v1.2.42026-06-16

Reliability and security hardening

A hardening and security patch release. No tool-contract changes: the 11 brain_* MCP tool inputs and outputs are unchanged. It hardens the compounding-confidence and dynamic-schema engines shipped in 1.2.0, resolves a transitive dependency security advisory, and tightens the docs.

Fixed

Extraction-worker durability. A lease-based reaper re-queues chunks stranded in processing after a worker crash, and terminal-vs-retry is keyed on attempt count, fixing documents that could stick in pending_llm with zero entities. Check: npm run test:reliability. (#70)
Contradiction and supersession hardening. Concurrent contradictions of the same functional triple are serialized via a transaction-scoped advisory lock (no two active edges), conflict matching is predicate-normalized, and the claims ledger is de-duplicated. Check: npm run test:contradiction. (#72)
Proposal source counting. seen_count now counts distinct source documents (not consecutive sightings), and brain_why independent-source counts are per-triple. Check: npm run test:proposal-sources. (#73)

Changed

Workspace-scoped dynamic type catalogs. Under opt-in BRAIN_SCHEMA_AUTO_PROMOTE=1, proposed entity-kind and relation-type names are scoped per workspace (canonical seeds stay global), so one workspace’s vocabulary can no longer leak into another. Migration 052. Check: npm run test:schema-promotion. (#71)

Security

Resolved the transitive form-data advisory (CRLF injection) pulled in via @anthropic-ai/sdk; npm audit now reports 0 vulnerabilities. (#77)
stdio auth hardened (defense in depth). The stdio MCP server now derives agent and workspace identity from the environment and ignores caller-supplied api_key, workspace_id, and agent_id by default. Set BRAIN_TRUST_REQUEST_IDENTITY=1 to opt back in for a real multi-tenant gateway. Closes a prompt-injection path to another workspace in multi-tenant deployments; no change for single-tenant self-host. (#79)

Docs

Honest RLS and superuser disclosure (the default brain role is a Postgres superuser that bypasses RLS; isolation binds under the least-privilege brain_app role), a corrected edge-survival figure, and the brain_search reranker argument documented, plus a consolidated environment-variable reference (including the identity vars BRAIN_TRUST_REQUEST_IDENTITY, BRAIN_AGENT_ID, and BRAIN_SERVICE_ROLE_KEY). These are already reflected across mycobrain.dev. (#75)

No breaking changes to any brain_* tool contract. Full details in the repository CHANGELOG.