Commit graph

228 commits

Author SHA1 Message Date
Sam Valladares
b3f02ebc2f fix(cinema): guarantee the storm stays centered — never flies off-screen
Root cause: layoutPositions grew per beat (radius 22 + i*6), so each beat sat
farther out; the camera + storm marched off into space as the tour progressed.

Fix (centered-by-construction):
- layoutPositions: tight BOUNDED golden-angle shell (SHELL_RADIUS 14), no growth.
- sandbox: storm pinned to the WORLD ORIGIN permanently; camera hard-clamped to
  an 18-46 unit distance band and always lookAt(origin); containment sphere
  sized to the FOV at origin. A runaway move is corrected every frame.
- director: new centerOnOrigin mode (enabled when WebGPU active) — frames/orbits
  the origin instead of flying to scattered nodes; variety from angle/standoff.

No path remains for the subject to leave frame. 937 tests + build green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 01:09:07 -05:00
Sam Valladares
5e8a22a427 feat(auteur): Phase 2 — director executes the screenplay (shippable hero)
director.ts: optional shots:ResolvedShot[] in DirectorOptions; per-beat
  flight/dwell timing; framePosition now reads move (push_in/pull_back/crane
  scale standoff) + angle (low=look-up, high=look-down) + standoff; orbit shots
  revolve the camera during dwell; Dutch roll via camera.up; hard/match cuts
  snap (editorial cut). With NO shots the camera is byte-identical to before
  (all values fall back to the existing constants + easeInOutCubic lerp).
MemoryCinema.svelte: build computeSignals + planShotsDeterministic + resolveShots
  on launch, pass shots to the director; onBeat drives storm mode + director's
  note + Act + tension from the shot. New UI: pre-roll DIRECTOR'S PLAN card
  (logline naming real memories), per-beat 'why this shot' note, Act I/II/III
  badge, tension-tinted progress bar, Auteur source badge.

The deterministic auteur ships the hero film with zero LLM. 937 tests + build green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 00:58:35 -05:00
Sam Valladares
8094931ea9 feat(auteur): Phase 1 — graph signals + director contract (pure, headless)
The spine of 'The Auteur': the LLM/rule-table becomes a film director.
- topology.ts: computeSignals — Brandes betweenness, union-find clusters,
  recency, retention, suppression, edge surprise (Jaccard x distance). Reuses
  pathfinder internals (now exported). Betweenness capped for huge graphs.
- auteur.ts: typed Shot/DirectorPlan/ResolvedShot contract; resolveShots
  carry-forward resolver (every axis back-filled prev->SHOT_DEFAULTS=today's
  camera constants, so a sparse/garbage plan ALWAYS yields a coherent film);
  planShotsDeterministic (Tier-2 pure auteur via graph-metric->shot-grammar
  rule table); directorSystemPrompt (same table → LLM prompt).
- pathfinder: export buildAdjacency/recencyOf/isContradictionEdge/Adjacency;
  add 'surprise' beat kind. narrator KIND_CHIP gains 'surprise' (satisfies).
- 11 new tests (carry-forward, garbage backfill, keystone betweenness,
  contradiction direction, determinism). 937 tests + build green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 00:51:20 -05:00
Sam Valladares
4163f4fc80 fix(cinema): contain the particle storm on-screen (soft sphere + velocity clamp)
Particles (esp. the unbounded Rössler chaos mode) could fly off-screen. Add a
camera-frame-sized spherical containment field: spring pull-back past the
radius, hard velocity clamp, and a snap-to-shell safety net so no particle can
escape. The sandbox sizes the radius from camera distance + vfov each frame so
the storm reframes as the camera flies. Verified: check + build green.
2026-06-22 00:14:29 -05:00
Sam Valladares
66b10ded42 fix(dashboard): resolve all blocker/high/medium findings from Memory Cinema audit
storm.ts (blockers): correct particle position wiring — positionNode now
  instancePos.add(positionLocal) (bare storage element collapsed every quad to a
  point); serialize GPU compute dispatches (computeInFlight) to stop queue
  stalls; ignition floor so the storm never fades to black; null buffers on
  dispose for GC (StorageBufferAttribute has no dispose()); typed computeNode +
  InstancedMesh, removed unsafe casts.
narrator.ts: validate + filter backend beats, bounds-safe fallback merge,
  KIND_CHIP satisfies (compile-time enum coverage), chip type guard, timer cleanup.
MemoryCinema.svelte: replace the null-returning Local AI stub with a real
  on-device transformers.js text-generation pipeline (+ genuine fallback);
  Escape-to-close + autofocus a11y; reset all run state on launch (no stale
  Replay); fix render/close race; computed fallback camera aspect; typed state.
director.ts: NaN-guard progress on empty path; clamp dt >= 0.
sandbox.ts: guard three/webgpu exports + tsl pass() API shape; resize w/h floor.

