Skip to content

Commit 9268af6

Browse files
IntraferePatcursoragent
authored
MOTO v1.1.01
* MOTO v1.0.8 Bug Fix * MOTO v1.0.8 Bug Fix Prevent cleared autonomous sessions from resuming while preserving completed run history. * MOTO v1.0.9 # MOTO v1.0.9 ## Features - Users can now utilize ChatGPT subscription through oAuth for inference, in replacement of or in combination with OpenRouter/LM studio. - Users can now do proof-only solving by disabling paper writing under the acceptable outputs control, this enables the existing brainstorming + Lean 4 automated proof solving loop without automated research paper writing. ## Changes - Updated proof verification prompts to prioritize direct user-prompt solution attempts and carry brainstorm topic/source-title context through theorem discovery, lemma search, SMT translation, and Lean formalization. - Persisted advanced runtime settings for proof concurrency, Lean/SMT options, and OpenRouter free-model fallback controls. - Lean 4 proof writing mode has stronger emphasis on seeking novelty. - Cleaned up .cursor rules and aligned them with program where outdated. - Removed old/outdated code and scaffolding. - Improved live activity GUI logging. - Fresh starts now open on the main Autonomous screen instead of restoring the last viewed screen. - Cleaned up main directory. - Topic selection brainstorming sessions now emphasize to aggressively pick topics that solve the user's whole prompt at once where possible. - Expanded GUI live activity logging before truncation. ## Bug Fixes - Proof-solving attempts now receive the complete source paper or brainstorm context, making all models much more effective at solving Lean proof targets. Prior to this fix, all proof attempts were missing the accompanying brainstorm/paper which meant there was no Top-P exploratin architecture assisting proof solving. This is why only SOTA models were able to solve proofs before. - Hardened diagnostic logging against CodeQL log-injection findings and cleaned up first-party CodeQL warning-level frontend/backend issues. - Performed CodeQL audit and made minor fixes. - Added dedupe script for duplicate proof context, greatly reducing duplicate proof context. - Removed hidden context/max-token fallbacks and fixed compiler RAG budgeting so LM Studio, OpenRouter, and Codex use user-configured limits. - Fixed compiler High Parameter rigor proofs so Lean-verified proofs are ranked and indexed under the active paper. Authored by Patrick White, Patrick@Intrafere.com * MOTO v1.0.9 # MOTO v1.0.9 ## Features - Users can now utilize ChatGPT subscription through oAuth for inference, in replacement of or in combination with OpenRouter/LM studio. - Users can now do proof-only solving by disabling paper writing under the acceptable outputs control, this enables the existing brainstorming + Lean 4 automated proof solving loop without automated research paper writing. ## Changes - Updated proof verification prompts to prioritize direct user-prompt solution attempts and carry brainstorm topic/source-title context through theorem discovery, lemma search, SMT translation, and Lean formalization. - Persisted advanced runtime settings for proof concurrency, Lean/SMT options, and OpenRouter free-model fallback controls. - Lean 4 proof writing mode has stronger emphasis on seeking novelty. - Cleaned up .cursor rules and aligned them with program where outdated. - Removed old/outdated code and scaffolding. - Improved live activity GUI logging. - Fresh starts now open on the main Autonomous screen instead of restoring the last viewed screen. - Cleaned up main directory. - Topic selection brainstorming sessions now emphasize to aggressively pick topics that solve the user's whole prompt at once where possible. - Expanded GUI live activity logging before truncation. ## Bug Fixes - Proof-solving attempts now receive the complete source paper or brainstorm context, making all models much more effective at solving Lean proof targets. Prior to this fix, all proof attempts were missing the accompanying brainstorm/paper which meant there was no Top-P exploratin architecture assisting proof solving. This is why only SOTA models were able to solve proofs before. - Hardened diagnostic logging against CodeQL log-injection findings and cleaned up first-party CodeQL warning-level frontend/backend issues. - Performed CodeQL audit and made minor fixes. - Added dedupe script for duplicate proof context, greatly reducing duplicate proof context. - Removed hidden context/max-token fallbacks and fixed compiler RAG budgeting so LM Studio, OpenRouter, and Codex use user-configured limits. - Fixed compiler High Parameter rigor proofs so