@alextis59/athena 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -2
- package/dist/cli/help.d.ts.map +1 -1
- package/dist/cli/help.js +2 -0
- package/dist/cli/help.js.map +1 -1
- package/dist/cli/options.d.ts +2 -0
- package/dist/cli/options.d.ts.map +1 -1
- package/dist/cli/options.js +9 -0
- package/dist/cli/options.js.map +1 -1
- package/dist/cli/run.d.ts.map +1 -1
- package/dist/cli/run.js +10 -0
- package/dist/cli/run.js.map +1 -1
- package/dist/config/index.d.ts +1 -1
- package/dist/config/index.d.ts.map +1 -1
- package/dist/config/index.js.map +1 -1
- package/dist/config/loader.d.ts.map +1 -1
- package/dist/config/loader.js +10 -0
- package/dist/config/loader.js.map +1 -1
- package/dist/config/schema.d.ts.map +1 -1
- package/dist/config/schema.js +4 -0
- package/dist/config/schema.js.map +1 -1
- package/dist/config/types.d.ts +6 -0
- package/dist/config/types.d.ts.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/indexer/run.d.ts.map +1 -1
- package/dist/indexer/run.js +70 -20
- package/dist/indexer/run.js.map +1 -1
- package/dist/mcp/index.d.ts +6 -1
- package/dist/mcp/index.d.ts.map +1 -1
- package/dist/mcp/index.js +20 -10
- package/dist/mcp/index.js.map +1 -1
- package/dist/retrieval/tools.js +12 -11
- package/dist/retrieval/tools.js.map +1 -1
- package/dist/storage/schema.d.ts +1 -1
- package/dist/storage/schema.d.ts.map +1 -1
- package/dist/storage/schema.js +4 -0
- package/dist/storage/schema.js.map +1 -1
- package/docs/QUALITY.md +137 -0
- package/docs/SECURITY.md +140 -0
- package/docs/agentic-rag-specifications.md +11 -0
- package/docs/exec-plans/template.md +67 -0
- package/docs/implementation-plan.md +8 -0
- package/docs/index.md +61 -0
- package/docs/mcp-integration.md +73 -0
- package/docs/tech-debt-tracker.md +21 -0
- package/package.json +1 -1
package/docs/QUALITY.md
ADDED
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
# Quality
|
|
2
|
+
|
|
3
|
+
Use the narrowest validation that proves the change, then expand when the
|
|
4
|
+
change touches shared behavior, package output, retrieval quality, security
|
|
5
|
+
boundaries, or user-facing workflows.
|
|
6
|
+
|
|
7
|
+
## Fast Checks
|
|
8
|
+
|
|
9
|
+
For documentation-only changes:
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
npm run format:check
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
For TypeScript source changes, start with the nearest targeted Node test when
|
|
16
|
+
possible:
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
node --import tsx --test test/<area>.test.ts
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
Then run the relevant package checks from the sections below.
|
|
23
|
+
|
|
24
|
+
## Standard Source Change Ladder
|
|
25
|
+
|
|
26
|
+
Run this for most runtime changes:
|
|
27
|
+
|
|
28
|
+
```bash
|
|
29
|
+
npm run format:check
|
|
30
|
+
npm run lint
|
|
31
|
+
npm run typecheck
|
|
32
|
+
npm test
|
|
33
|
+
npm run build
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
`npm run check` combines the first four commands:
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
npm run check
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
Prefer the expanded form when you need to show the exact failing stage.
