-
Notifications
You must be signed in to change notification settings - Fork 53
Test #420
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
plind-junior
wants to merge
157
commits into
main
Choose a base branch
from
test
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Test #420
Changes from all commits
Commits
Show all changes
157 commits
Select commit
Hold shift + click to select a range
ea086eb
Merge pull request #25 from alpurkan17/fix/jsonl-search-backend-label-14
plind-junior 0f08817
Merge pull request #26 from alpurkan17/fix/artifact-id-collision-12
plind-junior abf9c8f
Merge pull request #27 from dripsmvcp/fix/11-approve-idempotent-artif…
plind-junior 4bae34b
fix(server): block path traversal in register_source_from_path
dripsmvcp b48b404
fix(cli): translate domain errors into clean ClickException output
dripsmvcp 2a439a5
chore(lint): chain FileExistsError cause in storage put_ methods
dripsmvcp 1cb329f
fix(verify): catch ArtifactNotFoundError and OSError on stored read
dripsmvcp 129480f
chore(ci): unblock lint/type/test gates so the CLI fix can land
dripsmvcp d3881ef
chore(ci): unblock mypy + test gates for path-traversal PR
dripsmvcp 8a09295
fix(server): close TOCTOU window between path check and read
dripsmvcp 9a88018
Merge pull request #28 from dripsmvcp/fix/10-register-source-path-tra…
plind-junior 784a7b5
chore(lint): chain FileExistsError cause in storage put_ methods
dripsmvcp df508a5
chore(ci): unblock mypy + test gates for path-traversal PR
dripsmvcp 736ad06
Merge branch 'main' into fix/verify-exception-30
alpurkan17 c1feb23
Merge pull request #31 from dripsmvcp/fix/cli-clean-domain-errors
plind-junior 18cf531
Merge pull request #24 from bittoby/fix/issue-9-bundle-path-traversal
plind-junior a6f1c3c
Merge pull request #32 from dripsmvcp/fix/30-verify-source-exception
plind-junior 056e88c
Merge pull request #33 from alpurkan17/fix/verify-exception-30
plind-junior a3c24a4
docs: add banner diagram to README
plind-junior 23f504f
docs(spec): semantic search as primary retrieval backend
dripsmvcp 2206cb3
docs(plan): semantic search implementation plan
dripsmvcp b3795e5
feat(embeddings): add optional-deps extras and pytest markers
dripsmvcp 8659b75
feat(embeddings): create package skeleton
dripsmvcp 5a00683
feat(embeddings): Embedder ABC, registry, content_hash, MockEmbedder
dripsmvcp 3536e0f
feat(embeddings): sentence-transformers all-mpnet-base-v2 default ada…
dripsmvcp 9fb6f0c
feat(embeddings): sentence-transformers MiniLM-L6 alternative adapter
dripsmvcp 84ab0ac
feat(embeddings): fastembed BGE alternative (no-torch) adapter
dripsmvcp 02ed5d1
fix(ci): satisfy ruff SIM105 + add mypy overrides for optional deps
dripsmvcp dbe52ce
fix(ci): skip embeddings test suite when numpy isn't installed
dripsmvcp 2e3ef76
fix(bundle): skip Pydantic validation for opaque source content files
dripsmvcp 7a7951f
fix(embeddings): MockEmbedder uses uint32 scaling to avoid NaN/Inf
dripsmvcp 2abce16
feat(embeddings): state.db schema for embedding storage + put/get hel…
dripsmvcp d36b2e8
feat(embeddings): NumPy brute-force cosine search over embedding_index
dripsmvcp b769dab
feat(embeddings): sqlite-vec ANN path with NumPy fallback
dripsmvcp c6b0e8b
feat(embeddings): query embedding LRU cache
dripsmvcp 3722ee4
style: fix ruff E402/SIM105/E702/I001 violations from Phase 2 storage…
dripsmvcp d51474b
fix(embeddings): use outer-query for WHERE on cosine alias in search_…
dripsmvcp 3612f0b
feat(embeddings): write-time embedding hook + wire put_claim
dripsmvcp 807c326
feat(embeddings): search_semantic wrapper with query cache
dripsmvcp f7c3c89
feat(embeddings): hook all six artifact write paths
dripsmvcp 062c149
feat(embeddings): kb_search defaults to embedding primary, fts5 fallback
dripsmvcp d3bee3b
