+# HealthProbe Agent Bootstrap

+Canonical agent instructions live in:

+- `HealthProbe/Doc/00-agent-guides/AGENTS.md`

+Before working, read:

+1. `HealthProbe/Doc/README.md`

+2. the specific chapter linked there for your task

+3. `HealthProbe/Doc/00-agent-guides/AGENTS.md`

+The root repository must not contain substantive project documentation. Keep

+canonical docs under `HealthProbe/Doc/` so agents do not discover stale copies.

+# HealthProbe Claude Bootstrap

+Canonical Claude/UI instructions live in:

+- `HealthProbe/Doc/00-agent-guides/CLAUDE.md`

+Read `HealthProbe/Doc/README.md` first, then the UI agent guide above.

+				"Doc/00-agent-guides/AGENTS.md",

+				"Doc/00-agent-guides/CLAUDE.md",

+				"Doc/01-product/Forensics-Limitations.md",

+				"Doc/01-product/MVP-Specification.md",

+				"Doc/01-product/Product-Specification.md",

+				"Doc/02-architecture/Core-Data-Cache-Design.md",

+				"Doc/02-architecture/Database-Design.md",

+				"Doc/02-architecture/Export-Specification.md",

+				"Doc/02-architecture/Implementation-Guide.md",

+				"Doc/03-ui/README.md",

+				"Doc/04-project/IMPLEMENTATION_STATUS.md",

+				"Doc/04-project/Refactoring-Plan.md",

+				"Doc/99-archive/DATA_TYPE_VIEWS_OPTIMIZATION.md",

+				"Doc/99-archive/REFACTORING_DATA_TYPE_VIEWS.md",

+				Doc/README.md,

+				LastUpgradeCheck = 2650;

+				STRING_CATALOG_GENERATE_SYMBOLS = YES;

+				STRING_CATALOG_GENERATE_SYMBOLS = YES;

+# HealthProbe - Multi-Model Development Guide

+

+Canonical path: `HealthProbe/Doc/00-agent-guides/AGENTS.md`

+

+Start every documentation lookup from [`../README.md`](../README.md).

+

+## Overview

+

+HealthProbe is built by multiple AI models, each owning a distinct domain.

+This document defines boundaries, interfaces, and handoff contracts.

+

+**Agentic reality:** The repo is developed largely via agents (Codex CLI, Claude, and dedicated model sessions). When updating product scope, update docs first, then implement behind flags, and add tests for the new behavior.

+

+**Objective updated 2026-05-23:** HealthProbe is a single-device local

+Health database time machine. It captures the local HealthKit database over time,

+lets the user inspect how accessible health data looked at a chosen observation

+date, explains what changed between local observations, and preserves exportable

+evidence that may no longer be available after Apple Health consolidates,

+aggregates, or prunes historical records. The app no longer treats raw

+record-count drops as inherently alarming, no longer studies differences between

+snapshots from different devices, and does not sync HealthProbe data through

+CloudKit/iCloud. Device metadata may still be stored as local provenance for the

+current device's chain, but UI and algorithms should compare snapshots only

+within one local device timeline.

+

+**Storage decision updated 2026-05-23:** HealthProbe targets legacy devices still

+used for Health collection, including iPhone 6s / Apple Watch Series 3 class

+setups. SwiftData is therefore not an acceptable long-term foundation because it

+requires newer OS versions. The target architecture is:

+1. a direct SQLite archive/analysis database as source of truth;

+2. differential observation storage, never recurring complete snapshot copies;

+3. SQL-first analysis using indexes, joins, CTEs, temporary tables, and paged

+   result sets without loading large archives into RAM;

+4. a rebuildable Core Data UI/reporting cache for expensive counts, summaries,

+   timeline rows, report metadata, and display state.

+

+Current SwiftData models are legacy/prototype implementation details until the

+Core Data cache replacement is implemented. New product/storage work should not

+expand SwiftData dependency.

+

+**Deployment/reset note updated 2026-05-23:** HealthProbe has no real

+deployments, only test installations. Existing SwiftData stores and prototype

+SQLite archives are disposable for the archive v2 refactor: agents should reset,

+ignore, or reinitialize them rather than building one-way migrations or backward

+compatibility layers. Future real archive versions may require migrations, but

+the current prototype schema does not.

+

+**Recovery compatibility note updated 2026-05-23:** HealthProbe will not perform

+disaster-recovery workflows such as transplanting Health database files into

+encrypted iOS backups or re-publishing archived values into HealthKit. However,

+the local archive and user exports should preserve enough structure to support

+external recovery/salvage procedures: stable record identity, values, dates,

+units, source/provenance metadata where available, observation history,

+relationships, hashes, and manifests. Recovery compatibility is an archive/export

+requirement, not an in-app restore feature.