|
|
43
|
+
|
|
44
|
+
## Area-Specific Tests
|
|
45
|
+
|
|
46
|
+
- CLI behavior: `node --import tsx --test test/cli.test.ts`
|
|
47
|
+
- Config loading and remote opt-ins: `node --import tsx --test test/config.test.ts`
|
|
48
|
+
- Storage and migrations: `node --import tsx --test test/storage.test.ts`
|
|
49
|
+
- Indexing and run metadata: `node --import tsx --test test/indexer.test.ts`
|
|
50
|
+
- Parsers and PDF artifacts: `node --import tsx --test test/parsers.test.ts`
|
|
51
|
+
- Embedding providers and cache keys: `node --import tsx --test test/embeddings.test.ts`
|
|
52
|
+
- Retrieval tools and ranking: `node --import tsx --test test/retrieval.test.ts`
|
|
53
|
+
- Agent loop and provider adapters: `node --import tsx --test test/agent-loop.test.ts test/agent-provider.test.ts`
|
|
54
|
+
- Citation policy: `node --import tsx --test test/agent-citations.test.ts`
|
|
55
|
+
- HTTP server and UI API contract: `node --import tsx --test test/server.test.ts test/ui.test.ts`
|
|
56
|
+
- MCP protocol and tool exposure: `node --import tsx --test test/mcp.test.ts`
|
|
57
|
+
- Corpus manifest and eval plan: `node --import tsx --test test/corpus.test.ts test/eval.test.ts`
|
|
58
|
+
|
|
59
|
+
When changing cross-cutting types, exports, or shared contracts, run the full
|
|
60
|
+
standard ladder after targeted tests pass.
|
|
61
|
+
|
|
62
|
+
## Retrieval, Parser, And Citation Quality
|
|
63
|
+
|
|
64
|
+
For changes that affect discovery, parsing, chunking, embeddings, retrieval,
|
|
65
|
+
ranking, PDF handling, source locators, agent tool use, or citations, include:
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
npm run corpus:health
|
|
69
|
+
npm run eval
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
`npm run eval` runs offline validation against the committed corpus manifest and
|
|
73
|
+
ground truth. If corpus cache files are missing, use:
|
|
74
|
+
|
|
75
|
+
```bash
|
|
76
|
+
npm run corpus:retrieve
|
|
77
|
+
npm run corpus:health
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
Only update corpus manifest hashes or sizes after reviewing the changed
|
|
81
|
+
downloaded artifact and documenting why the refresh is acceptable.
|
|
82
|
+
|
|
83
|
+
## Manual CLI Smoke
|
|
84
|
+
|
|
85
|
+
Use a temporary project root when validating real CLI behavior:
|
|
86
|
+
|
|
87
|
+
```bash
|
|
88
|
+
tmpdir="$(mktemp -d)"
|
|
89
|
+
mkdir -p "$tmpdir/docs"
|
|
90
|
+
printf '# Admin Guide\n\nSet ATHENA_INDEX_BATCH_SIZE=64 for large docsets.\n' > "$tmpdir/docs/admin-guide.md"
|
|
91
|
+
npm run build
|
|
92
|
+
node dist/cli/main.js index --root "$tmpdir" --json
|
|
93
|
+
node dist/cli/main.js doctor --root "$tmpdir"
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
For `serve`, prefer a test harness or short-lived manual run. The server waits
|
|
97
|
+
for shutdown by default.
|
|
98
|
+
|
|
99
|
+
## MCP Smoke
|
|
100
|
+
|
|
101
|
+
For MCP changes, run the targeted MCP tests and use the finite stdio smoke in
|
|
102
|
+
`docs/mcp-integration.md` when the wire format or exposed tools change.
|
|
103
|
+
|
|
104
|
+
## Package And Publish Readiness
|
|
105
|
+
|
|
106
|
+
For release or package-entrypoint changes:
|
|
107
|
+
|
|
108
|
+
```bash
|
|
109
|
+
npm run check:publish
|
|
110
|
+
npm pack --dry-run --json
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
Then smoke the generated tarball from this checkout:
|
|
114
|
+
|
|
115
|
+
```bash
|
|
116
|
+
npm pack
|
|
117
|
+
npx --yes --package ./alextis59-athena-1.0.0.tgz athena --help
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
Also smoke an index command against a temporary docs folder before publishing.
|
|
121
|
+
Use `npm publish --dry-run --json` for final registry packaging validation.
|
|
122
|
+
Remove local `*.tgz` artifacts after the smoke test.
|
|
123
|
+
|
|
124
|
+
The npm package name is `@alextis59/athena`; the installed command must remain
|
|
125
|
+
`athena`.