feat(embeddings): re-embed on update_claim
dripsmvcp f5c2a95
feat(embeddings): JSONL _h_search parity with MCP semantic-primary di…
dripsmvcp b7e333a
style: fix ruff SIM105/E501/I001/RUF059 violations from Phase 3
dripsmvcp 9cfdf78
fix(ci): silence mypy import-untyped for forward-ref fusion import
dripsmvcp 1c2dc21
fix(ci): silence mypy import-untyped for forward-ref dedup import
dripsmvcp 3c9108e
Merge pull request #37 from dripsmvcp/feat/semantic-search
plind-junior 7ab35e9
spec: cut dated 2026-05-21 snapshot; promote schema generator to script
plind-junior 9e77d51
ci(mypy): collapse fusion import to single line for type-ignore
dripsmvcp f6b8427
feat(embeddings): RRF/weighted/normalized fusion strategies
dripsmvcp a63603b
Merge pull request #38 from dripsmvcp/feat/semantic-search-phase-2-st…
plind-junior 0e9ff56
Merge pull request #39 from dripsmvcp/feat/semantic-search-phase-3-wr…
plind-junior 3417da8
Merge pull request #40 from dripsmvcp/feat/semantic-search-phase-4-re…
plind-junior 45dd293
docs: add 'What ships today' table to README
plind-junior 86808bd
kb: approve review-gate fact
plind-junior 75406c6
docs: add 'When to use vouch' section
plind-junior 3ba9088
fix(cli): honor VOUCH_AGENT in _whoami for consistent actor attribution
plind-junior c1cadc6
docs: add captured example session walkthrough
plind-junior cbe911b
docs: add screen recording of full vouch loop (VHS tape + GIF)
plind-junior 98e4e18
docs: embed demo GIF under Quick start in README
plind-junior 1f1eeb8
fix(embeddings): address CodeRabbit review on hybrid + fusion + write…
plind-junior abf0620
Merge pull request #41 from dripsmvcp/feat/semantic-search-phase-5-fu…
plind-junior cef1664
fix(lifecycle): only catch missing-artifact errors in cite()
plind-junior bc719aa
fix(context): only catch missing-artifact errors in citation lookup
plind-junior 0f3ffc4
refactor(sessions): keep tracebacks when crystallize() approve fails
plind-junior c095ff3
fix(context): only catch sqlite errors when FTS5 falls back
plind-junior 781fa8e
refactor(health): use typed status filter for pending proposal count
plind-junior d416e65
chore(capabilities): pin pluginApi compat baseline, fail CI on host-c…
Tet-9 45f32c2
feat(dual-solve): surface engine logs
plind-junior 0f9687e
fix(sessions): make crystallize retry idempotent for summary pages
Yaroslav98214 536c4ce
fix(models): reject empty text/name/title on claim/entity/page
minion1227 89815c0
refactor(models): extract shared _require_non_empty validator helper
minion1227 96ea554
fix: resolve RPC traceback leakage on internal errors
RealDiligent 24c55c2
feat(review): kb.triage_pending — advisory triage scoring for the pen…
jsdevninja f2b554c
feat(diff): register kb.diff at all four kb.* surface sites
jsdevninja 68c0ea5
Merge pull request #361 from RealDiligent/fix/critical-issue-rpc-trac…
plind-junior 9b280f6
Merge pull request #300 from minion1227/minion_155
plind-junior b4fd469
fix(jsonl): define module logger after the import block
dripsmvcp 1a3f1c3
feat(adapters): toml_merge install strategy for codex config.toml
dripsmvcp 2982a6c
Merge pull request #344 from jsdevninja/feat/327-kb-diff-parity
plind-junior 7327e3f
Merge pull request #345 from jsdevninja/feat/322-triage-pending
plind-junior 628c733
feat(adapters): codex T2 agents.md fenced snippet
dripsmvcp 109a3a3
feat(adapters): codex T3 skills mirroring the vouch slash commands
dripsmvcp 0eb7917
feat(capture): ingest codex session rollouts into review-gated summaries
dripsmvcp 453869f
Merge pull request #392 from dripsmvcp/feat/codex-toml-merge
plind-junior 6eaba12
Merge pull request #393 from dripsmvcp/feat/codex-agents-snippet
plind-junior e2acd6c
Merge pull request #394 from dripsmvcp/feat/codex-skills
plind-junior 87b4a5e
Merge pull request #395 from dripsmvcp/feat/codex-ingest
