Skip to content

Releases: iarjunganesh/drift

DRIFT v0.10.0

Choose a tag to compare

@github-actions github-actions released this 18 Jul 16:44

MCP thin-client integration — 2026-07-18

Codex Session ID: 019f7607-aa5a-79b2-8101-4cd634495fbe

DRIFT's reviewed release intelligence is now also available to any
MCP-compatible assistant, as an additional consumption channel over the
existing public API — "in the browser, over HTTP, and inside your AI
assistant." This does not reposition DRIFT: the tagline
("Release intelligence for GPU and AI infrastructure. Cited, bounded,
inspectable."), the brand banners, the frontend hero, and the FastAPI
description are unchanged, per the branding boundary in
ADR-011.

Added

  • integrations/mcp/ — a standalone thin-client MCP server (stdio, run with
    python -m integrations.mcp) exposing exactly three tools, each a one-to-one
    call to an existing public endpoint:

    • drift_briefingGET /briefing
    • drift_searchGET /search
    • ask_driftPOST /chat

    The server is configured with only DRIFT_API_URL (hosted Railway API or a
    local instance), plus an optional DRIFT_MCP_TIMEOUT_SECONDS request timeout,
    and holds no OpenAI key, no database URL, and no credential
    of any kind
    . It sits on the untrusted consumer side of the API boundary,
    indistinguishable from the Vercel frontend.

  • An optional mcp dependency group and a separate integrations test group in
    pyproject.toml. The core [project.dependencies] set is untouched, so the
    uv sync --no-dev Docker install, the Railway image, and the deployed runtime
    are unchanged; the SDK is opt-in.

  • 40 mocked-HTTP integration tests at 100% coverage of integrations/, run as a
    separate CI job (MCP integration tests) outside the backend --cov=backend
    gate. Ruff and mypy targets extend to integrations/ in the Makefile,
    AGENTS.md, and .github/workflows/ci.yml.

Safety boundary

  • Every guarantee the API already enforces applies to MCP traffic automatically,
    because there is no second path to the store: reviewed-only reads, redacted
    review notes, SpendGuard budgets, and retry/circuit resilience are all
    server-side. The MCP server cannot draft, verify, publish, or retract an
    Insight — the review gate remains a human, notebook-driven boundary with no
    MCP tool. Questions outside the reviewed corpus decline rather than
    hallucinate: the retrieve-first /chat 404 is surfaced as a spoken decline.

Verification

  • Local ($0): all three tools were exercised against a fixture-mode DRIFT API.
    drift_briefing ranked the reviewed examples, drift_search matched a
    library query, ask_drift returned a grounded, cited answer, and an unmatched
    question declined instead of guessing.
  • The backend suite remains 160 tests at 100% backend coverage; the integrations
    suite adds 40 mocked-HTTP tests at 100% integrations/ coverage.

Release boundary

  • This is a source and integration release. It changes nothing under backend/,
    adds no capture or Insight (the tools answer only over the five reviewed
    Tier.FINAL Insights 10, 11, 13, 15, and 16 and decline otherwise), and is not
    yet redeployed: the deployed app is v0.9.1, verified live on 2026-07-18
    (/health and / report 0.9.1, /docs 200, /briefing returns the five
    reviewed Insights, Vercel CORS GET, POST; paid /search//chat not
    re-invoked). A bounded hosted MCP capture archived with a SHA-256 manifest and a real
    MCP-client screenshot are the remaining operator gates; no hosted MCP claim is
    written until that capture has run.

