brainclaw 0.28.0 → 1.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (198) hide show
  1. package/README.md +193 -170
  2. package/dist/brainclaw-vscode.vsix +0 -0
  3. package/dist/cli.js +683 -23
  4. package/dist/commands/accept.js +3 -0
  5. package/dist/commands/add-step.js +11 -26
  6. package/dist/commands/agent-board.js +70 -3
  7. package/dist/commands/audit.js +19 -0
  8. package/dist/commands/check-policy.js +54 -0
  9. package/dist/commands/check-security-mcp.js +145 -0
  10. package/dist/commands/check-security.js +106 -0
  11. package/dist/commands/claim-resource.js +1 -0
  12. package/dist/commands/codev.js +672 -0
  13. package/dist/commands/compact.js +74 -0
  14. package/dist/commands/complete-step.js +16 -26
  15. package/dist/commands/constraint.js +8 -20
  16. package/dist/commands/decision.js +9 -20
  17. package/dist/commands/delete-plan.js +10 -12
  18. package/dist/commands/delete-step.js +16 -0
  19. package/dist/commands/dispatch.js +163 -0
  20. package/dist/commands/doctor.js +1122 -49
  21. package/dist/commands/enable-agent.js +1 -0
  22. package/dist/commands/export.js +280 -22
  23. package/dist/commands/handoff.js +33 -0
  24. package/dist/commands/harvest.js +189 -0
  25. package/dist/commands/hooks.js +82 -25
  26. package/dist/commands/inbox.js +169 -0
  27. package/dist/commands/init.js +38 -31
  28. package/dist/commands/install-hooks.js +71 -44
  29. package/dist/commands/link.js +89 -0
  30. package/dist/commands/list-claims.js +48 -3
  31. package/dist/commands/list-plans.js +129 -25
  32. package/dist/commands/loops-handlers.js +409 -0
  33. package/dist/commands/mcp-read-handlers.js +1628 -0
  34. package/dist/commands/mcp-schemas.generated.js +74 -0
  35. package/dist/commands/mcp.js +4244 -1475
  36. package/dist/commands/plan-resource.js +64 -0
  37. package/dist/commands/plan.js +12 -26
  38. package/dist/commands/prune.js +37 -2
  39. package/dist/commands/reflect.js +20 -7
  40. package/dist/commands/release-claim.js +11 -6
  41. package/dist/commands/release-notes.js +170 -0
  42. package/dist/commands/repair.js +210 -0
  43. package/dist/commands/run-profile.js +57 -0
  44. package/dist/commands/sequence.js +113 -0
  45. package/dist/commands/session-end.js +423 -14
  46. package/dist/commands/session-start.js +214 -41
  47. package/dist/commands/setup-security.js +103 -0
  48. package/dist/commands/setup.js +42 -4
  49. package/dist/commands/stale.js +109 -0
  50. package/dist/commands/switch.js +131 -10
  51. package/dist/commands/trap.js +14 -31
  52. package/dist/commands/update-handoff.js +63 -4
  53. package/dist/commands/update-plan.js +21 -28
  54. package/dist/commands/update-step.js +37 -0
  55. package/dist/commands/upgrade.js +313 -6
  56. package/dist/commands/usage.js +102 -0
  57. package/dist/commands/version.js +20 -0
  58. package/dist/commands/who.js +124 -0
  59. package/dist/commands/worktree.js +105 -0
  60. package/dist/core/actions.js +315 -0
  61. package/dist/core/agent-capability.js +610 -17
  62. package/dist/core/agent-context.js +7 -1
  63. package/dist/core/agent-files.js +1169 -85
  64. package/dist/core/agent-integrations.js +160 -5
  65. package/dist/core/agent-inventory.js +2 -0
  66. package/dist/core/agent-profiles.js +93 -0
  67. package/dist/core/agent-registry.js +162 -30
  68. package/dist/core/agentrun-reconciler.js +345 -0
  69. package/dist/core/agentruns.js +424 -0
  70. package/dist/core/ai-agent-detection.js +31 -10
  71. package/dist/core/archival.js +77 -0
  72. package/dist/core/assignment-sweeper.js +82 -0
  73. package/dist/core/assignments.js +367 -0
  74. package/dist/core/audit.js +30 -0
  75. package/dist/core/bootstrap.js +61 -10
  76. package/dist/core/brainclaw-version.js +94 -2
  77. package/dist/core/candidates.js +93 -2
  78. package/dist/core/claims.js +419 -0
  79. package/dist/core/codev-metrics.js +77 -0
  80. package/dist/core/codev-personas.js +31 -0
  81. package/dist/core/codev-plan-gen.js +35 -0
  82. package/dist/core/codev-prompts.js +74 -0
  83. package/dist/core/codev-responses.js +62 -0
  84. package/dist/core/codev-rounds.js +218 -0
  85. package/dist/core/config.js +4 -0
  86. package/dist/core/context.js +454 -34
  87. package/dist/core/coordination.js +201 -6
  88. package/dist/core/cross-project.js +230 -16
  89. package/dist/core/default-profiles/doctor.yaml +11 -0
  90. package/dist/core/default-profiles/janitor.yaml +11 -0
  91. package/dist/core/default-profiles/onboarder.yaml +11 -0
  92. package/dist/core/default-profiles/reviewer.yaml +13 -0
  93. package/dist/core/dispatcher.js +1189 -0
  94. package/dist/core/duplicates.js +2 -2
  95. package/dist/core/entity-operations.js +450 -0
  96. package/dist/core/entity-registry.js +344 -0
  97. package/dist/core/event-log.js +1 -0
  98. package/dist/core/events.js +106 -2
  99. package/dist/core/execution-adapters.js +154 -0
  100. package/dist/core/execution-context.js +63 -0
  101. package/dist/core/execution-profile.js +270 -0
  102. package/dist/core/execution.js +255 -0
  103. package/dist/core/facade-schema.js +81 -0
  104. package/dist/core/federation-cloud.js +99 -0
