{"id":50148584,"url":"https://github.com/aignitron/ignisprompt","last_synced_at":"2026-05-24T07:02:08.775Z","repository":{"id":353882952,"uuid":"1221281514","full_name":"AIgnitron/ignisprompt","owner":"AIgnitron","description":"Open-source local-first AI routing daemon — keeps sensitive work on-device, explains routing decisions, and supports consent-gated cloud fallback design.","archived":false,"fork":false,"pushed_at":"2026-05-21T05:02:02.000Z","size":113939,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-21T05:36:43.260Z","etag":null,"topics":["ai-governance","ai-routing","auditability","edge-ai","inference","llm","local-ai","local-first","open-source","privacy","responsible-ai","rust"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AIgnitron.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-04-26T01:45:50.000Z","updated_at":"2026-05-21T05:02:04.000Z","dependencies_parsed_at":null,"dependency_job_id":"d3c614a3-b22c-4d86-bd57-bfcef7bc1d41","html_url":"https://github.com/AIgnitron/ignisprompt","commit_stats":null,"previous_names":["aignitron/ignisprompt"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/AIgnitron/ignisprompt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AIgnitron%2Fignisprompt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AIgnitron%2Fignisprompt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AIgnitron%2Fignisprompt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AIgnitron%2Fignisprompt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AIgnitron","download_url":"https://codeload.github.com/AIgnitron/ignisprompt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AIgnitron%2Fignisprompt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33424573,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-23T22:14:44.296Z","status":"online","status_checked_at":"2026-05-24T02:00:06.296Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-governance","ai-routing","auditability","edge-ai","inference","llm","local-ai","local-first","open-source","privacy","responsible-ai","rust"],"created_at":"2026-05-24T07:02:07.929Z","updated_at":"2026-05-24T07:02:08.768Z","avatar_url":"https://github.com/AIgnitron.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IgnisPrompt\n\n**IgnisPrompt is local-preview infrastructure for local AI routing.**\n\nLatest release: `v0.1.3-local-preview`.\n\nIgnisPrompt is local-first infrastructure for routing, audit, inspection, and local evidence review. By default it makes no cloud calls, sends no telemetry, performs no global aggregation, and is not production deployment software. It is not legal advice, does not claim legal accuracy, and does not claim compliance, ESG, supply-chain, or signed attestation certification.\n\nWhat `v0.1.3-local-preview` adds:\n\n- reproducible security review checks\n- Aethra live-local contract hardening\n- `ignispromptctl` audit-events and route-explain inspection\n- `ignispromptctl evidence-bundle` generation, list, validate, archive, verify archive, and manifest inspection\n- GGUF timeout and runner preflight hardening\n- audit and evidence validation hardening\n- Golden Legal adversarial demo hardening\n\n## Project foundation: v0.1.0-mvp\n\n`v0.1.0-mvp` is a technical MVP snapshot with a conservative **PASS WITH GAPS** readiness result.\n\nThis repository started as a minimal `ignispromptd` Rust daemon scaffold for the Apple Spine Smoke Test. It is intentionally small: it validates the control-plane shape before real model inference is wired in.\n\nIt proves that the local-first control-plane scaffold works: the daemon can run locally, expose the core HTTP surfaces, explain routing decisions, treat adversarial document instructions as untrusted content, record local audit events, and exercise the default no-model smoke path in CI.\n\nIt does not prove production model quality, legal accuracy, enterprise compliance, certification, design-partner readiness, production-grade streaming, production-grade MCP support, or packaged distribution. Current gaps are intentionally documented rather than hidden.\n\nFor details, see the [demo flows](docs/DEMO.md), [testing notes](docs/TESTING.md), [packaging notes](docs/PACKAGING.md), [runner provider notes](docs/RUNNER_PROVIDERS.md), [attestation report template](docs/ATTESTATION_REPORT_TEMPLATE.md), and [current Codex handoff](docs/CODEX_HANDOFF.md).