Releases: iarjunganesh/drift
Release list
DRIFT v0.10.0
MCP thin-client integration — 2026-07-18
Codex Session ID: 019f7607-aa5a-79b2-8101-4cd634495fbe
DRIFT's reviewed release intelligence is now also available to any
MCP-compatible assistant, as an additional consumption channel over the
existing public API — "in the browser, over HTTP, and inside your AI
assistant." This does not reposition DRIFT: the tagline
("Release intelligence for GPU and AI infrastructure. Cited, bounded,
inspectable."), the brand banners, the frontend hero, and the FastAPI
description are unchanged, per the branding boundary in
ADR-011.
Added
-
integrations/mcp/— a standalone thin-client MCP server (stdio, run with
python -m integrations.mcp) exposing exactly three tools, each a one-to-one
call to an existing public endpoint:drift_briefing→GET /briefingdrift_search→GET /searchask_drift→POST /chat
The server is configured with only
DRIFT_API_URL(hosted Railway API or a
local instance), plus an optionalDRIFT_MCP_TIMEOUT_SECONDSrequest timeout,
and holds no OpenAI key, no database URL, and no credential
of any kind. It sits on the untrusted consumer side of the API boundary,
indistinguishable from the Vercel frontend. -
An optional
mcpdependency group and a separateintegrationstest group in
pyproject.toml. The core[project.dependencies]set is untouched, so the
uv sync --no-devDocker install, the Railway image, and the deployed runtime
are unchanged; the SDK is opt-in. -
40 mocked-HTTP integration tests at 100% coverage of
integrations/, run as a
separate CI job (MCP integration tests) outside the backend--cov=backend
gate. Ruff and mypy targets extend tointegrations/in theMakefile,
AGENTS.md, and.github/workflows/ci.yml.
Safety boundary
- Every guarantee the API already enforces applies to MCP traffic automatically,
because there is no second path to the store: reviewed-only reads, redacted
review notes,SpendGuardbudgets, and retry/circuit resilience are all
server-side. The MCP server cannot draft, verify, publish, or retract an
Insight — the review gate remains a human, notebook-driven boundary with no
MCP tool. Questions outside the reviewed corpus decline rather than
hallucinate: the retrieve-first/chat404 is surfaced as a spoken decline.
Verification
- Local ($0): all three tools were exercised against a fixture-mode DRIFT API.
drift_briefingranked the reviewed examples,drift_searchmatched a
library query,ask_driftreturned a grounded, cited answer, and an unmatched
question declined instead of guessing. - The backend suite remains 160 tests at 100% backend coverage; the integrations
suite adds 40 mocked-HTTP tests at 100%integrations/coverage.
Release boundary
- This is a source and integration release. It changes nothing under
backend/,
adds no capture or Insight (the tools answer only over the five reviewed
Tier.FINAL Insights 10, 11, 13, 15, and 16 and decline otherwise), and is not
yet redeployed: the deployed app isv0.9.1, verified live on 2026-07-18
(/healthand/report0.9.1,/docs200,/briefingreturns the five
reviewed Insights, Vercel CORSGET, POST; paid/search//chatnot
re-invoked). A bounded hosted MCP capture archived with a SHA-256 manifest and a real
MCP-client screenshot are the remaining operator gates; no hosted MCP claim is
written until that capture has run.
DRIFT v0.9.1
Tier.LIVE grounded-chat evidence pass — 2026-07-18
Codex Session ID: 019f7278-ee77-7f02-bafd-6eba8bf046d2
- Executed a small, explicitly bounded Tier.LIVE (
gpt-5.6-terra) grounded-chat
capture against the reviewed store through the DRIFT Manual Run notebook
(Section 7). One question was asked per configured primary source (eight
total), each running the sameretrieve_live_insightsand
answer_question_with_modelcode paths the live/chatendpoint uses. The
run read the five reviewed Tier.FINAL Insights (IDs 10, 11, 13, 15, 16) and
wrote nothing to the database. - Seven of eight questions were answered with a grounded citation; the eighth
(PyTorch) was declined outright. Terra grounded each answer only in the
Insights that actually supported it — TensorRT 11.1 → 16, vLLM v0.25.1 → 13,
Transformers v5.14.1 → 11, JAX v0.11.0 → 10, NCCL v2.30.7-1 → 15 — and cited
exactly IDs 10, 11, 13, 15, and 16 across the run, never an ID outside the
reviewed store and never a fabricated release. - Verified the retrieve-first boundary directly. Retrieval ranks by vector
distance with no cutoff, so it surfaces the nearest reviewed Insights even for
sources with no reviewed Insight (PyTorch, Triton, CUTLASS). For PyTorch,
Terra cited nothing; for Triton and CUTLASS it answered that no such Insight
exists and grounded that negative answer only in the specific reviewed
Insights it had inspected. The notebook records Terra's true grounding rather
than the/chatUX fallback to the whole retrieval window, so "cite only the
evidence used" is inspectable. - Local spend for the eight-question run was approximately $0.076, within the
configured spend guard (settled ledger $1.50 → $1.58 against the $5 cap); no
per-attempt reservation exceeded the per-call cap and none was left reserved.
