docs(v1.2.1): publish plan ready, deferred to fresh session

Adds docs/plans/2026-04-28-v1.2.1-pypi-publish.md — a step-by-step
plan for the v1.2.1 release across PyPI + git tags + GitHub.
Strategy locked: skip v1.1.0 + v1.2.0 PyPI uploads (the existing
v1.1.0 wheel from 2026-04-26 predates the duplicate-refine race
fix and would publish a known-buggy snapshot); the v1.x PyPI line
starts at v1.2.1. v1.1.0 + v1.2.0 stay as git-tag milestones in
the narrative.

The plan walks through 9 steps: version bumps (pyproject.toml +
mnemos/__init__.py both still at older strings), pytest sanity,
build, smoke-install in throwaway venv, twine upload (irreversible
boundary — pause for user confirmation), annotated git tags v1.2.0
(at 4fddca4) + v1.2.1 (at e7cfdba), gh release create from
CHANGELOG.md, commit the version bumps, STATUS/ROADMAP update.
Includes a rollback section explaining yank-vs-bump-to-1.2.2 since
PyPI has no overwrite semantics.

STATUS.md and ROADMAP.md now point at the plan as the next-up
work. The "Pending user actions" section was rewritten so the
one-word `mnemos` resume protocol surfaces this plan first.
"Completed today" section was reorganized into a full-day recap +
a "Pickup point for next session" block telling the resume agent
exactly what to do (read STATUS, read plan, verify pre-flight,
show <100-word summary, wait for go-ahead before twine upload).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: kavunkarpuz-debug

STATUS.md

@@ -169,48 +169,53 @@ For early adopters: `pip install git+https://github.com/mnemos-dev/mnemos@v1.0.0
 | F6.3 Empirical smoke | 1 | done | kasamd farcry: TR transcript → TR headers + TR body. Locale-aware contract holds. **Surfaced pre-existing v1.1.0 duplicate-refine race — see v1.2.1 spec.** |
 | F7 Migration helper | 0 | not needed | locale-aware behavior obviates the need for a one-shot vault flip |
 
