cdeust · cdeust · May 31, 2026 · May 31, 2026 · May 31, 2026 · May 31, 2026
diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json
@@ -0,0 +1,104 @@
+{
+  "name": "cortex",
+  "description": "Persistent memory for Claude Code — remembers across sessions automatically. Install and forget. Scientific retrieval backed by 41 published papers.",
+  "version": "3.14.13",
+  "author": {
+    "name": "Clement Deust",
+    "email": "admin@ai-architect.tools"
+  },
+  "homepage": "https://github.com/cdeust/Cortex",
+  "repository": "https://github.com/cdeust/Cortex",
+  "license": "MIT",
+  "keywords": [
+    "memory",
+    "persistent",
+    "mcp",
+    "claude-code",
+    "neuroscience",
+    "agents"
+  ],
+  "mcpServers": "./.mcp.json",
+  "postInstall": {
+    "command": "bash ${CLAUDE_PLUGIN_ROOT}/scripts/install-plugin.sh",
+    "message": "Installing Cortex (PostgreSQL + pgvector + Python deps + embedding model) and removing any stale older Cortex installs..."
+  },
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash -c 'PY=$(command -v python3 || command -v python) && ROOT=\"${CLAUDE_PLUGIN_ROOT:-$PWD}\" && \"$PY\" \"$ROOT/scripts/launcher.py\" mcp_server.hooks.session_start'",
+            "timeout": 30
+          }
+        ]
+      }
+    ],
+    "UserPromptSubmit": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash -c 'PY=$(command -v python3 || command -v python) && ROOT=\"${CLAUDE_PLUGIN_ROOT:-$PWD}\" && \"$PY\" \"$ROOT/scripts/launcher.py\" mcp_server.hooks.auto_recall'",
+            "timeout": 5
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash -c 'PY=$(command -v python3 || command -v python) && ROOT=\"${CLAUDE_PLUGIN_ROOT:-$PWD}\" && \"$PY\" \"$ROOT/scripts/launcher.py\" mcp_server.hooks.post_tool_capture'",
+            "timeout": 10
+          },
+          {
+            "type": "command",
+            "command": "bash -c 'PY=$(command -v python3 || command -v python) && ROOT=\"${CLAUDE_PLUGIN_ROOT:-$PWD}\" && \"$PY\" \"$ROOT/scripts/launcher.py\" mcp_server.hooks.preemptive_context'",
+            "timeout": 5
+          },
+          {
+            "type": "command",
+            "command": "bash -c 'PY=$(command -v python3 || command -v python) && ROOT=\"${CLAUDE_PLUGIN_ROOT:-$PWD}\" && \"$PY\" \"$ROOT/scripts/launcher.py\" mcp_server.hooks.pipeline_impact_bump'",
+            "timeout": 5
+          }
+        ]
+      }
+    ],
+    "SessionEnd": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash -c 'PY=$(command -v python3 || command -v python) && ROOT=\"${CLAUDE_PLUGIN_ROOT:-$PWD}\" && \"$PY\" \"$ROOT/scripts/launcher.py\" mcp_server.hooks.session_lifecycle'",
+            "timeout": 30
+          }
+        ]
+      }
+    ],
+    "Notification": [
+      {
+        "matcher": "compacted",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash -c 'PY=$(command -v python3 || command -v python) && ROOT=\"${CLAUDE_PLUGIN_ROOT:-$PWD}\" && \"$PY\" \"$ROOT/scripts/launcher.py\" mcp_server.hooks.compaction_checkpoint'",
+            "timeout": 10
+          }
+        ]
+      }
+    ],
+    "SubagentStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash -c 'PY=$(command -v python3 || command -v python) && ROOT=\"${CLAUDE_PLUGIN_ROOT:-$PWD}\" && \"$PY\" \"$ROOT/scripts/launcher.py\" mcp_server.hooks.agent_briefing'",
+            "timeout": 5
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/.memsearch/.index.pid b/.memsearch/.index.pid
@@ -0,0 +1 @@
+51120
diff --git a/.memsearch/memory/2026-05-27.md b/.memsearch/memory/2026-05-27.md
@@ -0,0 +1,60 @@
+
+## Session 15:49
+
+### 15:49
+<!-- session:1436d63b-5d2b-4951-b71f-438a7947d536 turn:5e6f3973-ed05-45c7-97a6-c6868fc30baf transcript:/Users/cdeust/.claude/projects/-Users-cdeust-Documents-Developments-Cortex/1436d63b-5d2b-4951-b71f-438a7947d536.jsonl -->
+- User reported being unable to run commands due to network restrictions in Geneva; Claude Code attempted to probe login shell for PyPI credentials but was blocked by a guardrail that classified it as credential exploration.
+
+- Claude Code investigated the actual publishing situation and discovered PyPI publishing was deliberately removed on 2026-04-25 (ADR-0050), with Cortex using marketplace-only distribution; the real gap was that v3.17.1 shipped the security fix code but marketplace.json still advertised version 3.17.0, preventing update prompts.
+
+- Claude Code bumped `.claude-plugin/marketplace.json` (both version fields) and `pyproject.toml` from 3.17.1 to 3.17.2, committed as `e5d2e16`, and pushed to main.
