Files
yvgude--lean-ctx/docs/IMPLEMENTATION_PROTOCOL.md
wehub-resource-sync 26382a7ac6
CodeQL / Analyze (javascript-typescript) (push) Waiting to run
JetBrains Plugin / Actionlint (push) Waiting to run
CodeQL / Analyze (actions) (push) Waiting to run
CodeQL / Analyze (rust) (push) Waiting to run
JetBrains Plugin / Validation (push) Waiting to run
JetBrains Plugin / Build (push) Waiting to run
JetBrains Plugin / Test (push) Blocked by required conditions
Security Check / Security Scan (push) Waiting to run
CI / Clippy (push) Failing after 15m13s
CI / Test (ubuntu-latest) (push) Failing after 16m1s
CI / Test (macos-latest) (push) Has been cancelled
CI / Test (windows-latest) (push) Has been cancelled
CI / Build (no embeddings / no ORT) (push) Has been cancelled
CI / Format (push) Has been cancelled
CI / Cookbook (Node) (push) Has been cancelled
CI / Pi Extension (Node) (push) Has been cancelled
CI / Rust SDK (lean-ctx-client) (push) Has been cancelled
CI / Embed SDK (lean-ctx-sdk) (push) Has been cancelled
CI / Python SDK (leanctx) (push) Has been cancelled
CI / Hermes Plugin (Python) (push) Has been cancelled
CI / SDK Conformance Matrix (push) Has been cancelled
CI / Coverage (push) Has been cancelled
CI / cargo-deny (push) Has been cancelled
CI / Adversarial Safety (push) Has been cancelled
CI / Benchmarks (push) Has been cancelled
CI / Output-Quality Gate (eval A/B) (push) Has been cancelled
CI / Documentation (push) Has been cancelled
CI / CI Green (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:35:30 +08:00

907 lines
51 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Implementation Protocol — SocratiCode Case-Killer (v3.4.7)
Living document tracking all implementation work for the "SocratiCode Case-Killer" roadmap.
**Goal**: lean-ctx becomes the **local-first Context Runtime Layer** for AI Coding Agents — not just compression, but **Discovery + Impact + Artifacts + Governance**. Developers/teams don't need a separate Codebase-Index-SaaS because lean-ctx delivers the same core capabilities locally + self-hosted.
---
## Reality check (verified entrypoints)
This doc is only useful if it matches what users can actually invoke.
- **GitLab source of truth**: Primary repo is `root/lean-ctx` on `gitlab.pounce.ch`.
**ContextOS Backlog** wurde (für diese WorkspaceAutomation) in `pounce/pounce` (Project ID **1**) angelegt; siehe `server.md` (TokenScope).
- **MCP tool `ctx_pack` is real and dispatched**: `LeanCtxServer::dispatch_utility_tools` has a `\"ctx_pack\"` arm calling `crate::tools::ctx_pack::handle(...)`.
- **CLI `lean-ctx pack` and `lean-ctx index` were NOT wired previously** (so `lean-ctx pack --pr` / `lean-ctx index status` would just print global help).
- They are now wired in code via `rust/src/cli/dispatch.rs` and implemented in `rust/src/cli/pack_cmd.rs` + `rust/src/cli/index_cmd.rs`.
- Both were smoke-tested locally:
- `lean-ctx pack --pr --json --depth 2 --base HEAD~1`
- `lean-ctx index status`
**Important**: In the released `v3.4.7` binary, some entrypoints were missing (CLI wiring + tool manifest entries). The implementation is present in code, but discovery/wiring required follow-up work.
---
## Context OS — Phase 1 (Hardening + Positioning) — Execution Log
### 2026-05-02 — Kickoff: SSOT/Drift Gates + Website Nav Hardening
**Ziel**: Tool-/DocsDrift eliminieren und die WebsiteIA in Richtung „Context OS (5 Pillars)“ umbauen.
- **SSOT Manifest Gate**:
- `cargo run --example gen_mcp_manifest --features dev-tools` regeneriert `website/generated/mcp-tools.json`
- `rust/tests/mcp_manifest_up_to_date.rs` failt jetzt hart, wenn `website/` existiert aber `mcp-tools.json` fehlt (kein stilles Skip mehr)
- **Docs Claim Drift Gate v1**:
- Neues CIGate `rust/tests/docs_tool_counts_up_to_date.rs` (ToolCount Claims ↔ Runtime SSOT)
- **Docs/Template Harmonisierung**:
- Zentrale Docs/Templates/Skills/Readmes auf den aktuellen SSOTToolCount gebracht
- **Website (deploy worktree)**:
- Hardcoded ToolCount `(46)` entfernt (Header + Docs Sidebar + Docs Changelog Sidebar)
- Count wird aus `website/generated/mcp-tools.json` gelesen
- IA v2 umgesetzt: `contextOsIa.ts`, Header+DocsSidebar auf 5 Pillars, neue Landings (`/docs/context-os` + `/docs/context-*`) inkl. LocaleRouten
- RedirectStubs (301) für `/docs/pillars/*` in `website/nginx.conf`
- SSOT Tools synced: DeployManifest auf **53 Tools** aktualisiert (inkl. `ctx_call`, `ctx_pack`, `ctx_index`, `ctx_artifacts`), ToolEnrichments erweitert, ToolPages neu generiert; `validate-manifest` prüft zusätzlich Sync `public/generated/mcp-tools.json``generated/mcp-tools.json`; `/docs/tools` rendert Kategorien/Tools dynamisch aus SSOT.
**Evidence**:
- `cd rust && cargo test --all-features`
- `cd rust && cargo test --test mcp_manifest_up_to_date`
- `cd rust && cargo test --test docs_tool_counts_up_to_date`
- `cd website && npm run validate:manifest` (deploy worktree)
**GitLab Tickets (ContextOS)**:
- `0.1` Pillar Navigation + Redirect Plan → closed
- `0.2` Docs SSOT Pipeline → closed
- `4.6` Docs Claim Drift Gate v1 → closed
### 2026-05-02 — Context I/O Contracts v1 (EPIC 1: Reads/Shell/Search/Edit)
**Ziel**: Deterministische, reproduzierbare I/O Outputs (gleiches Input, gleicher State, gleiche Limits) und Premium UX ohne verwirrende Stubs.
