ltcai 3.4.1 → 3.6.0

package/docs/HANDOVER_v3.6.0.md

@@ -0,0 +1,46 @@
+# Lattice AI v3.6.0 — Completion Record (Knowledge Graph First)
+
+**Status: ✅ RELEASED — 2026-06-10.** All planned scopes implemented, tested,
+committed, pushed, CI green, tagged, and published. No external publish/deploy.
+
+- **Tag:** `v3.6.0` → commit `3c85675`
+- **GitHub Release:** https://github.com/TaeSooPark-PTS/LatticeAI/releases/tag/v3.6.0
+  (published, not draft; assets: `ltcai-3.6.0-py3-none-any.whl`,
+  `ltcai-3.6.0.tar.gz`, `ltcai-3.6.0.tgz`, `ltcai-3.6.0.vsix`)
+- **CI:** main CI ✓, Visual Smoke ✓, release.yml (tag) ✓
+- **Tests:** unit 455 passing · lint 64/64 · check:python 153 (3.11/3.12/3.14) ·
+  release artifacts built + validated
+
+## Commits (v3.5.0 → v3.6.0)
+
+| Commit | Scope |
+|---|---|
+| `baa2bf6` | chore(audit) — v3.5.0 carry-over (0 blocking) |
+| `5a6a7d4` | feat(kg) — entities/relationships schema |
+| `135e81a` | feat(kg) — unified ingestion pipeline + provenance |
+| `b548885` | feat(browser) — browser/web ingestion + MV3 extension |
+| `39a7a0c` | feat(kg) — export/import/backup/restore |
+| `21cfb97` | fix(runtime) — hook coverage for ingestion paths |
+| `7009e39` | fix(ui) — Knowledge Graph as primary surface |
+| `fa89a84` | docs(philosophy) — Digital Brain Platform rewrite |
+| `aa011a5` | release: v3.6.0 (version bump) |
+| `3c85675` | fix(ci) — 3.11-compatible f-string (PEP 701 quote reuse) |
+
+## Carry-over audit result
+
+Zero blocking items. Settled postures preserved: Vercel landing-only, OIDC
+RSA-only, legacy `/account` `/admin` out of scope. The one honest v3.5.0 gap (KG
+ingestion not firing tool hooks) is **closed**. Full detail:
+`docs/CARRYOVER_AUDIT_v3.6.0.md`.
+
+## Key facts for future work
+
+- New seams: `latticeai/services/ingestion.py` (single write-side entrypoint),
+  `latticeai/services/kg_portability.py`, `latticeai/api/browser.py`,
+  `latticeai/api/portability.py`, provenance in `knowledge_graph.py`.
+- **Gotcha:** PEP 701 f-string quote reuse (`f'{x or ''}'`) compiles on 3.12+ but
+  is a SyntaxError on 3.11 — always run `python3.11 scripts/check_python.py`
+  before pushing (CI tests on 3.11 + 3.12).
+- Version canonical: `WORKSPACE_OS_VERSION`; mirrors enforced by
+  `test_version_consistency.py`.
+- Local tests need `.venv/bin/python` (system `python3` lacks fastapi).

