# emet 2.0.0 - Canonical Public Surface

Released: 2026-06-29

emet 2.0.0 is the canonical public-surface release: it locks the package exports, removes legacy result aliases, keeps the public agent surface to `emet` plus `web_fetch`, and hardens source-controlled research across MCP and Pi.

## Breaking changes

- Result payloads use canonical `action` values only. Removed `legacyAction` from web and community checkpoint results.
- Removed legacy collector action compatibility strings such as `collector_search`, `collector_fetch`, `collector_synthesize`, and `web_research` from the action contract.
- Removed `COLLECTOR_*` session aliases. Use `SESSION_TTL`, `MAX_SESSIONS`, and `DEFAULT_MAX_TURNS`.
- Removed old collector-interactive helpers from the `lib/web-research.js` facade. Community retrieval continues through the normal `emet` checkpoint options.
- Added a package `exports` map. Supported public imports are now explicit; unsupported deep imports are intentionally blocked by Node package resolution.

## Upgrade notes

- Restart or reinstall MCP/Pi hosts after upgrading so the updated `emet` and `web_fetch` schemas are reloaded.
- If Pi is started with a hard tool allowlist, include both tools: `--tools emet,web_fetch`.
- Replace any `legacyAction`, `collector_*`, or `COLLECTOR_*` integration checks with canonical `action` values and the documented session constants.
- Replace unsupported deep imports with one of the public imports listed below.

## Public imports

- `@black-knight.dev/emet`
- `@black-knight.dev/emet/web-research`
- `@black-knight.dev/emet/research`
- `@black-knight.dev/emet/research-contract`
- `@black-knight.dev/emet/research-flow`
- `@black-knight.dev/emet/mcp-server`
- `@black-knight.dev/emet/mcp`

## Release safety

- `npm run check` now includes a real tarball install smoke test, so the packed package is installed before the release is considered ready.
- Package surface audit checks executable bins, version sync, exports, plugin bootstrap pinning, and high-quality extraction dependencies.
- Added a GitHub Actions npm publish workflow prepared for npm Trusted Publishing/OIDC with provenance.
- The extraction stack is intentionally retained for higher-quality article/PDF handling.

## Research quality and Pi polish

- Official-source routing now seeds known official docs/spec/package sources without overfitting to one vendor. It covers OpenAI Codex, MCP specs, npm, PyPI, crates.io, Maven Central, GitHub releases/tags, React, Python, Node.js, MDN/WHATWG/W3C, Kubernetes, Docker, cloud-provider docs, GitHub Docs, OpenAI, and Anthropic.
- Pi now keeps `web_fetch` active alongside `emet`, re-registers it on session start for reload timing, uses provider-friendly string enum schemas, preserves pure JSON output for `format: "json"`, and exposes `requirePrimarySource`.
- Pi runtime imports now align with Pi 0.80's `@earendil-works/pi-ai` namespace and avoid peer-installing the Pi host package.
- Community retrieval now includes Reddit, preserves strict host allowlists, avoids soft `allowedSources` blocking explicit community fetches, and uses Algolia item fallback for HN threads that 429 on `news.ycombinator.com`.
- Community platform names are normalized for case/common aliases, and `selectedUrls` can now fetch known URLs through `emet` without first creating an interactive session.

## Post-release polish tracked

- [#23](https://github.com/endgegnerbert-tech/emet/issues/23) tracks broader polish for `web_fetch` diagnostics, checkpoint UX, academic precision, dry-run planning, and sufficiency explanations.
- [#24](https://github.com/endgegnerbert-tech/emet/issues/24) tracks MCP-specific polish for `timeoutMs`, structured diagnostics, checkpoint wording, and plan-only previews.

## Verification

- `npm run check` passes with 320 tests.
- `npm audit --omit=dev` reports 0 vulnerabilities.
- Package dry-run and tarball install smoke both pass.