926 tests + build green. Net: every audit blocker/high/medium fixed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 00:08:37 -05:00
Sam Valladares
95750f0a85 feat(dashboard): respect prefers-reduced-motion in the base 3D graph
Disable camera auto-rotate (the dominant continuous motion) when the OS
reduce-motion setting is on; live-toggle aware via matchMedia change listener,
cleaned up on destroy. Graph stays fully usable (manual orbit/hover/select/live
events). Closes the a11y gap where 0 of ~3,200 graph LOC honoured the setting.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 23:53:40 -05:00
Sam Valladares
a6798c2fca feat(dashboard): wire Memory Cinema UI into graph page
- MemoryCinema.svelte: launch button + fullscreen overlay, typewriter caption
  stream, SpeechSynthesis voice toggle, opt-in lazy-loaded Local AI toggle,
  progress/beat indicators, replay. Director-driven master loop hardened so a
  WebGPU render failure drops to camera-only without stalling the tour.
- sandbox: construct Scene/Camera from the three/webgpu module instance so all
  objects fed to the WebGPU renderer are instance-compatible (fixes
  'multiple instances of Three.js' incompatibility).
- graph page: Cinema button beside Dream, gated on having nodes.

Verified live: button renders, overlay opens, WebGPU boots + reports active,
7-beat path plans, narration resolves to live captions, bundle code-splits
(WebGPU 479K chunk loads on demand only). 926 tests + build green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 20:23:26 -05:00
Sam Valladares
1ca5941491 feat(dashboard): Memory Cinema engine — BFS director + narrator + WebGPU GPGPU storm
- pathfinder.ts: deterministic story-path BFS over real graph (origin→strongest→contradiction→recent), Tier-3 bulletproof base (8 tests)
- director.ts: cinematic camera choreography, reduced-motion jump-cut support
- narrator.ts: Tier-1 backend-LLM → Tier-2 local structured captions cascade
- storm.ts: 150k-particle TSL GPGPU SemanticComputeStorm (orbital/stream/Rössler-chaos modes) verified against installed three/tsl API (select not cond, SpriteNodeMaterial, computeAsync)
- sandbox.ts: isolated WebGPU canvas + selective MRT bloom, dynamically imported (zero main-bundle weight), graceful no-WebGPU fallback

WebGL graph untouched = zero regression. 926 tests green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 20:16:21 -05:00
Sam Valladares
28d2434843 feat(dashboard): launch quick-wins — view transitions, OKLCH/P3 palette, reduced-motion-ready, responsive graph controls, ws reconnect state
- Native View Transitions API via onNavigate (feature-detected, reduced-motion safe)
- OKLCH + display-p3 accent palette with hex fallback (@supports progressive enhancement)
- WebSocket gains 'reconnecting' state so stale errors clear on reconnect
- Graph control bar wraps + safe-area insets for <640px / notched phones

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 19:15:12 -05:00
Sam Valladares
2b50bf5d53 ci: guard against private cloud service code in public repo
Vestige Cloud is split: the public client (a thin HTTP sync backend that
only moves encrypted bytes) belongs here, but the hosted service — billing,
sync-key->namespace mapping, per-user isolation, Lemon Squeezy webhooks,
transactional email — must live only in the private repo.

Add scripts/check-no-private-cloud.sh, which git-greps tracked files for
distinctive private-service signatures (service crate identity, module
headers, billing/provider internals, server-side sync-key mapping SQL). The
patterns are chosen so the legitimate public client — including its
VESTIGE_CLOUD_* client env vars — does not match.

