ltcai 4.6.1 → 4.7.0

package/lattice_brain/archive.py

@@ -50,6 +50,10 @@ def _now() -> str:
     return datetime.now(timezone.utc).isoformat()
 
 
+def _stamp() -> str:
+    return _now().replace(":", "").replace("-", "").replace(".", "")[:15]
+
+
 def _derive_key(passphrase: str, salt: bytes) -> bytes:
     if not passphrase:
         raise ValueError("A passphrase is required for encrypted .latticebrain archives.")
@@ -93,6 +97,78 @@ def _assert_safe_member(name: str) -> PurePosixPath:
     return path
 
 
+def _pre_restore_backup_dir(anchor: Path) -> Path:
+    backup_dir = anchor.parent / f"{anchor.name}.pre-restore-{_stamp()}"
+    index = 1
+    while backup_dir.exists():
+        backup_dir = anchor.parent / f"{anchor.name}.pre-restore-{_stamp()}-{index}"
+        index += 1
+    backup_dir.mkdir(parents=True)
+    return backup_dir
+
+
+def _sqlite_siblings(db_path: Path) -> tuple[Path, Path, Path]:
+    return (db_path, Path(str(db_path) + "-wal"), Path(str(db_path) + "-shm"))
+
+
+def _restore_sibling(path: Path, backup: Path) -> None:
+    if backup.exists():
+        shutil.copy2(backup, path)
+    elif path.exists():
+        path.unlink()
+
+
+def _replace_sqlite_atomically(src: Path, dest: Path, backup_dir: Path) -> None:
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    tmp = dest.parent / f".{dest.name}.restore-{_stamp()}-{os.getpid()}.tmp"
+    shutil.copyfile(src, tmp)
+    backups: dict[Path, Path] = {}
+    try:
+        for sibling in _sqlite_siblings(dest):
+            if sibling.exists():
+                backup = backup_dir / sibling.name
+                shutil.copy2(sibling, backup)
+                backups[sibling] = backup
+        for sibling in _sqlite_siblings(dest)[1:]:
+            if sibling.exists():
+                sibling.unlink()
+        os.replace(tmp, dest)
+    except Exception:
+        if tmp.exists():
+            tmp.unlink()
+        for sibling in _sqlite_siblings(dest):
+            _restore_sibling(sibling, backups.get(sibling, backup_dir / sibling.name))
+        raise
+
+
+def _rollback_sqlite_from_backup(dest: Path, backup_dir: Path) -> None:
+    for sibling in _sqlite_siblings(dest):
+        _restore_sibling(sibling, backup_dir / sibling.name)
+
+
+def _replace_tree_with_backup(src: Optional[Path], dest: Path, backup_dir: Path) -> None:
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    staged = dest.parent / f".{dest.name}.restore-{_stamp()}-{os.getpid()}"
+    backup = backup_dir / dest.name
+    if src and src.exists():
+        shutil.copytree(src, staged)
+    else:
+        staged.mkdir(parents=True)
+    try:
+        if dest.exists():
+            shutil.copytree(dest, backup)
+            shutil.rmtree(dest)
+        os.replace(staged, dest)
+    except Exception:
+        if staged.exists():
+            shutil.rmtree(staged)
+        if dest.exists():
+            shutil.rmtree(dest)
+        if backup.exists():
+            shutil.copytree(backup, dest)
+        raise
+
+
 @dataclass(frozen=True)
 class BrainArchivePaths:
     db_path: Path
@@ -397,19 +473,15 @@ class EncryptedBrainArchive:
             db_src = out / "knowledge_graph.sqlite"
             if not db_src.exists():
                 raise ValueError("Archive payload is missing knowledge_graph.sqlite.")
-            target.db_path.parent.mkdir(parents=True, exist_ok=True)
-            for sibling in (target.db_path, Path(str(target.db_path) + "-wal"), Path(str(target.db_path) + "-shm")):
-                if sibling.exists():
-                    sibling.unlink()
-            shutil.copyfile(db_src, target.db_path)
-            blobs_src = out / "blobs"
-            if target.blob_dir:
-                if target.blob_dir.exists():
-                    shutil.rmtree(target.blob_dir)
-                if blobs_src.exists():
-                    shutil.copytree(blobs_src, target.blob_dir)
-                else:
-                    target.blob_dir.mkdir(parents=True, exist_ok=True)
+            backup_dir = _pre_restore_backup_dir(target.db_path)
+            try:
+                _replace_sqlite_atomically(db_src, target.db_path, backup_dir)
+                blobs_src = out / "blobs"
+                if target.blob_dir:
+                    _replace_tree_with_backup(blobs_src if blobs_src.exists() else None, target.blob_dir, backup_dir)
+            except Exception:
+                _rollback_sqlite_from_backup(target.db_path, backup_dir)
+                raise
             if target.data_dir:
                 data_src = out / "data"
                 exports_src = out / "workspace_exports"
@@ -439,6 +511,7 @@ class EncryptedBrainArchive:
             "path": str(target.db_path),
             "encrypted": True,
             "verified": True,
+            "pre_restore_backup": str(backup_dir),
             "manifest": manifest,
         }
 

