ltcai 8.8.0 → 8.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. package/README.md +34 -27
  2. package/auto_setup.py +73 -8
  3. package/docs/CHANGELOG.md +37 -0
  4. package/docs/CODE_REVIEW_2026-07-06.md +764 -0
  5. package/docs/COMMUNITY_AND_PLUGINS.md +3 -3
  6. package/docs/DEVELOPMENT.md +10 -10
  7. package/docs/LEGACY_COMPATIBILITY.md +1 -1
  8. package/docs/ONBOARDING.md +2 -2
  9. package/docs/PRODUCT_DIRECTION_REVIEW.md +3 -2
  10. package/docs/TRUST_MODEL.md +5 -1
  11. package/docs/WHY_LATTICE.md +4 -3
  12. package/docs/architecture.md +4 -0
  13. package/docs/kg-schema.md +1 -1
  14. package/lattice_brain/__init__.py +1 -1
  15. package/lattice_brain/conversations.py +156 -21
  16. package/lattice_brain/graph/_kg_common.py +12 -34
  17. package/lattice_brain/graph/json_utils.py +25 -0
  18. package/lattice_brain/graph/retrieval.py +66 -27
  19. package/lattice_brain/graph/runtime.py +16 -0
  20. package/lattice_brain/runtime/multi_agent.py +1 -1
  21. package/latticeai/__init__.py +1 -1
  22. package/latticeai/api/chat.py +31 -14
  23. package/latticeai/api/mcp.py +3 -2
  24. package/latticeai/api/models.py +4 -1
  25. package/latticeai/api/permissions.py +69 -30
  26. package/latticeai/api/setup.py +17 -2
  27. package/latticeai/api/tools.py +104 -62
  28. package/latticeai/app_factory.py +93 -10
  29. package/latticeai/core/agent.py +25 -7
  30. package/latticeai/core/legacy_compatibility.py +1 -1
  31. package/latticeai/core/marketplace.py +1 -1
  32. package/latticeai/core/sessions.py +11 -3
  33. package/latticeai/core/tool_registry.py +15 -4
  34. package/latticeai/core/workspace_os.py +1 -1
  35. package/latticeai/runtime/bootstrap.py +1 -1
  36. package/latticeai/services/app_context.py +1 -0
  37. package/latticeai/services/architecture_readiness.py +2 -2
  38. package/latticeai/services/model_engines.py +79 -12
  39. package/latticeai/services/model_runtime.py +24 -4
  40. package/latticeai/services/process_audit.py +208 -0
  41. package/latticeai/services/product_readiness.py +11 -11
  42. package/latticeai/services/search_service.py +106 -30
  43. package/latticeai/services/tool_dispatch.py +66 -0
  44. package/latticeai/services/workspace_service.py +15 -0
  45. package/package.json +1 -1
  46. package/scripts/check_i18n_literals.mjs +20 -8
  47. package/scripts/i18n_literal_allowlist.json +34 -0
  48. package/scripts/lint_frontend.mjs +6 -2
  49. package/setup_wizard.py +185 -19
  50. package/src-tauri/Cargo.lock +1 -1
  51. package/src-tauri/Cargo.toml +1 -1
  52. package/src-tauri/tauri.conf.json +1 -1
  53. package/static/app/asset-manifest.json +10 -10
  54. package/static/app/assets/{Act-C7K9wsO9.js → Act-fZokUnC0.js} +1 -1
  55. package/static/app/assets/{Brain-I1OSzxJu.js → Brain-DtyuWubr.js} +1 -1
  56. package/static/app/assets/{Capture-B3V4_5Xp.js → Capture-D5KV3Cu7.js} +1 -1
  57. package/static/app/assets/{Library-Cgj-EF50.js → Library-C9kyFkSt.js} +1 -1
  58. package/static/app/assets/{System-D1Lkei3I.js → System-VbChmX7r.js} +1 -1
  59. package/static/app/assets/{index--P0ksosz.js → index-DPdcPoF0.js} +5 -5
  60. package/static/app/assets/{primitives-BLqaKk5g.js → primitives-DFeanEV6.js} +1 -1
  61. package/static/app/assets/{textarea-CVQkN2Tk.js → textarea-CD8UNKIy.js} +1 -1
  62. package/static/app/index.html +1 -1
  63. package/static/sw.js +1 -1
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Lattice AI
2
2
 
