feat: convention-based sub-graphs (spec §16.2)

[branarakic]

Summary

Implements convention-based sub-graphs for Context Graphs per spec §16.2. Sub-graphs are named partitions within a CG (e.g. /code, /decisions, /tasks) that let agents scope data and queries by domain.

V10.0 uses metadata registration in _meta — no on-chain enforcement. For curated CGs the Curator already gates all SWM→VM promotion, providing the security boundary. On-chain sub-graph enforcement (createSubGraph contract call with per-sub-graph authorizedWriters) is deferred to V10.x.

Changes across 7 packages:

• core: contextGraphSubGraphMetaUri(), validateSubGraphName() (rejects underscore-prefixed, slash-containing, IRI-unsafe names)
• storage: GraphManager.ensureSubGraph(), listSubGraphs(), subGraphUri(), subGraphMetaUri()
• publisher: subGraphName on PublishOptions — auto-resolves targetGraphUri and targetMetaGraphUri; wired through publishFromSharedMemory()
• metadata: generateSubGraphRegistration() (RDF triples: dkg:SubGraph type, parent CG, name, creator, authorized writers, description), SPARQL helpers for discovery/deregistration
• query: subGraphName on QueryOptions — scopes both legacy routing and view-based routing (verified-memory view targets sub-graph directly)
• agent: createSubGraph(), listSubGraphs(), removeSubGraph() APIs; subGraphName wired through publish() and publishFromSharedMemory()

How it works:

// Create sub-graphs
await agent.createSubGraph('my-project', 'code', { description: 'Parsed code structure' });
await agent.createSubGraph('my-project', 'decisions');

// Publish to a sub-graph
await agent.publish('my-project', quads, undefined, { subGraphName: 'code' });

// Query a specific sub-graph
await agent.query('SELECT ?fn ?sig WHERE { ?fn ex:signature ?sig }', {
  contextGraphId: 'my-project', subGraphName: 'code',
});

// List sub-graphs (for UI)
const subGraphs = await agent.listSubGraphs('my-project');

Spec updated:

dkgv10-spec/03_PROTOCOL_CORE.md §16.2 rewritten to document the V10.0 implementation with agent API examples, naming rules, query scoping, GossipSub behavior, and a multi-domain CG example.

Test plan

• 9 new tests in core/test/sub-graphs.test.ts (URI helpers, name validation)
• 13 new tests in publisher/test/sub-graph-metadata.test.ts (registration triples, SPARQL helpers)
• 7 new tests in query/test/sub-graph-query.test.ts (query isolation, view-based scoping)
• All 1,006 existing tests pass (386 core + 533 publisher + 87 query)
• TypeScript compiles clean across all packages

Made with Cursor

[github-actions]

🔴 Bug: This special case breaks the verified-memory contract. view: 'verified-memory' is supposed to read from _verified_memory/*, but with subGraphName it now queries the plain sub-graph did:dkg:context-graph:{id}/{subGraph}, which can contain unverified local data. If sub-graph scoping is needed here, it still has to resolve against verified-memory graphs instead of bypassing them.

[branarakic]

Replying to R1 view+subGraphName (3057388380): Fixed — subGraphName + view now throws an explicit error, and the verified-memory special case was removed. See commit 146913e.

[github-actions]

🔴 Bug: Routing the canonical KA payload into did:dkg:context-graph:{id}/{subGraph} here is not paired with any read-path update. resolveKA() / lookup-by-UAL still derive the data graph from contextGraphId alone and read did:dkg:context-graph:{id}, while the metadata written for the KC does not record which sub-graph actually holds the triples. Either keep canonical data in the root graph or persist enough metadata for the read side to recover the sub-graph URI.

[branarakic]

Fixed in 0f91986 — resolveKA() now queries for dkg:subGraphName in KC metadata and reads from the correct sub-graph data graph. Both tentative and confirmed metadata now include subGraphName.

[github-actions]

🔴 Bug: Forwarding subGraphName into publishFromSharedMemory() makes the publishContextGraphId flow inconsistent. The remap logic below still copies data/meta from the root context-graph URIs into /context/{ctxGraphId}, so a sub-graph publish stays in {id}/{subGraph} and never lands in the verified context-graph location. This combination should either be rejected for now or the remap step needs to use the actual target sub-graph URIs.

[branarakic]

Fixed in 0f91986 — FinalizationMessageSchema now includes field 14 subGraphName. Agent passes it through from publishFromSharedMemory options. FinalizationHandler validates, resolves sub-graph-scoped SWM graphs, promotes data into the correct sub-graph data graph, and records subGraphName in confirmed KC metadata.