plind-junior cca0269
Merge branch 'test' into feat/dual-solve-engine-logs
plind-junior bc57c11
Merge pull request #278 from vouchdev/feat/dual-solve-engine-logs
plind-junior 79ed4c1
feat(adapters): codex T4 hook wiring for automatic session capture
dripsmvcp 363bfd8
Merge pull request #256 from Yurii214/fix/139-crystallize-retry-idemp…
plind-junior f8020a2
test(adapters): live codex install gate against the real cli
dripsmvcp 4b93764
docs(adapters): codex adapter docs reflect the tiered install
dripsmvcp 1c7971b
Merge pull request #257 from Tet-9/chore/237-host-compat-baseline
plind-junior d323635
Merge pull request #396 from dripsmvcp/feat/codex-capture-hook
plind-junior 72813eb
Merge pull request #397 from dripsmvcp/test/codex-live-gate
plind-junior 2fb255a
Merge pull request #398 from dripsmvcp/docs/codex-adapter-refresh
plind-junior 1ac6cbb
docs(mcp): design a friendlier mcp surface — profiles + auto-recall
plind-junior b14cf06
docs(mcp): plan the friendlier-mcp-surface build
plind-junior add870f
feat(mcp): add tool profiles, expose a minimal surface by default
plind-junior de6310e
fix(mcp): harden profile resolution against a non-dict config section
plind-junior cb291fd
test(capabilities): assert mcp tool set matches the method list
plind-junior a13cbfc
feat(retrieval): fuse embedding + fts5 by default instead of a waterfall
plind-junior 356c3a3
fix(volunteer): treat hybrid relevance as rank-relative, not pre-norm…
plind-junior 3cbf712
feat(retrieval): drop near-duplicate items from the context pack
plind-junior 1468a7e
fix(retrieval): dedupe by score so the highest-scored near-dup wins
plind-junior f698fd0
feat(hooks): inject per-prompt kb context via a userpromptsubmit hook
plind-junior 63333c4
fix(hooks): never raise on non-dict payload or missing kb
plind-junior c33b48e
feat(mcp): serve one-line tool descriptions under non-full profiles
plind-junior 6ea2a94
docs(mcp): document tool profiles
plind-junior 0cf6b29
fix(retrieval): dedupe by score but keep caller order for the pack
plind-junior 6246363
docs(changelog): note minimal mcp profile, fusion, auto-recall
plind-junior f433975
chore(merge): integrate friendlier-mcp-surface into test
plind-junior c5c5282
docs(readme): note the fourth hook, per-prompt recall, and lean mcp p…
plind-junior 7e68098
fix(capabilities): read openclaw.compat from package.json (#417)
plind-junior bb06565
chore(repo): untrack owner-local web/ and .claude/ (#413)
plind-junior 2ddd1f9
chore(merge): integrate main into test branch
plind-junior b72ac59
chore(merge): integrate origin/test updates
plind-junior 4f52d9b
chore(merge): resolve changelog and version conflicts with main
plind-junior 719b8e9
chore(merge): update changelog to resolve merge conflicts
plind-junior 3b649ff
chore(merge): update to main's latest versions for clean merge
plind-junior 1625b16
docs(readme): restore incubated by gittensor acknowledgment
plind-junior b8d2e66
chore: remove banner.svg and its reference in README
plind-junior e52ecd0
chore: remove desktop, spec, migrations dirs and pre-commit config
plind-junior 233a1d1
chore(merge): resolve conflicts by taking test branch version
plind-junior 571a11d
fix(ci): restore missing storage and context constants
plind-junior 45f63da
fix(ci): restore coherent backing modules to match callers
plind-junior d6e4e37
docs(contributing): require webapp screenshots for user-facing changes
plind-junior 034b00b
docs(contributing): require webapp screenshots for user-facing changes
plind-junior 661b59c
Merge branch 'main' into test
plind-junior ef4b6c9
feat(webapp): vendor vouch-ui console with delete/clear/archive ui (#…
plind-junior 5f2c03e
docs(spec): design host-neutral session-split summaries
plind-junior 880f3b5
