Skip to content

Perseus v1.0.15 — forensic context accounting, @speculate, @profile, @bandit

Choose a tag to compare

@tcconnally tcconnally released this 02 Jul 12:44
071f5de

Waves 4–5: forensic context accounting, speculative prefetch, per-model memory profiles, adaptive directive selection — plus every finding from the independent adversarial reviews of those features, fixed in the same release. 30 MCP tools.

⚠️ Breaking: @query shell execution now enforces the PERSEUS_ALLOW_DANGEROUS env gate in addition to render.allow_query_shell (#616). This was always the documented posture; config-only setups must export PERSEUS_ALLOW_DANGEROUS=1 to restore @query execution.

✨ Enhancements

  • perseus prompt-size / @budget --forensic (#606) — byte-exact per-directive attribution of the rendered prompt, tokenizer-accurate counts (tiktoken when available), --since <ref> historical diffing, and @budget thresholds enforced against the measured render. Exposed read-only as the perseus_budget MCP tool.
  • @speculate (#607) — speculative context prefetch via next-intent prediction. Default off; reuses the reactive prefetch path so trust gates apply identically, and speculation failures can never break the primary render.
  • Recall-first memory posture + @profile per-model context profiles (#553, #608) — memory posture defaults to on_demand (byte-stable pointer block instead of always-injected dumps); @profile selects posture/limits by model (read-only perseus_profile MCP tool); AGENTS.md renders dedup memory sections with relevance gating.
  • @bandit (#605) — adaptive, outcome-driven directive selection: scores directives by observed outcome feedback and adapts which ones render over time.
  • Observability metadata block (#511) — opt-in <!-- perseus:meta ... --> render header (version, context hash, span id) for tracers like Langfuse/LangSmith. (1.0.14, first tagged release to include it)
  • Quoted + named macro arguments — directive macros accept quoted multi-word args and key="value" named args, backward compatibly. (1.0.14)

🐛 Fixes

  • @tier:N no longer leaks into directive resolver args, modifier parsing, cache keys, or (for unquoted commands) the executed command itself; quote-aware @tier:N parsing (#631).
  • @bandit hardening from independent review: abort-safe context, capped arms ledger with eviction, guarded config parsing, pre-scan/decision coherence with prefetch cost charging (#622#625).
  • @profile scan is fence-aware and column-0 anchored; multiple @profile lines get visible first-wins banners; memory dedup matches only exact Perseus-generated headers (#627).
  • @budget declarations inside @include'd files surface as a not-enforced warning, cache-independently; static.tokens clamped and flagged (#626).
  • @memory mode=search no longer silently drops vault hits or misreports why — distinct "vault unreachable" vs "no matches" reporting (#539). (1.0.14)
  • Wave-3 merge-review follow-ups: compare_digest on bytes, do_POST host guard, @services no-redirect, env-fingerprint scoping, prefetch cache key, identity file permissions (#609#614).

Includes the previously untagged 1.0.14 changes — v1.0.13 was the last tagged release. Full details in CHANGELOG.md.

Install: pip install -U perseus-ctx