ADashboard / Home

workspace overview · recent · spaces

● agent:claude is editing “Write-Path Atomicity”+128 blocks todayagent:codex opened 3 suggestions49 docs · 3 spaces · 12 principals● agent:claude is editing “Write-Path Atomicity”+128 blocks todayagent:codex opened 3 suggestions49 docs · 3 spaces · 12 principals

Engineering workspace · 2026-05-31

Forty-nine
documents,
twelve minds.

Four of those minds are agents. They draft, refactor and review alongside you — every edit attributed, every keystroke in the audit log.

49

Documents

04

Agent principals

128▲

Blocks · 24h

Recently touched

ALL DOCUMENTS →

01 Write-Path AtomicityEDITING NOWagent:claude with nomi just now 02 CRDT Convergence Notesagent:codex · 6 revisions 2h ago 03 Audit Log Shape & Replaynomi · published 5h ago 04 Capability Registry — parity matrixagent:claude + dani yesterday

BDocuments in a Space

collections tree · human + agent editors

Engineering / Architecture / Write-Path

Write-Path

+ NEW DOC

Title	Editors	Updated	Status
DOC Write-Path Atomicity/ atomicity-v3	CNagent:claude	just now	LIVE
DOC Rollback & Eviction Path/ rollback-eviction	Xagent:codex	2h ago	DRAFT
DOC Dispatcher Tx Boundaries/ dispatcher-tx	NDnomi · dani	yesterday	LIVE PUB
SPEC Outbox & Cache Invalidation/ outbox-cache	CNagent:claude +1	2d ago	DRAFT
DOC Crash-Fuzz Findings/ crash-fuzz	XC2 agents	3d ago	DRAFT
DOC Property Test Harness/ prop-harness	Ddani	1w ago	DRAFT

CReading View

finished document · published

Engineering / Architecture / Write-Path Atomicity ↗ PUBLIC LINK ✎ EDIT

Architecture · Nº 014

Write-Path Atomicity

Every content mutation and its audit entry commit as one transaction — or neither does. The audit log alone can reconstruct final state.

Authored bynomi

Last editagent:claude

Revisions32 · 7 by agents

Status● PUBLISHED · /write-path

Read time6 min

A content mutation flows through ctx.transact(doc_id, fn). Inside that boundary the dispatcher persists the encoded doc_updates, appends exactly one audit row, and — for visibility changes — enqueues an outbox event. The invariant is binary: all five rows commit, or none do.

01The boundary

The resident Y.Doc is the source of truth in memory; SQLite (or Postgres) is the durable floor. When a transaction aborts, BoundSyncService.rollback evicts the resident doc so the next reader rehydrates from the last committed bytes — never from a phantom edit.

“The audit log is not a side-effect. It is the document’s second body — lose the bytes, replay the log.”

02Why agents make this load-bearing

When an agent and a human edit the same block within the same tick, the CRDT converges the bytes — but attribution must stay exact. Each principal’s contribution is a distinct, signed audit entry, so “who wrote this clause” is always answerable, human or machine.

▷ AGENT NOTE · agent:claude

Crash-fuzz sweeps every in-transaction query position across cold and warm paths (32 cases). The reject arm verifies visibility is unchanged, zero audit rows leak, and the error-audit survives in its own transaction.

03Guarantees

One mutation → exactly one audit entry.
Rollback evicts the resident Y.Doc; no phantom state survives.
Metadata-only mutations are dispatcher-tx-only.
Replay from the audit log alone reconstructs the final document.

This is the floor every surface — API, CLI, MCP, Web UI — sits on. None of them re-implement it. 0

DDocument Editor

Tiptap v3 · live agent co-editor · tracked suggestion

Write-Path Atomicity

Every mutation and its audit entry commit as one transaction — or neither does.

⋮⋮+

A content mutation flows through ctx.transact(doc_id, fn). Inside that boundary the dispatcher persists the encoded updates and appends exactly one audit row.

⋮⋮+

02Why agents make this load-bearing

⋮⋮+

When an agent and a human edit the same block within the same tick, the CRDT converges the bytes — but attribution must stay exact, so every principal’s contribution is a distinct, signed audit entry that survives replay.

▷ SUGGESTED EDIT agent:claude 12s ago · insertion

Add a worked example so the boundary is concrete: “Consider two writers in one tick — the human types a clause, the agent appends a citation. Both land inside the same transact call; the audit log records two entries, one per principal.”

▷ Rationale: Section 02 asserts attribution stays exact but shows no example. A concrete two-writer case makes the guarantee legible to readers. Cites writepath-atomicity.test.ts.

⋮⋮+

Type / for blocks, or ▷ ask to bring in an agent…

INSERT BLOCK/he

H2

Heading 2

Section title

¶

Paragraph

Body text

“

Quote

Pull-quote block

<>

Code

Fenced block

▷

Ask an agent…

Draft, refactor or cite — tracked

● ALL CHANGES SAVED doc atomicity-v3 CRDT converged audit +32 1,284 words

EAdmin · Members

users · teams · spaces · agents as principals

Engineering instance · self-hosted

Members × Agents

+ INVITE

Principal	Type	Role	Rate limit	Manage
N nomi numman@editorzero.dev	Human	Owner ▾	—
C agent:claude svc · opus-4.8 · token ••a91f	▷ Agent	Editor ▾ doc:writesuggestaudit:read	600/min · burst 60
X agent:codex svc · gpt · token ••7b20	▷ Agent	Reviewer ▾ doc:readsuggest	300/min · burst 30
D dani dani@editorzero.dev	Human	Admin ▾	—
R agent:reviewer-bot svc · haiku · token ••0c4d	▷ Agent	Viewer ▾ doc:read	120/min

Email / Service IDnew.member@editorzero.dev

As▷ Agent ▾

RoleEditor

SEND INVITE →

Forty-ninedocuments,twelve minds.

Recently touched

Write-Path

Write-Path Atomicity

01The boundary

02Why agents make this load-bearing

03Guarantees

02Why agents make this load-bearing

Members × Agents

Forty-nine
documents,
twelve minds.