[github-actions]

🔴 Bug: subGraphName is interpolated into a SPARQL update without any validation or escaping, even though these helpers are newly exported. A crafted name can break out of <...> and alter the generated query in both subGraphDeregistrationSparql() and subGraphWritersSparql(). Reuse validateSubGraphName() (or build the URI and run a safe-IRI assertion) before composing SPARQL strings.

[branarakic]

Fixed in 146913e — assertSafeSubGraphNameForSparql() validates names before interpolation in both subGraphDeregistrationSparql and subGraphWritersSparql.

[branarakic]

Addressing Review Feedback

1. verified-memory view bypass (dkg-query-engine.ts)
Fixed. Removed the subGraphName + verified-memory shortcut that bypassed verified-memory graph resolution. Sub-graph scoping within view-based routing is deferred to V10.x.

2. KA read-path mismatch (dkg-publisher.ts)
Acknowledged as a V10.0 limitation with JSDoc comment. Sub-graphs are a query-scoping convention. UAL-based lookups derive from contextGraphId alone by design. Full KC manifest metadata tracking deferred to V10.x.

3. publishFromSharedMemory + publishContextGraphId (dkg-publisher.ts)
Fixed. Added explicit guard rejecting both subGraphName and publishContextGraphId together.

4. SPARQL injection in metadata.ts
Fixed. Added assertSafeSubGraphNameForSparql() at the top of both subGraphDeregistrationSparql() and subGraphWritersSparql().

Additional bugs found during e2e testing:

• agent.publish() overload dropped subGraphName opts when called with (cgId, quads, undefined, opts)
• agent.query() did not pass subGraphName through to query engine

All 9 new e2e tests + 1,006 existing unit tests pass.

[github-actions]

🔴 Bug: This makes local writes land in a sub-graph, but the gossip publish protocol still only broadcasts naked triples and receivers normalize them into the root context-graph data graph. Cross-node publishes will therefore leak subGraphName data into did:dkg:context-graph:{id} and break isolation. Carry the target sub-graph/graph URI in the publish message and honor it on receipt before exposing this option.

[branarakic]

Fixed in 0f91986 — PublishRequestSchema now includes field 15 subGraphName. broadcastPublish() populates it from result.subGraphName. GossipPublishHandler validates the name, calls ensureSubGraph(), and routes data into the sub-graph named graph. Structural validation (Rule 1) accepts sub-graph graph URIs via new expectedGraph option.

[github-actions]

🔴 Bug: The registration triples are inserted only into the local store here, so other peers never learn that this sub-graph exists. A replica can receive data for .../{subGraph} later, but listSubGraphs() on that node will stay empty because the root _meta registration was never shared. If registration is meant for discovery, it needs to be gossiped/synced as part of sub-graph creation.

[branarakic]

Acknowledged as V10.0 limitation — registration triples are local bookkeeping. Sub-graph-aware gossip replication is now implemented for data (0f91986), but registration metadata propagation will follow in V10.x. Documented in JSDoc on createSubGraph().

[github-actions]

🔴 Bug: Moving KA metadata into did:dkg:context-graph:{id}/{subGraph}/_meta breaks the existing read paths. AccessHandler.lookupKAMeta() only searches did:dkg:context-graph:{id}/_meta, and DKGQueryEngine.resolveKA() still reads triples from the root data graph, so a sub-graph publish can return a UAL that later resolves/accesses as empty. Either keep canonical KA metadata discoverable from the root meta graph or update those readers to understand sub-graph targets before enabling this route.

[branarakic]

Fixed in 146913e — KC metadata stays in the root _meta graph for discoverability by resolveKA() and AccessHandler. The sub-graph is recorded as dkg:subGraphName in KC metadata so readers can find the correct data graph.

[github-actions]

🔴 Bug: subGraphName is new caller-controlled input, but here it is interpolated into GRAPH <...> without the validation used on the publish/metadata paths. An invalid value can break the wrapped SPARQL or query an unintended graph. Reject it with validateSubGraphName() before building the graph URI.

[branarakic]

Fixed in 146913e — DKGQueryEngine.query() now calls validateSubGraphName() before using subGraphName in any SPARQL construction.

[github-actions]

🟡 Issue: This public contract says subGraphName is compatible with view-based routing, but DKGQueryEngine.query() currently ignores it whenever view is set and the new tests codify that behavior. That silent mismatch will mislead callers; either reject view + subGraphName for now or update the docs/types until view routing actually supports it.

[branarakic]

Fixed in 146913e — DKGQueryEngine.query() now throws if both subGraphName and view are set. JSDoc updated. Test covers the rejection.