package/lattice_brain/portability.py

@@ -15,6 +15,7 @@ from __future__ import annotations
 
 import hashlib
 import json
+import os
 import shutil
 import tempfile
 import zipfile
@@ -57,6 +58,78 @@ def _safe_zip_names(names) -> None:
             raise ValueError(f"Backup archive contains unsafe path: {name}")
 
 
+def _pre_restore_backup_dir(anchor: Path) -> Path:
+    backup_dir = anchor.parent / f"{anchor.name}.pre-restore-{_stamp()}"
+    index = 1
+    while backup_dir.exists():
+        backup_dir = anchor.parent / f"{anchor.name}.pre-restore-{_stamp()}-{index}"
+        index += 1
+    backup_dir.mkdir(parents=True)
+    return backup_dir
+
+
+def _sqlite_siblings(db_path: Path) -> tuple[Path, Path, Path]:
+    return (db_path, Path(str(db_path) + "-wal"), Path(str(db_path) + "-shm"))
+
+
+def _restore_sibling(path: Path, backup: Path) -> None:
+    if backup.exists():
+        shutil.copy2(backup, path)
+    elif path.exists():
+        path.unlink()
+
+
+def _replace_sqlite_atomically(src: Path, dest: Path, backup_dir: Path) -> None:
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    tmp = dest.parent / f".{dest.name}.restore-{_stamp()}-{os.getpid()}.tmp"
+    shutil.copyfile(src, tmp)
+    backups: dict[Path, Path] = {}
+    try:
+        for sibling in _sqlite_siblings(dest):
+            if sibling.exists():
+                backup = backup_dir / sibling.name
+                shutil.copy2(sibling, backup)
+                backups[sibling] = backup
+        for sibling in _sqlite_siblings(dest)[1:]:
+            if sibling.exists():
+                sibling.unlink()
+        os.replace(tmp, dest)
+    except Exception:
+        if tmp.exists():
+            tmp.unlink()
+        for sibling in _sqlite_siblings(dest):
+            _restore_sibling(sibling, backups.get(sibling, backup_dir / sibling.name))
+        raise
+
+
+def _rollback_sqlite_from_backup(dest: Path, backup_dir: Path) -> None:
+    for sibling in _sqlite_siblings(dest):
+        _restore_sibling(sibling, backup_dir / sibling.name)
+
+
+def _replace_tree_with_backup(src: Optional[Path], dest: Path, backup_dir: Path) -> None:
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    staged = dest.parent / f".{dest.name}.restore-{_stamp()}-{os.getpid()}"
+    backup = backup_dir / dest.name
+    if src and src.exists():
+        shutil.copytree(src, staged)
+    else:
+        staged.mkdir(parents=True)
+    try:
+        if dest.exists():
+            shutil.copytree(dest, backup)
+            shutil.rmtree(dest)
+        os.replace(staged, dest)
+    except Exception:
+        if staged.exists():
+            shutil.rmtree(staged)
+        if dest.exists():
+            shutil.rmtree(dest)
+        if backup.exists():
+            shutil.copytree(backup, dest)
+        raise
+
+
 class KGPortabilityService:
     def __init__(self, *, knowledge_graph: Any, data_dir, enable_graph: bool = True, device_identity: Any = None) -> None:
         self._kg = knowledge_graph
@@ -204,24 +277,19 @@ class KGPortabilityService:
                     }
                 db_dest = Path(self._kg.db_path)
                 blob_dest = Path(self._kg.blob_dir)
-                db_dest.parent.mkdir(parents=True, exist_ok=True)
-                # Drop the live DB + stale WAL/SHM siblings so the restored copy
-                # is authoritative (no stale journal overlaying old pages).
-                for sib in (db_dest, Path(str(db_dest) + "-wal"), Path(str(db_dest) + "-shm")):
-                    if sib.exists():
-                        sib.unlink()
-                shutil.copyfile(db_src, db_dest)
-                blob_src = tmp / "blobs"
-                if blob_src.exists():
-                    if blob_dest.exists():
-                        shutil.rmtree(blob_dest)
-                    shutil.copytree(blob_src, blob_dest)
-                else:
-                    blob_dest.mkdir(parents=True, exist_ok=True)
+                backup_dir = _pre_restore_backup_dir(db_dest)
+                try:
+                    _replace_sqlite_atomically(db_src, db_dest, backup_dir)
+                    blob_src = tmp / "blobs"
+                    _replace_tree_with_backup(blob_src if blob_src.exists() else None, blob_dest, backup_dir)
+                except Exception:
+                    _rollback_sqlite_from_backup(db_dest, backup_dir)
+                    raise
         stats = self._kg.stats()
         return {
             "restored": True,
             "manifest": manifest,
+            "pre_restore_backup": str(backup_dir),
             "nodes": sum(stats.get("nodes", {}).values()),
         }
 