- **1.1 ctx_read Cache Correctness v1** (`#2303`):
- mtime validation in Cache-Entries, stale detection, premium handling fuer prompt-stale Situationen
- Relevant: `rust/src/core/cache.rs`, `rust/src/tools/ctx_read.rs`, `rust/src/server/dispatch/read_tools.rs`
- **1.2 ctx_shell Contract v1** (`#2304`):
- `raw` und `bypass` Flags als explicit args, klare precedence gegen Env (`LEAN_CTX_RAW`, `LEAN_CTX_DISABLED`)
- Output-Modifikatoren (savings_note, mismatch hints) werden in raw/bypass unterdrueckt, damit Output unveraendert bleibt
- Relevant: `rust/src/server/dispatch/shell_tools.rs`, `rust/src/tool_defs/granular.rs`
- **1.3 Search I/O Determinism v1** (`#2305`):
- `ctx_search`: deterministische File-Traversal Reihenfolge (Paths gesammelt und lexikographisch sortiert), damit `max_results` Truncation reproduzierbar ist
- `ctx_semantic_search`: deterministische Tie-Breaks bei gleichen RRF Scores via sekundäre Keys (file_path, symbol_name, start_line, end_line)
- BM25 Index Search: deterministische Sortierung auch bei Score-Ties (verhindert HashMap-Iteration-Order Leaks)
- Schema: `ctx_search ignore_gitignore` Flag (default respektiert `.gitignore`)
- Relevant: `rust/src/tools/ctx_search.rs`, `rust/src/tools/ctx_semantic_search.rs`, `rust/src/core/vector_index.rs`, `rust/src/server/dispatch/shell_tools.rs`, `rust/src/tool_defs/granular.rs`
- **1.4 ctx_edit Contract v1** (`#2306`):
- Preimage Guards: expected_md5, expected_size, expected_mtime_ms optional; mismatch failt ohne Write
- TOCTOU Guard: Preimage wird vor Commit erneut gelesen; bei Abweichung Abbruch (kein partial write)
- Atomic Write: tmp file + rename; Permissions werden soweit moeglich beibehalten
- Optional Backup + bounded redacted diff evidence (diff_max_lines, evidence Toggle)
- Binary Safety: invalid UTF-8 wird standardmaessig abgelehnt; allow_lossy_utf8 ist explizites Opt-in
- Relevant: `rust/src/tools/ctx_edit.rs`, `rust/src/server/dispatch/read_tools.rs`, `rust/src/tool_defs/granular.rs`
- **1.5 I/O Boundary Contract v1** (`#2307`):
- Zentraler Boundary Helper (`rust/src/core/io_boundary.rs`) + Role IO Policy (warn|enforce, allow_secret_paths, allow_ignore_gitignore)
- `resolve_path` routed ueber boundary + PolicyViolation Events bei Denials/Warnungen
- `ctx_search`: secret-like files werden standardmaessig geskippt; `ignore_gitignore` nur mit expliziter Policy (admin)
- `linkedProjects` und `artifacts` Resolution nutzt Boundary; secret-like artifacts werden fuer non-allowed roles verworfen
- Symlink escape test in PathJail
- Relevant: `rust/src/core/io_boundary.rs`, `rust/src/core/roles.rs`, `rust/src/tools/mod.rs`, `rust/src/tools/ctx_search.rs`, `rust/src/server/dispatch/shell_tools.rs`, `rust/src/core/pathjail.rs`
**Evidence (lokal, minimal)**:
- `cd rust && cargo test -q --test mcp_manifest_up_to_date`
- `cd rust && cargo test -q bm25_search_sorts_ties_deterministically`
- `cd rust && cargo test -q rrf_merge_hybrid_is_deterministic_on_ties`
- `cd rust && cargo test -q search_results_are_deterministically_ordered_by_path`
- `cd rust && cargo test -q ctx_edit`
- `cd worktrees/deploy-ctxos/website && npm run -s validate:manifest`
- `cd rust && cargo test -q io_boundary`
- `cd rust && cargo test -q pathjail`
- `cd rust && cargo test -q ctx_search`
**GitLab Tickets (ContextOS)**:
- `#2303` ctx_read Cache Correctness v1 → closed
- `#2304` Shell I/O Contract v1 → closed
- `#2305` Search I/O Determinism v1 → closed
- `#2306` ctx_edit Contract v1 → closed
- `#2307` I/O Boundary Contract v1 → closed
### 2026-05-02 — Redaction + Secret Safety v1 (EPIC 4: Verification)
- **4.4 Redaction + Secret Safety v1** (`#2327`):
- Zentral: `rust/src/core/redaction.rs` (deterministische Pattern-Redaction)
- Policy: non-admin roles → redaction immer aktiv; admin kann via `io.redact_outputs=false` deaktivieren
- Wiring: `ctx_read`/`ctx_search`/`ctx_shell` Outputs redacted; persisted archives werden vor Write redacted
- CI Gate: `rust/tests/secret_scan_artifacts.rs` (scan committed generated artifacts + docs)
- Docs: `SECURITY.md` Threat Model (v1)
- Relevant: `rust/src/core/redaction.rs`, `rust/src/tools/ctx_read.rs`, `rust/src/tools/ctx_search.rs`, `rust/src/server/dispatch/shell_tools.rs`, `rust/src/server/mod.rs`, `rust/tests/secret_scan_artifacts.rs`, `SECURITY.md`
**Evidence (lokal, minimal)**:
- `cd rust && cargo test -q redaction`
- `cd rust && cargo test -q --test secret_scan_artifacts`
- `cd rust && cargo run -q --example gen_mcp_manifest --features dev-tools`
- `cd worktrees/deploy-ctxos/website && npm run -s validate:manifest`
**GitLab Tickets (ContextOS)**:
- `#2327` Redaction + Secret Safety v1 → closed
### 2026-05-02 — Output Verification Contract v1 (EPIC 4: Verification)
- **4.1 Output Verification Contract v1** (`#2324`):
- Config surface: `VerificationConfig.mode` (off|warn|fail) als expliziter Modus (strict_mode bleibt als Legacy-Alias kompatibel)
- WARN/FAIL Semantik: `format_compact()` ist deterministisch (sorted keys via BTreeMap) und stabil parsebar
- Strict mode Tests: Medium+High → FAIL; non-strict: nur High → FAIL
- Relevant: `rust/src/core/output_verification.rs`, `rust/src/core/profiles.rs`, `rust/src/server/mod.rs`
**Evidence (lokal, minimal)**:
- `cd rust && cargo test -q output_verification`
**GitLab Tickets (ContextOS)**:
- `#2324` Output Verification Contract v1 → closed
### 2026-05-02 — Proof Artifact Format v1 + Export Tool (EPIC 4: Verification)
- **4.2 Proof Artifact Format v1** (`#2325`):
- JSON Schema: `ContextProofV1` (`rust/src/core/context_proof.rs`) — verifier snapshot + SLO snapshot + pipeline stats + context ledger summary + bounded tool receipts
- Export tool:
- **MCP**: `ctx_proof action=export ...` (dispatch via `rust/src/server/dispatch/utility_tools.rs`)
- **CLI**: `lean-ctx proof ...` (`rust/src/cli/proof_cmd.rs`)
- Writes: `.lean-ctx/proofs/context-proof-v1_*.json` (atomic write; proof output is always redacted)
- Website (deploy): tool pages + enrichments + manifest validation updated (56+ tools)
- Relevant: `rust/src/core/context_proof.rs`, `rust/src/tools/ctx_proof.rs`, `rust/src/server/dispatch/utility_tools.rs`, `rust/src/tool_defs/granular.rs`, `rust/src/cli/proof_cmd.rs`, `worktrees/deploy-ctxos/website/generated/tool-enrichments.json`
**Evidence (lokal, minimal)**:
- `cd rust && cargo test -q context_proof`
- `cd rust && cargo run -q --bin lean-ctx -- proof --summary --no-write`
- `cd rust && cargo run -q --example gen_mcp_manifest --features dev-tools && cargo test -q --test mcp_manifest_up_to_date`
- `cd worktrees/deploy-ctxos/website && npm run -s generate:tools && npm run -s validate:manifest`
**GitLab Tickets (ContextOS)**:
- `#2325` Proof Artifact Format v1 → closed
