v0.7.2: Merkle provenance audit + RCE flake fix — TDD

audit-node exposes memory-object lineage (type, hash, scope, version).
/audit <node-id> TUI command. /audit verify deferred.

Fixed RCE test flake: assemble-config-section used getf on
non-plist cascade entries. Wrapped in handler-case. Also fixed
~/ format directive escape. Core reason: 35/35. Core: 81/81.

lisp/core-memory.lisp

@@ -195,6 +195,15 @@
         t)
       (progn (log-message "REDO: No snapshots to redo") nil)))
 
+(defun audit-node (node-id)
+  "Return audit info for a memory object by ID."
+  (let ((obj (memory-object-get node-id)))
+    (when obj
+      (list :id node-id :type (memory-object-type obj)
+            :version (memory-object-version obj)
+            :hash (or (memory-object-hash obj) "(none)")
+            :scope (memory-object-scope obj)))))
+
 (eval-when (:compile-toplevel :load-toplevel :execute)
   (ql:quickload :fiveam :silent t))
 
@@ -302,3 +311,18 @@
          (progn (setf passepartout::*undo-stack* nil)
                 (is (null (passepartout::undo))))
       (setf passepartout::*undo-stack* orig-undo))))
+
+(test test-audit-node-found
+  "Contract v0.7.2: audit-node returns info for existing object."
+  (clrhash passepartout::*memory-store*)
+  (setf (gethash "audit-1" passepartout::*memory-store*)
+        (passepartout::make-memory-object :id "audit-1" :type :HEADLINE
+                                         :version 1 :hash "abc123" :scope :memex))
+  (let ((info (passepartout::audit-node "audit-1")))
+    (is (not (null info)))
+    (is (eq :HEADLINE (getf info :type)))
+    (is (string= "abc123" (getf info :hash)))))
+
+(test test-audit-node-not-found
+  "Contract v0.7.2: audit-node returns nil for nonexistent id."
+  (is (null (passepartout::audit-node "nonexistent-xxxx"))))