ltcai 2.2.1 → 2.2.7

package/docs/CHANGELOG.md

@@ -1,5 +1,77 @@
 # Changelog
 
+## [2.2.7] - 2026-06-05
+
+> Visual Stabilization Release — browser-rendered screens were reviewed and
+> polished until Chat, onboarding, graph, Workspace OS, and operational panels
+> felt like one product.
+
+### Fixed
+
+- **Chat composer haze** — removed the dark-mode white/milky bottom composer
+  effect and the legacy inner textarea border; the shell now owns the focus
+  state and the attachment/send controls stay readable.
+- **Knowledge Graph canvas** — replaced the washed-out light graph work surface
+  with an intentional dark canvas treatment.
+- **Workspace OS dark surfaces** — relationship/list cards, inputs, tags,
+  health cards, and capability cards no longer fall back to hardcoded white.
+- **Onboarding/modals** — workspace select, PC environment analysis,
+  recommendation result, auto setup, mode select, pipeline, My Computer,
+  profile, settings, Private VPC, and model-state panels now share the same
+  dark panel language.
+- **Account dark contrast** — account/register logo text, inputs, and window
+  controls remain readable in dark mode.
+
+### Changed
+
+- **Cache-busting** — all versioned frontend assets now use `?v=2.2.7`,
+  including `/static/scripts/chat.js?v=2.2.7`.
+- **Version sync** — Python package, npm package, VS Code extension, Workspace
+  OS, lockfiles, and runtime metadata aligned at `2.2.7`.
+
+### Validation
+
+- Release target includes Python compile/pytest, npm lint/typecheck/test/build,
+  Python build + twine check, npm pack, VSIX package, and Playwright visual QA.
+- Package-store publishing remains manual; release artifacts are version-scoped
+  and must use exact `2.2.7` filenames.
+
+## [2.2.5] - 2026-06-04
+
+> Release Hygiene Hotfix — dark-mode overlay clarity, modal state protection,
+> static asset version alignment, favicon routing, and Telegram log redaction.
+
+### Added
+
+- **Modal manager** — Chat overlays now share one blocking-modal controller with
+  Escape close, backdrop close, pagehide/navigation cleanup, and body scroll-lock
+  restoration.
+- **Favicon asset** — `static/favicon.ico` is packaged and served by
+  `/favicon.ico`.
+- **Sensitive-log helper** — Telegram bot tokens are normalized to
+  `bot123:REDACTED` before HTTP, exception, or response text reaches logs.
+- **Validation coverage** — unit tests for token masking and static release
+  hygiene, plus Playwright checks for modal stack behavior and favicon response.
+
+### Changed
+
+- **Overlay theme tokens** — full-screen overlays use `--overlay-scrim` and no
+  blur-heavy backdrop, preventing washed-out dark-mode UI.
+- **Surface token coverage** — modal, drawer, file manager, My Computer,
+  onboarding, model switcher, pipeline, and admin surfaces are remapped to
+  semantic tokens (`--modal`, `--surface`, `--surface-elevated`, `--input`).
+- **Cache-busting** — all versioned frontend assets now use `?v=2.2.5`, including
+  `/static/scripts/chat.js?v=2.2.5`.
+- **Version sync** — Python package, npm package, VS Code extension, Workspace
+  OS, lockfiles, and runtime metadata aligned at `2.2.5`.
+
+### Validation
+
+- Release target includes Python compile/pytest, npm lint/typecheck/test/build,
+  Python build + twine check, npm pack, VSIX package, and Playwright visual QA.
+- Package-store publishing remains manual; release artifacts are version-scoped
+  and must use exact `2.2.5` filenames.
+
 ## [2.2.1] - 2026-06-04
 
 > Frontend / UX Overhaul Release — Lattice AI keeps feature behavior stable
@@ -30,6 +102,11 @@
   plain language.
 - **Manual release scripts** — local publish scripts now build exact-version
   artifacts before upload and validate the same artifact set used by CI.
+- **Marketplace positioning** — README, VS Code Marketplace/Open VSX README,
+  npm metadata, VSIX metadata, and release copy now use the local-first AI
+  workspace / AI pipeline / Knowledge Graph / multi-agent workflow positioning.
+- **Release media refresh** — v2.2.1 screenshots and demo GIF regenerated from
+  the live local app under `docs/images/`.
 
 ### Validation
 
@@ -58,7 +135,7 @@
 ### Changed
 
 - **README / architecture rewrite** — current docs now describe Lattice AI as an
-  AI Knowledge OS rather than a chat app or model launcher.
+  AI Knowledge Graph workspace rather than a chat app or model launcher.
 - **Multimodal recommendation logic** — local recommendation catalogs and setup
   flows use current multimodal model families only: Gemma 4, Qwen3-VL, and
   Llama 4.
@@ -122,7 +199,7 @@
 
 ### Changed
 
-- Python package, npm package, VS Code extension, Workspace OS, FastAPI app, and
+- Python package, npm package, VS Code extension, workspace, FastAPI app, and
   `/health` version metadata aligned at `2.1.0`.
 - Multi-Agent Runtime, Plugin SDK, Workflow Engine, and Realtime surface
   versions now report `2.1.0`.
@@ -139,13 +216,13 @@
 
 ## [2.0.0] - 2026-06-01
 
-> Agentic Workspace Platform — Lattice AI becomes a local-first **Agentic
+> Multi-Agent Workflow Platform — Lattice AI becomes a local-first **Agentic
 > Workspace Platform** with four integrated subsystems: Plugin SDK, Workflow
 > Designer, Multi-Agent Runtime 2.0, and Realtime Collaboration. Backward
 > compatible and additive: API paths/schemas, `server:app`,
 > `latticeai.server_app.app`, CLI, Workspace/Chat/Model/MCP/KG APIs, existing
 > skills/snapshots/memories/agent & workflow history, and VS Code extension
-> commands remain stable. New Workspace OS state keys (`plugin_registry`,
+> commands remain stable. New workspace state keys (`plugin_registry`,
 > `workflow_runs`) are backfilled on load via deep-merge — no destructive
 > migration.
 
@@ -173,7 +250,7 @@
   `/agents/api/*`, page `/agents`.
 - **Realtime Collaboration** (`latticeai/core/realtime.py`,
   `latticeai/api/realtime.py`) — in-process pub/sub bus, presence, and an
-  activity feed over SSE. Wired as the Workspace OS `event_sink`, so every
+  activity feed over SSE. Wired as the workspace `event_sink`, so every
   timeline event flows to the feed automatically. Workspace isolation enforced;
   single-user local mode preserved. Routes `/realtime/stream` (SSE),
   `/realtime/feed`, `/realtime/presence*`, page `/activity`.
@@ -191,7 +268,7 @@
 
 ### Changed
 
-- Python package, npm package, VS Code extension, Workspace OS, FastAPI app, and
+- Python package, npm package, VS Code extension, workspace, FastAPI app, and
   `/health` version metadata aligned at `2.0.0`.
 - `server_app` cross-system wiring extracted into
   `latticeai/services/platform_runtime.py` to keep the assembly file lean.
@@ -234,7 +311,7 @@
 
 ### Changed
 
-- Python package, npm package, VS Code extension, Workspace OS, FastAPI app, and
+- Python package, npm package, VS Code extension, workspace, FastAPI app, and
   `/health` version metadata aligned at `1.7.0`.
 - CI package validation is version-scoped instead of a broad `dist/*` check.
 
@@ -255,7 +332,7 @@
 
 ### Added
 
-- **Knowledge Graph Explorer (Workspace OS)** — an Entity Explorer (importance-
+- **Knowledge Graph Explorer (workspace)** — an Entity Explorer (importance-
   ranked entity cards + search) with a detail panel showing inbound/outbound
   relationships, related entities, and the shortest path back to you; plus a
   Recent Activity feed and a Workspace Memory feed. Built entirely on the existing
@@ -271,7 +348,7 @@
 - **Skill Marketplace tabs** — Recommended / Popular / Installed / Updates tabs
   with version, category, and source, plus install / enable / disable actions on
   the existing skill lifecycle API.
-- **Enterprise capability panel** — a 12-capability status matrix in Workspace OS
+- **Enterprise capability panel** — a 12-capability status matrix in the workspace
   (Community reports all disabled; nothing gates a Community feature).
 
