[codex] polish 0.5 persistence and manifest release surfaces

[Fieldnote-Echo]

Summary

This PR polishes the high-leverage pre-0.5 release surfaces from the Pareto rollup:

• adds public stream/byte persistence APIs for Rank, RankQuant, Bitmap, SignBitmap, and RankQuantFastscan
• rewires loader fuzz targets to exercise load_from_bytes directly instead of scratch files
• expands manifest docs with a concrete sidecar-backed manifest.json + index.ovrq + ids.bin bundle flow, row-identity boundary codes, and stable sidecar report fields/states
• adds an MSRV/feature stability matrix and release invariants for metadata parity, docs.rs feature policy, Python classifiers/URLs, and the new MSRV/features doc
• updates the release checklist to include all lockstep Rust/Python version surfaces and the registry preflight script

Closes #132.
Closes #135.
Closes #197.
Closes #198.
Closes #199.
Closes #212.
Refs #148.

Notes

#148 remains referenced rather than closed because this PR documents the current report shape and sidecar state contract, but broader future report-state additions can still land separately.

#241 remains a dev-only advisory follow-up. cargo audit --deny warnings still reports only RUSTSEC-2025-0141 through benchmarks/beir-bench -> hnsw_rs -> bincode; the shipped crates are not blocked by this PR.

#246 tracks the post-0.5 synthetic benchmark delta investigation and is intentionally non-blocking.

Validation

• cargo fmt --check
• python tests/release_publish_invariants.py
• git diff --check
• cargo test --locked
• cargo test --locked -p ordvec-manifest --features cli
• cargo check --locked
• cargo check --manifest-path fuzz/Cargo.toml --locked
• cargo audit --ignore RUSTSEC-2025-0141 --deny warnings

Expected advisory state:

• cargo audit --deny warnings reports RUSTSEC-2025-0141 only via the dev-only BEIR benchmark crate dependency path.

[gemini-code-assist]

Code Review

This pull request introduces in-memory stream loading and writing capabilities (write_to, read_from, and load_from_bytes) across all index types, allowing fuzz targets to run directly on byte slices without temporary scratch files. It also updates documentation and release checks to support sidecar-backed bundles and ensure metadata parity. However, a critical correctness issue was identified in the new load_*_from functions: unconditionally wrapping the user-provided reader in a BufReader can cause it to buffer and discard bytes past the index payload, which breaks the ability to read indexes embedded within larger streams.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[Fieldnote-Echo]

/agentic_review

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Great, no issues found!

Qodo reviewed your code and found no material issues that require review