DRIFT v0.9.1

Choose a tag to compare

@github-actions github-actions released this 18 Jul 00:25

Tier.LIVE grounded-chat evidence pass — 2026-07-18

Codex Session ID: 019f7278-ee77-7f02-bafd-6eba8bf046d2

  • Executed a small, explicitly bounded Tier.LIVE (gpt-5.6-terra) grounded-chat
    capture against the reviewed store through the DRIFT Manual Run notebook
    (Section 7). One question was asked per configured primary source (eight
    total), each running the same retrieve_live_insights and
    answer_question_with_model code paths the live /chat endpoint uses. The
    run read the five reviewed Tier.FINAL Insights (IDs 10, 11, 13, 15, 16) and
    wrote nothing to the database.
  • Seven of eight questions were answered with a grounded citation; the eighth
    (PyTorch) was declined outright. Terra grounded each answer only in the
    Insights that actually supported it — TensorRT 11.1 → 16, vLLM v0.25.1 → 13,
    Transformers v5.14.1 → 11, JAX v0.11.0 → 10, NCCL v2.30.7-1 → 15 — and cited
    exactly IDs 10, 11, 13, 15, and 16 across the run, never an ID outside the
    reviewed store and never a fabricated release.
  • Verified the retrieve-first boundary directly. Retrieval ranks by vector
    distance with no cutoff, so it surfaces the nearest reviewed Insights even for
    sources with no reviewed Insight (PyTorch, Triton, CUTLASS). For PyTorch,
    Terra cited nothing; for Triton and CUTLASS it answered that no such Insight
    exists and grounded that negative answer only in the specific reviewed
    Insights it had inspected. The notebook records Terra's true grounding rather
    than the /chat UX fallback to the whole retrieval window, so "cite only the
    evidence used" is inspectable.
  • Local spend for the eight-question run was approximately $0.076, within the
    configured spend guard (settled ledger $1.50 → $1.58 against the $5 cap); no
    per-attempt reservation exceeded the per-call cap and none was left reserved.

Added

  • backend.evidence_archive.archive_chat_capture() and a Section 7c archive
    cell in notebooks/drift_manual_run.ipynb, the retrieve-first analogue of the
    reviewed-capture archive. It preserves each question, the retrieved and
    grounded Insight IDs, citations, structured answers, provider metadata, and
    per-question spend deltas as a scrubbed JSON record with a SHA-256 manifest
    and no-overwrite protection, refusing credential- or review-note-shaped
    metadata. The shared serialize/hash/manifest path is factored out so both
    archivers guarantee byte-exact LF hashing.
  • A frozen, Markdown-only notebooks/drift_manual_run.terra.results.ipynb
    results record (no executable cells, operator configuration, provider/budget
    logs, or review notes), a companion to the gpt-5.6-luna and gpt-5.6-sol
    reviewed-capture records covering the retrieve-and-answer path. The
    display-only regression guard now covers all three results notebooks.
  • Section 7 of the Manual Run notebook: a preflight-safe, spend-gated Terra
    grounded-chat capture over the reviewed store, documented in
    notebooks/README.md.
  • Archived the bounded run's inspectable evidence and SHA-256 integrity manifest
    to assets/evidence/2026-07-18-all-sources-terra.json
    (sha256 b606fe31f22449de0d404446a9249ddd4c2397dc7d258c7c204a177539dec00d).
  • Refreshed the tracked README screenshot gallery into a numbered
    Luna → Sol → Terra flow: landing (01-landing), branded API docs
    (02-api-docs), briefing and frozen claim evidence at the gpt-5.6-luna
    dev tier and gpt-5.6-sol final tier (03.103.4), the Ask DRIFT box
    (04-ask-drift), and two gpt-5.6-terra grounded answers (05.1 NCCL,
    05.2 TensorRT). Every gallery reference resolves to a checked-in file.
    The two Terra answer frames preserve their capture-time grounding labels;
    the authoritative current reviewed-store IDs and Terra grounding are the
    scrubbed archive and manifest above.

Release boundary

  • This is a source, grounded-chat-evidence, and documentation release. It does
    not draft, publish, or retract any Insight: the live Railway store continues
    to serve the same five reviewed Tier.FINAL Insights (IDs 10, 11, 13, 15, 16).
    The tracked README screenshots were refreshed to the current Luna/Sol briefing
    and Terra Ask DRIFT UI. Hosted app verification remains at v0.8.0 pending an
    independent recheck; the deployed Railway /health and Vercel frontend are
    not being described as v0.9.1. The configured spend guard remains
    authoritative over any reported balance.