 ### Changed
@@ -373,7 +450,7 @@
   lines. The file now owns FastAPI construction, lifespan, middleware, static
   mount, router wiring, and compatibility globals only.
 - **Chat/history/agent extracted** — `/chat`, `/history*`, `/agent*`, streaming
-  generator, document-generation session handling, Graph RAG trace recording,
+  generator, document-generation session handling, Knowledge Graph context trace recording,
   and AgentRuntime wiring moved to `latticeai/api/chat.py` with behavior and
   SSE chunk format preserved.
 - **Model runtime/provider extracted** — provider catalogs, engine aliases,
@@ -449,7 +526,7 @@
 
 - **server_app.py modularization (phase 2)** — reduced
   `latticeai/server_app.py` from ~6,585 to ~5,948 lines by extracting the
-  Workspace OS / Organization API and the health/engine-summary endpoints into
+  workspace / Organization API and the health/engine-summary endpoints into
   dedicated routers backed by a new service layer. `server_app` now focuses on
   app assembly, lifespan, middleware, and router include. The historical
   `server:app` import path, all API paths, and request/response shapes are
@@ -496,7 +573,7 @@
 
 ### Added
 
-- **Organization Workspace foundation** — Workspace OS now distinguishes
+- **Organization Workspace foundation** — workspace now distinguishes
   `personal` and `organization` workspace types. A full workspace model
   (`workspace_id`, `name`, `type`, `owner_user_id`, `members`, `roles`,
   `settings`, `created_at`, `updated_at`, `status`) is stored in the existing
@@ -524,9 +601,9 @@
   verifies that exactly the expected `whl`/`tar.gz`/`vsix`/`tgz` exist for a
   single version, that internal versions match, that the VSIX contains
   `extension/out/extension.js`, and warns when `dist/` mixes other versions.
-- **Workspace OS UI** — Personal/Organization workspace switcher, current
+- **workspace UI** — Personal/Organization workspace switcher, current
   workspace indicator, and a minimal organization create / member / role panel
-  wired into the existing Workspace OS command center.
+  wired into the existing workspace command center.
 
 ### Changed
 
@@ -535,7 +612,7 @@
   `actions/setup-node@v5`, `actions/setup-python@v6`. Artifact upload and
   `twine check` are now scoped to the tagged version only — never a `dist/*`
   glob — and the build runs the release artifact validator before upload.
-- Existing 1.0.x Workspace OS state is migrated non-destructively to the v1.1
+- Existing 1.0.x workspace state is migrated non-destructively to the v1.1
   workspace model on load; legacy records map to the Personal workspace.
 - Release metadata aligned to `1.1.0` across Python, npm, VS Code extension,
   FastAPI app metadata, and `/health`.
@@ -563,18 +640,18 @@
 
 ## [1.0.0] - 2026-05-31
 
-> AI Workspace OS integration release.
+> AI workspace integration release.
 
 ### Added
 
-- **Workspace OS foundation** — new `/workspace` UI and `/workspace/*` API surface
+- **workspace foundation** — new `/workspace` UI and `/workspace/*` API surface
   organize LatticeAI around Graph, Snapshot, Memory, Agent, Workflow, Skills,
   and Timeline areas while preserving existing chat, graph, admin, CLI, and MCP
   compatibility.
 - **First-run onboarding wizard** — reentrant step state, completion API,
   hardware scan, model recommendations, folder connection state, and recovery
   from failed/skipped steps.
-- **Graph RAG answer trace** — each generated answer records source files,
+- **Knowledge Graph context answer trace** — each generated answer records source files,
   graph nodes, graph edges, confidence, retrieval metadata, graph jumps, and
   source jumps.
 - **Local indexing dashboard** — indexed folder status, watcher state, success
@@ -594,7 +671,7 @@
 - **Local Computer Memory** — defaults OFF, requires explicit approval, tracks
   activity summaries only after consent, and links approved records to graph.
 - **Skill Marketplace registry** — install, uninstall, update, enable, disable,
-  version tracking, and metadata state surfaced in Workspace OS.
+  version tracking, and metadata state surfaced in the workspace.
 - **Workflow Graph** — stores workflow timelines and searchable workflow graphs
   for repeatable actions such as Upload -> Summarize -> Generate -> Export.
 - **VS Code workflow** — added Refactor Selection, Generate Tests, Send To
@@ -1142,7 +1219,7 @@ latticeai/
 `언급함` · `포함함` · `해결함` · `의존함` · `설명함` · `비교함` · `사용함` · `연결함` · `확장함` · `생성함` · `대체함` · `지원함` · `발생함` · `관련됨` · `작성함` · `업로드함`
 
