Evidence-First Claude Session MiningLesson 4/8
Structural manifest

From U1 Metadata to U2 Structure

Cross the content boundary deliberately: stream structure locally, emit metadata only.

U2 LIVE: PROVENSYNTHETIC EXAMPLE · /demo-claude/
U1 metadata boundary expands to U2 local structural reading but output remains metadata onlyU1path · size · mtimeU2local structural byteshash · faults · windowsmetadata onlypayload never emitted
U1 metadata boundary expands to U2 local structural reading but output remains metadata only.
You will be able to
  • State the exact privacy difference between U1 and U2.
  • Name every metadata field U2 may emit.
  • Explain why journals gain a separate class in U2.
1

Core model

U1 answers what exists. U2 answers how those bytes are framed and safely divided. That requires reading structural content, so the privacy report changes honestly. U2 may emit sizes, hashes, timestamp bounds, faults, and window ranges; it may not emit a line, prompt, response, or parsed message object.

Mental model: U1 labels sealed film canisters. U2 runs each film through a local frame counter but never projects an image onto a screen.

`ClaudeManifestFs` extends the accepted inventory port with handle identity and `openByteSource`. The returned bytes are `AsyncIterable<Uint8Array>`. The manifest is ordered by the U1 relative paths, while U2 gives basename `journal.jsonl` classification precedence.

2

Boundary table

QuestionObserved boundaryOwnerVerdict
Content readfalsetrue (structural)Boundary changed
Emitted contentfalsefalseInvariant
Hash / records / windowsUnavailableAvailableU2 metadata
Network / model / writesfalsefalseInvariant
Primary local sourcedocs/fable-session-mining/U2-MANIFEST-SCOPE.md
alembic sessions manifest <dir> \
  --max-window-bytes 33554432 \
  --overlap-records 0 \
  --json
Structural read: Local byte access used only to derive safe metadata.Structural read
Local byte access used only to derive safe metadata.
Emitted content: Raw or parsed user payload crossing the output boundary.Emitted content
Raw or parsed user payload crossing the output boundary.
Sanitized fault: Index + byte range + stable code, no fragment.Sanitized fault
Index + byte range + stable code, no fragment.
journal: Structurally hashed, intentionally not windowed.journal
Structurally hashed, intentionally not windowed.
3

Synthetic lab

Choose an output field. Is it allowed?

4

Retrieval and feedback

Predict before revealing

May U2 print the invalid JSON fragment that caused a fault?

No. It emits only record index, half-open byte range, and a stable fault code.

Retrieval cards

Retrieval cardsStructural readActivate to flip
Structural readLocal byte access used only to derive safe metadata.
Retrieval cardsEmitted contentActivate to flip
Emitted contentRaw or parsed user payload crossing the output boundary.
Retrieval cardsSanitized faultActivate to flip
Sanitized faultIndex + byte range + stable code, no fragment.
Retrieval cardsjournalActivate to flip
journalStructurally hashed, intentionally not windowed.

Check your model

Which privacy statement is honest for U2?

U2 crosses the read boundary to derive structure, then keeps payload inside.
5

Evidence ledger

Contract · PROVENSCOPE + source
Implementation · PROVENfocused code + tests
Compiled boundary · PROVENU2 receipt recorded
Independent probe · PROVENU2 files/hashes/bytes match

Authority: docs/fable-session-mining/LOOP-LOG.md. Tests never upgrade a missing live receipt.