Changes

The current /sandbox is a useful static walkthrough, but it does not provide the reviewer experience we actually need: a hosted, credential-free reference instance that feels like the real dashboard and exposes callable AS/RS-shaped APIs. Internal reviewers, implementers, and agents should be able to explore PDPP end to end without Docker, .env.local, connector auth, or private owner data.

Browser-backed polyfill connectors can require human interaction: Cloudflare challenges, OTP prompts, "is this you?" confirmations, and archive-export verification steps. In a native local deployment, the headed browser appears on the owner's desktop. In Docker, the connector process can launch Chrome inside the container, but the owner cannot see or control that browser.

The reference already exposes a grant-safe blob transport through blobref.fetchurl and GET /v1/blobs/{blob_id}, but first-party connectors mostly emit metadata-only records for files and attachments. Reviewers can discover that an email, statement, receipt, or uploaded file exists, but cannot fetch the bytes through PDPP even when the source account makes those bytes available.

The reference web app is light-only. The owner uses the dashboard as a sustained operator surface (records, runs, deployment diagnostics, search), and prolonged light-mode use is uncomfortable. The brand and shadcn primitives already encode every color through semantic CSS variables (--background, --foreground, --muted, --border, --primary, --success, --destructive, etc.) and Tailwind 4 already exposes a dark variant via @custom-variant dark (&:is(.dark *)). The missing piece is an actual .dark token set, a flicker-free toggle, and a few legacy color-mix(... white) mixes in the brand CSS that bake the page background being white.

The reference implementation today has sample polyfill connectors (Spotify, GitHub, Reddit) backed by seed fixtures. It does not yet have living polyfill connectors against real platforms for a real user, running on a real schedule, with a real human-in-the-loop interaction channel.

add-polyfill-connector-system has become a mixture of shipped MVP infrastructure, live connector bug notes, and a large Layer 2 stream backlog. That makes it hard for workers to improve connector coverage without touching unrelated runtime or governance work.

The connector fixture scrubber pipeline shipped with two pilot shapes: a browser DOM capture (Amazon) and an API JSON capture (GitHub). Reddit is now the third distinct shape — a records-level JSONL stream emitted directly from runConnector() — and has no committed real-shape fixture. Its integration tests use synthetic listings, which miss drift between the hand-crafted shapes and what Reddit's old-reddit JSON actually serves.

The cleanup audit found that reference-runtime behavior is proven by tests and active program work but lacks a durable canonical OpenSpec capability. Scheduler behavior, runtime validation, browser-profile binding, filesystem bindings, connector runtime logging, and inbox/notification behavior should not graduate from add-polyfill-connector-system as unbounded implementation history.

The reference now exposes lexical and semantic retrieval with scores, but assistants still have to call both endpoints and merge results client-side. A server-side hybrid endpoint would make the recall layer simpler, safer, and easier to evaluate.

swap-sqlite-driver bundled two different goals: replacing the crash-prone SQLite driver and extracting SQL into inspectable artifacts. The driver swap has landed; query extraction remains valuable, but it should now be evaluated on inspectability and maintainability rather than native-driver stability.

The polyfill connector subsystem has two browser-launch paths that no production runtime uses:

/sandbox currently reads like a placeholder for work we intend to do. Public reviewers and prospective implementers need a concrete, useful surface that lets them experience PDPP with simulated data immediately, without connecting real accounts or running the reference stack.

The add-schema-validation-coverage change (committed as a3e1c8a) wired schema validation into eleven connectors and surfaced three followups it explicitly did not address:

Connector schema coverage was uneven before this change. Five connectors (amazon, chase, chatgpt, reddit, usaa) shipped a schemas.ts with validateRecord; six others (github, gmail, ynab, codex, claude_code, slack) had no shape-check at all despite emitting hundreds of thousands of records into the local owner database. The connector authoring guide §3 calls schema-validation the floor — "a connector must never emit a record that looks right but is wrong" — but in practice that floor only existed for some.

expand[] is implemented and grant-safe, but only a small set of first-party parent-child relations are enabled. Assistants still have to do N+1 reads for common records such as Slack messages with attachments/reactions or other safe child collections.

The assistant feedback shows the query layer is now powerful but still hard to self-discover: a capable client can use range filters, search filters, aggregations, blobs, and changes_since, but too much of the correct shape is learned by trial-and-error.

A cold-start integrator (human or agent) hitting the reference AS/RS today has no obvious entry point. Probing /, /health, /v1 returns uniform 404s. Two independent fresh-eyes assessments (see tmp/pdpp-review-memo.md) both wasted significant time before reaching the well-known endpoint and /v1/schema. One observer concluded the server was non-functional. The recall surface, query API, and discovery endpoint behind the bearer are strong; the rough edges are at the seam an unauthenticated probe sees first.