  105. package/dist/core/federation-message.js +52 -0
  106. package/dist/core/federation-transport.js +65 -0
  107. package/dist/core/gc-semantic.js +482 -0
  108. package/dist/core/governance.js +247 -0
  109. package/dist/core/guards.js +19 -0
  110. package/dist/core/ideation.js +72 -0
  111. package/dist/core/identity.js +252 -28
  112. package/dist/core/ids.js +6 -0
  113. package/dist/core/input-validation.js +2 -2
  114. package/dist/core/instruction-templates.js +344 -136
  115. package/dist/core/io.js +90 -11
  116. package/dist/core/lock.js +6 -2
  117. package/dist/core/loops/brief-assembly.js +213 -0
  118. package/dist/core/loops/facade-schema.js +148 -0
  119. package/dist/core/loops/index.js +7 -0
  120. package/dist/core/loops/iteration-engine.js +139 -0
  121. package/dist/core/loops/lock.js +385 -0
  122. package/dist/core/loops/store.js +201 -0
  123. package/dist/core/loops/types.js +403 -0
  124. package/dist/core/loops/verbs.js +534 -0
  125. package/dist/core/markdown.js +15 -3
  126. package/dist/core/memory-compactor.js +432 -0
  127. package/dist/core/memory-git.js +152 -8
  128. package/dist/core/messaging.js +278 -0
  129. package/dist/core/migration.js +32 -1
  130. package/dist/core/mutation-pipeline.js +4 -2
  131. package/dist/core/operations/memory-mutation.js +129 -0
  132. package/dist/core/operations/memory-write.js +78 -0
  133. package/dist/core/operations/plan.js +190 -0
  134. package/dist/core/policy.js +169 -0
  135. package/dist/core/repo-analysis.js +67 -0
  136. package/dist/core/reputation.js +9 -3
  137. package/dist/core/schema.js +546 -21
  138. package/dist/core/search.js +21 -2
  139. package/dist/core/security-cache.js +71 -0
  140. package/dist/core/security-guard.js +152 -0
  141. package/dist/core/security-scoring.js +86 -0
  142. package/dist/core/sequence.js +130 -0
  143. package/dist/core/socket-client.js +113 -0
  144. package/dist/core/staleness.js +246 -0
  145. package/dist/core/state.js +98 -22
  146. package/dist/core/store-resolution.js +54 -12
  147. package/dist/core/toml-writer.js +76 -0
  148. package/dist/core/upgrades/backup.js +232 -0
  149. package/dist/core/upgrades/health-check.js +169 -0
  150. package/dist/core/upgrades/patches/candidate-archive.js +145 -0
  151. package/dist/core/upgrades/patches/handoff-review-strip.js +128 -0
  152. package/dist/core/upgrades/patches/provenance-rollout.js +136 -0
  153. package/dist/core/upgrades/schema-version.js +97 -0
  154. package/dist/core/worktree.js +606 -0
  155. package/dist/facts.js +114 -0
  156. package/dist/facts.json +111 -0
  157. package/docs/architecture/project-refs.md +5 -1
  158. package/docs/cli.md +690 -43
  159. package/docs/concepts/ideation-loop.md +317 -0
  160. package/docs/concepts/loop-engine.md +456 -0
  161. package/docs/concepts/mcp-governance.md +268 -0
  162. package/docs/concepts/memory-staleness.md +122 -0
  163. package/docs/concepts/multi-agent-workflows.md +166 -0
  164. package/docs/concepts/plans-and-claims.md +31 -6
  165. package/docs/concepts/project-md-convention.md +35 -0
  166. package/docs/concepts/troubleshooting.md +220 -0
  167. package/docs/concepts/upgrade-cli.md +202 -0
  168. package/docs/concepts/upgrade-dogfood-procedure.md +114 -0
  169. package/docs/context-format-changelog.md +2 -2
  170. package/docs/context-format.md +2 -2
  171. package/docs/index.md +68 -0
  172. package/docs/integrations/agents.md +15 -16
  173. package/docs/integrations/cline.md +88 -0
  174. package/docs/integrations/codex.md +75 -23
  175. package/docs/integrations/continue.md +60 -0
  176. package/docs/integrations/copilot.md +67 -9
  177. package/docs/integrations/kilocode.md +72 -0
  178. package/docs/integrations/mcp.md +304 -21
  179. package/docs/integrations/mistral-vibe.md +122 -0
  180. package/docs/integrations/opencode.md +84 -0
  181. package/docs/integrations/overview.md +23 -8
  182. package/docs/integrations/roo.md +74 -0
  183. package/docs/integrations/windsurf.md +83 -0
  184. package/docs/mcp-schema-changelog.md +191 -1
  185. package/docs/playbooks/integration/index.md +121 -0
  186. package/docs/playbooks/productivity/index.md +102 -0
  187. package/docs/playbooks/team/index.md +122 -0
  188. package/docs/product/agent-first-model.md +184 -0
  189. package/docs/product/entity-model-audit.md +462 -0
  190. package/docs/quickstart-existing-project.md +135 -0
  191. package/docs/quickstart.md +124 -37
  192. package/docs/release-maintenance.md +79 -0
  193. package/docs/review.md +2 -0
  194. package/docs/server-operations.md +118 -0
  195. package/package.json +20 -12
  196. package/dist/commands/claude-desktop-extension.js +0 -18
  197. package/dist/commands/diff.js +0 -99
  198. package/dist/core/claude-desktop-extension.js +0 -224
@@ -0,0 +1,220 @@
1
+ # Troubleshooting & recovery
2
+
3
+ Runbook for the most common ways a brainclaw workspace gets into a degraded state during multi-agent coordination, and how to bring it back. Symptoms first, causes second, remediation third — pattern-matchable when you don't have time to read the whole page.
