ltcai 3.5.0 → 3.6.0

package/README.md

@@ -3,10 +3,11 @@
 
   # Lattice AI
 
-  **Local-first AI workspace for your files, chats, knowledge, models, and agents.**
+  **A local-first Digital Brain Platform. Your Knowledge Graph is the durable asset; models just read it.**
 
-  Keep your work context on your own machine. Connect documents, conversations,
-  local models, graph memory, and agent workflows in one self-hosted workspace.
+  Every source — files, folders, web pages, browser tabs — converges into one
+  Knowledge Graph on your own machine. Connect models, agents, and search to that
+  graph instead of placing your work inside any single model.
 </div>
 
 <div align="center">
@@ -24,10 +25,21 @@
 
 ![Lattice AI — local-first AI workspace home](docs/assets/v3.4.0/home.png)
 
-> **Lattice AI is a self-hosted AI workspace that keeps your files, chats, knowledge, local models, and agents together on your own machine.**
+> **Lattice AI is not a model-personalization system. It is a Digital Brain Platform.**
+> The Knowledge Graph is your durable asset. **Models are replaceable. Knowledge is durable.**
 
-It isn't another chat window. It's a workspace built around your work — local-first
-by default, cloud only when you choose.
+It isn't another chat window, and it isn't a way to "fine-tune a model on you." The
+purpose of Lattice AI is to **connect models to your Knowledge Graph** — your digital
+brain — not to place you inside a model. AI reads your knowledge; you own it.
+
+- **Models are replaceable.** Swap MLX, Ollama, LM Studio, or a cloud LLM at will.
+- **Agents, RAG, and the UI are replaceable.** They are implementations, not the asset.
+- **Your Knowledge Graph is durable.** It outlives every model and is yours to export,
+  import, and back up locally — no cloud required.
+
+Local-first by default; cloud only when you choose. (The Vercel site is a
+landing/download/demo surface only — never the runtime. Lattice AI runs on your
+machine over local SQLite.)
 
 ## Why install Lattice AI?
 
@@ -187,32 +199,51 @@ npm run dev
 
 ## Latest Release
 
-### v3.4.1 — Runtime Completion
-
-- Full hooks lifecycle across HTTP, agent, workflow, upload, and indexing paths.
-- Real Local Agent probes instead of hardcoded readiness.
-- Connect Folder verified end-to-end.
-- Folder Watch verified, including restore after restart.
-
-See [RELEASE_NOTES_v3.4.1.md](RELEASE_NOTES_v3.4.1.md) and
+### v3.6.0 — Knowledge Graph First
+
+- **Unified ingestion pipeline** — one entrypoint normalizes every source
+  (file, folder, web URL, browser tab, text/markdown/code) into the graph,
+  idempotent by content hash and bracketed by the `pre_tool`/`post_tool` hook
+  lifecycle.
+- **Formalized entity/relationship model** — first-class `Source`, `Repository`,
+  `Meeting`, `Organization`, `Workflow`, `Agent` entities and `indexed_from`,
+  `modified_by`, `belongs_to_project`, `part_of`, `discussed_in`, `decided_by`,
+  `generated_by`, `used_by_agent` relationships.
+- **Browser & web ingestion** — `POST /api/browser/read-url` and
+  `/ingest-current-tab`, plus a local Manifest V3 extension that posts only to
+  `127.0.0.1`.
+- **Portability** — local Knowledge Graph export/import (versioned JSON) and
+  binary backup/restore (DB + blobs, integrity-checked). No cloud required.
+- **Provenance** — every node records where it came from; a queryable audit trail
+  makes the graph explainable.
+- **Knowledge Graph as the primary surface** — the view becomes your digital brain
+  with Status, Sources, Capture, and Backup tabs.
+
+See [RELEASE_NOTES_v3.6.0.md](RELEASE_NOTES_v3.6.0.md),
+[docs/kg-schema.md](docs/kg-schema.md),
+[docs/RUNTIME_HOOK_COVERAGE_v3.6.0.md](docs/RUNTIME_HOOK_COVERAGE_v3.6.0.md), and
 [FEATURE_STATUS.md](FEATURE_STATUS.md).
 
