Canonical name strings for the legacy v1 flat config keys (plus the
[embeddings] section name) that appear on multiple production
sites (#1558). Shared between the AppConfig surface in this file
(the manual Debug impl + warn_unknown_top_level_keys) and the
ai-memory config migrate rewriter in
src/cli/commands/config.rs, so each key spelling has one source
of truth. The serde wire names themselves derive from the
AppConfig field identifiers (no #[serde(rename)]), so serde
needs no literal at all.
v0.7.0 SHIP cluster (#946 / #957 / #960 / #961, 2026-05-20) —
[admin] top-level block. The operator-configured allowlist of
agent_ids whose authenticated HTTP requests are treated as
admin-class callers, granting full cross-tenant visibility on
endpoints whose payloads necessarily expose corpus-scale
metadata (GET /api/v1/export, GET /api/v1/agents,
GET /api/v1/stats, the POST /api/v1/quota/status list path).
[boot] block in config.toml. Drives the privacy kill-switch +
title-redaction behaviour of ai-memory boot. Both fields default
to the historical (pre-v0.6.3.1) behaviour so existing users see no
change.
Legacy (v1) capabilities shape — the structure shipped before the
v0.6.3.1 honesty patch. Returned only when a client opts in via
Accept-Capabilities: v1 (HTTP) or the MCP accept argument set
to "v1". Default response is v2.
v0.7.0 capabilities schema (A1 increment). Additive over Capabilities
(v2): the top-level summary field carries a pre-computed,
plain-language description of the LLM’s operational tool surface so
reasoning-class LLMs converge on accurate first-answer descriptions
without having to traverse families[] and count manually.
Compaction block (capabilities schema v2). v0.8 Pillar 2.5 work —
reports {planned, version, enabled} plus optional run stats. The
honesty patch (P1) replaced the bare enabled: false with the
planned-feature shape so operators can distinguish “feature exists
but disabled” from “feature not in this build”.
Hook-pipeline block (capabilities schema v2). Pre-v0.7 reports webhook
subscriptions as the closest analogue. The full hook pipeline lands in
v0.7 Bucket 0 (arch-enhancement-spec §2).
Permissions block (capabilities schema v2). Pre-P4 reports a live
count of namespace standards carrying a metadata.governance policy;
the full enforcement gate lands in P4. The honesty patch (P1)
renames the mode from "ask" (which implied an interactive prompt
loop) to "advisory" (governance metadata is recorded but not
enforced).
v0.7.0 #973 Item C — substrate-layer provenance posture. Lets an
LLM agent self-describe ai-memory’s do-calculus
intervention/observation distinction (Pearl 2009) per Ortega &
de Freitas (2026) framing. Honesty discipline: every
enforcement_layers entry must map to a shipped substrate
primitive in source.
Sidechain-transcript block (capabilities schema v2). v0.7 Bucket 1.7
work — reports {planned, version, enabled} until the subsystem
ships. The honesty patch (P1) replaced the bare enabled: false
with the planned-feature shape.
v0.7.0 Cluster G (#767) — [confidence] config block. Carries the
retention window for confidence_shadow_observations consumed by
the periodic GC sweep wired into daemon_runtime::spawn_gc_loop.
v0.7.0 Gap 4 (#887) — the three thresholds powering the
ConfidenceTier enum. confirmed and likely are inclusive
lower bounds; ambiguous is the implicit floor (everything below
likely).
[hooks.subscription] sub-block. K7 ships one knob today
(hmac_secret); future K-track work may add per-event opt-out
filters or alternate signing algorithms.
v0.7.x (#1146) — [llm.auto_tag] sub-table. Fast structured-output
sibling of LlmSection. Fields fall back to the parent [llm]
section field-by-field when unset; commonly only model is
overridden to point at a faster model (default gemma3:4b,
~0.7s p50 vs ~15s p50 for thinking-mode Gemma 4 per L15 patch).
[mcp] block in config.toml — v0.6.4 addition. Today this only
carries the named tool profile. v0.6.4 Track D will extend with
[mcp.allowlist] for per-agent capability gating.
[permissions] block in config.toml. Carries the gate’s
enforcement posture and (v0.7.0 K9) the declarative rule list
the unified crate::permissions::Permissions::evaluate
pipeline consults before mode + hook fall-through.
