@alextis59/athena 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -4
- package/dist/parsers/pdf2llm.d.ts +2 -2
- package/dist/parsers/pdf2llm.js +1 -1
- package/package.json +5 -4
- package/docs/QUALITY.md +0 -137
- package/docs/SECURITY.md +0 -140
- package/docs/adr/0001-sqlite-driver.md +0 -23
- package/docs/agentic-rag-specifications.md +0 -670
- package/docs/agentic-rag-study.md +0 -1056
- package/docs/exec-plans/template.md +0 -67
- package/docs/implementation-plan.md +0 -1433
- package/docs/index.md +0 -61
- package/docs/mcp-integration.md +0 -227
- package/docs/tech-debt-tracker.md +0 -21
- package/docs/validation-corpus.md +0 -71
package/README.md
CHANGED
|
@@ -133,10 +133,11 @@ available. Low-confidence PDF regions are surfaced as uncertain in the UI.
|
|
|
133
133
|
- `listDocs`
|
|
134
134
|
- `relatedChunks`
|
|
135
135
|
|
|
136
|
-
See
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
136
|
+
See the
|
|
137
|
+
[MCP integration guide](https://github.com/alextis59/athena/blob/main/docs/mcp-integration.md)
|
|
138
|
+
for OpenCode, Codex, and generic MCP setup examples. OpenCode is the default
|
|
139
|
+
external-agent provider; pass `athena mcp --agent-provider codex` or set
|
|
140
|
+
`agent.provider: "codex"` when configuring Athena for Codex.
|
|
140
141
|
|
|
141
142
|
## Development
|
|
142
143
|
|
|
@@ -2,8 +2,8 @@ import { convertPdfToMarkdown } from "pdf-2-llm/node";
|
|
|
2
2
|
import type { PdfConfig } from "../config/index.js";
|
|
3
3
|
import type { ParsedDocument } from "./types.js";
|
|
4
4
|
export declare const PDF2LLM_PARSER_NAME = "pdf-2-llm";
|
|
5
|
-
export declare const PDF2LLM_PACKAGE_VERSION = "1.
|
|
6
|
-
export declare const PDF2LLM_PARSER_VERSION = "1.
|
|
5
|
+
export declare const PDF2LLM_PACKAGE_VERSION = "1.2.0";
|
|
6
|
+
export declare const PDF2LLM_PARSER_VERSION = "1.2.0";
|
|
7
7
|
export type Pdf2LlmConverter = typeof convertPdfToMarkdown;
|
|
8
8
|
export interface ParsePdfFileOptions {
|
|
9
9
|
config: PdfConfig;
|
package/dist/parsers/pdf2llm.js
CHANGED
|
@@ -4,7 +4,7 @@ import { UserFacingError } from "../errors.js";
|
|
|
4
4
|
import { parseMarkdownLikeLines } from "./line-parser.js";
|
|
5
5
|
import { normalizeText } from "./normalize.js";
|
|
6
6
|
export const PDF2LLM_PARSER_NAME = "pdf-2-llm";
|
|
7
|
-
export const PDF2LLM_PACKAGE_VERSION = "1.
|
|
7
|
+
export const PDF2LLM_PACKAGE_VERSION = "1.2.0";
|
|
8
8
|
export const PDF2LLM_PARSER_VERSION = PDF2LLM_PACKAGE_VERSION;
|
|
9
9
|
export async function parsePdfFile(absolutePath, options) {
|
|
10
10
|
const result = await convertWithTimeout(absolutePath, options);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@alextis59/athena",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.3.0",
|
|
4
4
|
"description": "Local-first agentic documentation RAG command.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"private": false,
|
|
@@ -10,8 +10,7 @@
|
|
|
10
10
|
"files": [
|
|
11
11
|
"dist",
|
|
12
12
|
"README.md",
|
|
13
|
-
"LICENSE"
|
|
14
|
-
"docs"
|
|
13
|
+
"LICENSE"
|
|
15
14
|
],
|
|
16
15
|
"keywords": [
|
|
17
16
|
"rag",
|
|
@@ -49,6 +48,8 @@
|
|
|
49
48
|
"build": "tsc -p tsconfig.json",
|
|
50
49
|
"check": "npm run format:check && npm run lint && npm run typecheck && npm test",
|
|
51
50
|
"check:publish": "npm run check && npm run eval && npm run build",
|
|
51
|
+
"benchmark:pdf": "tsx scripts/pdf-benchmark.ts run",
|
|
52
|
+
"benchmark:pdf:plan": "tsx scripts/pdf-benchmark.ts plan",
|
|
52
53
|
"corpus:health": "tsx scripts/corpus.ts health --offline",
|
|
53
54
|
"corpus:retrieve": "tsx scripts/corpus.ts retrieve",
|
|
54
55
|
"eval": "tsx scripts/eval.ts validate --offline",
|
|
@@ -74,6 +75,6 @@
|
|
|
74
75
|
"better-sqlite3": "^12.11.1",
|
|
75
76
|
"fast-glob": "^3.3.3",
|
|
76
77
|
"jiti": "^2.7.0",
|
|
77
|
-
"pdf-2-llm": "^1.
