From f63bcee9538824c32c1ac2af2f34cb291bf85a54 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Apr 2026 21:47:46 -0300 Subject: [PATCH 01/10] cargo(deps): update rand requirement from 0.9 to 0.10 (#9) Updates the requirements on [rand](https://github.com/rust-random/rand) to permit the latest version. - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-random/rand/compare/rand_core-0.9.1...0.10.1) --- updated-dependencies: - dependency-name: rand dependency-version: 0.10.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- crates/nest-cli/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/nest-cli/Cargo.toml b/crates/nest-cli/Cargo.toml index 7c4eec29..3e6f21ba 100644 --- a/crates/nest-cli/Cargo.toml +++ b/crates/nest-cli/Cargo.toml @@ -16,5 +16,5 @@ anyhow = { workspace = true } serde = { workspace = true } serde_json = { workspace = true } memmap2 = { workspace = true } -rand = "0.9" +rand = "0.10" hex = "0.4" From 9f71bd68168178ce136ec4757ae760079c2392b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Apr 2026 21:48:02 -0300 Subject: [PATCH 02/10] cargo(deps): update sha2 requirement from 0.10 to 0.11 (#8) Updates the requirements on [sha2](https://github.com/RustCrypto/hashes) to permit the latest version. - [Commits](https://github.com/RustCrypto/hashes/compare/groestl-v0.10.0...sha2-v0.11.0) --- updated-dependencies: - dependency-name: sha2 dependency-version: 0.11.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 55a74b39..22f01371 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,7 +12,7 @@ repository = "https://github.com/hoffresearch/nest" thiserror = "2" serde = { version = "1", features = ["derive"] } serde_json = { version = "1", features = ["preserve_order"] } -sha2 = "0.10" +sha2 = "0.11" memmap2 = "0.9" rayon = "1" clap = { version = "4", features = ["derive"] } From e38bbfe4ceee9570ce721d7b7233d78a8410b5c4 Mon Sep 17 00:00:00 2001 From: Brenner Cruvinel Date: Tue, 28 Apr 2026 21:55:28 -0300 Subject: [PATCH 03/10] merge devs (#10) * Track CODE_OF_CONDUCT.md and CONTRIBUTING.md; finalize .gitignore CODE_OF_CONDUCT.md - reporting email goes to brenner@hoffresearch.com (was the upstream-template placeholder help@notlikeus.dev) - enforcement is by Hoff Research, the project maintainer CONTRIBUTING.md - rewritten from the {{PLACEHOLDER}} template into the real one: Hoff Research as maintainer, Brenner Cruvinel as author, real clone URL, real dev-setup commands, real test invocations - explicit code style for Rust (rustfmt + clippy + 300-line cap + SAFETY comments) and Python (ruff py312, line 100, _ prefix for private helpers) - PRs go against dev (not main); release_check.sh is the local pass/fail proxy for CI - bug-report template now asks for file_hash + content_hash + simd backend (the three things needed to reproduce any nest issue) - security vulns: email maintainer privately, do not file public issue. 72-hour acknowledgement target. .gitignore - dropped CODE_OF_CONDUCT.md / CONTRIBUTING.md from the ignore list (they're now real content, must be tracked) - finished the truncated 'kdb/' rationale comment that was left open at end of file LICENSE: unchanged. Already correct ('Copyright (c) 2026 Hoff Research', MIT). * Repoint URLs from brennercruvinel/nest to hoffresearch/nest Repository moved to the Hoff Research org. Three references in CONTRIBUTING.md updated: - fork-from URL (step 1 of 'How to contribute') - clone URL in 'Development setup' - GitHub Issues link in 'Reporting issues' Local git remote also repointed: origin -> git@github.com:hoffresearch/nest.git GitHub auto-redirects from the old URL, but we still want the canonical link in docs to match where the repo actually lives. * Rewrite CODE_OF_CONDUCT and CONTRIBUTING in README plain style Match the README's voice: lowercase headers, plain natural language, no em-dashes, no emoji, no marketing voice. Same content, less ceremony. CODE_OF_CONDUCT.md - sections renamed to lowercase (what we expect, what we do not accept, reporting, enforcement, attribution) - reporting target stays brenner@hoffresearch.com with the 72-hour acknowledgement target - explicit non-discrimination axes (race, gender identity, sexual