-## How it works
+## How it works — every source converges into the graph
+
+As of v3.6.0, all data sources flow through **one unified ingestion pipeline** into
+the Knowledge Graph — no source bypasses it, none becomes an isolated silo:
 
 ```text
-files / chats / notes / images / decisions
-  -> workspace memory
-  -> knowledge graph
-  -> hybrid search
-  -> chat / agents / workflows
-  -> reusable outputs
+source (file · folder · PDF · web URL · browser tab · text)
+  -> extraction -> normalization -> content hash (idempotent)
+  -> chunking -> entity detection -> relationship detection -> embedding
+  -> Knowledge Graph  (Source -[indexed_from]- content -[contains]- chunks)
+  -> RAG / agents / memory / hybrid search
 ```
 
-- Your content stays on your machine and becomes durable workspace memory.
-- Memory is organized into a knowledge graph of entities and relationships.
-- Hybrid search fuses keyword, vector, and graph signals over that context.
-- Chat, agents, and workflows draw on the same grounded context.
-- Outputs — documents, analysis, and decisions — feed back into the workspace.
+- **Every node is explainable.** Each ingested item carries provenance — where it
+  came from, when, how it was processed, whether it was embedded or linked.
+- **The graph is the asset.** Memory, search, and agents are views over it; models
+  read it. Swap a model and your knowledge is unchanged.
+- **Portable, no cloud.** Export/import the graph as JSON, or take a full local
+  binary backup (DB + blobs) and restore it.
+- **Local-first protects the graph.** It lives in local SQLite on your machine.
 
 For the deeper design, see [ARCHITECTURE.md](ARCHITECTURE.md) and
 [docs/architecture.md](docs/architecture.md).
@@ -247,16 +278,19 @@ For the deeper design, see [ARCHITECTURE.md](ARCHITECTURE.md) and
 ### Releases
 
 - [RELEASE_NOTES.md](RELEASE_NOTES.md) — current release notes
+- [RELEASE_NOTES_v3.6.0.md](RELEASE_NOTES_v3.6.0.md)
+- [RELEASE_NOTES_v3.5.0.md](RELEASE_NOTES_v3.5.0.md)
 - [RELEASE_NOTES_v3.4.1.md](RELEASE_NOTES_v3.4.1.md)
 - [RELEASE_NOTES_v3.4.0.md](RELEASE_NOTES_v3.4.0.md)
-- [RELEASE_NOTES_v3.3.0.md](RELEASE_NOTES_v3.3.0.md)
 - [CHANGELOG.md](CHANGELOG.md) and [docs/CHANGELOG.md](docs/CHANGELOG.md)
 
 ## Release History
 
 | Version | Theme |
 | --- | --- |
-| **3.4.1** | Runtime completion — full hooks lifecycle, real Local Agent probes, Connect Folder and Folder Watch verified end-to-end |
+| **3.6.0** | Knowledge Graph First — unified ingestion pipeline, formalized entity/relationship model, browser/web ingestion, local export/import/backup, provenance, KG as the primary surface |
+| 3.5.0 | Foundation stabilization & verification — OIDC verifier, trusted-proxy gating, runtime hook coverage, `tools/` package, reproducible artifacts |
+| 3.4.1 | Runtime completion — full hooks lifecycle, real Local Agent probes, Connect Folder and Folder Watch verified end-to-end |
 | 3.4.0 | Platform completion — hooks execution, uploads in Files, vision image input, agent run trigger, on-device Local Agent / Connect Folder / Folder Watch |
 | 3.3.1 | Visual product rebuild — rebuilt `/app` shell, Basic/Advanced/Admin navigation, refreshed design system |
 | **3.3.0** | Product quality & honesty release — evidence-based feature audit, single-source version truth, working document upload, documented design system |

