stellavault 0.4.4 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (265) hide show
  1. package/README.md +52 -16
  2. package/SECURITY.md +50 -0
  3. package/dist/stellavault.js +8968 -0
  4. package/package.json +70 -33
  5. package/.env.example +0 -12
  6. package/CHANGELOG.md +0 -106
  7. package/CLAUDE.md +0 -42
  8. package/CONTRIBUTING.md +0 -65
  9. package/index.html +0 -509
  10. package/packages/cli/bin/ekh.js +0 -2
  11. package/packages/cli/bin/stellavault.js +0 -2
  12. package/packages/cli/dist/commands/adr-cmd.d.ts +0 -7
  13. package/packages/cli/dist/commands/adr-cmd.js +0 -45
  14. package/packages/cli/dist/commands/ask-cmd.d.ts +0 -5
  15. package/packages/cli/dist/commands/ask-cmd.js +0 -36
  16. package/packages/cli/dist/commands/autopilot-cmd.d.ts +0 -4
  17. package/packages/cli/dist/commands/autopilot-cmd.js +0 -76
  18. package/packages/cli/dist/commands/brief-cmd.d.ts +0 -2
  19. package/packages/cli/dist/commands/brief-cmd.js +0 -82
  20. package/packages/cli/dist/commands/capture-cmd.d.ts +0 -7
  21. package/packages/cli/dist/commands/capture-cmd.js +0 -31
  22. package/packages/cli/dist/commands/card-cmd.d.ts +0 -4
  23. package/packages/cli/dist/commands/card-cmd.js +0 -26
  24. package/packages/cli/dist/commands/clip-cmd.d.ts +0 -4
  25. package/packages/cli/dist/commands/clip-cmd.js +0 -151
  26. package/packages/cli/dist/commands/cloud-cmd.d.ts +0 -4
  27. package/packages/cli/dist/commands/cloud-cmd.js +0 -64
  28. package/packages/cli/dist/commands/compile-cmd.d.ts +0 -6
  29. package/packages/cli/dist/commands/compile-cmd.js +0 -30
  30. package/packages/cli/dist/commands/contradictions-cmd.d.ts +0 -2
  31. package/packages/cli/dist/commands/contradictions-cmd.js +0 -34
  32. package/packages/cli/dist/commands/decay-cmd.d.ts +0 -2
  33. package/packages/cli/dist/commands/decay-cmd.js +0 -48
  34. package/packages/cli/dist/commands/digest-cmd.d.ts +0 -5
  35. package/packages/cli/dist/commands/digest-cmd.js +0 -136
  36. package/packages/cli/dist/commands/draft-cmd.d.ts +0 -6
  37. package/packages/cli/dist/commands/draft-cmd.js +0 -110
  38. package/packages/cli/dist/commands/duplicates-cmd.d.ts +0 -4
  39. package/packages/cli/dist/commands/duplicates-cmd.js +0 -30
  40. package/packages/cli/dist/commands/federate-cmd.d.ts +0 -5
  41. package/packages/cli/dist/commands/federate-cmd.js +0 -247
  42. package/packages/cli/dist/commands/fleeting-cmd.d.ts +0 -4
  43. package/packages/cli/dist/commands/fleeting-cmd.js +0 -45
  44. package/packages/cli/dist/commands/flush-cmd.d.ts +0 -2
  45. package/packages/cli/dist/commands/flush-cmd.js +0 -58
  46. package/packages/cli/dist/commands/gaps-cmd.d.ts +0 -2
  47. package/packages/cli/dist/commands/gaps-cmd.js +0 -33
  48. package/packages/cli/dist/commands/graph-cmd.d.ts +0 -2
  49. package/packages/cli/dist/commands/graph-cmd.js +0 -89
  50. package/packages/cli/dist/commands/index-cmd.d.ts +0 -2
  51. package/packages/cli/dist/commands/index-cmd.js +0 -57
  52. package/packages/cli/dist/commands/ingest-cmd.d.ts +0 -9
  53. package/packages/cli/dist/commands/ingest-cmd.js +0 -195
  54. package/packages/cli/dist/commands/init-cmd.d.ts +0 -2
  55. package/packages/cli/dist/commands/init-cmd.js +0 -161
  56. package/packages/cli/dist/commands/learn-cmd.d.ts +0 -2
  57. package/packages/cli/dist/commands/learn-cmd.js +0 -48
  58. package/packages/cli/dist/commands/lint-cmd.d.ts +0 -2
  59. package/packages/cli/dist/commands/lint-cmd.js +0 -61
  60. package/packages/cli/dist/commands/pack-cmd.d.ts +0 -15
  61. package/packages/cli/dist/commands/pack-cmd.js +0 -93
  62. package/packages/cli/dist/commands/review-cmd.d.ts +0 -4
  63. package/packages/cli/dist/commands/review-cmd.js +0 -107
  64. package/packages/cli/dist/commands/search-cmd.d.ts +0 -4
  65. package/packages/cli/dist/commands/search-cmd.js +0 -38
  66. package/packages/cli/dist/commands/serve-cmd.d.ts +0 -2
  67. package/packages/cli/dist/commands/serve-cmd.js +0 -14
  68. package/packages/cli/dist/commands/session-cmd.d.ts +0 -7
  69. package/packages/cli/dist/commands/session-cmd.js +0 -95