package/lattice_brain/runtime/multi_agent.py

@@ -14,7 +14,7 @@ from datetime import datetime
 from typing import Any, Callable, Dict, List, Optional
 
 
-MULTI_AGENT_VERSION = "4.6.1"
+MULTI_AGENT_VERSION = "4.7.0"
 
 AGENT_ROLES = ("researcher", "planner", "executor", "reviewer", "release")
 CORE_PIPELINE = ("planner", "executor", "reviewer")

package/latticeai/__init__.py

@@ -1,3 +1,3 @@
 """Lattice AI - modular server package."""
 
-__version__ = "4.6.1"
+__version__ = "4.7.0"

package/latticeai/api/admin.py

@@ -7,6 +7,8 @@ from typing import Callable, Dict, List, Optional
 from fastapi import APIRouter, HTTPException, Request
 from pydantic import BaseModel
 
+from latticeai.core.workspace_os import DEFAULT_WORKSPACE_ID
+
 
 class AdminUserUpdate(BaseModel):
     role: Optional[str] = None
@@ -42,6 +44,7 @@ def create_admin_router(
     save_users: Callable,
     get_user_role: Callable,
     get_history: Callable,
+    get_audit_log: Callable,
     public_user: Callable,
     load_vpc_config: Callable,
     save_vpc_config: Callable,
@@ -60,10 +63,33 @@ def create_admin_router(
 ) -> APIRouter:
     router = APIRouter()
 
