Skip to content

Add incremental Messages archive and search#108

Open
jmcte wants to merge 5 commits into
mainfrom
codex/issue-95-messages-archive
Open

Add incremental Messages archive and search#108
jmcte wants to merge 5 commits into
mainfrom
codex/issue-95-messages-archive

Conversation

@jmcte

@jmcte jmcte commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add an internal, read-only Messages archive adapter backed by consistent SQLite/WAL snapshots
  • persist bounded cursors, source fingerprints, deduplicated message ids, group-chat identity, and safe deletion tombstones
  • add versioned local archive search with metadata/body separation
  • require explicit body retention and separate confirmation for body search; keep send/react/actions out of scope

Governing Issue

Closes #95

Validation

  • Relevant local checks passed

  • Required PR checks are expected to satisfy CI Gate

  • Skipped checks are explained below

  • swift test --disable-sandbox — 134 tests passed

  • bash scripts/ci/run-fast-checks.sh — passed; 88.83% source line coverage, mutation checks, debug and release builds passed

  • synthetic DB tests cover cursor resume, deduplication, group chats, deletion tombstones, redaction, body retention, and untrusted batch rejection

No checks skipped.

Bootstrap Governance

  • Changes are scoped to the linked issue
  • Contributor or PR guidance changes are reflected in CONTRIBUTING.md, .github/PULL_REQUEST_TEMPLATE.md, and docs/bootstrap/onboarding.md when applicable
  • PR author enabled auto-merge where GitHub allows it, or GitHub plan-limit evidence/unavailable reason is recorded and the fallback merge-readiness policy applies
  • No real secrets, runtime auth, or machine-local env files are committed

No contributor guidance changed. This PR is stacked on #101#104 and remains draft until those foundations merge.

Flow Contract

  • Owner lane: Hermes native data provider
  • Repair owner: jmcte
  • Autonomy class: review-gated implementation
  • Risk class: security-sensitive local Messages metadata

Flow Merge Readiness

  • Every blocker has a next actor and next action
  • No active blocking requested changes remain
  • Non-author approval is present when required
  • PR author enabled auto-merge where GitHub allows it, or recorded why it is unavailable/unsafe

Next actor: foundation reviewers, then independent security and architecture review.

Merge Automation

  • PR author enabled auto-merge with gh pr merge --auto --squash, or the reason it is unavailable/unsafe is noted below

Auto-merge is deferred only while this PR is stacked on #101#104.

Notes

  • External archive JSON cannot self-authorize sensitive body fields; only the internally gated Messages adapter can opt them in.
  • Attachments, attributed-body blobs, send, react, SIP changes, private-framework injection, and remote export are explicitly excluded.

Expose a deterministic metadata-only provider registry through JSON and text output, covering every current Apple-data command family with maturity, source, permission, sensitivity, capability, and polling declarations. Document the v1 compatibility policy.\n\nCloses #89.
Add a private read-only SQLite snapshot engine with WAL and SHM companions, query-only enforcement, busy and process timeouts, structured failures, and deterministic cleanup. Migrate Messages and Safari history and document remaining providers.\n\nCloses #90.
Add explicit scan and wall-clock budgets, structured crawl reports, cancellable Drive enumeration, Finder-tag budget metadata, and redacted watch partial-success envelopes. Extend the live audit with explicit budgets and aggregate outcomes.\n\nCloses #92.
Define versioned archive sync, storage, status, migration, retention, and privacy contracts with idempotent upserts, explicit tombstones, bounded attempts, persisted freshness and counts, private atomic files, and fail-closed sensitivity gates.\n\nCloses #93.
Archive bounded Messages metadata from consistent snapshots with cursors, deduplication, deletion tombstones, source fingerprints, and versioned search. Keep bodies behind explicit retention and confirmation gates and exclude all action capabilities.
@jmcte
jmcte marked this pull request as ready for review July 13, 2026 07:29
@jmcte
jmcte requested a review from a team as a code owner July 13, 2026 07:29
@jmcte
jmcte enabled auto-merge (squash) July 13, 2026 07:30

@Hermes-omt Hermes-omt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review deferred: the live head 2d6816c is merge-conflicted with main (mergeable=false, mergeable_state=dirty). Rebase/update this branch onto main, resolve conflicts, and wait for fresh CI before substantive review. Node-local exact-head inspection and Messages archive tests completed successfully, but this stale/conflicted head cannot be approved.

@athena-omt athena-omt added status:needs-review PR is ready for Athena review. review:athena Athena review governance requested. labels Jul 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

review:athena Athena review governance requested. status:needs-review PR is ready for Athena review.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

v2: Add a consistent incremental Messages archive and search

3 participants