{ "package_version": "1.5.187", "package_filename": "localendpoint-v1.5.187-phase3397-ai-desktop-control-default-disable.zip", "name": "LocalEndpoint", "routes": { "home": "https://localendpoint.com/", "quality": "https://localendpoint.com/pre-beta-quality/", "quality_gates": "https://localendpoint.com/api/quality-gates/status.json", "validator": "https://localendpoint.com/bridge-validator/", "download": "https://localendpoint.com/download/", "desktop": "https://localendpoint.com/desktop/" }, "currentDesktopEngineering": { "latestValidatedDesktopHardeningPhase": "Phase 3.397", "publicDownloadArtifactPhase": "Phase 3.397", "summary": "LocalEndpoint Desktop is the local-only Windows companion for portable .uaix agent packages, expanded .uai file memory, Documents-backed wiki memory roots, reviewed local model snapshots, and the bounded UAIX.LmRuntime managed GGUF worker path. The website accounts for current source hardening around model lifecycle, registry integrity, UAIX package loading, worker handoff, session identity, turn identity, selected-model identity, provider request fingerprint consistency, chat viability evidence, blocked no-op worker-handoff behavior, converted-output stage/process evidence, stable Models UI automation IDs, startup window activation, installed-app Models source-discovery UI smoke, packaged GGUF smoke, runtime device-use evidence, runtime GPU device identity evidence, registry privacy evidence, audit boundaries, runtime backend/device selector handoff, and local AI desktop-control settings. Phase 3.397 publishes a fresh 0.2.113.0 local test-signed AI desktop-control default-disable package after release validation, package evidence, local test signing, MSIX worker payload validation, source tests, formatter verification, and Release build passed. The package includes the default-enabled local AI desktop-control preference, a Settings disable path, Chat Control validation that blocks when the setting is disabled, and closed shell/provider/public-site/.uaix authority boundaries. Exact installed-app smoke for the 0.2.113.0 package now proves elevated sideload install, packaged launch, installed Models source-discovery UI smoke, and installed GGUF smoke after required UAIX profile load. Installed Settings and Chat Control UI automation remain Required For the next desktop package because dedicated automation IDs are not present in 0.2.113.0. Phase 3.392 remains historical installed-app smoke evidence for the 0.2.111.0 package: elevated sideload install, packaged launch, Models source-discovery UI smoke, and GGUF smoke after required UAIX profile load all passed while provider APIs, network, telemetry, command execution, public-site inference, generated-text persistence, and K80/GPU inference claims stayed closed. Phase 3.387 remains historical installed-app smoke evidence for the previous 0.2.109.0 package. Phase 3.384 previously published the 0.2.108.0 package with the shared UAIX runtime-context authority denial finding centralized behind LocalUaixRuntimeAuthorityFlags. Phase 3.383 records exact installed-app smoke evidence for the 0.2.107.0 package: elevated sideload install, packaged launch, Models source-discovery UI smoke, GGUF smoke after required UAIX profile load, strict release-evidence discovery, managed CPU execution evidence, token streaming evidence, cancellation evidence, and no prompt/generated-text registry persistence all passed while provider APIs, network, telemetry, command execution, public-site inference, and runtime model execution by default stayed closed. Phase 3.382 publishes the GPU-required selector preflight smoke package: 0.2.107.0 release validation passed, package-feed evidence passed, MSIX worker payload evidence passed, and GPU-required managed adapter preflight now blocks model allocation when reviewed preferred backend/device selector evidence is missing. Phase 3.379 previously proved managed GGUF adapter selection identity drift blocking before model allocation, exact 0.2.106.0 installed-app elevated install, packaged launch, Models source-discovery UI, GGUF smoke after required UAIX profile load, post-smoke readiness, and final release evidence. Phase 3.378 source hardening requires display-safe runtime backend ID and backend-local device ID before actual GPU runtime execution evidence can be accepted. Phase 3.376 records machine-scoped Tesla K80 CUDA driver proof-readiness evidence: the local desktop CLI and hardware-gated tests prove a bounded CUDA driver memory-operation round trip on `Tesla K80` at `cuda:0`, while full K80 GGUF proof-readiness, worker process launch, model-session allocation, prompt tokenization, inference, and GGUF GPU inference claims remain blocked until reviewed native generation binaries, accepted proof receipts, terminal token evidence, completed-token comparison, and actual GPU runtime device-use evidence pass. Phase 3.375 previously published the shared model-format normalization smoke package: strict tester discovery found one current local test-signed 0.2.104.0 MSIX test ZIP, release evidence carries UAIX.LmRuntime managed package-feed proof and MSIX worker payload proof, and that checksum-backed package was the invited smoke-test download lane for that phase. Phase 3.375 source hardening routes catalog model format token normalization through LocalModelSidecarEvidence.NormalizeSidecarToken so catalog policy, catalog download staging, generated intake sidecars, and sidecar validation share one canonical model-format boundary. Phase 3.373 source hardening routes provider/API marker detection through LocalModelSidecarEvidence so folder sidecar writing, package-folder inspection, hard-blocked file checks, direct intake scan classification, and sidecar JSON inspection share one boundary before app-local copy or processing. Phase 3.372 previously extended LocalModelSidecarContentPolicy into catalog download handoff, so generated license and inventory sidecars are checked as raw JSON before typed catalog-field comparison and before intake processing can promote a staged download. Hidden provider/API/runtime fields, command-execution declarations, blocked source types, missing local-use proof, unsupported format, missing revision, and incompatible hardware fit now block catalog handoff before registry or runtime authority can advance. Phase 3.371 previously centralized sidecar policy for folder staging, final verification, and stored-snapshot readiness. Phase 3.369 previously native package-lane adoption checklist evidence for the current UAIX.LmRuntime package feed: the LocalEndpoint-owned verifier now emits per-lane expected native binary file names, proof receipt file names, generation execution artifact file names, ready-for-worker-launch state, and explicit worker-launch, model-session-allocation, prompt-tokenization, and inference blockers for the modern CUDA and Tesla K80 lanes. The live package-feed report remains Blocked because the native packages are still contract-only and do not contain reviewed native generation binaries, accepted proof receipts, or accepted generation execution artifacts. Phase 3.361 packages a versioned native-generation action-plan smoke 0.2.99.0 MSIX test ZIP with local test signing, worker payload evidence, safe ZIP validation, UAIX.LmRuntime package-feed validation, WinUI release build