ltcai 1.3.0 → 1.5.0

package/README.md

@@ -15,7 +15,7 @@
 
   <br/>
 
-  <img src="https://raw.githubusercontent.com/TaeSooPark-PTS/LatticeAI/main/docs/images/lattice-ai-demo.gif" alt="Lattice AI demo showing chat, knowledge graph, and admin dashboard" width="100%"/>
+  <img src="docs/images/hero.gif" alt="Lattice AI — AI Workspace OS for local-first graph, memory, and agents" width="100%"/>
 </div>
 
 ---
@@ -36,74 +36,28 @@ Automatic knowledge graph
 Graph-aware chat, snapshots, memory, agents, workflows, skills, and timeline
 ```
 
-### New in 1.3.0: Server App Decomposition
-
-- **server_app.py decomposition** — model/engine and MCP/skills/plugins
-  endpoints extracted into `latticeai/api/models.py` and `latticeai/api/mcp.py`
-  (~5,948 → ~5,382 lines)
-- **Safety validation suite** — a route-compatibility snapshot (209 paths) plus
-  import/startup, streaming-contract, and model/MCP/KG checks, built before the
-  move so no endpoint can silently change
-- **Compatibility preserved** — all API paths, request/response schemas, the
-  `server:app` import path, CLI, UI, KG/Admin/Security routers, and VS Code
-  integration are unchanged
-
-### New in 1.2.0: Server App Modularization
-
-- **server_app.py modularized** — Workspace/Organization and health/engine
-  endpoints extracted into dedicated routers (`latticeai/api/*`) backed by a
-  service layer (`latticeai/services/*`); `server_app` is now app assembly +
-  router include (~6,585 → ~5,948 lines)
-- **Routers / services split** — `create_workspace_router`,
-  `create_health_router`, `WorkspaceService`, `ModelService`, `ChatService`
-- **Workspace API service layer** — scope resolution and role/permission checks
-  centralized in `WorkspaceService`
-- **Workspace / org guardrails** — non-members can't read/write org data,
-  viewers can't write, owners/admins manage members; no-auth local owner
-  fallback preserved
-- **Health / model / chat modularization** — `/health`, `/mode`,
-  `/runtime_features`, `/engines` via the health router; chat trace recording
-  via the chat service (streaming behavior unchanged)
-- **Compatibility preserved** — `server:app` import path, all API routes, CLI,
-  Knowledge Graph / Admin / Security routers, and VS Code integration unchanged
-
-### New in 1.1.0: Organization Workspace Foundation
-
-- **Organization Workspace** alongside Personal Workspace — create shared org
-  workspaces, list/switch between them, and archive (non-destructively)
-- **Workspace roles & permissions** — `owner`, `admin`, `member`, `viewer`
-  mapped to read / write / manage-members / manage-workspace
-- **Workspace-scoped data** — snapshots, memory, agent runs, workflows, traces,
-  and timeline carry a `workspace_id`; reads scope via the `X-Workspace-Id` header
-- **CI / release hardening** — Node.js 24 ready workflow, version-scoped
-  artifact upload (never `dist/*`), and a release artifact validator
-- **Enterprise extension foundation (open-core)** — a stable seam for a future
-  Enterprise plugin; Community ships everything it has today, unrestricted
-  (see [docs/ENTERPRISE.md](docs/ENTERPRISE.md) and
-  [docs/EDITION_STRATEGY.md](docs/EDITION_STRATEGY.md))
-
-### New in 1.0.0: AI Workspace OS
-
-- Workspace OS command center at `/workspace`
-- First-run onboarding state API and UI
-- Graph RAG answer traces with sources, nodes, edges, confidence, and jump links
-- Local indexing dashboard with watcher state, success/failure counts, pause/resume/remove
-- Workspace snapshots, Time Machine views, export, and Knowledge Diff
-- Personal memory CRUD/search linked back to the graph
-- Multi-agent graph entities and agent run history
-- Relationship Explorer for inbound, outbound, related entities, and shortest path
-- Local Computer Memory remains OFF by default and requires explicit approval
-- Skill Marketplace registry with install, uninstall, update, enable, disable, and version state
-- Workflow Graph for upload -> summarize -> generate -> export style work histories
-- VS Code commands for Explain Selection, Refactor Selection, Generate Tests, Send To Lattice, and Ask About Current File
-
-### Built for people who want
-
-- a private AI workspace that runs from their own machine
-- local model setup without hunting through many tools
-- folder indexing that becomes useful AI memory
-- a visual knowledge graph instead of disconnected files and chats
-- optional team/admin controls for audit, permissions, and sensitive-data monitoring
+## Why Lattice AI?