### 2026-05-02 — Replayability Contract v1 + CI Gates (EPIC 4: Verification)
- **4.3 Replayability Contract v1 + CI Gates** (`#2326`):
- CI gates: `cargo fmt --check`, `cargo clippy -D warnings`, manifest drift gate (`gen_mcp_manifest` + `git diff` + `mcp_manifest_up_to_date`), verification gates (`output_verification`, `context_proof`, `secret_scan_artifacts`)
- Bench regression subset: `rust/tests/savings_verification.rs` als lightweight threshold gate (allow-failure auf non-default branches; hard-fail auf default/tags)
- Docs (deploy website): Replayability page dokumentiert jetzt die konkreten Gates + proof export
- Relevant: `ci/gitlab-ci.yml`, `rust/tests/savings_verification.rs`, `worktrees/deploy-ctxos/website/src/page-templates/DocsReplayabilityPage.astro`
**Evidence (lokal, minimal)**:
- `cd rust && cargo fmt`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo run -q --example gen_mcp_manifest --features dev-tools && cargo test -q --test mcp_manifest_up_to_date`
- `cd rust && cargo test -q output_verification && cargo test -q context_proof`
- `cd rust && cargo test -q --test secret_scan_artifacts`
- `cd rust && cargo test -q --test savings_verification`
- `cd worktrees/deploy-ctxos/website && npm run -s validate:doc-claims`
**GitLab Tickets (ContextOS)**:
- `#2326` Replayability Contract v1 + CI Gates → closed
### 2026-05-02 — Verification Observability v1 (EPIC 4: Verification)
- **4.5 Verification Observability v1** (`#2328`):
- Tool: `ctx_verify action=stats format=summary|json|both` (versionierter Snapshot; no raw content)
- CLI: `lean-ctx verify --json`
- Schema: `VerificationObservabilityV1` (`schema_version=1`) → verifier snapshot + SLO snapshot + budgets + proof counters + pipeline stats
- Proof counters: `context_proof` tracked collected/written + last_written timestamp (count-only)
- Deploy website: tool pages + enrichments + docs updated (56+ tools)
- Relevant: `rust/src/core/verification_observability.rs`, `rust/src/tools/ctx_verify.rs`, `rust/src/server/dispatch/utility_tools.rs`, `rust/src/tool_defs/granular.rs`, `rust/src/cli/verify_cmd.rs`
**Evidence (lokal, minimal)**:
- `cd rust && cargo test -q verification_observability`
- `cd rust && cargo run -q --bin lean-ctx -- verify --json`
- `cd rust && cargo run -q --example gen_mcp_manifest --features dev-tools && cargo test -q --test mcp_manifest_up_to_date`
- `cd worktrees/deploy-ctxos/website && npm run -s generate:tools && npm run -s validate:manifest && npm run -s validate:doc-claims`
**GitLab Tickets (ContextOS)**:
- `#2328` Verification Observability v1 → closed
### 2026-05-02 — Website Deploy Hardening (EPIC 0: Docs/Website)
- **0.3 Website Deploy Hardening** (`#2299`):
- Deploy build ist jetzt **reproducible**: `website/Dockerfile` ist multi-stage (Node builder → Nginx runtime), kein pre-built dist mehr.
- Repo hygiene: tracked `website/dist` + tracked `website/node_modules` entfernt; `.gitignore` updated (no un-ignore).
- CI: `website_build` job nutzt `node:22.12.0`; deploy job asserted `git ls-files website/{dist,node_modules}` == 0.
- Relevant: `worktrees/deploy-ctxos/.gitlab-ci.yml`, `worktrees/deploy-ctxos/website/Dockerfile`, `worktrees/deploy-ctxos/website/.dockerignore`, `worktrees/deploy-ctxos/.gitignore`
**Evidence (lokal, minimal)**:
- `cd worktrees/deploy-ctxos && git ls-files website/dist | wc -l``0`
- `cd worktrees/deploy-ctxos && git ls-files website/node_modules | wc -l``0`
**GitLab Tickets (ContextOS)**:
- `#2299` Website Deploy Hardening → closed
### 2026-05-02 — Proof-first Docs Cross-Linking (EPIC 0: Docs/Website)
- **0.4 Proof-first Docs** (`#2300`):
- Pillar-Landing-Template verlinkt jetzt Proof pages (mind. Verification + Replayability; Delivery zusätzlich Cookbook) und bleibt locale-aware.
- Verification docs cross-linken jetzt explizit zu Trust + Replayability + Cookbook (Sidebar) → durchgängige Story ohne dead links.
- Relevant: `worktrees/deploy-ctxos/website/src/page-templates/DocsContextOsPillarPage.astro`, `worktrees/deploy-ctxos/website/src/page-templates/DocsVerificationPage.astro`
**Evidence (lokal, minimal)**:
- `cd worktrees/deploy-ctxos/website && npm run -s validate:doc-claims`
- `cd worktrees/deploy-ctxos/website && npm run -s validate:tools`
**GitLab Tickets (ContextOS)**:
- `#2300` Proof-first Docs → closed
### 2026-05-02 — Tools Reference IA v2 (EPIC 0: Docs/Website)
- **0.5 Tools Reference IA v2** (`#2301`) — **closed**:
- Tools-Reference ist zusätzlich **nach ContextOS Pillars** navigierbar:
- `/docs/tools/context-io`
- `/docs/tools/context-orchestration`
- `/docs/tools/context-memory`
- `/docs/tools/context-verification`
- `/docs/tools/context-delivery`
- `/docs/tools` zeigt SSOT counts (granular/unified/read-modes) und bietet **globales Search/Filter** über alle Tool-Tabellen.
- Pillar-Tool-Views haben ebenfalls **Search/Filter** (Name/Description).
- Tool-Detailseiten zeigen jetzt zusätzlich:
- **Output contract** (aus `generated/tool-enrichments.json`, wo vorhanden)
- **Implementation links** (GitHub code paths; enrichment-first, sonst Fallback `rust/src/tools/<tool>.rs` wenn vorhanden)
- Enrichments erweitert (u.a. `ctx_read`, `ctx_shell`, `ctx_search`, `ctx_tree`, `ctx_proof`, `ctx_verify`) um `output_contract` + `code_paths` + zusätzliche Beispiele.
- Relevant: `worktrees/deploy-ctxos/website/src/page-templates/DocsToolsPage.astro`, `worktrees/deploy-ctxos/website/src/page-templates/DocsToolsPillarPage.astro`, `worktrees/deploy-ctxos/website/src/page-templates/DocsToolDetailPage.astro`, `worktrees/deploy-ctxos/website/generated/tool-enrichments.json`
**Evidence (lokal, minimal)**:
- `cd worktrees/deploy-ctxos/website && npm run -s validate:doc-claims`
- `cd worktrees/deploy-ctxos/website && npm run -s validate:manifest`
- `cd worktrees/deploy-ctxos/website && npm run -s validate:docs-coverage`
- `cd worktrees/deploy-ctxos/website && npm run -s validate:tools`
- `cd worktrees/deploy-ctxos/website && PATH="/opt/homebrew/opt/node@22/bin:$PATH" npm run -s build`
**GitLab Tickets (ContextOS)**:
- `#2301` Tools Reference IA v2 → closed
### 2026-05-02 — Docs i18n Hardening (EPIC 0: Docs/Website)
- **0.6 Docs i18n Hardening** (`#2302`) — **closed**:
- `validate-i18n-duplicates.mjs` ist jetzt ein **Gate**: Build schlägt fehl bei **neuen** duplicate key trees (legacy allowlist bleibt warn-only).
- Neuer dist-basierter, locale-aware **Linkcheck**: `website/scripts/validate-links.mjs`
- prüft interne `href="/..."` Links in gebautem `dist/` (inkl. Locale-Routen)
- unterstützt Astro routing (`/x``/x/index.html`) + Sonderfall (`/404``/404.html`) + Assets
- Build pipeline hardened: `npm run build` ruft `validate-links.mjs` nach `astro build` und vor `pagefind` auf.
- Fix: Broken link `/docs/guides/remote-setup``/docs/remote-setup` in `DocsGuideDockerPage.astro`.