validation, desktop Python validation, and owned-source coverage-gate evidence. Phase 3.366 publishes a reviewed-manifest artifact file-name binding smoke package: the desktop runtime evidence service now reviews native generation execution artifact file names against the already-reviewed package manifest identity rather than any spoofable proof-receipt declared identity. Phase 3.364 hardens the LocalEndpoint-owned UAIX.LmRuntime package-feed verifier so a native generation proof artifact must be named exactly as the reviewed package identity requires; hash-correct and identity-correct JSON under a different file name is blocked before proof receipt adoption. The Runtime page now projects backend-inventory native generation action-plan evidence as a first-class tester surface: native package-lane counts, Tesla K80 lane presence, blocked package-lane requirements, and denied worker-launch, session-allocation, prompt-tokenization, and GPU-claim authority flags are visible without treating package-lane evidence as runtime authority. Phase 3.358 previously packaged a worker-cancellation-terminal-stabilized 0.2.98.0 MSIX test ZIP with local test signing, full package validation, worker payload evidence, and a fresh Windows package identity for invited smoke testing. That package hardened local worker process cancellation so a cancelled stream stops the process tree and records count-only terminal evidence without prompt or generated text persistence. The installed 0.2.98.0 package has now passed elevated sideload install and packaged launch smoke, installed-app Models source-discovery UI smoke, and installed-app GGUF smoke after loading the required UAIX profile; that GGUF smoke proves CPU execution evidence, cancellation evidence, no prompt/generated-text persistence, and no provider API, network, telemetry, command execution, or public-site inference authority while keeping actual K80/GPU inference unclaimed. Phase 3.356 previously packaged a current smoke-stabilized 0.2.97.0 MSIX test ZIP. Phase 3.351 adds a repeatable Tesla K80 GPU evidence runner for this workstation: it captures nvidia-smi, proves the bounded K80 CUDA driver memory-operation integration path, keeps the GGUF GPU-generation proof pending by default, and requires explicit proof-mode execution plus reviewed native binaries and proof receipts before any actual K80 GGUF inference claim can be made. Phase 3.350 records current installed-app smoke evidence for the packaged 0.2.96.0 desktop app: Models source-discovery UI smoke passed, GGUF smoke automation passed, and elevated install/launch smoke remains passed while runtime execution authority stays closed by default. Phase 3.349 packages the versioned direct Add-AppxPackage install smoke lane with a fresh 0.2.96.0 MSIX test ZIP so Windows package replacement no longer blocks on a reused package version. Phase 3.346 packages folder-stage package receipt evidence: local model folder staging now binds the source folder display name, intake package relative path, staged file evidence SHA-256, and stage package evidence SHA-256 into one receipt projected through service audit and CLI output before runtime execution, worker allocation, prompt tokenization, or inference can start. Phase 3.345 packages local model resume-stage receipt smoke: catalog download resume now compares stage manifest byte claims against the actual partial file length and discards mismatched partials before resume, intake, worker allocation, prompt tokenization, or inference can start. Phase 3.344 packages installed-app GGUF CPU stored-observation smoke: exported smoke evidence normalizes prior managed CPU runtime adapter observations to display-safe backend/device identity, ties the 0.2.94.0 local test-signed package to strict tester ZIP discovery, elevated install/launch validation, installed-app packet export, and desktop release-evidence set validation, while runtime execution remains disabled by default and actual GPU/K80 inference remains unclaimed. Phase 3.341 packages stored snapshot byte-count readiness: activation and runtime readiness now fail closed when a stored model artifact or associated evidence artifact has a missing, invalid, stale, or forged byte count before worker allocation, prompt tokenization, or inference can start. Phase 3.340 packaged UAIX app-instance isolation evidence: prompt assembly now requires the current .uaix load session to match the current desktop app instance before package memory, persona.uai, or Documents-backed wiki memory can contribute to a local chat turn. Phase 3.339 packaged intake run receipt evidence: model intake processing now has a named receipt value object for the current run ledger record, and folder intake, catalog download intake, CLI output, converted-output handoff, and processing audit all consume the same fail-closed evidence without reimplementing ledger lookup. Phase 3.338 packaged the local API runtime-readiness boundary smoke tester ZIP: local API provider activation now requires ReadyForWorker, runtime execution approval, streaming support, explicit local API approval, and named-pipe or 127.0.0.1 loopback binding evidence before any local API route can expose a worker-backed stream. Strict tester package discovery rejects release evidence missing that boundary. Phase 3.336 previously packaged the stabilized smoke tester ZIP with local test signing, full desktop validation, MSIX worker payload evidence, and K80 runtime evidence-chain hardening while keeping actual K80 GGUF inference unclaimed until reviewed native binaries and proof receipts exist. Phase 3.335 packages UAIX.LmRuntime 3.3.29 typed native lane contract adoption: LocalEndpoint Desktop now consumes the 3.3.29 runtime package family, projects typed CUDA/K80 native package-lane contracts into runtime inventory, records Modern Windows CUDA and Tesla K80 Required For lane readiness, requires display-safe K80 device evidence, and keeps current native packages ContractOnly until reviewed binaries and proof receipts exist. Phase 3.334 packages native proof receipt file-name contract evidence: expected proof receipt file names now live behind LocalModelRuntimeNativeProofReceiptFileName so native contract review and local proof receipt lookup share the same package-version-bound identity, while modern CUDA and LegacyK80 native lanes remain ContractOnly until reviewed binaries and proof receipts exist. Phase 3.333 packages native contract package-version enforcement: native generation contract evidence now blocks mismatched packageVersion values and versionless proof receipt filenames before package evidence can be accepted, while modern CUDA and LegacyK80 native lanes remain ContractOnly until reviewed binaries and proof receipts exist. Phase 3.332 packaged native proof receipt contract identity alignment: native package contracts bind packageVersion and version-bound proof receipt filenames to the reviewed package identity. Phase 3.330 packages local model intake target availability evidence: folder review and source discovery now use the same app-local package target boundary as staging, so an already staged package name reports not-ready before copy attempts, without activating models, launching workers, tokenizing prompts, running inference, or granting runtime authority. Phase 3.329 packages native