Wired into CI via guard-no-private-cloud.yml on push/PR. Verified both
directions: passes on the clean repo, fails (naming the markers) when real
private webhook.rs/keys.rs are introduced.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 18:19:01 -05:00
Sam Valladares
a19ea11276 fix(pages): serve dashboard at site root, drop double /vestige nesting
The Pages project site is already served from /vestige/, and the dashboard
is built with base path /vestige. Nesting the build under _site/vestige/
served it at /vestige/vestige/ and left a broken redirect at the root.
Copy the build to the artifact root so it serves correctly at /vestige/.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 17:50:10 -05:00
Sam Valladares
2359472588 ci(pages): pin pnpm version in deploy workflow
pnpm/action-setup needs an explicit version (root package.json has no
packageManager field). Match test.yml's pinned version: 10.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 17:48:11 -05:00
Sam Valladares
79b1026a65 ci(pages): deploy dashboard to GitHub Pages with subpath-aware base
The github-pages deployment showed a red X: actions/configure-pages@v5
ran with enablement:true, but Pages was never enabled in repo settings and
the default GITHUB_TOKEN cannot create a Pages site, so deploy failed with
"Resource not accessible by integration". The launch-kit revert then deleted
the workflow entirely, leaving nothing to deploy.

- Restore a modernized pages.yml (Pages now enabled via API, so no
  enablement hack; actions/checkout@v5 + Node 24 off the deprecated Node 20).
- Make the dashboard base path env-driven (VESTIGE_BASE_PATH), defaulting to
  /dashboard for local/embedded use and overridden to /vestige in CI so
  assets resolve at the Pages project subpath instead of 404ing.
- Workflow builds the dashboard under /vestige and writes a root-level
  redirect index.html so the bare Pages URL lands on the dashboard.
- Rebuild the committed dashboard artifact (was stale at 2.1.23) to 2.1.27.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 17:46:43 -05:00
Sam Valladares
b8212feb15 feat(cloud-sync): zero-knowledge client-side encryption (XChaCha20-Poly1305)
The portable archive is encrypted on the client before upload and decrypted
after download, so the hosted service only ever stores ciphertext — true
zero-knowledge. The passphrase (VESTIGE_CLOUD_ENCRYPTION_KEY) is independent
of the bearer sync key and never leaves the device.

- new cloud_crypto module: Argon2id KDF + XChaCha20-Poly1305 AEAD, self-
  describing envelope (MAGIC|version|salt|nonce|ciphertext+tag)
- HttpPortableSyncBackend encrypts on write / decrypts on read; transparent
  upgrade of legacy plaintext archives; clear error if remote is encrypted
  but no passphrase is set
- sync_portable_archive_cloud takes optional encryption_key
- CLI surfaces encryption status (on/off) on sync
- 6 crypto tests (roundtrip, wrong-key, tamper detection, non-determinism,
  envelope detection); E2E verified: server blob is ciphertext, passphrase
  device recovers, no-passphrase device cannot decrypt

491 core tests green, clippy -D warnings clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 21:19:16 -05:00
Sam Valladares
fdd6b98180 feat(cloud-sync): HTTP managed-sync backend + vestige sync --cloud
Vestige Cloud MVP client side. Implements HttpPortableSyncBackend, an HTTP
impl of the existing PortableSyncBackend trait, reusing the production
sync_portable_archive pull-merge-push engine unchanged — only the transport
is new. Per-user isolation via opaque bearer sync key (namespace derived
server-side). Optimistic concurrency via ETag/If-Match to prevent lost
updates across devices; 412 surfaces a re-run-to-merge message.

- new cloud-sync cargo feature (vestige-core + vestige-mcp), gates reqwest
  blocking; default local-first build stays network-free
- sync_portable_archive_cloud wrapper mirrors sync_portable_archive_file
- CLI: vestige sync --cloud [--endpoint], VESTIGE_CLOUD_ENDPOINT/SYNC_KEY env
- 8 unit tests (dependency-free TcpListener mock): 404/200/401 reads,
  If-Match present/absent writes, 412 conflict, ETag capture

485 core tests green, clippy -D warnings clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 20:35:01 -05:00
caioribeiroclw-pixel
5c2db045f6
test: add test-integrity delta fixtures (#79)
Co-authored-by: Sam Valladares <143034159+samvallad33@users.noreply.github.com>
2026-06-19 19:41:31 -05:00
Sam Valladares
d23870d906 chore(release): v2.1.27 — External-Source Connectors
Bump all manifests 2.1.26 → 2.1.27 and date the CHANGELOG entry for the
GitHub + Redmine connector layer and source-aware search filters (#57, PR #78).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 11:10:54 -05:00
Sam Valladares
8e4f4052cc
Merge pull request #78 from samvallad33/feat/connectors-issue57-v2.1.27
feat(connectors): GitHub + Redmine retrieval layer (#57)
2026-06-19 02:35:14 -05:00
Sam Valladares
4e893c02ff feat(connectors): add Redmine and source filters (#57) 2026-06-19 02:21:25 -05:00
Sam Valladares
50e7f2d0fb feat(connectors): external-source connector layer + GitHub Issues (#57)
Make Vestige a durable, local, semantically-searchable retrieval layer over an
external system of record (GitHub Issues first), citing back to the canonical
record. Unlike a live ticket-system MCP proxy, Vestige keeps a durable embedded
index: searchable offline, joinable with the rest of memory, temporally
versioned, and re-syncable idempotently with no duplication.