3
- **Lattice AI 8.8.0 is the local-first Digital Brain platform. This release removes internal-only Brain compatibility layers, strengthens recall proof quality, and keeps package, desktop, extension, static app, and documentation metadata synchronized to the 8.8.0 line.**
3
+ **Lattice AI 8.9.0 is the local-first Digital Brain platform. This release hardens authenticated history and graph scoping, blocks unapproved direct Tool API execution paths, makes local permission approvals and installer/process execution safer to audit, and keeps package, desktop, extension, static app, and documentation metadata synchronized to the 8.9.0 line.**
4
4
 
5
5
  **Lattice AI는 모델이 바뀌어도 내 지식과 맥락을 보존하는 로컬 우선 AI 브레인입니다.**
6
6
 
@@ -67,7 +67,9 @@ You need Lattice AI when:
67
67
  The screenshots below are the latest checked-in visual evidence captures. They
68
68
  keep the first-run Brain flow, memory graph, source capture, model library,
69
69
  system view, admin console, and review center visible as release gates while
70
- 8.8.0 focuses on Brain Core extraction readiness and recall proof hardening.
70
+ 8.9.0 focuses on scoped memory isolation, direct Tool API policy enforcement,
71
+ AgentRuntime human-approval semantics, confirmation-token guarded installer
72
+ execution, and frontend/runtime maintainability.
71
73
 
72
74
  ### 1. Wake Brain
73
75
 
@@ -169,7 +171,9 @@ pip install "ltcai[local]"
169
171
  - **Backend**: FastAPI on localhost is the UI source of truth.
170
172
  - **Brain Core**: independent `lattice_brain` package for graph, memory,
171
173
  context, conversations, ingestion, runtime, workflow, storage, and portability.
172
- - **Storage**: SQLite default; PostgreSQL/pgvector is optional scale mode.
174
+ - **Storage**: SQLite is the live local Brain store; PostgreSQL/pgvector tooling
175
+ is optional scale-mode planning/migration support, not the default live graph
176
+ backend.
173
177
  - **Portability**: encrypted `.latticebrain` archives plus backup, restore,
174
178
  inspect, verify, import dry-run, and confirmed restore/import flows.
175
179
  - **Trust boundary**: local-first by default; cloud calls, downloads, Telegram,
@@ -206,38 +210,40 @@ See [docs/DEVELOPMENT.md](docs/DEVELOPMENT.md) for developer workflow details.
206
210
 
207
211
  ## Current Release
208
212
 
209
- The current release is **8.8.0 — Brain Core Extraction & Recall Proof Hardening**:
210
-
211
- - Internal-only Brain shim layers are removed: pre-graph flat modules,
212
- the deprecated `latticeai.brain` namespace, and the service-layer
213
- AgentRuntime alias are tracked as intentional 8.8.0 removals.
214
- - Root compatibility shims remain managed for external entrypoints while Brain
215
- Core now has one physical import surface guarded by isolation tests.
216
- - AgentRuntime rejects unknown roles at the boundary, exposes contract envelopes
217
- for legacy run rows, and persists clamped retry budgets.
218
- - Brain Chat adds resumable conversation history, stop/regenerate/copy actions,
219
- richer ingestion panels, and answer proof explainability with matched terms
220
- and confidence labels.
221
- - Memory recall drops zero-evidence noise when lexical evidence exists, so
222
- citations explain why each source was selected.
223
-
224
- Expected artifacts for 8.8.0 release must use exact filenames:
225
-
226
- - `dist/ltcai-8.8.0-py3-none-any.whl`
227
- - `dist/ltcai-8.8.0.tar.gz`
228
- - `ltcai-8.8.0.tgz`
229
- - `dist/ltcai-8.8.0.vsix`
230
- - `src-tauri/target/release/bundle/dmg/Lattice AI_8.8.0_aarch64.dmg`
213
+ The current release is **8.9.0 — Scoped Memory & Tool Policy Hardening**:
214
+
215
+ - Conversation history reads and deletes now scope by authenticated user and
216
+ readable workspace, while preserving legacy-global rows only in no-auth or
217
+ explicitly compatible flows.
218
+ - Knowledge Graph search, graph traversal, relationships, node reads, and chat
219
+ context now apply workspace scope at the graph/service boundary.
220
+ - Direct HTTP/MCP Tool API calls enforce ToolRegistry policy before hooks or
221
+ handlers run; destructive paths and non-auto-approved user writes are blocked.
222
+ - AgentRuntime no longer treats “requires approval” plans as implicitly
223
+ approved, and rollback now handles tool results that omit `success`.
224
+ - Local permission approvals hash tokens at rest, use atomic queue writes, and
225
+ reject write approvals for blocked system prefixes.
226
+ - Frontend API base handling, Tauri credentials, workspace clearing, CSS tokens,
227
+ and i18n literal checks are split into safer maintainability seams.
228
+
229
+ Expected artifacts for 8.9.0 release must use exact filenames:
230
+
231
+ - `dist/ltcai-8.9.0-py3-none-any.whl`
232
+ - `dist/ltcai-8.9.0.tar.gz`
233
+ - `ltcai-8.9.0.tgz`
234
+ - `dist/ltcai-8.9.0.vsix`
235
+ - `src-tauri/target/release/bundle/dmg/Lattice AI_8.9.0_aarch64.dmg`
231
236
 
