Enhance search quality, intent taxonomy, and MCP functionality#26
Conversation
- Expand the semantic candidate pool for default human-facing search so noise can be filtered after dense retrieval. - Hide machine frames by default while preserving explicit --frame-kind queries for tool/internal searches. - Re-score and dedupe semantic results using frame quality, lexical overlap, and low-signal snippet penalties. - Add unit coverage for machine-frame suppression, explicit frame-kind behavior, and expanded fetch limits.
Add two new internal EntryType variants (Task, Commitment) and bump the classifier to an 11-type taxonomy. Update crates/aicx-parser/src/types.rs and src/intents.rs with new parsing/mapping logic: task detection (task:/todo:/zadanie:, bare checkboxes, actionable imperative heads), commitment detection, refined outcome detectors (completion and observed-count shapes), and a narrowed decision vs requirement distinction. Wire Task -> IntentKind::Task and keep Commitment as internal/dropped from the 4-bucket CLI. Add extensive documentation and audit artifacts (INTENTS_CHECKPOINT_2026_0617.md, INTENTS_CLASSIFICATION_RULES.md, INTENTS_CORE_ONTOLOGY.md), update Context Corpus docs to reference the 11-type taxonomy, and add golden fixtures/tests for core ontology validation.
- Detect code-like query anchors in default semantic reranking.\n- Boost exact and split-anchor evidence while penalizing no-anchor candidates.\n- Prefer anchored answer-like agent replies over short anchor echoes.\n- Add focused ranking regressions for hyphen, underscore, digit, and answer-like hits.
- Replace an explicit section counter with enumerate().\n- Preserve timestamp sequencing for parsed ChatGPT markdown sections.\n- Keep the provider behavior unchanged while unblocking the pre-push clippy gate.
- Use the cross-project hybrid index for project-scoped search when a project bucket is missing.\n- Preserve the existing dense-only fallback only when hybrid artifacts are unavailable.\n- Surface all-bucket hybrid fallback in result labels and oracle status.\n- Add a status-line regression for hybrid all-bucket fallback observability.
- Add aicx index derive -p to materialize project semantic buckets from _all.\n- Stream matching project rows without re-embedding or rescanning the store.\n- Repair project hybrid artifacts from the derived committed index.\n- Cover CLI parsing and derived bucket row filtering.
- Derive all project semantic buckets from _all after the default index build.\n- Add aicx index derive --all-projects as an explicit repair path.\n- Stream _all once for multi-project bucket derivation instead of one pass per project.\n- Cover parser and batch bucket derivation regressions.
- stop auto-deriving every project bucket during default indexing - report project searches on _all as global-scoped instead of all-bucket fallback - keep explicit index derive modes as optional local cache paths
- Filter generated metadata from search excerpts when content evidence is available - Prefer matched content lines over metadata matches in fuzzy search - Preserve metadata-only fallback for project/path/date-oriented lookups - Cover content-first and metadata fallback behavior in rank tests
- replace the default body analyzer's full Polish stemmer with a cheap suffix trim plus English stemming - version lexical commit ids with the Tantivy analyzer schema - force stale hybrid rebuilds when old lexical commit ids lack the schema prefix - cover the adapter and no-op hybrid skip behavior with targeted tests
- Add evidence packet scoring and rendering for semantic search results. - Wire CLI --evidence and MCP evidence=true to the shared post-fusion reranker. - Read TB spotlight round sidecars and sections without requiring a reindex. - Preserve decision/answer traces from meta caps and clarify suppressed as dedupe/limit-only. - Cover query classification, meta/dump labeling, operational traces, CLI parsing, and MCP defaults.
- add an operator-facing `aicx eval search-quality` seed matrix for evidence-mode smoke checks - run the matrix through real `aicx search --evidence --json` calls against the active AICX_HOME - keep evaluation matching on evidence content instead of path-only hits - cover CLI parsing, seed selection, in-corpus, and out-of-corpus false-positive behavior - document the boundary between backend retrieval evals and operator runtime smoke
- replace the hardcoded search-quality matrix with the tracked search_quality_seed.toml contract - add anchor-aware evaluation using map_id plus expected terms from evidence payloads - discover project filters from seed anchors in the active AICX_HOME store - support --seed for local matrix experiments without recompiling - add the human golden-questions draft alongside the machine-readable seed
- Add --host to aicx-mcp and aicx serve with loopback as the default. - Pass the bind address through the MCP HTTP runtime instead of hard-coding 127.0.0.1. - Add parser/help tests for host binding and no-require-auth, plus loopback smoke validation.