\n\n## Current smoke-test status\n\n`./scripts/dev-check.sh` is the recommended one-command developer path. `./scripts/start-dev.sh` plus `./scripts/smoke.sh` remains available as the lower-level manual debugging path when you want to inspect a running daemon directly.\n\n- `/health`, `/v1/models`, `/v1/status/models`, `/v1/route/explain`, `/v1/chat/completions`, `/v1/audit/events`, and `/v1/metrics/sustainability?period=30d` respond locally\n- legal requests route to Tier 3 with a human-readable explanation\n- adversarial document instructions are detected and treated as untrusted content\n- audit events are written locally\n- audit events include optional Aethra v0.1 counterfactual estimate fields when a request is routed locally\n- legal chat completions default to `StubLegalRunner`\n- `stream: false` or a missing `stream` field keeps the current JSON completion shape, while `stream: true` returns a basic SSE-compatible scaffold\n- an opt-in `GgufRunner` spike can invoke a local GGUF runner binary when both the runner executable and the configured `.gguf` model file are present\n- an experimental stdio MCP stub can expose `route_explain` plus read-only local observability tools without changing the default HTTP daemon path\n- a developer local-only evidence script can capture health, route, audit, binary-hash, and ignore-safety evidence under ignored `./local-evidence/attestation/`\n- Aethra also includes a local command center with safe CLI recipes, an evidence workflow checklist, and demo readiness notes for dashboard review.\n\n## CI status\n\nThe repository now includes a default GitHub Actions workflow at `.github/workflows/ci.yml` for the no-model daemon path on `main`. It runs `cargo build`, `cargo test`, and `./scripts/smoke.sh` against the default local scaffold without requiring Ollama, GGUF model weights, or any cloud access.\n\nAn experimental manual-only release workflow now also lives at `.github/workflows/release-draft.yml`. It runs only through GitHub Actions `workflow_dispatch`, builds the default `ignispromptd` Linux x86_64 release binary, and uploads it as a downloadable workflow artifact. It does not publish a GitHub Release automatically, and it does not bundle model weights or local evidence.\n\n## Documentation\n\nThe docs set under `docs/` describes the current scaffold and clearly separates implemented behavior from planned work:\n\n- [Codex/agent instructions](AGENTS.md) for contributors and AI coding agents working in this repo\n- [Current Codex handoff](docs/CODEX_HANDOFF.md) for current-state context and post-MVP follow-up work\n- [Docs index](docs/README.md)\n- [Local preview quickstart](docs/LOCAL_PREVIEW_QUICKSTART.md)\n- [Local preview release checklist](docs/LOCAL_PREVIEW_RELEASE_CHECKLIST.md)\n- [Local Preview 0.1.0 release notes draft](docs/releases/LOCAL_PREVIEW_0_1_0.md)\n- [Local Preview v0.1.1 release readiness](docs/releases/v0.1.1-local-preview.md)\n- [Local Preview v0.1.2 patch release record](docs/releases/v0.1.2-local-preview.md)\n- [Local Preview v0.1.3 release readiness](docs/releases/v0.1.3-local-preview.md)\n- [Local Preview v0.1.4 release readiness](docs/releases/v0.1.4-local-preview.md)\n- [Contributor MCP usage](docs/MCP_USAGE.md)\n- [Architecture](docs/ARCHITECTURE.md)\n- [Aethra MVP plan](docs/AETHRA.md)\n- [Aethra MVP checkpoint](docs/AETHRA_MVP_CHECKPOINT.md) for the current fixture-backed local dashboard status\n- [Aethra public demo package](docs/AETHRA_DEMO_PACKAGE.md)\n- [Runner providers](docs/RUNNER_PROVIDERS.md)\n- [Demo flows](docs/DEMO.md)\n- [Testing](docs/TESTING.md)\n- [Packaging](docs/PACKAGING.md)\n- [Models](docs/MODELS.md)\n- [Security model](docs/SECURITY_MODEL.md)\n- [Threat model](docs/THREAT_MODEL.md)\n- [Roadmap](docs/ROADMAP.md)\n- [Release checklist](docs/RELEASE_CHECKLIST.md)\n- [Developer contributing notes](docs/CONTRIBUTING_DEV.md)\n- [Enterprise notes](docs/ENTERPRISE.md)\n- [Attestation report template](docs/ATTESTATION_REPORT_TEMPLATE.md)\n- [Compliance notes](docs/COMPLIANCE_NOTES.md)\n\nContributors and AI coding agents should read `AGENTS.md` before making changes. For current repo state, known gaps, and recommended next tasks, also read `docs/CODEX_HANDOFF.md`.\n\nContributor entry points:\n\n- [Contributing](CONTRIBUTING.md) for the short contribution path\n- [Developer contributing notes](docs/CONTRIBUTING_DEV.md) for local-first rules, artifact hygiene, and documentation expectations\n- [Changelog](CHANGELOG.md) for release history\n- [GitHub issue templates](.github/ISSUE_TEMPLATE/) and [pull request template](.github/pull_request_template.md) for contributor intake and safety checklist prompts\n\n## What this scaffold includes\n\n- `GET /health`\n- `GET /v1/models`\n- `GET /v1/status/models` for model and runner status hints\n- `GET /v1/metrics/sustainability?period=30d` for local-only Aethra counterfactual estimate summaries\n- `POST /v1/route/explain`\n- `POST /v1/chat/completions` using an OpenAI-compatible request shape\n- basic SSE-compatible chat-completion scaffolding when `stream: true`\n- experimental stdio MCP stub with `route_explain` plus read-only local observability tools\n- optional feature-gated Tier 3 legal GGUF runner spike via a local subprocess contract\n- Tier 3 legal chat completion dispatch through `StubLegalRunner`\n- `GET /v1/audit/events`\n- JSON model manifest loading\n- local audit event logging\n- local-only fail-closed behavior\n- adversarial contract-instruction detection as untrusted document content\n- smoke fixtures for legal routing\n\n## What this scaffold does not include yet\n\n- built-in SaulLM/Qwen/Phi inference\n- production-grade GGUF/ONNX inference\n- Apple Foundation Models bridge\n- semantic cache\n- production-grade MCP server surface beyond the experimental stdio stub\n- production-grade token-by-token streaming\n- real hardware RAM/thermal telemetry\n- signed Local-Only Attestation Report generation\n\n## Quick start\n\nRequires Rust and Cargo.\n\nRun the default developer check:\n\n```bash\n./scripts/dev-check.sh\n```\n\nThis runs `cargo build`, `cargo test`, starts the local-only daemon, waits for `/health`, runs `./scripts/smoke.sh`, and stops the daemon on exit. It uses the default no-model path and does not require Ollama, GGUF tooling, local model weights, cloud access, or cloud credentials.\n\nIf you prefer a repo-level command runner, the new `Makefile` wraps the same local flows:\n\n```bash\nmake help\nmake build\nmake test\nmake smoke\nmake dev-check\n```\n\nThe default safe targets stay on the no-model local path. Optional local-prerequisite targets are also available for the existing GGUF and evidence scripts:\n\n```bash\nmake gguf-build\nmake gguf-test\nmake gguf-smoke\nmake golden\nmake bakeoff\nmake demo\nmake attestation\nmake evidence-check\nmake clean-local-evidence\n```\n\nThe `gguf-*`, `golden`, `bakeoff`, and `demo` targets still require the same local Ollama and model-file prerequisites as the underlying scripts. `make clean-local-evidence` only removes generated content under ignored `./local-evidence/` and does not delete model weights under `./models/`.\n\nFor current source install, release-build, and manual release-artifact notes, see [docs/PACKAGING.md](docs/PACKAGING.md). That guide is conservative on purpose: it documents today's source-first workflow and a future Homebrew plan, but it does not claim that Homebrew or published packages are available yet.\n\nFor low-level manual debugging, start the daemon directly:\n\n```bash\ncargo run -p ignispromptd -- \\\n  --bind 127.0.0.1:8765 \\\n  --model-dir ./config/models \\\n  --audit-log ./data/audit/events.jsonl \\\n  --local-only true\n```\n\nIn another terminal:\n\n```bash\n./scripts/smoke.sh\n```\n\nWhile the daemon is running, `ignispromptctl` provides a local CLI for inspecting its state:\n\n```bash\ncargo run -p ignispromptctl -- doctor\ncargo run -p ignispromptctl -- doctor --json\ncargo run -p ignispromptctl -- health\ncargo run -p ignispromptctl -- status-version\ncargo run -p ignispromptctl -- models\ncargo run -p ignispromptctl -- sustainability --period 30d\ncargo run -p ignispromptctl -- sustainability --period 30d --json\ncargo run -p ignispromptctl -- audit-events\ncargo run -p ignispromptctl -- audit-events --json\ncargo run -p