package/docs/CARRYOVER_AUDIT_v3.6.0.md

@@ -0,0 +1,61 @@
+# v3.5.0 → v3.6.0 Carry-Over Audit
+
+**Date:** 2026-06-09
+**Baseline:** v3.5.0 (tag published, GitHub Release live, CI + Visual Smoke green on `main`)
+**Purpose:** Classify every open v3.5.0 carry-over risk as **blocking**, **non-blocking**, or
+**obsolete** before starting v3.6.0 Knowledge Graph First work.
+
+## Headline
+
+**No carry-over item blocks v3.6.0.** v3.5.0 was a stabilization/verification release that added no
+product surface. Every documented limitation is either an intentional, honestly-labeled scope
+boundary or a closed issue. KG work can start immediately on the existing local SQLite store.
+
+## Verified baseline state
+
+| Check | Result | Evidence |
+|---|---|---|
+| `v3.5.0` git tag | exists | `git tag` |
+| GitHub Release `v3.5.0` | published, not draft | `gh release view v3.5.0` |
+| CI on `main` | success | `gh run list --branch main` (run 27155690240) |
+| Visual Smoke on `main` | success | run 27155690270 |
+| VSIX reproducibility fix | merged | commit `78deb95` |
+
+## Classified carry-over items
+
+### Blocking
+*(none)*
+
+### Non-blocking
+
+| Item | Why it does not block | Evidence |
+|---|---|---|
+| OIDC is RSA-only (RS256/384/512); ES*/HS*/`alg:none` rejected fail-closed | v3.6.0 KG work does not touch the SSO callback. EC support is additive when a provider needs it. | `latticeai/core/oidc.py:36` |
+| Memory/KG maintenance endpoints (`/api/memory/{prune,compact,rebuild,clear}`) sit outside `pre_tool`/`post_tool` | Intentional, documented decision; these ops carry their own audit events. v3.6.0 follows the same convention and adds a coverage row rather than routing maintenance through `dispatch_tool`. | `docs/RUNTIME_HOOK_COVERAGE_v3.5.0.md:47` |
+| Knowledge Graph is config-dependent on `LATTICEAI_ENABLE_GRAPH`, backed by a large `knowledge_graph.py` | This is the surface v3.6.0 builds on. Size/coupling is refactor context, addressed additively (new service modules, not a rewrite). | `FEATURE_STATUS.md:257-263` |
+| Memory project/graph/vector tiers PARTIAL; prune/clear API-only (no UI) | KG-adjacent tiers v3.6.0 completes; honestly labeled, not broken. v3.6.0 adds the ingestion/export/provenance UI. | `FEATURE_STATUS.md:280-286` |
+| Hybrid-search "fusion" explainer renders illustrative bars | Cosmetic placeholder; orthogonal to KG-first ingestion work. | `FEATURE_STATUS.md:249-251` |
+| Chat grounding chips set state but `ChatRequest` drops them | Wiring grounding into generation is a natural KG-first feature; additive, not a blocker. | `FEATURE_STATUS.md:131-138` |
+| CI action versions inconsistent (`ci.yml` `checkout@v4` vs `release.yml` `@v5`) | None are currently deprecated. Aligning is hygiene; addressed opportunistically. | `.github/workflows/ci.yml` |
+| Live MCP tool calls + VLM inference PARTIAL (env/model dependent) | Honestly badged; orthogonal to KG-first work. | `FEATURE_STATUS.md:169-178,392` |
+
+### Obsolete
+
+| Item | Why it is closed |
+|---|---|
+| "Hooks registered but not executing" (v3.3.0 issue) | v3.4.1 added real runners for all built-ins; v3.5.0 closed the last tool-path bypasses at 100% coverage. |
+| Legacy `/account` `/admin` glassmorphism | Blur removed in v3.5.0 (`account.css:120`, `admin.css:48`). Remaining "not restyled" note is a deliberate scope boundary — these pages are outside the v3 SPA view set. |
+| Vercel deployment returns HTTP 500 | Settled posture: Vercel is **landing/download/demo only, never runtime**. Lattice AI is local-first; the KG runs on local SQLite. Do not present any Vercel URL as a product surface. |
+| CI syntax-gate staleness | Fixed in v3.5.0 by `scripts/check_python.py` (discover-based via `rglob`); new v3.6.0 modules are covered automatically with zero maintenance. |
+
+## v3.6.0 posture decisions taken from this audit
+
+1. **Build additively on the existing store.** Mirror the proven `tools.py → tools/` decomposition
+   pattern: preserve the import surface, add focused modules (`services/ingestion.py`,
+   `services/kg_portability.py`, `api/browser.py`, `api/portability.py`) rather than rewriting
+   `knowledge_graph.py`.
+2. **Route new ingestion paths through `dispatch_tool`** so `pre_tool`/`post_tool` fire — this is the
+   one v3.5.0 gap (no ingest path fired hooks). Maintenance ops stay audit-only by the documented
+   convention.
+3. **Keep Vercel landing-only and OIDC RSA-only** — settled, out of v3.6.0 scope.
+4. **Leave legacy `/account` `/admin` pages alone** — out of the local-first KG scope.

package/docs/CHANGELOG.md

@@ -1,5 +1,37 @@
 # Changelog
 
+## [3.6.0] - 2026-06-10
+
+> Knowledge Graph First. The Knowledge Graph becomes the primary architecture:
+> every data source converges into it through one unified ingestion pipeline, with
+> formalized entities/relationships, browser/web inputs, local portability, and
+> per-node provenance. Lattice AI is a Digital Brain Platform — the graph is the
+> durable asset; models read it and are replaceable.
+
+### Added
+
+- Unified ingestion pipeline (`latticeai/services/ingestion.py`): one entrypoint
+  for files, folders, web URLs, browser tabs, and text — idempotent by content
+  hash, bracketed by `pre_tool`/`post_tool`.
+- Knowledge Graph entities `Source`/`Repository`/`Meeting`/`Organization`/
+  `Workflow`/`Agent` and relationships `indexed_from`/`modified_by`/
+  `belongs_to_project`/`part_of`/`discussed_in`/`decided_by`/`generated_by`/
+  `used_by_agent` (additive, lossless `from_legacy`).
+- Browser & web ingestion routes (`/api/browser/read-url`, `/ingest-current-tab`)
+  and a Manifest V3 extension scaffold that posts only to `127.0.0.1`.
+- Knowledge Graph export/import (versioned JSON) and binary backup/restore
+  (`latticeai/services/kg_portability.py`,
+  `/api/knowledge-graph/{export,import,backup,restore,portability,provenance}`).
+- Provenance trail (`ingestion_provenance` table + query API) — every node is
+  explainable.
+- Knowledge Graph UI tabs: Status, Sources, Capture, Backup.
+
+### Changed
+
+- KG ingestion now fires the tool hook lifecycle (closes the v3.5.0 gap);
+  coverage documented in `docs/RUNTIME_HOOK_COVERAGE_v3.6.0.md`.
+- README repositioned as a Digital Brain Platform; Vercel remains landing-only.
+
 ## [3.3.1] - 2026-06-08
 