Lean-verified proofs are ranked and indexed under the active paper. Authored by Patrick White, Patrick@Intrafere.com * MOTO v1.0.9 Bug Fix Co-authored-by: Cursor <cursoragent@cursor.com> * MOTO v1.0.9 Bug Fix #2 * MOTO v.1.0.9 Bug Fix #2 Co-authored-by: Cursor <cursoragent@cursor.com> * MOTO v.1.0.9 Bug Fix #2 Co-authored-by: Cursor <cursoragent@cursor.com> * # MOTO v1.1.00 ## Features ## Changes - Autonomous brainstorm and paper proof checkpoints now run up to four strict prompt-solving follow-up rounds. - oAuth is now a valid startup choice when doing the new user startup. - Added "try to prove this" button with Lean 4 prover to manual/advanced mode. - Cleaned up confusing wording on proof novelty review from, removed "mechanized proof is novel for the research program" wording to clarify proof must be novel for society, not just the research program. - "Try to prove this" button now appends solved proofs to the brainstorm regardless of novelty, allowing for a better Ralph loop in iterative uses. ## Bug Fixes - Fixed proof-check source assembly so manual and autonomous "Try to Prove This" paths strip generated proof appendices, inject verified proofs only through the proof library, and keep proof candidates focused on directly solving or building toward the user prompt. - Fixed saved manual compiler paper proof checks to include the full proof-stripped manual Aggregator context instead of a hidden truncated excerpt. - Fixed fresh GitHub ZIP installs falsely showing an update-available notification on first launch. - Fixed stale Aggregator rejection feedback leaking across manual clears and autonomous child aggregators. - Fixed non-Windows Lean/elan bootstrap to use the live upstream GitHub installer script instead of the retired lean-lang.org URL. - Fixed ChatGPT/Codex oAuth retry bug causing failed proofs. - Fixed Manual Writer proof output isolation with a separate Mathematical Proofs tab/store so it no longer pollutes Autonomous Research proofs. Authored by Patrick White, Patrick@Intrafere.com * # MOTO v1.1.00 ## Features - Grok/SuperGrok OAuth is now enabled for inference use within the harness. ## Changes - Leaderboard updated: 1st place - Kimi K2.6, 2nd place - ChatGPT 5.5, 3rd - Autonomous brainstorm and paper proof checkpoints now run up to four strict prompt-solving follow-up rounds. - Added "try to prove this" button with Lean 4 prover to manual/advanced mode. - Cleaned up confusing wording on proof novelty review from, removed "mechanized proof is novel for the research program" wording to clarify proof must be novel for society, not just the research program. - "Try to prove this" button now appends solved proofs to the brainstorm regardless of novelty, allowing for a better Ralph loop in iterative uses. - History prompt previews now truncate to 400 characters. - Manual proof checks now use standard multi-candidate proof discovery instead of a direct Lean target shortcut. - OpenAI Codex no longer has a hard coded autofill fallback for models when the server fails to return a model list. - OpenAI Codex now handles token revoked errors better. - Removed "fast, affordable, mid-tier knowledge" profile. Updated Slow, affordable, high knowledge profile. - Lean 4 startup status now uses softer "still starting up" language and reduced polling/log spam. ## Bug Fixes - Fixed proof-check source assembly so manual and autonomous "Try to Prove This" paths strip generated proof appendices, inject verified proofs only through the proof library, and keep proof candidates focused on directly solving or building toward the user prompt. - Fixed saved manual compiler paper proof checks to include the full proof-stripped manual Aggregator context instead of a hidden truncated excerpt. - Fixed fresh GitHub ZIP installs falsely showing an update-available notification on first launch. - Fixed stale Aggregator rejection feedback leaking across manual clears and autonomous child aggregators. - Fixed non-Windows Lean/elan bootstrap to use the live upstream GitHub installer script instead of the retired lean-lang.org URL. - Fixed ChatGPT/Codex OAuth retry bug causing failed proofs. - Fixed Manual Writer proof output isolation with a separate Mathematical Proofs tab/store so it no longer pollutes Autonomous Research proofs. - Manual mode validator setting no longer falls back to autonomous mode validator setting when no option is chosen without warning. - Fixed React refresh bug causing the settings drop down to close on the user. Authored by Patrick White, Patrick@Intrafere.com * # MOTO v1.1.00 ## Features - Grok/SuperGrok OAuth is now enabled for inference use within the harness. ## Changes - Leaderboard updated: 1st