generation readiness action-plan evidence: `models runtime native-readiness` now reports native GPU package-lane blockers, Tesla K80 lane presence, missing reviewed binary evidence, missing proof receipt evidence, and closed worker/model/prompt/GPU-claim authority flags without launching a worker, allocating a model session, tokenizing a prompt, or claiming inference. Phase 3.328 packages runtime selector candidates: Runtime UI can apply CPU and GPU selector candidates from display-safe local inventory without saving settings, granting runtime authority, launching a worker, allocating a model session, tokenizing a prompt, or claiming GPU inference. GPU candidates can surface diagnostic K80 selector identity when visible while actual K80 GGUF inference remains blocked until native package lanes, proof receipts, terminal tokens, completed-token comparison, and runtime device-use evidence pass. Phase 3.327 packages native generation contract release-evidence accounting: tester ZIP discovery, release evidence generation, tester handoff packets, and final release discovery now preserve native contract counts, K80 contract counts, contract binary identities, and unmatched binary-candidate counts so smoke testers can see that contract evidence is accepted while reviewed native generation binaries remain blocked. Phase 3.325 packages native generation contract manifest evidence: CUDA native package manifest review now requires an identity-only contract that names the reviewed package lane, native asset path, expected native binary, proof receipt schema, artifact schema, Required For statement, and closed authority boundary before package evidence can pass. Phase 3.324 packages K80 native package-lane blocker identity evidence: Runtime UI, CLI text output, CLI JSON output, K80 preflight evidence, and K80 proof-readiness adoption rows now carry the display-safe Tesla K80 package-lane identity and reviewed generation binary candidate text when native proof receipt identity is absent. This makes marker-only native package blockers visible to smoke testers without claiming actual GPU inference. Phase 3.323 packages content-addressed model cleanup safety evidence: model garbage collection now retains tombstoned registry rows unless their stored artifact path resolves to a verified content-addressed snapshot directory whose SHA-256 directory and prefix directory match the registry SHA-256, preventing forged in-store paths from being deleted. Phase 3.322 packages reviewed GPU selector proof-readiness evidence: K80 proof readiness now exposes the reviewed backend/device selector identity as a named requirement row and fail-closes composed launch readiness if a passed preflight arrives without matching reviewed GPU selector evidence. Phase 3.321 packages actual GPU device-use claim boundary evidence: LocalEndpoint now blocks `GpuObserved` evidence unless the runtime adapter backend ID and backend-local device ID are both reviewed selector identities and match the local offload plan. This keeps CPU/no-GPU compatibility available while making K80 and other GPU proof claims precise. Phase 3.320 packages folder stage-process fail-closed evidence: `models intake stage-process-folder --approve` now returns validation when folder staging succeeds but verifier processing accepts no durable model, and it prints IntakeProcessAccepted so automation can distinguish a verifier-blocked process run from successful content-addressed storage. Phase 3.319 packages executable worker start-handoff guard evidence: the direct GGUF and ONNX executable adapters now fail closed before returning a ready session when worker envelopes, prompt hashes, adapter contracts, user approval, runtime offload evidence, or UAIX runtime context do not match the prepared local worker handoff. Phase 3.318 packages display-safe K80 proof-readiness adoption checklist evidence: `models runtime k80-proof-readiness --approve --integration-enabled --export ` now writes checklist rows naming the evidence artifact required for each K80 proof gate, whether worker launch, model session allocation, prompt tokenization, inference, or GPU inference claims remain blocked, and the authority boundary for every row. The export path remains checksum-backed, local worker and fixture paths stay outside the public evidence payload, and actual K80 GGUF inference remains unclaimed until the required native package-lane, terminal-token, token-comparison, and runtime device-use evidence exists. Phase 3.316 current source adds a local runtime-readiness approval CLI gate: `models runtime readiness --approve` evaluates the active reviewed model, worker package, local API binding, offload preference, boundary flags, and worker capability evidence without persisting runtime execution authority into the durable model registry. Phase 3.315 current source projects K80 proof-readiness blockers as named display-safe requirement records so automation can read which gates are satisfied, which gates block worker launch, model session allocation, prompt tokenization, inference, or GPU inference claims, which display-safe evidence state, count, and identity supports each gate, and which compatibility requirements remain satisfied for systems with GPUs and without GPUs. Phase 3.315 packages K80 proof-readiness JSON output for smoke automation: `models runtime k80-proof-readiness --approve --integration-enabled --json` emits display-safe machine-readable evidence while preserving the blocked worker launch, model session allocation, prompt tokenization, inference, and GPU-claim boundary. Phase 3.312 packages UAIX.LmRuntime 3.3.28 device-use evidence adoption: LocalEndpoint Desktop consumes the updated local-feed runtime package family, carries accepted managed CPU generation device-use evidence, requires generation-result device identity plus ordered token evidence before GPU execution can be claimed, preserves marker-only native package blocking, and publishes a checksum-backed tester ZIP for human smoke testing. Phase 3.308 previously packaged the real local model intake smoke release: an env-gated `D:\\LLMs` sidecar-backed GGUF folder intake integration test proves review, approval-gated staging, processing, immutable storage, activation, repair, and audit evidence while runtime execution remains false, and the release lane publishes current website, desktop, and combined smoke ZIPs for human testing. Phase 3.307 previously packaged the reliable ZipArchive desktop deployment package lane: final tester ZIP creation uses safe direct System.IO.Compression.ZipArchive writing, rejects unsafe or duplicate entries, preserves the MSIX test package directory root, and records package creation evidence. Phase 3.306 previously packaged GGUF worker package readiness identity boundary evidence: LocalGgufWorkerPackageReadinessEvidence requires a supported worker contract, an exact status worker contract match, verified local engine package availability, manifest evidence receipt SHA-256, engine manifest SHA-256, engine executable SHA-256, file inventory SHA-256, positive file count, and closed authority flags before smoke readiness can pass. Phase 3.304 previously packaged the current desktop smoke lane and adds local model intake package-preview evidence: `models intake review-folder` now reports PackageFileCount and