DRIFT v0.9.0

Choose a tag to compare

@github-actions github-actions released this 17 Jul 22:24

Tier.FINAL evidence pass — 2026-07-17

  • Follow-up Codex session 019f7213-be19-7e50-92ac-a48bd5ecaacb completed the
    evidence cleanup and release-boundary synchronization on 2026-07-18.
  • Executed the paid Tier.FINAL capture (gpt-5.6-sol) through the DRIFT Manual
    Run notebook. All eight configured primary sources were sampled (one item
    each); eight clusters produced verifier-passed drafts (IDs 9–16), each drafted
    and separately verified at gpt-5.6-sol.
  • After source-excerpt human review, published five Insights: JAX v0.11.0 (10),
    Transformers v5.14.1 (11), vLLM v0.25.1 (13), NCCL v2.30.7-1 (15), and
    TensorRT 11.1 (16). This grows the reviewed corpus to five sources, adding
    JAX v0.11.0 — a substantive release with real breaking changes — alongside the
    four sources first published at the dev / gpt-5.6-luna tier.
  • Held three verifier-passed drafts at the human-review gate rather than
    publishing them: a single PyTorch trunk commit (not a release), CUTLASS 4.6.1
    (thin evidence with an interpretive expansion of an upstream typo), and an
    out-of-tree Triton gfx950 tutorial pin (not a mainline release).
  • Archived the reviewed evidence and SHA-256 integrity manifest to
    assets/evidence/2026-07-17-all-sources-reviewed.json
    (sha256 df32b3d4315b09fb4a6dbd508d381ca2c8095e25e16f88c4741ce7bc3055a337).
  • Recorded a display-only results notebook at
    notebooks/drift_manual_run.sol.results.ipynb (Markdown-only; no executable
    cells, operator configuration, provider/budget logs, or review notes), kept as
    a companion to the earlier gpt-5.6-luna results record rather than replacing
    it.

Operational note

  • A Tier.FINAL (gpt-5.6-sol) capture needs a higher per-attempt model timeout
    than the 20-second default; the heavier draft stage otherwise exceeds the
    timeout, exhausts its retries, and aborts the run (a non-ValueError stops the
    capture rather than skipping one cluster). Raising DRIFT_MODEL_TIMEOUT_SECONDS
    to the 120-second maximum let the eight-source capture complete. Local spend for
    the reviewed Sol run stayed within the configured spend guard.

Changed

  • Rewrote the submission/DRIFT_FREEZE_PLAN.md score matrix as an honest
    current-vs-target readiness view and added a dated audit addendum; reclassified
    MCP, tool-calling, and IDE items as optional future work that is not shipped.
    Updated docs/INITIATIVES.md, docs/CODEX_PROMPTS.md, and
    submission/SUBMISSION.md, and removed the superseded
    submission/NEXT_STEPS.md.
  • Renamed the tracked UI screenshots to a kebab-case set led by the reviewed
    briefing (01-briefing), claim evidence (02-briefing-claim-evidence), the
    Ask DRIFT box (03-ask-drift), two grounded-answer examples
    (04.1-ask-drift-grounded-answer-nccl-example,
    04.2-ask-drift-grounded-answer-tensorRT-example), and the branded API docs
    (05-api-docs); updated the README gallery image paths to match.

Release boundary

  • This is a source and reviewed-evidence release. The live Railway store now
    serves exactly five reviewed, verifier-passed Tier.FINAL Insights (IDs 10,
    11, 13, 15, and 16), all produced at gpt-5.6-sol; the four Luna Insights
    (IDs 3, 6, 7, and 8) were retracted to draft on 2026-07-17. Hosted app
    verification remains at v0.8.0 pending redeploy: the deployed Railway
    /health and Vercel frontend are not being described as v0.9.0. The
    reported remaining account balance is planning context, not release
    evidence; the configured spend guard remains authoritative.

DRIFT v0.8.1

Choose a tag to compare

@github-actions github-actions released this 17 Jul 20:44

Fixed

  • Made live Ask DRIFT responses structured and grounding-aware. The model now
    reports the Insight IDs it actually used, the API filters citations and
    grounded_insight_ids to that subset, and stray or malformed model IDs can
    no longer cause unrelated source links to be presented for a question.
  • Added regression coverage for subset citation behavior, malformed structured
    responses, blank answers, router schema forwarding, and lifespan integration.