-🟡 **Pending user actions:**
-
-1. **Push commits to origin** — local main is 4 commits ahead of
-   `origin/main` (`b7ee92f` --limit, `3774d05` env strip,
-   `89f120b` neutral cwd + hook isolation, plus this docs update):
-   ```bash
-   git push origin main
-   ```
-2. **PyPI v1.2.0 + v1.2.1 publish** (single-shot, both shipped same
-   day; v1.2.1 supersedes the v1.2.0 wheel that was never built):
-   ```bash
-   cd C:/Projeler/mnemos-v1.1
-   python -m build
-   python -m twine upload dist/mnemos_dev-1.2.1*
-   git tag v1.2.0 -a -m "v1.2.0 — Locale-Aware Output"
-   git tag v1.2.1 -a -m "v1.2.1 — Refine race + identity isolation fix"
-   git push origin v1.2.0 v1.2.1
-   gh release create v1.2.1 --title "v1.2.1 — Refine race + identity isolation fix" --notes-file CHANGELOG.md
-   ```
-3. **v1.1.0 PyPI publish** (still pending from yesterday):
-   `python -m twine upload C:/Projeler/mnemos-v1.1/dist/mnemos_dev-1.1.0*`
-4. **Test infra cleanup** — `~/.claude/test-session-end/` directory
-   leftover from v1.1 design phase. Settings.json's SessionEnd
-   already only has the canonical `mnemos-session-end` entry, so
-   no settings.json edit needed; just remove the leftover directory:
-   ```bash
-   rm -rf ~/.claude/test-session-end
-   ```
-
-### ✅ Completed today (2026-04-28)
-
-- v1.2.0 locale-aware output: shipped + merged + pushed
-- v1.2.1 refine-pipeline race fix: shipped + merged + pushed
-- v1.2.1 identity isolation follow-up: 3 commits on local main
-  (push pending — see #1 above)
-- `mnemos refine-ledger --normalize --validate-paths` one-shot
-  cleanup ran on kasamd
-- `/exit` empirical test passed — single Session/.md created, no
-  duplicate
-- `mnemos identity bootstrap --force` ran successfully on kasamd
-  (90 sessions → 85 used → 6 projects, 4 people, locale-aware TR
-  headers + body, six revised-decisions in chronological order)
+🟡 **Pending user actions (next session pickup):**
+
+**The next-up work is v1.2.1 PyPI release.** A step-by-step plan is
+ready at [`docs/plans/2026-04-28-v1.2.1-pypi-publish.md`](docs/plans/2026-04-28-v1.2.1-pypi-publish.md).
+The resume protocol should land there. The plan covers:
+
+1. Version bumps (`pyproject.toml` 1.1.0 → 1.2.1; `mnemos/__init__.py`
+   "1.0.0a1" → "1.2.1" — both still stale)
+2. Pytest sanity (must still hit 545 pass)
+3. `python -m build`
+4. Smoke install in throwaway venv (`mnemos --version` → 1.2.1)
+5. `python -m twine upload dist/mnemos_dev-1.2.1*` ← **irreversible
+   boundary**, confirm with user first
+6. Annotated git tags `v1.2.0` (4fddca4) + `v1.2.1` (e7cfdba)
+7. `gh release create v1.2.1`
+8. Commit version bumps + STATUS/ROADMAP update
+
+**Strategy decision (locked in plan):** PyPI for the v1.x line starts
+at v1.2.1. v1.1.0 + v1.2.0 are git-tag milestones only; the
+2026-04-26-built v1.1.0 wheel in `dist/` predates the duplicate-refine
+fix and would publish a known-buggy snapshot if uploaded.
+
+Estimated wall time: 15-25 min, dominated by build + upload + the
+typed PyPI token.
+
+### ✅ Completed 2026-04-28 (full day)
+
+- v1.2.0 locale-aware output: shipped + merged + pushed to `origin/main`
+- v1.2.1 refine-pipeline race fix (per-JSONL filelock + ledger normalize CLI): shipped + merged + pushed
+- v1.2.1 identity isolation follow-up (3 same-day bugs surfaced by bootstrap pilot — env-strip, neutral cwd, hook re-entry guard, strict OUTPUT prompt): shipped + merged + pushed
+- `bootstrap --limit N` pilot mode added
+- `mnemos refine-ledger --normalize --validate-paths` one-shot cleanup ran on kasamd ledger
+- `/exit` empirical test passed — single Session/.md created, no duplicate
+- `mnemos identity bootstrap --force` ran successfully on kasamd (90 sessions → 85 used → 6 projects, 4 people, locale-aware TR headers + body, six revised-decisions in chronological order)
+- Test suite **545 pass** (+16 vs 529 baseline)
+- Worktree + branch cleanup: 4 stale agent worktrees removed, 2 redundant project worktrees pruned, 9 merged feature/chore branches deleted
+- Test infra cleanup: `~/.claude/test-session-end/` directory removed
+
+### ⏳ Pickup point for next session
+
+The PyPI publish — see [`docs/plans/2026-04-28-v1.2.1-pypi-publish.md`](docs/plans/2026-04-28-v1.2.1-pypi-publish.md). When the user types `mnemos`, the resume protocol should:
+
+1. Read this STATUS.md
+2. Read the publish plan
+3. Verify `git status` clean + `origin/main == HEAD` + pytest 545 pass
+4. Show a <100-word summary leading with "Next: v1.2.1 PyPI publish per the plan; pause for confirmation before step 5 (irreversible twine upload)"
+5. Wait for user go-ahead
 