  70. package/packages/cli/dist/commands/status-cmd.d.ts +0 -2
  71. package/packages/cli/dist/commands/status-cmd.js +0 -33
  72. package/packages/cli/dist/commands/sync-cmd.d.ts +0 -5
  73. package/packages/cli/dist/commands/sync-cmd.js +0 -62
  74. package/packages/cli/dist/commands/vault-cmd.d.ts +0 -10
  75. package/packages/cli/dist/commands/vault-cmd.js +0 -54
  76. package/packages/cli/dist/index.d.ts +0 -2
  77. package/packages/cli/dist/index.js +0 -233
  78. package/packages/cli/package.json +0 -24
  79. package/packages/core/dist/api/dashboard.d.ts +0 -3
  80. package/packages/core/dist/api/dashboard.js +0 -135
  81. package/packages/core/dist/api/graph-data.d.ts +0 -11
  82. package/packages/core/dist/api/graph-data.js +0 -255
  83. package/packages/core/dist/api/pwa.d.ts +0 -3
  84. package/packages/core/dist/api/pwa.js +0 -77
  85. package/packages/core/dist/api/server.d.ts +0 -16
  86. package/packages/core/dist/api/server.js +0 -1122
  87. package/packages/core/dist/capture/voice.d.ts +0 -24
  88. package/packages/core/dist/capture/voice.js +0 -135
  89. package/packages/core/dist/cloud/index.d.ts +0 -3
  90. package/packages/core/dist/cloud/index.js +0 -2
  91. package/packages/core/dist/cloud/sync.d.ts +0 -29
  92. package/packages/core/dist/cloud/sync.js +0 -137
  93. package/packages/core/dist/config.d.ts +0 -35
  94. package/packages/core/dist/config.js +0 -63
  95. package/packages/core/dist/federation/credits.d.ts +0 -26
  96. package/packages/core/dist/federation/credits.js +0 -56
  97. package/packages/core/dist/federation/identity.d.ts +0 -14
  98. package/packages/core/dist/federation/identity.js +0 -74
  99. package/packages/core/dist/federation/index.d.ts +0 -7
  100. package/packages/core/dist/federation/index.js +0 -5
  101. package/packages/core/dist/federation/node.d.ts +0 -31
  102. package/packages/core/dist/federation/node.js +0 -216
  103. package/packages/core/dist/federation/privacy.d.ts +0 -8
  104. package/packages/core/dist/federation/privacy.js +0 -40
  105. package/packages/core/dist/federation/reputation.d.ts +0 -37
  106. package/packages/core/dist/federation/reputation.js +0 -139
  107. package/packages/core/dist/federation/search.d.ts +0 -19
  108. package/packages/core/dist/federation/search.js +0 -101
  109. package/packages/core/dist/federation/sharing.d.ts +0 -72
  110. package/packages/core/dist/federation/sharing.js +0 -246
  111. package/packages/core/dist/federation/trust.d.ts +0 -15
  112. package/packages/core/dist/federation/trust.js +0 -60
  113. package/packages/core/dist/federation/types.d.ts +0 -40
  114. package/packages/core/dist/federation/types.js +0 -3
  115. package/packages/core/dist/i18n/index.d.ts +0 -6
  116. package/packages/core/dist/i18n/index.js +0 -81
  117. package/packages/core/dist/i18n/note-strings.d.ts +0 -5
  118. package/packages/core/dist/i18n/note-strings.js +0 -94
  119. package/packages/core/dist/index.d.ts +0 -123
  120. package/packages/core/dist/index.js +0 -74
  121. package/packages/core/dist/indexer/chunker.d.ts +0 -14
  122. package/packages/core/dist/indexer/chunker.js +0 -148
  123. package/packages/core/dist/indexer/embedder.d.ts +0 -8
  124. package/packages/core/dist/indexer/embedder.js +0 -3
  125. package/packages/core/dist/indexer/index.d.ts +0 -28
  126. package/packages/core/dist/indexer/index.js +0 -74
  127. package/packages/core/dist/indexer/local-embedder.d.ts +0 -3
  128. package/packages/core/dist/indexer/local-embedder.js +0 -29
  129. package/packages/core/dist/indexer/scanner.d.ts +0 -11
  130. package/packages/core/dist/indexer/scanner.js +0 -148
  131. package/packages/core/dist/indexer/watcher.d.ts +0 -19
  132. package/packages/core/dist/indexer/watcher.js +0 -49
  133. package/packages/core/dist/intelligence/ask-engine.d.ts +0 -24
  134. package/packages/core/dist/intelligence/ask-engine.js +0 -142
  135. package/packages/core/dist/intelligence/auto-linker.d.ts +0 -19
  136. package/packages/core/dist/intelligence/auto-linker.js +0 -126
  137. package/packages/core/dist/intelligence/code-linker.d.ts +0 -20
  138. package/packages/core/dist/intelligence/code-linker.js +0 -88