ignispromptctl -- evidence-bundle --output local-evidence/demo-bundle\ncargo run -p ignispromptctl -- evidence-bundle --output local-evidence/demo-bundle --include-audit-events\ncargo run -p ignispromptctl -- evidence-bundle --output local-evidence/demo-bundle --json\ncargo run -p ignispromptctl -- evidence-bundle --list local-evidence/demo-bundle\ncargo run -p ignispromptctl -- evidence-bundle --validate local-evidence/demo-bundle\ncargo run -p ignispromptctl -- evidence-bundle --archive local-evidence/demo-bundle\ncargo run -p ignispromptctl -- evidence-bundle --archive local-evidence/demo-bundle --json\ncargo run -p ignispromptctl -- evidence-bundle --verify-archive local-evidence/archives/demo-bundle.tar.gz\ncargo run -p ignispromptctl -- evidence-bundle --print-manifest local-evidence/demo-bundle\ncargo run -p ignispromptctl -- evidence-bundle --print-manifest local-evidence/demo-bundle --json\ncargo run -p ignispromptctl -- route-explain --text \"Review this synthetic contract clause.\"\ncargo run -p ignispromptctl -- route-explain --input ./tests/golden-legal/smoke-legal-request.json\ncargo run -p ignispromptctl -- route-explain --input ./tests/golden-legal/smoke-legal-request.json --json\ncargo run -p ignispromptctl -- audit tail\n```\n\n`doctor` checks the local daemon health, version status, model manifest, and model and runner status hint endpoints, then reports local next steps for common failures. Its sustainability metrics check is informational. The command is local-only and does not perform telemetry, cloud calls, GitHub calls, update checks, external lookup, persistence, uploads, model controls, or runner controls.\n\n`sustainability` reads aggregate local metrics from `GET /v1/metrics/sustainability?period=\u003cperiod\u003e`, defaults to `30d`, supports `7d`, `30d`, and `90d`, and can print the daemon JSON with `--json`. It does not include prompts, raw audit text, PII, or machine identifiers.\n\n`audit-events` reads the existing local `GET /v1/audit/events` endpoint and can print either a terminal summary or formatted JSON. It is read-only and does not mutate, upload, persist, or redact audit events through external services.\n\n`evidence-bundle` writes a small local-only bundle under an ignored `local-evidence/` path from the existing local health, version status, model, model and runner status hint, and sustainability endpoints. `--include-audit-events` adds the raw local audit event response only when explicitly requested. `--json` prints the bundle summary JSON. `--list` inspects an existing bundle without calling the daemon, `--validate` checks an existing bundle without calling the daemon, `--archive` validates and archives an existing bundle to `local-evidence/archives/\u003cbundle-name\u003e.tar.gz` by default, `--archive-output` can override the archive path when it stays under `local-evidence/`, `--verify-archive` inspects an existing archive without calling the daemon, and `--print-manifest` prints the manifest for an existing bundle without calling the daemon. The command is diagnostic/demo output only: it is not signed, not certified, not production evidence, and does not call cloud services or external endpoints.\n\nFor a repeatable local evidence demo workflow that drives `route-explain`, `audit-events`, bundle generation, listing, validation, archiving, archive verification, and manifest inspection, run:\n\n```bash\n./scripts/demo-local-evidence-workflow.sh\n```\n\nUse `--dry-run` to print the planned local workflow without starting the daemon, or `--self-test` to verify ignored-path checks and command construction without a live daemon.\n\n`make evidence-check` runs the workflow regression checks, including the demo script dry-run and self-test plus a local CLI help and boundary-language alignment check.\n\nThe Aethra Local Command Center mirrors these safe CLI recipes, the evidence workflow checklist, and the demo readiness notes in the dashboard. It stays read-only and local-preview only.\n\n`route-explain` calls the existing local `POST /v1/route/explain` endpoint with either `--text` or `--input`. Use synthetic or non-sensitive text. This is route inspection, not legal advice or legal accuracy validation. For a legal route example, use a file that already carries legal context such as `./tests/golden-legal/smoke-legal-request.json`, which sets `model` to `ignisprompt/legal`.\n\nFor the real local GGUF path, start Ollama locally and then run:\n\n```bash\n./scripts/smoke-gguf-local.sh\n```\n\n## Experimental MCP Stub\n\nThe repo now includes an experimental stdio MCP stub inside `ignispromptd`. It does not change default daemon startup, default CI, or the fallback to `StubLegalRunner`.\n\nFor contributor-focused examples and response-shape notes, see [Contributor MCP usage](docs/MCP_USAGE.md).\n\nCurrent scope:\n\n- transport: newline-delimited stdio JSON-RPC 2.0\n- handshake methods: `initialize`, `notifications/initialized`, and `ping`\n- tool methods: `tools/list` and `tools/call`\n- tools exposed: `route_explain`, `audit_events`, `status_version`, and `sustainability_summary`\n- behavior reused: existing local route classification, human-readable explanation text, adversarial warning handling, local audit appends for `route_explain`, and read-only local audit/version/sustainability observability data for the observability tools\n\nThe observability tools are read-only and local-only. They do not control models or runners, change configuration, execute commands, add telemetry, make cloud calls, perform update or GitHub lookups, add external coefficient lookup, upload data, persist new data, or add prompt/resource/sampling support. Sustainability values remain estimated, counterfactual, proxy, methodology-dependent, and not certified reporting.\n\nManual example:\n\n```bash\nprintf '%s\\n' \\\n  '{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"initialize\",\"params\":{\"protocolVersion\":\"2025-06-18\",\"capabilities\":{},\"clientInfo\":{\"name\":\"manual\",\"version\":\"0.1.0\"}}}' \\\n  '{\"jsonrpc\":\"2.0\",\"method\":\"notifications/initialized\"}' \\\n  '{\"jsonrpc\":\"2.0\",\"id\":2,\"method\":\"tools/list\",\"params\":{}}' \\\n  '{\"jsonrpc\":\"2.0\",\"id\":3,\"method\":\"tools/call\",\"params\":{\"name\":\"route_explain\",\"arguments\":{\"model\":\"ignisprompt/legal\",\"messages\":[{\"role\":\"user\",\"content\":\"Review this indemnification clause in a vendor services agreement and return the key risks.\"}],\"metadata\":{\"domain\":\"legal\"}}}}' \\\n  | cargo run -p ignispromptd -- --experimental-mcp-stdio\n```\n\nLimitations:\n\n- experimental and manual-only\n- no MCP HTTP transport\n- no prompts, resources, sampling, or completions\n- no cloud calls\n- no model controls, runner controls, command execution, telemetry, update checks, or external lookups\n- intended for local tool-surface validation, not broad MCP client compatibility claims\n\n## GGUF Runner Spike\n\nThe default daemon build does not require GGUF tooling or model weights. `StubLegalRunner` remains the active Tier 3 path unless you explicitly compile the spike:\n\n```bash\ncargo run -p ignispromptd --features gguf-runner-spike -- \\\n  --bind 127.0.0.1:8765 \\\n  --model-dir ./config/models \\\n  --audit-log ./data/audit/events.jsonl \\\n  --local-only true\n```\n\nThe Tier 3 legal path supports an opt-in GGUF subprocess spike behind the `gguf-runner-spike` Cargo feature. If `IGNISPROMPT_GGUF_RUNNER_BIN` points to a local executable and the selected legal manifest's `localPath` exists, `ignispromptd` will invoke that executable before falling back to `StubLegalRunner`.\n\nThe runner contract is intentionally minimal:\n\n- `ignispromptd` invokes the binary with `--model \u003clocalPath\u003e --prompt-file \u003ctemp file\u003e --max-tokens \u003cn\u003e`\n- the binary should write the assistant completion text to stdout and exit `0`\n- stderr and non-zero exit status are treated as runner failure and the daemon falls back to `StubLegalRunner`\n\nEnvironment variables:\n\n- `IGNISPROMPT_GGUF_RUNNER_BIN`: path to the local GGUF runner executable\n- `IGNISPROMPT_PROMPT_DIR`: directory containing prompt-pack markdown files, defaults to `./config/prompts`\n- `IGNISPROMPT_GGUF_MAX_TOKENS`: max tokens requested from the runner, defaults to `256`\n\nThis is a spike, not a production inference stack. Prompt shaping is naive, the `stream: true` path is only an SSE compatibility scaffold rather than a full incremental streaming engine, and no built-in llama.cpp or ONNX bridge ships in the daemon yet.