- Relevant: `worktrees/deploy-ctxos/website/scripts/validate-links.mjs`, `worktrees/deploy-ctxos/website/scripts/validate-i18n-duplicates.mjs`, `worktrees/deploy-ctxos/website/package.json`, `worktrees/deploy-ctxos/website/src/page-templates/DocsGuideDockerPage.astro`
**Evidence (lokal, minimal)**:
- `cd worktrees/deploy-ctxos/website && npm run -s validate:i18n`
- `cd worktrees/deploy-ctxos/website && npm run -s validate:i18n-dupes`
- `cd worktrees/deploy-ctxos/website && PATH="/opt/homebrew/opt/node@22/bin:$PATH" npm run -s build`
**GitLab Tickets (ContextOS)**:
- `#2302` Docs i18n Hardening → closed
### 2026-05-02 — HTTP MCP + Team Server Contracts v1 (EPIC 5: Context Delivery)
- **5.1 HTTP MCP Contract v1** (`#2330`) — **closed**:
- Host check wired as first gate (unless disabled); loopback defaults preserved.
- Non-loopback bind requires auth token; `/health` always open.
- Typed JSON error codes across middleware + `/v1/tools/call`.
- Integration tests (contract-level): health open, manifest auth, host-deny, rate limit typed error.
- Docs: new page `/docs/http-mcp` (+ locale route) and contract doc `docs/contracts/http-mcp-contract-v1.md`.
- Relevant: `rust/src/http_server/mod.rs`, `worktrees/deploy-ctxos/website/src/page-templates/DocsHttpMcpPage.astro`
- **5.2 Team Server Contract v1** (`#2331`) — **closed**:
- Workspace selection contract: `x-leanctx-workspace` header + `workspaceId` body + deterministic fallback.
- `rewrite_dot_paths` contract clarified and audited behavior kept deterministic.
- Audit log hardened: JSONL schema documented; arguments stored as canonicalized `argumentsMd5` only (no raw args).
- Typed errors for auth/scope/workspace + tool timeout/tool error.
- Integration tests: scope denied (403) + unknown workspace (400) typed errors.
- Docs: team server page updated + contract doc `docs/contracts/team-server-contract-v1.md`.
- Relevant: `rust/src/http_server/team.rs`, `worktrees/deploy-ctxos/website/src/page-templates/DocsTeamServerPage.astro`
**Evidence (lokal, minimal)**:
- `cd rust && cargo test --all-features -q http_contract_v1`
- `cd rust && cargo test --all-features -q scope_denied_is_403_with_typed_error`
- `cd rust && cargo test --all-features -q unknown_workspace_is_400_with_typed_error`
- `cd worktrees/deploy-ctxos/website && PATH="/opt/homebrew/opt/node@22/bin:$PATH" npm run -s build`
**GitLab Tickets (ContextOS)**:
- `#2330` HTTP MCP Contract v1 → closed
- `#2331` Team Server Contract v1 → closed
### 2026-05-02 — SDK + Cookbook E2E Proof Suite (EPIC 5: Context Delivery)
- **5.3 SDK + Cookbook E2E Proof Suite** (`#2332`) — **closed**:
- SDK surfaces typed HTTP error codes (`error_code`) via `LeanCtxHttpError.errorCode`.
- Real E2E test spins up a real `lean-ctx serve` (loopback + auth token) and validates:
- `/health` is reachable
- `/v1/manifest` requires auth and returns typed `unauthorized`
- `/v1/tools` returns stable shape
- `/v1/tools/call` works via SDK (`ctx_read` + toolText)
- CI: `cookbook` job now consumes the `lean-ctx` binary artifact from `rust_test` and runs SDK tests against the real server (no mocks).
- Relevant: `cookbook/sdk/src/client.e2e.test.ts`, `cookbook/sdk/src/client.ts`, `cookbook/sdk/src/errors.ts`, `ci/gitlab-ci.yml`
**Evidence (lokal, minimal)**:
- `cd cookbook && PATH="/opt/homebrew/opt/node@22/bin:$PATH" npm test`
### 2026-05-02 — Premium Integrations v1 (Cursor/Claude Code) (EPIC 5: Context Delivery)
- **5.4 Premium Integrations v1** (`#2333`) — **closed**:
- Neues Health-Check Kommando: `lean-ctx doctor integrations` (Cursor + Claude Code drift checks: MCP config, hooks, rules).
- Neuer Repair-Path Alias: `lean-ctx install --repair` → non-interactive `setup --fix` (merge-based, idempotent, no deletes).
- Cursor `~/.cursor/hooks.json` Installer ist jetzt **merge-based** (preserves other hooks/plugins) statt overwrite.
- `lean-ctx setup --fix` und `lean-ctx doctor --fix` reparieren jetzt auch Agent Hooks (Cursor/Claude/Codex).
- `lean-ctx init --agent claude --project` erzeugt `.claude/settings.local.json` (project-local PreToolUse hooks).
- Docs Hardening: Integrations Guide aktualisiert (repair + health checks, keine placeholder tool lists); Tool-count drift (55) in zentralen Docs/Templates korrigiert; Secret-scan drift fix im HTTP MCP Contract Doc.
- Relevant: `rust/src/doctor.rs`, `rust/src/cli/dispatch.rs`, `rust/src/cli/init_cmd.rs`, `rust/src/hooks/agents/cursor.rs`, `worktrees/deploy-ctxos/website/src/page-templates/DocsGuideEditorsPage.astro`, `docs/contracts/http-mcp-contract-v1.md`
**Evidence (lokal, minimal)**:
- `cd rust && cargo test --all-features -q cursor_hooks_merge_preserves_other_entries`
- `cd rust && cargo test --all-features -q docs_tool_counts_match_manifest`
- `cd rust && cargo test --all-features -q secret_scan_artifacts`
### 2026-05-02 — Integrations Autotuning (ALL IDEs): Constraints Matrix v1 + CI Gate (Ticket `#2337` / Parent `#2314`)
- **Docs-backed constraints SSOT**:
- New doc: `docs/integrations/client-constraints-matrix-v1.md` (machine-readable JSON block + cited vendor sources per client).
- New CI gate: `rust/tests/client_constraints_matrix_up_to_date.rs` ensures the matrix exists, is parseable, is cited (https URLs), and covers all first-class clients.
- **Provider path drift fixes (docs-based)**:
- Qwen Code uses `~/.qwen/settings.json` (not `~/.qwen/mcp.json`).
- Amazon Q Developer uses `~/.aws/amazonq/default.json` (legacy `mcp.json` still tolerated for uninstall).
- **Autotuning guardrail**:
- `autoApprove` is only emitted where vendor docs explicitly document it (currently Cursor + AWS Kiro) to avoid schema drift on other clients.
**Evidence (lokal, minimal)**:
- `cd rust && cargo test --all-features -q client_constraints_matrix_v1_is_complete_and_cited`
- `cd rust && cargo test --all-features -q client_constraints_matrix_matches_runtime_constraints`
### 2026-05-02 — Instruction Compiler v1 (ALL IDEs): deterministic + size-bounded (Ticket `#2338` / Parent `#2314`)
- New runtime SSOT for client constraints: `rust/src/core/client_constraints.rs` (instruction cap + autoApprove support).
- New instruction compiler: `rust/src/core/instruction_compiler.rs`
- Deterministic output for same inputs (profile + client + flags).
- Enforces documented caps (Claude Code: 2048 chars for MCP `instructions`).
- New CLI:
- `lean-ctx instructions --client <id> --profile <name> [--crp off|compact|tdd] [--unified] [--json] [--include-rules]`
- `lean-ctx instructions --list-clients`
- Drift gate hardening: matrix doc is now checked against runtime caps/autoApprove (`rust/tests/client_constraints_matrix_up_to_date.rs`).