docs(plan): session-split summaries implementation plan
plind-junior bfd56f9
refactor(compile): extract shared llm drafting into llm_draft
plind-junior 1465946
feat(session-split): add SplitConfig loaded from capture.split
plind-junior 146c42d
refactor(capture): route finalize through session_split.summarize
plind-junior b081bb9
feat(session-split): llm topical split for large sessions
plind-junior 99a4393
feat(session-split): expose kb.summarize_session across surfaces
plind-junior 29d9745
feat(sessions): add kb.list_sessions for the review-pipeline view
plind-junior 0246038
feat(sessions): llm-narrate a filed mechanical summary in place
plind-junior 0b6245f
docs(delete): spec review-gated artifact delete
plind-junior b5d46b8
docs(delete): correct relation index facts in delete spec
plind-junior b6fa83c
docs(delete): add artifact-delete implementation plan
plind-junior c515f2a
feat(delete): add pure-io storage delete_* for four kinds
plind-junior 74f134c
feat(delete): add index_db.deindex for removed artifacts
plind-junior 22764dc
feat(delete): add ProposalKind.DELETE and referenced_by matrix
plind-junior 9502c45
feat(delete): add proposals.propose_delete
plind-junior df184c3
feat(delete): execute delete proposals through approve()
plind-junior 34c5a13
feat(delete): expose kb.propose_delete across all surfaces
plind-junior 6eb34bf
fix(delete): align kb_propose_delete mcp tool with siblings
plind-junior 0a9e4db
fix(delete): deindex on idempotent approve path + audit polish
plind-junior efb7eb5
feat(demo): dual-path LLM configuration for session capture or direct…
plind-junior bb8335f
feat(claims): bulk clear for auto-approved claims (#433) (#434)
dripsmvcp 02bcd3a
feat(webapp): console dashboard driven by kb.activity (#454)
plind-junior 8e74ca9
feat(console): serve the react web console from the installed package…
plind-junior b0674f1
Demo update (#455)
plind-junior File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| name: security-audit | ||
|
|
||
| # Non-blocking dependency vulnerability scan (pip-audit). Runs weekly so | ||
| # newly-disclosed advisories surface without waiting for a push, plus on | ||
| # any change to the dependency set, plus on demand. continue-on-error | ||
| # keeps a fresh CVE from turning the tree red — triage it, don't gate on | ||
| # it. (the blocking gates are ci.yml / schema-check.yml / eval.yml.) | ||
| on: | ||
| schedule: | ||
| - cron: "0 6 * * 1" # mondays 06:00 utc | ||
| pull_request: | ||
| paths: | ||
| - "pyproject.toml" | ||
| - ".github/workflows/security-audit.yml" | ||
| workflow_dispatch: | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| audit: | ||
| name: pip-audit | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 15 | ||
| continue-on-error: true | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.12" | ||
| cache: pip | ||
|
|
||
| - name: install | ||
| run: | | ||
| python -m pip install --upgrade pip pip-audit | ||
| pip install -e . | ||
|
|
||
| - name: audit | ||
| run: pip-audit --desc | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -23,3 +23,5 @@ build/ | |
| # and adapters/claude-code/.claude stay tracked) | ||
| /web/ | ||
| /.claude/ | ||
| .vouch | ||
| docs | ||
This file was deleted.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
Repository: vouchdev/vouch
Length of output: 4157
🏁 Script executed:
Repository: vouchdev/vouch
Length of output: 4149
Disable persisted checkout credentials.
actions/checkoutstores the token in local git config by default. This workflow installs PR-controlled code, so leaving it there is unnecessary exposure; setpersist-credentials: false.🔧 Proposed fix
📝 Committable suggestion
🧰 Tools
🪛 zizmor (1.26.1)
[warning] 27-27: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Source: Linters/SAST tools