place - Kimi K2.6, 2nd place - ChatGPT 5.5, 3rd - Autonomous brainstorm and paper proof checkpoints now run up to four strict prompt-solving follow-up rounds. - Added "try to prove this" button with Lean 4 prover to manual/advanced mode. - Cleaned up confusing wording on proof novelty review from, removed "mechanized proof is novel for the research program" wording to clarify proof must be novel for society, not just the research program. - "Try to prove this" button now appends solved proofs to the brainstorm regardless of novelty, allowing for a better Ralph loop in iterative uses. - History prompt previews now truncate to 400 characters. - Manual proof checks now use standard multi-candidate proof discovery instead of a direct Lean target shortcut. - OpenAI Codex no longer has a hard coded autofill fallback for models when the server fails to return a model list. - OpenAI Codex now handles token revoked errors better. - Removed "fast, affordable, mid-tier knowledge" profile. Updated Slow, affordable, high knowledge profile. - Lean 4 startup status now uses softer "still starting up" language and reduced polling/log spam. ## Bug Fixes - Fixed proof-check source assembly so manual and autonomous "Try to Prove This" paths strip generated proof appendices, inject verified proofs only through the proof library, and keep proof candidates focused on directly solving or building toward the user prompt. - Fixed saved manual compiler paper proof checks to include the full proof-stripped manual Aggregator context instead of a hidden truncated excerpt. - Fixed fresh GitHub ZIP installs falsely showing an update-available notification on first launch. - Fixed stale Aggregator rejection feedback leaking across manual clears and autonomous child aggregators. - Fixed non-Windows Lean/elan bootstrap to use the live upstream GitHub installer script instead of the retired lean-lang.org URL. - Fixed ChatGPT/Codex OAuth retry bug causing failed proofs. - Fixed Manual Writer proof output isolation with a separate Mathematical Proofs tab/store so it no longer pollutes Autonomous Research proofs. - Manual mode validator setting no longer falls back to autonomous mode validator setting when no option is chosen without warning. - Fixed React refresh bug causing the settings drop down to close on the user. Authored by Patrick White, Patrick@Intrafere.com * MOTO v1.1.00 Bug Fix Fixes an autonomous resume crash during completed paper proof verification caused by an undefined automatic_complete variable. * # MOTO v1.1.01 ## Features - Local memory is now enabled, prior sessions can now aid discoveries of new runs! Local proof-history access as verified proof corpora for a parallel Assistant role that retrieves up to 7 proof supports without blocking the main solver. - Added SyntheticLib feaures and coming-soon information on SyntheticLib™, "The Inventor's Dictionary". A shared novel discovery database that users contribute novel proofs to for access. This will operate as an optional extension to the local memory system, SyntheticLib is a global/shared memory system. - Added the Assistant role as a non-validating rolling proof-support layer that sees the user prompt, live solver feedback, and its current pack while keeping routine proof search out of submitter turns. ## Changes - Clarified novelty-seeking and solution-seeking goals in prompt engineering of proof-solving prompts. - Streamlined features UIX interface/control panel. - Added state persistence to live activity logs in GUI for each mode between crashes, restarts, and stops/starts. - Simplified model roles and condensed all proof-submission roles to one model selection. - Renamed High-Parameter Submitter to Rigor & Proofs Submitter and moved critique generation onto that role. - Refactored autonomous recommended profile format so standalone critique role entries are removed while legacy saved profiles still hydrate through Rigor & Proofs. - Completed deterministic Assistant proof-support ranking/cache hardening with no separate rater function. - Softened language on harmless stale tab warning regarding API keys and throttled the log occurance. - MinMax M3 replaces Kimi K2.6 as King of The Hill, due to its high knowledge and affordable API cost. - For OpenRouter hosts, USA inference host companies now show with an American flag image next to them to help reflect the potential for higher-standard data protection laws. - Start/stop research button is now immediately responsive to users input without the prior start up/stop delay. - Context overflow stops now idicate the system stopped due to the model running out of limits for the mandatory direct injection context. Some