4
+
5
+ This is **operator-facing**: it assumes you can run CLI commands. Agents you orchestrate don't read this page; you do, when something stalls.
6
+
7
+ ## Quick-reference cheatsheet
8
+
9
+ | Symptom | First-line check | First-line fix |
10
+ |---|---|---|
11
+ | Agent crashed, claim still active | `brainclaw claim list` | `brainclaw claim release <id>` (or `brainclaw stale resolve <id>`) |
12
+ | Plan stuck `in_progress` for days | `brainclaw stale list` | `brainclaw stale resolve <plan_id>` (transitions to `dropped`) |
13
+ | Dispatched worker finished without committing | `git -C <worktree> status` | manually `git add` + `git commit` in the worktree, then merge |
14
+ | `Cannot find module 'mcp-worker.js'` | `brainclaw doctor` | `brainclaw doctor --repair` |
15
+ | Octopus merge fails on parallel lanes | `git status` | merge lanes one-by-one, resolve conflicts, then proceed |
16
+ | `.brainclaw/` schema looks corrupt | `brainclaw doctor --after-migration` | `brainclaw upgrade --rollback` (restores last backup) |
17
+ | Inbox messages stuck / not delivered | `brainclaw inbox list` | `brainclaw inbox ack <id>` or check `bclaw_assignment_events` |
18
+ | `bclaw_work` returns 25k-token error | n/a | already mitigated since v1.0.14 (compact mode default); pass `compact: true` if older clients |
19
+ | Stale runtime notes flood `bclaw_context` | `brainclaw stale list` | `brainclaw stale resolve <id>` per noisy item |
20
+
21
+ If your symptom isn't here, jump to the relevant section below or run `brainclaw doctor --json` and inspect the `checks` array.
22
+
23
+ ---
24
+
25
+ ## Stale claims after a crashed agent
26
+
27
+ **Symptom**: an agent died (credit limit, terminal closed, network drop). Other agents see the scope as held and refuse to claim it.
28
+
29
+ **Why**: claims are advisory locks with a TTL, but expiry is not enforced by a daemon — it surfaces only when something queries it. So a crashed agent's claim stays "active" until someone runs a check.
30
+
31
+ **Fix**:
32
+
33
+ ```bash
34
+ # See what's stale (uses the staleness scoring from src/core/staleness.ts)
35
+ brainclaw stale list
36
+
37
+ # Release a specific stale claim
38
+ brainclaw claim release <claim_id>
39
+
40
+ # Or, for any stale entity (plan, handoff, candidate, runtime_note, claim),
41
+ # trigger the canonical action:
42
+ brainclaw stale resolve <id>
43
+ ```
44
+
45
+ `stale resolve` dispatches to the right transition per entity:
46
+ - claim → release
47
+ - plan → `bclaw_transition(entity="plan", to="dropped")`
48
+ - handoff → `bclaw_transition(entity="handoff", to="closed")`
49
+ - candidate → `bclaw_transition(entity="candidate", to="rejected")`
50
+ - trap → `bclaw_transition(entity="trap", to="resolved")`
51
+ - runtime_note → `bclaw_remove(entity="runtime_note", id=…)`
52
+
53
+ **Prevention**: agents that respect the protocol call `bclaw_session_end(auto_release: true)` on exit, which releases all their claims. This is the recommended default in every dispatch brief.
54
+
55
+ ---
56
+
57
+ ## Dispatched worker finished work but never committed
58
+
59
+ **Symptom**: a sequence's lane shows the worker as "task_complete" in the run log, but `git -C <worktree-path> status` shows uncommitted changes.
60
+
61
+ **Why**: some agents (notably codex when running in `--sandbox workspace-write`) sometimes finish editing without ever creating a git commit — they exit on `task_complete` from the prompt without the wrap-up step. The brief-ack file confirms the spawn *started*, not that it *committed*. See `trp#178`.
62
+
63
+ **Fix** (manual harvest):
64
+
65
+ ```bash
66
+ # 1. Locate the worktree
67
+ git worktree list | grep feat/pln_<lane_id>
68
+
69
+ # 2. cd into it, inspect the work
70
+ cd ~/.brainclaw/worktrees/<project-hash>/feat_pln_xxxx
71
+ git status
72
+ git diff --stat
73
+
74
+ # 3. Stage + commit with a clear message that references the plan id
75
+ git add <files>
76
+ git commit -m "feat(<scope>): <summary> (pln#<id>)"
77
+
78
+ # 4. Back on master, octopus-merge as usual
79
+ cd <main repo>
80
+ git merge --no-ff feat/pln_xxxx -m "merge: <description>"
81
+ ```
82
+
83
+ **Prevention**: every dispatch brief targeting agents prone to this pattern (notably codex) should include explicit commit instructions at the end, e.g. *"When done editing, stage your changes and create a commit with a clear message referencing the plan id (e.g. `feat(scope): summary (pln#XXX)`). Do not stop until the commit exists."*
84
+
85
+ ---
86
+
87
+ ## MCP runtime corrupted (mcp-worker.js missing)
88
+
89
+ **Symptom**: `MCP error -32603: Cannot find module 'mcp-worker.js'` or the server logs `MCP runtime corrupted (mcp-worker.js missing)` on startup.
90
+
91
+ **Why**: `dist/` was wiped or partially deleted. Common causes: a `git merge` that triggered worktree cleanup before pln#477 landed, an `npm run clean:dist` followed by an interrupted build, or filesystem-level corruption.
