diff --git a/AI.md b/AI.md
index 859deb0..dd925c5 100644
--- a/AI.md
+++ b/AI.md
@@ -578,7 +578,15 @@ NetWare/NSS xattr and trustee metadata baseline:
   modifier GUIDs, directory quota, inherited rights mask, and trustee array.
 - NSS trustee rights are positive NetWare/NSS rights: R/W/C/E/A/F/M/S plus NSS
   salvage/secure bits.  The baseline is not the Linux `trustees-3.0`
-  allow/deny/clear model.
+  allow/deny/clear model.  The current mars-nwe `netware.metadata` trustee
+  rights encoding uses the NSS/NCP bit assignments, so the rights masks are
+  layout-compatible with Novell/OES readers.
+- Open directory-identity follow-up: `netware.metadata` trustee entries carry
+  GUID-style NSS/eDirectory authorizer identifiers.  mars-nwe currently maps the
+  bindery object ID into the GUID field for local roundtrips and NCP readback; a
+  real OES/NSS server might not resolve that identifier to the same object.  Keep
+  this as a Directory/eDirectory/NDS mapping task rather than changing the
+  trustee rights patch.
 - Inheritance model to preserve: only entries marked inherit-down propagate;
   child inherited rights are filtered by `inheritedRightsMask` and
   `zVALID_TRUSTEE_RIGHTS`; supervisor is preserved in the mask and expands to all