Retained Evidence Durability Boundary

[flyingrobots]

Migrated from Method backlog

This issue was created from a legacy filesystem backlog card. GitHub Issues are now the live work tracker; repository docs remain Method evidence.

Source backlog: docs/method/backlog/v0.1.0/PLATFORM_retained-evidence-durability-boundary.md
Original lane: v0.1.0
Original legend: PLATFORM

Original backlog card

Retained Evidence Durability Boundary

Status: v0.1.0 release blocker.

Depends on:

• Contract retention and semantic lookup seams
• WAL/WSC storage relationship
• Contract-aware receipts and readings

Why now

Echo can expose retained-evidence posture, but posture is not the same claim as
durable recovery. The release proof needs explicit language and tests that
distinguish "the runtime knows this reading was missing" from "the runtime can
recover this material after restart."

Required behavior

Echo must distinguish:

• retained evidence posture: present, missing, corrupt, redacted, or obstructed
  from the current read model;
• durable recovery evidence: WAL/WSC-backed proof that the material reference,
  semantic coordinate, and commit anchor can survive restart;
• semantic lookup: the product-level coordinate used to find a retained
  reading, receipt, or artifact;
• byte identity: the content digest of retained bytes.

Acceptance criteria

• Echo docs distinguish retained-evidence posture from durable recovery
  evidence.
• App-safe readings do not imply durable payload recovery unless backed by
  WAL/WSC evidence.
• Missing retained material returns typed obstruction or missing-retention
  posture, not empty success.
• A retained reading ref is not treated as a query identity.
• A query identity does not imply payload retention.
• Cache hits are not evidence unless the semantic coordinate and material
  digest match.

Test plan

• Add a future retained-reading fixture proving missing payload posture is not
  reported as a successful empty read.
• Add a future restart fixture proving only WAL/WSC-backed retained refs are
  advertised as durable.
• Add a future semantic-coordinate fixture proving byte identity and semantic
  lookup identity stay separate.

Non-goals

• Do not require full object-store retention for every local development path.
• Do not implement streaming subscriptions.
• Do not collapse query identity, retained reading identity, and payload digest
  into one noun.

[coderabbitai]

🔗 Related PRs

#326 - Echo contract hosting roadmap [merged]
#369 - docs: add Echo v0.1.0 release plan [merged]
#371 - feat(core): advance v0.1 contract evidence and retention [merged]
#379 - feat(core): commit runtime WAL ACK evidence [merged]
#380 - feat(core): expose retained evidence posture on readings [merged]

---

📝 Issue Planner

_{Check the box below or use the @coderabbitai plan command to generate an implementation plan and prompts that you can use with your favorite coding assistant.}

• Create Plan

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!