KeiSeiKit-1.0/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Entries are generated from the git history via _primitives/_rust/kei-changelog (a conventional-commits walker). Regenerate a single version block with, e.g.:

_primitives/_rust/target/release/kei-changelog \
  --from v0.14.2 --to v0.15.0 --version v0.15.0 --update CHANGELOG.md

Unreleased

Work in flight on feat/v0.16-changelog-gen and follow-up branches. Only placeholders — no corresponding commits exist yet. Any line that ships must be replaced with the real commit summary before release.

Added

• primitives (v0.21 — keisei SSoT relocation + Scope enum):
  • Marker file relocated from ~/.claude/keisei-attached.toml to ~/.keisei/attached.toml. ~/.claude/ is Claude-Code-specific territory and should not host cross-adapter keisei state. config::read() performs a one-shot migration the first time it runs under v0.21: if the legacy file exists and the new location is empty, the marker moves over (new file written, legacy file deleted) and a stderr notice is emitted.
  • Scope enum (user / project) on the ClientAdapter trait. Adapters declare supported_scopes(); config_path(scope), attach(brain, scope), detach(brain_name, scope) are scope-aware. Claude Code and Cursor support both scopes; Continue and Zed are user-only. keisei attach gains --scope=<user|project> (default user); keisei mount stays host-wide (Scope::User fan-out by design).
  • Marker schema v3: each [[attachments]] entry carries scope = "user" | "project". Pre-v0.21 markers without the field default to Scope::User silently. New error variant Error::ScopeUnsupported { client, scope, supported } fires when a caller asks for a scope the adapter doesn't advertise.
• primitives (v0.21 — kei-store real S3 backend):
  • S3CloudStore — functional S3 / R2 / MinIO / Wasabi backend via aws-sdk-s3 v1. GetObject / PutObject / ListObjectsV2 (paginated) / DeleteObject wired behind the existing MemoryStore trait (sync-over-async via a single-thread tokio runtime). Enables keisei attach s3://my-bucket/brain/ as a real cloud-mount path, not just a local stub.
  • Opt-in feature flag s3 on the kei-store crate — off by default so users who don't need cloud pay zero binary weight. Enabling adds tokio + hyper + rustls + aws-sdk-s3 (~5 MB release binary growth).
  • AWS default credential chain honoured (env vars → ~/.aws/credentials → IMDS). No new credential format; RULE 0.8 secrets-single-source unchanged.
  • Endpoint override for non-AWS S3-compat providers via KEI_STORE_S3_ENDPOINT env var (runtime) or s3.endpoint in store-config.toml (persistent). Path-style addressing auto-enabled when a custom endpoint is set (MinIO / some R2 configs).
  • "Branch" semantics: S3 has no native branching, so a branch is modelled as a key prefix (<branch>/<path>). branch() sets the active prefix in-memory; default main.
  • Factory auto-routes: backend = "s3" + feature s3 + s3.bucket set → real cloud; otherwise falls back to the v0.14 local-manifest stub (still behind KEI_STORE_ALLOW_S3_STUB=1).
  • Path-traversal guard parity with FilesystemStore: absolute and ..-component paths rejected before keys are spliced.
• primitives (v0.20 — brain schema v2 + per-client hint):
  • Brain schema v2 with per-platform mcp_server dispatch — a single brain directory can now host binaries for darwin-arm64/darwin-x64/linux-x64/linux-arm64/windows-x64 and keisei attach picks the right one automatically. Schema v1 (single string) still accepted for backward-compat.
  • ClientAdapter::post_attach_hint() — per-client reload instruction, no more hardcoded Claude-Code string in the orchestrator.
• primitives: keisei CLI MVP — attach <brain-path> + status subcommands for mounting a portable exobrain directory into Claude Code. First step of the v0.18 exobrain architecture (multi-client adapter surface prepared; only claude-code adapter ships in MVP).
• primitives (v0.19 — multi-client exobrain):
  • keisei mount <brain-path> — attach a brain to EVERY detected AI client in one shot (Claude Code + Cursor + Continue + Zed).
  • keisei detach — remove the brain from every client recorded in the marker, preserving user's other MCP/context-server entries.
  • keisei list-adapters — tabular dump of every registered adapter and whether it's detected on this host.
  • 3 new ClientAdapter implementations: cursor (.cursor/mcp.json project-local or ~/.cursor/mcp.json global), continue (~/.continue/config.{yaml,json} — YAML preferred, JSON fallback), zed (~/Library/Application Support/Zed/settings.json on macOS or ~/.config/zed/settings.json on Linux, under context_servers).
  • keisei-attached.toml schema v2 — carries a list of [[attachments]] (client_type + config_path) instead of a single client_type. v1 markers read transparently (auto-migrated in memory).
  • New error variants: AdapterFailed { client, reason } and ConfigParseError { path, reason }.
• Placeholder: CHANGELOG.md generation wired through kei-changelog (this file).
• Placeholder: .github/workflows/release.yml — tag-driven multi-platform release.
• Placeholder: pre-built-binary install path in install.sh (KEI_SKIP_RUST_BUILD=1).
• added: kei-mcp-server single-binary compile for 5 platforms (linux/darwin/windows × x64/arm64 where available) via bun build --compile — v0.18 Phase 1 of the exobrain distribution architecture. Ships as bare binaries + .sha256 sums on every GitHub release; install.sh detects a dropped binary at _primitives/_rust/target/release/kei-mcp-server-<os>-<arch> and skips bun/npm build. Opt-out via KEI_SKIP_MCP_BUILD=1. See _ts_packages/packages/mcp-server/BUILD.md.

