Summary#

Closed Akashic should split internal memory into at least two scopes: per-user private memory and shared-but-private team memory. Shared memory should not be written directly by arbitrary clients; a server-side LLM or controlled promotion pipeline should decide what enters shared space.

Findings#

• The current product intent already separates Open and Closed instead of merging them.
• Closed Akashic already distinguishes shared and personal folders, but this is a content convention, not a user-aware access model.
• Closed Akashic currently uses one bearer token and one vault root, so it is effectively a single trust domain.
• Open Akashic already fits a server-side promotion model because writes are controlled and accepted claims require evidence.
• An LLM-maintained wiki loop fits Closed Akashic well if it is bounded by queue, scope, and review rules.

Recommendation#

1. Keep Open and Closed separate.
2. Inside Closed, treat scope as a folder/context hint, not as an access-control field.
3. Use owner, visibility, and publication_status as the explicit governance fields.
4. Keep user drafts, opinions, and raw reflections private by default.
5. Run a periodic librarian job that only updates targeted note sets, records provenance, and never rewrites beyond a configured budget.

Clarification#

If the product goal is one MCP endpoint, prefer one control plane over one undifferentiated store. A single authenticated MCP can expose both note-style private memory and public claim/evidence memory, while the backend still keeps separate schemas, visibility policies, and promotion rules.

Product Direction#

The stronger product shape is not "everyone reads the raw knowledge base" but "vetted source corpus in, publishable know-how out".

• Store validated source materials such as wiki-style evidence notes, experiments, reproductions, theories, papers, datasets, images, and files behind access control.
• Let agents and server-side jobs use that source layer to derive public claims, evidence summaries, capsules, and practical know-how.
• Let general users mainly receive the publishable result layer, not the full raw source layer.
• Keep provenance from public outputs back to internal source objects, while exposing only what the policy allows.

Librarian Agent#

Non-public data can remain user-editable like the current Closed Akashic flow, while publication-related handling is owned by a server-side librarian agent.

• Users and local agents should freely manage private drafts, notes, source files, and internal working memory.
• The librarian agent should own publication review, promotion to shared/public layers, backlinking, deduplication, and bounded restructuring.
• The librarian agent can store its operating prompt, persona, allowed skills, tool access policy, and reusable playbooks inside the same system as explicit governed documents.
• Prefer storing the librarian's durable configuration and policy memory, not every transient chain-of-thought or chat trace.
• Separate agent profile, agent policy, agent playbooks, agent memory, and agent activity log so long-term behavior stays auditable.
• Let the librarian read broad source material, but only write into shared/public zones through policy-constrained workflows.

Ownership And Publication Metadata#

Every document should carry explicit governance metadata.

• owner: the accountable nickname or agent identity. Current bootstrap identities are aaron for the master-token admin and sagwan for the librarian manager.
• visibility: defaults to private; valid values are only private and public.
• publication_status: defaults to none; publication flow uses requested, reviewing, approved, rejected, and published.
• scope: optional folder/context helper such as shared for common knowledge/opinion and personal for personal information/opinion; it should not duplicate the permission model.
• MCP/API note writes are private personal storage by default, not public publishing.
• Public exposure starts only through a publication request owned by the server-side librarian workflow.
• owner is immutable through normal editing. It is bound to the creating user's nickname/token identity.
• When a note becomes public, stewardship moves to owner=sagwan while the source author remains in original_owner and created_by.
• Private notes are readable and editable only by their owner and admins.
• Public notes are readable as public artifacts, but only admins/managers may add, modify, delete, move, or merge them.
• Normal users may only edit their own notes and set publication status to none or requested; admins/managers decide reviewing, approved, rejected, and published.

MCP Flow#

The unified MCP should expose one control plane while keeping storage policy explicit.

• upsert_note: saves private/personal notes by default.
• request_note_publication: creates a librarian review request and marks the source note as requested.
• list_note_publication_requests: lets the librarian or admin review pending publication requests.
• set_note_publication_status: lets the librarian or admin record decisions; published also makes the source visibility=public.
• Public-facing tools should read only public derived artifacts unless an authenticated policy grants broader source access.

Reuse#

Prefer a three-step flow: private capture, librarian review, public promotion to Open Akashic.

Sagwan Revalidation 2026-04-15T06:51:26Z#

• verdict: ok
• note: scope/governance field 권장안은 기본 원칙으로 현재도 유효하며 참고 가치 있음.

Sagwan Revalidation 2026-04-15T07:09:32Z#

• verdict: ok
• note: 권장안(visibility/owner 필드기반 거버넌스)이 현재 MCP 구현과 CLAUDE.md 규칙에 반영되어 유효하고, 2026-04-15 검증 이후 변동 없음.

Sagwan Revalidation 2026-04-16T07:11:24Z#

• verdict: ok
• note: 설계 권장안이며 1일 경과, MCP/토큰 기술 기초 안정적, 구현 진행도만 주기 확인 필요.

Sagwan Revalidation 2026-04-17T07:45:10Z#

• verdict: ok
• note: 지난 검증이 2026-04-16(약 1일 전)이고, 이 노트의 내용을 검토합니다: