polypixel-memoir-core 0.4.0

Memoir memory substrate as an embeddable Rust library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

//! Worker stage that runs LLM extraction against an episodic memory.
//!
//! Dispatched by the worker loop ([`super::worker`]) when a job's kind is
//! [`crate::jobs::JobKind::Extract`]. Fetches the source memory, calls the
//! configured extraction LLM, parses the reply, persists derived semantic
//! memories, and enqueues follow-on embed jobs for each.
//!
//! ## Trust boundary
//!
//! The LLM call carries user-supplied content into a third-party service and
//! ingests untrusted output back. Tracing fields are deliberately limited to
//! ids, counts, and provider identifiers — never raw content or raw LLM
//! output. The downstream `MemoryStore::remember` path uses parameterized
//! SQL, so a poisoned LLM cannot escape into the database.

use std::sync::Arc;

use tracing::{Instrument, Level, event, info_span};

use crate::jobs::{Job, JobsError, MemoryJobsStore};
use crate::llm::{
    AcceptAllEventAt, DEFAULT_EXTRACTION_PROMPT, EventAtValidator, ExtractionOutput, LlmError, LlmKind, LlmProvider,
    LlmRole, MAX_CONTENT_CHARS, build_extraction_content, parse_extraction,
};
use crate::memory::MemoryKind;
use crate::store::{MemoryStore, StoreError};

use super::ClientInner;

/// Failure modes for the extract worker stage.
///
/// Only the variants in this enum reach the worker as failures that flip the
/// job to `failed`. Source-not-found is handled as a no-op success inside
/// the handler (the source was forgotten between enqueue and claim).
#[derive(Debug, thiserror::Error)]
pub(super) enum ExtractError {
    /// Loading the source memory hit the database.
    #[error("source lookup failed: {0}")]
    SourceLookup(#[from] StoreError),

    /// LLM call failed mid-flight.
    #[error("llm call failed: {0}")]
    LlmCall(LlmError),

    /// LLM returned a reply we could not parse.
    #[error("llm output parse failed: {0}")]
    Parse(LlmError),

    /// Persisting a semantic row or enqueuing a followup job failed.
    #[error("persist failed: {0}")]
    Persist(String),
}

impl ClientInner {
    /// Runs the extract pipeline for one claimed extract job.
    ///
    /// Returns `Ok(())` on success (including the source-not-found no-op);
    /// returns `Err` only for real failures that should flip the job to
    /// `failed`.
    pub(super) async fn run_extract(self: &Arc<Self>, job: Job) -> Result<(), ExtractError> {
        let span = info_span!("memoir.extraction", source_pid = %job.source_pid);
        async move { self.run_extract_inner(job).await }.instrument(span).await
    }

    async fn run_extract_inner(self: &Arc<Self>, job: Job) -> Result<(), ExtractError> {
        let source_pid = job.source_pid.clone();

        event!(
            name: "memoir.extraction.started",
            Level::INFO,
            source_pid = %source_pid,
            "extraction started for {{source_pid}}",
        );

        // Step 1: fetch source. NotFound is the expected cascade-delete race
        // (operator called forget between enqueue and claim). Treat as success.
        let source = match self.store.recall(&source_pid).await {
            Ok(memory) => memory,
            Err(StoreError::NotFound(_)) => {
                event!(
                    name: "memoir.extraction.source_missing",
                    Level::INFO,
                    source_pid = %source_pid,
                    "source memory absent for {{source_pid}} (cascade delete race); skipping",
                );
                return Ok(());
            }
            Err(err) => return Err(ExtractError::SourceLookup(err)),
        };

        // First-pass extraction carries no correction.
        self.re_extract_source(&source, None, job.id).await
    }