orientation, disability, religion, age, nationality, experience) CONTRIBUTING.md - lowercase headers, shorter paragraphs, same dev setup + style rules + test commands - links updated to hoffresearch/nest (already done in 97d3dfcb; preserved here) - same security policy, code-style rules per language, 300-line cap reference to ADR 0011 * docs: rewrite architecture, add v0.2.0 changelog, finalize SPEC.md move doc/architecture.md: full rewrite for v0.2. covers section encodings 1/2/3, optional sections 0x07 (HNSW) / 0x08 (BM25), four hashes, SIMD dispatcher, search-text + model_fingerprint, presets, full Rust + Python + CLI surface. the old version still described v0.1 (flat exact only, encoding=0 only). doc/changelog.md: new v0.2.0 entry covering the 6-phase production-ready push. all section headers lowercased; legacy URL truw/nest -> hoffresearch/nest in the [0.1.0] release link. doc/usage.md: lowercase headers, em-dashes removed. content already accurate from earlier session. doc/spec.md: finalize the move from root SPEC.md (was uncommitted since session start). 9 references repointed across README, CONTRIBUTING, ADRs 0001/0003/0005/0006/0007, and tests/test_e2e.py. AGENTS.md: rewrite in plain README style. now covers v0.2 commands (search-ann, search-text, benchmark --madvise-cold), encodings, SIMD, model_fingerprint, file hygiene rule, and the 11 ADRs. Cargo.toml: bump workspace version 0.1.0 -> 0.2.0; repository URL truw/nest -> hoffresearch/nest. simd/neon.rs: allow clippy::incompatible_msrv on dot_f32_f16_neon. float16x4_t and vcvt_f32_f16 are stable since rustc 1.94 but workspace MSRV is 1.85; the lint was added in a recent clippy release. suppress locally rather than bumping the workspace MSRV for a single function. verification: cargo test --release --workspace 134/134 PASS cargo clippy --workspace --all-targets clean cargo fmt --all --check clean python tests/test_e2e.py PASS python tests/test_builder.py PASS python tests/test_search_text_model_hash.py 5/5 PASS ruff check + format clean measure_presets + compare_measure ALL 6 GATES PASS * doc/changelog: drop the historical truw/nest URL line last URL-style reference. brand-name mentions of truw (in README's 'used in production by' list and in database/ for the truw-built/ directory and truw_canonical_ptbr_v2.csv asset) are kept; those are identifiers of real assets, not URL vestiges. * Add instructions to /agentics * readme update * OSS scaffolding: SECURITY.md, dependabot, PR template, lowercase ADR template four small additions to support the protect-main ruleset and to make the repo legible to external contributors: - SECURITY.md: documents private vulnerability reporting (matches the org-level "private vulnerability reporting" toggle), what counts as a security bug vs configuration issue, scope per crate. - .github/PULL_REQUEST_TEMPLATE.md: type checklist + the same gate that release_check.sh runs locally + format-impact prompt that asks contributors to write/update an ADR if they touch the binary layout, hash semantics, or model fingerprint. - .github/dependabot.yml: weekly cargo + github-actions updates, patch-and-minor grouped to keep noise low. pip ecosystem skipped since the project doesn't pin python deps in a manifest yet. - kdb/adr/template.md: lowercase headers and bullets to match the README/AGENTS style convention. existing 11 ADRs keep their current uppercase headers; the convention applies to new ADRs going forward. no source code changes. * update headers * upodate infos --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 83ce59e3..2d8b5ade 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,7 @@ with `reproducible=True` (the script default) two operators get byte-identical ` ## license -Made it simple, but signifcant. Brenner Cruvinel. +made it simple, but signifcant. +Brenner Cruvinel. MIT. From dd4ea5c7b51d0bc4131a8252b9339019cf342511 Mon Sep 17 00:00:00 2001 From: Brenner Cruvinel Date: Tue, 28 Apr 2026 22:04:42 -0300 Subject: [PATCH 04/10] Dev 2 (#11) * Track CODE_OF_CONDUCT.md and CONTRIBUTING.md; finalize .gitignore CODE_OF_CONDUCT.md - reporting email goes to brenner@hoffresearch.com (was the upstream-template placeholder