\n\nFor legal Tier 3 requests, the GGUF path prepends a prompt pack before serializing the request messages into the subprocess contract. By default it uses `config/prompts/legal-contract-review-v0.1.md`, but a manifest can override this with `promptPack`, for example `legal-contract-review-compact-v0.1.md` for smaller local models.\n\nFor local Tier 3 legal completions, the daemon also runs a lightweight JSON shim over the runner stdout. It extracts schema-valid JSON from raw output, fenced ```json blocks, explanatory preambles, or common local response/content wrappers. It validates the required top-level fields, nested `risks` objects, enum values, and disallows additional schema fields. If validation fails, the daemon returns a structured local parse-error wrapper instead of hiding the failure. Raw runner text and parse status are exposed under `local_output.legal_json` in the chat completion response and mirrored into local chat-completion audit events.\n\nWhen a local runner supports constrained output, a manifest can also opt into `responseFormat`. The current Ollama-backed wrapper supports:\n\n- `responseFormat: \"none\"`: no structured output hint\n- `responseFormat: \"json\"`: JSON-mode output hint\n- `responseFormat: \"schema\"`: JSON schema constraint for the contract-review shape\n\nIf that prompt-pack file is missing or unreadable, the daemon emits a warning with the configured prompt-pack path, treats the GGUF spike as unavailable, and falls back to `StubLegalRunner`. This keeps the default smoke path working without local prompt assets or model weights.\n\n### Local model placement\n\nThe placeholder legal manifest already shows the intended reference shape:\n\n- manifest: `config/models/legal-qwen2_5-0_5b-instruct-q4.json`\n- current `localPath`: `./models/qwen2.5-0.5b-instruct-q4_k_m.gguf`\n- current `promptPack`: `legal-contract-review-compact-v0.1.md`\n- current `responseFormat`: `schema`\n\nPlace a local GGUF file at that path, or update `localPath` in the manifest to wherever you keep the file on disk. Model weights must stay local and are intentionally not committed; the repo ignores `./models/**`.\n\n### Integration options evaluated\n\nThe current spike stays subprocess-based on purpose. Two realistic next-step integrations are:\n\n- `llama.cpp` CLI or `llama-server` as a local process boundary. The official project documents both `llama-cli -m model.gguf` and `llama-server -m model.gguf` for GGUF inference and an OpenAI-compatible local server surface.\n- `llama-cpp-2` for direct Rust bindings to `llama.cpp`. Its docs describe the crate as safe wrappers around near-direct bindings and note that API stability is intentionally secondary to tracking upstream `llama.cpp`.\n\nThe subprocess contract is the lower-risk spike because it keeps `ignispromptd` free of native binding churn while the `ModelRunner` interface settles.\n\n## Golden Legal v0.3 Subset\n\nThe repo now includes a small Golden Legal Routing Test Set v0.3 runner for the live GGUF path:\n\n```bash\n./scripts/run-golden-legal-v0.3.sh\n```\n\nIt executes six cases:\n\n- legal Tier 3 success\n- local model unavailable under simulated RAM pressure\n- no cloud fallback without consent when no legal model is installed\n- adversarial contract instruction handling\n- human-readable explanation quality\n- subtle legal-language routing instruction handling\n\nThe script expects:\n\n- a local Ollama server at `OLLAMA_HOST`, typically `http://127.0.0.1:11434`\n- `OLLAMA_NO_CLOUD=true`\n- the local GGUF file at the manifest `localPath`\n\nEvidence is written under `./local-evidence/golden-legal-v0.3/` and stays out of git.\n\nCurrent local reliability note as of May 2, 2026: the latest local Golden Legal v0.3 evidence available in this workspace records all six control-plane cases as passing with the Qwen2.5 0.5B pipe baseline. The Tier 3 success case records `legal_json.status = \"ok\"` and `schema_valid = true`. This is a local schema and routing reliability signal only; it is not legal advice, a legal-accuracy result, production readiness, or compliance certification.