+    def _workspace_scope(request: Request) -> Optional[str]:
+        header = request.headers.get("X-Workspace-Id")
+        if header and header.strip():
+            return header.strip()
+        query = request.query_params.get("workspace_id")
+        return query.strip() if query and query.strip() else None
+
+    def _matches_scope(item: Dict[str, object], workspace_id: Optional[str]) -> bool:
+        if not workspace_id:
+            return True
+        item_scope = item.get("workspace_id")
+        if not item_scope and workspace_id == DEFAULT_WORKSPACE_ID:
+            return True
+        return str(item_scope or "") == str(workspace_id)
+
+    def _scoped_history(request: Request) -> List[Dict]:
+        scope = _workspace_scope(request)
+        return [item for item in get_history() if _matches_scope(item, scope)]
+
+    def _scoped_audit_log(request: Request) -> List[Dict]:
+        scope = _workspace_scope(request)
+        return [item for item in get_audit_log() if _matches_scope(item, scope)]
+
     @router.get("/admin/summary")
     async def admin_summary(request: Request):
         _, users = require_admin(request)
-        history = get_history()
+        history = _scoped_history(request)
         user_msgs = [i for i in history if i.get("role") == "user"]
         asst_msgs = [i for i in history if i.get("role") == "assistant"]
         return {
@@ -79,7 +105,7 @@ def create_admin_router(
     @router.get("/admin/stats")
     async def admin_stats(request: Request):
         require_admin(request)
-        history = get_history()
+        history = _scoped_history(request)
         daily: dict = defaultdict(lambda: {"user": 0, "assistant": 0})
         for item in history:
             ts = item.get("timestamp", "")
@@ -98,12 +124,12 @@ def create_admin_router(
     @router.get("/admin/sensitivity")
     async def admin_sensitivity(request: Request):
         require_admin(request)
-        return build_sensitivity_report(get_history())
+        return build_sensitivity_report(_scoped_history(request))
 
     @router.get("/admin/audit")
     async def admin_audit(request: Request):
         _, users = require_admin(request)
-        report = build_admin_audit_report(users)
+        report = build_admin_audit_report(users, _scoped_audit_log(request))
         try:
             report["graph"] = get_graph_stats() if enable_graph else {"disabled": True}
         except Exception as e:

package/latticeai/api/chat.py

@@ -52,6 +52,7 @@ class AgentRequest(BaseModel):
     temperature: float = 0.1
     user_email: Optional[str] = None
     user_nickname: Optional[str] = None
+    workspace_id: Optional[str] = None
     planning_model: Optional[str] = None
     executing_model: Optional[str] = None
     reviewing_model: Optional[str] = None
@@ -136,6 +137,13 @@ def format_network_status(info: Dict) -> str:
         lines.extend(["", note])
     return "\n".join(lines)
 
+def workspace_scope_from_request(request: Request) -> Optional[str]:
+    header = request.headers.get("X-Workspace-Id")
+    if header and header.strip():
+        return header.strip()
+    query = request.query_params.get("workspace_id")
+    return query.strip() if query and query.strip() else None
+
 async def single_text_stream(text: str, model: str = "system") -> AsyncIterator[str]:
     yield f"data: {json.dumps({'chunk': text, 'model': model}, ensure_ascii=False)}\n\n"
     yield "data: [DONE]\n\n"
@@ -296,15 +304,20 @@ def create_chat_router(context: AppContext) -> APIRouter:
         )
         effective_email = req.user_email or current_user or None
         history_user = get_history_user(effective_email, req.user_nickname)
+        history_meta = {
+            "source": req.source or "web",
+            "conversation_id": req.conversation_id,
+            "workspace_id": workspace_scope_from_request(request),
+        }
     
         if is_network_status_request(req.message):
             history_message = f"{req.message}\n[Image attached]" if req.image_data else req.message
-            save_to_history("user", history_message, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+            save_to_history("user", history_message, **history_meta, **history_user)
             try:
                 answer = format_network_status(network_status())
             except ToolError as exc:
                 answer = f"네트워크 정보를 확인하지 못했습니다: {exc}"
-            save_to_history("assistant", answer, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+            save_to_history("assistant", answer, **history_meta, **history_user)
             notify_chat_message("user", req.message, req.source)
             notify_chat_message("assistant", answer, req.source)
             if req.stream:
@@ -362,8 +375,8 @@ def create_chat_router(context: AppContext) -> APIRouter:
     
         if is_current_url_request(req.message) and req.client_url:
             answer = f"현재 페이지 URL: {req.client_url}"
-            save_to_history("user", req.message, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
-            save_to_history("assistant", answer, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+            save_to_history("user", req.message, **history_meta, **history_user)
+            save_to_history("assistant", answer, **history_meta, **history_user)
             notify_chat_message("user", req.message, req.source)
             notify_chat_message("assistant", answer, req.source)
             if req.stream:
@@ -459,7 +472,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
             trace_seed["context_assembly"] = context_trace
     