 **핵심 개선**
-- `_extract_concepts()` — 고유명사·복합어·기술 용어 추출 (Lattice AI, Graph RAG, VS Code 등)
+- `_extract_concepts()` — 고유명사·복합어·기술 용어 추출 (Lattice AI, Knowledge Graph context, VS Code 등)
 - `_classify_node_type()` — 개념별 노드 타입 자동 분류 (윈도우 컨텍스트 기반)
 - `_infer_edge()` — 문장 내 동사·조사 패턴으로 엣지 레이블 자동 결정
 - `_extract_triples()` — 문장 단위 개념 쌍 → (주어, 동사, 목적어) 트리플 추출
@@ -1230,7 +1307,7 @@ latticeai/
 #### VS Code 익스텐션 메타데이터 개선
 - **카테고리** `Other` → `AI, Machine Learning, Chat, Other` (Marketplace 검색 노출 증가)
 - **키워드** 8개 → 16개 추가 (`copilot`, `apple-silicon`, `groq`, `graph-rag` 등)
-- **설명 문구** 구체화 — 핵심 차별점(MLX, MCP, Graph RAG, zero telemetry) 명시
+- **설명 문구** 구체화 — 핵심 차별점(MLX, MCP, Knowledge Graph context, local-first data handling) 명시
 - **익스텐션 README 전면 재작성** — 기능표 · 빠른 시작 · 단축키 · 지원 모델 · 설정 · 비교표 포함
 
 #### 리포지터리 정리
@@ -1290,7 +1367,7 @@ latticeai/
   - clear 동작을 `ClearEvent` 노드로 그래프에 기록 (언제 누가 clear 했는지 감사 추적)
 - **민감정보 검사** — 문서 업로드 텍스트를 감사 로그에 기록
 
-### Graph RAG / Data Graph
+### Knowledge Graph context / Data Graph
 
 - **한국어 단어 검색 개선** — 2글자 키워드(`문서`, `모델` 등) RAG 검색 누락 문제 수정
 - **`graph.html` 독립 페이지 유지** — 채팅 사이드바 `Data Graph` 버튼으로 연결, New Chat 버튼은 대화 검색 아래로 이동
@@ -1587,7 +1664,7 @@ latticeai/
 
 ### Added
 - **Data Graph** — 채팅·AI 답변·업로드 문서를 SQLite 지식 그래프로 자동 구조화, `/graph`에서 Canvas 기반 Force-directed 시각화
-- **Graph RAG** — 그래프 검색 결과를 채팅 컨텍스트에 자동 주입하여 이전 대화·문서 참조 능력 강화
+- **Knowledge Graph context** — 그래프 검색 결과를 채팅 컨텍스트에 자동 주입하여 이전 대화·문서 참조 능력 강화
 - **Telegram 원격 제어** — 인라인 키보드 메뉴로 상태 조회, 모델 관리, 스크린샷, 그래프 통계, 문서 업로드 등 원격 제어
 - `knowledge_graph.py` — KnowledgeGraphStore (node/edge/chunk/event), `ingest_message()`, `ingest_document()`, `context_for_query()`, `search()`, `neighbors()`
 - `static/graph.html` — 타입별 색상, 줌/패닝, 핀치 줌, 이웃 하이라이트, 노드 상세 정보, 채팅 연결 링크

package/docs/EDITION_STRATEGY.md

@@ -5,12 +5,12 @@ the boundary stays predictable for contributors and users.
 
 ## Editions
 
-- **Community** — this repository, MIT licensed. Local-first **Agentic Workspace
-  Platform**: local LLMs, knowledge graph, Personal **and** Organization
-  workspaces, role-based membership, snapshots, memory, agents, workflows,
-  skills, the auditable timeline, and the full v2.0 platform — **Plugin SDK**,
-  **Workflow Designer**, **Multi-Agent Runtime 2.0**, and **Realtime
-  Collaboration**. Community is a complete product.
+- **Community** — this repository, MIT licensed. Local-first **AI workspace
+  platform**: local models, knowledge graph, Personal **and** Organization
+  workspaces, role-based membership, snapshots, durable context, AI pipelines,
+  multi-agent workflows, skills, the auditable timeline, and the full v2
+  platform — **Plugin SDK**, **Workflow Designer**, **Multi-Agent Runtime**, and
+  **Realtime Collaboration**. Community is a complete product.
 - **Enterprise** — a separately-distributed plugin adding organization-scale
   governance, identity, compliance, and deployment capabilities. Distributed and
   licensed separately. See [ENTERPRISE.md](ENTERPRISE.md).
@@ -40,7 +40,7 @@ the boundary stays predictable for contributors and users.
 |--------|------------------------|------------------------|
 | Personal & Organization workspaces | ✅ | — |
 | Base roles (owner/admin/member/viewer) | ✅ | — |
-| Snapshots / memory / agents / workflows / skills | ✅ | — |
+| Snapshots / durable context / AI pipelines / multi-agent workflows / skills | ✅ | — |
 | Plugin SDK (manifest, lifecycle, permission boundary) | ✅ | RBAC/ABAC over plugin permissions |
 | Workflow Designer (build/run/run-history) | ✅ | Org approval gates, scheduled triggers |
 | Multi-Agent Runtime 2.0 (roles/handoff/retry) | ✅ | Policy-bounded autonomous runs |
@@ -55,7 +55,7 @@ the boundary stays predictable for contributors and users.
 ## Detecting edition at runtime
 
 - `GET /workspace/editions` → edition + per-capability matrix.
-- `GET /workspace/os` → `edition` block in the Workspace OS summary.
+- `GET /workspace/os` → `edition` block in the workspace summary.
 - `/admin#enterprise` → Admin policy, audit export, SIEM preview,
   organization settings, and capability status UI.
 - `GET /admin/enterprise` and `GET /admin/enterprise/siem-export` → descriptive

package/docs/ENTERPRISE.md

@@ -8,10 +8,10 @@
 Lattice AI follows an **open-core** model:
 
 - **Community** (this repository, MIT) is fully functional on its own: local
-  LLMs, knowledge graph, Personal and Organization workspaces, roles, snapshots,
-  memory, agents, workflows, skills, the auditable timeline, and the full v2.0
-  Agentic Workspace Platform (Plugin SDK, Workflow Designer, Multi-Agent Runtime
-  2.0, Realtime Collaboration).
+  models, knowledge graph, Personal and Organization workspaces, roles,
+  snapshots, durable context, AI pipelines, multi-agent workflows, skills, the
+  auditable timeline, and the full v2 workspace platform (Plugin SDK, Workflow
+  Designer, Multi-Agent Runtime, Realtime Collaboration).
 - **Enterprise** is a separately-distributed plugin that attaches advanced,
   organization-scale governance and deployment capabilities through a stable
   runtime seam. It is never bundled into the Community build.
@@ -36,7 +36,7 @@ Community code consults the seam at extension points via
 always `False`, so the Community code path is taken and nothing is gated off.
 
 The live edition + capability matrix is exposed at `GET /workspace/editions`,
-surfaced in the Workspace OS summary (`GET /workspace/os` → `edition`), and
+surfaced in the workspace summary (`GET /workspace/os` → `edition`), and
 shown in the Enterprise Admin UI at `/admin#enterprise`.
 
 Community also exposes descriptive admin surfaces at `GET /admin/enterprise`

package/docs/PLUGIN_SDK.md

@@ -14,7 +14,7 @@ through the existing skill registry rather than owning a parallel one.
 