 > v3.3.1 — Visual Product Rebuild. The `/app` frontend keeps the same runtime

package/docs/HANDOVER_v3.6.0.md

@@ -0,0 +1,46 @@
+# Lattice AI v3.6.0 — Completion Record (Knowledge Graph First)
+
+**Status: ✅ RELEASED — 2026-06-10.** All planned scopes implemented, tested,
+committed, pushed, CI green, tagged, and published. No external publish/deploy.
+
+- **Tag:** `v3.6.0` → commit `3c85675`
+- **GitHub Release:** https://github.com/TaeSooPark-PTS/LatticeAI/releases/tag/v3.6.0
+  (published, not draft; assets: `ltcai-3.6.0-py3-none-any.whl`,
+  `ltcai-3.6.0.tar.gz`, `ltcai-3.6.0.tgz`, `ltcai-3.6.0.vsix`)
+- **CI:** main CI ✓, Visual Smoke ✓, release.yml (tag) ✓
+- **Tests:** unit 455 passing · lint 64/64 · check:python 153 (3.11/3.12/3.14) ·
+  release artifacts built + validated
+
+## Commits (v3.5.0 → v3.6.0)
+
+| Commit | Scope |
+|---|---|
+| `baa2bf6` | chore(audit) — v3.5.0 carry-over (0 blocking) |
+| `5a6a7d4` | feat(kg) — entities/relationships schema |
+| `135e81a` | feat(kg) — unified ingestion pipeline + provenance |
+| `b548885` | feat(browser) — browser/web ingestion + MV3 extension |
+| `39a7a0c` | feat(kg) — export/import/backup/restore |
+| `21cfb97` | fix(runtime) — hook coverage for ingestion paths |
+| `7009e39` | fix(ui) — Knowledge Graph as primary surface |
+| `fa89a84` | docs(philosophy) — Digital Brain Platform rewrite |
+| `aa011a5` | release: v3.6.0 (version bump) |
+| `3c85675` | fix(ci) — 3.11-compatible f-string (PEP 701 quote reuse) |
+
+## Carry-over audit result
+
+Zero blocking items. Settled postures preserved: Vercel landing-only, OIDC
+RSA-only, legacy `/account` `/admin` out of scope. The one honest v3.5.0 gap (KG
+ingestion not firing tool hooks) is **closed**. Full detail:
+`docs/CARRYOVER_AUDIT_v3.6.0.md`.
+
+## Key facts for future work
+
+- New seams: `latticeai/services/ingestion.py` (single write-side entrypoint),
+  `latticeai/services/kg_portability.py`, `latticeai/api/browser.py`,
+  `latticeai/api/portability.py`, provenance in `knowledge_graph.py`.
+- **Gotcha:** PEP 701 f-string quote reuse (`f'{x or ''}'`) compiles on 3.12+ but
+  is a SyntaxError on 3.11 — always run `python3.11 scripts/check_python.py`
+  before pushing (CI tests on 3.11 + 3.12).
+- Version canonical: `WORKSPACE_OS_VERSION`; mirrors enforced by
+  `test_version_consistency.py`.
+- Local tests need `.venv/bin/python` (system `python3` lacks fastapi).

