Changelog

Latest updates and improvements.

v0.6.2

2026-03-2212:00
Show Details
  • SecurityPath traversal: Jailed document reads to .agent/ via filepath.Clean + absolute prefix check.
  • SecurityTiming attack: Sovereign master key comparison now uses crypto/subtle.ConstantTimeCompare.
  • SecurityOAuth CSRF: State nonce stored on flow initiation and validated in callback — mismatches rejected.
  • SecurityFilter injection: Parameterised PocketBase filter queries via ListRecordsWithFilterParams (sentinel routing ops).
  • SecurityCSP: Added worker-src, media-src, frame-src, form-action, base-uri, object-src directives. Added Referrer-Policy and Permissions-Policy headers.
  • SecurityVault: Encrypted vault key moved from localStorage to sessionStorage — clears on tab close.
  • SecurityBody limit: Global 32 MB request body cap via http.MaxBytesReader middleware.
  • FixAuth cache: Added 5-minute background eviction goroutine and 10,000-entry size cap to prevent unbounded growth.
  • FixAuth cache: Deduplicated RequirePro — now delegates to RequireProOrAdmin.
  • FixLicense handler: Eliminated N+1 query in install list — pre-built subscribedInstalls map for O(1) lookup.
  • FixHTTP server: Added read/write timeouts to dev server; fixed WriteTimeout: 0 on HTTPS server.
  • FixError responses: Standardised all 46 API handlers to jsonError() returning {"error":"..."}.
  • FixRate limits: RATE_LIMIT_CHAT and RATE_LIMIT_AUTH env vars now override default limits at startup.
  • UILoading skeletons: Added animate-pulse skeletons for /admin and /admin/spectre routes.
  • UIError boundary: Added root-level error.tsx for layout-level crash recovery.
  • UIImages: Migrated AcademyCard, Avatar, and academy modal to next/image for optimised delivery.
  • techTypeScript: Replaced 23 any types with Record<string, unknown>, named interfaces, and typed React event handlers.
  • techDead code: Deleted unused Mermaid.tsx (superseded by MermaidDiagram.tsx).

v0.6.1

2026-03-2119:00
Show Details
  • FeatureIntentMemory: Direct MCP nexus_store routing without permission flow
  • FixEntity extraction: Correctly extract Y from 'User's favorite X is Y' patterns
  • FeatureMemory: Disk-first persistence with bidirectional PocketBase sync
  • UITraces: Enrichment badge and (enrichment) label for memory enrichment traces
  • docsSystem prompt: Stronger tool usage guidance for vault vs memory tools
  • ChoreRemoved unused AutoSave DISABLED log spam

v0.6.0

2026-03-2106:00
Show Details
  • coreSmart Memory System v9.1: Enhanced memory with semantic keyword extraction and intelligent sync.
  • FeatureMemory: 2-stage keyword extraction — fast rule-based on save, LLM enrichment in background.
  • FeatureMemory: SHA256 content deduplication — updates existing memories instead of creating duplicates.
  • FeatureMemory: User-scoped memories with private vs global visibility control.
  • FeatureMemory: Fuzzy keyword matching with stemming for better search relevance.
  • FeatureMemory: Smart delta sync worker — file watcher detects disk changes with 2-second debounce.
  • FeatureMemory: Background sync to PocketBase with batch processing and rate limiting.
  • FeaturePersistence: New unified persistence layer at .agent/persistence/{memories,extractions,screenshots}.
  • UILanding Page: Added Smart Memory section highlighting keyword extraction and deduplication.
  • UIUse Cases: Added Smart Memory & Context use case with feature overview.
  • UIFeatures: Enhanced Memory System description with v9.1 capabilities.
  • docsGEMINI.md: Updated with Smart Memory system details and Nexus Intelligence Layer.
  • docsAGENTS.md: Added PROFILE_MEMORY tool authority profile for memory-enabled agents.
  • docsManifest: Updated with persistence layer structure and memory system paths.
  • docsREADME.md: Enhanced memory capabilities documentation.
  • techOpenAPI: Added enhanced memory endpoints to API specification.
  • techInsomnia: Updated collection with memory API endpoints.