Added
backend.evidence_archive.archive_chat_capture()and a Section 7c archive
cell innotebooks/drift_manual_run.ipynb, the retrieve-first analogue of the
reviewed-capture archive. It preserves each question, the retrieved and
grounded Insight IDs, citations, structured answers, provider metadata, and
per-question spend deltas as a scrubbed JSON record with a SHA-256 manifest
and no-overwrite protection, refusing credential- or review-note-shaped
metadata. The shared serialize/hash/manifest path is factored out so both
archivers guarantee byte-exact LF hashing.- A frozen, Markdown-only
notebooks/drift_manual_run.terra.results.ipynb
results record (no executable cells, operator configuration, provider/budget
logs, or review notes), a companion to thegpt-5.6-lunaandgpt-5.6-sol
reviewed-capture records covering the retrieve-and-answer path. The
display-only regression guard now covers all three results notebooks. - Section 7 of the Manual Run notebook: a preflight-safe, spend-gated Terra
grounded-chat capture over the reviewed store, documented in
notebooks/README.md. - Archived the bounded run's inspectable evidence and SHA-256 integrity manifest
toassets/evidence/2026-07-18-all-sources-terra.json
(sha256b606fe31f22449de0d404446a9249ddd4c2397dc7d258c7c204a177539dec00d). - Refreshed the tracked README screenshot gallery into a numbered
Luna → Sol → Terra flow: landing (01-landing), branded API docs
(02-api-docs), briefing and frozen claim evidence at thegpt-5.6-luna
dev tier andgpt-5.6-solfinal tier (03.1–03.4), the Ask DRIFT box
(04-ask-drift), and twogpt-5.6-terragrounded answers (05.1NCCL,
05.2TensorRT). Every gallery reference resolves to a checked-in file.
The two Terra answer frames preserve their capture-time grounding labels;
the authoritative current reviewed-store IDs and Terra grounding are the
scrubbed archive and manifest above.
Release boundary
- This is a source, grounded-chat-evidence, and documentation release. It does
not draft, publish, or retract any Insight: the live Railway store continues
to serve the same five reviewed Tier.FINAL Insights (IDs 10, 11, 13, 15, 16).
The tracked README screenshots were refreshed to the current Luna/Sol briefing
and Terra Ask DRIFT UI. Hosted app verification remains atv0.8.0pending an
independent recheck; the deployed Railway/healthand Vercel frontend are
not being described asv0.9.1. The configured spend guard remains
authoritative over any reported balance.
DRIFT v0.9.0
Tier.FINAL evidence pass — 2026-07-17
- Follow-up Codex session
019f7213-be19-7e50-92ac-a48bd5ecaacbcompleted the
evidence cleanup and release-boundary synchronization on 2026-07-18. - Executed the paid Tier.FINAL capture (
gpt-5.6-sol) through the DRIFT Manual
Run notebook. All eight configured primary sources were sampled (one item
each); eight clusters produced verifier-passed drafts (IDs 9–16), each drafted
and separately verified atgpt-5.6-sol. - After source-excerpt human review, published five Insights: JAX v0.11.0 (10),
Transformers v5.14.1 (11), vLLM v0.25.1 (13), NCCL v2.30.7-1 (15), and
TensorRT 11.1 (16). This grows the reviewed corpus to five sources, adding
JAX v0.11.0 — a substantive release with real breaking changes — alongside the
four sources first published at the dev /gpt-5.6-lunatier. - Held three verifier-passed drafts at the human-review gate rather than
publishing them: a single PyTorch trunk commit (not a release), CUTLASS 4.6.1
(thin evidence with an interpretive expansion of an upstream typo), and an
out-of-tree Tritongfx950tutorial pin (not a mainline release). - Archived the reviewed evidence and SHA-256 integrity manifest to
assets/evidence/2026-07-17-all-sources-reviewed.json
(sha256df32b3d4315b09fb4a6dbd508d381ca2c8095e25e16f88c4741ce7bc3055a337). - Recorded a display-only results notebook at
notebooks/drift_manual_run.sol.results.ipynb(Markdown-only; no executable
cells, operator configuration, provider/budget logs, or review notes), kept as
a companion to the earliergpt-5.6-lunaresults record rather than replacing
it.