  139. package/packages/core/dist/intelligence/contradiction-detector.d.ts +0 -20
  140. package/packages/core/dist/intelligence/contradiction-detector.js +0 -115
  141. package/packages/core/dist/intelligence/decay-engine.d.ts +0 -27
  142. package/packages/core/dist/intelligence/decay-engine.js +0 -190
  143. package/packages/core/dist/intelligence/draft-generator.d.ts +0 -25
  144. package/packages/core/dist/intelligence/draft-generator.js +0 -277
  145. package/packages/core/dist/intelligence/duplicate-detector.d.ts +0 -20
  146. package/packages/core/dist/intelligence/duplicate-detector.js +0 -55
  147. package/packages/core/dist/intelligence/file-extractors.d.ts +0 -13
  148. package/packages/core/dist/intelligence/file-extractors.js +0 -155
  149. package/packages/core/dist/intelligence/fsrs.d.ts +0 -43
  150. package/packages/core/dist/intelligence/fsrs.js +0 -70
  151. package/packages/core/dist/intelligence/gap-detector.d.ts +0 -25
  152. package/packages/core/dist/intelligence/gap-detector.js +0 -78
  153. package/packages/core/dist/intelligence/ingest-pipeline.d.ts +0 -32
  154. package/packages/core/dist/intelligence/ingest-pipeline.js +0 -245
  155. package/packages/core/dist/intelligence/knowledge-lint.d.ts +0 -27
  156. package/packages/core/dist/intelligence/knowledge-lint.js +0 -132
  157. package/packages/core/dist/intelligence/learning-path.d.ts +0 -31
  158. package/packages/core/dist/intelligence/learning-path.js +0 -53
  159. package/packages/core/dist/intelligence/notifications.d.ts +0 -31
  160. package/packages/core/dist/intelligence/notifications.js +0 -65
  161. package/packages/core/dist/intelligence/predictive-gaps.d.ts +0 -14
  162. package/packages/core/dist/intelligence/predictive-gaps.js +0 -74
  163. package/packages/core/dist/intelligence/semantic-versioning.d.ts +0 -37
  164. package/packages/core/dist/intelligence/semantic-versioning.js +0 -68
  165. package/packages/core/dist/intelligence/types.d.ts +0 -28
  166. package/packages/core/dist/intelligence/types.js +0 -3
  167. package/packages/core/dist/intelligence/wiki-compiler.d.ts +0 -30
  168. package/packages/core/dist/intelligence/wiki-compiler.js +0 -222
  169. package/packages/core/dist/intelligence/youtube-extractor.d.ts +0 -29
  170. package/packages/core/dist/intelligence/youtube-extractor.js +0 -321
  171. package/packages/core/dist/intelligence/zettelkasten.d.ts +0 -59
  172. package/packages/core/dist/intelligence/zettelkasten.js +0 -234
  173. package/packages/core/dist/mcp/custom-tools.d.ts +0 -29
  174. package/packages/core/dist/mcp/custom-tools.js +0 -70
  175. package/packages/core/dist/mcp/index.d.ts +0 -2
  176. package/packages/core/dist/mcp/index.js +0 -2
  177. package/packages/core/dist/mcp/server.d.ts +0 -51
  178. package/packages/core/dist/mcp/server.js +0 -174
  179. package/packages/core/dist/mcp/tools/agentic-graph.d.ts +0 -93
  180. package/packages/core/dist/mcp/tools/agentic-graph.js +0 -116
  181. package/packages/core/dist/mcp/tools/ask.d.ts +0 -29
  182. package/packages/core/dist/mcp/tools/ask.js +0 -43
  183. package/packages/core/dist/mcp/tools/brief.d.ts +0 -31
  184. package/packages/core/dist/mcp/tools/brief.js +0 -39
  185. package/packages/core/dist/mcp/tools/decay.d.ts +0 -33
  186. package/packages/core/dist/mcp/tools/decay.js +0 -32
  187. package/packages/core/dist/mcp/tools/decision-journal.d.ts +0 -78
  188. package/packages/core/dist/mcp/tools/decision-journal.js +0 -79
  189. package/packages/core/dist/mcp/tools/detect-gaps.d.ts +0 -24
  190. package/packages/core/dist/mcp/tools/detect-gaps.js +0 -47
  191. package/packages/core/dist/mcp/tools/export.d.ts +0 -29
  192. package/packages/core/dist/mcp/tools/export.js +0 -60
  193. package/packages/core/dist/mcp/tools/federated-search.d.ts +0 -29
  194. package/packages/core/dist/mcp/tools/federated-search.js +0 -36
  195. package/packages/core/dist/mcp/tools/generate-claude-md.d.ts +0 -35
  196. package/packages/core/dist/mcp/tools/generate-claude-md.js +0 -107
  197. package/packages/core/dist/mcp/tools/generate-draft.d.ts +0 -34