help@notlikeus.dev) - enforcement is by Hoff Research, the project maintainer CONTRIBUTING.md - rewritten from the {{PLACEHOLDER}} template into the real one: Hoff Research as maintainer, Brenner Cruvinel as author, real clone URL, real dev-setup commands, real test invocations - explicit code style for Rust (rustfmt + clippy + 300-line cap + SAFETY comments) and Python (ruff py312, line 100, _ prefix for private helpers) - PRs go against dev (not main); release_check.sh is the local pass/fail proxy for CI - bug-report template now asks for file_hash + content_hash + simd backend (the three things needed to reproduce any nest issue) - security vulns: email maintainer privately, do not file public issue. 72-hour acknowledgement target. .gitignore - dropped CODE_OF_CONDUCT.md / CONTRIBUTING.md from the ignore list (they're now real content, must be tracked) - finished the truncated 'kdb/' rationale comment that was left open at end of file LICENSE: unchanged. Already correct ('Copyright (c) 2026 Hoff Research', MIT). * Repoint URLs from brennercruvinel/nest to hoffresearch/nest Repository moved to the Hoff Research org. Three references in CONTRIBUTING.md updated: - fork-from URL (step 1 of 'How to contribute') - clone URL in 'Development setup' - GitHub Issues link in 'Reporting issues' Local git remote also repointed: origin -> git@github.com:hoffresearch/nest.git GitHub auto-redirects from the old URL, but we still want the canonical link in docs to match where the repo actually lives. * Rewrite CODE_OF_CONDUCT and CONTRIBUTING in README plain style Match the README's voice: lowercase headers, plain natural language, no em-dashes, no emoji, no marketing voice. Same content, less ceremony. CODE_OF_CONDUCT.md - sections renamed to lowercase (what we expect, what we do not accept, reporting, enforcement, attribution) - reporting target stays brenner@hoffresearch.com with the 72-hour acknowledgement target - explicit non-discrimination axes (race, gender identity, sexual orientation, disability, religion, age, nationality, experience) CONTRIBUTING.md - lowercase headers, shorter paragraphs, same dev setup + style rules + test commands - links updated to hoffresearch/nest (already done in 97d3dfcb; preserved here) - same security policy, code-style rules per language, 300-line cap reference to ADR 0011 * docs: rewrite architecture, add v0.2.0 changelog, finalize SPEC.md move doc/architecture.md: full rewrite for v0.2. covers section encodings 1/2/3, optional sections 0x07 (HNSW) / 0x08 (BM25), four hashes, SIMD dispatcher, search-text + model_fingerprint, presets, full Rust + Python + CLI surface. the old version still described v0.1 (flat exact only, encoding=0 only). doc/changelog.md: new v0.2.0 entry covering the 6-phase production-ready push. all section headers lowercased; legacy URL truw/nest -> hoffresearch/nest in the [0.1.0] release link. doc/usage.md: lowercase headers, em-dashes removed. content already accurate from earlier session. doc/spec.md: finalize the move from root SPEC.md (was uncommitted since session start). 9 references repointed across README, CONTRIBUTING, ADRs 0001/0003/0005/0006/0007, and tests/test_e2e.py. AGENTS.md: rewrite in plain README style. now covers v0.2 commands (search-ann, search-text, benchmark --madvise-cold), encodings, SIMD, model_fingerprint, file hygiene rule, and the 11 ADRs. Cargo.toml: bump workspace version 0.1.0 -> 0.2.0; repository URL truw/nest -> hoffresearch/nest. simd/neon.rs: allow clippy::incompatible_msrv on dot_f32_f16_neon. float16x4_t and vcvt_f32_f16 are stable since rustc 1.94 but workspace MSRV is 1.85; the lint was added in a recent clippy release. suppress locally rather than bumping the workspace MSRV for a single function. verification: cargo test --release --workspace 134/134 PASS cargo clippy --workspace --all-targets clean cargo fmt --all --check clean python tests/test_e2e.py PASS python tests/test_builder.py PASS python tests/test_search_text_model_hash.py 5/5 PASS ruff check + format clean measure_presets + compare_measure ALL 6 GATES PASS * doc/changelog: drop the historical truw/nest URL line last URL-style reference. brand-name mentions of truw (in