package/docs/RUNTIME_HOOK_COVERAGE_v3.6.0.md

@@ -0,0 +1,49 @@
+# Runtime Hook Coverage — v3.6.0
+
+v3.6.0 makes the Knowledge Graph the primary architecture and adds new
+**ingestion** paths (web URL, browser tab, unified text/file pipeline) plus
+**portability** ops (export/import/backup/restore). This doc extends
+[`RUNTIME_HOOK_COVERAGE_v3.5.0.md`](./RUNTIME_HOOK_COVERAGE_v3.5.0.md) and records
+that the new data-mutating paths run through the unified lifecycle.
+
+The single tool path is `dispatch_tool(hooks, name, args, run_fn)` in
+`latticeai/core/hooks.py` (`pre_tool → execute → post_tool`). v3.5.0's one honest
+gap was that **KG ingestion did not fire hooks**. v3.6.0 closes it: every source
+now flows through `IngestionPipeline.ingest` (`latticeai/services/ingestion.py`),
+which wraps the store write in `dispatch_tool(..., source="ingestion")`.
+
+**Result.** All v3.5.0 coverage is preserved (no regression), and every new
+v3.6.0 ingestion path is covered. Portability admin/maintenance ops follow the
+v3.5.0 convention for service maintenance (own audit events), documented below.
+
+## New v3.6.0 execution paths
+
+| Entrypoint | Execution | Lifecycle path | pre fired | post fired | Test |
+|---|---|---|---|---|---|
+| `IngestionPipeline.ingest` (any source) | `ingest_source` / `ingest_document` | `dispatch_tool(name="kg_ingest.<type>", source="ingestion")` | yes (`pre_tool`) | yes (`post_tool`) | `test_ingestion_pipeline` |
+| `POST /api/browser/read-url` | fetch URL → `pipeline.ingest` (web_url) | pipeline → `dispatch_tool` | yes | yes | `test_browser_ingestion`, `test_runtime_coverage_v36` |
+| `POST /api/browser/ingest-current-tab` | sanitize → `pipeline.ingest` (browser_tab) | pipeline → `dispatch_tool` | yes | yes | `test_browser_ingestion`, `test_runtime_coverage_v36` |
+| Local file / upload via pipeline | `ingest_document` | pipeline → `dispatch_tool` | yes | yes | `test_ingestion_pipeline` |
+| Provenance write per ingestion | `record_provenance` | inside the bracketed `dispatch_tool` run_fn | (bracketed) | (bracketed) | `test_ingestion_pipeline` |
+
+A blocking `pre_tool` hook makes ingestion return `status="blocked"` (the
+`PermissionError` from `dispatch_tool` is caught and surfaced honestly), exactly
+mirroring how a blocked tool call is handled — verified in
+`test_runtime_coverage_v36` and `test_ingestion_pipeline`.
+
+## Intentionally outside the tool lifecycle (documented, not gaps)
+
+| Entrypoint | Why not `pre_tool`/`post_tool` |
+|---|---|
+| `POST /api/knowledge-graph/{export,export-file,backup,restore,import}` | Admin **portability/maintenance** operations over the whole machine-global graph, not agent-vocabulary tools. They are admin-gated (`require_admin`) and recorded via the platform audit trail — same convention as the v3.5.0 memory maintenance ops (`prune/compact/rebuild/clear`). Wrapping a whole-store backup in `pre_tool` would misrepresent it as a per-action agent tool. |
+| `read_document` inside upload (`upload_service.py`) | Already inside the `pre_upload`→`post_upload` lifecycle (unchanged from v3.5.0). |
+| `POST /api/memory/{prune,compact,rebuild,clear}` | Unchanged from v3.5.0 — service maintenance with own audit events. |
+| Read-only KG reads (`/knowledge-graph/{stats,graph,search,...}`, `/api/knowledge-graph/portability` status) | Execute no mutation — nothing to gate. |
+
+## Summary
+
+- v3.5.0 coverage of tool/agent execution paths: **100%, preserved** (no regression).
+- v3.6.0 gap closed: **KG ingestion now fires `pre_tool`/`post_tool`** via the unified pipeline (the one honest carry-over note from v3.5.0).
+- New ingestion paths (unified pipeline, `read-url`, `ingest-current-tab`): **covered**.
+- Portability admin ops: **documented as audit-gated maintenance**, consistent with the v3.5.0 convention — not bypasses.
+- Coverage of discovered mutating ingestion paths: **100%**.

package/docs/architecture.md

@@ -1,17 +1,18 @@
 # Lattice AI Architecture
 
-> v3.3.1 — feature-complete for non-enterprise use cases with a rebuilt `/app`
-> visual shell. The agent ecosystem
-> (registry, marketplace + templates, workflow agents, autonomous planning),
-> the long-term memory platform + manager, and the skills/hooks/tool/MCP
-> registries are all operable from `/app`. Enterprise controls remain future
-> work.
-
-Lattice AI is a local-first **AI workspace, AI pipeline platform, Knowledge
-Graph platform, and multi-agent workflow platform**. The architecture is
-organized around one durable center: the Knowledge Graph. Models, tools,
-agents, workflows, and UI modes are replaceable layers that operate on top of
-workspace and graph context.
+> v3.6.0 — **Knowledge Graph First.** Every data source converges into the graph
+> through one unified ingestion pipeline (`latticeai/services/ingestion.py`), with
+> formalized entities/relationships (`docs/kg-schema.md`), browser/web inputs,
+> per-node provenance, and local export/import/backup
+> (`latticeai/services/kg_portability.py`). The agent ecosystem, long-term memory,
+> and skills/hooks/tool/MCP registries are all operable from `/app`. Enterprise
+> controls remain future work.
+
+Lattice AI is a local-first **Digital Brain Platform**. The architecture is
+organized around one durable center and the user's asset: the **Knowledge
+Graph**. Models, tools, agents, RAG, workflows, and UI modes are replaceable
+layers that operate as views over graph context. Models are replaceable;
+knowledge is durable.
 