+
+- **Local-first by default** — models, data, and your knowledge graph stay on your machine (`~/.ltcai/`); cloud is strictly opt-in.
+- **Memory that compounds** — every chat, file, and folder you approve becomes durable, searchable context instead of being forgotten.
+- **A graph, not a pile of files** — people, projects, documents, decisions, and tasks are linked automatically and explored visually.
+- **One workspace, everywhere** — the same local knowledge powers the web UI, VS Code / Cursor, Telegram, and MCP clients.
+- **Built-in governance** — Personal and Organization workspaces, roles, an audit timeline, and sensitive-data monitoring for teams.
+
+## Core Capabilities
+
+| Capability | What it does |
+|---|---|
+| 🧠 Automatic knowledge graph | Turns chats, files, and folders into linked nodes and edges, curated automatically |
+| 💬 Graph-aware chat & agents | Answers and multi-step agents grounded in your indexed local memory |
+| 🖥️ Local model recommendation | Scans your hardware and rates each model **Recommended / Compatible / Not Recommended** |
+| 🗂️ Workspaces & roles | Personal and Organization workspaces with owner / admin / member / viewer permissions |
+| 🧩 Skills & MCP | Install skills and connect MCP tools from the in-product marketplace |
+| 🔒 Admin & security | Audit timeline, permission approvals, sensitive-data detection, exportable reports |
+
+<div align="center">
+  <img src="docs/images/onboarding.png" alt="Onboarding flow: install, system scan, model recommendation, workspace, indexing, knowledge graph, first chat" width="100%"/>
+</div>
 
 ---
 
@@ -165,6 +119,20 @@ LTCAI
 
 ---
 
+## Architecture
+
+`server:app` stays a thin compatibility entrypoint; the FastAPI app is assembled in
+`latticeai/server_app.py`, and the work lives in focused API routers, a service
+layer, and core modules — so the app shell never grows monolithic again.
+
+<div align="center">
+  <img src="docs/images/architecture.png" alt="Lattice AI architecture — entrypoint, API routers, services, core, local engines and knowledge graph" width="100%"/>
+</div>
+
+See [docs/architecture.md](docs/architecture.md) for request and data-flow detail.
+
+---
+
 ## Product Preview
 
 <table>
@@ -187,6 +155,44 @@ LTCAI
 </tr>
 </table>
 
+> Screenshots above are the live web UI. The diagrams below map the product
+> experience to the current v1.5.0 structure.
+
+---
+
+## Product Experience
+
+### Local model recommendation
+
+Lattice AI detects your OS, CPU, GPU, RAM, and disk, then rates every local model
+**Recommended**, **Compatible**, or **Not Recommended** for your machine — grouped
+by family (Gemma, Qwen, Llama, Phi, DeepSeek, and more).
+
+<div align="center">
+  <img src="docs/images/model-recommendation.png" alt="Tri-state local model recommendation grouped by family" width="100%"/>
+</div>
+
+### Workspaces & organization
+
+Switch instantly between a **Personal** workspace and shared **Organization**
+workspaces. Org data is scoped by `workspace_id`, and `owner / admin / member /
+viewer` roles map to a transparent permission matrix.