Operational note
- A Tier.FINAL (
gpt-5.6-sol) capture needs a higher per-attempt model timeout
than the 20-second default; the heavier draft stage otherwise exceeds the
timeout, exhausts its retries, and aborts the run (a non-ValueErrorstops the
capture rather than skipping one cluster). RaisingDRIFT_MODEL_TIMEOUT_SECONDS
to the 120-second maximum let the eight-source capture complete. Local spend for
the reviewed Sol run stayed within the configured spend guard.
Changed
- Rewrote the
submission/DRIFT_FREEZE_PLAN.mdscore matrix as an honest
current-vs-target readiness view and added a dated audit addendum; reclassified
MCP, tool-calling, and IDE items as optional future work that is not shipped.
Updateddocs/INITIATIVES.md,docs/CODEX_PROMPTS.md, and
submission/SUBMISSION.md, and removed the superseded
submission/NEXT_STEPS.md. - Renamed the tracked UI screenshots to a kebab-case set led by the reviewed
briefing (01-briefing), claim evidence (02-briefing-claim-evidence), the
Ask DRIFT box (03-ask-drift), two grounded-answer examples
(04.1-ask-drift-grounded-answer-nccl-example,
04.2-ask-drift-grounded-answer-tensorRT-example), and the branded API docs
(05-api-docs); updated the README gallery image paths to match.
Release boundary
- This is a source and reviewed-evidence release. The live Railway store now
serves exactly five reviewed, verifier-passed Tier.FINAL Insights (IDs 10,
11, 13, 15, and 16), all produced atgpt-5.6-sol; the four Luna Insights
(IDs 3, 6, 7, and 8) were retracted to draft on 2026-07-17. Hosted app
verification remains atv0.8.0pending redeploy: the deployed Railway
/healthand Vercel frontend are not being described asv0.9.0. The
reported remaining account balance is planning context, not release
evidence; the configured spend guard remains authoritative.
DRIFT v0.8.1
Fixed
- Made live Ask DRIFT responses structured and grounding-aware. The model now
reports the Insight IDs it actually used, the API filters citations and
grounded_insight_idsto that subset, and stray or malformed model IDs can
no longer cause unrelated source links to be presented for a question. - Added regression coverage for subset citation behavior, malformed structured
responses, blank answers, router schema forwarding, and lifespan integration.
Release boundary
- This is a source patch release for the Ask DRIFT grounding fix, tagged from
feature/v0.9.0-final-evidence. Hosted Railway/Vercel verification remains
atv0.8.0until a deployment is independently checked.
Targeted releases — planned, not released
These targets are planning records only. They do not change the current
verified release (v0.8.0) or claim that the paid Tier.FINAL rerun has run.
v0.9.0 — final-tier evidence and selected polish
Targeted scope:
- rerun selected reviewed examples through Tier.FINAL (Sol), initially the
four currently published sources: Transformers, vLLM, NCCL, and TensorRT; - preserve source bytes, exact claim spans/hashes, upstream references, model
identifiers, verifier results, model-run audits, and meaningful human review
notes for every accepted result; - publish only verifier-passed results after human review, retaining the
existing bounded-evidence and spend/retry guardrails; and - optionally include narrowly scoped polish that improves judge clarity or the
demo path, provided it does not delay or blur the evidence boundary.
The Tier.FINAL run is still pending operator execution and budget validation.
The reported remaining account balance is planning context, not release
evidence; the configured spend guard remains authoritative.
v1.0.0 — final submission release
Targeted scope:
- final product and documentation polish after the evidence decision;
- final local/hosted verification of the judge path and bounded claims;
- a public English YouTube demo under three minutes showing the working
workflow, citations, verification, Codex contribution, and GPT-5.6 role; and - final README, submission notes, Devpost metadata, and video-link replacement.
v1.0.0 is the submission-final target, not permission to add new feature
surfaces such as MCP, tool calling, IDE integration, or a release timeline.