package/docs/RUNTIME_HOOK_COVERAGE_v3.5.0.md

@@ -0,0 +1,56 @@
+# Runtime Hook Coverage — v3.5.0
+
+Every place Lattice AI executes a real tool or agent action, and whether it runs
+through the unified lifecycle. The single tool path is
+`dispatch_tool(hooks, name, args, run_fn)` in `latticeai/core/hooks.py`
+(`pre_tool → execute → post_tool`); the HTTP helper `_tool_response`
+(`latticeai/api/tools.py`) wraps it; uploads use the parallel
+`pre_upload/post_upload/pre_index/post_index` lifecycle
+(`latticeai/services/upload_service.py`); agent runs use `pre_run/post_run`.
+
+**Method.** Routers/services were enumerated by a 6-way parallel audit and then
+each genuine execution path was verified by reading the call site. A path is a
+*bypass* only if a real tool/agent action skips its lifecycle. Read-only metadata
+endpoints (status, list-permissions, config) execute no tool and are not bypasses.
+
+**Result.** All discovered tool/agent execution paths are covered. The four
+remaining "uncovered" rows are deliberate, documented design decisions (service
+maintenance ops + an action already inside the upload lifecycle), not gaps.
+
+## Tool / agent execution paths
+
+| Entrypoint | Execution | Lifecycle path | pre fired | post fired | Test |
+|---|---|---|---|---|---|
+| `POST /tools/list_dir`, `workspace_tree`, `write_file`, `search_files`, `todo_*`, `inspect_html`, `preview_url`, `create_*`, `read_document`, `knowledge_*`, `obsidian_*`, `network_status` | tool fn | `_tool_response`→`dispatch_tool` | yes (`pre_tool`) | yes (`post_tool`) | `test_hooks_dispatch`, `test_runtime_coverage` |
+| `POST /tools/read_file` | `read_file` (kwargs) | `_tool_response` (kwargs-aware) ✅v3.5.0 | yes | yes | `test_runtime_coverage` |
+| `POST /tools/edit_file` | `edit_file` (kwargs) | `_tool_response` ✅v3.5.0 | yes | yes | `test_runtime_coverage` |
+| `POST /tools/grep` | `grep` (kwargs) | `_tool_response` ✅v3.5.0 | yes | yes | `test_runtime_coverage` |
+| `POST /tools/clear_history` | `clear_history` | `_dispatch`→`dispatch_tool` ✅v3.5.0 | yes | yes | `test_runtime_coverage` |
+| `POST /tools/git_*`, `run_command`, `build_project`, `deploy_project` | tool fn | `_tool_response` | yes | yes | `test_route_compatibility` |
+| `POST /local/*` (list/read/write) | `local_*` | `tool_response` | yes | yes | `test_route_compatibility` |
+| `GET/POST /cu/*` (open_app/url/click/type/key/scroll/move/drag) | `computer_*` | `tool_response` | yes | yes | `test_runtime_coverage` |
+| `GET /cu/status`, `/cu/screenshot` | `computer_status/screenshot` | `_dispatch` ✅v3.5.0 | yes | yes | `test_runtime_coverage` |
+| `POST /cu/agent` (agent loop) | `execute_tool(name,args)` per step + Chrome shortcut | `_dispatch`→`dispatch_tool` ✅v3.5.0 | yes | yes | `test_runtime_coverage` |
+| `POST /agent/eval` | `execute_tool` per eval case | `dispatch_tool` ✅v3.5.0 | yes | yes | (covered via dispatch_tool) |
+| Single-agent runtime tool calls | `execute_tool` via `AgentDeps` | `core/agent.py`→`dispatch_tool` | yes | yes | `test_hooks_dispatch` |
+| Agent run (start→finish) | orchestrator run | `agent_runtime` `pre_run`/`post_run` | yes (`pre_run`) | yes (`post_run`) | `test_hooks_dispatch` |
+| Workflow tool node | `dispatch_tool` | `platform_runtime` | yes | yes | `test_hooks_dispatch` |
+| Workflow run (start→end) | engine run | `WorkflowEngine` `pre_workflow`/`post_workflow` | yes | yes | `test_hooks_dispatch` |
+| `POST /upload/document` | `process_uploaded_document` | upload lifecycle | `pre_upload` | `post_upload` | existing upload tests |
+| Document indexing (upload + folder watch) | embed/graph build | `pre_index`/`post_index` | yes | yes | existing |
+
+## Intentionally outside the tool lifecycle (documented, not gaps)
+
+| Entrypoint | Why not `pre_tool`/`post_tool` |
+|---|---|
+| `read_document` inside `process_uploaded_document` (`upload_service.py`) | Already inside the upload lifecycle (`pre_upload`→`post_upload`); wrapping it again would double-dispatch the same user action. |
+| `POST /api/memory/{prune,compact,rebuild,clear}` | Knowledge/memory **service** maintenance operations, not registry tools; they have their own audit events. Not part of the agent tool vocabulary. |
+| `clear_history` inside `core/agent.py` executor | Runs inside an agent run already bracketed by `pre_run`/`post_run`; not re-wrapped to avoid nested dispatch. |
+| Read-only status/config endpoints (`/tools/permissions`, `/obsidian/status`, model/catalog reads) | Execute no tool — nothing to gate. |
+
+## Summary
+
+- Genuine tool/agent execution paths discovered: **all enumerated routers + services**.
+- Bypasses found and closed in v3.5.0: **read_file, edit_file, grep, clear_history, computer-use agent loop (+ /cu/status, /cu/screenshot), skill-eval**.
+- Bypasses remaining: **none** (the four rows above are deliberate, documented design decisions).
+- Coverage of discovered tool/agent execution paths: **100%**.