+
+<div align="center">
+  <img src="docs/images/workspace.png" alt="Personal and Organization workspace model" width="49%"/>
+  <img src="docs/images/organization.png" alt="Organization roles and permission matrix" width="49%"/>
+</div>
+
+### Knowledge graph & skills
+
+Your work becomes a typed knowledge graph (built automatically), and skills extend
+the workspace through an in-product marketplace.
+
+<div align="center">
+  <img src="docs/images/graph.png" alt="Knowledge graph node and edge taxonomy" width="49%"/>
+  <img src="docs/images/skills.png" alt="Skill marketplace: recommended, popular, installed, updates" width="49%"/>
+</div>
+
 ---
 
 ## Why it is different
@@ -327,18 +333,24 @@ Supported routes include OpenAI-compatible APIs, OpenRouter, Groq, Together, xAI
 
 ## Current release
 
-**0.6.0** completes the runtime / registry / config extraction sprint:
-
-- `server.py` is now a thin compatibility entrypoint; FastAPI app assembly lives
-  in `latticeai.server_app`
-- tool dispatch, governance, permission views, MCP descriptions, and prompt
-  catalog metadata are centralized in `ToolRegistry`
-- agent role prompts are split into `latticeai.core.agent_prompts`, while
-  `AgentRuntime` remains the injected state-machine core
+**1.5.0 — Unified Product Release.** Onboarding, model recommendation, and CI
+stabilization in one release:
+
+- **CI / VSIX recovery** — the stale `@azure/core-tracing` lockfile pin that
+  broke `npm ci` (ETARGET) is regenerated, so the VSIX build is green again
+- **Local model recommendation** — a hardware-aware engine
+  (`latticeai/services/model_recommendation.py`) classifies the model catalog as
+  Recommended / Compatible / Not Recommended, exposed at `/models/recommendations`
+- **Catalog extraction** — the static model catalog moved to
+  `latticeai/services/model_catalog.py`, simplifying `model_runtime.py`
+- **Enterprise PoC seam** — admin policy / audit-export / SIEM-stub / org-settings
+  surfaces consult the capability registry (Community keeps everything ungated)
+- **Documentation & visuals** — README rewritten as a product page with an
+  up-to-date architecture diagram and structural visuals
 - Python package, npm package, VS Code extension, FastAPI app, and `/health`
-  version metadata are aligned at `0.6.0`
+  version metadata are aligned at `1.5.0`
 
-See the full [changelog](docs/CHANGELOG.md).
+See the full [changelog](docs/CHANGELOG.md) and [RELEASE.md](RELEASE.md).
 
 ---
 
@@ -527,6 +539,20 @@ Full reference: [docs/mcp-tools.md](docs/mcp-tools.md)
 
 ---
 
+## Documentation
+
+| Doc | What's inside |
+|---|---|
+| [docs/architecture.md](docs/architecture.md) | App structure, request and data flow |
+| [docs/CHANGELOG.md](docs/CHANGELOG.md) | Full version history |
+| [RELEASE.md](RELEASE.md) | Release notes and the build/publish checklist |
+| [SECURITY.md](SECURITY.md) | Security model and vulnerability reporting |
+| [docs/ENTERPRISE.md](docs/ENTERPRISE.md) · [docs/EDITION_STRATEGY.md](docs/EDITION_STRATEGY.md) | Open-core boundary and edition strategy |
+| [docs/kg-schema.md](docs/kg-schema.md) · [docs/mcp-tools.md](docs/mcp-tools.md) | Knowledge graph schema and MCP tool catalog |
+| [docs/privacy.md](docs/privacy.md) · [docs/public-deploy.md](docs/public-deploy.md) · [docs/OPERATIONS.md](docs/OPERATIONS.md) | Privacy, public deployment, operations |
+
+---
+
 ## Contributing
 
 See [CONTRIBUTING.md](CONTRIBUTING.md). Issues and pull requests are welcome.

