neurain 0.1.0-alpha.7 → 0.1.0-alpha.8

package/CHANGELOG.md

@@ -4,6 +4,11 @@
 
 - No unreleased changes recorded.
 
+## 0.1.0-alpha.8
+
+- Privacy (exact recall freshness): the exact-token branch reads from the SQLite FTS index, which is a cache rebuilt only on demand, so a markdown file that was public when indexed but has since turned `sensitivity: private`, been deleted, or gained a secret could linger in `recall search` and `hybrid-search` exact results until the next rebuild. `searchRecall` now re-gates the returned markdown paths against the CURRENT files (same private/secret/exists gate the markdown branches already apply) and drops any that are no longer safe. Only the top-K returned paths are re-read, so the exact branch stays fast (~4ms warm); a fresh index drops nothing, so results are unchanged (golden 9/9 identical). Event and receipt rows keep their own collection-time gating and pass through. Added `test/perf_recall_equivalence.test.mjs` coverage that a public-then-private and a deleted file do not surface from a stale index.
+
+
 ## 0.1.0-alpha.7
 
 - Hardening (recall perf, from an adversarial review): lock the "byte-identical results" claim and tighten the fast-path contracts, with no change to ranking/scores (golden-identical).

package/README.md

@@ -204,7 +204,7 @@ It exposes read/capture/scan/preview tools only. It does not silently compile, p
 
 ## Status
 
-This is `0.1.0-alpha.7`. It is not a public SaaS GA release. The alpha exists to prove installability, local-first onboarding, Codex, Claude, Gemini, and Runtime connectivity, plus safety receipts.
+This is `0.1.0-alpha.8`. It is not a public SaaS GA release. The alpha exists to prove installability, local-first onboarding, Codex, Claude, Gemini, and Runtime connectivity, plus safety receipts.
 
 Alpha publish command:
 

package/docs/development-status.en.md

@@ -2,8 +2,8 @@
 
 Version: v0.1
 Last updated: 2026-06-20 KST
-Package: `neurain@0.1.0-alpha.7`
-Latest documented commit: `18bbb9f perf(recall): lock byte-identical claim in CI + harden fast-path contracts`
+Package: `neurain@0.1.0-alpha.8`
+Latest documented commit: `ba1028e fix(recall): re-gate exact (FTS) results against current files to drop stale-private`
 
 This document is the canonical product development snapshot for the public package. It tracks what is shipped, what has evidence, and what must not be claimed yet.
 

package/docs/development-status.kr.md

@@ -2,8 +2,8 @@
 
 Version: v0.1
 Last updated: 2026-06-20 KST
-Package: `neurain@0.1.0-alpha.7`
-Latest documented commit: `18bbb9f perf(recall): lock byte-identical claim in CI + harden fast-path contracts`
+Package: `neurain@0.1.0-alpha.8`
+Latest documented commit: `ba1028e fix(recall): re-gate exact (FTS) results against current files to drop stale-private`
 
 이 문서는 public package 기준의 canonical 개발 상태 스냅샷입니다. 무엇이 shipped인지, 어떤 증거가 있는지, 아직 주장하면 안 되는 것이 무엇인지 함께 기록합니다.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "neurain",
-  "version": "0.1.0-alpha.7",
+  "version": "0.1.0-alpha.8",
   "description": "Local-first Neurain Knowledge OS CLI and MCP connector.",
   "type": "module",
   "license": "Apache-2.0",

package/src/core/recall.mjs

@@ -7,7 +7,7 @@ import { inferSensitivityFromPath } from './safety.mjs';
 import { alternativeForm, getProvider, tokenize } from './semantic.mjs';
 import { recallConfig } from './config.mjs';
 import { createSensitivityResolver } from './labels.mjs';
-import { kindForPath, listRecallMarkdownFiles, recallConfigErrors, resolveAreaDir, safeToIndex, scopeForArea, scopeForPath, titleForText } from './recall_corpus.mjs';
+import { filterCurrentlySafePaths, kindForPath, listRecallMarkdownFiles, recallConfigErrors, resolveAreaDir, safeToIndex, scopeForArea, scopeForPath, titleForText } from './recall_corpus.mjs';
 import { buildLexicalContext, lexicalSearchWithContext } from './recall_lexical.mjs';
 import { benchRecall, scorecardRecall } from './recall_bench.mjs';
 
