Skip to content

Release: complete Mneme 3.6.0 ten-loop engineering hardening#36

Open
OnourImpram wants to merge 19 commits into
mainfrom
sol-ultra/mneme-ten-loop-upgrade-20260717-r3
Open

Release: complete Mneme 3.6.0 ten-loop engineering hardening#36
OnourImpram wants to merge 19 commits into
mainfrom
sol-ultra/mneme-ten-loop-upgrade-20260717-r3

Conversation

@OnourImpram

@OnourImpram OnourImpram commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Summary

This pull request prepares Mneme 3.6.0 through ten bounded engineering loops. It does not merge, tag, publish packages, or create a GitHub release.

Exact PR head: 44b31c494724ce5ec573de0c6431c9155b427535

Technical decision: GO for human review and merge consideration. There are zero open P0 or P1 findings. Disclosed P2 risks are listed below.

Architecture

  • Restores repository truth by removing temporary 3.6 workflows and ready markers while retaining the maintained CI and release workflows.
  • Derives all nine public MCP schemas from authoritative Zod contracts and enforces one Python and TypeScript scope model.
  • Makes concrete legacy FTS5 reads fail closed, keeps exact * as the explicit cross-scope read, and rejects wildcard writes.
  • Applies deterministic valid-time and transaction-time planning across claims and Graphiti, with scope-derived graph groups.
  • Builds one verified artifact set in release preflight and makes every publish job require a tag-push event.

User Impact

  • mneme_checkpoint_list and mneme_working_set_load accept optional scope and use the configured default when omitted.
  • mneme doctor --verify-isolation checks scope and redaction boundaries against an isolated temporary fixture.
  • Existing Markdown vault files remain ground truth and are not rewritten.
  • Legacy unscoped derived indexes require mneme index rebuild before concrete-scope reads.
  • Node 22 remains the minimum. Python 3.11 through 3.14 remain supported.

Data Integrity And Privacy

  • Redaction is reapplied before staging, FTS5, telemetry, compression, connectors, sync, KG, Graphiti, migration, and export sinks, including mapping keys and migration metadata.
  • Python and TypeScript share audit locking, sequence, chain, and keyed tail seals. Cross-language truncation and partial-write restoration are tested.
  • Vault and proposal writes fail closed on symlink, reparse, parent replacement, stale lock, partial rename, and process interruption boundaries.
  • Rollback requires the current content hash to match the journaled state.
  • New migration manifests bind canonical source paths. Signed legacy aliases without a signed canonical restore target fail closed and preserve the archive for manual hash-verified recovery.
  • Four independent reviews covered release integrity, privacy, retrieval and temporal correctness, and OSS maintainability. All P0 and P1 findings are closed.

Verification

Exact-head hosted runs:

  • CI matrix: Python 3.11 through 3.14 and Node 22 and 24 on Linux, macOS, and Windows passed. Repository integrity, real Neo4j integration, and the seven-surface gate passed.
  • CodeQL: Python and JavaScript or TypeScript analysis passed.
  • Benchmarks: all declared benchmark jobs passed.
  • release.yml dry run: dry_run=true, target_version=3.6.0 passed and every publish job was skipped.
  • The final head closes Windows Stop-hook writer starvation by aligning the shared audit-lock wait with the documented 5 second contract. Python 3.11 and 3.13 Windows jobs passed, plus 12 consecutive eight-writer stress runs.

Local and clean-clone evidence:

  • Python core: 1665 passed, 14 skipped, 84.24% coverage.
  • Claude plugin: 237 passed, 81.58% branch coverage.
  • Graph: 404 passed, 2 skipped, 87.25% coverage.
  • Code: 119 passed, 93.40% coverage.
  • Parity and tools: 74 passed.
  • Node on Windows: 619 passed, 6 skipped. Statements 87.58%, branches 80.87%, functions 92.90%, lines 88.58%.
  • Node in a clean native Linux clone: 625 passed and all coverage gates remained above 80%.
  • Migration integration: 54 passed, 1 Windows platform skip. The Linux matrix ran the platform case.
  • GNU Make 4.3 ran make install-dev, make test, and make lint in a fresh native WSL clone with Python 3.12.3, checksum-verified Node 24.14.0, and pnpm 9.15.9.
  • Ruff and strict mypy passed for all four Python packages. Biome, TypeScript build, actionlint 1.7.7, version agreement, spec verification, repository integrity, and all three plugin validators passed.
  • Fresh exact-head clone status was empty, git fsck passed, and the high-confidence secret diff scan reported zero hits.