92
+
93
+ **Fix**:
94
+
95
+ ```bash
96
+ brainclaw doctor --repair
97
+ ```
98
+
99
+ This rebuilds `dist/` from `src/` (TypeScript compile + copy default profiles) and validates by running `node dist/cli.js --version`. The repair also writes `dist/.brainclaw-build.json` so subsequent runs can do a stale-check (compare `src_hash` vs `dist_hash`).
100
+
101
+ **If `--repair` fails**: it usually means `node_modules` is also damaged. Run a clean `npm install` first, then re-run `brainclaw doctor --repair`.
102
+
103
+ **Note**: read-only MCP handlers stay available in-process even when the worker is missing (since pln#478) — so basic `bclaw_context` and `bclaw_find` calls still respond, but anything requiring the worker (most write operations) returns `runtime_corrupted` with a repair pointer.
104
+
105
+ ---
106
+
107
+ ## Octopus merge fails on parallel lanes
108
+
109
+ **Symptom**: after a sequenced parallel dispatch finishes, you run `git merge --no-ff lane1 lane2 lane3 -m "merge: …"` and git refuses with conflict markers.
110
+
111
+ **Why**: octopus merges only succeed when the lanes touch disjoint files. If two lanes wrote to the same file, octopus aborts and you must merge them sequentially.
112
+
113
+ **Fix**:
114
+
115
+ ```bash
116
+ # Cancel the failed octopus
117
+ git merge --abort
118
+
119
+ # Merge lanes one at a time, resolving conflicts as needed
120
+ git merge --no-ff lane1
121
+ # (resolve any conflicts, commit)
122
+ git merge --no-ff lane2
123
+ # (resolve any conflicts, commit)
124
+ git merge --no-ff lane3
125
+ ```
126
+
127
+ **Prevention**: when defining a sequence, choose lane scopes that minimize file overlap. Use `hard_after` dependencies for lanes that genuinely need to land in order. The dispatcher does not itself enforce disjoint scopes — that's the caller's responsibility when designing the sequence.
128
+
129
+ ---
130
+
131
+ ## `.brainclaw/` looks corrupted (schema drift, malformed JSON)
132
+
133
+ **Symptom**: `bclaw_doctor` reports `state is invalid: <ZodError>` or files in `.brainclaw/memory/` fail to parse.
134
+
135
+ **Why**: usually a half-written file from an interrupted write (process killed mid-write), a migration that didn't complete, or a manual edit that introduced syntax errors. `brainclaw upgrade --rollback` exists precisely for this case.
136
+
137
+ **Fix**:
138
+
139
+ ```bash
140
+ # 1. Inspect what's wrong
141
+ brainclaw doctor --after-migration
142
+
143
+ # 2. If the most recent migration is the cause, roll back
144
+ brainclaw upgrade --rollback
145
+ # This restores the last backup at <store>.bak-<iso-ts>/ and parks the
146
+ # current corrupted store at <store>.rollback-<iso-ts>/ for inspection.
147
+
148
+ # 3. If a single file is corrupted (and rollback is too aggressive),
149
+ # inspect the parked rollback dir and copy individual files back manually.
150
+ ```
151
+
152
+ **Prevention**: brainclaw takes a backup before every `upgrade` run (see `docs/concepts/upgrade-cli.md`). For non-upgrade scenarios, rely on git: `.brainclaw/` is git-versioned by default, so `git log` and `git checkout <prev>` recover any committed state.
153
+
154
+ ---
155
+
156
+ ## Plan stuck `in_progress`
157
+
158
+ **Symptom**: a plan has been marked `in_progress` for days with no commits or claim activity.
159
+
160
+ **Why**: the agent that started it crashed, was rerouted, or simply forgot to transition to `done` / `blocked` / `dropped`.
161
+
162
+ **Fix**:
163
+
164
+ ```bash
165
+ # Survey
166
+ brainclaw stale list # plan_in_progress flagged after 7 days by default
167
+
168
+ # Decide based on context
169
+ brainclaw stale resolve <plan_id> # → dropped (default for stale)
170
+ # or, via canonical grammar, transition to a different terminal state:
171
+ # bclaw_transition(entity="plan", id="<plan_id>", to="done")
172
+ # bclaw_transition(entity="plan", id="<plan_id>", to="blocked")
173
+ ```
174
+
175
+ **Threshold tuning**: defaults live in `src/core/staleness.ts`. A config-driven override is on the roadmap (open follow-up); for now you adjust the source file if 7 days is too aggressive for your project.
176
+
177
+ ---
178
+
179
+ ## Inbox messages stuck / brief-ack never arrived
180
+
181
+ **Symptom**: a dispatched assignment shows `running` indefinitely, and `bclaw_assignment_events` shows `run_running` but no further progress.
182
+
183
+ **Why**: the spawned worker process either (a) crashed before reading its inbox, (b) read the inbox but couldn't acknowledge (e.g., MCP unavailable inside the spawned sandbox — common with codex `--sandbox workspace-write`), or (c) is genuinely still working but slow.
184
+
185
+ **Diagnostic order**:
186
+
187
+ ```bash
188
+ # 1. Is the worker process still alive?
189
+ ps -ef | grep <agent-binary> # codex, claude, copilot, …
190
+
191
+ # 2. Did the brief-ack file land?
192
+ ls .brainclaw/coordination/runtime/ack/<assignment_id>.ack
193
+ # If yes → spawn started, worker is somewhere in its loop
194
+ # If no → spawn never started or died before the wrap shell ran touch
195
+
196
+ # 3. Inspect the worktree for activity
197
+ git -C <worktree> log --oneline -5
198
+ git -C <worktree> status
199
+
200
+ # 4. Check the run log
201
+ brainclaw inbox list --agent <agent>
202
+ # or via MCP: bclaw_assignment_events(assignmentId="<id>")
203
+ ```
204
+
205
+ **Fix paths**:
206
+ - Worker dead, no ack → reroute via `bclaw_coordinate(intent="reroute", …)` to another agent
207
+ - Worker dead, ack present, work uncommitted → manual harvest (see "Dispatched worker finished without committing" above)
208
+ - Worker still alive but slow → wait, or `kill` and reroute
209
+
210
+ **Brief-ack TTL** is configurable via `BRAINCLAW_HANDSHAKE_TIMEOUT_MS` (default 30s since pln#475+#476). Past that, the dispatcher times the spawn out and surfaces the failure in the assignment events log.