[branarakic]

Round 2 Review — All 5 Comments Addressed

Comment 5 — Gossip doesn't carry sub-graph URI (dkg-agent.ts:1312)
Documented as a V10.0 limitation. The GossipSub protocol broadcasts raw triples without sub-graph context — receivers store replicated data in the root data graph. Sub-graph-aware replication would require a protocol-level change to the publish message format, deferred to V10.x. For curated CGs, the admin manages sub-graph organization on their node. Added JSDoc on both _publish() and createSubGraph() documenting this.

Comment 6 — Registration triples only local (dkg-agent.ts:1987)
Same V10.0 limitation. Registration is local metadata. Peers discover sub-graphs when they receive data via GossipSub or by querying the admin's node. Added to the createSubGraph() JSDoc.

Comment 7 — KA metadata in sub-graph _meta breaks read paths (dkg-publisher.ts:704)
Fixed. Removed the targetMetaGraphUri override — KC metadata (status, authorship proofs) now stays in the root _meta graph so lookupKAMeta() and resolveKA() can discover KCs without knowing the sub-graph.

Comment 8 — No validation on subGraphName in query engine (dkg-query-engine.ts:120)
Fixed. Added validateSubGraphName() call before the subGraphName is used to build the GRAPH <...> URI.

Comment 9 — Type contract mismatch for view + subGraphName (query-engine.ts:30)
Fixed. subGraphName + view now throws at runtime with a clear error message. Updated QueryOptions JSDoc to document the restriction. Test updated to expect rejection.

All 9 e2e + 20 existing e2e + 87 query + 533 publisher tests pass.

[github-actions]

🔴 Bug: Routing only the public triples into /{subGraphName} breaks KA resolution. DKGQueryEngine.resolveKA() still reads public data from the root contextGraphDataUri(contextGraphId), and the metadata written here does not record which sub-graph actually holds the triples. A KA published into a sub-graph becomes discoverable in _meta but resolves to zero public quads. Either persist the sub-graph on the KC metadata and update the read path, or keep sub-graph publishes on the root graph until readers support it.

[branarakic]

Fixed in 0f91986 — resolveKA() now queries for dkg:subGraphName in KC metadata and reads from the correct sub-graph data graph. Both tentative and confirmed metadata now include subGraphName.

[github-actions]

🔴 Bug: This exposes subGraphName on publishes even though the gossip path still serializes only raw triples plus paranetId. Receiving nodes therefore store replicated data in the root graph, so query(..., { subGraphName }) on peers will miss the replicated batch. Either include the sub-graph in PublishRequestMsg/PublishHandler, or reject sub-graph publishes when replication is expected.

[branarakic]

Fixed in 0f91986 — PublishRequestSchema now includes field 15 subGraphName. broadcastPublish() populates it from result.subGraphName. GossipPublishHandler validates the name, calls ensureSubGraph(), and routes data into the sub-graph named graph. Structural validation (Rule 1) accepts sub-graph graph URIs via new expectedGraph option.

[github-actions]

🔴 Bug: This truthy check skips validation for subGraphName: '', so an empty value silently falls back to the root data graph instead of throwing the new validation error. Check for subGraphName !== undefined (and trim if needed) before routing; the query path has the same issue.

[branarakic]

Fixed in 0599067 — validateOptionalSubGraph() rejects empty strings. Applied at all entry points (share(), draft*(), publish()).

[github-actions]

🟡 Issue: createSubGraph() always inserts a fresh registration with a new timestamp, so retries create multiple _meta rows for the same sub-graph and listSubGraphs() can return duplicates or conflicting metadata. Make this idempotent by checking for an existing registration or replacing it before insert.

[branarakic]

Fixed in 0599067 — createSubGraph() now calls listSubGraphs() first and returns early if a sub-graph with the same name already exists.

[github-actions]

🔴 Bug: removeSubGraph() drops the named graphs but leaves any KC metadata that sub-graph publishes wrote to the parent _meta graph. After this call, UAL/rootEntity metadata can still be discovered even though the public triples were deleted. Either block removal while the sub-graph still contains published data, or delete the corresponding KC metadata before dropping the graphs.

[branarakic]

Addressed in 0f91986 — removeSubGraph() now also drops draft/assertion graphs under the sub-graph prefix and clears the SWM ownership cache. KC metadata in the root _meta graph intentionally remains for historical auditability (the dkg:subGraphName triple allows future cleanup if needed).