Phases 1-2 of #57 plus a GitHub reference connector and source-aware search:

- Source envelope on KnowledgeNode/IngestInput (source_system, source_id,
  source_url, source_updated_at, content_hash, synced_at, source_project,
  source_type, source_author). Migration V17: nullable columns (additive),
  partial UNIQUE index on (source_system, source_id), connector_cursors table.
- Idempotent sync primitives in vestige-core: upsert_by_source (content-hash
  change detection), connector cursor checkpoints, reconcile_source_tombstones
  (invalidate-don't-delete via bitemporal valid_until).
- Connector contract + run_sync driver + GitHub Issues connector behind the
  optional `connectors` feature (on by default in vestige-mcp, off in the core
  library default so non-connector consumers link no HTTP client).
- source_sync MCP tool ({"repo": "owner/name"}); token from GITHUB_TOKEN env
  only. Search results gain a sourceRecord citation for connector memories.

Adversarial review fixes: GitHub `since` Z-form (the `+00:00` offset corrupted
the cursor server-side), un-tombstone clears superseded_by too, cursor never
advances past a failing record, Link next-url host-pinned (token-leak guard),
records_seen counts new records only.

Verified: cargo check/test/clippy -D warnings green across the workspace
(default and connectors features); 483 core tests pass. Version bump to 2.1.27
and tag deferred to release.

Refs #57

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 01:21:59 -05:00
Sam Valladares
22d0d192eb fix: make windows release build and add manual rerun path 2026-06-18 23:39:38 -05:00
Sam Valladares
ef2073d4a4 Harden old CPU fallback paths (#71) 2026-06-18 21:54:04 -05:00
Sam Valladares
536776c9d6 Guard vector index init/search on unsupported CPU (#71) 2026-06-18 21:36:53 -05:00
Sam Valladares
05f0050ad8
Merge pull request #76 from samvallad33/codex/opencode-sigill-salvage
[codex] Add OpenCode integration and safer startup
2026-06-18 20:54:01 -05:00
Sam Valladares
2757010d6d Make fastembed smoke tests tolerate unavailable model 2026-06-18 20:29:02 -05:00
Sam Valladares
5e18304184 Fix OpenCode init migration cleanup 2026-06-18 20:10:28 -05:00
Sam Valladares
ea5ed28081 Merge remote-tracking branch 'origin/main' into codex/opencode-sigill-salvage 2026-06-18 19:59:25 -05:00
Sam Valladares
c60233961d Merge PR #61: storage trait phase 1 2026-06-18 19:15:07 -05:00
Sam Valladares
b34203bcc5 fix(storage): finish PR 61 rebase cleanup 2026-06-18 19:14:39 -05:00
Jan De Landtsheer
093bb2d4b5 chore(vestige-core): drop async-trait dependency
cargo rm async-trait. Last usage was the FastembedEmbedder impl attribute,
removed in the preceding 0001c commit; the MemoryStore side stopped using
async-trait at 0001a.

Verification: grep -rn async_trait crates/ returns zero hits. grep -rn
async-trait --include=Cargo.toml crates/ returns zero hits. Cargo.lock no
longer references the async-trait package.
2026-06-18 19:08:52 -05:00
Jan De Landtsheer
194fc6e4c0 feat(embedder): swap async-trait for trait_variant + dyn adapter (0001c)
Mirror of the 0001a pattern for the Embedder side.

- embedder/mod.rs: LocalEmbedder is the source trait declared with native
  async-fn-in-trait. #[trait_variant::make(EmbedderSend: Send)] derives the
  Send-bounded variant that backends implement. A hand-written Embedder
  trait wraps each async method in BoxedEmbedderFuture<'a, T> and forwards
  sync methods through a blanket impl<T: EmbedderSend> Embedder for T, so
  Box<dyn Embedder> / Arc<dyn Embedder> stay dyn-safe -- trait_variant 0.1
  alone does NOT produce a dyn-safe variant (RPITIT), so the hand-written
  adapter is required.
- embedder/fastembed.rs: drop the #[async_trait::async_trait] attribute and
  retarget the impl block to EmbedderSend. Adjust the top-level use to
  bring EmbedderSend into scope (also keeps fastembed::tests' use super::*
  trait lookups working).
- lib.rs: export EmbedderSend alongside the existing Embedder /
  LocalEmbedder re-exports.