+

+---

+

+## Model Allocation

+

+| Domain | Owner | Tools |

+|--------|-------|-------|

+| **UI / SwiftUI Views** | Claude Code | Xcode, SwiftUI, `HealthProbe/Doc/00-agent-guides/CLAUDE.md` |

+| **Archive Store** | Dedicated model session | SQLite/local archive format, HealthKit metadata mapping |

+| **Data Models (Core Data cache)** | Dedicated model session | Xcode, Swift; derived UI/cache/settings/log/report models only |

+| **HealthKit Integration** | Dedicated model session | Xcode, HealthKit docs |

+| **Change Explanation Algorithms** | Dedicated model session | Swift, archive diffing, consolidation heuristics |

+| **Context Monitoring** | Dedicated model session | Xcode; logs Health/iCloud state as context only |

+| **Documentation** | Claude Code + dedicated session | Markdown |

+| **Tests** | Dedicated model session | XCTest, Swift Testing |

+

+---

+

+## Directory Ownership

+

+```

+HealthProbe/

+├── Views/           ← Claude Code (UI)

+├── ViewModels/      ← Claude Code (UI)

+├── Utilities/       ← Claude Code (shared helpers, mocks)

+├── Models/          ← Models agent (legacy SwiftData now; target Core Data UI/cache schemas)

+├── Services/        ← Services agent (HealthKit, archive store, change explanation, context)

+└── Tests/           ← Tests agent

+```

+

+**Rule:** Each agent writes only within its owned directories.

+Cross-boundary changes require an explicit interface contract (protocol) first.

+

+**Documentation scope:** `HealthProbe/Doc/` is shared. Keep it consistent with shipped behavior, and add a dated entry when objectives change.

+

+**Database work starts here:** `HealthProbe/Doc/02-architecture/Database-Design.md`.

+The database is the central project artifact. Agents changing archive schema,

+capture persistence, diff logic, aggregate caches, exports, reset behavior, or

+future migrations must read and update that document before code changes.

+

+---

+

+## Interface Contracts

+

+All service boundaries are defined as Swift protocols.

+Claude Code (UI) consumes protocols — never concrete implementations.

+

+### CaptureMonitorProtocol

+

+```swift

+/// Owned by: Services agent

+/// Consumed by: UI (DashboardViewModel)

+protocol CaptureMonitorProtocol {

+    var archiveStatus: ArchiveStatus { get }

+    var lastObservedAt: Date? { get }

+    func captureNow() async throws

+}

+```

+

+### ChangeSummaryStoreProtocol

+

+```swift

+/// Owned by: Services agent

+/// Consumed by: UI (change timeline/detail views)

+protocol ChangeSummaryStoreProtocol {

+    var changes: [DetectedChange] { get }

+    func markReviewed(_ change: DetectedChange) async throws

+}

+```

+

+### AuditTrailProtocol

+

+```swift

+/// Owned by: Services agent

+/// Consumed by: UI (AuditTrailView)

+protocol AuditTrailProtocol {

+    var entries: [AuditTrailEntry] { get }

+    func export() async throws -> Data  // JSON

+}

+```

+

+### ContextMonitorProtocol

+

+```swift

+/// Owned by: Services agent

+/// Consumed by: UI (ContextViewModel)

+protocol ContextMonitorProtocol {

+    var iCloudEnabled: Bool { get }

+    var lastObservedAt: Date? { get }

+    var stateChanges: [ContextStateChange] { get }

+}

+```

+

+---

+

+## Shared Types (Models Agent)

+

+These types are defined once in `Models/` and shared across all agents:

+

+```swift

+// Models/TypeDistributionBin.swift

+@Model

+final class TypeDistributionBin {

+    var bucketStart: Date

+    var bucketEnd: Date

+    var count: Int

+}

+

+// Models/TypeCount.swift

+// TypeCount owns zero or more TypeDistributionBin records.

+// These bins store sample counts and import anchors, not raw health values.

+

+// Interface updated 2026-05-12 — see AGENTS.md

+// Models/HealthRecord.swift

+// HealthRecord stores one anonymized HealthKit record fingerprint plus its start/end dates.

+// It intentionally does not store raw health values, device identifiers, or source metadata.

+// UI may compare HealthRecord fingerprints between adjacent snapshots to expose local

+// record-level changes that are masked by newly-added records with the same total count.

+// High-volume snapshots store these records in TypeCount.recordArchiveData instead of

+// creating one SwiftData model per record, avoiding main-thread stalls after import.

