Releases: danieljustus/symaira-eraseme
Releases · danieljustus/symaira-eraseme
Release list
v0.8.0
What's changed
- #488 Optimize dashboard UI with Symaira branding and client-side filtering
- #487 Bump CI workflow dependencies (actions/setup-python, trufflesecurity/trufflehog)
Full Changelog: v0.7.0...v0.8.0
v0.7.0
What's changed
Features
- #481 Add multi-folder poll-inbox and workflow orchestration template — closes #478, #479
- #480 Himalaya v1.2 adapter compatibility, LLM agent client, MCP server expansion to 21 tools, cron-based polling — closes #467, #470, #476, #477
Fixes
- #471 Resolve multiple CLI and execution bugs — closes #465, #466, #468, #469
- #480 IMAP SSL fix, Acxiom EU email update — closes #473, #475
Closed Issues
- #465, #466, #468, #469 CLI and execution bugs
- #467 Himalaya v1.2 compatibility
- #470 LLM agent client
- #473 IMAP SSL certificate errors
- #475 Acxiom EU opt-out email update
- #476 MCP server expansion to 21 tools
- #477 Cron-based polling with push notifications
- #478, #479 Multi-folder inbox polling
Full Changelog: v0.6.2...v0.7.0
v0.6.2
What's changed
Features
Dependencies
- #453 Bump trufflesecurity/trufflehog from 3.95.5 to 3.95.6
- #454 Bump actions/checkout from 6.0.3 to 7.0.0
Tests
- #462 Add coverage gap tests for service handlers and adapters — closes #456, #457, #458, #459, #460, #461
Closed Issues
- #410 macOS 27 compatibility
- #456 Test coverage gap: scheduler service
- #457 Test coverage gap: inbox service
- #458 Test coverage gap: captcha service
- #459 Test coverage gap: web form service
- #460 Test coverage gap: consent security
- #461 Test coverage gap: MCP server handler
Full Changelog: v0.6.1...v0.6.2
v0.6.1
What's changed
Security
- Cap MCP request body size and guard Content-Length parsing to reject oversized payloads (#445 — closes #439)
- Refuse non-loopback MCP binds unless
--allow-remoteis explicitly set (#445 — closes #440)
Fixes
- Use
ThreadingHTTPServerfor the MCP server so concurrent client requests do not block (#445 — closes #444) - Deduplicate read/redact/error handling blocks in the MCP request handler (#445 — closes #443)
- Route MCP server lifecycle output through Rich console helpers for consistent formatting (#445 — closes #442)
Documentation
- Document the v0.6.0 MCP server and interactive PII-redaction features in README (#445 — closes #441)
Closed Issues
- #439 Cap MCP request body size and guard Content-Length parse
- #440 Refuse non-loopback MCP binds without explicit --allow-remote
- #441 Document the v0.6.0 MCP server and interactive PII-redaction features in README
- #442 Route MCP server lifecycle output through Rich console helpers
- #443 Deduplicate read/redact/error block in MCP handler
- #444 Use ThreadingHTTPServer for the MCP server
Full Changelog: v0.6.0...v0.6.1
v0.6.0
v0.6.0
Highlights
- Added a local MCP JSON-RPC server with a
redact_filetool for PII redaction workflows. - Added an interactive terminal review flow for accepting or skipping detected PII redactions.
- Restricted MCP file reads to the server workspace to close CodeQL path-injection findings.
- Added runtime guidance for pydantic_core compatibility failures on macOS 27 (Tahoe).
- Hardened error handling, consent directory permissions, persisted error payloads, broker cache permissions, and domain exception mapping.
- Added JSON output support across plan status, calendar, and broker commands.
- Improved broker cache HMAC handling, YAML metadata parsing, LLM client reuse, and campaign execution threading.
- Added macOS test coverage and updated pinned GitHub Actions dependencies.
- Expanded troubleshooting and exit-code documentation.
