ltcai 8.8.0 → 8.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +34 -27
- package/auto_setup.py +73 -8
- package/docs/CHANGELOG.md +37 -0
- package/docs/CODE_REVIEW_2026-07-06.md +764 -0
- package/docs/COMMUNITY_AND_PLUGINS.md +3 -3
- package/docs/DEVELOPMENT.md +10 -10
- package/docs/LEGACY_COMPATIBILITY.md +1 -1
- package/docs/ONBOARDING.md +2 -2
- package/docs/PRODUCT_DIRECTION_REVIEW.md +3 -2
- package/docs/TRUST_MODEL.md +5 -1
- package/docs/WHY_LATTICE.md +4 -3
- package/docs/architecture.md +4 -0
- package/docs/kg-schema.md +1 -1
- package/lattice_brain/__init__.py +1 -1
- package/lattice_brain/conversations.py +156 -21
- package/lattice_brain/graph/_kg_common.py +12 -34
- package/lattice_brain/graph/json_utils.py +25 -0
- package/lattice_brain/graph/retrieval.py +66 -27
- package/lattice_brain/graph/runtime.py +16 -0
- package/lattice_brain/runtime/multi_agent.py +1 -1
- package/latticeai/__init__.py +1 -1
- package/latticeai/api/chat.py +31 -14
- package/latticeai/api/mcp.py +3 -2
- package/latticeai/api/models.py +4 -1
- package/latticeai/api/permissions.py +69 -30
- package/latticeai/api/setup.py +17 -2
- package/latticeai/api/tools.py +104 -62
- package/latticeai/app_factory.py +93 -10
- package/latticeai/core/agent.py +25 -7
- package/latticeai/core/legacy_compatibility.py +1 -1
- package/latticeai/core/marketplace.py +1 -1
- package/latticeai/core/sessions.py +11 -3
- package/latticeai/core/tool_registry.py +15 -4
- package/latticeai/core/workspace_os.py +1 -1
- package/latticeai/runtime/bootstrap.py +1 -1
- package/latticeai/services/app_context.py +1 -0
- package/latticeai/services/architecture_readiness.py +2 -2
- package/latticeai/services/model_engines.py +79 -12
- package/latticeai/services/model_runtime.py +24 -4
- package/latticeai/services/process_audit.py +208 -0
- package/latticeai/services/product_readiness.py +11 -11
- package/latticeai/services/search_service.py +106 -30
- package/latticeai/services/tool_dispatch.py +66 -0
- package/latticeai/services/workspace_service.py +15 -0
- package/package.json +1 -1
- package/scripts/check_i18n_literals.mjs +20 -8
- package/scripts/i18n_literal_allowlist.json +34 -0
- package/scripts/lint_frontend.mjs +6 -2
- package/setup_wizard.py +185 -19
- package/src-tauri/Cargo.lock +1 -1
- package/src-tauri/Cargo.toml +1 -1
- package/src-tauri/tauri.conf.json +1 -1
- package/static/app/asset-manifest.json +10 -10
- package/static/app/assets/{Act-C7K9wsO9.js → Act-fZokUnC0.js} +1 -1
- package/static/app/assets/{Brain-I1OSzxJu.js → Brain-DtyuWubr.js} +1 -1
- package/static/app/assets/{Capture-B3V4_5Xp.js → Capture-D5KV3Cu7.js} +1 -1
- package/static/app/assets/{Library-Cgj-EF50.js → Library-C9kyFkSt.js} +1 -1
- package/static/app/assets/{System-D1Lkei3I.js → System-VbChmX7r.js} +1 -1
- package/static/app/assets/{index--P0ksosz.js → index-DPdcPoF0.js} +5 -5
- package/static/app/assets/{primitives-BLqaKk5g.js → primitives-DFeanEV6.js} +1 -1