package/docs/RUNTIME_HOOK_COVERAGE_v3.6.0.md

@@ -0,0 +1,49 @@
+# Runtime Hook Coverage — v3.6.0
+
+v3.6.0 makes the Knowledge Graph the primary architecture and adds new
+**ingestion** paths (web URL, browser tab, unified text/file pipeline) plus
+**portability** ops (export/import/backup/restore). This doc extends
+[`RUNTIME_HOOK_COVERAGE_v3.5.0.md`](./RUNTIME_HOOK_COVERAGE_v3.5.0.md) and records
+that the new data-mutating paths run through the unified lifecycle.
+
+The single tool path is `dispatch_tool(hooks, name, args, run_fn)` in
+`latticeai/core/hooks.py` (`pre_tool → execute → post_tool`). v3.5.0's one honest
+gap was that **KG ingestion did not fire hooks**. v3.6.0 closes it: every source
+now flows through `IngestionPipeline.ingest` (`latticeai/services/ingestion.py`),
+which wraps the store write in `dispatch_tool(..., source="ingestion")`.
+
+**Result.** All v3.5.0 coverage is preserved (no regression), and every new
+v3.6.0 ingestion path is covered. Portability admin/maintenance ops follow the
+v3.5.0 convention for service maintenance (own audit events), documented below.
+
+## New v3.6.0 execution paths
+
+| Entrypoint | Execution | Lifecycle path | pre fired | post fired | Test |
+|---|---|---|---|---|---|
+| `IngestionPipeline.ingest` (any source) | `ingest_source` / `ingest_document` | `dispatch_tool(name="kg_ingest.<type>", source="ingestion")` | yes (`pre_tool`) | yes (`post_tool`) | `test_ingestion_pipeline` |
+| `POST /api/browser/read-url` | fetch URL → `pipeline.ingest` (web_url) | pipeline → `dispatch_tool` | yes | yes | `test_browser_ingestion`, `test_runtime_coverage_v36` |
+| `POST /api/browser/ingest-current-tab` | sanitize → `pipeline.ingest` (browser_tab) | pipeline → `dispatch_tool` | yes | yes | `test_browser_ingestion`, `test_runtime_coverage_v36` |
+| Local file / upload via pipeline | `ingest_document` | pipeline → `dispatch_tool` | yes | yes | `test_ingestion_pipeline` |
+| Provenance write per ingestion | `record_provenance` | inside the bracketed `dispatch_tool` run_fn | (bracketed) | (bracketed) | `test_ingestion_pipeline` |
+
+A blocking `pre_tool` hook makes ingestion return `status="blocked"` (the
+`PermissionError` from `dispatch_tool` is caught and surfaced honestly), exactly
+mirroring how a blocked tool call is handled — verified in
+`test_runtime_coverage_v36` and `test_ingestion_pipeline`.
+
+## Intentionally outside the tool lifecycle (documented, not gaps)
+
+| Entrypoint | Why not `pre_tool`/`post_tool` |
+|---|---|
+| `POST /api/knowledge-graph/{export,export-file,backup,restore,import}` | Admin **portability/maintenance** operations over the whole machine-global graph, not agent-vocabulary tools. They are admin-gated (`require_admin`) and recorded via the platform audit trail — same convention as the v3.5.0 memory maintenance ops (`prune/compact/rebuild/clear`). Wrapping a whole-store backup in `pre_tool` would misrepresent it as a per-action agent tool. |
+| `read_document` inside upload (`upload_service.py`) | Already inside the `pre_upload`→`post_upload` lifecycle (unchanged from v3.5.0). |
+| `POST /api/memory/{prune,compact,rebuild,clear}` | Unchanged from v3.5.0 — service maintenance with own audit events. |
+| Read-only KG reads (`/knowledge-graph/{stats,graph,search,...}`, `/api/knowledge-graph/portability` status) | Execute no mutation — nothing to gate. |
+
+## Summary
+
+- v3.5.0 coverage of tool/agent execution paths: **100%, preserved** (no regression).
+- v3.6.0 gap closed: **KG ingestion now fires `pre_tool`/`post_tool`** via the unified pipeline (the one honest carry-over note from v3.5.0).
+- New ingestion paths (unified pipeline, `read-url`, `ingest-current-tab`): **covered**.
+- Portability admin ops: **documented as audit-gated maintenance**, consistent with the v3.5.0 convention — not bypasses.
+- Coverage of discovered mutating ingestion paths: **100%**.

