All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Some kind of Versioning
Rollup coverage: this entry covers the frozen
devrelease train after0.1.40through PR #2744. It includes PRs #2600, #2609, #2611, #2626, #2629, #2633, #2701, #2703, #2704, #2705, #2706, #2707, #2708, #2709, #2710, #2711, #2712, #2713, #2714, #2715, #2716, #2717, #2718, #2719, #2725, #2726, #2728, #2729, #2730, #2731, #2732, #2739, #2740, #2741, #2742, #2743, and #2744.
- Research And Source-Grounded Learning — Added source-grounded spaced repetition and advanced quiz controls, Paperless source review/saved-view workflows, Research Workspace source discovery and PDF handoff foundations, beginner UAT coverage, workspace status rails, and decision/reconciliation records for the current research experience.
- Skills And Service Prompt Foundations — Added Skills MCP catalog rendering, render-tool binding, UX and extension parity, Skills UAT quality gates, and the reviewed groundwork for user-customizable service prompts.
- Operations And Briefing Workflows — Added Jobs admission/operations extraction and hardened the Watchlists briefing contract across backend and shared product surfaces.
- Release Metadata — Bumped package, FastAPI, README, release-note, and
MkDocs metadata to
0.1.41for the frozen release fromdevintomain. - Authentication And Request Recovery — Improved single-user API-key device persistence, media auth refresh behavior, metadata-only ingestion guards, and stale-session recovery after WebUI relaunch.
- Local Provider Egress Policy — Centralized checked outbound access for configured local providers and public custom OpenAI-compatible adapters.
- Published Documentation — Made the curated public documentation refresh deterministic, repaired the inherited broken-link baseline, and restored zero-warning strict MkDocs validation in pull-request and deployment CI.
- Quick Ingest Reliability — Fixed advanced transport without a persisted server URL, default/render-loop behavior, preset provider selection, and E2E analysis-provider guards.
- Frontend And Audio Regressions — Fixed extension launch/cancellation races, Parakeet ONNX feature configuration, Chatbooks post-merge UAT issues, frontend CodeQL alerts, and related review regressions.
- Research And Skills Hardening — Closed review, cancellation, discovery, rendering, extension-parity, and release-readiness gaps found across the Research Workspace and Skills release train.
Rollup coverage: this entry covers current
devwork queued formainafter the0.1.39release metadata. It includes PRs #2688, #2694, #2696, #2697, #2698, #2699, and #2700.
- Chatbooks Full-Account Backup And Restore — Added an explicit full user-account backup contract and WebUI/extension Backup all flow, including account inventory scope preview, media records, derived media data, bundled tldw-stored account file artifacts, embeddings, redacted inventory summaries, OpenWebUI import-scope hydration reuse, and post-write verification metadata.
- Chat Document Processing — Added chat document upload processing choices, queue replay support, sidepanel/WebUI handoff plumbing, backend preflight contracts, and client/service tests for document-aware chat sends.
- Design Link Docs And Quiz Follow-Through — Added generated design-link docs for key product areas and carried the advanced quiz generation controls and review hardening into the release train.
- Release Metadata — Bumped package, FastAPI, README, and MkDocs metadata
to
0.1.40for the next patch release fromdevintomain. - Chatbooks Export Compatibility — Changed omitted
content_selectionsandcontent_selections: {}to mean full user-account export. Non-emptycontent_selectionsobjects are explicit allowlists, and zero-item allowlists are rejected instead of producing empty backups. - Chatbook Import Defaults — Chatbook archive import now restores restorable archive media data, embeddings, prompts, evaluations, generated documents, and stored account artifacts by default. OpenWebUI imports still preserve attachment references first and use the separate hydration workflow for copied files.
- Release And CI Follow-Ups — Fixed Guardian notification timestamp handling, visual identity ZIP unsafe-path detection on Windows, legacy audio WebSocket config handling, macOS PyAudio CI setup, and sandbox concurrency test stabilization.
- CodeQL And Security Hardening — Hardened current CodeQL alert paths on
dev, including parser, storage, sandbox snapshot, auth/email, moderation, and filesystem validation edges. - Chatbooks And Media Ingest UX — Directed Chatbooks Settings copy and navigation to Chatbooks Backup & Import while keeping Settings as an entry point, and fixed YouTube/media ingest worker startup route defaults and capability reporting.
Rollup coverage: this entry covers current
devwork queued formainafter the0.1.38corrective release. It includes PRs #2577, #2658, #2678, #2679, #2680, #2681, #2682, #2683, #2684, #2685, #2686, #2687, #2689, #2691, and the release-review fixes in PR #2692.
- Character Expressions And Emotes — Added character expression image editing, custom state support, emote directive parsing, streamed emote metadata, sidepanel/chat rendering, history recovery, and onboarding nudges.
- Cooking Recipe Cards — Added the cooking recipe MCP module/tool, recipe card parsing, WebUI rendering, timer validation, and review hardening.
- TTS Voice Preview And Audio Protocol V1 — Added TTS settings voice preview, strict audio stream protocol parsing, chat/transcription protocol enforcement, server dictation protocol frames, and extension STT migration.
- Advanced Quiz Generation — Added planned quiz generation schemas, exact question-plan generation, mix controls, and plan validation hardening.
- Release Metadata — Bumped package, FastAPI, README, and MkDocs metadata
to
0.1.39for the next patch release fromdevintomain. - Settings And Chat UX — Split settings information architecture, hardened settings navigation/recovery flows, added chat backdrop transparency controls, and refreshed settings review follow-ups.
- Release And CI Follow-Ups — Stabilized chat cockpit smoke/real-server checks, OpenAPI fingerprints, mobile cockpit targets, restore-control actionability, and Docker MCP package inclusion for release gates.
- Frontend Review Hardening — Fixed missing analysis-provider feedback, expression-image validation visibility, recipe serving math, TTS preview review feedback, locale coverage, nullable/primitive guards, and persona settings write races.
- Backend Hardening — Fixed PDF/EPUB ingest error handling, AuthNZ PostgreSQL password history migration, notification payload timestamp mutation, and audio protocol review issues.
Corrective release: this patch follows the
0.1.37release after publishing failed in CI. It keeps the release flow asdevintomain, carries the currentdevrelease train forward, and includes the release-publishing workflow fixes needed for PyPI and container publishing.
- Release Metadata — Bumped package, FastAPI, README, and MkDocs metadata
to
0.1.38for the corrective release fromdevintomain. - Docker Release Publishing — Changed the Docker release workflow to publish only to GitHub Container Registry and removed the Docker Hub login path.
- WebUI UAT Follow-Ups — Included the current
devbranch work queued for release, including PR #2676 and its WebUI UAT response handling, provider labeling, worldbooks stability, timeout, toast, and chat test coverage.
- PyPI Release Gate — Installed PortAudio before development dependencies in the PyPI publish gate so PyAudio can build on hosted Linux runners.
- API Docs Discovery Gate — Restored the legacy chatbooks documentation discovery mapping expected by onboarding docs coverage.
Rollup coverage: this entry covers the research workspace media-output work and follow-up
devwork queued formainafter the0.1.36corrective release. It includes PRs #2657, #2659, #2661, #2662, #2663, #2664, #2665, #2666, #2667, #2668, #2669, #2670, #2671, #2673, #2674, and #2675, plus the follow-updevmerge in PR #2656 and release-review hardening in PR #2672.
- Research Workspace Media Outputs — Added research workspace media capabilities, output job APIs, background worker startup contracts, persisted output artifacts, infographic generation, video overview generation, frontend client contracts, and rendered media-output surfaces.
- Research Workspace Agent Tasks — Added agent-task entry points from Chat and Studio, persisted ACP run results as workspace artifacts, preserved task context, connected discovery loops, and expanded NotebookLM-style workspace parity coverage.
- Web Scraping Runtime Boundary — Added runtime request/response contracts, policy adapters, central fetch adapter wiring, viewport validation, article fetch egress pinning, and focused runtime contract coverage for the phase 2 scraping boundary.
- Release Metadata — Bumped package, FastAPI, README, and MkDocs metadata
to
0.1.37for the next patch release frommain. - Release And Backlog Hygiene — Recorded release-task closeout, cleaned up
completed MCP setup bookkeeping, made active Backlog task ids unique, and
kept the release branch synchronized with the latest
devfollow-ups.
- Research Output Hardening — Hardened research output owner isolation, status lookup failures, worker error handling, artifact persistence, context excerpts, PNG byte validation, and encoded/embedded/delimited output metadata path rejection.
- Research Workspace Readiness — Fixed media readiness blockers, smoke-test blockers, header sanity coverage, unhydrated Studio artifact access, web clipper handoff id validation, and malformed Deep Research provenance imports.
- MCP First-Run Discovery — Fixed setup wizard router test context, duplicate task ids, discovery response parsing, and the end-to-end MCP discovery validation path.
- Provider And UI Follow-Ups — Fixed provider-prefixed llama model ids,
default egress port coverage for
8080, chat system prompt modal editing, dark-theme visual fidelity, and Chatbooks dark-theme visual coverage. - Web Scraping Runtime Review Hardening — Replaced generic fetch validation errors with project-specific errors, added the missing fetch adapter docstring, wrapped overlong response fallback formatting, and bounded imported source lineage ids.
Corrective release: this patch supersedes
0.1.35after the release merge landed onmainbefore the branch topology was synced back. It keepsmainas the release branch, keepsdevas the forward working branch, and includes PR #2653 plus the dev/main sync repair.
- MCP External Resource Parity — Added external MCP resource discovery and
read parity through redacted
external://resource URIs, profile-aware grant checks, stdio/websocket resource list/read support, and gateway bootstrap wiring for external runtime resource access.
- Corrective Release Metadata — Bumped package, FastAPI, README, and MkDocs
metadata to
0.1.36so PyPI/main-branch publishing can produce a clean patch release after the0.1.35branch mistake.
- Branch Topology Repair — Synced the
0.1.35main release merge back intodev, preserving the dev-only MCP resource work while makingmainan ancestor ofdevagain.
Rollup coverage: this entry covers current
devwork that landed after the0.1.34release-prep metadata through PR #2654, plus current release-branch follow-ups and main-only cleanup PR #2624. It includes PRs #2060, #2061, #2062, #2418, #2422, #2527, #2530, #2574, #2582, #2583, #2584, #2586, #2587, #2588, #2589, #2591, #2593, #2594, #2595, #2597, #2598, #2601, #2602, #2603, #2604, #2615, #2616, #2617, #2619, #2620, #2621, #2624, #2631, #2632, #2634, #2635, #2636, #2637, #2638, #2639, #2640, #2641, #2642, #2643, #2644, #2645, #2646, #2647, #2648, #2649, #2650, #2652, and #2654.
- Visual Identity Expression Packs — Added visual identity repository foundations, storage validation, ZIP import jobs, activation service support, API endpoints, frontend client utilities, chat metadata integration, pack management UI, generated-file provenance bridging, and visual identity casting resolver APIs/overrides.
- MCP Docs Source Synchronization — Added MCP docs source sync settings, local/URL docs source registries, approved URL source tracking, URL and local page sync tooling, and host-boundary/query URL regression coverage.
- Research Workspace And Release Publishing Hooks — Added research workspace source ingest failure-code exposure and backend PyPI auto-publish workflow wiring for main-branch version releases.
- Workspace, Setup, And MCP Expansion — Added the Chat Workspace live flow, WebUI setup handoff, first-run MCP tool-pack onboarding, RAG MCP module, MCP docs source discovery, Research Workspace share/UAT/NotebookLM parity, and expanded API/WebUI/extension documentation.
- Release Gate And Test Quality Coverage — Added test-quality triage scanning, singleton/lifecycle isolation guards, env-absent and minimal-startup smoke coverage, OpenAPI drift checks, contract/property test expansions, and sandbox-capable UAT documentation.
- Documentation And Provider Surface Cleanup — Split published docs into user and developer wiki entry points and fixed llama.cpp provider alias handling for character chat.
- CI And Dependency Maintenance — Updated Docker publishing actions,
repaired AuthNZ multi-user load-test fixtures, synced
USER_DB_BASE_DIRreset behavior into core settings, and unquarantined the TTS_NEW/Embeddings/Character_Chat_NEW suites after green validation. - Visual Identity Review Hardening — Hardened visual identity storage, idempotency, source-context detection, provenance validation/replay, override version fallback, and frontend TypeScript baseline behavior.
- Release Operations And Cleanup — Recorded VZ prepared-host evidence and
cleanup, external docs hosting, Pages artifact path fixes, ACP caveat
reconciliation, a Jobs backend parity slice, and main-branch cleanup for
tracked
node_modulessymlinks.
- MCP Docs Source Privacy And Consistency — Fixed docs source import failure cleanup, source document counts, local tombstone bounds, redirected URL source reconciliation/retargeting, tombstoned docs lookup filtering, acquisition privacy redaction, and URL acquisition privacy review findings.
- Post-PR 2571 CI Follow-Ups — Fixed Guardian generic notification logging
so synthetic
tsmetadata is added only to the sanitized recorded copy, and retargeted the stale theme-toggle UX smoke assertion from the specialized chat route to a current shared-shell route. - Research Workspace Source Worker — Fixed workspace source ingest failure-code exposure for the current research workspace source-worker path.
- Input, Auth, And Network Hardening — Hardened audio transcription input handling, the Parakeet ONNX STT path, WebUI runtime-auth persistence across hard reloads, integrations outbound egress policy, cross-origin redirect credential stripping, and related PR #2604/#2619 review follow-ups.
- Workspace, Audio, ACP, VZ, And PostgreSQL Stability — Fixed audio briefing/artifact validation, Research Workspace generated artifact and share flows, ACP reconnect broadcaster cleanup, mismatched VZ guest-agent handling, prepared-host validation evidence, and PostgreSQL setup self-verify timestamp timezones.
- Release Branch Review And CI Follow-Ups — Rebased release prep onto
current
dev, kept PyPI publishing fail-closed and test-gated, moved visual identity idempotency workflow decisions into the service layer, repaired Visual Identity preview/refresh/accessibility follow-ups, stabilized sandbox stale-claim capacity checks, and carried main's trackednode_modulescleanup into the release branch.
- Removed the stale test-quarantine mechanism for the previously quarantined TTS_NEW, Embeddings, and Character_Chat_NEW suites.
- Removed tracked
node_modulessymlinks from frontend package trees so generated dependency links are no longer part of the release diff.
Rollup coverage: this entry covers current
devwork that landed after the0.1.33release-prep metadata through PR #2579 plus the PR #2571 release-stabilization commits. It includes PRs #2570, #2573, #2575, #2576, #2565, #2578, #2316, and #2579, along with the post-PR #2567/#2568 review follow-ups and current-main/PR #2571 CodeQL alert cleanup.
- PR 2568 Follow-Up Coverage — Added Backlog records and focused
regression coverage for Jobs event-filter SQL helpers, public metrics-label
hashing, frontend auth persistence, and the
mcp-unifiedPEP 561py.typedmarker/package-data contract. - Standalone MCP Docs Corpus And Acquisition — Added the
mcp-unifieddocs package boundary, SQLite corpus store, local/HTML/Markdown importers, retrieval context helpers, Context7-compatible MCP tool provider/module registration, URL source policy, URL fetching/extraction/acquisition service, and standalone docs server mounting. - Workspace Defaults, Chat Focus, And Testing Audit Coverage — Added workspace default-assistant state, WebUI settings surfaces, persona-default application for Chat Workspace startup, true fullscreen chat focus mode, a testing implementation audit, visible quarantine policy coverage, frontend coverage summaries, storage/rate-limit/error-path/fuzz regression suites, and a non-gating nightly performance workflow.
- Jobs, WebSearch, And Auth Persistence Cleanup — Moved Jobs event-filter
SQL construction behind DB management helpers, replaced WebSearch diagnostic
print()calls with structured Loguru logging, clarified Google parser debug formatting, and restored browser persistence for manually entered API keys and bearer tokens while preserving environment-provided auth precedence. - CodeQL Suppression Hygiene — Updated validated path/auth/download/sync suppressions to current LGTM-compatible CodeQL suppression comments with local rationale on the reviewed paths.
- WebUI Chat And Frontend/Extension Hardening — Reworked character and assistant selection, character greeting picking, Playground chat rail/cockpit layout, character-route state refresh, background-session storage, request history redaction, token refresh, absolute-URL/CSP guards, and browser-storage shims.
- Release CI Gate Stabilization — Aligned release helper/docs contracts,
responsive parity guards, pytest shard/quarantine behavior, local CI
pytest-asyncioloading, playground a11y mocks, stale UX smoke assertions, and CodeQL suppression syntax/rationale with the current release gate behavior.
- PR 2567/2568 Review Follow-Ups — Addressed review findings for DB-layer
ownership, missing helper/class docstrings, pytest unit markers, metrics tests
using public label normalization, WebSearch logging ambiguity, frontend auth
reload behavior, and the
mcp-unifiedtyped-marker package-data mismatch. - WebUI Chat, Character, And Workspace Regressions — Fixed llama.cpp provider discovery and single-user auth bootstrap, character avatar/greeting behavior, chat rail spacing and mobile overlap, character chat reset on tracked-character changes, route-switch refresh regressions, fullscreen chat focus behavior, Knowledge QA smoke auth, and workspace assistant-default effective-state handling.
- Frontend/Extension Security And Reliability Findings — Fixed credential persistence in request history, source-anchor URL handling, extension upload credential allowlisting, MV3 background session persistence, abort/stream lifecycle cleanup, chat POST retry behavior, audio/TTS playback cleanup, voice backpressure/watchdog handling, and character card import/export size caps.
- MCP Docs, Monitoring, And Release Gate Findings — Fixed docs URL policy fail-closed host handling, ambiguous/numeric host rejection, matched-rule redaction, query-preserving fetch requests without result leakage, TLS 1.2 minimums for HTTPS acquisition, Guardian notification timestamp mutation, and stale PR #2571 CodeQL/code-scanning alert state.
- Removed stray WebSearch parser diagnostic
print()calls from the current release line. - Removed the stale WebUI auth stack, dead extension routes tree, redundant chat sidebar rail control, and obsolete release-gate assumptions that no longer matched the current UI.
Rollup coverage: this entry covers work that landed after the
0.1.32metadata update (61d5c8f0da, 2026-06-28) through PR #2557. It includes the post-0.1.32dev/main integration follow-ups, PR #1982 merge stabilization, and PRs #2517, #2528, #2427, #2540, #2541, #2436, #2546, #2547, #2550, #2551, #2549, #2548, #2553, #2326, #2555, and #2552.
- Fish Audio S2 And TTS Workflow Support — Added the commercial Fish Audio S2 backend, registry and adapter wiring, voice metadata resolution, managed reference imports, contract fixes, and setup documentation.
- Explainer Workspace And Export Flows — Added the Explainer Workspace persistence API, expansion jobs, grounding evidence snapshots, chatbook export/import, UI surfaces, verification coverage, and follow-up hardening.
- MCP, Skills, And Package Gateway Readiness — Added Skills runtime metadata, MCP recovery/readiness metadata, explicit opt-in handling for risky MCP modules, package-gateway status expansion, and standalone profile discovery documentation.
- Chunking And Moderation Internals — Refactored
process_textthrough shared preparation, option-resolution, dispatch, finalization, and wrapper helpers, and moved moderation policy assembly behind compiler abstractions while preserving parser and service behavior. - Design-System Release Polish — Migrated ACP readiness labels, Audio Studio alerts, and TTS alerts onto shared design-system states, and recorded residual MCP UX design/readiness posture for the release train.
- Release Documentation And Packaging Posture — Collapsed additional README sections, removed stale root implementation-plan files, clarified MCP embedded/package paths and Docker path status, and moved VCS extras/manual backend dependencies into explicit manual-install documentation.
- PR 1982 And PR 2557 CI Stabilization — Fixed post-merge pre-commit issues, MkDocs deploy verification, full-suite shard coverage mapping, grouped CI failures, package/manual-OCR backend extras alignment, points-transformers backend requirements, and a circuit-breaker lease-expiry flake.
- Workflow Review Follow-Ups — Addressed onboarding docs review feedback, Writing annotations UAT polish, Skills export metadata feedback, MCP residual UX review findings, MCP status/run-command authz coverage, and TTS/Fish S2 review follow-ups.
- Runtime And Product Hardening — Hardened watchlist template seeding, chat cockpit real-server layout seeding, explainer grounding/expansion/job answer handling, and chunking/moderation regression paths.
- Removed obsolete root implementation-plan files and the stale Flashcards UX fix list from the release branch.
Rollup coverage: this entry covers the 1,175 PR-numbered merge/squash commits present on
devafter the0.1.31changelog push (42d9c31b0b, 2026-04-19) through PR #2544. That includes older backfilled branch merges (#861, #961, #971, #1072), the main post-release branch sequence from PR #1101 onward, and the 254 mergeddevPRs from #2256 through #2544 added during this release-prep pass.
- Sandbox, MCP Gateway, And Native CodeGraph Expansion — Added the VZ Linux real-execution stack, helper lifecycle management, operator image store, runtime capability inventories, network-policy admission metadata, cleanup/recovery contracts, native CodeGraph extractors and indexing modes, and the staged MCP Unified package/gateway/external-runtime architecture with profile presets, catalog loading, stdio transports, CLI support, admin configuration, standalone extras, and release-readiness gates.
- Research, Knowledge, And Study Workflow Expansion — Added the Chat Workspace WebUI, research-workspace service capabilities and migration status flows, Deep Research literature launch and bundle import/return handoffs, flashcards extension capture/generation/review/template workflows, flashcard hierarchy/dashboard/session-history surfaces, notes folder/source closeouts, quick-ingest validation/offline-progress/result handoffs, and study-suggestion product-state coverage.