- package/static/app/assets/{textarea-CVQkN2Tk.js → textarea-CD8UNKIy.js} +1 -1
- package/static/app/index.html +1 -1
- package/static/sw.js +1 -1
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Lattice AI
|
|
2
2
|
|
|
3
|
-
**Lattice AI 8.
|
|
3
|
+
**Lattice AI 8.9.0 is the local-first Digital Brain platform. This release hardens authenticated history and graph scoping, blocks unapproved direct Tool API execution paths, makes local permission approvals and installer/process execution safer to audit, and keeps package, desktop, extension, static app, and documentation metadata synchronized to the 8.9.0 line.**
|
|
4
4
|
|
|
5
5
|
**Lattice AI는 모델이 바뀌어도 내 지식과 맥락을 보존하는 로컬 우선 AI 브레인입니다.**
|
|
6
6
|
|
|
@@ -67,7 +67,9 @@ You need Lattice AI when:
|
|
|
67
67
|
The screenshots below are the latest checked-in visual evidence captures. They
|
|
68
68
|
keep the first-run Brain flow, memory graph, source capture, model library,
|
|
69
69
|
system view, admin console, and review center visible as release gates while
|
|
70
|
-
8.
|
|
70
|
+
8.9.0 focuses on scoped memory isolation, direct Tool API policy enforcement,
|
|
71
|
+
AgentRuntime human-approval semantics, confirmation-token guarded installer
|
|
72
|
+
execution, and frontend/runtime maintainability.
|
|
71
73
|
|
|
72
74
|
### 1. Wake Brain
|
|
73
75
|
|
|
@@ -169,7 +171,9 @@ pip install "ltcai[local]"
|
|
|
169
171
|
- **Backend**: FastAPI on localhost is the UI source of truth.
|
|
170
172
|
- **Brain Core**: independent `lattice_brain` package for graph, memory,
|
|
171
173
|
context, conversations, ingestion, runtime, workflow, storage, and portability.
|
|
172
|
-
- **Storage**: SQLite
|
|
174
|
+
- **Storage**: SQLite is the live local Brain store; PostgreSQL/pgvector tooling
|
|
175
|
+
is optional scale-mode planning/migration support, not the default live graph
|
|
176
|
+
backend.
|
|
173
177
|
- **Portability**: encrypted `.latticebrain` archives plus backup, restore,
|
|
174
178
|
inspect, verify, import dry-run, and confirmed restore/import flows.
|
|
175
179
|
- **Trust boundary**: local-first by default; cloud calls, downloads, Telegram,
|
|
@@ -206,38 +210,40 @@ See [docs/DEVELOPMENT.md](docs/DEVELOPMENT.md) for developer workflow details.
|
|
|
206
210
|
|
|
207
211
|
## Current Release
|
|
208
212
|
|
|
209
|
-
The current release is **8.
|
|
210
|
-
|
|
211
|
-
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
-
|
|
215
|
-
|
|
216
|
-
-
|
|
217
|
-
|
|
218
|
-
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
- `dist/ltcai-8.
|
|
228
|
-
- `ltcai-8.
|
|
229
|
-
- `
|
|
230
|
-
- `
|
|
213
|
+
The current release is **8.9.0 — Scoped Memory & Tool Policy Hardening**:
|
|
214
|
+
|
|
215
|
+
- Conversation history reads and deletes now scope by authenticated user and
|
|
216
|
+
readable workspace, while preserving legacy-global rows only in no-auth or
|
|
217
|
+
explicitly compatible flows.
|
|
218
|
+
- Knowledge Graph search, graph traversal, relationships, node reads, and chat
|
|
219
|
+
context now apply workspace scope at the graph/service boundary.
|
|
220
|
+
- Direct HTTP/MCP Tool API calls enforce ToolRegistry policy before hooks or
|
|
221
|
+
handlers run; destructive paths and non-auto-approved user writes are blocked.
|
|
222
|
+
- AgentRuntime no longer treats “requires approval” plans as implicitly
|
|
223
|
+
approved, and rollback now handles tool results that omit `success`.