 > **Compatibility.** v1.x data and APIs are preserved. The Plugin SDK adds new
 > code (`latticeai/core/plugins.py`, `latticeai/api/plugins.py`) and new
-> persisted state (`plugin_registry` inside the Workspace OS store). Nothing in
+> persisted state (`plugin_registry` inside the workspace store). Nothing in
 > the v1.x contract changes. The new HTTP routes live under `/plugins/registry`
 > and friends, which do **not** collide with the pre-existing
 > `/plugins/directory` marketplace routes.
@@ -28,7 +28,7 @@ PLUGIN_SDK_VERSION = "2.2.0"
 ## v2.2 additions
 
 - `execute_action(...)` emits `plugin_started`, `plugin_completed`, and
-  `execution_failed` through the existing Workspace OS timeline/realtime feed.
+  `execution_failed` through the existing workspace timeline/realtime feed.
 - Plugin outputs can be carried inside agent context packets and replayed from
   agent/workflow run history.
 - The local template catalog (`latticeai.core.marketplace`) adds Plugin,
@@ -228,7 +228,7 @@ discover  ->  validate  ->  install  ->  enable / disable  ->  uninstall
 ```
 
 Lifecycle *state* (installed / enabled / version / status) is delegated to the
-Workspace OS store via a small `store` port, so plugins reuse the same
+workspace store via a small `store` port, so plugins reuse the same
 local-first JSON persistence, workspace scoping, and timeline events as skills.
 The registry itself owns only manifest parsing and the execution boundary.
 
@@ -355,7 +355,7 @@ A persisted entry looks like:
 }
 ```
 
-Each lifecycle mutation also records a Workspace OS timeline event
+Each lifecycle mutation also records a workspace timeline event
 (`plugin_installed`, `plugin_uninstalled`, `plugin_enabled`, `plugin_disabled`)
 under the `plugins` channel.
 

package/docs/V2_ARCHITECTURE.md

@@ -1,11 +1,11 @@
-# Lattice AI v2 Architecture — Agentic Workspace Platform
+# Lattice AI v2 Architecture — AI Workspace, Pipeline, and Workflow Platform
 
-Lattice AI v2.0.0 turned the local-first Workspace OS into a full **Agentic
-Workspace Platform**. v2.2.0 keeps that architecture and matures the operational
-layer: explicit handoffs, context packets, review/retry loops, memory snapshots,
-planning records, replay, marketplace templates, and realtime execution
-observability all compose over the same local-first JSON store and Knowledge
-Graph.
+Lattice AI v2.0.0 introduced the local-first AI workspace, AI pipeline,
+Knowledge Graph, and multi-agent workflow foundation. v2.2.1 keeps that
+architecture and matures the operational layer: explicit handoffs, context
+packets, review/retry loops, durable context snapshots, planning records,
+replay, marketplace templates, and realtime workflow observability all compose
+over the same local-first JSON store and Knowledge Graph.
 
 This document describes how the v2 platform pillars fit together, the small set of
 **additive integration seams** that wire them, the cross-integration matrix that
@@ -47,7 +47,7 @@ templates / actions under one versioned, permissioned unit.
 
 Design rules enforced by the module: no import-time I/O (the filesystem is only
 touched on `discover()`), no FastAPI and no globals (lifecycle state lives in the
-Workspace OS store), and permissions are an allow-list — the execution boundary
+workspace store), and permissions are an allow-list — the execution boundary
 refuses any capability a plugin did not declare *and* was not granted.
 
