Document: loomworks-scoping-note-inbound-seam-minimal-slice-v0_1
Version: v0.1
Date: 2026-06-29
Provenance: Claude.ai scoping session. Operator: Marvin Percival. Follows the bidirectional-governed-integration-substrate investigation (b7a0703); the Operator chose to scope the inbound half first, as a minimal testable slice, to gain confidence in the architectural intent before scoping the harder outbound (provider) half — which is where the thread began ("web requests and resolution of returned text into Companion").
Status: Scoping note. Decisions + a Step-0 grounding brief. NOT yet a CR. The full inbound architecture (all caller kinds, OVA-issued auth, intent-gating, anomaly surfacing — investigation §4/§6/§10) is deferred; this is the walking skeleton that proves the seam, to be extended against what it teaches.
Reads with: loomworks-investigation-bidirectional-governed-integration-substrate-v0_1 (the inbound half it instances); loomworks-investigation-companion-source-provider-abstraction-v0_1 (the outbound half, sequenced after).
The smallest real thing that proves the inbound seam: one authenticated endpoint that an external system can POST a fact to, targeting an engagement — and the fact lands in that engagement's Memory, attested by FORAY, marked as having arrived through the inbound seam. You test it with a single curl: POST a JSON fact, then look at the engagement's Memory and see it there, governed. It accepts data only (a fact), never a command — so the bright line (data, not commands) is enforced by construction, not policy. Everything else the inbound investigation named — other caller kinds, the full auth model, Operator-gated intent — is deferred until this skeleton proves the seam works. This is the confidence-builder before the harder outbound half.
One authenticated, engagement-scoped inbound endpoint. An external system POSTs a JSON fact targeting an engagement. It lands as a FORAY-attested event in that engagement's Memory, with provenance marking source = inbound_seam. Curl-testable. Data only — bright-line-safe by construction.
POST /engagements/{id}/inbound — engagement-scoped, target in the URL, mirroring the existing upload/seed engagement-scoped routes. (Confirm the exact path convention at Step 0.)source = inbound_seam. Assertion-drafting deferred — the event is the faithful record; turning it into an assertion is a later step (same posture as the upload pathway, which writes events but leaves assertion-drafting unbuilt). Event first, attested; assertions later.curl -X POST .../engagements/{id}/inbound -H "<token>" -d '{"fact": ...}' → the fact appears in the target engagement's Memory as an attested event, provenance-marked inbound. POST it, look at Memory, it's there and it's governed. A real POST against the running engine — the live-check acceptance, not a mocked test.The slice's true size depends entirely on the attachment point. The investigation flagged the push gateway as "a new architectural surface," but the upload pathway is the strongest candidate to reuse — the inbound seam is structurally an upload that arrives via API instead of a file. Ground, against the current engine main:
UploadEventReceived events with provenance (filed: "engine writes UploadEventReceived events with provenance"). Show the code path: where the event is written, how provenance is attached, how FORAY attestation is invoked. Can the inbound endpoint reuse this machinery — swapping file-arrival for API-payload-arrival — or is it genuinely net-new? This is the load-bearing question; it sizes the whole slice.POST /engagements/{id}/inbound follows convention.InboundEventReceived? How is provenance source marked, and is there an existing inbound-vs-upload-vs-conversation provenance distinction to extend?Report especially #1 — reuse-upload-machinery vs. net-new — because that determines whether this is a thin route (likely, small) or a new surface (bigger). Then the CR is scoped against the real attachment point.
If a curl'd external fact lands in an engagement's Memory, attested, provenance-marked, data-only — then the architectural intent is proven on the testable edge: external system → inbound seam → governance band (FORAY/provenance) → Memory, with the bright line holding by construction. That is the inbound half of the bidirectional thesis, walking. With that confidence, the outbound (provider) half — the harder, reach-out-to-live-sources direction where the thread began — gets scoped next, against a proven governed-transit pattern.
loomworks-investigation-bidirectional-governed-integration-substrate-v0_1 — the inbound half this instances (§4 caller kinds, §6 bright line, §10 open questions — this slice settles a minimal subset).loomworks-investigation-companion-source-provider-abstraction-v0_1 — the outbound half, sequenced after this slice proves the pattern.UploadEventReceived events with provenance) — the candidate attachment point (Step 0 #1).DUNIN7 — Done In Seven LLC — Miami, Florida Loomworks Scoping Note — Minimal testable inbound seam slice — v0.1 — 2026-06-29 The walking skeleton of the inbound seam: one authenticated, engagement-scoped endpoint (POST /engagements/{id}/inbound, per-engagement token) where an external system POSTs a JSON fact that lands as a FORAY-attested event in the target engagement's Memory, provenance-marked source=inbound_seam, curl-testable. Data only — the bright line (data, not commands) enforced by CONSTRUCTION (the endpoint can only write an event; no path to action). Proves the governed-transit pattern (external → seam → FORAY/provenance → Memory) on the edge the Operator can drive with curl, building confidence before the harder OUTBOUND (provider) half — where the thread began. Step-0 grounding is load-bearing: does the inbound endpoint REUSE the upload pathway's event/provenance/FORAY machinery (likely → thin route) or is it net-new (→ new surface)? Deferred: other caller kinds, OVA-issued auth, idempotency, Operator-gated intent, anomaly surfacing, assertion-drafting. Sequencing: minimal inbound → confidence → outbound.