Command Center

  67 | ## Human Management UI Console
  68 | 
  69 | Purpose: show operators LNSAT state without asking them to inspect SQL/logs.
  70 | 
  71 | Screens:
  72 | 
  73 | - Home / Command Center: current state, active packet, next packet, blocked
  74 |   scopes, health checks, recent evidence, allowed actions, approval-required
  75 |   actions.
  76 | - Knowledge / Wiki: source index search, citations, stale/conflict flags, source
  77 |   ownership, packet/decision links, context bundle preview.
  78 | - Packets: active/queued/completed packets, acceptance checks, evidence links,
  79 |   verification status, next action, rollback notes.
  80 | - Agents: profiles, allowed capabilities, current assignments, context bundles
  81 |   used, boundary status, handoff prompts.
  82 | - Approvals: requested action, source refs, risk rating, policy decision,
  83 |   rollback plan, audit obligations. MVP is read-only preview.
  84 | - Audit: event previews, filters by agent/packet/action/source/risk, warning that
  85 |   DB persistence is not live yet.
  86 | - Substrates / Nodes: repos, services, DBs, machines, adapters, current
  87 |   inventory/evidence mode, blocked live actions.
  88 | - Runtime Readiness: dry-run proof chain, missing gates, why live invocation is
  89 |   blocked, packet needed to open next scope.
  90 | - Settings / Policy: policy gates, role model, risk thresholds, source
  91 |   allowlists, connector approval matrix.
  92 | 
  93 | UI principles:
  94 | 
  95 | - operator-first, dense, practical;
  96 | - no landing page;
  97 | - status and evidence visible;
  98 | - blocked/live boundaries clear;
  99 | - every answer links back to source evidence.
 100 | 
 101 | BP-0185 records the concrete management UI screen contracts in
 102 | `docs/architecture/MANAGEMENT_UI_INFORMATION_ARCHITECTURE.md`. BP-0186 may
 103 | implement only the read-only Command Center overview from existing source
 104 | evidence. BP-0186 is now complete and makes the Command Center the web first
 105 | screen.
 106 | 
 107 | BP-0187 is now complete and renders the read-only Knowledge/Wiki console after
 108 | the Command Center. It uses allowlisted repo-local source snapshots with the
 109 | existing BP-0183 local repo knowledge index and BP-0184 search/context bundle
 110 | functions. It shows search panels, source records, citations/source refs,
 111 | stale/conflict/risk flags, context bundle preview, source expansion, and blocked
 112 | knowledge actions without opening Gateway routes, MCP tools, DB, embeddings,
 113 | source editing, approval mutation, runtime/live execution, Docker, node-agent,
 114 | Git runner, deploy, or credential behavior.
 115 | 
 116 | BP-0188 is now complete and adds the source-only eval harness over the BP-0183
 117 | and BP-0184 knowledge path. It provides default golden questions for current
 118 | packet, blocked scopes, approval needs, post-BP-0180 direction, stale/conflict
 119 | detection, and live-scope widening rejection, plus deterministic answer fixtures
 120 | that verify source citations and fail uncited, stale-unflagged,
 121 | credential-like, side-effect, live-collection, and live-widening cases without
 122 | raw rejected value echo.
 123 | 
 124 | BP-0189 is now complete and adds
 125 | `docs/architecture/PERSISTENCE_SCHEMA_PLAN.md`. The plan maps file-derived
 126 | knowledge records, source refs, source snapshots, chunks, context bundles, eval
 127 | runs, audit events, approval requests, agent sessions, packet runs, and future
 128 | embeddings to future Postgres/pgvector targets. It remains docs-only and opens
 129 | no DB connection/write, writer, migration, live storage, embedding generation,
 130 | Gateway route, MCP tool, runtime/live execution, Docker, node-agent, Git runner,
 131 | deploy, queue, or credential behavior.
 132 | 
 133 | ## Gateway Read APIs
 134 | 
 135 | MVP route plan:
 136 | 
 137 | - `GET /v1/knowledge/sources`
 138 | - `GET /v1/knowledge/search`
 139 | - `POST /v1/knowledge/context/compile`
 140 | - `GET /v1/build/state`
 141 | - `GET /v1/management/overview`
 142 | 
 143 | Later, after policy/audit persistence:
 144 | 
 145 | - source ref expansion API
 146 | - stale/conflict report API
 147 | - approval mutation API
 148 | - persisted audit/search/event APIs
 149 | 
 150 | ## Persistence Later
 151 | 
 152 | No database is required for BP-0182 through BP-0188. File-derived deterministic
 153 | indexing comes first.
 154 | 
 155 | Later schema planning needs:
 156 | 
 157 | - knowledge records
 158 | - audit events
 159 | - source snapshots
 160 | - embeddings/pgvector table
 161 | - approval requests
 162 | - agent sessions
 163 | - packet runs
 164 | - retention policy
 165 | - migration approval workflow
 166 | 
 167 | ## Research Anchors
 168 | 
 169 | Primary-source patterns converted into LNSAT rules:
 170 | 
 171 | - OpenAI accuracy guidance treats RAG as retrieval plus generation and calls out
 172 |   retrieval as its own optimization axis. LNSAT therefore tests retrieval before
 173 |   model answers.
 174 | - OpenAI agent evals and trace grading support reproducible agent-quality checks.
 175 |   LNSAT therefore makes golden questions and trace/evidence grading part of the
 176 |   platform, not a later QA afterthought.
 177 | - Anthropic citation docs emphasize document-backed citations for verifiable
 178 |   answers. LNSAT therefore stores exact source refs on every record and context
 179 |   bundle.
 180 | - Anthropic computer-use docs require sandboxing/minimal privilege for tool
 181 |   execution. LNSAT therefore keeps MCP as adapter only and Gateway as the
 182 |   boundary before any tool/runtime action.
 183 | - Google Vertex AI grounding docs define grounding as tying model output to
 184 |   verifiable sources for auditability. LNSAT therefore treats source refs and
 185 |   evidence bundles as first-class UI/API objects.
 186 | - Google grounding checks score whether generated claims are supported by facts.