context must be direct injected, such as the brainstorm, otherwise the system would produce misalignment, and other context accumulation errors over long runtimes. - OAuth errors are now durable and recoverable on browser disconnect and reconnects. - Standardized prompt memory storage across the program to all use the same memory handling. ## Bug Fixes - Fixed manual mode prompt persistence so saved prompts are not lost across crashes, restarts, or repeated continue starts. - Added backend prompt recovery and clear-only reset handling for durable manual Aggregator and Compiler prompts. - Modified X.ai and Codex OAuth attribution from bare "moto" to MOTO Autonomous ASI-specific identifiers. - Fixed pruned Stage 2 papers staying visible as dimmed read-only cards instead of disappearing from the live paper grid. - Fixed proof-identification model output failures being mistaken for no proof candidates, which could skip proof checking and advance to paper writing. - Fixed stale OpenRouter/OAuth copy in provider error messages and README setup docs. - Fixed stale LeanOJ proof-search regression coverage to validate Assistant-owned proof support. - Fixed proof-search index freshness, disabled-corpus filtering, and active manual proof-check Assistant role preservation. - Fixed hosted settings so desktop OAuth status/model endpoints are not polled when OAuth capabilities are unavailable. - Fixed Aggregator and Compiler Assistant settings so disabled Agent Conversation Memory makes controls actually disabled, not just visually greyed. - Fixed Assistant memory prewarming so eligible producer paths still refresh memory before prompt-size preflight failures. - Fixed "settings saved" UIX collision render bug causing small page layout shift on settings update. - Change mode panel now is in sync with the workflow tab, stopping premature tab expansions. Authored by Patrick White, Patrick@Intrafere.com * # MOTO v1.1.01 ## Features - Local memory is now enabled; prior sessions can now aid discoveries in new runs! Local proof-history access now serves as verified proof corpora for a parallel Assistant role that retrieves up to 7 proof supports without blocking the main solver. - Added coming-soon information on SyntheticLib™, "The Inventor's Dictionary", a shared novel discovery database that users contribute novel proofs to for access. This will operate as an optional extension to the local memory system; SyntheticLib is a global/shared memory system. - Added the Assistant role as a non-validating rolling proof-support layer that sees the user prompt, live solver feedback, and its current pack while keeping routine proof search out of submitter turns. ## Changes - Updated recommended autonomous + LeanOJ profiles to use `~anthropic/claude-opus-latest` instead of fixed `anthropic/claude-opus-4.7`. - Clarified novelty-seeking and solution-seeking goals in the prompt engineering of proof-solving prompts. - Streamlined the features UX interface/control panel. - Added state persistence to live activity logs in GUI for each mode between crashes, restarts, and stops/starts. - Simplified model roles and condensed all proof-submission roles to one model selection. - Renamed High-Parameter Submitter to Rigor & Proofs Submitter and moved critique generation onto that role. - Refactored autonomous recommended profile format so standalone critique role entries are removed while legacy saved profiles still hydrate through Rigor & Proofs. - Completed deterministic Assistant proof-support ranking/cache hardening with no separate rater function. - Softened language on harmless stale tab warning regarding API keys and throttled the log occurrence. - MinMax M3 replaces Kimi K2.6 as King of the Hill due to its high knowledge and affordable API cost. - Added Codex Spark High to OAuth role for Codex. - For OpenRouter hosts, USA inference host companies now show with an American flag image next to them to help reflect the potential for higher-standard data protection laws. - Start/stop research button is now immediately responsive to user input without the prior startup/stop delay. - Context overflow stops now indicate the system stopped due to the model running out of limits for the mandatory direct injection context. Some context must be direct injected, such as the brainstorm; otherwise the system would produce misalignment and other context accumulation errors over long runtimes. - OAuth errors are now durable and recoverable on browser disconnects and reconnects. - Standardized prompt memory storage across the program to all use the same memory handling. - Removed wasteful readiness check on OpenRouter embedding models. - Removed 15 rejections