DRIFT v0.8.0
Codex session record
- Carried
019f6a78-6fa2-7121-9059-85ac8ceb9904from reviewed-evidence release
hardening andv0.7.0hosted verification through thisv0.8.0source
release.
Added
- Gave the three fixture Insights typed
claimsarrays backed by frozen,
checked-in synthetic source files. Every span, offset, source URL, and
source-content SHA-256 now follows the same invariant as a live claim; a
regression test rejects mismatched source text, hashes, URLs, offsets, or raw
item IDs. The Inspect claim evidence panel now renders in no-key fixture
mode without implying that example text is an upstream release note. The suite
passes 150 tests at 100% backend coverage. - Ask DRIFT grounded-chat box in the frontend (
frontend/app/AskDrift.tsx):
a single client component that posts a question to/chatand renders the
grounded answer, its source citations, the model/audit label, and the grounded
insight IDs, with explicit loading, no-match (HTTP 404), and error states. It
works in both fixture and live mode. The input now matches the/chat
contract (3–2,000 characters), reports server errors accurately, and announces
state changes accessibly. The/chatcontract was verified against the
fixture backend and the production frontend build passes. - Embedded the reviewed-briefing and claim-evidence screenshots in the README as
live-state visual evidence (assets/screenshots/03-briefing.pngand
04-briefing-claim-evidence.png), alongside the branded Swagger and
architecture assets. - Presentation architecture diagram — a hand-authored, presentation-grade
visual (assets/architecture/arch-{dark,light}.svg, generated by
build_arch.py+build_arch_raster.mjs) that dramatizes the six typed
stages as a first-look trust boundary: untrusted feeds → quarantined
machine drafts → the human review gate → trusted, published briefing. The
README anddocs/ARCHITECTURE.mdnow lead with it, with the Mermaid pipeline
kept as the maintainable system-of-record in a collapsible section.
Changed
- Restructured the README top for first impression: The Problem → What DRIFT
Does → Try DRIFT in 60 Seconds, leading with the hosted demo links and a
one-commanddocker compose upjudge path. Reframed the closing Disclaimer
as a positive Trust Model (untrusted input → frozen source span → separate
verifier pass → human review gate) and kept the Codex/GPT-5.6 usage section
prominent. - Made the Quick Start cross-platform: promoted
docker compose upas the
one-command local path and added bash/curl equivalents beside every PowerShell
command (setup, endpoint calls, and the live capture command). - Corrected the P1 tracker to name the implemented grounded-chat component
honestly. It uses/chat, whose retrieve-first backend already performs the
evidence lookup; the separate/searchendpoint remains available in the API
rather than duplicating live retrieval and provider work in the browser. - Renamed the tracked UI screenshots to clean kebab-case filenames
(01-landing,02-api-docs,03-briefing,04-briefing-claim-evidence) so
they embed reliably in Markdown. - Rebuilt the Mermaid architecture diagram (
arch-pipeline.mmd) into three
colour-coded trust zones (untrusted · quarantine · trusted) with the human
review gate as the crossing point, and regenerated all four light/dark
renders. The auto-laid Mermaid is kept acyclic — the "engineer also reviews"
loop-closing edge appears only in the hand-laid presentation diagram — so the
zones read left
to right. - Renamed the Mermaid architecture assets for clarity:
architecture-diagram*
→arch-pipeline*(source, renders, and theme configs), pairing them with the
new hand-authoredarch-*presentation diagram, and updated every reference
across the README,docs/ARCHITECTURE.md,CONTRIBUTING.md, and the asset
guides. - Elevated the canonical DRIFT brand banners to share the presentation diagram's
visual system — trust-zone palette, node styling, gold human-review gate,
dot-grid field, and a subtle GPU compute-lattice backdrop (circuit traces,
vias, and a PCB edge-connector) behind the evidence-path card — via a new
assets/brand/build_banner.pygenerator (with abuild_banner_raster.mjs
PNG export). The API-served SVG filenames
(drift-banner-{dark,light}.svg) are unchanged, sobackend/main.pyand the
Docker image keep serving them. - Refreshed the README Project Structure tree to match the current backend,
frontend, assets, scripts, migrations, and tooling layout. - Locked one DRIFT signature gradient (teal
#2dd4bf→ indigo#818cf8
dark /#0d9488→#4f46e5light) across the banner wordmark and the
presentation-diagram eyebrow, with the semantic node/trust colours kept for the
diagrams. The endpoints are the diagram's own source-teal → agent-indigo
hues; the locked palette is documented inassets/brand/README.md. - Added a Powered by GPT-5.6 tiers · Luna · Terra · Sol credit to the brand
banner, and a GPU compute-lattice backdrop behind the evidence-path card.