|
|
224
|
+
- Local permission approvals hash tokens at rest, use atomic queue writes, and
|
|
225
|
+
reject write approvals for blocked system prefixes.
|
|
226
|
+
- Frontend API base handling, Tauri credentials, workspace clearing, CSS tokens,
|
|
227
|
+
and i18n literal checks are split into safer maintainability seams.
|
|
228
|
+
|
|
229
|
+
Expected artifacts for 8.9.0 release must use exact filenames:
|
|
230
|
+
|
|
231
|
+
- `dist/ltcai-8.9.0-py3-none-any.whl`
|
|
232
|
+
- `dist/ltcai-8.9.0.tar.gz`
|
|
233
|
+
- `ltcai-8.9.0.tgz`
|
|
234
|
+
- `dist/ltcai-8.9.0.vsix`
|
|
235
|
+
- `src-tauri/target/release/bundle/dmg/Lattice AI_8.9.0_aarch64.dmg`
|
|
231
236
|
|
|
232
237
|
Do not use wildcard artifact uploads. Package registry publishing remains owner-run.
|
|
233
238
|
|
|
234
239
|
See [docs/ROADMAP_RECOMMENDATIONS.md](docs/ROADMAP_RECOMMENDATIONS.md) for the
|
|
235
|
-
strategic roadmap slices applied through 8.
|
|
240
|
+
strategic roadmap slices applied through 8.9.0 and the follow-up tracks.
|
|
236
241
|
|
|
237
242
|
## Known Limitations
|
|
238
243
|
|
|
239
244
|
- External package registries are owner-published and can lag behind GitHub.
|
|
240
|
-
- PostgreSQL/pgvector is optional scale
|
|
245
|
+
- PostgreSQL/pgvector is optional scale/migration tooling. SQLite remains the
|
|
246
|
+
live local Brain store in 8.9.0.
|
|
241
247
|
- Docker, model downloads, cloud model calls, Telegram, Brain Network, and update
|
|
242
248
|
checks require explicit user action.
|
|
243
249
|
- Conversation does not fabricate answers when no model is loaded.
|
|
@@ -249,6 +255,7 @@ strategic roadmap slices applied through 8.8.0 and the follow-up tracks.
|
|
|
249
255
|
|
|
250
256
|
| Version | Theme |
|
|
251
257
|
| --- | --- |
|
|
258
|
+
| 8.9.0 | Scoped Memory & Tool Policy Hardening: authenticated history/KG reads are workspace-scoped, direct Tool API paths enforce registry policy, local approvals hash tokens at rest, AgentRuntime approval semantics are explicit, and frontend/runtime seams are split |
|
|
252
259
|
| 8.8.0 | Brain Core Extraction & Recall Proof Hardening: internal-only Brain shim layers are removed, AgentRuntime run contracts/retry budgets are tighter, Brain Chat gains conversation controls, and citation recall exposes matched evidence |
|
|
253
260
|
| 8.7.0 | Runtime State Hygiene & Release Evidence Refresh: model-runtime internals prefer typed state over legacy globals, compatibility sync is deprecated, 8.7.0 visual evidence is refreshed, and all release metadata/docs are synchronized |
|
|
254
261
|
| 8.6.0 | Desktop Capture & Navigation Reliability: native folder selection works from the Tauri localhost app, picker failures surface in Capture, web saving remains one-action, and the Brain shell sidebar/admin flow is CI-covered |
|
package/auto_setup.py
CHANGED
|
@@ -25,7 +25,7 @@ Lattice AI — Zero-Config Auto Setup
|
|
|
25
25
|
python3 auto_setup.py probe # 1단계만
|
|
26
26