**Evidence (lokal, minimal)**:
- `cd rust && cargo test --all-features -q`
- `cd rust && cargo run -q --bin lean-ctx -- instructions --client claude-code --profile exploration --json`
### 2026-05-02 — Contract Versioning Policy v1 + Compatibility Matrix (EPIC 5: Context Delivery)
- **5.7 Contract Versioning Policy v1** (`#2336`) — **closed**:
- Root SSOT doc: `CONTRACTS.md` (policy + machine-checked version KV block + compatibility matrix).
- Runtime versions centralized in `rust/src/core/contracts.rs` and used by schema emitters.
- CI gate: `rust/tests/contracts_md_up_to_date.rs` prevents drift between runtime versions and `CONTRACTS.md`.
- Docs: new delivery reference page `/docs/contracts` (root + locale) linking policy + compatibility view.
- Relevant: `CONTRACTS.md`, `rust/src/core/contracts.rs`, `rust/src/core/mcp_manifest.rs`, `rust/src/core/context_proof.rs`, `rust/src/core/verification_observability.rs`, `worktrees/deploy-ctxos/website/src/page-templates/DocsContractVersioningPage.astro`
**Evidence (lokal, minimal)**:
- `cd rust && cargo test --all-features -q contracts_md_versions_match_runtime`
- `cd worktrees/deploy-ctxos/website && PATH="/opt/homebrew/opt/node@22/bin:$PATH" npm run -s build`
## EPIC P — PR Context Packs (`lean-ctx pack --pr`)
**Status**: Completed
**Goal**: One command delivers branch-/diff-aware context (changed files, impact, related tests, relevant artifacts, optional hybrid search results).
**GitLab Epic**: `#95`
**GitLab Subtickets**: `#104``#108`
| Subticket | Description | Status |
|-----------|-------------|--------|
| P1 | Pack format + output contract (`--format markdown\|json`) | Done |
| P2 | Diff/PR input sources (`git diff`, `--base`, `--diff-from-stdin`) | Done |
| P3 | Context assembly pipeline (reuse `ctx_review`, `ctx_impact`, `ctx_graph`) | Done |
| P4 | MCP tool `ctx_pack` + CLI `lean-ctx pack --pr [--base main]` | Done |
| P5 | Demo + proof (tape/GIF) | Done |
**Entrypoints**:
- **CLI**: `lean-ctx pack --pr [--base <ref>] [--json] [--depth <n>] [--diff-from-stdin]`
- **MCP**: `ctx_pack { action:\"pr\", base, format, depth, diff, project_root }`
---
## EPIC A — Codebase Index 1.0
**Status**: Completed
**Goal**: Reliable index build, update, resume, and status observation — like SocratiCode but local-first.
**GitLab Epic**: `#96`
**GitLab Subtickets**: `#109``#111`
| Subticket | Description | Status |
|-----------|-------------|--------|
| A1 | BM25 incremental (content hash, no full rebuild, remove 2000-file limit) | Done |
| A2 | Index status contract (public tool) | Done |
| A3 | File watcher + debounce + recovery + cross-process guard | Done |
**Key files**: `rust/src/core/vector_index.rs`, `rust/src/core/index_orchestrator.rs`
**CLI**: `lean-ctx index status|build|build-full|watch` (wired in `rust/src/cli/dispatch.rs``rust/src/cli/index_cmd.rs`)
**MCP**: `ctx_index { action:\"status\"|\"build\"|\"build-full\", project_root }`
---
## EPIC B — Hybrid Search 2.0
**Status**: Completed
**Goal**: Single query delivers best results (lexical + semantic), optionally across multiple repos.
**GitLab Epic**: `#97`
**GitLab Subtickets**: `#112``#113`
| Subticket | Description | Status |
|-----------|-------------|--------|
| B1 | Hybrid search as first-class workflow (`hybrid\|dense\|bm25` modes, tree-sitter chunk boundaries) | Done |
| B2 | Linked projects / workspace search (`.lean-ctx.json` `linkedProjects`, cross-repo RRF fusion) | Done |
**Key files**: `rust/src/core/hybrid_search.rs`, `rust/src/tools/ctx_semantic_search.rs`
---
## EPIC C — Context Artifacts
**Status**: Completed
**Goal**: Non-code knowledge (schemas, OpenAPI, infra, architecture docs) is searchable and packable just like code.
**GitLab Epic**: `#98`
**GitLab Subtickets**: `#114``#116`
| Subticket | Description | Status |
|-----------|-------------|--------|
| C1 | Artifact registry (`.lean-ctx-artifacts.json`) | Done |
| C2 | Artifact index + staleness detection + incremental update | Done |
| C3 | Artifact tools (`ctx_artifacts` actions + integration into search/pack) | Done |
**Key files**: `rust/src/core/context_artifacts.rs`, `rust/src/core/artifact_index.rs`
**Entrypoints**:
- **MCP**: `ctx_artifacts` actions `list|status|index|reindex|search|remove`
- **Integration**: `ctx_pack` includes relevant artifacts; `ctx_semantic_search` supports workspace and artifact-related flows
---
## EPIC D — Stable Project IDs + Branch-Aware
**Status**: Completed
**Goal**: Indexes are worktree-/clone-stable; optionally branch-aware for CI/PR.
**GitLab Epic**: `#99`
**GitLab Subtickets**: `#117``#118`
| Subticket | Description | Status |
|-----------|-------------|--------|
| D1 | `project_identity` as index key + auto-migration from legacy path-hash dirs | Done |
| D2 | Branch-aware switch (`LEANCTX_INDEX_BRANCH_AWARE=true`) | Done |
**Key files**: `rust/src/core/project_hash.rs`
---
## EPIC E — Optional Qdrant Backend
**Status**: Completed
**Goal**: Scaling & team server can use Qdrant without breaking default single-binary DNA.
**GitLab Epic**: `#100`
**GitLab Subtickets**: `#119``#120`
| Subticket | Description | Status |
|-----------|-------------|--------|
| E1 | Storage abstraction (`core::dense_backend`: local vs qdrant behind feature flag) | Done |
| E2 | Config + telemetry safety (URL, API key, namespace hashing, audit records) | Done |
**Key files**: `rust/src/core/qdrant_store.rs`, `rust/src/core/dense_backend.rs`
---
## EPIC F — Self-Hosted Team Server
**Status**: Completed
**Commit**: `1a802efcd`
**Goal**: Shared index + artifacts + graph without managed cloud.
**GitLab Epic**: `#101`
**GitLab Subtickets**: `#121``#123`
| Subticket | Description | Status |
|-----------|-------------|--------|
| F1 | Server mode architecture (reuse `lean-ctx serve` Streamable HTTP MCP) | Done |
| F2 | AuthN/AuthZ (scoped API tokens: search/graph/artifacts/index, audit log JSONL) | Done |
| F3 | Multi-repo org setup (workspace management, `lean-ctx team sync`) | Done |
**Key files**: `rust/src/http_server/team.rs`, `rust/src/cli/dispatch.rs`
**CLI**: `lean-ctx team serve`, `lean-ctx team token create`, `lean-ctx team sync`
---
## EPIC G — Interactive Graph Explorer
**Status**: Completed
**Commit**: `1a802efcd`
**Goal**: "Show me the graph" is one command, shareable.
**GitLab Epic**: `#102`
**GitLab Subticket**: `#124`
| Subticket | Description | Status |
|-----------|-------------|--------|
| G1 | Self-contained HTML export with pan/zoom, node selection, transitive highlighting, PNG export | Done |
**Key files**: `rust/src/core/graph_export.rs`
**CLI**: `lean-ctx graph export-html`
**MCP**: `ctx_graph action=export-html`
---
## EPIC H — Verification: Benchmarks, Tests, Security
**Status**: Completed
**Commits**: `1a802efcd`, `26be098d6`
**GitLab Epic**: `#103`
**GitLab Subtickets**: `#125``#127`
| Subticket | Description | Status |
|-----------|-------------|--------|
| H1 | Real-world benchmark suite (grep vs `ctx_semantic_search` + `ctx_graph/impact`) | Done |
| H2 | Regression tests (incremental index, watcher, linkedProjects RRF, artifact search) | Done |
| H3 | Security hardening (pathjail for artifacts/linkedProjects, rate limits in team server) | Done |
**Key files**: `rust/src/core/workspace_config.rs` (pathjail integration)
---
## Context OS — Phase 2 (Infrastruktur-Standardisierung) — Execution Log
### 2026-05-02 — Context IR v1 + Pipeline Unification (metrics-only first)
**Ziel**: Ein einheitliches, versioniertes IR für alle I/O Quellen (read/shell/search/provider), plus per-layer Metrics Export — ohne Big-Bang Refactor.
