README:
- Bump drawer count 134K → 137K (matches current palace)
- Update "Open upstream PRs" table with actual reviewer status, add MemPalace#999
  and MemPalace#1000, drop stale "rebased against MemPalace#863" note since MemPalace#863 is in v3.3.1

CLAUDE.md:
- Rename section header v3.3.0 → v3.3.1 (we merged v3.3.1 earlier today)
- Add fork changes 11-13: None-metadata guards, .blob_seq_ids_migrated
  marker, quarantine_stale_hnsw
- Replace "Pulled in from upstream v3.3.1" summary: i18n, BCP-47 locales,
  UTF-8 Path.read_text, non-blocking precompact (MemPalace#863), silent_save
  honoring (MemPalace#966) — ours still broader
- Update the open-upstream-PRs table to 7 open, include MemPalace#999 + MemPalace#1000 and
  refresh each row's status line to match what's actually on GitHub
  (MERGEABLE flags, @bensig ping context, Copilot review addressed, etc.)

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

README:
- Fork-changes table: expand the None-metadata row to cover all 8 sites
  (searcher.py CLI + API + closet-boost, miner.status, 4 mcp_server
  handlers). Previous row only called out the CLI print path.
- Add a new Search row: warnings + sqlite BM25 top-up contract (the
  "never silent miss" feature) with pointer to MemPalace#951 + MemPalace#823.
- Open-PR table: expand MemPalace#999 scope line to mention 8 sites + architectural
  note, update MemPalace#1000 to reflect post-MemPalace#995 rebase, add MemPalace#1005 with Copilot
  fixes noted.

CLAUDE.md:
- PR status header: 7 open -> 8 open (adds MemPalace#1005).
- Same PR row updates as README for MemPalace#999/MemPalace#1000/MemPalace#1005.
- Fork Changes list: expand entry 11 (None guards) to 8 sites + adapter
  consolidation proposal on MemPalace#999; add entry 14 for the warnings+BM25
  feature; keep 12 and 13 as-is.

42 README-claim tests still pass.

Concrete evidence:
- New "What this looks like in practice" section right after the
  status line, showing a real stop-hook systemMessage output and a
  real mempalace_search response shape (warnings, available_in_scope,
  matched_via tags, similarity scores). Someone evaluating the fork
  can see what "running in production" actually looks like.

Headlines box:
- New "Headlines" subsection at the top of Fork Changes with the
  three differentiators someone should know if they only read one
  section — silent-save hook, ChromaDB 1.5.x hardening (quarantine +
  None guards), search-never-misses contract. Links to MemPalace#673/MemPalace#999/
  MemPalace#1000/MemPalace#1005 so readers can jump to the work itself.

Citations for comparison table:
- Every row now links to its upstream repo: Hindsight (vectorize-io),
  Mem0 + OpenMemory (mem0ai), Cognee (topoteretes), Letta (letta-ai),
  engram (NickCirv), CaviraOSS OpenMemory. Cognee row updated since
  they've added MCP support since we first wrote the row.
- Replaced the "Systems mentioned without captured primary URLs"
  footnote (now stale since we have them) with a "Verification note"
  that's honest about the point-in-time nature of these columns and
  explains why TagMem is absent.

Structure cleanups:
- Removed the upstream MemPalace logo at the top — it's milla-
  jovovich's asset and using it in a fork README is awkward.
- Renamed "Roadmap" → "Planned work" — the section is decisive with
  priorities and time estimates, "Roadmap" was underselling it.

No content removed from the document beyond the stale footnote and
the upstream logo. All existing sections intact. 42 README-claim
tests pass.

Every remaining row in "Still ahead of upstream" now carries a status
so the reader can tell at a glance whether each change is being
upstreamed, pending a PR, or deliberately fork-local.

Dropped:
- "Guard ChromaDB 1.5.x metadata-mismatch segfault" — this row was
  overstated. The memory file for today's debugging notes that the
  try-get/except-create pattern is defensive code that never
  reproduced a specific crash (the actual crashes traced to HNSW
  drift). Leaving it in "Still ahead" implied an upstream-candidate
  fix, which it isn't. Code stays in place as defensive, but the
  README no longer claims it as a fork-ahead feature.

Moved to Superseded:
- "Stale HNSW mtime detection + mempalace_reconnect" — upstream took
  a different approach in MemPalace#757. Our broader inode+mtime detection
  and the mempalace_reconnect MCP tool remain as fork-local
  convenience; they're just not "ahead of upstream" anymore.

Statuses now populated:
- Linked PR number for the 7 changes with active upstream PRs
  (MemPalace#659, MemPalace#660, MemPalace#661, MemPalace#673 with APPROVED note, MemPalace#999, MemPalace#1000, MemPalace#1005).
- "PR pending" for 3 items that are good candidates but unfiled:
  epsilon mtime comparison, max_distance parameter, tool output
  mining.
- "fork-only" for 2 items we keep intentionally without pitching
  upstream: .blob_seq_ids_migrated marker (narrow), bulk_check_mined
  (complementary to upstream's MemPalace#784 file-locking).

Legend sentence added above the table explains the three status
values. 42 README-claim tests pass.