- Configure rmcp allowed Host headers from the MCP bind address. - Disable rmcp Host validation only for explicit all-interfaces binds, with an operator warning. - Add /health outside the rmcp handler and regression tests for non-loopback host config.
- Keep /health as a plain Axum liveness route, mirroring the dashboard server. - Apply Bearer auth only to /mcp so transport proofs can separate server reachability from rmcp handling. - Clarify startup logs to say auth applies to /mcp.
- Log outermost HTTP request start/end with method, path, host, and remote address. - Log /health handler start/end to prove whether non-loopback requests reach Axum routing. - Keep this as a diagnostic commit for isolating the Sztudio non-loopback stall.
- refuse MCP HTTP startup when auth is disabled on non-loopback binds - keep loopback --no-require-auth available for local operator flows - update standalone and aicx serve help text to reflect the security boundary - add regression coverage for loopback, non-loopback, and token-auth policy
- Remove one-off Axum request and health diag logs after proving the ALF root cause.\n- Document the streamable HTTP host/auth contract for loopback and tailnet use.\n- Record the macOS Application Firewall first-run prompt as a transport diagnostic trap.\n- Capture the Sztudio V4 MCP smoke evidence and no-auth fail-closed behavior.
- Add a repeatable streamable HTTP MCP smoke script for token, session, tools, index, and search checks.\n- Document the Silver to Sztudio adoption flow for Claude Code and Codex clients.\n- Keep remote AICX as a separate aicx-sztudio MCP entry during rollout.\n- Link the runbook from the command reference and README.
- Handle MCP search payloads that report results as a numeric count.\n- Keep list-shaped results/items support for future response variants.\n- Preserve the zero-result failure contract in the HTTP smoke harness.
- Record that Codex exec can discover a streamable HTTP MCP server but cancel calls without per-tool approvals.\n- Add the minimal profile-based command for approving aicx_index_status and aicx_search.\n- Capture the expected Codex proof shape for rows, backend, and V4 source path.
- Add a stable Sztudio V4 service script for start, stop, status, health, and smoke hints. - Pin the remote MCP runtime to the V4 AICX_HOME and embedder config. - Document durable binary, log, token, restart, smoke, and rotation paths.
- Align remote MCP adoption examples with the stable 8069 endpoint. - Record the current two-entrypoint operator state for local aicx and remote aicx-sztudio. - Capture the verified V4 rows, backend, token gate, and quality boundary.
- Canonicalize the active store before recursive seed anchor discovery. - Refuse recursive scans outside the canonical store root. - Add a regression test for outside-store path rejection and document the Semgrep false positive.
The 2026-06-17 checkpoint lost four confirmed findings and replicated the exact problem we are fixing (a status doc that drops earlier truth). Restore them and add the Round II plan. Truth-sync of stale branch state: checkpoint claimed branch=fix/aicx-intents, dirty, nothing committed; actual state is the search-quality branch @42ba27d, all Round I committed+pushed, clean. Restored Known Open Findings (all still open): - CLI --since YYYY-MM-DD behaves exact-day vs help's lower-bound claim - CLI vs MCP date semantics drift (MCP lower-bound + limit=20 cap 500) - core project filtering uses substring contains vs CLI canonical resolver - --limit caps display only, not the scan Added Round II plan (5 axes): signal/raw semantic unification, quote/ negation/historical-context awareness, provenance-as-structure, task lifecycle decision, foreign-MD auditable import; plus review-pack reproducibility contract. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A local-only branch (docs/backlog-truth-sync, 2026-05-29, never on any
remote) carried status flips that never reached HEAD's BACKLOG.md. Folded
the still-relevant ones, each RE-VERIFIED against today's HEAD rather than
trusting the 3-week-old claim.