211
+
212
+ ---
213
+
214
+ ## See also
215
+
216
+ - [`docs/concepts/memory-staleness.md`](memory-staleness.md) — staleness signals and resolve flow in depth
217
+ - [`docs/concepts/loop-engine.md`](loop-engine.md) — multi-turn loops (review-fix), recovery semantics for in-flight loops
218
+ - [`docs/concepts/upgrade-cli.md`](upgrade-cli.md) — `brainclaw upgrade` design + rollback path
219
+ - [`docs/cli.md`](../cli.md) — full command reference for `doctor`, `stale`, `claim`, `upgrade`, `inbox`, `worktree`
220
+ - [`docs/concepts/multi-agent-workflows.md`](multi-agent-workflows.md) — happy-path coordination patterns (the inverse of this page)
@@ -0,0 +1,202 @@
1
+ # `brainclaw upgrade` — store schema upgrade CLI
2
+
3
+ Design for the CLI command that upgrades a `.brainclaw/` store to a
4
+ newer schema version (first target: 1.0 = MCP schema 0.8.0 final
5
+ step). Hard prerequisite before the Phase 3 grammar refactor
6
+ (`pln_c6472192`) can start.
7
+
8
+ **Extension, not new command.** `brainclaw upgrade` already exists
9
+ for store housekeeping (entity-dir migration, Zod schema doc
10
+ migration on load, managed agent-file refresh, optional
11
+ `--self-update` of the binary). The v1.0 work extends this command
12
+ with three additions:
13
+
14
+ 1. `--to <version>` — run the one-shot v1.0 patches (candidate
15
+ archive, handoff review-strip, provenance rollout) on top of the
16
+ housekeeping work. Idempotent — re-running after success is a
17
+ no-op.
18
+ 2. `--backup` — create a timestamped backup before any write
19
+ (safety net reusable for *any* upgrade run, not only v1.0).
20
+ 3. `--rollback` — restore the most recent backup, park the current
21
+ live store for inspection.
22
+
23
+ **Distinct from `brainclaw migrate`.** `migrate` remains recurring
24
+ memory housekeeping (moves misplaced items between stores). It is
25
+ orthogonal to schema progression and stays untouched.
26
+
27
+ Tracked under `pln_bc6e88cc` / step `stp_3a866463`.
28
+
29
+ ## Goals
30
+
31
+ - One authoritative command to move any existing store from schema
32
+ 0.6.x → 0.8.0 (covers all post-consult patches: P6.1 tombstone,
33
+ P6.3 provenance, P6.6 candidate archive, handoff review-field
34
+ strip).
35
+ - Safe by default: dry-run first, backup before any write, health
36
+ check after apply, rollback path when things go wrong.
37
+ - Idempotent: running migrate twice on a store already at the target
38
+ schema is a no-op (exit 0, no writes).
39
+ - Dogfoodable on real stores (this machine + monorepo test server)
40
+ before Phase 3 unblocks.
41
+
42
+ ## Command surface
43
+
44
+ ```
45
+ brainclaw upgrade [options]
46
+
47
+ Options:
48
+ --to <version> Target schema (default: 1.0). Must match a
49
+ known migration path from current schema.
50
+ --dry-run Simulate all stages, print diff summary,
51
+ perform no writes. Exits non-zero if issues
52
+ are found that would abort a real run.
53
+ --backup-dir <path> Backup destination (default:
54
+ `<store>/../<store-name>.bak-<iso-ts>/`).
55
+ Ignored with --dry-run and --rollback.
56
+ --rollback Restore the most recent backup for this
57
+ store, then refuse to proceed if the schema
58
+ version after restore does not match a
59
+ known pre-migration state.
60
+ --store <path> Store root (default: auto-resolved via
61
+ existing store chain).
62
+ --yes Skip the final confirmation prompt.
63
+ --verbose Per-record mutation log (default: summary
64
+ only).
65
+ --json Machine-readable summary on stdout. Errors
66
+ still go to stderr as text.
67
+ ```
68
+
69
+ Sub-command shape matches existing CLI conventions (`brainclaw
70
+ bootstrap`, `brainclaw doctor`, `brainclaw setup`). Implementation
71
+ lives in `src/commands/migrate.ts`; registration in `src/cli.ts`.
72
+
73
+ ## Execution pipeline
74
+
75
+ Every stage runs in order. Any stage failing aborts the run *before*
76
+ any writes are committed (except when already past the backup stage —
77
+ then rollback is the recovery path).
78
+
79
+ 1. **Resolve store.** Find `.brainclaw/` via the usual chain; refuse
80
+ to operate on a non-store directory.
81
+ 2. **Read current schema version.** From
82
+ `.brainclaw/schema-version.json` if present, else infer from store
83
+ shape (handoffs with `review` field → pre-migration). Refuse if
84
+ ambiguous — require operator to pin `--from-schema`.
85
+ 3. **Plan.** Compute the set of patches to apply (P6.1, P6.3, P6.6,
86
+ handoff strip, SCHEMA_VERSION bumps). Each patch knows its
87
+ pre-condition (does this store need it?) and post-condition (what
88
+ does the store look like after).
89
+ 4. **Pre-flight checks.** Read-only validation pass:
90
+ - All memory records deserialize under the current schema.
91
+ - No live claims (would be invalidated by the migration).
