roampal-ai/roampal-core

Hardening release closing coverage gaps from the v0.5.5.x verification audit. No new user-visible features.

Memory phantoms (#8 follow-up) — items 5-11, 32

• _sweep_phantoms() runs after cleanup_archived(), not just at startup
• chromadb_adapter phantom filter strengthened (AND → OR mid-state catch)
• Status backfill on startup for legacy entries
• Auto-trigger cleanup_archived() under capacity pressure
• Dedup observability log on every dedup-skip
• Lane enforcement: delete() → delete_permanent(force=True)
• Integration test for full archive-then-add cycle
• Startup phantom sweep extended to working/history/patterns
• Phantom-cleanup-safety integration test confirms no real entries are ever touched

Profile + sidecar concurrency — items 4, 19, fixes F+G

• refreshProfile(sid) at top of session.idle handler
• scoringInFlight mutex → scoringQueue async serialization with per-session pendingScoringQueue + 3-attempt retry
• Fix F: background interval drains pendingScoringQueue every 30s independent of user activity
• Fix G: same self-heal pattern for failed summary writes via pendingSummaryQueue + tryStoreSummary helper with fingerprint dedup
• All four live-validated end-to-end against qwen3.6-27b under load

Sidecar prompt alignment with benchmark — items 12-18

• exchange_summary / exchange_outcome field rename across TS + Python
• temperature: 0 pinned on all 6 sidecar backends
• Inference rule + 6 GOOD + 3 BAD facts examples restored
• test_sidecar_scoring rewritten to fire 3 real production prompts
• Facts max_tokens 2000 → 4000 for reasoning-model headroom

MCP tool definition quality (TDQS audit) — items 20-26

• Rewritten descriptions for add_to_memory_bank, update_memory, delete_memory, search_memory, record_response, score_memories
• update_memory now requires id (was silently creating duplicates)
• delete_memory description matches actual archive() semantics
• Schemas tightened with enum / pattern / minLength / maxItems
• always_inject removed (dead-code path, never reached the LLM)

Windows install — items 1-3, 30, fix E

• 6-case unit test for _install_plugin_file()
• APPDATA-unset warning instead of silent skip
• Multi-cause error list on PermissionError (4 causes)
• Post-install hash verification with repair-command output
• Hardlink AppData → .config makes path divergence impossible

OpenCode Go support — items 27-28

• Free-Zen [2] wording clarified for Go subscribers
• Auto-detect "Use OpenCode Go" wizard option reading auth.json

Cold-boot fixes

• /api/health uses _shared_embed_service (item 31, v0.5.4 regression)
• User-name regex no longer grabs assistant's name (item 29)
• User-Agent header on opencode.ai calls (Cloudflare 1010, fix A)
• MiniMax models filtered from Go catalog (fix B)
• deepseek-v4 → deepseek-v4-flash fallback (fix C)
• CI plugin-parse guardrail catches plugin syntax errors (fix D)

Tests: 713 pass, 3 skipped (full suite including new integration coverage for phantom cleanup safety and the archive-then-add cycle).

Install: pip install roampal==0.5.6 (PyPI: https://pypi.org/project/roampal/0.5.6/)