Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.5.9 (2026-04-11)

Features

add Linux server installation script with auto-updates and security hardening (295a8ca)
add visualization endpoint for knowledge graph (04c677f)
api: add REST endpoints for snippet CRUD and resolution (97b9b02)
application: add SnippetPort and SnippetService (51f66b2)
domain: add Snippet entity and SnippetId value object (ed3498d)
implement shared embedding retrieval for memory and knowledge graph services (96f44e5)
infrastructure: add snippets migration and PgSnippetStore (8edafb0)
web: add Snippets page and /snippet chat trigger (dfd87ed)

Bug Fixes

address review feedback — SSH key check, fail2ban consistency, git stash, kptr_restrict docs (ecd4e8b)
correct Docker container security caps for runtime compatibility (30de25d)
resolve broken intra-doc links and missing bench field (9edfcad)
resolve ESLint errors in dream mode page (b701ce8)
tests: align indentation for snippet_service in test configurations (6469f21)
update default Ollama models for initialization script and configuration (49e7385)
update package versions in Cargo.lock for js-sys, rustls-webpki, wasm-bindgen, and related dependencies (40752fb)

Performance Improvements

harden Docker containers and optimize Dockerfile (c017160)
minimize dependency feature flags and add release profile (690841b)
optimize concurrency primitives and eliminate hot-path clones (255d7ce)
optimize Docker image for smaller runtime size (c33f743)
remove 30+ unused dependencies across workspace (0bbd57d)

Documentation

add snippet feature documentation (0437cd4)
rewrite migration strategy documentation (8fd5689)

0.5.8 (2026-04-09)

Features

add automated self-sanitation phase to dream cycles (64c456f)
add comprehensive innovation ideas document outlining strategic concepts for PiSovereign (75aa9d3)
add ImplicitPositive variant to FeedbackType (fdc281c)
Add Sovereign Intelligence Engine documentation and related features (79f0e27)
api: add dream mode HTTP endpoints and SolidJS frontend (73f6b5c)
application: add dream mode services, ports, and knowledge graph integration (713051a)
application: add sovereign intelligence ports and services (8aeeb7d)
chat: integrate innovation features into conversation flow (617fef5)
db: add dream mode database migration (01d1461)
db: add sovereign intelligence database migrations (080c7cf)
domain: add dream mode entities, events, and value objects (db9a861)
domain: add sovereign intelligence domain entities (cf42e7e)
domain: add UserLanguage detection and UserMessage bilingual support (2e99594)
infrastructure: add dream mode persistence stores and configuration (d3ad132)
infrastructure: add sovereign intelligence adapters (cecda29)
infrastructure: make template responses and routing language-aware (c8ca25b)
integrate earlier roadmap features into conversation flow (7ed9772)
migrations: create decision_traces table with counterfactual scenario storage (bbaa55b)
presentation: use centralized bilingual messages in handlers (00f598a)
register training feedback and status routes (909d9fa)
web: add explainability, distillation, optimization, and training page components (f00b0f9)
web: add knowledge graph visualization and sovereignty widgets (1bf7f7b)
web: add types and API services for explainability, distillation, optimization, and training (746ea67)
web: wire explainability, distillation, optimization, and training routes and navigation (6c79e04)

Bug Fixes

add energy gate and decision trace to continue_conversation (6143ba3)
dependencies: update tokio to version 1.51.1 and update checksum (6683986)
deps: update zip dependency from 8.5.0 to 8.5.1 (e0fe463)
lint: resolve clippy warnings and update config (4f62b90)
migrations: update data types in sanitation_results, defense_patterns, and quality_signals tables (59e86b7)
security: harden prompt sanitizer against red team bypasses (9dacc63)
share service instances between ChatService and AppState (7070854)
use default_user() instead of random UserId in handlers (30ce8fd)

Documentation

add dream mode documentation and configuration examples (95c9658)
add dream mode Grafana dashboard and developer guide (458e749)

0.5.7 (2026-04-07)

Features

add automated self-sanitation phase to dream cycles with six subsystems: memory hygiene, knowledge graph integrity, adversarial defense evolution, config drift correction, quality regression detection, and behavioral anomaly monitoring
add differential privacy analytics (Task 12) (9c9b155)
add Ebbinghaus decay backend support for knowledge graphs (e81ff26)
add Ebbinghaus decay fields to Memory, KnowledgeEdge, and KnowledgeNode entities (590a678)
add infrastructure adapter stubs, optimization config, and hardware profiler (2cc8cec)
add missing roadmap implementation files and wire modules (5e07a27)
add neuromorphic memory architecture with hippocampal-inspired consolidation (13bb507)
add Post-Quantum Cryptography (PQC) migration support (d7992ba)
add search_knowledge_graph tool for active KG querying (ff217bc)
add session_types and agent_factory service modules (2d90379)
add training, optimization, distillation, explainability handlers and tasks (7ab2ae7)
domain: add Ebbinghaus retention domain service (a834e6e)
enhance system prompt with all tools and language detection (363ede2)
extend EmbeddingPort and SemanticCachePort with homomorphic encryption methods (d36c622)
frontend: add red team security dashboard (ef7096d)
implement Phase 1 foundation tasks (Ebbinghaus decay, differential privacy, cognitive load, sovereignty score) (24c2133)
implement Phase 2 - Security (Tasks 1, 5, 6 complete) (e89e021)
implement Phase 4 — Multi-Agent Swarm, Cross-Modal Reasoning, Edge Distillation, Explainable AI (2fa8872)
implement Task 15 (Digital Sovereignty Score) completing Phase 1 (bd0c203)
implement Task 4 — Causal Reasoning Engine with BFS chain finding, counterfactual evaluation, and intervention effects (1bec069)
implement Task 6 - Autonomous Red Team Agent (8bf6cde)
implement Tasks 2, 13 — Local Continual Learning (LoRA) and Bayesian Self-Optimization, completing Phase 3 (f9bcb22)
migrate default models from Mistral/Ministral to Gemma4 (86052ca)
wire disconnected innovation features into conversation pipeline (efb527e)

Bug Fixes

add missing response_latency_ms field to ChatMessage initializers (d4e4882)
add promtail-positions volume to Docker Compose configuration (f2f39a5)
add red team agent configuration for autonomous adversarial testing (bcc166e)
add red team agent configuration with auto-update and attack limits (72dca55)
address review feedback — extract constant, fix assertion, use DefaultHasher (085c11f)
enhance query classification for unlimited output detection (101ac92)
enhance triggerRedTeamRun function to handle service errors and return undefined (d9c16dd)
ensure default calendar and addressbook creation in Baikal setup (689a346)
implement conversation resolution and persistence in chat stream (246f87b)
resolve clippy and ESLint lint warnings (dcd383f)
resolve clippy errors in new adapter and handler files (a67640a)
resolve clippy warnings in domain, application, and infrastructure crates (80aaef0)
resolve remaining clippy and cargo doc issues (4e5737e)
update conversation ID handling to preserve URL on message send (a2db514)
update dependencies to latest versions in Cargo.lock (0554fa1)
update fastrand package version to 2.4.1 and checksum (21e54a8)
update fastrand to version 2.4.0 and windows-core to version 0.62.2 (ea4e2a2)
update max_tokens configuration to allow unlimited generation (a9488d1)
update package versions for indexmap, redb, and writeable (acd6321)
update package versions to 0.5.6 and adjust timeout settings in configuration (0001485)
update red team and sovereignty API functions to handle service errors and adjust response structure (5b85166)
update red team report structure to include has_run flag and adjust error handling (2684eab)

Documentation

add 15 innovation ideas to differentiate PiSovereign (fccb522)
add IMPLEMENTATION_ROADMAP.md with detailed plans for all 15 innovation ideas (b28e620)
address review feedback on INNOVATION_IDEAS.md (15b6e62)
document all 15 innovation features in README and mdBook docs (6188b50)

0.5.6 (2026-04-01)

Bug Fixes

enhance conversation persistence logic with incremental updates and masked phone number (da9f2f9)
enhance embedding configuration with max input length and input truncation logic (7792a3b)
enhance multi-agent project management guide with GitHub Copilot integration details (e1d7ee6)
Go-Live Critical Bug Fixes (9f2e671)
improve output truncation logic for better character boundary handling (34b0f14)
reduce RUST_LOG verbosity for cleaner logging in development environment (59c555c)
remove pisovereign feature from standalone crate and suppress unexpected_cfgs lint (023e72e)
strip internal dependencies from pisovereign feature while preserving its declaration (3111548)
update dependencies in Cargo.lock to latest versions (c00d5fe)
update package versions to 0.5.5 in Cargo.lock (b9a87b8)

0.5.5 (2026-03-31)

Bug Fixes

refine Cargo.toml processing for standalone publish and update criterion dependency (a5036fd)

0.5.4 (2026-03-31)

Features

add configurable chat timeout via config (fd7c938)
add dynamic icon field to ToolDefinition (73542ab)
add notification dispatch service and reminder sound playback (11d4d2d)
add syntax highlighting and typography to chat markdown (1da164b)
add task list filtering to kanban board (6f66b27)
ai_tokenopt: add v2 token optimization strategies (d28ddbf)
ai_tokenopt: wire v2 token optimization into inference chain (8903ff4)
application: add enabled_tools filter to ReAct agent service (42ca453)
application: add search intelligence services (3381f4f)
config: add SearXNG configuration fields (85cf13c)
display audio player with transcription for voice messages (1811cad)
docker: add SearXNG meta-search service (96cb75e)
docker: enable token optimization v2 with all new config options\n\n- Expand [token_optimization] section with all v2 fields:\n output_max_tokens, frequency_penalty, presence_penalty,\n progressive_tool_compression, conciseness_pressure_threshold,\n tool_result_max_tokens, max_profile_prompt_tokens,\n prompt_template_dir, tokenizer_model\n- Bundle Mistral BPE tokenizer.json for accurate token counting\n without internet dependency at startup\n- Mount tokenizer.json as read-only volume in compose.yml\n- Set OLLAMA_NUM_CTX=8192 for larger context windows\n- Set context_window_tokens=32768 as fallback (auto-detected from Ollama)\n- Tune compaction_trigger_ratio=0.65, max_summary_tokens=512,\n output_max_tokens=1024 for optimal resource usage" (dbb7ebc)
docs: add database backup and restore instructions to Docker setup (9674bb6)
frontend: add tool selector UI component (49d9b01)
frontend: use dynamic icons from backend API (571b553)
http: add tool discovery endpoint and enabled_tools parameter (82bce7b)
load reminder owner phone numbers from Vault (6a07dfa)
metrics: add web search Prometheus metrics (436a164)
search: add citations and confidence-based fallback (5ce04b1)
support multiple messenger adapters running simultaneously (03dfb8c)
websearch: add SearXNG provider with 3-tier fallback chain (782b029)

Bug Fixes

add picomatch override to prevent POSIX character class injection (CVE)"> (8fa9350)
api: update API endpoints to remove version prefix (00b1f4c)
correct global search conversation linking to use path params (af8d212)
dependencies: update cpufeatures and other package versions in Cargo.lock (f0323b1)
dependencies: update serialize-javascript version to >=7.0.5 in package.json and package-lock.json (5dd40a6)
dependencies: update winnow version to 1.0.1 in Cargo.lock (4dfc93d)
docker: update searxng image to use 'latest' tag (1d2d2df)
increase Ollama and ReAct agent timeout values (1726dfe)
infrastructure: resolve SecretBox PartialEq and redundant closure lint errors (c9eee76)
inject conversation summary into LLM context and populate KG on streaming (951fb0e)
map CalDAV event UIDs to surrogate UUIDs for safe API routing (76beb71)
remove vulnerable rustls-webpki 0.102.8 by disabling unused TLS in rumqttc (d45eb33)
tests: simplify assertion for websearch config deserialization (345b832)
update bench AppState for multi-messenger fields (7baa9a9)

Documentation

ai_tokenopt: add comprehensive documentation and expand test coverage (6705363)
document tool selection, mentions, and dynamic tool discovery (d401162)
fix broken intra-doc links in ai_tokenopt (29c7a1b)
update config.toml.example with token optimization v2 reference\n\nExpand the token optimization section to document all 16 config fields\nincluding v2 additions: output_max_tokens, frequency_penalty,\npresence_penalty, progressive_tool_compression, conciseness_pressure_threshold,\ntool_result_max_tokens, max_profile_prompt_tokens, prompt_template_dir,\nand tokenizer_model. Add improvement estimate (40-60% savings)." (2b875cb)

0.5.3 (2026-03-26)

