Implement local runtime persistence and policy gates

workplans/PMEM-MATURITY-SCORECARD.md

@@ -44,31 +44,94 @@ not what adjacent repositories may already provide.
 
 ## Current Baseline - 2026-05-18
 
-Overall maturity: **2.0 / 5**
+Overall maturity: **3.1 / 5**
 
 The repo has crossed from intent-only into a working deterministic library
-foundation. It is not yet a usable local runtime because there is no facade,
-CLI, file-backed persistence, review-gated apply path, package compiler bridge,
-or service contract.
+foundation, a usable local runtime facade, a CLI, a file-backed local
+workspace, and first-slice policy/review/audit gates. It is not yet an
+interop-complete runtime because richer Markitect package bridge, activation
+quality, and service contracts remain ahead.
 
 | Dimension | Current | Target | Evidence | Needed Next |
 | --- | ---: | ---: | --- | --- |
 | Intent and boundaries | 4.0 | 5.0 | `INTENT.md`, `SCOPE.md`, `README.md`, architecture doc, PMEM-WP-0001 closure | Keep boundaries current as runtime behavior expands. |
-| Package foundation | 2.5 | 4.0 | Python package, exports, dependency-light tests | Add runtime facade, stable public envelopes, CLI. |
-| Profile contract ingress | 2.0 | 4.0 | Markitect-compatible profile loading and diagnostics | Add validation adapter boundary and compatibility fixture catalog. |
-| Graph/event contract ingress | 2.0 | 4.0 | Graph loading, edge endpoint diagnostics, event model | Add richer event path modeling and import/export repair diagnostics. |
-| Phase domain model | 2.5 | 4.0 | Phases, memory kinds, lifecycle states, actions | Add transition rules, approved apply behavior, path-aware state updates. |
-| Profile execution planning | 2.5 | 4.0 | Adapter plan, capabilities, policy gates, fallback behavior | Add runtime orchestration, JSON snapshots, CLI outputs. |
-| Lifecycle planning | 2.0 | 4.0 | Transition, retention, refresh, compaction dry-run plans | Add profile-driven rule evaluation and review-gated apply. |
-| Activation planning | 2.0 | 5.0 | Budgeted selection and Markitect-compatible selection output | Add graph neighborhoods, event paths, ranking, metadata preservation, metrics. |
-| Local persistence | 1.0 | 4.0 | In-memory adapters only | Add versioned file-backed graph store and JSONL event log. |
-| Policy and audit | 1.5 | 5.0 | Policy/audit ports, allow-all gateway, recording sink, review flags | Add enforcement points, review records, redaction, audit schema. |
-| Observability and diagnostics | 1.5 | 4.0 | Planner diagnostics and observability event names | Add audit/health envelopes and adapter status diagnostics. |
+| Package foundation | 3.0 | 4.0 | Python package, exports, runtime facade, CLI entrypoint, dependency-light tests | Add local persistence and richer adapter configuration. |
+| Profile contract ingress | 2.5 | 4.0 | Markitect-compatible profile loading, diagnostics, runtime envelopes | Add validation adapter boundary and compatibility fixture catalog. |
+| Graph/event contract ingress | 3.0 | 4.0 | Graph loading, edge endpoint diagnostics, event model, JSONL event log, export, repair diagnostics | Add richer policy-aware import/export checks. |
+| Phase domain model | 3.0 | 4.0 | Phases, memory kinds, lifecycle states, actions, explicit path records | Add transition rule profiles and review records. |
+| Profile execution planning | 3.0 | 4.0 | Adapter plan, capabilities, policy gates, fallback behavior, CLI output, snapshot fixture | Add profile-driven runtime configuration and compatibility validation. |
+| Lifecycle planning | 3.0 | 4.0 | Transition, retention, refresh, compaction dry-run plans, review-gated local apply | Add profile-driven rule evaluation and full review records. |
+| Activation planning | 2.5 | 5.0 | Budgeted selection, Markitect-compatible selection output, package request envelope, CLI output | Add graph neighborhoods, event paths, ranking, metadata preservation, metrics. |
+| Local persistence | 3.0 | 4.0 | Versioned local workspace, file-backed graph store, JSONL event log, JSONL audit sink | Add migration/repair utilities and stronger durability semantics. |