README's 'used in production by' list and in database/ for the truw-built/ directory and truw_canonical_ptbr_v2.csv asset) are kept; those are identifiers of real assets, not URL vestiges. * Add instructions to /agentics * readme update * OSS scaffolding: SECURITY.md, dependabot, PR template, lowercase ADR template four small additions to support the protect-main ruleset and to make the repo legible to external contributors: - SECURITY.md: documents private vulnerability reporting (matches the org-level "private vulnerability reporting" toggle), what counts as a security bug vs configuration issue, scope per crate. - .github/PULL_REQUEST_TEMPLATE.md: type checklist + the same gate that release_check.sh runs locally + format-impact prompt that asks contributors to write/update an ADR if they touch the binary layout, hash semantics, or model fingerprint. - .github/dependabot.yml: weekly cargo + github-actions updates, patch-and-minor grouped to keep noise low. pip ecosystem skipped since the project doesn't pin python deps in a manifest yet. - kdb/adr/template.md: lowercase headers and bullets to match the README/AGENTS style convention. existing 11 ADRs keep their current uppercase headers; the convention applies to new ADRs going forward. no source code changes. * update headers * upodate infos From f1bc3754e2ddb945d68762b022310e28a94525e9 Mon Sep 17 00:00:00 2001 From: Brenner Cruvinel Date: Tue, 28 Apr 2026 22:06:53 -0300 Subject: [PATCH 05/10] Dev (#12) * Track CODE_OF_CONDUCT.md and CONTRIBUTING.md; finalize .gitignore CODE_OF_CONDUCT.md - reporting email goes to brenner@hoffresearch.com (was the upstream-template placeholder help@notlikeus.dev) - enforcement is by Hoff Research, the project maintainer CONTRIBUTING.md - rewritten from the {{PLACEHOLDER}} template into the real one: Hoff Research as maintainer, Brenner Cruvinel as author, real clone URL, real dev-setup commands, real test invocations - explicit code style for Rust (rustfmt + clippy + 300-line cap + SAFETY comments) and Python (ruff py312, line 100, _ prefix for private helpers) - PRs go against dev (not main); release_check.sh is the local pass/fail proxy for CI - bug-report template now asks for file_hash + content_hash + simd backend (the three things needed to reproduce any nest issue) - security vulns: email maintainer privately, do not file public issue. 72-hour acknowledgement target. .gitignore - dropped CODE_OF_CONDUCT.md / CONTRIBUTING.md from the ignore list (they're now real content, must be tracked) - finished the truncated 'kdb/' rationale comment that was left open at end of file LICENSE: unchanged. Already correct ('Copyright (c) 2026 Hoff Research', MIT). * Repoint URLs from brennercruvinel/nest to hoffresearch/nest Repository moved to the Hoff Research org. Three references in CONTRIBUTING.md updated: - fork-from URL (step 1 of 'How to contribute') - clone URL in 'Development setup' - GitHub Issues link in 'Reporting issues' Local git remote also repointed: origin -> git@github.com:hoffresearch/nest.git GitHub auto-redirects from the old URL, but we still want the canonical link in docs to match where the repo actually lives. * Rewrite CODE_OF_CONDUCT and CONTRIBUTING in README plain style Match the README's voice: lowercase headers, plain natural language, no em-dashes, no emoji, no marketing voice. Same content, less ceremony. CODE_OF_CONDUCT.md - sections renamed to lowercase (what we expect, what we do not accept, reporting, enforcement, attribution) - reporting target stays brenner@hoffresearch.com with the 72-hour acknowledgement target - explicit non-discrimination axes (race, gender identity, sexual orientation, disability, religion, age, nationality, experience) CONTRIBUTING.md - lowercase headers, shorter paragraphs, same dev setup + style rules + test commands - links updated to hoffresearch/nest (already done in 97d3dfcb; preserved here) - same security policy, code-style rules per language, 300-line cap reference to ADR 0011 * docs: rewrite architecture, add v0.2.0 changelog, finalize SPEC.md move doc/architecture.md: full rewrite for v0.2. covers section encodings 1/2/3, optional sections 0x07 (HNSW) / 0x08 (BM25), four hashes, SIMD dispatcher, search-text + model_fingerprint, presets, full Rust + Python + CLI surface. the old version still described v0.1 (flat exact only, encoding=0 only). doc/changelog.md: new v0.2.0 entry covering the 6-phase production-ready push. all section headers lowercased; legacy URL truw/nest -> hoffresearch/nest in the [0.1.0] release link. doc/usage.md: lowercase headers, em-dashes removed. content already accurate from earlier session. doc/spec.md: finalize the move from root SPEC.md (was uncommitted since session start). 