docs: Inference Engine Enhancement Roadmap — NBFNet + CompGCN + CompoundE3D + AGEA#97
docs: Inference Engine Enhancement Roadmap — NBFNet + CompGCN + CompoundE3D + AGEA#97cryptoxdog wants to merge 5 commits into
Conversation
…tack (NBFNet/CompGCN/CompoundE3D/AGEA)
|
📋 Best Practices for Large Changes
✅ This PR meets minimum requirements but is larger than recommended. |
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 15 minutes and 33 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📝 WalkthroughWalkthroughReplaced a minimal MVP note with a comprehensive, research-driven six‑phase roadmap for upgrading the Cognitive Engine Graph inference stack, including landscape analysis, capability matrices, architecture options, milestones, validation criteria, and security/adversarial considerations. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
ROADMAP.md (1)
57-63: Add inline source links for all quantitative benchmarks and complexity claims.Several hard numbers are presented without direct citations. Add per-claim links (paper section/table or appendix anchors) so readers can verify quickly and future updates don’t drift.
Also applies to: 79-82, 94-98, 119-123, 206-209
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@ROADMAP.md` around lines 57 - 63, The SOTA Benchmarks and Computational Complexity claims lack direct citations; update the "SOTA Benchmarks" heading entries (each dataset metric: FB15k-237 HITS@10, WN18RR HITS@10, inductive split value) and the "Computational Complexity" formula by adding inline Markdown links to the exact source (paper PDF/arXiv/DOI) and the specific section/table/appendix anchor that reports each number or complexity derivation; use per-claim links (not a single global citation) and follow the same fix for the other quantitative claim blocks called out in the review so every hard number points to a precise table/figure/section.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@ROADMAP.md`:
- Around line 43-44: Remove exploit-ready details from the public ROADMAP.md by
redacting the concrete endpoint name `/v1/match` and any numeric reconstruction
efficacy (e.g., "90-96% in <1000 queries"); replace with a high-level statement
about a discovered graph-reconstruction risk and planned mitigation milestones.
Move the specific attack technique, endpoint references, and quantitative
results into an internal security ADR or runbook (as noted for the other
occurrences at the same file locations), and update the roadmap lines (including
the referenced other occurrences) to refer to the internal document instead of
containing exploit details.
- Around line 329-334: Change the compound adjectives for clarity: replace
"Per-session exploration budget" with "Per-session-level exploration budget" or
preferably "Per-session exploration budget" → "Session-level exploration budget"
and change "rate limiting triggers" to "rate-limiting triggers"; update the
phrases in the ROADMAP text block (the lines containing "Per-session exploration
budget with ε-greedy rate limiting" and "reconstruction capped at ~40% before
rate limiting triggers") so both compound modifiers use hyphenation (e.g.,
"session-level exploration budget" and "rate-limiting triggers").
- Around line 15-25: Several fenced code blocks in ROADMAP.md lack language
identifiers (e.g., the block containing "Current Paradigm: Embedding-Based
Transductive with Deterministic Post-Processing", the math block starting with
"h^(t)(v) = AGGREGATE(...)" and the python snippet beginning "final_score = ("),
causing markdownlint MD040 failures; update each triple-backtick fence to
include an appropriate language tag (e.g., ```text for prose blocks, ```math for
the equation block, ```python for the code block) for all reported ranges
(including the blocks around the "Current Paradigm" paragraph, the graph
aggregation equation, and the final_score snippet and the other blocks listed in
the comment) so renderers and linters recognize the content.
---
Nitpick comments:
In `@ROADMAP.md`:
- Around line 57-63: The SOTA Benchmarks and Computational Complexity claims
lack direct citations; update the "SOTA Benchmarks" heading entries (each
dataset metric: FB15k-237 HITS@10, WN18RR HITS@10, inductive split value) and
the "Computational Complexity" formula by adding inline Markdown links to the
exact source (paper PDF/arXiv/DOI) and the specific section/table/appendix
anchor that reports each number or complexity derivation; use per-claim links
(not a single global citation) and follow the same fix for the other
quantitative claim blocks called out in the review so every hard number points
to a precise table/figure/section.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
| 3. **AGEA is an existential threat**: If the `/v1/match` API is public-facing, adversaries can extract 90-96% of Neo4j graph topology in <1000 queries using novelty-guided exploration. | ||
|
|
There was a problem hiding this comment.
Avoid publishing exploit-ready API attack details in a public roadmap.
The document names a concrete endpoint (/v1/match) and quantifies reconstruction efficacy pre-defense. If this repo is public, this materially lowers attacker effort before Milestone 6 ships. Consider redacting endpoint names and moving exploit specifics to an internal security ADR/runbook.
Also applies to: 124-125, 334-335
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@ROADMAP.md` around lines 43 - 44, Remove exploit-ready details from the
public ROADMAP.md by redacting the concrete endpoint name `/v1/match` and any
numeric reconstruction efficacy (e.g., "90-96% in <1000 queries"); replace with
a high-level statement about a discovered graph-reconstruction risk and planned
mitigation milestones. Move the specific attack technique, endpoint references,
and quantitative results into an internal security ADR or runbook (as noted for
the other occurrences at the same file locations), and update the roadmap lines
(including the referenced other occurrences) to refer to the internal document
instead of containing exploit details.
| 2. Per-session exploration budget with ε-greedy rate limiting | ||
| 3. Hub exploitation detection (degree-spike anomaly) | ||
| 4. Response sanitization: no raw subgraph context, no neighbor lists, no edge weights in API responses | ||
| 5. Subgraph watermarking: phantom triple injection for attribution | ||
|
|
||
| **Threat model:** An adversary querying 5,000 times can reconstruct 96%+ of the graph without defense. With AGEA defenses: reconstruction capped at ~40% before rate limiting triggers. |
There was a problem hiding this comment.
Tighten compound-adjective hyphenation for clarity.
Line 329 and Line 334 read awkwardly as noun stacks (“session exploration budget”, “rate limiting triggers”). Prefer hyphenated forms like session-level exploration budget and rate-limiting triggers.
🧰 Tools
🪛 LanguageTool
[uncategorized] ~329-~329: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ession exploration budget with ε-greedy rate limiting 3. Hub exploitation detection (degree-s...
(EN_COMPOUND_ADJECTIVE_INTERNAL)
[uncategorized] ~334-~334: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...s: reconstruction capped at ~40% before rate limiting triggers. --- ### Milestone 7 — Activ...
(EN_COMPOUND_ADJECTIVE_INTERNAL)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@ROADMAP.md` around lines 329 - 334, Change the compound adjectives for
clarity: replace "Per-session exploration budget" with "Per-session-level
exploration budget" or preferably "Per-session exploration budget" →
"Session-level exploration budget" and change "rate limiting triggers" to
"rate-limiting triggers"; update the phrases in the ROADMAP text block (the
lines containing "Per-session exploration budget with ε-greedy rate limiting"
and "reconstruction capped at ~40% before rate limiting triggers") so both
compound modifiers use hyphenation (e.g., "session-level exploration budget" and
"rate-limiting triggers").
…y insights, build priority order
|
📋 Best Practices for Large Changes
✅ This PR meets minimum requirements but is larger than recommended. |
… AGEA defense stack
|
📋 Best Practices for Large Changes
✅ This PR meets minimum requirements but is larger than recommended. |
…, production checklist, citations
|
❌ PR Too Large 📋 Best Practices for Large Changes
🚫 This PR is blocked from merging until size limits are met. |
There was a problem hiding this comment.
♻️ Duplicate comments (3)
ROADMAP.md (3)
43-44:⚠️ Potential issue | 🟠 MajorAvoid publishing exploit-ready API attack details in a public roadmap.
The concrete endpoint name (
/v1/match) and quantified reconstruction metrics (90-96% recovery in <1000 queries) lower attacker effort if this repository is public. Consider redacting endpoint names and moving exploit specifics to an internal security ADR or runbook until Milestone 6 defenses are deployed.Also applies to: 124-125, 433-457
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@ROADMAP.md` around lines 43 - 44, The roadmap publicly exposes exploit-ready details (explicit endpoint "/v1/match" and precise recovery metrics "90-96% in <1000 queries"); redact or generalize the endpoint name and remove or paraphrase the quantified reconstruction metrics in ROADMAP.md, and move full technical details and exact figures into an internal security ADR or runbook until Milestone 6 defenses are implemented; update all occurrences including the instances referenced around lines 124-125 and 433-457 to use non-actionable wording like "internal endpoint" and "high likelihood of topology leakage" instead of concrete paths and percentages.
329-334:⚠️ Potential issue | 🟡 MinorTighten compound-adjective hyphenation for clarity.
Lines 329 and 334 use "rate limiting" as a modifier. Prefer hyphenated forms: "rate-limiting" (e.g., "ε-greedy rate-limiting", "rate-limiting triggers").
📝 Suggested fix
-2. Per-session exploration budget with ε-greedy rate limiting +2. Per-session exploration budget with ε-greedy rate-limiting-reconstruction capped at ~40% before rate limiting triggers. +reconstruction capped at ~40% before rate-limiting triggers.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@ROADMAP.md` around lines 329 - 334, Update the compound adjective hyphenation by replacing "ε-greedy rate limiting" with "ε-greedy rate-limiting" and "rate limiting triggers" with "rate-limiting triggers" in the ROADMAP text so that compound modifiers are hyphenated consistently (search for the exact phrases "ε-greedy rate limiting" and "rate limiting triggers" to locate and update them).