  198. package/packages/core/dist/mcp/tools/generate-draft.js +0 -120
  199. package/packages/core/dist/mcp/tools/get-document.d.ts +0 -35
  200. package/packages/core/dist/mcp/tools/get-document.js +0 -25
  201. package/packages/core/dist/mcp/tools/get-evolution.d.ts +0 -28
  202. package/packages/core/dist/mcp/tools/get-evolution.js +0 -70
  203. package/packages/core/dist/mcp/tools/get-related.d.ts +0 -32
  204. package/packages/core/dist/mcp/tools/get-related.js +0 -33
  205. package/packages/core/dist/mcp/tools/learning-path.d.ts +0 -23
  206. package/packages/core/dist/mcp/tools/learning-path.js +0 -45
  207. package/packages/core/dist/mcp/tools/link-code.d.ts +0 -34
  208. package/packages/core/dist/mcp/tools/link-code.js +0 -44
  209. package/packages/core/dist/mcp/tools/list-topics.d.ts +0 -15
  210. package/packages/core/dist/mcp/tools/list-topics.js +0 -18
  211. package/packages/core/dist/mcp/tools/search.d.ts +0 -39
  212. package/packages/core/dist/mcp/tools/search.js +0 -29
  213. package/packages/core/dist/mcp/tools/snapshot.d.ts +0 -47
  214. package/packages/core/dist/mcp/tools/snapshot.js +0 -84
  215. package/packages/core/dist/multi-vault/index.d.ts +0 -26
  216. package/packages/core/dist/multi-vault/index.js +0 -80
  217. package/packages/core/dist/pack/creator.d.ts +0 -21
  218. package/packages/core/dist/pack/creator.js +0 -105
  219. package/packages/core/dist/pack/exporter.d.ts +0 -4
  220. package/packages/core/dist/pack/exporter.js +0 -18
  221. package/packages/core/dist/pack/importer.d.ts +0 -10
  222. package/packages/core/dist/pack/importer.js +0 -55
  223. package/packages/core/dist/pack/index.d.ts +0 -6
  224. package/packages/core/dist/pack/index.js +0 -5
  225. package/packages/core/dist/pack/marketplace.d.ts +0 -14
  226. package/packages/core/dist/pack/marketplace.js +0 -90
  227. package/packages/core/dist/pack/pii-masker.d.ts +0 -7
  228. package/packages/core/dist/pack/pii-masker.js +0 -29
  229. package/packages/core/dist/pack/types.d.ts +0 -36
  230. package/packages/core/dist/pack/types.js +0 -3
  231. package/packages/core/dist/plugins/index.d.ts +0 -35
  232. package/packages/core/dist/plugins/index.js +0 -57
  233. package/packages/core/dist/plugins/webhooks.d.ts +0 -30
  234. package/packages/core/dist/plugins/webhooks.js +0 -79
  235. package/packages/core/dist/search/adaptive.d.ts +0 -16
  236. package/packages/core/dist/search/adaptive.js +0 -67
  237. package/packages/core/dist/search/bm25.d.ts +0 -4
  238. package/packages/core/dist/search/bm25.js +0 -10
  239. package/packages/core/dist/search/index.d.ts +0 -15
  240. package/packages/core/dist/search/index.js +0 -64
  241. package/packages/core/dist/search/rrf.d.ts +0 -7
  242. package/packages/core/dist/search/rrf.js +0 -21
  243. package/packages/core/dist/search/semantic.d.ts +0 -5
  244. package/packages/core/dist/search/semantic.js +0 -6
  245. package/packages/core/dist/store/index.d.ts +0 -3
  246. package/packages/core/dist/store/index.js +0 -2
  247. package/packages/core/dist/store/sqlite-vec.d.ts +0 -6
  248. package/packages/core/dist/store/sqlite-vec.js +0 -251
  249. package/packages/core/dist/store/types.d.ts +0 -20
  250. package/packages/core/dist/store/types.js +0 -3
  251. package/packages/core/dist/team/index.d.ts +0 -25
  252. package/packages/core/dist/team/index.js +0 -97
  253. package/packages/core/dist/types/chunk.d.ts +0 -23
  254. package/packages/core/dist/types/chunk.js +0 -3
  255. package/packages/core/dist/types/document.d.ts +0 -23
  256. package/packages/core/dist/types/document.js +0 -3
  257. package/packages/core/dist/types/graph.d.ts +0 -39
  258. package/packages/core/dist/types/graph.js +0 -3
  259. package/packages/core/dist/types/index.d.ts +0 -5
  260. package/packages/core/dist/types/index.js +0 -2
  261. package/packages/core/dist/types/search.d.ts +0 -39
  262. package/packages/core/dist/types/search.js +0 -3
  263. package/packages/core/dist/utils/retry.d.ts +0 -25
  264. package/packages/core/dist/utils/retry.js +0 -59
  265. package/packages/core/package.json +0 -67
package/README.md CHANGED
@@ -1,27 +1,27 @@
1
1
  # Stellavault
2
2
 