Closed (open/investigating -> done/partial/resolved):
- ${...} bucket validation -> done (validation.rs:18 rejects $/{, test :94)
- feat/aicx-extract-improvements -> done (absent on origin)
- wip 15-unstaged (05-12) -> resolved (tree clean)
- runtime_cli_store_contract lowercase intent -> done (stale; 19 tests present)
- doctor --fix -> partial, with 06-21 correction: --fix was RENAMED to
--rebuild-steer-index (deprecated alias) -- newer than the 05-29 claim,
caught by re-verification (a blind cherry-pick would have been stale)
Other 05-12 items already truth-synced in HEAD via the wip/consolidated
squash-merge (PR #12) -- not duplicated here.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Round II / oś 1. The [signals] section path was a second semantic engine that bypassed the line classifier: a section header (Intent:/Decision:/ Results:/Outcome:) set the record kind directly, so e.g. a question filed under Results: became an outcome. Since ~70% of outcomes in the review-pack sample came from [signals], this upstream path had outsized, unchecked authority. [signals] is now a strong HINT, not ground truth. Each section-tagged line passes revalidate_signal_kind, which runs the shared classifier and: - honors the section hint when the classifier agrees or abstains (full signal confidence, no provenance change); - lets the classifier win on confident disagreement (operator decision 2026-06-21), recording source="signals:revalidated(<from>-><to>)" and dropping to normal classified confidence; - drops the line when the classifier confidently reads a non-bucket role (assumption/insight/argue/commitment), killing the section's false positive. The no-header path is unchanged. Test signals_revalidation_gate_classifier_ wins_on_disagreement covers all three branches (question->intent w/ provenance, genuine result kept, assumption dropped). Verified: cargo fmt --check, clippy --all-targets clean, cargo test --lib 825 passed/1 ignored, core_ontology audit 15/15, operator_md_ingest 7/7. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Round II / oś 1 follow-up. Until now only reclassified signal lines carried a source; honored hints kept source=None, indistinguishable from raw- transcript records. Now every record produced from a [signals] block carries provenance so downstream can tell signal-origin from raw-origin and filter on it: - agreed / classifier-abstained section line -> source="signals" - reclassified line -> source="signals:revalidated(<from>-><to>)" - no-header signal line -> source="signals" Introduces SIGNAL_SOURCE const. The "voice_transcript" provenance path is untouched (exact-match in dedup/display/sort), so the new tag does not collide. Also adds an E2E pipeline guard (signals_revalidation_gate_e2e_question_under_ results_not_outcome): a full chunk with a question under [signals] Results: must not surface as an outcome after parse -> signals+raw -> dedup -> records, while a genuine result in the same block is preserved. Verified: cargo fmt --check, clippy --all-targets clean, cargo test --lib 826 passed/1 ignored, core_ontology audit 15/15, operator_md_ingest 7/7. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Delete heavy internal planning/audit docs that should not ship publicly and that held the dangling links to the already-removed BACKLOG.md / NOISE_FILTER: - docs/BUGFIXES.md - docs/bug-tracker-aicx-followup-pass-2.md - docs/bug-tracker-aicx-followup-pass-3.md These contained ~/AI_notes and ~/.vibecrafted paths, PR/SHA detail, and domain knowledge. Only external inbound ref (docs/scope-overflow.md) reworded to drop the BUGFIXES.md pointer. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- memex (internal memory service) -> rust-memex (public crate) in docs, code comments, CHANGELOG history, and two low-risk fixtures/UI strings; archive/skills + removed-API guard needles left as needs_decision - tailscale: feature kept (public product), but scrub real machine fingerprints — sztudio CGNAT IP 100.75.30.90 -> 100.64.0.1 and tailnet host vetcoders-mbp.tail2c9f.ts.net -> host.example.ts.net (tests assert range/suffix, not the specific values) - AI_notes private notes dir -> ~/.aicx in problem-log path (AGENTS.md + tools/aicx_problem_log.sh) rmcp/lancedb untouched (public crates, allowlisted). Lib (793) + dashboard_filter tests green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Eliminate camelCase brand tokens (the brand is lowercase by default, Capital-first only as a proper noun): - VetCoders -> Vetcoders, CodeScribe -> Codescribe, ScreenScribe -> Screenscribe (uniform case-sensitive token replace -> identifiers + labels + fixtures stay self-consistent; compiles clean) - git/GitHub URLs lowercased to github.com/vetcoders/... per URL rule - org-from-URL test assertions updated to the now-lowercase org (store/tests) - archive/skills/** intentionally untouched (deferred as one needs_decision unit); CODESCRIBE_* env vars, com.vetcoders.codescribe, codescribe CLI/path left as-is (functional, already lowercase) Full test suite green (793 lib + all integration/parser). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Remove hardcoded founder names from shipped runtime matching (real leak in product logic, operator-approved generalization): - rank.rs: boilerplate footer/search matchers 'created by m&k' -> brand-neutral 'created by vetcoders'; drop 'monika' from operator speaker-hint set (generic 'user|human|operator' already covers it) - codescribe.rs: parse_markdown_speaker_heading no longer hardcodes maciej/monika — accepts the 'speaker' prefix or any colon-terminated '### <Name>:' heading - coupled fixtures (codescribe_ingest, sources/tests, operator_md_ingest) retargeted to neutral speakers (Operator/Engineer/Alex) + matching assertions Full lib (793) + codescribe_ingest + operator_md_ingest tests green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Unknown sort tokens fall back to newest (timestamp/date desc), not descending score. Align the doc with the implementation and unit test. PR #24 review (copilot-pull-request-reviewer) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
MCP semantic-success now passes kind_filter_dir to finalize_fuzzy_results instead of None, matching the CLI tail. Kind is already pushed into the semantic query; the retain is a defensive guard so an off-kind hit cannot slip through if the semantic backend regresses, keeping CLI/MCP parity. PR #24 review (copilot-pull-request-reviewer) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…nto fix/aicx-signals-revalidation Union resolution of the CLI/MCP search-parity closure with the signals- revalidation line: - adopt Monika's McpHttpConfig contract (run_http/run_http_on/run_http_config, --allowed-host/--allow-any-host, allowed_hosts_for_rmcp) end-to-end in src/main.rs, src/bin/aicx_mcp.rs and src/mcp.rs - keep our evidence mode (--evidence) on both CLI and MCP search paths and re-thread it ahead of the shared finalize_fuzzy_results tail - keep our auth semantics (--require-auth default-true, loopback-only --no-require-auth, validate_http_auth_policy) inside run_http_config - reconcile the Host-validation behaviour conflict: explicit --allowed-host/ --allow-any-host follows Monika's strict contract; a bare all-interfaces bind without a list keeps the tailnet-friendly auto-disable via new McpHttpConfig::open_all_interfaces_bind (still Bearer-gated) - drop main.rs-local search_examined_fetch_limit/run_fuzzy_search_with_filters (subsumed by fuzzy_search_with_post_filters in the library) and the dead streamable_http_config_for_bind + rewrite its tests against McpHttpConfig - dedupe auto-merge artefacts: double host field in Serve/Args, double IpAddr imports, double serve match binding; docs/COMMANDS.md merged as a union Verified: cargo check, cargo clippy --workspace --all-targets -D warnings, cargo test --workspace (all suites 0 failed). Authored-By: claude <agents@vetcoders.io> session_id: 13fb1692-36cb-4258-a3a9-e04ef35e8c98 date: 2026-07-02T14:17:38 PDT runtime: interactive
…-signals-revalidation Deprivatize sweep folded into the signals-revalidation line: - Cargo.toml: keep our canonical one-liner description (0d35826), take Monika's deprivatized authors field (Vetcoders <hello@vetcoders.io>) - accept deliberate deletions of docs/BACKLOG.md and docs/BUGFIXES.md per deprivatize policy (internal paths/PR forensics must not ship publicly); full content remains recoverable from git history - brand/name scrubs across sources auto-merged cleanly Verified: cargo check --workspace green after resolution. Authored-By: claude <agents@vetcoders.io> session_id: 13fb1692-36cb-4258-a3a9-e04ef35e8c98 date: 2026-07-02T14:19:37 PDT runtime: interactive
… match case-preserving identity The deprivatize sweep lowercased git-remote URL fixtures in segmentation tests (github.com:vetcoders/...) while their assertions kept the CamelCase org slug (Vetcoders/...). Repo identity is case-preserving FROM the remote URL, so six segmentation tests failed after the merge. Re-case the URL fixtures to Vetcoders/ so fixture and assertion agree and the tests keep exercising the CamelCase-org preservation contract. Verified: cargo test -p aicx-parser --lib segmentation — 43 passed, 0 failed. Authored-By: claude <agents@vetcoders.io> session_id: 13fb1692-36cb-4258-a3a9-e04ef35e8c98 date: 2026-07-02T14:26:49 PDT runtime: interactive
…+ L0 pointer + honesty fields Add the additive card v2 sidecar contract types while keeping v1 sidecars readable by default. Document the L1 sidecar/L2 markdown contract and cover v1/v2/unknown-field compatibility. Authored-By: codex <agents@vetcoders.io> session_id: impl-260702-164747-33000 date: 2026-07-02T17:03:03 PDT runtime: vibecrafted
…decar-first metadata
Cut C1 of cards-v2: every in-repo card reader now tolerates both the
legacy bracket header ([project: … | agent: … | date: …]) and the
upcoming card schema v2 YAML frontmatter, ahead of the A2 writer flip.