15-15:⚠️ Potential issue | 🟡 MinorAdd language identifiers to fenced code blocks (markdownlint MD040).
Multiple fenced blocks lack language specifiers (lines 15, 53, 70, 89, 115, 174, 226, 344, 382, 388, 393, 399). This causes markdown lint failures and reduces readability in renderers.
Suggested language identifiers
- Line 15:
text(paradigm classification)- Line 53:
textormath(NBFNet equation)- Line 70:
textormath(CompGCN equation)- Line 89:
textormath(CompoundE3D matrix notation)- Line 115:
textormath(AGEA novelty score)- Line 174:
text(architecture diagram)- Line 226:
text(research hypothesis)- Line 344:
text(ε-greedy selection)- Lines 382, 388, 393, 399:
textormath(equations)Also applies to: 53-55, 70-72, 89-92, 115-117, 174-193, 226-237, 344-350, 382-385, 388-390, 393-396, 399-401
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@ROADMAP.md` at line 15, Several fenced code blocks in ROADMAP.md are missing language specifiers (markdownlint MD040); update each fenced block by adding an appropriate language tag (e.g., ```text or ```math) so renderers and linters recognize the content—specifically add tags for the paradigm classification block, the NBFNet and CompGCN equation blocks, the CompoundE3D matrix notation block, the AGEA novelty score block, the architecture diagram block, the research hypothesis block, the ε-greedy selection block, and the remaining equation blocks; ensure you pick the suggested identifiers (text or math) for each corresponding fenced block and run markdownlint to confirm MD040 is resolved.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@ROADMAP.md`:
- Around line 43-44: The roadmap publicly exposes exploit-ready details
(explicit endpoint "/v1/match" and precise recovery metrics "90-96% in <1000
queries"); redact or generalize the endpoint name and remove or paraphrase the
quantified reconstruction metrics in ROADMAP.md, and move full technical details
and exact figures into an internal security ADR or runbook until Milestone 6
defenses are implemented; update all occurrences including the instances
referenced around lines 124-125 and 433-457 to use non-actionable wording like
"internal endpoint" and "high likelihood of topology leakage" instead of
concrete paths and percentages.
- Around line 329-334: Update the compound adjective hyphenation by replacing
"ε-greedy rate limiting" with "ε-greedy rate-limiting" and "rate limiting
triggers" with "rate-limiting triggers" in the ROADMAP text so that compound
modifiers are hyphenated consistently (search for the exact phrases "ε-greedy
rate limiting" and "rate limiting triggers" to locate and update them).
- Line 15: Several fenced code blocks in ROADMAP.md are missing language
specifiers (markdownlint MD040); update each fenced block by adding an
appropriate language tag (e.g., ```text or ```math) so renderers and linters
recognize the content—specifically add tags for the paradigm classification
block, the NBFNet and CompGCN equation blocks, the CompoundE3D matrix notation
block, the AGEA novelty score block, the architecture diagram block, the
research hypothesis block, the ε-greedy selection block, and the remaining
equation blocks; ensure you pick the suggested identifiers (text or math) for
each corresponding fenced block and run markdownlint to confirm MD040 is
resolved.
… — preserve all value, remove redundancy
|
📋 Best Practices for Large Changes
✅ This PR meets minimum requirements but is larger than recommended. |
|
PR #97 Review: docs: Inference Engine Enhancement Roadmap — NBFNet + CompGCN + CompoundE3D + AGEAAuthor: cryptoxdog DescriptionInference Engine Enhancement via KG Research StackAdds What this covers
Recommended Architecture (B — Path-Aware Engine)
Expected gains:
Timeline
IgorBot · 2026-04-02 Summary by CodeRabbit
CommitsChanged Files📝 Docs (1 files)
Automated AnalysisDiff Findings✅ No issues found in diff analysis Test CoverageTest coverage looks adequate for changed files. Local LintSkipped (repo not checked out locally or linters not found). Summary✅ LOOKS GOOD — No automated issues found. Ready for human review. Automated PR review • 2026-04-21 18:08 |



Inference Engine Enhancement via KG Research Stack
Adds
ROADMAP.md— complete technical roadmap for enhancing the Cognitive Engine Graph's inference stack via five research papers.What this covers
Recommended Architecture (B — Path-Aware Engine)
Expected gains:
Timeline
IgorBot · 2026-04-02
Summary by CodeRabbit