Addresses Copilot nit on MemPalace#1000.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

…review addressed

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

…emPalace#1036

Overnight/morning:
- MemPalace#681, MemPalace#1000, MemPalace#1023 merged — moved from "Still ahead" to "Merged upstream (post-v3.3.1)"
- bensig reviewed MemPalace#659 (wing_ prefix + agent filter) and MemPalace#1021 (silent_guard
  default) — both addressed on their PR branches
- MemPalace#673 needed re-rebase after overnight develop merges; done
- MemPalace#1036 filed: paginate miner.status(), closes upstream MemPalace#802 and MemPalace#1015

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Version bumps across pyproject.toml, mempalace/version.py, README badge,
uv.lock, and plugin manifests (.claude-plugin/*, .codex-plugin/*).

CHANGELOG aligned with main (post-3.3.1) and a new [3.3.2] section added
covering the 11 PRs merged on develop since v3.3.1 — silent-transcript-drop
fix + tandem sweeper (#998), None-metadata guards (#999, #1013),
chromadb ≥1.5.4 for Py 3.13/3.14 (#1010), Windows Unicode (#681),
HNSW quarantine recovery (#1000), PID stacking guard (#1023), doc-path
cleanup (#996, #1012), and RFC 001/002 internal scaffolding (#995, #1014, #990).

Resolutions:
- `.claude-plugin/.mcp.json`, `plugin.json` — adopt upstream's `mempalace-mcp`
  console-script command (added via upstream MemPalace#340 for pipx/uv). Run
  `pip install -e .` in plugin venv after merge to install the entry point.
- `.claude-plugin/hooks/*.sh`, `hooks/*.sh` — adopt upstream's console-command
  resolution order (`mempalace` script → `python3 -m mempalace` → `python`).
  `MEMPAL_PYTHON` override still works inside `hooks_cli.py`.
- `mempalace/hooks_cli.py`, `tests/test_hooks_cli.py` — keep fork's
  `_mempalace_python()` helper (fork-ahead #4); upstream only had
  `sys.executable`, which loses MEMPAL_PYTHON override.
- `mempalace/miner.py` — keep fork's concurrent mining path (fork-ahead #1),
  apply upstream's unicode-`✓` → ASCII-`+` fix (MemPalace#681) to both paths.
- `mempalace/backends/chroma.py` — take upstream's refined `quarantine_stale_hnsw`
  docstring (it's the version merged via our own MemPalace#1000).

Brought in: 33 upstream commits including Belarusian/Chinese/German/Spanish/French
entity detection, console-script entry points, hook plugin-root space quoting,
and v3.3.2 tag (which contains our MemPalace#681/MemPalace#1000/MemPalace#1023).

Tests: 1096 passed, 106 deselected (benchmarks). Ruff clean.

…#1023 merged, MemPalace#673 rebased

- Bump fork-ahead section header to "after v3.3.2"
- Strike #11 (quarantine_stale_hnsw) and MemPalace#18 (PID file guard) as
  merged-into-upstream-via-v3.3.2, keep entries for traceability
- Add v3.3.2-shipped items to "Merged into upstream (post-v3.3.1)"
- Rebuild PR table: 10 merged / 7 open / 7 closed; add MemPalace#1024 row,
  reclassify MemPalace#681/MemPalace#1000/MemPalace#1023 as merged, note MemPalace#673 rebased 2026-04-21
- Annotate MemPalace#661 status with the GitHub review-state machine caveat
  (CHANGES_REQUESTED persists until reviewer dismisses, not owed)
- Bump test count 1063 → 1096 post-merge

…unts

- Upstream released v3.3.2 on 2026-04-21 (our MemPalace#681/MemPalace#1000/MemPalace#1023)
- Drawer count 152,682 → 165,632; wings 23 → 28; tests 1063 → 1096
- MemPalace#673 now MERGEABLE after fresh rebase + squash to 1 commit
- MemPalace#661 status clarified: CHANGES_REQUESTED persists until reviewer
  dismisses, not an outstanding owe
- Merged-upstream section split out v3.3.2 release group

Port quarantine_stale_hnsw from upstream MemPalace#1000 (0c38dea) and wire it
into _client() / make_client() so palaces with drifted HNSW segments
self-recover on open instead of segfaulting in the Rust graph walk.

Hit on personal-v2 today: 125k-embedding palace, three segment dirs
with data_level0.bin 8-9 days older than chroma.sqlite3 after an
interrupted write. Every fresh client open SIGSEGV'd in
chromadb_rust_bindings at the same offset (KERN_INVALID_ADDRESS at
0x44, dangling neighbor pointer in HNSW graph walk). Renaming the
segment dirs out of the way let chroma rebuild lazily from sqlite
with zero data loss.

Differs from upstream by being on-by-default rather than
operator-opt-in; opt out with MEMPALACE_HNSW_NO_QUARANTINE=1. The
stat-call overhead is microseconds; the cost of skipping is a hard
crash on the next query() or count().

Threshold unchanged at 3600s — legitimate HNSW flush lag is seconds
to minutes, so an hour of drift implies a crashed mid-write.

Tests: 11/11 in test_backends.py (4 new for the helper).