3
- > **Self-compiling knowledge MCP server** ingest anything, auto-organize into Zettelkasten wiki, and let Claude access your entire knowledge base.
3
+ > **Drop anything. It compiles itself into knowledge.** Claude remembers everything you know.
4
4
 
5
- Drop a PDF, paste a YouTube link, type a thought Stellavault compiles it into structured knowledge, connects the dots, and gives your AI agent full access through 21 MCP tools.
5
+ Self-compiling Zettelkasten MCP server. Ingest PDFs, YouTube, documentsauto-organized into linked wiki. Claude accesses your entire knowledge base. **Your vault files are never modified.**
6
6
 
7
7
  <p align="center">
8
- <img src="images/screenshots/graph-dark-full.png" alt="3D Knowledge Graph" width="800" />
9
- <br><em>Your vault as a neural network. Clusters form constellations.</em>
8
+ <img src="images/screenshots/graph-main-2.png" alt="3D Knowledge Graph" width="800" />
9
+ <br><em>Your vault as a neural network. Local-first, no cloud required.</em>
10
10
  </p>
11
11
 
12
12
  ## Two Core Ideas
13
13
 
14
- **1. "Drop it and forget it"** (Karpathy's Self-Compiling Knowledge)
14
+ **1. "Drop it and forget it"** (Inspired by Karpathy's Self-Compiling Knowledge)
15
15
  ```
16
16
  Any input → auto-classify → raw/ → compile → wiki → connected knowledge
17
17
  ```
18
- PDF, DOCX, YouTube, URL, text — everything goes through the same pipeline. You never manually organize.
18
+ PDF, DOCX, PPTX, XLSX, YouTube (with transcript), URL, text — everything goes through the same pipeline. You never manually organize.
19
19
 