|
|
126
|
+
|
|
127
|
+
## What To Record
|
|
128
|
+
|
|
129
|
+
In final notes, include:
|
|
130
|
+
|
|
131
|
+
- commands run;
|
|
132
|
+
- pass/fail outcome;
|
|
133
|
+
- any skipped checks and why;
|
|
134
|
+
- manual smoke details when automation does not cover the behavior.
|
|
135
|
+
|
|
136
|
+
Do not mark a plan item or debt item complete unless the matching validation has
|
|
137
|
+
actually passed.
|
package/docs/SECURITY.md
ADDED
|
@@ -0,0 +1,140 @@
|
|
|
1
|
+
# Security
|
|
2
|
+
|
|
3
|
+
Athena is a local developer tool for indexing and querying project
|
|
4
|
+
documentation. Its default security posture is local-first operation, explicit
|
|
5
|
+
remote document-text opt-in, read-only retrieval integrations, and no public
|
|
6
|
+
service exposure.
|
|
7
|
+
|
|
8
|
+
## Trust Model
|
|
9
|
+
|
|
10
|
+
- Trusted operator: the local user running `athena`.
|
|
11
|
+
- Trusted codebase: this package and installed runtime dependencies.
|
|
12
|
+
- Trusted data root: the `--root` directory selected by the user.
|
|
13
|
+
- Untrusted inputs: documentation content, user config files in projects being
|
|
14
|
+
indexed, model output, MCP client requests, HTTP query parameters, and remote
|
|
15
|
+
provider responses.
|
|
16
|
+
|
|
17
|
+
Athena does not sandbox arbitrary project config execution. `athena.config.ts`
|
|
18
|
+
and `athena.config.mjs` are loaded with `jiti`, so only use config files from
|
|
19
|
+
repositories you are willing to execute locally.
|
|
20
|
+
|
|
21
|
+
## Local-First Boundaries
|
|
22
|
+
|
|
23
|
+
By default:
|
|
24
|
+
|
|
25
|
+
- indexes are written under `.athena/index.sqlite`;
|
|
26
|
+
- generated PDF assets are written under `.athena/blobs/`;
|
|
27
|
+
- the default embedding provider is local Transformers.js with remote model
|
|
28
|
+
downloads disabled at runtime;
|
|
29
|
+
- chat is disabled until the user configures a provider;
|
|
30
|
+
- the external agent provider defaults to OpenCode and only changes
|
|
31
|
+
client-specific MCP initialization guidance;
|
|
32
|
+
- the HTTP server binds to `127.0.0.1:4317`.
|
|
33
|
+
|
|
34
|
+
Do not change defaults so that document text leaves the machine. Remote
|
|
35
|
+
embedding providers must require `embeddings.allowRemoteDocumentText: true`.
|
|
36
|
+
Remote chat providers must require `chat.allowRemoteDocumentText: true`.
|
|
37
|
+
|
|
38
|
+
## Secrets
|
|
39
|
+
|
|
40
|
+
Remote providers use environment variables:
|
|
41
|
+
|
|
42
|
+
- `OPENAI_API_KEY`
|
|
43
|
+
- `VOYAGE_API_KEY`
|
|
44
|
+
- `COHERE_API_KEY`
|
|
45
|
+
- `GEMINI_API_KEY`
|
|
46
|
+
- `ANTHROPIC_API_KEY` for configured chat validation
|
|
47
|
+
|
|
48
|
+
Do not log API key values, persist them in `.athena/`, commit them, or include
|
|
49
|
+
them in doctor output. The current doctor command reports provider/model/cache
|
|
50
|
+
state, not secret values.
|
|
51
|
+
|
|
52
|
+
## Network
|
|
53
|
+
|
|
54
|
+
Expected network surfaces:
|
|
55
|
+
|
|
56
|
+
- optional remote embedding APIs when explicitly configured and allowed;
|
|
57
|
+
- optional Ollama embedding/chat requests to `OLLAMA_HOST` or local defaults;
|
|
58
|
+
- optional corpus retrieval through `npm run corpus:retrieve`;
|
|
59
|
+
- npm/package operations run manually by maintainers.