Changed

• Placeholder: plugin / block format refresh targeted for v0.16.0.

Security

• primitives/keisei (v0.19.2 audit polish — M1): keisei-attached.toml marker is now chmod 0o600 on unix (Windows unchanged — no equivalent bit). The marker carries the resolved brain_path and every attached client's config path; restricting it to owner-only closes the residual "other local user can enumerate attached brains" surface.
• primitives/keisei (v0.19.2 audit polish — L9): every manifest-sourced string printed by status and attach (brain name, brain path, client/config paths) is now scrubbed through display::sanitize_display, which replaces every ASCII control byte (< 0x20 or == 0x7F) with ?. Closes the escape-sequence injection surface from a malicious brain.name like "evil\x1b[2Jpayload" that would otherwise clear the user's terminal or rewrite already-printed lines.
• primitives/keisei (v0.19.2 audit polish — L12): manifest.toml is now capped at 64 KiB (Error::ManifestTooLarge { size, max }). The check runs off fs::metadata before read_to_string so an attacker-supplied 1 GB file can't exhaust memory inside the toml parser. Legit manifests are ~1 KB; the cap is three orders of magnitude of headroom.

Fixed

• Placeholder: hook-bypass edge case follow-up to v0.15.1.
• primitives/keisei (v0.19 audit hardening): close 3 Security HIGH + 3 Critic HIGH + 2 Critic MEDIUM findings. Path-escape guard on mcp_server + memory/artifacts/manifests (absolute / .. / canonical-mismatch → PathEscape); brain-name regex ^[a-z][a-z0-9_-]{0,63}$ (InvalidName); symlink-rooted brain inputs rejected (BrainIsSymlink — closes USB → $HOME pivot); MCP-entry collision check across all 4 adapters (NameConflict instead of silent clobber); dropped unused rusqlite dep (no C toolchain tail); BrainPaths.{memory,artifacts,manifests} relaxed to Option<String>; $KEISEI_HOME/$HOME resolver deduped into paths.rs SSoT; fsx::write_atomic rewritten on tempfile::NamedTempFile for Windows + cross-fs correctness; 5 adversarial integration tests added (16 total pass).
• primitives/keisei (v0.19.2 polish): dropped unused ClientAdapter imports from mount.rs + detach.rs; Error::NotAttached and AttachRecord::has_client now carry explicit #[allow(dead_code)] markers documenting that they're reserved for future callers / test-only respectively. cargo check -p keisei is warning-clean; integration suite is 19/19 pass (3 new: marker_file_has_0600_perms_on_unix, status_sanitizes_control_chars_in_brain_name, manifest_too_large_rejected). brain.rs module-level doc-comment now lists the v0.19 invariants (path confinement / symlink reject / name regex / manifest size cap) and flags schema v2 as v0.20.

Security

• Pinned all GitHub Actions (ci.yml, release.yml) by full commit SHA to defend against CVE-2025-30066-class supply-chain attacks via mutable tag re-pointing.
• Removed || bun install fallback from release.yml build-mcp-binary job — lockfile is now strictly REQUIRED (H4 audit finding).
• Added .github/dependabot.yml for weekly SHA update PRs on github-actions, npm, and cargo ecosystems.
• v0.20.1 — workflow validation defense-in-depth: motivated by the 2026-04-22 incident where dtolnay/rust-toolchain@3c5f7ea... SHA-pinned a specific Rust version (1.94.1 branch tip) instead of "install current stable", breaking CI for 4 jobs. Added three gates against the incident class: scripts/install-actionlint.sh (pinned v1.7.12 installer, macOS-arm64 + linux-x64), scripts/lint-workflows.sh (actionlint runner, advisory if binary missing), scripts/validate-workflow-shas.sh (git-ls-remote every uses: <repo>@<sha40> pin; exits 1 on SHA MISSING, soft-continues on network errors with [UNVERIFIED]), scripts/pre-commit-workflow-lint.sh (symlink-to-install pre-commit hook, fires only when workflow files are staged), and new workflow-lint CI job running the two validators on every push + PR.

