AgentIdentity node type + GitHub account binding for model identities

Context

#10016 scope today treats identity as a userId metadata tag. This ticket extends scope with a first-class AgentIdentity graph node type, bindable to per-model GitHub accounts (precedent: AI Village's @claude-opus-4-5, @claudehaiku45, @claude-opus-4-6 on #9535). @tobiu is provisioning per-model accounts this session; this ticket creates the graph substrate.

The Problem

Scalar-metadata identity means no edges from memories/sessions to identity nodes; ownership relies on metadata filter, not structural traversal. Cross-session reasoning ("what has @neo-opus-4-7 authored across all sessions?") scans metadata instead of traversing one edge. Mailbox (#10139) can't address persistent model identity — only session-scoped.

The Architectural Reality

• #10016 handles userId ingestion via reverse-proxy headers; #10000 complete.
• Per-model GitHub accounts to be provisioned: @neo-opus-4-7, @neo-gemini-3-1-pro, etc. Decision from session brainstorm: per-model persistent, not per-version (less account churn, version lives in node properties).
• Graph-first Memory artifacts sub-epic makes Memory + Session nodes; AgentIdentity is the third artifact type.

The Fix

• AgentIdentity node type: {id, githubLogin, displayName, modelFamily, accountType: 'agent'|'human', createdAt}
• Edges (defined here, created by future work):
  • AUTHORED_BY(Memory | Session | Message → AgentIdentity)
  • OWNED_BY(Session → AgentIdentity) — tenancy
  • HARNESSED_VIA(Memory → HarnessNode) — optional
• Seed script ai/scripts/seedAgentIdentities.mjs — provisions initial identity nodes; idempotent
• Version metadata on Message/Memory as modelVersion property (e.g. opus-4.7) — accounts stable, versions drift

Acceptance Criteria

• AgentIdentity node type in graph schema with properties + indices
• Seed script creates initial identity nodes; idempotent on re-run
• At least one account (per-model or @tobiu) has live identity node bound to GitHub login
• MATCH AgentIdentity WHERE githubLogin = '@neo-opus-4-7' resolves to exactly one node
• Design doc captures per-model-vs-per-version decision with rationale

Out of Scope

• OAuth2 authentication for MCP (separate sub)
• Cross-tenant permission edges (separate sub)
• Retroactive AUTHORED_BY edges on historical memories (handled via lazy back-fill)

Avoided Traps

• Per-version accounts (@neo-opus-4-7-1, @neo-opus-4-7-2). Rejected. AI Village uses per-version; session consensus: churn is real, version-in-properties wins. Cross-version session continuity benefits at account level.
• Identity as scalar metadata only. Rejected. Graph-first substrate decision applies — ownership traverses edges, not filters metadata.

Related

• Parent: #10016
• Siblings: OAuth2 MCP sub, cross-tenant permissions sub
• Depends on: Graph-first Memory artifacts sub-epic
• Context: #9535, Discussion #10137

Origin Session ID: 71dc3cd8-d39d-48e1-ac62-e240ca67d1a5