Release boundary

  • This is a source patch release for the Ask DRIFT grounding fix, tagged from
    feature/v0.9.0-final-evidence. Hosted Railway/Vercel verification remains
    at v0.8.0 until a deployment is independently checked.

Targeted releases — planned, not released

These targets are planning records only. They do not change the current
verified release (v0.8.0) or claim that the paid Tier.FINAL rerun has run.

v0.9.0 — final-tier evidence and selected polish

Targeted scope:

  • rerun selected reviewed examples through Tier.FINAL (Sol), initially the
    four currently published sources: Transformers, vLLM, NCCL, and TensorRT;
  • preserve source bytes, exact claim spans/hashes, upstream references, model
    identifiers, verifier results, model-run audits, and meaningful human review
    notes for every accepted result;
  • publish only verifier-passed results after human review, retaining the
    existing bounded-evidence and spend/retry guardrails; and
  • optionally include narrowly scoped polish that improves judge clarity or the
    demo path, provided it does not delay or blur the evidence boundary.

The Tier.FINAL run is still pending operator execution and budget validation.
The reported remaining account balance is planning context, not release
evidence; the configured spend guard remains authoritative.

v1.0.0 — final submission release

Targeted scope:

  • final product and documentation polish after the evidence decision;
  • final local/hosted verification of the judge path and bounded claims;
  • a public English YouTube demo under three minutes showing the working
    workflow, citations, verification, Codex contribution, and GPT-5.6 role; and
  • final README, submission notes, Devpost metadata, and video-link replacement.

v1.0.0 is the submission-final target, not permission to add new feature
surfaces such as MCP, tool calling, IDE integration, or a release timeline.

DRIFT v0.8.0

Choose a tag to compare

@github-actions github-actions released this 17 Jul 18:57

Codex session record

  • Carried 019f6a78-6fa2-7121-9059-85ac8ceb9904 from reviewed-evidence release
    hardening and v0.7.0 hosted verification through this v0.8.0 source
    release.

Added

  • Gave the three fixture Insights typed claims arrays backed by frozen,
    checked-in synthetic source files. Every span, offset, source URL, and
    source-content SHA-256 now follows the same invariant as a live claim; a
    regression test rejects mismatched source text, hashes, URLs, offsets, or raw
    item IDs. The Inspect claim evidence panel now renders in no-key fixture
    mode without implying that example text is an upstream release note. The suite
    passes 150 tests at 100% backend coverage.
  • Ask DRIFT grounded-chat box in the frontend (frontend/app/AskDrift.tsx):
    a single client component that posts a question to /chat and renders the
    grounded answer, its source citations, the model/audit label, and the grounded
    insight IDs, with explicit loading, no-match (HTTP 404), and error states. It
    works in both fixture and live mode. The input now matches the /chat
    contract (3–2,000 characters), reports server errors accurately, and announces
    state changes accessibly. The /chat contract was verified against the
    fixture backend and the production frontend build passes.
  • Embedded the reviewed-briefing and claim-evidence screenshots in the README as
    live-state visual evidence (assets/screenshots/03-briefing.png and
    04-briefing-claim-evidence.png), alongside the branded Swagger and
    architecture assets.
  • Presentation architecture diagram — a hand-authored, presentation-grade
    visual (assets/architecture/arch-{dark,light}.svg, generated by
    build_arch.py + build_arch_raster.mjs) that dramatizes the six typed
    stages as a first-look trust boundary: untrusted feeds → quarantined
    machine drafts → the human review gate → trusted, published briefing. The
    README and docs/ARCHITECTURE.md now lead with it, with the Mermaid pipeline
    kept as the maintainable system-of-record in a collapsible section.