Snapshot of decision counts per mode since process start. Surfaced
by ai-memory doctor and the capabilities permissions block so
operators can verify the gate is wired and observe drift between
“policies advertised” and “policies enforced”.
Generic “planned but not implemented” marker used by v2 capability
fields whose underlying subsystem is on the roadmap but not in this
build. Operators reading the JSON can distinguish “disabled but
available” from “not in this build” by inspecting planned.
v0.7.0 (issue #518) — operator-configured recall defaults. Each
field is optional; when present and the inbound recall request
omits the corresponding axis AND passes session_default=true, the
handler splices in the configured value before dispatching to the
storage layer.
v0.7.0 L2-8 — per-field report of the reflection-aware reranker
boost surfaced through memory_capabilities. Mirrors
crate::reranker::ReflectionBoostConfig but expressed in
capability-report shape (serde-friendly, schema-tagged).
Canonical resolved operator-tunable capacity limits. Produced by
AppConfig::resolve_limits. Consumed at daemon boot to install the
quota-row auto-insert defaults (crate::quotas::set_quota_defaults)
and the HTTP list/bulk page-size cap (AppState::max_page_size).
Canonical resolved-LLM configuration. Produced by
AppConfig::resolve_llm. Every LLM-init surface (MCP stdio,
HTTP daemon, ai-memory atomise, ai-memory curator,
embed-client fallback, boot banner) consumes this struct rather
than reading raw config / env / tier presets.
v0.7.x (issue #1168) — bundle the three model-resolver outputs into
a single triple consumed by the capabilities surface. Lets callers
thread ONE struct through handle_capabilities_with_conn /
handle_capabilities_with_conn_v3 / build_capabilities_overlay
instead of three independent borrows, and makes the contract loud:
memory_capabilities.models.* reflects the operator-resolved
configuration, NEVER the compiled tier preset.
Resolved scoring values after merging config overrides with compiled
defaults. Half-lives are clamped to the range [0.1, 36_500.0] days
(≈100 years) to keep the decay math well-behaved.
Resolved transcript-lifecycle parameters for a single namespace.
Produced by TranscriptsConfig::resolve and consumed by the I3
sweeper to drive the archive + prune SQL.
v0.7.0 H11 (#628 blocker) — [subscriptions] block. Operator
knobs for the outgoing-webhook surface that are NOT specific to
HMAC signing (which lives under [hooks.subscription]).
Per-namespace overrides nested under
[transcripts.namespaces."<pattern>"]. Each field independently
overrides the TranscriptsConfig global default; an unset field
inherits.
Provenance tag for a resolved Resolved* field’s value, surfaced by
the boot banner and ai-memory doctor so operators can see WHICH
source won the precedence ladder.
Compiled-in default for the post-archive grace window: 7 days.
A transcript whose archived_at is older than this is hard-deleted
by the prune phase; the I2 join table is cleaned up via
ON DELETE CASCADE.
Compiled-in default for the transcript TTL: 30 days. After this
many seconds elapse from created_at AND every memory that links
the transcript has expired (or been deleted), the I3 background
sweeper marks the transcript archived.
v0.7.0 L1-6 — the canonical agent-external action kinds the
substrate gates via the operator-signed rules engine. Matches the
variant set in crate::governance::agent_action::AgentAction
(minus the open-ended Custom extension point).
#1579 B7 — env override for the sqlite PRAGMA mmap_size
([storage].db_mmap_size_bytes), in whole bytes. 0 disables
memory-mapped I/O; negative / unparseable values fall through to
the [storage] section, then to the compiled 256 MiB default
(crate::storage::DEFAULT_DB_MMAP_SIZE_BYTES).
#1598 — env override for the embedding backend selector
([embeddings].backend). Same accepted values as the section
field: ollama, any #1067 alias, or openai-compatible.
#38 — env override for the embedding backfill batch size
([embeddings].backfill_batch). Hoisted from a raw literal in the
resolver per the no-hardcoded-literals discipline (#1598).
v0.7.0 (a) — env override for the postgres pool ceiling
(postgres_pool_max_connections). Byte-matches the name documented
in docs/enterprise-deployment.md §5.6.
v0.7.0 (a) — env override for the postgres pool floor
(postgres_pool_min_connections). Byte-matches the name documented
in docs/enterprise-deployment.md §5.6.