PackageFileName rows from the exact files eligible for staging, so a selected GGUF artifact preview excludes unselected sibling models before package-folder processing. Phase 3.303 previously packaged K80 proof-readiness source accounting: the desktop CLI composes explicit Tesla K80 CUDA driver probe evidence, runtime backend inventory, GPU generation readiness, and K80 GGUF generation preflight into a display-safe readiness report. The local proof-readiness command proves bounded K80 CUDA driver memory-operation evidence on the workstation while keeping worker process launch, model session allocation, prompt tokenization, inference, and GPU inference claims blocked until native package-lane readiness, K80 package-lane readiness, terminal token evidence, completed-token evidence, ordered token observations, completed-token comparison, and runtime device-use evidence are accepted. Phase 3.302 previously packaged runtime selector normalization audit evidence: unsupported offload values and malformed backend/device selectors normalize before persistence, and Settings/Runtime save flows append display-safe local audit events without raw selector values. Phase 3.301 packages persisted runtime backend/device settings normalization: persisted settings trim and validate display-safe selectors, block malformed selectors before persistence, preserve display-safe CPU backend/device owner choices for UI settings, and still clear selectors at CPU-only worker handoff before execution. Phase 3.300 packages the current desktop smoke lane with public-safe evidence for the 0.2.87.0 package build, strict managed worker payload inventory, 13 UAIX.LmRuntime payload entries, zero legacy runtime artifacts, UAIX.LmRuntime 3.3.26 package-feed identity, native package safety gates, K80 diagnostic target-match evidence, selected backend/device runtime evidence binding, actual GPU and K80 smoke proof surfaces, K80 GGUF generation preflight evidence, CPU/no-GPU compatible non-blocking proof rows, and tester package discovery evidence. The Phase 3.300 preflight blocks worker process launch, model session allocation, prompt tokenization, and inference when accepted native package-lane readiness or accepted Tesla K80 package-lane readiness is absent. Phase 3.223 adds current-source adoption of UAIX.LmRuntime.LocalEndpoint 3.3.26. Phase 3.225 adds LocalEndpoint-owned CUDA probe diagnostics through UAIX.LmRuntime.Backends.Cuda 3.3.26 while keeping those diagnostics outside GGUF inference and terminal device-use claims. Phase 3.227 adds Runtime, Settings, and Chat backend/device selector UI handoff with fail-closed validation, request fingerprinting, readiness audit details, CPU-only selector clearing, and worker session projection. Phase 3.232 adds the read-only `models runtime inventory` CLI and source evidence that CPU is selectable while CUDA Tesla K80 is visible as diagnostic-only and not generation-ready because native inference assets are not loaded. Phase 3.237 adds current-source CUDA native and Tesla K80 legacy native asset package lane accounting through UAIX.LmRuntime.Backends.Cuda.Native.win-x64 and UAIX.LmRuntime.Backends.Cuda.LegacyK80.win-x64 3.3.26 while keeping GenerationAssetsAccepted=false until reviewed native generation binaries and terminal token evidence exist. Phase 3.238 requires accepted native package-lane evidence before GPU generation handoff. Phase 3.239 makes native package lane acceptance evidence-derived. Phase 3.240 adds non-extracting native package manifest evidence review. Phase 3.241 binds manifest evidence into runtime inventory from the local UAIX NuGet feed. Phase 3.242 derives native binary identity from reviewed package manifest evidence. Phase 3.243 adds package-bound generation execution evidence so raw execution hashes cannot satisfy native lane acceptance unless they match reviewed package, binary, runtime library, and execution proof. Phase 3.249 adds local native generation proof receipts bound to package identity, package hash, native binary identity, runtime library identity, and generation execution proof. Phase 3.250 projects proof receipt presence, SHA-256, and accepted identity into CLI and Runtime page evidence. Phase 3.251 makes accepted proof receipt identity Required For GPU generation readiness. Phase 3.259 binds release-evidence validation to tester ZIP package discovery and requires UAIX.LmRuntime package-feed restore facts, required runtime package counts, native package lane facts, native generation asset facts, and proof receipt facts to pass through release evidence, tester handoff packets, and final release discovery before deployment packaging can pass. Phase 3.260 blocks terminal-token-only GPU claims unless completed token results, ordered token observations, token comparison, runtime device-use evidence, and actual GPU evidence agree. Phase 3.261 adds active GGUF model identity evidence to the smoke-readiness checklist so active entry ID, model name, GGUF format, artifact SHA-256, and artifact byte count must be valid before public-safe smoke evidence is accepted. Phase 3.263 binds native generation proof receipts to same-feed display-safe evidence artifact files and requires proof-artifact SHA-256 agreement before GPU generation evidence can advance. Phase 3.264 parses that artifact and requires schema, package identity, native binary identity, runtime library identity, and generation execution identity to match the receipt before native generation artifact evidence is accepted. Phase 3.265 blocks LocalEndpoint-owned native generation artifacts that include prompt text, generated text, command lines, or any non-identity contract fields. Phase 3.266 applies the same identity-only artifact contract to the website package-feed verifier so release evidence cannot accept hash-matched generation artifacts with hidden authority or private text. Phase 3.267 promotes native generation artifact identity-only review into a core-domain value object and blocks duplicate artifact identity fields before payload materialization. Phase 3.268 makes the website/package-feed verifier review raw proof artifact JSON property names before release evidence reads payload identity values, so duplicate identity fields cannot be accepted by object conversion. Phase 3.281 makes native backend selection require accepted package-lane readiness rather than raw generation asset acceptance, so an available CUDA/K80 package lane cannot become generation-selectable without reviewed package, binary, proof receipt, and artifact identity evidence. Phase 3.288 through Phase 3.291 harden native runtime package intake by blocking unsafe archive entry names, duplicate ZIP entries, symlink entries, and unexpected executable payloads before native manifest evidence can pass. Phase 3.292 and Phase 3.293 harden local model source-root discovery by blocking unreadable folder enumeration without throwing and carrying structured skipped linked-folder and unreadable-folder counts through domain, CLI, and Models UI evidence. Phase 3.294 makes the K80 diagnostic target requirement, target compute capability, target match, and ActualGpuExecutionEvidencePresent=false visible in CLI, Runtime UI, and public-safe package evidence. Phase 3.295 adds an env-gated K80 GGUF worker generation proof contract that requires terminal token output and runtime adapter GPU device evidence before a K80 claim. Phase 3.296 hardens local model intake package-folder processing so associated GGUF enumeration failures after scan produce blocked verification evidence, keep files in intake, skip content-addressed storage writes, and preserve RuntimeExecutionAllowed=false. Phase 3.297 binds actual GPU execution evidence to the reviewed selected backend and selected device IDs before `GpuObserved` can be accepted. Actual K80 GGUF inference remains a separate desktop/runtime gate.", "newDesktopPackageRequiredForPublicDownloadLane": false, "capabilities": [ "Runs as a custom LocalEndpoint Desktop app for local downloaded models; it does not rely on hosted provider APIs or paid third-party inference services.", "Loads portable .uaix agent packages and expands their .uai memory files inside the local desktop boundary.", "Lets separate desktop app instances load different .uaix packages so distinct agents can keep distinct local state and model choices.", "persona.uai is Required For All LocalEndpoint Desktop Packages.", "Shows package file roles as Required For {agent type or workflow} so agent memory does not rely on weak wording.", "Keeps per-load long-term wiki memory roots portable, shareable, and Documents-backed by default.", "Carries Phase 3.376 K80 driver proof-readiness accounting: bounded CUDA driver memory-operation proof passed on Tesla K80 at cuda:0 while worker launch, model session allocation, prompt tokenization, inference, and GGUF GPU inference claims remain blocked.", "Carries Phase 3.373 shared provider-marker boundary accounting: folder sidecar writing, package-folder inspection, hard-blocked file checks, direct intake scan classification, and sidecar JSON inspection share LocalModelSidecarEvidence provider/API marker detection.", "Carries Phase 3.367 native package-lane adoption checklist accounting: modern CUDA and Tesla K80 lanes expose expected native binary, proof receipt, and generation execution artifact file names while worker launch, model session allocation, prompt tokenization, and inference remain blocked.", "Carries Phase 3.372 catalog download handoff sidecar policy: downloaded license and inventory sidecars are parsed as raw JSON and checked for hidden command execution, provider/API/runtime declarations, blocked source types, local-use proof, accepted format, revision, and hardware fit before intake processing can promote the artifact.", "Carries Phase 3.366 reviewed-manifest artifact file-name binding: native generation execution artifact file names are reviewed against the already-reviewed package manifest identity, not receipt-declared identity.", "Carries Phase 3.361 native generation action-plan UI accounting: the Runtime page projects native package-lane counts, Tesla K80 lane state, denied runtime authority flags, and per-lane evidence while keeping package-lane evidence display-only.", "Carries Phase 3.364 package-feed verifier accounting: native generation proof artifacts must use the package-bound file name `..native-generation-execution-artifact.json` before proof receipt adoption can advance.", "Carries Phase 3.351 Tesla K80 evidence-runner accounting: the desktop source has a repeatable script that captures nvidia-smi, proves bounded K80 CUDA driver memory-operation evidence on this workstation, and keeps GGUF GPU generation pending without making GPU hardware required for other systems.", "Carries Phase 3.358 installed-app smoke accounting: elevated sideload install and packaged launch smoke, Models source-discovery UI smoke, and GGUF smoke automation pass against the installed 0.2.98.0 app after loading the required UAIX profile.", "Carries Phase 3.349 deployment accounting: the public desktop ZIP is versioned as 0.2.96.0 and validates direct Add-AppxPackage install/launch smoke without reusing the prior package version.", "Carries Phase 3.346 source accounting: folder-stage package receipt evidence binds source folder display name, intake package relative path, staged file evidence SHA-256, and stage package evidence SHA-256 before runtime execution can advance.", "Current source consumes UAIX.LmRuntime.LocalEndpoint 3.3.29 from the local UAIX NuGet feed for the bounded managed GGUF worker path.", "Current source consumes UAIX.LmRuntime.Backends.Cuda 3.3.29 for LocalEndpoint-owned CUDA probe diagnostics without claiming GGUF GPU inference.", "The public NuGet package family remains a separate runtime-package publication lane; the Phase 3.338 tester package records local-feed UAIX.LmRuntime.LocalEndpoint 3.3.29 evidence without claiming that runtime package version is public on NuGet.org.", "Validates local model license sidecars, inventory sidecars, SHA-256 values, byte counts, accepted formats, and hardware fit before intake.", "Stores reviewed model snapshots as immutable content-addressed local artifacts and records AlreadyStored evidence for unchanged snapshots.", "Requires converted GGUF or ONNX outputs to re-enter model intake as new immutable snapshots with sidecars, hashes, revision evidence, and hardware-fit evidence.", "Carries the selected chat model entry as RequestedModelEntryId and blocks stale selected models before worker session allocation, token streaming, or inference.", "Blocks sidecar drift, duplicate content conflicts, unsafe safetensors conversion paths, legacy external GGUF CLI launches, provider APIs, hosted inference, model upload, telemetry, shell execution, and command execution.", "Uses UAIX.LmRuntime as a bounded managed local GGUF worker adapter after LocalEndpoint has assembled and approved the request context.", "Preserves session and turn identity across worker start, stream, token, and terminal evidence so local JSONL events remain traceable.", "Computes a display-safe RequestHandoffSha256 provider request fingerprint at turn start and blocks start-to-stream request drift before worker handoff.", "Creates LocalChatViabilityEvidence before worker envelope creation and records a blocked no-op when runtime readiness, model selection, offload, local API binding, memory authority, UAIX authority flags, or public-site boundary state do not fit the local worker envelope.", "Carries Phase 3.338 public-safe tester package accounting: local API provider activation requires ReadyForWorker gate state, runtime execution approval, streaming support, explicit approval, and Disabled, NamedPipe, or Loopback127001 binding evidence before worker-backed local API streaming can be exposed.", "Carries Phase 3.300 public-safe tester package accounting: the package evidence proves UAIX.LmRuntime 3.3.26 local-feed resolution, 13 managed worker runtime payload entries, 0 legacy runtime artifacts, LocalChatViabilityEvidence, K80 diagnostic target-match evidence, runtime selector identity binding, tester package discovery evidence, actual GPU and K80 smoke proof surfaces, K80 GGUF generation preflight evidence, CPU/no-GPU compatible non-blocking proof rows, native package entry safety, duplicate-entry blocking, symlink-entry blocking, unexpected executable payload blocking, and closed provider/API/network/telemetry/command/runtime-by-default flags.", "Keeps Converted Output Evidence Automation IDs and stable Models UI automation IDs in the public accounting so installed-app smoke reruns can inspect