+

+// Interface updated 2026-05-13 — see AGENTS.md

+// TypeDistributionBin also stores content hashes and HealthKit query anchors.

+// Import uses a global anchored query per data type so follow-up snapshots fetch only

+// HealthKit deltas instead of scanning calendar blocks with fixed per-query latency.

+

+// Interface updated 2026-05-18 — see AGENTS.md

+// SwiftData is not the forensic source of truth and is legacy/prototype storage

+// for the current app. Target architecture uses Core Data as a rebuildable

+// UI/reporting cache only. Complete HealthKit samples and metadata belong in the

+// SQLite archive store, in one schema that can preserve relationships across data

+// types, sources, devices, workouts, and metadata.

+

+// Interface updated 2026-05-18 — see AGENTS.md

+// Services/Protocols/HealthArchiveStore.swift defines the local archive boundary.

+// SQLiteHealthArchiveStore is the current implementation. HealthKit anchored-query

+// pages must be written to this archive before UI/cache rows are saved.

+// Deletions are recorded by sampleUUIDHash because HKDeletedObject exposes UUIDs,

+// not complete sample payloads.

+

+// Storage objective updated 2026-05-23 — see AGENTS.md

+// Recurring complete snapshots are out of scope for the target architecture.

+// Store differential observations, versioned sample payloads, observation ranges,

+// and materialized aggregates. Expensive counts used by reports/UI should be

+// cached in Core Data and be rebuildable from SQLite.

+

+// Objective updated 2026-05-23 — see AGENTS.md

+// HealthProbe is a local Health DB Time Machine. Snapshot/device identifiers are

+// retained only to preserve local provenance and keep comparisons within one

+// device chain. Record-count drops must be explained with aggregate and

+// representation context, not treated as inherently alarming.

+

+// Interface updated 2026-05-17 — see AGENTS.md

+// Models/TypeCount.detailCacheData stores precomputed detail data for the current

+// TypeCount compared with the immediately previous snapshot on the same device.

+// The cache contains aggregate added/disappeared counts, capped preview records for

+// UI drill-down, and daily change bins for temporal charts. It must be computed when

+// snapshots are saved and refreshed for neighboring snapshots when snapshot deletion

+// changes chain links. Existing stores are backfilled incrementally with a strict

+// per-launch TypeCount cap to avoid decoding many large archives in one run.

+

+// Interface updated 2026-05-17 — see AGENTS.md

+// Models/HealthSnapshot.contentEquivalentSnapshotID marks snapshots whose TypeCount

+// content is identical to a previous snapshot on the same device. These snapshots are

+// retained as temporal labels but behave as aliases to the representative content

+// snapshot for expensive detail cache/diff work.

+

+// Interface updated 2026-05-17 — see AGENTS.md

+// Models/TypeCount.contentEquivalentTypeCountID marks individual data types whose

+// content is identical to the previous snapshot's same TypeCount. This allows a

+// snapshot to contain real changes for some metrics while long-stable metrics behave

+// as temporal aliases and skip per-type detail cache/diff work.

+

+// Interface updated 2026-05-17 — see AGENTS.md

+// Models/HealthSnapshot stores cached overview scalars for UI consumption:

+// tracked type count, aggregate record count, and overall oldest/newest record dates.

+// These values must be computed during snapshot save while TypeCount data is already

+// in memory, so snapshot list/detail screens never recompute them by traversing

+// snapshot.typeCounts on the UI thread.

+

+// Interface updated 2026-05-17 — see AGENTS.md

+// Models/SnapshotDelta stores cached list/detail summary scalars derived from TypeDelta.

+// Overview screens consume these scalars and type-delta summaries directly instead of

+// recalculating per-snapshot changes from HealthSnapshot.typeCounts.

+

+// Interface updated 2026-05-23 — see AGENTS.md

+// Future UI/domain naming should prefer "change" or "observation diff" over

+// "anomaly". Existing AnomalyRecord/AnomalyType code is legacy naming until the

+// model replacement/refactor is implemented.

+enum ChangeClassification: String, Codable {

+    case appeared

+    case disappeared

+    case representationChanged = "representation_changed"

+    case consolidationLikely = "consolidation_likely"

+    case aggregateChanged = "aggregate_changed"

+    case uncertain

+}

+

+enum ReviewPriority: String, Codable, Comparable {

+    case info, review, important

+}

+

+enum ArchiveStatus: String {

+    case ready, needsCapture, degraded, unknown

+}

+```

+

+Any model changes must be announced in this file before other agents consume them.

