Python mcop py-v3.3.0

Python mcop py-v3.3.0 — published to PyPI via Trusted Publishing (OIDC, automatic Sigstore provenance).

• PyPI: https://pypi.org/project/mcop/
• Framework release notes: see the corresponding v* framework Release for the full feature set.

Attached assets: CycloneDX SBOMs covering the framework workspace and the @kullailabs/mcop-core package, generated by pnpm sbom and validated against the upstream CycloneDX schema (pnpm sbom:validate).

What's Changed

• ci(npm): clear NODE_AUTH_TOKEN sentinel so OIDC trusted publishing wins by @Kuonirad in #561
• ci(npm): strip _authToken from .npmrc so OIDC trusted publishing wins by @Kuonirad in #562
• ci(npm): unset NODE_AUTH_TOKEN (not just empty-string) to trigger OIDC by @Kuonirad in #563
• ci(npm): use env -u NODE_AUTH_TOKEN to bulletproof OIDC trigger by @Kuonirad in #564
• ci(npm): pass --provenance explicitly to trigger OIDC trusted publishing by @Kuonirad in #565
• ci(npm): run publish with --loglevel=verbose + cat debug log on failure by @Kuonirad in #566
• ci(npm): pin SBOM-step setup-project to Node 24 (don't downgrade npm to 10.x) by @Kuonirad in #567
• chore(release): @kullailabs/mcop-core 0.2.1 (OIDC trusted-publishing validation) by @Kuonirad in #568
• docs(examples): expand case studies, ONNX/GPU demos, and UAP MCP reference by @Kuonirad in #569
• docs(audit): archive 2026-05-01 master audit, add remediation tracker + Lighthouse CI by @Kuonirad in #570
• Update MCOP frontend testing skill for example smoke checks by @Kuonirad in #571
• fix: stabilize task chunker progress under coverage by @Kuonirad in #572
• chore(repo): remove regressed package-lock.json + reconcile second 2026-05-01 audit by @Kuonirad in #573
• ci: SHA-pin remaining mutable-tag actions (cypress + stale-branch cleanup) by @Kuonirad in #574
• test(parity): add TS↔TS triad parity guardian for src/core vs packages/core/src by @Kuonirad in #575
• chore(npmrc): enable strict-peer-dependencies by @Kuonirad in #576
• chore(audit): apply comprehensive audit remediation (2026-05-01) by @Kuonirad in #578
• chore(audit): apply comprehensive audit remediation (2026-05-01) (#57… by @Kuonirad in #581
• chore(audit): part 2 remediation — CI flake fix, Freepik tests, stale… by @Kuonirad in #583
• refactor(hud): unify VSI compute path; close audit finding MEDIUM-1 by @Kuonirad in #582
• docs(readme): premium hero layout with architecture diagram and triad… by @Kuonirad in #584
• feat(docs): add premium SVG architecture diagram for README by @Kuonirad in #585
• feat: cinematic $500M production homepage — 5 premium SVG assets + rewritten README by @Kuonirad in #586
• feat: visual overhaul v2 — cinematic homepage renders correctly on GitHub by @Kuonirad in #587
• feat: cinematic README overhaul - 500M production budget aesthetic by @Kuonirad in #588
• feat(video): long-form video orchestrator + MemoryPack/Direct Forcing reference by @Kuonirad in #589
• feat(vsi): deepened predictive coaching engine (v3) by @Kuonirad in #590
• feat: apply MCOP audit setup and resonance remediations by @Kuonirad in #591
• fix: support browser-safe trace ids by @Kuonirad in #592
• test: add audit property fuzz coverage by @Kuonirad in #593
• feat: add triad observability hooks by @Kuonirad in #594
• Update MCOP frontend testing skill for observability checks by @Kuonirad in #595
• Update frontend testing skill for Dialectical Studio runtime proof by @Kuonirad in #596
• v2.2.1 hardening — floor 0.65 + adaptiveThreshold + curiosityBonus by @Kuonirad in #597
• feat(arcagi3): MCOP-instrumented ARC-AGI-3 agent with Grok strategy by @Kuonirad in #598
• feat(ci): manually-triggered ARC-AGI-3 agent workflow by @Kuonirad in #599
• feat(arcagi3): map-then-exploit Grok strategy with frame diffs by @Kuonirad in #600
• Claude/arcagi3 mapping strategy by @Kuonirad in #601
• fix(arcagi3): handle ndarray frames in JSON serialisation by @Kuonirad in #602
• fix(arcagi3): handle list-of-ndarray frames (follow-up to #602) by @Kuonirad in #603
• fix(arcagi3): resolve available_actions via value->member scan by @Kuonirad in #604
• chore(arcagi3): log resolved Grok model and parse-fail fallbacks by @Kuonirad in #605
• fix(arcagi3): snap-to-allowed retry + clearer mapping-grok parse logs by @Kuonirad in #606
• fix(arcagi3): soften system prompt to dodge Grok-4 safety filter by @Kuonirad in #607
• fix(arcagi3): swap default Grok model to fast variant, flush partial result on cancellation by @Kuonirad in #608
• ci(arcagi3-run): wire grok_model input + preserve partial result on cancel by @Kuonirad in #609
• feat(arcagi3): per-step INFO log and stuck-detector for action loops by @Kuonirad in #610
• chore(ci): bump the actions group with 2 updates by @dependabot[bot] in #611
• chore(ci): bump actions/setup-python from 5.6.0 to 6.2.0 by @dependabot[bot] in #612
• chore(deps): bump the development group with 2 updates by @dependabot[bot] in #614
• chore(ci): bump actions/setup-node from 4.4.0 to 6.4.0 by @dependabot[bot] in #615
• chore(ci): bump softprops/action-gh-release from 2.6.2 to 3.0.0 by @dependabot[bot] in #616
• ci(release-drafter): bump to v7.2.1 + drop redundant pull_request trigger by @Kuonirad in #617
• feat(arcagi3): inject last-N action history into Grok prompt by @Kuonirad in #618
• benchmark: v2.0 schema — quality + latency, 20 new tasks, playbook, comparative study by @Kuonirad in #619
• Add regulated provenance adapter (FHIR & ISO20022 mappings) by @Kuonirad in #621
• Initial etch: Grok + WebGPU integration spec by @Kuonirad in #622
• Fix npm PostCSS audit advisory by @Kuonirad in #623
• Eudaimonic Bloom v2.3.0 — UniversalEncoder, ResonantRecentQuery, SelfHealingDimension, and EudaimonicEtch by @Kuonirad in #624
• Introduce Positive-Building features: UniversalEncoder, portable SHA-256, growth ledger, eudaimonic etch, and tests by @Kuonirad in #625
• Add portable SHA-256 + NovaNeoWeb, PositiveResonance growth ledger, Eudaimonic etches, low-memory mode, and supporting tests/docs by @Kuonirad in #626
• Default ARC runs to Grok 4.3 and enable low-memory MCOP profile by @Kuonirad in #627
• Improve ARC-AGI-3 run observability and budget by @Kuonirad in #628
• Grok: inject Merkle-stigmergy history into completions by @Kuonirad in #629
• Add NOVA-EVOLVE meta tuner by @Kuonirad in #630
• Promote mapping_grok profile; Grok adapter: model mappings, retries & pipeline hooks; add ARC‑EVO benchmark by @Kuonirad in #631
• Add CUDA accelerator provenance layer by @Kuonirad in #632
• Add accelerator abstraction with CUDA provider, CPU fallback, and provenance integra...