- Onboarding, Provider, And Runtime Admin Surfaces — Added public
onboarding profile helpers, local-model/confidence/recovery flows,
setup-readiness closeouts,
llama.cppadmin configuration and model inventory diagnostics, provider-key settings, persona/character-card documentation, companion-home shortcuts, and ACP/Codex workspace diagnostics. - MCP, Workspace, And Skills Operations Expansion — Added MCP filesystem edit/diff/glob/grep parity slices, permission-rule parsing and simulation, approval leases, session path grants, web fetch/search/research tools with caching/rate limits/citation metadata, tool-call hooks/reporting, prompt catalog support, notebook-safe tools, workspace container/runtime/membership contracts, server-backed Skills search/filter/dry-render/import review flows, seed overwrite confirmation, and version-aware Skills deletion.
- Research, Scheduled Tasks, And Study Workflow Follow-Through — Added scheduled-task API and frontend shells, results inbox/home surfacing, Research Workspace UAT certification and remediation, Deep Research literature/import/return handoffs, Notes task-backed to-do lists, Mermaid chat and artifact rendering, Chatterbox upstream parity, Audio Studio media ticket transport, and Writing Playground manuscript annotations.
- Release, Packaging, And Local CI Tooling — Added full-suite PR shard fanout, local CI runner targets and pre-push wiring, MCP Unified RC artifact and publish-readiness flows, MCP Unified trusted-publishing setup, backend PyPI artifact guards, and release package-content checks.
- Backend Architecture And API Contract Modularization — Continued the router-group, dependency, response-envelope, pagination, storage-route, API-versioning, OpenAPI-contract, ChaChaNotes/persona delegation, worker lifecycle, and job/scheduler registration migrations so large modules now rely more heavily on explicit route groups, typed helpers, lifecycle inventories, and smaller package boundaries.
- Design-System And WebUI UX Migration — Migrated chat, playground, prompt studio, evaluations, flashcards, dictionaries, integrations, workflow editor, data tables, provider keys, monitoring/admin, and research-workspace states toward the shared design-system alert/status primitives, while rebaselining chat rails, sticky composer behavior, sidebar tools, first-run readiness, and visual QA expectations.
- Expanded ACP release-signoff evidence for permission denial, reconnect, and recovery paths with deterministic frontend hook coverage and a readiness addendum that separates automated evidence from live downstream-agent caveats.
- ACP release notes now explicitly limit downstream-agent support to protocol/runner validation unless operators configure and verify a real downstream ACP stdio agent plus required provider credentials. Binary detection for tools such as Claude Code or Codex is not, by itself, a live-agent create/prompt/cancel verification. (Issue #1504)
- Clarified the ACP release posture for retention and transcript redaction: session detail, events, and artifacts are authenticated operator drill-through surfaces rather than redacted transcript views; diagnostics and audit metadata are sanitized, but automatic transcript/artifact hard-delete retention is not yet a release-certified claim.
- Design-System, Admin, And Product-State Migration — Continued moving onboarding, Knowledge QA, Skills Manager, Scheduled Tasks, quiz, prompt studio, monitoring/admin, data-ops, billing, org/team, and study-suggestion surfaces onto shared design-system alert/status patterns with refreshed visual QA and state-label coverage.
- Sandbox, ACP, And MCP Policy Evidence — Expanded VZ Linux host evidence, disposable image-store clone flows, prepared-host/recovery/failure drill packets, operator-status ingestion, ACP support-safe summaries, custom-profile evidence contracts, live-agent caveat documentation, and conservative downstream-agent support guardrails.
- Release Process And Documentation Posture — Backfilled architecture, ADR, README diagram, resource-governance/security/database, MCP/ACP, and product-state tracker documentation so the release train has auditable implementation and operational context.
- CI, Dependency, And Type-Check Reliability — Hardened the PR validation stack with coverage-ratchet baselines, SBOM and package-build fixes, action/dependency updates, Playwright/browser gate stabilization, frontend TypeScript baseline reductions, full-suite flake remediation, pre-commit and CodeQL follow-ups, and targeted e2e-smoke/watchlists/playground route fixes.
- Security, Auth, And Runtime Safety Hardening — Tightened auth dependency aliases, permission guards, onboarding secret handling, provider URL validation, API-key/log redaction, MCP catalog validation, sandbox helper trust boundaries, SSRF/network-policy handling, Starlette CVE pins, and clear-text E2E auth CodeQL suppressions for test-only browser storage sinks.
- Product Workflow Stabilization — Fixed research-workspace migration and source readiness issues, flashcard import/review/re-rate handoffs, quick ingest routing and estimate behavior, chat response failure copy and persistent error banners, notes remediation follow-ups, Deep Research bundle import hardening, and duplicate workspace route registrations after the dev/main integration correction for PR #1982.
- Backend Module Review Hardening — Addressed review findings across ACP, agent orchestration, audit, AuthNZ, audio/audiobook, billing, chat, Chatbooks, Collections, Data Tables, Evaluations, External Sources, Flashcards, Governance, Ingestion, Infrastructure, LLM calls, Local LLM, Logging, Meetings, Metrics, Monitoring, Notes, Persona, PrivilegeMaps, RAG, Research, Reminders, Resource Governance, Sandbox, Scheduler, Security, Setup, Sharing, Slides, Storage, Streaming, StudyPacks, Sync, Telegram, TTS, Usage, Utils, Watchlists, WebClipper, and legacy WebSearch paths.
- Frontend And UAT Reliability — Stabilized chat, media, character modal, Knowledge QA, Mermaid artifact, Notes first-time UX, flashcard setup/review, Quick Ingest file-type handling, Docker WebUI auth bootstrap, WebUI auth persistence/recovery, MCP Hub setup recovery, and Research Workspace UAT follow-up flows.
- Packaging, CI, And Runtime Compatibility — Fixed PR shard coverage and stability issues, MCP standalone/TestPyPI artifact contents, MCP snapshot schema warnings, Search_and_Research package marker casing, Parakeet ONNX graph bundle loading, invalid PGVector metadata order handling, trailing slash media redirects, and package/runtime dependency readiness for release.
- Onboarding, Artifact Profiling, And Scion Foundations — Added branch-aware artifact profiles, a first-run assistant setup wizard with archetype templates, and Scion-inspired backend improvements spanning template handling, policy conditions, and request multiplexing. (PRs #1070, #1075, #1076)
- Flashcard Templates And Study Suggestions v2 — Added flashcard templates and review orientation, plus deterministic v2 study-suggestion grounding with canonical topic keys, richer evidence metadata, lineage-aware reuse, review-session aggregates, and matching backend/frontend support. (PRs #1069, #1093)
- Audit-Driven UX Refresh Across Core Workspaces — Notes, prompts, dictionaries, and World Books all received audit-driven UX follow-through covering labels, dialogs, disclosure, keyboard/help affordances, ARIA cleanup, remaining NNG issues, structural refactors, and cross-workspace search improvements. (PRs #1041, #1052, #1054, #1057, #1071, #1073, #1077)
- Release Documentation And Review Artifacts — Refreshed the README/version narrative and added review/remediation planning artifacts to support the broader audit and hardening wave. (PRs #1061, #1065, #1066)
- Dependency And CI Baseline Refresh — Updated GitHub Actions artifact/pages/codecov actions, refreshed regex and multiple Python dependency groups, moved the extension toolchain forward with a Vite bump, and lifted several backend/runtime package baselines including
langdetect,python-multipart, andopentelemetry-distro. (PRs #1017, #1018, #1019, #1020, #1040, #1079, #1080, #1081, #1082, #1083, #1084, #1085, #1086) - Security, Isolation, And Runtime Contracts — Tightened shared SQLite backend ownership, strict-audit durability, MCP unified workspace/persona isolation and concurrency handling, external server/media fallbacks, Docker packaging contracts, and ACP/storage-path safety. (PRs #1059, #1064, #1067, #1078)
- Character, Persona, And Upload Reliability — Remediated character full-stack findings, hardened persona archetype loading against malformed YAML, and improved duplicate-media upload feedback. (PRs #1056, #1068, #1088)
- WebUI Stream, Abort, And Persistence Stability — Stabilized WebUI auth/persistence notifications, surfaced chat stream timeout and abort failures correctly, and hardened abort handling plus ingest DB messaging. (PRs #1063, #1089, #1090)
- Web Scraping Ingest Safety — Closed out ingest review issues and hardened outbound web-scraping policy enforcement. (PRs #1058, #1095)
- First-Run Assistant Follow-Through — Addressed post-merge issues in the first-run assistant rollout after the initial wizard landed. (PRs #1087, #1091)
- Wave Hardening For Bootstrap, Lifecycle, And Shutdown — Completed wave-based hardening across data/bootstrap safety, character lifecycle and evaluations reliability, and final evaluations shutdown behavior. (PRs #1092, #1094, #1100)
- Evaluations Recipe Framework — A recipe-driven evaluation system with manifests, run persistence, job worker integration, and reporting APIs. Includes guided retrieval tuning and RAG answer quality recipes, recipe-first UI flows with a guided launcher, and legacy evaluations tab fixes. Synthetic eval draft generation and shared review workflow added alongside browser and unit test coverage. (PR #942)
- MCP Virtual CLI — Phase-1 virtual CLI command runtime with workspace-bounded filesystem tools, governed
runMCP tool, parser/registry/execution/presentation layers, approval-gated execution for governed chains, policy-aware discovery, nested idempotency propagation, spill-safe presentation, and integration test coverage across authz and path scoping. (PRs #939, #941) - Reference Manager Import/Sync — Provider-neutral reference-manager connector contracts, storage, and Zotero integration. Zotero collection sources are exposed through the connectors API with import-mode scheduler and worker sync including dedupe, metadata-only tracking. (PR #940)
- NotebookLM Presentation Style Catalog — Built-in visual style catalog with resolver-backed metadata, prompt profiles, and reusable style packs. Reveal export rendering extended with namespaced style CSS and richer visual-block HTML. Presentation Studio gained a visual style picker, client metadata support, and built-in theme synchronization. (PR #935)
- FTUE Audit — Comprehensive first-time user experience audit addressing 41 issues across documentation, tooling, configuration, and frontend UX. Includes unified README entry points,
make help/make show-api-keytargets, restructured.env.example, improved onboarding error messages, Docker entrypoint auth-init failure handling, DATABASE_URL preflight checks, demo mode exit banners, and multi-user JWT setup guidance. (PRs #938, #944) - Evaluations Recipe Framework — A recipe-driven evaluation system with manifests, run persistence, job worker integration, and reporting APIs. Includes guided retrieval tuning and RAG answer quality recipes, recipe-first UI flows with a guided launcher, and legacy evaluations tab fixes. Synthetic eval draft generation and shared review workflow added alongside browser and unit test coverage. (PR #942)
- MCP Virtual CLI — Phase-1 virtual CLI command runtime with workspace-bounded filesystem tools, governed
runMCP tool, parser/registry/execution/presentation layers, approval-gated execution for governed chains, policy-aware discovery, nested idempotency propagation, spill-safe presentation, and integration test coverage across authz and path scoping. (PRs #939, #941) - Reference Manager Import/Sync — Provider-neutral reference-manager connector contracts, storage, and Zotero integration. Zotero collection sources are exposed through the connectors API with import-mode scheduler and worker sync including dedupe, metadata-only tracking. (PR #940)
- NotebookLM Presentation Style Catalog — Built-in visual style catalog with resolver-backed metadata, prompt profiles, and reusable style packs. Reveal export rendering extended with namespaced style CSS and richer visual-block HTML. Presentation Studio gained a visual style picker, client metadata support, and built-in theme synchronization. (PR #935)
- FTUE Audit — Comprehensive first-time user experience audit addressing 41 issues across documentation, tooling, configuration, and frontend UX. Includes unified README entry points,
make help/make show-api-keytargets, restructured.env.example, improved onboarding error messages, Docker entrypoint auth-init failure handling, DATABASE_URL preflight checks, demo mode exit banners, and multi-user JWT setup guidance. (PRs #938, #944) - Speech / Audio FTUE Follow-through — Added a TTS/STT first-time-user audit pass with broader onboarding, navigation, and setup-guidance improvements across the speech entry points. (PR #983)
- Deferred FTUE and Workspace Handoffs — Added follow-up tutorials, JSON export affordances, Quick Ingest result CTAs into Knowledge and Workspace, recently-ingested document auto-open behavior, and "Open in Workspace" handoffs from knowledge sources. (PRs #984, #1007)
- MCP Hub / Media / Quiz Phase 2 UX — Added Joyride-guided onboarding for MCP Hub and quizzes, richer empty states and retry guidance for MCP Hub and Media Library, connected quiz orientation improvements, and extension sidepanel deep links into Media Library and Quizzes. (PRs #993, #997, #998)
- Writing Suite Phase 1 — Added manuscript database tables, CRUD/FTS helpers, REST API endpoints and schemas, TipTap-backed writing editor surfaces, manuscript tree and focus mode, drag-and-drop reorder, and review-driven hardening across the writing stack. (PR #995)
- Container Snapshot Publishing and Lifecycle Docs — Added GHCR main snapshot publishing for the app and UI images, a single roll-up
container-build-checksummary job, and first-class container image lifecycle documentation. (PRs #996, #1006) - FTUE / FTUX Expansion — First-time user improvements broadened across onboarding, LLM connection, chat and watchlist journeys, realtime and BYOK setup, extension notification flows, media and review surfaces, MCP Hub, moderation, quiz, and a larger flashcards-first experience with new tutorials, empty states, and UX polish. (PRs #948, #950, #951, #953, #954, #963, #965, #969, #973, #977, #981, #982)
- Study Packs Phase 1 — Added a new study-pack pipeline spanning backend generation, provenance, source resolution, jobs-worker execution, API schemas/endpoints, and shared UI creation, remediation, and handoff flows with broad automated coverage. (PR #978)
- Flashcards Workflow Expansion — Added workspace deck preview support, global tag suggestions, deck references in the create drawer, richer create/review/import flows, and related study-assistant follow-through across backend and shared UI surfaces. (PRs #974, #975, #979)
- Watchlist Alert Rules — Added a watchlist alert-rules engine, database layer, and API support for user-defined run and feed notifications. (PR #970)
- Coordinated App Shutdown — Added coordinated application shutdown flow support to improve lifecycle cleanup and service teardown behavior. (PR #945)
- MCP Virtual CLI Phase 2 — Extended the governed MCP virtual CLI beyond the initial runtime with deeper policy/runtime integration, safer command execution flows, and additional UX and test hardening for workspace-bounded command handling. (PRs #946, #962)
- Chat mood badge hidden by default across shared WebUI and extension chat surfaces, with one-time legacy preference migration and preserved user opt-in. (PR #943)
- Workspace scope now forwarded when saving chat knowledge; voice-unavailable reason propagated through PlaygroundForm. (PR #943)
- Chat mood badge hidden by default across shared WebUI and extension chat surfaces, with one-time legacy preference migration and preserved user opt-in. (PR #943)
- Workspace scope now forwarded when saving chat knowledge; voice-unavailable reason propagated through PlaygroundForm. (PR #943)
- Settings internals were further decomposed by extracting the growing Settings page into smaller components, reducing page-level coupling while keeping the version line at
0.1.30. (PR #994) - Settings and notifications management moved further toward task-oriented configuration with tabbed Settings navigation, stronger extension notification subscription wiring, cleaner notification count/preference handling, and improved route parity across shared UI entry points. (PRs #968, #969)
- AuthNZ admin CLI maintenance was tightened with clearer module-level documentation expectations and dedicated regression coverage for create/reset-admin command docs. (PR #976)
- Admin, operator, and production-readiness surfaces continued to harden through follow-up infrastructure work in the admin UI stack. (PR #934)
- Evaluations recipe framework hardened with 50 review-feedback fixes: Pydantic-typed recipe endpoints, worker readiness gating before enqueue, custom
RecipeEnqueueErrorexception, sanitized error metadata,managed_media_databasecontext manager for worker sessions,owner_user_idenforcement onget_run(), pre-validatedbuild_reuse_hash, DB-level reuse-hash lookup,ConfidenceSummary.model_validatefallback, field-specific weight validation errors, CLI JSON shape validation, non-retryableftsmode error,RecipeNotFoundErrorcustom exception, dict-backed document normalization in RAG pipeline, parameterized Loguru logging, and comprehensive recipe logic fixes across retrieval tuning, answer quality, embeddings, and summarization recipes. (PR #942 review follow-ups) - FTUE v2 residual issues: Docker entrypoint now exits on auth init failure, DATABASE_URL TCP connectivity preflight added, demo mode crash guard for missing
DemoModeProvider, and clearer configuration guidance across Docker and local installs. (PR #944) - MCP virtual CLI review feedback addressed: preflight validation, filesystem module registration, command runtime path scope tests, and idempotency propagation fixes. (PR #941 review follow-ups)
- Addressed post-review regressions across notifications, snoozed-state handling, persona buddy follow-ups, flashcard onboarding, and FTUE onboarding/realtime/watchlist flows so the new user journey and notification surfaces behave consistently across the web app and extension. (PRs #965, #966, #972, #973, #982)
- Shared workspace cloning and "Shared With Me" flows, backed by new sharing APIs, privilege-aware workspace sharing rules, and clone-service support. (PR #903)
- ACP workspaces gained workspace discovery and health services for workspace-entity orchestration surfaces. (PR #912)
- Deep Research now includes jobs-backed run persistence, provider-backed collection/synthesis, replayable SSE progress, checkpoint review, chat handoff and follow-up flows, and workflow launch/wait/bundle steps. (PR #831)
- MCP Hub governance pack management expanded with source distribution, trust policy and signer provenance/diagnostics, hosted staging/production overlays, and route parity across shared UI, the web app, and extension settings. (PRs #917, #922, #933)
- Companion/Home and integrations management grew with a customizable Companion Home dashboard, notifications surfaces, shared integrations and scheduled-task management, and workspace installation registry syncing. (PRs #920, #925, #926)
- The audio stack gained KittenTTS provider support, curated
kitten_ttsbundle profiles, shared admin audio installer routes/panel, andpocket_tts_cppadapter/runtime/installer support. Audio setup docs and scripts were also migrated fromhuggingface-clitohf. (PRs #918, #919, #921, #923, #931) - Telegram bot AuthNZ/governance support now includes permission foundations, admin configuration APIs, webhook intake/deduplication, linked-actor mapping, scoped execution identities, and exact-scope approval callbacks. (PR #924)
- Reference-guided image generation for
POST /api/v1/files/createimage artifacts viapayload.reference_file_id, including managed reference-image discovery throughGET /api/v1/files/reference-images, backendimage_reference_inputcapability metadata, documented Model Studio support for eligible reference-image model families, and Playground modal support for selecting one managed reference image as the request source.
- Media DB v2 advanced through the phase-1 and stage-1 caller-first migrations, splitting the monolith into repository/runtime/schema modules, rebinding callers to the new API surface, tightening request-scope isolation, and expanding read-contract coverage. (PRs #911, #930, #925)
- Quick Ingest audio configuration now uses structured language selection and backend-driven transcription model dropdowns, and the web UI also gained audio input source switching. (direct dev merges)
- Knowledge QA and related workspace/chat flows were hardened with a wider desktop workspace, media retrieval fallback coverage, workspace study material ownership, flashcard visibility enforcement, and stricter voice-conversation capability contracts. (direct dev merges and PR #933 follow-ups)
- Admin and operator surfaces were overhauled with production-readiness and incident-management follow-through across dashboard, AI overview, budgets, compliance, monitoring, invitations, registration codes, webhooks, usage, and voice-command tooling. (PR #932)
- Embeddings jobs workers now normalize legacy chunk types instead of failing queued work. (PR #914)
- Sharing, research, governance-pack trust, Telegram approvals/webhooks, companion routing, MCP Hub navigation, and admin audio installer follow-ups received post-review stability fixes. (PRs #903, #831, #922, #924, #926, #933)
pocket_tts_cpp, KittenTTS bundle verification, quick ingest language-state handling, quickstart same-origin hydration/browser config, and Media DB v2 delete/review regressions were addressed in post-merge hardening. (PRs #919, #921, #923, #930, #931 and direct follow-ups)- CI and repo hygiene were tightened with frontend/browser gate fixes, isolated workspace installation repo tests, OSS/private boundary enforcement, and GitHub Actions dependency bumps for
docker/login-action,docker/setup-buildx-action, anddependency-review-action. (PRs #843, #900, #901, #925 and related follow-ups) - Resolved FTUX follow-up issues across MCP Hub routing/confirmation flows, media-library dead ends and search help, quiz mobile labels and empty-reset behavior, companion deep links,
window.opensafety, notification duration, and tutorial dispatch/timing behavior. (PRs #993, #997, #998) - Hardened document-ingest and workspace handoff flows by fixing
keep_original_filebehavior for HTML and document types, centralizing doc-type constants, preventing process-only temp-file leaks, and improving missing-original-file recovery messaging. (PR #1007) - Hardened manuscripts and writing review follow-ups with optimistic locking for reorder operations, corrected word-count propagation metadata, safer state selection, and broader security/sync/null-guard fixes across the new writing stack. (PR #995)
- Completed the GHCR/container follow-through with workflow safety fixes, provenance pinning, admin-monitoring null-safety cleanup, and clearer container build roll-up behavior. (PRs #996, #1006)
- Addressed post-review regressions across notifications, snoozed-state handling, persona buddy follow-ups, flashcard onboarding, and FTUE onboarding/realtime/watchlist flows so the new user journey and notification surfaces behave consistently across the web app and extension. (PRs #965, #966, #972, #973, #982)
Changelog sync note: these entries document scope already merged on
mainvia PR #910. They are retained here for history untildevis synced, but they are not unreleased work.
- Backfilled the
devchangelog for themain-merged PR #910 knowledge/workspace beta readiness audit so the merged review-remediation scope stays visible before those code paths are forward-ported intodev.
- Documented the merged setup-audio rollout on
main, including bundle-and-profile recommendations in/setup, offline audio-pack manifest export/import, persisted audio readiness state, and richer setup verification/remediation reporting. - Documented merged Knowledge QA and Workspace Playground hardening on
main, including note-id normalization, shared-link hydration fixes, stronger study/remediation and live-workspace coverage, and tighter workspace probe/runtime assertions.