Features

add ActionGraphHandler, ToolExecuted emission, find_action_nodes port, and extraction prompt updates (065b1b2)
add agent profile registry with CRUD API, storage, and migrations (7a107e3)
add AI Team frontend with profile management, @mention, and attribution (275b1ea)
add frontend TypeScript types and API client for reminders (6fcfaa0)
add global fulltext search with backend endpoint and frontend UI (1449a5e)
add Idea, Draft, Ready task statuses before To Do in Kanban workflow (74455e2)
add language-aware voice selection to synthesis pipeline\n\n- Extend SpeechPort::synthesize() with language: Option<String> param\n- Inject VoiceRegistry into SpeechAdapter for automatic voice\n resolution from detected language code\n- Add use_detected_language_for_voice config to VoiceMessageService\n- Forward detected_language from STT to TTS in process_voice_message\n- Expose detected_language in VoiceMessageResult" (2de9552)
add memory edit/update endpoint and frontend support (e898728)
add multi-language Piper TTS with ~36 voice models\n\n- Create voices.json manifest mapping languages to Piper voice models\n- Add download-voices.sh to fetch all .onnx models from HuggingFace\n- Update Dockerfile to download all voice models at build time\n- Extend piper-http-server.py with voice field in POST body and\n GET /api/voices endpoint for listing installed models\n- Increase Piper memory limit from 384M to 512M in compose.yml" (5ea72ed)
add pagination, search, and service unavailable handling to pages (8f9ac6c)
add reminder CRUD REST API with search, snooze, and acknowledge endpoints (083e353)
add reminder polling fallback for notifications (bf5fb20)
add Reminders page with CRUD, search, filters, and navigation entries (f5e4366)
add reusable pagination, search input, and service unavailable components (7083003)
add reusable service setup wizard for unconfigured services (c3f5fe7)
add search_text field to ReminderQuery with ILIKE filtering (886187d)
add ToolExecuted event, Action node type, and action-related relation types (33d3f19)
add VoiceRegistry and update PiperHttpProvider for language-based voice selection\n\n- Create voice_registry.rs with VoiceRegistry mapping ISO 639-1\n codes to Piper voice IDs (~36 languages with dialect fallback)\n- Export VoiceRegistry and VoiceMapping from ai_speech crate\n- Update PiperHttpProvider to pass voice field in TTS request body\n- Add GET /api/voices remote endpoint query to list_voices()" (4ee7b49)
ai_tokenopt: add adaptive token optimization engine (b126001)
application: add file ingestion service and parser ports (9301fa8)
application: add knowledge graph port and service\n\nDefine KnowledgeGraphPort trait with CRUD, semantic/text search,\ntraversal, merge, duplicate detection, stats, and export/import.\nAdd KnowledgeGraphService with LLM-based entity extraction,\ngraph context retrieval, and upsert-from-extraction workflow.\nIncludes automock support and unit tests." (6e0d652)
application: integrate knowledge graph into chat service\n\nEnrich ChatService with optional KnowledgeGraphService.\nAugment system_prompt_with_rag() to query graph context\nalongside memory RAG. Extend store_interaction() to extract\nentities from conversations and upsert them into the graph.\nAdd format_graph_context() with 1500-char budget." (fc9ac81)
config: add caldav reminder lead time and model routing configurations (8f6c4f1)
db: add file attachments and parsed documents migration (edda8e7)
docs: add symlink for screenshots directory (f70465c)
domain: add file attachment and parsed document entities (5d90cb7)
domain: add knowledge graph entities and value objects\n\nAdd NodeId and EdgeId value objects following the existing newtype\npattern. Add KnowledgeNode entity with 8 node types and 5 source\nvariants, and KnowledgeEdge entity with 8 built-in relation types\nplus custom. Both include builder methods, properties map, and\ncomprehensive unit tests." (7aee343)
enhance agentic chat progress display with task status (9f7df63)
finalize email integration updates (716254c)
implement find_action_nodes and serialize Action/ToolExecution types in PgKnowledgeGraphStore (98eb2f1)
increase agent profile max skills from 20 to 40 (9a9f8be)
increase agent profile role description limit from 50 to 1000 characters\n\n- Raise MAX_ROLE_LEN constant in domain entity to 1000\n- Add migration 11 to ALTER COLUMN role to VARCHAR(1000)\n- Replace Input with Textarea (3 rows, maxLength=1000) and character counter in frontend form (7de08c6)
infrastructure: add document parser and file storage adapters (7bdbe15)
infrastructure: add knowledge graph PostgreSQL adapter\n\nAdd migration 5_knowledge_graph.sql with knowledge_nodes,\nknowledge_node_embeddings (vector(384) + IVFFlat), and\nknowledge_edges tables with FTS triggers and cascade deletes.\nImplement PgKnowledgeGraphStore adapter with full CRUD,\nhybrid search (vector + FTS), graph traversal, merge,\nduplicate detection, and export/import. Includes unit tests." (27d25f5)
integrate agent profiles into orchestrator with inference overrides (3e89e1c)
notifications: add SSE reminder notification system (089c827)
presentation: add file management endpoints and wire file ingestion (d74e66c)
presentation: add knowledge graph HTTP endpoints and wiring\n\nAdd REST handlers for knowledge graph: search, list by type,\nget node, delete, stats, and export under /v1/knowledge-graph/.\nExtend AppState with knowledge_graph_service field. Wire\nPgKnowledgeGraphStore and KnowledgeGraphService in main.rs.\nUpdate all test and benchmark AppState constructions." (b8d9b45)
route tool-free sub-agents through adaptive model routing (670a475)
screenshots: add screenshot automation tests and configuration (7b0e790)
send voice transcription text in Signal and WhatsApp\n\n- Signal handler sends 🎤 transcription before audio response\n and passes detected_language to synthesize()\n- WhatsApp handler sends 🎤 transcription before audio response\n- Voice HTTP handler uses detected_language from VoiceMessageResult" (7589e55)
spawn ActionGraphHandler and add GET /v1/knowledge-graph/actions endpoint (31bd4c9)
update default model to gemma3:12b-it-q4_K_M across configuration and documentation (c9c258a)
update model loading configurations and documentation for adaptive routing (7817751)
update task handling in Kanban page to switch filter on completion or cancellation (9b79841)
voice: add voice-first interface stack (feb1ed7)

Bug Fixes

add CalDAV PROPFIND auto-discovery and vault retry loop (d112856)
add request validation for calendar, chat, and memory endpoints (030edba)
add stacking context to header for global search dropdown (da31985)
add vault health auto-recovery with re-authentication (8109267)
ai_tokenopt: resolve test-profile clippy warnings (4cbf12e)
api: make memory summary optional and auto-generate when empty (dbfaa63)
caldav: filter non-calendar collections by resourcetype (e3e4710)
calendar date formatting and task linking error handling (4069d0e)
classify auth errors as non-transient in circuit breaker (89fdfff)
config: add CardDAV fallback and improve email diagnostic logging (a8d3e8b)
correct AI models display on system page (4d58551)
correct embedding column dimensions from 768 to 384 in agent_profiles and agent_memories (a3293cd)
docker: add libgomp1 installation to Dockerfile for improved compatibility (10ce2a6)
docker: correct torch and torchaudio installation in Dockerfile (42240b7)
docs: correct decorator chain order in architecture docs (1a9d04f)
enhance system prompt to clarify web search and code execution capabilities (c714f51)
filter expired approvals from pending list (28bddb9)
frontend: resolve UI issues with search z-index, task filter, and calendar form (9980988)
gitignore: update bugreports entry to ignore all files in the directory (f6d7c6d)
handle CalDAV 403 Forbidden errors with dedicated error variant (fa572e3)
handle SecretString in config conversions and test assertions (a36308a)
improve WCAG AA color contrast ratios (d2ca62f)
inference: map model capability errors to 503 instead of 400 (a8fb710)
infrastructure: resolve clippy warnings in token optimization config tests (117dd08)
map model capability errors to InvalidOperation (eeb4bbb)
persist pre-workflow task statuses via X-PISOVEREIGN-STATUS CalDAV property (f602d30)
playwright: update bug report directory path to include 'e2e' (af4a27d)
remove pt_PT-tugao voice model (404 due to unicode path)\n\nThe HuggingFace path contains 'tugão' (with ã) which causes curl to\nfail with exit code 22 during Docker build. Removed pt_PT entry from\nvoices.json and merged pt-pt key into pt_BR mapping as fallback." (68a765a)
replace Promise.race with locator.or in contacts E2E test (0c11224)
resolve approval queue DB type mismatch with RFC 3339 text binding (8adc3e8)
resolve ARIA accessibility violations (7912992)
resolve bearer_auth Option<String> type mismatch in ai_speech (ff58bcb)
resolve temporal dead zone error in tasks page (d148680)
return single-chunk stream for trivial template responses instead of 400 error\n\nPreviously, streaming requests classified as Trivial (e.g. "Hallo", "Danke")\nreturned 400 "streaming not supported for template responses". Now the\nTemplateResponder and ModelRoutingAdapter emit the template response as a\nsingle SSE chunk with done=true, keeping the streaming contract intact.\n\nUpdates unit and integration tests accordingly. (bc1c115)
screenshots: update various screenshots for improved clarity and consistency (0d1df81)
screenshots: update various screenshots for improved documentation clarity (5b8eb37)
tests: update API test plan version and add new tests for authentication, files, voice, knowledge graph, contacts, calendar, tasks, reminders, email, command catalog, memories, global search, and notifications (fa2abc1)
update playwright config to include LLM project and adjust grep settings (5a83dc2)
update tinyvec to version 1.11.0 and update checksum (470dca3)
use aria-disabled for keyboard-accessible disabled buttons (878bf15)
use h1 heading and improve contrast ratio in ServiceUnavailable component (4e46e0e)
use ILIKE for case-insensitive conversation search (8f9c720)
workflow: update actions and toolchain versions in publish-ai-tokenopt.yml (b9efb37)

Documentation

add signal-cli config copy command to README quick start (c2df9be)
add vision, philosophy and future ideas document (d296ad8)
ai_tokenopt: update architecture docs with token optimization (136ecb6)
frontend: add comprehensive testing guide to mdBook (f7db650)
voice: document voice-first API and configuration (0602b29)

0.5.2 (2026-03-10)

Features

add accessibility settings with font size, motion, and contrast\n\nAdd accessibility store with font size presets (small/medium/large/\nx-large), reduce motion toggle, and high contrast mode. Add CSS rules\nfor .reduce-motion and .high-contrast classes. Add accessibility\nsection to settings page with interactive controls." (ad559b5)
add docker-rebuild-nocache command to rebuild PiSovereign container without cache (f99a83b)
add focus trap hook and improve modal/overlay accessibility\n\nAdd reusable useFocusTrap hook that cycles Tab/Shift+Tab within a\ncontainer and restores focus on deactivation. Apply focus traps to\nmodal, auth-gate, and sidebar overlay. Add footer landmark to\napp-shell for improved landmark structure." (12b0f9c)
add keyboard column navigation to kanban board\n\nAdd Shift+ArrowLeft/Right keyboard shortcuts to move kanban cards\nbetween columns. Include sr-only usage instructions and update\naria-labels with keyboard hint." (57e87fb)
add sr-only headings and delete confirmation for WCAG compliance\n\nAdd screen-reader-only h1 headings to chat, conversations, and agentic\npages for proper heading hierarchy. Add confirmation modal before\ncontact deletion to prevent accidental data loss." (619da16)
add trusted IP bypass for rate limiter\n\nAdd rate_limit_trusted_ips config field (Vec<IpAddr>) to SecurityConfig\nand RateLimiterConfig. Requests from trusted IPs skip rate limiting\nentirely. Wire through RateLimiterLayer and RateLimiter middleware.\n\nConfigure 127.0.0.1 as trusted in docker/config/config.toml and add\ncommented example in config.toml.example.\n\nCloses #005 (5350cb5)
application: add adaptive routing port and service with complexity-based routing (6f51b88)
domain: add RoutingDecision value object for adaptive multi-agent routing (fcdcf5e)
http: add voice endpoints and wire adaptive routing into chat stream (1a7dd35)
improve approval button labels and toast pause-on-hover\n\nAdd contextual aria-labels to approval buttons in chat messages.\nAdd role=status for non-error toasts. Implement toast pause-on-hover\nand pause-on-focus for WCAG 2.2.1 timing compliance. Add unit tests\nfor pause/resume functionality." (caea067)
show persistent security banner when default API key is configured\n\nDetect the shipped default API key (sk-pisovereign-2026-prod) at startup\nvia Argon2 verification in ApiKeyStore. Expose has_default_api_key in\nthe /v1/auth/verify and /v1/auth/login responses. The frontend renders\na non-dismissible amber warning banner across every page until the\ndefault key is removed from config.toml and the server is restarted.\n\n- Add DEFAULT_API_KEY const and has_default_key detection to ApiKeyStore\n- Extend LoginResponse and VerifyResponse with has_default_api_key field\n- Add hasDefaultApiKey signal to auth store (set on login/verify/logout)\n- Create SecurityBanner component mounted in AppShell layout\n- Add 4 Rust unit tests for default key detection\n- Add 7 frontend tests (4 component + 3 auth store signal tests)\n- Update MSW mock handlers with auth endpoint responses" (1d3ae3d)
tests: add E2E test report generator for tracking test results (bc7ab06)
web: add inline agentic mode progress indicator (058d04a)
web: add voice recording, playback UI, and speech API integration (96e74a6)
web: show burger menu sidebar on all screen sizes (4ffa81b)