- new shared helper crates/aicx-parser/src/card_header.rs:
parse_card_header() -> CardHeader {project, agent, date, frame_kind},
card_body() (byte-identical to the old chunk_body_after_header for
bracket cards; key-gated for frontmatter so a body opening with a
horizontal rule is never chopped), is_bracket_header_line().
- killed the chunk_body_after_header twin duplicated across
src/store.rs and src/doctor/quarantine.rs; store owns
chunk_body_is_empty (pub(crate)), quarantine reuses it.
- readers re-pointed to the helper: rank fuzzy search, semantic
preview (search_engine), intents parse_chunk_document, evidence
sections, main is_noise_artifact — header stripped structurally
before line-level filtering, per-line [project: literals removed.
- sidecar-first: doctor empty-body frame_kind takes the sidecar first,
falls back to parse_card_header, then "unknown"; proven by a
disagreement test where the sidecar wins.
- 13 new tests (8 unit in card_header, 2 doctor, 1 intents parity,
1 rank frontmatter search, 1 store empty-body agnosticism).
Gates: cargo test --workspace 1393 passed / 0 failed / 1 ignored;
clippy -D warnings clean; fmt clean. Runtime probe (aicx search
"signals revalidation" -p aicx --no-semantic --limit 3) byte-identical
before/after against the real store.
Authored-By: claude <agents@vetcoders.io>
session_id: 4417180a-330d-433a-8afa-6eb8db6052eb
date: 2026-07-02T17:31:25 PDT
runtime: vibecrafted
…MCP surfaces Cut B2 (cards-v2 SCAFFOLD §4.5, depends on A1): every intent/decision/ outcome aicx displays is now framed as a HISTORICAL claim valid at session close, never live runtime truth. - src/oracle.rs: new ClaimHonesty struct (claim_scope/freshness_contract/ verification_state mirroring the A1 card sidecar constants) with canonical() + display_line() (None renders as unknown); OracleEnvelope gains an always-present claim_honesty field (additive JSON key). - src/intents/types.rs: IntentRecord carries #[serde(flatten)] honesty — flat claim keys appear only when the source v2 sidecar has them, so v1 record JSON stays byte-identical; StoredChunkFile threads the frame from collect_chunk_files (sidecar) into build_candidate. - src/intents/display.rs: format_intents_markdown opens with the header notice "claims: historical @ session close · not verified by aicx"; format_intents_oracle_json stamps the envelope frame (covers both CLI --emit json and MCP aicx_intents which share this serializer). - src/main.rs: intents pack report header carries the same notice line; steer-metadata OracleEnvelope stamps the frame. - src/evidence.rs: aicx search --evidence JSON (CLI + MCP shared render_evidence_json) adds claim_honesty. - 10 new tests across oracle/intents/mcp/evidence/main lock the notice, the envelope keys, per-record flat keys, sidecar threading, and the additive-only guarantee via pinned key-set diffs. Gates: cargo test --workspace 1403 passed / 0 failed / 1 ignored; clippy -D warnings clean; fmt clean. Real-store walk-around shows the frame on live records (read-only). Authored-By: claude <agents@vetcoders.io> session_id: ac7b02eb-2aec-4e6c-b61b-433339e6e95e date: 2026-07-02T18:29:50 PDT runtime: vibecrafted
…+ L0 provenance sidecar Flip the card writer to schema v2 YAML frontmatter and populate L0 provenance in new sidecars. - replace the v1 bracket header with card.v2 frontmatter while keeping body bytes stable - thread raw source path, sha256, and line-span provenance through extraction providers - set canonical honesty fields on new sidecars and omit source for mixed-source chunks - add parser/provider tests plus an end-to-end throwaway-store probe Authored-By: codex <agents@vetcoders.io> session_id: 8584e631-4169-4d56-98ad-992dcfb803a9 date: 2026-07-02T19:11:23 PDT runtime: vibecrafted
…ar; [signals] block rendered from records ChunkSignals no longer throws its types away at serialization: every extracted family (skill/todo_open/todo_done/ultrathink/insight/plan_mode/ intent/decision/result/outcome) plus highlights is flattened into Vec<CardSignal> on the Chunk, persisted as sidecar signals[], and the md [signals] block is now a deterministic render of those records (golden test proves byte-parity with the pre-B1 prose renderer). - SIGNAL_KIND_* consts + SIGNAL_EXTRACTOR_VERSION (crate version) stamp - SignalItem threads entry-level source_line_span into records; no fake values — None when the provider reported no span - records carry FULL todo lists; MAX_TODO_ITEMS caps display only - sidecar signals[] skipped when empty (sidecar shape backward-stable) - +7 tests: golden byte-parity, per-family kinds, line_span honesty, extractor stamp, render-cap vs records, empty case, file round-trip - verified on a throwaway-store extract of a live session: sidecar records sit next to the rendered block with spans into the raw JSONL Authored-By: claude <agents@vetcoders.io> session_id: e556d1ae-8e92-4de0-a24b-79fdc0591f9a date: 2026-07-02T20:01:40 PDT runtime: vibecrafted
