fix(retrieval): enforce project-scoped context boundaries

docs/master-plan-status.md

@@ -70,9 +70,14 @@ read-only additive mode.
 - Phase 6 - AtoDrive
 - Phase 10 - Write-back
 - Phase 11 - Multi-model
-- Phase 12 - Evaluation
 - Phase 13 - Hardening
 
+### Partial / Operational Baseline
+
+- Phase 12 - Evaluation. The retrieval/context harness exists and runs
+  against live Dalidou, but coverage is still intentionally small and
+  should grow before this is complete in the intended sense.
+
 ### Engineering Layer Planning Sprint
 
 **Status: complete.** All 8 architecture docs are drafted. The
@@ -126,11 +131,13 @@ This sits implicitly between Phase 8 (OpenClaw) and Phase 11
 (multi-model). Memory-review and engineering-entity commands are
 deferred from the shared client until their workflows are exercised.
 
-## What Is Real Today (updated 2026-04-16)
+## What Is Real Today (updated 2026-04-24)
 
-- canonical AtoCore runtime on Dalidou (`775960c`, deploy.sh verified)
+- canonical AtoCore runtime on Dalidou (`2b86543`, deploy.sh verified)
 - 33,253 vectors across 6 registered projects
-- 234 captured interactions (192 claude-code, 38 openclaw, 4 test)
+- 950 captured interactions as of the 2026-04-24 live dashboard; refresh
+  exact live counts with
+  `python scripts/live_status.py`
 - 6 registered projects:
   - `p04-gigabit` (483 docs, 15 state entries)
   - `p05-interferometer` (109 docs, 18 state entries)
@@ -138,12 +145,15 @@ deferred from the shared client until their workflows are exercised.
   - `atomizer-v2` (568 docs, 5 state entries)
   - `abb-space` (6 state entries)
   - `atocore` (drive source, 47 state entries)
-- 110 Trusted Project State entries across all projects (decisions, requirements, facts, contacts, milestones)
-- 84 active memories (31 project, 23 knowledge, 10 episodic, 8 adaptation, 7 preference, 5 identity)
+- 128 Trusted Project State entries across all projects (decisions, requirements, facts, contacts, milestones)
+- 290 active memories and 0 candidate memories as of the 2026-04-24 live
+  dashboard
 - context pack assembly with 4 tiers: Trusted Project State > identity/preference > project memories > retrieved chunks
 - query-relevance memory ranking with overlap-density scoring
-- retrieval eval harness: 18 fixtures, 17/18 passing on live
-- 303 tests passing
+- retrieval eval harness: 20 fixtures; current live has 18 pass, 1 known
+  content gap, and 1 blocking cross-project bleed guard targeted by the
+  current retrieval-scoping branch
+- 553 tests passing on the audit-improvements branch
 - nightly pipeline: backup → cleanup → rsync → OpenClaw import → vault refresh → extract → triage → **auto-promote/expire** → weekly synth/lint → **retrieval harness** → **pipeline summary to project state**
 - Phase 10 operational: reinforcement-based auto-promotion (ref_count ≥ 3, confidence ≥ 0.7) + stale candidate expiry (14 days unreinforced)
 - pipeline health visible in dashboard: interaction totals by client, pipeline last_run, harness results, triage stats
@@ -190,9 +200,9 @@ where surfaces are disjoint, pauses when they collide.
 | V1-E | Memory→entity graduation end-to-end + remaining Q-4 trust tests | pending V1-D (note: collides with memory extractor; pauses for multi-model triage work) |
 | V1-F | F-5 detector generalization + route alias + O-1/O-2/O-3 operational + D-1/D-3/D-4 docs | finish line |
 
-R14 (P2, non-blocking): `POST /entities/{id}/promote` route returns 500
-on the new V1-0 `ValueError` instead of 400. Fix on branch
-`claude/r14-promote-400`, pending Codex review.
+R14 is closed: `POST /entities/{id}/promote` now translates
+caller-fixable V1-0 provenance validation failures into HTTP 400 instead
+of leaking as HTTP 500.
 
 ## Next