FailSafe tracks more than Git state. It records governance checkpoints as signed metadata records, then stores Sentinel observations in a local retrieval store so operators can recover the what, why, and how of runtime decisions.
Process Reality
Git readiness is enforced at bootstrap (ensureGitRepositoryReady), including optional auto-install and git init when needed.
Governance events are checkpointed into failsafe_checkpoints with run/phase/status context and deterministic hashes.
Each checkpoint carries git_hash, payload_hash, entry_hash, and prev_hash so chain integrity can be recomputed.
Hub and API surfaces expose both summary and recent checkpoint records for operational visibility.
Sentinel writes local memory records to .failsafe/rag/sentinel-rag.db (or JSONL fallback), including payload_json, metadata_json, and retrieval text.
Technical Advantages
Tamper evidence via hash-chained checkpoint records.
Git-linked governance state for repository-correlated audit trails.
Local-first memory retention for security and low-latency recall.
Deterministic fallback paths when SQLite is unavailable.
Claim-to-Source Map
Claim
Status
Source
Checkpoints persist in failsafe_checkpoints with typed governance fields.
Checkpoint rows are directly foreign-key linked to Sentinel RAG rows.
unknown
No explicit join/foreign key in RoadmapServer checkpoint insert (FailSafe/extension/src/roadmap/RoadmapServer.ts:1537) or Sentinel RAG insert (FailSafe/extension/src/sentinel/SentinelRagStore.ts:99).