Release @kullailabs/mcop-core v2.3.1 (Apache-2.0)

Re-anchors the license on npm: publishes @kullailabs/mcop-core 2.3.1 under Apache-2.0 (previous npm latest was 0.2.1 / BUSL-1.1).

Published via publish-npm.yml using npm Trusted Publishing (OIDC, no token) with automatic Sigstore provenance. CycloneDX SBOMs attached as release assets.

Ref: PR #778 (merge 2597a58).

MCOP Framework v2.2.1 — SBOM Re-Anchor

v2.2.1 — SBOM Re-Anchor Patch (operational, no code changes)

This is an operational patch only. There are no functional changes from v2.2.0. v2.2.1 exists solely to re-anchor the v2.2.0 release on a fresh GitHub Release page that has the CycloneDX SBOMs attached as downloadable assets.

What's attached

• mcop-framework.cdx.json — CycloneDX 1.7 SBOM for the framework workspace, generated by pnpm sbom. Validated against the official CycloneDX JSON schema via pnpm sbom:validate.
• mcop-core.cdx.json — CycloneDX 1.7 SBOM for @kullailabs/mcop-core. Validated against the official CycloneDX JSON schema.

Both SBOMs describe the v2.2.0 codebase (the v2.2.0 → v2.2.1 commit diff is a CHANGELOG entry plus this release-notes document only — zero source/dependency changes).

Why this release exists

During the v2.2.0 release sequence, the post-publish step that attaches CycloneDX SBOMs to the GitHub Release page failed because GitHub's repo-wide Immutable Releases setting locks releases at publish time, blocking post-publish asset uploads.

We refactored publish-pypi.yml (#559) to a draft-then-publish flow so future releases attach SBOMs at creation time, before the immutability lock takes effect.

To recover the existing v2.2.0 Release, we deleted it and tried to re-create it with SBOMs attached. GitHub's API rejected the re-creation:

422 Validation Failed
{"resource": "Release", "code": "custom", "field": "tag_name",
 "message": "tag_name was used by an immutable release"}

This block is permanent — once a tag has been used by an immutable release, no future release object can ever re-bind to that tag, even after the original release is deleted. v2.2.1 is the resulting workaround: a fresh tag bound to a no-op CHANGELOG-only commit, with both SBOMs attached at Release creation time using the new draft → publish flow.

What's not in this release

• No code changes. No registry version bumps.
• @kullailabs/mcop-core@0.2.0 (npm — pending Trusted Publisher fix) and mcop@3.2.0 (PyPI — live at https://pypi.org/project/mcop/3.2.0/) remain the canonical 2026-04-30 framework deliverables.
• No re-publishing of any artefact to npm or PyPI.

Canonical references

• v2.2.0 release notes: docs/releases/v2.2.0.md
• v2.2.1 release notes: docs/releases/v2.2.1.md
• CHANGELOG: CHANGELOG.md
• PyPI: https://pypi.org/project/mcop/3.2.0/
• Refactored publish workflow: .github/workflows/publish-pypi.yml

@kullailabs/mcop-core v0.2.0

@kullailabs/mcop-core v0.2.0

Library release that ships alongside MCOP Framework v2.2.1 (the canonical SBOM-anchor release for the v2.2.0 cycle).

• npm: https://www.npmjs.com/package/@kullailabs/mcop-core/v/0.2.0
• Framework SBOM-anchor release notes: v2.2.1
• Original feature notes: v2.2.0 (in-repo; the GitHub Release page for v2.2.0 was deleted during the SBOM-attachment recovery and the tag is permanently locked by Immutable Releases).

Provenance & SBOMs

The 0.2.0 artefact on the npm registry was published manually from a maintainer environment to unblock the v2.2.0 release cycle while the workflow's Node-version skew was being diagnosed (see PR #567). As a result, 0.2.0 does not carry a Sigstore provenance attestation and SBOMs are not attached to this Release.

For canonical CycloneDX 1.7 SBOMs covering the same source tree, see the v2.2.1 Release:

• mcop-core.cdx.json (this package, 6 components)
• mcop-framework.cdx.json (full framework, 1,122 components)

Future releases (0.2.1+, 0.3.0, etc.) will publish via npm Trusted Publishing (OIDC) with automatic Sigstore provenance and SBOMs attached at the publish step — the publish workflow has been corrected on main.

Python mcop v3.1.2

Publishes mcop 3.1.2 with PyPI-visible BUSL license metadata while retaining bundled BUSL/NOTICE/legacy MIT files.

Python mcop v3.1.1

Publishes mcop 3.1.1 with BUSL-1.1 package metadata and bundled license transition files.