The async-trait Cargo dependency is dropped in a follow-up commit so the
manifest change stays visible on its own.

Verification: cargo test -p vestige-core --features embeddings,vector-search
(428) and --no-default-features (370) both green. cargo test --test
embedder_trait green (2/2 including Box<dyn Embedder> cast). cargo build
--workspace --release green. cargo clippy --workspace --features
embeddings,vector-search -- -D warnings clean. grep -rn async_trait crates/
returns zero.
2026-06-18 19:08:52 -05:00
Jan De Landtsheer
a4a6e877c5 feat(storage): swap async-trait for trait_variant + dyn adapter (0001a)
Replaces #[async_trait::async_trait] on the storage trait with a
trait_variant-driven layout plus a hand-written dyn-compatible adapter.

- memory_store.rs: LocalMemoryStore is the source trait declared with
  native async-fn-in-trait. #[trait_variant::make(MemoryStoreSend: Send)]
  derives the Send-bounded variant that backends actually implement (the
  blanket impl in 0.1.x goes variant -> source). A hand-written
  MemoryStore trait wraps every method in
  Pin<Box<dyn Future<Output = MemoryStoreResult<T>> + Send + 'a>> with
  a BoxedStoreFuture<'a, T> alias, and a blanket impl<T: MemoryStoreSend>
  MemoryStore for T adapts every Send-variant implementation. This keeps
  Arc<dyn MemoryStore> dyn-safe for Phase 1 cognitive-module tests --
  trait_variant 0.1 alone does NOT produce a dyn-safe variant (RPITIT),
  so the hand-written adapter is required and supersedes the plan claim
  that trait_variant gives dyn-compat for free.
- sqlite.rs: drop the #[async_trait::async_trait] attribute on the impl
  block and retarget it to MemoryStoreSend. Two pre-existing clippy
  issues that the macro had been masking are fixed in the same body
  (return Ok(out) tail expression in vector_search; DomainRow tuple
  alias in get_domain).
- mod.rs: export MemoryStoreSend alongside the existing LocalMemoryStore
  and MemoryStore re-exports.

Verification: cargo test -p vestige-core --features embeddings,vector-search
passes (428 lib tests). All five Phase 1 integration test binaries pass
(trait_round_trip, send_bound_variant including
arc_dyn_memory_store_moves_across_tokio_tasks, cognitive_module_isolation,
embedding_model_registry, domain_column_migration). cargo test --workspace
green across every test binary. cargo build --workspace --release green.
cargo clippy --workspace --features embeddings,vector-search -- -D warnings
clean. grep -rn async_trait crates/vestige-core/src/storage/ returns
zero hits.

Supersedes plan claim in docs/plans/0001a-trait-rewrite.md about
trait_variant emitting a dyn-compatible Send variant; option (c) from
the design conversation (hand-written dyn adapter) was selected
explicitly because trait_variant 0.1.2 does not.
2026-06-18 19:08:23 -05:00
Jan De Landtsheer
5715f585fd feat(storage): phase 1 -- extract MemoryStore and Embedder traits (ADR 0001)
Introduce two trait boundaries that the rest of the stack now sits above,
landing Phase 1 of ADR 0001 (pluggable storage and network access).
Rebased onto v2.1.22 Sanhedrin from the original April work.

MemoryStore / LocalMemoryStore (crates/vestige-core/src/storage/memory_store.rs):
  One trait, ~25 methods, covering CRUD, hybrid / FTS / vector search,
  FSRS scheduling, graph edges, and the forthcoming domain surface.
  trait_variant::make generates a Send-bound MemoryStore alias over the
  base LocalMemoryStore so Arc<dyn MemoryStore> works under tokio/axum.
  Storage errors map through a dedicated MemoryStoreError.

Embedder / LocalEmbedder (crates/vestige-core/src/embedder/):
  Pluggable text-to-vector encoder. FastembedEmbedder wraps the existing
  EmbeddingService; storage never calls fastembed directly anymore.
  Embedder::signature() produces the ModelSignature consumed by the
  store's embedding_model registry.

SqliteMemoryStore (crates/vestige-core/src/storage/sqlite.rs):
  Storage renamed to SqliteMemoryStore; the old name lives on as a
  pub type alias so Arc<Storage> consumers in vestige-mcp stay intact.
  All existing inherent methods are untouched; the trait impl is
  purely additive and dispatches into them. The db_path field added
  by v2.1.1 portable-sync is preserved.