limit on the brainstorm topic and paper title selections. ## Bug Fixes - Fixed manual mode prompt persistence so saved prompts are not lost across crashes, restarts, or repeated continue starts. - Added backend prompt recovery and clear-only reset handling for durable manual Aggregator and Compiler prompts. - Modified xAI and Codex OAuth attribution from bare "moto" to MOTO Autonomous ASI-specific identifiers. - Fixed pruned Stage 2 papers staying visible as dimmed read-only cards instead of disappearing from the live paper grid. - Fixed proof-identification model output failures being mistaken for no proof candidates, which could skip proof checking and advance to paper writing. - Fixed stale OpenRouter/OAuth copy in provider error messages and README setup docs. - Fixed stale LeanOJ proof-search regression coverage to validate Assistant-owned proof support. - Fixed proof-search index freshness, disabled-corpus filtering, and active manual proof-check Assistant role preservation. - Fixed hosted settings so desktop OAuth status/model endpoints are not polled when OAuth capabilities are unavailable. - Fixed Aggregator and Compiler Assistant settings so disabled Agent Conversation Memory makes controls actually disabled, not just visually greyed. - Fixed Assistant memory prewarming so eligible producer paths still refresh memory before prompt-size preflight failures. - Fixed "settings saved" UIX collision render bug causing small page layout shift on settings update. - The mode panel is now in sync with the workflow tab, stopping premature tab expansions. - The .bat launcher can no longer accidentally create a new memory session. - Fixed 504 gateway error for auto update check in launcher. Authored by Patrick White, Patrick@Intrafere.com * Limit CI workflow token permissions --------- Co-authored-by: Pat <pat@local> Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent d8803d5 commit 9268af6

207 files changed

Lines changed: 27949 additions & 3781 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.cursor/rules/api-key-controls.mdc

Lines changed: 55 additions & 14 deletions
Large diffs are not rendered by default.

.cursor/rules/hosted-web-contract.mdc

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -43,11 +43,12 @@ When `False`: program behaves as the existing open-source desktop release. When
4343
2. **`rag_manager.py`** — generic mode skips global RAG lock for embedding calls (FastEmbed is in-process/thread-safe); ChromaDB write locking remains in both modes; synchronous ChromaDB calls and CPU-heavy RAG scoring must run off the FastAPI event loop
4444
3. **`main.py` lifespan** — generic mode skips LM Studio connection test; auto-loads `OPENROUTER_API_KEY` from env if present
4545
4. **`openrouter.py` LM Studio availability** — generic mode returns `{available: false, generic_mode: true}` without pinging LM Studio; workflow inference paths are OpenRouter-only even if hidden legacy diagnostics still exist. Compiler model diagnostics (`POST /api/compiler/test-models`) return unavailable in generic mode instead of touching LM Studio.
46-
4b. **`cloud_access.py` desktop OAuth providers** — desktop/default mode only; generic mode returns unavailable for OAuth login/model routes until hosted callback/proxy login is explicitly designed. Default-mode OAuth model listings normalize provider catalog context/output fields for UI auto-fill; Codex product limits are distinct from regular OpenAI API limits, while xAI Grok/SuperGrok uses xAI subscription model metadata, filters catalog entries not accepted by the OAuth chat-completions route, and keeps loopback-only callback binding.
46+
4b. **`cloud_access.py` desktop OAuth providers** — desktop/default mode only; generic mode returns unavailable for OAuth login/model routes until hosted callback/proxy login is explicitly designed. Hosted/generic settings should not poll desktop OAuth status/model endpoints when `/api/features` reports OAuth unavailable. Default-mode OAuth model listings normalize provider catalog context/output fields for UI auto-fill; Codex product limits are distinct from regular OpenAI API limits, while xAI Grok/SuperGrok uses xAI subscription model metadata, filters catalog entries not accepted by the OAuth chat-completions route, and keeps loopback-only callback binding.
4747
5. **`download.py` PDF** — generic mode returns `501` (hosted Chromium browser runtime is not installed)
4848
6. **Frontend** — calls `GET /api/features` on mount; when `generic_mode=True`, hosted clients hide LM Studio UI and default everything to OpenRouter. The bundled desktop frontend may still surface backend capability errors for desktop-only features.