@kullailabs/mcop-core v0.1.1

What's Changed

• chore(license): remove stale generated MIT metadata by @Kuonirad in #499
• integrate: land unblocked PR 493 and 494 by @Kuonirad in #500
• fix(ci): skip container publish for Python release tags by @Kuonirad in #501
• fix(ci): gate container releases to Docker tags by @Kuonirad in #502
• feat(planning): MCTS+MAB planner with logically-learned rollouts by @Kuonirad in #503
• feat(seo,a11y): dynamic sitemap, AI-crawler direct-answer block, top-level Person JSON-LD by @Kuonirad in #504
• docs(contributing): document the production-environment merge gate by @Kuonirad in #505
• feat(adapters): opt-in plannedSequence pass-through for MCTS+MAB planner by @Kuonirad in #506
• chore(release): bump @kullailabs/mcop-core to 0.1.1 by @Kuonirad in #507

Full Changelog: py-v3.1.2...npm-v0.1.1

mcop (Python) v3.1.0

What's Changed

• fix(ci): correct syntax error in publish.yml by @Kuonirad in #39
• 🎨 Palette: Enhance footer links & fix duplication by @google-labs-jules[bot] in #40
• ⚡ Bolt: Optimize NovaNeoEncoder logging overhead by @google-labs-jules[bot] in #41
• 🛡️ Sentinel: [MEDIUM] Add Content Security Policy headers by @google-labs-jules[bot] in #42
• 🎨 Palette: Accessibility Improvements (Skip Link & Footer Fix) by @google-labs-jules[bot] in #43
• ⚡ Bolt: Optimize Pino logging payload evaluation by @google-labs-jules[bot] in #44
• ⚡ Bolt: Optimize NovaNeoEncoder vector generation (~30% faster) by @google-labs-jules[bot] in #45
• 🎨 Palette: Enhance "Read our docs" button UX by @google-labs-jules[bot] in #46
• 🛡️ Sentinel: [MEDIUM] Add overwrite protection to CLI by @google-labs-jules[bot] in #47
• 🛡️ Sentinel: [CRITICAL] Fix accidental file overwrite in M-COP CLI by @google-labs-jules[bot] in #54
• ⚡ Bolt: Optimize StigmergyV5 resonance calculation by @google-labs-jules[bot] in #55
• 🎨 Palette: Fix Dark Mode Icons & Button Sizing by @google-labs-jules[bot] in #56
• ⚡ Bolt: Optimize StigmergyV5 resonance calculation by @google-labs-jules[bot] in #57
• 🎨 Palette: Fluid sizing & icons for docs button by @google-labs-jules[bot] in #58
• Sentinel: Prevent accidental file overwrite in CLI by @google-labs-jules[bot] in #59
• ⚡ Bolt: Optimize StigmergyV5 Resonance Loop by @google-labs-jules[bot] in #60
• 🎨 Palette: Improve dark mode icons and button sizing by @google-labs-jules[bot] in #61
• 🛡️ Sentinel: [CRITICAL] Fix container availability/health check by @google-labs-jules[bot] in #62
• ⚡ Bolt: Optimize StigmergyV5 resonance queries by @google-labs-jules[bot] in #63
• 🎨 Palette: Enhance "Read our docs" button and fix dark mode icons by @google-labs-jules[bot] in #64
• 🛡️ Sentinel: [MEDIUM] Fix weak randomness in StigmergyV5 IDs by @google-labs-jules[bot] in #65
• ⚡ Bolt: Optimize Stigmergy resonance search by @google-labs-jules[bot] in #66
• 🛡️ Sentinel: Supply Chain Hardening & Health Check Fix by @google-labs-jules[bot] in #67
• feat(ui): use fluid width for docs button by @google-labs-jules[bot] in #68
• chore(ci): bump github/codeql-action from 3 to 4 by @dependabot[bot] in #49
• chore(ci): bump actions/upload-artifact from 4 to 6 by @dependabot[bot] in #48
• chore(ci): bump actions/setup-node from 4 to 6 by @dependabot[bot] in #50
• chore(ci): bump actions/checkout from 4 to 6 by @dependabot[bot] in #51
