Evidence first

See why this control room is worth trusting without reading every workflow by hand.

This page collects the shortest truthful evidence trail for Apple Notes Snapshot. It separates repo-owned gates, GitHub-controlled delivery facts, live same-machine surface checks, and the places where a real host or macOS permission prompt still becomes the final boundary.

Ledger 1 Repo gates

Maintainer-grade checks keep the tracked tree honest before a release ever ships.

Ledger 2 GitHub truth

Release tags, Pages, and code-scanning alerts live in a different truth layer from your local checkout.

Ledger 3 Live same-machine proof

Web and MCP are real, but they stay local and read-only-first in spirit.

Ledger 4 Manual boundary

Apple Notes permissions and launchd mutations still belong to your machine, not to this docs page.

Current audited release

v0.1.12 is the current tagged public baseline.

The latest public release is v0.1.12. Treat later main-branch changes as preview truth until a newer tag exists.

Same-machine boundary

Web and MCP are real, but they do not become a hosted platform.

The Local Web API stays token-gated and same-machine. MCP stays stdio-first and read-only-first. The repo still does not claim a public OpenAPI, hosted API, or write-capable agent platform.

Repo-side proof

  • ./notesctl rebuild-dev-env rebuilds the repo-owned maintainer environment.
  • pre_commit --all-files enforces gitleaks, docs-link-root hygiene, legacy-path scan, and public-surface-sensitive scan.
  • scripts/checks/ci_gate.sh keeps the default local pre-push path deterministic by running repo-local hygiene, vendor-tree checks, unit tests, and wrapper smoke only.
  • The repo keeps five distinct layers: pre-commit, pre-push, hosted, nightly (scheduled CodeQL), and manual.
  • The maintained test floor is 90% coverage on the repo-owned ops surface.

These are maintainer-grade gates. They are stronger than the first successful snapshot path and exist so contributors can prove the repo still matches its own public contract.

GitHub-controlled proof

  • GitHub Releases show the current tagged public trail.
  • Pages publishes the docs site from the tracked docs/ surface.
  • Trusted CI, CodeQL, Trivy, Actionlint, and Zizmor stay as live GitHub-hosted guardrails.
  • GitHub-side alert truth is hosted-only here: GitHub Alert Gate, code scanning, secret scanning, and private vulnerability reporting belong to the GitHub control plane, not to the default local hook path.
  • At the current v0.1.12 baseline, code scanning and secret scanning were rechecked at 0 open alerts.

Treat GitHub-controlled truth separately from the tracked tree: release tags, Pages deployment, and alert counts can drift after a local checkout goes stale.

Live same-machine proof

  • Local Web API: token-gated requests to /api/health, /api/access, and /api/status were re-run against a local ./notesctl web process.
  • MCP: stdio initialize and tools/list were re-run against ./notesctl mcp, confirming the read-only-first tool surface still advertises the current contract.
  • AI Diagnose: ./notesctl ai-diagnose --json still returns a deterministic advisory report when the AI provider is disabled or not configured.

These live checks prove the thin surfaces are real. They do not promote the project into a hosted service or replace the deterministic CLI as the system of record.

What still belongs to your machine

  • The first successful snapshot still requires a real ./notesctl run --no-status on your Mac.
  • Apple Notes / AppleScript permission prompts still belong to macOS and your current terminal host.
  • ./notesctl install --minutes 30 --load still becomes a real launchd mutation on your machine.
  • The repo can prove the contract and the tooling shape, but it cannot pre-approve your local permissions or promise that every machine is already initialized.

What this page does not do for you

This page is a trust ledger, not a shortcut around the local-first reality. It does not replace Quickstart, it does not skip Apple Notes permissions, and it does not turn the same-machine Web/API/MCP surfaces into a hosted platform promise.

Open the right proof trail next

  • Quickstart if you want the honest first-success path
  • Security and privacy if you want the token and disclosure boundary
  • For Agents if you want the builder second lane after the control-room contract already makes sense
  • Release history if you want the tag-by-tag public story