package/docs/CHANGELOG.md

@@ -1,5 +1,114 @@
 # Changelog
 
+## [1.5.0] - 2026-06-01
+
+> Unified Product Release — CI/VSIX recovery, hardware-aware local model
+> recommendation, model-catalog extraction, an Enterprise PoC seam, and a
+> product-page README with an up-to-date architecture diagram. The public route
+> contract, schemas, `server:app`, CLI, UI, and VS Code integration are
+> unchanged.
+
+### Fixed
+
+- **VSIX / `npm ci` (ETARGET)** — `vscode-extension/package-lock.json` pinned a
+  non-existent `@azure/core-tracing@^1.4.0` (the registry's latest is `1.3.1`),
+  breaking `npm ci` and the GitHub Actions VSIX build. The lockfile is
+  regenerated so the published `^1.3.0` ranges resolve; `npm ci` → `npm run
+  compile` → `vsce package` is green again.
+
+### Added
+
+- **Local model recommendation** — `latticeai/services/model_recommendation.py`
+  classifies the model catalog into **recommended / compatible / not_recommended**
+  from a detected system profile (OS/RAM/CPU/GPU/disk), grouped by family
+  (Gemma, Qwen, Llama, Phi, DeepSeek, …). Exposed at `GET /models/recommendations`
+  and folded into `/workspace/onboarding/model-recommendations` as a `catalog`
+  field. Covered by `tests/unit/test_model_recommendation.py`.
+- **Enterprise PoC surfaces** — `latticeai/core/enterprise_admin.py` plus
+  `GET /admin/enterprise` and `GET /admin/enterprise/siem-export` provide admin
+  policy, audit-export, SIEM-export-stub, and organization-settings views built
+  on the existing capability seam. Community reports every Enterprise capability
+  as disabled and never gates a Community feature
+  (`tests/unit/test_enterprise_admin.py`).
+- **DeepSeek family** — added to the Ollama and llama.cpp catalogs with
+  identifiers chosen so the version-dedup filter is unaffected.
+
+### Changed
+
+- **Model catalog extraction** — the static catalog (`ENGINE_MODEL_CATALOG`,
+  `ENGINE_INSTALLERS`, `MODEL_ENGINE_ALIASES`) and the pure version-dedup helpers
+  moved to `latticeai/services/model_catalog.py`, re-exported by `model_runtime`
+  for backward compatibility. `model_runtime.py` shrank from 1,973 to 1,721 lines
+  (`tests/unit/test_model_catalog.py` pins the re-export identity).
+- **README rewritten as a product page** — Why / Core Capabilities / Quick Start
+  / Architecture / Current Release / Documentation, with structural diagrams
+  (`docs/images/*`) and a current architecture diagram. Historical "New in 1.x"
+  marketing blocks were removed from the README top (this changelog remains the
+  version history).
+- Python package, npm package, VS Code extension, FastAPI app, and `/health`
+  version metadata aligned at `1.5.0`.
+
+### Validation
+
+- 266 unit tests pass; route-compatibility, import/startup, streaming, model
+  endpoint, MCP/KG contract tests preserved; `npm run check:python` green; VSIX
+  build verified. Test/build/packaging artifacts only — no package-store publish.
+
+## [1.4.0] - 2026-05-31
+
+> Server App Final Decomposition — chat, model runtime, tools/local/CU,
+> permissions/upload, garden/setup/static, MCP, and KG glue extracted while
+> preserving the public route contract.
+
+### Added
+
+- **Final decomposition guard** —
+  `tests/unit/test_server_app_v14_decomposition.py` asserts
+  `latticeai/server_app.py` stays under the 1,500-line target, new routers and
+  services import independently, and version metadata is aligned.