• chore(deps): bump next from 16.0.10 to 16.1.0 by @dependabot[bot] in #53
• chore(deps): bump the development group across 1 directory with 2 updates by @dependabot[bot] in #69
• Add package-lock.json from dependency audit by @Kuonirad in #81
• Optimize dependencies and fix syntax errors by @Kuonirad in #82
• Eliminate deprecated dependencies using npm overrides by @Kuonirad in #83
• Revert "Eliminate deprecated dependencies using npm overrides" by @Kuonirad in #84
• Claude/audit dependencies mjuj3ylir4ss32hx yu wau by @Kuonirad in #85
• 🧬 [META-TRACE] Implement self-referential eco-fitness monitoring by @Kuonirad in #86
• 🛡️ Sentinel: Add redact array to Pino logger by @Kuonirad in #407
• 🎨 Palette: Add aria-hidden to decorative Vercel icon by @Kuonirad in #406
• ⚡ Bolt: Replace array.reduce with for-loop in estimateEntropy by @Kuonirad in #405
• 🛡️ Sentinel: [CRITICAL] Fix exposed sensitive data in logs by @Kuonirad in #404
• feat: create eco:audit script by @Kuonirad in #409
• 🛠️ Core: Comprehensive bug fixes and security hardening by @Kuonirad in #408
• chore: remove unused private cosine method in StigmergyV5 by @Kuonirad in #410
• 🛡️ Sentinel: Use cryptographically strong UUIDs for trace identifiers by @Kuonirad in #411
• Mcop/fix everything 8800449773351643107 by @Kuonirad in #412
• Fix GitHub Actions CI workflow to use pnpm by @Kuonirad in #413
• Fix eco-fitness script math utility error by @Kuonirad in #414
• Fix remaining complexity hotspots and warnings by @Kuonirad in #415
• 🎨 Palette: Replace alt text with empty string for File, Window, and Globe icons in src/app/page.tsx by @Kuonirad in #416
• 🧪 [testing improvement] Add test suite for logger.ts by @Kuonirad in #426
• ci: dynamically fix package.json syntax error before pnpm setup by @Kuonirad in #427
• ⚡ Bolt: Optimize estimateEntropy variance calculation by @Kuonirad in #337
• ⚡ Bolt: Optimize estimateEntropy by replacing reduce() and Math.pow() by @Kuonirad in #348
• ⚡ Bolt: [Performance] Optimize estimateEntropy loops by @Kuonirad in #363
• ⚡ Bolt: Optimize estimateEntropy with native loops by @Kuonirad in #368
• ⚡ Bolt: Replace reduce and Math.pow with native for loops in estimateEntropy by @Kuonirad in #389
• ⚡ Bolt: Replace reduce and Math.pow with for loops in estimateEntropy by @Kuonirad in #398
• ⚡ Bolt: Optimize NovaNeoEncoder entropy estimation by @Kuonirad in #399
• chore(health): overhaul repo-health posture — target score 54→100 by @Kuonirad in #430
• chore(repo-health): add finalize_github.sh to lift score 54→100 by @Kuonirad in #432
• chore(repo-health): replace Bluesky with X.com in social-push reminder by @Kuonirad in #433
• fix(repo-health): full audit — repair broken config, CI, and scripts by @Kuonirad in #434
• chore(deps): resolve 100% of Dependabot security alerts by @Kuonirad in #435
• ci(codeql): fix configuration status — switch to build-mode none + explicit category by @Kuonirad in #436
• ⚡ Bolt: Optimize estimateEntropy to single-pass calculation by @Kuonirad in #437
• 🎨 Palette: Add focus management for skip-to-content link by @Kuonirad in #438
• ⚡ Bolt: Optimize similarity computation in MycelialChainBuilder by @Kuonirad in #440
• 🎨 Palette: Add semantic navigation landmarks and tooltips to Home page by @Kuonirad in #441
• chore(ci,security): SHA-pin all actions, gate CI, widen d...