 259 | ## Build Packet Sequence
 260 | 
 261 | - BP-0181: MVP Internal Knowledge Surface Direction.
 262 | - BP-0182: Local Knowledge Record Model.
 263 | - BP-0183: Local Repo Knowledge Index.
 264 | - BP-0184: Knowledge Search + Context Bundle.
 265 | - BP-0185: Management UI Information Architecture.
 266 | - BP-0186: Management Overview UI MVP.
 267 | - BP-0187: Knowledge UI MVP. Complete.
 268 | - BP-0188: Eval Harness. Complete.
 269 | - BP-0189: Persistence Plan. Complete.
 270 | - BP-0190: Approval Center Plan/UI Preview. Complete.
 271 | - BP-0192: Read-Only Knowledge Gateway API Contract. Complete.
 272 | - BP-0193: Auth And User-Owned Integration Boundary. Complete.
 273 | - BP-0194: Settings Policy Auth Posture UI Preview. Complete.
 274 | - BP-0195: Read-Only MCP Knowledge Surface Contract. Complete.
 275 | - BP-0196: Read-Only Packet Management UI Preview. Queued next.
 276 | 
 277 | BP-0190 completed the approval-preview-only surface. It did not open
 278 | approve/deny mutation, DB writer, queue, runtime dispatcher, live execution,
 279 | Gateway write route, state-changing MCP tool, deploy, or credential behavior.
 280 | BP-0192 opened only a read-only Gateway knowledge API contract over existing
 281 | source-derived knowledge/search/context evidence. It also exposed source
 282 | evidence that LNSAT is independent open source, self-deployable, user-owned for
 283 | integrations, not locked to one auth provider, and not wired to a live auth
 284 | provider.
 285 | 
 286 | BP-0195 completed the first agent-facing MCP knowledge surface:
 287 | `lnsat.knowledge.surface.inspect`. It exposes only read-only source/search/
 288 | context inspection through Gateway knowledge contracts and keeps open
 289 | source/self-deploy, user-owned integration, auth-provider-unlocked, no-live,
 290 | source refs, citations, stale/conflict warnings, risk flags, and
 291 | `side_effects: []` visible to agents. BP-0196 may open only a read-only Packets
 292 | UI preview from repo-local build docs. It must not add packet mutation, Git,
 293 | deploy, runtime dispatch, DB/write, queue, auth provider wiring, connector
 294 | setup, external service calls, or credential behavior.

  15 | ## Objective
  16 | 
  17 | Build the pure TypeScript knowledge record model that will anchor the agent
  18 | internal wiki/RAG system before scanners, search, Gateway routes, MCP tools, UI,
  19 | or persistence exist.
  20 |