Changed

  • Restructured the README top for first impression: The Problem → What DRIFT
    Does → Try DRIFT in 60 Seconds
    , leading with the hosted demo links and a
    one-command docker compose up judge path. Reframed the closing Disclaimer
    as a positive Trust Model (untrusted input → frozen source span → separate
    verifier pass → human review gate) and kept the Codex/GPT-5.6 usage section
    prominent.
  • Made the Quick Start cross-platform: promoted docker compose up as the
    one-command local path and added bash/curl equivalents beside every PowerShell
    command (setup, endpoint calls, and the live capture command).
  • Corrected the P1 tracker to name the implemented grounded-chat component
    honestly. It uses /chat, whose retrieve-first backend already performs the
    evidence lookup; the separate /search endpoint remains available in the API
    rather than duplicating live retrieval and provider work in the browser.
  • Renamed the tracked UI screenshots to clean kebab-case filenames
    (01-landing, 02-api-docs, 03-briefing, 04-briefing-claim-evidence) so
    they embed reliably in Markdown.
  • Rebuilt the Mermaid architecture diagram (arch-pipeline.mmd) into three
    colour-coded trust zones (untrusted · quarantine · trusted) with the human
    review gate as the crossing point, and regenerated all four light/dark
    renders. The auto-laid Mermaid is kept acyclic — the "engineer also reviews"
    loop-closing edge appears only in the hand-laid presentation diagram — so the
    zones read left
    to right.
  • Renamed the Mermaid architecture assets for clarity: architecture-diagram*
    arch-pipeline* (source, renders, and theme configs), pairing them with the
    new hand-authored arch-* presentation diagram, and updated every reference
    across the README, docs/ARCHITECTURE.md, CONTRIBUTING.md, and the asset
    guides.
  • Elevated the canonical DRIFT brand banners to share the presentation diagram's
    visual system — trust-zone palette, node styling, gold human-review gate,
    dot-grid field, and a subtle GPU compute-lattice backdrop (circuit traces,
    vias, and a PCB edge-connector) behind the evidence-path card — via a new
    assets/brand/build_banner.py generator (with a build_banner_raster.mjs
    PNG export). The API-served SVG filenames
    (drift-banner-{dark,light}.svg) are unchanged, so backend/main.py and the
    Docker image keep serving them.
  • Refreshed the README Project Structure tree to match the current backend,
    frontend, assets, scripts, migrations, and tooling layout.
  • Locked one DRIFT signature gradient (teal #2dd4bf → indigo #818cf8
    dark / #0d9488#4f46e5 light) across the banner wordmark and the
    presentation-diagram eyebrow, with the semantic node/trust colours kept for the
    diagrams. The endpoints are the diagram's own source-teal → agent-indigo
    hues; the locked palette is documented in assets/brand/README.md.
  • Added a Powered by GPT-5.6 tiers · Luna · Terra · Sol credit to the brand
    banner, and a GPU compute-lattice backdrop behind the evidence-path card.

Repository operations

  • Enabled branch protection on main (2026-07-17): the five CI quality-gate
    checks (Ruff lint, Mypy type check, Tests and coverage, Frontend build, and
    Documentation hygiene) are required, with strict up-to-date merges; admins
    retain a bypass for pre-deadline hotfixes. Tag-only release checks are
    intentionally excluded.
  • Confirmed the Codecov pytest upload on the dashboard (2026-07-17): the
    tokenless OIDC upload is queued and processed, and the repository and
    flag=pytest coverage badges both resolve to 100%.

DRIFT v0.7.0

Choose a tag to compare

@github-actions github-actions released this 16 Jul 18:28

Hosted deployment verification — 2026-07-16

  • Verified the Git-connected Railway v0.7.0 deployment in DRIFT_MODE=live:
    /health reports 0.7.0, /docs returns 200, and a Vercel-origin CORS
    preflight allows GET, POST.
  • Verified that /briefing?top_n=10 returns the four reviewed Insights without
    human_review_notes, and that /openapi.json does not expose that field.
  • Verified the deployed Vercel bundle requests briefing?top_n=10.