mcop-core v0.1.0

What's Changed

• fix(ci): correct syntax error in publish.yml by @Kuonirad in #39
• 🎨 Palette: Enhance footer links & fix duplication by @google-labs-jules[bot] in #40
• ⚡ Bolt: Optimize NovaNeoEncoder logging overhead by @google-labs-jules[bot] in #41
• 🛡️ Sentinel: [MEDIUM] Add Content Security Policy headers by @google-labs-jules[bot] in #42
• 🎨 Palette: Accessibility Improvements (Skip Link & Footer Fix) by @google-labs-jules[bot] in #43
• ⚡ Bolt: Optimize Pino logging payload evaluation by @google-labs-jules[bot] in #44
• ⚡ Bolt: Optimize NovaNeoEncoder vector generation (~30% faster) by @google-labs-jules[bot] in #45
• 🎨 Palette: Enhance "Read our docs" button UX by @google-labs-jules[bot] in #46
• 🛡️ Sentinel: [MEDIUM] Add overwrite protection to CLI by @google-labs-jules[bot] in #47
• 🛡️ Sentinel: [CRITICAL] Fix accidental file overwrite in M-COP CLI by @google-labs-jules[bot] in #54
• ⚡ Bolt: Optimize StigmergyV5 resonance calculation by @google-labs-jules[bot] in #55
• 🎨 Palette: Fix Dark Mode Icons & Button Sizing by @google-labs-jules[bot] in #56
• ⚡ Bolt: Optimize StigmergyV5 resonance calculation by @google-labs-jules[bot] in #57
• 🎨 Palette: Fluid sizing & icons for docs button by @google-labs-jules[bot] in #58
• Sentinel: Prevent accidental file overwrite in CLI by @google-labs-jules[bot] in #59
• ⚡ Bolt: Optimize StigmergyV5 Resonance Loop by @google-labs-jules[bot] in #60
• 🎨 Palette: Improve dark mode icons and button sizing by @google-labs-jules[bot] in #61
• 🛡️ Sentinel: [CRITICAL] Fix container availability/health check by @google-labs-jules[bot] in #62
• ⚡ Bolt: Optimize StigmergyV5 resonance queries by @google-labs-jules[bot] in #63
• 🎨 Palette: Enhance "Read our docs" button and fix dark mode icons by @google-labs-jules[bot] in #64
• 🛡️ Sentinel: [MEDIUM] Fix weak randomness in StigmergyV5 IDs by @google-labs-jules[bot] in #65
• ⚡ Bolt: Optimize Stigmergy resonance search by @google-labs-jules[bot] in #66
• 🛡️ Sentinel: Supply Chain Hardening & Health Check Fix by @google-labs-jules[bot] in #67
• feat(ui): use fluid width for docs button by @google-labs-jules[bot] in #68
• chore(ci): bump github/codeql-action from 3 to 4 by @dependabot[bot] in #49
• chore(ci): bump actions/upload-artifact from 4 to 6 by @dependabot[bot] in #48
• chore(ci): bump actions/setup-node from 4 to 6 by @dependabot[bot] in #50
• chore(ci): bump actions/checkout from 4 to 6 by @dependabot[bot] in #51
• chore(deps): bump next from 16.0.10 to 16.1.0 by @dependabot[bot] in #53
• chore(deps): bump the development group across 1 directory with 2 updates by @dependabot[bot] in #69
• Add package-lock.json from dependency audit by @Kuonirad in #81
• Optimize dependencies and fix syntax errors by @Kuonirad in #82
• Eliminate deprecated dependencies using npm overrides by @Kuonirad in #83
• Revert "Eliminate deprecated dependencies using npm overrides" by @Kuonirad in #84
• Claude/audit dependencies mjuj3ylir4ss32hx yu wau by @Kuonirad in #85
• 🧬 [META-TRACE] Implement self-referential eco-fitness monitoring by @Kuonirad in #86
• 🛡️ Sentinel: Add redact array to Pino logger by @Kuonirad in #407
• 🎨 Palette: Add aria-hidden to decorative Vercel icon by @Kuonirad in #406
• ⚡ Bolt: Replace array.reduce with for-loop in estimateEntropy by @Kuonirad in #405
• 🛡️ Sentinel: [CRITICAL] Fix exposed sensitive data in logs by @Kuonirad in #404
• feat: create eco:audit script by @Kuonirad in #409
• 🛠️ Core: Comprehensive bug fixes and security hardening by @Kuonirad in #408
• chore: remove unused private cosine method in StigmergyV5 by @Kuonirad in #410
• 🛡️ Sentinel: Use cryptographically strong UUIDs for trace identifiers by @Kuonirad in #411
• Mcop/fix everything 8800449773351643107 by @Kuonirad in #412
• Fix GitHub Actions CI workflow to use pnpm by @Kuonirad in #413
• Fix eco-fitness script math utility error by @Kuonirad in #414
• Fix remaining complexity hotspots and warnings by @Kuonirad in #415
• 🎨 Palette: Replace alt text with empty string for File, Window, and Globe icons in src/app/page.tsx by @Kuonirad in #416
• 🧪 [testing improvement] Add test suite for logger.ts by @Kuonirad in #426
• ci: dynamically fix package.json syntax error before pnpm setup by @Kuonirad in #427
• ⚡ Bolt: Optimize estimateEntropy variance calculation by @Kuonirad in #337
• ⚡ Bolt: Optimize estimateEntropy by replacing reduce() and Math.pow() by @Kuonirad in #348
• ⚡ Bolt: [Performance] Optimize estimateEntropy loops by @Kuonirad in #363
• ⚡ Bolt: Optimize estimateEntropy with native loops by @Kuonirad in #368
• ⚡ Bolt: Replace reduce and Math.pow with native for loops in estimateEntropy by @Kuonirad in #389
• ⚡ Bolt: Replace reduce and Math.pow with for loops in estimateEntropy by @Kuonirad in #398
• ⚡ Bolt: Optimize NovaNeoEncoder entropy estimation by @Kuonirad in #399
• chore(health): overhaul repo-health posture — target score 54→100 by @Kuonirad in #430
• chore(repo-health): add finalize_github.sh to lift score 54→100 by @Kuonirad in #432
• chore(repo-health): replace Bluesky with X.com in social-push reminder by @Kuonirad in #433
• fix(repo-health): full audit — repair broken config, CI, and scripts by @Kuonirad in #434
• chore(deps): resolve 100% of Dependabot security alerts by @Kuonirad in #435
• ci(codeql): fix configuration status — switch to build-mode none + explicit category by @Kuonirad in #436
• ⚡ Bolt: Optimize estimateEntropy to single-pass calculation by @Kuonirad in #437
• 🎨 Palette: Add focus management for skip-to-content link by @Kuonirad in #438
• ⚡ Bolt: Optimize similarity computation in MycelialChainBuilder by @Kuonirad in #440
• 🎨 Palette: Add semantic navigation landmarks and tooltips to Home page by @Kuonirad in #441
• chore(ci,security): SHA-pin all actions, gate CI, widen d...