Repository operations
- Enabled branch protection on
main(2026-07-17): the five CI quality-gate
checks (Ruff lint, Mypy type check, Tests and coverage, Frontend build, and
Documentation hygiene) are required, with strict up-to-date merges; admins
retain a bypass for pre-deadline hotfixes. Tag-only release checks are
intentionally excluded. - Confirmed the Codecov
pytestupload on the dashboard (2026-07-17): the
tokenless OIDC upload is queued and processed, and the repository and
flag=pytestcoverage badges both resolve to 100%.
DRIFT v0.7.0
Hosted deployment verification — 2026-07-16
- Verified the Git-connected Railway
v0.7.0deployment inDRIFT_MODE=live:
/healthreports0.7.0,/docsreturns200, and a Vercel-origin CORS
preflight allowsGET, POST. - Verified that
/briefing?top_n=10returns the four reviewed Insights without
human_review_notes, and that/openapi.jsondoes not expose that field. - Verified the deployed Vercel bundle requests
briefing?top_n=10.
Reviewed-evidence capture and hosted verification — 2026-07-16
- Published four human-reviewed Insights through
publish_verified_insights
after source-excerpt review: Transformers v5.14.1, vLLM v0.25.1,
NCCL v2.30.7-1, and TensorRT 11.1 (draft IDs 3, 6, 7, 8; drafted and verified
at thedev/gpt-5.6-lunatier to bound cost). - Verified the hosted Railway
v0.6.1app inDRIFT_MODE=livenow returns
provider-backed content:/briefingis non-empty,/search?q=vllmreturns
the vLLM v0.25.1 Insight, and/chatreturns a groundedgpt-5.6-terra
answer citing the vLLM/NCCL/Transformers releases
(grounded_insight_ids[6, 7, 3]). This supersedes the earlier empty
fail-closed briefing verification. - Archived the reviewed evidence and SHA-256 integrity manifest to
assets/evidence/2026-07-16-all-sources-reviewed.json
(sha2562e08896b3c1c9507b557fc84e5558ce05343f9202227bb3a1ff7e964002d2318).
Fixed
- Prevented empty or truncated structured-model responses from aborting a
capture. Reasoning tokens share the response budget, so the output-token
ceilings were raised for severity classification (40 → 256), Insight drafting
(1200 → 4000), and the claim verifier (400 → 800). - Raised the frontend briefing request from
top_n=3totop_n=10so the home
page surfaces every reviewed Insight across sources, not just the top three
(the/briefingendpoint already acceptstop_nup to 10).
Changed
- The capture pipeline now generates each cluster's Insight independently and
skips — with a loggedinsight.generate.skippedwarning — any cluster whose
draft fails grounding or verification, instead of discarding the whole run on
a single failed cluster. - The claim verifier now publishes only the verifier-accepted claims and drops
the rejected ones, still requiring at least one direct fact and one
recommended check, rather than rejecting an entire Insight when any single
claim is rejected.
Added
scripts/check_openai_spend.py: a read-only, admin-key OpenAI cost check that
reconciles the DRIFT project's real spend against the local
.drift/spend-ledger.jsonguard (the local guard tracks only DRIFT's calls, so
reconciliation is scoped to an explicit--project-id/DRIFT_OPENAI_PROJECT_ID
rather than the organization total), withscripts/README.md. Uses the Costs
APIgroup_by/project_idsarray query parameters.
Testing
- Added pipeline tests for per-cluster skip-on-failure and the all-skipped
guard, an Insight test for publishing only verifier-accepted claims, and
updated the claim-grounding calibration eval so an ambiguous inference is
dropped while the verified fact and check survive.
