vestige/docs/ROADMAP.md

205 lines
12 KiB
Markdown
Raw Normal View History

# Vestige Roadmap
> Public adoption roadmap for making Vestige easier to start, easier to trust,
> and easier to configure.
Last updated: June 7, 2026
Vestige already has the core primitives for durable local memory: `search`,
`session_context`, `smart_ingest`, `memory`, `intention`, `codebase`,
`deep_reference`, suppression, portable storage, and the dashboard. The next
product step is reducing first-user confusion so more people can get value from
those primitives without inventing their own fragile memory vocabulary.
This roadmap turns early community feedback into a staged plan.
## Principles
- Make first use obvious. A new user should know what to import, how atomic each
memory should be, and which tool to use for current session context.
- Keep memory legible. Agents and humans should understand whether a memory was
created, reinforced, updated, superseded, suppressed, or purged.
- Prefer progressive disclosure. The default MCP response should be lean, with
explicit ways to request more detail.
- Keep local-first behavior. New onboarding, code memory, and configuration
features must not require a cloud service.
- Optimize for many users. Defaults should work for non-experts, while power
users can tune fields, merge behavior, and formats.
## Already Shipped, Needs Clearer Guidance
| Area | Current State | Next Documentation Fix |
|------|---------------|------------------------|
| Session startup | `session_context` combines memories, intentions, status, predictions, and codebase context. | Update all agent setup templates to make `session_context` the default startup call. |
| Batch memory saves | `smart_ingest` batch mode defaults to `batchMergePolicy="force_create"` so caller-separated items stay separate. | Document when to use batch force-create vs smart merge. |
| Device migration | `portable-export`, `portable-import`, and `sync` preserve exact Vestige storage state. | Separate device migration from first-time document import so users do not confuse them. |
| Supersede semantics | Supersede demotes the old memory and creates a new one; it does not purge the old memory. | Add plain-language vocabulary for create, update, supersede, suppress, demote, and purge. |
## Phase 1: Onboarding And Memory Hygiene
Target: make the first 30 minutes with Vestige hard to mess up.
| Work | Outcome |
|------|---------|
| First-time memory migration guide | Users can import notes/docs without Claude tagging everything as `verified` or flattening unrelated facts together. |
| Atomic memory guide | Clear examples for one fact, one preference, one decision, one bug fix, one source note, and one code pattern per memory. |
| Default tag vocabulary | Recommended tags for source quality, confidence, project, type, urgency, and lifecycle without overloading words like `verified`. |
| Smart vs force-create guide | Agents know when to use `forceCreate`, `batchMergePolicy="force_create"`, or normal PE gating. |
| Updated agent templates | Claude, Codex, Cursor, VS Code, Xcode, OpenCode, JetBrains, and Windsurf templates start with `session_context` and use the same memory vocabulary. |
Planned docs:
- `docs/MIGRATION.md`
- `docs/MEMORY-HYGIENE.md`
- revised `docs/AGENT-MEMORY-PROTOCOL.md`
- revised `docs/CLAUDE-SETUP.md`
## Phase 2: Configurable Output
Target: let users control context cost without losing important evidence.
| Work | Outcome |
|------|---------|
| Field masks for MCP results | Users can drop fields they never want in model context, such as temporal hints, scores, or timestamps. |
| Output profiles | Presets like `lean`, `default`, `audit`, and `research` tune result size and metadata detail. |
| Markdown output mode | Users can request compact Markdown summaries when that is more context-efficient than JSON. |
| Context reinstatement controls | `contextReinstatement` becomes opt-in or configurable, and temporal hints are based on stored memory context when available. |
| Per-tool defaults | Users can define default detail level, result limit, and response shape for search, timeline, codebase, and session context. |
Likely implementation paths:
- config file under the active Vestige data directory
- environment-variable override for simple deployments
- MCP parameters still win over defaults for one-off calls
## Phase 3: Merge And Supersede Controls
Target: make memory mutation predictable.