- **ContextIrV1 (bounded + redaction-safe)**:
- Neues Schema + persistenter Store: `rust/src/core/context_ir.rs`
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/context-ir-v1.md`
- **Inkrementelle Collection (kein Behavior-Drift)**:
- `ctx_read`: IR + Pipeline-Metrics (Compression-layer) beim Read-Dispatch
- `ctx_shell` + `ctx_search`: IR + Pipeline-Metrics (Compression-layer) beim Dispatch
- **Proof Export referenziert IR**:
- `lean-ctx proof` exportiert zusätzlich `context-ir-v1_<timestamp>.json` nach `project/.lean-ctx/proofs/`
**Evidence (lokal)**:
- `cd rust && cargo test --all-features`
- `cd rust && cargo clippy --all-features -- -D warnings`
**GitLab Tickets (ContextOS)**:
- `#2308` Context IR v1 + Pipeline Unification → closed
### 2026-05-02 — Intent→Mode→Budget Router v1 (Policy Contract)
**Ziel**: Routing als testbarer Policy Contract (statt nur Heuristik): Intent → Model Tier Empfehlung + Read-Mode Empfehlung + deterministische Degradation unter Budget/Pressure.
- **IntentRouteV1 Contract + Policy**:
- Router Schema + deterministische Reasoning-Fields: `rust/src/core/intent_router.rs`
- Profile Overrides: `[routing]` in `rust/src/core/profiles.rs` (z.B. `hotfix` capped auf `fast`)
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/intent-route-v1.md`
- **Runtime surface**:
- `ctx_intent` unterstützt `format=json` und liefert `IntentRouteV1` als JSON (ansonsten compact ack)
- Tool schema aktualisiert: `rust/src/tool_defs/granular.rs`
- SSOT manifest regeneriert: `rust/bin/gen_mcp_manifest``website/generated/mcp-tools.json`
**Evidence (lokal)**:
- `cd rust && cargo test --all-features`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo test --test mcp_manifest_up_to_date`
- `cd rust && cargo test --test contracts_md_up_to_date`
**GitLab Tickets (ContextOS)**:
- `#2309` Intent→Mode→Budget Router v1 → closed
### 2026-05-02 — Budget/SLO Degradation Policy v1 (Warn/Throttle/Block, policy-backed)
**Ziel**: Degradation als versionierter Policy Contract, deterministisch und überall gleich (MCP/HTTP/Team). Default bleibt **warn-only**; Enforcement ist explizit hinter Profile-Config.
- **DegradationPolicyV1 Contract**:
- Contract + ladder + reason_code: `rust/src/core/degradation_policy.rs`
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/degradation-policy-v1.md`
- **Enforcement (ein Boundary für alle Surfaces)**:
- `rust/src/server/mod.rs` (`call_tool`): wendet Policy konsistent an
- Budget-based Block bleibt role-gated (`block_at_percent < 255`)
- SLO Throttle/Block wird nur enforced wenn Profile `[degradation].enforce=true`
- **Proof Export**:
- `lean-ctx proof` schreibt zusätzlich `degradation-policy-v1_<timestamp>.json` nach `project/.lean-ctx/proofs/` (`rust/src/tools/ctx_proof.rs`)
**Evidence (lokal)**:
- `cd rust && cargo test --all-features`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo test --test contracts_md_up_to_date`
**GitLab Tickets (ContextOS)**:
- `#2312` Budget/SLO Degradation Policy v1 → closed
### 2026-05-02 — Workflow Evidence Ledger v1 (tool receipts + proof artifacts + evidence-gated transitions)
**Ziel**: Evidence Inputs standardisieren und auditierbar machen: Tool Receipts + Proof Artefakte + manual Evidence als bounded, content-addressed Ledger; Workflows können Transitions zuverlässig über Evidence Keys gaten.
- **WorkflowEvidenceLedgerV1 Contract**:
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/workflow-evidence-ledger-v1.md`
- Runtime: `rust/src/core/evidence_ledger.rs` (bounded store, redaction-safe excerpts, deterministic IDs)
- **Automatic evidence capture**:
- Tool-call boundary schreibt Tool Receipts in Ledger: `rust/src/server/mod.rs`
- `ctx_workflow evidence_add` schreibt manual Evidence in Ledger: `rust/src/tools/ctx_workflow.rs`
- `lean-ctx proof` schreibt Proof Artefakte als Evidence (`proof:*` Keys): `rust/src/tools/ctx_proof.rs`
**Evidence (lokal)**:
- `cd rust && cargo test --all-features`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo test --test contracts_md_up_to_date`
- `cd rust && cargo test --test mcp_manifest_up_to_date`
**GitLab Tickets (ContextOS)**:
- `#2315` Workflow Evidence Ledger v1 → closed
### 2026-05-02 — Autonomy Drivers v1 (preload/prefetch/dedup/response) als state machine + proofs
**Ziel**: Deterministische HelperDriver (kein “full autonomy”), die guarded (Budget/SLO/Boundary) laufen und als Proof/Report exportierbar sind: **welche Driver liefen + warum**.
- **AutonomyDriversV1 Contract + Store (bounded, redaction-safe)**:
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/autonomy-drivers-v1.md`
- Runtime store: `rust/src/core/autonomy_drivers.rs` (`~/.lean-ctx/autonomy_drivers_v1.json`)
- **Deterministischer Driver Planner + Guards**:
- Profile-gated (opt-in): `rust/src/core/profiles.rs` (`[autonomy]`, neues built-in Profil `coder`)
- Budget/SLO guard via `DegradationPolicyV1` (Throttle/Block → skip)
- Boundary: alle file reads laufen über `io_boundary::jail_and_check_path` (skip secret-like paths)
- **Wiring (Pipeline + Output Metadata + Proofs)**:
- Session start: auto preload/overview pre-hook (`rust/src/tools/autonomy.rs`), emits bounded driver report
- After read: optional bounded prefetch + dedup (opt-in) (`rust/src/tools/autonomy.rs`)
- Post call: optional response shaping für große Outputs (`rust/src/tools/autonomy.rs` + `rust/src/server/mod.rs`), **nie** für JSON outputs
- Pipeline: neue Layer-Kind `autonomy` + metrics record bei response shaping (`rust/src/core/pipeline.rs`, `rust/src/server/mod.rs`)
- Proof export: `lean-ctx proof` schreibt zusätzlich `autonomy-drivers-v1_<timestamp>.json` nach `project/.lean-ctx/proofs/` (`rust/src/tools/ctx_proof.rs`)
- Evidence: Proof-Artefakt wird als `proof:autonomy-drivers-v1` ins Evidence Ledger recorded
- **Security Fixes**:
- `ctx_preload` + `ctx_prefetch` jailed reads (kein Path traversal / kein secret-like preload)
**Evidence (lokal)**:
- `cd rust && cargo fmt`
- `cd rust && cargo test --all-features -q`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo test -q --test contracts_md_up_to_date`
- `cd rust && cargo test -q --test mcp_manifest_up_to_date`
**GitLab Tickets (ContextOS)**:
- `#2313` Autonomy Drivers v1 → closed
### 2026-05-03 — Tokenizer-aware Translation Driver v1 (TokenOptimizer calibrated per model family)
**Ziel**: Translation wird tokenizer-aware und modell-/profile-gesteuert, ohne Default-Format-Breaking-Changes: Unicode→ASCII nur bei opt-in + deterministischer Auswahl.