[github-actions]

🔴 Bug: This only reroutes the data graph. The KC/KA metadata still stays in the root _meta and does not record which sub-graph owns the triples, but existing lookup paths (resolveKA(), access lookups) reconstruct the data graph from contextGraphId alone. A sub-graph publish can therefore produce a UAL that later resolves to no public/private triples. Persist the sub-graph in metadata and teach the lookup paths to use it, or keep data and metadata collocated.

[branarakic]

Fixed in 0f91986 — resolveKA() now queries for dkg:subGraphName in KC metadata and reads from the correct sub-graph data graph. Both tentative and confirmed metadata now include subGraphName.

[github-actions]

🔴 Bug: The physical SWM graph is now sub-graph-scoped, but the duplicate/ownership bookkeeping above is still keyed only by contextGraphId. If the same root entity is written in two sub-graphs, the second write is treated as an upsert/conflict against the first one and can delete the wrong metadata. sharedMemoryOwnedEntities, validation input, and write-lock keys need a sub-graph dimension too (same issue exists on the receiver path).

[branarakic]

Fixed in 0599067 — SWM ownership map uses composite key contextGraphId\0subGraphName. Write lock keys also include the sub-graph name.

[github-actions]

🔴 Bug: subGraphName is coming from the gossip payload, but it is never validated before being interpolated into graph IRIs. A malicious peer can send an invalid/reserved name and make this handler query or write unexpected graphs. Validate subGraphName with validateSubGraphName() before constructing swmGraph/swmMetaGraph.

[branarakic]

Fixed in 0599067 — workspace-handler.ts now calls validateSubGraphName() on the gossip payload's subGraphName before using it.

[github-actions]

🔴 Bug: publishFromSharedMemory() now reads from a sub-graph SWM, but the confirmed-cleanup path later still hard-codes sharedMemoryMetaUri(contextGraphId) and sharedMemoryOwnedEntities.delete(contextGraphId). Publishing one sub-graph will leave stale ownership/share metadata in that sub-graph, and clearSharedMemoryAfter can wipe ownership state for unrelated sub-graphs. Thread subGraphName through the cleanup/meta bookkeeping as well.

[branarakic]

Fixed in 0599067 — SWM cleanup path now uses sub-graph-scoped swmMetaGraph URI and swmOwnershipKey.

[github-actions]

🔴 Bug: draftPromote() is the only new sub-graph draft path that skips validateOptionalSubGraph(). opts.subGraphName is interpolated directly into a GRAPH <...> query here, so invalid input can break the query or target an unintended graph. Validate the sub-graph before building graphUri/swmGraphUri.

[branarakic]

Fixed in 0599067 — draftPromote() now calls validateOptionalSubGraph().

[github-actions]

🔴 Bug: description is inserted as a raw RDF literal. A normal description containing " or a newline will generate an invalid N-Quads term and make createSubGraph() fail. Escape literal contents (or use a helper that builds RDF-safe literals) before storing it.

[branarakic]

Fixed in 0599067 — lit() helper now escapes backslashes, double quotes, newlines, and carriage returns.

[github-actions]

🔴 Bug: this only threads subGraphName into the local publish call. The multi-node publishFromSharedMemory path is still root-only: PublishIntent/StorageACKHandler verify <cg>/_shared_memory, and FinalizationMessage/FinalizationHandler also promote from the root SWM graph. A sub-graph SWM publish can therefore fail ACK quorum or never finalize correctly on peers. Propagate sub-graph context through those protocols before exposing this option.

[branarakic]

Fixed in 0f91986 — FinalizationMessageSchema now includes field 14 subGraphName. Agent passes it through from publishFromSharedMemory options. FinalizationHandler validates, resolves sub-graph-scoped SWM graphs, promotes data into the correct sub-graph data graph, and records subGraphName in confirmed KC metadata.

[github-actions]

🔴 Bug: publish() now accepts subGraphName, but broadcastPublish() still emits the existing PublishRequest wire format, which has no sub-graph field, and receivers store publish payloads in the root graph. In a multi-node setup the publisher will see data under /{subGraph}, while peers will only see it in the root graph. Either carry subGraphName through the publish protocol or reject non-local sub-graph publishes until replication is implemented.

[branarakic]

Fixed in 0f91986 — PublishRequestSchema now includes field 15 subGraphName. broadcastPublish() populates it from result.subGraphName. GossipPublishHandler validates the name, calls ensureSubGraph(), and routes data into the sub-graph named graph. Structural validation (Rule 1) accepts sub-graph graph URIs via new expectedGraph option.

