Lattice AI v4.3.1

Lattice AI v4.3.1 — End-User Audit Repair RC

Status: release candidate repair build. This build does not tag, create a
GitHub Release, publish packages, or deploy.

v4.3.1 fixes the P0/P1 blockers found during the independent v4.3.0 end-user
audit while preserving the v4.3 architecture and user data compatibility.

Fixes

• Desktop startup now resolves the FastAPI sidecar from the installed LTCAI
  command, an importable ltcai_cli module, or bundled resources, records
  sidecar errors, and exposes status/shutdown through Tauri.
• The npm package now includes the runtime requirements file used by the clean
  install bootstrap and fails honestly if dependency installation cannot run.
• Model Load no longer installs runtimes or downloads model files by default;
  missing local models and runtimes return explicit unavailable states.
• Agent execution no longer records deterministic simulation output as a real
  success when no LLM-backed model is loaded.
• The workflow screen exposes real create, import, export, and run paths backed
  by the existing workflow API.
• The desktop shell version label now comes from runtime health instead of a
  stale hard-coded RC string.
• CLI host/port flags now flow into runtime configuration, /mode, health, and
  SSO defaults.
• Postgres status and packaging are explicit; the npm runtime installs psycopg,
  while Postgres mode remains opt-in.
• sqlite-vec capability reports now distinguish sqlite-vec ANN from the real
  brute-force cosine fallback.
• .latticebrain documentation now says workspace export bundles are included
  only when present, matching archive manifests.

Expected Artifacts

• dist/ltcai-4.3.1-py3-none-any.whl
• dist/ltcai-4.3.1.tar.gz
• ltcai-4.3.1.tgz
• dist/ltcai-4.3.1.vsix
• src-tauri/target/release/bundle/dmg/Lattice AI_4.3.1_aarch64.dmg

Validation Summary

• Python compile check, ruff, unit tests, live integration tests, frontend lint,
  TypeScript/VS Code extension build, Playwright visual tests, and Tauri cargo
  check passed.
• Release artifact validation, wheel smoke test, npm pack --dry-run, and a
  clean npm install plus npx ltcai doctor passed.
• End-user replay evidence is stored under
  output/audits/v4.3.1-fixes/, including the final DMG screenshot
  screenshots/10-dmg-desktop-app-rendered-final.png.
• Runtime replay confirmed: missing model load returns 409 without opening
  outbound sockets, agent execution refuses simulation as product success,
  workflows can be created and run through real APIs, Postgres is opt-in and
  unavailable without a DSN, sqlite-vec ANN absence is labeled as a real
  brute-force cosine fallback, and .latticebrain manifests report
  signed_bundles: false when no signed bundles are present.

Registry Policy

No external registries are published for this repair RC. PyPI, npm Registry,
VS Code Marketplace, Open VSX, and other external registries remain
unpublished.

Lattice AI v4.3.0

Lattice AI v4.3.0 — Portability & Product Hardening

Status: release candidate. This release candidate builds from main after
v4.2.0. It does not tag, create a GitHub Release, publish packages, or deploy.

v4.3.0 hardens the v4.2 Digital Brain architecture into a safer portable
desktop product while preserving Brain Core, storage, frontend, agent/workflow,
API, and user-data compatibility.

Highlights

• .latticebrain archives are now the primary portable brain format, with
  encrypted DB, blobs, workspace state, settings, signed bundles, storage
  metadata, provenance, and public device identity metadata.
• Archive inspect, verify, import, restore, and restore dry-run are exposed
  through real FastAPI routes and the System settings view.
• Destructive archive restore/import requires explicit admin confirmation.
• SQLite-to-Postgres live migration creates and verifies a pre-migration backup
  before copying data.
• Tauri sidecar startup, status, restart, shutdown, and local-only environment
  guards are hardened.
• Product-hardening admin status reports storage mode, backup health, device
  identity, import/export permissions, and external integration opt-in state.
• External integrations remain opt-in; token presence alone does not enable
  Telegram, connectors, model downloads, Docker, update checks, or peer sync.
• Release validation now includes exact-version wheel, sdist, npm tgz, VSIX,
  and Tauri DMG artifacts.

Expected Artifacts

• dist/ltcai-4.3.0-py3-none-any.whl
• dist/ltcai-4.3.0.tar.gz
• ltcai-4.3.0.tgz
• dist/ltcai-4.3.0.vsix
• src-tauri/target/release/bundle/dmg/Lattice AI_4.3.0_aarch64.dmg

Registry Policy

No external registries are published for this RC. PyPI, npm Registry, VS Code
Marketplace, Open VSX, and other external registries remain unpublished unless
the owner explicitly requests that after validation.