+

+---

+

+## Handoff Process

+

+When a module is ready to be consumed by another agent:

+

+1. **Define the protocol** in `Services/Protocols/` (services agent)

+2. **Implement a mock** in `Utilities/Mocks.swift` (Claude Code)

+3. **Build UI against the mock** (Claude Code)

+4. **Replace mock with real implementation** (services agent)

+5. **Integration test** (tests agent)

+

+This allows UI development and service development to proceed in parallel.

+

+---

+

+## Algorithms & Change Explanation Logic

+

+The following modules involve non-trivial logic and should be reviewed carefully:

+

+| Module | File | Description |

+|--------|------|-------------|

+| **Change Explainer** | `Services/AnomalyDetector.swift` *(legacy name)* | Classify appeared/disappeared/representation-changed records without assuming loss |

+| **Consolidation Heuristics** | `Services/DivergenceEngine.swift` *(legacy name)* | Compare aggregates, intervals, and density to identify likely HealthKit consolidation |

+| **Fingerprinter** | `Services/SampleFingerprinter.swift` | Record matching via sample and semantic hashes |

+| **Snapshot Comparator** | `Services/SnapshotComparator.swift` | Diff between observations in one local device timeline |

+| **Distribution Comparator** | `Services/SnapshotDiffService.swift` | Daily per-type distribution diff to distinguish detail thinning from aggregate change |

+

+**Guidelines for algorithm modules:**

+- Document assumptions explicitly (e.g., "HealthProbe can only preserve detail it observed")

+- All thresholds (e.g., `age > 7 days`) must be configurable constants, not magic numbers

+- Include unit tests for edge cases (empty observations, partial data, clock skew, consolidation-like rewrites)

+- No UI code; return plain Swift types only

+

+---

+

+## Privacy Directives — All Agents

+

+**Mandatory across all modules:**

+- No credentials, API keys, tokens, or certificates in any file

+- No personal data: names, emails, phone numbers, dates of birth

+- No device identifiers: UDID, serial number, advertising ID, device name

+- No account identifiers: Apple ID, iCloud account info, CloudKit record IDs

+- No raw health values in code, tests, previews, logs, or comments

+- No location data or patterns enabling re-identification

+- Synthetic data only in tests and previews

+

+**Clarification:** “No raw health values” applies to this repository’s contents. The app may optionally store a user's raw HealthKit samples *locally on-device* for forensic backup purposes, but such samples must never appear in source control, logs, or docs.

+

+---

+

+## Communication Between Agents

+

+When one agent needs to communicate a decision or change to another:

+

+1. **Update this file** (`HealthProbe/Doc/00-agent-guides/AGENTS.md`) with the protocol/interface change

+2. **Update the relevant protocol** in `Services/Protocols/`

+3. **Add a comment** in the affected file: `// Interface updated YYYY-MM-DD — see AGENTS.md`

+

+---

+

+## Current Status

+

+| Module | Status | Owner |

+|--------|--------|-------|

+| Core Data UI/Report Cache | ⏳ Planned replacement of SwiftData | Models agent |

+| HealthKit Integration | ✅ Done | Services agent |

+| Snapshot Diff Service | ✅ Done | Services agent |

+| Service Protocols | ⏳ Not started | Services agent |

+| Change Explanation / Consolidation Heuristics | ⏳ Needs refocus | Services agent |

+| Context Monitor | ⏳ Not started | Services agent |

+| UI – App entry + TabView | ✅ Done | Claude Code |

+| UI – Dashboard | ✅ Done (functional, minimal) | Claude Code |

+| UI – Snapshots + Detail | ✅ Done | Claude Code |

+| UI – Data Types | ✅ Done | Claude Code |

+| UI – Settings | ✅ Done | Claude Code |

+| Unit Tests | ⏳ Not started | Tests agent |

+# HealthProbe - Claude/UI Agent Guide

+

+## Read First

+

+Before UI work, read:

+

+1. [`../README.md`](../README.md)

+2. [`../01-product/MVP-Specification.md`](../01-product/MVP-Specification.md)

+3. [`../02-architecture/Implementation-Guide.md`](../02-architecture/Implementation-Guide.md)

+4. this file

+

+## Current UI Objective

+

+HealthProbe is not an alert-first anomaly dashboard. It is a local Health DB Time Machine.

+

+The UI should help the user:

+- browse local observations over time;

+- inspect how HealthKit-accessible data looked at a selected observation date;

+- compare two local observations;

+- understand appeared/disappeared/representation-changed records without assuming data loss;

+- export selected point-in-time views and diffs;

+- see archive/cache health and capture status.