 A validated `plugin.json` manifest:
@@ -213,7 +213,7 @@ class RealtimeBus:
 v2.2.0 adds a local marketplace foundation rather than a cloud marketplace
 service. `TemplateCatalog` manages Plugin, Workflow, and Agent templates with
 metadata, export/import, install hooks, and a template registry stored through
-Workspace OS. Marketplace templates are local extension points for the existing
+workspace. Marketplace templates are local extension points for the existing
 Plugin SDK, Workflow Engine, and Multi-Agent Runtime; they do not bypass plugin
 permissions, workflow execution guards, or workspace scoping.
 

package/docs/architecture.md

@@ -1,9 +1,10 @@
 # Lattice AI Architecture
 
-Lattice AI is a local-first **AI Workspace and Knowledge Graph platform**. The
-architecture is organized around one durable center: the Knowledge Graph.
-Models, tools, agents, workflows, and UI modes are replaceable layers that
-operate on top of the graph.
+Lattice AI is a local-first **AI workspace, AI pipeline platform, Knowledge
+Graph platform, and multi-agent workflow platform**. The architecture is
+organized around one durable center: the Knowledge Graph. Models, tools,
+agents, workflows, and UI modes are replaceable layers that operate on top of
+workspace and graph context.
 
 ## Architecture Goals
 
@@ -15,7 +16,7 @@ operate on top of the graph.
 - Keep basic and advanced modes feature-equivalent.
 - Keep admin-only capabilities explicit and auditable.
 