Lattice AI v4.2.0

Lattice AI v4.2.0 — Brain Core & Storage Rebuild

Status: release. This release builds from main after v4.1.0. It creates a
GitHub Release with validated artifacts only; it does not publish packages or
deploy to any external registry.

v4.2.0 extracts the backend Digital Brain boundary into the independent
lattice_brain Python package and introduces a pluggable storage layer while
preserving v4.1.0 APIs, data, frontend behavior, and local-first defaults.

Included

• lattice_brain Brain Core import package.
• BrainCore runtime facade used by FastAPI.
• StorageEngine ABC.
• SQLiteEngine default storage engine.
• Honest sqlite-vec capability detection with brute-force cosine fallback.
• PostgresEngine opt-in pgvector scale target.
• Explicit-consent Docker Postgres setup wizard.
• SQLite to Postgres migration planner/runner.
• Live Docker-backed pgvector migration validation, including rowid-less FTS5
  shadow tables and idempotent reruns.
• Encrypted .latticebrain archive create/restore support.
• API-backed System storage status, Docker setup, and migration-plan controls.
• Generated OpenAPI client updated to 313 paths.

Preserved

• Existing FastAPI API contracts.
• Existing v4.1.0 SQLite user data.
• Knowledge Graph, memory, context, ingestion, agent runtime, workflow runtime,
  skills/hooks/plugins, portability, signed bundles, and Brain Network behavior.
• React/Vite/Tauri frontend and desktop architecture.
• SQLite as the default local-first storage engine.

Safety Rules

• Postgres is never required.
• Docker never auto-starts without explicit user consent.
• Explicit Postgres selection fails honestly if DSN or dependencies are missing.
• No startup migration rewrites or deletes user data.
• No external package registry publish step is part of this release.

Expected Artifacts

• dist/ltcai-4.2.0-py3-none-any.whl
• dist/ltcai-4.2.0.tar.gz
• dist/ltcai-4.2.0.vsix
• ltcai-4.2.0.tgz

Validation Scope

• Python compile check.
• Ruff.
• Unit tests.
• Live integration tests.
• Live Docker/Postgres pgvector migration test.
• Migration idempotence and dry-run tests.
• SQLite backup/restore and encrypted archive tests.
• Vector search tests.
• Storage fallback tests.
• Frontend lint.
• TypeScript build.
• Tauri cargo check.
• Release artifact validation.
• Wheel smoke test.
• npm pack dry-run.

External Registries

No PyPI, npm Registry, VS Code Marketplace, Open VSX, or other external
registry publish step is part of this release.

Lattice AI v4.1.0 RC

Lattice AI v4.1.0 RC — Frontend & Desktop Rebuild

Status: release candidate. This release builds and validates artifacts from
main @ v4.0.1 plus the frontend/desktop rebuild work. It does not publish to
PyPI, npm Registry, VS Code Marketplace, Open VSX, or production deployment
targets.

v4.1.0 replaces the frontend implementation with the Digital Brain desktop
architecture while preserving v4.0.1 capabilities and backend API contracts.

Included

• React + TypeScript + Vite SPA for /app.
• TanStack Query, Zustand, React Flow, Cytoscape.js, Tailwind CSS, and local
  shadcn-style UI primitives.
• Generated OpenAPI TypeScript client from the existing FastAPI application.
• Tauri 2.0 primary desktop shell that launches the local backend.
• Electron fallback shell retained only as a fallback desktop runner.
• Primary navigation: Brain, Ask, Capture, Act, Library, System.
• Legacy static v3 frontend assets removed after capability migration.
• static/app Vite assets packaged for offline/local-first operation.

Preserved

• Existing FastAPI backend as the source of truth.
• Brain Core, storage architecture, Knowledge Graph data, and user data
  compatibility.
• Durable agent/workflow runtime behavior, approvals, triggers, tools, MCP,
  models, workspaces, snapshots, activity, network, and admin/security surfaces.
• Local-first, privacy-first, and offline-capable operation.

Expected Artifacts

• dist/ltcai-4.1.0-py3-none-any.whl
• dist/ltcai-4.1.0.tar.gz
• dist/ltcai-4.1.0.vsix
• ltcai-4.1.0.tgz

Validation Scope

• Python compile check.
• Ruff.
• Unit tests.
• Live integration tests.
• Frontend lint.
• TypeScript build.
• Playwright visual tests.
• Generated OpenAPI client verification.
• Desktop shell verification.
• No CDN dependency verification.
• Offline/static app startup verification.
• Release artifact validation.
• Wheel smoke test.
• npm pack dry-run.

External Registries

No PyPI, npm Registry, VS Code Marketplace, or Open VSX publish step is part of
this release candidate.