|
|
78
|
+
"pdf-2-llm": "^1.2.0"
|
|
78
79
|
}
|
|
79
80
|
}
|
package/docs/QUALITY.md
DELETED
|
@@ -1,137 +0,0 @@
|
|
|
1
|
-
# Quality
|
|
2
|
-
|
|
3
|
-
Use the narrowest validation that proves the change, then expand when the
|
|
4
|
-
change touches shared behavior, package output, retrieval quality, security
|
|
5
|
-
boundaries, or user-facing workflows.
|
|
6
|
-
|
|
7
|
-
## Fast Checks
|
|
8
|
-
|
|
9
|
-
For documentation-only changes:
|
|
10
|
-
|
|
11
|
-
```bash
|
|
12
|
-
npm run format:check
|
|
13
|
-
```
|
|
14
|
-
|
|
15
|
-
For TypeScript source changes, start with the nearest targeted Node test when
|
|
16
|
-
possible:
|
|
17
|
-
|
|
18
|
-
```bash
|
|
19
|
-
node --import tsx --test test/<area>.test.ts
|
|
20
|
-
```
|
|
21
|
-
|
|
22
|
-
Then run the relevant package checks from the sections below.
|
|
23
|
-
|
|
24
|
-
## Standard Source Change Ladder
|
|
25
|
-
|
|
26
|
-
Run this for most runtime changes:
|
|
27
|
-
|
|
28
|
-
```bash
|
|
29
|
-
npm run format:check
|
|
30
|
-
npm run lint
|
|
31
|
-
npm run typecheck
|
|
32
|
-
npm test
|
|
33
|
-
npm run build
|
|
34
|
-
```
|
|
35
|
-
|
|
36
|
-
`npm run check` combines the first four commands:
|
|
37
|
-
|
|
38
|
-
```bash
|
|
39
|
-
npm run check
|
|
40
|
-
```
|
|
41
|
-
|
|
42
|
-
Prefer the expanded form when you need to show the exact failing stage.
|
|
43
|
-
|
|
44
|
-
## Area-Specific Tests
|
|
45
|
-
|
|
46
|
-
- CLI behavior: `node --import tsx --test test/cli.test.ts`
|
|
47
|
-
- Config loading and remote opt-ins: `node --import tsx --test test/config.test.ts`
|
|
48
|
-
- Storage and migrations: `node --import tsx --test test/storage.test.ts`
|
|
49
|
-
- Indexing and run metadata: `node --import tsx --test test/indexer.test.ts`
|
|
50
|
-
- Parsers and PDF artifacts: `node --import tsx --test test/parsers.test.ts`
|
|
51
|
-
- Embedding providers and cache keys: `node --import tsx --test test/embeddings.test.ts`
|
|
52
|
-
- Retrieval tools and ranking: `node --import tsx --test test/retrieval.test.ts`
|
|
53
|
-
- Agent loop and provider adapters: `node --import tsx --test test/agent-loop.test.ts test/agent-provider.test.ts`
|
|
54
|
-
- Citation policy: `node --import tsx --test test/agent-citations.test.ts`
|
|
55
|
-
- HTTP server and UI API contract: `node --import tsx --test test/server.test.ts test/ui.test.ts`
|
|
56
|
-
- MCP protocol and tool exposure: `node --import tsx --test test/mcp.test.ts`
|
|
57
|
-
- Corpus manifest and eval plan: `node --import tsx --test test/corpus.test.ts test/eval.test.ts`
|
|
58
|
-
|
|
59
|
-
When changing cross-cutting types, exports, or shared contracts, run the full
|
|
60
|
-
standard ladder after targeted tests pass.