|
|
60
|
+
|
|
61
|
+
The local web server has no authentication or authorization layer. Keep it on
|
|
62
|
+
loopback for normal use. If `--host` or config binds to a non-loopback address,
|
|
63
|
+
the operator is responsible for network controls until an authenticated server
|
|
64
|
+
mode exists.
|
|
65
|
+
|
|
66
|
+
## Filesystem
|
|
67
|
+
|
|
68
|
+
Indexing reads files discovered under the configured root using supported
|
|
69
|
+
documentation include/exclude patterns. Default exclusions cover `.git/`,
|
|
70
|
+
`node_modules/`, `.athena/`, `dist/`, `build/`, and `coverage/`.
|
|
71
|
+
|
|
72
|
+
Important filesystem constraints:
|
|
73
|
+
|
|
74
|
+
- discovery does not follow symbolic links;
|
|
75
|
+
- retrieval source reads require indexed repository-relative paths;
|
|
76
|
+
- citation validation rejects absolute paths and paths containing `..`;
|
|
77
|
+
- server source preview rejects absolute paths, `..`, and paths outside the
|
|
78
|
+
selected root;
|
|
79
|
+
- PDF sidecar asset reads are restricted to `.athena/blobs/pdf-assets/`;
|
|
80
|
+
- downloaded validation corpus artifacts belong in ignored
|
|
81
|
+
`test/corpus/cache/`.
|
|
82
|
+
|
|
83
|
+
Do not commit `.athena/`, `dist/`, `*.tgz`, model caches, `.env*`, or
|
|
84
|
+
downloaded corpus cache files.
|
|
85
|
+
|
|
86
|
+
## MCP
|
|
87
|
+
|
|
88
|
+
`athena mcp` exposes read-only retrieval tools:
|
|
89
|
+
|
|
90
|
+
- `searchDocs`
|
|
91
|
+
- `readSourceRange`
|
|
92
|
+
- `readPdfSource`
|
|
93
|
+
- `grepDocs`
|
|
94
|
+
- `listDocs`
|
|
95
|
+
- `relatedChunks`
|
|
96
|
+
|
|
97
|
+
It does not expose write, edit, delete, indexing, shell, chat, or package
|
|
98
|
+
management tools. Keep MCP read-only unless a future change includes explicit
|
|
99
|
+
product requirements, authentication/authorization design, and tests.
|
|
100
|
+
|
|
101
|
+
`agent.provider` and `--agent-provider` may select OpenCode or Codex setup
|
|
102
|
+
guidance, but they must not change the read-only tool set or let an external
|
|
103
|
+
agent own Athena's model loop.
|
|
104
|
+
|
|
105
|
+
## Model Output And Citations
|
|
106
|
+
|
|
107
|
+
Treat model output as untrusted. Athena validates citations before accepting an
|
|
108
|
+
answer:
|
|
109
|
+
|
|
110
|
+
- source paths must be indexed and repository-relative;
|
|
111
|
+
- text citation line ranges must exist;
|
|
112
|
+
- PDF citations must reference PDF page labels;
|
|
113
|
+
- cited locators must have been read during the turn;
|
|
114
|
+
- substantive answers require citations.
|
|
115
|
+
|
|
116
|
+
Do not weaken citation validation to make a model answer pass. Fix retrieval,
|
|
117
|
+
tool use, or the answer policy instead.
|
|
118
|
+
|
|
119
|
+
## Parser And Document Content
|
|
120
|
+
|
|
121
|
+
Markdown, MDX, HTML, RST, AsciiDoc, text, and PDF inputs are parsed as
|
|
122
|
+
documentation content. Embedded code blocks, MDX JSX, script tags, and style
|
|
123
|
+
tags must not execute as part of parsing. PDF parsing is bounded by configured
|
|
124
|
+
timeout and wrapped in user-facing errors.
|
|
125
|
+
|
|
126
|
+
When changing parsers, preserve warning behavior and avoid turning malformed or
|
|
127
|
+
hostile documents into process crashes.