Lattice AI v4.0.1

Lattice AI v4.0.1 — Digital Brain Platform Maintenance

Status: GitHub Release only. This release builds and validates artifacts for
commits on main after tag v4.0.0; it does not publish to PyPI, npm, the VS
Code Marketplace, or Open VSX.

v4.0.1 is a maintenance release that closes the post-v4.0.0 implementation
delta on main without reusing the v4.0.0 version number.

Included since v4.0.0

• Durable async run executor for agent/workflow runs: persisted queued/running/
  final states, realtime SSE progress, cooperative cancellation, and startup
  reconciliation of orphaned active runs.
• Stable user UUID migration, policy-backed admin authorization, local
  invitation tokens, and SQLite-backed Workspace OS state with JSON
  compatibility mirroring.
• Complete /app SPA parity and legacy UI retirement: token-native account,
  profile, password, workspace/org administration, invitations, snapshots/time
  machine with merge-restore, activity/presence, run approvals/cancellation,
  workflow trigger configuration/status, Brain Network pairing/push, chat
  context trace, and Knowledge Graph provenance coverage.
• en/ko i18n runtime coverage for routes, shell text, and parity views, guarded
  by frontend lint.

Validated Artifacts

• dist/ltcai-4.0.1-py3-none-any.whl
• dist/ltcai-4.0.1.tar.gz
• dist/ltcai-4.0.1.vsix
• ltcai-4.0.1.tgz

The VSIX is the same validated package format used for VS Code-compatible and
Open VSX-compatible extension distribution. It is attached to the GitHub
Release only.

Validation

• Python compile check, ruff, unit tests, and live integration tests passed.
• Frontend lint, VS Code extension typecheck, and Playwright visual tests
  passed.
• Release artifact validation, installed-wheel smoke, and npm pack dry-run
  passed.

External Registries

No PyPI, npm Registry, VS Code Marketplace, or Open VSX publish step is part of
this release.

Lattice AI v4.0.0

Owner-accepted Telegram integration notice

• Telegram integration remains available in v4.0.0.
• Telegram may initiate external communication when configured, including polling Telegram APIs and mirroring configured chat messages.
• This behavior is a known deviation from the strict local-first/privacy-first model and is accepted by owner decision for v4.0.0.
• Future releases may revisit the default Telegram activation model.

---

Lattice AI v4.0.0 — Digital Brain Platform (Released)

v4.0.0 is a product transformation, not a feature release: the "Digital
Brain" identity v3.6.0 claimed becomes true in the implementation. The
release was driven by an 8-dimension evidence-based audit
(docs/v4-audit/), an adversarially-reviewed architecture
(docs/V4_BRAIN_ARCHITECTURE.md), and a normative implementation plan
(docs/V4_IMPLEMENTATION_PLAN.md).

The headline: nothing fake survives

• Workflows execute. Tool nodes run through the shared governed tool
  lifecycle; tools requiring approval pause the run (awaiting_approval)
  with a durable cursor and a real resume/deny decision — the pre-v4
  {recorded: true} theater is gone. Skill nodes refuse honestly instead of
  reporting fake success.
• The Multi-Agent Runtime is real when a model is loaded (mode: "llm"):
  planner/executor/reviewer call the model; unparseable model output fails
  the run with the raw output preserved — never silently replaced by
  fabricated artifacts. Without a model, runs are honestly labeled
  mode: "simulation" and never enter the brain as experience.
• Registered custom agents execute with their persisted config; in
  simulation mode they skip with an explicit reason.
• Fabricated UI numbers (hybrid-search fusion meters), fabricated recall
  scores, and the dead memory-recall graph branch are fixed; README claims
  now match the implementation.

One brain, no silos

• Unified ingestion 4/5 → every chat message, MCP message, upload, browser
  capture, and garden note enters through one pipeline with provenance and
  the hook lifecycle; GET /knowledge-graph/provenance/coverage reports
  coverage honestly (workspace events land with the T6 state rebuild).
• Conversations are durable: an unbounded SQLite store replaces the
  50-message chat_history.json cap; legacy history imports idempotently;
  backup/restore carries it automatically.
• The garden vault stops being a second brain: notes dual-write (vault
  markdown mirror for Obsidian + authoritative brain ingest); chat context
  queries the brain instead of rescanning the vault per message.
• Typed memory: Decision and Experience records as first-class graph
  nodes; agent learnings flow through the pipeline (no more markdown dumps
  with swallowed errors).
• Context System: chat context is assembled by a budgeted,
  provenance-carrying pipeline (workspace memories — injected at inference
  for the first time — + hybrid search + garden notes); the per-section
  trace persists with the answer ("why is this in my context?").