Reviewed-evidence capture and hosted verification — 2026-07-16

  • Published four human-reviewed Insights through publish_verified_insights
    after source-excerpt review: Transformers v5.14.1, vLLM v0.25.1,
    NCCL v2.30.7-1, and TensorRT 11.1 (draft IDs 3, 6, 7, 8; drafted and verified
    at the dev / gpt-5.6-luna tier to bound cost).
  • Verified the hosted Railway v0.6.1 app in DRIFT_MODE=live now returns
    provider-backed content: /briefing is non-empty, /search?q=vllm returns
    the vLLM v0.25.1 Insight, and /chat returns a grounded gpt-5.6-terra
    answer citing the vLLM/NCCL/Transformers releases
    (grounded_insight_ids [6, 7, 3]). This supersedes the earlier empty
    fail-closed briefing verification.
  • Archived the reviewed evidence and SHA-256 integrity manifest to
    assets/evidence/2026-07-16-all-sources-reviewed.json
    (sha256 2e08896b3c1c9507b557fc84e5558ce05343f9202227bb3a1ff7e964002d2318).

Fixed

  • Prevented empty or truncated structured-model responses from aborting a
    capture. Reasoning tokens share the response budget, so the output-token
    ceilings were raised for severity classification (40 → 256), Insight drafting
    (1200 → 4000), and the claim verifier (400 → 800).
  • Raised the frontend briefing request from top_n=3 to top_n=10 so the home
    page surfaces every reviewed Insight across sources, not just the top three
    (the /briefing endpoint already accepts top_n up to 10).

Changed

  • The capture pipeline now generates each cluster's Insight independently and
    skips — with a logged insight.generate.skipped warning — any cluster whose
    draft fails grounding or verification, instead of discarding the whole run on
    a single failed cluster.
  • The claim verifier now publishes only the verifier-accepted claims and drops
    the rejected ones, still requiring at least one direct fact and one
    recommended check, rather than rejecting an entire Insight when any single
    claim is rejected.

Added

  • scripts/check_openai_spend.py: a read-only, admin-key OpenAI cost check that
    reconciles the DRIFT project's real spend against the local
    .drift/spend-ledger.json guard (the local guard tracks only DRIFT's calls, so
    reconciliation is scoped to an explicit --project-id / DRIFT_OPENAI_PROJECT_ID
    rather than the organization total), with scripts/README.md. Uses the Costs
    API group_by/project_ids array query parameters.

Testing

  • Added pipeline tests for per-cluster skip-on-failure and the all-skipped
    guard, an Insight test for publishing only verifier-accepted claims, and
    updated the claim-grounding calibration eval so an ambiguous inference is
    dropped while the verified fact and check survive.

Evidence-integrity, review-note redaction, and notebook hardening — 2026-07-16

  • Fixed the evidence archive writer to emit raw LF bytes (write_bytes) so the
    manifest SHA-256 matches the evidence file's exact on-disk bytes on every
    platform; write_text previously translated \n to \r\n on Windows,
    leaving the manifest hashing bytes the file no longer contained. Added
    .gitattributes pinning assets/evidence/*.json to LF so core.autocrlf
    cannot re-introduce the mismatch, and a byte-level hash regression test.
  • Made human_review_notes database-only: the public Insight contract now
    excludes it from serialization (Field(exclude=True)) and the live-store
    reader no longer copies it across the API boundary, so /briefing, /search,
    and /chat can never return internal review text. Added model- and
    endpoint-level regression tests.
  • Sanitized notebooks/drift_manual_run.ipynb to a clean, output-free template
    (reset capture trigger, publish/archive IDs, and review notes), and made
    notebooks/drift_manual_run.results.ipynb a Markdown-only display record;
    it contains no runnable cells, operator configuration, provider/budget logs,
    or review notes. A regression test protects that boundary.
  • Full suite: 149 tests at 100% backend coverage.

DRIFT v0.6.1

Choose a tag to compare

@github-actions github-actions released this 16 Jul 10:10

Fixed

  • Made the FastAPI documentation banner frame follow prefers-color-scheme,
    so the light canonical banner no longer sits inside a dark wrapper.

  • Made the frontend briefing state explicit: it now distinguishes a loading
    request, an unreachable API, and the intentional empty state before reviewed
    evidence has been published.