- Documented merged reliability fixes on
mainacross setup install-status typing and health collection, audio-pack path and compatibility handling, RAG sensitivity/vector-store metadata handling, quiz test-mode and provenance behavior, and assorted slides/workspace retry and Chroma state-tracking edge cases.
- Profile-aware curated audio bundles in
/setup, withlight,balanced, andperformanceresource tiers for the local hardware families and conservative recommendation scoring across bundle/profile pairs. - A v1 setup audio pack service for manifest export/import, including selection identity capture, checksum validation, and compatibility checks for platform, architecture, and Python minor version.
- Setup readiness persistence for imported audio packs so pack metadata, compatibility status, and asset manifests are visible alongside the selected bundle/profile state.
- The
/setupaudio UI now recommends both a hardware bundle and a resource profile, shows profile-specific disk/tier metadata, and sendsresource_profilethrough provisioning and verification flows. - Audio bundle documentation and speech onboarding guides now describe per-profile footprints and the distinction between online provisioning and v1 offline-pack import.
- Safe rerun and verification flows now stay aligned with the selected bundle/profile identity instead of treating every bundle as a single undifferentiated install target.
- Setup documentation no longer implies a fully offline dependency installer; the v1 offline-pack path is documented as manifest-and-model portability only.
- Bundle-first audio setup provisioning in
/setupwith a curated audio bundle catalog forcpu_local,apple_local,nvidia_local, andhosted_plus_local_backup, plus backend coverage for bundle selection and expansion. - Hardware-aware audio bundle recommendations driven by detected setup machine profile data, with new setup APIs for recommendation retrieval and bundle provisioning.
- A persisted
audio_readinessstate model and setup endpoints for readiness inspection and reset so audio provisioning status no longer depends on the global setup completion flag. - End-to-end audio verification and readiness classification for primary STT/TTS paths, including setup-facing health collection, remediation reporting, and integration coverage for recommendation, readiness, provisioning, and verification flows.
- A generator-backed audio bundle documentation path via
Helper_Scripts/generate_audio_bundle_docs.py, along with design and implementation plan docs for the bundle rollout.
- The
/setupaudio experience now defaults to curated bundle selection instead of exposing provider-level STT/TTS choices first, with detected hardware, prerequisite visibility, provisioning progress, safe rerun, verification, and readiness-report UX. - Setup and speech onboarding guides were rewritten around the new bundle-first flow, including clearer separation between online provisioning, pre-seeded offline provisioning, and offline runtime after provisioning.
- Setup audio completion is now classified by real verification outcomes (
ready,ready_with_warnings,partial,failed) instead of treating install completion as proof that the speech stack is usable. - Final setup-scope verification and security checks were tightened for the touched installer paths, including Bandit-clean subprocess annotations and docs/test alignment for the new audio bundle workflow.
- Added: Repo2Txt shipped across shared UI, web, and extension surfaces with GitHub and local sources, file-tree filtering, preview/copy/download flows, and better launcher discoverability. (PR #790)
- Added: Safety and admin surfaces expanded with the Family Guardrails Wizard, per-user moderation phrase lists, and router analytics usage tabs plus aggregate APIs for operators. (PRs #804, #810, #797)
- Added: Reading and research workflows grew with pinboard-style Collections enhancements, switchable unified RAG profiles, and multi-source quiz generation. (PRs #805, #796, #807)
- Added: MCP Hub management shipped across AuthNZ storage, API, WebUI, and extension settings for ACP profiles and external server lifecycle management. (PR #806)
- Added: Workflow capabilities expanded with kanban orchestration primitives, strict structured-output generation, structured QA chat workflows, unified queued-request handling, and connector-backed external file sync orchestration. (PRs #809, #818, #820, #823, #821)
- Changed: Audio and ingestion experiences were redesigned: the Speech Playground gained richer TTS and STT comparison workflows, while Quick Ingest became a 5-step wizard with live progress, retry/error classification, and minimize-to-background controls. (PRs #816, #827)
- Changed: Knowledge and watchlists moved to more progressive, task-oriented layouts with clearer defaults, navigation, empty states, and reliability feedback. (PRs #812, #813)
- Changed: Prompt and writing workflows were reorganized with a fuller prompt workspace, stronger filtering/discoverability, and a restructured Writing Playground inspector. (PRs #817, #815)
- Changed: Notes management was overhauled around decomposed editor/sidebar panes, progressive disclosure, and clearer save-status handling. (PR #826)
- Changed: Media compatibility cleanup reduced legacy shim behavior and made deprecation signaling more explicit across ingestion flows. (PR #794)
- Fixed: Platform reliability hardened across monitoring, benchmark recovery, shim cleanup, and core runtime paths, including sandbox admission/state handling, monitoring range interactions, and broader cleanup bundles that had previously been scattered across draft entries. (PRs #792, #793, #795, #798)
- Fixed: Chat reliability issues were addressed for tool routing parity, OpenRouter freeze cases, selected-chat failure states, and conflict/retry behavior. (PRs #811, #814)
- Fixed: ACP and admin surfaces received remediation for control auth, persistence, forks, login/auth proxy paths, privileged actions, and users views. (PRs #825, #829)
- Fixed: Repo2Txt was hardened for local source selection, GitHub provider permissions, worker recovery, and deterministic compile behavior. (PR #790)
- Added: Admin and operator surfaces became more authoritative across billing and feature gating, monitoring, DSR intake, backup scheduling, incident management, maintenance rotation, BYOK retention previews, and privileged-admin backend verification. (PRs #834, #862, #864, #868, #879, #880, #883, #877)
- Added: ACP and MCP Hub governance expanded with production-readiness hardening, persisted session and registry state, tool permissions and persona approvals, path-policy controls, OPA governance packs, capability adapter registries, runtime policy integration, and governance pack upgrade workflows. (PRs #838, #847, #848, #853, #875, #891, #893, #895, #897)
- Added: Persona, assistant, and flashcard workflows grew with Persona Garden chat integration, live exemplars, structured Q&A preview import, study assistant and scheduler follow-ups, per-deck FSRS, voice assistant building, and tighter persona setup targeting and handoff analytics. (PRs #833, #841, #845, #878, #889, #890, #892, #894, #896)
- Added: Workspace, ingestion, and companion capture capabilities expanded with ingestion source sync, explicit and bulk companion capture, source folders and collections, document workspace upgrades, MinerU PDF OCR, and git repository source sync for notes. (PRs #846, #860, #866, #873, #874, #882, #887)
- Added: Prompting, presentation, and workflow tooling expanded with structured prompts across Prompt Studio, llama.cpp grammar and thinking controls, Presentation Studio, and workflow diagnostics with investigation APIs and run inspection. (PRs #858, #850, #881, #888, #869)
- Added: Sandbox and model runtime capabilities expanded with macOS sandbox runtimes, admin diagnostics, real seatbelt execution, and runtime-aware Qwen3 TTS backend support. (PRs #852, #856, #859, #870)
- Changed: Major interface redesigns landed across the Writing Playground, Speech Playground Compose & Compare flow, Workspace Playground, Media Review, Moderation Playground, and the shared
/ttsspeech route. (PRs #835, #836, #837, #840, #865, #871) - Changed: Companion and chat coordination were tightened with quality controls, proactive follow-ups, workspace chat isolation and full sync, and reduced request bursts from lazy hydration. (PRs #867, #876, #872)
- Fixed: Reliability fixes addressed Quick Ingest session wiring, chat-workflows route exposure, sandbox workspace locking, media-review preview rendering, and admin UI prod-readiness fallbacks for local-only flows. (PRs #830, #832, #839, #855, #857)
- Document Workspace UX/UI Audit — Comprehensive improvements across accessibility, keyboard navigation, mobile responsiveness, and user control, based on Nielsen's 10 Usability Heuristics:
- Accessibility (WCAG):
aria-labelon all 5 TextSelectionPopover buttons (Copy, Highlight, Translate, Ask AI, Listen),group-focus-within:opacity-100on annotation edit/delete actions for keyboard discoverability,aria-labelon chat textarea - Keyboard shortcuts: Cmd+G (go to page), Cmd+[/] (toggle panels), Cmd+/ (focus chat), Cmd+=/- /0 (zoom in/out/reset), F (fullscreen toggle), Escape to dismiss text selection popover
- Mobile bottom navigation bar: Fixed 48px bottom nav with Sidebar/Document/Chat icons replacing Ant Design top tabs, proper
role="tablist"andaria-selectedsemantics - Mobile text selection bottom sheet: Touch-friendly slide-up sheet with backdrop, safe area inset padding, drag handle, and text preview replacing floating popover on mobile
- Ask AI prompt templates: Dropdown submenu with Explain, Summarize, Define terms, and Simplify options replacing single hardcoded prompt
- Drag-and-drop document upload:
onDragOver/onDragLeave/onDrophandlers with visual feedback and client-side file type validation (PDF/EPUB only) - Recent documents in picker: Last 5 opened documents shown above search results, persisted in localStorage
- Per-tab reading progress bar: Thin progress indicator under each document tab driven by page/percentage
- Onboarding feature cards: 4 dismissible cards (Highlight, Chat, Insights, Quiz) in empty viewer state, localStorage-gated
- Chat clear confirmation: Popconfirm dialog before clearing chat history
- Sync recovery animation: Pulse animation on sync indicator for 2 seconds after error-to-synced recovery
- Quiz preference persistence: Question count, type, and difficulty saved to localStorage across sessions
- Expanded server-required guidance: Setup instructions in server-offline state
- EPUB chapter title in toolbar: Shows current chapter name on left side of viewer toolbar
- Tablet drawer decoupling: Toggle buttons always visible on tablet; drawer state independent from desktop pane state
- Responsive drawer width:
Math.min(360, window.innerWidth * 0.85)instead of fixed pixel width - Text2SQL security hardening:
- Added dedicated
sql.readRBAC permission constant and seeded baseline grants for defaultuser/adminroles - Added connector ACL enforcement for
POST /api/v1/text2sql/querywith explicit403 unauthorized_targetresponse on denied targets - Added security regression tests for RBAC and ACL behavior (
test_text2sql_rbac_and_acl.py) - Updated API docs for standalone Text2SQL and unified RAG SQL source usage (
sources=["sql"],sql_target_id)
- Added dedicated
- Accessibility (WCAG):
- repo2txt V1 integration across shared UI, web, and extension options surfaces:
- Added shared options route scaffold and route wiring for
/repo2txt. - Added repo2txt page shell and interaction flow in shared UI.
- Added GitHub provider support for repo2txt generation.
- Added local file/folder provider support for repo2txt generation.
- Added repo2txt file-tree state slice for selection/exclusion behavior.
- Added repo2txt formatter and tokenizer worker pipeline.
- Added locale keys and parity guard coverage for repo2txt copy.
- Added Next.js wrapper route at
apps/tldw-frontend/pages/repo2txt.tsx. - Added extension E2E coverage for options route loading and sidepanel link-out behavior:
apps/extension/tests/e2e/repo2txt-options.spec.tsapps/extension/tests/e2e/repo2txt-sidepanel-linkout.spec.ts
- Added shared options route scaffold and route wiring for
- Added repo2txt discoverability in the launcher/shortcuts modal.
- Added docs coverage for repo2txt route behavior in:
apps/DEVELOPMENT.mdapps/tldw-frontend/README.mdapps/extension/README.md
- Added third-party notice attribution for upstream
repo2txt(project + MIT license) in:THIRD_PARTY_NOTICES.txt
- Added extension compile tsconfig and entrypoint module declarations:
apps/extension/tsconfig.compile.jsonapps/extension/types/tldw-ui-entries.d.ts
- Pinboard-style Collections enhancements for Reading:
- Added saved-search CRUD API surfaces:
POST /api/v1/reading/saved-searchesGET /api/v1/reading/saved-searchesPATCH /api/v1/reading/saved-searches/{search_id}DELETE /api/v1/reading/saved-searches/{search_id}
- Added Reading item-note link API surfaces:
POST /api/v1/reading/items/{item_id}/links/noteGET /api/v1/reading/items/{item_id}/linksDELETE /api/v1/reading/items/{item_id}/links/note/{note_id}
- Added strict same-user note existence enforcement for link creation while keeping note-content lifecycle under
/api/v1/notes. - Added archive-mode controls (
use_default|always|never) and persisted archive metadata fields (archive_requested,has_archive_copy,last_fetch_error) in Reading responses. - Added backend and frontend coverage for saved searches, note links, archive controls, and feature-flag gating.
- Added saved-search CRUD API surfaces:
- Added changelog coverage for this session’s Collections strict-boundary delivery and review remediation pass.
- Family Guardrails Wizard rollout across WebUI + extension settings surfaces:
- Added dedicated settings route
/settings/family-guardrailswith capability-aware gating and navigation metadata. - Added WebUI page wrapper at
apps/tldw-frontend/pages/settings/family-guardrails.tsx. - Added extension route module and registry wiring parity:
apps/tldw-frontend/extension/routes/option-family-guardrails-wizard.tsxapps/tldw-frontend/extension/routes/route-registry.tsx
- Added dedicated settings route
- Family wizard backend contract and persistence surface:
- Added family wizard request/response schemas in
tldw_Server_API/app/api/v1/schemas/family_wizard_schemas.py. - Added family wizard draft/snapshot endpoints in
tldw_Server_API/app/api/v1/endpoints/family_wizard.py. - Added guardian DB draft/member/relationship/plan persistence support in
tldw_Server_API/app/core/DB_Management/Guardian_DB.py.
- Added family wizard request/response schemas in
- Guardian moderation orchestration improvements:
- Added queued family plan materialization on guardian acceptance.
- Added strictest-wins shared-dependent policy conflict resolution path.
- Coverage and docs for the new workflow:
- Added comprehensive Family Guardrails wizard unit/integration coverage across UI services, route parity, DB, schema, endpoint, and materialization flows.
- Added Playwright workflow coverage for family setup, guardian mapping, templates, tracker blockers, and draft resume.
- Added user guides:
Docs/User_Guides/WebUI_Extension/Family_Guardian_Setup.mdDocs/User_Guides/WebUI_Extension/Family_Guardrails_Wizard_Guide.md
- Quiz critical-path E2E coverage is now split into focused specs with shared strict helpers:
apps/extension/tests/e2e/quiz-critical-edit.spec.tsapps/extension/tests/e2e/quiz-critical-create.spec.tsapps/extension/tests/e2e/quiz-critical-take-results.spec.tsapps/extension/tests/e2e/utils/quiz-critical-helpers.ts
- Added backend regression coverage to ensure the attempts listing route is not shadowed by dynamic quiz routes:
tldw_Server_API/tests/Quizzes/test_quizzes_endpoint_integration.py
- Moderation per-user phrase rule support across schema, runtime, and UX:
- Added typed per-user override
rulesmodel (id,pattern,is_regex,action,phase) to moderation schemas. - Added runtime compilation of per-user rules with literal/regex handling and safety checks, then merged compiled rules into effective moderation policy resolution.
- Added non-advanced Moderation Playground User-scope quick composer for phrase-list management:
Banlistentries map toblockNotify listentries map towarn- Optional regex toggle, per-item removal, and list views for
Banned phrasesandNotify phrases.
- Added typed per-user override
- Added moderation API and service test coverage for per-user rules:
- Added contract coverage for
GET/PUT /api/v1/moderation/users/{user_id}withrulespayloads. - Added unit coverage for per-user rule compilation, dangerous-regex rejection, effective-policy merge behavior, and phase-aware action behavior.
- Added contract coverage for
- Added frontend service contract and component coverage for phrase-list workflows:
- Added moderation service contract tests to verify rules roundtrip in user override requests/responses.
- Added Moderation Playground quick-list tests for rendering, add/remove flows, duplicate and invalid-regex validation, and save-payload assertions.
- Watchlists UX redesign — progressive disclosure layout (PR #813):
- Restructured watchlists from 8 horizontal tabs to 3 primary tabs (Feeds, Articles, Reports) with inline expandable secondary views (Monitors, Activity, Templates).
- Added persistent collapsible health bar replacing the Overview tab, with 30s auto-refresh, health cards, and attention badges.
- Added settings drawer (gear icon) replacing the Settings tab.
- Added Cmd/Ctrl+K command palette with categorized commands (navigate, create, action) and fuzzy search.
- Added keyboard shortcuts: 1/2/3 (tab switch), N (new entity), R (refresh), / (focus search), ? (help panel).
- Added rich per-entity empty states with contextual descriptions and CTAs for feeds, monitors, activity, articles, reports, and templates.
- Added "Show all views" toggle to restore original 8-tab layout for power users (persisted to localStorage).
- Added mobile responsive layout: Select dropdown for tabs at <768px, full-width settings drawer on mobile.
- Added run failure "common causes" section in RunDetailDrawer, pattern-matched by failure kind (auth, rate limit, timeout, network, TLS).
- Added retry button to failed run notification toasts.
- Added deep-link backward compatibility: old URL params (
?tab=sources,?tab=items) map to new equivalents (?tab=feeds,?tab=articles). - Added 89 new i18n locale keys for all new UI elements.
- Quick Ingest Wizard Redesign — Replace 3-tab modal with 5-step progressive wizard:
- Step 1 — Add Content: Combined file drop zone + multi-line URL paste, auto-detect content type with icons, inline validation (malformed URLs, duplicates, size limits), per-item remove, "Use defaults & process" quick mode for single items
- Step 2 — Configure: Preset card selector (Quick/Standard/Deep) with per-queue time estimates, content-type-filtered options (audio language/diarization, document OCR, video captions shown only when relevant), storage mode (Server/Local), collapsible advanced options
- Step 3 — Review: Confirmation checkpoint with per-item operation summary, contextual warnings (large files >50 MB, long estimated time >15 min, large batches >5 items), total time estimate
- Step 4 — Processing: Per-item live progress dashboard with multi-stage indicators, current stage label + percentage, per-item cancel, overall summary bar (completed/processing/queued + elapsed/remaining), Cancel All and Minimize to Background buttons
- Step 5 — Results: Grouped results (successes collapsed, errors expanded), error classification badges (Network/Format/Server + Retryable/Permanent), plain-language error descriptions, per-error Retry button, per-success Open/Chat/View actions, Retry All Errors batch button, Ingest More to restart
- Minimize-to-background floating widget: Portal-rendered fixed-position widget (bottom-right) showing progress percentage, item count, estimated time, expand/restore button; auto-dismisses 10s after completion
- SSE real-time updates via
useIngestSSEhook: Connects toGET /api/v1/media/ingest/jobs/events/stream, handlessnapshotandjobevents, maps backend statuses to wizard progress, exponential backoff reconnection (1s→10s) IngestWizardContext: React context +useReducermanaging wizard state (current step, queue items, preset config, processing state, minimized flag) with navigation guardsIngestWizardStepper: Horizontal breadcrumb stepper with accumulated context labels, click-to-revisit completed stepstimeEstimation.ts: Client-side heuristic time estimates by media type and preset (audio 10s+2s/MB, video 15s+3s/MB, document 3s+0.5s/MB, web ~8s) with preset multipliersErrorClassification.ts: Pattern-based error categorization with priority ordering and retryable/permanent flagsPresetSelector.tsx: Rewritten from dropdown to card layout with plain-language descriptions and dynamic time estimates- Direct modal swap:
QuickIngestButton.tsxandSidepanel/Chat/form.tsxnow importQuickIngestWizardModal(no feature flag) autoProcessQueuedbackward compat: New modal supports auto-skip to processing step when items are pre-queued (used by sidepanel chat form)- 70 new tests:
ErrorClassification.test.ts(22),timeEstimation.test.ts(21),IngestWizardContext.test.tsx(13),IngestWizardStepper.test.tsx(7),QuickIngestWizardModal.integration.test.tsx(7 — full Steps 1→5 flow)
- Docker runner integration test (
test_docker_runner_integration.py) for full container lifecycle validation (session → upload → run → artifacts → cleanup), skipped without Docker daemon. - TTS Listen Tab UX Redesign — Two-zone layout (Workspace + Inspector Panel):
CharacterProgressBarcomponent with color-coded thresholds and ARIA progressbar roleVoicePreviewButtoncomponent for inline voice previews via TTS APITtsStickyActionBarwith Play/Stop/Download controls, stream status indicator, and inspector toggleTtsProviderStripcompact config summary strip with clickable tags and preset switcherTtsInspectorPanelwith Voice/Output/Advanced tabs, responsive drawer mode on mobileTtsVoiceTab,TtsOutputTab,TtsAdvancedTabinspector tab components- Provider-conditional field visibility (browser shows voice only, openai shows model+voice, tldw shows full controls)
- Multi-voice narration UI in Voice tab with role assignment cards (tldw provider only)
- Inline
VoiceCloningManagerrendering in Advanced tab - Keyboard shortcuts: Ctrl/Cmd+Enter (play), Escape (stop), Ctrl/Cmd+. (toggle inspector)
aria-live="polite"on provider strip for screen reader announcements- 24 component tests across 6 test files
- STT Playground Comparison-First Redesign — Record once, compare across multiple models:
- Rewrote
SttPlaygroundPagefrom 736-line single-model tool into three-zone comparison architecture - Zone 1 — RecordingStrip: Record/stop with real-time duration timer, animated audio level meter (
role="meter"), native audio playback, file upload (accept="audio/*"), collapsible settings gear toggle - Zone 2 — ComparisonPanel: Multi-select model picker, parallel transcription via
Promise.allSettled, responsive card grid (1/2/3 cols), per-card skeleton loading, editable transcripts, latency + word count metrics, copy-to-clipboard, save to Notes, per-card retry on error - Zone 3 — HistoryPanel: Collapsible past recordings with re-compare (loads blob from IndexedDB), markdown export to clipboard, single-delete and confirmed clear-all via Modal
- Dexie/IndexedDB persistence (
stt-recordings.ts): Audio blobs stored with 20-recording cap and oldest-eviction, schema version bump inschema.ts useAudioRecorderhook: MediaRecorder lifecycle, 200ms timer, blob retention,loadBlob()for re-compare, cleanup on unmountuseComparisonTranscribehook: Parallel multi-model transcription, per-model status (pending/running/done/error),performance.now()latency, retry single model, multi-format response extractionInlineSettingsPanel: Playground-local overrides for language, task, format, temperature, prompt, segmentation (progressive disclosure); "Reset to defaults" restores global settings- Keyboard shortcuts: Space to toggle record (when no text input focused), Cmd/Ctrl+Enter for Transcribe All, shortcut hints on buttons
- Accessibility: Dynamic
aria-labelon record button with shortcut hint,aria-live="polite"on duration timer and transcript textareas,role="region"with model-specific labels on result cards, multi-state visual feedback (icon + color + text, not color alone) - 51 tests across 9 test files (Dexie store, both hooks, all 4 components, keyboard shortcuts, page integration)
- Rewrote
- Text2SQL security hardening:
- Added
sql.readRBAC permission constant and seeded baseline grants for defaultuserandadminroles. - Added SQL target ACL claims (
sql.target:*,sql.target:media_db) and removed implicit default target allow. - Enforced connector ACL checks in
POST /api/v1/text2sql/querywith explicit403 unauthorized_targeton denied targets. - Added RBAC/ACL regression tests in
tldw_Server_API/tests/Security/test_text2sql_rbac_and_acl.py. - Added baseline seed consistency for
sql.readinrbac_seedpaths.
- Added
- API documentation updates for SQL retrieval:
- Documented standalone Text2SQL endpoint in
Docs/API-related/API_README.md. - Documented unified RAG SQL source usage (
sources=["sql"],sql_target_id) and required SQL ACL claims inDocs/API-related/RAG_API_Documentation.md.
- Documented standalone Text2SQL endpoint in
- Chat Workflows web-shell regression coverage:
- Added
apps/tldw-frontend/__tests__/pages/chat-workflows-route.test.tsxto verify the Next.js page shim exists and still lazy-loads@/routes/option-chat-workflows. - Tightened
apps/packages/ui/src/routes/__tests__/chat-workflows-route.test.tsxto keep the/chat-workflowsworkspace navigation metadata aligned with the shared route registry.
- Added
- TTS "Compose & Compare" Redesign — New A/B comparison workflow for the Speech Playground TTS tab:
UnifiedAudioPlayer(components/Common/UnifiedAudioPlayer.tsx): Single audio player component for all providers — play/pause/seek slider, time display, waveform visualization (viaWaveformCanvas), download button; acceptsaudioUrl,audioBlob, or streaming mode; replaces per-provider player inconsistencyRenderStrip(components/Option/Speech/RenderStrip.tsx): Self-contained generation card with five states (idle,generating,ready,playing,error); config tags (provider, voice, format, speed) as clickable chips; embedsUnifiedAudioPlayerfor playback andTtsJobProgressfor long-running generations; undo notification on remove with 4-second restore windowuseMultiRenderStatehook (hooks/useMultiRenderState.ts): Manages array of render strips with independent generation lifecycle; actions:addRender,removeRender,generateRender,generateAll,clearAll,playAllSequentially; play-one-at-a-time enforcement (starting one pauses others); object URL lifecycle management (create on generate, revoke on remove/unmount)VoicePickerModal(components/Option/Speech/VoicePickerModal.tsx): Unified voice selection across all 19 backend TTS providers; search input, recent voices row (last 5 from localStorage), provider-grouped catalog (Local Engines / Cloud Providers) with collapsible sections; inline[Play]preview per voice; capability badges (Stream, Clone); selecting a voice returns{ provider, voice, model }and auto-selects provider- Render strips zone in
SpeechPlaygroundPage.tsx: Between text editor and action bar — mapsuseMultiRenderStatetoRenderStripcomponents; "Add Render", "Pick Voice", "Generate All", "Play All", "Clear" controls; per-strip generate, edit (opens voice picker), retry, remove actions - Action bar extensions in
TtsStickyActionBar.tsx: "Add Render" button with separator, "Play All" button (shown when multiple ready strips exist) - Smart defaults: Last-used voice config persisted to
localStoragefor render strip defaults; recent voices tracked in voice picker - Accessibility:
role="region"+aria-labelon all strips and players;role="option"+ keyboard Enter on voice picker items;aria-labelon all interactive buttons - 36 new tests:
UnifiedAudioPlayer.test.tsx(8),RenderStrip.test.tsx(11),useMultiRenderState.test.ts(10),VoicePickerModal.test.tsx(7)
- Writing Playground UX overhaul — Editor-dominant layout with collapsible drawers, based on Nielsen heuristic audit:
- Editor-dominant layout (H8 fix): Removed
PageShellmax-width constraint; editor now fills all available viewport space instead of competing with permanently-visible sidebars - Drawer-based panels: Library and Inspector panels converted to collapsible sidebars (pinned on desktop ≥1100px, overlay Drawers on mobile <1100px) via
WritingPlaygroundShell; toggle buttons in new compact top bar - Prominent Generate button (H1/H6 fix): Generate button moved from buried inspector sidebar to always-visible top bar; disabled state shows tooltip explaining why (no session, no model, offline, no chat provider)
- Generation visual feedback (H1 fix): Pulsing ring animation on editor during generation; live elapsed-time counter in status bar; tok/s display
- Compact top bar: Session name, model input, Generate button, diagnostics tag, and panel toggles in a single row; replaces removed page title/subtitle
- Status bar: Token count, generation speed, elapsed time, save status, and Ctrl+Enter shortcut hint
- Decluttered toolbar (H8 fix): Toolbar reduced from 12+ always-visible buttons to icon-only Undo/Redo + view mode toggle + overflow dropdown (Read Aloud, Pause/Resume, View Chunks, Insert, Search)
- Flexible editor: Replaced fixed
rows={18}textarea withautoSize={{ minRows: 12 }}and resizable styling; fixed double-scroll caused by nested overflow containers - Terminology cleanup (H2 fix): "Basic stopping mode" → "Stop condition"; "Inspect" tab → "Analysis" (both default label and override)
- Updated 4 test files (32 assertions) to match new layout structure
- Editor-dominant layout (H8 fix): Removed
- Extension compile script now targets explicit config:
apps/extension/package.jsoncompilenow usestsc --noEmit -p tsconfig.compile.json.
- Frontend compile script now uses webpack build path for deterministic completion in this environment:
apps/tldw-frontend/package.jsoncompilenow usesnext build --webpackbefore token-sync verification.
- Updated Product PRD acceptance and test criteria for Reading saved-search and item-note link surfaces, including strict notes-boundary expectations.
- Improved the Collections implementation plan’s final commit-step readability by consolidating long
git addinstructions into grouped multiline commands. - Character import preview UX now shows a dedicated
OKbutton after successful upload completion so users can dismiss with explicit confirmation instead of relying on the modal close icon. - GitHub Advanced Security triage for PR #753 was completed end-to-end:
- Investigated each remaining CodeQL finding by rule/path and separated true issues from false positives.
- Closed residual
py/path-injectionfindings as false positives only after validating trusted-root containment in MLX tokenizer artifact resolution. - Stepped through failing checks until the PR returned to all-green status.
- Family Guardrails wizard UX simplification and resilience:
- Household setup now uses preset-driven onboarding (family/caregiver/institutional templates) as the primary mode selector path.
- Wizard copy and validation feedback are mode-aware (
guardianvscaregiver) across setup, mapping, review, and tracker steps. - Single-guardian flows skip relationship mapping and preserve back-navigation symmetry from templates/review.
- Large-family workflows now support bulk entry/table interactions with keyboard-assisted selection/removal and status-aware tracker guidance.
- Wizard continues now enforce stronger inline step validation, duplicate/collision messaging, and deterministic resume-to-latest-draft behavior.
- Route capability and parity guardrails now enforce consistent Family Guardrails visibility/registration across shared UI, web, and extension route registries.
- Refined MCP Hub external server update flow to use a dedicated repository-level
update_external_serverpath (directUPDATEpattern) for consistency with ACP profile updates and clearer audit semantics. - Extended settings/navigation indexing so MCP Hub management is discoverable in both settings and workspace-oriented routes.
- Hardened quiz endpoint routing by typing dynamic route segments (
{...:int}) for quiz/question/attempt IDs in:tldw_Server_API/app/api/v1/endpoints/quizzes.py
- Upgraded strict quiz E2E critical flows to hard assertions for:
- edit metadata save + persisted verification (UI + API),
- manual create flow persistence verification,
- take/submit/results flow with explicit attempts API assertion.
- MCP Hub management end-to-end surfaces across AuthNZ storage, API, and WebUI/extension:
- Added AuthNZ migrations for MCP Hub ACP profile and external server tables in SQLite and PostgreSQL bootstrap paths.
- Added
McpHubRepoandMcpHubServicefor ACP profile CRUD and external server lifecycle handling, including encrypted secret storage and masked secret status responses. - Added MCP Hub management API contracts and routes under
/api/v1/mcp/hubfor ACP profiles, external servers, and secret set operations. - Added WebUI + extension MCP Hub page wiring and tabs (
AcpProfilesTab,ExternalServersTab,ToolCatalogsTab) with shared route-registry coverage (/mcp-hub,/settings/mcp-hub). - Added frontend MCP Hub API client module/tests and route parity tests for web/extension settings exposure.
- Added docs for architecture and usage:
Docs/MCP/mcp_hub_management.mdDocs/MCP/README.md
- Added backend and frontend regression coverage for MCP Hub migrations, repo/service behavior, API authorization boundaries, and tab interactions/error states.
- Enhanced moderation policy snapshots to include per-rule
phasemetadata alongside existing pattern/action/replacement/category fields. - Updated Moderation Playground override payload normalization/comparison so
rulesparticipate in dirty-state detection and save/reset lifecycle. /api/v1/audio/chat/streamnow supports overlapped LLM->TTS streaming by incrementally chunking LLM deltas into phrase commits against realtime TTS sessions./api/v1/audio/chat/streamturn finalization now runs as cancellable per-turn tasks, enabling barge-in interruption and stale-output guards./api/v1/audio/stream/tts/realtimenow supports in-sessioninterruptby finishing/cancelling the active synthesis window, reopening a session with the same config, and continuing on the same WebSocket.apps/packages/ui/src/hooks/useVoiceChatStream.tsxnow sendsinterrupton barge-in while speaking and transitions back tolisteningon serverinterruptedframes.- Updated audio protocol/docs to document new frames and overlap behavior:
Docs/API/Audio_Chat.mdDocs/Audio_Streaming_Protocol.md
- Renamed "Knowledge QA" heading to "Ask Your Library" with updated subtitle across empty state and tests.
- Redesigned web search toggle from ambiguous text to visually distinct pill with globe icon, filled/outline states, and proper
aria-label/aria-pressedattributes. KnowledgeQALayoutnow conditionally renders based on layout mode:- Simple mode: single centered column,
CompactToolbar, no history sidebar. - Research mode: three-column layout with
HistoryPane, fullKnowledgeContextBar,EvidenceRail. - Mobile always forces Simple mode layout; promotion toast hidden on mobile.
- Simple mode: single centered column,
KnowledgeReadyStateguide section auto-collapses for returning users (viauseEffecton async history load).- Evidence rail auto-open now respects user intent via
useReftracking — won't reopen after manual close. - Settings panel and evidence rail are now mutually exclusive (opening one closes the other).
- Refactored
Knowledge/index.tsxsettings page status display from nested ternaries to aSTATUS_COPYmap. - Updated golden layout tests for new conditional rendering paths and component structure.
- Renamed watchlist tabs in UI to user-task language: Sources→Feeds, Jobs→Monitors, Runs→Activity, Items→Articles, Outputs→Reports.
- Updated first-run copy contract test to match "monitor health" terminology (was "run health").
- Default sidebar tab changed from "toc" to "insights" for better first-impression content
- Tab label font size increased from 10px to 11px for readability
- "Fit width" button renamed to "Reset zoom" with
RotateCcwicon for accuracy - Keyboard shortcuts modal updated to list only implemented shortcuts
- Updated misleading docstrings in
DockerRunner,SandboxService,LinuxLimaEnforcer, andMacOSLimaEnforcerto accurately reflect implemented functionality.
- No removals in this session.
- Fixed stale/cancelled turn output leakage by dropping outdated audio/LLM emissions after interruption.
- Fixed realtime TTS interruption flow to allow continued text commits without requiring WebSocket reconnect.
- Fixed voice websocket test stability in local environments by stubbing heavyweight STT dependency imports in targeted WS test modules.
- Fixed user override loading/reset normalization so persisted
rulesare preserved in draft state and correctly re-applied. - Fixed Moderation Playground User ID input suffix rendering to remain structurally stable, preventing focus-loss behavior from dynamic suffix mount/unmount.
- Fixed route matching ambiguity where
/api/v1/quizzes/attemptscould be interpreted as/{quiz_id}, causing attempts list failures. - Fixed strict take/results E2E behavior to fail fast with diagnostic screenshot when the started-quiz question list does not render.
- Fixed unsaved-create tab navigation handling to accept only the expected unsaved-changes prompt copy.
- Fixed MCP Hub list endpoint access-control gaps by constraining ACP profile and external server visibility to principal-allowed scopes (
global, ownuser, memberorg/team) and returning403for forbidden explicit filters. - Fixed PostgreSQL timestamp persistence in MCP Hub repo by preserving timezone-aware UTC datetimes for
TIMESTAMPTZwrites. - Fixed silent UI failures in MCP Hub tabs by surfacing user-visible Ant Design error alerts for load/create/save-secret failures.
- Fixed MCP Hub security hardening follow-ups flagged during review and revalidated with targeted tests and Bandit checks for touched backend paths.
- Fixed web/extension family wizard route wiring parity regressions and added explicit route-parity tests to prevent drift.
- Fixed family wizard tracker/review action targeting so blocked dependents route guardians back to the correct mapping context.
- Fixed targeted route-parity test path resolution to be cwd/worktree agnostic during Vitest runs.
- Fixed extension compile command failure caused by missing local
tsconfig.jsoninapps/extension. - Fixed frontend compile gate stalling under Turbopack in this environment by switching compile verification to webpack build mode.
- Fixed archive artifact creation in async paths by offloading blocking filesystem operations (
mkdir,write_text) withasyncio.to_thread. - Fixed archive metadata update reliability by removing silent suppression and logging/reporting metadata patch failures via
archive_error. - Fixed import-time crash risk from invalid archive env vars by introducing guarded integer parsing with safe defaults.
- Fixed saved-search input validation gaps:
- Reject unsupported query keys and malformed query value types.
- Reject whitespace-only search names (create and update).
- Normalize and validate
sort/filter payloads before persistence.
- Fixed endpoint typing clarity by adding explicit row-type annotations for saved-search and note-link response helpers.
- Fixed remaining security findings in PR #753:
- Hardened MLX tokenizer artifact candidate path normalization and trusted-root enforcement in
tokenizer_resolver.pyto prevent traversal/out-of-root resolution. - Strengthened Notes attachment markdown escaping to include backslashes and newline normalization.
- Strengthened Notes export YAML escaping for backslashes and control characters (
\r,\n,\t) in frontmatter values. - Removed admin UI API key cleartext persistence in
sessionStorage; API key auth now remains in-memory only for single-user mode. - Added/updated regression coverage for MLX path handling, notes frontmatter escaping, and admin auth API key storage behavior.
- Hardened MLX tokenizer artifact candidate path normalization and trusted-root enforcement in
- Fixed blank
/settings/knowledgepage (Critical, H1 violation) — added connection-aware error states. - Fixed
contextChangedSinceLastRunalways showing "Scope changed" badge due to brokennormalizeIdentifierSetcomparisons against empty string. - Removed dead
normalizeIdentifierSetfunction and staleinclude_media_ids/include_note_idsfromuseMemodependency array. - Fixed
InlineRecentSessionscrash on invalid timestamp strings (addedNaNguard informatRelativeTime). - Fixed
CompactToolbarsource summary using magic number — extractedALL_SOURCES_THRESHOLDconstant. - Fixed evidence rail auto-open loop where
useEffectwould immediately reopen rail after user closed it. - Voice-streaming interruption + overlap protocol additions:
- Added additive client
interruptand serverinterruptedframe handling for/api/v1/audio/chat/stream. - Added active turn identifiers (
turn_id) for interruption acknowledgements. - Added
interruptrecovery flow for/api/v1/audio/stream/tts/realtimethat rotates to a fresh realtime session without closing the socket.
- Added additive client
- Added streaming phrase chunker utility:
tldw_Server_API/app/core/Streaming/phrase_chunker.py
- Added backend regression coverage for voice overlap/cancellation:
tldw_Server_API/tests/Audio/test_ws_audio_chat_stream.pynow covers idle interrupt safety, overlap ordering (tts_start/audio before finalllm_message), inflight cancellation, and stale-audio suppression after interrupt.tldw_Server_API/tests/Audio/test_ws_tts_realtime_endpoint.pynow covers realtime TTS interrupt handling and post-interrupt continuation.
- Added frontend regression coverage for barge-in interruption behavior:
apps/packages/ui/src/hooks/__tests__/useVoiceChatStream.interrupt.test.tsx
- Extracted
InlineSecondarySectioncomponent outside render function to prevent unnecessary React remounts. - Stabilized
useWatchlistsCommandsactions object withuseMemoto prevent command list recomputation on every render. - Removed redundant
useEffectforwriteSecondaryExpanded(already persisted in toggle callback). - Knowledge QA "Adaptive Progressive" UX redesign (Stages 1 & 2):
- New
useLayoutModehook with Simple/Research mode toggle, localStorage persistence, and auto-promotion toast after 3+ Q&A turns. - New
CompactToolbarcomponent: condensed pill bar (Sources, Preset, Web toggle, Settings gear) for Simple mode. - New
InlineRecentSessionscomponent: horizontal scrollable row of recent search session cards for returning users in Simple mode. - New
KnowledgeReadyStateempty state with "Ask Your Library" heading, collapsible "How it works" guide, suggested prompts, and source/session action buttons. - Added "Open workspace" / "Simplify view" toggle button (bottom-right corner) for manual mode switching.
- Added "Scope changed" badge in compact toolbar when search context diverges from last run.
- New
- Added 50 new tests across 3 new test files:
useLayoutMode.test.ts(25 tests): mode defaults, persistence, auto-promotion, dismiss persistence.CompactToolbar.test.tsx(12 tests): source summaries, preset labels, web toggle, callbacks, scope badge.InlineRecentSessions.test.tsx(13 tests): rendering, max-5 limit, click-to-restore, relative time formatting.
- Annotation undo ID preservation: Undo now restores the original annotation object with its server-synced ID via direct
setState, instead of callingaddAnnotation()which generated a new ID causing server/client state divergence and duplicates - Removed Cmd+W shortcut: Conflicted with browser tab close; removed from both handler and shortcuts modal
- Stable DOM selectors: Fullscreen toggle and go-to-page shortcuts now use
data-testidattributes instead of fragile CSS class substring matching and Ant Design internal class selectors - Quiz preferences render performance: Moved
localStorageread +JSON.parseintouseStateinitializer to avoid re-parsing on every render - Fixed
PostgresStore._coerce_created_at()AttributeError: moved method fromSQLiteStoretoSandboxStorebase class so both SQLite and Postgres backends inherit it. Admin list/count endpoints with date filters on Postgres would crash without this fix. - Fixed event loop closure causing cascading "Event loop is closed" test failures in
RunStreamHub._schedule_dispatch(): now clears staleself._loopreference and falls through to the threading.Timer fallback. Addedreset_loop()method for test fixture cleanup. - Fixed config cache leaking between sandbox tests: added
_sandbox_clear_config_cacheand_sandbox_reset_stream_hubautouse fixtures to sandboxconftest.pyso environment variable changes and stale event loop references don't bleed across tests. - Added debug logging to 8 silent
except ... passhandlers innetwork_policy.py(expand_allowlist_to_targets,pin_dns_map,apply_egress_rules_atomic,delete_rules_by_label) so iptables/DNS failures are observable instead of silently swallowed. - Fixed
Manager.first-use.test.tsxselectors to match updated button labels (Filtersinstead ofAdvanced filters, text queries instead of role queries for onboarding cards) - Fixed temporal dead zone bug in
AddContentStepwherenewItemsarray was spread inside its own initialization callback - Fixed
ReviewStep"Start Processing" button not initializing processing state (was only callinggoNext, now callsstartProcessing()first) - Fixed
ReviewSteppassingPresetConfigobject instead of preset name string toestimateTotalSeconds() - Fixed Ant Design
Radio.GrouponChange type mismatch inConfigureStep - Chat UI reliability bug squash:
- Preserved server chat sidebar data on recoverable refresh failures instead of collapsing to an empty state during transient auth/config/rate-limit issues
- Added explicit selected server chat load states (
idle,loading,loaded,failed) so chat switching no longer leaves the conversation pane blank on failed loads - Rendered a dedicated selected-chat failure state in the playground instead of the generic empty-chat shell
- Stopped no-op server chat settings sync writes when only sync metadata changed, preventing version churn during chat load
- Retried chat delete, restore, and update mutations once after optimistic-lock conflicts by fetching the latest chat version first
- Clarified sidebar reliability states with stale-data warnings, unavailable refresh copy, and conflict-specific mutation error messaging for chat actions
- Restored Chat Workflows route exposure in the Next.js web app:
- Added
apps/tldw-frontend/pages/chat-workflows.tsxso/chat-workflowsresolves instead of falling through to a missing-page state. - Preserved discoverability through existing launcher coverage targeting
/chat-workflows.