 ---
 

docs/ROADMAP.md

@@ -21,7 +21,7 @@ archive; if they conflict, this file wins.
 | **v1.0.0a1** | **Narrative-first pivot (atomic-fragmentation dropped, Sessions = unit, Identity Layer)** | ✅ shipped 2026-04-26 | ⏸ deferred |
 | **v1.1.0** | **SessionEnd-driven memory (refine+brief+identity-refresh worker, settings TUI, briefing v3, readiness gates, in-session cross-check)** | ✅ shipped 2026-04-27 | ⏸ deferred 24h |
 | **v1.2.0** | **Locale-aware output (EN code+docs, runtime headers match dominant Session language; defaults English when mixed)** | **✅ shipped 2026-04-28** *(empirical smoke green, merge + PyPI pending)* | — |
-| **v1.2.1** | **Hot-fix: refine-pipeline race (per-JSONL filelock + normalize CLI) + identity isolation (env-strip ANTHROPIC_API_KEY, neutral cwd, recall_briefing re-entry guard, strict OUTPUT prompt) + `bootstrap --limit N` pilot mode** | **✅ shipped 2026-04-28** *(push + PyPI pending)* | — |
+| **v1.2.1** | **Hot-fix: refine-pipeline race (per-JSONL filelock + normalize CLI) + identity isolation (env-strip ANTHROPIC_API_KEY, neutral cwd, recall_briefing re-entry guard, strict OUTPUT prompt) + `bootstrap --limit N` pilot mode** | **✅ code shipped 2026-04-28** *(PyPI publish next session — [`plan`](plans/2026-04-28-v1.2.1-pypi-publish.md))* | — |
 | v1.3.0 | Polish + LongMemEval benchmark (R@5 ≥ 93% baseline, JSONL-direct identity bootstrap?) | ⏸ | — |
 | v0.5.0 | Automation / Phase 2 — superseded by v1.1 SessionEnd hook | 🗄️ archived | — |
 | v0.6.0 | Community & Ecosystem (Obsidian plugin, multi-language markers, demo video) | ⏸ | — |