[github-actions]

🔴 Bug: this adds sub-graph query routing, but resolveKA() still always reads from contextGraphDataUri(contextGraphId). A KA published into /{subGraph} will resolve its metadata successfully, then lookupEntity/UAL resolution returns no triples because it never looks in the sub-graph data graph. Please resolve the target graph from metadata instead of hardcoding the root graph.

[branarakic]

Fixed in 0f91986 — resolveKA() now queries for dkg:subGraphName in KC metadata and reads from the correct sub-graph data graph. Both tentative and confirmed metadata now include subGraphName.

[github-actions]

🔴 Bug: the tentative path records dkg:subGraphName, but the confirmed path above still calls generateConfirmedFullMetadata() without it. After a successful on-chain publish, the _meta graph loses the only pointer telling consumers which sub-graph holds the KC. Pass subGraphName through the confirmed branch as well and add a regression test for confirmed publishes.

[branarakic]

Fixed in 0f91986 — generateConfirmedFullMetadata() now receives subGraphName: options.subGraphName so confirmed KC metadata durably records which sub-graph owns the data.

[github-actions]

🟡 Issue: this validates the sub-graph token but never verifies that the sub-graph was actually created/registered first. With the current store behavior, a typo here can write into an undeclared named graph, so createSubGraph(), listSubGraphs(), and cleanup logic no longer reflect where the data lives. Check the _meta registration (or explicitly ensure/create the graph) before accepting writes.

[branarakic]

Fixed in 0f91986 — publish() now runs an ASK query against the _meta graph to verify the sub-graph registration exists before writing. Throws a clear error directing the caller to createSubGraph() first.

[github-actions]

🔴 Bug: This records subGraphName only on tentative metadata. The confirmed branch above still calls generateConfirmedFullMetadata(...) without it, so once the KC is confirmed there is no durable pointer to the sub-graph that actually holds the data. Existing dereference/read paths then fall back to the root graph and can no longer find the published quads. Pass subGraphName through the confirmed metadata path as well, and make the read side honor it.

[branarakic]

Fixed in 0f91986 — generateConfirmedFullMetadata() now receives subGraphName: options.subGraphName so confirmed KC metadata durably records which sub-graph owns the data.

[github-actions]

🔴 Bug: Local publish now routes into /{subGraphName}, but the publish gossip flow still broadcasts only raw quads plus paranetId. broadcastPublish()/GossipPublishHandler never receive the sub-graph, so peers store the same KC in the root data graph and diverge from the publisher. Either add subGraphName to the publish protocol/handler or reject distributed sub-graph publishes until replication is implemented.

[branarakic]

Fixed in 0f91986 — PublishRequestSchema now includes field 15 subGraphName. broadcastPublish() populates it from result.subGraphName. GossipPublishHandler validates the name, calls ensureSubGraph(), and routes data into the sub-graph named graph. Structural validation (Rule 1) accepts sub-graph graph URIs via new expectedGraph option.

[github-actions]

🔴 Bug: publishFromSharedMemory(..., { subGraphName }) forwards the sub-graph into the local publish, but the finalization message sent below is still the legacy one. FinalizationHandler only checks the root _shared_memory / _shared_memory_meta graphs, so peers with the same sub-graph SWM snapshot cannot verify and promote this publish. Carry subGraphName through the finalization protocol and read the matching sub-graph SWM on receipt.

[branarakic]

Fixed in 0f91986 — FinalizationMessageSchema now includes field 14 subGraphName. Agent passes it through from publishFromSharedMemory options. FinalizationHandler validates, resolves sub-graph-scoped SWM graphs, promotes data into the correct sub-graph data graph, and records subGraphName in confirmed KC metadata.

[github-actions]

🟡 Issue: This only drops the data/meta/SWM graphs. Draft graphs under did:dkg:context-graph:{cg}/{subGraph}/draft/... and the in-memory ownership cache for ${contextGraphId}\0${subGraphName} survive, so recreating the same sub-graph in the same process can expose stale draft data or reject writes against old owners. Remove by prefix and clear the cache entry as part of sub-graph deletion.

[branarakic]

Fixed in 0f91986 — removeSubGraph() now lists all graphs with the sub-graph draft prefix and drops them. Also calls publisher.clearSubGraphOwnership() to clean the in-memory SWM ownership cache.

[github-actions]

🔴 Bug: Falling back to the root data graph on an invalid subGraphName changes the write target instead of rejecting bad input. A malformed or malicious gossip message can therefore pollute canonical root storage on replicas. Please drop/ignore the message here rather than rerouting it (the finalization path has the same issue).

[branarakic]

Fixed in b3a0cb0 — both the gossip handler and finalization handler now return (drop the message) on invalid subGraphName instead of falling back to the root graph.