92
+ - Store not on a schema version newer than the target (refuse
93
+ down-migration).
94
+ - Free disk space ≥ 2× store size (for backup).
95
+ 5. **Print plan.** Human-readable summary of what will change (N
96
+ candidates archived, M handoffs stripped, K records stamped with
97
+ legacy provenance). With `--dry-run`, stop here.
98
+ 6. **Confirm.** Prompt unless `--yes`. Shows backup destination.
99
+ 7. **Backup.** Atomic copy `.brainclaw/` → `<backup-dir>/`. Write a
100
+ manifest (`backup.json`) with original path, timestamp, schema
101
+ version, brainclaw version.
102
+ 8. **Apply patches.** Each patch is a function `(store) => void`
103
+ working on an in-memory representation. All patches run against
104
+ one snapshot, then the result is committed atomically via
105
+ rename-based write to a `.brainclaw.new/` sibling, then swap.
106
+ 9. **Bump schema version.** Write `schema-version.json` with history
107
+ trail:
108
+ ```json
109
+ {
110
+ "current": "0.8.0",
111
+ "history": [
112
+ { "from": "0.6.0", "to": "0.8.0", "at": "2026-04-18T...",
113
+ "patches": ["candidate_archive", "handoff_strip",
114
+ "provenance_legacy_stamp"] }
115
+ ]
116
+ }
117
+ ```
118
+ 10. **Health check.** Run `brainclaw doctor --after-migration` as a
119
+ subprocess. If it exits non-zero, print the doctor output, leave
120
+ the backup in place, suggest `brainclaw upgrade --rollback`. Do
121
+ not attempt auto-rollback — the operator decides.
122
+ 11. **Summary.** Lines changed, backup path, next suggested command
123
+ (`brainclaw doctor`, or if dogfood phase, the Phase 3 plan id).
124
+
125
+ ## Rollback path
126
+
127
+ `brainclaw upgrade --rollback` resolves the most recent backup for
128
+ the store, validates its manifest, then does an atomic swap:
129
+
130
+ 1. Rename `.brainclaw/` → `.brainclaw.rollback-<ts>/` (kept for
131
+ inspection, deleted after 7 days by a future `brainclaw clean`).
132
+ 2. Copy `<backup>/` → `.brainclaw/`.
133
+ 3. Verify `schema-version.json` matches the pre-migration state
134
+ declared in the backup manifest. Refuse if mismatch.
135
+ 4. Print "rolled back to schema <version>".
136
+
137
+ Rollback is the recovery action, not an automatic fallback. Automatic
138
+ rollback would mask migration bugs we need to see.
139
+
140
+ ## Idempotency
141
+
142
+ Running `brainclaw upgrade` on a store already at the target schema:
143
+
144
+ - Pre-flight detects current == target.
145
+ - Plan stage produces zero patches.
146
+ - Prints "already on schema 0.8.0, nothing to do" and exits 0.
147
+ - No backup, no writes.
148
+
149
+ Running with a partial schema version (e.g., 0.7.0, after a prior
150
+ migration interrupted) resumes from the first un-applied patch.
151
+
152
+ ## Failure modes
153
+
154
+ | Mode | Detection | Recovery |
155
+ |---|---|---|
156
+ | Disk full during backup | `copy` write fails | Abort before any schema write; original store untouched. |
157
+ | Patch throws mid-run | Exception in apply stage | Abort before atomic swap; original store untouched. |
158
+ | Atomic swap fails | rename() fails (antivirus, lock) | `.brainclaw.new/` persists; operator can inspect and retry. |
159
+ | Doctor post-check fails | doctor exits non-zero | Store is on new schema but invalid; operator inspects + runs `--rollback`. |
160
+ | Rollback manifest missing | No `backup.json` | Refuse rollback. Operator restores manually. |
161
+
162
+ No silent recovery. Every failure leaves a diagnosable trail.
163
+
164
+ ## Patch catalogue (v1.0 scope)
165
+
166
+ Each patch is a named, independently testable unit:
167
+
168
+ - **`candidate_archive`** (P6.6) — move `.brainclaw/memory/candidates/`
169
+ items to `.brainclaw/archive/candidates/<migration-date>/` with
170
+ manifest.
171
+ - **`handoff_review_strip`** (groundwork for P6.1) — remove `review`
172
+ sub-object from existing handoffs.
173
+ - **`provenance_legacy_stamp`** (P6.3) — stamp
174
+ `provenance: { kind: 'legacy' }` on pre-existing memory records.
175
+ Infer `auto_reflect` for items already tagged `source=auto`.
176
+ - **`schema_version_marker`** — write `.brainclaw/schema-version.json`
177
+ with history trail.
178
+
179
+ Future patches add to the catalogue; each declares its source schema
180
+ and target schema, so the planner stitches a path.
181
+
182
+ ## Open implementation questions
183
+
184
+ - Should `migrate` live under the `bootstrap` family or as a top-level
185
+ command? Leaning top-level — the action is orthogonal to setup.
186
+ - Do we gate migration on `brainclaw --version` matching a known
187
+ "migration-capable" range? For now yes: if the binary is older than
188
+ 0.63.0 it refuses to migrate to schema 0.8.0.
189
+ - Where do the patch implementations live? Proposal:
190
+ `src/core/migrations/<name>.ts`, registered in
191
+ `src/core/migrations/index.ts`, discoverable for tests.
192
+
193
+ ## Acceptance criteria (step `stp_3a866463`)
194
+
195
+ - [x] Command surface documented (flags, exit codes, streaming
196
+ semantics).
197
+ - [x] Execution pipeline defined stage-by-stage with failure semantics.
198
+ - [x] Idempotency and rollback behaviours specified.
199
+ - [x] Patch catalogue enumerated with source/target schemas.