package/docs/architecture.md

@@ -1,17 +1,18 @@
 # Lattice AI Architecture
 
-> v3.3.1 — feature-complete for non-enterprise use cases with a rebuilt `/app`
-> visual shell. The agent ecosystem
-> (registry, marketplace + templates, workflow agents, autonomous planning),
-> the long-term memory platform + manager, and the skills/hooks/tool/MCP
-> registries are all operable from `/app`. Enterprise controls remain future
-> work.
-
-Lattice AI is a local-first **AI workspace, AI pipeline platform, Knowledge
-Graph platform, and multi-agent workflow platform**. The architecture is
-organized around one durable center: the Knowledge Graph. Models, tools,
-agents, workflows, and UI modes are replaceable layers that operate on top of
-workspace and graph context.
+> v3.6.0 — **Knowledge Graph First.** Every data source converges into the graph
+> through one unified ingestion pipeline (`latticeai/services/ingestion.py`), with
+> formalized entities/relationships (`docs/kg-schema.md`), browser/web inputs,
+> per-node provenance, and local export/import/backup
+> (`latticeai/services/kg_portability.py`). The agent ecosystem, long-term memory,
+> and skills/hooks/tool/MCP registries are all operable from `/app`. Enterprise
+> controls remain future work.
+
+Lattice AI is a local-first **Digital Brain Platform**. The architecture is
+organized around one durable center and the user's asset: the **Knowledge
+Graph**. Models, tools, agents, RAG, workflows, and UI modes are replaceable
+layers that operate as views over graph context. Models are replaceable;
+knowledge is durable.
 