\n\n## Alpha Legal Bakeoff v0.1\n\nThe repo also includes an alpha bakeoff driver that runs the Golden Legal v0.3 subset against a small set of candidate local legal models and records a local comparison summary:\n\n```bash\n./scripts/run-alpha-legal-bakeoff-v0.1.sh\n```\n\nThe bakeoff currently knows about these local candidate paths:\n\n- baseline: `./models/qwen2.5-0.5b-instruct-q4_k_m.gguf`\n- larger general candidate: `./models/qwen2.5-7b-instruct-q4_k_m.gguf`\n- legal-domain candidate: `./models/saul-instruct-v1.q4_k_m.gguf`\n- smaller fallback candidate: `./models/Phi-3.5-mini-instruct.q5_k_m.gguf`\n\nIf a candidate file is missing, the bakeoff records that candidate as skipped with a local note instead of failing the whole run. The summary is written under `./local-evidence/alpha-legal-bakeoff-v0.1/` and includes per-candidate latency, route correctness, explanation quality, JSON/schema reliability, adversarial handling, and evidence locations.\n\nCurrent quality caveat: `qwen2.5-0.5b-instruct-q4_k_m` is the fastest pipe-validation baseline on this host, not a settled legal-quality winner. The prompt packs, constrained runner output, and local JSON extraction/validation shim make the Tier 3 path more reliably parseable and stricter about schema failures, but legal usefulness still depends on model quality and remains an open bakeoff question.\n\n## Example request\n\n```bash\ncurl -s -X POST http://127.0.0.1:8765/v1/route/explain \\\n  -H 'content-type: application/json' \\\n  --data-binary @tests/golden-legal/smoke-legal-request.json | jq .\n```\n\n## Public demo: local legal review\n\nFor a public-facing local demo, run the convenience legal-review flow. It uses a fully synthetic contract-review fixture and shows the local Tier 3 routing path, structured JSON parsing, schema validation, route explanation, and local audit evidence without sending request data to a cloud service. See [Demo flows](docs/DEMO.md) for the default smoke demo and optional GGUF setup details.\n\nRead the warning at the top of [Demo flows](docs/DEMO.md) before presenting: demo inputs must stay synthetic, and audit/sustainability outputs are local-preview signals only.\n\n```bash\n./scripts/demo-local-legal-review.sh\n```\n\nA healthy demo run should show these signals:\n\n- route tier = `TIER_3`\n- route_code = `DOMAIN_MODEL_SELECTED`\n- data_left_device = `false`\n- legal_json.status = `ok`\n- schema_valid = `true`\n- audit evidence saved under `./local-evidence/`\n\nThe demo script expects:\n\n- a local Ollama server at `OLLAMA_HOST`, typically `http://127.0.0.1:11434`\n- `OLLAMA_NO_CLOUD=true`\n- the local GGUF file at `./models/qwen2.5-0.5b-instruct-q4_k_m.gguf`\n\nIt starts `ignispromptd` with `--features gguf-runner-spike`, sends `tests/golden-legal/demo-synthetic-contract-request.json`, prints the route decision, explanation, `legal_json.status`, `schema_valid`, parsed legal JSON, and saved audit-event path, then writes the evidence bundle under `./local-evidence/demo-local-legal-review/`.\n\nDemo caveats:\n\n- this is not legal advice\n- this is not production compliance evidence or certification\n- Qwen2.5 0.5B is the pipe/demo baseline, not a settled legal model winner\n- never use real customer contracts, confidential legal text, personal data, or production matter materials in a demo\n\nFor the default no-model scaffold path, the recommended check is still:\n\n```bash\n./scripts/dev-check.sh\n```\n\nIf you need the lower-level manual debugging path instead, run:\n\n```bash\n./scripts/start-dev.sh\n```\n\nIn another terminal:\n\n```bash\n./scripts/smoke.sh\n```\n\n## Smoke-test goal\n\nThe first milestone is still proving the control-plane spine: a legal request enters IgnisPrompt, routes locally to Tier 3, explains why, writes an audit event, and rejects unsafe cloud/adversarial behavior. The GGUF runner path is an early local execution spike layered on top of that control plane, not a finished inference backend.\n\n## License\n\nApache-2.0.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faignitron%2Fignisprompt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faignitron%2Fignisprompt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faignitron%2Fignisprompt/lists"}