SCM v1.1.0: deterministic lineage and reliability gates#10
Conversation
saishshinde15
left a comment
There was a problem hiding this comment.
Release review completed against the V1.1 reliability acceptance criteria.
No blocking findings. The review verified deterministic single-leaf contradiction lineage, stale-candidate resolution, local and PostgreSQL repair/rollback behavior, suppressed-memory preservation, same-user concurrency protection, credential-free attribution qualification, public API compatibility, version parity, and release asset construction.
Evidence: two independent clean local qualification runs reported ready_for_release=true; the 25-process x 120-update contradiction storm completed with zero failures; and all hosted CI, PostgreSQL, installed-wheel, Python 3.10-3.12, and adversarial qualification checks passed.
There was a problem hiding this comment.
Pull request overview
This PR ships SCM v1.1.0 reliability improvements by making contradiction/version lineage deterministic (single canonical current leaf), repairing branched snapshots on import/load, and adding permanent qualification gates for lineage stress and multi-agent attribution safety.
Changes:
- Enforce deterministic lineage updates (canonical current leaf + lineage locking) and normalize/repair branched imports/snapshots with
lineages_repaireddiagnostics. - Add production tests and a release-only 25-process/120-update lineage stress gate plus attribution safety qualification tests and evidence artifacts.
- Bump runtime/docs/package versions to
1.1.0and update release workflows to attach qualification + evidence assets.
Reviewed changes
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/production/test_postgres_embedded.py | Adds PostgreSQL repair/idempotence + rollback coverage for branched snapshots. |
| tests/production/test_lineage_reliability.py | Adds deterministic lineage, import-order, concurrency, local snapshot repair, and retrieval canonicalization tests. |
| tests/production/test_attribution_safety.py | Adds credential-free multi-agent attribution safety regression tests (parity, isolation, tool identity, untrusted delimiter). |
| src/version.py | Bumps Python runtime version constant to 1.1.0. |
| src/integrations/user_state_store.py | Repairs branched snapshots on load/recover and persists repaired state with repaired status + logging. |
| src/integrations/tools.py | Resolves stale retrieval candidates to canonical current concept and filters non-canonical/non-current results. |
| src/integrations/postgres_state_store.py | Mirrors local repair behavior for PostgreSQL snapshots (repair-on-load + persist + repaired status + logging). |
| src/integrations/mcp_server.py | Treats repaired loads as degraded in health snapshots. |
| src/core/long_term_memory.py | Adds lineage lock, canonical-current selection, lineage normalization/repair, and deterministic candidate selection. |
| sdk/js/README.md | Clarifies JS client is source-installed (not published to npm) and is a remote REST client. |
| sdk/js/package.json | Bumps JS metadata version to 1.1.0. |
| scripts/run_product_qualification.py | Adds lineage contradiction stress gate and upgrades clean-env packaging tools. |
| scripts/run_lineage_stress.py | New release-only multiprocessing lineage stress gate runner. |
| README.md | Updates docs links and describes new lineage + attribution gates for 1.1. |
| quality/evidence/multi_agent_attribution_2026_07_14.json | Adds sanitized aggregate attribution evidence for the release archive. |
| pyproject.toml | Bumps package version to 1.1.0. |
| docs/SAFETY_VALIDATION.md | Documents attribution validation scope, limitations, and how CI gates the invariants credential-free. |
| docs/QUALITY_GATES.md | Adds lineage reliability + attribution safety gates and updates 1.1 wording. |
| docs/PUBLISH.md | Updates 1.1.0 publish/tag instructions and clarifies npm remains excluded. |
| docs/GETTING_STARTED.md | Updates introductory version wording to SCM 1.1. |
| docs/ARTIFACTS.md | Documents the v1.1.0 validation release artifacts and evidence archive. |
| CHANGELOG.md | Adds v1.1.0 release notes including lineage determinism + safety gate additions. |
| .github/workflows/release.yml | Updates release workflow to include qualification artifact + evidence archive and generate checksums. |
| .github/workflows/product-qualification.yml | Ensures qualification installs the langchain extra in CI. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ( | ||
| cd dist | ||
| cd release-assets | ||
| sha256sum ./* | ||
| ) | sed 's# \./# #' > SHA256SUMS | ||
| ) | sed 's# \./# #' > release-assets/SHA256SUMS |
What changed
lineages_repaireddiagnostics.1.1.0; package qualification JSON and aggregate evidence in the tag release.Root cause
Historical concepts participated in version-candidate search. Equal or near-equal similarity could select an archived version, supersede it again, and create multiple terminal leaves.
get_lineagethen selected the first current flag while retrieval could return another current-marked leaf.Compatibility
The five canonical tools,
SCM,SCMContext, LangChain middleware signatures, snapshot format v2, and REST/MCP contracts are unchanged. npm publishing remains excluded; the JavaScript source stays a remote REST client. The July paper is unchanged.Local validation
ready_for_release=true, 21/21 gates, zero blockers.ready_for_release=true, 21/21 gates, zero blockers.The hosted PostgreSQL and Python 3.10-3.12 matrices remain required before merge.