 ## Architecture Goals
 

package/docs/kg-schema.md

@@ -83,6 +83,61 @@ Edge {
 
 ---
 
+## v3.6.0 — Knowledge Graph First 엔티티/관계
+
+v3.6.0 은 "모든 데이터 소스가 Knowledge Graph 로 수렴한다"는 원칙을 1급 스키마로
+승격한다. 아래 타입은 **추가형(additive)**이다 — 기존 enum/legacy 매핑을 깨지 않고
+`from_legacy` 가 무손실로 정규화하며, 알 수 없는 타입은 여전히 `CONCEPT`/`MENTIONS` 로
+폴백한다. 스키마는 **확장 가능**하게 유지한다: 새 도메인 엔티티는 enum 멤버 1개 +
+`_LEGACY_NODE_MAP`/`_LEGACY_EDGE_MAP` 별칭만 추가하면 된다.
+
+### 추가 노드 타입
+
+| 타입 | 의미 | 대표 `attrs` / 출처 |
+|------|------|--------------------|
+| `SOURCE` | 수집 출처(파일/URL/브라우저 탭/git 등)의 **출처 노드** | `source_type`, `source_uri`, `content_hash`, `captured_at` |
+| `REPOSITORY` | git 저장소 | `remote`, `branch`, `head` |
+| `MEETING` | 회의 / 미팅 | `started_at`, `attendees[]` |
+| `ORGANIZATION` | 조직 / 회사 / 팀 | `domain`, `members[]` |
+| `WORKFLOW` | 워크플로우 정의/실행 | `workflow_id`, `status` |
+| `AGENT` | 에이전트(역할/실행 주체) | `role`, `model_id` |
+
+### 추가 엣지 타입
+
+| 타입 | 허용 source → target | 의미 |
+|------|---------------------|------|
+| `INDEXED_FROM` | ANY → `SOURCE` | 이 노드가 **어떤 출처에서 색인**됐는가 (provenance) |
+| `MODIFIED_BY` | ANY → `PERSON` | 마지막 수정자 |
+| `BELONGS_TO_PROJECT` | ANY → `PROJECT` | 프로젝트 귀속 |
+| `PART_OF` | ANY → ANY | 구성요소 관계 |
+| `DISCUSSED_IN` | `CONCEPT`·`DECISION` → `MEETING`·`CHAT` | 어디에서 논의됨 |
+| `DECIDED_BY` | `DECISION` → `PERSON` | 결정 주체 |
+| `GENERATED_BY` | ANY → `AGENT`·`MODEL`·`WORKFLOW` | 생성 주체 |
+| `USED_BY_AGENT` | ANY → `AGENT` | 에이전트가 사용함 |
+
+### 통합 수집 형태 (Unified Ingestion)
+
+모든 출처는 동일한 형태로 그래프에 들어온다:
+
+```
+SOURCE ──INDEXED_FROM◄── Document/File ──CONTAINS──► Chunk[]
+   ▲                          │
+   │                          └──(언급/포함)──► Concept / Task / Decision …
+provenance(source_type, source_uri, content_hash, captured_at, modified_at,
+           owner, workspace_id, permissions, pipeline, embedded, linked)
+```
+
+- **콘텐츠 노드**(Document/File/web 노드)는 `content_hash` 로 멱등(idempotent) 처리된다 —
+  같은 콘텐츠를 다시 수집하면 새 노드를 만들지 않고 갱신/링크한다.
+- 모든 콘텐츠 노드는 `SOURCE` 노드로 `INDEXED_FROM` 엣지를 가져 **출처를 항상 설명 가능**하다.
+- provenance 는 노드 `metadata.provenance` 에 임베드되며, 동시에 감사 가능한
+  `ingestion_provenance` 테이블에 기록된다 (`KnowledgeGraphStore.get_provenance(node_id)`).
+
+구현: `latticeai/services/ingestion.py` (`IngestionPipeline`) 가 단일 진입점이며,
+파일/로컬폴더/URL/브라우저 탭/텍스트를 모두 이 형태로 정규화한다.
+
+---
+
 ## 예시 (PPT 슬라이드 22 와 동일)
 
 ```json

package/docs/privacy.md

@@ -13,8 +13,10 @@
 | 사용자 계정 | `~/.ltcai/users.json` | 이름, scrypt 해시 비밀번호, 역할 |
 | 세션 토큰 | `~/.ltcai/sessions.json` | UUID 토큰, 만료시간 |
 | 채팅 히스토리 | `~/.ltcai/chat_history.json` | 사용자-AI 대화 내용 |
-| 지식 그래프 | `~/.ltcai/knowledge_graph.sqlite` | 채팅/문서 노드/엣지 |
-| 업로드 파일 | `~/.ltcai/knowledge_graph_blobs/` | 원본 PDF/DOCX 등 |
+| 지식 그래프 | `~/.ltcai/knowledge_graph.sqlite` | 채팅/문서/웹/탭 노드·엣지, 프로비넌스 |