| Work | Outcome |
|------|---------|
| Merge policy configuration | Users can keep some tags or node types atomic while allowing others to merge. |
| Prediction Error threshold knobs | Advanced users can tune create/update/reinforce boundaries without recompiling. |
| Merge previews before mutation | Agents can show what would change before updating an existing durable memory. |
| Safer consolidation dedup | Consolidation respects user-configured atomic tags and source boundaries. |
| Friendlier lifecycle labels | Agent-facing copy explains that superseded memories are old versions, not destroyed records. |
## Phase 4: Code Memory
Target: make code memories useful without blending source code, docstrings, and
human project notes into one noisy search space.
| Work | Outcome |
|------|---------|
| Code memory import guide | Developers know when to save patterns/decisions versus code entities or docstrings. |
| Exposed code entity workflow | The existing core `CodeEntity` concept becomes usable through MCP or CLI. |
| Docstring/code symbol ingestion | Users can ingest functions, types, modules, docstrings, and call-site notes with source file provenance. |
| Code/prose retrieval separation | Search can filter or rank code memories separately from user preferences and project decisions. |
| Codebase dashboard review | Developers can inspect imported code memories and remove noisy entries. |
## Phase 5: Goals And Milestones
Target: support durable direction without pretending every future task is just a
reminder.
| Work | Outcome |
|------|---------|
| Goal primitive | Non-fading, manually pivoted goals that survive normal memory decay. |
| Milestone tracking | Goals can have milestones, status, evidence, and blockers. |
| Goal-aware session context | `session_context` can include active goals when relevant. |
| Manual pivot semantics | Agents can update goals only when the user explicitly pivots, completes, or cancels them. |
| Dashboard surface | Users can inspect active, completed, paused, and cancelled goals. |
This is distinct from `intention`: intentions are reminders triggered by time,
topic, file, event, or context. Goals are longer-lived direction and should not
fire as reminders unless the user attaches an intention.
## Phase 6: Guided Import Tools
Target: turn "I have 300 notes" into a reliable workflow.
| Work | Outcome |
|------|---------|
| Import dry run | Vestige previews proposed memories, tags, node types, and merge decisions before writing. |
| Source-aware import | Imported memories keep file/source provenance and confidence metadata. |
| Chunking strategies | Users choose atomic facts, section summaries, decision records, or source notes. |
| Review queue | Users can approve, edit, split, merge, or reject proposed memories. |
| Post-import health pass | Vestige recommends consolidation, duplicate review, or tag cleanup after import. |
release: v2.2.1 — Windows embeddings fix + backfill safety + first-run guide (#105) * patch(backfill-safety): VESTIGE_BACKFILL_AUTOFIRE gate (default OFF) + bounded promote_memory_backfill Off-by-default env gate around step-8.5 auto-fire in run_consolidation (decouples backfill from consolidation cadence). New promote_memory_backfill caps stability at MIN(stability*1.5, stability+365.0) (the bound retroactive_backfill.rs:300 already computes but discarded); both backfill entry points use it. Fixes the false 'capped' comment. Cloud-sync excluded at build (--no-default-features). Pending upstream PR to samvallad33/vestige. omega-backfill-safety-v2.2.0 off tag v2.2.0 (3bcd4667). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * release: v2.2.1 — Windows embeddings fix + backfill safety + first-run guide Board-clearing patch release. Fixes: - #101 Windows embeddings: release.yml already restores vector-search on the x86_64-pc-windows-msvc target (merged in #102); this release rebuilds the Windows binary so users actually get working embeddings. - #103 Retroactive Salience Backfill safety (from community PR #104, adjusted): * promote_memory_backfill bounds the stability multiply to MIN(stability*1.5, stability+365.0) on both auto-fire and manual paths. * VESTIGE_BACKFILL_AUTOFIRE gate — default ON (preserves the shipped/documented v2.2.0 behavior), disable with 0/false/off/no. Env value is trimmed. * Corrected the false "capped" comment and the promote_memory_backfill doc. * Added 3 tests: +365 cap binds, *1.5 multiply below crossover, gate parsing. Docs: - #83 First-Run: new docs/GETTING-STARTED.md + README pointer. - Consolidated roadmap issues #82,#84-#92 into docs/ROADMAP.md (Tracked Issues). - Documented VESTIGE_BACKFILL_AUTOFIRE in docs/CONFIGURATION.md. - CHANGELOG v2.2.1 entry. Version bumped to 2.2.1 across all manifests + Cargo.lock + dashboard build. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Peter Lauzon <inbijiburu@protonmail.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-02 12:02:42 -05:00
## Tracked Issues (Consolidated 2026-07-02)
The following roadmap issues were consolidated here and closed so the issue tracker
reflects active work, not a standing backlog. Nothing is lost — each entry keeps its
scope, the backend anchors that already exist, and why it is deferred. Most are
deferred behind the dashboard focus; several are security/data-integrity boundaries
that are deliberately *not* shipped half-done.