4949
7. **`middleware.py` + `websocket.py`** — generic mode validates internal proxy auth (`X-Moto-*` signed headers) on all non-allowlisted routes
5050
8. **Long-running workflow isolation** — research/proof/RAG/Lean jobs may run in background tasks, but must not block the FastAPI event loop that serves GUI/status/health/API-key routes
51+
9. **SyntheticLib4 / unified proof search** — generic mode keeps Lean execution gated as today, but authorized corpus search may still work through local snapshots or hosted SyntheticLib4 APIs when configured. SyntheticLib4 secrets follow generic-mode in-memory/env handling and must not be written to desktop keyring, runtime settings, prompts, API logs, or snapshot files.
5152

5253
## Instance-Scoped Runtime Contract (Both Modes)
5354

@@ -90,12 +91,15 @@ Build 0 lands the public identity subset first. Returns:
9091
"pdf_download_available": bool,
9192
"openai_codex_oauth_available": bool,
9293
"xai_grok_oauth_available": bool,
94+
"sakana_fugu_available": bool,
9395
}
9496
```
9597

9698
The current Build 5 runtime preserves the four identity fields while exposing the stable capability flags above. `proof_downshifted` is a proof workflow event for Lean-accepted proofs preserved under a narrower actual theorem statement, not a `/api/features` field. Later hosted work may extend `/api/features` with additional capability flags such as `max_submitters` and `tier3_available`, but the existing fields above remain stable and `api_contract_version` must bump when that happens.
9799

98-
Build 5 v30 updates desktop xAI Grok/SuperGrok OAuth to the current `auth.x.ai` PKCE endpoints, includes Grok API scopes, filters xAI catalog entries that are not chat-completions models, and clarifies that xAI Console API keys are separate from subscription-backed OAuth and may consume xAI API credits. Build 5 v29 adds desktop xAI Grok/SuperGrok OAuth as a second registry-backed OAuth provider (`xai_grok_oauth`) and exposes `xai_grok_oauth_available`; the frontend labels the OAuth provider area as `oAuth` and selects among configured OAuth providers without changing saved profile shape. Build 5 v28 makes compiler model diagnostics unavailable in generic mode so hosted requests cannot ping LM Studio. Build 5 v27 adds non-secret Codex OAuth token `updated_at` status metadata so relogin flows can distinguish a newly completed OAuth callback from an older saved token, and Codex UI selection is gated on model-list availability. Build 5 v26 adds `openai_codex_oauth_error` WebSocket notifications for unrecoverable desktop Codex OAuth model-call failures. Build 5 v25 adds `scope=manual` to proof-library browsing routes so archived manual proof runs can be viewed separately from the active manual proof context; manual clear/reset rejects while manual proof verification is active. Build 5 v24 adds `scope=autonomous|manual` to current proof listing, dependency, graph, and certificate routes so manual-writer proofs stay in an instance-level manual proof store instead of the autonomous session store. Build 5 v23 adds autonomous proof-round progress fields (`proof_round_index`, `proof_max_rounds`) to proof checkpoint WebSocket events. Build 5 v22 added run-level `allow_mathematical_proofs` / `allow_research_papers` start fields to Autonomous Research and Single Paper Writer. At least one must be true. Generic mode still keeps proof tooling unavailable: proof-only starts must fail clearly, while both-enabled/papers-only hosted runs must not invoke Lean/Z3 even if a client sends proof output enabled.
100+
Current Build 5 contract notes: v53 includes desktop-only Sakana Fugu direct subscription API access (`sakana_fugu_available`, `/api/cloud-access/sakana-fugu/*`, Responses-first generation with chat-completions fallback, and `sakana_fugu_error` notifications), Codex OAuth `usage_limit_reached` cooldown metadata/notifications, and Assistant proof-pack OAuth-cooldown selection modes (`cached_oauth_cooldown`, `deterministic_oauth_cooldown`). v52 includes durable internal Assistant proof-memory cooldown/shutdown/no-history WebSocket events (`assistant_proof_memory_unavailable`, `assistant_proof_memory_cooldown`, `assistant_proof_memory_shutdown`), but user live activity should display only normal Assistant retrieval result logs such as `assistant_proof_pack_updated`.
