Module summary 

Phase 4.D LLM-summary execution path.

Posture today

run_llm_summary_job is wired end-to-end:

1. If operator_attestation is None, the call refuses with DecayError::LlmSummaryRequiresOperatorAttestation under the stable invariant super::DECAY_LLM_SUMMARY_REQUIRES_OPERATOR_ATTESTATION_INVARIANT. LLM summarisation is operator-fired only — the schema-migration boundary is the precedent: a destructive / non-deterministic action cannot be unattended.

2. If operator_attestation is Some(path), the envelope at that path is parsed and structurally validated (Ed25519 signature over the canonical bytes, schema_version, purpose discriminator). Any validation failure refuses with DecayError::LlmSummaryAttestationRejected under the stable invariant super::DECAY_LLM_SUMMARY_ATTESTATION_REJECTED_INVARIANT.

3. With the envelope verified, the function loads source memories / episodes from the store, builds a cortex_llm::SummaryRequest carrying the operator-pinned model_name and prompt_template_blake3, and calls cortex_llm::SummaryBackend::summarize. Any backend refusal (allowlist mismatch, prompt template mismatch, upstream failure, output validation failure, or the noop default backend) surfaces as DecayError::LlmSummaryBackendCallFailed under the stable invariant super::DECAY_LLM_SUMMARY_BACKEND_CALL_FAILED_INVARIANT.

4. On a successful backend call, the function validates that the backend’s model_name_echoed byte-equals the envelope’s model_name (so a silently-routed provider cannot launder the attestation pin) and that the produced claim is non-empty and within the deterministic byte budget. It then composes a candidate-tier MemoryCandidate under the same pessimistic-merge posture as the deterministic compressor (super::compress): confidence = min(source confidences), authority = lowest-trust authority among sources, provenance = deduplicated union of source provenance arrays. The candidate is persisted with MemoryRepo::insert_candidate and supersession edges are recorded for every source via DecayJobRepo::record_memory_supersession (for memory sources) or DecayJobRepo::record_episode_supersession (for episode sources).

CLI default posture

The CLI surface (cortex decay run --operator-attestation <PATH>) injects a cortex_llm::NoopSummaryBackend today. That means a production LLM-summary run will get all the way through envelope verification and then refuse with DecayError::LlmSummaryBackendCallFailed (reason summary_backend_not_configured). Operators who want to actually produce summaries inject a hosted backend programmatically, or pass a cortex_llm::ReplaySummaryBackend fixture in CI.

Doctrine note

An LLM summary is candidate-tier evidence only. It is NEVER directly promoted to principle: the standard cortex_memory::lifecycle::accept_candidate ceremony still applies (proof closure, contradiction scan, semantic trust, operator temporal authority). The LLM call itself is gated by operator attestation, and the per-call attestation binds the operator’s signing key to:

• the model name (so a captured envelope cannot authorise a different model);
• the source ids being compressed — bound via the decay job id, so a captured envelope cannot be replayed against a different source set;
• the prompt template digest (so a captured envelope cannot silently swap prompts).

Structs

LlmSummaryOperatorAttestationEnvelope

On-disk envelope for an operator attestation authorising an LLM summary job. Structurally analogous to the migration-attestation envelope: the Ed25519 signature is computed over a domain-tagged length-prefixed binary encoding of the non-signature fields.

Functions

canonical_signing_input

Canonical signing input for the LLM-summary operator attestation envelope. Length-prefixed big-endian framing, fixed field order, with a 1-byte domain tag that is structurally disjoint from the migration-attestation domain. The LLM-summary domain tag is 0x21.

run_llm_summary_job

Run an LLM-summary decay job.

run_llm_summary_job_typed

Run an LLM-summary decay job for a typed DecayJobKind. Convenience wrapper used by callers that already hold a typed super::DecayJob.