200
+ - [x] Open questions captured for implementation follow-up.
201
+
202
+ Next step: implement the backup pass (`stp_b41a3bcc`).
@@ -0,0 +1,114 @@
1
+ # `brainclaw upgrade --to=1.0` — dogfood procedure
2
+
3
+ Step 9 of `pln_bc6e88cc`. Runs the v1.0 schema upgrade on real stores
4
+ before `feat/phase-3-canonical-grammar` (`pln_c6472192`) can start.
5
+
6
+ ## Prerequisites
7
+
8
+ - CLI built from latest master: `npm run dev`.
9
+ - Store to migrate has an accessible `.brainclaw/` (any depth).
10
+ - **No agents actively writing** to the store during the upgrade
11
+ — the transaction lock will serialize but aborted writes can
12
+ leave half-written JSON that the patches will refuse on read.
13
+ - Disk space: roughly 2× the current `.brainclaw/` size (for the
14
+ backup snapshot).
15
+
16
+ ## Procedure
17
+
18
+ ### 1. Dry-run
19
+
20
+ ```
21
+ node dist/cli.js upgrade --to=1.0 --dry-run
22
+ ```
23
+
24
+ Expected output (not a strict match — counts will differ per store):
25
+
26
+ - `(dry run — would create backup before upgrade)`
27
+ - `(dry run — would archive N pending candidate(s) to …/archive/candidates/<date>)`
28
+ - `(dry run — would strip review from N handoff(s) out of M scanned)`
29
+ - `(dry run — would stamp legacy provenance on N of M record(s))`
30
+ - `(dry run — would bump schema 0.6.0 → 0.8.0)`
31
+ - Plus any housekeeping actions from the pre-existing `upgrade` path
32
+ (legacy → entity dir moves, Zod schema doc migrations, agent file
33
+ refreshes).
34
+
35
+ **Abort conditions** — do not proceed if the dry-run:
36
+ - Reports any action the operator does not recognise or expect.
37
+ - Throws an unhandled exception (a `ZodError` during the archive
38
+ pass, for instance, is a schema resilience regression).
39
+
40
+ ### 2. Apply
41
+
42
+ ```
43
+ node dist/cli.js upgrade --to=1.0
44
+ ```
45
+
46
+ The real run does the following in order under the store-wide lock:
47
+
48
+ 1. Creates a backup at `<parent>/.brainclaw.bak-<iso-ts>/` with a
49
+ manifest carrying the store's prior schema version.
50
+ 2. Archives pending candidates into
51
+ `.brainclaw/archive/candidates/<YYYY-MM-DD>/` with a typed
52
+ manifest. Legacy candidates that fail the current Zod schema are
53
+ still archived; the manifest records the parse error.
54
+ 3. Strips the `review` sub-object from every handoff that carries
55
+ one. Logs each mutation at
56
+ `.brainclaw/archive/migrations/<YYYY-MM-DD>/handoff-review-strip.json`.
57
+ 4. Stamps `provenance: { kind: 'legacy' }` on every memory record
58
+ (decision / constraint / trap / handoff / runtime_note) that
59
+ lacks a valid v1 provenance. Logs at
60
+ `.brainclaw/archive/migrations/<YYYY-MM-DD>/provenance-rollout.json`.
61
+ 5. Writes `.brainclaw/schema-version.json` with `current: 0.8.0`
62
+ and a history entry listing the patches applied.
63
+ 6. Runs the existing upgrade housekeeping (entity dir moves,
64
+ schema doc Zod migrations, agent file refreshes, MCP config
65
+ patching).
66
+ 7. Commits the memory repo if initialised.
67
+
68
+ ### 3. Health check
69
+
70
+ ```
71
+ node dist/cli.js doctor --after-migration
72
+ ```
73
+
74
+ Exits non-zero on any failure. Expected green checks:
75
+
76
+ - `[provenance]` All N memory record(s) carry a valid provenance field.
77
+ - `[handoff_review]` No handoff carries a `review` sub-object.
78
+ - `[candidate_archive]` No pending candidates remain at
79
+ `coordination/inbox/` root.
80
+ - `[schema_version]` Store is at schema 0.8.0.
81
+
82
+ ### 4. Spot-check
83
+
84
+ - Open a few records in `.brainclaw/memory/decisions/` — every
85
+ file should end with `"provenance": { "kind": "legacy" }`.
86
+ - Confirm `.brainclaw/schema-version.json` exists and shows
87
+ `current: "0.8.0"` plus one history entry.
88
+ - Confirm `.brainclaw/coordination/inbox/` has no `*.json` at the
89
+ root (only `accepted/` and `rejected/` subdirs).
90
+
91
+ ## Rollback
92
+
93
+ If anything looks wrong:
94
+
95
+ ```
96
+ node dist/cli.js upgrade --rollback
97
+ ```
98
+
99
+ Restores the most recent backup and parks the current live store at
100
+ `<parent>/.brainclaw.rollback-<iso-ts>/`. The parked tree is kept
101
+ for manual inspection; delete it when you have confirmed rollback is
102
+ complete.
103
+
104
+ ## Dogfood sign-off
105
+
106
+ The dogfood gate is considered passed once:
107
+
108
+ - [ ] This machine's store migrated cleanly + doctor green.
109
+ - [ ] Monorepo test server store migrated cleanly + doctor green.
110
+ - [ ] No manual intervention was needed beyond what this doc lists.
111
+
112
+ Once both checkmarks are ticked, `pln_c6472192` (Phase 3 grammar
113
+ refactor) can start. Capture any manual interventions inline in this
114
+ doc for future operators.