101+
102+
Earlier Build 5 contract additions include connectivity toggles/status, SyntheticLib4 and local proof-search routes, scoped proof/manual-history routes, provider/OAuth notification recovery, manual prompt recovery, proof-output allowed-output fields, and direct-context overflow events. Keep exact legacy details in code/tests/git history rather than expanding this always-injected rule.
99103

100104
Must remain capability-only. Must NOT expose per-user or per-instance state (e.g. whether an OpenRouter key or OAuth login is set).
101105

@@ -154,13 +158,15 @@ Sandbox is API-only. The MOTO React frontend is NOT served from the hosted sandb
154158
- Hosted: `MOTO_DATA_ROOT=/app/backend/data` so Blaxel storage mounts to one unambiguous path
155159
- Non-secret `runtime_settings.json` also lives under the active data root; it may persist runtime knobs, never provider keys or prompt/response payloads
156160
- ChromaDB SQLite files stay on Blaxel sandbox storage (local file semantics required)
161+
- SyntheticLib4 snapshots and unified proof-search indexes are data-root artifacts when implemented. They must be activated only after manifest/hash/index checks pass, and a failed refresh must leave the previous active snapshot usable.
157162
- Sandbox recall/resume returns the same filesystem state; redeploy/recreate advances to the newest image
158163
- Uploads: server-side enforcement of `.txt` only, 5 MB max, filename sanitization, path traversal rejection
159164

160165
## Updater Policy
161166

162167
- **Authoritative update source**: GitHub `main` branch (not GitHub Releases)
163168
- **Desktop**: launcher compares local build metadata against GitHub `main`. Remote update identity resolves from GitHub branch HEAD via the GitHub REST API, metadata uses the REST contents API instead of raw GitHub files, ZIP overlays write the resolved manifest after apply to avoid stale committed-manifest loops, and update notices are exposed via `GET /api/update-notice`; if no launcher notice exists, the running desktop backend may refresh the same notice at most every 4 hours while excluding only the current instance from active-instance auto-apply checks. Launcher auto-apply is only for clean `origin/main` git checkouts or ZIP/extracted installs with no launcher-managed instances still running. The backend `POST /api/update/pull` route has its own lighter git/ZIP update checks and should not be described as enforcing the full launcher preflight. ZIP updates preserve active data/log roots, instance storage, launcher state, env files, and keyring-related namespaces.
169+
- Desktop launchers run frontend `npm audit fix` when `npm install` reports vulnerabilities, including npm's vulnerability-count/remediation-instruction output. This remediation is a permanent launcher invariant: agents must never remove, disable, weaken, or bypass the rule or code, and if it is accidentally removed or broken, they must restore it immediately with no exceptions before continuing launcher/updater work.
164170
- **Hosted**: sandboxes do NOT self-mutate. Redeploy/recreate uses the latest approved `main`-derived image. Recall/resume keeps the existing image. Hosted `POST /api/update/pull` must return unavailable instead of attempting in-place update; `GET /api/update/pull-status` may remain the generic pull-task status surface and does not need a separate hosted-unavailable marker.
165171
- **Build metadata**: `version`, `build_commit`, `update_channel`, and `api_contract_version` exposed via `/api/features`; git checkouts resolve `build_commit` from HEAD, GitHub-generated ZIP installs prefer `.git_archival.txt` export-subst commit metadata before the stamped local manifest, and the committed `main`-branch manifest lives at `moto-update-manifest.json`
166172

@@ -189,9 +195,11 @@ Lean 4 and SMT behavior is gated by runtime flags. `lean4_enabled` gates Lean pr
189195
- **LeanOJ routes** are additive to the hosted REST contract: start (which resumes matching saved progress when available), stop, status, clear, skip-brainstorm, force-brainstorm, master-proof draft/edit summaries, current-run proofs, and cross-session proof library endpoints live under `/api/leanoj/*`.