         history_message = f"{req.message}\n[Image attached]" if req.image_data else req.message
-        save_to_history("user", history_message, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+        save_to_history("user", history_message, **history_meta, **history_user)
         notify_chat_message("user", req.message, req.source)
     
         if is_doc_gen and ENABLE_GRAPH and KNOWLEDGE_GRAPH:
@@ -488,7 +501,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
                         yield f"data: {json.dumps({'text': footnote}, ensure_ascii=False)}\n\n"
                         full_text += footnote
                     session.update(graph_md, full_text, req.conversation_id)
-                    save_to_history("assistant", full_text, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+                    save_to_history("assistant", full_text, **history_meta, **history_user)
                     trace_record = CHAT_SERVICE.record_trace(
                         question=req.message,
                         response=full_text,
@@ -513,7 +526,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
                 if footnote:
                     result += footnote
                 session.update(graph_md, result, req.conversation_id)
-                save_to_history("assistant", str(result), source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+                save_to_history("assistant", str(result), **history_meta, **history_user)
                 trace_record = CHAT_SERVICE.record_trace(
                     question=req.message,
                     response=str(result),
@@ -549,7 +562,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
     
             result = await router.generate(req.message, full_context, req.max_tokens, req.temperature, req.image_data)
     
-            save_to_history("assistant", str(result), source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+            save_to_history("assistant", str(result), **history_meta, **history_user)
             trace_record = CHAT_SERVICE.record_trace(
                 question=req.message,
                 response=str(result),
@@ -652,7 +665,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
             full_response += str(clean_chunk)
             yield f"data: {json.dumps({'chunk': clean_chunk, 'model': router.current_model_id}, ensure_ascii=False)}\n\n"
         history_user = get_history_user(req.user_email, req.user_nickname)
-        save_to_history("assistant", full_response, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+        save_to_history("assistant", full_response, **history_meta, **history_user)
         trace_record = CHAT_SERVICE.record_trace(
             question=req.message,
             response=full_response,
@@ -728,6 +741,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
         """
         current_user = require_user(request)
         enforce_rate_limit(current_user, "agent")
+        req.workspace_id = req.workspace_id or workspace_scope_from_request(request)
         if not router.current_model_id:
             raise HTTPException(status_code=400, detail="No model loaded. Call /models/load first.")
     
@@ -776,8 +790,8 @@ def create_chat_router(context: AppContext) -> APIRouter:
         asyncio.create_task(_AGENT_RUNTIME.memory_update(ctx, req, current_user))
     
         message = ctx.final_message or "작업을 완료했습니다."
-        save_to_history("user", req.message, source=req.source or "web", conversation_id=req.conversation_id)
-        save_to_history("assistant", message, source=req.source or "web", conversation_id=req.conversation_id)
+        save_to_history("user", req.message, source=req.source or "web", conversation_id=req.conversation_id, workspace_id=req.workspace_id)
+        save_to_history("assistant", message, source=req.source or "web", conversation_id=req.conversation_id, workspace_id=req.workspace_id)
         try:
             WORKSPACE_OS.record_agent_run(
                 agent_id="agent:executor",

package/latticeai/app_factory.py

@@ -15,7 +15,7 @@ lazily via module ``__getattr__`` for backwards compatibility.
 from __future__ import annotations
 
 import threading
-from typing import TYPE_CHECKING, Any, Dict, Optional
+from typing import TYPE_CHECKING, Any, Dict, List, Optional
 