|
|
128
|
+
|
|
129
|
+
## Practical Review Checklist
|
|
130
|
+
|
|
131
|
+
Before merging changes that affect config, providers, server routes, MCP,
|
|
132
|
+
filesystem reads, parsing, or citations, verify:
|
|
133
|
+
|
|
134
|
+
- remote document text still requires explicit opt-in;
|
|
135
|
+
- no secret value is logged, persisted, or printed;
|
|
136
|
+
- source and asset path traversal checks still exist;
|
|
137
|
+
- MCP remains read-only;
|
|
138
|
+
- the server is not documented as safe for public exposure;
|
|
139
|
+
- citation validation still rejects unsupported or unread citations;
|
|
140
|
+
- relevant tests from `docs/QUALITY.md` pass.
|
|
@@ -183,6 +183,9 @@ export default defineConfig({
|
|
|
183
183
|
pooling: "mean",
|
|
184
184
|
normalize: true
|
|
185
185
|
},
|
|
186
|
+
agent: {
|
|
187
|
+
provider: "opencode"
|
|
188
|
+
},
|
|
186
189
|
pdf: {
|
|
187
190
|
parser: "pdf-2-llm",
|
|
188
191
|
pageAnchors: true,
|
|
@@ -317,6 +320,14 @@ export interface ModelProvider {
|
|
|
317
320
|
Provider adapters may use vendor SDKs internally if useful, but those SDKs must
|
|
318
321
|
not own Athena's agent loop.
|
|
319
322
|
|
|
323
|
+
### External Agent Provider
|
|
324
|
+
|
|
325
|
+
OpenCode should remain the default external-agent provider for MCP setup.
|
|
326
|
+
Athena should also allow `codex` through `agent.provider` and the
|
|
327
|
+
`--agent-provider` CLI option. This setting is client-specific setup guidance
|
|
328
|
+
only; it must not replace Athena's loop, weaken citation validation, or expose
|
|
329
|
+
additional MCP tools.
|
|
330
|
+
|
|
320
331
|
### Step Limit
|
|
321
332
|
|
|
322
333
|
The default max step count should be 6.
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# Execution Plan: <title>
|
|
2
|
+
|
|
3
|
+
Date: <yyyy-mm-dd>
|
|
4
|
+
|
|
5
|
+
## Goal
|
|
6
|
+
|
|
7
|
+
Describe the user-visible outcome and the repository behavior that will change.
|
|
8
|
+
|
|
9
|
+
## Scope
|
|
10
|
+
|
|
11
|
+
In scope:
|
|
12
|
+
|
|
13
|
+
- <files, modules, commands, docs, or workflows>
|
|
14
|
+
|
|
15
|
+
Out of scope:
|
|
16
|
+
|
|
17
|
+
- <explicitly deferred or preserved behavior>
|
|
18
|
+
|
|
19
|
+
## Current Behavior
|
|
20
|
+
|
|
21
|
+
Summarize what the code and docs do now. Link the relevant files, tests, and
|
|
22
|
+
commands inspected before editing.
|
|
23
|
+
|
|
24
|
+
## Constraints And Invariants
|
|
25
|
+
|
|
26
|
+
- Preserve the `athena` binary name and `@alextis59/athena` package identity.
|
|
27
|
+
- Preserve local-first defaults and explicit remote document-text opt-ins.
|
|
28
|
+
- Preserve Athena-owned agent loop and citation validation unless this plan is
|
|
29
|
+
explicitly about changing them.
|
|
30
|
+
- Preserve `pdf-2-llm` as the PDF ingestion path unless this plan is explicitly
|
|
31
|
+
about parser architecture.
|
|
32
|
+
- Keep MCP read-only unless this plan includes a security design for writes.
|
|
33
|
+
|
|
34
|
+
Add task-specific constraints here.
|
|
35
|
+
|
|
36
|
+
## Plan
|
|
37
|
+
|
|
38
|
+
1. Inspect the relevant code, docs, tests, and package scripts.
|
|
39
|
+
2. Make the smallest implementation or documentation change that satisfies the
|
|
40
|
+
goal.