Bug Fixes

accept space-separated datetime formats and map CommandFailed to 400\n\nAdd "%Y-%m-%d %H:%M:%S" and "%Y-%m-%d %H:%M" formats to reminder\nparsing and tool_executor::parse_datetime(). Also add NaiveDateTime\nformats with T-separator to tool_executor.\n\nChange ApplicationError::CommandFailed mapping from Internal (500) to\nBadRequest (400) since all 32 usages are input validation errors.\nAdd GatewayTimeout variant to ApiError for timeout handling.\n\nCloses #002"} (977539d)
add handler-level timeouts and preempt stuck LLM calls\n\nWrap chat() in tokio::time::timeout(180s) and the ReAct tool-augmented\npath in chat_stream() with the same budget. Replace inter-iteration\nelapsed check in ReAct agent with per-LLM-call timeout using remaining\ntime budget so stuck inference calls get preempted.\n\nReduce inference.timeout_ms from 300000 to 90000 in docker config and\nfrom 60000 to 90000 in config.toml.example to keep both in sync.\n\nCloses #004 (85de94a)
add tsconfig.e2e.json for Playwright E2E testing configuration (bfff5e4)
ai_core: classify model capability errors as permanent (4972c6b)
application: fall back to plain inference when model lacks tool support (d07e362)
approvals: make deny request body optional (0bcc23d)
caldav: handle self-closing XML tags in displayname parser (e0a84bd)
caldav: prevent URL path doubling in calendar_url when href contains server path (c28b405)
dependencies: update libc to version 0.2.183 and update checksum (127d3d4)
dependencies: update redb to version 3.1.1 and zerocopy to version 0.8.41 (73fc027)
dockerignore: add frontend build artifacts to .dockerignore (bd111aa)
docker: use deterministic URIs for Baikal calendar and addressbook (948fbf1)
docker: use Gmail defaults instead of Proton Bridge for email (0fe021e)
docs: update development steps to include frontend tests (b2d056a)
frontend: align contacts and approvals types with backend API (a71ac3b)
frontend: handle 204 No Content responses and fix ErrorResponse type guard (5426dd7)
frontend: resolve drag and drop issues in kanban, tasks, and calendar (7437f52)
frontend: show graceful UI state for email 503 service unavailable (d446d7d)
http: map backend auth failures to 503 Service Unavailable (e63abd7)
improve light mode aesthetics across frontend (19fdd38)
infrastructure: exclude permanent errors from circuit breaker (6ae8ae2)
infrastructure: return fallback response in degraded tool-calling mode (8c968f5)
metrics: unify all metric names under pisovereign_ prefix (f0ecc46)
remove dompurify from markdown manualChunks in vite.config.ts (7552bd4)
replace vulnerable dompurify with native HTML sanitizer (83daa04), closes #22
resolve 4 E2E test failures across calendar, contacts, mailing, and tasks\n\n- CalDAV XML parser: track propstat status codes and skip entries with\n only 404 propstats; reject display names starting with "HTTP/"\n- iCal builder: handle date-only strings (YYYY-MM-DD) with VALUE=DATE\n for all-day events; support RFC 3339 Z-suffix and CalDAV format\n- vCard builder: add RFC 6350 escaping for backslash, comma, semicolon,\n and newlines in FN, N, ORG, TITLE, ADR, NOTE, CATEGORIES fields\n- Mailing page: treat all 5xx and network errors as service unavailable\n instead of showing error toast; fix invalid Playwright selector" (a6fd5eb)
resolve clippy lint and cargo doc warnings (943a265)
signal: enhance error detection for already receiving messages (3bc155f)
signal: return 409 Conflict for concurrent poll subscriptions (258d293)
surface real API error messages in task, calendar, and memory pages (bb2c437)
terminate agentic SSE stream after terminal event\n\nAdd done flag to unfold state so the stream returns None on the poll\nafter emitting a TaskCompleted or TaskFailed event. Previously the\nstream continued indefinitely, causing client connections to hang.\n\nCloses #003 (eb1b692)
update dependencies in Cargo.lock to latest versions (7b21f79)
update quinn-proto to version 0.11.14 and update checksum (40c415b)
update zerocopy and zerocopy-derive to version 0.8.42 and update checksums (5e58b91)
validate conversation_id early in chat and stream handlers\n\nAdd ConversationId::parse() validation before any processing in both\nchat() and chat_stream() handlers. Invalid UUIDs now return HTTP 400\ninstead of causing SSE stream connection resets.\n\nCloses #001"} (bb09452)

Documentation

add 46 missing endpoints to Postman collection (7977046)
add cross-device deployment strategy document (9a0747e)
document E2E testing setup and architecture (fcb769d)
enhance cross-device deployment strategy with detailed smartphone OS compatibility and recommendations (164e939)
update cross-device deployment strategy with new CI/CD workflows and structure (e8a7aae)

0.5.1 (2026-03-04)

Features

add adaptive model routing with complexity-based request classification\n\nIntroduce a 4-tier (Trivial/Simple/Moderate/Complex) request classification\nsystem that routes queries to appropriately sized LLM models or template\nresponses. This reduces average response time by routing 60-70% of queries\nto smaller models or instant template responses.\n\nNew components:\n- Domain: RequestComplexity, TemplateCategory, ComplexityClassification\n- Application: ComplexityClassifierPort, ModelRoutingPort traits\n- Infrastructure: RuleBasedClassifier (regex + heuristic classification),\n TemplateResponder (instant bilingual DE/EN template responses),\n ModelRoutingAdapter (central routing decorator), ModelRoutingConfig\n- Metrics: Per-tier request counters, template hits, tier upgrades\n exposed via JSON and Prometheus endpoints\n- Decorator chain: Per-tier DegradedInferenceAdapter with shared\n CachedInferenceAdapter + SanitizedInferencePort\n\nAlso:\n- Deprecate old ModelSelector in ai_core (replaced by model routing)\n- Bump OLLAMA_MAX_LOADED_MODELS from 1 to 2\n- Add comprehensive documentation and integration tests (9 tests)\n- Update config.toml.example, Docker config, and troubleshooting docs" (7280a4a)
add agentic event bus adapter and config (9a8d68e)
add agentic mode domain entities and value objects (050a748)
add agentic mode frontend UI (f6f948b)
add agentic mode REST API endpoints (7c23ea5)
add agentic orchestrator ports and service (7f9257c)
add canary-token detection for external context data (ab69b10)
add config hot-reload for security components via SIGHUP (165be3a)
add HMAC-signed tool receipts for integrity verification (756bbdf)
add in-process event bus for async post-processing\n\nImplement a tokio::sync::broadcast-backed event bus that decouples\npost-processing work from the user-facing response path:\n\n- DomainEvent enum (7 variants) in the domain layer\n- EventBusPort / EventSubscriberPort traits in application ports\n- TokioBroadcastEventBus adapter in infrastructure\n- 4 background handlers: FactExtraction, AuditLog,\n ConversationPersistence, Metrics\n- EventsConfig with sensible defaults (enabled, channel_capacity)\n- ChatService emits ChatCompleted from all 5 chat methods\n- AgentService emits CommandExecuted with variant-only names\n- MetricsCollector implements EventMetrics trait bridge\n- Full wiring in main.rs with conditional handler spawning\n- 12 integration tests across application and infrastructure\n- Documentation in architecture.md and configuration.md\n- Docker config.toml updated with events section enabled" (66b8f14)
add per-user inference rate limiter (759ccea)
add sandbox configuration for code execution with timeout settings (8cb758e)
add semantic cache for embedding-based similarity matching in LLM responses (7a9ccfe)
add semantic cache for LLM responses with pgvector support (b54b708)
add structured security event emitter with event bus integration (a666a57)
add tool-result size cap to prevent context flooding (e15c13a)
application: add precomputation ports and services (f59a8f5)
domain: add precomputation and query pattern entities (6ed0a17)
implement LLM tool calling with ReAct agent loop\n\nAdd a complete ReAct (Reasoning + Acting) agent that enables the LLM\nto call 18 integrated tools (weather, web search, calendar, contacts,\ntasks, reminders, transit, email, memory, and code execution).\n\nDomain layer:\n- ToolDefinition and ToolCall/ToolResult value objects\n- MessageRole::Tool variant and tool_calls/tool_call_id on ChatMessage\n- Conversation helper methods for tool messages\n\nApplication layer:\n- ToolRegistryPort and ToolExecutorPort traits\n- InferencePort::generate_with_tools() with default impl\n- ReActAgentService with configurable iteration limits and timeouts\n- ChatService::chat_with_tools() integration method\n\nAI core:\n- Ollama /api/chat tools parameter support\n- InferenceRequest/Response tool_calls fields\n\nInfrastructure:\n- OllamaInferenceAdapter generate_with_tools implementation\n- Decorator forwarding in all 5 inference adapters\n- ToolRegistry with 18 tool definitions and builder pattern\n- ToolExecutor with 18 dispatch methods\n- AgentConfig and ToolCallingConfig structs\n\nPresentation:\n- AppState react_agent_service field\n- Chat/upload handlers with ReAct agent integration\n- Full wiring in main.rs with config-driven enablement\n\nConfig defaults: enabled=true, max_iterations=5,\niteration_timeout=30s, total_timeout=120s, parallel execution on.\n\nAll 4,800+ existing tests pass, clippy and docs clean."} (0dfa3ea)
infrastructure: add precomputation config and persistence (1eeb32c)
presentation_http: integrate precomputation subsystem (19f4f14)
strip zero-width characters from LLM output (1cff783)
wire sandbox code execution, global RAG storage, and fix clippy/tests (70f2d28)

Bug Fixes

add output sanitization to tool-calling and ReAct loop (ca85244)
add pre-execution allow-list validation for tool calls (2f19f22)
address clippy warnings across multiple files for improved code quality (717f2c1)
dependencies: update r-efi and getrandom versions in Cargo.lock (0cf3aa7)
enforce prompt sanitization at application layer for all entry points\n\nMove prompt injection detection into AgentService.handle_input(),\nparse_command(), and try_quick_command() so that Signal, WhatsApp,\nand HTTP paths all run through PromptSanitizer. Previously, only\nthe HTTP /chat handler invoked check_prompt_security(), leaving\nmessenger channels completely unprotected.\n\nAdd sanitize_input() helper, with_prompt_sanitizer() builder method,\nand comprehensive tests for injection blocking, clean passthrough,\nand no-sanitizer passthrough." (2fd0a1c)
enforce token budget on memory recall and conversation (acba8da)
keep SecretString through VaultConfig adapter layer (0a178ed)
migrate openai_api_key and websearch api_key to SecretString (99aa7a0)
resolve clippy warnings across security components (ff3dd86)
resolve clippy warnings from tool calling implementation (1d9a361)
simplify assertions in tests for VaultConfig and WebSearchAppConfig (9bb4e6a)
update ajv version and remove unused dependencies in package-lock.json (051b225)
update aws-lc-rs, aws-lc-sys, erased-serde, ipnet, and tokio-macros to latest versions (17ae846)
update getrandom to version 0.4.1 and zlib-rs to version 0.6.3 (0f95678)

Documentation

add agentic mode documentation (bf2411e)
add teenager-friendly features overview page (d4e4c31)
update architecture and configuration for 3-layer caching system with semantic layer support (a43e96d)

0.5.0 (2026-02-27)

⚠ BREAKING CHANGES

Database backend changed from SQLite to PostgreSQL.

Features

add conversations navigation, browsing, and chat continuation (6cb4e2c)
add LLM-based fact extraction service (5f9b10b)
add search_keywords field to Memory entity and FTS5 migration (234d9ed)
extend memory ports for hybrid retrieval and fact storage (8778239)
implement FTS5 search and brain-inspired decay in SQLite store (8747d58)
implement hybrid RAG retrieval with FTS5 in MemoryService (17d888f)
integrate fact extraction into ChatService (ca0d542)
lower RAG similarity threshold from 0.5 to 0.3 (235b80d)
migrate from SQLite to PostgreSQL + pgvector (f6dbebf)
wire FactExtractionService in HTTP server startup (e4b7c0f)

Bug Fixes

change SERIAL to BIGSERIAL for ID fields and update access_count and dimensions types to BIGINT (dd565fd)
enhance chat service with default system prompt and improve interaction storage (61388b2)
resolve 401/429 errors on frontend page navigation\n\n- Enable CORS credentials in dev mode with fixed localhost:5173 origin\n so HttpOnly session cookies are sent cross-origin during development\n- Deduplicate the global 401 recovery handler to prevent concurrent\n checkSession calls from flooding the server\n- Guard all createResource calls with isVerified across 7 pages\n (system, contacts, approvals, commands, memory, mailing, calendar)\n to defer API requests until the session is confirmed\n- Exclude /v1/auth/ paths from rate limiting so session verification\n never exhausts the rate-limit budget\n- Add tests for auth endpoint rate-limit exclusion and 401 deduplication" (4390949)
resolve broken rustdoc link and guard tasks page API calls on auth\n\n- Fix intra-doc link in chat_service.rs to use super::importance:: path\n since importance is a sibling module, not a child\n- Guard tasks resource in tasks.page.tsx with isVerified() using createMemo,\n matching the pattern used in kanban.page.tsx, to prevent 401/429 cascades\n when navigating to the Tasks page before session verification completes" (c7f12ee)
resolve PostgreSQL type mismatches and query compatibility issues (841f53d)
resolve tasks 401/429 and email 400 frontend errors (21ad3f2)
thread authenticated user_id through RAG pipeline and fix embedding dimensions\n\n- Pass authenticated user_id from RequestContext through chat(), chat_with_context(),\n continue_conversation(), chat_stream(), system_prompt_with_rag(), store_interaction()\n instead of hardcoding UserId::default()\n- Add ensure_user_profile() auto-upsert in PgMemoryStore::save() to prevent FK\n violations when storing memories for new users\n- Apply Matryoshka truncation (768→384 dims) with L2 renormalization in\n OllamaEmbeddingEngine to match the vector(384) DB column\n- Update all callers: HTTP handlers, voice_message_service, benchmarks, tests" (4070661)
update async-compression and compression-codecs to latest versions (09241f4)
update database configuration and improve test handling for PostgreSQL (efb8040)
update documentation to reflect migration from SQLite to PostgreSQL (abf1235)
update email provider configuration from Proton to Gmail (31f7d15)
update package versions to 0.4.14 for ai_core, ai_speech, application, domain, infrastructure, integration modules, and zerocopy (554e8d9)

Performance Improvements

Phase 1 quick wins — cache wiring, compression, dead code removal, Redb cleanup\n\n- Wire CachedInferenceAdapter (L1 Moka + L2 Redb) around DegradedInferenceAdapter\n- Add HTTP gzip + brotli compression via CompressionLayer\n- Remove dead code: tera templates (1,119 lines), testcontainers wrappers (383 lines)\n- Remove unused deps: r2d2, r2d2_sqlite, tera, testcontainers-modules\n- Remove deprecated SledCache type alias\n- Schedule periodic Redb cache cleanup (every 30 minutes)\n- Add MultiLayerCache::cleanup_expired delegating to L2\n- Fix L2→L1 promotion TTL: use actual remaining TTL instead of hardcoded 30min\n- Add RedbCache::get_bytes_with_remaining_ttl for correct TTL propagation\n- Remove 2 testcontainers-related advisory exemptions from deny.toml" (d3f98a3)
SQLite per-connection PRAGMAs and pool tuning\n\nApply PRAGMAs via SqliteConnectOptions instead of post-pool queries\nso every connection in the pool gets WAL mode, synchronous=NORMAL,\nbusy_timeout=5s, cache_size=32MB, mmap_size=256MB, temp_store=MEMORY.\nAdd with_max_connections() builder method and wire config value." (2c44330)

0.4.14 (2026-02-26)

Features

add baikal auto-setup init container\n\nAdds a baikal-init service (caldav profile) that automatically provisions\na CalDAV/CardDAV user on container startup:\n- Reads credentials from Vault secret/pisovereign/caldav\n- Creates user in Baikal's SQLite DB with MD5 digest auth\n- Sets up principal entries, default calendar, and address book\n- Idempotent: updates password if user exists, creates if not\n- Adds healthcheck to baikal service (curl localhost:80)\n- Adds 'just docker-baikal-reinit' command for manual re-provisioning\n- Vault token read from vault-init shared volume" (ba71d21)
add ollama startup health check with model verification\n\nAdds a retry-based health check during application startup that:\n- Validates Ollama connectivity with 3 retries and 5s delay\n- Verifies the configured model is available via list_models\n- Logs warnings for degraded mode if Ollama is unreachable\n- Non-blocking: allows startup in degraded mode on failure" (7f0c0f0)
add streaming typing effect with blinking cursor and per-word reveal\n\nAdd a smooth typing animation for streaming AI assistant messages:\n\n- useStreamingReveal hook: buffers incoming SSE chunks and reveals\n them word-by-word at a configurable cadence (default 30ms/word).\n Flushes remaining buffer when streaming ends. Bypasses buffering\n when prefers-reduced-motion is active.\n\n- StreamingMarkdown component: wraps MarkdownRenderer with a blinking\n typing cursor (▎) that appears during streaming. Shows static cursor\n when reduced motion is preferred.\n\n- CSS cursor-blink animation: added to app.css with proper\n prefers-reduced-motion support.\n\n- MessageBubble: uses StreamingMarkdown for streaming messages,\n MarkdownRenderer for finalized messages. Removed old animate-pulse\n dot indicator.\n\n- MessageList: wires useStreamingReveal to display buffered content\n in the streaming bubble.\n\n- Full test coverage: 6 hook tests + 6 component tests, all passing." (5ded629)
add vault credentials verification command and startup validation\n\nAdds 'just docker-vault-check' command that:\n- Verifies all expected secret paths exist in Vault\n- Checks for required keys within each secret (api_key, username, etc.)\n- Shows color-coded status: pass/partial/missing with summary\n- Exits non-zero if critical secrets are missing\n\nAlso adds startup config validation after secret resolution that\nwarns about empty critical fields (api_keys, email, caldav username)." (d1b0129)
application: integrate upcoming birthdays into morning briefing (5993d84)
benchmarks: add missing stores to AppState in chat_pipeline benchmarks (c67d7c5)
calendar: add event-task linking, detail modal, and day view drag & drop (0c7f7e8)
cli: add --api-key flag for authenticated API requests\n\nThe CLI now supports authentication via --api-key flag or\nPISOVEREIGN_API_KEY environment variable. The Bearer token\nis automatically added to all HTTP requests.\n\n- Adds global --api-key flag with env var fallback\n- Configures reqwest default headers with Authorization: Bearer\n- Works with all subcommands (chat, command, models, status)" (11780ad)
commands: add system command catalog with yolo mode, FTS5 search, and catalog UI (bd26483)
email: rename ProtonAppConfig to EmailAppConfig with multi-provider support (2e8a4c8)
frontend: add Dashboard Hub with glass panel widgets (14e8e47)
frontend: add Kanban board with drag-and-drop support (8501b06)
frontend: add Liquid Glass design system foundation (51118f6)
frontend: apply Liquid Glass styling to all pages (70514d5)
frontend: enhance Calendar with glass panel views (8b20ace)
frontend: redesign layout with glass morphism navigation (1b9732f)
frontend: update UI components with Liquid Glass styling (b787f81)
http: spawn periodic session cleanup task (39621ad)
http: use configurable system prompt from config.toml (43fef26)
implement system command auto-discovery with AI fallback\n\nAdds SystemCommandDiscoveryService that populates the command catalog\non first startup:\n- Checks if catalog is empty before attempting discovery\n- Tries AI-based discovery via LLM prompt (JSON response parsing)\n- Falls back to 30+ curated default commands on AI failure\n- Commands span 6 categories: filesystem, text, system, process,\n network, docker with correct risk level assignments\n- Runs as spawned task to avoid blocking application startup\n- Includes 13 unit tests covering all paths" (1fdbf46)
memory: wire RAG memory system with HTTP endpoints, embedding adapter, decay task, and memory UI (c544aeb)
tasks: add drag & drop reorder and move tasks between lists (cb6cbe3)
tasks: add edit task modal with full CRUD support\n\n- Add EditTaskModal component with title, description, priority, status, due date fields\n- Pre-fill edit form with current task data\n- Only send changed fields in update request (delta updates)\n- Add edit button (pencil icon) to TaskCard component\n- Wire onEdit callback through TaskCard to EditTaskModal\n- Import UpdateTaskRequest type for proper typing" (89aa3df)
wire system commands into agent service for AI-driven search and execution (a956186)

Bug Fixes

.gitignore: include prompts directory in ignored files (0ef96ca)
accept RFC 3339 timestamps in calendar events endpoint\n\nExtract parse_datetime_param helper that first tries raw RFC 3339 parsing\nbefore falling back to date-only YYYY-MM-DD with default time suffix.\nPreviously, full ISO timestamps like 2026-02-25T23:00:00.000Z caused a\n400 because the handler blindly appended T00:00:00Z to the input." (bce7485)
add issues.md to .gitignore (2258a36)
application: improve rag memory logging (35b5592)
application: prevent shell injection in system command execution\n\nWhen user arguments are provided, the command is now invoked directly\nwithout shell interpolation. Arguments containing shell metacharacters\n(; | & ` $ etc.) are rejected before execution.\n\n- Adds contains_shell_metacharacters() validation for user args\n- Uses direct process invocation instead of sh -c for user args\n- Keeps sh -c for base commands without user args (supports pipes)\n- Adds tests for semicolon, pipe injection and metachar detection" (ff1d229)
audio: fix FFmpeg arg order and patch WAV pipe header (fce47bc)
audio: simplify condition for parsing AAC, M4A, and MP4 formats (66cba8f)
carddav: decouple force_https from verify_certs (9baa518)
carddav: remove duplicate closing prop tag in PROPFIND XML\n\nThe list_addressbooks() PROPFIND body contained a duplicate </D:prop>\nclosing tag producing malformed XML that strict CardDAV servers reject." (b2e7ce1)
chat-service: simplify top similarity retrieval in RAG memory logging (e1bce40)
cli: hide S3 credential flags and warn on CLI usage (ad0a007)
cli: improve warning messages for S3 credentials in CLI (2d92028)
clippy: use map_or_else instead of match on Option in test helper\n\nResolve clippy::option_if_let_else warning in\nSystemCommandDiscovery test stub's result() method." (d842fc4)
cli: prevent double-slash in endpoint_url concatenation (a22e7fd)
command-parser: classify greetings as ask intent instead of contact search\n\nWhen a user types "Hallo ich bin Andreas", the LLM intent classifier\nmisclassifies it as a contact search, returning "No contacts found".\n\nAdd greeting quick patterns that intercept greetings and introductions\nBEFORE LLM intent detection, routing them directly to AgentCommand::Ask.\nAlso add explicit negative examples to the INTENT_SYSTEM_PROMPT so the\nLLM correctly classifies greetings as "ask" when quick patterns miss.\n\nSupported patterns (DE/EN): hallo, hi, hey, hello, guten morgen/tag/abend,\nmoin, servus, ich bin, mein name ist, ich heiße, my name is, nice to meet.\n\nIncludes 16 unit tests covering all patterns and non-interference with\nexisting contact search patterns." (43fa7bc)
command-parser: remove greeting pre-filter and add llm post-validation (3a4168b)
commands: streamline output sanitization in command execution (8006bae)
converter: streamline debug logging and improve code readability (cd48a6e)
dependencies: update chrono, linux-raw-sys, and rustix versions (7671635)
dependencies: update versions for js-sys, redox_syscall, regex-syntax, rustls, serde_with, and wasm-bindgen packages (b572295)
Docker deployment fixes and documentation updates (b6be7d2)
docker: add FFmpeg to runtime for voice message audio conversion (d32242e)
docker: add missing [commands] section to Docker config\n\nThe system command auto-discovery feature requires a [commands] section\nin the Docker config. Without it, the system_commands table stays empty\nbecause auto_discover defaults to false.\n\nAdd the section with auto_discover = true and safe defaults\n(yolo_mode = false, timeout_secs = 30)." (07a63ca)
docker: correct Baikal init schema for calendar creation (a39a85c)
docs: resolve broken MemoryContextPort intra-doc link\n\nThe doc comment referenced MemoryContextPort without a fully qualified\npath, causing a rustdoc warning because the trait is defined in\ncrate::ports::MemoryContextPort, not in the services module scope.\n\nUse explicit path syntax: [MemoryContextPort](crate::ports::MemoryContextPort)" (21bd281)
domain: reorder imports for consistency (2d92028)
frontend: correct CalendarEvent mock objects in tests (58d110f)
frontend: correct new chat href and guard api calls (20a52ca)
frontend: handle auth verification state and improve task list error display\n\nFix 401 errors on /events, /lists, /tasks endpoints that occur when the\nbrowser console shows failed requests during initial page load.\n\nRoot cause: ProtectedRoute immediately redirected to /settings before\ncheckSession() completed, causing lazy-loaded components to briefly\nattempt API calls without authentication.\n\nChanges:\n- Start isVerifying as true (pending initial session check)\n- Show loading spinner in ProtectedRoute while verifying instead of\n immediate redirect — prevents 401 errors in console\n- Add 404 error message to task list error handler\n- Improve 503/401 error messages for better user guidance\n- Update auth store test to match new initial isVerifying state" (8d29d96)
gate tasks and kanban API calls behind isVerified\n\nBoth pages fired createResource fetchers immediately on mount without\nchecking the auth session, causing 401 Unauthorized errors in the\nconsole. Add isVerified as the source signal to createResource,\nmatching the pattern already used on the dashboard page." (514beff)
handle 401 responses globally in API client\n\nAdd registerUnauthorizedHandler callback pattern in apiFetch so that\nstale sessions after server restart trigger re-authentication instead\nof silently failing. Wired up in App component via checkSession()." (6e5828d)
http: add HSTS header to security middleware\n\nAdds Strict-Transport-Security header with max-age=63072000 (2 years)\nand includeSubDomains to prevent HTTPS downgrade attacks.\n\n- Adds HSTS header insertion in SecurityHeaders middleware\n- Updates module documentation to list HSTS\n- Adds dedicated test for HSTS header presence and value\n- Updates all_security_headers_present test to include HSTS" (a43a625)
http: add input validation to ExecuteCommandRequest\n\nAdds length validation (1-10000 chars) using ValidatedJson extractor,\nconsistent with ChatRequest validation. Removes manual empty check\nin favor of declarative validator pattern." (01f2973)
http: add Retry-After header to 429 rate-limited responses (8d44e33)
http: disable CORS credentials in dev mirror mode (7f89ff1)
http: exclude webhook paths from API key auth middleware\n\nMeta's WhatsApp webhook verification sends GET requests without\nBearer tokens. These requests were blocked by the auth middleware.\n\n- Adds /webhook/ prefix to auth exclusion list\n- Webhook handlers use their own HMAC-SHA256 signature verification\n- Adds test verifying webhook paths bypass auth" (04b91f5)
http: pass pool directly to SqliteSuspiciousActivityTracker (2d92028)
http: replace hardcoded StatusResponse with dynamic system info (72c396e)
improve RAG memory with brain-inspired decay and adaptive scoring (5b93dfd)
infrastructure: use persistent SQLite suspicious activity tracker (0b0bad4)
make New Chat quick action clear messages before navigating\n\nExtend QuickAction interface with an optional onClick handler invoked\nbefore navigation. Wire clearMessages() on the New Chat action so\nold conversation messages are cleared when starting a new chat.\nAdd unit tests for onClick behavior." (9cfc961)
make New Chat quick action navigate to /chat\n\nRemove onClick handler from New Chat quick action that called\nclearMessages(), which interfered with SolidJS router navigation.\nMove clearMessages() to chat page onMount instead so the clean-slate\nbehavior is preserved when entering the chat." (52fe9d8)
memory: improve error handling and default behavior in memory operations (4732da4)
overhaul RAG memory for reliable fact recall and brain-inspired decay\n\nRoot causes fixed:\n- RAG prompt injected 200-char truncated summaries instead of full content\n- No instructive framing told the LLM to treat memories as known facts\n- German naming patterns (nenn dich, du heißt) missing from identity cues\n- MemoryEnhancedChat used fixed importance 0.5 for all interactions\n- No freshness factor in relevance scoring\n- Facts and corrections could decay to nothing\n- Importance/type heuristics duplicated and diverged across files\n\nChanges:\n- Add shared importance.rs module (single source of truth for heuristics)\n- Add per-type importance floors (Correction=0.35, Fact=0.30, Pref=0.25)\n- Add per-type decay modifiers (Correction=0.50×, Fact=0.70×, etc.)\n- New relevance formula: similarity×0.50 + importance×0.20 + freshness×0.30\n- RAG uses full content with 2000-char budget + instructive preamble\n- Priority sort: Corrections > Facts > Preferences > Context > ToolResult\n- Unify both chat pipelines (HTTP + messenger) on shared heuristics\n- Update infrastructure pre-filter to match new scoring weights\n- Update all tests (3447 pass, 0 fail), docs, and Docker build" (926bb34)
prevent false-positive intent routing for conversational messages (9e43af0)
prompt-template: add build and Docker image criteria to acceptance checklist (7a898e5)
prompt-template: emphasize CLAUDE.md reference formatting (dd4aa42)
prompt-template: enhance acceptance criteria for code quality and verification (1736d9f)
rate_limit: add clippy allow for potential truncation warnings (2d92028)
remove ANALYSE.md as it is no longer needed (f3408e4)
replace expect with proper error propagation in CLI (962edd3)
replace getEventsInRange with getTodayEvents on dashboard\n\nThe dashboard was sending full ISO timestamps to /v1/calendar/events\nbut the backend expected YYYY-MM-DD dates, causing 400 Bad Request.\nSwitch to the dedicated getTodayEvents() API which uses\n/v1/calendar/events/today and requires no date params. Remove the\nnow-unused getTodayRange() helper." (e467057)
signal-cli: make attachments directory world-readable for pisovereign (de5a50e)
signal: capture attachments from sync SentMessage (06c817b)
signal: resolve attachment files by id from signal-cli data directory (50faa6e)
signal: use agent pipeline for voice messages with conversation context (89bf790)
speech: convert audio to WAV and handle whisper.cpp error responses (f81be1f)
speech: route local STT/TTS to whisper-server and piper containers (15e521e)
speech: use whisper.cpp native /inference endpoint for local STT (8ee077c)
system_command_store: simplify binding of created_at and updated_at (2d92028)
tasks: add task_count to list response and improve error display\n\n- Add task_count field to TaskListResponse in backend handler\n- Add list_id alias to ListTasksQuery for frontend compatibility\n- TaskListResponse::with_count() constructor counts tasks per list\n- Frontend: import ApiError for status-aware error messages\n- Frontend: show error card with retry button on 503/connection errors\n- Frontend: handle optional task_count in list dropdown display\n- Fix query param mismatch: frontend sends list_id, backend accepts via alias" (48f20dd)
tests: format header value assertion for clarity (922be3f)
tests: simplify error handling in OllamaEmbeddingAdapter tests (c67d7c5)
tests: update default model in config_clone test (2d92028)
unify importance and decay values for ToolResult and Context memory types (7c74bcc)
update dependencies for js-sys, tempfile, wasm-bindgen, wasm-bindgen-futures, wasm-bindgen-macro, wasm-bindgen-macro-support, wasm-bindgen-shared, and web-sys (9f00ac7)
update package versions to 0.4.13 and 0.5.8 in Cargo.lock (9d65647)
validators: move validate_not_empty_trimmed to common module and apply to command input (1026d31)
web: add object-src 'none' to Content Security Policy (71e11e2)
websearch: handle multi-byte UTF-8 in DuckDuckGo url_decode (e8690ec)
wire RAG memory pipeline into ChatService for context-aware responses (6ec40da)