Brain data model

• FTS5 trigram keyword index (Korean substring recall preserved; honest LIKE
  fallback; capability reported).
• Canonical edge taxonomy enforced at the write door (no new Korean
  free-string types; synonyms dedupe; originals preserved); edges_v2
  identity rebuilt so canonical types can't collide.
• Workspace scope columns (workspace_id, visibility, owner_id) with
  legacy semantics for pre-v4 rows; search and graph reads filter by
  workspace membership (Personal/Org Brain becomes real at read time).
• Temporal dimension: every edge observation recorded (edge_occurrences);
  node revision chains (superseded_by).
• graph_curator goes live: POST /knowledge-graph/curate runs gated topic
  promotion with real importance_score values.

Sovereignty & Brain Network v1

• Per-installation Ed25519 device identity (file 0600 default; keyring
  opt-in); exports signed; tampered bundles refused; pre-v4 unsigned bundles
  import locally as origin='unsigned-legacy'.
• export(workspace_id=…) now really filters (the pre-v4 header lied).
• Peer exchange over LAN/tailnet HTTP: deliberate pairing by public key,
  signed + replay-protected requests, origin-device provenance on import.

Triggers & automation

• Workflows fire beyond manual: interval scheduling (missed firings recorded
  as skips, no catch-up storms) and brain-event triggers — "when new
  knowledge enters the brain, run this workflow".

Security

• By-id snapshot/memory endpoints authorize against the record's own
  workspace; the workspace registry no longer leaks member lists; chat
  context no longer absorbs other users' replies.
• Session tokens hashed at rest (transparent migration); real password
  policy; PKCE on SSO.

Platform & UX

• The published wheel is fixed (the root setup.py application module is
  now setup_wizard.py, packaged, with an installed-wheel smoke test in CI).
• create_app() factory — importing the server performs no side effects.
• ruff lint baseline (repo clean, CI gate); bounded dependencies;
  requirements.txt retired; npm tarball 24.8MB → 2.0MB; 15MB pptx removed
  from HEAD.
• Zero CDN calls: fonts/icons/libs vendored; service worker precaches the
  v3 bundle.
• The Knowledge Graph explorer is a real force-directed canvas (drag, zoom,
  pan, physics) and the landing surface; navigation is brain-first
  (Brain · Ask · Capture · Act · Library · System).

Remaining gaps (honest, labeled, contracted)

Tracked with full implementation contracts in
docs/V4_IMPLEMENTATION_PLAN.md + amendments and
docs/V4_DIGITAL_BRAIN_RECOVERY.md:

1. knowledge_graph.py decomposition into latticeai/brain/ + the v2
   write-mastering flip (T3d).
2. Durable async run engine: cancellation, SSE progress, startup
   reconciliation (T7c) — runs remain synchronous and say so.
3. Identity unification (user UUIDs, enforced policy module, invitations)
   and transactional workspace state (T6 remainder).
4. Legacy page deletion (requires parity views: org management, snapshots,
   activity, profile), token-native login, i18n, and the T9b surfaces
   (approval inbox, peer pairing UI, context-trace panel) — the new
   capabilities are API-complete and labeled API-only.
5. Git history rewrite for the removed pptx (owner decision; force-push).
6. Default production embedder (consent-gated wizard provisioning instead).

Lattice AI v3.6.0 — Knowledge Graph First

Lattice AI v3.6.0 — Knowledge Graph First

Lattice AI is not a model-personalization system. It is a Digital Brain
Platform. v3.5.0 stabilized the foundation; v3.6.0 makes the Knowledge Graph the
primary architecture. Models are replaceable. Knowledge is durable. Your
Knowledge Graph is the durable asset, and every data source now converges into it.

v3.5.0 carry-over audit

A full carry-over review (docs/CARRYOVER_AUDIT_v3.6.0.md) classified every open
v3.5.0 item as blocking / non-blocking / obsolete. Result: zero blocking
items. Settled postures were preserved — Vercel stays a landing/download/demo
surface (never the runtime), OIDC stays RSA-only, and the legacy /account and
/admin pages stay out of scope. The one honest v3.5.0 gap — KG ingestion not
firing tool hooks — is closed in this release.

Knowledge Graph First architecture

All user data sources flow through a single unified model:

source → extraction → normalization → metadata → chunking → entity detection →
relationship detection → embedding → Knowledge Graph → RAG / agents / memory / search

No new data source bypasses the Knowledge Graph; none creates an isolated silo.

What's new

Unified ingestion pipeline

• New latticeai/services/ingestion.py — one IngestionPipeline.ingest()
  entrypoint normalizes every source (file, folder, web URL, browser tab,
  text/markdown/note/code) into a single IngestionItem.
• Idempotent by content hash — re-ingesting the same content links/updates
  instead of duplicating.
• Routed through the shared dispatch_tool lifecycle so pre_tool/post_tool
  hooks fire on data ingestion (closing the v3.5.0 gap); a blocking pre_tool
  returns an honest status="blocked".
• Each item records source_type, source_uri, content hash, captured_at,
  modified_at, owner/workspace, permissions, graph node + chunk IDs, and
  embedding/indexing status.