+| Policy and audit | 3.2 | 5.0 | Operation points, policy gateway checks, audit schema, review records, redaction, activation denials | Add external policy adapters and richer audit retention behavior. |
+| Observability and diagnostics | 2.5 | 4.0 | Planner diagnostics, runtime diagnostics, event log corruption checks, repair diagnostics, policy denial diagnostics | Add health envelopes and adapter status diagnostics. |
 | Markitect interop | 1.5 | 4.0 | Compatible schema constants and selection handoff | Add package bridge envelopes, optional validation/compiler adapters. |
 | Kontextual/Infospace interop | 1.0 | 4.0 | Boundaries documented and small derived fixtures | Add delegation envelope design and evaluation fixture reports. |
-| Testing and evaluation | 2.0 | 4.0 | 13 deterministic tests over core planners/adapters | Add CLI snapshots, file-store round trips, policy denial, activation metrics. |
+| Testing and evaluation | 3.2 | 4.0 | 36 deterministic tests over planners, adapters, runtime envelopes, CLI, snapshots, file-store round trips, apply denial, review records, audit schema, and policy redaction | Add activation metrics. |
 | Service readiness | 0.5 | 4.0 | Runtime ports exist | Add service contracts, config, health checks, adapter conformance tests. |
-| Developer experience | 2.0 | 4.0 | README quick start and package map | Add CLI guide, local persistence guide, examples, troubleshooting. |
+| Developer experience | 3.3 | 4.0 | README quick start, package map, runtime facade docs, CLI examples, local persistence guide | Add troubleshooting and richer examples. |
+
+## Progress Update - PMEM-WP-0002
+
+Closed on 2026-05-18:
+
+- Added `PhaseMemoryRuntime` as the local application facade.
+- Added JSON runtime envelopes with policy decisions, audit receipts,
+  diagnostics, dry-run flags, operation ids, and source references.
+- Added `phase-memory` console script metadata and CLI commands for profile
+  planning, graph lifecycle planning, and graph activation planning.
+- Added snapshot fixtures for profile-plan and activation-plan envelope shapes.
+- Updated local usage and architecture docs.
+
+Remaining maturity blockers:
+
+- File-backed persistence and event path runtime.
+- Review-gated apply behavior.
+- Policy enforcement and redaction beyond the allow-all local adapter.
+- Stronger Markitect compiler/validation bridge.
+- Activation quality evaluation.
+- Service contracts and external adapter conformance.
+
+## Progress Update - PMEM-WP-0003
+
+Closed on 2026-05-18:
+
+- Added a versioned local file-backed workspace layout.
+- Added deterministic file-backed profile, node, edge, and path storage.
+- Added append-only JSONL event and audit adapters.
+- Added graph export, event replay, and repair diagnostics.
+- Added explicit conversational path records and path-event helpers.
+- Added review-gated lifecycle apply behavior for local stores.
+- Added store import/export/repair CLI coverage and local persistence docs.
+
+Remaining maturity blockers:
+
+- Policy operation vocabulary and review records.
+- Activation-time policy checks and redaction.
+- Stable audit event schema.
+- Markitect compiler/validation bridge.
+- Activation quality metrics.
+- Service readiness and external adapter conformance.
+
+## Progress Update - PMEM-WP-0004
+
+Closed on 2026-05-18:
+
+- Added canonical memory operation policy points.
+- Added review records and deterministic review ids.
+- Added stable audit event schema `phase_memory.audit.event.v1`.
+- Added review-record enforcement for lifecycle apply.
+- Added activation policy checks for labels, denied labels, trust zones,
+  secrets, reauthorization, and freshness.
+- Added deterministic redaction records and diagnostics for denied activation
+  items.
+- Added policy/audit documentation.
+
+Remaining maturity blockers:
+
+- Optional Markitect validation and package compiler bridge.
+- Activation ranking and evaluation metrics.
+- Service contracts, health diagnostics, and external adapter conformance.
 
 ## Score Movement Rules