M MemberIntel KB
Activity Decisions

standup

Weekly — week of 2026-07-06

Three major axes shipped, one security hole patched, a data-leak class addressed at the source, and the playbook corpus more than doubled.

Weekly digest for the week of 2026-06-30 → 2026-07-06. What shipped:

Three major axes shipped, one security hole patched, a data-leak class addressed at the source, and the playbook corpus more than doubled.

Citation pipeline, end to end. The week started with broken citation links in the member app — playbooks have no public URL — and ended with a functioning content-access path. #241 added the summary field and branching SourcesPanel logic; #252 added the full-text modal behind a new entitlement-guarded GET /api/v1/brain/sources/{id}; #249 fixed inline summary contrast. Along the way, _derive_summary was pulling from ## Situation instead of ## Move — three PRs (#272, #273, #264) corrected extraction logic, stripped markdown artifacts from derived text, and removed wikilinks and **Related:** lines that were reaching the LLM prompt verbatim.

Playbook taxonomy expanded twice. ADR-0028 gained a platform amendment (#287): controlled vocab in taxonomy.py, threaded into brain_entries.metadata, with the AI-review gate rewritten from a blanket deny to a conditional allow. Four held MemberPress playbooks published to staging. ADR-0031 (#288) added question_type — three values, 68 playbooks backfilled — stored as a coverage and authoring signal, explicitly not a retrieval-boost axis in V1. #274 added 30 entries covering underserved archetypes, pushing the approved corpus from 38 to 68.

Infrastructure filled in. Auto-deploy to Cloudflare Pages wired in #265. Playbook CI pipeline complete: auto-ingest to staging on merge (#282), advisory AI content-review gate posting Claude findings as a PR comment (#283). Entry-performance admin panel shipped under ADR-0030 (#247), making cited helpfulness the content quality signal rather than volume. The KB gained a /roadmap page (#24) from a triangulated audit of the full project history.

Security. #291 closed a privilege-escalation hole: POST /api/v1/auth/register accepted a client-supplied tier field and honored it. The fix drops the field from RegisterRequest entirely; a regression test now asserts it.

Notable. #246 and ADR-0029 together surface a durable bug class: format_citations was forwarding the full metadata dict verbatim, meaning any non-allowlisted field — an internal analysis name, in this case, across 21 playbooks — could reach the chat API payload and staging brain metadata. ADR-0029 closed when an explicit allowlist fix with a regression test merged. The allowlist is the right structural fix; scrubbing at the source is fragile and proven so.


Synthesized from 6 daily standups in [2026-06-30, 2026-07-06].

For: S Seth Shoultes