Entity & relationship model

• Six new first-class entities: Source, Repository, Meeting,
  Organization, Workflow, Agent.
• Eight new relationships: indexed_from, modified_by, belongs_to_project,
  part_of, discussed_in, decided_by, generated_by, used_by_agent.
• Additive and lossless — from_legacy() normalizes the new aliases (incl. Korean
  verbs); unknown types still fall back to CONCEPT/MENTIONS. Schema kept
  extensible. Documented in docs/kg-schema.md.

Browser & web ingestion (as graph inputs, not standalone features)

• POST /api/browser/read-url — the local runtime fetches a public URL, extracts
  readable text, stores it as source_type=web_url. Fails gracefully (HTTP 422)
  on blocked / login-required / non-HTML pages.
• POST /api/browser/ingest-current-tab — accepts a sanitized, size-limited
  payload from the local browser extension as source_type=browser_tab.
• Manifest V3 Chrome/Edge extension scaffold under browser-extension/ — sends
  the current tab to the local runtime only (127.0.0.1). No external server, no
  cloud upload.

Export / import / backup / restore

• Logical export/import (versioned JSON: nodes/edges/chunks/sources/provenance +
  schema/projection/embed-dim header; merge/replace + dry-run; refuses newer
  schemas).
• Binary backup/restore (VACUUM INTO snapshot incl. vector embeddings + blob
  directory, sha256 integrity-checked).
• latticeai/services/kg_portability.py + /api/knowledge-graph/{export, export-file,import,backup,restore,portability,provenance}. Local-first — no
  cloud service required.

Provenance & auditability

• New ingestion_provenance table + record/get/list/provenance_stats methods —
  an append-only trail making every node explainable (origin, time, pipeline,
  embedded, linked, duplicate, agent-used).

Runtime / hook safety

• New ingestion, browser, and web paths respect the v3.5.0 lifecycle standard via
  dispatch_tool. docs/RUNTIME_HOOK_COVERAGE_v3.6.0.md records coverage with no
  regression from v3.5.0.

UI

• The Knowledge Graph view is recast as your digital brain with tabs: Explore
  (entity/relation mesh), Status (graph + ingestion health), Sources
  (provenance — where every node came from), Capture (read a URL into the
  graph), and Backup (export / import / backup).

Validation

• Unit tests: full suite green (tests/unit/), including new suites for the
  schema, ingestion pipeline, provenance, browser routes, portability, and v3.6.0
  hook coverage.
• npm run lint, npm run check:python, npm run build, and release-artifact
  validation pass; v3 frontend lint 64/64.

Not in scope (settled)

• Vercel remains landing/download/demo only — never the runtime.
• OIDC remains RSA-only unless intentionally expanded.
• Legacy /account and /admin pages remain outside the v3 SPA view set.

External publishing

None. No publish to npm, PyPI, VS Code Marketplace, Open VSX, Docker Hub, or
Vercel was performed by this release.

Lattice AI v3.5.0 — Foundation Stabilization & Verification

Lattice AI v3.5.0 — Foundation Stabilization & Verification

Release type: stabilization / verification. The last major hardening release
before the platform turns toward Knowledge-Graph-First (v3.6.0) and the Digital
Brain Platform (v4.0). It does not add product surface area — it closes
runtime hook bypasses, hardens authentication, splits the largest module, makes
the syntax gate self-maintaining, and removes the last translucent UI surfaces.

Every claim below is backed by automated tests and a live server boot. Nothing
here is "done because the code exists."

Local-first and Enterprise-disabled posture are unchanged.

---

1. Security hardening — OIDC + proxy trust

OIDC ID tokens are now verified, not just decoded. The SSO callback
previously base64-decoded the id_token payload and trusted its email claim
with no signature, issuer, audience, expiry, or nonce check — a forged token
could log in as anyone. v3.5.0 adds a self-contained verifier
(latticeai/core/oidc.py, RSA/JWKS, no new heavy dependency beyond
cryptography) that is fail-closed:

• RSA signature verified against the provider JWKS (RS256/384/512); alg:none
  and symmetric HS* tokens are rejected outright (the classic bypasses).
• iss, aud (+ azp when multi-audience), exp, iat/nbf validated with
  small clock leeway.
• A per-login nonce is issued at /auth/sso/login and required to match in
  the returned token; state is still enforced (CSRF).