Performance Improvements

infrastructure: limit vector search candidates to prevent memory exhaustion\n\nVector similarity search previously loaded all embeddings for a user\ninto memory. Now pre-filters by importance DESC with a configurable\nLIMIT (default: 1000).\n\n- Adds max_search_candidates config field to MemoryAppConfig\n- Adds SqliteMemoryStore::with_max_candidates() constructor\n- SQL query uses ORDER BY importance DESC LIMIT $2\n- Documents new config option in config.toml.example" (a80da0e)
web: check If-None-Match header for ETag-based 304 responses (853ff75)

Security

vault: isolate Vault/Ollama networks, harden command execution, add AppRole auth (b7ce6b9)

Documentation

add CLAUDE.md AI development guide\n\nDefines unified senior persona (Rust/DevOps/Frontend), encodes Clean\nArchitecture dependency rules, key conventions, senior Rust guidelines,\ntesting requirements (90-100% coverage), mandatory verification workflow,\nand frontend/Docker references. Optimized for compact token consumption\nper Claude Opus 4.6 interaction (~1,100 words, 149 lines)." (4b4422e)
add prompt template for project descriptions and guidelines (cf01ecd)
domain: document TenantAware trait single-tenant status (395337b)
email: add Gmail configuration guide to Docker config\n\nAdd step-by-step instructions in the Docker config comments explaining\nhow to switch from Proton Bridge to Gmail as the primary email provider.\nCovers App Password generation, Vault credential storage, and which\nDocker profiles to adjust." (fd71492)
prompt-template: enhance project guidelines and structure for clarity (6f53beb)
update developer docs for routing pipeline and memory system (0a5fc4b)

0.4.13 (2026-02-21)

Features

scheduling: integrate domain scheduling module into workflow engine (91e0ec7)
workflow: add format-specific prompts and rich task extraction (42df8ae)

Bug Fixes

add CardDAV configuration for contacts integration (4d7ed66)
add CreateEventRequest and UpdateEventRequest interfaces for calendar event management (04f79a2)
CalDAV XML parsing uses local_name for namespace-agnostic tag matching (b0ff60e)
caldav: fix task adapter calendar routing and add detailed calendar list (a012651)
convert iCalendar datetime to RFC 3339 in API response (a130e60)
enhance calendar API with event creation, update, and deletion routes (c01f23e)
implement create, update, and delete event functionality in calendar API (f27a455)
implement edit functionality for contacts with modal support (0a7696c)
JSON-escape template values in workflow command resolution (552d106)
properly escape iCalendar DESCRIPTION field and increase inference timeout (26e271f)
resolve unnecessary_literal_bound clippy warning for provider_name (ee2f514)
simplify calendar-data handling and add test for Baikal namespace (5b0839c)
treat CreateTaskList as soft-fail for CalDAV servers without MKCALENDAR (b634ee0)
update default model from "qwen" to "mistral" in inference tests and config (593434d)
update default model to Mistral 7B across configuration and initialization files (e03885c)
update package versions to 0.4.12 and 0.5.7 in Cargo.lock (b78a2ec)
update task and calendar data structures for improved clarity and compatibility (7689356)
wire task_port into AgentService for task commands (c260f6a)

0.4.12 (2026-02-20)

Features

add calendar and email features (dbddf6c)
add entry points, hooks, and remaining pages (6f38c3d)
add fallback service for web frontend and improve route handling (87ef01e)
add frontend stores for authentication, chat, theme, and toast notifications (e101dce)
add Web Frontend documentation to Developer Guide (e136dd0)
application: add categories field to NewTask (3ebfafe)
application: add workflow parser for multi-step request detection (22a9bdd)
application: add workflow service for multi-step plan execution (65ce963)
approvals: implement command execution results in approval workflow and enhance chat interactions (89dd493)
auth, session: add secure cookie support for session management (a0680ea)
auth: implement cookie-based session authentication (c4264c8)
chat: add command parsing for natural language input and enhance chat flow (d5456b9)
chat: refactor command handling for improved readability and maintainability (109062a)
config: add secure cookies configuration for session management (4d7ec7a)
cors: enhance CORS configuration for session cookies and improve security (3ffd266)
define API and chat types (e101dce)
dependencies: update versions for several packages including 'anyhow', 'bumpalo', 'clap', and 'syn' (0ea17bc)
domain: add description field to CreateCalendarEvent command (a4dcdd8)
domain: add workflow and scheduling domain types (e986e81)
embed and serve frontend assets in Rust (e101dce)
enhance color handling in calendar component with faded color options (e8b6a8e)
enhance workflow execution with dependency-aware parallelism (2bf69a9)
gitignore: add prompt.md to .gitignore to exclude prompt files from version control (f6ce48e)
implement API key verification and enhance authentication flow (c7b5c7c)
implement utility functions for formatting and sanitization (e101dce)
infrastructure: wire WorkflowService into application bootstrap (9bdc3f0)
integrate CalDAV task adapter into the HTTP server (5d2211e)
integrate workflow engine into AgentService (7a4f1de)
task adapter wiring, auto-enrich tasks, background workflow execution (4cebe59)
tasks: add task management API and frontend integration (433765e)
tasks: improve task retrieval logic and enhance debug output (75bc5e8)
translate all German UI strings to English (7c3fdd5)

Bug Fixes

accept HH:MM time format in LLM-generated commands (dbe3677)
enhance Proton Mail Bridge auto-login process and improve error handling (821cfc9)
harden Vault persistence and add credential management recipes\n\n- Make init.sh idempotent with clear logging about data volume state\n- Add warning check for empty CalDAV credentials on restart\n- Add just docker-clean (destructive) vs docker-down (safe) distinction\n- Add just docker-vault-set-caldav USERNAME PASSWORD recipe\n- Add just docker-vault-set-proton EMAIL PASSWORD recipe\n- Add just docker-vault-list to inspect secret keys\n- Document volume deletion as root cause of credential loss" (2cc3a41)
improve documentation and enhance cache control logic in static file handler (f2da7d5)
improve error handling in calendar and email handlers (329ed20)
increase timeout for Proton Mail Bridge login and refine username prompt matching (06545d3)
integrate workflow detection into parse_command and translate remaining German strings (476dd8c)
refactor Router component to include AuthGate within its root (a52a443)
resolve circular dependency between WorkflowService and AgentService (59b1d67)
resolve ESLint and TypeScript strict mode errors across frontend (eb4faab)
update timeout error handling to reflect configured reqwest Client timeout (ca15410)
use correct CalDAV date format for REPORT time-range filter\n\nThe CalDAV REPORT calendar-query time-range filter requires dates in\niCalendar format (YYYYMMDDTHHMMSSZ per RFC 4791), not ISO 8601.\nBaikal (sabre/dav) returned HTTP 500 when receiving ISO dates.\n\n- Add HttpCalDavClient::to_caldav_datetime() normalizer that accepts\n RFC 3339, naive ISO 8601, or already-correct CalDAV format\n- Fix format_date_for_caldav() to emit YYYYMMDDTHHMMSSZ\n- Normalize dates in get_events() before building XML body\n- Add 5 unit tests for date format conversion" (b57246a)

0.4.11 (2026-02-19)

Features

docker: add GPU acceleration support with macOS hybrid mode and NVIDIA override\n\nAdd configurable GPU acceleration for Ollama LLM inference:\n\n- Add compose.gpu-nvidia.yml override file for NVIDIA GPU passthrough\n (device reservations, 24G memory, 8 CPUs, parallel=2)\n- Add OLLAMA_BASE_URL env variable for macOS hybrid mode (native Ollama\n with Metal GPU, Docker container connects via host.docker.internal)\n- Add PISOVEREIGN_INFERENCE__BASE_URL env override in pisovereign service\n- Make inference model configurable via OLLAMA_MODEL env variable\n (default: qwen2.5:14b, propagated to ollama-init for model pulling)\n- Update .env.example with Ollama configuration section\n- Update compose.yml header with GPU acceleration instructions\n- Update config comments in docker/config/config.toml" (ee57084)
justfile: add docker-up-gpu target and update config.toml.example\n\n- Add just docker-up-gpu command for NVIDIA GPU acceleration\n- Update config.toml.example inference section with GPU acceleration\n comments (macOS Metal, NVIDIA CUDA, AMD ROCm)\n- Document base_url values for Docker, native, and hybrid modes\n- Document OLLAMA_MODEL env variable for model selection" (165b9b8)

Documentation

add GPU acceleration guide for macOS, NVIDIA, and AMD\n\nAdd comprehensive GPU acceleration documentation:\n\n- New docs/src/user/gpu-acceleration.md with platform-specific guides:\n - macOS (Apple Silicon/Intel): native Ollama with Metal GPU\n - Linux + NVIDIA: compose override with Container Toolkit\n - Linux + AMD: manual ROCm compose.override.yml\n - Model selection recommendations by VRAM/RAM\n - Troubleshooting section for each platform\n- Add GPU Acceleration to docs/src/SUMMARY.md (after Docker Setup)\n- Add cross-reference section in docker-setup.md" (bd18a54)

0.4.10 (2026-02-18)

Features

application: add web search fallback for uncertain LLM responses (c4d2c49)
commands: add weather and models quick patterns to bypass LLM parsing (85c9353)
duckduckgo: enhance web search client with HTML scraping and structured data fallback (96aeefa)
email: add Proton Mail Bridge service with setup instructions (36df48c)
proton-bridge: add Docker support and entrypoint for Proton Mail Bridge (6817625)
proton-bridge: automate login process and enhance documentation for Vault integration (cc69e64)
tests: add comprehensive API test plan for all HTTP endpoints (fb486fa)

Bug Fixes

docker: remove unused config path references and fix DuckDuckGo test isolation\n\n- Remove misleading PISOVEREIGN_CONFIG env var from Dockerfile and compose.yml\n (the app uses config::File::with_name("config") from CWD, not this env var)\n- Remove dead CMD ["--config", ...] from Dockerfile (server ignores CLI args)\n- Fix default config copy path in Dockerfile to /app/config.toml (matching CWD)\n- Add configurable duckduckgo_html_base_url to WebSearchConfig\n- Fix 5 failing DuckDuckGo wiremock tests by isolating HTML scraping from API tests" (e7dd7a4)
http: filter empty buffering chunks from SSE streaming response\n\nThe SanitizedInferencePort buffers content for cross-boundary pattern detection,\nemitting empty StreamingChunks while accumulating. These empty chunks were\nforwarded to clients as {"content":"","done":false,"model":null} events.\n\nNow filter_map skips empty non-final chunks so clients only receive events\nwith actual content or the final done=true event." (b502717)
readme: update project status to reflect active development phase (d8ed47e)
resolve CalDAV username from Vault and correct calendar_path (609d4e1)
resolve clippy lint warnings (aad24e6)
update default values in .env.example for clarity and consistency (aac8052)