-## System View
+## Workspace View
 
 ```mermaid
 flowchart TD
@@ -24,9 +25,9 @@ flowchart TD
     Extract["Entity, relation, evidence extraction"]
     Graph["Knowledge Graph"]
     Context["Graph context builder"]
-    Models["Multimodal model runtime"]
-    Agents["Agent runtime and workflows"]
-    Outputs["Advice, analysis, documents, automation"]
+    Models["Local or cloud model workflow"]
+    Agents["Multi-agent workflow"]
+    Outputs["Coding actions, analysis, documents, team workflows"]
     Admin["Admin policy and audit"]
 
     User --> Ingestion
@@ -42,7 +43,7 @@ flowchart TD
 
 ## Durable Core
 
-The Knowledge Graph stores the durable user and organization memory:
+The Knowledge Graph stores durable personal and organization workspace context:
 
 - files and document evidence
 - images and screenshots
@@ -52,8 +53,8 @@ The Knowledge Graph stores the durable user and organization memory:
 - generated artifacts
 - agent and workflow events
 
-The LLM is not the product core. It is an execution worker that can be replaced
-when hardware, policy, or user preference changes.
+The model is not the product core. It is a replaceable participant in the
+workspace pipeline.
 
 ## Multimodal Ingestion
 
@@ -75,9 +76,9 @@ input set includes:
 The architecture must not ask users to convert these to plain text before AI can
 work on them.
 
-## Model Runtime Policy
+## Local Model Management Policy
 
-Local recommended models must be multimodal. The v2.2 local runtime policy is:
+Local recommended models must be multimodal. The v2.2 local model workflow policy is:
 
 - macOS Apple Silicon: MLX-VLM first
 - Windows: llama.cpp multimodal path, with LM Studio as a user-friendly option
@@ -130,11 +131,11 @@ Basic mode and advanced mode have the same feature access.
 | --- | --- |
 | `latticeai/services/model_catalog.py` | Multimodal model catalog, source metadata, aliases |
 | `latticeai/services/model_recommendation.py` | Hardware-aware multimodal recommendation |
-| `latticeai/services/model_runtime.py` | Download, load, server, and runtime orchestration |
+| `latticeai/services/model_runtime.py` | Download, load, server, and model workflow orchestration |
 | `llm_router.py` | MLX-VLM and OpenAI-compatible model routing |
-| `knowledge_graph.py` | Graph storage, extraction, local folder graph RAG |
+| `knowledge_graph.py` | Graph storage, extraction, local folder knowledge graph context |
 | `latticeai/core/context_builder.py` | Graph context for generation |
-| `latticeai/core/workspace_os.py` | Workspace state, timeline, snapshots, memory |
+| `latticeai/core/workspace_os.py` | Workspace state, timeline, snapshots, durable context |
 | `latticeai/core/multi_agent.py` | Planner/executor/reviewer/researcher orchestration |
 | `latticeai/core/workflow_engine.py` | Workflow definitions and run history |
 | `latticeai/core/plugins.py` | Plugin manifest, registry, permission boundary |
@@ -142,7 +143,7 @@ Basic mode and advanced mode have the same feature access.
 
 ## Compatibility
 
-v2.2.0 preserves the additive Workspace OS and API compatibility posture from
+v2.2.1 preserves the additive workspace and API compatibility posture from
 v2.x. Existing graph/workspace data is migrated non-destructively. The release
 does remove current recommendation entries for old or text-only model paths, but
 it does not destructively mutate existing user graph data.

package/latticeai/__init__.py

@@ -1,3 +1,3 @@
 """Lattice AI - modular server package."""
 
-__version__ = "2.2.1"
+__version__ = "2.2.7"

package/latticeai/api/static_routes.py

@@ -82,6 +82,16 @@ def create_static_routes_router(
         if not p.exists():
             raise HTTPException(status_code=404)
         return FileResponse(str(p), media_type="application/manifest+json")
+
+    @api_router.api_route("/favicon.ico", methods=["GET", "HEAD"])
+    async def favicon():
+        ico = STATIC_DIR / "favicon.ico"
+        png = STATIC_DIR / "icons" / "favicon-32.png"
+        if ico.exists():
+            return FileResponse(str(ico), media_type="image/x-icon")
+        if png.exists():
+            return FileResponse(str(png), media_type="image/png")
+        raise HTTPException(status_code=404)
     
     
     @api_router.get("/sw.js")

package/latticeai/core/logging_safety.py

@@ -0,0 +1,62 @@
+"""Helpers for keeping sensitive values out of logs."""
+
+from __future__ import annotations
+
+import logging
+import re
+from typing import Any
+
+_TELEGRAM_BOT_TOKEN_RE = re.compile(r"\bbot(\d{5,20}):([A-Za-z0-9_-]{8,})")
+_TELEGRAM_BARE_TOKEN_RE = re.compile(
+    r"(?<![A-Za-z0-9_:-])(\d{5,20}):([A-Za-z0-9_-]{8,})(?![A-Za-z0-9_-])"
+)
+_LOG_FILTER_INSTALLED = False
+
+
+def mask_telegram_bot_token(value: Any) -> str:
+    """Return ``value`` as text with Telegram bot token secrets redacted."""
+
+    text = str(value)
+    text = _TELEGRAM_BOT_TOKEN_RE.sub(r"bot\1:REDACTED", text)
+    return _TELEGRAM_BARE_TOKEN_RE.sub(r"bot\1:REDACTED", text)
+
+
+def safe_log_text(value: Any) -> str:
+    """Sanitize text before it is sent to application logs."""
+
+    return mask_telegram_bot_token(value)
+
+
+def _safe_log_arg(value: Any) -> Any:
+    if isinstance(value, str):
+        return mask_telegram_bot_token(value)
+    if isinstance(value, tuple):
+        return tuple(_safe_log_arg(item) for item in value)
+    if isinstance(value, list):
+        return [_safe_log_arg(item) for item in value]
+    if isinstance(value, dict):
+        return {_safe_log_arg(key): _safe_log_arg(item) for key, item in value.items()}
+
+    text = str(value)
+    masked = mask_telegram_bot_token(text)
+    return masked if masked != text else value
+
+
+def install_sensitive_log_filter() -> None:
+    """Install a process-wide log-record sanitizer for known secret shapes."""
+
+    global _LOG_FILTER_INSTALLED
+    if _LOG_FILTER_INSTALLED:
+        return
+
+    original_factory = logging.getLogRecordFactory()
+
+    def factory(*args: Any, **kwargs: Any) -> logging.LogRecord:
+        record = original_factory(*args, **kwargs)
+        record.msg = _safe_log_arg(record.msg)
+        if record.args:
+            record.args = _safe_log_arg(record.args)
+        return record
+
+    logging.setLogRecordFactory(factory)
+    _LOG_FILTER_INSTALLED = True

package/latticeai/core/workspace_os.py

@@ -18,7 +18,7 @@ from pathlib import Path
 from typing import Any, Callable, Dict, Iterable, List, Optional
 
 
-WORKSPACE_OS_VERSION = "2.2.1"
+WORKSPACE_OS_VERSION = "2.2.7"
 
 # Workspace types separate single-user Personal workspaces from shared
 # Organization workspaces. Both keep the same local-first JSON store; the type