232
237
  Do not use wildcard artifact uploads. Package registry publishing remains owner-run.
233
238
 
234
239
  See [docs/ROADMAP_RECOMMENDATIONS.md](docs/ROADMAP_RECOMMENDATIONS.md) for the
235
- strategic roadmap slices applied through 8.8.0 and the follow-up tracks.
240
+ strategic roadmap slices applied through 8.9.0 and the follow-up tracks.
236
241
 
237
242
  ## Known Limitations
238
243
 
239
244
  - External package registries are owner-published and can lag behind GitHub.
240
- - PostgreSQL/pgvector is optional scale mode. SQLite is the default local Brain.
245
+ - PostgreSQL/pgvector is optional scale/migration tooling. SQLite remains the
246
+ live local Brain store in 8.9.0.
241
247
  - Docker, model downloads, cloud model calls, Telegram, Brain Network, and update
242
248
  checks require explicit user action.
243
249
  - Conversation does not fabricate answers when no model is loaded.
@@ -249,6 +255,7 @@ strategic roadmap slices applied through 8.8.0 and the follow-up tracks.
249
255
 
250
256
  | Version | Theme |
251
257
  | --- | --- |
258
+ | 8.9.0 | Scoped Memory & Tool Policy Hardening: authenticated history/KG reads are workspace-scoped, direct Tool API paths enforce registry policy, local approvals hash tokens at rest, AgentRuntime approval semantics are explicit, and frontend/runtime seams are split |
252
259
  | 8.8.0 | Brain Core Extraction & Recall Proof Hardening: internal-only Brain shim layers are removed, AgentRuntime run contracts/retry budgets are tighter, Brain Chat gains conversation controls, and citation recall exposes matched evidence |
253
260
  | 8.7.0 | Runtime State Hygiene & Release Evidence Refresh: model-runtime internals prefer typed state over legacy globals, compatibility sync is deprecated, 8.7.0 visual evidence is refreshed, and all release metadata/docs are synchronized |
254
261
  | 8.6.0 | Desktop Capture & Navigation Reliability: native folder selection works from the Tauri localhost app, picker failures surface in Capture, web saving remains one-action, and the Brain shell sidebar/admin flow is CI-covered |
package/auto_setup.py CHANGED
@@ -25,7 +25,7 @@ Lattice AI — Zero-Config Auto Setup
25
25
  python3 auto_setup.py probe # 1단계만
26
26
  python3 auto_setup.py recommend # 1+2단계
27
27
  python3 auto_setup.py plan # 1+2+3 (설치 계획 출력)
28
- python3 auto_setup.py plan --apply # 실제 설치 실행 (위험)
28
+ python3 auto_setup.py plan --apply --confirm-token <token>
29
29
  python3 auto_setup.py verify # 4단계 단독
30
30
  python3 auto_setup.py preset # 5단계
31
31
  python3 auto_setup.py all # 전체 흐름
@@ -47,6 +47,14 @@ from dataclasses import asdict, dataclass, field
47
47
  from pathlib import Path
48
48
  from typing import Any, Dict, List, Optional, Tuple
49
49
 