@@ -158,17 +158,28 @@ export async function searchRecall(root, query, { top = 10, host = '', fallback
       ORDER BY rank ASC, d.path ASC
       LIMIT ?
     `).all(ftsQuery, String(host || ''), String(host || ''), scopeFilter, scopeFilter, limit);
-    payload.results = rows.map((row) => ({
-      path: row.path,
-      kind: row.kind,
-      host: row.host,
-      scope: row.scope,
-      sensitivity: row.sensitivity,
-      title: row.title,
-      snippet: row.snippet,
-      source_hash: row.source_hash,
-      score: Number((-Number(row.rank || 0)).toFixed(3)),
-    }));
+    // The FTS index is a cache rebuilt only on demand, so re-gate the returned MARKDOWN
+    // paths against the CURRENT files: drop any row whose file has since turned private,
+    // been deleted, gained a secret, or left the corpus. Only the top-K paths are
+    // re-read, so the exact branch stays fast while never surfacing stale-private or
+    // deleted content. A fresh index drops nothing (results unchanged). Event/receipt
+    // rows use synthetic paths (a '#event' suffix or a non-.md receipt path) and carry
+    // their own collection-time gating, so they pass through unchanged.
+    const isMarkdownRow = (p) => p.endsWith('.md') && !p.includes('#');
+    const stillSafe = filterCurrentlySafePaths(root, recallConfig(root), rows.map((row) => row.path).filter(isMarkdownRow));
+    payload.results = rows
+      .filter((row) => !isMarkdownRow(row.path) || stillSafe.has(row.path))
+      .map((row) => ({
+        path: row.path,
+        kind: row.kind,
+        host: row.host,
+        scope: row.scope,
+        sensitivity: row.sensitivity,
+        title: row.title,
+        snippet: row.snippet,
+        source_hash: row.source_hash,
+        score: Number((-Number(row.rank || 0)).toFixed(3)),
+      }));
   } catch (error) {
     payload.ok = false;
     payload.error = error.message;

package/src/core/recall_corpus.mjs

@@ -150,3 +150,29 @@ export function listRecallMarkdownFiles(root, recallCfg, { area = '' } = {}) {
   }
   return out;
 }
+
+// Re-verify, against the CURRENT files, that specific paths still belong in the
+// recall corpus right now (in-corpus + exists + not private + not secret/injection).
+// The exact-token branch reads from a SQLite cache that is only rebuilt explicitly,
+// so a file that was public when indexed but has since turned private or been
+// deleted could otherwise linger in exact results until the next rebuild. Applying
+// this same gate to the returned paths closes that staleness window. It re-reads
+// only the handful of returned paths (top-K), not the whole corpus, so the exact
+// branch stays fast. Returns a Set of the still-safe paths.
+export function filterCurrentlySafePaths(root, recallCfg, rels) {
+  const resolver = createSensitivityResolver(root, recallCfg);
+  const matches = buildRecallPathMatcher(recallCfg);
+  const safe = new Set();
+  for (const rel of rels) {
+    if (safe.has(rel)) continue;
+    if (!matches(rel)) continue;
+    if (!isTextFile(rel)) continue;
+    const abs = path.join(root, rel);
+    if (!fs.existsSync(abs)) continue;
+    const text = readText(abs, '');
+    if (resolver.sensitivityFor(rel, text) === 'private') continue;
+    if (!safeToIndex(text)) continue;
+    safe.add(rel);
+  }
+  return safe;
+}