v0.5.0

2026-03-1922:00
Show Details
  • coreNexus Intelligence Layer: Complete vault and intelligence system overhaul.
  • FeatureNexus MCP Vault: AI-accessible secrets with user-controlled publishing.
  • FeatureSentinel Vault: User-specific encrypted vaults with AES-256-GCM encryption.
  • FeatureMaster Key System: Profile-level bcrypt-secured master keys for vault access.
  • FeatureNexus Context Store: Local-first key-value storage with PocketBase sync.
  • FeatureDocument Graph: Enhanced file indexer with relationships and MCP query tools.
  • FeatureMCP Tools: Added read_secret, write_secret, list_secrets for AI vault access.
  • FeatureMCP Tools: Added nexus_search_docs, nexus_get_doc, nexus_related_docs for document queries.
  • UIAdmin Secrets: Added AI Access tab for publishing secrets to MCP vault.
  • UIAdmin Secrets: Access tracking with count and timestamps for AI vault usage.
  • docsDocumentation: Complete vault security documentation in README and /documentation page.
  • FixMemories: Fixed date display to always show timestamps on memory cards.
  • UINexus Reports: Improved filter layout to prevent overlap with report window.

v0.4.0

2026-03-12
Show Details

v0.3.9

2026-02-1620:00
Show Details
  • coreProtocol: Sovereign Memory System to v8.4.0.
  • FeatureMemory: Implemented persistent memory system with episodic and semantic storage.
  • FeatureMemory: Added automatic memory writing after chat conversations.
  • FeatureMemory: Added memory context injection into system prompts for personalized responses.
  • FeatureMemory: Created REST API endpoints for memory write, search, remember, and context.
  • techAPI: Updated OpenAPI spec to v8.4.0 with memory endpoints.
  • techAPI: Synchronized Insomnia collection with all endpoints.

v0.3.8

2026-02-1422:30
Show Details
  • FeatureSecurity: Added IP geolocation enrichment for blacklisted IPs with country, city, ISP, and ASN data.
  • FeatureSecurity: Implemented clickable table rows with detail modal showing all collected data.
  • FeatureSecurity: Added sorting (newest first) and pagination (25 items per page) to blacklist table.
  • FeatureSecurity: Added batch geo-enrichment endpoint for existing records.
  • UISecurity: Updated heading styles to match Document Metadata format with brand colors.
  • techAPI: Updated OpenAPI spec to v8.3.0 with new security endpoints.

v0.3.7

2026-02-0422:05
Show Details
  • coreProtocol: Universal Sovereign Toolbox Integration to v8.1.1.
  • FeatureAgency: Deployed Sovereign Mail (SMTP), Spectre Crawler, and Treasury Audit tools.
  • FeatureSecurity: Implemented mandatory Tool Auditing section in all research artifacts.
  • techAPI: Synchronized OpenAPI spec and internal versioning to v8.1.1.

v0.3.6

2026-02-0313:00
Show Details
  • coreProtocol: System Ops Expansion to v8.1.0 (Janitor & Archivist).
  • FeatureAgents: Deployed The Janitor for hygiene and The Archivist for history.
  • FeatureAPI: Aligned OpenAPI spec to v8.1.0.

v0.3.5

2026-02-0214:50
Show Details
  • coreProtocol: Evolutionary Kernel Shift to v7.9.2 (Metadata-Driven Core).
  • FeatureLibrarian: Implemented mission discovery via YAML frontmatter (research_type).
  • FeatureTransparency: Exposed model-level metadata (Llama 4 Scout) in research artifacts.
  • SecurityHardening: Enforced HTTPS via HSTS and expanded SSL host whitelisting.
  • coreArchitecture: Pivot to Direct Client-to-Backend API architecture to support Static Site Generation (output: export).
  • BackendCORS: Implemented 'Reflective CORS' in middleware to support credentials with specific origins (localhost/127.0.0.1).
  • UITables: Refined ClientLawsTable and MarkdownViewer to use global Table components with brand-primary/secondary/tertiary tints.
  • UIModal: Hardened Modal styling with forced brand-primary borders and headers.
  • FixAPI: Resolved 'Failed to fetch' errors by removing conflicting CORS headers and unifying API access.
  • FixConfig: Externalized API URL via NEXT_PUBLIC_API_URL to support non-localhost production environments.
Page 1 of 2