50
+ from latticeai.services.process_audit import (
51
+ CommandConfirmationError,
52
+ append_process_audit_event,
53
+ command_plan,
54
+ command_plan_for_commands,
55
+ require_command_confirmation,
56
+ )
57
+
50
58
  __all__ = [
51
59
  "SystemProfile", "Recommendation", "InstallPlan",
52
60
  "probe", "recommend", "plan", "verify", "preset", "run_all",
@@ -547,6 +555,21 @@ class InstallStep:
547
555
  command: List[str]
548
556
  requires_admin: bool = False
549
557
 
558
+ def to_json(self) -> Dict[str, Any]:
559
+ return {
560
+ "name": self.name,
561
+ "why": self.why,
562
+ "command": self.command,
563
+ "requires_admin": self.requires_admin,
564
+ "command_plan": command_plan(
565
+ self.command,
566
+ name=self.name,
567
+ purpose="auto_setup_install",
568
+ requires_admin=self.requires_admin,
569
+ metadata={"why": self.why},
570
+ ),
571
+ }
572
+
550
573
 
551
574
  @dataclass
552
575
  class InstallPlan:
@@ -555,10 +578,18 @@ class InstallPlan:
555
578
  notes: List[str] = field(default_factory=list)
556
579
 
557
580
  def to_json(self) -> Dict[str, Any]:
581
+ plan_summary = command_plan_for_commands(
582
+ [step.command for step in self.steps],
583
+ name="auto_setup_plan",
584
+ purpose="auto_setup_install",
585
+ metadata={"package_manager": self.package_manager},
586
+ )
558
587
  return {
559
588
  "package_manager": self.package_manager,
560
- "steps": [asdict(s) for s in self.steps],
589
+ "steps": [s.to_json() for s in self.steps],
561
590
  "notes": self.notes,
591
+ "command_plan": plan_summary,
592
+ "confirmation_token": plan_summary["confirmation_token"],
562
593
  }
563
594
 
564
595
 
@@ -661,23 +692,55 @@ def plan(profile: SystemProfile, rec: Recommendation) -> InstallPlan:
661
692
  return InstallPlan(package_manager=pm, steps=steps, notes=notes)
662
693
 
663
694
 
664
- def apply_plan(plan_obj: InstallPlan, *, confirm: bool = False) -> List[Dict[str, Any]]:
665
- """위험: 실제로 설치 명령을 실행한다. ``confirm=True`` 필수."""
695
+ def apply_plan(
696
+ plan_obj: InstallPlan,
697
+ *,
698
+ confirm: bool = False,
699
+ confirmation_token: Optional[str] = None,
700
+ ) -> List[Dict[str, Any]]:
701
+ """위험: 실제로 설치 명령을 실행한다. ``confirm`` and token are required."""
666
702
  if not confirm:
667
703
  raise RuntimeError("refuse to apply: pass confirm=True")
704
+ expected = plan_obj.to_json().get("confirmation_token")
705
+ if str(confirmation_token or "").strip() != expected:
706
+ raise CommandConfirmationError("refuse to apply: confirmation token mismatch")
668
707
  results: List[Dict[str, Any]] = []
669
708
  for step in plan_obj.steps:
709
+ step_plan = command_plan(
710
+ step.command,
711
+ name=step.name,
712
+ purpose="auto_setup_install",
713
+ requires_admin=step.requires_admin,
714
+ metadata={"why": step.why},
715
+ )
670
716
  try:
717
+ require_command_confirmation(
718
+ step.command,
719
+ step_plan["confirmation_token"],
720
+ purpose="auto_setup_install",
721
+ )
722
+ append_process_audit_event("installer_command", plan=step_plan, status="started")
671
723
  r = subprocess.run(step.command, capture_output=True, text=True,
672
724
  timeout=300, check=False)
725
+ append_process_audit_event(
726
+ "installer_command",
727
+ plan=step_plan,
728
+ status="finished",
729
+ returncode=r.returncode,
730
+ stdout=r.stdout,
731
+ stderr=r.stderr,
732
+ )
673
733
  results.append({
674
734
  "name": step.name,
735
+ "command_hash": step_plan["command_hash"],
736
+ "command_preview": step_plan["command_preview"],
675
737
  "returncode": r.returncode,
676
738
  "stdout_tail": (r.stdout or "")[-2000:],
677
739
  "stderr_tail": (r.stderr or "")[-2000:],
678
740
  })
679
741
  except Exception as exc:
680
- results.append({"name": step.name, "error": str(exc)})
742
+ append_process_audit_event("installer_command", plan=step_plan, status="error", error=str(exc))
743
+ results.append({"name": step.name, "command_hash": step_plan["command_hash"], "error": str(exc)})
681
744
  return results
682
745
 