|
|
61
|
-
|
|
62
|
-
## Retrieval, Parser, And Citation Quality
|
|
63
|
-
|
|
64
|
-
For changes that affect discovery, parsing, chunking, embeddings, retrieval,
|
|
65
|
-
ranking, PDF handling, source locators, agent tool use, or citations, include:
|
|
66
|
-
|
|
67
|
-
```bash
|
|
68
|
-
npm run corpus:health
|
|
69
|
-
npm run eval
|
|
70
|
-
```
|
|
71
|
-
|
|
72
|
-
`npm run eval` runs offline validation against the committed corpus manifest and
|
|
73
|
-
ground truth. If corpus cache files are missing, use:
|
|
74
|
-
|
|
75
|
-
```bash
|
|
76
|
-
npm run corpus:retrieve
|
|
77
|
-
npm run corpus:health
|
|
78
|
-
```
|
|
79
|
-
|
|
80
|
-
Only update corpus manifest hashes or sizes after reviewing the changed
|
|
81
|
-
downloaded artifact and documenting why the refresh is acceptable.
|
|
82
|
-
|
|
83
|
-
## Manual CLI Smoke
|
|
84
|
-
|
|
85
|
-
Use a temporary project root when validating real CLI behavior:
|
|
86
|
-
|
|
87
|
-
```bash
|
|
88
|
-
tmpdir="$(mktemp -d)"
|
|
89
|
-
mkdir -p "$tmpdir/docs"
|
|
90
|
-
printf '# Admin Guide\n\nSet ATHENA_INDEX_BATCH_SIZE=64 for large docsets.\n' > "$tmpdir/docs/admin-guide.md"
|
|
91
|
-
npm run build
|
|
92
|
-
node dist/cli/main.js index --root "$tmpdir" --json
|
|
93
|
-
node dist/cli/main.js doctor --root "$tmpdir"
|
|
94
|
-
```
|
|
95
|
-
|
|
96
|
-
For `serve`, prefer a test harness or short-lived manual run. The server waits
|
|
97
|
-
for shutdown by default.
|
|
98
|
-
|
|
99
|
-
## MCP Smoke
|
|
100
|
-
|
|
101
|
-
For MCP changes, run the targeted MCP tests and use the finite stdio smoke in
|
|
102
|
-
`docs/mcp-integration.md` when the wire format or exposed tools change.
|
|
103
|
-
|
|
104
|
-
## Package And Publish Readiness
|
|
105
|
-
|
|
106
|
-
For release or package-entrypoint changes:
|
|
107
|
-
|
|
108
|
-
```bash
|
|
109
|
-
npm run check:publish
|
|
110
|
-
npm pack --dry-run --json
|
|
111
|
-
```
|
|
112
|
-
|
|
113
|
-
Then smoke the generated tarball from this checkout:
|
|
114
|
-
|
|
115
|
-
```bash
|
|
116
|
-
npm pack
|
|
117
|
-
npx --yes --package ./alextis59-athena-1.0.0.tgz athena --help
|
|
118
|
-
```
|
|
119
|
-
|
|
120
|
-
Also smoke an index command against a temporary docs folder before publishing.
|
|
121
|
-
Use `npm publish --dry-run --json` for final registry packaging validation.
|
|
122
|
-
Remove local `*.tgz` artifacts after the smoke test.
|
|
123
|
-
|
|
124
|
-
The npm package name is `@alextis59/athena`; the installed command must remain
|
|
125
|
-
`athena`.
|
|
126
|
-
|
|
127
|
-
## What To Record
|
|
128
|
-
|
|
129
|
-
In final notes, include:
|
|
130
|
-
|
|
131
|
-
- commands run;
|
|
132
|
-
- pass/fail outcome;
|
|
133
|
-
- any skipped checks and why;
|
|
134
|
-
- manual smoke details when automation does not cover the behavior.
|
|
135
|
-
|
|
136
|
-
Do not mark a plan item or debt item complete unless the matching validation has
|
|
137
|
-
actually passed.
|
package/docs/SECURITY.md
DELETED
|
@@ -1,140 +0,0 @@
|
|
|
1
|
-
# Security
|
|
2
|
-
|
|
3
|
-
Athena is a local developer tool for indexing and querying project
|
|
4
|
-
documentation. Its default security posture is local-first operation, explicit
|
|
5
|
-
remote document-text opt-in, read-only retrieval integrations, and no public
|
|
6
|
-
service exposure.
|
|
7
|
-
|
|
8
|
-
## Trust Model
|
|
9
|
-
|
|
10
|
-
- Trusted operator: the local user running `athena`.
|
|
11
|
-
- Trusted codebase: this package and installed runtime dependencies.