evidence readouts, not only buttons.", "Carries Phase 3.225 source accounting: current source consumes UAIX.LmRuntime.LocalEndpoint 3.3.26 and UAIX.LmRuntime.Backends.Cuda 3.3.26, surfaces LocalEndpoint-owned CUDA probe diagnostics, and keeps actual K80 GGUF inference unclaimed.", "Carries Phase 3.227 source accounting: Runtime, Settings, and Chat expose local owner backend/device selector intent while readiness, provider request fingerprints, and worker session projections preserve selector identity without claiming GPU inference.", "Carries Phase 3.232 source accounting: the `models runtime inventory` CLI reports CPU managed runtime as selectable and CUDA Tesla K80 as visible diagnostic-only inventory until native GGUF inference assets and runtime proof are loaded.", "Carries Phase 3.243 source accounting: CUDA native and Tesla K80 legacy native asset package lanes are visible in runtime inventory, CLI output, and Runtime page UI with GenerationAssetsAccepted=false until reviewed native generation binaries, package-bound generation execution evidence, and terminal token proof all agree.", "Carries Phase 3.243 source accounting: package-bound generation execution evidence is Required For native lane acceptance; raw execution SHA-256 strings are diagnostic-only and cannot satisfy GPU generation readiness.", "Carries Phase 3.249 source accounting: native generation proof receipts bind package identity, package SHA-256, native binary identity, runtime library identity, and generation execution proof.", "Carries Phase 3.250 source accounting: `models runtime inventory` and the Runtime page expose proof receipt presence, proof receipt SHA-256, and proof receipt identity acceptance.", "Carries Phase 3.251 source accounting: GPU generation readiness requires at least one native package lane with accepted proof receipt identity before any GPU handoff can proceed.", "Carries Phase 3.259 source accounting: release evidence validation and tester handoff packets preserve tester ZIP discovery plus UAIX.LmRuntime package-feed facts, and deployment package evidence fails when release evidence hashes, local-feed restore, required runtime package counts, native package facts, native generation asset facts, or proof receipt facts are missing or weak.", "Carries Phase 3.261 source accounting: active GGUF model identity evidence is Required For Active GGUF Model Smoke Evidence, and malformed active model identity blocks public-safe smoke readiness before any GPU claim can be made.", "Carries Phase 3.263 source accounting: native generation proof receipts must name a display-safe same-feed JSON artifact file whose SHA-256 matches the receipt before proof evidence can advance.", "Carries Phase 3.264 source accounting: native generation artifact evidence is accepted only when artifact schema, package identity, native binary identity, runtime library identity, and generation execution identity match the proof receipt.", "Carries Phase 3.265 source accounting: LocalEndpoint-owned native generation artifacts are rejected when they contain non-identity fields such as prompt text, generated text, or command lines.", "Carries Phase 3.266 source accounting: the package-feed verifier rejects native generation artifact JSON that is not limited to the identity contract before proof receipt evidence can pass.", "Carries Phase 3.267 source accounting: native generation artifact identity-only review is a core-domain value object and duplicate identity fields block before artifact payload materialization.", "Carries Phase 3.268 source accounting: the package-feed verifier reads raw proof artifact JSON property names so duplicate identity fields block release proof evidence before payload identity values are read.", "Carries Phase 3.281 source accounting: native backend selection requires accepted package-lane readiness, not raw generation asset acceptance alone.", "Carries Phase 3.291 source accounting: native package feed evidence rejects unsafe entry names, duplicate entries, symlink entries, and unexpected executable payloads before manifest evidence can advance.", "Carries Phase 3.293 source accounting: local model source-root discovery reports structured skipped linked-folder and unreadable-folder counts without copying files, processing artifacts, or enabling runtime execution.", "Carries Phase 3.294 source accounting: K80 diagnostic target requirement and target match are visible while ActualGpuExecutionEvidencePresent=false and GGUF GPU inference remains unclaimed.", "Carries Phase 3.295 source accounting: K80 GGUF worker generation proof requires terminal token output, completed token agreement, and runtime adapter GPU device evidence before any K80 execution claim.", "Carries Phase 3.296 source accounting: local model intake blocks associated GGUF enumeration drift after scan with VerificationBlocked evidence, no content-addressed storage write, no intake cleanup, and RuntimeExecutionAllowed=false.", "Carries Phase 3.297 source accounting: actual GPU execution claims require reviewed runtime adapter backend and device IDs to match the selected offload plan backend and device IDs.", "Carries Phase 3.302 source accounting: runtime selector normalization creates display-safe local audit evidence when unsupported offload values or malformed backend/device selectors are corrected before persistence.", "Carries Phase 3.303 source accounting: `models runtime k80-proof-readiness --approve --integration-enabled` proves bounded Tesla K80 CUDA driver memory-operation evidence while blocking GGUF worker launch, model session allocation, prompt tokenization, inference, and GPU inference claims until native package-lane and terminal/runtime device-use evidence pass.", "Carries Phase 3.304 source accounting: local model intake review-folder evidence reports PackageFileCount and PackageFileName rows from the package file set, excluding unselected sibling model artifacts before package-folder staging.", "Carries Phase 3.306 source accounting: GGUF worker package readiness requires supported and matching worker contract identity, verified engine package availability, manifest evidence receipt identity, engine manifest identity, executable identity, file inventory identity, positive package file count, and closed shell/network/provider API/telemetry/command-execution flags before smoke readiness can pass.", "Carries Phase 3.307 source accounting: reliable desktop deployment package ZIP creation uses System.IO.Compression.ZipArchive with safe entry validation, duplicate-entry blocking, source-root containment, and Windows PowerShell 5.1 compatible string checks.", "Carries Phase 3.301 source accounting: persisted runtime backend/device settings normalize before load/save, malformed selectors are cleared before persistence, display-safe CPU settings round-trip for UI use, and CPU-only worker handoff remains selector-cleared before execution.", "Carries Phase 3.312 source accounting: UAIX.LmRuntime 3.3.28 generation results carry managed CPU device-use evidence, and CUDA/K80 generation claims remain blocked until selected device identity, generation device identity, reviewed native binaries, proof receipts, ordered token observations, completed-token comparison, and actual GPU device-use evidence agree.", "Carries Phase 3.313 source accounting: K80 