683
746
 
@@ -780,13 +843,13 @@ def preset(profile: SystemProfile, rec: Recommendation) -> Dict[str, Any]:
780
843
 
781
844
 
782
845
  # ── orchestrator ────────────────────────────────────────────────────────────
783
- def run_all(*, apply_install: bool = False) -> Dict[str, Any]:
846
+ def run_all(*, apply_install: bool = False, confirmation_token: Optional[str] = None) -> Dict[str, Any]:
784
847
  p = probe()
785
848
  r = recommend(p)
786
849
  pl = plan(p, r)
787
850
  install_results = None
788
851
  if apply_install:
789
- install_results = apply_plan(pl, confirm=True)
852
+ install_results = apply_plan(pl, confirm=True, confirmation_token=confirmation_token)
790
853
  v = verify(p, r)
791
854
  ps = preset(p, r)
792
855
  return {
@@ -809,6 +872,8 @@ def _main() -> int:
809
872
  sp_plan = sub.add_parser("plan")
810
873
  sp_plan.add_argument("--apply", action="store_true",
811
874
  help="actually run the install commands (DANGER)")
875
+ sp_plan.add_argument("--confirm-token", default=None,
876
+ help="confirmation token from the dry-run plan output")
812
877
  sub.add_parser("verify")
813
878
  sub.add_parser("preset")
814
879
  sub.add_parser("all")
@@ -825,7 +890,7 @@ def _main() -> int:
825
890
  p = probe(); r = recommend(p); pl = plan(p, r)
826
891
  out: Dict[str, Any] = {"plan": pl.to_json()}
827
892
  if args.apply:
828
- out["install"] = apply_plan(pl, confirm=True)
893
+ out["install"] = apply_plan(pl, confirm=True, confirmation_token=args.confirm_token)
829
894
  print(json.dumps(out, indent=2, ensure_ascii=False)); return 0
830
895
  if args.cmd == "verify":
831
896
  p = probe(); r = recommend(p)
package/docs/CHANGELOG.md CHANGED
@@ -6,6 +6,43 @@ existed at that release.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## [8.9.0] - 2026-07-06
10
+
11
+ ### Added
12
+ - Added authenticated user/workspace scoping to durable conversation history
13
+ reads and deletes.
14
+ - Added workspace-aware Knowledge Graph search, traversal, relationship, node,
15
+ and chat-context reads.
16
+ - Added direct HTTP/MCP Tool API policy enforcement for registry-governed tools.
17
+ - Added permission approval queue hashing and atomic writes so raw tokens are
18
+ not persisted at rest.
19
+ - Added confirmation-token guarded installer/process command plans with redacted
20
+ local process audit events.
21
+ - Added regression coverage for scoped history, graph scoping, tool policy
22
+ gates, AgentRuntime approval semantics, permission tokens, session TTL
23
+ injection, and model-download runtime config.
24
+
25
+ ### Changed
26
+ - AgentRuntime now requires explicit human approval for non-auto-approved plans
27
+ and rolls back git-governed tool results even when `success` is omitted.
28
+ - Model download consent now uses configured runtime state instead of direct
29
+ environment-variable reads.
30
+ - Frontend API base logic, CSS token/base rules, and i18n literal checks were
31
+ split into smaller maintainability seams.
32
+ - Version bumped to 8.9.0 across Python, npm, VS Code extension, Tauri, static
33
+ metadata, readiness gates, release notes, and current-release documentation.
34
+ - Documentation now states that SQLite is the live local Brain store; Postgres
35
+ remains optional scale/migration tooling.
36
+
37
+ ### Fixed
38
+ - Conversation store migration now creates the workspace index only after the
39
+ scope columns exist.
40
+ - Direct `write_file`/`edit_file` policy lookup now blocks system write
41
+ prefixes consistently with local-file approvals.
42
+ - Workspace selection clearing now removes the persisted workspace id.
43
+ - Tauri/local API fetches now include credentials for localhost backend
44
+ sessions.
45
+
9
46
  ## [8.8.0] - 2026-07-06
10
47
 
11
48
  ### Added