Forwarded headers can no longer spoof the rate-limit key. client_ip
previously trusted X-Forwarded-For / CF-Connecting-IP unconditionally, so
anyone could rotate the header to reset per-IP login/registration limits.
v3.5.0 honours forwarded headers only when the direct peer is a configured
trusted proxy (LATTICEAI_TRUSTED_PROXIES, CIDRs allowed); otherwise the peer
address is used. Default is empty (local-first): forwarded headers are ignored.

Tests: tests/unit/test_oidc.py (15 cases — valid + every rejection path) and
tests/unit/test_proxy_trust.py (11 cases, including a rate-limit-bypass proof).

2. Runtime hook coverage — closing the bypasses

Real tool/agent executions that skipped the unified pre_tool → execute → post_tool lifecycle now run through dispatch_tool:

• HTTP /tools/read_file, /tools/edit_file, /tools/grep — these needed
  keyword args, so they bypassed _tool_response. _tool_response is now
  kwargs-aware and they route through it.
• /tools/clear_history — now wrapped (lifecycle + existing audit event).
• The computer-use agent loop (/cu/agent) — every step's execute_tool
  call, plus the Chrome shortcut and /cu/status · /cu/screenshot, now fire
  pre_tool/post_tool (a blocking pre_tool returns 403 / a tool_error SSE).
• The skill-eval harness (/agent/eval) — execute_tool is now dispatched.

The full execution-path coverage table is in
docs/RUNTIME_HOOK_COVERAGE_v3.5.0.md.
Local approval gates and filesystem sandboxing are preserved.

Tests: tests/unit/test_runtime_coverage.py (computer-use lifecycle + 403 gate

• kwargs payload) on top of the existing test_hooks_dispatch.py.

3. tools.py → tools/ package

The 1,525-line tools.py is split into a package with focused submodules —
computer, filesystem, documents, local_files, knowledge, network,
commands — plus the shared sandbox base, constants, and tool registry in
tools/__init__.py. The flat import surface is 100% preserved: import tools and from tools import <anything> behave exactly as before (verified by
46/46 registered tools and the existing test_tools.py / test_tool_registry.py
suites, including the AGENT_ROOT monkeypatch path). No circular imports; the
wheel ships the full package.

4. CI — discover-based syntax gate

The hand-maintained py_compile enumeration (which still listed the now-removed
tools.py) is replaced by scripts/check_python.py: it walks the repo, excludes
virtualenv/build/cache/generated/vendored dirs, and compiles everything else —
144 modules, auto-including any future file. Wired into both
.github/workflows/ci.yml and npm run check:python.

5. UI — solid, crisp surfaces (glassmorphism removed)

The single translucent surface in the active v3 SPA (the command-palette scrim's
backdrop-filter: blur) is removed; 19 further backdrop-filter: blur surfaces
in the served legacy /account · /admin stylesheets are neutralized to solid.
The active v3 CSS now contains zero blur surfaces (assets rebuilt + hashed).

---

Validation (final code state)

• npm run lint — 64/64 v3 modules pass.
• npm run check:python — 144 modules compile.
• pytest tests/unit — 419 passed (+29 new: oidc 15, proxy 11 net, runtime 4 — see notes).
• pytest tests/integration — 9 passed against a live server (/health → 3.5.0).
• Playwright tests/visual/v3.spec.js — 13 passed (SPA boots, all views render).
• python -m build — sdist + wheel OK; tools/ package included in the wheel.

Known limitations (honest)

• OIDC verification supports asymmetric RSA tokens (the OIDC norm). Providers that
  sign ID tokens with EC (ES*) or symmetric keys are not supported and are
  rejected fail-closed; add the alg explicitly if such a provider is required.
• The legacy /account · /admin pages had their blur removed, but their
  surfaces are not otherwise restyled (they are not in the v3 SPA view set).
• Memory-service maintenance endpoints (prune/compact/rebuild) are service
  operations with their own audit trail, not registry tools, so they intentionally
  do not fire pre_tool/post_tool (documented in the coverage table).

Registry publishing

Build artifacts (npm tarball, PyPI sdist/wheel) are produced. Publishing to
npm, PyPI, the VS Code Marketplace, Open VSX, Docker Hub, and Vercel is
intentionally NOT done — the project owner publishes manually.

Lattice AI v3.4.1 — Runtime Completion

Lattice AI v3.4.1 — Runtime Completion

Release type: runtime completion. Makes the v3.4.0 runtime systems
verifiably complete and corrects the v3.4.0 overclaims the implementation
audit found. Every claim here is verified by a live end-to-end run against a
booted server — not unit tests, mocks, or endpoint existence. Evidence:
docs/assets/v3.4.1/e2e_runtime_log.txt
(7/7 PASS + restore-on-restart PASS).

Local-first and Enterprise-disabled are unchanged.