|
|
12
|
-
- Trusted data root: the `--root` directory selected by the user.
|
|
13
|
-
- Untrusted inputs: documentation content, user config files in projects being
|
|
14
|
-
indexed, model output, MCP client requests, HTTP query parameters, and remote
|
|
15
|
-
provider responses.
|
|
16
|
-
|
|
17
|
-
Athena does not sandbox arbitrary project config execution. `athena.config.ts`
|
|
18
|
-
and `athena.config.mjs` are loaded with `jiti`, so only use config files from
|
|
19
|
-
repositories you are willing to execute locally.
|
|
20
|
-
|
|
21
|
-
## Local-First Boundaries
|
|
22
|
-
|
|
23
|
-
By default:
|
|
24
|
-
|
|
25
|
-
- indexes are written under `.athena/index.sqlite`;
|
|
26
|
-
- generated PDF assets are written under `.athena/blobs/`;
|
|
27
|
-
- the default embedding provider is local Transformers.js with remote model
|
|
28
|
-
downloads disabled at runtime;
|
|
29
|
-
- chat is disabled until the user configures a provider;
|
|
30
|
-
- the external agent provider defaults to OpenCode and only changes
|
|
31
|
-
client-specific MCP initialization guidance;
|
|
32
|
-
- the HTTP server binds to `127.0.0.1:4317`.
|
|
33
|
-
|
|
34
|
-
Do not change defaults so that document text leaves the machine. Remote
|
|
35
|
-
embedding providers must require `embeddings.allowRemoteDocumentText: true`.
|
|
36
|
-
Remote chat providers must require `chat.allowRemoteDocumentText: true`.
|
|
37
|
-
|
|
38
|
-
## Secrets
|
|
39
|
-
|
|
40
|
-
Remote providers use environment variables:
|
|
41
|
-
|
|
42
|
-
- `OPENAI_API_KEY`
|
|
43
|
-
- `VOYAGE_API_KEY`
|
|
44
|
-
- `COHERE_API_KEY`
|
|
45
|
-
- `GEMINI_API_KEY`
|
|
46
|
-
- `ANTHROPIC_API_KEY` for configured chat validation
|
|
47
|
-
|
|
48
|
-
Do not log API key values, persist them in `.athena/`, commit them, or include
|
|
49
|
-
them in doctor output. The current doctor command reports provider/model/cache
|
|
50
|
-
state, not secret values.
|
|
51
|
-
|
|
52
|
-
## Network
|
|
53
|
-
|
|
54
|
-
Expected network surfaces:
|
|
55
|
-
|
|
56
|
-
- optional remote embedding APIs when explicitly configured and allowed;
|
|
57
|
-
- optional Ollama embedding/chat requests to `OLLAMA_HOST` or local defaults;
|
|
58
|
-
- optional corpus retrieval through `npm run corpus:retrieve`;
|
|
59
|
-
- npm/package operations run manually by maintainers.
|
|
60
|
-
|
|
61
|
-
The local web server has no authentication or authorization layer. Keep it on
|
|
62
|
-
loopback for normal use. If `--host` or config binds to a non-loopback address,
|
|
63
|
-
the operator is responsible for network controls until an authenticated server
|
|
64
|
-
mode exists.
|
|
65
|
-
|
|
66
|
-
## Filesystem
|
|
67
|
-
|
|
68
|
-
Indexing reads files discovered under the configured root using supported
|
|
69
|
-
documentation include/exclude patterns. Default exclusions cover `.git/`,
|
|
70
|
-
`node_modules/`, `.athena/`, `dist/`, `build/`, and `coverage/`.
|
|
71
|
-
|
|
72
|
-
Important filesystem constraints:
|
|
73
|
-
|
|
74
|
-
- discovery does not follow symbolic links;
|
|
75
|
-
- retrieval source reads require indexed repository-relative paths;
|
|
76
|
-
- citation validation rejects absolute paths and paths containing `..`;
|
|
77
|
-
- server source preview rejects absolute paths, `..`, and paths outside the
|
|
78
|
-
selected root;
|
|
79
|
-
- PDF sidecar asset reads are restricted to `.athena/blobs/pdf-assets/`;
|
|
80
|
-
- downloaded validation corpus artifacts belong in ignored
|
|
81
|
-
`test/corpus/cache/`.
|
|
82
|
-
|
|
83
|
-
Do not commit `.athena/`, `dist/`, `*.tgz`, model caches, `.env*`, or
|
|
84
|
-
downloaded corpus cache files.