MCOP Framework 2.0 – Initial Production Release

MCOP Framework 2.0 – Initial Production Release (v2.0.0)

This marks the first stable, production-ready release of the Meta-Cognitive Optimization Protocol (MCOP) Framework 2.0, a deterministic recursive system for auditable AI orchestration and dynamic performance optimization.

Built around three interconnected meta-cognitive kernels—NOVA-NEO Encoder (provenance-preserving tensor hashing), Stigmergy v5 Resonance (cosine-based pheromone tracing with Merkle proofs), and Holographic Etch Engine (rank-1 confidence accumulation)—the framework enables reproducible dialectical synthesis loops with full tamper-evident lineage.

Ideal for research prototyping, decision support tools, and safety-critical applications requiring explainable self-optimization.

Highlights

• Production-Grade CI/CD: Modernized workflows with local composite actions for DRY setup, concurrency controls, matrix testing, and caching. Integrated GitHub CodeQL for multi-language (JavaScript/TypeScript + Python) static analysis.
• Enhanced Observability: Added Pino structured JSON logging with provenance hash correlation for auditing meta-cognitive cycles.
• Security Hardening: Resolved CodeQL alerts (e.g., sensitive logging), implemented custom trojan-source and malicious-module guards, pinned Docker base images, and achieved compliance with updated SECURITY.md, CODE_OF_CONDUCT.md, and CHANGELOG.md.
• Core Architecture Completion: Fully bootstrapped triad kernels with seed implementations, standalone M-COP v3.1 package deployment, and Next.js UI enhancements.
• Deployment Readiness: Docker Compose support for easy orchestration; GHCR publishing workflow prepared (with environment gating for approvals).

What's New (Key Changes)

• Comprehensive CI modernization and composite action refactoring
• Pino observability integration for structured logs
• CodeQL security scanning and alert resolutions
• Documentation gold compliance (CoC, Changelog, Security)
• Deterministic kernel implementations and provenance enhancements
• Dependency updates and configuration hardening

Deployment

• Run locally: docker compose up -d after configuring .env.
• Container images: Automatically published to GHCR on approved releases (requires "production" environment approval).

Thank you for interest in deterministic meta-cognition! Feedback welcome via Issues or Discussions.

MIT License – permissive for research and commercial use.