---

What v3.4.0 overclaimed, and what v3.4.1 actually delivers

1. Hooks — full lifecycle coverage (was: HTTP-tool-path only)

v3.4.0 said hooks "fire from tools and workflows." In reality tool hooks fired
only from the HTTP /tools/* path; the agent tool path, the multi-agent
executor, and the platform workflow path all bypassed hooks, and 4 of 7 built-ins
were advisory no-ops. v3.4.1:

• A single shared dispatch_tool (core/hooks.py) drives
  pre_tool → execute → post_tool for all three tool paths: HTTP
  (api/tools._tool_response), the single-agent runtime (core/agent.py via
  AgentDeps.hooks), and the workflow tool node
  (platform_runtime._tool_node_runner).
• Workflow hooks fire from both paths — the designer endpoint and the
  platform path (run_workflow_by_id now passes hooks to WorkflowEngine).
• The lifecycle is now the explicit set pre_/post_ × run · tool · workflow · upload · index (plus agent). The upload pipeline fires
  pre_upload/post_upload + pre_index/post_index; the local-folder index
  and folder-watch reindex fire pre_index/post_index.
• All 7 built-in hooks have real runners (core/builtin_hooks.py) — none is
  a silent no-op. A hook with no bound runner and no command is flagged
  advisory in the registry and UI. Legacy workflow/pipeline kinds are
  accepted and mapped forward.

Live: an HTTP tool call fired pre_tool (real sensitivity=none /
policy[list_dir]: risk=low output) + post_tool; an agent run auto-fired
pre_run + post_run; an upload fired all four upload+index kinds.

2. Local Agent — real probes (was: hardcoded true)

v3.4.0 hardcoded online, handshake.ok, health.status, and
filesystem_access to true. v3.4.1 probes them:

• a real filesystem write → read → delete in the data dir;
• a live graph reachability call (knowledge_graph.stats());
• a derived mode ∈ {offline, starting, online, degraded, error};
• plus pid, version, handshake latency_ms, last_seen, and an error
  string when a probe fails.

Live: mode=online, real pid, handshake.latency_ms≈0.7ms,
graph_reachable=true, error=null. A failing subsystem yields degraded/
error honestly.

3. Connect Folder — proven end-to-end (was: never run)

Live: a real temp folder → permission approval (self-approval; the click is the
consent) → index → the Files table shows the folder's documents → **retrieval

• hybrid search** return them (24 fused matches over the connected content).

4. Folder Watch — proven end-to-end + restore (was: isolation-only)

watchdog is a declared dependency and is installed. Live: creating a file in
a watched folder fired a debounced reindex → post_index (folder.reindex)
hook; the watcher reports the active source; and after a server restart the
watch was restored automatically.

---

Validation (final code state)

• npm run lint — 64/64 v3 modules · npm run typecheck — tsc clean ·
  npm run build — assets + Python build OK.
• pytest tests/unit — 390 passed (19 in test_hooks_dispatch.py).
• pytest tests/integration — 9 passed against a live server.
• Playwright tests/visual/v3.spec.js — 13 passed.
• Live E2E (docs/assets/v3.4.1/e2e_runtime_log.txt) — 7/7 + restore PASS.

Known limitations (honest)

• Live model output (VLM inference, agent-generated text) still needs a loaded
  local model; the deterministic agent runner is LLM-free by design.
• The multi-agent executor only invokes tools via workflow/plugin nodes (it does
  not call execute_tool directly), so tool hooks fire on the agent path through
  core/agent.py (the single-agent runtime) and through workflow tool nodes —
  both now wired. There is no separate code path left unhooked.
• The built-in tool-permission-gate records the governance decision into the
  run log and blocks only when policy denies; primary enforcement stays in the
  tool dispatcher (documented, not duplicated).

Registry publishing

Build artifacts (npm tarball, PyPI sdist/wheel, VSIX) are produced. Publishing
to npm, PyPI, the VS Code Marketplace, and Open VSX is intentionally NOT done —
the project owner publishes manually.

Lattice AI v3.4.0 — Platform Completion

Lattice AI v3.4.0 — Platform Completion

Release type: platform completion (functionality). Closes the remaining
non-enterprise gaps the v3.3.0 honesty audit flagged. Every change below is
runtime-verified on a live server, not only traced through source.

Lattice AI stays a local-first workspace: inference, indexing, files, and the
knowledge graph live on your machine. Enterprise features remain intentionally
disabled with honest "not available in this build" states.