9 references repointed across README, CONTRIBUTING, ADRs 0001/0003/0005/0006/0007, and tests/test_e2e.py. AGENTS.md: rewrite in plain README style. now covers v0.2 commands (search-ann, search-text, benchmark --madvise-cold), encodings, SIMD, model_fingerprint, file hygiene rule, and the 11 ADRs. Cargo.toml: bump workspace version 0.1.0 -> 0.2.0; repository URL truw/nest -> hoffresearch/nest. simd/neon.rs: allow clippy::incompatible_msrv on dot_f32_f16_neon. float16x4_t and vcvt_f32_f16 are stable since rustc 1.94 but workspace MSRV is 1.85; the lint was added in a recent clippy release. suppress locally rather than bumping the workspace MSRV for a single function. verification: cargo test --release --workspace 134/134 PASS cargo clippy --workspace --all-targets clean cargo fmt --all --check clean python tests/test_e2e.py PASS python tests/test_builder.py PASS python tests/test_search_text_model_hash.py 5/5 PASS ruff check + format clean measure_presets + compare_measure ALL 6 GATES PASS * doc/changelog: drop the historical truw/nest URL line last URL-style reference. brand-name mentions of truw (in README's 'used in production by' list and in database/ for the truw-built/ directory and truw_canonical_ptbr_v2.csv asset) are kept; those are identifiers of real assets, not URL vestiges. * Add instructions to /agentics * readme update * OSS scaffolding: SECURITY.md, dependabot, PR template, lowercase ADR template four small additions to support the protect-main ruleset and to make the repo legible to external contributors: - SECURITY.md: documents private vulnerability reporting (matches the org-level "private vulnerability reporting" toggle), what counts as a security bug vs configuration issue, scope per crate. - .github/PULL_REQUEST_TEMPLATE.md: type checklist + the same gate that release_check.sh runs locally + format-impact prompt that asks contributors to write/update an ADR if they touch the binary layout, hash semantics, or model fingerprint. - .github/dependabot.yml: weekly cargo + github-actions updates, patch-and-minor grouped to keep noise low. pip ecosystem skipped since the project doesn't pin python deps in a manifest yet. - kdb/adr/template.md: lowercase headers and bullets to match the README/AGENTS style convention. existing 11 ADRs keep their current uppercase headers; the convention applies to new ADRs going forward. no source code changes. * update headers * upodate infos From e06c50327bddee8e69ab1c6e0a10640a10549a0b Mon Sep 17 00:00:00 2001 From: Brenner Cruvinel Date: Tue, 28 Apr 2026 22:13:18 -0300 Subject: [PATCH 06/10] fix: sha2 0.11 broke main build, use hex::encode (#13) * Track CODE_OF_CONDUCT.md and CONTRIBUTING.md; finalize .gitignore CODE_OF_CONDUCT.md - reporting email goes to brenner@hoffresearch.com (was the upstream-template placeholder help@notlikeus.dev) - enforcement is by Hoff Research, the project maintainer CONTRIBUTING.md - rewritten from the {{PLACEHOLDER}} template into the real one: Hoff Research as maintainer, Brenner Cruvinel as author, real clone URL, real dev-setup commands, real test invocations - explicit code style for Rust (rustfmt + clippy + 300-line cap + SAFETY comments) and Python (ruff py312, line 100, _ prefix for private helpers) - PRs go against dev (not main); release_check.sh is the local pass/fail proxy for CI - bug-report template now asks for file_hash + content_hash + simd backend (the three things needed to reproduce any nest issue) - security vulns: email maintainer privately, do not file public issue. 