Semgrep gate (github-actions-mutable-action-tag) blocked push: 26 findings across ci/merge-queue-gate/npm-publish/release/retrieval-eval workflows. Mutable tags (checkout@v6, setup-python@v6, setup-node@v4/v6, upload-artifact@v7, download-artifact@v8, dtolnay/rust-toolchain@stable) can be silently repointed by the action owner (supply-chain vector). Pinned every use to the peeled tag commit SHA with a version comment; stable toolchain pinned to its current head with a date comment. Verified: make semgrep exit 0, zero findings. Authored-By: claude <agents@vetcoders.io> session_id: 13fb1692-36cb-4258-a3a9-e04ef35e8c98 date: 2026-07-02T20:11:01 PDT runtime: interactive
…n first, manifest, body-hash invariant New migration kind CardsV2 in src/store/migration/cards_v2.rs: upgrades v1 cards in place — sidecar gains schema_version=2 + honesty consts (set only when absent; source.path derived solely from existing source_file import provenance, sha256/span never invented), md bracket header rewritten to the equivalent card.v2 YAML frontmatter. Body bytes are guarded by a hard sha256(card_body) pre/post check through the shared reader; any mismatch aborts that card untouched. Dry-run is the default; a manifest under <root>/.migration/cards-v2/ records every touched file including the exact old header line so a reverse pass stays possible. Orphan .md and corrupted sidecars are skipped with manifest notes, never deleted. The walk streams one card at a time (sorted per dir, skips dot-dirs and quarantine/) so memory does not scale with store size. Verified on a copy of a real bucket day (56 cards): dry-run mutates nothing (hash-proof), apply upgrades 56/56 with byte-identical bodies (independent shell-level proof vs the live original), second apply reports 0 actions. 10 new module tests. The CLI arm (aicx migrate --cards-v2 [ROOT] --apply) lands in src/main.rs alongside the parallel C2 validator cut per Living Tree. Authored-By: claude <agents@vetcoders.io> session_id: $SID date: $DATE runtime: vibecrafted
…rd schema v1/v2 Add the read-only corpus validate-cards gate for schema v1/v2 sidecars, markdown header/frontmatter form, full-card hashes, header placeholder leaks, harness-noise warnings, and sidecar/markdown signal parity. Wire text/JSON reporting and CLI strict failure semantics without mutating the store. Verification: cargo test --workspace; cargo clippy --workspace --all-targets -- -D warnings; cargo fmt --check; ignored 10k validator proof in 1.8196s; live read-only probe over ~/.aicx/store/Loctree/aicx. Authored-By: codex <agents@vetcoders.io> session_id: f8adbf2b-0104-4e4f-ac2f-f347b727d0b3 date: 2026-07-02T20:49:05 PDT runtime: vibecrafted
…dry-run default, --apply gate CLI surface for the CardsV2 store migration committed in 2d2b12d: the migrate command gains --cards-v2 with an optional ROOT (default: canonical store dir) and an --apply flag (requires --cards-v2, conflicts with --dry-run) so dry-run stays the default posture. The cards-v2 arm bypasses the legacy sweep and the intent-schema scan. Parse tests cover the bare flag, ROOT+apply, and both rejection paths. Note for provenance: the session_id trailer on 2d2b12d reads literally 'dollar-SID' due to a shell escaping slip; the real session for that commit is the same as this one. Authored-By: claude <agents@vetcoders.io> session_id: 9401bbf7-255b-45a0-9da6-fbf40ef5887d date: 2026-07-02T20:50:01 PDT runtime: vibecrafted