Migration V14 (crates/vestige-core/src/storage/migrations.rs):
  Renumbered from V12 (the original April number) to V14 to slot in
  cleanly after upstream's V12 (v2.1.1 sync_tombstones) and V13
  (v2.1.2 purge tombstones).
  - embedding_model registry table (CHECK id = 1, code enforces the
    single-row invariant).
  - knowledge_nodes.domains / domain_scores TEXT columns (JSON arrays
    default '[]' / '{}'), domains catalogue table, supporting indexes.
  Phase 4 populates these columns; Phase 1 just exposes the schema.

Consolidation and other cognitive pathways now accept a
&dyn LocalMemoryStore (sync) or Arc<dyn MemoryStore> (async) rather
than a concrete Storage.

Tests:
  - trait-method unit tests colocated in sqlite.rs and migrations.rs
  - embedder/fastembed.rs tests for name/dimension/hash stability
  - new integration crate tests/phase_1 (added to workspace members):
    trait_round_trip (8), embedding_model_registry (7),
    domain_column_migration (5), cognitive_module_isolation (4),
    send_bound_variant (2), embedder_trait (2).

Acceptance gate post-rebase:
  - cargo build --workspace --all-targets: ok
  - cargo clippy --workspace --all-targets -- -D warnings: clean
  - cargo test -p vestige-core --lib: 428 pass
  - cargo test -p vestige-phase-1-tests: 28 pass
  - cargo test -p vestige-mcp --lib: 380 pass (Storage alias preserves
    every existing call site)

Co-existence with v2.1.1 portable-sync: this trait extraction is
additive. Portable-sync's tombstone migrations (V12, V13) remain
on the concrete SqliteMemoryStore; Phase 2 (Postgres) will decide
which of those surfaces graduate into the trait.
2026-06-18 19:07:52 -05:00
Sam Valladares
01fa882760 Merge branch 'caioribeiroclw-pixel-caio/test-integrity-delta-fixtures' 2026-06-18 18:51:46 -05:00
Caio Ribeiro
e1f3796523 docs: add test integrity delta receipt sketch 2026-06-18 23:02:32 +00:00
Sam Valladares
b45ea819d7 Fix ComposedGraph clippy warnings 2026-06-18 16:08:51 -05:00
Sam Valladares
efbea25133 Add ComposedGraph composition ledger 2026-06-18 16:00:29 -05:00
Sam Valladares
6c7d56b4cf Add OpenCode integration and safer startup 2026-06-15 17:06:01 -05:00
Sam Valladares
16903f3ab4 Merge pull request #62 from delandtj/design-adr-0002-phase-2-execution 2026-06-15 16:25:38 -05:00
Sam Valladares
31890278d3 Merge pull request #65 from samvallad33/release/v2.1.24-data-dir-permissions 2026-06-15 15:59:12 -05:00
Sam Valladares
47de61f2d2 feat(config): Phase 2 Configurable Output — vestige.toml + output profiles (v2.1.26)
Rebased on v2.1.25 merge/supersede and bumped the post-release metadata to v2.1.26 so this branch does not roll versions backward.

Adds local vestige.toml defaults, output profiles, and MCP response precedence for search, timeline, codebase context, and session context.

Verified:
- cargo metadata --format-version 1 --locked --no-deps
- cargo test -p vestige-core config --no-fail-fast
- cargo test -p vestige-mcp config --no-fail-fast
2026-06-15 13:51:50 -05:00
brendon
51f08264f7
fix(storage): tolerate SQLite-native datetime format in parse_timestamp
Tolerate SQLite-native timestamps from external writers while preserving RFC3339 as the canonical write format.

Verified locally on the merge result:
- cargo test -p vestige-core test_parse_timestamp_accepts_rfc3339_and_sqlite_native --no-fail-fast

CI/Test Suite on the updated PR branch are green.
2026-06-15 13:50:55 -05:00
Sam Valladares
c23d7a309c
feat(merge-supersede): Phase 3 — diff-previewed, reversible merge/supersede controls (v2.1.25) (#75)
Adds opt-in, preview-first combine/dedupe/supersede on a never-delete
(bitemporal) store. The default is review, never silent mutation. Every applied
operation is recorded as a reversible, auditable event with provenance — a git
reflog for your agent's memory.