|
python3 auto_setup.py recommend # 1+2단계
|
|
27
27
|
python3 auto_setup.py plan # 1+2+3 (설치 계획 출력)
|
|
28
|
-
python3 auto_setup.py plan --apply
|
|
28
|
+
python3 auto_setup.py plan --apply --confirm-token <token>
|
|
29
29
|
python3 auto_setup.py verify # 4단계 단독
|
|
30
30
|
python3 auto_setup.py preset # 5단계
|
|
31
31
|
python3 auto_setup.py all # 전체 흐름
|
|
@@ -47,6 +47,14 @@ from dataclasses import asdict, dataclass, field
|
|
|
47
47
|
from pathlib import Path
|
|
48
48
|
from typing import Any, Dict, List, Optional, Tuple
|
|
49
49
|
|
|
50
|
+
from latticeai.services.process_audit import (
|
|
51
|
+
CommandConfirmationError,
|
|
52
|
+
append_process_audit_event,
|
|
53
|
+
command_plan,
|
|
54
|
+
command_plan_for_commands,
|
|
55
|
+
require_command_confirmation,
|
|
56
|
+
)
|
|
57
|
+
|
|
50
58
|
__all__ = [
|
|
51
59
|
"SystemProfile", "Recommendation", "InstallPlan",
|
|
52
60
|
"probe", "recommend", "plan", "verify", "preset", "run_all",
|
|
@@ -547,6 +555,21 @@ class InstallStep:
|
|
|
547
555
|
command: List[str]
|
|
548
556
|
requires_admin: bool = False
|
|
549
557
|
|
|
558
|
+
def to_json(self) -> Dict[str, Any]:
|
|
559
|
+
return {
|
|
560
|
+
"name": self.name,
|
|
561
|
+
"why": self.why,
|
|
562
|
+
"command": self.command,
|
|
563
|
+
"requires_admin": self.requires_admin,
|
|
564
|
+
"command_plan": command_plan(
|
|
565
|
+
self.command,
|
|
566
|
+
name=self.name,
|
|
567
|
+
purpose="auto_setup_install",
|
|
568
|
+
requires_admin=self.requires_admin,
|
|
569
|
+
metadata={"why": self.why},
|
|
570
|
+
),
|
|
571
|
+
}
|
|
572
|
+
|
|
550
573
|
|
|
551
574
|
@dataclass
|
|
552
575
|
class InstallPlan:
|
|
@@ -555,10 +578,18 @@ class InstallPlan:
|
|
|
555
578
|
notes: List[str] = field(default_factory=list)
|
|
556
579
|
|
|
557
580
|
def to_json(self) -> Dict[str, Any]:
|
|
581
|
+
plan_summary = command_plan_for_commands(
|
|
582
|
+
[step.command for step in self.steps],
|
|
583
|
+
name="auto_setup_plan",
|
|
584
|
+
purpose="auto_setup_install",
|
|
585
|
+
metadata={"package_manager": self.package_manager},
|
|
586
|
+
)
|
|
558
587
|
return {
|
|
559
588
|
"package_manager": self.package_manager,
|
|
560
|
-
"steps": [
|
|
589
|
+
"steps": [s.to_json() for s in self.steps],
|
|
561
590
|
"notes": self.notes,
|
|
591
|
+
"command_plan": plan_summary,
|
|
592
|
+
"confirmation_token": plan_summary["confirmation_token"],
|
|
562
593
|
}
|
|
563
594
|
|
|
564
595
|
|
|
@@ -661,23 +692,55 @@ def plan(profile: SystemProfile, rec: Recommendation) -> InstallPlan:
|
|
|
661
692
|
return InstallPlan(package_manager=pm, steps=steps, notes=notes)
|
|
662
693
|
|
|
663
694
|
|
|
664
|
-
def apply_plan(
|
|
665
|
-
|
|
695
|
+
def apply_plan(
|
|
696
|
+
plan_obj: InstallPlan,
|
|
697
|
+
*,
|
|
698
|
+
confirm: bool = False,
|
|
699
|
+
confirmation_token: Optional[str] = None,
|
|
700
|
+
) -> List[Dict[str, Any]]:
|
|
701
|
+
"""위험: 실제로 설치 명령을 실행한다. ``confirm`` and token are required."""