- Added
- Chat UI regression coverage for server-chat reliability:
- Added recoverable refresh regression coverage in
useServerChatHistory.test.ts - Added selected-chat load state and stale-request guard coverage in
useServerChatLoader.test.ts - Added selected-chat failure rendering coverage in
PlaygroundChat.server-load-state.test.tsx - Added settings sync no-op coverage in
chat-settings.sync.test.ts - Added stale-version mutation retry coverage in
tldw-api-client.chat-trash.test.tsandtldw-api-client.chat-mutations.test.ts - Added sidebar reliability and conflict-feedback coverage in
ServerChatList.reliability.test.tsx
- Added recoverable refresh regression coverage in
- Sandbox runs no longer remain stuck in
startingwhen Docker, Firecracker, or Lima runner startup fails; runner exceptions now persist a terminalfailedstate. sandbox_runs_started_totalnow increments only after a sandbox run scaffold is accepted, so rejected requests are no longer counted as started runs.- Sandbox runtime admission now uses shared runtime preflight results across service and policy layers instead of diverging ad hoc availability booleans.
- Sandbox websocket log streams now stop emitting heartbeats after a run ends, preventing terminal
endframes from being buried in multi-subscriber stress scenarios. - Sandbox snapshot creation now tolerates transient files disappearing during concurrent atomic workspace writes, avoiding archive failures on temporary rename targets.
RunStreamHubsubscriber registration now works in synchronous Python 3.11 contexts where no default main-thread event loop exists.
- Repo2Txt V1 integration across shared UI, web app, and extension options (PR #790):
- Added new shared options route
/repo2txtwith web page wrapper (apps/tldw-frontend/pages/repo2txt.tsx) and extension/options route registration. - Added Repo2Txt providers and contracts for GitHub + Local sources, including repository tree/file retrieval and local directory/zip ingestion.
- Added Repo2Txt formatter pipeline with worker-backed token counting and structured output generation (directory tree + file contents).
- Added Repo2Txt UI surfaces for provider selection, file filtering/selection, output preview, copy, and download flows.
- Added Repo2Txt state management slice (Zustand) plus focused route/component/provider/store/formatter test coverage.
- Added route/navigation integration in shared options registry and header shortcuts for Repo2Txt discoverability.
- Added locale key coverage and synchronized locale mirrors for Repo2Txt copy across supported option locales.
- Added extension E2E coverage for Repo2Txt options route rendering and sidepanel link-out behavior.
- Added upstream repo2txt attribution updates in
THIRD_PARTY_NOTICES.txt.
- Added new shared options route
- Strict LimaVM sandbox provider parity across REST, MCP, and ACP:
- Added Lima runtime capability/preflight contracts and host enforcement probing (
runtime_capabilities.py,runners/lima_enforcer.py,runners/lima_runner.py). - Added strict fail-closed Lima admission and execution-time revalidation in sandbox service flows.
- Added structured Lima error contracts for
runtime_unavailableandpolicy_unsupportedresponses. - Added Lima runtime support in MCP
sandbox.runtool contract and ACP sandbox runner validation. - Added Lima strict capability fields in runtime discovery schemas and API docs updates for strict mode semantics/platform constraints.
- Added regression coverage for Lima strict admission/preflight/runtime discovery/no-fallback/error-contract behavior across Sandbox, MCP, and ACP test suites.
- Added Lima runtime capability/preflight contracts and host enforcement probing (
- PostgreSQL AuthNZ bootstrap schema file for CI/runtime startup safety:
- Added
tldw_Server_API/Databases/Postgres/Schema/postgresql_users.sqlwith core bootstrap tables (users,organizations,teams) and supporting indexes. - Added CI guard test
tldw_Server_API/tests/CI/test_postgres_schema_file_presence.pyto enforce bootstrap schema file presence/content.
- Added
- Strict token counting phase-1 foundation for writing and provider metadata:
- Added shared tokenizer resolver service at
tldw_Server_API/app/core/LLM_Calls/tokenizer_resolver.pyto centralize provider/model tokenizer classification. - Added additive tokenizer metadata fields
count_accuracy(exact/unavailable) andstrict_mode_effectivein writing tokenize/count/detokenize responses, writing capabilities payloads, and/api/v1/llm/providers. - Added exact tokenizer resolution paths for
ollama(provider-native HTTP tokenize/detokenize probing) andmlx(active registry tokenizer with artifact fallback). - Added Bedrock
CountTokensexact-count path (Anthropic-on-Bedrock model family) with model-level strict classification and mirrored metadata on/api/v1/llm/providers. - Added model-level exact classification for
groqOpenAI-routed models (openai/<model>) via canonicaltiktokenmapping. - Added explicit regression coverage that
deepseekandmistralremain non-exact (count_accuracy=unavailable) until a verified provider-native exact tokenizer path is available. - Added strict writing token endpoint gate: when
STRICT_TOKEN_COUNTING=true, non-exact tokenizer resolutions return HTTP422. - Added regression coverage for strict runtime propagation and tokenizer metadata mirroring across Writing and provider metadata tests.
- Added shared tokenizer resolver service at
- Alibaba Model Studio image backend support for
/api/v1/files/createimage generation via the newmodelstudiobackend. - Model Studio adapter support for sync generation, async task submission/polling, and
automode. - Model Studio image configuration fields in
[Image-Generation]:modelstudio_image_base_url,modelstudio_image_api_key,modelstudio_image_default_model,modelstudio_image_region,modelstudio_image_mode,modelstudio_image_poll_interval_seconds,modelstudio_image_timeout_seconds,modelstudio_image_allowed_extra_params. - Qwen region-based endpoint presets for native HTTP chat routing (
sg,us,cn) plusqwen_api_regionconfig support. - Curated Qwen model entries (
qwen-max,qwen-plus,qwen-turbo) in model pricing/catalog metadata. - Qwen provider mapping in LLM provider metadata endpoint wiring so Qwen models appear correctly.
- Regression coverage for Model Studio adapter behavior, config defaults, image allowlist behavior, image model listing, and Qwen base URL precedence/region routing.
- Workspace banners
- Per-workspace custom header banner support in Research Workspace (
/workspace-playground) with title, subtitle, and image. - New banner rendering surface in Workspace UI (
WorkspaceBanner) with graceful no-image fallback styling. - “Customize banner” modal in Workspace header menu with upload, preview, save, remove-image, and reset flows.
- Banner image normalization utility for local uploads (JPEG/PNG/WebP validation, resize, encoding, and byte-cap enforcement).
- Extension parity route support for
/workspace-playground. - Regression coverage for banner defaults, lifecycle persistence, bundle round-trip, header modal behavior, quota eviction, conflict labeling, and extension route parity.
- Per-workspace custom header banner support in Research Workspace (
- Skills authoring + seed UX
- Added built-in
feynman-techniqueskill undertldw_Server_API/app/core/Skills/builtin/. - Added importable
feynman-technique-templateskill underDocs/Prompts/Skills/. - Added Feynman prompt template at
Docs/Prompts/Academic-or-Studying/Feynman_Technique.md. - Added Skills Manager built-ins seeding dropdown actions for both
Seed Missing Only(overwrite=false) andSeed and Overwrite Existing(overwrite=true). - Added protocol-sync regression coverage for Feynman skill/prompt assets in
tldw_Server_API/tests/Skills/unit/test_feynman_assets_sync.py.
- Added built-in
- Chat slash Skills commands
- Added backend
/skillsslash command to list available skills with optional filter support. - Added backend
/skill <name> [args]slash command to execute a specific skill from chat. - Added privilege catalog scopes for
/skillsand/skillcommand execution. - Added command injection coverage for
/skilland/skillssystem-mode behavior intldw_Server_API/tests/Chat_NEW/integration/test_chat_skill_commands_injection.py.
- Added backend
- Added regression coverage ensuring Watchlists pipeline setup propagates HTML template format into generated job and output payloads.
- Watchlists guardrails and release-gate coverage:
- Added static duplicate guard coverage for Watchlists source files (
useWatchlistsStoreselector reuse, duplicate top-level identifiers, duplicate interface keys). - Added
test:watchlists:typecheckpackage script and wired it into the Watchlists scale gate workflow to prevent silent duplicate/type-regression drift. - Added/updated regression coverage for quick-setup candidate preview mocking, accessibility toggle labeling contracts, and run-notification polling harness consistency.
- Added static duplicate guard coverage for Watchlists source files (
- RAG pipeline parity improvements:
- Added pre-retrieval clarification gating (
clarification_gate.py) with heuristic-first ambiguity detection and timeout-bounded fallback behavior. - Added unified request fields for clarification/dedup controls:
enable_pre_retrieval_clarification,clarification_timeout_sec, andenable_research_action_dedup. - Added unified-pipeline clarification short-circuit for ambiguous generation requests (
200 OKwith clarifying prompt ingenerated_answerplus clarification metadata). - Added research-loop action-signature dedup (web/academic/discussion/local DB) with result reuse and
action_dedupmetadata reporting. - Added regression coverage for schema acceptance, clarification short-circuit behavior, clarification metric emission, action-signature dedup (unit + integration), and
/api/v1/rag/featurescontract updates.
- Added pre-retrieval clarification gating (
- Notes moodboard remediation coverage:
- Added backend regression assertions for paged moodboard note listing and true
totalreporting in:tldw_Server_API/tests/Notes_NEW/unit/test_notes_moodboard_db.pytldw_Server_API/tests/Notes_NEW/integration/test_moodboards_api.py
- Added/expanded frontend stage42 moodboard tests covering lazy moodboard fetch behavior and moodboard pagination controls/navigation.
- Added backend regression assertions for paged moodboard note listing and true
- Slack/Discord endpoint modularization follow-up:
- Added dedicated OAuth/admin handler modules:
tldw_Server_API/app/api/v1/endpoints/slack_oauth_admin.pytldw_Server_API/app/api/v1/endpoints/discord_oauth_admin.py
- Added delegated route wiring in primary endpoint modules while preserving existing API paths/function names and test monkeypatch compatibility.
- Added dedicated OAuth/admin handler modules:
- Jobs notifications abstraction hardening:
- Added
JobManager.list_job_events_after(...)to centralize event-stream retrieval behind Jobs core abstractions. - Added/updated bridge regression coverage to validate abstraction-backed notifications event processing behavior.
- Added
- Reminders/notifications review-remediation coverage:
- Added API/DB regressions for scheduler-managed PATCH field rejection, dismissed-notification list filtering, reminders scheduler failure logging, and snooze reconciliation behavior.
- Writing Playground Phase-1 UI and diagnostics experience:
- Added modular Writing Playground structure components (
WritingPlaygroundShell,WritingPlaygroundLibraryPanel,WritingPlaygroundEditorPanel,WritingPlaygroundInspectorPanel) with tabbed inspector routing for Generation, Planning, and Diagnostics. - Added dedicated diagnostics UI components (
WritingPlaygroundDiagnosticsPanel,WritingPlaygroundResponseInspectorCard,WritingPlaygroundTokenInspectorCard,WritingPlaygroundWordcloudCard) with shared diagnostics prop contracts. - Added utility helpers and coverage for diagnostics state summarization and responsive layout classification.
- Added extension E2E coverage for inspector tab keyboard navigation and editor-content persistence across tab switches in
apps/extension/tests/e2e/writing-playground-themes-templates.spec.ts.
- Added modular Writing Playground structure components (
- Repo2Txt implementation hardening updates after review:
- Repo2Txt page state now subscribes to the vanilla Zustand store via
useStoreinstead of mirroring store state with local React state copies. - Token counting now uses
gpt-tokenizerin Repo2Txt tokenizer worker paths (with guarded fallback behavior). - Repo2Txt user-facing strings now resolve through
useTranslation+option:repo2txt.*keys instead of hardcoded English copy. - Repo2Txt output file fetching now uses bounded concurrency with progress status updates instead of unbounded
Promise.allfanout.
- Repo2Txt page state now subscribes to the vanilla Zustand store via
- CI gate classification now computes
coverage_requiredvia dedicated coverage globs instead of mirroringbackend_changed, preserving backend gate behavior while allowing workflow-only exclusions. - Media ingestion compatibility reduction (phase 1):
- Added shared endpoint helpers for compatibility patchpoints and input contracts (
compat_patchpoints.py,input_contracts.py). - Added explicit media deprecation signaling helper (
deprecation_signals.py) and wired additive deprecation headers for legacyurls=[""]sentinel compatibility flows on process endpoints. - Marked media legacy shim surface as adapter-only (
LEGACY_MEDIA_SHIM_MODE = "adapter_only"). - Added regression tests for deprecation signals, compatibility patchpoints, input contract matrix, and shim adapter-only contract.
- Added shared endpoint helpers for compatibility patchpoints and input contracts (
- Writing Playground settings parsing now validates
basic_stopping_mode_typevia a typed supported-mode allowlist in payload normalization. - Workspace snapshot lifecycle now fully persists banner state across create/switch/duplicate/archive/restore/import/export pathways.
- Workspace bundle schema now includes
workspaceBannerand preserves banner state on zip/json import/export. - Cross-tab conflict detection now tracks
workspaceBanneras an explicit conflict field. - Storage recovery logic now evicts archived banner images before more destructive workspace eviction steps.
- Persistence diagnostics now surface a dedicated
workspaceBannerbyte section. - ZIP import parsing now supports environments without
File.arrayBuffer()via a safe fallback reader path. - Qwen base URL resolution precedence is now explicitly ordered as:
request
base_url->QWEN_BASE_URL-> configqwen_api.api_base_url-> region preset. - Model Studio base URL resolution now uses region presets when explicit base URL overrides are unset.
- Model Studio payload construction was refactored to remove duplicate model/extra-parameter logic across sync and async builders.
- Env-var and image setup docs were updated for Model Studio and Qwen routing, including grouped readability improvements for
[Image-Generation]key listings. - Feynman skill/prompt assets now use a shared
protocol_versionmarker key (replacing mixed legacy markers). - Importable
feynman-technique-templatenow defaults todisable-model-invocation: trueto avoid duplicate auto-invocable behavior after import. - Watchlists pipeline contract now carries selected template format (
mdorhtml) through job defaults and output-create payload construction instead of forcing Markdown. - Watchlists source delete confirmation copy now reuses a single locale key across standard and in-use delete flows to reduce translation-key duplication.
- Watchlists guided quick setup now uses a single audio preference field (
includeAudioBriefing) across telemetry, preview copy, and submission flow instead of dual field state. - RAG features/capabilities surfaces now advertise pre-retrieval clarification and research action-dedup support (
/api/v1/rag/features,/api/v1/rag/capabilities, API guide, and capabilities docs). - Chat command routing now passes Skills command context from the chat endpoint into the command router so
/skillexecution can resolve and run skills consistently. - Route-toggle policy now allows environment override application during test mode (
is_test_mode()), preventing collection-order drift between explicit pytest runtime markers and test-mode configuration. - Notes moodboard API/DB behavior:
- Moodboard note listing now performs SQL-level union/collapse/pagination for manual + smart-rule membership instead of full in-memory merge/sort/slice.
- Moodboard notes endpoint now reports a true
totalviacount_moodboard_notes(...)while preservingcountfor the current page. - Moodboard endpoint signatures now include explicit return type hints, helper docstrings, and normalized function signature formatting.
- Async moodboard endpoints now offload synchronous DB operations via
asyncio.to_threadto avoid event-loop blocking.
- Notes moodboard WebUI behavior:
- Moodboard query fetching is now gated to active moodboard view (
listMode=active+listViewMode=moodboard) instead of eager active-mode fetches. - Moodboard list retrieval now iterates paged API requests and deduplicates IDs, removing the practical fixed-size fetch cap behavior.
- Moodboard view now includes local pagination controls (page-size selector, prev/next, summary/index) backed by paged API requests.
- Moodboard rename/delete expected-version handling now uses the simplified
selectedMoodboard.version ?? 1path.
- Moodboard query fetching is now gated to active moodboard view (
- Slack/Discord endpoint organization:
slack.pyanddiscord.pynow delegate OAuth/admin routes to focused modules, reducing endpoint-file size and separating routing from lifecycle/policy internals.
- Notifications/reminders endpoint behavior:
- Notifications snooze now delegates task creation to
RemindersServiceand performs immediate best-effort scheduler reconciliation. - Reminders create/update/delete endpoints now keep best-effort scheduling semantics but log reconciliation/unschedule failures instead of silently suppressing them.
- Notifications SSE/list-window query helpers now align on active-inbox semantics by excluding dismissed rows from non-archived query paths.
- Notifications endpoint handlers and reminders/notifications schemas now include expanded docstrings and explicit SSE generator return typing for stronger API-contract readability.
- Notifications snooze now delegates task creation to
- Jobs notifications bridge:
jobs_notifications_servicenow consumes Jobs manager event-list APIs instead of in-service rawjob_eventsSQL queries.
- Frontend/watchlists CI gate execution paths were re-baselined for deterministic branch runs:
- Frontend UX gates now use a stable Bun-based dependency/install + Playwright invocation flow with a single all-pages smoke gate entrypoint.
- Watchlists extension strict gate flow now preserves explicit launch/target wait timeout controls and aligns with the stable extension-launch helper contract.
- All-pages smoke gate behavior now follows the stabilized route traversal baseline used by the current release-gate suite.
- Writing Playground UI interaction behavior:
- Moved template/theme/chat-mode and context controls from the Generation inspector view into Planning for clearer IA separation.
- Added compact-mode shell grid overrides plus
data-testidlayout markers to improve narrow-layout behavior and regression observability.
- Improved inspector keyboard interaction to support Arrow/Home/End traversal with active-tab focus movement.
- RAG streaming/profile parity hardening (PR #796 follow-up):
- Streamed agentic retrieval now resolves strategy and retrieval/generation knobs from profile-aware
effective_payloaddefaults instead of raw request-only fields. - Async generation paths now warm RAG prompt templates via event-loop-safe thread offload before generator instantiation.
- Two-tier reranker runtime degradation now logs the underlying exception prior to profile degradation fallback (
two_tier->hybrid). - Added/updated regression coverage for stream parity and prompt-loader warmup behavior, including typed test signatures/docstrings in touched RAG test modules.
- Streamed agentic retrieval now resolves strategy and retrieval/generation knobs from profile-aware
- No removals in this session.
- Fixed Repo2Txt local source selection reliability:
- Replaced ambiguous local multi-file picker with explicit directory (
webkitdirectory) and zip pickers. - Added local duplicate-filename collision guard when directory context is unavailable.
- Reset local file input value after selection to allow repeat-selection workflows.
- Replaced ambiguous local multi-file picker with explicit directory (
- Fixed Repo2Txt extension reliability for GitHub provider by declaring
https://api.github.com/*in extensionhost_permissions. - Fixed Repo2Txt tokenizer worker hang risk by adding worker
onerror/onmessageerrorhandling, per-request timeouts, pending-request cleanup, and worker recovery re-init. - Fixed portability gaps in the Repo2Txt implementation plan by replacing machine-specific absolute paths with
<repo_root>/<repo_worktree>placeholders. - Fixed Lima strict-policy contract gaps:
- Rejected unsupported
allowliststrict mode until enforcement support exists, removing false-positive strict capability advertisement. - Added foreground execution-time preflight failure handling so Lima policy/preflight failures mark runs failed consistently (matching background behavior).
- Removed unconditional Docker fallback suggestion behavior for Firecracker runtime-unavailable paths.
- Prevented WSL/Windows readiness override bypass in Lima enforcer preflight checks.
- Rejected unsupported
- Fixed CI gate/classifier runtime issues by repairing
Helper_Scripts/ci/path_classifier.pysyntax and output wiring. - Fixed frontend gate parsing failure in
apps/packages/ui/src/components/Option/WritingPlayground/index.tsxcaused by malformed basic stopping mode expression. - Fixed Full Suite multi-user startup regressions (
relation "organizations" does not exist) by extending PostgreSQL bootstrap schema coverage to include organization/team dependencies. - Fixed tokenizer resolution error precedence so non-native providers no longer surface misleading provider-native configuration errors when tokenizer lookup is unavailable.
- Fixed
modelstudio_image_mode=autoto actually do sync-first fallback to async. - Fixed validation so
payload.extra_params.modeis accepted for Model Studio control flow without requiring passthrough allowlisting. - Fixed user-facing error hygiene by sanitizing Model Studio transport exception details while logging internals.
- Fixed potential SSRF path by validating response-provided remote image URLs against egress policy/allowlist before fetch.
- Fixed
modelstudio_image_regionno-op behavior by wiring it into endpoint selection. - Fixed missing docstring on
_coerce_choicein image generation config helpers. - Fixed bundle import compatibility in environments lacking
File.arrayBuffer(). - Fixed invalid imported banner image payload handling to fail soft (drop bad image, preserve banner text fields).
- Fixed a Watchlists UC2 mismatch where selecting an HTML template could still generate Markdown outputs due to hardcoded
default_format/format. - Fixed duplicate English locale maintenance drift for source delete undo-window messaging by consolidating copy to
sources.deleteConfirmDescription. - Fixed newly added Watchlists API audio-briefing tests to comply with typing/docstring standards by adding explicit fixture type hints, return annotations, and test docstrings.
- Fixed Watchlists static-guard false positives by distinguishing type/value namespaces and limiting interface-property scans to top-level declarations.
- Fixed Watchlists quick-setup review/test-flow regressions caused by stale CTA label assumptions and missing source-preview service mocks in the Overview test suite.
- Fixed Watchlists a11y/load-retry test drift for Sources/Monitors toggles by aligning assertions with row-context ARIA labels and current table-render behavior.
- Fixed redundant iterative research-loop calls for equivalent action/query signatures by reusing previously successful action outputs.
- Fixed
/skillcommand error handling to convert unexpected skill-resolution/runtime exceptions into a structured command error response instead of bubbling unhandled exceptions. - Fixed
tldw_Server_API/tests/Skills/integration/test_skills_api.pystartup abort risk by setting minimal test-route env toggles early and lazily importingapp.mainwithin the fixture, avoiding heavy module side effects at collection time. - Fixed moodboard create endpoint robustness by handling unexpected
NoneID returns before integer conversion. - Fixed moodboard docs path placeholder inconsistency by using
{moodboard_id}forGET /moodboards/{moodboard_id}/notes. - Fixed reminder task PATCH safety by removing scheduler-owned fields (
last_status,next_run_at,last_run_at) from public update schema to prevent user-driven scheduler state corruption. - Fixed dismissed-notification inbox consistency by excluding dismissed rows from non-archived list/stream query paths, aligning unread-count semantics with visible inbox rows.
- Fixed hidden scheduler-sync failures in reminders task endpoints by surfacing non-critical reconcile/unschedule exceptions in warning logs.
- Fixed strict watchlists no-skip gate regressions caused by stale/undefined local assertions in E2E specs and aligned those checks to deterministic harness behavior.
- Fixed extension E2E launch instability in CI by removing unsupported forced Playwright channel behavior and retaining explicit timeout override controls in workflow env.
- Fixed UX smoke gate branch instability by restoring the stabilized all-pages gate command path and traversal behavior expected by current frontend release gates.
- Fixed Writing Playground diagnostics prop leakage by removing
enabledfrom card-prop spreads before passing props into inspector card components. - Fixed monitoring metrics-history range interactions to avoid redundant API loads on manual range selection/apply and to avoid interval resets/reloads while editing draft custom-range inputs.
- Fixed monitoring custom-range UX by clearing range validation errors when users edit custom range start/end values.
- Persona memory namespace resilience improvements:
- Added deterministic persistent fallback namespace keying when
scope_snapshot_idis missing:persistent_fallback_sid_<sha256(session_id)>in persona memory integration.
- Added deterministic legacy persistent namespace mapping for older null-scope entries:
persistent_legacy_pid_<sha256(user_id:persona_id)>.
- Added DB-level namespace backfill helper:
backfill_persona_memory_scope_namespace(...)onCharactersRAGDB.
- Added deterministic persistent fallback namespace keying when
- Persona regression coverage additions:
- Added persistent fallback namespace isolation test for missing-scope persistent sessions.
- Added retrieval-triggered legacy null-scope backfill test for persistent persona memory entries.
- Added DB unit test verifying selective backfill behavior (only missing-scope rows, optional missing-session gate).
- Locale rollout completion for persona unsaved-draft prompts:
- Added localized
persona.unsavedState*prompt copy for remaining non-English sidepanel locales:ar,da,fa,it,ko,ml,no,pt-BR,ru,sv,uk,zh-TW.
- Added localized
- Added implementation-plan docs for this session’s persona slices (stage 23 locale rollout, stage 24 namespace fallback, and stage 25 legacy namespace backfill).
- Watchlists UX IA/onboarding improvements:
- Aligned user-facing Watchlists terminology for Activity/Reports across tabs, overview cards, and help labels.
- Added always-visible Watchlists task shortcuts (
Set up feeds,Configure monitors,Check activity,Review articles,View reports) for direct navigation. - Expanded guided quick setup with goal selection (
Generate briefing reportsvsFeed review only) and destination routing to Reports when briefing setup completes without run-now. - Refreshed guided-tour copy to explicitly explain feed -> monitor -> activity -> articles -> reports pipeline relationships.
- Added onboarding telemetry capture for quick setup and guided tour funnels to measure step completion and drop-off.
- Watchlists briefing/audio delivery UX improvements:
- Added audio briefing controls in monitor configuration for voice, speed, and target duration with safe range normalization.
- Added monitor authoring modes (
BasicvsAdvanced) to reduce first-run form complexity while preserving advanced state in payloads. - Added template editor authoring modes (
BasicvsAdvanced) to separate focused editing from expert tools (snippets/docs/version tools). - Added Basic-mode template recipe builder with structured presets (
briefing_md,newsletter_html,mece_md) and one-click recipe application. - Added explicit warning when advanced monitor settings are hidden by switching back to Basic mode.
- Added advanced filter scaffolding with per-rule plain-language summaries, regex examples/flags, and inline regex validation feedback.
- Added early
Preview impactaction in filter authoring to expose sample ingestion outcomes sooner in the workflow. - Added advanced cron scaffolding with five-field guidance, invalid-format hints, and one-click schedule examples (
Daily 09:00,Weekdays 08:00,Every 6 hours). - Added monitor/template authoring telemetry for start, mode-switch, save, Basic-step completion, and recipe-application adoption tracking.
- Added a unified Watchlists overview health model with cross-tab attention badges (Feeds/Activity/Reports) and direct "attention needed" deep links from Overview.
- Extended watchlists output prefs typing to include audio briefing fields used by backend workflow orchestration.
- Improved Outputs artifact visibility with explicit Markdown/HTML/Audio badges in table rows.
- Added binary-safe audio output download support to prevent corrupted MP3 delivery.
- Added in-drawer audio playback for generated audio outputs alongside existing text/HTML preview flows.
- Hardened live RSS E2E briefing tests to current Watchlists response contracts (
run.stats.*, source-previewtotal/items) and validated UC2 real-feed flow end-to-end. - Added regression coverage for audio monitor payload behavior, output artifact metadata classification, and drawer audio preview rendering.
- Watchlists reliability/remediation UX improvements:
- Standardized monitor/source/run error remediation copy via shared
mapWatchlistsErrorusage in source test preflight, run detail load failures, and monitor save fallback handling. - Added DNS/TLS-specific remediation mapping and locale keys to reduce ambiguous failure handling.
- Added direct retry affordances on source preflight and run-detail load failure surfaces with regression coverage.
- Added grouped run notification fan-in with dedupe and deep-link payloads to prevent repeated toast spam during multi-run failure bursts.
- Added stalled-run detection in notification polling and a persistent Runs-tab reliability attention banner with direct run/filter actions.
- Standardized monitor/source/run error remediation copy via shared
- Watchlists article workflow and scale guardrail improvements:
- Added explicit route query handoff for Watchlists tab/filter deep links (
tab, source/status/smart/search, job/run/output IDs) so cross-tab context is restorable and testable. - Added regression coverage for article-to-monitor/run/reports handoff and include-in-next-briefing action paths.
- Added shared watchlists scale guardrail metadata (
WATCHLISTS_SCALE_GUARDRAILS,WATCHLISTS_SCALE_SCENARIOS) and wired perf/load tests to those constants for repeatable threshold tracking.
- Added explicit route query handoff for Watchlists tab/filter deep links (
- Watchlists accessibility and inclusivity hardening (Plan 06 closeout):
- Completed staged accessibility delivery for keyboard focus restoration, screen-reader live announcements, non-color status encoding, and plain-language onboarding/scheduling/template guidance.
- Added release-gate checklist pass-rate tracking for Watchlists accessibility categories and recorded residual non-critical/manual review items.
- Confirmed accessibility regression matrix remains green in touched flows with no critical keyboard/SR defects.
- Watchlists coordinated UX program closeout:
- Added a cross-stream closeout report with verification summary and owned deferred backlog.
- Chat rich-text regression coverage additions:
- Added
st_compatLaTeX rendering regression test for inline and block math in:apps/packages/ui/src/utils/__tests__/chat-rich-text.test.ts
- Added
- Persona locale parity test enforcement:
- Updated sidepanel persona locale test to require non-English localized copy for all non-English locale bundles (not only priority locales).
- Persona WS auth test harness/runtime stability:
- Updated Persona WS auth tests to mount a local
FastAPIapp with persona router instead of importingapp.main. - Updated API key manager test doubles to align with current auth validation call signature (
required_scopesupport).
- Updated Persona WS auth tests to mount a local
- Persona persistent-memory retrieval behavior:
- Retrieval path now performs legacy namespace reconciliation/backfill for persistent mode when runtime scope is missing, while preserving explicit scope/session namespace behavior.
- Chat rich-text rendering pipeline:
- Updated
st_compatrendering to use a dedicatedMarkedinstance with KaTeX extension wiring (matching existing markdown math support expectations).
- Updated
- No removals in this session.
- Fixed persistent-scoped persona memory retrieval blackhole cases when
scope_snapshot_idis absent by introducing deterministic fallback namespace keying. - Fixed backward compatibility for older persistent persona memory rows with null
scope_snapshot_idby adding deterministic legacy namespace mapping and scoped backfill. - Fixed Persona full-suite runtime instability caused by heavy app import side effects in auth tests.
- Fixed Persona auth test contract drift with API key validation scope handling.
- Fixed Watchlists OPML bulk import preflight handling for wrapped upload objects (
originFileObj), restoringSourcesBulkImport.preflight-committest coverage. - Fixed Watchlists admin runs wrapper route contract by restoring redirect behavior to
/admin/server. - Fixed Watchlists suite runtime abort path in constrained environments by stubbing heavy STT imports (
torch/faster_whisper/transformers) in Watchlists test setup. - Fixed missing LaTeX rendering in
st_compatchat rich-text mode by enabling KaTeX processing for themarked-based render path.
- OpenAI OAuth BYOK account-linking support (opencode-style) under existing user key routes:
- Added
POST /api/v1/users/keys/openai/oauth/authorize. - Added
GET /api/v1/users/keys/openai/oauth/callback. - Added
GET /api/v1/users/keys/openai/oauth/status. - Added
POST /api/v1/users/keys/openai/oauth/refresh. - Added
DELETE /api/v1/users/keys/openai/oauth. - Added
POST /api/v1/users/keys/openai/sourcefor active credential source switching.
- Added
- OpenAI OAuth UI linkage in settings:
- Added OpenAI account-linking card actions for
Connect OpenAI,Check status,Refresh,Disconnect, andUse API Key Instead. - Added frontend API client methods/types and OpenAPI guard entries for the new OpenAI OAuth routes.
- Added OpenAI account-linking card actions for
- OAuth/credential lifecycle coverage additions:
- Added SQLite state-repository cap enforcement coverage for outstanding OAuth state rows.
- Added frontend service-level regression coverage for OpenAI OAuth endpoint contracts.
- Workspace account storage wiring in
/workspace-playground:- Added authenticated client support for
GET /api/v1/users/storage. - Added account quota fallback via
GET /api/v1/users/me/profile?sections=quotas. - Added workspace header support for account usage/quota alongside local payload usage.
- Added authenticated client support for
- Quick Chat pop-out context state support:
- Added source-route serialization/restore for pop-out sessions so docs-mode retrieval and guide routing remain page-aware.
- Added dedicated pop-out state normalization/validation helper for safer session payload parsing.
- Workspace persistence architecture upgrades:
- Added split-key persistence (
index+ per-workspacesnapshot/chat) with legacy monolith migration. - Added IndexedDB offload path for heavy chat/artifact payloads with localStorage pointer metadata.
- Added rollout controls for split-key and IndexedDB offload (env + localStorage feature flags).
- Added development diagnostics for workspace persistence payload size/write-count tracking.
- Added design documentation:
Docs/Design/Workspace_Persistence_Architecture.md.
- Added split-key persistence (
- Expanded regression coverage:
- Added API client tests for
/api/v1/users/storage. - Added workspace persistence tests for split-key migration/fallback, IndexedDB flag-off behavior, chat-retention bounds, and server-backed artifact truncation.
- Added backend user-profile quota tests for live storage override and fallback behavior.
- Added Quick Chat regression tests for pop-out state parsing, sidepanel tutorial resolution behavior, and workflow-card parsing without explicit
routeLabel.
- Added API client tests for
- Added and completed implementation plans for workspace UI refresh and workspace storage efficiency rollout.
- Request-core security regression coverage:
- Added tests for default-deny absolute URL behavior, explicit absolute-origin allowlist behavior, and no-auth-header behavior for allowlisted absolute requests.
- HTTP egress DNS pinning regression coverage:
- Added tests for egress resolved-IP override behavior and resolved-IP propagation in policy evaluation.
- Added HTTP client tests ensuring per-request host resolution is pinned across repeated egress checks and redirect hops.
- Watchlists selector safety hardening:
- Added guardrails for user-controlled selector expressions so overly complex XPath/CSS rules are rejected during both selector validation and runtime selection.
- Added environment-configurable selector limits:
WATCHLIST_SELECTOR_MAX_EXPR_LENWATCHLIST_SELECTOR_MAX_XPATH_DESCENDANT_STEPSWATCHLIST_SELECTOR_MAX_XPATH_PREDICATESWATCHLIST_SELECTOR_MAX_XPATH_FUNCTION_CALLS
- Added regression coverage for complex-selector rejection and environment override behavior.
- Extension bundle compatibility hardening:
- Added a bundle-contract test to ensure
TemplateCodeEditordoes not importnext/dynamic, preventing extension build regressions in non-Next runtimes.
- Added a bundle-contract test to ensure
- Media search remediation regression coverage:
- Added backend search-contract tests verifying
/api/v1/media/searchforwardsboost_fieldsand relevance ordering changes under field-weight differences. - Added frontend integration coverage for metadata-mode constrained search path serialization and metadata-result snippet rendering.
- Added frontend integration coverage for
ViewMediaPageno-results recovery wiring (clear search,clear filters,quick ingestevent dispatch). - Added/confirmed request-churn guard coverage for debounced rapid typing with active filters.
- Added backend search-contract tests verifying
- OpenAI OAuth runtime retry semantics in provider call paths:
- Chat, embeddings, and audio OpenAI OAuth
401handling now force-refreshes once and retries once. - If refresh/retry fails, handlers now propagate the original auth-class error (strict plan) instead of converting to reconnect-required payloads.
- Chat, embeddings, and audio OpenAI OAuth
- OpenAI OAuth observability:
- Added
byok_oauth_401_retry_total{provider,outcome}outcome instrumentation for chat, embeddings, and audio retry flows.
- Added
- OpenAI OAuth endpoint contract hardening:
- OAuth authorize tests now require and verify configured redirect URI propagation in the generated authorization URL.
- Workspace Playground layout and interaction model:
- Refined shell hierarchy and status signaling.
- Converted empty-state examples into actionable prompt chips that seed composer input.
- Reduced composer control clutter while preserving mode/model/advanced controls.
- Kept composer anchored at the viewport bottom with transcript scroll region above it.
- Improved center-pane width reflow as sidebars collapse (
comfortable/expanded/fullbehavior). - Removed residual max-width caps that left visible unused right-side space.
- Storage indicator clarity and policy:
- Updated header copy to
Capacity Payload ... | Account ... | Browser ...with clearer tooltip wording. - Replaced hardcoded 5 MB payload budget with env-configurable workspace payload budget:
VITE_WORKSPACE_STORAGE_PAYLOAD_BUDGET_MBNEXT_PUBLIC_WORKSPACE_STORAGE_PAYLOAD_BUDGET_MB
- Updated payload estimation to include both monolithic and split-key workspace storage entries.
- Updated header copy to
- Workspace persistence efficiency/safety:
- Persisted chat sessions now retain the most recent 250 messages per workspace.
- Oversized server-backed artifact payloads are truncated/stripped in local persistence while preserving server-backed references.
- Characters manager table density styling:
- Refactored Ant Design table density selectors to shared
.ant-table-celltargeting and centralized common vertical alignment for easier maintenance.
- Refactored Ant Design table density selectors to shared
- Backend quota sourcing:
- User profile quota assembly now prefers live storage metrics from
calculate_user_storage(...)forstorage_used_mbandstorage_quota_mb, with fallback to stored user values on failure.
- User profile quota assembly now prefers live storage metrics from
- Quick Chat guide/tutorial behavior:
- Tutorial registry lookups now support an explicit suppression bypass for call sites that need route-scoped tutorial discovery outside options-runtime defaults.
- Browse Guides per-page tutorial lookup now opts into this explicit bypass for sidepanel-hosted Quick Chat.
- Workflow-card parsing now treats
routeLabelas optional and derives fallback labels from route paths when omitted. - Quick Chat workflow-card settings hint text now matches validation semantics (
title/question/answer/routerequired;id/routeLabel/tagsoptional).
- Structured-output parser documentation:
- Added module/function docstrings in
tldw_Server_API/app/core/LLM_Calls/structured_output.pyclarifying candidate parsing order and strict/lenient semantics for shared endpoint and claims parsing paths.
- Added module/function docstrings in
- Request core transport hardening:
- Absolute
http(s)request targets are now blocked by default unless their origin is explicitly included inabsoluteUrlAllowlist. - Absolute URL requests now always skip auth injection at the core helper level (not only in background-proxy fallback paths).
- Multi-user token refresh retry logic is now bypassed for forced no-auth absolute URL requests.
- Absolute
- HTTP client egress hardening:
- Egress policy evaluation now supports passing pre-resolved IPs and returning resolved IPs for callers that need consistent host checks.
- HTTP client retry/redirect loops now maintain a per-request DNS pin cache so subsequent checks for the same host reuse the initial resolved IP set.
- Media search backend relevance/scoping behavior:
/api/v1/media/searchnow threadsboost_fieldsinto DB search execution instead of silently ignoring weights.- SQLite relevance sort now applies weighted BM25 scoring when
boost_fieldsare supplied. - PostgreSQL relevance sort now applies explicit weighted
ts_rank(...)scoring whenboost_fieldsare supplied. - Metadata search (
/api/v1/media/metadata-search) now applies optional standard constraints server-side before pagination (q,media_types, include/exclude keywords, date range, sort).
- No removals in this session.
- Fixed OpenAI OAuth retry behavior drift from design by enforcing strict original-auth-error propagation after failed refresh+retry in chat, embeddings, and audio paths.
- Fixed OpenAI OAuth endpoint test contract drift by aligning redirect URI requirements and assertions for both SQLite and PostgreSQL endpoint suites.
- Fixed missing frontend linkage for OpenAI OAuth account controls in model settings by wiring API client methods, route guards, and action buttons.
- Fixed workspace chat pane width reclaim issues when side panes were collapsed.
- Fixed storage usage ambiguity by separating workspace payload budget, account quota usage, and browser-origin storage usage in the UI.
- Fixed Quick Chat pop-out context loss where docs-mode and Browse Guides used
/quick-chat-popoutinstead of the originating page route. - Fixed Browse Guides
Tutorials for this pageempties in sidepanel-hosted Quick Chat by enabling targeted route lookup for tutorial cards. - Fixed workflow-card validation/documentation mismatch by accepting valid cards that omit
routeLabel. - Fixed an SSRF-adjacent request flow in shared request-core by enforcing default-deny absolute URL policy and explicit allowlist gating.
- Fixed DNS rebinding exposure in server-side outbound HTTP by enforcing single-resolution IP pinning per host within a request lifecycle.
- Fixed a watchlists XPath selector DoS risk by enforcing complexity limits on user-controlled selectors before compile/evaluation.
- Fixed extension build/runtime compatibility for watchlist template editing by replacing
next/dynamicusage inTemplateCodeEditorwithReact.lazy+Suspense, unblockingquick-chat-guides-tutorials.spec.tsPlaywright runs. - Fixed media-search advanced controls drift where
boost_fieldsUI controls had no backend relevance effect. - Fixed metadata-mode pagination/total-authority drift by enforcing server-side standard constraints before result pagination.
- Fixed
ViewMediaPageno-results recovery contract by wiring clear-search, clear-filters, and quick-ingest action dispatch through the page-level flow.
- Quick Chat helper documentation-assistant expansion:
- Added a docs-focused Q&A workflow path for project-documentation guidance.
- Added/expanded pre-written workflow Q&A cards for guided “how do I do X?” discovery.
- Added per-page
Tutorials for this pagesection in Quick Chat Browse Guides (distinct from Q&A cards) with start/replay/locked states. - Added strict-scope docs profile defaults for RAG Q&A (
media_db+project_docs) with scope controls in Settings (quickChatStrictDocsOnly,quickChatDocsIndexNamespace,quickChatDocsProjectMediaIds).
- Guided tutorial rollout (P1 routes) available from Help modal + Quick Chat Browse Guides:
/prompts(prompts-basics)/evaluations(evaluations-basics)/notes(notes-basics)/flashcards(flashcards-basics)/world-books(world-books-basics)- Legacy alias routing support for
/options/*tutorial entry paths.
- New tutorial selector/test contracts:
- Evaluations: stable tutorial target anchors for page title, tabs, create button, list/detail cards.
- World Books: stable tutorial target anchors for shell, search/filters, table, new/import actions.
- Workspace Playground context controls:
- Added option to include full file contents in chat context for tasks like synopsis/summarization questions.
- Validation/test assets:
- Added dedicated Quick Chat tutorials validation spec and expanded tutorial/registry/unit coverage.
- Added manual QA checklist and PR/release notes for the P1 tutorials rollout.
- Published docs IA and release-notes additions:
- Added curated User Guides taxonomy under published docs (
Server,WebUI_Extension,Integrations_Experiments) with updated guide index routing. - Added published release notes page (
Docs/Published/RELEASE_NOTES.md) and wired it into docs nav. - Added targeted Playwright validation coverage updates for character selection/default bootstrap and options first-run onboarding contracts.
- Added curated User Guides taxonomy under published docs (
- Workspace Playground conversation surface behavior:
- Page now extends downward with conversation growth up to a max threshold, then switches to scrollable conversation behavior.
- Character preview UX:
- Character preview modal now shows full description and full tag set rather than obscured/truncated content.
- Options first-run UX test contracts:
- Updated Playwright coverage to align with onboarding-first shell and current landing-hub “Start Chatting” flows.
- Documentation/user-guide coverage:
- Added/updated guidance on Quick Chat docs assistant usage, tutorial discovery, and editing pre-written workflow/Q&A cards.
- Documentation cross-link normalization for published docs:
- Repointed published guide/API/code-documentation links from non-published paths to published equivalents.
- Replaced source-file local path links that do not publish in MkDocs with stable GitHub source links where appropriate.
- MkDocs nav completeness updates:
- Added previously orphaned published pages to nav (
Watchlists API,VoiceAssistant Module,Doc Researcher Features,Generated Files Storage Code Guide,Sidecar Workers.template,Firecracker Host Checklist). - Added explicit “how to add/edit tutorials” developer workflow and “how to edit pre-written workflow cards” user workflow documentation.
- Added previously orphaned published pages to nav (
- No removals in this session.
- Fixed free-floating notes modal open behavior in WebUI/extension where the modal would open then shrink to minimum size.
- Fixed character-page pagination instability that could jump/skip back to page 1.
- Fixed character image rendering in both character grid cards and selected character detail views.
- Fixed character list response handling by normalizing list envelopes (
items,characters,results,data) to prevent missing-character selector states. - Fixed default-character bootstrap behavior in Options Playground so server defaults preselect correctly and manual override persists across reload.
- Fixed Playwright flow instability around modern onboarding/tutorial overlays and drawer interception in character-selection scenarios.
- Playwright validation hardening completed with targeted suite passing:
playground-character-selection.spec.ts(green)options-first-run.spec.ts(green)quick-chat-guides-tutorials.spec.ts+page-review.spec.ts+options-first-run.spec.tscombined run (68 passed)
- Media ingestion batch-processor shim resolution:
process_batch_medianow detects stale endpoint wrapper caches and prefers the live core audio/video processor callable when wrappers are out of sync. - Restored order-independent behavior for MediaIngestion_NEW regression tests that monkeypatch core processors (claims toggle integration and metadata/pre-check contract paths) by preventing fallback to real network/file audio processing during those tests.
- Dictation reliability and diagnostics across WebUI
/chatand extension sidepanel:- Hardened extension dictation fallback E2E by forcing taxonomy-classified server STT failures through the extension upload transport path.
- Added
/chatintegration coverage for dictation mode routing (servervsbrowser) and transcript insertion behavior. - Added sanitized dictation diagnostics event schema (
tldw:dictation:diagnostics) with explicit privacy guarantees (no transcript/prompt/audio payload content). - Fixed STT health false-negatives for non-Whisper providers by making model-status checks provider-aware (
parakeet,canary,external,qwen2audio,qwen3-asr,vibevoicevswhisperlocal-model preflight). - Changed STT health payload semantics to include
usableandon_demand, and updated Whisperwarm=truebehavior to mark warmed models as ready. - Fixed dictation gating in WebUI/extension (
useTldwAudioStatus) to fail-open for non-Whisper provider readiness probes so dictation is not disabled when server transcription remains usable. - Added targeted regression coverage for STT health
usablesemantics and non-Whisper dictation health fail-open behavior (backend pytest + UI Vitest).
- MkDocs strict-build blockers for published documentation:
- Fixed missing-nav-entry blockers by including all published pages reported as out-of-nav.
- Fixed broken published links to removed/non-published
User_GuidesandDevelopmentpaths. - Fixed stale table-of-contents anchors (
#...--...) that no longer matched generated heading IDs. - Strict build now reports zero missing-nav and zero broken-anchor info warnings in the docs scope.
- New security and regression tests for:
- Scheduler payload format/ref validation and legacy compatibility behavior.
- Web dedupe JSON persistence and controlled legacy migration.
- Placeholder-service guardrails and route isolation.
- Loguru formatting guardrail.
- Operations runbook documenting secure defaults, compatibility flags, and migration steps.
- Added a startup/CI route guard that fails fast when duplicate
(path, method)routes are registered. - Added regression tests for duplicate-route detection, CORS guardrails, ULTRA_MINIMAL health routing, and OpenAPI CORS behavior.
- Skills
- End-to-end Skills API workflow tests covering create, list/get, versioned update with supporting-file add/remove, execute preview, context payload, export, zip re-import, delete, and seed flows.
- Seed endpoint integration test coverage for idempotency (
overwrite=false) and overwrite restoration (overwrite=true). - Deterministic unit tests for built-in skill seeding: recursive directory copy (including nested files), no-overwrite preservation, and overwrite replacement behavior.
- Admin Backup Bundles
- Added API contract coverage for admin bundle import error detail shapes:
restore_failedresponses must return structureddetailobjects (error_code,message, optionalrollback_failures).- Standard import validation failures (for example checksum mismatches) must continue returning string
detail.
- Web UI/Extension UX audit gating and regression coverage:
- Added Stage 2 route-contract smoke spec for audited navigation destinations.
- Added Stage 3 rendering-resilience smoke spec for max-depth, template-leak, and retry/timeout assertions.
- Added Stage 4 mobile-sidebar and accessibility smoke specs, plus Axe high-risk route matrix coverage.
- Added Stage 5 audited-route release gate smoke spec and
e2e:smoke:stage5script. - Added deterministic admin smoke fixture profile/route mocks to remove skip behavior and backend-state dependency.
- UX gate process updates:
- Added PR checklist items for UX smoke gate, console-budget checks, and WebUI/extension parity validation.
- Added shared sanitized server-error message utility with correlation-ID log-hint support for user-facing error states.
- Added dedicated core route identity regression tests for
/,/setup, and/onboarding-test. - Added media route guard/boundary coverage for
media-multiandmedia-trashpaths. - Added knowledge QA golden-layout and interaction guardrails to preserve high-quality search/history UX.
- Added workspace/playground positive-pattern guardrail tests (Data Tables, Evaluations, Chunking, Workspace desktop layout).
- Added explicit home theme-toggle control and associated unit/E2E coverage.
- Claims extraction portability hardening (LangExtract-aligned):
- Centralized claims output parsing and response coercion with strict/lenient modes, fenced-JSON handling, wrapper-key normalization, and structured parse errors.
- Shared claims runtime configuration and analyze-callback typing modules reused across extraction, ingestion, adjudication, and service paths.
- New claims telemetry counters for structured output, parsing quality, and fallback/degradation:
claims_response_format_selected_totalclaims_output_parse_events_totalclaims_fallback_total
- New claims monitoring dashboard JSON with parse/fallback ratio panels and response-format selection visibility.
- New claims regression coverage for response-format contracts, strict/lenient API behavior, fallback resilience, parse-failure telemetry, and config precedence.
- Normalized Loguru formatting across tldw_Server_API/app from %-style placeholders to {} style.
- Added CI/test guard to prevent reintroduction of %-style Loguru placeholders.
- Sync client defaults now align with server routes (
/api/v1/sync/sendand/api/v1/sync/get) and support configurable auth headers (Authorizationbearer andX-API-KEY). - Moved local LLM manager initialization out of import-time setup into lifespan startup, with lazy initialization behavior where applicable.
- ULTRA_MINIMAL mode now uses control-plane health endpoints only (
/health,/ready,/health/ready) to avoid duplicate route ownership. - Skills
SkillsService.seed_builtin_skills()now copies full built-in skill directories recursively instead of recreating skills fromSKILL.mdonly.- Seed overwrite flow now force-syncs registry state and handles pre-existing soft-deleted rows before copy.
- Admin Backup Bundles
- Admin bundle create/import concurrency control now uses an atomic non-blocking lock path to fail fast with
409 bundle_operation_in_progressinstead of race-prone check-then-acquire behavior. - Bundle import disk-space preflight now checks all real write targets (system temp, upload temp location, and live DB target directories from manifest datasets).
retention_hoursis now enforced for bundle creation: expired bundles are pruned after create within the same bundle scope (user_idscoped, including globalNonescope).- Bundle import success/dry-run payloads now consistently include
rollback_failuresfor schema stability.
- Admin bundle create/import concurrency control now uses an atomic non-blocking lock path to fail fast with
- Circuit Breaker
- Unified admin circuit breaker endpoint:
GET /api/v1/admin/circuit-breakerswith RBAC protection (adminrole +system.logspermission), deterministic sorting, and filters (state,category,service,name_prefix). - Unified admin circuit breaker response contract with explicit
sourcevalues:memory,persistent, andmixed. - Cross-worker HALF_OPEN probe lease coordination in shared registry storage, including lease TTL, cleanup, and release-on-completion behavior.
- Optimistic-lock conflict observability metric:
circuit_breaker_persist_conflicts_total{category,service,operation,mutation}. - New endpoint test coverage for admin circuit breaker listing, filtering, and authorization behavior.
- Circuit breaker shared-state persistence now uses bounded merge/retry semantics on optimistic-lock conflicts to avoid dropping local mutations under contention.
- Circuit breaker operator documentation now includes new env knobs and tuning guidance:
CIRCUIT_BREAKER_REGISTRY_MODECIRCUIT_BREAKER_REGISTRY_DB_PATHCIRCUIT_BREAKER_PERSIST_MAX_RETRIESCIRCUIT_BREAKER_HALF_OPEN_LEASE_TTL_SECONDS
- Monitoring/admin docs now explicitly describe
source="mixed"as expected when persistence is enabled for active in-process breakers. - Circuit breaker unification PRD status updated to reflect implemented state and delivered hardening follow-on work.
- Unified admin circuit breaker endpoint:
- Web UI/Extension parity:
- Shared
WebLayoutnow defaults to collapsed rail on mobile (<768px) and opens navigation via header drawer toggle. - Shared media-query initialization now reads
matchMediaon first client render to prevent desktop-rail flash on mobile. - Section 2 audited wrong-content routes now resolve to intended content or explicit “Coming Soon” placeholders instead of silent misrouting.
- Changed settings information architecture to be more navigable, searchable, and less badge-saturated, with tighter route-to-page mapping.
- Changed settings routing to restore/cover
/settings/ui,/settings/image-generation, and/settings/image-genbehavior via proper wrappers/alias handling. - Changed guardian settings behavior to show explicit unsupported-endpoint guidance instead of noisy repeated backend failures.
- Changed admin route behavior so admin sub-routes render route-specific content/placeholder contracts instead of collapsing to Server Admin.
- Changed admin diagnostics presentation to human-readable units for memory/byte and retry-window values.
- Changed admin error handling to sanitize implementation details and gate controls when prerequisites are missing.
- Changed chat disconnected-state messaging to remove redundancy and provide one clear user path.
- Changed chat agent empty-state/workspace affordances to clarify prerequisites and next steps.
- Changed chat mobile composer/toolbars to enforce 44x44 touch targets and improve control discoverability.
- Changed chat/persona language from jargon (
k=n) to user-facing memory-result wording. - Changed
/chat/settingsbehavior to canonical redirect (/chat/settings->/settings/chat) and aligned strict release-gate expectations. - Changed audio route identity so
/tts,/stt, and/speechhave distinct intended surfaces. - Changed TTS/STT/Speech loading lifecycle to include explicit timeout, actionable error states, and retry UX.
- Changed workspace/playground mobile copy and layout behavior, including Sources tab wording, chunking mobile order, and workflow-editor responsive drawer behavior.
- Changed workflow editor control semantics with improved labeling/aria clarity and consistent LLM casing.
- Changed flashcards/quiz/kanban/watchlists/documentation empty/content states for intent clarity and first-use correctness.
- Changed media/knowledge/characters/chatbooks error states to be recoverable, actionable, and sanitized.
- Changed core onboarding/layout behavior to improve mobile readability, hide sidebar where appropriate, and clarify ambiguous connection-status wording.
- Shared
- Accessibility and UX consistency:
- Standardized dismissible beta-badge behavior in shared settings navigation with persisted hide state (
tldw:settings:hide-beta-badges). - Added explicit labels/tooltips for previously icon-only controls in Document Workspace and Workflow Editor.
- Standardized dismissible beta-badge behavior in shared settings navigation with persisted hide state (
- AntD/Markdown modernization:
- Migrated deprecated AntD usage in shared UI (
Drawer.width,Space.direction,Alert.message,Dropdown.Button, and notificationmessage) to current APIs. - Aligned shared markdown dependency stack to ReactMarkdown v10 parity across WebUI and extension (
react-markdown,remark-gfm,remark-math,rehype-katex). - Updated shared markdown wrappers for ReactMarkdown v10 API compatibility (styling moved off direct
ReactMarkdownclassNameprop).
- Migrated deprecated AntD usage in shared UI (
- CI gating:
- Frontend UX gates workflow now runs the Stage 5 audited-route smoke gate before the broad all-pages smoke job.
- Claims extraction/verification internals:
- Refactored claims engine, ingestion claims, adjudicator, and claims service to use shared runtime config and shared LLM response coercion helpers.
- Standardized provider
response_formatselection (json_schemawhen supported,json_objectfallback) with graceful downgrade when unsupported. - Extended claims monitoring docs and operations guidance (metrics catalog, parse/fallback alerts, runbook triage and tuning guidance).
- Tuned parse/fallback alert rules to use ratio + minimum-volume gates for mixed traffic profiles.
- Updated code documentation and published mirrors for claims parse mode, alignment mode, adaptive throttling, and monitoring behavior.
- UI
- Removed
apps/tldw-frontend/pages/chat/settings.tsxafter replacing with server-side route redirect strategy. - Removed duplicate chat disconnected guidance surfaces that previously showed overlapping connection messages.
- Removed user-visible unresolved template placeholder rendering across audited chat/audio/documentation surfaces.
- Removed
- Auth/API: deprecated
PUT /api/v1/users/menow returns404 User not foundwhen the backingusersrow is missing, instead of returning a false-success profile payload. - Test isolation: hardened MediaDB2
torchstubs with minimalTensor/nn.Moduleattributes so cross-suite pytest runs no longer fail during SciPy/NLTK import checks. - fix(audio-ws): make transcribe startup resilient to Nemo probe failures
- Treat Nemo availability probe import errors as non-fatal in
websocket_transcribe - Default to Whisper when Nemo probing cannot be resolved at runtime
- Prevent WS startup aborts that caused downstream quota/metrics/concurrency test failures
- Document the fail-safe fallback behavior in the audio streaming protocol docs
- Hardening: Prompts/Sync/Workflows/Services
- Improved production safety and reliability across prompt collections, sync, workflow placeholders, and ephemeral processing.
- Documented /api/v1/prompts/collections/* as production-backed, user-scoped endpoints.
- Enforced and documented strict /api/v1/sync/send entity validation (Media, Keywords, MediaKeywords).
- Hardened sync error handling: internal failures stay 500; /api/v1/sync/get now fails closed on invalid sync rows instead of silently skipping.
- Confirmed workflow process_media placeholder kinds (ebook, xml, podcast) return explicit not_implemented.
- Added and documented ephemeral store controls (EPHEMERAL_STORE_TTL_SECONDS, EPHEMERAL_STORE_MAX_ENTRIES, EPHEMERAL_STORE_MAX_BYTES).
- Fixed XML placeholder temp-file lifecycle (always cleaned up) and preserved intended HTTP status behavior.
- Added regression tests for XML cleanup/error paths and rate-limiter type-hint/datetime integrity.
- Fixed several backend reliability and API-behavior issues across Prompt DB lifecycle, sync processing, and service cleanup.
- Removed import-time async worker startup in prompts DB dependencies; worker lifecycle now starts safely under app runtime.
- Hardened /sync/send and /sync/get error handling:
- preserved HTTP exceptions instead of wrapping them into generic 500s,
- restored correct 400 classification for client validation errors (including disallowed sync entities),
- prevented silent partial /sync/get responses when invalid sync rows are encountered.
- Expanded sync conflict timestamp parsing to support ISO-8601 Z, fractional Z, +00 (line 0), and non-UTC offsets (normalized to UTC before LWW comparison).
- Fixed XML processing temp-file leak by ensuring cleanup on both success and failure paths.
- Removed deprecated FastAPI 422 fallback usage to eliminate import-time deprecation warnings in exception handling.
- Added regression coverage for all fixes, with targeted suite passing (69 passed).
- Auth/API: deprecated
PUT /api/v1/users/meno longer returns a false-success payload when the backingusersrow is missing; it now returns404 User not found. - Regression coverage: added legacy
/users/meupdate tests for both missing-row (404) and successful update (200) paths. - Test stability: hardened MediaDB2 test
torchstubs with minimalTensor/nn.Moduleattributes to prevent cross-suite import failures during SciPy/NLTK initialization. - Security
- Hardened API key exposure paths:
- /api/v1/config/docs-info now always returns a safe placeholder key and api_key_configured status.
- Startup API key logging is masked by default (full key only when explicitly enabled).
- Hardened scheduler payload handling:
- External payload storage now uses safe JSON serialization by default.
- Added strict payload reference validation and payload header bounds checks.
- Disabled legacy pickle payload deserialization by default.
- Hardened web scraping dedupe persistence:
- Dedupe hashes now persist as JSON instead of pickle by default.
- Legacy pickle hash loading is disabled by default.
- Isolated placeholder processing services:
- Placeholder document/ebook/podcast/xml services are now blocked in production-like environments even if enabled.
- Hardened API key exposure paths:
- Hardened deprecated
GET /api/v1/users/meso missing-user fallback is only allowed in single-user mode; multi-user now correctly rejects missing backing users. - Prevented ephemeral-store “unusable key” behavior by rejecting payloads that exceed configured max-bytes before insertion.
- Improved
/api/v1/sync/getresilience: malformed sync rows are now logged and skipped while valid rows are still returned (partial success instead of full failure). - Added regression coverage for user fallback rules, sync client route/auth behavior, sync malformed-row handling, and ephemeral-store size-limit enforcement.
- CORS now fails closed when enabled and
ALLOWED_ORIGINSresolves to an explicit empty list ([]); a non-empty explicit origin list is required unless CORS is disabled. - Startup now rejects invalid CORS configuration when
ALLOWED_ORIGINSincludes"*"while credentials are enabled. - OpenAPI CORS handling no longer reflects disallowed origins.
ALLOWED_ORIGINS=""(empty string) now logs a warning and falls back to local default origins for backward compatibility.- Security hardening (Scheduler): fixed symlink-path validation bypass so base_path now rejects symlink ancestors (including symlink/child) instead of only direct symlink paths.
- Regression coverage (Scheduler): updated test_security_fixes.py to match current backend detection (pool-based Postgres detection) and async DB mocks (AsyncMock + awaited call assertions).
- Deprecation headers: replaced hardcoded fallback sunset dates with a shared UTC helper (build_deprecation_headers) used by auth, users, and legacy character-chat endpoints, with DEPRECATION_SUNSET_DAYS support and dynamic fallback computation.
- WebSearch Module: improved reliability and diagnostics across aggregation, provider dispatch, and parsing. Aggregate mode now validates LLM configuration (returns
422when missing and reusesfinal_answer_llmfor relevance analysis when provided), Google now correctly handlesgoogle_domain/googlehost, result-language parsing (lrwithhlfallback), and multi-domain blacklist behavior, Kagi endpoint construction and Searx safesearch mapping were corrected, subquery generation/parsing now sanitizes and deduplicates model output, and providerprocessing_errorvalues are surfaced in responseerror/warningsinstead of being silently dropped. Added regression coverage across unit and integration WebSearch paths. - Hardened chunked image handling to reject unsupported MIME types and invalid image payloads in large
data:image paths. - Changed chunked image processing failure behavior from fail-open to fail-closed, preventing invalid bytes from being treated as valid images.
- Fixed
run_cpu_bound_thread()so keyword arguments are supported correctly viafunctools.partial. - Corrected
load_prompt()semantics for markdown prompts: missing keys now returnNoneinstead of falling back to the first fenced block. - Removed
shell=Trueusage in CUDA detection (nvidia-sminow called with direct subprocess args). - Added backward-compatible chat dictionary endpoint re-exports for legacy imports/tests.
- Updated telemetry dummy span compatibility (
set_attributes, broaderrecord_exceptionsignature). - Skills
- Fixed built-in seed behavior so supporting and nested files are preserved during seeding.
- Fixed overwrite seeding edge cases where soft-deleted registry rows could prevent seeded skills from being visible after overwrite.
- Admin Backup Bundles
- Fixed restore failure error reporting so rollback diagnostics are no longer collapsed to generic
import_errorbehavior. restore_failedimport errors now preserve structured rollback context for API consumers.- Endpoint import response now properly propagates
rollback_failuresfrom service results. - Retention cleanup now safely skips unreadable/corrupt manifests without crashing bundle creation and keeps ZIP/sidecar cleanup consistent.
- Fixed restore failure error reporting so rollback diagnostics are no longer collapsed to generic
- Circuit Breaker
- AuthNZ integration assertion for circuit breaker
sourceis now environment-safe by accepting bothmemoryandmixed(persistent mode).
- AuthNZ integration assertion for circuit breaker
- Resolved web-mode extension API runtime failures by guarding
chrome.storageaccess and preventingchrome is not defined/chrome.storageuncaught exceptions. - Removed unresolved
{{...}}template leaks from shared UI labels/tooltips on audited routes. - Hardened shared timeout/retry flows for admin stats and STT/TTS catalog discovery to prevent permanent-loading states.
- Removed temporary Stage 5 warning allowlist (
m5-react-defaultprops-warning) after root-cause remediation. - Revalidated audited smoke quality gates after remediation:
- Stage 5 gate:
11 passed - Full all-pages smoke:
165 expected, 0 unexpected, 0 flaky
- Stage 5 gate:
- UI
- Fixed catastrophic extension-shim/runtime overlay impact on audited routes by driving closeout to
withErrorOverlay: 0andwithChromeRuntimeErrors: 0in final smoke artifact. - Fixed wrong-content navigation defects by closing route-contract expectations across audited settings/admin/connectors/profile/config destinations.
- Fixed audited navigation 404 regressions (Section 2 list) to zero for in-scope UX routes.
- Fixed unresolved template-variable leaks (
{{...}}) across previously affected chat, audio, and documentation surfaces (templateLeakRoutes: 0at closeout). - Fixed max-update-depth/infinite-rerender class regressions on critical routes (
maxDepthRoutes: 0,maxDepthEvents: 0in closeout artifact). - Fixed permanently-loading skeleton experiences on key admin/audio surfaces via timeout + error + retry state transitions.
- Fixed mobile interaction issues across prioritized flows (touch-target sizing, toolbar discoverability, responsive parity gaps).
- Fixed core route identity duplication so home/setup/onboarding-test have distinct purpose and route contracts.
- Fixed release-readiness reliability with passing gate suite reruns at closeout: Stage 5 (
12 passed), Stage 6 (6 passed), Stage 7 (4 passed). - Fixed program-level UX closure criteria by completing all nine UX implementation plans and finalizing the overarching oversight plan status to complete.