20
- **2. "Claude knows what you know"** (MCP Integration)
20
+ **2. "Claude remembers what you know"** (MCP Integration)
21
21
  ```bash
22
22
  claude mcp add stellavault -- stellavault serve
23
23
  ```
24
- 21 MCP tools give Claude direct access to search, ask, draft, and navigate your entire knowledge base.
24
+ Claude searches, asks, drafts from your vault directly. Local-first no data leaves your machine.
25
25
 
26
26
  ## 5-Minute Setup
27
27
 
@@ -50,9 +50,12 @@ stellavault ingest <anything> # PDF, DOCX, URL, YouTube, text
50
50
  | Input | How |
51
51
  |-------|-----|
52
52
  | PDF, DOCX, PPTX, XLSX | `stellavault ingest report.pdf` — auto text extraction |
53
+ | JSON, CSV, XML, YAML | `stellavault ingest data.json` — structured format preserved |
54
+ | HTML, RTF | `stellavault ingest page.html` — clean text extraction |
53
55
  | YouTube | `stellavault ingest https://youtu.be/...` — transcript + timestamps |
54
56
  | URL | `stellavault ingest https://...` — HTML → clean text |
55
57
  | Text | `stellavault ingest "quick thought"` |
58
+ | Folder | `stellavault ingest ./papers/` — batch all files |
56
59
  | Web UI | Drag & drop files in browser (mobile too) |
57
60
 
58
61
  ### Express: Get Knowledge Out
@@ -177,9 +180,33 @@ stellavault autopilot # Full cycle: inbox → compile
177
180
  - Heatmap overlay (activity score)
178
181
  - Timeline slider (creation/modification filter)
179
182
  - Decay overlay (fading knowledge)
183
+ - **Multiverse view** — your vault as a universe in a P2P network
180
184
  - Dark/Light theme
181
185
  - Mobile responsive + PWA installable
182
186
 
187
+ ## Multiverse — P2P Knowledge Federation
188
+
189
+ <p align="center">
190
+ <img src="images/screenshots/multiverse-view.png" alt="Multiverse View" width="800" />
191
+ <br><em>"Your universe floats alone — for now."</em>
192
+ </p>
193
+
194
+ Your vault is a universe. Connect with others through P2P federation.
195
+
196
+ ```bash
197
+ stellavault federate join # Connect to the Stella Network
198
+ stellavault federate status # See connected peers
199
+ ```
200
+
201
+ **How it works:**
202
+ - **Hyperswarm P2P** — NAT-traversal mesh networking, no central server
203
+ - **Embeddings only** — your original text never leaves your machine
204
+ - **Differential privacy** — mathematical privacy guarantees
205
+ - **Trust & reputation** — good knowledge earns credits
206
+ - **Federated search** — search across connected vaults via MCP
207
+
208
+ The Multiverse view shows your universe and connected peers as neighboring constellations in 3D. Click to explore their shared knowledge.
209
+
183
210
  ## Tech Stack
184
211
 
185
212
  | Layer | Tech |
@@ -197,22 +224,31 @@ stellavault autopilot # Full cycle: inbox → compile
197
224
 
198
225
  | Category | Features |
199
226
  |----------|----------|
200
- | **Capture** | ingest (URL/YouTube/PDF/DOCX/PPTX/XLSX/text), fleeting, web drag & drop, mobile PWA |
227
+ | **Capture** | ingest 14 formats (PDF/DOCX/PPTX/XLSX/JSON/CSV/XML/HTML/YAML/RTF/YouTube/URL/text), batch folders, web drag & drop, Quick Capture, mobile PWA |
201
228
  | **Organize** | Zettelkasten 3-stage, auto index codes, wikilink auto-connect, configurable folders |
202
229
  | **Distill** | compile (raw→wiki), lint (health score), gaps, contradictions, duplicates |
203
- | **Express** | draft (blog/report/outline), --ai (Claude API), MCP generate-draft (free) |
204
- | **Memory** | FSRS decay tracking, session-save (daily logs), flush (logs→wiki), compounding loop |
205
- | **Search** | hybrid (BM25+vector+RRF), multilingual (50+ langs), ask Q&A |
206
- | **Visualize** | 3D graph, constellation, heatmap, timeline, decay overlay, dark/light |
207
- | **AI Integration** | 21 MCP tools, Claude Code hooks, Anthropic SDK, generate-draft |
208
- | **CLI** | 39+ commands, `sv` alias |
230
+ | **Express** | draft (blog/report/outline/instagram/thread/script), blueprint, --ai, MCP generate-draft |
231
+ | **Memory** | FSRS decay, session-save, flush, compounding loop, ADR templates |
232
+ | **Search** | hybrid (BM25+vector+RRF), multilingual 50+, ask Q&A, quotes mode |
233
+ | **Visualize** | 3D graph, heatmap, timeline, right-click context menu, TipTap WYSIWYG editor |
234
+ | **AI Integration** | 21 MCP tools, Claude Code hooks, Anthropic SDK |
235
+ | **Security** | DOMPurify, YAML sanitize, 50MB guard, SSRF protection |
236
+ | **CLI** | 40+ commands, `sv` alias, batch ingest |
237
+
238
+ ## Security
239
+
240
+ Your vault files are never modified. Stellavault is local-first — no data leaves your machine unless you explicitly use `--ai` (Anthropic API).
241
+
242
+ See [SECURITY.md](SECURITY.md) for full details.
209
243
 