  • Made the frontend select the API-served canonical DRIFT banner pair with
    prefers-color-scheme; it no longer copies SVGs into the Vercel build, and
    its palette follows the same light/dark system preference as the README and
    API docs.

  • Corrected current local-test documentation to 142 tests at 100.00% backend
    coverage and replaced the placeholder clone URL.

Hosted deployment verification — 2026-07-16

  • Verified the Git-connected Railway v0.6.1 deployment in DRIFT_MODE=live:
    /health reported v0.6.1, /briefing returned [] because no Insight is
    human-reviewed, /docs returned 200, and a Vercel-origin CORS preflight
    passed.
  • Verified that the deployed Vercel HTML references the canonical API-served
    light/dark banner pair. This is source-markup verification, not a separate
    browser visual check of the post-fetch empty state.

Codex session record

  • Added 019f6a46-e3eb-7de2-81b1-91515ae80043 for the submission audit and
    frontend evidence-presentation follow-up. Initiative 04 remains the primary
    /feedback session for core functionality.

DRIFT v0.6.0

Choose a tag to compare

@github-actions github-actions released this 16 Jul 00:24

At release-tag creation, v0.6.0 was the current local source release and its
hosted verification had not yet occurred. The dated Unreleased addendum records
the subsequent hosted deployment verification without rewriting that history.

Added

  • Added migration 0003_claim_evidence_review_gate, typed claim contracts, and
    frozen exact evidence spans with character offsets, source SHA-256 hashes,
    and retained upstream GitHub release/PR/commit references where present.
  • Added a separate, routed structured claim-verifier call and a second durable
    model_runs audit pointer for each generated draft. The verifier rejects
    unsupported or misclassified claims but remains model-aided screening, not
    proof.
  • Added explicit direct_fact, inference, and recommended_check labels;
    separate upstream release-type, potential operator-risk, and applicability
    metadata; and claim-evidence presentation in the frontend.
  • Added backend.review.publish_verified_insights() and the judge-facing
    DRIFT Manual Run in notebooks/drift_manual_run.ipynb. It makes the source
    roster, spend-gated capture, claim evidence, human review, and archive proof
    chain visible; it starts at one item per configured source (at most eight),
    refuses Railway's private database hostname, and leaves publication empty by
    default.
  • Added reviewed-capture evidence archiving with a SHA-256 sidecar manifest.
    The notebook archives only reviewed verifier-passed Insights, excludes review
    notes/secrets, and refuses to overwrite a dated record.
  • Added claim-grounding calibration fixtures/tests for unsupported facts,
    ambiguous interpretation, and instruction-shaped release text.

Changed

  • Replaced the canonical dark and light DRIFT brand banners with a cinematic,
    semiconductor-inspired evidence path. Vercel derives the dark variant from
    assets/brand/ at build time; the README renders the dark/light pair by
    color scheme. Both show an explicitly connected primary-release → GPU
    compute-lattice → evidence/review/check story with source-neutral copy.
    Headline spacing is responsive and avoids compressed word shapes at narrow
    widths.
  • Capture output is now always a verifier-passed draft. Live briefing,
    search, and chat filter to human-reviewed drafts with recorded review notes;
    no capture flag can publish output automatically.
  • Updated the product contract: DRIFT offers traceable primary facts, labelled
    interpretation, and bounded checks—not a compatibility verdict, guarantee, or
    automated infrastructure decision.
  • Updated architecture, ADRs, runbook, build sequence, contributor guidance,
    submission guidance, and diagrams for the review-first boundary.

Fixed

  • Added an optional DRIFT_DATABASE_PUBLIC_HOST / DRIFT_DATABASE_PUBLIC_PORT
    override that preserves a private Railway DATABASE_URL's credentials and
    database name while routing local notebook/Alembic connections through its
    public TCP proxy.
  • Bound only the derived raw-item text sent to text-embedding-3-small, while
    preserving complete fetched evidence for provenance and Insight generation.
    This prevents oversized release bodies from exceeding the embedding API's
    per-input limit during a bounded capture.
  • Settle successful embedding calls from their returned token usage and the
    router's embedding rate, rather than recording the full conservative call
    cap as spend. Failed or usage-unknown calls remain conservatively capped.
  • Reject non-JSON or secret-shaped capture metadata before an evidence archive
    can be written, preserving the archive's no-credentials/no-review-notes
    contract at the helper boundary as well as in the notebook.