…landed runtime Cut D2 closes the cards-v2 line in writing. CARD_CONTRACT.md bumped to contract_version 2: runtime>kontrakt>pamiec preamble, field table quoted against ChunkMetadataSidecar (chunker.rs:91) with per-field line refs, canonical signal-kind vocabulary (chunker.rs:180-190), tolerant schema_version deserialization documented, A1-era "Cut Boundary" section retired in favor of a landed Runtime Surfaces table + decision log with final commit SHAs (840af2a, 5d89472, d8ea714, a37460f, 3140fe6, fe59416, 2d2b12d, 8ca7a6b) and an explicit "Open / not landed" gap list (sanitize-allowlist custom-root block, ~35 signals_mismatch cards from the A2->B1 gap). STORE_LAYOUT.md gains a Card Anatomy section with a real migrated v2 card (frontmatter + sidecar, home path neutralized) and a v1 compat note. COMMANDS.md: validate-cards and migrate sections paste-verified against live --help (--cards-v2 [ROOT], --apply, -v/--verbose added; known custom-root limitation annotated). Stale v1-only claims fixed: DISTILLATION.md output format now shows the v2 frontmatter (bracket header marked legacy) and dead src/chunker.rs paths re-pointed to crates/aicx-parser/src/chunker.rs; INTENTS_CLASSIFICATION_RULES.md header-skip rule covers both shapes. Gates: cargo test --workspace exit 0, cargo fmt --check clean. Authored-By: claude <agents@vetcoders.io> session_id: 3445752a-a2c0-4ec6-9d46-8f9d1758fe9d date: 2026-07-02T21:05:27 PDT runtime: vibecrafted
…migrated policy + hash refresh Reconcile cards-v2 migration with validate-cards by stamping migrated_from_schema, refreshing full-file content_sha256 after header rewrite, and preserving born-v2 strictness while downgrading legacy-impossible migrated gaps to explicit warnings. Use the shared card_header reader surface in both migration and validation, and skip dot-directory generated artifacts so migration reports are not treated as cards during fixture validation. Authored-By: codex <agents@vetcoders.io> session_id: impl-260702-213924-19000 date: 2026-07-02T22:14:36 PDT runtime: vibecrafted
There was a problem hiding this comment.
Code Review
This pull request introduces card contract v2, transitioning from legacy bracket headers to YAML frontmatter, and adds a validate-cards command to validate card schemas, headers, hashes, and signal parity. It also implements an index derive command to extract project-scoped semantic indexes, an eval search-quality command to run search quality evaluations, and extends the aicx intents classifier taxonomy to 11 types. Additionally, the MCP server is updated to support streamable HTTP transport with host validation, and the installation scripts are hardened to scan for shadowing aicx-mcp binaries. The review feedback highlights several critical issues: a destructive cleanup bug during dry-run installations, a loose check in source_for_window that incorrectly handles None source paths, ASCII-only character restrictions in search evaluation anchors that strip Unicode/Polish terms, CRLF line-ending incompatibility in card validation, and inconsistent spacing and missing Polish past-tense forms in the outcome line classifier.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| if [ "$AICX_INSTALL_DRY_RUN" = "1" ]; then | ||
| echo " would remove shadow aicx $candidate_version from $dir (target $target_version)" | ||
| else | ||
| echo " removing shadow aicx $candidate_version from $dir (target $target_version)" | ||
| fi |
There was a problem hiding this comment.
The cleanup_old_binaries calls are executed unconditionally even when AICX_INSTALL_DRY_RUN is set to "1". This means a dry-run installation will still destructively delete existing shadow binaries. Consider wrapping the cleanup calls inside the else block so they are only executed during an actual installation.
| fn source_for_window(entries: &[&TimelineEntry]) -> Option<CardSource> { | ||
| let mut sourced_entries = entries.iter().filter_map(|entry| { | ||
| entry | ||
| .source_path | ||
| .as_ref() | ||
| .map(|path| (*entry, path.as_str())) | ||
| }); | ||
| let (first_entry, first_path) = sourced_entries.next()?; | ||
| if sourced_entries.any(|(_, path)| path != first_path) { | ||
| return None; | ||
| } |
There was a problem hiding this comment.
The source_for_window helper can incorrectly attribute a window to a source path even if some entries in the window have source_path = None. To ensure metadata correctness, the helper should strictly require that every entry in the window shares the same non-empty source path.
fn source_for_window(entries: &[&TimelineEntry]) -> Option<CardSource> {
let first_entry = entries.first()?;
let first_path = first_entry.source_path.as_deref()?;
if entries.iter().any(|entry| entry.source_path.as_deref() != Some(first_path)) {
return None;
}| let mut parts = Vec::new(); | ||
| push_string(&mut parts, item.get("excerpt")); | ||
|
|
There was a problem hiding this comment.
