Skip to content

SCM v1.1.0: deterministic lineage and reliability gates#10

Merged
saishshinde15 merged 1 commit into
mainfrom
codex/v1.1-reliability
Jul 14, 2026
Merged

SCM v1.1.0: deterministic lineage and reliability gates#10
saishshinde15 merged 1 commit into
mainfrom
codex/v1.1-reliability

Conversation

@saishshinde15

Copy link
Copy Markdown
Contributor

What changed

  • Prevent contradiction updates from branching historical lineage nodes by selecting and locking the deterministic canonical current leaf.
  • Normalize branched local and PostgreSQL snapshots with backup/history preservation, idempotent repair, suppression preservation, and additive lineages_repaired diagnostics.
  • Resolve stale retrieval candidates to the canonical current concept.
  • Add credential-free attribution qualification plus a sanitized 2,400-response aggregate and bounded safety documentation.
  • Add the required 25-process, 120-update contradiction stress gate.
  • Bump Python, OpenAPI-derived runtime, and JavaScript metadata to 1.1.0; package qualification JSON and aggregate evidence in the tag release.

Root cause

Historical concepts participated in version-candidate search. Equal or near-equal similarity could select an archived version, supersede it again, and create multiple terminal leaves. get_lineage then selected the first current flag while retrieval could return another current-marked leaf.

Compatibility

The five canonical tools, SCM, SCMContext, LangChain middleware signatures, snapshot format v2, and REST/MCP contracts are unchanged. npm publishing remains excluded; the JavaScript source stays a remote REST client. The July paper is unchanged.

Local validation

  • Full product qualification run 1: ready_for_release=true, 21/21 gates, zero blockers.
  • Full product qualification run 2: ready_for_release=true, 21/21 gates, zero blockers.
  • Full regression in each run: 529 passed, 20 skipped.
  • Production suite: 68 passed, 6 PostgreSQL tests skipped locally.
  • Contradiction stress: 25/25 fresh processes passed, 120 updates each.
  • Ruff, Bandit, secret scan, JS tests, npm pack dry-run, wheel/sdist build, twine, clean-wheel Python/LangChain/REST/JS smoke, and dependency audit passed.

The hosted PostgreSQL and Python 3.10-3.12 matrices remain required before merge.

Copilot AI review requested due to automatic review settings July 14, 2026 05:54

@saishshinde15 saishshinde15 left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Release review completed against the V1.1 reliability acceptance criteria.

No blocking findings. The review verified deterministic single-leaf contradiction lineage, stale-candidate resolution, local and PostgreSQL repair/rollback behavior, suppressed-memory preservation, same-user concurrency protection, credential-free attribution qualification, public API compatibility, version parity, and release asset construction.

Evidence: two independent clean local qualification runs reported ready_for_release=true; the 25-process x 120-update contradiction storm completed with zero failures; and all hosted CI, PostgreSQL, installed-wheel, Python 3.10-3.12, and adversarial qualification checks passed.

@saishshinde15
saishshinde15 merged commit 1ba68d8 into main Jul 14, 2026
8 checks passed
@saishshinde15
saishshinde15 deleted the codex/v1.1-reliability branch July 14, 2026 05:59

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR ships SCM v1.1.0 reliability improvements by making contradiction/version lineage deterministic (single canonical current leaf), repairing branched snapshots on import/load, and adding permanent qualification gates for lineage stress and multi-agent attribution safety.

Changes:

  • Enforce deterministic lineage updates (canonical current leaf + lineage locking) and normalize/repair branched imports/snapshots with lineages_repaired diagnostics.
  • Add production tests and a release-only 25-process/120-update lineage stress gate plus attribution safety qualification tests and evidence artifacts.
  • Bump runtime/docs/package versions to 1.1.0 and update release workflows to attach qualification + evidence assets.

Reviewed changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
tests/production/test_postgres_embedded.py Adds PostgreSQL repair/idempotence + rollback coverage for branched snapshots.
tests/production/test_lineage_reliability.py Adds deterministic lineage, import-order, concurrency, local snapshot repair, and retrieval canonicalization tests.
tests/production/test_attribution_safety.py Adds credential-free multi-agent attribution safety regression tests (parity, isolation, tool identity, untrusted delimiter).
src/version.py Bumps Python runtime version constant to 1.1.0.
src/integrations/user_state_store.py Repairs branched snapshots on load/recover and persists repaired state with repaired status + logging.
src/integrations/tools.py Resolves stale retrieval candidates to canonical current concept and filters non-canonical/non-current results.
src/integrations/postgres_state_store.py Mirrors local repair behavior for PostgreSQL snapshots (repair-on-load + persist + repaired status + logging).
src/integrations/mcp_server.py Treats repaired loads as degraded in health snapshots.
src/core/long_term_memory.py Adds lineage lock, canonical-current selection, lineage normalization/repair, and deterministic candidate selection.
sdk/js/README.md Clarifies JS client is source-installed (not published to npm) and is a remote REST client.
sdk/js/package.json Bumps JS metadata version to 1.1.0.
scripts/run_product_qualification.py Adds lineage contradiction stress gate and upgrades clean-env packaging tools.
scripts/run_lineage_stress.py New release-only multiprocessing lineage stress gate runner.
README.md Updates docs links and describes new lineage + attribution gates for 1.1.
quality/evidence/multi_agent_attribution_2026_07_14.json Adds sanitized aggregate attribution evidence for the release archive.
pyproject.toml Bumps package version to 1.1.0.
docs/SAFETY_VALIDATION.md Documents attribution validation scope, limitations, and how CI gates the invariants credential-free.
docs/QUALITY_GATES.md Adds lineage reliability + attribution safety gates and updates 1.1 wording.
docs/PUBLISH.md Updates 1.1.0 publish/tag instructions and clarifies npm remains excluded.
docs/GETTING_STARTED.md Updates introductory version wording to SCM 1.1.
docs/ARTIFACTS.md Documents the v1.1.0 validation release artifacts and evidence archive.
CHANGELOG.md Adds v1.1.0 release notes including lineage determinism + safety gate additions.
.github/workflows/release.yml Updates release workflow to include qualification artifact + evidence archive and generate checksums.
.github/workflows/product-qualification.yml Ensures qualification installs the langchain extra in CI.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines 173 to +176
(
cd dist
cd release-assets
sha256sum ./*
) | sed 's# \./# #' > SHA256SUMS
) | sed 's# \./# #' > release-assets/SHA256SUMS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants