docs(research-radar): deprecate embedded intake loop

docs/SECURITY.md

@@ -5,7 +5,9 @@
 - **Local deterministic boundary**: Rust CLI/library code under `src/`, fixture evaluation under `tests/`, and JSON contracts under `docs/`.
 - **Repository input boundary**: `inspect`, `impact`, `symbols`, `source-evidence`, and `source-context` read local repository files and must treat malformed or unsupported input as structured warnings.
 - **LSP process boundary**: `lsp-diagnostics` may start `rust-analyzer` and must keep requests read-only, bounded, path-contained, and unavailable-safe.
-- **Research Radar boundary**: `research-radar/bin/` may collect public-source metadata and must write only normalized reports/state, not raw payload dumps or runtime code.
+- **Research Radar archive boundary**: `research-radar/bin/` is deprecated as
+  active intake. Legacy reproduction runs must be explicit and may write only
+  normalized reports/state, not raw payload dumps or runtime code.
 
 ## Sensitive Surfaces
 
@@ -15,7 +17,7 @@
 | `src/core/lsp_bridge.rs` | Starts and communicates with an external language-server process. |
 | `src/core/repo_graph.rs` | Reads manifests and workflow files from arbitrary repositories. |
 | `src/core/source_evidence.rs` | Assembles evidence candidates that downstream users could overinterpret as localization. |
-| `research-radar/bin/run_daily.py` | Performs public-source collection and records license/terms notes. |
+| `research-radar/bin/run_daily.py` | Deprecated legacy collector; refuses normal runs unless explicitly invoked for historical reproduction. |
 | `research-radar/bin/validate_reports.py` | Guards generated reports/state against raw payloads, oversized files, and obvious secret patterns. |
 | `.github/workflows/` | Controls automated validation on repository changes. |
 
@@ -26,7 +28,7 @@
 - `where-to-edit` remains `insufficient_evidence` until a dedicated localization gate passes.
 - SourceContext refuses path traversal, ignored/generated paths, symlinks, missing files, non-UTF8 files, and oversized slices with structured warnings.
 - LSP diagnostics has deterministic unavailable/path-safety eval cases and does not expose mutation-capable LSP methods.
-- Research Radar validation checks changed-path allowlists, JSON/JSONL validity, file size, and obvious secret patterns.
+- Research Radar validation checks changed-path allowlists, JSON/JSONL validity, file size, and obvious secret patterns for archived/generated reports.
 
 ## Secrets and Data Handling
 
@@ -40,7 +42,7 @@
 - Any change to path handling, ignored-path logic, symlink handling, or source slicing.
 - Any change to `src/core/lsp_bridge.rs` process lifecycle, timeout, request, or parsing behavior.
 - Any change that makes `where-to-edit`, SourceEvidence, SourceContext, or LSP output more localization-like.
-- Any change to Research Radar collection, validation, source config, or generated report/state boundaries.
+- Any change that re-enables Research Radar collection, validation, source config, or generated report/state boundaries.
 - Any CI workflow, dependency, install script, or public API change.
 
 ## Minimum Security Evidence for Sensitive Changes

research-radar/README.md

@@ -1,8 +1,29 @@
 # Research Radar
 
-Research Radar is a documentation/config-first intake loop for external code-intelligence research.
+> Deprecated as an active intake loop.
+>
+> Canonical workspace research intake now lives in `heurema/lab/radar` and uses
+> `heurema/shared-intake-governance` for fetch/sanitize/projection. This
+> directory remains as a historical archive and for reproducing old
+> code-intel-kernel radar artifacts only.
 
-It is not a crawler, scheduler, scraper, implementation bot, or feature backlog. Its job is to produce a small daily digest that a human can review before any experiment proposal is written.
+Research Radar was a documentation/config-first intake loop for external
+code-intelligence research.
+
+It is not a crawler, scheduler, scraper, implementation bot, or feature backlog.
+Its job was to produce a small daily digest that a human could review before any
+experiment proposal was written.
+
+## Deprecation status
+
+- Active intake owner: `heurema/lab/radar`.
+- Shared engine: `heurema/shared-intake-governance`.
+- This directory: read-only historical archive plus legacy reproduction tools.
+- Scheduled automation: should be disabled or redirected to the lab/SIG flow.
+- Historical reports under `research-radar/reports/` are intentionally kept.
+
+`research-radar/bin/run_daily.py` now refuses normal runs. To reproduce legacy
+artifacts intentionally, pass `--allow-legacy-run`.
 
 ## Flow
 
@@ -16,19 +37,22 @@ core runtime paused
   -> Agent Bench Lab run/compare when the benchmark layer is ready
 ```
 
-## Current Scope
+## Historical Scope
 
-Research Radar v0.1 tracks public sources that may affect `code-intel-kernel`:
+Research Radar v0.1 tracked public sources that may affect `code-intel-kernel`:
 
 - structural retrieval and repo intelligence;
 - LSP diagnostics, references, and disambiguation;
 - Tree-sitter and parser infrastructure;
 - code intelligence benchmarks and Agent Bench Lab evaluation handoff;
 - Codebase-Memory, RIG/SPADE, SWE-bench, and adjacent systems.
 
-The v0.1 scaffold is config and docs only. R2-A adds a bounded collector for reports/state only; it still does not modify runtime code or implement ideas.
+The v0.1 scaffold was config and docs only. R2-A added a bounded collector for
+reports/state only; it still does not modify runtime code or implement ideas.
+
+## Legacy Manual Run
 
-## Manual Daily Run
+Use this only for historical reproduction:
 
 1. Read `research-radar/sources.yaml`.
 2. Read `research-radar/scoring.md`.
@@ -44,17 +68,16 @@ The v0.1 scaffold is config and docs only. R2-A adds a bounded collector for rep
 For local manual runs, use dry-run first:
 
 ```bash
-python3 research-radar/bin/run_daily.py --dry-run
-python3 research-radar/bin/run_daily.py --write
+python3 research-radar/bin/run_daily.py --dry-run --allow-legacy-run
+python3 research-radar/bin/run_daily.py --write --allow-legacy-run
 python3 research-radar/bin/validate_reports.py
 ```
 
 ## Shared Intake Shadow
 
-`research-radar/bin/run_daily.py` is still the scheduled daily collector. The
-shared-intake path is a manual shadow path for checking whether this project can
-consume the shared collector/governance repo without changing daily report
-output yet.
+The shared-intake shadow path is superseded by the lab-owned radar profile. It
+is retained only to document how this project evaluated the shared
+collector/governance repo before deprecation.
 
 The shared-intake consumer contract is repo-owned here:
 
@@ -88,7 +111,9 @@ silently change this project while the lock is enforced.
 
 ## Codex App Automation
 
-The bounded weekday automation is configured in Codex App, not as a repository workflow. Details are documented in `research-radar/automation.md`.
+The old bounded weekday automation is deprecated and should be disabled or
+redirected to `heurema/lab/radar`. Details are documented in
+`research-radar/automation.md`.
 
 It may write only:
 

research-radar/automation.md

@@ -1,31 +1,40 @@
 # Research Radar Automation
 
-Research Radar automation is a bounded collector. It may collect, score, report, and persist Research Radar state. It must not implement ideas.
+> Deprecated as active automation.
+>
+> Canonical workspace intake now lives in `heurema/lab/radar` and uses
+> `heurema/shared-intake-governance`. This document remains to describe the
+> retired code-intel-kernel automation boundary and how to reproduce legacy
+> artifacts if needed.
+
+Research Radar automation was a bounded collector. It could collect, score,
+report, and persist Research Radar state. It must not implement ideas.
 
 ## Schedule
 
-Scheduling is managed outside the repository by Codex App Automation.
+Scheduling was managed outside the repository by Codex App Automation.
 
-- Weekday target: about 08:17 Europe/Moscow.
-- Automation type: Codex App scheduled workspace run.
-- Workspace: this repository checkout.
+- Status: deprecated; disable or redirect to the lab/SIG radar flow.
+- Previous weekday target: about 08:17 Europe/Moscow.
+- Previous automation type: Codex App scheduled workspace run.
+- Previous workspace: this repository checkout.
 
 The repository contains the deterministic collector and validator only. It does not contain a GitHub Actions workflow, cron script, or platform scheduler.
 
 ## Local Run
 
 ```bash
-python3 research-radar/bin/run_daily.py --dry-run
-python3 research-radar/bin/run_daily.py --write
-python3 research-radar/bin/run_daily.py --write --date YYYY-MM-DD
+python3 research-radar/bin/run_daily.py --dry-run --allow-legacy-run
+python3 research-radar/bin/run_daily.py --write --allow-legacy-run
+python3 research-radar/bin/run_daily.py --write --date YYYY-MM-DD --allow-legacy-run
 python3 research-radar/bin/validate_reports.py
 ```
 
 ## Shared Intake Shadow
 
-The scheduled automation still uses `research-radar/bin/run_daily.py`. The
-shared-intake integration is manual shadow/preflight only until a separate
-cutover changes the scheduled command.
+The old scheduled automation must not use `research-radar/bin/run_daily.py`
+for active intake. The shared-intake integration below is retained as historical
+preflight documentation; active intake belongs to `heurema/lab/radar`.
 
 Before using a shared-intake checkout for this project, run:
 
@@ -52,17 +61,17 @@ To adopt a newer shared-intake version:
    runtime root and inspect the JSON summary.
 6. Commit the consumer lock/config/docs change in this repository.
 
-Do not point automation at a new shared-intake commit until that bump is
-reviewed in this repository.
+Do not point this deprecated automation at a new shared-intake commit. Use the
+lab-owned radar profile instead.
 
 ## Sources
 
-Automation reads:
+Legacy automation read:
 
 - `research-radar/sources.automation.json`
 - `research-radar/state/seen.jsonl`
 
-Supported v0.1 source types:
+Supported v0.1 source types were:
 
 - `github_repo`
 - `github_search`
@@ -82,7 +91,7 @@ Unsupported sources must be added explicitly. There is no recursive crawling, br
 
 ## Files Written
 
-Codex App Automation may write only:
+Legacy Codex App Automation may write only:
 
 - `research-radar/reports/YYYY-MM-DD.md`
 - `research-radar/reports/YYYY-MM-DD.json`
@@ -97,7 +106,8 @@ Allowed changed paths:
 - `research-radar/reports/**`
 - `research-radar/state/**`
 
-The scheduled job must not commit by default. A human can review and commit generated reports later.
+The retired scheduled job must not commit by default. A human can review and
+commit generated reports later if reproducing historical artifacts.
 
 ## Failure Behavior
 

research-radar/bin/run_daily.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-"""Deterministic Research Radar collector.
+"""Legacy deterministic Research Radar collector.
 
 This script collects public research signals and writes normalized reports.
 It does not import external code, create prototypes, or modify runtime files.
@@ -29,10 +29,23 @@
 MAX_ARCHIVE_ITEMS = 10
 MAX_SOURCE_ITEMS = 10
 PROTOTYPE_THRESHOLD = 85
+DEPRECATION_NOTICE = """\
+code-intel-kernel/research-radar is deprecated as an active intake loop.
+Canonical workspace intake now lives in heurema/lab/radar and uses
+heurema/shared-intake-governance for fetch/sanitize/projection.
+
+This legacy collector is retained only for historical report reproduction.
+Re-run it explicitly with --allow-legacy-run if you are intentionally
+reproducing old code-intel radar artifacts.
+"""
 
 
 def main() -> int:
     args = parse_args()
+    if not args.allow_legacy_run:
+        print(DEPRECATION_NOTICE, file=sys.stderr)
+        return 2
+
     radar_root = args.radar_root.resolve()
     run_date = parse_date(args.date)
     context = RunContext(radar_root=radar_root, run_date=run_date)
@@ -66,6 +79,11 @@ def parse_args() -> argparse.Namespace:
         default=Path(__file__).resolve().parents[1],
         help="Research Radar root; intended for tests and local dry runs.",
     )
+    parser.add_argument(
+        "--allow-legacy-run",
+        action="store_true",
+        help="Intentionally run the deprecated legacy collector for historical reproduction.",
+    )
     return parser.parse_args()
 
 

scripts/run-deterministic-tests.sh

@@ -6,6 +6,7 @@ cargo test
 cargo clippy -- -D warnings
 cargo run --quiet -- eval-fixtures --json
 python3 research-radar/bin/validate_reports.py
+python3 -m unittest tests.test_research_radar_deprecation
 python3 -m unittest tests.test_research_radar_experiment_proposal_contract
 python3 -m unittest tests.test_research_radar_shared_intake_dependency
 git diff --check

tests/test_research_radar_deprecation.py

@@ -0,0 +1,28 @@
+import subprocess
+import sys
+import unittest
+from pathlib import Path
+
+
+ROOT = Path(__file__).resolve().parents[1]
+SCRIPT = ROOT / "research-radar" / "bin" / "run_daily.py"
+
+
+class ResearchRadarDeprecationTests(unittest.TestCase):
+    def test_run_daily_refuses_without_legacy_flag(self):
+        result = subprocess.run(
+            [sys.executable, str(SCRIPT), "--dry-run"],
+            cwd=ROOT,
+            text=True,
+            capture_output=True,
+            check=False,
+        )
+
+        self.assertEqual(result.returncode, 2)
+        self.assertIn("deprecated as an active intake loop", result.stderr)
+        self.assertIn("heurema/lab/radar", result.stderr)
+        self.assertIn("--allow-legacy-run", result.stderr)
+
+
+if __name__ == "__main__":
+    unittest.main()