 ## Architecture Goals
 

package/docs/kg-schema.md

@@ -83,6 +83,61 @@ Edge {
 
 ---
 
+## v3.6.0 — Knowledge Graph First 엔티티/관계
+
+v3.6.0 은 "모든 데이터 소스가 Knowledge Graph 로 수렴한다"는 원칙을 1급 스키마로
+승격한다. 아래 타입은 **추가형(additive)**이다 — 기존 enum/legacy 매핑을 깨지 않고
+`from_legacy` 가 무손실로 정규화하며, 알 수 없는 타입은 여전히 `CONCEPT`/`MENTIONS` 로
+폴백한다. 스키마는 **확장 가능**하게 유지한다: 새 도메인 엔티티는 enum 멤버 1개 +
+`_LEGACY_NODE_MAP`/`_LEGACY_EDGE_MAP` 별칭만 추가하면 된다.
+
+### 추가 노드 타입
+
+| 타입 | 의미 | 대표 `attrs` / 출처 |
+|------|------|--------------------|
+| `SOURCE` | 수집 출처(파일/URL/브라우저 탭/git 등)의 **출처 노드** | `source_type`, `source_uri`, `content_hash`, `captured_at` |
+| `REPOSITORY` | git 저장소 | `remote`, `branch`, `head` |
+| `MEETING` | 회의 / 미팅 | `started_at`, `attendees[]` |
+| `ORGANIZATION` | 조직 / 회사 / 팀 | `domain`, `members[]` |
+| `WORKFLOW` | 워크플로우 정의/실행 | `workflow_id`, `status` |
+| `AGENT` | 에이전트(역할/실행 주체) | `role`, `model_id` |
+
+### 추가 엣지 타입
+
+| 타입 | 허용 source → target | 의미 |
+|------|---------------------|------|
+| `INDEXED_FROM` | ANY → `SOURCE` | 이 노드가 **어떤 출처에서 색인**됐는가 (provenance) |
+| `MODIFIED_BY` | ANY → `PERSON` | 마지막 수정자 |
+| `BELONGS_TO_PROJECT` | ANY → `PROJECT` | 프로젝트 귀속 |
+| `PART_OF` | ANY → ANY | 구성요소 관계 |
+| `DISCUSSED_IN` | `CONCEPT`·`DECISION` → `MEETING`·`CHAT` | 어디에서 논의됨 |
+| `DECIDED_BY` | `DECISION` → `PERSON` | 결정 주체 |
+| `GENERATED_BY` | ANY → `AGENT`·`MODEL`·`WORKFLOW` | 생성 주체 |
+| `USED_BY_AGENT` | ANY → `AGENT` | 에이전트가 사용함 |
+
+### 통합 수집 형태 (Unified Ingestion)
+
+모든 출처는 동일한 형태로 그래프에 들어온다:
+
+```
+SOURCE ──INDEXED_FROM◄── Document/File ──CONTAINS──► Chunk[]
+   ▲                          │
+   │                          └──(언급/포함)──► Concept / Task / Decision …
+provenance(source_type, source_uri, content_hash, captured_at, modified_at,
+           owner, workspace_id, permissions, pipeline, embedded, linked)
+```
+
+- **콘텐츠 노드**(Document/File/web 노드)는 `content_hash` 로 멱등(idempotent) 처리된다 —
+  같은 콘텐츠를 다시 수집하면 새 노드를 만들지 않고 갱신/링크한다.
+- 모든 콘텐츠 노드는 `SOURCE` 노드로 `INDEXED_FROM` 엣지를 가져 **출처를 항상 설명 가능**하다.
+- provenance 는 노드 `metadata.provenance` 에 임베드되며, 동시에 감사 가능한
+  `ingestion_provenance` 테이블에 기록된다 (`KnowledgeGraphStore.get_provenance(node_id)`).
+
+구현: `latticeai/services/ingestion.py` (`IngestionPipeline`) 가 단일 진입점이며,
+파일/로컬폴더/URL/브라우저 탭/텍스트를 모두 이 형태로 정규화한다.
+
+---
+
 ## 예시 (PPT 슬라이드 22 와 동일)
 
 ```json

package/docs/privacy.md

@@ -13,8 +13,10 @@
 | 사용자 계정 | `~/.ltcai/users.json` | 이름, scrypt 해시 비밀번호, 역할 |
 | 세션 토큰 | `~/.ltcai/sessions.json` | UUID 토큰, 만료시간 |
 | 채팅 히스토리 | `~/.ltcai/chat_history.json` | 사용자-AI 대화 내용 |
-| 지식 그래프 | `~/.ltcai/knowledge_graph.sqlite` | 채팅/문서 노드/엣지 |
-| 업로드 파일 | `~/.ltcai/knowledge_graph_blobs/` | 원본 PDF/DOCX 등 |
+| 지식 그래프 | `~/.ltcai/knowledge_graph.sqlite` | 채팅/문서/웹/탭 노드·엣지, 프로비넌스 |