Verification
uv sync --frozen --all-extrasuv run ruff check src/symeraseme/uv run ruff format --check src/symeraseme/uv run mypy src/symeraseme/uv run pytestuv build
v0.5.0
What's changed
Features
- #406 Migrate hardcoded paths to Config class to respect
SYMERASEME_DATA_DIR— closes #405 - #387 Address code review findings: security, UX/DX, architecture, performance
Fixes
- #401 Log warning on secret resolution failure instead of silent fallback
- #396 Replace bare
except Exceptionwith specific types in event replay - #371 Read version from
pyproject.tomlinstead of hardcoding fallback
Security
- #402 Bump
cryptography48.0.0 → 48.0.1 (fixes vulnerable OpenSSL in wheels)
Closed Issues
- #405 Hardcoded paths should respect
SYMERASEME_DATA_DIR
Full Changelog: v0.4.0...v0.5.0
v0.4.0
What's changed
Features
Fixes
- #366 Derive version from package metadata via importlib.metadata — closes #355, #358
- #367 Security and UX improvements from code review — closes #356, #357, #360, #361
Security
- #356 Consent token dry-run usage hint updated to prefer --consent-file and warn about shell history/ps exposure
- #357 IMAP adapter now resolves passwords internally via resolve_secret() (no plaintext in service layer)
- #361 LLM factory raises LLMProviderError when API key resolution fails
Refactoring
- #351 Update symvault subprocess calls to use --print flag
Closed Issues
- #353 Missing state field in Address schema for US/CCPA web forms
- #355 Version string out of sync with pyproject.toml
- #356 Consent token suggestion exposes token in shell history
- #357 IMAP password passed as plaintext parameter through service layer
- #358 Use importlib.metadata for --version in CLI
- #360 Unify --jurisdiction and --law flags to single canonical name
- #361 Log warning when LLM factory catches SecretResolutionError
Full Changelog: v0.3.0...v0.4.0
v0.3.0
What's Changed
- vault:// secret resolution (
core/secrets.py): CapSolver/2Captcha API keys, IMAP passwords, and LLM API keys can now reference Symaira Vault viavault://<path>, with fallback to environment variables and the OS keyring. - symfetch integration (
core/webfetch.py): web fetching preferssymfetchwhen installed, with graceful fallback. - Homebrew tap installation documentation.
Full Changelog: v0.2.1...v0.3.0
v0.2.2
What's changed
Features
- #347 Add OpenAI-compatible LLM provider for Hermes, Groq, vLLM, and custom endpoints
CI
- #346 Update pypa/gh-action-pypi-publish SHA to v1.14.0
Full Changelog: v0.2.1...v0.2.2
v0.2.1
What's changed
Security
- #238 Replace pickle with JSON for broker persistent cache
- #283 Fix path traversal, TOCTOU race conditions, orphaned WAL files
- #300 Fix doctor env disclosure, reply exception handling, SQL injection
- #336 Encrypt existing plaintext DB when SYMERASEME_ENCRYPT_DB=1
- #344 Fix encrypted DB silently discards all writes
Fixes
- #310 Broker fallback, consent timing, IMAP errors, doctor redaction
- #318 CliResult envelope, env var redaction, scheduler escaping
- #270 SIGTERM handler recursion, Windows temp dir
- #328 LLM PII consent, OAuth2 CSRF, --version flag, logging level
Refactoring
- #271 Extract repository layer (campaigns, dashboard, events, inbox, replies)
- #259 Extract batch, config, execution, planning modules
- #311 Migrate render_error to CliResult
Performance
- #312 Meta-only YAML parse on cold-cache filter path
- #344 Replace single IMAP fetch with ranged fetch
- #336 Reduce PBKDF2 iterations
Features
Documentation
Dependencies
- #285 Bump trufflehog 3.95.3 → 3.95.5
Full Changelog: v0.2.0...v0.2.1