fix(retrieval): enforce project-scoped context boundaries

README.md

@@ -6,7 +6,7 @@ Personal context engine that enriches LLM interactions with durable memory, stru
 
 ```bash
 pip install -e .
-uvicorn src.atocore.main:app --port 8100
+uvicorn atocore.main:app --port 8100
 ```
 
 ## Usage
@@ -37,6 +37,10 @@ python scripts/atocore_client.py audit-query "gigabit" 5
 | POST | /ingest | Ingest markdown file or folder |
 | POST | /query | Retrieve relevant chunks |
 | POST | /context/build | Build full context pack |
+| POST | /interactions | Capture prompt/response interactions |
+| GET/POST | /memory | List/create durable memories |
+| GET/POST | /entities | Engineering entity graph surface |
+| GET | /admin/dashboard | Operator dashboard |
 | GET | /health | Health check |
 | GET | /debug/context | Inspect last context pack |
 
@@ -66,8 +70,10 @@ unversioned forms.
 FastAPI (port 8100)
   |- Ingestion: markdown -> parse -> chunk -> embed -> store
   |- Retrieval: query -> embed -> vector search -> rank
-  |- Context Builder: retrieve -> boost -> budget -> format
-  |- SQLite (documents, chunks, memories, projects, interactions)
+  |- Context Builder: project state -> memories -> entities -> retrieval -> budget
+  |- Reflection: capture -> reinforce -> extract -> triage -> promote/expire
+  |- Engineering: typed entities, relationships, conflicts, wiki/mirror
+  |- SQLite (documents, chunks, memories, projects, interactions, entities)
   '- ChromaDB (vector embeddings)
 ```
 
@@ -82,6 +88,16 @@ Set via environment variables (prefix `ATOCORE_`):
 | ATOCORE_CHUNK_MAX_SIZE | 800 | Max chunk size (chars) |
 | ATOCORE_CONTEXT_BUDGET | 3000 | Context pack budget (chars) |
 | ATOCORE_EMBEDDING_MODEL | paraphrase-multilingual-MiniLM-L12-v2 | Embedding model |
+| ATOCORE_RANK_PROJECT_MATCH_BOOST | 2.0 | Soft boost for chunks whose metadata matches the project hint |
+| ATOCORE_RANK_PROJECT_SCOPE_FILTER | true | Filter project-hinted retrieval away from other registered project corpora |
+| ATOCORE_RANK_PROJECT_SCOPE_CANDIDATE_MULTIPLIER | 4 | Widen candidate pull before project-scope filtering |
+| ATOCORE_RANK_QUERY_TOKEN_STEP | 0.08 | Per-token boost when query terms appear in high-signal metadata |
+| ATOCORE_RANK_QUERY_TOKEN_CAP | 1.32 | Maximum query-token boost multiplier |
+| ATOCORE_RANK_PATH_HIGH_SIGNAL_BOOST | 1.18 | Boost current decision/status/requirements-like paths |
+| ATOCORE_RANK_PATH_LOW_SIGNAL_PENALTY | 0.72 | Down-rank archive/history-like paths |
+
+`ATOCORE_RANK_PROJECT_SCOPE_FILTER` gates the hard cross-project filter only.
+`ATOCORE_RANK_PROJECT_MATCH_BOOST` remains the separate soft-ranking knob.
 
 ## Testing
 
@@ -93,7 +109,10 @@ pytest
 ## Operations
 
 - `scripts/atocore_client.py` provides a live API client for project refresh, project-state inspection, and retrieval-quality audits.
+- `scripts/retrieval_eval.py` runs the live retrieval/context harness, separates blocking failures from known content gaps, and stamps JSON output with target/build metadata.
+- `scripts/live_status.py` renders a compact read-only status report from `/health`, `/stats`, `/projects`, and `/admin/dashboard`; set `ATOCORE_AUTH_TOKEN` or `--auth-token` when those endpoints are gated.
 - `docs/operations.md` captures the current operational priority order: retrieval quality, Wave 2 trusted-operational ingestion, AtoDrive scoping, and restore validation.
+- `DEV-LEDGER.md` is the fast-moving source of operational truth during active development; copy claims into docs only after checking the live service.
 
 ## Architecture Notes