- **TokenizerTranslationDriverV1 Contract + SSOT**:
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/tokenizer-translation-driver-v1.md`
- Runtime: `rust/src/core/tokenizer_translation_driver.rs`
- **Policy (safe defaults, opt-in)**:
- Neues Profile-Segment: `translation.enabled` + `translation.ruleset = legacy|ascii|auto` (`rust/src/core/profiles.rs`)
- Built-in Profil `coder` nutzt `translation.enabled=true` + `ruleset=auto`
- **Deterministische Ruleset Selection**:
- `LEAN_CTX_MODEL` / `LCTX_MODEL` → model_key → ruleset (`auto`: OpenAI/GPT → ASCII, sonst legacy)
- JSON Outputs werden **nie** übersetzt (machine-readable bleibt exakt)
- **Wiring + Verifier Safety**:
- Tool-call boundary wendet Translation an (nur wenn enabled) + Pipeline Metrics (`LayerKind::Translation`): `rust/src/server/mod.rs`
- Verifier bleibt Gate: Path/Identifier checks laufen auf “vorher vs nachher” (`rust/src/core/output_verification.rs`)
- **Bench / Measurement**:
- `ctx_benchmark` zeigt zusätzlich `signatures (tdd, ascii)` token_cost als Vergleich (`rust/src/tools/ctx_benchmark.rs`)
- **Determinism Fix**:
- `TokenOptimizer` rule application order ist jetzt deterministisch (Vec+sort statt HashMap iteration): `rust/src/core/neural/token_optimizer.rs`
**Evidence (lokal)**:
- `cd rust && cargo fmt`
- `cd rust && cargo test --all-features -q`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo test -q --test contracts_md_up_to_date`
- `cd rust && cargo test -q --test mcp_manifest_up_to_date`
**GitLab Tickets (ContextOS)**:
- `#2310` Tokenizer-aware Translation Driver v1 → closed
### 2026-05-03 — Attention-aware Layout Driver v1 (learned L-curve + context_reorder integration)
**Ziel**: Delivery nutzt attention-aware ordering (semantic chunks first, line-level fallback) als **opt-in** pro Profile; deterministisch (input+keywords) und verifier-safe (nur Umsortierung, kein Drop).
- **AttentionLayoutDriverV1 Contract + SSOT**:
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/attention-layout-driver-v1.md`
- Runtime: `rust/src/core/attention_layout_driver.rs`
- **Policy (opt-in)**:
- Neues Profile-Segment: `layout.enabled` + `layout.min_lines` (`rust/src/core/profiles.rs`)
- Built-in Profil `review`: `layout.enabled=true` (Default `exploration` bleibt unverändert/off)
- **Determinismus (tie-breaks)**:
- Line-level reorder: stable sort tie-break via `original_index` (`rust/src/core/neural/context_reorder.rs`)
- Chunk reorder: stable sort tie-break via `start_line` (`rust/src/core/semantic_chunks.rs`)
- **Wiring (Delivery surface)**:
- `ctx_read` (full) wendet reorder vor SymbolMap/Header an, **nur** wenn `task` Keywords vorhanden (`rust/src/tools/ctx_read.rs`)
- Keywords via `task_relevance::parse_task_hints` (task/intent)
**Evidence (lokal)**:
- `cd rust && cargo fmt`
- `cd rust && cargo test --all-features -q`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo test -q --test contracts_md_up_to_date`
- `cd rust && cargo test -q --test mcp_manifest_up_to_date`
**GitLab Tickets (ContextOS)**:
- `#2311` Attention-aware Layout Driver v1 → closed
### 2026-05-03 — CCP Session Bundle v1 (Session Export/Import Contract, redacted-by-default)
**Ziel**: Standardisiertes, replaybares Export/Import-Format für Session-Ausschnitte (Task/Findings/Decisions/Evidence/State) mit **deterministischen IDs**, **Boundedness** (MAX bytes) und **Default-Redaction**.
- **CcpSessionBundleV1 Contract + SSOT**:
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/ccp-session-bundle-v1.md`
- Runtime: `rust/src/core/ccp_session_bundle.rs`
- **Tool Surface (`ctx_session`)**:
- Neue Actions: `export`, `import` (`rust/src/tools/ctx_session.rs`)
- Dispatcher Options: `format`, `path`, `write`, `privacy` (`rust/src/server/dispatch/session_tools.rs`)
- Tool schema erweitert (Args + enums): `rust/src/tool_defs/granular.rs`
- **Security/Privacy + Boundedness**:
- Export/Import via `io_boundary::jail_and_check_path` (kein Path traversal / keine secret-like locations)
- Default `privacy=redacted`; `privacy=full` nur für `admin` Role
- Size Cap: `MAX_BUNDLE_BYTES` enforced bei serialize/read
- Import markiert `files_touched[*].stale=true` wenn Pfade fehlen/außerhalb Jail; warnt bei `project_identity_hash` mismatch
- **Compatibility (Session State)**:
- `FileTouched.stale` mit `#[serde(default)]` → alte Sessions bleiben loadbar (`rust/src/core/session.rs`)
**Evidence (lokal)**:
- `cd rust && cargo fmt`
- `cd rust && cargo test --all-features`
- `cd rust && cargo clippy --all-features -- -D warnings`
**GitLab Tickets (ContextOS)**:
- `#2316` CCP Session Bundle v1 → closed
### 2026-05-03 — Knowledge Policy Contract v1 (bounded governance, budgets, profile overrides)
**Ziel**: Versionierter Policy-Vertrag für Knowledge (Facts/Patterns/History + Relations), der **bounded**, **deterministisch**, **replayable** und **auditable** ist.
- **KnowledgePolicy Contract + SSOT**:
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/knowledge-policy-contract-v1.md`
- Runtime: `rust/src/core/memory_policy.rs` + `rust/src/core/knowledge.rs`
- **Policy Surface (Config + Profile Overrides)**:
- `KnowledgePolicy` Budgets: `recall_facts_limit`, `rooms_limit`, `timeline_limit`, `relations_limit`
- Profile Overrides: `Profile.memory` (Option-Overrides) + deterministic merge (`rust/src/core/profiles.rs`)
- Effective policy load+validate (inkl. overrides) in Tools (`rust/src/tools/ctx_knowledge.rs`, `rust/src/tools/ctx_knowledge_relations.rs`)
- **Semantik (stabil, deterministisch)**:
- Contradiction severity: High/Medium/Low (threshold + confirmations)
- Similarity guard verhindert false contradictions bei semantisch gleichen Werten
- Supersedes chain: archived→current via deterministische `fact_version_id_v1` (MD5)
- **Tool Surface**:
- `ctx_knowledge action=policy value=show|validate` (effective policy + range validation)
- Budgets enforced für `recall`/`rooms`/`timeline`/`relations` (stable ordering + truncation)
**Evidence (lokal)**:
- `cd rust && cargo fmt`
- `cd rust && cargo test --all-features -q`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo test -q --test contracts_md_up_to_date`
- `cd rust && cargo test -q --test mcp_manifest_up_to_date`
**GitLab Tickets (ContextOS)**:
- `#2317` Knowledge Policy Contract v1 → closed
### 2026-05-03 — Graph Reproducibility Contract v1 (format=json + freshness + architecture proof artifacts)
**Ziel**: Graph-Tools (Property Graph) werden **reproducible** (CI/Proofs), **deterministisch** (stable ordering), **bounded** (Output caps) und liefern maschinenlesbare Exporte.
