You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
[0.2.0] - 2026-07-05
Added
src/trajlens/repair/: repair engine with three fixers behind a common Fixer protocol (dry-run by default, copy-on-write, never mutates the
original) —
timestamp_dedrift.py: rewrites frame timestamps to quantize(frame_index / fps) for KNOWNBUG.TIMESTAMP_DRIFT
stats_recompute.py: recomputes global + per-episode stats from data
and rewrites meta/stats.json for STATISTICAL.STATS_MATCH_DATA
episode_reindex.py: rebuilds dataset_from_index/dataset_to_index
boundaries from each shard's ground-truth index column for STRUCTURAL.METADATA_DATA_AGREEMENT (#2401); fails closed
(RepairError, zero output) on internally-inconsistent index data
with no independent ground truth to repair against
trajlens fix <ref>: CLI command wiring all three fixers via a new repair/orchestrator.py (ADR-001). Dry-run by default; --apply --out <path> writes. Fixed composition order (episode_reindex -> timestamp_dedrift -> stats_recompute) via N temp-copy chaining, since
the Fixer protocol has no in-place-rewrite mode. Hub refs are refused
before any fixer runs (Hub SourceHandle.root only ever contains meta/** locally). Exit codes 0/1/2 = nothing to fix / fixed /
could not fix
trajlens web <ref>: read-only local dashboard over the lint report
(optional [web] extra: FastAPI + uvicorn). Binds to 127.0.0.1 only, no
flag to widen the bind; strict CSP/security headers on every response; no
route accepts a path, ref, or dataset id from the browser
(06_SECURITY_AND_THREAT_MODEL.md T10). Dashboard shell, CSS, and JS are
served as external files (static/index.html, static/style.css, static/app.js) under a package-fixed /static mount, alongside GET /api/report
report/json_report.py: results[].details now included in --json
output (previously computed but dropped), giving the dashboard's
drill-down access to the same structured detail the checks already
produce
Fixed
Dashboard CSP release-blocker: index.html's inline <script>/<style>
and style="" attributes were silently dropped by real browser CSP
enforcement (script-src 'self'; style-src 'self', no unsafe-inline),
leaving the dashboard stuck at "Loading report..." with no styling. TestClient never enforces CSP so the test suite gave no signal. Fixed
by externalizing CSS/JS rather than loosening the policy