    /// Re-runs extraction over an already-loaded source, optionally corrected.
    ///
    /// The post-recall half of the extraction pipeline, shared by first-pass
    /// extraction ([`Self::run_extract_inner`], `correction = None`) and the
    /// reprocess engine ([`Self::run_reprocess`], `correction = Some(text)`).
    /// Picks the extraction LLM, runs it over the source content (with the
    /// correction woven into the prompt when present), parses the reply, and
    /// persists one semantic row per fact plus its follow-on embed and
    /// categorize jobs.
    ///
    /// A missing extraction LLM is a no-op success, mirroring the dispatch-time
    /// skip. The caller owns retiring any prior derived rows before calling.
    ///
    /// `caller_job_id` is the dispatching job's own id, forwarded to the
    /// synthesis fan-in guard so the job does not count its own still-claimed
    /// row as a blocking sibling.
    ///
    /// # Errors
    ///
    /// Returns [`ExtractError::LlmCall`] / [`ExtractError::Parse`] on LLM
    /// failures and [`ExtractError::Persist`] when a row or follow-on job
    /// cannot be written.
    #[cfg_attr(not(feature = "knowledge-graph"), allow(unused_variables))]
    pub(super) async fn re_extract_source(
        self: &Arc<Self>,
        source: &crate::memory::Memory,
        correction: Option<&str>,
        caller_job_id: i64,
    ) -> Result<(), ExtractError> {
        let source_pid = source.pid.clone();

        // Step 2: pick the configured extraction LLM. If none is wired up,
        // skip rather than fail — the worker has already filtered at dispatch
        // time, but defending in depth catches misconfiguration.
        let Some(provider) = self.llms.get(LlmRole::Extraction) else {
            event!(
                name: "memoir.extraction.skipped",
                Level::WARN,
                source_pid = %source_pid,
                "no extraction llm configured; treating job as no-op",
            );
            return Ok(());
        };

        // Step 3: LLM call. Date relative facts ("last Friday") off the source's
        // event-time when it has one, falling back to write-time — so an
        // event_at edit (epic 0011 ticket 0012) actually shifts the derived
        // event-times rather than re-deriving the same dates.
        let content_len = source.content.len();
        let reference = source.event_at.unwrap_or(source.created_at);
        let extraction_content = build_extraction_content(reference, &source.content, correction);
        let raw = match provider.extract(DEFAULT_EXTRACTION_PROMPT, &extraction_content).await {
            Ok(raw) => raw,
            Err(err) => {
                event!(
                    name: "memoir.extraction.llm_failed",
                    Level::WARN,
                    source_pid = %source_pid,
                    provider = %provider.kind(),
                    model = %provider.model(),
                    content_len = content_len,
                    error.message = %err,
                    "extraction llm call failed for {{source_pid}}: {{error.message}}",
                );
                return Err(ExtractError::LlmCall(err));
            }
        };

        // Step 4: parse. Defensive checks: an empty fact list is success.
        let parsed: ExtractionOutput = parse_extraction(&raw).map_err(|err| {
            event!(
                name: "memoir.extraction.parse_failed",
                Level::WARN,
                source_pid = %source_pid,
                provider = %provider.kind(),
                content_len = content_len,
                error.message = %err,
                "extraction parse failed for {{source_pid}}: {{error.message}}",
            );
            ExtractError::Parse(err)
        })?;

        event!(
            name: "memoir.extraction.parsed",
            Level::INFO,
            source_pid = %source_pid,
            fact_count = parsed.facts.len(),
            "extraction yielded {{fact_count}} fact(s) for {{source_pid}}",
        );

        if parsed.facts.is_empty() {
            return Ok(());
        }

        // Step 5: persist semantic rows + enqueue embed jobs.
        let provider_kind = provider.kind();
        let provider_model = provider.model().to_string();
        let validator = AcceptAllEventAt;
        let mut persisted_pids: Vec<String> = Vec::with_capacity(parsed.facts.len());

        for fact in parsed.facts {
            let content_chars = fact.content.chars().count();
            if fact.content.is_empty() || content_chars > MAX_CONTENT_CHARS {
                continue;
            }

            let metadata = build_semantic_metadata(provider_kind, &provider_model);

            let event_at = fact
                .event_at
                .and_then(|candidate| validator.validate(reference, candidate));