+- **New routers** — `latticeai/api/chat.py`, `latticeai/api/tools.py`,
+  `latticeai/api/computer_use.py`, `latticeai/api/local_files.py`,
+  `latticeai/api/permissions.py`, `latticeai/api/garden.py`,
+  `latticeai/api/setup.py`, `latticeai/api/static_routes.py`, plus
+  `latticeai/api/deps.py`.
+- **New service seams** — `latticeai/services/model_runtime.py`,
+  `latticeai/services/tool_dispatch.py`, `latticeai/services/upload_service.py`,
+  and
+  `latticeai/services/app_context.py`.
+
+### Changed
+
+- **server_app.py final decomposition** — reduced from 5,381 lines to 1,303
+  lines. The file now owns FastAPI construction, lifespan, middleware, static
+  mount, router wiring, and compatibility globals only.
+- **Chat/history/agent extracted** — `/chat`, `/history*`, `/agent*`, streaming
+  generator, document-generation session handling, Graph RAG trace recording,
+  and AgentRuntime wiring moved to `latticeai/api/chat.py` with behavior and
+  SSE chunk format preserved.
+- **Model runtime/provider extracted** — provider catalogs, engine aliases,
+  install/download/pull/load/unload helpers, prepare-model streaming,
+  compatibility smoke tests, runtime feature payloads, and cloud verification
+  moved to `latticeai/services/model_runtime.py`.
+- **Tools/local/CU/permissions/upload extracted** — `/tools/*` moved to
+  `latticeai/api/tools.py`, `/local/*` and KG/local-knowledge router glue moved
+  to `latticeai/api/local_files.py`, `/cu/*` moved to
+  `latticeai/api/computer_use.py`, `/permissions/*` moved to
+  `latticeai/api/permissions.py`, and `/upload/document` now delegates to
+  `latticeai/services/upload_service.py`.
+- **Garden/setup/static routes extracted** — `/garden*`, `/setup*`,
+  `/permissions/open/*`, `/`, `/account`, `/chat`, `/admin`, `/status`,
+  `/manifest.json`, `/sw.js`, and `/local/sysinfo` moved to dedicated routers.
+- **Docs and release metadata aligned** — README current release conflict fixed,
+  SECURITY supported versions updated, package metadata bumped to `1.4.0`, and
+  publish docs avoid unsafe `dist/*` upload commands.
+
+### Validation
+
+- Route compatibility snapshot, import/startup checks, chat streaming contract,
+  model endpoint presence, MCP/KG presence, v1.4 line-count/import/version
+  guard, unit/integration suites, Python build, VSIX package, npm pack, twine
+  check, and release artifact validation all pass for `1.4.0`.
+
 ## [1.3.0] - 2026-05-31
 
 > Server app decomposition (phase 3) — safety-net suite first, then model & MCP router extraction.

package/latticeai/__init__.py

@@ -1,3 +1,3 @@
 """Lattice AI - modular server package."""
 
-__version__ = "1.3.0"
+__version__ = "1.5.0"

package/latticeai/api/admin.py

@@ -184,4 +184,21 @@ def create_admin_router(
         )
         return public_sso_config(saved)
 
+    @router.get("/admin/enterprise")
+    async def admin_enterprise_overview(request: Request):
+        """Enterprise PoC surface: edition matrix, admin policies, audit export,
+        SIEM stub, and org-governance capabilities. Community reports every
+        Enterprise capability as disabled and never gates Community features."""
+        require_admin(request)
+        from latticeai.core.enterprise_admin import poc_overview
+        return poc_overview()
+
+    @router.get("/admin/enterprise/siem-export")
+    async def admin_enterprise_siem_export(request: Request):
+        """Preview the SIEM export envelope. In Community this is a stub
+        (``streamed=false``) — no events are pushed to an external SIEM."""
+        require_admin(request)
+        from latticeai.core.enterprise_admin import siem_export_stub
+        return siem_export_stub()
+
     return router