+| 업로드/수집 파일 | `~/.ltcai/knowledge_graph_blobs/` | 원본 PDF/DOCX/웹 텍스트 등 |
+| 수집 출처 기록(프로비넌스) | `~/.ltcai/knowledge_graph.sqlite` (`ingestion_provenance`) | 각 노드의 출처/시각/처리 방식 — 외부 전송 없음 |
+| 그래프 내보내기/백업 | `~/.ltcai/workspace_exports/` | 사용자가 직접 만든 로컬 export/backup 파일 (클라우드 미사용) |
 | 지식 정원 | `~/.ltcai-brain/` | P-Reinforce 분류 저장 |
 | 설정 | `~/.ltcai/config.json` | 모델 설정, API 키 (keyring) |
 
@@ -36,6 +38,20 @@
 
 Apple Silicon MLX 로컬 모델 사용 시에는 프롬프트가 외부로 전송되지 않습니다.
 
+## 웹/브라우저 수집 (v3.6.0)
+
+- **URL 읽기**(`/api/browser/read-url`): 사용자가 명시적으로 요청한 URL을 **로컬
+  런타임이 직접** 가져와 텍스트만 추출해 그래프에 색인합니다. Lattice AI가 임의로
+  크롤링하지 않으며, 가져온 페이지는 외부로 다시 전송되지 않습니다.
+- **브라우저 탭 수집**(`/api/browser/ingest-current-tab`) 및 Manifest V3 확장:
+  확장 프로그램은 **오직 `127.0.0.1`(로컬)** 로만 전송합니다. 클라우드 엔드포인트가
+  존재하지 않습니다(`browser-extension/` 소스에서 단일 `fetch` 대상 확인 가능).
+
+## 그래프 내보내기/백업 (v3.6.0)
+
+지식 그래프 export/import 및 백업/복원은 **전적으로 로컬**에서 동작하며 클라우드
+서비스를 요구하지 않습니다. 내보낸 파일의 이동·공유는 사용자 책임입니다.
+
 ## API 키 보안
 
 - API 키는 OS keyring(macOS Keychain, Windows Credential Manager, Linux Secret Service)에 저장됩니다

package/docs/security-model.md

@@ -78,6 +78,23 @@ MAGIC_NUMBERS = {
 - 업로드 시 파일 첫 바이트와 확장자 매핑 검증
 - 불일치 시 400 에러
 
+## 수집 & 그래프 포터빌리티 보안 (v3.6.0)
+
+- **수집 라이프사이클**: 모든 수집은 `IngestionPipeline.ingest` → `dispatch_tool`
+  를 거쳐 `pre_tool`/`post_tool` 훅이 발화됩니다. `pre_tool`이 차단하면 수집은
+  정직하게 `status="blocked"`로 거부됩니다(권한 게이트·민감정보 가드 적용).
+- **웹 URL 읽기**(`/api/browser/read-url`): `http(s)` 스킴만 허용(파일/기타 스킴
+  거부), 12초 타임아웃, 4MB 응답 상한, HTML/text 컨텐츠 타입만 처리. 차단/로그인
+  필요 페이지는 5xx가 아닌 **422로 우아하게 실패**합니다. 로컬 런타임이 사용자가
+  명시한 URL만 가져옵니다(자동 크롤링 없음).
+- **브라우저 탭 수집**(`/api/browser/ingest-current-tab`): payload 정화(스크립트/
+  스타일 제거) + 페이로드 크기 상한(413). Manifest V3 확장은 **`127.0.0.1`로만**
+  전송하며 클라우드 엔드포인트가 없습니다.
+- **포터빌리티 권한**: 그래프 export/status 읽기는 로그인 사용자, **import /
+  backup / restore 는 admin 전용**(`require_admin`). 그래프는 머신-전역 자원입니다.
+- **복원 무결성**: 백업 아카이브는 `manifest.json`의 sha256과 대조 검증 후에만
+  복원되며, 불일치 시 거부됩니다.
+
 ## 에이전트 도구 샌드박스
 
 ### `run_command()` 위험 플래그 차단

package/kg_schema.py

@@ -99,6 +99,15 @@ class NodeType(str, Enum):
     DECISION     = "DECISION"       # 결정 사항
     ERROR        = "ERROR"          # 오류 / 버그
     EVENT        = "EVENT"          # 분석/시스템 이벤트(동적 타입 폴백)
+    # v3.6.0 Knowledge Graph First — 모든 데이터 소스가 그래프로 수렴하기 위한
+    # 1급 엔티티. 추가형(additive)·확장 가능(extensible): 새 도메인 엔티티는
+    # 여기에 enum 멤버를 추가하고 _LEGACY_NODE_MAP 에 별칭만 등록하면 된다.
+    SOURCE       = "SOURCE"         # 수집 출처(파일/URL/브라우저 탭/git 등)의 출처 노드
+    REPOSITORY   = "REPOSITORY"     # git 저장소
+    MEETING      = "MEETING"        # 회의 / 미팅
+    ORGANIZATION = "ORGANIZATION"   # 조직 / 회사 / 팀
+    WORKFLOW     = "WORKFLOW"       # 워크플로우 정의/실행
+    AGENT        = "AGENT"          # 에이전트(역할/실행 주체)
 
     @classmethod