### A. Reliability & Trust surfaces
- **Agent Reliability Record** (was #84) — Unify traces, receipts, contradictions,
and composed-graph events into one per-run record with 5 evidence states
(supported / missing / stale / contradicted / suppressed) + Markdown export.
Backend already exists (`crates/vestige-core/src/trace/`). Remaining work is the
dashboard record view — see the dashboard Discussion.
- **Trust Zones + Memory Quarantine** (was #85) — Provenance/trust class on nodes,
score-capping for weak-provenance content, quarantine of untrusted sources.
Security boundary; unsafe half-done, and depends on ACL Memory primitives that
don't exist yet. Deferred post-dashboard.
- **ComposeBench** (was #86) — Reliability benchmark across 8 scenarios. Will reuse
the existing `benchmarks/causebench/` harness pattern; the ACL scenario is gated
on ACL Memory. Deferred.
### B. Access & Governance boundary
- **ACL Memory for source-aware connectors** (was #82) — Source-authorization-aware
memory: connector-ingested memories preserve upstream access rules and retrieval
fails closed for unauthorized callers. A hard security boundary with no foundation
today (no per-caller identity model; `search()` takes no subject). Must be designed
as one deliberate pass, not sliced. Design + user-permission-shape input welcome in
the Discussion.
- **Team Pro Reliability Foundation** (was #92) — Commercial team tier (RBAC/SSO/SCIM,
admin review, audit export, team lanes, Postgres, hosted backups). A product-strategy
meta-issue, upstream of coding; depends on ACL Memory + HTTP/Postgres plans.
### C. Ingest & Projection integrity
- **Markdown + Rules Projection** (was #87) — Project memories into client-native
rule files (AGENTS.md, CLAUDE.md, `.cursor/rules`, Windsurf, Cline) with provenance
and an optional bidirectional re-import. The re-import leg is a data-integrity
boundary (must never silently overwrite user files). Target-format priorities are an
open user question — Discussion.
- **Code Memory Workflow** (was #88) — First-class, inspectable code memory
(patterns/decisions with file+line provenance) kept separate from prose. The typed
model exists (`crates/vestige-core/src/codebase/`) but is unpersisted/unwired; needs
schema + a review/prune dashboard surface.
- **Guided Import + Review Queue** (was #89) — Dry-run import → proposed memories →
approve/edit/split/merge/reject queue → post-import health pass. Ingest/corruption
boundary; needs a real no-write dry run + review-queue state machine.
- **Goals + Milestones** (was #90) — A durable, non-decaying goal/milestone primitive
(paralleling the intentions subsystem) with lifecycle states and evidence/blockers.
A create-only slice would ship the primitive without its defining non-decay
guarantee, so it waits for the full build.
### D. Dashboard productization
- **ComposedGraph Productization** (was #91) — The MCP/CLI/storage backend already
ships in v2.2 (`crates/vestige-mcp/src/tools/composed_graph.rs`, all 7 modes). The
remaining slice is the dashboard surface: composition history, the never-composed
frontier, and closed doors. This is the natural first move in the dashboard focus —
shape it in the Discussion.
## Non-Goals
- Do not auto-store every conversation turn by default.
- Do not require cloud services for memory creation, search, or configuration.
- Do not hide irreversible deletion. `purge` must stay explicit.
- Do not make code ingestion pollute general personal memory by default.
- Do not make advanced tuning required for ordinary users.
## How To Read This Roadmap
This is directional, not a release guarantee. The priority is adoption: fewer
surprises, clearer defaults, and better tool descriptions before adding complex
new surfaces. Community feedback that reveals a confusing first-use path should
usually become either a documentation fix, a safer default, or a guided workflow.