|
|
666
702
|
if not confirm:
|
|
667
703
|
raise RuntimeError("refuse to apply: pass confirm=True")
|
|
704
|
+
expected = plan_obj.to_json().get("confirmation_token")
|
|
705
|
+
if str(confirmation_token or "").strip() != expected:
|
|
706
|
+
raise CommandConfirmationError("refuse to apply: confirmation token mismatch")
|
|
668
707
|
results: List[Dict[str, Any]] = []
|
|
669
708
|
for step in plan_obj.steps:
|
|
709
|
+
step_plan = command_plan(
|
|
710
|
+
step.command,
|
|
711
|
+
name=step.name,
|
|
712
|
+
purpose="auto_setup_install",
|
|
713
|
+
requires_admin=step.requires_admin,
|
|
714
|
+
metadata={"why": step.why},
|
|
715
|
+
)
|
|
670
716
|
try:
|
|
717
|
+
require_command_confirmation(
|
|
718
|
+
step.command,
|
|
719
|
+
step_plan["confirmation_token"],
|
|
720
|
+
purpose="auto_setup_install",
|
|
721
|
+
)
|
|
722
|
+
append_process_audit_event("installer_command", plan=step_plan, status="started")
|
|
671
723
|
r = subprocess.run(step.command, capture_output=True, text=True,
|
|
672
724
|
timeout=300, check=False)
|
|
725
|
+
append_process_audit_event(
|
|
726
|
+
"installer_command",
|
|
727
|
+
plan=step_plan,
|
|
728
|
+
status="finished",
|
|
729
|
+
returncode=r.returncode,
|
|
730
|
+
stdout=r.stdout,
|
|
731
|
+
stderr=r.stderr,
|
|
732
|
+
)
|
|
673
733
|
results.append({
|
|
674
734
|
"name": step.name,
|
|
735
|
+
"command_hash": step_plan["command_hash"],
|
|
736
|
+
"command_preview": step_plan["command_preview"],
|
|
675
737
|
"returncode": r.returncode,
|
|
676
738
|
"stdout_tail": (r.stdout or "")[-2000:],
|
|
677
739
|
"stderr_tail": (r.stderr or "")[-2000:],
|
|
678
740
|
})
|
|
679
741
|
except Exception as exc:
|
|
680
|
-
|
|
742
|
+
append_process_audit_event("installer_command", plan=step_plan, status="error", error=str(exc))
|
|
743
|
+
results.append({"name": step.name, "command_hash": step_plan["command_hash"], "error": str(exc)})
|
|
681
744
|
return results
|
|
682
745
|
|
|
683
746
|
|
|
@@ -780,13 +843,13 @@ def preset(profile: SystemProfile, rec: Recommendation) -> Dict[str, Any]:
|
|
|
780
843
|
|
|
781
844
|
|
|
782
845
|
# ── orchestrator ────────────────────────────────────────────────────────────
|
|
783
|
-
def run_all(*, apply_install: bool = False) -> Dict[str, Any]:
|
|
846
|
+
def run_all(*, apply_install: bool = False, confirmation_token: Optional[str] = None) -> Dict[str, Any]:
|
|
784
847
|
p = probe()
|
|
785
848
|
r = recommend(p)
|
|
786
849
|
pl = plan(p, r)
|
|
787
850
|
install_results = None
|
|
788
851
|
if apply_install:
|
|
789
|
-
install_results = apply_plan(pl, confirm=True)
|
|
852
|
+
install_results = apply_plan(pl, confirm=True, confirmation_token=confirmation_token)
|
|
790
853
|
v = verify(p, r)
|
|
791
854
|
ps = preset(p, r)
|
|
792
855
|
return {
|
|
@@ -809,6 +872,8 @@ def _main() -> int:
|
|
|
809
872
|
sp_plan = sub.add_parser("plan")
|
|
810
873
|
sp_plan.add_argument("--apply", action="store_true",
|
|
811
874
|
help="actually run the install commands (DANGER)")
|
|
875
|
+
sp_plan.add_argument("--confirm-token", default=None,