---

Highlights

1. Hooks now execute (was registry-only)

The v3.3.0 audit's most significant honesty gap is closed. latticeai/core/hooks.py
gains a real execution engine alongside the existing registry:

• HookContext / HookResult, and the public verbs register_hook(id, runner),
  run_hook, run_hooks(kind, …), and fire_hook(kind, event, …) (fire-and-forget).
• A hook runs either via an in-process runner bound by its owning subsystem
  (built-ins redact-secrets, audit-agent-run, pipeline-index-status are
  bound at startup) or, for user hooks, by executing their command as a
  subprocess (full context on stdin and in LATTICE_HOOK_CONTEXT).
• pre_* hooks gate. A blocking pre_run aborts an agent run; a blocking
  pre_tool aborts the tool call. A non-zero exit from a pre_* command hook
  blocks fail-closed; a misbehaving hook never crashes the lifecycle point.
• Every dispatch is appended to a bounded, persisted run log
  (hooks_runs.json), exposed at GET /api/hooks/runs. POST /api/hooks/run
  (and /fire) dispatch on demand.

Hooks fire from real lifecycle points: Agents (AgentRuntime.start
pre/post-run), Workflows (WorkflowEngine.run start/end), Tools
(/tools/* pre/post-tool), and the upload Pipeline (document.ingested).
The Hooks view adds a per-hook Run, a Run by kind, and a Recent
executions log so dispatch is observable.

2. Uploaded documents appear in Files

KnowledgeGraphStore.list_documents() + GET /knowledge-graph/documents surface
every ingested Document node with its ingest → index state (ingested →
indexed once retrieval chunks exist). The Files "Uploaded documents" table reads
it and re-hydrates after every upload, completing
upload → Files → Knowledge Graph → Hybrid Search → Chat.

3. VLM image input in Chat

The backend already accepted image_data; v3.4.0 adds the composer affordance —
attach, drag-and-drop, paste, a thumbnail preview with remove, and the
image is sent with the message. A Vision Enabled / Disabled badge reads a new
vision capability block from /models (derived from the active model's compat
profile). Live VLM inference output requires a loaded vision model and is honestly
badged when absent.

4. Run agents from the Agents view

A Run console (goal + role chips → Run / Stop / Status / Queue / Logs)
executes the multi-agent pipeline directly from Agents — no Planning-view detour.
The pipeline runs synchronously and without a loaded model (deterministic
runner), rendering the run's timeline as logs and firing pre/post-run hooks. Stop
honestly reports the synchronous runtime's {stopped:false, reason}.

5. On-device Local Agent + Connect Folder + Folder Watch

The "desktop local agent" is the Lattice server itself, running on your machine.

• GET /api/local-agent/status reports the real runtime state: online,
  platform/machine/python, an in-process handshake, filesystem-access and
  watcher-availability health, and connected/watching folder counts. No fake
  readiness — a fresh instance shows 0 folders and reports the watcher honestly.
• Connect Folder (api.connectFolder) runs request → self-approve (the click
  is the consent) → index + watch via the existing /knowledge-graph/local/*
  endpoints. The Folder Watch (LocalKnowledgeWatcher, watchdog) fires a
  debounced reindex on create/update/delete — verified.

---

What did NOT change

Enterprise capabilities remain disabled and honestly labeled: SSO, SCIM, DLP,
Private VPC, SIEM, enterprise RBAC, and enterprise user management. The deterministic
agent runner is unchanged (documented as LLM-free). Local MLX inference still
requires Apple Silicon + an MLX/MLX-VLM build for local generation.

Known limitations (honest)

• Live model output is runtime-pending in screenshots. VLM inference and
  agent-generated text require a loaded local model; the included screenshots show
  the real UI with representative data, not live inference.
• Folder Watch requires watchdog (a declared dependency). When absent, the
  Local Agent / Files surfaces honestly report watcher_available:false.
• Standard-view headers render low-contrast at the top — a pre-existing
  v3.3.1 design characteristic (visible identically on unchanged views), not
  introduced by v3.4.0.
• Hosted deployment is out of scope. Lattice AI is local-first (MLX,
  filesystem, SQLite) and is not a serverless/hosted product.

Validation

• npm run lint — 64/64 v3 modules pass.
• npm run typecheck — tsc -p . clean (VS Code extension).
• npm run build — assets + Python build succeed.
• pytest tests/unit — 388 passed (incl. 17 new test_hooks_dispatch.py).
• pytest tests/integration — 9 passed against a live server.
• Playwright tests/visual/v3.spec.js — 13 passed.
• Runtime smoke — all five new/updated views render with zero console errors; the
  live server boots clean; hooks fire from manual + agent lifecycle; folder watch
  reindexes on change.

Registry publishing

Build artifacts (npm tarball, PyPI sdist/wheel, VSIX) are produced for this
release. Publishing to npm, PyPI, the VS Code Marketplace, and Open VSX is
performed manually by the project owner and is intentionally not done here.