+

+## UI Ownership

+

+Claude/UI owns:

+- SwiftUI views in `HealthProbe/Views/`;

+- view models in `HealthProbe/ViewModels/`;

+- navigation and screen composition;

+- visual design, accessibility, Dynamic Type, and legacy-device UI simplification;

+- mock data for previews.

+

+Claude/UI does not own:

+- SQLite archive schema or analysis queries;

+- Core Data cache model design or storage replacement strategy;

+- HealthKit capture internals;

+- recovery/salvage tooling;

+- project entitlements or signing.

+

+Cross-boundary needs should be expressed as protocols or view-ready DTOs.

+

+## Target Screens

+

+Current target surfaces:

+

+```text

+App

+├── Dashboard / Capture Status

+├── Observation Timeline

+├── Observation Detail

+├── Diff Detail

+├── Data Types

+├── Export Preview / Export History

+├── Archive Status

+└── Settings

+```

+

+Legacy/low-memory devices may get simplified tables and summaries instead of heavy charts. Capture, reporting, and export remain more important than visual richness.

+

+## Legacy Device UI Mode

+

+Use simplified UI when the app runs on iOS 15-era devices, very small screens, or when memory/performance instrumentation shows repeated pressure during chart/detail screens.

+

+Simplify by:

+- preferring tables and summary rows over dense charts;

+- limiting default record previews;

+- loading one detail surface at a time;

+- using paged SQLite DTOs for drill-down;

+- hiding non-essential visual comparisons behind explicit taps.

+

+Do not remove:

+- capture controls;

+- archive health/status;

+- cached report summaries;

+- export flows;

+- paged record inspection.

+

+## Language Rules

+

+Prefer:

+- "records no longer visible in this observation"

+- "representation changed"

+- "consolidation likely"

+- "aggregate changed"

+- "cause not inferred"

+- "export selected evidence"

+

+Avoid:

+- "Apple lost your data"

+- "critical data loss" from counts alone

+- "sync bug"

+- "cross-device truth"

+- "restore from HealthProbe"

+

+## Design Guidelines

+

+Tone:

+- calm, technical, evidence-oriented;

+- no emergency language unless the user explicitly chooses an interpretation;

+- make uncertainty visible.

+

+Visual hierarchy:

+- summary first, details on demand;

+- paged record tables for large datasets;

+- chart only when it is cheap and helpful;

+- no UI that implies all data is loaded in memory.

+

+Controls:

+- segmented controls for observation/diff modes;

+- filters for type/date/source/change classification;

+- export buttons only for explicit user-triggered actions;

+- destructive actions require confirmation.

+

+Accessibility:

+- support Dynamic Type;

+- keep tables readable on small devices;

+- provide VoiceOver labels for charts and summary cards;

+- avoid color-only meaning.

+

+## Data Access Pattern

+

+Views should consume:

+- view models;

+- protocols;

+- paged DTOs;

+- Core Data cached summaries once implemented.

+

+Views should not:

+- query the large SQLite archive directly;

+- decode full record archives into arrays;

+- mutate HealthKit;

+- treat SwiftData as target architecture.

+

+## Preview Data

+

+Preview/mock data must be synthetic:

+- no real health values;

+- no real source names;

+- no device identifiers;

+- no real dates tied to a person.

+

+Use examples such as:

+- type: `step_count`

+- value: `42`

+- source hash: `source_hash_example`

+- record hash: `record_hash_example`

+

+## Completion Checklist

+

+- [ ] UI copy follows Time Machine / observation language.

+- [ ] No count-only critical loss messaging.

+- [ ] Large record lists are paged or mocked as paged.

+- [ ] Works on narrow/small-device layouts.

+- [ ] Dark mode and Dynamic Type reviewed.

+- [ ] VoiceOver labels exist for interactive elements.

+- [ ] No real health values in previews/tests.

+- [ ] No new dependency on SwiftData as target storage.

+# HealthProbe - Risks, Limitations & Forensic Capabilities

+

+**Version:** 1.5

+**Last Updated:** 2026-05-23

+

+## 1. Product Boundary

+

+HealthProbe is a local Health DB Time Machine. It preserves selected HealthKit-accessible observations on one device, explains how those observations differ over time, and exports scoped evidence.