 if TYPE_CHECKING:  # imports for annotations only — keep module import light
     from fastapi import FastAPI
@@ -704,6 +704,7 @@ def _build(config: "Optional[Config]" = None) -> Dict[str, Any]:
         user_nickname: Optional[str] = None,
         source: Optional[str] = None,
         conversation_id: Optional[str] = None,
+        workspace_id: Optional[str] = None,
     ):
         try:
             message = redact_secret_text(message)
@@ -718,6 +719,8 @@ def _build(config: "Optional[Config]" = None) -> Dict[str, Any]:
                 item["source"] = source
             if conversation_id:
                 item["conversation_id"] = conversation_id
+            if workspace_id:
+                item["workspace_id"] = workspace_id
             sensitive = classify_sensitive_message(item, -1)
             append_audit_event(
                 "chat_message",
@@ -726,6 +729,7 @@ def _build(config: "Optional[Config]" = None) -> Dict[str, Any]:
                 user_nickname=user_nickname,
                 source=source,
                 conversation_id=conversation_id,
+                workspace_id=workspace_id,
                 content_preview=sensitive.get("preview"),
                 content_chars=len(message or ""),
                 sensitivity=sensitive.get("sensitivity"),
@@ -1036,7 +1040,7 @@ def _build(config: "Optional[Config]" = None) -> Dict[str, Any]:
         return _build_sensitivity_report(history)
 
     # ── Admin audit report — delegated to latticeai.core.audit ───────────────────
-    def build_admin_audit_report(users: Dict) -> Dict:
+    def build_admin_audit_report(users: Dict, audit_events: Optional[List[Dict]] = None) -> Dict:
         graph_stats = None
         try:
             if ENABLE_GRAPH and KNOWLEDGE_GRAPH:
@@ -1047,6 +1051,7 @@ def _build(config: "Optional[Config]" = None) -> Dict[str, Any]:
             AUDIT_FILE, users,
             get_user_role=get_user_role,
             graph_stats=graph_stats,
+            audit_events=audit_events,
         )
 
     router = LLMRouter()
@@ -1268,6 +1273,7 @@ def _build(config: "Optional[Config]" = None) -> Dict[str, Any]:
         require_admin=require_admin, require_user=require_user,
         load_users=load_users, save_users=save_users,
         get_user_role=get_user_role, get_history=get_history,
+        get_audit_log=get_audit_log,
         public_user=public_user, load_vpc_config=load_vpc_config,
         save_vpc_config=save_vpc_config,
         build_admin_audit_report=build_admin_audit_report,

package/latticeai/core/audit.py

@@ -141,8 +141,9 @@ def build_admin_audit_report(
     *,
     get_user_role: Callable[[str, Optional[Dict]], str],
     graph_stats: Optional[Dict] = None,
+    audit_events: Optional[List[Dict]] = None,
 ) -> Dict:
-    events = get_audit_log(audit_file)
+    events = audit_events if audit_events is not None else get_audit_log(audit_file)
 
     def _user_bucket(email: Optional[str], nickname: Optional[str] = None) -> Dict:
         user = users.get(email or "", {})
@@ -234,7 +235,7 @@ def build_admin_audit_report(
 def _public_audit_event(event: Dict) -> Dict:
     allowed = {
         "event_type", "timestamp", "role", "user_email", "user_nickname", "source",
-        "conversation_id", "command", "scope", "target_email", "filename", "mime_type",
+        "conversation_id", "workspace_id", "command", "scope", "target_email", "filename", "mime_type",
         "ext", "bytes", "extracted_chars", "graph_node", "keep_last", "removed", "kept",
         "started_at", "sensitivity", "sensitive_labels", "content_preview", "content_chars",
     }

package/latticeai/core/marketplace.py

@@ -11,7 +11,7 @@ from copy import deepcopy
 from typing import Any, Dict, List, Optional
 
 
-MARKETPLACE_VERSION = "4.6.1"
+MARKETPLACE_VERSION = "4.7.0"
 TEMPLATE_KINDS = ("plugin", "workflow", "agent")
 
 

package/latticeai/core/workspace_os.py

@@ -19,7 +19,7 @@ from pathlib import Path
 from typing import Any, Callable, Dict, Iterable, List, Optional
 
 
-WORKSPACE_OS_VERSION = "4.6.1"
+WORKSPACE_OS_VERSION = "4.7.0"
 
 # Workspace types separate single-user Personal workspaces from shared
 # Organization workspaces. Both keep the same local-first JSON store; the type