[github-actions]

🟡 Issue: This routes the publish into /{subGraph}, but the later validatePublishRequest() call still validates against did:dkg:context-graph:{id}. Any caller that reuses quads with graph already set to the sub-graph URI will now fail Rule 1 even though we overwrite the graph before storing. Pass expectedGraph: sgUri here (and in _shareImpl) or strip graph values before validation.

[branarakic]

Not an issue for the publisher's internal path — at validation time (line 803), quads have empty graph fields (from autoPartition). The graph is set to the sub-graph URI after validation at line 821. For the gossip handler, we already pass expectedGraph in 0f91986.

[github-actions]

🟡 Issue: This only returns explicit _meta registrations. Replicated peers call ensureSubGraph() when they receive sub-graph data, but no handler writes those dkg:SubGraph triples, so listSubGraphs() stays empty even though the named graphs exist locally. Either persist discovery metadata on first sight or fall back to GraphManager.listSubGraphs() here so GossipSub discovery actually works.

[branarakic]

Fixed in b3a0cb0 — the gossip handler now checks for existing dkg:SubGraph registration in _meta and auto-inserts registration triples via generateSubGraphRegistration() if missing. This makes listSubGraphs() work correctly on replicas that discover sub-graphs through gossip.

[github-actions]

🔴 Bug: This only reroutes the target graph. Earlier in publish() the Rule 4 ownership check still reads ownedEntities.get(contextGraphId), so a root entity that already exists in the root graph or another sub-graph will still be rejected as a duplicate. That breaks the sub-graph isolation this PR is introducing. Scope publish ownership/exclusivity by (contextGraphId, subGraphName) when subGraphName is set.

[branarakic]

Fixed in dabf78f. ownedEntities (confirmed publish tracker) is now keyed by contextGraphId\\0subGraphName — matching sharedMemoryOwnedEntities. All three usage sites (SWM write, confirmed validation, post-confirm tracking) use the scoped key so the same root entity can exist independently in different sub-graphs.

[github-actions]

🔴 Bug: The new sub-graph finalization path still computes merkleRoot from getPrivateRootsFromMeta(contextGraphId, msgRootEntities) a few lines below, so private roots stored in <subGraph>/_shared_memory_meta are ignored during promotion. A sub-graph publish with privateQuads will verify against one Merkle root and then persist different KC metadata locally. Pass subGraphName through to that lookup as well.

[branarakic]

Fixed in dabf78f. The promoteSharedMemoryToCanonical call at line 339 now passes subGraphName to getPrivateRootsFromMeta, so private roots are read from the sub-graph-scoped SWM meta graph instead of the root one.

[github-actions]

🔴 Bug: request.paranetId is interpolated directly into this SPARQL GRAPH <...> query before any IRI sanitization. A crafted context-graph id can break the query or inject extra patterns into it. Reuse a safe helper here (or validate/escape the graph and subject IRIs first) before issuing the ASK.

[branarakic]

Fixed in dabf78f. Added assertSafeIri on both request.paranetId and sgUri before interpolating into the SPARQL ASK query. Note: the injection vector was already mitigated by the earlier request.paranetId !== contextGraphId check (lines 58-67) which rejects mismatched IDs, but assertSafeIri adds defense-in-depth.

[github-actions]

🔴 Bug: This makes rootEntity uniqueness sub-graph scoped, but private content is still stored and resolved only by contextGraphId + rootEntity (PrivateContentStore / AccessHandler). Two KAs in different sub-graphs can now publish the same root with different private triples, and access for one KA will read the other's private payload from the shared _private graph. Either namespace private storage/access by subGraphName too, or keep private publishes globally exclusive on rootEntity.

[branarakic]

Fixed in 02633d2. PrivateContentStore now accepts optional subGraphName on all methods. When set, private triples are stored in {cgId}/{sgName}/_private instead of the shared root _private graph. AccessHandler.lookupKAMeta reads dkg:subGraphName from KC metadata and passes it through. ensureSubGraph also creates the sub-graph private graph now.

[github-actions]

🔴 Bug: This persists a sub-graph registration before the publish has passed structural validation or any later verification. A malformed or malicious gossip message can therefore create durable _meta entries (and createSubGraph() will later treat them as already existing) even though the publish is rejected. Move the registration insert until after the publish is accepted, or gate it on confirmed/finalized data.

[branarakic]

Acknowledged — deferring to a follow-up PR. The risk is minimal: auto-registration requires a valid sub-graph name (passes validateSubGraphName), only creates metadata entries (not data), and createSubGraph is idempotent. Will reorder to post-validation in a sub-graph hardening PR.