@@ -1,12 +1,12 @@
1
1
  # Context Format Changelog
2
2
 
3
- ## 1.3
3
+ ## 1.3 (planned / not yet emitted as `context_schema`)
4
4
 
5
5
  - Added `available_capabilities` field to structured context containing registered project capabilities with metadata (id, name, category)
6
6
  - Added `available_tools` field to structured context containing registered project tools with metadata (id, name, type)
7
7
  - Enhanced text output to include "Available Capabilities" and "Available Tools" sections when metadata is present
8
8
  - Added discovery hints pointing users to `bclaw_get_capabilities`, `bclaw_list_tools`, and `bclaw_search_tools` MCP tools
9
- - Kept the contract additive and backward-compatible with `1.2`
9
+ - These fields are currently additive enrichments around the `1.2` contract; update `CONTEXT_SCHEMA_VERSION` before treating this section as the shipped schema version
10
10
 
11
11
  ## 1.2
12
12
 
@@ -1,6 +1,6 @@
1
1
  # Context Format
2
2
 
3
- `brainclaw context` and `bclaw_get_context` expose a versioned public contract for agent consumers.
3
+ `brainclaw context` (CLI) and `bclaw_context` (MCP) expose a versioned public contract for agent consumers.
4
4
 
5
5
  Current version: `1.2`
6
6
 
@@ -26,7 +26,7 @@ Current version: `1.2`
26
26
 
27
27
  ## `1.2` additions over `1.1`
28
28
 
29
- - `context_diff` is available for session-aware deltas through `brainclaw context --since-session` and `bclaw_get_context`.
29
+ - `context_diff` is available for session-aware deltas through `brainclaw context --since-session` (CLI) and `bclaw_context(kind="delta", since=<session_id>)` (MCP).
30
30
  - `context_schema: 1.2` is emitted across JSON, markdown, template, and MCP structured content.
31
31
 
32
32
  ## `1.1` additions over `1.0`
package/docs/index.md ADDED
@@ -0,0 +1,68 @@
1
+ # Documentation Index
2
+
3
+ Use this page as the entry point into the packaged Markdown documentation.
4
+
5
+ ## Getting Started
6
+
7
+ - [quickstart.md](quickstart.md) — fastest onboarding path for a new project (greenfield)
8
+ - [quickstart-existing-project.md](quickstart-existing-project.md) — joining a project that already has `.brainclaw/`
9
+ - [server-operations.md](server-operations.md) — remote server, DGX, SSH, and multi-project operator workflow
10
+ - [integrations/overview.md](integrations/overview.md) — integration model by agent surface
11
+
12
+ ## Guides
13
+
14
+ - [integrations/mcp.md](integrations/mcp.md) — recommended runtime path for MCP-capable agents
15
+ - [integrations/agents.md](integrations/agents.md) — agent integration principles and setup details
16
+ - [release-maintenance.md](release-maintenance.md) — release checklist for CLI/MCP/context-schema changes
17
+ - [review.md](review.md) — reflective workflow and candidate promotion
18
+ - [storage.md](storage.md) — storage model and canonical vs derived state
19
+ - [security.md](security.md) — security model and guardrails
20
+
21
+ ## Concepts
22
+
23
+ - [concepts/memory.md](concepts/memory.md)
24
+ - [concepts/plans-and-claims.md](concepts/plans-and-claims.md)
25
+ - [concepts/runtime-notes.md](concepts/runtime-notes.md)
26
+ - [concepts/coordination.md](concepts/coordination.md)
27
+ - [concepts/multi-agent-workflows.md](concepts/multi-agent-workflows.md)
28
+ - [concepts/workspace-bootstrapping.md](concepts/workspace-bootstrapping.md)
29
+ - [concepts/troubleshooting.md](concepts/troubleshooting.md) — runbook for degraded coordination state
30
+ - [concepts/memory-staleness.md](concepts/memory-staleness.md)
31
+ - [concepts/loop-engine.md](concepts/loop-engine.md)
32
+ - [concepts/ideation-loop.md](concepts/ideation-loop.md) — memory-confrontation ideation loop (v1.5.0+)
33
+ - [concepts/mcp-governance.md](concepts/mcp-governance.md)
34
+
35
+ ## Reference
36
+
37
+ - [cli.md](cli.md) — CLI reference
38
+ - [context-format.md](context-format.md) — public context contract
39
+ - [context-format-changelog.md](context-format-changelog.md)
40
+ - [mcp-schema-changelog.md](mcp-schema-changelog.md)
41
+
42
+ ## Agent-Specific Notes
43
+
44
+ - [integrations/claude-code.md](integrations/claude-code.md)
45
+ - [integrations/codex.md](integrations/codex.md)
46
+ - [integrations/cursor.md](integrations/cursor.md)
47
+ - [integrations/copilot.md](integrations/copilot.md)
48
+ - [integrations/continue.md](integrations/continue.md)
49
+ - [integrations/roo.md](integrations/roo.md)
50
+ - [integrations/windsurf.md](integrations/windsurf.md)
51
+ - [integrations/opencode.md](integrations/opencode.md)
52
+ - [integrations/kilocode.md](integrations/kilocode.md)
53
+ - [integrations/mistral-vibe.md](integrations/mistral-vibe.md)
54
+ - [integrations/openclaw.md](integrations/openclaw.md)
55
+
56
+ ## Audience Design Constraints
57
+
58
+ Internal design reference — constraints that guide brainclaw development per target audience.
59
+
60
+ - [playbooks/productivity/](playbooks/productivity/index.md) — end-users & solo devs
61
+ - [playbooks/team/](playbooks/team/index.md) — teams & ops
62
+ - [playbooks/integration/](playbooks/integration/index.md) — AI builders
63
+
64
+ ## Design And Proposals
65
+
66
+ - [architecture/project-refs.md](architecture/project-refs.md) — target navigation model, not the fully shipped surface
67
+ - [product/positioning.md](product/positioning.md)
68
+ - [adapters/openclaw.md](adapters/openclaw.md)