Core (vestige-core):
- advanced::merge_supersede — pure Fellegi-Sunter two-threshold scoring
  (embedding + tag + token Jaccard), match/possible/non_match classification,
  plan/diff and operation-log types, merge-composition helpers. Unit-tested.
- storage: merge_candidates, plan_merge, plan_supersede, apply_plan, merge_undo,
  protect/pin, and per-project merge_policy (persisted in fsrs_config, env
  overridable). Supersede invalidates bitemporally (valid_until + superseded_by,
  Graphiti-style "invalidate, don't delete") and keeps the old node queryable.
- Migration V14: merge_plans + merge_operations tables, knowledge_nodes.protected
  and .superseded_by columns + indexes. Idempotent on replay (duplicate-column
  guarded ADD COLUMNs).

MCP (vestige-mcp):
- Seven new tools registered + dispatched: merge_candidates, plan_merge,
  plan_supersede, apply_plan, merge_undo, protect, merge_policy.
- apply_plan requires confirm=true for possible/non_match plans; match plans
  auto-apply only when policy.auto_apply is set (default off).

Tests: candidate-threshold classification, plan-preview makes no mutation,
apply+undo reversibility, supersede bitemporal invalidation preserves old-node
queryability, protect blocks merge-away, low-confidence requires confirm, policy
roundtrip, migration V14 + idempotent replay. All 796 scoped tests pass; clippy
-D warnings clean on touched crates.

Docs: docs/MERGE_SUPERSEDE.md + CHANGELOG entry. Version bump 2.1.23 -> 2.1.25.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-12 12:55:31 -05:00
Luc Lauzon
b01269db22
feat(mcp/system_status): add optional schema_introspection flag (#69)
* feat(mcp/system_status): add optional schema_introspection flag

Adds an optional `schema_introspection: bool` parameter to the
`system_status` MCP tool. When set to true, the response gains a
`schema` block carrying:

- `schemaVersion` (u32) — highest applied migration, mirrors
  `Storage::current_schema_version` (now exposed via a typed public
  method).
- `schemaVersionAppliedAt` (RFC3339, optional) — timestamp the
  current schema_version row was applied.
- `tables` ([{name, rows, columns}]) — per-table row count + column
  list, walked over the canonical PORTABLE_USER_DATA_TABLES set so
  the surface stays stable across migrations rather than enumerating
  arbitrary sqlite_master rows.
- `embeddingNullCount` (i64) — count of knowledge_nodes with NO row
  in node_embeddings. Distinct from MemoryStats.nodes_with_embeddings
  (which keys off the `has_embedding` flag column), so audit scripts
  can detect drift between the flag and the join-based truth.
- `activeEmbeddingModel` (string, optional) + `activeEmbeddingDimensions`
  (u32, optional) — mirrors the existing MemoryStats active-model
  fields, included here so audits get schema_version + active model
  in a single round-trip.

Motivation: external consumers (audit scripts, migration guards,
downstream binary upgrade scripts) currently must read SQLite
directly to learn the schema shape, which couples them to internals
Vestige owns and breaks on every migration. This PR closes that gap
with a first-class MCP surface.

Implementation:

- New `pub fn schema_introspection() -> Result<SchemaIntrospection>`
  inherent method on `Storage` (sqlite.rs). Inherent, not on a
  trait — schema-walk is SQLite-specific by nature, so this stays
  out of any future MemoryStore trait extraction.
- New typed structs `SchemaIntrospection` + `TableIntrospection` in
  memory/mod.rs (canonical home alongside MemoryStats), re-exported
  from the crate root.
- MCP layer (maintenance.rs) parses `SystemStatusArgs`, conditionally
  extends the existing response object with a `schema` key — additive,
  default off, response shape unchanged when omitted.

Coupling assessment vs PR #61 (storage-trait-phase1):

This PR adds ONE new public inherent method on `Storage` plus uses
three already-existing private helpers (`current_schema_version`,
`table_exists`, `table_row_count`, `table_columns`). It does NOT
touch the existing inherent method signatures, does NOT add anything
to the prospective `MemoryStore` trait surface, and does NOT modify
any of the ~25 methods #61 lifts into the trait. PR #61 is purely
additive on the trait surface (per its description, `pub type
Storage = SqliteMemoryStore;` preserves all existing call sites);
this PR is additive on the inherent surface. Two purely-additive
changes to disjoint surfaces should rebase cleanly.

Tests:
- system_status_schema_has_schema_introspection_flag (schema
  introspection: property present, type=boolean, default=false,
  not required)
- system_status_without_schema_flag_omits_schema_block
  (backwards-compat: unset/false → no `schema` key)
- system_status_with_schema_flag_emits_schema_block (positive case:
  schema block present, schemaVersion >= 13, tables non-empty,
  knowledge_nodes row count + columns sane, convenience fields
  present)
- system_status_camelcase_alias (#[serde(rename_all="camelCase")] +
  alias works for both snake and camel input)
- storage_schema_introspection_method (Storage-layer method tested
  directly, independent of MCP)

Closes the second of two gaps surfaced in the knowledge-mgmt-sota-uplift
initiative. Companion to PR #68 (search.tag_prefix). The two PRs are
deliberately decoupled — this one carries the storage-layer surface
extension; the other is MCP-layer-only.

* fix(memory): derive Default on SchemaIntrospection to satisfy clippy

The manual `impl Default for SchemaIntrospection` tripped
`clippy::derivable_impls` under the workspace's `-D warnings` CI gate.
All fields are types with `Default` impls (`u32`, `Option<T>`, `Vec<T>`,
`i64`), so deriving is equivalent and clippy-clean. Matches the existing
style of `ConsolidationResult` further down in the same file.
2026-06-11 14:24:42 -05:00
Luc Lauzon
5aa261398d
feat(mcp/search): add optional tag_prefix post-filter (#68)
Adds an optional `tag_prefix` string parameter to the `search` MCP tool.
When set, only results that carry at least one tag whose value starts
with the prefix are returned (case-sensitive, matching the existing
exact-tag semantics in memory_timeline / export / gc).

Motivation: external consumers that need "all memories tagged
`<class>:*`" (e.g. `meeting:standup`, `meeting:1-on-1`) currently have
three paths, all bad: (i) export everything and filter client-side
(heavy), (ii) enumerate the prefix space and pass exact tags as a list
(impractical for open-set tag classes), or (iii) read SQLite directly
(an anti-pattern that couples consumers to internal schema). This PR
closes that gap with a minimal, additive surface.

Implementation note: filter runs at the MCP layer, NOT in the storage
predicate. Rationale: (a) leaves crates/vestige-core/src/storage/
untouched, avoiding collision with PR #61's storage-trait extraction;
(b) `SearchResult.node.tags` is already loaded from the same JSON-array
column the brief's proposed SQL would scan, so the post-filter is
functionally equivalent; (c) post-filter applies BEFORE the reranker
so the cross-encoder does not waste cycles on memories the caller will
not receive, and BEFORE strengthen-on-access so dropped results do not
get a testing-effect boost they did not earn.

Headroom: when tag_prefix is set, the hybrid path doubles its overfetch
multiplier (capped at the existing 100 ceiling) and the concrete path
fetches 3x its normal limit, both to leave the post-filter enough pool
to still return ~limit results after thinning. The Stage 0
keyword-priority merge also re-applies the prefix filter so it cannot
re-introduce filtered-out memories.

Backwards-compat: parameter is optional, defaults to None; every existing
call shape and response shape is unchanged.

Tests:
- tags_match_prefix unit (prefix-vs-substring, case-sensitivity,
  tagless-memory semantics, empty-prefix corner case)
- schema introspection (property present, type=string, not required)
- hybrid-path filter excludes non-matching tag-classes
- hybrid-path filter excludes tagless memories
- backwards-compat: no tag_prefix → behavior unchanged
- concrete-path filter (literal-query branch) honors tag_prefix

Closes a gap surfaced in the knowledge-mgmt-sota-uplift initiative
(KMSU Session 89 audit; ~3,300-memory production Vestige).
2026-06-11 14:24:33 -05:00
Sam Valladares
241dfdd6cb
Merge pull request #67 from ShalokShalom/patch-1
Update CONFIGURATION.md with Opencode TUI details
2026-06-08 12:14:26 -05:00
Sam Valladares
603efdcb2c
Merge branch 'main' into patch-1 2026-06-08 12:13:09 -05:00
Sam Valladares
a355da99a6 Revert "Add developer launch kit for Vestige v2.1.23"
This reverts commit 00511948ff.
2026-06-02 12:40:48 -05:00
Sam Valladares
6a37586c5f Revert "Fix Pages workflow enablement and add Lobsters launch copy"
This reverts commit 67f9550e6c.
2026-06-02 12:40:48 -05:00
Sam Valladares
67f9550e6c Fix Pages workflow enablement and add Lobsters launch copy
Use configure-pages enablement so the landing deploy can succeed without
manual repo setup first.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 12:39:26 -05:00