vestige

apunkt/vestige

Fork 0

mirror of https://github.com/samvallad33/vestige.git synced 2026-04-25 00:36:22 +02:00

Commit graph

Author	SHA1	Message	Date
Sam Valladares	04781a95e2	feat: v2.0.4 "Deep Reference" — cognitive reasoning engine + 10 bug fixes New features: - deep_reference tool (#22): 8-stage cognitive reasoning pipeline with FSRS-6 trust scoring, intent classification (FactCheck/Timeline/RootCause/Comparison/ Synthesis), spreading activation expansion, temporal supersession, trust-weighted contradiction analysis, relation assessment, dream insight integration, and algorithmic reasoning chain generation — all without calling an LLM - cross_reference (#23): backward-compatible alias for deep_reference - retrieval_mode parameter on search (precise/balanced/exhaustive) - get_batch action on memory tool (up to 20 IDs per call) - Token budget raised from 10K to 100K on search + session_context - Dates (createdAt/updatedAt) on all search results and session_context lines Bug fixes (GitHub Issue #25 — all 10 resolved): - state_transitions empty: wired record_memory_access into strengthen_batch - chain/bridges no storage fallback: added with edge deduplication - knowledge_edges dead schema: documented as deprecated - insights not persisted from dream: wired save_insight after generation - find_duplicates threshold dropped: serde alias fix - search min_retention ignored: serde aliases for snake_case params - intention time triggers null: removed dead trigger_at embedding - changelog missing dreams: added get_dream_history + event integration - phantom Related IDs: clarified message text - fsrs_cards empty: documented as harmless dead schema Security hardening: - HTTP transport CORS: permissive() → localhost-only - Auth token panic guard: &token[..8] → safe min(8) slice - UTF-8 boundary fix: floor_char_boundary on content truncation - All unwrap() removed from HTTP transport (unwrap_or_else fallback) - Dream memory_count capped at 500 (prevents O(N²) hang) - Dormant state threshold aligned (0.3 → 0.4) Stats: 23 tools, 758 tests, 0 failures, 0 warnings, 0 unwraps in production Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 16:15:26 -05:00
Sam Valladares	a92fb2b6ed	release: v1.1.3 — security hardening, edition 2024, dependency updates Security: - Fix RUSTSEC-2026-0007 (bytes integer overflow) - Restrict SQLite database file permissions to 0600 on Unix - Add 100KB size limit to intention descriptions (DoS prevention) - Redact JSON-RPC payloads from debug logs (data leakage prevention) - Update SECURITY.md with encryption docs and supported versions Modernization: - Upgrade Rust edition 2021 → 2024, MSRV 1.75 → 1.85 - Upgrade actions/checkout@v4 → v5, codecov/codecov-action@v3 → v5 - Update all dependencies to latest compatible versions - Fix edition 2024 match ergonomics in compression.rs Clippy fixes: - Rename from_str → parse_name to avoid shadowing FromStr trait - Replace .max().min() with .clamp() - Replace sort_by with sort_by_key Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-12 03:19:07 -06:00
Sam Valladares	29130c3068	fix: accurate science claims, security docs, remove hardcoded path ## Changes ### README.md - Fix FSRS-6 formula: power law (not exponential Ebbinghaus) - Correct formula: R(t,S) = (1 + factor × t/S)^(-w₂₀) - Honest "The Science" table showing what's fully implemented vs inspired - Added ✅/⚡ indicators for implementation accuracy - Transparency note about honest marketing ### demo.sh - Remove hardcoded /Users/entity002 path (security/privacy) - Use relative path with fallback: ${VESTIGE:-$(dirname "$0")/...} ### SECURITY.md (new) - Document trust model and security boundaries - Explain data storage locations - List input validation measures - Security contact process Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-25 20:29:37 -06:00

Author

SHA1

Message

Date

Sam Valladares

04781a95e2

feat: v2.0.4 "Deep Reference" — cognitive reasoning engine + 10 bug fixes

New features:
- deep_reference tool (#22): 8-stage cognitive reasoning pipeline with FSRS-6
  trust scoring, intent classification (FactCheck/Timeline/RootCause/Comparison/
  Synthesis), spreading activation expansion, temporal supersession, trust-weighted
  contradiction analysis, relation assessment, dream insight integration, and
  algorithmic reasoning chain generation — all without calling an LLM
- cross_reference (#23): backward-compatible alias for deep_reference
- retrieval_mode parameter on search (precise/balanced/exhaustive)
- get_batch action on memory tool (up to 20 IDs per call)
- Token budget raised from 10K to 100K on search + session_context
- Dates (createdAt/updatedAt) on all search results and session_context lines

Bug fixes (GitHub Issue #25 — all 10 resolved):
- state_transitions empty: wired record_memory_access into strengthen_batch
- chain/bridges no storage fallback: added with edge deduplication
- knowledge_edges dead schema: documented as deprecated
- insights not persisted from dream: wired save_insight after generation
- find_duplicates threshold dropped: serde alias fix
- search min_retention ignored: serde aliases for snake_case params
- intention time triggers null: removed dead trigger_at embedding
- changelog missing dreams: added get_dream_history + event integration
- phantom Related IDs: clarified message text
- fsrs_cards empty: documented as harmless dead schema

Security hardening:
- HTTP transport CORS: permissive() → localhost-only
- Auth token panic guard: &token[..8] → safe min(8) slice
- UTF-8 boundary fix: floor_char_boundary on content truncation
- All unwrap() removed from HTTP transport (unwrap_or_else fallback)
- Dream memory_count capped at 500 (prevents O(N²) hang)
- Dormant state threshold aligned (0.3 → 0.4)

Stats: 23 tools, 758 tests, 0 failures, 0 warnings, 0 unwraps in production

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-09 16:15:26 -05:00

Sam Valladares

a92fb2b6ed

release: v1.1.3 — security hardening, edition 2024, dependency updates

Security:
- Fix RUSTSEC-2026-0007 (bytes integer overflow)
- Restrict SQLite database file permissions to 0600 on Unix
- Add 100KB size limit to intention descriptions (DoS prevention)
- Redact JSON-RPC payloads from debug logs (data leakage prevention)
- Update SECURITY.md with encryption docs and supported versions

Modernization:
- Upgrade Rust edition 2021 → 2024, MSRV 1.75 → 1.85
- Upgrade actions/checkout@v4 → v5, codecov/codecov-action@v3 → v5
- Update all dependencies to latest compatible versions
- Fix edition 2024 match ergonomics in compression.rs

Clippy fixes:
- Rename from_str → parse_name to avoid shadowing FromStr trait
- Replace .max().min() with .clamp()
- Replace sort_by with sort_by_key

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-12 03:19:07 -06:00

Sam Valladares

29130c3068

fix: accurate science claims, security docs, remove hardcoded path

## Changes

### README.md
- Fix FSRS-6 formula: power law (not exponential Ebbinghaus)
- Correct formula: R(t,S) = (1 + factor × t/S)^(-w₂₀)
- Honest "The Science" table showing what's fully implemented vs inspired
- Added ✅/⚡ indicators for implementation accuracy
- Transparency note about honest marketing

### demo.sh
- Remove hardcoded /Users/entity002 path (security/privacy)
- Use relative path with fallback: ${VESTIGE:-$(dirname "$0")/...}

### SECURITY.md (new)
- Document trust model and security boundaries
- Explain data storage locations
- List input validation measures
- Security contact process

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-25 20:29:37 -06:00

3 commits