            // Confidence is now a first-class column, sourced from the LLM's
            // per-fact score (scaled f32[0,1] → i8[0,100], clamped). It is no
            // longer stuffed into the metadata blob.
            let confidence = crate::memory::Confidence::from_unit_scale(fact.confidence);

            let written = self
                .store
                .remember(crate::store::NewMemory {
                    scope: source.scope.clone(),
                    content: fact.content,
                    metadata,
                    kind: MemoryKind::Semantic,
                    source_pid: Some(source_pid.clone()),
                    event_at,
                    confidence,
                })
                .await
                .map_err(|err| ExtractError::Persist(err.to_string()))?;

            self.jobs
                .enqueue(
                    crate::jobs::JobKind::Embed,
                    written.pid.clone(),
                    serde_json::json!({ "origin": "extraction" }),
                )
                .await
                .map_err(|err: JobsError| ExtractError::Persist(err.to_string()))?;

            // Enqueue categorize only when a classifier is configured —
            // otherwise the job would sit unclaimable (mirrors how remember
            // only enqueues Extract when an extraction LLM is present). The
            // semantic row provably exists at this line, so this is a data
            // dependency satisfied by construction, not a scheduling one.
            if self.nli.is_some() {
                self.jobs
                    .enqueue(
                        crate::jobs::JobKind::Categorize,
                        written.pid.clone(),
                        serde_json::json!({ "origin": "extraction" }),
                    )
                    .await
                    .map_err(|err: JobsError| ExtractError::Persist(err.to_string()))?;
            }

            persisted_pids.push(written.pid);
        }

        event!(
            name: "memoir.extraction.persisted",
            Level::INFO,
            source_pid = %source_pid,
            semantic_count = persisted_pids.len(),
            "extraction persisted {{semantic_count}} semantic row(s) for {{source_pid}}",
        );

        // Semantic extraction is one of the two synthesis parents. On success,
        // try to fire synthesis: it only fires once the relational sibling is
        // also done (the guard is a no-op while it is still pending), and only
        // when a graph is configured (otherwise no relational sibling was ever
        // enqueued, so there is nothing to synthesize).
        #[cfg(feature = "knowledge-graph")]
        if self.graph.is_some() {
            self.jobs
                .enqueue_synthesis_if_ready(&source_pid, caller_job_id)
                .await
                .map_err(|err: JobsError| ExtractError::Persist(err.to_string()))?;
        }

        Ok(())
    }
}

/// Builds the JSON metadata stored on each extracted semantic row.
///
/// Includes the provider identifier, model identifier, fact confidence, and
/// a marker that this row was machine-generated. Operators inspecting a
/// semantic row can see which LLM produced it without joining other tables.
fn build_semantic_metadata(provider: LlmKind, model: &str) -> serde_json::Value {
    serde_json::json!({
        "origin": "extraction",
        "provider": provider.as_ref(),
        "model": model,
    })
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn should_build_semantic_metadata_with_expected_shape() {
        let meta = build_semantic_metadata(LlmKind::Ollama, "llama3.2");
        assert_eq!(meta["origin"], "extraction");
        assert_eq!(meta["provider"], "ollama");
        assert_eq!(meta["model"], "llama3.2");
    }

    #[test]
    fn should_not_record_confidence_in_metadata() {
        // Confidence moved to a first-class column (ticket 0006); the metadata
        // blob must no longer carry it, so the two cannot drift.
        let meta = build_semantic_metadata(LlmKind::Ollama, "llama3.2");
        assert!(meta.get("confidence").is_none());
    }

    #[test]
    fn should_extract_error_chain_via_from_store_error() {
        let store_err = StoreError::NotFound("pid".to_string());
        let extract_err: ExtractError = store_err.into();
        assert!(matches!(extract_err, ExtractError::SourceLookup(_)));
    }
}