Skip to content

feat: signed maintain history + per-role model picker + recall explorer (dashboard)#96

Merged
QodeXcli merged 1 commit into
mainfrom
feat/signed-history-dashboard-roles
Jul 2, 2026
Merged

feat: signed maintain history + per-role model picker + recall explorer (dashboard)#96
QodeXcli merged 1 commit into
mainfrom
feat/signed-history-dashboard-roles

Conversation

@QodeXcli

@QodeXcli QodeXcli commented Jul 2, 2026

Copy link
Copy Markdown
Owner

The remaining three roadmap items — small, orthogonal, shipped together.

1. Signed maintain history (enterprise)

qodex maintain-export --sign embeds an audit block in the portable snapshot: the tamper-evident hash-chain head over the runs plus an HMAC-SHA256 signature (key from QODEX_AUDIT_KEY env — never stored; only a non-secret keyId is recorded). Unsigned exports still carry the integrity head.

maintain-import now verifies before reporting or merging: a snapshot whose runs don't match the head, or whose signature fails, is refused (exit 1). A clean one reports Audit: ✓ integrity intact · 🔏 signature valid (authentic).

PURE core (historyHead / verifyHistoryAudit) reuses the maintain-audit chain primitives — one hashing implementation, two artifacts.

2. Dashboard: models per role — with vision awareness

The single default-model select becomes "Models — per role": main / sub-agent / vision selects, plus "one model for everything". model.set gains role: main|subagent|vision|all (default main → fully backward compatible), writing defaults.model / roles.<role>.{model,provider} (provider inferred from the model id).

Vision logic as requested: a vision-capable main model gets a 👁 has vision badge and the vision row reads "optional — main already sees images" — no separate vision model needed. Choosing a non-vision model for the vision role warns instead of failing.

3. Dashboard: recall explorer

Type "how did we add auth?" in the dashboard → the same rankApproaches → renderApproachDiffs pipeline as the recall_approach tool (best match + how other attempts differed + stable core), rendered in place without a reload.

+2 signed-history tests, +8 dashboard assertions. Full suite 1516 green, tsc clean.

…er in the dashboard

Three roadmap items, all small and orthogonal:

1. SIGNED MAINTAIN HISTORY (enterprise): maintain-export --sign embeds an audit block in the
   snapshot — the hash-chain head over the runs + HMAC-SHA256 signature (QODEX_AUDIT_KEY env,
   never stored; non-secret keyId recorded). Unsigned exports still carry the integrity head.
   maintain-import verifies BEFORE reporting/merging: a tampered or wrongly-signed snapshot is
   refused with exit 1; the report shows "Audit: ✓ integrity intact · 🔏 signature valid".
   PURE: historyHead / verifyHistoryAudit reuse the maintain-audit chain primitives.

2. DASHBOARD — MODELS PER ROLE: the single default-model select becomes a "Models — per role"
   panel: main / sub-agent / vision selects plus "one model for everything". model.set gains a
   role param (main|subagent|vision|all; default main → backward compatible) writing
   defaults.model / roles.<role>.{model,provider} (provider inferred). Vision awareness via
   looksVisionCapable: a vision-capable main model gets a 👁 badge and the vision row says
   "optional — main already sees images"; picking a non-vision model FOR the vision role warns.

3. DASHBOARD — RECALL EXPLORER: ask "how did we do X before?" in the dashboard. recall.query
   action runs the same rankApproaches → renderApproachDiffs pipeline as the recall_approach
   tool (best match + how other attempts differed + stable core), rendered in-place in a <pre>
   without a page reload.
@QodeXcli QodeXcli merged commit f77e11c into main Jul 2, 2026
2 checks passed
@QodeXcli QodeXcli deleted the feat/signed-history-dashboard-roles branch July 2, 2026 01:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant