v0.2.19

Comprehensive stability, security, and performance sweep across the whole codebase, plus an agent-sidebar markdown improvement. Every change strengthens an existing feature. 1340 tests pass (up from 1300), green across Python 3.10/3.11/3.12.

Security

• Path traversal in /api/files/* switched to Path.is_relative_to, closing the Windows sibling-directory bypass.
• Webhook receive endpoint now requires a shared secret (HAVN_WEBHOOK_SECRET_<NAME> / HAVN_WEBHOOK_SECRET), payload capped at 5 MB.
• Query validator rewritten: strips strings/comments, walks CTE bodies, rejects file-access functions and multi-statement queries.
• CREATE/DROP MASKING POLICY now requires write permission.
• Importer, snapshots, and create_version validate every identifier and SQL-escape every literal/path.

Stability

• WriteQueue worker survives a cancelled future instead of stalling the write path.
• WeakKeyDictionary backs the per-connection catalog map, ending id()-recycling mis-routing.
• Pipeline SSE converted from a 300 ms busy poll to a threading.Condition; start race fixed.
• Circuit breaker gains time-windowed failure decay.

Correctness

• Incremental unique-key columns validated before SQL interpolation; incremental queries wrapped in a subquery.
• parse_depends collects every @depends_on line; cron parser supports range+step.
• Contracts freshness < 5m now means 5 minutes.

Performance

• 30s token-validation cache; invalidated on user delete and user update.
• Frontend bundle split via Vite manualChunks: main bundle 1308 kB to 481 kB (gzip 341 kB to 115 kB).

Frontend

• Agent sidebar renders [label](url) markdown as clickable links.

Full detail in CHANGELOG.md.