v0.4.1

Changelog

• ae4b578: fix(siem): strip server actor-ids globally; drop dead dashboards puller (Wave 69); v0.4.1 (@dannyota)

v0.4.0

Changelog

• 8512742: feat(secops): operator-confidence fixes + alert-grouping reconcile (Wave 68); v0.4.0 (@dannyota)

v0.3.1

Full Changelog: v0.3.0...v0.3.1

v0.3.0

Changelog

• 56bfb7f: docs(polish): tenant-neutral register sweep + stale rows from the pre-release audit (@dannyota)
• d180701: docs(preview): reader-tested improvements across the front door and guides (@dannyota)
• 5cbf35e: docs(release): triage and playbooks guides, changelog, README capability summary (Wave 61) (@dannyota)
• cd4edd3: feat(ai): per-alert AI investigation — alerts investigate, typed verdict view, notebooks (Wave 57) (@dannyota)
• e43eed3: feat(ai): the AI-assist layer — case summaries, alert recommendations, Gemini chat, playbook drafting, graph pivoting (Wave 56) (@dannyota)
• 2e2c7ee: feat(cli): CLI UX polish — groups, suggestions, sharper errors, help (Wave 66) (@dannyota)
• 37cd3ca: feat(cli): agent-safety layer — hard read-only mode, mutation audit log, command catalog (Wave 53) (@dannyota)
• 1b0d9e5: feat(cli): per-command --json support in the commands catalog (Wave 62) (@dannyota)
• 34c795d: feat(siem): rule-tuning reads — trends, counts, curated detections, detection evidence, batch update (Wave 54) (@dannyota)
• 5a09603: feat(soar): IDE definition update verbs + the action-update shape (Wave 65) (@dannyota)
• 0d2a255: feat(soar): case queue counts via totalSize + the modern filter grammar (Wave 59) (@dannyota)
• e02c4e5: feat(soar): definition authoring, API-key lifecycle, Playbook-Assistant alignment (Wave 60) (@dannyota)
• 60d33e8: feat(soar): playbook lifecycle completion — step skip, rollback, stats, export/import, schedule management (Wave 55) (@dannyota)
• 72ef718: feat(soar): the playbook authoring palette — wildcard component catalogs (Wave 58) (@dannyota)
• bb81c9b: feat(soar): typed playbook step insertion + int64-safe saves (Wave 64) (@dannyota)
• 40d2fcb: feat(triage): close the alert→case→rule loop — alert disposition, id bridges, case/alert verbs, queue filters (Wave 52) (@dannyota)
• 2421b1f: fix(chronicle): watchlist entity writes — the UDM Entity envelope, remove-by-name, self-contained smoke (@dannyota)
• c57e670: fix(soar): action/job update is PATCH-by-id, not POST-with-name (Wave 65 correction) (@dannyota)
• 5829052: refactor(cli): one --json mechanism (Wave 63) (@dannyota)

v0.2.5

Changelog

• ee01571: feat(soar): batch playbook delete + pull --prune (Waves 50-51) (@dannyota)

v0.2.4

Changelog

• abb8638: docs(roadmap): mark Waves 44-48 done (@dannyota)
• 9c3e388: docs(roadmap): plan Waves 44-49 — chat, parser extensions, pipelines, Content Hub deploy, case enrichment, audit (@dannyota)
• 7b0d5ef: feat(siem): parser extensions CLI — list/get/create/activate/delete (Wave 45) (@dannyota)
• f6c50a8: feat(siem): pipeline CLI — list/get/delete log processing pipelines (Wave 46) (@dannyota)
• 7dd014a: feat(soar): Content Hub deploy + featured playbooks + diff (Wave 47) (@dannyota)
• fa713aa: feat(soar): audit logs, notifications, report templates (Wave 49) (@dannyota)
• db45e8a: feat(soar): case chat — list, send, unread-count (Wave 44) (@dannyota)
• a7113cc: feat(soar): case custom-fields, wall, context properties (Wave 48 continued) (@dannyota)
• 28bc46d: feat(soar): info soar-system — version, license, data retention (Wave 48 partial) (@dannyota)