Benchmarks

All seven deterministic synthetic surfaces passed. These are regression fixtures, not cross-product claims.

  • Production FTS5 Recall@10: 1.0.
  • Production FTS5 Precision@10: 0.1.
  • Production FTS5 MRR: 0.733667.
  • Production FTS5 nDCG@10: 0.800629.
  • Retrieval p95: 3.797 ms.
  • Stop proxy p95: 4.704 ms against a 1000 ms budget.
  • Index size: 1,175,552 bytes.
  • LongMemEval and LoCoMo official-schema fixtures passed and rejected malformed records.
  • Feature hashing is a lexical vector surrogate. Its ablation underperformed production FTS5 and is not described as semantic or dense retrieval.

Packaging

The package verifier passed 21 required checks across 12 artifacts: four wheels, four sdists, npm tarball, Claude plugin tarball, MCP registry metadata, and SHA256 manifest. Clean install, uninstall, profile switching, npm lifecycle, claude-mem migration idempotency, rollback, archive safety, and destructive guards passed.

Npm tarball SHA256: 9972f9dd6e951cd00d69d2c1e4816c9de84ae97bd7cd78f14ffada1f7d7bdc6e

No artifact was published.

Migration And Rollback

  • Existing 3.5 vault Markdown remains valid.
  • Rebuild changes only derived indexes.
  • Migration revision 3 redacts observation fields before hashes, frontmatter, tags, or body derivation.
  • Migration rollback is idempotent and current-hash checked.
  • Signed schema v2 lexical aliases without a signed canonical target are not guessed. Automatic finalization and restoration fail closed. The signed archive remains available for manual hash-verified recovery.
  • Operational rollback for this candidate is to close the unmerged PR. Published v3.5.0 remains unchanged.

Website

  • The public site presents 3.6.0 as the primary reviewed but unpublished release candidate. Published PyPI and npm packages remain explicitly identified as 3.5.0: https://onourimpram.github.io/mneme/
  • Release, upgrade, benchmark, and capability-evidence links are pinned to exact candidate SHA 44b31c494724ce5ec573de0c6431c9155b427535.
  • GitHub Pages built exact site commit 464fb2699c41d1c288350602ea2a88e8d463f8ed.
  • Desktop and 390 px mobile browser QA passed with no horizontal overflow or console errors. Lighthouse scored 83 performance, 100 accessibility, 82 best practices, and 100 SEO in the local no-cache preview.

Governance

  • Dependabot vulnerability alerts are enabled.
  • main branch protection enforces required checks for administrators.
  • PRs 29, 31, 32, 33, and 34 were closed as superseded after unique-diff inventory comments.
  • PR 35 was closed with the verified tree-sitter 0.26 Windows native crash evidence.
  • PR 28 remains open as a separate dependency change.

Disclosed P2 Risks

  • Existing SQLite test helpers emit nonblocking ResourceWarning messages.
  • Local rollback manifests retain exact local paths by design and must remain local-only.
  • Signed legacy lexical-alias archives require manual hash-verified recovery because no signed canonical target exists.
  • Conservative diagnostic path redaction can consume terminal ., !, ?, or : punctuation.
  • The official mcp-publisher binary was unavailable locally. Repository metadata and package gates passed.

External Gates

Human approval, merge, tag creation, package publication, and release publication remain separate external actions. None was performed by this work.

Reviewer Checklist

  • Confirm the nine MCP schema and runtime contracts retain unknown-field discard compatibility.
  • Review concrete, wildcard, legacy, and default scope behavior across Python, TypeScript, CCE, and Graphiti.
  • Review cross-language audit sealing, redaction boundaries, atomic writes, and rollback hash checks.
  • Review temporal current-snapshot, invalid-window, stale-claim, supersession, and contradiction behavior.
  • Confirm Benchmark A uses production FTS5 as the headline and labels the lexical surrogate accurately.
  • Confirm release jobs cannot publish from manual dispatch and consume only verified preflight bytes.
  • Confirm migration, install, uninstall, profile switch, and rollback paths remain idempotent.
  • Confirm the exact-head hosted runs above are green before merge.

@OnourImpram

Copy link
Copy Markdown
Owner Author

Owner decision, 2026-07-19: GO for merge consideration at exact candidate SHA 44b31c494724ce5ec573de0c6431c9155b427535.

This records the repository owner's technical approval. The GitHub-required independent approving review remains unsatisfied because the authenticated owner is also the PR author. Merge, tag creation, GitHub Release creation, and package publication were not performed by this approval record.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant