Multi-agent memory spaces: explicit sharing and access grants

[aurexav]

Summary

Add explicit multi-agent memory spaces and sharing grants.

Problem

Multi-agent collaboration needs explicit permissioned sharing; implicit visibility is unsafe.

In Scope

• Define spaces: private, team_shared, org_shared.
• Add publish/grant actions for controlled sharing.
• Enforce read/write permissions in list/search/details APIs.
• Record who shared what and when.

Out of Scope

• Organization-wide RBAC redesign.
• Cross-tenant sharing.

Deliverables

• Space and grant model.
• API permission checks.
• Audit fields and logs.
• Tests for access control boundaries.

Acceptance Criteria

• Private memory is hidden by default.
• Sharing requires explicit publish/grant operations.
• Access checks are enforced consistently.
• Audit trail captures sharing actor and timestamp.

Dependencies

• Memory Policy v2: explicit remember/update/ignore/reject decisions #51

Implementation Checklist

• Space model and migration.
• Grant APIs.
• Enforcement in search and detail endpoints.
• Audit and integration tests.

Done When

• Multi-agent sharing is explicit, auditable, and safe by default.

[aurexav]

Implemented in commit ecfccbd (message: Add explicit memory sharing grants and publish endpoints). Verification evidence: cargo make checks, cargo make test-integration, and cargo make e2e all passed.