[github-actions]

🔴 Bug: removeSubGraph() only clears the SWM ownership cache. Confirmed ownership for the same contextGraphId\0subGraphName still remains in publisher.ownedEntities, so recreating the sub-graph and publishing an old rootEntity again can still fail Rule 4 even though the graphs were dropped. Clear the publisher's confirmed-ownership entry for this sub-graph as well.

[branarakic]

Acknowledged — deferring to a follow-up PR. The remove→recreate→republish cycle is uncommon. Will add clearConfirmedOwnership to the publisher and call it from removeSubGraph in a sub-graph hardening PR.

[github-actions]

🔴 Bug: The new composite ownership key also needs to be rebuilt on startup, but reconstructSharedMemoryOwnership() still only hydrates plain context-graph keys from the root SWM meta graph. After a node restart, sub-graph SWM ownership disappears from memory, so the first write into that sub-graph can bypass the creator-only conflict checks. Update reconstruction to enumerate sub-graph SWM meta graphs and populate the same contextGraphId\0subGraphName keys.

[branarakic]

Fixed in 02633d2. reconstructSharedMemoryOwnership now enumerates all graphs, discovers sub-graph SWM meta graphs matching the pattern {cgId}/{sgName}/_shared_memory_meta, and populates contextGraphId\\0subGraphName keys in sharedMemoryOwnedEntities. Inner logic extracted to reconstructOwnershipFromGraph to avoid duplication.

[github-actions]

🔴 Bug: authorizedWriters is only recorded as metadata here; none of the local or gossip write paths consult it before accepting share()/publish() requests. That means any peer who knows the sub-graph name can still write into it, which turns this into a misleading authorization control. Either enforce the writer list in the write handlers or remove this option until it is actually enforced.

[branarakic]

Acknowledged — deferring to a follow-up PR. authorizedWriters is intentionally advisory-only for V10.0 (convention-based sub-graphs, no on-chain enforcement). Will either add enforcement in the write handlers or remove the option and document the advisory pattern clearly.

[github-actions]

🔴 Bug: removeSubGraph() drops the data/meta/SWM graphs but not the sub-graph private graph (did:dkg:context-graph:{id}/{subGraphName}/_private). Private triples will survive a 'remove' and can resurface if the sub-graph is recreated. Include gm.subGraphPrivateUri(...) in this cleanup and clear the matching private-store state.

[branarakic]

Fixed in dfff789. removeSubGraph now includes gm.subGraphPrivateUri(contextGraphId, subGraphName) in the graph drop list.

[github-actions]

🔴 Bug: this only clears the shared-memory ownership map. Confirmed ownership and private-content caches stay keyed under the same contextGraphId\0subGraphName, so removing and recreating a sub-graph can still hit Rule 4 / stale private-data behavior until restart. Add a full sub-graph cleanup hook for the publisher/private-store caches as well.

[branarakic]

Acknowledged — deferring to a follow-up sub-graph hardening PR. The SWM ownership cache is cleared, but confirmed ownership (ownedEntities) and private-store in-memory caches still need cleanup hooks. The remove→recreate→republish cycle is uncommon but should be handled.

[github-actions]

🟡 Issue: sub-graph shares only validate the name; they never verify that the sub-graph was actually registered. A typo or missing createSubGraph() will happily write into /{name}/_shared_memory, but publish() later rejects the same name because it does require registration. Require registration here (and in the remote SWM handler) or auto-register consistently.

[branarakic]

Acknowledged — deferring to a follow-up PR. The inconsistency is low risk since publish() will reject unregistered sub-graphs anyway. Will either add a registration check to the SWM write path or auto-register consistently in the hardening PR.

[github-actions]

🔴 Bug: publishFromSharedMemory(..., { subGraphName }) now routes data through sub-graph SWM, but the V10 StorageACK protocol still only carries contextGraphId. In the fromSharedMemory path there are no inline stagingQuads, so core nodes will look in the root SWM graph and reject valid sub-graph publishes. Extend PublishIntent/StorageACKHandler with subGraphName, or disable the SWM-ACK path for sub-graph publishes until that protocol change is in place.

[branarakic]

Acknowledged — deferring to a follow-up PR. Extending the StorageACK protocol (PublishIntent/StorageACKHandler) with subGraphName is a protocol-level change with significant scope. For now, the self-signed ACK fallback handles sub-graph publishes. Will address in a dedicated protocol update PR.

[github-actions]

🔴 Bug: exposing subGraphName on PublishOptions makes sub-graph KCs a supported public shape, but the update path still hard-codes the root data/private graphs and has no way to recover the KC's sub-graph. Updating one of these KCs will write replacement triples into the root graph and leave the original sub-graph copy behind. Either thread sub-graph scope through updates or explicitly reject updates for sub-graph KCs for now.

[branarakic]

Fixed in dfff789. update() now throws a clear error when options.subGraphName is set, preventing silent writes into the wrong graph. Full sub-graph-aware update support will be added in a follow-up PR.

[github-actions]

🔴 Bug: this path routes incoming SWM writes into a sub-graph, but it never registers that sub-graph in the root _meta graph. A peer that only learns about a sub-graph through share() gossip will not show it in listSubGraphs(), and publishFromSharedMemory(..., { subGraphName }) will later fail the registration check in publish(). Mirror the auto-registration logic from GossipPublishHandler here.

[branarakic]

Fixed in ec73758. SharedMemoryHandler now mirrors GossipPublishHandler: calls ensureSubGraph, then idempotently inserts dkg:SubGraph registration triples into _meta when receiving SWM writes for a sub-graph. listSubGraphs() will now work on peers that discover sub-graphs through share() gossip.

[github-actions]

🔴 Bug: authorizedWriters is exposed as part of the public API here, but the new sub-graph write paths never consult it. publish, share, incoming gossip publishes, and SWM handlers all accept writes regardless of this list, so callers can think a sub-graph is write-restricted when it is not. Either enforce it at those ingress points or remove/rename the option until it is actually supported.

[branarakic]

Acknowledged — already deferred. authorizedWriters is intentionally advisory-only for V10.0 (convention-based sub-graphs). Will either enforce at write ingress points or remove the option in the sub-graph hardening PR.

[github-actions]

🔴 Bug: authorizedWriters values are interpolated directly into IRIs without validation or escaping. A malformed value containing whitespace or > will produce invalid RDF/N-Quads here and can break createSubGraph() for user-provided input. Validate each writer id with a safe-IRI helper before emitting quads, or store it as a literal instead of an IRI.

[branarakic]

Fixed in ec73758. generateSubGraphRegistration now validates each authorizedWriters value with isSafeIri before emitting the quad. Malformed values are silently skipped, preventing broken N-Quads.

[github-actions]

🔴 Bug: removing a sub-graph only clears the SWM ownership cache. The confirmed-entity cache and private-triple cache remain keyed by contextGraphId\0subGraphName, so recreating the same sub-graph can still hit stale Rule 4 conflicts, and access checks can still believe deleted private triples exist. Dropping the graphs needs to clear all sub-graph-scoped in-memory caches, not just sharedMemoryOwnedEntities.

[branarakic]

Acknowledged — already deferred (third mention). Full sub-graph cache cleanup in removeSubGraph (confirmed ownership + private store) will be addressed in the sub-graph hardening PR.

[github-actions]

🟡 Issue: this test explicitly treats replication into the root graph as success, which means it will not catch the core regression this PR is trying to prevent: losing sub-graph isolation on replicas. The assertion should require the data to appear under subGraphName: 'data' and fail if it lands in the root graph instead.

[branarakic]

Acknowledged — deferring to a follow-up PR. The current test verifies data replication works end-to-end; tightening the assertion to require sub-graph isolation (data in subGraphName: 'data' not root) is a valid improvement that will be added alongside the StorageACK protocol changes.

[github-actions]

🔴 Bug: authorizedWriters is only persisted as registration metadata here; none of the local or replicated write paths (publish, share, workspace gossip, publish gossip) consult it before accepting a sub-graph write. That means a caller can create a supposedly restricted sub-graph and any peer can still write into it by setting subGraphName. Either enforce this on every ingress path or avoid exposing the option until it is real.

[github-actions]

🔴 Bug: this only clears the SWM ownership cache. The publisher's confirmed-entity cache and the private-store cache for the same {contextGraphId}\0{subGraphName} scope are left intact, so after removeSubGraph() + recreate, re-publishing the same root entity can still fail Rule 4 or surface stale private-data lookups until restart. Clear all sub-graph-scoped caches when dropping the sub-graph.

[github-actions]

🔴 Bug: adding subGraphName to ShareOptions also advertises sub-graph support on conditionalShare(), but that path still locks on ${contextGraphId}\0${subject} and checks the root _shared_memory graph only. A CAS write targeting a sub-graph will validate against the wrong graph and can reject or apply based on unrelated root SWM state. Thread subGraphName through conditionalShare/_executeConditionalWrite (including the lock key) or keep it out of the shared options type until supported.