|
|
41
|
+
3. Update adjacent docs, tests, fixtures, or debt notes when behavior changes.
|
|
42
|
+
4. Run the validation below.
|
|
43
|
+
5. Record results and any follow-up debt.
|
|
44
|
+
|
|
45
|
+
## Validation
|
|
46
|
+
|
|
47
|
+
Commands to run:
|
|
48
|
+
|
|
49
|
+
```bash
|
|
50
|
+
<command>
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
Expected outcomes:
|
|
54
|
+
|
|
55
|
+
- <observable pass condition>
|
|
56
|
+
|
|
57
|
+
If validation is skipped, record the reason and residual risk.
|
|
58
|
+
|
|
59
|
+
## Rollback
|
|
60
|
+
|
|
61
|
+
Describe how to revert the change or disable the behavior if validation fails
|
|
62
|
+
after merge.
|
|
63
|
+
|
|
64
|
+
## Notes
|
|
65
|
+
|
|
66
|
+
Capture decisions, tradeoffs, and follow-up items that should survive the
|
|
67
|
+
implementation turn.
|
|
@@ -1279,6 +1279,14 @@ Milestone 11 external agent documentation proof, 2026-07-03:
|
|
|
1279
1279
|
returned 4 JSON-RPC responses, 6 tools, `docs/admin-guide.md` as the top
|
|
1280
1280
|
search hit, and 1 read trace locator.
|
|
1281
1281
|
|
|
1282
|
+
Milestone 11 external agent provider option proof, 2026-07-05:
|
|
1283
|
+
|
|
1284
|
+
- Added `agent.provider` with `opencode` as the default and `codex` as the
|
|
1285
|
+
alternate provider.
|
|
1286
|
+
- Added `athena mcp --agent-provider <opencode|codex>` for one-off MCP setup.
|
|
1287
|
+
- Updated OpenCode and Codex MCP setup docs while preserving the same read-only
|
|
1288
|
+
tool exposure for both providers.
|
|
1289
|
+
|
|
1282
1290
|
## Release Readiness Checklist
|
|
1283
1291
|
|
|
1284
1292
|
Use this before publishing a public package or tagging a release.
|
package/docs/index.md
ADDED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# Documentation Index
|
|
2
|
+
|
|
3
|
+
Start with the root files, then use the task-specific docs below.
|
|
4
|
+
|
|
5
|
+
## Agent Entry Points
|
|
6
|
+
|
|
7
|
+
- [../AGENTS.md](../AGENTS.md): repository instructions for coding agents.
|
|
8
|
+
- [../ARCHITECTURE.md](../ARCHITECTURE.md): current package, module, runtime,
|
|
9
|
+
data-flow, and invariant map.
|
|
10
|
+
- [../README.md](../README.md): user-facing install, command, config, MCP, and
|
|
11
|
+
development quickstart.
|
|
12
|
+
|
|
13
|
+
## Product And Implementation
|
|
14
|
+
|
|
15
|
+
- [agentic-rag-specifications.md](agentic-rag-specifications.md): product and
|
|
16
|
+
engineering requirements for Athena's local-first documentation RAG behavior.
|
|
17
|
+
- [agentic-rag-study.md](agentic-rag-study.md): source study behind the
|
|
18
|
+
architecture choices.
|
|
19
|
+
- [implementation-plan.md](implementation-plan.md): milestone checklist and
|
|
20
|
+
historical proof notes for implementation work.
|
|
21
|
+
- [mcp-integration.md](mcp-integration.md): OpenCode, Codex, and generic MCP
|
|
22
|
+
setup, exposed read-only tools, and manual stdio smoke test.
|
|
23
|
+
- [validation-corpus.md](validation-corpus.md): corpus layout, licensing,
|
|
24
|
+
retrieval, cache, and coverage rules.
|
|
25
|
+
|
|
26
|
+
## Harness Operations
|
|
27
|
+
|
|
28
|
+
- [SECURITY.md](SECURITY.md): security model, local-first boundaries, secrets,
|
|
29
|
+
network, filesystem, MCP, and server exposure notes.
|
|
30
|
+
- [QUALITY.md](QUALITY.md): validation ladder for docs, source changes,
|
|
31
|
+
retrieval/parser changes, corpus changes, package release checks, and manual
|
|
32
|
+
smoke tests.
|
|
33
|
+
- [tech-debt-tracker.md](tech-debt-tracker.md): practical deferred work that is
|
|
34
|
+
visible from the current code and docs.
