honesty(memory): empty knowledge base on cold load, drop random-vector fake#210
Merged
operatoruplift merged 1 commit intomasterfrom Apr 28, 2026
Merged
Conversation
…r fake The /memory dashboard page initialized with 6 hardcoded fake "memory nodes" with detailed metadata: - "Operator Uplift Architecture" (1240 vectors, 48KB) - "Security Whitepaper" (2100 vectors, 156KB) - "User Feedback Q1 2026" (1800 vectors, 92KB) - ...etc, totaling ~6900 vectors of fabricated "indexed memory" A fresh user landed on /memory and saw 6 documents that don't exist. Same dashboard fabrication pattern that #164 cleaned up on /app, /agents, and /workflows. /memory just wasn't covered. Worse: addNode() generated a *random* vector count (`Math.floor(Math.random() * 2000) + 100`) and toasted "Title indexed with 1247 vectors" — implying real embedding work happened when the page never calls lib/memoryEngine.ts at all. Three changes: 1. DEMO_NODES -> empty array (fresh user sees the empty state already built into the page: "No knowledge indexed yet"). 2. addNode() now writes vectors: 0, lastIndexed: 'Pending', size: 'Unknown', and the toast says "Embeddings will be computed once the indexer is connected" — the truth. 3. Header gets the same DEMO badge + disclosure copy as /analytics: "Add knowledge sources here. Embedding + search will activate once the indexer is connected." Locked in via a new test in tests/e2e/dashboard-honesty.spec.ts that asserts the four most distinctive fake titles never appear on a fresh /memory load. Hermetic spec count stays at 17.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
6 tasks
operatoruplift
added a commit
that referenced
this pull request
Apr 28, 2026
Adds a fourth grep-guard alongside copy-check, capability-check, and trust-gate. Each rule encodes a fabrication pattern we've explicitly retired and points at the original cleanup PR so a future contributor can read the prior agreement before reintroducing it. 10 rules covering: - Gold Agent fake balances (0.0847 oz, $278.24, $3284.50/oz) retired in #209 - Webacy fake "wallet grade A, not flagged, not sanctioned" risk grades retired in #209 - Fabricated x402-devnet-${Date.now()} tx signature pattern retired in #173 - Random-vector fake (Math.floor(Math.random() * 2000) + 100) on /memory retired in #210 - Fake-Pro confirm fall-through tx_signature pattern retired in #182 - Pre-seeded fake "Operator Uplift Architecture" memory node retired in #210 - "API key generated (expires in 30 days)" toast lie retired in #212 - 2-second setTimeout fake-install alert on /store retired in #216 Comment-line heuristic skips lines starting with //, /*, *, or <!-- so the audit-trail comments documenting these retirements (e.g. the new /api/gold route's comment block explaining why the lib was deleted) don't trigger false positives. Wired into pnpm check via scripts/check.mjs and added a top-level script `pnpm fabrication-rot-check` for direct invocation. Sanity-tested both directions: - Clean state: 197 files scanned, 0 hits - Plant a 'balanceOz: 0.0847' in lib/: guard fires with the rule name and the retiring-PR pointer, exit code 1.
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The /memory dashboard page initialized with 6 hardcoded fake "memory nodes" with detailed metadata ("Operator Uplift Architecture" 1240 vectors, "Security Whitepaper" 2100 vectors, "User Feedback Q1 2026" 1800 vectors, etc — totaling ~6900 vectors of fabricated "indexed memory"). Fresh users landed on /memory and saw 6 documents that don't exist.
Same fabrication pattern that #164 cleaned up on /app, /agents, and /workflows — /memory just wasn't covered.
Worse: `addNode()` generated a random vector count (`Math.floor(Math.random() * 2000) + 100`) and toasted "X indexed with 1247 vectors" — implying real embedding work happened when the page never calls `lib/memoryEngine.ts` at all.
Changes
Locked in via a new test in `tests/e2e/dashboard-honesty.spec.ts` that asserts the four most distinctive fake titles never appear on a fresh /memory load. Hermetic spec count stays at 17.
Test plan