Import your ChatGPT / Claude history, agent instructions, security & RLS hardening

Import your ChatGPT / Claude history

Turn an OpenAI or claude.ai data export into searchable, provenance-tracked memory — one document per conversation:

mycobrain-ingest --from chatgpt-export ./export.zip
mycobrain-ingest --from claude-export  ./export.zip

• Branched ChatGPT conversations import the active transcript — not the rejected regenerations.
• Re-importing the same export never duplicates (content-hash dedup makes it safe).
• brain_why traces every imported fact back to its export file.

Verified by npm run test:export-import.

Out-of-box agent instructions

The MCP server now ships a usage contract to every connected client at initialization, so agents know when to recall, save, and cite — without per-project setup. A copy-paste behavioral block also ships in docs/agent-setup.md.

The “magic moment,” on your own data

The bundled demo corpus now carries a deliberate contradiction — a person changes employers. With the keyless local graph running, the trust engine supersedes the old fact (kept, not deleted) and brain_why shows both sources. Supersession on ingested data, not a scripted demo.

Operator tooling

• mycobrain-onboard — import-first first run; --tour runs a self-cleaning sandboxed tour, and --reset-demo is a dry-run by default (deletes only bundled sample data with --yes, never your imports).
• mycobrain-doctor — one-command preflight: database, migrations, workspace, semantic search, graph, and review backlog, each with the exact fix.
• mycobrain-review — human-in-the-loop curation: list, approve, or reject pending facts and proposed types from the CLI. Every decision audited; nothing deleted. Pairs with BRAIN_REQUIRE_HUMAN_REVIEW=1.
• mycobrain-rest — a read-only REST endpoint (search + why + /health) for non-MCP consumers: one workspace, same RLS, no write routes, loopback by default, only brain_ keys accepted (401 otherwise).

Fixed & hardened

• brain_save_memory works out of the box — it no longer fails on missing idempotency_key / trace_id / raw_payload; those auto-default.
• Security — agent identity comes only from the key. For brain_* keys, caller-supplied workspace/agent arguments are ignored (they could let one agent impersonate another and read its private memories); identity overrides remain a service-role-only privilege. Secrets are redacted before being written to the audit table, and docker ports bind to 127.0.0.1. Regression covered by npm run test:sharing.
• RLS least-privilege hardening — the workspace-isolation path binds under the brain_app (NOSUPERUSER) role; migration 20260615000050 fixes an empty-GUC edge case so the policy holds.
• Local-model extraction hardening — Ollama calls cap generation and time out (no more runaway stalls), retry transient drops, and recover facts from truncated JSON; predicates are canonicalized so now works for matches works for for supersession; sub-threshold relations queue for review instead of being silently dropped.
• Honesty — the server version is read from package.json, and the direction-accuracy figure is corrected to the re-measured 86%.

Run the checks yourself

• npm run test:export-import — ChatGPT/Claude export → active-branch import, content-hash dedup, provenance
• npm run test:sharing — agent identity comes only from the key; private memories stay private

Full details in the repository changelog. No breaking changes to any brain_* tool contract.