Trust model
Explicit trust boundaries beat implied trustlessness.
Memora is designed to minimise blast radius and make trust assumptions inspectable. It is not presented as a trustless system.
What the system proves
Depending on the commit path, Memora can prove caller authorization, claimed signer identity, or actual signature possession through on-chain `ecrecover`.
It also preserves a replayable trail of ordering and parent linkage so teams can verify the captured record independently.
What still depends on off-chain checks
Digest content, payload plaintext integrity, runtime integrity, and parts of replay correctness are all verified off-chain today.
On-chain
Ownership, delegation, signer registry, strict modes, and VERIFIED / TEE signature checks.
Off-chain
Digest correctness, parent ordering, payload integrity after decryption, and replay analysis.
Infrastructure-trusted
Supabase index state, KEK custody, and service-network isolation.
Operator key
Can submit arbitrary VERIFIED commits, but cannot forge agent signatures or decrypt payloads.
Agent signing key
Can forge that agent's signatures, but still needs operator acceptance for writes.
MEMORA_KEK
Can unlock payload confidentiality, but cannot forge signatures.
Supabase service role
Can corrupt index state and credentials, but cannot forge signatures or decrypt ciphertext.