+

+HealthProbe is not:

+- a proof engine for Apple Health bugs

+- a cross-device HealthKit database comparator

+- a CloudKit/iCloud sync product

+- a guarantee that HealthKit currently exposes all historical detail

+- a replacement for Apple Health or Apple exports

+- a disaster-recovery tool that mutates HealthKit or patches iOS backups

+

+## 2. Known Limitations

+

+### 2.1 HealthKit Framework Constraints

+

+| Gap | Why | Mitigation |

+|-----|-----|------------|

+| **No stable raw database contract** | HealthKit exposes API objects, not a forensic SQLite dump | Store what the API exposes at each observation |

+| **Representation changes** | Older high-frequency samples can become intervalized, thinned, or aggregated | Compare records and aggregates; label consolidation separately from loss |

+| **Modifications without explicit change events** | HealthKit primarily reports added/deleted objects | Use observation diffs and fingerprints |

+| **Missed background windows** | iOS can delay or skip background work | Manual capture, app-launch capture, observation timestamps |

+| **Private Health types** | Some data is not available to third-party apps | Document inaccessible gaps |

+| **Cross-device divergence** | Apple devices may expose different local HealthKit states | Compare only within the current device timeline |

+

+### 2.2 Interpretation Limits

+

+A disappeared fingerprint does not automatically mean permanent user data loss. It may mean:

+- Apple Health consolidated older records

+- a permission changed

+- a source app rewrote or re-imported data

+- HealthKit query timing changed

+- the user deleted or edited data

+- the app missed one or more background windows

+

+HealthProbe should present evidence and uncertainty. Count-only drops must not be shown as critical alerts without supporting detail.

+

+### 2.3 Data Retention Constraints

+

+HealthProbe can only preserve detail after it has observed it. It cannot reconstruct records that were already aggregated or unavailable before installation.

+

+The local archive can preserve selected details beyond what future HealthKit queries or Apple exports expose, but only for data types the user has enabled and granted permission to read.

+

+## 3. Privacy & Security Risks

+

+| Risk | Impact | Mitigation |

+|------|--------|------------|

+| **Raw health data exposure** | Critical | Local-only archive; explicit user exports only |

+| **Device/source re-identification** | High | Hash or redact identifiers where possible; avoid personal data in logs/docs/tests |

+| **Behavior inference from timestamps** | Medium | No automatic cloud sync; scoped exports |

+| **Lost archive on uninstall/device loss** | High | Encourage explicit exports for important evidence |

+| **Local device compromise** | High | Rely on iOS data protection; no network copy by default |

+

+## 4. Questions HealthProbe Can Answer

+

+### Q1: "What did my Health data look like at this observation date?"

+

+Method:

+1. Select an observation.

+2. Load archived records visible at that observation.

+3. Show per-type counts, date ranges, aggregates, source summaries, and record tables.

+4. Export the selected view if needed.

+

+### Q2: "What changed between these two observations?"

+

+Method:

+1. Compare adjacent or selected observations from the same local device timeline.

+2. Group records as appeared, disappeared, retained, or representation-changed.

+3. Compare aggregate totals and coverage windows.

+4. Label likely consolidation when record detail changed but aggregate meaning is preserved.

+

+### Q3: "Can I export details that are no longer available from current HealthKit?"

+

+Method:

+1. Query the local archive by observation date and sample type.

+2. Select the historical record set.

+3. Export JSON/CSV plus manifest hashes and observation metadata.

+

+### Q4: "When did this record first become visible to HealthProbe?"

+

+Method:

+1. Search the archive observation history for the record fingerprint.

+2. Report first-seen, last-seen, last-verified, and disappeared-at timestamps.

+3. Include context events without claiming causality.

+

+### Q5: "Is a change probably consolidation rather than loss?"

+

+Method:

+1. Compare missing old records with newer interval or aggregate records over the same time window.

+2. Check value sums, date coverage, and source metadata.

+3. Report "consolidation likely" only when aggregate evidence supports it; otherwise report "uncertain."

+

+## 5. Export Formats

+

+### JSON Diff Report

+

+```json

+{

+  "report_id": "DIFF_SYNTHETIC_001",

+  "exported_at": "2026-05-23T12:00:00Z",

+  "from_observation": "2026-04-23T12:00:00Z",

+  "to_observation": "2026-05-23T12:00:00Z",

+  "sample_type": "HKQuantityTypeIdentifierStepCount",

+  "summary": {

+    "appeared": 12,

+    "disappeared": 84,

+    "representation_changed": 6,

+    "aggregate_delta_percent": 0.1,

+    "label": "consolidation_likely"

+  },

+  "manifest_hash": "synthetic-example-hash"

+}

+```

+

+### CSV Point-In-Time Table

+

+```csv

+observation_at,type,start_date,end_date,value,unit,source_hash,record_hash

+2026-05-23T12:00:00Z,step_count,2026-01-01T00:00:00Z,2026-01-01T00:10:00Z,42,count,source_hash_example,record_hash_example

+```

+

+### Markdown Summary

+

+```markdown

+# HealthProbe Observation Diff

+

+Observation A: 2026-04-23 12:00 UTC

+Observation B: 2026-05-23 12:00 UTC

+

+## Summary

+- Appeared records: 12

+- Disappeared records: 84

+- Representation changes: 6

+- Aggregate delta: 0.1%

+- Interpretation: consolidation likely

+

+## Notes

+This report describes local HealthKit observations from one device.