+
+- Claude Code created and pushed tag v3.17.2, manually created a GitHub Release to trigger the marketplace publish workflow immediately, and verified the `publish-ccplugins.yml` run (26515060666) succeeded in 10s—the security fix is now advertised to the marketplace.
+
+- Claude Code restored the removed `build` and `publish-pypi` jobs into `release.yml` as a deprecated channel (reusing the existing OIDC trusted-publisher entry), updated README.md to clarify marketplace as the only supported path, closed PR #48, and committed as `9c9b659`.
+
+- Final state: main at `9c9b659`, marketplace advertises 3.17.2, security fix delivered via supported channel, PyPI reinstated as deprecated for next releases, no PyPI web-UI reconfiguration required.
+
+
+## Session 15:55
+
+### 15:55
+<!-- session:1436d63b-5d2b-4951-b71f-438a7947d536 turn:288bb2e5-c598-46a9-952d-6fc1afb36d65 transcript:/Users/cdeust/.claude/projects/-Users-cdeust-Documents-Developments-Cortex/1436d63b-5d2b-4951-b71f-438a7947d536.jsonl -->
+- User requested Claude Code to credit the advisory and close it.
+- Claude Code checked advisory GHSA-gvpp-v77h-5w8g state and found EQSTLab already credited+accepted as reporter, advisory published since 2026-05-27T12:12:49Z, CVE ID null.
+- Claude Code clarified that "close" for a published advisory could mean withdraw (destructive) or request CVE (finalization), and asked user for disambiguation.
+- User chose to request CVE while keeping the advisory published.
+- Claude Code issued POST request to `/repos/cdeust/Cortex/security-advisories/GHSA-gvpp-v77h-5w8g/requests_for_cve` (202 Accepted); verified final state shows advisory published, EQSTLab credited, CVE request queued (async assignment pending).
+- Claude Code summarized complete security work: fix merged (5d22091), v3.17.2 shipped, PyPI reinstated as deprecated, sibling repos audited clean.
+
+
+## Session 16:53
+
+### 16:53
+<!-- session:1436d63b-5d2b-4951-b71f-438a7947d536 turn:0fd3111c-7367-4f2e-9622-3d108bc12cc5 transcript:/Users/cdeust/.claude/projects/-Users-cdeust-Documents-Developments-Cortex/1436d63b-5d2b-4951-b71f-438a7947d536.jsonl -->
+- User requested that Claude Code clean up WIP branches to reduce clutter.
+- Claude Code surveyed all branches and stashes, identified 4 unmerged local branches, checked PR merge status via git diff, and confirmed which were safe to delete.
+- Claude Code deleted two merged branches (`security/ghsa-gvpp-v77h-5w8g` via PR #47, `fix/mcp-remember-recall-schemas` via PR #45) locally and remotely, and pruned stale remote refs.
+- Claude Code characterized the two remaining WIP branches (`wip/layout-authority-sse-streaming` with 1 commit on graph-load streaming, `wip/conversational-theme-recall` with 5 commits on theme-grounded recall) and asked user whether to keep or delete each.
+- User chose to keep `wip/layout-authority-sse-streaming` and delete `wip/conversational-theme-recall`; Claude Code deleted the latter locally and remotely.
+- Claude Code dropped 3 junk stashes tied to now-deleted branches and merged PRs, preserved 2 stashes related to the layout-authority work, and left 2 large orphaned stashes untouched.
+
+
+## Session 17:42
+
+### 17:41
+<!-- session:1436d63b-5d2b-4951-b71f-438a7947d536 turn:172b7c15-5696-4454-b1cf-c41d02d57906 transcript:/Users/cdeust/.claude/projects/-Users-cdeust-Documents-Developments-Cortex/1436d63b-5d2b-4951-b71f-438a7947d536.jsonl -->
+- User requested that Claude Code rebase the `wip/layout-authority-sse-streaming` branch onto main (122 commits behind) to enable a clean PR without losing the SSE/layout-authority work being modified.
+
+- Claude Code backed up the branch, applied two stashes (streaming refactor + cochrane doc, frontend bits), removed vendored `deps/` junk, squashed to one commit, and rebased onto main, resolving 3 conflicts in `http_standalone.py`, `polling.js`, and `unified-viz.html` by keeping both old and new route logic.
+
+- Verified rebase success: branch now 0 behind main with 2 commits, security fix intact, streaming work wired, all imports OK, 26/26 layout-authority tests pass.
+
+- Launched viz server to measure SSE streaming performance and discovered three bugs: (1) build never reached `baseline_ready` because `__global__` domain node was excluded from batches due to offset captured after `_ensure_domain`, (2) `_observe_pressure()` was O(N×files) summing `pending_symbols` on every emit (86k-edge batch pinned CPU for minutes), (3) native AST parse ran synchronously before streaming started.
+
+- Fixed all three bugs: moved offset capture before `_ensure_domain`, replaced `sum()` with O(1) counter (90k emits now 0.23s), deferred native AST parse in streaming mode; committed as `6283f3e`.
+
+- After fixes, graph completes and shows cleanly (135k–138k nodes, 166k–169k edges), but first-paint is ~100s on the large DB due to synchronous load/ingest of baseline (107k memories, 86k edges, 22k entities) before streaming begins; identified skeleton-first staging as the focused path to sub-second first-paint.
+
+- Branch is PR-ready; Claude Code asked user whether to push PR now or wire skeleton-first staging first.
+