Evidence-integrity, review-note redaction, and notebook hardening — 2026-07-16
- Fixed the evidence archive writer to emit raw LF bytes (
write_bytes) so the
manifest SHA-256 matches the evidence file's exact on-disk bytes on every
platform;write_textpreviously translated\nto\r\non Windows,
leaving the manifest hashing bytes the file no longer contained. Added
.gitattributespinningassets/evidence/*.jsonto LF socore.autocrlf
cannot re-introduce the mismatch, and a byte-level hash regression test. - Made
human_review_notesdatabase-only: the publicInsightcontract now
excludes it from serialization (Field(exclude=True)) and the live-store
reader no longer copies it across the API boundary, so/briefing,/search,
and/chatcan never return internal review text. Added model- and
endpoint-level regression tests. - Sanitized
notebooks/drift_manual_run.ipynbto a clean, output-free template
(reset capture trigger, publish/archive IDs, and review notes), and made
notebooks/drift_manual_run.results.ipynba Markdown-only display record;
it contains no runnable cells, operator configuration, provider/budget logs,
or review notes. A regression test protects that boundary. - Full suite: 149 tests at 100% backend coverage.
DRIFT v0.6.1
Fixed
-
Made the FastAPI documentation banner frame follow
prefers-color-scheme,
so the light canonical banner no longer sits inside a dark wrapper. -
Made the frontend briefing state explicit: it now distinguishes a loading
request, an unreachable API, and the intentional empty state before reviewed
evidence has been published. -
Made the frontend select the API-served canonical DRIFT banner pair with
prefers-color-scheme; it no longer copies SVGs into the Vercel build, and
its palette follows the same light/dark system preference as the README and
API docs. -
Corrected current local-test documentation to 142 tests at 100.00% backend
coverage and replaced the placeholder clone URL.
Hosted deployment verification — 2026-07-16
- Verified the Git-connected Railway
v0.6.1deployment inDRIFT_MODE=live:
/healthreportedv0.6.1,/briefingreturned[]because no Insight is
human-reviewed,/docsreturned200, and a Vercel-origin CORS preflight
passed. - Verified that the deployed Vercel HTML references the canonical API-served
light/dark banner pair. This is source-markup verification, not a separate
browser visual check of the post-fetch empty state.
Codex session record
- Added
019f6a46-e3eb-7de2-81b1-91515ae80043for the submission audit and
frontend evidence-presentation follow-up. Initiative 04 remains the primary
/feedbacksession for core functionality.
DRIFT v0.6.0
At release-tag creation, v0.6.0 was the current local source release and its
hosted verification had not yet occurred. The dated Unreleased addendum records
the subsequent hosted deployment verification without rewriting that history.
Added
- Added migration
0003_claim_evidence_review_gate, typed claim contracts, and
frozen exact evidence spans with character offsets, source SHA-256 hashes,
and retained upstream GitHub release/PR/commit references where present. - Added a separate, routed structured claim-verifier call and a second durable
model_runsaudit pointer for each generated draft. The verifier rejects
unsupported or misclassified claims but remains model-aided screening, not
proof. - Added explicit
direct_fact,inference, andrecommended_checklabels;
separate upstream release-type, potential operator-risk, and applicability
metadata; and claim-evidence presentation in the frontend. - Added
backend.review.publish_verified_insights()and the judge-facing
DRIFT Manual Run innotebooks/drift_manual_run.ipynb. It makes the source
roster, spend-gated capture, claim evidence, human review, and archive proof
chain visible; it starts at one item per configured source (at most eight),
refuses Railway's private database hostname, and leaves publication empty by
default. - Added reviewed-capture evidence archiving with a SHA-256 sidecar manifest.
The notebook archives only reviewed verifier-passed Insights, excludes review
notes/secrets, and refuses to overwrite a dated record. - Added claim-grounding calibration fixtures/tests for unsupported facts,
ambiguous interpretation, and instruction-shaped release text.
Changed
- Replaced the canonical dark and light DRIFT brand banners with a cinematic,
semiconductor-inspired evidence path. Vercel derives the dark variant from
assets/brand/at build time; the README renders the dark/light pair by
color scheme. Both show an explicitly connected primary-release → GPU
compute-lattice → evidence/review/check story with source-neutral copy.
Headline spacing is responsive and avoids compressed word shapes at narrow
widths. - Capture output is now always a verifier-passed draft. Live briefing,
search, and chat filter to human-reviewed drafts with recorded review notes;
no capture flag can publish output automatically. - Updated the product contract: DRIFT offers traceable primary facts, labelled
interpretation, and bounded checks—not a compatibility verdict, guarantee, or
automated infrastructure decision. - Updated architecture, ADRs, runbook, build sequence, contributor guidance,
submission guidance, and diagrams for the review-first boundary.