     def from_legacy(cls, label: str) -> "NodeType":
@@ -143,6 +152,16 @@ class EdgeType(str, Enum):
     DISCUSSES      = "DISCUSSES"      # SLIDE/PAGE → TOPIC (discusses)
     IMPLIES        = "IMPLIES"        # NODE → NODE (implies)
     RELATED_TO     = "RELATED_TO"     # ANY ↔ ANY (related_to)
+    # v3.6.0 Knowledge Graph First — 출처/소유/구성/결정 관계를 1급 엣지로 승격.
+    # 추가형: 새 관계는 enum 멤버 추가 + _LEGACY_EDGE_MAP 별칭 등록만으로 확장된다.
+    INDEXED_FROM       = "INDEXED_FROM"        # NODE → SOURCE (어떤 출처에서 색인됐는가)
+    MODIFIED_BY        = "MODIFIED_BY"         # NODE → PERSON (마지막 수정자)
+    BELONGS_TO_PROJECT = "BELONGS_TO_PROJECT"  # NODE → PROJECT
+    PART_OF            = "PART_OF"             # NODE → NODE (구성요소 관계)
+    DISCUSSED_IN       = "DISCUSSED_IN"        # CONCEPT/DECISION → MEETING/CHAT
+    DECIDED_BY         = "DECIDED_BY"          # DECISION → PERSON
+    GENERATED_BY       = "GENERATED_BY"        # NODE → AGENT/MODEL/WORKFLOW
+    USED_BY_AGENT      = "USED_BY_AGENT"       # NODE → AGENT (에이전트가 사용함)
 
     @classmethod
     def from_legacy(cls, label: str) -> "EdgeType":
@@ -199,6 +218,19 @@ _LEGACY_NODE_MAP: Dict[str, NodeType] = {
     "보고서":       NodeType.DOCUMENT,
     "계획서":       NodeType.DOCUMENT,
     "기획서":       NodeType.DOCUMENT,
+    # v3.6.0 Knowledge Graph First 엔티티
+    "source":       NodeType.SOURCE,
+    "ingestionsource": NodeType.SOURCE,
+    "repository":   NodeType.REPOSITORY,
+    "repo":         NodeType.REPOSITORY,
+    "gitrepo":      NodeType.REPOSITORY,
+    "meeting":      NodeType.MEETING,
+    "organization": NodeType.ORGANIZATION,
+    "org":          NodeType.ORGANIZATION,
+    "company":      NodeType.ORGANIZATION,
+    "team":         NodeType.ORGANIZATION,
+    "workflow":     NodeType.WORKFLOW,
+    "agent":        NodeType.AGENT,
 }
 
 _LEGACY_EDGE_MAP: Dict[str, EdgeType] = {
@@ -254,6 +286,20 @@ _LEGACY_EDGE_MAP: Dict[str, EdgeType] = {
     "영감받음":      EdgeType.INSPIRED_BY,
     "상충함":        EdgeType.CONTRADICTS,
     "발전함":        EdgeType.EVOLVES_FROM,
+    # v3.6.0 Knowledge Graph First 관계
+    "indexed_from":       EdgeType.INDEXED_FROM,
+    "modified_by":        EdgeType.MODIFIED_BY,
+    "belongs_to_project": EdgeType.BELONGS_TO_PROJECT,
+    "belongs_to":         EdgeType.BELONGS_TO_PROJECT,
+    "part_of":            EdgeType.PART_OF,
+    "discussed_in":       EdgeType.DISCUSSED_IN,
+    "decided_by":         EdgeType.DECIDED_BY,
+    "generated_by":       EdgeType.GENERATED_BY,
+    "used_by_agent":      EdgeType.USED_BY_AGENT,
+    "색인됨":             EdgeType.INDEXED_FROM,
+    "수정함":             EdgeType.MODIFIED_BY,
+    "결정함":             EdgeType.DECIDED_BY,
+    "구성요소":           EdgeType.PART_OF,
 }
 
 # ── SQLite v2 store ─────────────────────────────────────────────────────────