Skip to main content

Roadmap

Missing pieces

  • Build and test verification records — build_verified/tests_verified are false in the manifest
  • Release artifacts and release document per DRS (installer naming and SHA-256 not recorded)
  • Per-version release verification block and release checklist entries
  • Artifact integrity evidence (filehash.txt / release-evidence) for any packaged artifact
  • Explicit signing status and installer/package publishing posture
  • Manifest release fields (release.installer.sha256, release.verified) populated for a release
  • Automated CI or documented reproducible build steps (pyproject build/test commands not verified)
  • Documentation packaged with publish output
  • A migration / data-format contract (schema version markers, backup-before-migrate) for any future vault/data upgrade

Next steps

  1. Run a clean local build and record build commands and results (Python build, Node builds); append to manifest verification
  2. Run the pytest dev suite and record the runner name and test count in manifest.release.verified
  3. Perform an end-to-end ingestion → embedding → DuckDB query → lookup flow, recording install/run verification
  4. Populate manifest.release.* fields — date, artifact path, package_version, sha256, size_bytes, verification details
  5. Create release-evidence/v2.0.0/ with build.log, test.log, install-check.txt, filehash.txt
  6. Confirm and document Ollama connectivity and model versions; record dependency provenance for embed models
  7. Add minimal packaged documentation to publish output (release note, Project-README, trust note)

Potential improvements

  • Machine-readable schema version markers on atomic entries, recorded in the manifest
  • A lightweight migration contract with a backup-before-mutate step for data-format changes
  • CLI commands for export/import and offline verification (verify, repair, export-entries)
  • Automated reproducible local builds, with a documented reproducibility guide
  • An evidence-producing verify command emitting install-check and filehash artifacts for release-evidence

Creative enhancements (ideas on file, not committed)

  • AST-aware code snippet indexing — parse snippets to an AST for semantic code search and normalized matching across languages
  • A clipboard timeline view surfacing entries by recency + embedding-similarity clusters, to find contextually related items fast
  • A privacy scrubber mode — automated redaction detecting and masking secrets before embedding or storage
  • On-device hybrid embeddings, combining small local model embeddings with selective remote refinement to balance privacy and quality
  • Knowledge graph linking — detecting entities/commands across entries to surface related snippets and workflows