Skip to content

v4.51.2 — hotfix: unbreak npm install + 4 weeks of features

Choose a tag to compare

@arberx arberx released this 18 May 22:26

⚠️ Supersedes 4.50.0 / 4.51.0 / 4.51.1 — those were broken (npm install 404'd on an unpublished workspace dep) and have been deprecated on npm. This release is the fix plus everything that landed in the broken-version series, repackaged.

Hotfix

  • `npm install -g @ainyc/canonry` works again. The published manifest no longer declares the unpublished `@ainyc/canonry-api-client@0.0.0` workspace package as a runtime dep (it's now `devDependencies`-only; `tsup` already inlines it into `dist/` via `noExternal`, so runtime is unchanged).
  • New CI gate: `publish-smoke-test` — packs the tarball and `npm install`s it into a scratch directory on every PR. Catches the same class of "workspace dep leaks into runtime" bug before it ships.

Server-side traffic ingestion (new)

  • Cloud Run / WordPress / Vercel traffic adapters with auth-validated doctor checks, hourly rollup buckets, and a `canonry traffic` CLI surface (`connect / sync / backfill / sources / status / events`).
  • AI crawler IP verification for 8 operators (Anthropic, OpenAI, Perplexity, Google, Microsoft Bing, and three OpenAI sub-products). Anthropic uses the ARIN-allocated `216.73.216.0/22` (AWS-ANTHROPIC) block — the actual ClaudeBot infrastructure, not the BGP-announced AS399358 ranges. UAs that pass IP verification land in a separate `verified` bucket from `claimed_unverified` so operators can tell real crawler traffic from spoofers.
  • Bot classifier rules expanded to catch Claude-SearchBot, MistralBot, DeepSeekBot, Applebot, plus the major SERP crawlers (Googlebot, bingbot, DuckDuckBot, YandexBot, Baiduspider, Amazonbot) — these were sitting in the `unknown` bucket. New `canonry backfill traffic-classification` reclassifies historical samples when rules expand.

Runtime safety

  • HTTP 503 `RUNTIME_STATE_MISSING` when the operator deletes `~/.canonry/data.db` or `config.yaml` out from under a running daemon. SQLite holds the file inode open across `unlink`, so the daemon would otherwise keep serving stale data from an orphaned file. Pairs with two new doctor checks (`db.file.present`, `config.file.present`).
  • Audit log attribution captures the API key + actor on every project mutation.

Aero (built-in agent)

  • LLM capability tiers — per-provider model selection per task. Heavy reasoning gets a flagship model; simple classification gets a fast/cheap one.
  • "Why this?" explainer for content recommendations — LLM-backed narrative on demand.

Dashboard

  • Project page refreshes after CLI mutations — `cnry query add` / `cnry competitor add` now surface in the dashboard when the operator alt-tabs back (`refetchOnWindowFocus: 'always'` on the per-project hook). Same for in-UI mutations (predicate widened to match the new per-project cache key).
  • Status code filter (2xx/3xx/4xx/5xx) on traffic source detail.
  • `useDashboard` split into `useDashboardOverview` (slim portfolio) and `useProjectDashboard` (per-project deep dive) to eliminate the per-project fan-out tax on every dashboard mount.
  • Snapshot attribution recovery — query attribution lost to `query replace`/`query remove` is now backfilled.

Plumbing

  • OpenAPI codegen pipeline — `@ainyc/canonry-api-client` generated from the spec, consumed by web ApiClient, CLI ApiClient, and MCP. CI drift gate enforces regeneration.
  • DB type migration — `projects`, `runs`, `querySnapshots`, `schedules`, `notifications` migrated to native SQLite column modes (boolean / JSON) via Drizzle.

Install

```bash
npm install -g @ainyc/canonry
```