- **Graph Reproducibility Contract + SSOT**:
- Contract SSOT: `rust/src/core/contracts.rs` + `CONTRACTS.md`
- Contract doc: `docs/contracts/graph-reproducibility-contract-v1.md`
- **Runtime (Determinismus + Freshness)**:
- Property graph meta: `.lean-ctx/graph.meta.json` (`rust/src/core/property_graph/meta.rs`)
- Deterministische Adjacency + stable BFS/DFS: `rust/src/core/property_graph/queries.rs`
- Deterministischer Build (sorted file enumeration + sorted import targets): `rust/src/tools/ctx_impact.rs`
- Deterministische Architecture Outputs + bounded previews: `rust/src/tools/ctx_architecture.rs`
- **Tool Surface (`format=json`)**:
- `ctx_impact`: `analyze|chain|build|status` + `format=text|json` (inkl. `project_identity_hash`, `graph_meta`, truncation markers)
- `ctx_architecture`: `overview|clusters|layers|cycles|entrypoints|module` + `format=text|json`
- Tool schemas: `rust/src/tool_defs/granular.rs` + Manifest SSOT regen (`cargo run --example gen_mcp_manifest --features dev-tools`)
- **Proof Artifacts (Architecture Overview)**:
- `ctx_proof write=true` schreibt zusätzlich:
- `.lean-ctx/proofs/architecture-overview-v1_<ts>.json`
- `.lean-ctx/proofs/architecture-overview-v1_<ts>.html`
- EvidenceLedger keys: `proof:architecture-overview-v1` + `proof:architecture-overview-v1-html`
**Evidence (lokal)**:
- `cd rust && cargo fmt`
- `cd rust && cargo test --all-features -q`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo test -q --test contracts_md_up_to_date`
- `cd rust && cargo test -q --test mcp_manifest_up_to_date`
- `cd rust && cargo test -q --all-features --test property_graph_reproducibility_contract`
**GitLab Tickets (ContextOS)**:
- `#2318` Graph Reproducibility Contract v1 → closed
### 2026-05-03 — A2A Contract v1 (privacy/TTL + rate limiting + cost attribution + export snapshot)
**Ziel**: A2A primitives (Messages/Tasks/Diaries) werden deterministisch, bounded und privacy-safe; zusätzlich gibt es ein maschinenlesbares SnapshotArtefakt für Proofs/Audits.
- **Contract (SSOT)**:
- `CONTRACTS.md` + runtime versions: `rust/src/core/contracts.rs`
- Contract doc: `docs/contracts/a2a-contract-v1.md`
- **Messages (Privacy + TTL + Project Scope)**:
- A2A Semantik: `rust/src/core/a2a/message.rs`
- Persisted scratchpad: `rust/src/core/agents.rs` (`ScratchpadEntry` erweitert: `privacy`, `priority`, `expires_at`, `project_root`, `metadata`)
- Enforcement:
- `privacy=private` erfordert `to_agent`
- `ttl_hours>=1` ⇒ deterministic expiry cleanup
- project-scoped visibility (nur matching `project_root`)
- **Tool Surface (`ctx_agent`, `ctx_task`)**:
- `ctx_agent` erweitert: `privacy`, `priority`, `ttl_hours`, `format`, `write`, `filename`, `action=export` (`rust/src/tools/ctx_agent.rs`)
- Dispatcher erweitert: `rust/src/server/dispatch/session_tools.rs`
- `ctx_task` state machine: `rust/src/core/a2a/task.rs` + `rust/src/tools/ctx_task.rs`
- **Rate limiting (fairness)**:
- token bucket limiter: `rust/src/core/a2a/rate_limiter.rs` (env overrides; `retry_after_ms`)
- enforced at MCP tool boundary: `rust/src/server/dispatch/mod.rs`
- **Cost attribution (inkl. cached tokens)**:
- Store + pricing integration: `rust/src/core/a2a/cost_attribution.rs`
- Reporting: `rust/src/tools/ctx_cost.rs` + `ctx_gain action=cost`
- Tool-call boundary passes `cached_tokens` when provided: `rust/src/server/mod.rs`
- **Proof artifact (A2A Snapshot v1)**:
- `ctx_agent action=export write=true` schreibt `.lean-ctx/proofs/a2a-snapshot-v1_<ts>.json`
- EvidenceLedger key: `proof:a2a-snapshot-v1`
**Evidence (lokal)**:
- `cd rust && cargo fmt`
- `cd rust && cargo test --all-features -q`
- `cd rust && cargo clippy --all-features -- -D warnings`
- `cd rust && cargo test -q --test contracts_md_up_to_date`
- `cd rust && cargo test -q --test mcp_manifest_up_to_date`
**GitLab Tickets (ContextOS)**:
- `#2319` A2A Contract v1 → closed
---
## Additional Fixes (v3.4.7 Release Cycle)
### GitHub Issues
| Issue | Title | Fix | Commit |
|-------|-------|-----|--------|
| #173 | Pi MCP bridge sends `paths` as JSON-encoded string | `get_str_array` handles both native arrays and JSON-encoded strings | `1a802efcd` |
| #174 | `ctx_discover_tools` not invocable with static-registry clients | New `ctx_call` meta-tool in `CORE_TOOL_NAMES` | `1a802efcd` |
### Discord Bug Reports
| Bug | Reporter | Root Cause | Fix | Commit |
|-----|----------|------------|-----|--------|
| Pipe guard false positive on Windows Git Bash | knindza94 | `rc_has_pipe_guard` only checked legacy paths, not XDG; backslashes not handled | `doctor.rs` + `shell_init.rs` refactored with stable begin/end markers, bash-compatible path conversion | `46f3996ce` |
| Claude Code hooks not intercepting | knindza94 | `extract_json_field` failed on spaced JSON; hook install overwrote other plugins | Robust JSON parsing + merge-based `ensure_command_hook` | `b432518ab`, `4672fce86` |
### IDE Integration Audit
| Change | Files | Commit |
|--------|-------|--------|
| Dual-format hook output (Cursor + Claude Code compatible) | `hook_handlers.rs` | `31dbf8229` |
| JetBrains `mcpServers` snippet format | `writers.rs`, `jetbrains.rs` | `86d329924` |
**Verified IDEs**: Cursor, VS Code, Claude Code, JetBrains, Codex, OpenCode, Gemini CLI
---
## Release v3.4.7
**Tag**: `v3.4.7` | **Date**: 2026-05-01 | **Workflow**: `#25227853872` (11/11 green)
| Channel | Version | Status |
|---------|---------|--------|
| GitHub Release | v3.4.7 (9 assets) | Published |
| crates.io | 3.4.7 | Published |
| npm lean-ctx-bin | 3.4.7 | Published |
| npm pi-lean-ctx | 3.4.7 | Published |
| Homebrew | 3.4.7 (auto-updated) | Published |
| AUR lean-ctx | 3.4.7 | Pushed |
| AUR lean-ctx-bin | 3.4.7 | Pushed |
| leanctx.com | version.txt → 3.4.7 | Deployed |
| GitLab mirror | main synced | Pushed |