+| 업로드/수집 파일 | `~/.ltcai/knowledge_graph_blobs/` | 원본 PDF/DOCX/웹 텍스트 등 |
+| 수집 출처 기록(프로비넌스) | `~/.ltcai/knowledge_graph.sqlite` (`ingestion_provenance`) | 각 노드의 출처/시각/처리 방식 — 외부 전송 없음 |
+| 그래프 내보내기/백업 | `~/.ltcai/workspace_exports/` | 사용자가 직접 만든 로컬 export/backup 파일 (클라우드 미사용) |
 | 지식 정원 | `~/.ltcai-brain/` | P-Reinforce 분류 저장 |
 | 설정 | `~/.ltcai/config.json` | 모델 설정, API 키 (keyring) |
 
@@ -36,6 +38,20 @@
 
 Apple Silicon MLX 로컬 모델 사용 시에는 프롬프트가 외부로 전송되지 않습니다.
 
+## 웹/브라우저 수집 (v3.6.0)
+
+- **URL 읽기**(`/api/browser/read-url`): 사용자가 명시적으로 요청한 URL을 **로컬
+  런타임이 직접** 가져와 텍스트만 추출해 그래프에 색인합니다. Lattice AI가 임의로
+  크롤링하지 않으며, 가져온 페이지는 외부로 다시 전송되지 않습니다.
+- **브라우저 탭 수집**(`/api/browser/ingest-current-tab`) 및 Manifest V3 확장:
+  확장 프로그램은 **오직 `127.0.0.1`(로컬)** 로만 전송합니다. 클라우드 엔드포인트가
+  존재하지 않습니다(`browser-extension/` 소스에서 단일 `fetch` 대상 확인 가능).
+
+## 그래프 내보내기/백업 (v3.6.0)
+
+지식 그래프 export/import 및 백업/복원은 **전적으로 로컬**에서 동작하며 클라우드
+서비스를 요구하지 않습니다. 내보낸 파일의 이동·공유는 사용자 책임입니다.
+
 ## API 키 보안
 
 - API 키는 OS keyring(macOS Keychain, Windows Credential Manager, Linux Secret Service)에 저장됩니다

package/docs/security-model.md

@@ -78,6 +78,23 @@ MAGIC_NUMBERS = {
 - 업로드 시 파일 첫 바이트와 확장자 매핑 검증
 - 불일치 시 400 에러
 
+## 수집 & 그래프 포터빌리티 보안 (v3.6.0)
+
+- **수집 라이프사이클**: 모든 수집은 `IngestionPipeline.ingest` → `dispatch_tool`
+  를 거쳐 `pre_tool`/`post_tool` 훅이 발화됩니다. `pre_tool`이 차단하면 수집은
+  정직하게 `status="blocked"`로 거부됩니다(권한 게이트·민감정보 가드 적용).
+- **웹 URL 읽기**(`/api/browser/read-url`): `http(s)` 스킴만 허용(파일/기타 스킴
+  거부), 12초 타임아웃, 4MB 응답 상한, HTML/text 컨텐츠 타입만 처리. 차단/로그인
+  필요 페이지는 5xx가 아닌 **422로 우아하게 실패**합니다. 로컬 런타임이 사용자가
+  명시한 URL만 가져옵니다(자동 크롤링 없음).
+- **브라우저 탭 수집**(`/api/browser/ingest-current-tab`): payload 정화(스크립트/
+  스타일 제거) + 페이로드 크기 상한(413). Manifest V3 확장은 **`127.0.0.1`로만**
+  전송하며 클라우드 엔드포인트가 없습니다.
+- **포터빌리티 권한**: 그래프 export/status 읽기는 로그인 사용자, **import /
+  backup / restore 는 admin 전용**(`require_admin`). 그래프는 머신-전역 자원입니다.
+- **복원 무결성**: 백업 아카이브는 `manifest.json`의 sha256과 대조 검증 후에만
+  복원되며, 불일치 시 거부됩니다.
+
 ## 에이전트 도구 샌드박스
 
 ### `run_command()` 위험 플래그 차단

package/kg_schema.py

@@ -99,6 +99,15 @@ class NodeType(str, Enum):
     DECISION     = "DECISION"       # 결정 사항
     ERROR        = "ERROR"          # 오류 / 버그
     EVENT        = "EVENT"          # 분석/시스템 이벤트(동적 타입 폴백)
+    # v3.6.0 Knowledge Graph First — 모든 데이터 소스가 그래프로 수렴하기 위한
+    # 1급 엔티티. 추가형(additive)·확장 가능(extensible): 새 도메인 엔티티는
+    # 여기에 enum 멤버를 추가하고 _LEGACY_NODE_MAP 에 별칭만 등록하면 된다.
+    SOURCE       = "SOURCE"         # 수집 출처(파일/URL/브라우저 탭/git 등)의 출처 노드
+    REPOSITORY   = "REPOSITORY"     # git 저장소
+    MEETING      = "MEETING"        # 회의 / 미팅
+    ORGANIZATION = "ORGANIZATION"   # 조직 / 회사 / 팀
+    WORKFLOW     = "WORKFLOW"       # 워크플로우 정의/실행
+    AGENT        = "AGENT"          # 에이전트(역할/실행 주체)
 
     @classmethod