|
|
85
|
-
|
|
86
|
-
## MCP
|
|
87
|
-
|
|
88
|
-
`athena mcp` exposes read-only retrieval tools:
|
|
89
|
-
|
|
90
|
-
- `searchDocs`
|
|
91
|
-
- `readSourceRange`
|
|
92
|
-
- `readPdfSource`
|
|
93
|
-
- `grepDocs`
|
|
94
|
-
- `listDocs`
|
|
95
|
-
- `relatedChunks`
|
|
96
|
-
|
|
97
|
-
It does not expose write, edit, delete, indexing, shell, chat, or package
|
|
98
|
-
management tools. Keep MCP read-only unless a future change includes explicit
|
|
99
|
-
product requirements, authentication/authorization design, and tests.
|
|
100
|
-
|
|
101
|
-
`agent.provider` and `--agent-provider` may select OpenCode or Codex setup
|
|
102
|
-
guidance, but they must not change the read-only tool set or let an external
|
|
103
|
-
agent own Athena's model loop.
|
|
104
|
-
|
|
105
|
-
## Model Output And Citations
|
|
106
|
-
|
|
107
|
-
Treat model output as untrusted. Athena validates citations before accepting an
|
|
108
|
-
answer:
|
|
109
|
-
|
|
110
|
-
- source paths must be indexed and repository-relative;
|
|
111
|
-
- text citation line ranges must exist;
|
|
112
|
-
- PDF citations must reference PDF page labels;
|
|
113
|
-
- cited locators must have been read during the turn;
|
|
114
|
-
- substantive answers require citations.
|
|
115
|
-
|
|
116
|
-
Do not weaken citation validation to make a model answer pass. Fix retrieval,
|
|
117
|
-
tool use, or the answer policy instead.
|
|
118
|
-
|
|
119
|
-
## Parser And Document Content
|
|
120
|
-
|
|
121
|
-
Markdown, MDX, HTML, RST, AsciiDoc, text, and PDF inputs are parsed as
|
|
122
|
-
documentation content. Embedded code blocks, MDX JSX, script tags, and style
|
|
123
|
-
tags must not execute as part of parsing. PDF parsing is bounded by configured
|
|
124
|
-
timeout and wrapped in user-facing errors.
|
|
125
|
-
|
|
126
|
-
When changing parsers, preserve warning behavior and avoid turning malformed or
|
|
127
|
-
hostile documents into process crashes.
|
|
128
|
-
|
|
129
|
-
## Practical Review Checklist
|
|
130
|
-
|
|
131
|
-
Before merging changes that affect config, providers, server routes, MCP,
|
|
132
|
-
filesystem reads, parsing, or citations, verify:
|
|
133
|
-
|
|
134
|
-
- remote document text still requires explicit opt-in;
|
|
135
|
-
- no secret value is logged, persisted, or printed;
|
|
136
|
-
- source and asset path traversal checks still exist;
|
|
137
|
-
- MCP remains read-only;
|
|
138
|
-
- the server is not documented as safe for public exposure;
|
|
139
|
-
- citation validation still rejects unsupported or unread citations;
|
|
140
|
-
- relevant tests from `docs/QUALITY.md` pass.
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
# ADR 0001: SQLite Driver
|
|
2
|
-
|
|
3
|
-
Date: 2026-07-03
|
|
4
|
-
|
|
5
|
-
## Decision
|
|
6
|
-
|
|
7
|
-
Athena uses `better-sqlite3` for the initial local SQLite storage layer.
|
|
8
|
-
|
|
9
|
-
## Rationale
|
|
10
|
-
|
|
11
|
-
- Athena's index updates and retrieval reads are local, short-lived CLI/server
|
|
12
|
-
operations where synchronous transactions are simple and deterministic.
|
|
13
|
-
- `better-sqlite3` provides mature SQLite and FTS5 support without the
|
|
14
|
-
`node:sqlite` ExperimentalWarning emitted by the current Node 22 runtime.
|
|
15
|
-
- The storage boundary is isolated in `src/storage/`, so a future migration to a
|
|
16
|
-
different SQLite binding or vector extension can be handled behind the same
|
|
17
|
-
migration and transaction helpers.
|
|
18
|
-
|
|
19
|
-
## Consequences
|
|
20
|
-
|
|
21
|
-
- `better-sqlite3` is a runtime dependency.
|
|
22
|
-
- Tests can inspect schema, indexes, and rollback behavior without a separate
|
|
23
|
-
database service.
|