Database is source of truth
Pandora will treat its own Supabase Postgres database as durable memory, not ChatGPT built-in memory.
Foundation shell
Pandora foundation
Pandora Memory Engine is being built to manage real-life and AU/story continuity with strict namespace isolation, durable database-backed memory, and auditable changes. The current app is foundation-only.
The shell is intentionally honest about what exists.
No live data
This landing page does not show fake counts, fake AU worlds, fake people, fake risks, fake promises, or fake audit activity. Future pages must connect to real implemented services before showing live data.
These rules shape the UI before the backend memory engine exists.
Pandora will treat its own Supabase Postgres database as durable memory, not ChatGPT built-in memory.
Real-life and AU/story memory must remain separated in every future query, write, and UI state.
Foundation UI must not invent people, worlds, relationships, promises, risks, deals, scenes, metrics, or audit logs.
Memory patch writes go through an internal create-only service and still expose no public routes.
The database policy layer now has an owner boundary; service-layer validation remains separate.
Table names and namespace expectations are now represented in reusable TypeScript helpers.
Service helpers prepare owner-bound records from authenticated context before future database operations.
Core repositories filter by owner and namespace, and still expose no public memory API surface.
Memory candidates are checked for namespace, type, source, and patch safety before any future persistence path.
Candidate services are internal-only and do not expose public ingest or patch routes.
Logging services are internal-only and write through owner-bound repositories without exposing public routes.
Patch services validate patch candidates and write audit rows without exposing mutation routes.
Retrieval services use owner and namespace repository filters and do not expose public search routes.
Mutation routes must later use real transaction behavior and persistent idempotency before exposure.
Internal mutation wrappers now check idempotency before writes and record outcomes, but no public mutation route exists.
Database function helpers coordinate idempotent claim and finish records, but no memory mutation is public yet.