Using ch.is_ascii_alphanumeric() in is_anchor_char causes Polish and other non-ASCII alphanumeric characters to be trimmed from query tokens. This can completely destroy or ignore valid search terms (e.g., "łódź" becomes "d" and is ignored due to length constraints). Consider using ch.is_alphanumeric() to support Unicode characters.
| let mut parts = Vec::new(); | |
| push_string(&mut parts, item.get("excerpt")); | |
| fn is_anchor_char(ch: char) -> bool { | |
| ch.is_alphanumeric() || matches!(ch, '-' | '_' | '/' | ':' | '.') | |
| } |
| if body.starts_with("[signals]\n") | ||
| && let Some(end) = body.find("[/signals]") |
There was a problem hiding this comment.
The check body.starts_with("[signals]\n") will fail to detect the signals block on Windows/CRLF files where the line ending is \r\n. Consider supporting both \n and \r\n line endings to ensure cross-platform compatibility.
| if body.starts_with("[signals]\n") | |
| && let Some(end) = body.find("[/signals]") | |
| if (body.starts_with("[signals]\n") || body.starts_with("[signals]\r\n")) | |
| && let Some(end) = body.find("[/signals]") |
| let has_result_verb = lower.contains(" dal ") | ||
| || lower.contains(" dał ") | ||
| || lower.contains("dala ") | ||
| || lower.contains(" dała ") | ||
| || lower.contains("yielded") | ||
| || lower.contains("produced") | ||
| || lower.contains("gave"); |
There was a problem hiding this comment.
The result verb matching in looks_like_observed_count_outcome_line has inconsistent spacing (e.g., "dal " has no leading space, while " dał " does), which prevents matching "dał" at the start of a line. Additionally, it misses common Polish past-tense forms like "dało" (neuter) and "dały" (plural). Consider aligning the spacing and adding the missing past-tense forms.
| let has_result_verb = lower.contains(" dal ") | |
| || lower.contains(" dał ") | |
| || lower.contains("dala ") | |
| || lower.contains(" dała ") | |
| || lower.contains("yielded") | |
| || lower.contains("produced") | |
| || lower.contains("gave"); | |
| let has_result_verb = lower.contains(" dal ") | |
| || lower.contains(" dał ") | |
| || lower.contains(" dało ") | |
| || lower.contains(" dały ") | |
| || lower.contains("dala ") | |
| || lower.contains(" dała ") | |
| || lower.contains("yielded") | |
| || lower.contains("produced") | |
| || lower.contains("gave"); |
… native separators normalize_operator_frontmatter_cwd expanded `~/Git/X` via home.join(rest), which on Windows leaves the frontmatter's forward slash embedded inside a backslash-separated path (home\Git/X). The derived entry cwd then never matches the repo path the rest of the pipeline produces, failing operator_markdown_frontmatter_overrides_foreign_markdown_import_metadata on windows-latest (PR #26's only red check). Expand segment-by-segment so the path is separator-native on every platform. Verified: cargo test --test operator_md_ingest 9/0 locally; windows-latest proof comes from the PR #26 CI re-run. Authored-By: claude <agents@vetcoders.io> session_id: 13fb1692-36cb-4258-a3a9-e04ef35e8c98 date: 2026-07-03T11:26:12 PDT runtime: interactive
This pull request updates workflow dependencies and corrects organization and product naming throughout documentation and changelogs. The main focus is on pinning GitHub Actions to specific commit SHAs for improved supply chain security and consistency, and standardizing the organization name from "VetCoders" to "Vetcoders" and product references from "memex" to "rust-memex".
Workflow dependency pinning:
actions/checkout,actions/setup-python,actions/setup-node,actions/upload-artifact,actions/download-artifact, anddtolnay/rust-toolchainin workflow files (.github/workflows/ci.yml,merge-queue-gate.yml,npm-publish.yml,release.yml,retrieval-eval.yml) are now pinned to specific commit SHAs. This improves build reproducibility and mitigates supply chain risks. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]Organization and product naming consistency:
AGENTS.md,CHANGELOG.md). [1] [2] [3] [4] [5] [6]Minor corrections and polish:
[1] [2] [3] [4]
These changes collectively improve the security, maintainability, and clarity of the repository.