     def from_legacy(cls, label: str) -> "NodeType":
@@ -143,6 +152,16 @@ class EdgeType(str, Enum):
     DISCUSSES      = "DISCUSSES"      # SLIDE/PAGE → TOPIC (discusses)
     IMPLIES        = "IMPLIES"        # NODE → NODE (implies)
     RELATED_TO     = "RELATED_TO"     # ANY ↔ ANY (related_to)
+    # v3.6.0 Knowledge Graph First — 출처/소유/구성/결정 관계를 1급 엣지로 승격.
+    # 추가형: 새 관계는 enum 멤버 추가 + _LEGACY_EDGE_MAP 별칭 등록만으로 확장된다.
+    INDEXED_FROM       = "INDEXED_FROM"        # NODE → SOURCE (어떤 출처에서 색인됐는가)
+    MODIFIED_BY        = "MODIFIED_BY"         # NODE → PERSON (마지막 수정자)
+    BELONGS_TO_PROJECT = "BELONGS_TO_PROJECT"  # NODE → PROJECT
+    PART_OF            = "PART_OF"             # NODE → NODE (구성요소 관계)
+    DISCUSSED_IN       = "DISCUSSED_IN"        # CONCEPT/DECISION → MEETING/CHAT
+    DECIDED_BY         = "DECIDED_BY"          # DECISION → PERSON
+    GENERATED_BY       = "GENERATED_BY"        # NODE → AGENT/MODEL/WORKFLOW
+    USED_BY_AGENT      = "USED_BY_AGENT"       # NODE → AGENT (에이전트가 사용함)
 
     @classmethod
     def from_legacy(cls, label: str) -> "EdgeType":
@@ -199,6 +218,19 @@ _LEGACY_NODE_MAP: Dict[str, NodeType] = {
     "보고서":       NodeType.DOCUMENT,
     "계획서":       NodeType.DOCUMENT,
     "기획서":       NodeType.DOCUMENT,
+    # v3.6.0 Knowledge Graph First 엔티티
+    "source":       NodeType.SOURCE,
+    "ingestionsource": NodeType.SOURCE,
+    "repository":   NodeType.REPOSITORY,
+    "repo":         NodeType.REPOSITORY,
+    "gitrepo":      NodeType.REPOSITORY,
+    "meeting":      NodeType.MEETING,
+    "organization": NodeType.ORGANIZATION,
+    "org":          NodeType.ORGANIZATION,
+    "company":      NodeType.ORGANIZATION,
+    "team":         NodeType.ORGANIZATION,
+    "workflow":     NodeType.WORKFLOW,
+    "agent":        NodeType.AGENT,
 }
 
 _LEGACY_EDGE_MAP: Dict[str, EdgeType] = {
@@ -254,6 +286,20 @@ _LEGACY_EDGE_MAP: Dict[str, EdgeType] = {
     "영감받음":      EdgeType.INSPIRED_BY,
     "상충함":        EdgeType.CONTRADICTS,
     "발전함":        EdgeType.EVOLVES_FROM,
+    # v3.6.0 Knowledge Graph First 관계
+    "indexed_from":       EdgeType.INDEXED_FROM,
+    "modified_by":        EdgeType.MODIFIED_BY,
+    "belongs_to_project": EdgeType.BELONGS_TO_PROJECT,
+    "belongs_to":         EdgeType.BELONGS_TO_PROJECT,
+    "part_of":            EdgeType.PART_OF,
+    "discussed_in":       EdgeType.DISCUSSED_IN,
+    "decided_by":         EdgeType.DECIDED_BY,
+    "generated_by":       EdgeType.GENERATED_BY,
+    "used_by_agent":      EdgeType.USED_BY_AGENT,
+    "색인됨":             EdgeType.INDEXED_FROM,
+    "수정함":             EdgeType.MODIFIED_BY,
+    "결정함":             EdgeType.DECIDED_BY,
+    "구성요소":           EdgeType.PART_OF,
 }
 
 # ── SQLite v2 store ─────────────────────────────────────────────────────────