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ltcai",
-  "version": "4.6.1",
+  "version": "4.7.0",
   "description": "Lattice AI — local-first Living Brain workspace (conversation, durable memory, hybrid search, agents, advanced graph exploration, portable encrypted brain archives)",
   "homepage": "https://github.com/TaeSooPark-PTS/LatticeAI#readme",
   "repository": {

package/scripts/launch-pts-grok.sh

@@ -0,0 +1,56 @@
+#!/bin/zsh
+# Launch a dedicated Grok TUI session wired to the "pts_grok" Discord bot.
+# This lets you collaborate with pts_openclaw and pts_claudecode in the shared channel
+# by having them @mention pts_grok (or you mentioning it).
+#
+# Prerequisites:
+# 1. Create a brand new Discord Application + Bot in https://discord.com/developers/applications
+#    - Name the bot exactly "pts_grok" (for easy @mentions).
+#    - Enable "Message Content Intent" under Privileged Gateway Intents.
+#    - Generate / Reset the Bot token (copy it once).
+# 2. Invite the new bot to your server using OAuth2 URL Generator (bot scope + View Channels,
+#    Send Messages, Send Messages in Threads, Read Message History, Attach Files, Add Reactions).
+# 3. Put the token into ~/.grok/channels/discord-pts-grok/.env as DISCORD_BOT_TOKEN=...
+# 4. After creating the bot, note its User ID (right-click the bot in Discord → Copy User ID, with Dev Mode on).
+#    Then add that ID to the other agents' botAllowFrom lists (and they will add yours).
+#
+# Usage:
+#   cd ~/Downloads/Lattice\ AI
+#   ./scripts/launch-pts-grok.sh
+#
+# In that new terminal session, the "discord" MCP tools will be bound to pts_grok.
+# Mentioning pts_grok from pts_openclaw (or the human) in channel 1506662093309608026
+# will be delivered here.
+
+set -euo pipefail
+
+export DISCORD_STATE_DIR="$HOME/.grok/channels/discord-pts-grok"
+
+# Safety: ensure the secret file has sane permissions
+chmod 600 "$DISCORD_STATE_DIR/.env" 2>/dev/null || true
+
+# Make sure the token is present and looks real (not just empty or placeholder)
+token_line=$(grep '^DISCORD_BOT_TOKEN=' "$DISCORD_STATE_DIR/.env" 2>/dev/null | tail -1 || true)
+token_value="${token_line#DISCORD_BOT_TOKEN=}"
+
+if [[ -z "$token_value" || ${#token_value} -lt 40 ]]; then
+  echo "ERROR: DISCORD_BOT_TOKEN is missing or too short in $DISCORD_STATE_DIR/.env"
+  echo "Edit it first with the real token from Discord Developer Portal → Your pts_grok bot → Reset Token."
+  echo "Example line: DISCORD_BOT_TOKEN=MTxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+  exit 1
+fi
+
+# Quick sanity so we don't launch with the placeholder comment
+if echo "$token_value" | grep -qi 'PUT_YOUR\|MASKED\|edit me'; then
+  echo "ERROR: The token in $DISCORD_STATE_DIR/.env still contains placeholder text."
+  echo "Replace it with the actual bot token."
+  exit 1
+fi
+
+cd "$(dirname "$0")/.."
+
+echo "Launching Grok as pts_grok (state: $DISCORD_STATE_DIR)"
+echo "Make sure the 'discord' MCP / plugin is enabled (use /mcps or /plugins in the TUI if needed)."
+echo
+
+exec "$HOME/.grok/bin/grok" "$@"

package/src-tauri/Cargo.lock

@@ -1654,7 +1654,7 @@ dependencies = [
 
 [[package]]
 name = "lattice-ai-desktop"
-version = "4.6.1"
+version = "4.7.0"
 dependencies = [
  "plist",
  "serde",

package/src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "lattice-ai-desktop"
-version = "4.6.1"
+version = "4.7.0"
 description = "Lattice AI Digital Brain desktop shell"
 authors = ["TaeSoo Park"]
 edition = "2021"

package/src-tauri/tauri.conf.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://schema.tauri.app/config/2",
   "productName": "Lattice AI",
-  "version": "4.6.1",
+  "version": "4.7.0",
   "identifier": "ai.lattice.desktop",
   "build": {
     "beforeDevCommand": "npm run frontend:dev",