|
|
35
|
+
- [exec-plans/template.md](exec-plans/template.md): reusable plan template for
|
|
36
|
+
larger changes.
|
|
37
|
+
|
|
38
|
+
## Decisions
|
|
39
|
+
|
|
40
|
+
- [adr/0001-sqlite-driver.md](adr/0001-sqlite-driver.md): why Athena uses
|
|
41
|
+
`better-sqlite3` for the local SQLite layer.
|
|
42
|
+
|
|
43
|
+
## Source Map
|
|
44
|
+
|
|
45
|
+
- `src/cli/`: command parsing and dispatch.
|
|
46
|
+
- `src/config/`: default config, config loading, validation, and
|
|
47
|
+
`defineConfig()`.
|
|
48
|
+
- `src/storage/`: `.athena/` paths, migrations, schema checks, and
|
|
49
|
+
transactions.
|
|
50
|
+
- `src/indexer/`: discovery, hashing, parsing, chunking, embedding, and index
|
|
51
|
+
writes.
|
|
52
|
+
- `src/parsers/`: text-like parsers, PDF parsing, chunking, and normalization.
|
|
53
|
+
- `src/embeddings/`: local, Ollama, and remote embedding providers.
|
|
54
|
+
- `src/retrieval/`: read-only retrieval tools and trace capture.
|
|
55
|
+
- `src/agent/`: Athena-owned agent loop, model providers, tools, citations, and
|
|
56
|
+
turn persistence.
|
|
57
|
+
- `src/server/`: local HTTP UI/API server.
|
|
58
|
+
- `src/ui/`: static web UI.
|
|
59
|
+
- `src/mcp/`: stdio MCP server.
|
|
60
|
+
- `scripts/`: corpus and evaluation commands.
|
|
61
|
+
- `test/`: Node test suites and validation corpus fixtures.
|
package/docs/mcp-integration.md
CHANGED
|
@@ -17,6 +17,31 @@ node dist/cli/main.js index --root /absolute/path/to/project
|
|
|
17
17
|
For an installed package, replace `node dist/cli/main.js` with `athena` or
|
|
18
18
|
`npx @alextis59/athena`.
|
|
19
19
|
|
|
20
|
+
## Agent Provider Option
|
|
21
|
+
|
|
22
|
+
OpenCode is the default external-agent provider. Use `--agent-provider codex`
|
|
23
|
+
when the MCP server is configured for Codex:
|
|
24
|
+
|
|
25
|
+
```sh
|
|
26
|
+
athena mcp --root /absolute/path/to/project --agent-provider codex
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
The same choice can be made durable in `athena.config.ts`,
|
|
30
|
+
`athena.config.mjs`, or `athena.config.json`:
|
|
31
|
+
|
|
32
|
+
```ts
|
|
33
|
+
import { defineConfig } from "@alextis59/athena";
|
|
34
|
+
|
|
35
|
+
export default defineConfig({
|
|
36
|
+
agent: {
|
|
37
|
+
provider: "codex"
|
|
38
|
+
}
|
|
39
|
+
});
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
The option changes client-specific initialization guidance only. The MCP server
|
|
43
|
+
continues to expose the same read-only retrieval tools for every provider.
|
|
44
|
+
|
|
20
45
|
## OpenCode
|
|
21
46
|
|
|
22
47
|
OpenCode configures MCP servers under the `mcp` key. A local MCP entry uses
|
|
@@ -66,6 +91,54 @@ Installed package example:
|
|
|
66
91
|
After saving the config, run `opencode mcp list` to check that OpenCode can
|
|
67
92
|
start the server and discover its tools.
|
|
68
93
|
|
|
94
|
+
## Codex
|
|
95
|
+
|
|
96
|
+
Codex stores MCP servers in `config.toml`. You can configure Athena in the
|
|
97
|
+
user-level `~/.codex/config.toml` or in a trusted project-scoped
|
|
98
|
+
`.codex/config.toml`.