proof-readiness CLI evidence can be exported as display-safe JSON for deployment smoke gates without exposing local worker paths or weakening GGUF worker launch, model allocation, prompt tokenization, inference, or GPU claim gates.", "Carries Phase 3.315 source accounting: K80 proof-readiness JSON and text output include named requirement records with display-safe evidence state, evidence count, and evidence identity fields for CUDA driver proof, GGUF preflight, GPU handoff, native package lane readiness, Tesla K80 package lane readiness, terminal token evidence, completed-token result, ordered token observations, completed-token comparison, actual GPU runtime device-use evidence, and GPU/no-GPU compatibility.", "Carries Phase 3.316 source accounting: `models runtime readiness --approve` grants runtime readiness only for the current local command evaluation, exposes the active model and worker capability evidence, preserves closed website/network/telemetry/unverified-model flags, supports named-pipe or loopback local API binding only after explicit approval, and leaves stored registry runtime authority false.", "Carries Phase 3.318 source accounting: `models runtime k80-proof-readiness --approve --integration-enabled --export ` writes checksum-backed display-safe K80 readiness evidence, rejects invalid export paths before probing CUDA, omits local worker and fixture paths from the JSON evidence, and keeps actual K80 GGUF inference unclaimed.", "Carries Phase 3.324 source accounting: K80 proof-readiness rows now surface display-safe package-lane identity and reviewed generation binary candidate text when proof receipt identity is absent, so marker-only native package blockers are visible in Runtime UI, CLI text, and CLI JSON evidence.", "Carries Phase 3.330 source accounting: local model folder review, source discovery, and staging share one app-local target-package availability boundary, so occupied package names block before copy and RuntimeExecutionAllowed remains false.", "Carries Phase 3.332 source accounting: native CUDA and LegacyK80 contracts require packageVersion plus version-bound proof receipt filenames before native generation evidence can advance, while reviewed native generation binaries remain blocked.", "Carries Phase 3.328 source accounting: Runtime UI applies CPU and GPU selector candidates from local inventory as display-safe edit suggestions only; applying a selector candidate does not save settings, approve runtime readiness, launch workers, allocate model sessions, tokenize prompts, or claim GPU inference.", "Keeps prompt text and generated text out of registry, audit, and public evidence artifacts." ], "remainingGates": [ "Keep UAIX.LmRuntime native package lanes blocked until reviewed native generation binaries, accepted proof receipts, accepted generation execution artifacts, terminal token proof, and runtime device-use evidence pass.", "Prove actual K80 GGUF inference on this computer with reviewed runtime adapter identity evidence without making GPU required for systems without GPUs.", "Run the Phase 3.351 K80 evidence runner in GGUF generation proof mode only after reviewed CUDA/K80 native generation binaries and package-bound proof receipts are accepted.", "Adopt reviewed native GPU generation binaries only after package lane presence, binary hashes, runtime adapter identity, token ordering, and terminal completion evidence all agree.", "Keep installed-app Models source-discovery UI smoke and installed-app GGUF smoke passing after the next runtime/device-selection change.", "Keep the packaged launch window activation path passing after notification/tray startup failures are simulated.", "Publish UAIX.LmRuntime 3.3.29 package families to NuGet.org only after runtime-owned release gates, documentation, and package-readiness checks pass.", "Complete public signing, update-channel, accessibility, clean-machine, and certification evidence before broad public distribution language.", "Refresh LocalEndpoint.com again when actual GPU utilization, signing, clean-machine validation, accessibility, update-channel, or certification evidence changes." ], "publicWebsiteResponsibilities": [ "Explain the product, trust boundary, current desktop artifact, and newer source-hardening status.", "Serve schemas, examples, OpenAPI-style metadata, route indexes, llms.txt, checksum manifests, and redacted evidence.", "Run browser-local validation helpers for public-safe manifests and receipts.", "Publish cPanel deployment manifests, direct-overwrite plans, and release verification evidence." ], "desktopResponsibilities": [ "Import, validate, expand, and load .uaix packages and their .uai memory files.", "Assemble prompts locally from approved package memory, wiki memory, and user-selected context.", "Own policy decisions, local approvals, local model registry persistence, audit persistence, JSONL event ownership, and redacted evidence.", "Verify model artifacts, sidecars, hashes, byte counts, hardware fit, active registry rows, selected model identity, session identity, and turn identity before runtime allocation.", "Require provider start-to-stream request fingerprint consistency before worker stream handoff.", "Evaluate LocalChatViabilityEvidence and block a non-viable chat turn as a no-op before worker envelope creation." ], "uaixPackageAccounting": [ "A .uaix file is a portable agent package that carries .uai memory files and package metadata for Desktop to expand locally.", "persona.uai is Required For All LocalEndpoint Desktop Packages.", ".uai file roles are described as Required For {agent type or workflow}.", "Long-term wiki memory roots are per-load choices and default to Documents-backed folders so people can back up, share, or separate agent memory.", ".uaix or .uai memory cannot grant hosted inference, provider APIs, telemetry, shell execution, command execution, automatic export, network access, or core safety policy override by itself." ], "localModelLifecycleAccounting": [ "Model candidates must pass format, license sidecar, inventory sidecar, SHA-256, byte-count, revision, and hardware-fit checks before intake.", "Accepted snapshots become immutable content-addressed local artifacts; unchanged snapshots record AlreadyStored evidence.", "Safetensors conversion is evidence-only until converted GGUF or ONNX output re-enters local intake as a new reviewed snapshot.", "Catalog download, intake activation, selected-model use, worker allocation, prompt tokenization, inference, and token streaming all stay behind local desktop gates.", "LocalChatViabilityEvidence blocks non-viable runtime, model, offload, local API, memory authority, UAIX authority, or public-site boundary state before a worker envelope exists.", "Associated GGUF package-folder enumeration failures after scan block local model intake with VerificationBlocked evidence before content-addressed storage write, intake cleanup, or runtime execution can occur.", "Actual GPU execution claims require runtime adapter backend and device IDs to match the selected offload plan backend and device IDs before LocalEndpoint accepts `GpuObserved` evidence." ], "lmRuntimeIntegrationAccounting": [ "LocalEndpoint current source consumes UAIX.LmRuntime.LocalEndpoint 3.3.29 from the local UAIX NuGet feed for current source validation.", "LocalEndpoint