0.15.0 — 2026-04-22

Added

• primitives: kei-artifact typed handoff pipeline (BMAD-style doc passthrough) (3f303b7)
• blocks: 5 cognitive mode blocks + 2 manifest wirings (fdfc690)

0.14.2 — 2026-04-22

Added

• hooks: runtime controls via KEI_DISABLED_HOOKS + KEI_HOOK_PROFILE (v0.14.2) (1a448e8)

Removed

• genesis-scan from public kit (internal tool, Bundle-only) (268226b)

0.14.1 — 2026-04-22

Added

• ci: GitHub Actions workflows + .claude/worktrees gitignore (407e8b7)

Changed

• readme + install: reconcile all count drift (F4 RELEASE BLOCKER) (0199fd4)
• rust: misc schema/main refactor in 8 crates (assorted CP splits) (61448b9)
• mock-render: split main.rs 227 LOC into 4 cubes (F5a Constructor Pattern) (ad5977d)

Fixed

• kei-auth: remove --key CLI flag (F12 HIGH — /proc/cmdline leak) (b449587)
• kei-refactor-engine: retract 'git apply-ready' claim (F1 RELEASE BLOCKER) (f50ef43)
• kei-store: path-traversal guard (F2 RELEASE BLOCKER) + S3 stub gate (F7) + GitHub RULE 0.1 guard (F8) (ad9c53f)

0.14.0 — 2026-04-22

Added

• primitives: 10 Rust crates extracted from LBM (Genesis-scrubbed) (a5e6649)
• ts-packages: 6 TS packages — MCP server + 5 external-API adapters (7b647d5)

Changed

• rust-core: Constructor-Pattern splits in kei-router + kei-auth (afed921)

0.13.0 — 2026-04-22

Added

• integration: deep-sleep wired into MANIFEST + sleep-setup Phase 3b + README (bcd80f6)
• primitives: 4 Rust crates for deep-sleep — conflict-scan, refactor-engine, graph-check, store (0f75493)
• skills: /onboard auto-project-analyze with 3-mode apply (full-auto / step-by-step / full-manual) (1396139)

Changed

• readme: "Why Rust, not Python" paragraph in author note (92c918a)
• readme: clarify "my sample, not claim of originality" in author note (47d2448)
• readme: add "double sorry" disclaimer in author note (3d5d768)
• readme: move "From the author" to opening, expand with transformer-error context (fd67315)
• readme: add "From the author" note (b103c3d)

0.12.0 — 2026-04-22

Added

• integration: Phase A incubation wired into trigger + install + README (d72de64)
• skills: /sleep-on-it 6-phase wizard + kei-sleep-queue CRUD + incubation prompt (30df6cb)

0.11.0 — 2026-04-22

Added

• integration: --with-sleep-sync flag + README Cloud REM sync section (1dd05c6)
• skills: /sleep-setup 5-phase wizard (click + 1 free-text URL) (b658f81)
• hooks: session-end-dump calls kei-sleep-sync after ingest (1ab39d5)
• primitives: kei-sleep-setup wizard + kei-sleep-sync helper + trigger template (4fdaab6)

0.10.0 — 2026-04-22

Added

• integration: register genesis-scan in MANIFEST core+full + README + install.sh sizing (93ba0a0)
• hooks: git-pre-commit-genesis — template for repo symlink into .git/hooks/pre-commit (670af3f)
• primitives: genesis-scan Rust — patent-IP leak detector (CI / pre-commit) (5db8548)
• integration: wire kei-memory into MANIFEST + settings-snippet + README for v0.10 (0b5da5a)
• skills: /self-audit 5-phase triage pipeline (334a867)
• hooks: 3 self-audit triggers — stop / milestone / error-spike (a5c3896)
• primitives: kei-memory Rust crate — offline session analyzer (Genesis-clean) (448fc07)

0.9.1 — 2026-04-21

Added

• install: interactive menu (whiptail / dialog / plain) + confirm screen + --yes / --no-execute (4809269)

0.9.0 — 2026-04-21

Added

• install: modular profiles + --add / --remove / --list incremental install (b1b8de0)
• primitives: MANIFEST.toml — SSoT for 21 primitives + 6 profiles (764a999)

Changed

• readme: install profiles table + migration note for v0.9.0 (47931a3)

BREAKING: default install profile is now minimal (was full). Re-run with --profile=full to preserve prior behaviour.

0.8.0 — 2026-04-21

Added

• install: copy _primitives/ + build Rust workspace; register agent-fork-logger + site-wysiwyd hooks (b0d9389)
• hooks: site-wysiwyd-check PostToolUse(Edit | Write) drift advisory (c2041b4)
• skills: /site-create pipeline (phases 0–4 — phases 5–6 deferred) (839ae57)

Changed

• compose-solution: prior-art grep paths + phase-5 cross-refs for 10 pipelines + 21 primitives (f664cbc)
• readme: v0.8.0 — 73 blocks / 34 skills / 21 primitives / 6 hooks / 11 bridges + pipelines section (ed7d566)