+It does not infer cause or compare against another device as a source of truth.

+```

+

+## 6. Forensic Techniques Enabled

+

+**Timeline reconstruction:** Walk observation history and rebuild visible records for a selected date.

+

+**Representation-change analysis:** Compare count, intervals, value sums, value max, and coverage windows to distinguish detail thinning from meaningful aggregate drift.

+

+**Archive-backed export:** Export data from HealthProbe's local archive even when a current HealthKit query no longer exposes the same record-level detail.

+

+**Context correlation:** Place local changes near iOS/app/permission/iCloud-state events while avoiding causal claims.

+

+## 7. Recovery-Compatible Export Boundary

+

+External tools may use HealthProbe exports to:

+- inspect what HealthProbe observed at a point in time;

+- compare exported records with backup/XML/database evidence;

+- build salvage workflows outside the app;

+- re-publish values into another system with explicit user consent.

+

+HealthProbe exports should therefore preserve:

+- values, dates, units, and type identifiers;

+- stable hashes and payload version hashes;

+- source/provenance hashes where available;

+- relationships where available and in scope;

+- observation history and manifest/item hashes.

+

+HealthProbe exports cannot guarantee:

+- original Apple/private database primary keys;

+- original HealthKit metadata that was never exposed to the app;

+- proof that a disappeared record was deleted by Apple;

+- lossless re-publication into HealthKit with original provenance.

+

+The iOS app remains read-only. Any backup transplant, HealthKit re-publication, or disaster-recovery procedure is external tooling, not an in-app feature.

+

+## 8. Recommended Usage

+

+### Individual Users

+

+1. Enable the data types that matter most.

+2. Let HealthProbe build an initial archive.

+3. Capture manually before/after OS updates, restores, migrations, or major app changes.

+4. Use the timeline to inspect old observations.

+5. Export selected views when a detail set matters.

+

+### Researchers And Support

+

+1. Work from scoped exports, not raw device databases.

+2. Treat HealthProbe evidence as local observation history.

+3. Avoid claiming root cause without additional Apple/system evidence.

+4. Prefer aggregate-neutral language: changed, appeared, disappeared, consolidated, uncertain.

+

+## 9. Future Enhancements

+

+- richer point-in-time query tools

+- improved consolidation heuristics

+- archive integrity audits and repair workflows

+- optional encrypted archive copy chosen by the user

+- macOS analysis of explicit HealthProbe exports

+- recovery-compatible archive/export manifests that external tools can use as input, without adding restore or re-publication features to the app

+

+## 10. Troubleshooting

+

+| Issue | Cause | Fix |

+|-------|-------|-----|

+| **No recent observations** | Background refresh disabled or app not opened | Open app and run manual capture |

+| **Some types missing** | HealthKit permission not granted or type unavailable | Review permissions and selected types |

+| **Large count drop shown** | Possible consolidation or query/permission change | Inspect diff and aggregate evidence before interpreting |

+| **Old detail unavailable** | HealthProbe did not observe it before aggregation | Only future observations can be preserved |

+| **Export too large** | High-frequency type selected over long interval | Narrow date/type filter |

+

+## 11. References

+

+- Apple HealthKit Framework: https://developer.apple.com/documentation/healthkit/

+- HKAnchoredObjectQuery: https://developer.apple.com/documentation/healthkit/hkanchoredobjectquery

+- Core Data: https://developer.apple.com/documentation/coredata

+- DearApple Issue #001: historical context for reported Apple Health data anomalies

+

+---

+

+*HealthProbe - A local time machine for HealthKit-accessible data.*

+# HealthProbe iOS - Specification (MVP)

+

+**Version:** 1.5

+**Last Updated:** 2026-05-23

+**Status:** MVP iOS local Health DB Time Machine

+

+## Overview

+

+HealthProbe is a read-only iOS app that captures selected HealthKit data into a local archive so the user can revisit how their Health database looked at earlier observation dates.

+

+The MVP is not a cloud sync product and not a cross-device comparator. It is a single-device local timeline:

+- capture what HealthKit exposes today

+- preserve selected details before they are aggregated, consolidated, or no longer queryable

+- show what changed between local observations

+- export selected historical views and record tables

+

+The original motivation was data-loss detection. The current objective is broader and calmer: help the user understand the evolution of their local Health database over time. A record-count drop is a change to explain, not automatically an emergency.