current source consumes UAIX.LmRuntime.Backends.Cuda 3.3.29 from the local UAIX NuGet feed for diagnostic-only CUDA probe evidence.", "LocalEndpoint.com does not claim UAIX.LmRuntime NuGet.org publication; runtime package publication remains a separate runtime-owned release gate.", "UAIX.LmRuntime.Backends.Cuda 3.3.29 provides bounded CUDA driver probe output; LocalEndpoint.com accounts for it only as LocalEndpoint-owned diagnostics and does not claim actual K80 GGUF inference from that probe.", "LocalEndpoint-owned CUDA probe diagnostics record driver probe status with inferenceClaimAllowed=false and cannot become terminal GPU device-use evidence.", "Phase 3.351 adds a repeatable LocalEndpoint-owned Tesla K80 GPU evidence runner that proves driver memory-operation evidence locally while keeping GGUF generation pending unless the explicit proof switch and reviewed native package gates are satisfied.", "Phase 3.376 proof-readiness evidence records cudaDriverProbeAccepted=true, k80DeviceMatched=true, cudaDriverMemoryOperationProven=true, and inferenceAllowed=false for Tesla K80 at cuda:0.", "LocalEndpoint `models runtime inventory` reports CPU as selectable and CUDA Tesla K80 as diagnostic-only until native inference assets and proof are present.", "LocalEndpoint current source references UAIX.LmRuntime.Backends.Cuda.Native.win-x64 and UAIX.LmRuntime.Backends.Cuda.LegacyK80.win-x64 3.3.29 as explicit native asset package lanes.", "Phase 3.367 native package-lane adoption checklist evidence identifies the modern CUDA expected native binary as uaix-lmruntime-cuda-native-win-x64.dll and the Tesla K80 expected native binary as uaix-lmruntime-cuda-legacy-k80-win-x64.dll.", "Phase 3.367 native package-lane adoption checklist evidence identifies the required proof receipt files as UAIX.LmRuntime.Backends.Cuda.Native.win-x64.3.3.29.native-generation-execution-evidence.json and UAIX.LmRuntime.Backends.Cuda.LegacyK80.win-x64.3.3.29.native-generation-execution-evidence.json.", "Phase 3.367 native package-lane adoption checklist evidence identifies the required generation execution artifact files as UAIX.LmRuntime.Backends.Cuda.Native.win-x64.3.3.29.native-generation-execution-artifact.json and UAIX.LmRuntime.Backends.Cuda.LegacyK80.win-x64.3.3.29.native-generation-execution-artifact.json.", "The Phase 3.367 package-feed report remains Blocked: readyForWorkerLaunch=false, workerLaunchBlocked=true, modelSessionAllocationBlocked=true, promptTokenizationBlocked=true, and inferenceBlocked=true for the native CUDA and Tesla K80 lanes.", "UAIX.LmRuntime 3.3.29 backend capabilities provide display-safe Required For Native Generation package-lane and session-lane requirement findings that LocalEndpoint projects without letting the runtime own .uaix parsing, policy, registry, audit, provider APIs, telemetry, or command execution.", "UAIX.LmRuntime 3.3.29 generation results expose runtime device-use evidence, so LocalEndpoint can accept managed CPU generation evidence and reject selected GPU evidence when the completed generation reports CPU.", "Phase 3.328 selector candidates keep UAIX.LmRuntime backend inventory display-safe: CPU and diagnostic GPU candidates can fill the Runtime page selector editor while LocalEndpoint retains runtime readiness, worker launch, prompt assembly, registry, audit, and GPU-claim authority.", "Native GPU asset package lane presence is public accounting evidence only; GenerationAssetsAccepted remains false until reviewed native generation binaries and terminal token evidence exist.", "Package-bound generation execution evidence is Required For native lane acceptance; a standalone generation execution SHA-256 cannot authorize CUDA or K80 generation readiness.", "Reviewed package manifest evidence, manifest-derived native binary identity, native binary SHA-256, runtime library identity matching package identity, and generation execution evidence SHA-256 must agree before generation assets can pass.", "Native generation proof receipts are local evidence files bound to package ID, package version, package SHA-256, native binary file name, native binary SHA-256, runtime library identity, and generation execution evidence SHA-256.", "Runtime inventory and Runtime page proof receipt fields are display evidence only; they do not claim actual GPU inference.", "GPU generation readiness requires accepted proof receipt identity and remains blocked until terminal token and device-use evidence prove actual GPU execution.", "K80 proof-readiness requirement projection is Required For automation-friendly GPU smoke gates: CUDA driver proof can be satisfied while native package lane, Tesla K80 package lane, terminal token, completed-token, ordered-token, completed-token comparison, and actual GPU runtime device-use requirements remain blocked.", "K80 package-lane blocker identity projection is Required For actionable smoke review: package ID, runtime identifier, and reviewed candidate text are visible when proof receipt identity remains absent.", "Release evidence validation preserves tester ZIP package discovery and UAIX.LmRuntime package-feed facts before release evidence, handoff packet, or final release discovery can pass.", "Active GGUF model identity evidence is Required For Active GGUF Model Smoke Evidence: active entry ID, model name, GGUF format, artifact SHA-256, and artifact byte count must all validate before smoke evidence is accepted.", "Native generation proof artifact binding is Required For GPU generation proof receipt advancement: the receipt must reference a display-safe same-feed JSON artifact file and the file hash must match the receipt.", "Native generation artifact identity binding is Required For native generation artifact acceptance: schema, package identity, native binary identity, runtime library identity, and generation execution identity must match the receipt.", "Native generation artifact identity-only validation is Required For LocalEndpoint-owned artifact acceptance: prompt text, generated text, command lines, and non-contract fields block evidence acceptance.", "Package-feed native generation artifact identity-only validation is Required For release evidence acceptance: same-feed artifacts must contain only identity contract fields before proof receipt evidence can pass.", "Accepted package-lane readiness is Required For native backend selection; raw generation asset acceptance alone cannot make CUDA or K80 selectable for generation.", "UAIX.LmRuntime receives an already-approved display-safe LocalEndpoint request context and reviewed GGUF expectation.", "UAIX.LmRuntime does not parse .uaix packages, own prompts, own policies, own registry or audit stores, call providers, access networks, collect telemetry, or persist prompt/generated text.", "LocalEndpoint creates LocalChatViabilityEvidence before worker envelope creation; UAIX.LmRuntime only receives a viable, already-assembled local worker request." ] }, "boundaries": { "publicSiteDispatchesDesktopCommands": false, "publicSiteDesktopCommandDispatch": false, "publicSiteProbesLocalhost": false, "localhostProbing": false, "publicSiteUploadsFiles": false, "publicSiteCollectsTelemetry": false, "publicSiteRequestsSecrets": false, "telemetryCollection": false, "runtimeSafetyCertificationClaimed": false, "microsoftApprovalClaimed": false } }