|
|
876
|
+
help="confirmation token from the dry-run plan output")
|
|
812
877
|
sub.add_parser("verify")
|
|
813
878
|
sub.add_parser("preset")
|
|
814
879
|
sub.add_parser("all")
|
|
@@ -825,7 +890,7 @@ def _main() -> int:
|
|
|
825
890
|
p = probe(); r = recommend(p); pl = plan(p, r)
|
|
826
891
|
out: Dict[str, Any] = {"plan": pl.to_json()}
|
|
827
892
|
if args.apply:
|
|
828
|
-
out["install"] = apply_plan(pl, confirm=True)
|
|
893
|
+
out["install"] = apply_plan(pl, confirm=True, confirmation_token=args.confirm_token)
|
|
829
894
|
print(json.dumps(out, indent=2, ensure_ascii=False)); return 0
|
|
830
895
|
if args.cmd == "verify":
|
|
831
896
|
p = probe(); r = recommend(p)
|
package/docs/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,43 @@ existed at that release.
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## [8.9.0] - 2026-07-06
|
|
10
|
+
|
|
11
|
+
### Added
|
|
12
|
+
- Added authenticated user/workspace scoping to durable conversation history
|
|
13
|
+
reads and deletes.
|
|
14
|
+
- Added workspace-aware Knowledge Graph search, traversal, relationship, node,
|
|
15
|
+
and chat-context reads.
|
|
16
|
+
- Added direct HTTP/MCP Tool API policy enforcement for registry-governed tools.
|
|
17
|
+
- Added permission approval queue hashing and atomic writes so raw tokens are
|
|
18
|
+
not persisted at rest.
|
|
19
|
+
- Added confirmation-token guarded installer/process command plans with redacted
|
|
20
|
+
local process audit events.
|
|
21
|
+
- Added regression coverage for scoped history, graph scoping, tool policy
|
|
22
|
+
gates, AgentRuntime approval semantics, permission tokens, session TTL
|
|
23
|
+
injection, and model-download runtime config.
|
|
24
|
+
|
|
25
|
+
### Changed
|
|
26
|
+
- AgentRuntime now requires explicit human approval for non-auto-approved plans
|
|
27
|
+
and rolls back git-governed tool results even when `success` is omitted.
|
|
28
|
+
- Model download consent now uses configured runtime state instead of direct
|
|
29
|
+
environment-variable reads.
|
|
30
|
+
- Frontend API base logic, CSS token/base rules, and i18n literal checks were
|
|
31
|
+
split into smaller maintainability seams.
|
|
32
|
+
- Version bumped to 8.9.0 across Python, npm, VS Code extension, Tauri, static
|
|
33
|
+
metadata, readiness gates, release notes, and current-release documentation.
|
|
34
|
+
- Documentation now states that SQLite is the live local Brain store; Postgres
|
|
35
|
+
remains optional scale/migration tooling.
|
|
36
|
+
|
|
37
|
+
### Fixed
|
|
38
|
+
- Conversation store migration now creates the workspace index only after the
|
|
39
|
+
scope columns exist.
|
|
40
|
+
- Direct `write_file`/`edit_file` policy lookup now blocks system write
|
|
41
|
+
prefixes consistently with local-file approvals.
|
|
42
|
+
- Workspace selection clearing now removes the persisted workspace id.
|
|
43
|
+
- Tauri/local API fetches now include credentials for localhost backend
|
|
44
|
+
sessions.
|
|
45
|
+
|
|
9
46
|
## [8.8.0] - 2026-07-06
|
|
10
47
|
|
|
11
48
|
### Added
|