Broader multi-writer locking or transaction isolation semantics remain
+backend-specific future work if concurrent production writers require it.
+
+These are intentionally left to adjacent enterprise, concurrency, or
+production-backend workplans rather than this registry foundation slice.
 
 ## Test Coverage
 
@@ -99,6 +113,8 @@ These remain in scope for later `KONT-WP-0005` tasks or adjacent workplans.
 - SQLite reload preserving asset lifecycle, representation, metadata, versions,
   and audit history,
 - SQLite referential integrity for representation asset references,
+- SQLite durable reference integrity for versions, audit actors, and ingestion
+  job actors,
 - idempotent asset creation and conflicting idempotency-key reuse,
 - relationship creation with source-asset versioning and audit,
 - SQLite reload preserving context entities, relationships, and idempotency
@@ -108,4 +124,7 @@ These remain in scope for later `KONT-WP-0005` tasks or adjacent workplans.
 - classification and metadata-record asset filtering across memory and SQLite
   repositories.
 - optimistic version conflict checks on asset mutations,
-- restore and supersession as append-only versioned operations.
+- restore and supersession as append-only versioned operations,
+- metadata batch partial-failure envelopes with structured item diagnostics and
+  partial audit events,
+- SQLite reload of metadata batch partial audit state.