+

+## Core Principles

+

+1. **Read-only with respect to HealthKit**

+   - Never modify or delete HealthKit data

+   - Only observe, archive, compare, and export

+

+2. **Single-device local timeline**

+   - Compare only observations captured on this device

+   - Do not infer correctness by comparing HealthKit databases from different devices

+

+3. **Local-first storage**

+   - HealthProbe data works without network access

+   - No HealthProbe CloudKit/iCloud sync for raw samples, digests, reports, or caches

+

+4. **Archive-first design**

+   - The local archive is the source of truth

+   - SQLite stores differential observations and performs large analyses

+   - Core Data stores UI/report/cache/settings/history data that can be rebuilt from the archive

+

+5. **Legacy-device support**

+   - Keep iOS 15-era Health collection devices in scope

+   - Do not require SwiftData for target architecture

+   - Simplify heavy visualizations on legacy devices while preserving capture, reporting, and export

+

+6. **Consolidation-aware interpretation**

+   - Apple Health may aggregate or rewrite older high-frequency records

+   - Count-only alerts are not reliable evidence of loss

+   - UI language should describe additions, removals, consolidation, and uncertainty

+

+7. **Differential storage**

+   - Do not append complete periodic snapshots for large datasets

+   - Store sample identities, payload versions, observation events/ranges, and aggregates

+

+## MVP Features

+

+### 1. Local HealthKit Capture

+

+Use:

+- `HKAnchoredObjectQuery` for incremental capture

+- `HKObserverQuery` as a prompt to refresh when iOS wakes the app

+- manual capture from the app UI

+

+Track initially:

+- workouts

+- steps and activity quantities

+- heart rate and other high-frequency quantities selected by the user

+- sleep and relevant category samples

+- additional types through a selected-type registry

+

+Persist differentially in the local SQLite archive where HealthKit exposes it:

+- sample UUID hash, type, start/end date, value, and unit

+- source and source revision metadata

+- HealthKit metadata dictionaries

+- device provenance exposed by HealthKit, subject to privacy redaction/hash policy

+- first-seen, last-seen, last-verified, disappeared-at observations

+- fingerprints for internal matching and explicit user exports

+- materialized per-type/per-day aggregates needed by reports and presentation

+

+### 2. Health DB Time Machine

+

+The app must let the user answer:

+- "What did my accessible HealthKit data look like on this observation date?"

+- "What changed between these two observations?"

+- "Which older details can HealthProbe still export even if HealthKit later consolidates them?"

+

+Core views:

+- observation timeline

+- point-in-time summary

+- per-type detail table

+- adjacent-observation diff

+- selected-record export preview

+

+On legacy/low-memory devices, heavy charts may be replaced with tables, summaries, and generated reports. Export/report correctness is more important than rich visualization.

+

+### 3. Change Explanation

+

+Changes are classified as observations, not accusations:

+- **Appeared:** record/fingerprint was absent before and present now

+- **Disappeared:** record/fingerprint was present before and absent now

+- **Changed representation:** aggregates remain similar but record granularity, intervals, timestamps, or values changed

+- **Consolidation likely:** old high-frequency detail appears thinned or intervalized while aggregate totals remain explainable

+- **Uncertain:** HealthKit/API/background constraints prevent confident classification

+

+Severity should be used sparingly. The MVP should prefer neutral labels and evidence summaries over alarm language.

+

+### 4. Exports

+

+Exports are a primary product feature. They preserve selected historical evidence and support external analysis.

+

+MVP exports:

+- selected point-in-time table as JSON/CSV

+- diff report between two observations

+- manifest with hashes and observation metadata

+- selected disappeared/appeared/changed records

+

+Routine full-database export is not an MVP goal. The archive itself is the local backup; user-facing exports are scoped to what the user is inspecting.

+

+Exports must stream or page from SQLite. The app must not materialize large high-frequency record sets in RAM before writing an export.

+

+### 5. Context Logging

+

+Health/iCloud state may be logged as context only:

+- HealthKit permission changes

+- app version / iOS version

+- local capture start/end/failure

+- iCloud sign-in state if available

+

+Context logging must not become HealthProbe cloud sync and must not imply that iCloud state proves why a change happened.

+

+## Out Of Scope

+

+- HealthProbe CloudKit/iCloud sync

+- comparing snapshots from different devices

+- claiming Apple lost data solely because sample counts changed

+- predicting future loss