Performance Improvements

docker: optimize container resource limits for AI inference (87562ef)

Documentation

add API test plan and Postman collection (c67d81b)

0.4.9 (2026-02-17)

Features

application: add audit logging for sensitive data detections (ce5c4a6)
application: add OutputSanitizer for LLM output PII/credential redaction\n\nRegex-based detection of sensitive data in LLM responses:\n- Email, phone, IBAN, credit card, API keys, passwords, JWT tokens\n- Internal paths, Docker hostnames, IPv4/IPv6, Base64 secrets\n- Configurable sensitivity (Low/Medium/High)\n- 34 unit tests covering all categories and edge cases" (fbd9d43)
application: add RAG context redaction in MemoryEnhancedChat\n\nOptional OutputSanitizer sanitizes memory context before injection\ninto LLM system prompts. Applied in both chat() and\nchat_in_conversation() flows via with_output_sanitizer() builder." (a423500)
application: add SanitizedInferencePort decorator for output filtering\n\nDecorator wrapping any InferencePort to apply OutputSanitizer to all\nLLM responses. Supports both synchronous and streaming inference with\nchunk buffering for cross-boundary pattern detection.\n11 unit tests with mock InferencePort." (85d3a6c)
domain: add sensitive data detection entities and audit event type\n\nAdd SensitiveDataCategory, SensitiveDataMatch, and OutputAnalysisResult\ntypes for categorizing and tracking PII/credential leaks in LLM output.\nAdd SensitiveDataRedacted variant to AuditEventType.\nAdd AuditBuilder::sensitive_data_redacted() helper." (874748c)
infrastructure: integrate output security config and wire SanitizedInferencePort (7d5d4f2)
README: add mascot image and update project title alignment (72bb2a9)

Bug Fixes

application: correct syntax in MemoryEnhancedChat for redacted content (d7c3021)
config: update default model to qwen2.5:14b and increase timeout settings (cbce045)
dependencies: update package versions to 0.4.8 for consistency (d7c3021)
docker: increase memory limit to 12G for services (cbce045)
domain: simplify sensitive data redaction logging in AuditBuilder (d7c3021)
init: modify initialization script to pull updated model qwen2.5:14b (cbce045)
output_sanitizer: ensure duration calculation handles potential overflow (a95051c)
sanitized_inference_port: correct buffer handling in output sanitization logic (a95051c)
sensitive_data: enforce equality in SensitiveDataMatch and OutputAnalysisResult (a95051c)

Security

docker: isolate Ollama on internal network (edd426f)
http: activate input sanitization in check_prompt_security\n\nSwitch from analyze() to analyze_and_sanitize() so detected threat\npatterns below the blocking threshold are replaced with [REDACTED]\nbefore the message reaches the LLM. Both chat and stream endpoints\nnow use the sanitized input." (93a71c9)

Documentation

add security documentation across all workspace crates (4c61e19)
config: add [output_security] section to config files (7db14ad)

0.4.8 (2026-02-16)

Bug Fixes

agent: add default weather location configuration to AgentService (bd53c8e)
agent: add weather and calendar service support to AgentService (fce1bf7)
client: improve response handling by skipping interleaved JSON-RPC notifications (b0b7c86)
config: add username and password fields to CalDAV configuration (972e040)
config: enable weather, web search, transit, reminder, and caldav sections in configuration (9c365fb)
dependencies: update ai_core, ai_speech, and other packages to version 0.4.7 (b1b8b2b)
readme: update description to clarify device compatibility and enhance Docker support mention (b685a11)

0.4.7 (2026-02-16)

Features

email: add email configuration for IMAP/SMTP integration (b948f01)

Bug Fixes

client: enhance HTTPS handling in HttpCardDavClient (1118c51)
client: enhance JSON-RPC message handling for receive and subscribeReceive (fcc0380)
client: include request JSON in debug log for JSON-RPC requests (0335894)
compose: enhance logging for signal integration and presentation tasks (a4984c4)
config: move messenger selection to TOML top level (7c934a3)
config: use double-underscore separator for env var nesting (7461dbc)
dependencies: update syn version from 2.0.115 to 2.0.116 (a8d0d97)
docker: fix signal socket permissions and env var mapping (fa474a6)
docker: update integration crates for CardDAV and email (f58a005)
entrypoint: start signal-cli daemon in manual receive mode for explicit polling (c5a7b6f)
security: replace hard-coded test credentials with synthetic fixtures (b3396ac)
signal: handle Note-to-Self sync messages from linked devices (1bab1c4)
signal: implement deduplication for incoming messages in subscribeReceive (17a0fbe)
signal: implement subscribeReceive for real-time message streaming (e4b9b2d)
tarpaulin: lower coverage failure threshold to 70% (7adfa57)
tests: remove unnecessary references to borrowed values in auth method (fbbc2b2)

0.4.6 (2026-02-15)

Features

add attachment support with MIME multipart and CC recipients (b5fb822)
add email search, move, and mailbox management commands\n\n- Add domain commands: SearchEmails, MoveEmail, ListMailboxes, CreateMailbox,\n DeleteMailbox, RenameMailbox\n- Extend EmailPort trait with search, move_email, create/delete/rename_mailbox\n- Extend EmailService with corresponding business logic methods\n- Add AgentService handlers for all new email commands\n- DeleteMailbox requires approval, other operations are direct\n- Update EmailAdapter to implement new port methods\n- Fix critical wiring bug: EmailService now wired into AgentService\n (was created but never connected, email commands always returned\n 'Email integration not configured')\n- Update MockEmailPort in all test files\n- All 3255 workspace tests pass with 0 failures" (d19614b)
add server-side draft save via IMAP APPEND (450e0e6)
email: add multi-account support with comprehensive tests\n\nRefactor EmailService from single email_port to HashMap-based\nmulti-account architecture with account routing.\n\n- Add account: Option<String> field to email commands\n- Add ListEmailAccounts command variant\n- Refactor EmailService to use accounts HashMap + default_account\n- Add resolve_account() for account routing with fallback\n- Add with_accounts(), add_account(), remove_account() methods \n- Add handle_list_email_accounts() handler\n- Add multi-account tests (add/remove, resolve, fallback, error)\n- Add ListEmailAccounts tests (description, approval, serde, dispatch)\n- Update all command constructors and dispatch patterns" (8f97394)
email: add OAuth2/XOAUTH2 authentication support\n\nIntroduce AuthMethod enum with Password and OAuth2 variants,\nreplacing the plain password field in EmailProviderConfig.\n\n- Add XOAuth2Authenticator for IMAP SASL XOAUTH2 flow\n- Add XOAUTH2 AUTH command for SMTP\n- Add with_oauth2() builder for EmailProviderConfig\n- Redact credentials in Debug output\n- Skip serializing secrets (password/access_token)\n- Add comprehensive AuthMethod tests (serde, debug, xoauth2)\n- Update all test configs to use AuthMethod::password()" (9635aa6)

Documentation

update documentation for generic email integration\n\nRewrite all docs from Proton-only to multi-provider email support\n(Gmail, Outlook, Proton Mail, custom IMAP/SMTP servers).\n\n- index.md: update feature table and quick links\n- references.md: add Gmail/Outlook IMAP docs and XOAUTH2 reference\n- architecture.md: rename integration_proton to integration_email\n- crate-reference.md: rewrite with EmailProviderConfig, AuthMethod,\n ProviderPreset, multi-provider code examples\n- configuration.md: rename [proton] to [email] with provider examples\n (Gmail, Outlook, Proton Bridge) in collapsible sections\n- external-services.md: add Gmail/Outlook setup guides, keep Proton\n Bridge as nested sub-section, add multi-provider config examples\n- troubleshooting.md: generalize email troubleshooting for all providers\n- vault-setup.md: rename secret path proton -> email\n- docker-setup.md: rename secret path proton -> email" (e3a2f50)

0.4.5 (2026-02-15)

Features

application: add contact intents to command parser (cfaf6ad)
application: add ContactPort trait, DTOs, and contact command handlers (b5f8c3f)
domain: add ContactId value object and contact AgentCommand variants (4c8a433)
infrastructure: add CardDAV config with CalDAV credential sharing (70895e4)
infrastructure: add CardDAV contact adapter implementing ContactPort (055edca)
integration_carddav: add CardDAV client with vCard 3.0 support\n\nNew integration crate for CardDAV contact management:\n- HttpCardDavClient with PROPFIND, REPORT, PUT, DELETE support\n- vCard 3.0 parsing and building (N, FN, EMAIL, TEL, ORG, TITLE, ADR, BDAY, NOTE, PHOTO, CATEGORIES)\n- Contact model with builder pattern and search capability\n- CardDavClient trait for testability\n- Comprehensive unit tests (54) and WireMock integration tests (19)\n- Registered as workspace member" (4db5f8b)
main: wire CardDAV contact adapter into application startup (cd22ed2)
presentation_http: add REST API endpoints for contacts (11af178)

Documentation

config: add CardDAV contact integration section to config example (33b1452)

0.4.4 (2026-02-14)

Bug Fixes

docker: remove platform specification for signal-cli service in Docker Compose (3f1cfd6)
docker: specify platform for signal-cli service in Docker Compose (b3a9de8)
docker: update base image in Dockerfile and enhance dependency installation comments (46b0a66)
docker: update Dockerfile to use entrypoint script for signal-cli (0f3fd4b)
docker: update SIGNAL_CLI_VERSION to 0.13.24 in Dockerfile (c6c34e9)
docs: update Signal setup documentation for Docker integration (2dd888a)
docs: update signal-cli linking instructions for improved clarity (21031e4)

0.4.3 (2026-02-13)

Bug Fixes

coverage: lower coverage failure threshold to 75% (34e9524)
dependencies: update package versions to 0.4.2 (c1bba30)

0.4.2 (2026-02-13)

Features

config: add Vault section and Docker management commands (42c566d)
docker: add complete Docker Compose production setup\n\nAdd docker/ directory with modular, production-ready Docker Compose setup:\n\n- compose.yml: Core services (Traefik, Vault, Ollama, PiSovereign,\n signal-cli, whisper, piper) + monitoring/caldav profiles\n- vault/: HashiCorp Vault server config + auto-init bootstrap script\n- signal-cli/: Custom Dockerfile with JRE + JSON-RPC daemon mode\n- whisper/: Multi-stage build of whisper.cpp with HTTP server\n- piper/: Piper TTS with Python HTTP wrapper\n- ollama-init/: Auto-download of qwen2.5:1.5b + nomic-embed-text\n- traefik/: Security headers, rate limiting, HTTPS middleware\n- prometheus/grafana/loki/promtail/otel/: Monitoring stack configs\n- .env.example: All required environment variables\n- config/config.toml: Production config with Docker network hostnames\n\nAll services use security hardening (no-new-privileges, read-only\nrootfs, resource limits, named volumes, internal network)." (c460d5c)
http: integrate Vault secret store into application startup (b1dd258)
infrastructure: add VaultAppConfig for centralized secret management (02f56e3)
signal: add automatic background polling for incoming messages (76272f4)
signal: add dynamic phone number configuration (0e97a01)

Bug Fixes

docker: fix monitoring stack for scratch-based images (8559be6)
docker: resolve runtime issues for local Docker Compose deployment (d9834c0)
signal: optimize phone number loading from secret store (2a15d4d)

Documentation

add service URL table to docker-setup documentation (7a501ad)
restructure documentation for Docker-first deployment (c5572bd)

0.4.1 (2026-02-12)

Bug Fixes

include missing crates and migrations in Dockerfile for proper build (575f846)
resolve clippy and compilation lint errors (50393ee)
update package versions to 0.4.0 in Cargo.lock (ce73ae7)

0.4.0 (2026-02-12)

⚠ BREAKING CHANGES

persistence: ConnectionPool and create_pool() removed. Use AsyncDatabase and AsyncDatabaseConfig instead.

Features

database: add initial schema and migration scripts for core tables (e326a5e)
persist suspicious activity tracker to SQLite\n\nAdd SqliteSuspiciousActivityTracker as a durable alternative to the\nin-memory tracker. Security violations and IP blocks survive restarts\nand can be shared across instances.\n\n- Add migration 11_suspicious_activity.sql with security_violations\n and ip_blocks tables\n- Add SqliteSuspiciousActivityTracker implementing SuspiciousActivityPort\n- Add FromStr impl for ThreatLevel to support DB round-tripping\n- Use severity-ordered SQL query for correct max threat level\n- Include 12 integration tests with in-memory SQLite" (c5c8f3e)
persistence: add shared error mapping for sqlx persistence layer (976fb45)
server: wire VoiceMessageService in main.rs (2a575b9)

Bug Fixes

database: enhance async database connection and migration handling (dd147f1)
dependencies: remove unused r2d2 and scheduled-thread-pool packages from Cargo.lock (882a55f)
persistence: re-export map_sqlx_error from shared module to streamline error handling (03c3ba0)
persistence: refactor database initialization to use async database handling (39e0635)
persistence: refactor RetryQueueStore to use sqlx for async database operations and improve query handling (26062d5)
persistence: refactor SqliteApprovalQueue to use sqlx for database operations (9c33a6f)
persistence: refactor SqliteAuditLog to use sqlx for database operations and improve query handling (1b16983)
persistence: refactor SqliteDraftStore to use sqlx for database operations (542b58b)
persistence: refactor SqliteMemoryStore to use sqlx for database operations and improve memory handling (0890483)
persistence: refactor SqliteReminderStore to use sqlx for async database operations and improve query handling (7e46c18)
persistence: refactor SqliteUserProfileStore to use sqlx and simplify database interactions (689a8ac)
persistence: remove unused dependencies and update persistence module exports (5d8c618)
persistence: streamline error handling and improve code readability across multiple files (e93222d)
remove unrouted location handler (d20f2be)
remove unused SendTypingParams from integration_signal (fdd77ad)
security: protect CalDAV password from serialization and debug output\n\nAdd #[serde(skip_serializing)] to CalDavConfig.password to prevent\npassword leaking in JSON serialization output. Implement custom Debug\ntrait to show [REDACTED] instead of the actual password value.\n\nThis prevents accidental password exposure through logging or API\nresponses that serialize the config struct.\n\nUpdated all tests to verify password exclusion from serialized output\nand debug formatting." (20548bd)
security: wire ConnectInfo for real client IP extraction in rate limiter\n\nReplace hardcoded 127.0.0.1 fallback in extract_client_ip() with actual\nTCP socket address from axum ConnectInfo. The server now uses\ninto_make_service_with_connect_info::<SocketAddr>() to inject the real\nclient IP into request extensions.\n\nThis ensures rate limiting tracks actual client IPs instead of treating\nall clients as localhost. X-Forwarded-For is still only trusted from\nconfigured trusted_proxies.\n\nAdded tests for ConnectInfo extraction, localhost fallback, and\nuntrusted proxy rejection." (4592fec)
tests: remove persistence integration tests for SQLite databases (b95b0c2)

Performance Improvements

infrastructure: fix N+1 query in list_recent and search conversations (f7c131b)
optimize cosine similarity with two-phase query\n\nDeduplicate cosine_similarity into domain crate and optimize\nsearch_similar to avoid loading full Memory objects for all records.\n\n- Move cosine_similarity to domain::entities::memory as canonical impl\n- Delegate from EmbeddingPort default method and OllamaEmbeddingEngine\n- Remove duplicate implementations from memory_store.rs and ai_core\n- Two-phase query: first fetch only IDs + embeddings + importance,\n compute similarity and select top-K, then load full Memory objects\n only for matching candidates (O(K) vs O(n) memory for content)" (b2c7e18)

Security

add #![forbid(unsafe_code)] to all crates (baa928e)

Documentation

document alpha IMAP dependency risk in integration_proton (9db2abe)
openapi: add missing Signal and WhatsApp endpoint documentation (0be358b)

Code Refactoring

persistence: consolidate database layer to sqlx-only (0125c3c)

0.3.5 (2026-02-12)

Features

add OpenTelemetry Collector installation and configuration options for macOS and Raspberry Pi setups (940c9f1)

0.3.4 (2026-02-11)

Features

add Baïkal CalDAV server Docker integration\n\nAdd --baikal CLI flag and interactive prompt to both setup-mac.sh and\nsetup-pi.sh scripts for deploying Baïkal as a Docker container.\n\n- Add ckulka/baikal:nginx service to docker-compose.yml generation\n- Bind to 127.0.0.1:5232 (localhost only, no external access)\n- PiSovereign accesses Baïkal internally via http://baikal:80/dav.php\n- Add baikal-config and baikal-data Docker volumes\n- Add CalDAV config prompt to setup-pi.sh (was missing entirely)\n- Dual CalDAV flow: Baïkal Docker OR external CalDAV server\n- Add setup wizard instructions to print_summary() in both scripts\n- Update config.toml.example with Docker-internal URL comment\n- Update external-services.md with Docker installation as primary method\n- Retain native Baïkal installation as documented alternative" (bffafd6)
application: add reminder and transit intents with AgentService wiring (Phase J) (b256ec0)
application: add reminder formatter and notification service\n\n- Create ReminderFormatter with beautiful German message templates:\n - format_calendar_event_reminder with event time, location, Maps link\n - format_calendar_task_reminder for todo items \n - format_custom_reminder for user-created reminders\n - format_morning_briefing with events, weather, reminders\n - format_reminder_list, format_snooze_confirmation\n - Time formatting helpers (format_event_time, format_time_until)\n- Create NotificationService for proactive reminder processing:\n - process_due_reminders polls and formats all due notifications\n - Optional transit integration (ÖPNV connections to event locations)\n - Marks reminders as sent after notification formatted\n - NotificationConfig with home coords and transit toggle\n- Register modules and re-export types from services/mod.rs\n- 26 new tests (18 formatter + 8 notification), all 641 app tests pass" (85b181c)
application: add ReminderPort and ReminderService (4ceca10)
config: add MessengerPersistenceConfig for conversation storage (ccba24e)
db: add migration V009 for conversation source tracking (02e17e2)
deps: update clap and related packages to version 4.5.58 and 1.0.0 (58a9f5e)
deps: upgrade breaking dependencies (9c31b34)
deps: upgrade OpenTelemetry stack 0.27 -> 0.31 (8629ab7)
domain: add Reminder entity and AgentCommand variants (433e8ea)
handlers: integrate messenger conversation persistence (4f13605)
infrastructure: add SqliteReminderStore and V006-V008 migrations\n\n- Create SqliteReminderStore implementing ReminderPort trait\n- Add save, get, get_by_source_id, update, delete, query, get_due_reminders,\n count_active, cleanup_old operations with spawn_blocking pattern\n- Add dynamic SQL query builder for ReminderQuery with filters\n- Add row_to_reminder mapping and enum string conversion helpers\n- Register reminder_store module in persistence/mod.rs\n- Add inline migrations V006 (retry queue), V007 (memory storage),\n V008 (reminders) to Rust migration runner\n- Bump SCHEMA_VERSION from 5 to 8\n- Fix FK mismatch in V007 (user_profiles.id → user_profiles.user_id)\n- Remove unnecessary FK constraint from reminders table\n- 13 integration tests for reminder store, all 807 infra tests passing" (6c500d9)
integration: add public transit integration and reminder configuration (5fbc39d)
persistence: extend conversation entities for messenger tracking (c4c39a5)
ports: add get_by_phone_number to ConversationStore (a6d6c7a)
services: add MessengerChatService for conversation persistence (3e8dd87)
services: add MessengerChatService for conversation persistence (34b430c)
tasks: add conversation retention cleanup task (410a2e8)
transit: add integration_transit crate with HAFAS client and Nominatim geocoding\n\nImplements public transit routing via transport.rest v6 API (HAFAS)\nand address geocoding via Nominatim/OpenStreetMap.\n\n- HafasTransitClient: journey search, nearby stops, stop search\n- NominatimGeocodingClient: forward/reverse geocoding with rate limiting and caching\n- TransitConfig/NominatimConfig with serde defaults and validation\n- Typed models: Journey, Leg, Stop, LineInfo, TransitMode\n- Rich formatting with emoji per transit mode\n- Full unit tests (42) and wiremock integration tests (7)\n- Registered in workspace Cargo.toml (c8ccead)
transit: add TransitPort, LocationHelper, and TransitAdapter (b4d64ff)

Bug Fixes

benches: update chat_pipeline benchmark for new ConversationStore trait (11f9055)
security: add advisory ignores for rsa and rustls-pemfile vulnerabilities (7f46adb)
security: add workflow permissions and remove key prefix logging (8e2fd97)

Documentation

add reminder system user guide (4cc9448)

0.3.3 (2026-02-10)

Features

add Prometheus and Grafana monitoring stack installation and configuration (d640279)
enhance cross-compilation setup for Ubuntu 24.04 by updating APT source handling (f9aa9c1)
restructure docker-compose.yml generation for improved clarity and monitoring integration (593e582)
update Grafana dashboard provisioning paths for consistency across setups (e7ee254)

0.3.2 (2026-02-10)

Features

enhance Docker workflow by integrating Buildx for multi-architecture manifest creation (10a6691)
enhance release binary build process for ARM64 cross-compilation (66218d9)

Bug Fixes

lower coverage threshold to 80% for improved build stability (343b47d)

0.3.1 (2026-02-10)

Features

add task list management commands and update command parser (9d03b39)
ai_core: add Ollama embedding engine (04dfa87)
application: add memory, embedding, and encryption ports (af43c92)
application: add MemoryEnhancedChat for RAG integration (e393114)
application: add MemoryService for AI memory management (43ab0f8)
dependencies: add chacha20poly1305 for encryption support (9eb4e7c)
domain: add Memory entity and MemoryId value object (29cb85a)
infrastructure: add memory storage configuration (820c388)
infrastructure: add memory store and encryption adapter (e50e2d8)
security: add prompt injection prevention system (09b16ba)

Bug Fixes

copy config.toml.example in Docker build (472efb1)

Documentation

add AI memory system documentation (13e9c01)

0.3.0 (2026-02-08)

⚠ BREAKING CHANGES

ai_core,infrastructure: Renamed types and modules for clarity:
- hailo/ module -> ollama/ in ai_core crate
- HailoInferenceEngine -> OllamaInferenceEngine
- HailoInferenceAdapter -> OllamaInferenceAdapter
- HailoModelRegistryAdapter -> OllamaModelRegistryAdapter
- HailoModelRegistryConfig -> OllamaModelRegistryConfig

Features

ai_speech: add platform-specific default paths (dd47d6d)
config: add messenger selection and Signal configuration (47acda9)
documentation: enhance user guides with Signal messenger setup and configuration details (66ca1bf)
domain: add MessengerSource and MessengerPort for multi-messenger support (8d2d3a6)
infrastructure: add WhatsApp and Signal messenger adapters (784a568)
integration_signal: add Signal messenger integration crate (cba5938)
presentation_http: add Signal handlers, routes, and AppState integration (8ae093c)
setup: add signal-cli installation and systemd service for Signal messenger integration (261e22a)

Bug Fixes

adapters: reorder ollama_inference_adapter module for consistency (78288cf)
tests: fix platform-specific whisper executable tests and SignalConfig defaults (5beeb5b)
update LLM model reference and adjust whisper executable for macOS (16d1870)

Documentation

add comprehensive macOS setup guide (7230d1c)
config: add platform support documentation (b08dd29)
readme: add macOS platform support (1e86cc5)
readme: update quick start section and add setup instructions for macOS and Raspberry Pi (3dcf228)

Code Refactoring

ai_core,infrastructure: rename hailo module to ollama (32cb6ce)

0.2.2 (2026-02-08)

Bug Fixes

workflows: update Docker image name format and add OpenSSL installation step (0d661de)

Documentation

add link to full documentation in README (0d661de)

0.2.1 (2026-02-08)

Bug Fixes

ci: enhance cross-compilation setup for ARM64 with OpenSSL support (7102a14)
ci: enhance cross-compilation setup for ARM64 with OpenSSL support (3c9750a)

0.2.0 (2026-02-08)

⚠ BREAKING CHANGES

domain: Timezone::new() replaced with Timezone::try_new() which returns Result<Timezone, InvalidTimezone>
security: API key configuration format changed
security: Plaintext secrets (SEC003, SEC004, SEC005) are now Critical severity in production mode, blocking startup unless PISOVEREIGN_ALLOW_INSECURE_CONFIG=true is set.
auth: ApiKeyAuthLayer now requires api_key_users config for multi-tenant setups. Single-key mode remains supported for backward compatibility.
proton: TlsConfig.verify_certificates changed from bool to Option
infrastructure: SledCache replaced by RedbCache
Migrated from nightly-2025-01-15 to stable Rust 1.93.0. Edition 2024 is now fully supported in stable Rust.
security: ProtonConfig now requires tls field