#1604 — env override for the tokenized length of rerank inputs
([reranker].max_seq_tokens), in tokens. Values that are zero,
unparseable, or above the model ceiling
(crate::reranker::CROSS_ENCODER_MAX_SEQ) fall through to the
[reranker] section, then to the compiled default
(crate::reranker::RERANK_MAX_SEQ_DEFAULT).
#1691/n14 — env override for the recall-reranker score floor.
Value grammar (case-insensitive): off | absolute:<f> |
relative:<f> (see crate::reranker::RerankerScoreFloor::parse).
Highest-precedence layer of the score-floor ladder
(env > [reranker].score_floor > compiled default
crate::reranker::RerankerScoreFloor::Off). Unparseable values
fall through to the next layer.
v0.7.0 L1-6 — number of bypass-impossibility tests pinning the
rules-engine activation posture. Tracks the #[test] count in
tests/governance_l16_activation.rs. Bumping this requires both an
audit and a matching test landing in that file.
Compile-time count of HookEvent variants. Updated here when new
variants land; the corresponding enum exhaustiveness check in
src/hooks/timeouts.rs enforces the count at test time.
Canonical skill tool names as registered in
[crate::mcp::registry]. Pinned here (not derived from the registry)
so the capability surface remains a stable, declarative contract;
the regression test
cap_v3_l3_5_skill_tools_match_registered_mcp_dispatch ensures the
two stay in sync.
v0.7.0 H11 — read the process-wide loopback-webhook opt-in.
Returns false when unset (the safe default — loopback URLs are
rejected by the SSRF guard).
v0.7.x (issue #1168) — build the models.* block of the
capabilities report from the resolver-aware
ResolvedModels triple, NOT the compiled tier preset.
v0.7.x (issue #1169) — look up the vector dim for a canonical
embedding model id. Returns None when the model is not in the
KNOWN_EMBEDDING_DIMS table; callers fall back to the tier
preset (preserving pre-#1169 behaviour for unrecognised ids).
#1590 — the operator-configured default namespace, or None when
the operator never explicitly configured one (callers then apply
their historical per-surface default).
#1598 — true when the embedding backend speaks an API wire shape
(OpenAI-compatible /embeddings + Bearer auth) rather than the
local Ollama-native /api/embed shape. "ollama" is the ONLY
non-API backend; every #1067 alias and the generic
openai-compatible escape hatch classify as API backends. Sits
next to [alias_api_key_env_vars_for_resolver] /
[backend_default_base_url] — the alias machinery it complements.
Test-only gate serialising mutations of the process-wide
[CONFIGURED_DEFAULT_NAMESPACE] slot (same pattern as
[lock_permissions_mode_for_test]). Every test that seeds the slot
— or asserts the unseeded default — takes this guard first so
parallel tests cannot observe each other’s transient state.
v0.7.0 (issue #518) — parse a duration string of the form
"<integer><unit>" into a chrono::Duration. Supported units:
s (seconds), m (minutes), h (hours), d (days), w (weeks).
Whitespace and case are tolerated. Returns None on malformed
input — the caller falls through to “no since filter applied”.
Increment the decision counter for mode. Called by the gate on
every consult. Relaxed is fine: the counters are observability,
not load-bearing for correctness.
v0.7.0 K7 — set the process-wide webhook HMAC override. Called from
main/daemon bootstrap with the value from
[hooks.subscription] hmac_secret. Last writer wins — this is
production-safe because boot only invokes it once; tests use the
same setter to flip mid-process.
Set the process-wide decompression cap. Boot reads
[transcripts] max_decompressed_bytes and calls this; tests flip
mid-process to exercise both branches.
Set the process-wide active PermissionsMode. Called from main
(CLI) and the daemon bootstrap path with the value resolved from
[permissions].mode in config.toml. Last-writer-wins so a future
SIGHUP / ai-memory reload surface can refresh the mode without
restart (#1174 PR7); the previous OnceLock shape made repeat
callers silently no-op.
v0.7.0 H11 — set the process-wide loopback-webhook opt-in. Called
from boot with the value of [subscriptions] allow_loopback_webhooks.
Defaults to false (loopback rejected).
#1590 — seed (or clear) the process-wide operator-configured
default namespace. Called once at boot; pass None for
deployments without an explicit [storage].default_namespace.