- Fixed catastrophic extension-shim/runtime overlay impact on audited routes by driving closeout to
- Restored
Docs/Design/rich_text_chat_rendering_v1_2026_02_15.mdafter an unintended deletion in a prior docs commit.
- webui/extension fixes+improvements
- New Guardian settings page
- FVA Pipeline (Falsification-Verification Alignment): New claim verification enhancement that actively searches for contradicting evidence to provide more robust verification results. Implements the FVA-RAG paper (arXiv:2512.07015).
- New
CONTESTEDverification status for claims with significant evidence both supporting and contradicting - Anti-context retrieval generates counter-queries (negation, contrary, alternative) to find contradicting evidence
- Adjudication weighs supporting vs contradicting evidence using NLI and LLM-based stance assessment
- API endpoints:
POST /api/v1/claims/verify/fvaandGET /api/v1/claims/verify/fva/settings - Configurable via config.txt: FVA_ENABLED, FVA_CONFIDENCE_THRESHOLD, FVA_CONTESTED_THRESHOLD, etc.
- 9 new Prometheus metrics for observability (falsification triggers, status changes, adjudication scores, timeouts)
- Budget management to prevent runaway costs on large claim sets
- New
- Speech Playground history now shows metadata (duration, model/voice/provider, params summary) with a detail tooltip.
- History entries now persist STT/TTS params (task, temp, response format, segmentation, speed, split, streaming, mode) so metadata reflects actual runs.
- Global TS typecheck fixed across UI (EPUB viewer/search typings, document chat/store shapes, KnowledgeQA response normalization, MCP path typing, chunking options, safe config typing, xterm ambient types, SpeechPlayground ordering/import issues).
- Implemented TTS history end-to-end:
- Write path (non-streaming, streaming, jobs) with status, metadata, artifacts, and error handling.
- Read path: list/detail/favorite/delete endpoints with filters, cursor pagination, total count.
- Retention: scheduled purge by days and max rows; artifact reference cleanup.
- Observability: read/write counters and latency histograms (no text logging).
- Added schema + migrations for tts_history and supporting indexes.
- Added tests:
- Unit: schema and API list/favorite/delete, q/text_exact behavior.
- Integration: streaming failure writes history, artifact purge updates history, cursor pagination sanity.
- Fixed test infrastructure shims for audio/tokenizer/transcription helpers.
- Server/API
- RAG upgrades: Doc-Researcher features (granularity router, evidence accumulator, evidence chains), batch + resume endpoints, web fallback with query rewrite, retrieval metrics, FlashRank model support.
- Character chat: per‑chat settings + prompt preview endpoint, greeting picker/inclusion toggle, generation presets, multi‑character turn‑taking, message steering controls, pinned messages pathing.
- Watchlists: dedup/seen inspect & reset tools; scheduler controls; performance/limits docs.
- Guardian/Self‑monitoring: new Guardian_DB and API surfaces.
- ACP sandbox: SSH-enabled runner and bridge; new Dockerfile + entrypoint.
- New “Skills” framework and Kanban endpoints/modules.
- DBs modified
- Media DB v2: per-user SQLite DB at Media_DB_v2.db (and Postgres equivalent when configured).
- MCP Unified hardening:
/api/v1/mcp/auth/refreshnow requires body-basedrefresh_tokenpayloads (query-token transport rejected).- Write-tool idempotency now binds each
idempotencyKeyto the initial argument fingerprint and returnsINVALID_PARAMSon mismatched replays. - Module registry lookups now use concurrency-safe snapshots to prevent
dictionary changed size during iterationunder concurrent module registration churn. - Sandbox stream Redis fanout now requires explicit
SANDBOX_WS_REDIS_FANOUTopt-in (no implicit enablement from global Redis settings).
- Evaluations module hardening:
- Parallel batch mode now enforces strict fail-fast when
continue_on_error=falseby canceling remaining tasks and stopping new scheduling. - Evaluation runner now safely normalizes
metricsvalues, includingmetrics=None, across execution and aggregate/stat calculations. - RAG pipeline eval runs now use per-run user context for ephemeral vector index creation/cleanup and pipeline calls.
- OCR-PDF usage accounting now records against the correct limiter namespace (
evals:ocr_pdf). - Access policy aligned:
/api/v1/evaluations/healthremains public,/api/v1/evaluations/metricsis authenticated (EVALS_READ), and dataset endpoints enforceEVALS_READ/EVALS_MANAGEconsistently.
- Parallel batch mode now enforces strict fail-fast when
- Server/API
- Admin endpoints modularized: tldw_Server_API/app/api/v1/endpoints/admin/* (replaces single admin.py).
- Audio split: new audio submodule endpoints (tts, tokenizer, streaming, history).
- Web UI/Extension
- Document Workspace: PDF/EPUB viewers overhauled (virtualized PDF single-page mode, thumbnails, TOC keyboard nav), DocumentPicker modal, richer metadata, TTS panel improvements, retry logic.
- Knowledge QA: web-search fallback settings, local/server threads, richer history filtering; new “All options” settings section.
- Playground/Chat UX: composer extracted into components, Notes Dock, greeting picker, pin/steering controls, MCP tool catalog/filter UX.
- Workflow Editor: dynamic step registry + schema-driven fields, icons, dynamic options; new tests.
- TTS Playground: multi-voice roles, background job progress UI, presets.
- ACP Playground: Workspace terminal tab (xterm.js).
- Extension e2e hardening; pdf.worker exposed via web_accessible_resources.
- Tooling/ops/docs
- Lint only-changed target and script; large doc set added/updated (PRDs, guides).
- FlashRank reranker model vendored under models/flashrank with unignore rules.
- New env vars for ACP sandbox, TTS history, and RAG FlashRank cache/model selection.
- Web Scraping Module
- Hardened legacy fallback contracts in web_scraping_service.py (line 46) and web_scraping_service.py (line 276).
- Added explicit fallback metadata (engine, fallback_context) in web_scraping_service.py (line 392) and web_scraping_service.py (line 497).
- Added predictable fallback max_pages cap for legacy URL Level/Sitemap in web_scraping_service.py (line 340).
- Preserved request max_pages pass-through in ingest orchestration in web_scraping_service.py (line 721) and web_scraping_service.py (line 772).
- Added fallback-focused tests in test_legacy_fallback_behavior.py (line 44).
- Fixed auth header fixture for friendly ingest crawl-flag tests in test_friendly_ingest_crawl_flags.py (line 19) by merging default headers and adding X-API-KEY.
- Workspace selector remove handler now uses the imported MouseEvent type instead of the React namespace.
- Audit read paths no longer return empty results on DB failures;
/api/v1/audit/exportand/api/v1/audit/countnow surface server errors when reads fail. - Audit fallback replay now quarantines malformed JSONL lines into
audit_fallback_queue.bad.jsonlinstead of silently dropping them. - Audit export now rejects non-positive
max_rows,audit_operationignores reserved kwarg collisions safely, and shared-audit migration stats counters now track read/inserted/skipped events correctly. - CodeQL Bugfixes
- ruff and mypy fixes
- Soft delete support for notes/character cards
- Qwen3-STT
- JSON validation utilities with detailed error positioning (line/column information)
- [WebUI] Character generation prompt templates for full and single-field generation
- [WebUI] Flashcard undo functionality with Ctrl/Cmd+Z shortcut
- [WebUI] Media review selection and focus settings
- [WebUI] TldwApiClient methods for character export, restore, and bulk world book operations
- Comprehensive test coverage for Qwen3-ASR, Gemini tools, and character generation
- [WebUI] Documentation updates including PRD for Characters Playground UX improvements, healthcare-focused UX review prompts, and Qwen3-ASR setup guide
- README restructuring with improved formatting and version 0.1.18 release notes
- 70+ new adapters for workflows module
- [WebUI] Added Document Workspace
- [WebUI] Added Writing Playground
- Implemented httpx/aiohttp transport adapters with centralized policy enforcement in http_client.
- Added httpx client caching and shutdown cleanup to align with aiohttp lifecycle handling.
- Formalized streaming behavior with first‑byte/idle timeouts and mid‑stream retry support.
- Expanded http_client tests for adapters, cache reuse, and streaming timeout coverage.
- [WebUI] e2e test work
- Workspace selector remove handler now uses the imported MouseEvent type instead of the React namespace.
- Slides Module
- TTS:
- Added NeuTTS, PocketTTS (ONNX), EchoTTS, Qwen3-TTS, LuxTTS, VibeVoice-ASR docs; updated streaming/format rules, default voice behavior, and setup guides.
- Moved the tldw_Browser_Assistant project and the tldw-frontent folder into the '/apps/' folder, as moving forward they will share the same base.
- As a result, new frontend!
- New monorepo development guide, shared UI package scaffold, ambient typings, and testing guide for extension/web UI.
- Image creation API via files
- Workflows Module
- New "llm" step type (distinct from "prompt")
- MCP tool allowlist and scope validation
- Stricter approve/reject permission checks
- Configurable LLM retry cap
- Admin-UI Updates
- New frontend, tldw-frontend
- New Storage API guide, Voice Assistant API (REST & WebSocket), Watchlists API docs, Anthropic Messages API docs, and expanded /llm/models metadata (image backends & filters).
- Wide-ranging documentation additions and edits (OCR backends, image generation, storage, benchmarks, guides, link dumps, examples).
- Kanban: vector search integration, activity logging with filtering, rate limiting on endpoints
- Reading Collections: async import jobs workflow with job monitoring endpoints
- Workflows: LLM step type with MCP tool allowlist and scope validation
- Legacy webui
- File Artifacts System: Comprehensive implementation of file artifact management with support for multiple export formats (iCalendar, Markdown tables, HTML tables, XLSX, data tables) including export lifecycle management, garbage collection, and validation
- Data Tables Module: Complete backend implementation with LLM-based table generation, async job workers, database schema (tables, columns, rows, sources), REST API endpoints, and export functionality
- Media Ingestion Cancellation: Added cancellation support across audio and video processing pipelines with subprocess monitoring and graceful error handling
- Content Import Preservation: Enhanced database layer to preserve existing metadata during reimport operations with preserve_existing_on_null parameter and improved full-text search with fallback candidates
- File Adapter Registry: Dynamic adapter management system supporting multiple file types with validation, normalization, and export capabilities
- Presentation Templates: New Reveal.js slide templates and CSS styling for presentation generation with bundle export support
- API Enhancements: New endpoints for file artifacts management, data table generation/export/management, and media ingest job listing with async job tracking
- Comprehensive Test Coverage: Integration and unit tests for file artifacts, data tables, media ingestion cancellation, and database operations
- NeuTTS Support
- TTS voice registry
- Jobs Postgres RLS policy setup now supports
JOBS_PG_RLS_DEBUGfor policy output andJOBS_PG_RLS_ROLErole overrides. - Jobs prune scheduler for retention-based cleanup (env-gated, internal scheduler).
CHAT_COMMANDS_ASYNC_ONLYflag to force async chat orchestration (achat) and block syncchat(...).- Chat command concurrency integration test and PERF-gated p50 latency smoke test.
- Jobs Postgres tests now default to the shared per-test Postgres fixture by wiring
JOBS_DB_URLand ensuring Jobs tables/counters. - Jobs RLS policy setup uses negotiated Postgres DSNs for compatibility across server versions.
- Sync
chat(...)now offloads to a worker when invoked from a running event loop (non-streaming).
- Legacy
command_router.dispatch_commandpath (now raises with migration hint).
- Jobs RLS debug output now reports distinct settings fields without clobbering values.
- Fixing of 200+ bugs
- Jobs adapters now ignore legacy read-backend flags; Chatbooks/Prompt Studio are core Jobs only, embeddings read fallback is disabled.
- Documentation updated to reflect core Jobs defaults and the current embeddings execution modes.
- Legacy AuthNZ rate limiting now bypasses only when an RG policy is attached, and cancellations propagate correctly in rate limit fallbacks.
- ChaChaNotes shutdown now drains default-character tasks and waits for the executor to prevent SQLite close races (fixes Jobs web UI TTL test segfaults).
- Added tldw-admin react frontend for admin Mgmt of the server. Very much WIP.
- Extended feedback system/schema - Added a unified feedback system (explicit/implicit) across chat and search, integrates message IDs into chat history and streaming,
- introduced API key KDF/key_id,
- added admin effective-config endpoint/UI,
- Centralized per-user path utilities for storage safety and consistency
- Migrated ingress rate limiting to Resource Governance (RG), removed SlowAPI decorators
- Enhanced feedback system with explicit endpoint, schemas, and idempotent merge rules
- Expanded chat streaming metadata to include system and assistant message IDs
- Integrated UI feedback across chat and search (rating, source feedback, implicit events)
- Updated documentation and configuration for feedback system and config management
- Comprehensive test coverage for feedback, chat metadata, and UI integration
- slowapi usage
- Lots of Bugs
- Next.js WebUI (apps/tldw-frontend)
- admin-ui - Full Admin UI: dashboard, users/orgs/teams, roles & permissions, API keys, jobs, usage analytics, budgets, BYOK, flags, incidents, logs, monitoring panels.
- Content Review: draft editor, sidebar, reattach-source flow, commit/review workflows.
- BYOK improvements: scoped resolution, validation, dashboard and key management.
- Option for review of media prior to ingestion.
- Claims module expanded
- N/A
- Improved frontend/backend error handling and type safety; more robust API interactions.
- Full Kanban API (boards, lists, cards, labels, checklists, comments, import/export, bulk ops, card linking) with hybrid search (FTS vector).
- Self‑service Organizations & Teams (invites preview/redeem) and org admin flows.
- Billing & subscriptions (plans, checkout/portal, invoices, usage) and Stripe webhook handling.
- BYOK (per‑user and shared provider keys) with admin management and testing.
- TTS providers onboarding and user TTS guide.
- Adds a full billing/subscription system (plans, limits, Stripe integration, webhooks), BYOK (per‑user and shared provider keys) with admin tooling, invitations/org/team RBAC, a Kanban module with per‑user DB FTS/vector search, many new endpoints/schemas/repos, DB migrations, audit/auth dependency changes, media visibility, and extensive docs/config updates.
- A sense of failure.
- 500bugs
- Guidance on stress testing chat server
- RAG Documentation
- ChaChaNotes health snapshot surfaced in
/api/v1/healthto monitor init attempts/failures and cache state. - MLX local provider scaffolding (Apple Silicon): adapters admin lifecycle endpoints, metrics parity, and config keys/tests with non-Apple skips.
LLM_MLXextra inpyproject.tomlto installmlx-lm/mlxfor Apple Silicon users.- Config-driven llama.cpp handler:
LLMInferenceManagernow constructsLlamaCppHandlerwhen[LlamaCpp]is enabled inconfig.txtor via env, and/llamacppendpoints are wired to the managed handler. - ChaChaNotes schema v10 adds conversation metadata (state with
in-progressdefault/backfill, topic labels, clusters) plus backlinks on notes (conversation_id,message_id) with covering indexes and SQLite/Postgres migrations. - Templated hierarchical chunking for incoming documents/emails across
/api/v1/media/process_*endpoints, including TemplateClassifier-based auto-selection of chunking templates and optional section trees. - Streaming chunker/runtime helpers now honor shared chunking options via
prepare_chunking_options_dict/apply_chunking_template_if_anyfor consistent behavior across document, PDF, video, audio, ebook, and email processing. - User-facing documentation for templated chunking (
Templated_Chunking_Incoming_Documents_HowTo.md) and the Project 2025 RAG workflow guide for policy/document ingestion. - Chat diagnostics endpoints:
GET /api/v1/chat/queue/statusandGET /api/v1/chat/queue/activityexposing queue metrics and recent job activity, RBAC-gated tosystem.logsin multi-user mode.
- Conversation title search now applies global BM25 normalization so pagination returns stable, deterministic ordering across the entire result set.
- Chunking engine improvements for streaming text and Markdown: better whitespace handling for word/semantic/token chunking and promotion of bold-only headings into hierarchical subsections under their parent section.
- ChaChaNotes dependency now ensures per-user DB directories are created, optional
message_metadatais initialized, and default-character warmup tasks are tracked so the health snapshot accurately reflects warm starts. - Llama.cpp integration:
LLMInferenceManagerlogs model-directory creation failures instead of silently swallowing them, and/llamacppendpoints resolve the manager fromapp.state.llm_manager(falling back to the module-level instance) with a clear 503 when not configured. - Workflows and scheduler workflow routers are always mounted (without an
/api/v1prefix) inside minimal/test apps so tests and tooling can call them consistently.
- ChaChaNotes warmup no longer leaves orphaned default-character tasks; background tasks are tracked and cleaned up when complete, improving shutdown and health reporting.
- Visual document ingestion from audio/video analysis now persists slide/visual artifacts via a thread executor, avoiding event-loop blocking during heavy analysis.
- MLX local provider concurrency:
MLXSessionRegistry.session_scopesnapshots the semaphore per context so dynamic concurrency updates cannot corrupt in-flight sessions. - Media re-chunking for documents and emails remains best-effort but now logs failures at debug level instead of silently swallowing errors, making template issues easier to diagnose.
- Async chunker and template processor now handle multi-operation stages safely and preserve whitespace between overlapping chunks for all space-delimited methods.
/api/v1/healthnow logs ChaChaNotes snapshot failures and resource-governance policy file read errors while still reporting a degraded health state instead of failing the endpoint.- Chat queue status/activity endpoints avoid shadowing FastAPI's
statusmodule and enforce RBAC correctly, so authentication/authorization failures return the intended HTTP codes instead of spurious 500s.
- ChaChaNotes health snapshot surfaced in
/api/v1/healthto monitor init attempts/failures and cache state.
- ChaChaNotes dependency now initializes in a dedicated executor with WAL/busy-timeout tuning and background default-character creation; request path reduced to cache lookup health probe.
- Startup warms the single-user ChaChaNotes instance to avoid first-request blocking; shutdown now closes cached instances and stops the ChaChaNotes executor to prevent lingering threads.
- Auto-streaming for large audit exports exceeding configured threshold
- CSV streaming support for audit exports
- Model discovery for local LLM endpoints
- Audit event replay mechanism for failed exports
- Enhanced HTTP error handling for DNS resolution failures
- SuperSonicTTS support setup script
- STT:
get_stt_config()helper inconfig.pyto centralize resolution of[STT-Settings]for all STT modules.- Documentation for
speech_to_text(...)(segment-based) andtranscribe_audio(...)(waveform-based) as the two canonical STT entrypoints, including guidance on error sentinel handling.
- Audio:
- Replace Parakeet-specific transcriber/config usage with unified UnifiedStreamingTranscriber/UnifiedStreamingConfig; add _LegacyWebSocketAdapter to adapt legacy WS to unified handler; defer imports and update tests to use unified stubs.
- Move desktop/live audio helpers (LiveAudioStreamer, system-audio utilities) into
Audio/ARCHIVE/Desktop_Live_Audio_Samples.pyso core STT modules no longer depend on optional PyAudio/sounddevice at import time.
- Audit:
- Add config-driven auto-stream threshold, support streaming for json/jsonl/csv, force streaming when max_rows exceeds threshold; CSV streaming generator; non-stream export caps; API-key hashing; fallback JSONL queue with background replay task; tests for streaming and replay.
- LLM:
- Add local model discovery (short timeouts, TTL cache, candidate endpoints), get_configured_providers_async and integrate async provider loading into startup and web UI config; provider payloads include is_configured and endpoint_only.
- TTS
- WAV output now buffered and deferred until finalize with in-memory threshold and disk spill; StreamingAudioWriter.init adds max_in_memory_bytes; tests validate spill and finalize behavior.
- Web Scraping
- Use defusedxml, broaden sitemap parse error handling, add test-mode egress bypass, add conditional process_web_scraping_task import/export, and preserve HTTPException semantics in ingestion endpoint.
- Tests
- Extensive test updates (unified WS stub, fake HTTP client for RSS, env snapshot/restore, admin override fixtures, watchlists full-app fixture, connectors pre-mounting); CI embedding cache key changed to a static key.
- STT unit tests for Parakeet/Qwen2Audio
return_languagebranches now exercise the provider branches directly and avoid unintended Whisper fallbacks by normalizing file-path arguments.
- Hopes, Dreams.
- Efficiency.
- Improved WebSocket disconnect handling
- Consistent error handling in session cleanup and web ingestion
- Better network error resilience with graceful fallbacks
- Add _is_dns_resolution_error detection and mark DNS resolution errors non-retriable (DNSResolutionError signal); tests verify DNS errors are not retried while other network errors follow retry policy.
- My life.
- HTTP-redirect loop
- test bugs
- Option for HTTP redirect adherence in media ingestion endpoints added in config.txt
- Ollama API system_prompt
- Other stuff
- Updated WebUI
- Added PRD/initial work for cli installer/setup wizard
- Auto-title notes
- Notes Graph CRUD
- Documentation/PRDs
- (From Gemini) New Chatbook Tools: Implemented a suite of new tools for Chatbooks, including sandboxed template variables for dynamic content in chat dictionary replacements, user-invoked slash commands (e.g., /time, /weather) for pre-LLM context enrichment, and a comprehensive dictionary validation tool (CLI and API) to lint schemas, regexes, and template syntax.
- Numpy requirement in base install
- Default API now respected via config/not just ENV var.
- Too many issues to count.
- Unified requests module
- Added Resource governance module
- Moved all streaming requests to a unified pipeline (will need to revisit)
- WebUI CSP-related stuff
- Available models loaded/checked from
model_pricing.json - Rewrote TTS install/setup scripts (all TTS modules are likely currently broken)
- Bugfixes
- Bugfixes
- Prometheus scraping for MCP metrics now requires authentication with the
system.logspermission;MCP_PROMETHEUS_PUBLICno longer enables public access, is deprecated, and will be removed. Migration: update Prometheus scrape configs to send a Bearer token (API key or JWT) that includessystem.logs(seeDocs/Deployment/Monitoring/Metrics_Cheatsheet.mdmigration note and scrape_config example).
- Version 0.1
- Use of gradio