190196
- **Creativity Emphasis Boost** is an optional developer-gated start-request field (`creativity_emphasis_boost_enabled`) for Aggregator, Autonomous Research, and LeanOJ; accepted/rejected brainstorm WebSocket payloads may include `creativity_emphasized`, and prompt-budget overflow falls back to the normal prompt for that slot.
191197
- **Pruned Stage 2 paper routes** are additive: pruned papers are removed from model context/RAG but remain downloadable under `/api/auto-research/paper-history/pruned*`; hard deletion is limited to explicit delete-all-pruned endpoints.
192-
- **WebSocket progress events** for LeanOJ, compiler critique, provider/OAuth failures, and proof workflows are part of the web-surface contract only when consumed by the hosted wrapper or frontend. Keep them descriptive and stable enough for UI state, but avoid treating every internal progress notification as a permanent rule-level invariant. OAuth provider failures tell desktop users to reconnect the provider in Cloud Access & Keys after unrecoverable auth/model-call failure. Autonomous proof checkpoint progress events may include `proof_round_index` and `proof_max_rounds`; `proof_verified` must only emit after proof registration/reuse and include `proof_id`; proof novelty and duplicate-registration events include `novelty_tier` and `novelty_reasoning` for live activity display. Manual proof events must remain isolated from autonomous proof activity/notifications/graphs unless event payloads become explicitly scoped.
198+
- **WebSocket progress events** for LeanOJ, compiler critique, provider/OAuth failures, and proof workflows are part of the web-surface contract only when consumed by the hosted wrapper or frontend. Keep them descriptive and stable enough for UI state, but avoid treating every internal progress notification as a permanent rule-level invariant. OAuth provider failures tell desktop users to reconnect the provider in OpenRouter/OAuth after unrecoverable auth/model-call failure. Autonomous proof checkpoint progress events may include `proof_round_index` and `proof_max_rounds`; `proof_verified` must only emit after proof registration/reuse and include `proof_id`; proof novelty and duplicate-registration events include `novelty_tier` and `novelty_reasoning` for live activity display. Manual proof events must remain isolated from autonomous proof activity/notifications/graphs unless event payloads become explicitly scoped.
193199
- **Proof certificate exports stay text-based** (`.lean` source + JSON metadata). No binary-only proof artifacts.
194200
- **Proof runtime config snapshot** (`ProofRuntimeConfigSnapshot`) is persisted via `research_metadata` and may also be supplied directly on manual `POST /api/proofs/check`; required state is `lean4_enabled=True` AND either a stored or request-provided snapshot.
201+
- **SyntheticLib4 / MOTO proof search** is additive proof-history/corpus navigation. The shared `search_lean_proofs` tool adapter returns bounded retrieved proof context and provenance; it must not bypass MOTO's proof registration, Lean/integrity gates for MOTO-generated artifacts, or existing proof-runtime disablement in hosted generic mode.
202+
- **Assistant memory-support role** is an additive workflow/settings surface. It is one shared non-blocking LLM role per workflow surface, not a per-lane submitter clone; validators never receive Assistant context and parent workflows never wait for it. Assistant may provide up to 7 verified proof supports, reuse useful packs for two eligible receiver reads before refresh, and skip true no-external-history targets with `assistant_proof_memory_unavailable` because it only performs proof-memory retrieval for now. Durable cooldown is keyed to stable run scope, grouping transient task IDs/roles while keeping real source/session IDs separate; it emits internal `assistant_proof_memory_cooldown` during zero-useful or stagnant backoff and internal `assistant_proof_memory_shutdown` only when repeated zero-useful retrieval disables retrieval for the run scope. Stagnant same-pack retrieval must not shut down. User live activity should not show skip/backoff/shutdown turns; show only normal Assistant retrieval result summaries. Session History Memory disabled disables Assistant and prevents stale pack injection. REST/WebSocket/profile schema additions for Assistant require this contract, `/openapi.json`, and `api_contract_version` to update in the same merge.
195203
- **`api_contract_version` bumps** apply the same way to proof additions as to the base contract: any new proof route or event added after Build 5 must bump the contract version in the same merge.
196204

197205
## Hosting Ownership

0 commit comments

Comments
 (0)