Features

add comprehensive analysis report for project evaluation (a4dccb7)
add detailed project analysis document (10cc345)
add detailed project analysis document (bb2a00c)
add detailed project analysis document (40fb620)
add detailed project analysis document for PiSovereign (3de12bc)
add detailed project analysis document for PiSovereign (e15f327)
add OpenAPI documentation with Swagger UI and ReDoc (2653277)
add SQL migration files and improve migration error handling (2ec1bba)
add structured JSON logging and request ID correlation (2af0405)
agent: integrate calendar and email services into morning briefing (5679802)
ai_core: implement dynamic model discovery (0e0b0ce)
ai_speech: add audio format converter with FFmpeg support (4d68df0)
ai_speech: add local speech providers (whisper.cpp + Piper) (7881bf6)
ai_speech: add Speech-to-Text and Text-to-Speech crate (97c4f8e)
analysis: add comprehensive project analysis document (bb00d79)
analysis: add comprehensive project analysis document (30e34ba)
analysis: add comprehensive technical analysis document for project overview and readiness assessment (8e1e408)
analysis: remove outdated detailed project analysis document (fd5f9c3)
application: activate conversation context in ChatService (ea3e726)
application: add conversation context service with 7-day retention (c3fe36a)
application: add Email and Calendar ports and services (142079f)
application: add RequestContext for auth-context propagation (8f74582)
application: add SpeechPort for speech processing operations (b543ecd)
application: add VoiceMessageService for voice message processing (70edab7)
application: add weather, task, and model registry ports (e6ce37f)
application: add web_search intent to CommandParser (4e79de7)
application: add WebSearchPort and integrate into AgentService (f34d00e)
application: integrate DraftStorePort in AgentService (43a2260)
application: integrate UserProfile for timezone personalization (b469c02)
approval_service: implement ApprovalService for managing approval workflows (d5a8a4c)
approval_service: use ok_or_else for better error handling in approval requests (bbf270d)
audit_entry: change with_ip_address method to const for improved performance (bbf270d)
audit_log: add #[must_use] attribute to query builder methods for clarity (bbf270d)
audit: add audit log entry entity and persistence interface (b899e6f)
audit: add request_id to AuditEntry for distributed tracing (c519828)
auth: implement multi-tenant user context from API key lookup (c634b81)
briefing_service: add Morning Briefing Service to aggregate calendar events, emails, and tasks (8a8de10)
briefing: add weather integration with UserProfile > config fallback (2bd1504)
briefing: integrate task service with user_id from RequestContext (f023018)
cache: add cached inference adapter with LLM response caching (dde561f)
cache: implement multi-layer caching infrastructure (1026143)
caldav: implement HTTP-based CalDAV client with event parsing and iCalendar support (e74f5ad)
calendar: add UpdateCalendarEvent command (554c273)
chaos: add chaos engineering framework for resilience testing (5a15e44)
chat_message: add #[must_use] attribute to with_metadata method for clarity (bbf270d)
chat: export MAX_CONVERSATION_MESSAGES alongside ChatService (56f24a1)
ci: update CI configuration for code coverage and add tarpaulin settings (bbb2392)
cli: add SQLite backup command with S3 support (a8ba4c4)
client: implement WhatsApp client for sending messages (7c8a0af)
clippy: update lint settings to allow additional clippy warnings (bbf270d)
command_parser: enhance command parsing with property-based tests (bbb2392)
command_parser: enhance LLM intent detection with additional commands and JSON parsing (e5a00aa)
config: add api_key to user_id mapping configuration (838f24e)
config: add environment validation and startup security warnings (553e113)
config: add hot-reloadable configuration support with SIGHUP handling (ecb85e8)
config: add speech processing configuration (7b3567e)
config: add websearch configuration section (5bc15fb)
config: add WhatsApp configuration with default values (d731f98)
config: expand configuration options for server, inference, security, and integrations (85a9e05)
coverage: switch from cargo-llvm-cov to cargo-tarpaulin for coverage reporting (4fd4ec6)
database: implement SQLite-based conversation storage and connection management (c5b560b)
docker: add docker-compose for local development (1a6f4c5)
docker: add multi-stage Dockerfile with Hailo SDK support (13d653a)
docker: add Traefik reverse proxy with automatic TLS (f41311c)
docs: add detailed system analysis document (b729ec1)
docs: update README with local-first processing and provider options for STT/TTS (ab712d4)
domain: add DraftStorePort and PersistedEmailDraft entity (b9b62a5)
domain: add multi-tenancy foundation types (624b4c2)
domain: add user profile, location, and task entities (3cd9bb6)
domain: add validated Timezone and Humidity value objects (3aefd4b)
domain: add VoiceMessage entity for voice message handling (430a5fe)
domain: add WebSearch command and search entities (bc56e80)
error: add NotFound and InvalidOperation variants to ApplicationError (d5a8a4c)
health: add comprehensive external service health checks (e4b7a8c)
health: add database health check port (d8973b0)
health: wire up HealthService with all available ports (6bdec3f)
http: add approval workflow REST API (4238c28)
http: add audio message handling to WhatsApp webhook (c6aa994)
http: add CorrelatedHttpClient for request ID propagation (28c0ec1)
http: add WhatsApp webhook integration (4ce315e)
Implement approval request entity and SQLite persistence (667297f)
inference: implement runtime model switching (f61f925)
infrastructure: add configurable cache TTLs (2570dbd)
infrastructure: add degraded inference adapter for graceful Hailo failover (e9f5639)
infrastructure: add OpenTelemetry/Tempo integration (279ef00)
infrastructure: add Proton email and CalDAV calendar adapters (aeb5428)
infrastructure: add SpeechAdapter implementing SpeechPort (088a67b)
infrastructure: add SqliteDraftStore adapter (058c89e)
infrastructure: add user profile SQLite storage (7671597)
infrastructure: add weather, task, and model registry adapters (c9a03b9)
infrastructure: add WebSearchAdapter implementing WebSearchPort (370f98c)
infrastructure: wire telemetry and degraded mode in HTTP server (e7adffd)
integration_caldav: add VTODO task support (ec6106b)
integration_caldav: improve XML parsing with quick-xml library (fa0ac19)
integration_proton: add reconnecting client with exponential backoff (eb93dcd)
integration_proton: implement IMAP/SMTP client for Proton Bridge (504c60e)
integration_proton: implement Proton Mail client with error handling and configuration (6ce96cb)
integration_weather: add Open-Meteo weather client (cb0bc9f)
logging: JSON format as production default with rotation docs (c3bfe43)
metrics: add metrics collection and expose metrics endpoints (4770cf4)
metrics: add P50/P90/P99 latency percentiles (5c38c4a)
middleware: add API key authentication and rate limiting layers (ae6650a)
model_selector: implement dynamic model selection based on task complexity (a5078ad)
monitoring: add Grafana dashboard and Prometheus config (dae5df2)
multi-tenant: propagate TenantId through RequestContext (1a102ac)
observability: add histogram metrics and Prometheus alerting rules (1791ca9)
parser: add natural language date parsing with fuzzydate (a14befb)
persistence: add async database layer with sqlx (2b43e56)
persistence: add incremental conversation persistence (f1f6a0f)
persistence: add sequence_number to messages for incremental persistence (ac41fbd)
persistence: add SQLite audit log implementation (e6f57f1)
presentation_http: add location update HTTP endpoints (a3682ec)
presentation: add rate limiter cleanup task on startup (80c7928)
rate-limit: add background cleanup task for stale entries (0c93111)
release: add release-please for automated versioning (7e75a84)
release: add workflow for building and uploading release binaries (4a5bade)
resilience: add circuit breaker pattern for external services (d1f0c7a)
retry: add persistent retry queue with exponential backoff (0218d2e)
retry: implement generic RetryConfig with exponential backoff (6a124a3)
scheduler: add tokio-cron-scheduler for recurring tasks (259e672)
security: add cargo-deny configuration for dependency auditing (c877158)
security: add configurable request body size limits (d53af57)
security: add configurable TLS verification for Proton clients (7db7e0a)
security: add error response sanitization for production (71fbd39)
security: add SecretStore trait with Vault and env backends (7db6de3)
security: add security headers middleware (f051c9c)
security: add TLS configuration and timing-safe authentication (26fb714)
security: add trusted proxy support for rate limiting (34e956e)
security: block plaintext API keys in production mode (52d8a35)
security: implement Argon2 password hashing for API keys and add CLI command for hashing (0bf39f6)
security: implement secure API key storage with Argon2 hashing (c8c3e48)
security: integrate SecurityValidator into startup (18b2ff0)
server: add graceful shutdown configuration with timeout (288cca1)
streaming: add streaming support for inference with SSE integration (6bf0034)
tasks: add Task CRUD commands (8adb429)
telemetry: add graceful fallback for unavailable OTLP collector (3854718)
templates: add Tera template engine for emails and messages (07f1901)
testing: add testcontainers support for integration tests (901edd7)
tests: add concurrency tests for multi-layer cache (bbb2392)
websearch: add integration_websearch crate with Brave and DuckDuckGo support (b48acae)
whatsapp: add audio/voice message support to webhook (d7c9aa8)
whatsapp: add media download/upload and audio message support (54b1f53)
workflows: update Rust toolchain to version 1.93.0 in CI workflows (3876b4a)

Bug Fixes

add rationale for ignoring tokio-tar vulnerability in deny.toml (fee5ee8)
agent: implement dynamic model listing from Hailo API (65c9f6f)
api_error: map ApplicationError variants to ApiError appropriately (d5a8a4c)
ci: configure release-please for workspace version inheritance (7999e5a)
ci: switch release-please to simple strategy for workspace versions (cad31eb)
ci: switch release-please to simple strategy for workspace versions (4f68f3f)
ci: upgrade SBOM format to cyclone_dx_json_1_6 (7467156)
clippy: resolve lint errors (bf08d71)
commands: simplify Help command formatting (d5a8a4c)
http: initialize ApprovalService with SQLite backend (660397f)
presentation_http: add WebSearch to command_type_name match (3b7adae)
proton: add runtime warning for disabled TLS verification (637dc67)
proton: secure TLS verification default to true (ba3d9d4)
readme: update badge links and add missing shield images (3c64d45)
resolve all clippy warnings (1ba8f01)
resolve clippy warnings across workspace (c792285)
resolve clippy warnings for Rust 1.93.0 (c28cf29)
update coverage threshold to fail under 60% (8955cbd)
update coverage threshold to fail under 70% (6939b16)
update error handling in Vault secret store to use String::new() for empty values (07149ca)
websearch: improve error handling and response mapping (bbb2392)
whatsapp: implement response sending via Cloud API (6e577f6)
whatsapp: resolve clippy option_if_let_else warning (1376113)

Performance Improvements

add criterion benchmarks for chat pipeline (35af4cc)
ai_speech: use Arc<[u8]> for zero-copy AudioData cloning (a180910)
ci: add concurrency and caching to release workflows (84dfb03)
ci: optimize CI workflow for faster execution (0d4c974)
infra: add file-based circuit breaker state persistence (5a187de)
optimize hot-path clone operations in inference pipeline (b9bc152)

Documentation

add Brave Search API setup guide and configuration reference (6603569)
add CHANGELOG.md with migration guide (0a8da65)
add comprehensive project analysis for PiSovereign (7aba022)
add deployment, hardware-setup, and security documentation (3207724)
add detailed project analysis document for PiSovereign (c7578f2)
add detailed project analysis for PiSovereign (b650fd9)
add doc tests for public domain and application APIs (5a64369)
add production deployment section to README (e4cb8ec)
add voice message (STT/TTS) documentation (acce22b)
enhance grafana monitoring documentation (7695327)
readme: add beta warning banner (a3ea0f1)
readme: add performance and development sections (923b9f9)
readme: remove quick start section for clarity (2155f4e)
readme: update coverage badge to show percentage (f0394fb)
readme: update coverage badge to show percentage (d006430)
remove completed PROJEKT_ANALYSE.md (81543e3)
vault_secret_store, client: update example URLs to use angle brackets (2e240c0)
websearch: escape bracket notation in rustdoc comments (17be5ea)

Code Refactoring

infrastructure: migrate from sled to redb for L2 cache (3c5ee43)

Build System

upgrade rust toolchain to stable 1.93.0 with edition 2024 (17989d2)

Unreleased

Changed

BREAKING: Upgraded Rust toolchain from nightly-2025-01-15 to stable 1.93.0
BREAKING: Migrated from Edition 2021 to Edition 2024
BREAKING: Replaced SledCache with RedbCache for L2 caching
- The sled database (0.34) was unmaintained and has been replaced with redb (2.6)
- A deprecated type alias SledCache = RedbCache is provided for migration
- Database files are not compatible; existing cache will be cleared on first start
BREAKING: Upgraded bincode from 1.3 to 2.0
- New API uses encode_to_vec/decode_from_slice instead of serialize/deserialize
- Requires bincode::Encode and bincode::Decode derives on cached types

Migration Guide

Rust Toolchain

Update your rust-toolchain.toml or ensure you have Rust 1.93.0+ installed:

[toolchain]
channel = "1.93.0"

Cache Migration

If you were using SledCache directly:

// Before
use infrastructure::cache::SledCache;
let cache = SledCache::new("path/to/cache")?;

// After
use infrastructure::cache::RedbCache;
let cache = RedbCache::new("path/to/cache")?;

Note: Existing sled database files are not compatible with redb. The cache will start fresh after migration. If you have critical cached data, export it before upgrading.

Bincode Serialization

If you have custom types stored in the cache:

// Before (bincode 1.x)
#[derive(Serialize, Deserialize)]
struct MyCachedData {
    field: String,
}

// After (bincode 2.x)
use bincode::{Encode, Decode};

#[derive(Serialize, Deserialize, Encode, Decode)]
struct MyCachedData {
    field: String,
}

Added

GitHub Actions CI/CD pipeline with:
- Formatting checks (cargo fmt)
- Linting (cargo clippy)
- Test execution
- Code coverage reporting
Dependabot configuration for automated dependency updates
RedbCache implementation with:
- Automatic database recovery for corrupted files
- In-memory mode for testing
- Full compatibility with CachePort trait

Fixed

Added missing serialize feature to quick-xml dependency in integration_caldav

Security

Replaced unmaintained sled database with actively maintained redb
Updated all dependencies to latest versions

0.1.0 - Initial Release

Added

Domain-driven architecture with clean separation of concerns
AI-powered chat service with conversation history
Email integration via Proton Bridge (IMAP/SMTP)
Calendar integration via CalDAV
WhatsApp Business API integration
Multi-layer caching (Moka L1 + persistent L2)
Approval workflow for sensitive operations
Audit logging with SQLite persistence
HTTP API with Axum web framework
CLI interface for local interaction
Rate limiting and authentication middleware
Circuit breaker pattern for external services
Prometheus metrics and Grafana dashboards

Uh oh!

FilesExpand file tree

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

Changelog

0.5.9 (2026-04-11)

Features

Bug Fixes

Performance Improvements

Documentation

0.5.8 (2026-04-09)

Features

Bug Fixes

Documentation

0.5.7 (2026-04-07)

Features

Bug Fixes

Documentation

0.5.6 (2026-04-01)

Bug Fixes

0.5.5 (2026-03-31)

Bug Fixes

0.5.4 (2026-03-31)

Features

Bug Fixes

Documentation

0.5.3 (2026-03-26)

Features

Bug Fixes

Documentation

0.5.2 (2026-03-10)

Features

Bug Fixes

Documentation

0.5.1 (2026-03-04)

Features

Bug Fixes

Documentation

0.5.0 (2026-02-27)

⚠ BREAKING CHANGES

Features

Bug Fixes

Performance Improvements

0.4.14 (2026-02-26)

Features

Bug Fixes

Performance Improvements

Security

Documentation

0.4.13 (2026-02-21)

Features

Bug Fixes

0.4.12 (2026-02-20)

Features

Bug Fixes

0.4.11 (2026-02-19)

Features

Documentation

0.4.10 (2026-02-18)

Features

Bug Fixes

Performance Improvements

Documentation

0.4.9 (2026-02-17)

Features

Bug Fixes

Security

Documentation

0.4.8 (2026-02-16)

Bug Fixes

0.4.7 (2026-02-16)

Features

Bug Fixes

0.4.6 (2026-02-15)

Features

Documentation

0.4.5 (2026-02-15)