docs/plans/2026-04-28-v1.2.1-pypi-publish.md

@@ -0,0 +1,245 @@
+---
+title: v1.2.1 PyPI Publish + Tag + GitHub Release
+date: 2026-04-28
+status: Plan ready, execution pending (deferred to fresh session)
+target_release: v1.2.1
+preceded_by: docs/specs/2026-04-28-v1.2.1-duplicate-refine-race.md
+---
+
+# v1.2.1 PyPI Publish — Step-by-Step
+
+## Goal
+
+Cut the v1.2.1 release across PyPI, git tags, and GitHub. Skip v1.1.0
+and v1.2.0 PyPI uploads — they are git-tag-only milestones; PyPI for
+the v1.x line starts at v1.2.1.
+
+## Pre-flight state (verified 2026-04-28 end of day)
+
+- `origin/main` == local main == `e7cfdba` (8 commits ahead of dawn-of-day)
+- Test suite: **545 pass**, 2 skipped, 3 deselected
+- Worktrees: clean (only `C:/Projeler/mnemos` main + `C:/Projeler/mnemos-v1.1` editable-install)
+- Local branches: clean (`main`, `feat/identity-bootstrap-limit`, `feature/v1.1.0`, `legacy/atomic-paradigm`)
+- Existing tags: `v0.2.0`, `v0.3.0..v0.3.3`, `v0.4.0-archived`, `v1.0.0a1`, `v1.1.0` (no v1.2.x)
+- `dist/`: contains stale `mnemos_dev-1.1.0-*` from 2026-04-26; v1.2.x not yet built
+- `PYPI_TOKEN` in Windows User env: set (per CLAUDE.md inventory)
+
+## Pre-flight bumps still required
+
+These are step 1 below. Listing here so the new-session resume can
+verify before invoking the plan:
+
+- `pyproject.toml:version` is `1.1.0` → must bump to `1.2.1`
+- `mnemos/__init__.py:__version__` is `"1.0.0a1"` (stale since v1.0
+  alpha era; never touched in v1.1 or v1.2.0/v1.2.1) → must bump to
+  `"1.2.1"`
+
+## Why skip v1.1.0 + v1.2.0 PyPI?
+
+The pre-existing `dist/mnemos_dev-1.1.0-*.whl` was built on 2026-04-26.
+Since then the codebase landed:
+
+- v1.2.0 locale-aware output schema
+- v1.2.1 refine-pipeline race fix (per-JSONL filelock)
+- v1.2.1 identity isolation fix (3 same-day bugs surfaced by bootstrap pilot)
+
+Publishing the 1.1.0 wheel now would commit to PyPI a snapshot that
+predates the duplicate-refine bug fix, which is exactly the regression
+v1.2.1 closes. Better story: PyPI v1.x line starts at v1.2.1 with
+"all known bugs fixed". v1.1.0 + v1.2.0 are git-tag milestones in the
+narrative; users coming from v0.3.3 via `pip install --upgrade
+mnemos-dev` jump straight to v1.2.1.
+
+(Both versions are documented in CHANGELOG.md regardless. Tags
+`v1.1.0` and `v1.2.0` will live on GitHub.)
+
+## Steps
+
+### 1. Version bumps
+
+```bash
+# pyproject.toml
+sed -i 's/^version = "1.1.0"/version = "1.2.1"/' pyproject.toml
+
+# mnemos/__init__.py — replace whatever __version__ is there
+sed -i 's/^__version__ = ".*"/__version__ = "1.2.1"/' mnemos/__init__.py
+
+# Verify
+grep -E "^version|^__version__" pyproject.toml mnemos/__init__.py
+# Expect:
+#   pyproject.toml:version = "1.2.1"
+#   mnemos/__init__.py:__version__ = "1.2.1"
+```
+
+### 2. Sanity test
+
+```bash
+cd C:/Projeler/mnemos-v1.1
+python -m pytest tests/ -q
+# Expect: 545 passed, 2 skipped, 3 deselected
+```
+
+If a test fails, STOP — do not proceed to publish. Investigate first.
+
+### 3. Build
+
+```bash
+# Clean dist/ first so we're not contaminated by 2026-04-26's v1.1.0 wheel
+mv dist/mnemos_dev-1.1.0-py3-none-any.whl dist/_archive_v1.1.0.whl 2>/dev/null
+mv dist/mnemos_dev-1.1.0.tar.gz dist/_archive_v1.1.0.tar.gz 2>/dev/null
+# (rename instead of delete so the v1.1.0 artifact is preserved on disk
+#  in case we ever decide to publish historically)
+
+python -m build
+# Expect: dist/mnemos_dev-1.2.1-py3-none-any.whl  (~120 KB)
+#         dist/mnemos_dev-1.2.1.tar.gz             (~660 KB)
+```
+
+### 4. Smoke test in clean venv
+
+```bash
+# Throwaway venv to validate the wheel installs cleanly
+python -m venv C:/tmp/mnemos-smoke-v1.2.1
+C:/tmp/mnemos-smoke-v1.2.1/Scripts/pip install C:/Projeler/mnemos-v1.1/dist/mnemos_dev-1.2.1-py3-none-any.whl
+C:/tmp/mnemos-smoke-v1.2.1/Scripts/mnemos --version
+# Expect: mnemos 1.2.1 (or similar; exact format depends on how cli.py
+#         prints the version)
+C:/tmp/mnemos-smoke-v1.2.1/Scripts/mnemos --help | head -5
+# Expect: usage: mnemos [-h] {init,...} (no exception, no missing modules)
+```
+
+If the smoke fails (missing module, import error, version mismatch),
+STOP and fix before publishing. The smoke is the last reversible
+check before twine upload burns the version number.
+
+Cleanup smoke venv after:
+```bash
+python -c "import shutil; shutil.rmtree('C:/tmp/mnemos-smoke-v1.2.1')"
+```
+
+### 5. Twine upload to PyPI (IRREVERSIBLE)
+
+```bash
+python -m twine upload C:/Projeler/mnemos-v1.1/dist/mnemos_dev-1.2.1*
