[codex] harden bridge lockbox settlement spine

[FlowmemoryAI]

Summary

• Hardened BaseBridgeLockbox with explicit release authority, deposit records, schema-bound deposit and release IDs, release replay guards, per-deposit remaining accounting, nonzero release evidence, token-match checks, and a small reentrancy guard.
• Added FlowChainSettlementSpine as a compact local/test commitment event spine for FlowChain object commitments, including bridge-deposit object support for indexer/verifier and bridge agents.
• Added DeployBridgeSpine.s.sol for Anvil/Base Sepolia dry-run testing with explicit environment variables, and documented the stable bridge and settlement event schema in docs/bridge/FLOWCHAIN_BASE_BRIDGE_POC.md.

Scope

Primary issue: none supplied; this follows the contracts/settlement-spine operator mission.

Allowed folders touched:

• contracts/
• tests/
• script/
• docs/bridge/

Forbidden folders not touched:

• services/
• apps/
• crates/
• crypto/
• hardware/

Worktree path: E:\FlowMemory\flowmemory-contracts

Validation

• forge test --match-path tests/bridge/BaseBridgeLockbox.t.sol passed: 15 tests.
• forge test passed: 77 tests.
• npm run contracts:hardening passed: build plus 77 Foundry tests. Slither was optional and not installed on PATH.
• git diff --check passed.
• git diff --check origin/main...HEAD passed.

Risks And Follow-Ups

• This remains a test-only bridge POC, not a production bridge, audited custody system, tokenomics surface, or production withdrawal claim.
• Release hooks require explicit test authority and recorded deposits, but still depend on the operator model documented for the POC.
• Relayer/service updates are intentionally left out because this task forbids editing services/; the stable event schema is documented for the bridge relayer handoff.

HQ Required Review Metadata (2026-05-14)

Issue status: Refs #103
Worktree / branch ownership: E:\FlowMemory\flowmemory-contracts
Allowed folders: contracts/, contracts/bridge/, tests/, script/, docs/bridge/
Forbidden folders: services/, crypto/, crates/, apps/dashboard/, hardware/
Exact checks recorded:

• Existing PR validation plus CI. Owner still needs explicit [contracts] Harden settlement and bridge event spine for FlowChain local L1 #103 linkage in the main body if not added elsewhere.
• GitHub CI Repository hygiene: SUCCESS
• GitHub CI Contracts: SUCCESS
• GitHub CI Services and launch core: SUCCESS
• GitHub CI Launch-core acceptance command: SUCCESS
• GitHub CI Crypto: SUCCESS
• GitHub CI Dashboard: SUCCESS
• GitHub CI Local devnet: SUCCESS
• GitHub CI Hardware POC: SUCCESS
  HQ readiness: Draft; merge state DIRTY; coordinate bridge event/schema vocabulary with [codex] Build bridge relayer credit handoff smoke #113 before merge.

[FlowmemoryAI]

HQ review note, 2026-05-13: this draft appears to match the #103 contracts/settlement lane and stays within contracts/tests/script/docs/bridge ownership. Please link issue #103 in the PR body before merge. Merge order: after the HQ integration/status PR refreshes the full-L1 map, and before bridge relayer #104 depends on the finalized event schema. Main review focus: avoid creating a second runtime or bridge object model; keep FlowChainSettlementSpine as optional settlement/event support and coordinate event semantics with #104.

[FlowmemoryAI]

HQ review note (2026-05-14): this contracts PR is adjacent to #131 but does not resolve it as currently evidenced. The PR validation says Slither was optional and not installed on PATH, while #131 is specifically about exact product/L1 E2E failing when local Slither is present and reports BaseBridgeLockbox.releaseNative findings. If this PR is intended to close #131, please refresh/rebase and include explicit evidence for
pm run contracts:hardening with Slither present,
pm run flowchain:product-e2e,
pm run flowchain:l1-e2e,
ode infra/scripts/check-unsafe-claims.mjs, and git diff --check. Until then, keep #131 as a separate blocker and do not merge this PR on a product/L1 E2E-green claim.