Hosted verification

  • On 2026-07-16, Railway PostgreSQL was verified at
    0003_claim_evidence_review_gate through its public TCP proxy before the
    subsequent v0.6.0 application deployment verification recorded above.
  • On 2026-07-15, the previous hosted v0.5.1 deployment applied migrations
    through 0002_capture_provenance and served one unreviewed vLLM Insight from
    public /briefing with its primary citation; Vercel CORS preflight also
    passed. This historical application verification predates 0003; it is not
    evidence of review-gated live analysis.
  • Added a scrubbed, committed hosted-evidence record under assets/evidence/;
    it preserves the verified response and boundaries without credentials or
    local spend-ledger data.

DRIFT v0.5.1

Choose a tag to compare

@github-actions github-actions released this 15 Jul 19:03

Railway PostgreSQL connection-string compatibility patch.

Fixed

  • Normalize provider-native postgres:// and postgresql:// connection URLs
    to SQLAlchemy's required async postgresql+asyncpg:// dialect before the
    application engine or Alembic migration environment is initialized.
  • Added full branch coverage for native, legacy, and already-normalized
    PostgreSQL connection URLs, so the Railway database reference can be used
    directly without composing credential variables.

Deployment note

  • The API service must reference the database service's complete native
    DATABASE_URL; v0.5.1 supplies the driver normalization. Applying
    migrations and creating the first reviewed capture remain operator actions.

DRIFT v0.5.0

Choose a tag to compare

@github-actions github-actions released this 15 Jul 18:12

Bounded local capture-path release with persisted source and model provenance.

Added

  • Added a bounded one-shot backend.pipeline capture job that persists and
    reloads primary-source evidence, generates and embeds Insights, writes the
    live store, and records optional human review notes.
  • Added Alembic revision 0002_capture_provenance with source-content hashes,
    durable model_runs audit rows, Insight-to-run linkage, and review metadata.
  • Added bounded spend reservation and retry/circuit handling to synchronous
    embedding, classification, and Insight-generation provider calls.
  • Added local live-store-backed /briefing and frontend cards that expose
    source links, confidence, model/audit label, rationale, and bounded action.

Changed

  • Corrected the generic NCCL fixture from an unsupported security label to
    minor; fixture records remain examples, not release findings.
  • Removed the superseded docs/DRIFT_Realistic_Next_Steps.md plan and
    synchronized current-state documentation with the capture boundary.
  • Verified 118 tests at 100.00% backend coverage with Ruff, mypy, and the
    frontend production build passing.

Remaining operator gates

  • Apply the new migration to a clean PostgreSQL/pgvector instance, run and
    review real model captures, then deploy and verify the updated hosted path.
  • Record the public narrated demo and submit the Developer Tools entry.

Codex session record

All project-session IDs are retained here in addition to
docs/INITIATIVES.md:

  • Foundation and inspectable vertical slice —
    019f61e7-1ea1-7742-9acc-99d62f39b888
  • Publication and judge-readiness baseline —
    019f61fc-c32e-7d92-9d2e-0bd9083d08e7
  • Hosted deployment and README follow-up —
    019f6253-ddfc-7272-8077-e34dfb3aee84
  • Grounded live chat, resilience, and locked delivery (primary /feedback
    candidate) — 019f62b9-10b7-7d82-a463-e6eb1192141c
  • Day 1 feed/database and Day 2 Synthesizer —
    019f62e8-6715-70e2-a92a-fe28254f7b71
  • Day 3/Day 4 Insight structured output —
    019f6336-3690-7022-a8ef-c8c0947e240f
  • Bounded capture/provenance and documentation cleanup —
    019f66b4-78b8-7943-a41d-91e836d28f00