+# Username: __token__   (literal string, twine convention for tokens)
+# Password: <value of $env:PYPI_TOKEN>
+```
+
+Twine will print the URL on success: `https://pypi.org/project/mnemos-dev/1.2.1/`.
+
+If the upload fails with "File already exists", the version was
+inadvertently published earlier. Check pypi.org directly. If you need
+to re-upload (e.g., for a bad wheel), bump to 1.2.2 — PyPI does NOT
+allow overwriting a version, only yanking.
+
+### 6. Git tags (annotated)
+
+```bash
+cd C:/Projeler/mnemos
+git tag v1.2.0 -a -m "v1.2.0 — Locale-Aware Output (git-tag milestone, not on PyPI)" 4fddca4
+git tag v1.2.1 -a -m "v1.2.1 — Refine race + identity isolation hot-fix" e7cfdba
+git push origin v1.2.0 v1.2.1
+```
+
+### 7. GitHub release
+
+```bash
+cd C:/Projeler/mnemos
+gh release create v1.2.1 \
+  --title "v1.2.1 — Refine race + identity isolation hot-fix" \
+  --notes-file CHANGELOG.md \
+  C:/Projeler/mnemos-v1.1/dist/mnemos_dev-1.2.1-py3-none-any.whl \
+  C:/Projeler/mnemos-v1.1/dist/mnemos_dev-1.2.1.tar.gz
+```
+
+`--notes-file CHANGELOG.md` includes the entire CHANGELOG; this is
+intentional — release notes that show the full project history aid
+discoverability for new users finding the repo.
+
+(If the user prefers the release notes to be just the v1.2.1 entry,
+extract it manually from CHANGELOG.md and pass `--notes "<body>"` instead.)
+
+### 8. Commit the version bumps
+
+```bash
+cd C:/Projeler/mnemos-v1.1
+git add pyproject.toml mnemos/__init__.py
+git commit -m "chore(release): bump version to 1.2.1"
+git push origin feat/identity-bootstrap-limit  # or main, depending on workflow
+```
+
+If working from `feat/identity-bootstrap-limit`, fast-forward main
+afterward:
+```bash
+cd C:/Projeler/mnemos
+git merge --ff-only feat/identity-bootstrap-limit
+git push origin main
+```
+
+### 9. STATUS / ROADMAP update
+
+After successful publish, update STATUS.md and ROADMAP.md so the
+next session's resume protocol surfaces the right "next work":
+
+- STATUS.md: move v1.2.1 from "in progress" to "shipped to PyPI";
+  remove the publish-related items from "Pending user actions";
+  add a brief "Released 2026-04-28" line under the version banner.
+- ROADMAP.md: flip the v1.2.1 PyPI column from `—` to `✅` in the
+  Version status table.
+
+Commit:
+```bash
+git add STATUS.md docs/ROADMAP.md
+git commit -m "docs: v1.2.1 published to PyPI"
+git push origin main
+```
+
+## Definition of done
+
+- [ ] `pyproject.toml` and `mnemos/__init__.py` show 1.2.1
+- [ ] `pytest tests/ -q` — 545 passed
+- [ ] `dist/mnemos_dev-1.2.1-py3-none-any.whl` and `.tar.gz` exist
+- [ ] Smoke install in clean venv: `mnemos --version` prints 1.2.1
+- [ ] `pip search mnemos-dev` (or pypi.org page) shows 1.2.1
+- [ ] `git tag` lists `v1.2.0` and `v1.2.1`
+- [ ] `git ls-remote origin "refs/tags/v1.2.*"` confirms remote tags
+- [ ] GitHub releases page shows `v1.2.1` with the two artifacts
+  attached
+- [ ] STATUS / ROADMAP updated and pushed
+
+## Rollback / damage control
+
+PyPI does not allow deleting a published version. Options if v1.2.1
+turns out broken:
+
+1. **Yank** the version: `pip install twine; twine yank mnemos-dev==1.2.1
+   --reason "<short>"` — keeps the version string visible on PyPI but
+   prevents new installs from picking it. Existing users with 1.2.1
+   installed are unaffected.
+2. **Ship v1.2.2** with the fix. This is the standard PyPI workflow
+   (no overwrite).
+
+For git tags: `git push --delete origin v1.2.1; git tag -d v1.2.1` if
+the tag pointed at a bad commit. Be cautious — anyone who already
+fetched the tag has the old reference.
+
+## Resume protocol — what to do when this plan is picked up
+
+The new session's `mnemos` resume should land here. Steps for the
+agent (not the user):
+
+1. Read this file top-to-bottom.
+2. Verify pre-flight state still matches:
+   - `git status --short` clean
+   - `git rev-parse HEAD` == latest documented in STATUS
+   - `python -m pytest tests/ -q` still 545 pass
+3. Work step-by-step. Pause AFTER step 4 (smoke test) and confirm
+   with the user before step 5 (twine upload) — that is the
+   irreversible boundary.
+4. After step 7 (GitHub release), continue with step 8 (commit
+   bumps) and step 9 (STATUS/ROADMAP) without further confirmation
+   — those are routine cleanup.
+
+Estimated wall time: 15-25 min total, dominated by `python -m build`
+(~30s), twine upload (~30s), and waiting for the user to type the
+PyPI token at step 5.