72-hour acknowledgement target. .gitignore - dropped CODE_OF_CONDUCT.md / CONTRIBUTING.md from the ignore list (they're now real content, must be tracked) - finished the truncated 'kdb/' rationale comment that was left open at end of file LICENSE: unchanged. Already correct ('Copyright (c) 2026 Hoff Research', MIT). * Repoint URLs from brennercruvinel/nest to hoffresearch/nest Repository moved to the Hoff Research org. Three references in CONTRIBUTING.md updated: - fork-from URL (step 1 of 'How to contribute') - clone URL in 'Development setup' - GitHub Issues link in 'Reporting issues' Local git remote also repointed: origin -> git@github.com:hoffresearch/nest.git GitHub auto-redirects from the old URL, but we still want the canonical link in docs to match where the repo actually lives. * Rewrite CODE_OF_CONDUCT and CONTRIBUTING in README plain style Match the README's voice: lowercase headers, plain natural language, no em-dashes, no emoji, no marketing voice. Same content, less ceremony. CODE_OF_CONDUCT.md - sections renamed to lowercase (what we expect, what we do not accept, reporting, enforcement, attribution) - reporting target stays brenner@hoffresearch.com with the 72-hour acknowledgement target - explicit non-discrimination axes (race, gender identity, sexual orientation, disability, religion, age, nationality, experience) CONTRIBUTING.md - lowercase headers, shorter paragraphs, same dev setup + style rules + test commands - links updated to hoffresearch/nest (already done in 97d3dfcb; preserved here) - same security policy, code-style rules per language, 300-line cap reference to ADR 0011 * docs: rewrite architecture, add v0.2.0 changelog, finalize SPEC.md move doc/architecture.md: full rewrite for v0.2. covers section encodings 1/2/3, optional sections 0x07 (HNSW) / 0x08 (BM25), four hashes, SIMD dispatcher, search-text + model_fingerprint, presets, full Rust + Python + CLI surface. the old version still described v0.1 (flat exact only, encoding=0 only). doc/changelog.md: new v0.2.0 entry covering the 6-phase production-ready push. all section headers lowercased; legacy URL truw/nest -> hoffresearch/nest in the [0.1.0] release link. doc/usage.md: lowercase headers, em-dashes removed. content already accurate from earlier session. doc/spec.md: finalize the move from root SPEC.md (was uncommitted since session start). 9 references repointed across README, CONTRIBUTING, ADRs 0001/0003/0005/0006/0007, and tests/test_e2e.py. AGENTS.md: rewrite in plain README style. now covers v0.2 commands (search-ann, search-text, benchmark --madvise-cold), encodings, SIMD, model_fingerprint, file hygiene rule, and the 11 ADRs. Cargo.toml: bump workspace version 0.1.0 -> 0.2.0; repository URL truw/nest -> hoffresearch/nest. simd/neon.rs: allow clippy::incompatible_msrv on dot_f32_f16_neon. float16x4_t and vcvt_f32_f16 are stable since rustc 1.94 but workspace MSRV is 1.85; the lint was added in a recent clippy release. suppress locally rather than bumping the workspace MSRV for a single function. verification: cargo test --release --workspace 134/134 PASS cargo clippy --workspace --all-targets clean cargo fmt --all --check clean python tests/test_e2e.py PASS python tests/test_builder.py PASS python tests/test_search_text_model_hash.py 5/5 PASS ruff check + format clean measure_presets + compare_measure ALL 6 GATES PASS * doc/changelog: drop the historical truw/nest URL line last URL-style reference. brand-name mentions of truw (in README's 'used in production by' list and in database/ for the truw-built/ directory and truw_canonical_ptbr_v2.csv asset) are kept; those are identifiers of real assets, not URL vestiges. * Add instructions to /agentics * readme update * OSS scaffolding: SECURITY.md, dependabot, PR template, lowercase ADR template four small additions to support the protect-main ruleset and to make the repo legible to external contributors: - SECURITY.md: documents private vulnerability reporting (matches the org-level "private vulnerability reporting" toggle), what counts as a security bug vs configuration issue, scope per crate. - .github/PULL_REQUEST_TEMPLATE.md: type checklist + the same gate that release_check.sh runs locally + format-impact prompt that asks contributors to write/update an ADR if they touch the binary