|
|
99
|
+
|
|
100
|
+
Installed package example:
|
|
101
|
+
|
|
102
|
+
```toml
|
|
103
|
+
[mcp_servers.athena]
|
|
104
|
+
command = "npx"
|
|
105
|
+
args = [
|
|
106
|
+
"--yes",
|
|
107
|
+
"@alextis59/athena",
|
|
108
|
+
"mcp",
|
|
109
|
+
"--root",
|
|
110
|
+
".",
|
|
111
|
+
"--agent-provider",
|
|
112
|
+
"codex"
|
|
113
|
+
]
|
|
114
|
+
cwd = "/absolute/path/to/project"
|
|
115
|
+
enabled = true
|
|
116
|
+
startup_timeout_sec = 10
|
|
117
|
+
tool_timeout_sec = 60
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
Development checkout example:
|
|
121
|
+
|
|
122
|
+
```toml
|
|
123
|
+
[mcp_servers.athena]
|
|
124
|
+
command = "node"
|
|
125
|
+
args = [
|
|
126
|
+
"/absolute/path/to/athena/dist/cli/main.js",
|
|
127
|
+
"mcp",
|
|
128
|
+
"--root",
|
|
129
|
+
".",
|
|
130
|
+
"--agent-provider",
|
|
131
|
+
"codex"
|
|
132
|
+
]
|
|
133
|
+
cwd = "/absolute/path/to/project"
|
|
134
|
+
enabled = true
|
|
135
|
+
startup_timeout_sec = 10
|
|
136
|
+
tool_timeout_sec = 60
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
After saving the config, start Codex in the project and use `/mcp` in the
|
|
140
|
+
terminal UI to check that the `athena` server is connected.
|
|
141
|
+
|
|
69
142
|
## Exposed Tools
|
|
70
143
|
|
|
71
144
|
Athena exposes only read-only retrieval tools:
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# Tech Debt Tracker
|
|
2
|
+
|
|
3
|
+
Track deferred work that is visible from the current implementation. Keep this
|
|
4
|
+
file practical: each item should have a reason, a likely validation path, and a
|
|
5
|
+
status.
|
|
6
|
+
|
|
7
|
+
| Item | Context | Validation | Owner | Status |
|
|
8
|
+
| --- | --- | --- | --- | --- |
|
|
9
|
+
| Align chat provider docs and adapters | Config validation recognizes `openai`, `anthropic`, and `gemini` chat providers, but `createConfiguredModelProvider()` currently implements Ollama only after validation. Either add adapters or keep user docs explicit that non-Ollama chat adapters are not ready. | Provider tests plus `athena ask` smoke for each supported adapter. | TBD | Open |
|
|
10
|
+
| Decide authenticated server posture before non-loopback use | The HTTP server is intentionally local and unauthenticated today. Binding `--host` to a non-loopback address should remain an operator-controlled advanced use until there is an authenticated mode. | Server tests for auth behavior if added; security doc update. | TBD | Open |
|
|
11
|
+
| Evaluate query embedding parity for remote/provider-specific indexes | Indexed vectors can come from provider-specific embeddings. Retrieval currently builds query vectors inside the retrieval layer rather than routing the query through the configured embedding provider. Confirm whether this is acceptable for release quality or add provider-aware query embedding. | Retrieval/eval tests comparing hybrid, FTS-only, vector-only, and provider-backed query behavior. | TBD | Open |
|
|
12
|
+
| Harden package smoke automation | Package readiness currently relies on manual tarball and `npx --package` smoke commands documented in `docs/QUALITY.md`. A script could reduce release mistakes while preserving the same checks. | New script plus tarball CLI smoke in a temp project. | TBD | Open |
|
|
13
|
+
| Expand parser warning summaries | Doctor reports total parser warnings, while PDF warning detail is available in parser artifacts and retrieval responses. A future doctor view could summarize warning codes by source. | Doctor tests and fixture with repeated PDF warnings. | TBD | Open |
|
|
14
|
+
|
|
15
|
+
## Closing Criteria
|
|
16
|
+
|
|
17
|
+
Close an item only after:
|
|
18
|
+
|
|
19
|
+
- the implementation or documentation change lands;
|
|
20
|
+
- the validation in the row passes;
|
|
21
|
+
- related docs are updated when behavior or policy changes.
|