Fixed
- Added an optional
DRIFT_DATABASE_PUBLIC_HOST/DRIFT_DATABASE_PUBLIC_PORT
override that preserves a private RailwayDATABASE_URL's credentials and
database name while routing local notebook/Alembic connections through its
public TCP proxy. - Bound only the derived raw-item text sent to
text-embedding-3-small, while
preserving complete fetched evidence for provenance and Insight generation.
This prevents oversized release bodies from exceeding the embedding API's
per-input limit during a bounded capture. - Settle successful embedding calls from their returned token usage and the
router's embedding rate, rather than recording the full conservative call
cap as spend. Failed or usage-unknown calls remain conservatively capped. - Reject non-JSON or secret-shaped capture metadata before an evidence archive
can be written, preserving the archive's no-credentials/no-review-notes
contract at the helper boundary as well as in the notebook.
Hosted verification
- On 2026-07-16, Railway PostgreSQL was verified at
0003_claim_evidence_review_gatethrough its public TCP proxy before the
subsequentv0.6.0application deployment verification recorded above. - On 2026-07-15, the previous hosted
v0.5.1deployment applied migrations
through0002_capture_provenanceand served one unreviewed vLLM Insight from
public/briefingwith its primary citation; Vercel CORS preflight also
passed. This historical application verification predates0003; it is not
evidence of review-gated live analysis. - Added a scrubbed, committed hosted-evidence record under
assets/evidence/;
it preserves the verified response and boundaries without credentials or
local spend-ledger data.
DRIFT v0.5.1
Railway PostgreSQL connection-string compatibility patch.
Fixed
- Normalize provider-native
postgres://andpostgresql://connection URLs
to SQLAlchemy's required asyncpostgresql+asyncpg://dialect before the
application engine or Alembic migration environment is initialized. - Added full branch coverage for native, legacy, and already-normalized
PostgreSQL connection URLs, so the Railway database reference can be used
directly without composing credential variables.
Deployment note
- The API service must reference the database service's complete native
DATABASE_URL;v0.5.1supplies the driver normalization. Applying
migrations and creating the first reviewed capture remain operator actions.
DRIFT v0.5.0
Bounded local capture-path release with persisted source and model provenance.
Added
- Added a bounded one-shot
backend.pipelinecapture job that persists and
reloads primary-source evidence, generates and embeds Insights, writes the
live store, and records optional human review notes. - Added Alembic revision
0002_capture_provenancewith source-content hashes,
durablemodel_runsaudit rows, Insight-to-run linkage, and review metadata. - Added bounded spend reservation and retry/circuit handling to synchronous
embedding, classification, and Insight-generation provider calls. - Added local live-store-backed
/briefingand frontend cards that expose
source links, confidence, model/audit label, rationale, and bounded action.
Changed
- Corrected the generic NCCL fixture from an unsupported
securitylabel to
minor; fixture records remain examples, not release findings. - Removed the superseded
docs/DRIFT_Realistic_Next_Steps.mdplan and
synchronized current-state documentation with the capture boundary. - Verified 118 tests at 100.00% backend coverage with Ruff, mypy, and the
frontend production build passing.
Remaining operator gates
- Apply the new migration to a clean PostgreSQL/pgvector instance, run and
review real model captures, then deploy and verify the updated hosted path. - Record the public narrated demo and submit the Developer Tools entry.
Codex session record
All project-session IDs are retained here in addition to
docs/INITIATIVES.md:
- Foundation and inspectable vertical slice —
019f61e7-1ea1-7742-9acc-99d62f39b888 - Publication and judge-readiness baseline —
019f61fc-c32e-7d92-9d2e-0bd9083d08e7 - Hosted deployment and README follow-up —
019f6253-ddfc-7272-8077-e34dfb3aee84 - Grounded live chat, resilience, and locked delivery (primary
/feedback
candidate) —019f62b9-10b7-7d82-a463-e6eb1192141c - Day 1 feed/database and Day 2 Synthesizer —
019f62e8-6715-70e2-a92a-fe28254f7b71 - Day 3/Day 4 Insight structured output —
019f6336-3690-7022-a8ef-c8c0947e240f - Bounded capture/provenance and documentation cleanup —
019f66b4-78b8-7943-a41d-91e836d28f00