layout, hash semantics, or model fingerprint. - .github/dependabot.yml: weekly cargo + github-actions updates, patch-and-minor grouped to keep noise low. pip ecosystem skipped since the project doesn't pin python deps in a manifest yet. - kdb/adr/template.md: lowercase headers and bullets to match the README/AGENTS style convention. existing 11 ADRs keep their current uppercase headers; the convention applies to new ADRs going forward. no source code changes. * update headers * upodate infos * remove redundant spec * fix: use hex::encode after sha2 0.11 bump dependabot PR #8 bumped sha2 0.10 -> 0.11. the 0.11 release changes the digest output type from GenericArray (implements LowerHex) to Array (does not). all three call sites that did `format!("sha256:{:x}", digest)` broke at compile time. switch to `format!("sha256:{}", hex::encode(digest))`. hex was already a dependency. behavior is identical (lowercase hex of the same bytes); the golden fixture and 134 tests pass unchanged. three call sites: - crates/nest-format/src/chunk.rs::chunk_id (sha256: of preimage) - crates/nest-format/src/reader/decode.rs::file_hash_hex - crates/nest-format/src/reader/decode.rs::content_hash_hex verification: cargo test --release --workspace 134/134 PASS cargo clippy --workspace --all-targets clean --- README.md | 1 - crates/nest-format/src/chunk.rs | 2 +- crates/nest-format/src/reader/decode.rs | 4 ++-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2d8b5ade..92ff0aaa 100644 --- a/README.md +++ b/README.md @@ -145,7 +145,6 @@ with `reproducible=True` (the script default) two operators get byte-identical ` - `database/README.md` for what each upstream dataset is and how to rebuild the corpus - `doc/architecture.md` for binary layout, API surface, errors, versioning - `doc/usage.md` for the eight commands, presets, offline mode, citations -- `doc/spec.md` for the byte-by-byte format - `kdb/adr/` for architectural decision records (0001 through 0011) - `doc/changelog.md` for v0.1 to v0.2 deltas diff --git a/crates/nest-format/src/chunk.rs b/crates/nest-format/src/chunk.rs index aa5de4f7..9623e2f1 100644 --- a/crates/nest-format/src/chunk.rs +++ b/crates/nest-format/src/chunk.rs @@ -55,7 +55,7 @@ pub fn chunk_id( h.update(byte_end.to_le_bytes()); write_lp(&mut h, chunker_version.as_bytes()); let digest = h.finalize(); - format!("sha256:{:x}", digest) + format!("sha256:{}", hex::encode(digest)) } fn write_lp(h: &mut Sha256, bytes: &[u8]) { diff --git a/crates/nest-format/src/reader/decode.rs b/crates/nest-format/src/reader/decode.rs index e3e50f89..d059fe57 100644 --- a/crates/nest-format/src/reader/decode.rs +++ b/crates/nest-format/src/reader/decode.rs @@ -40,7 +40,7 @@ impl<'a> NestView<'a> { pub fn file_hash_hex(&self) -> String { use sha2::{Digest, Sha256}; let h = Sha256::digest(self.data); - format!("sha256:{:x}", h) + format!("sha256:{}", hex::encode(h)) } /// `sha256:` of the canonical sections in the order fixed by spec @@ -62,6 +62,6 @@ impl<'a> NestView<'a> { h.update((bytes.len() as u64).to_le_bytes()); h.update(bytes.as_ref()); } - Ok(format!("sha256:{:x}", h.finalize())) + Ok(format!("sha256:{}", hex::encode(h.finalize()))) } } From 1a57fa3c2a3f34bff21439efb487f1b154c2da8f Mon Sep 17 00:00:00 2001 From: Brenner Cruvinel Date: Tue, 28 Apr 2026 22:45:23 -0300 Subject: [PATCH 07/10] merge old (#14) --- AGENTS.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index fb27d5bb..b53845eb 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -116,8 +116,7 @@ these are documented honest limitations of the current code, not bugs to silentl - `doc/architecture.md`: binary layout, API surface, errors, versioning, four hashes, SIMD dispatcher, search contract. - `doc/usage.md`: 10-section how-to for the 8 commands, presets, offline mode, citations. - `doc/changelog.md`: v0.1.0 and v0.2.0 deltas. -- `doc/spec.md`: byte-by-byte format spec, the canonical reference for any external implementer. -- `kdb/adr/`: 11 architectural decision records (0001 through 0011). every irreversible decision lives here. +- `kdb/adr/`: architectural decisions records every product/feature/business irreversible decision lives here. - `database/README.md`: what each upstream PT-BR dataset is and how to rebuild the unified corpus. - `CONTRIBUTING.md`: external contributor flow. - `CODE_OF_CONDUCT.md`: contributor covenant 2.1, lowercase plain-style. From d81c5831ee6e671d26059ed6298496dc50c837cd Mon Sep 17 00:00:00 2001 From: Brenner Cruvinel Date: Tue, 28 Apr 2026 22:57:06 -0300 Subject: [PATCH 08/10] =?UTF-8?q?dev=20=E2=86=92=20main:=20sha2=200.11=20h?