Skip to content

v0.44.0 - Write-time integrity, secret custody, quiet maintenance

Choose a tag to compare

View all tags
@solaitken solaitken released this 05 Jun 06:16
· 9 commits to main since this release
v0.44.0
789e3e3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Open Second Brain v0.44.0 - Write-time integrity, secret custody, quiet maintenance

Every write into the Brain now passes a declared contract: the schema pack becomes the single declarative ontology - controlled-vocabulary labels, link-type endpoint constraints, per-type attribute descriptors, and a frontmatter field tier map, all additive - and each contract enforces at its existing seam, so an out-of-vocabulary label is rejected with the allowed values in the error, a typed edge whose endpoint page types violate the declared pairs falls back to an untyped link at index materialization, a hand-edited identity join key stages a drift finding the snapshot never absorbs instead of silently corrupting the index, an agent uses a deploy token through an allowlist-gated subprocess without the value ever entering its context, and the heavy dream/reindex pass waits for a quiet window behind an expiring lease instead of landing on top of live recall.

Write-Time Integrity & Governance Suite

What ships

Capability Surface
Schema-pack ontology fields: labels, link_constraints, attributes, frontmatter_tiers - additive, audited mutations Brain/_brain.yaml, o2b brain schema apply
Controlled-vocabulary labels: fail-closed, single-choice per dimension, filterable recall o2b brain label, MCP brain_labels, --property labels=<dim>/<value>
Link-type endpoint constraints enforced at index materialization (index schema v6); removing a constraint restores the edges relation_blocked, IndexStats.relationViolations, schema lint
Per-type attribute fields whose validation errors list the declared fields WITH descriptions o2b brain attr, schema explain output
Four-level frontmatter tier guard: tier-respecting writer merge, identity-drift detection, staged repair o2b brain tiers check|restore|accept, MCP brain_tiers, doctor warning
Capability-gated secret custody: AES-256-GCM at rest, stdin-only ingestion, allowlisted exec with a minimal child env, redacted output, no-values audit o2b brain secret, MCP brain_secrets, Brain/log/secret-custody/
Quiet-window lease-guarded maintenance lane: window + busy + lease gates, stale-first tasks, bounded journal o2b brain maintenance, MCP brain_maintenance

Process wins

  • The ontology is declared once and every write seam reads the same source of truth - no validateWrite() framework layer, just the schema-pack machinery three releases already proved.
  • Errors teach instead of refusing: the rejected label carries the allowed values, the rejected attribute carries the declared fields with their natural-language descriptions, so agents converge on the operator's domain language without reading docs.
  • Humans are never write-denied: the tier guard detects hand-edits against an index snapshot and stages restore | accept - the operator stays the judge, and reindexes never absorb the edit.
  • Custody extends the governance thesis from redaction to safe use: the credential enters via stdin, lives as per-value ciphertext, leaves only into an allowlisted subprocess env, and every operation lands a no-values audit record.
  • Heavy maintenance becomes a polite tenant: gate refusals exit 0 and land in the journal, the lease survives crashes by expiry, and --force can skip the soft gates but never mutual exclusion.
  • Bit-identical neutral defaults throughout: a vault that declares none of the new fields parses, renders, indexes, and recalls exactly as v0.43.1 - pinned by tests.

Notes

  • Suite: 4090+ tests pass (527 files), typecheck clean, oxlint baseline preserved, python plugin suite 61/61.
  • MCP tool count grows 69 -> 73 (brain_labels, brain_tiers, brain_secrets, brain_maintenance), all with preview budgets.
  • The search index schema advances to v6 (additive, reindex-safe): documents.page_type, documents.tier_snapshot, links.relation_blocked, and the tier_drift table.
  • Secret custody's threat model is stated honestly: it protects against context leakage, vault sync exposure, and casual reads - not against root or same-user processes.
  • Full changelog: https://github.com/itechmeat/open-second-brain/blob/main/CHANGELOG.md
Assets 4
Loading