210
244
  ## License
211
245
 
212
- MIT
246
+ MIT — full source code available for audit.
213
247
 
214
248
  ## Links
215
249
 
250
+ - [Landing Page](https://evanciel.github.io/stellavault/)
216
251
  - [Obsidian Plugin](https://github.com/Evanciel/stellavault-obsidian)
217
252
  - [npm](https://www.npmjs.com/package/stellavault)
218
253
  - [GitHub Releases](https://github.com/Evanciel/stellavault/releases)
254
+ - [Security Policy](SECURITY.md)
package/SECURITY.md ADDED
@@ -0,0 +1,50 @@
1
+ # Security Policy
2
+
3
+ ## Data Access
4
+
5
+ Stellavault is **local-first**. Your knowledge stays on your machine.
6
+
7
+ ### What Stellavault reads
8
+ - `.md`, `.txt`, `.pdf`, `.docx`, `.pptx`, `.xlsx` files **inside your configured vault path only**
9
+ - Files are read to build a search index (SQLite-vec database stored in `~/.stellavault/`)
10
+ - **Vault original files are never modified by the indexer** — Stellavault creates its own files in `raw/`, `_wiki/`, `_drafts/` folders
11
+
12
+ ### When network requests occur
13
+ - **YouTube ingest**: fetches video metadata + captions from youtube.com (via yt-dlp)
14
+ - **URL ingest**: fetches the target URL to extract text
15
+ - **`stellavault draft --ai`**: sends vault excerpts to Anthropic API (requires explicit `ANTHROPIC_API_KEY` env var — opt-in only)
16
+ - **MCP serve**: local stdio/HTTP only — no external connections
17
+ - **Embedding model**: downloaded once from Hugging Face on first `stellavault index`, then cached locally
18
+
19
+ ### What never leaves your machine
20
+ - Your vault files
21
+ - Your search index database
22
+ - Your session logs and daily logs
23
+ - Your draft outputs
24
+ - All MCP tool responses
25
+
26
+ ## Vault Safety
27
+
28
+ - **Read-only default**: The search indexer reads files but does not modify them
29
+ - **New files only**: `ingest`, `session-save`, `compile`, `draft` create new `.md` files — they never overwrite existing vault notes
30
+ - **Edit is explicit**: The web UI edit feature and `PUT /api/document` require deliberate user action
31
+ - **Path traversal protection**: All file operations validate paths stay within vault root
32
+ - **Configurable folders**: `raw/`, `_wiki/`, `_literature/` names can be changed in `.stellavault.json`
33
+
34
+ ## Input Sanitization
35
+
36
+ - **DOMPurify**: All markdown rendered in the web UI is sanitized against XSS
37
+ - **YAML sanitization**: Frontmatter values are escaped to prevent injection
38
+ - **File size limit**: 50MB max for binary file extraction
39
+ - **URL validation**: Image URLs restricted to `https://` scheme
40
+ - **SSRF protection**: Private/local IP addresses blocked for URL ingest
41
+
42
+ ## Reporting Vulnerabilities
43
+
44
+ Please report security issues to: https://github.com/Evanciel/stellavault/issues (label: security)
45
+
46
+ Or email: [create a security@stellavault.dev when domain is registered]
47
+
48
+ ## License
49
+
50
+ MIT — full source code is available for audit at https://github.com/Evanciel/stellavault