= =?UTF-8?q?ex::encode=20fix=20+=20docs/scaffolding=20sync=20(#15)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index d78d8876..75c96048 100644 --- a/.gitignore +++ b/.gitignore @@ -5,7 +5,8 @@ *.so *.dylib *.dll - +kdb/ +adr/ # Python __pycache__/ *.py[cod] From 9899ab69f1c15441b92d0a5f44b066fde8a4b311 Mon Sep 17 00:00:00 2001 From: Brenner Cruvinel Date: Tue, 28 Apr 2026 23:09:08 -0300 Subject: [PATCH 09/10] Update issue templates update issues templates --- .github/ISSUE_TEMPLATE/bug_report.md | 38 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 ++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..dd84ea78 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Desktop (please complete the following information):** + - OS: [e.g. iOS] + - Browser [e.g. chrome, safari] + - Version [e.g. 22] + +**Smartphone (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..bbcbbe7d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. From dd40cc80d81d4dade75ffd3f06a460e625d1bea5 Mon Sep 17 00:00:00 2001 From: Brenner Cruvinel Date: Tue, 28 Apr 2026 23:48:44 -0300 Subject: [PATCH 10/10] updatebdev tools (#16) --- .github/ISSUE_TEMPLATE/bug_report.md | 65 +++++++++++++---------- .github/ISSUE_TEMPLATE/feature_request.md | 44 ++++++++++----- 2 files changed, 70 insertions(+), 39 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index dd84ea78..691c6aba 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,38 +1,49 @@ --- -name: Bug report -about: Create a report to help us improve +name: bug report +about: report a defect in the nest format, runtime, cli, or python bindings title: '' -labels: '' +labels: bug assignees: '' - --- -**Describe the bug** -A clear and concise description of what the bug is. + + +## summary + + + +## reproduction + + + +``` +$ nest ... +``` + +## expected vs actual + + + +- expected: +- actual: -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error +## environment -**Expected behavior** -A clear and concise description of what you expected to happen. +- nest version / commit: +- os + arch: +- rust toolchain (`rustc --version`): +- python (`python3 --version`): +- embedding model (if relevant): -**Screenshots** -If applicable, add screenshots to help explain your problem. +## scope -**Desktop (please complete the following information):** - - OS: [e.g. iOS] - - Browser [e.g. chrome, safari] - - Version [e.g. 22] +- [ ] binary format / hash semantics +- [ ] runtime / search contract +- [ ] cli +- [ ] python bindings +- [ ] build / release tooling +- [ ] docs only -**Smartphone (please complete the following information):** - - Device: [e.g. iPhone6] - - OS: [e.g. iOS8.1] - - Browser [e.g. stock browser, safari] - - Version [e.g. 22] +## additional context -**Additional context** -Add any other context about the problem here. + diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index bbcbbe7d..07f1352d 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,20 +1,40 @@ --- -name: Feature request -about: Suggest an idea for this project +name: feature request +about: propose a change to nest format, runtime, cli, python bindings, or docs title: '' -labels: '' +labels: enhancement assignees: '' - --- -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + + +## summary + + + +## scope + +- [ ] binary format / hash semantics +- [ ] runtime / search contract +- [ ] cli +- [ ] python bindings +- [ ] build / release tooling +- [ ] docs only + +## proposal + + + +## alternatives + + + +## format / runtime impact + + -**Describe the solution you'd like** -A clear and concise description of what you want to happen. +n/a -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. +## additional context -**Additional context** -Add any other context or screenshots about the feature request here. +