Releases: fabionfsc/nuzo-memory
Releases · fabionfsc/nuzo-memory
Release list
Nuzo 1.1.0
Added
- A Registry-ready
@nuzo/memory-mcpdistribution now exposes one deterministic stdio entrypoint and canonicalmcpNamewhile reusing the shared MCP server implementation. - A version-aligned
server.json, official publisher validation, staged npm continuity smoke, and maintainer publication runbook prepare Nuzo for the preview MCP Registry.
Changed
- Public adoption guidance now includes a disposable 60-second demo, a decision guide for repository files and native memory, a dated comparison of adjacent agent-memory systems, focused installation feedback, and an executable launch playbook.
- Dense capture-suggestion scopes now use an indexed exact-duplicate lookup and bounded SQLite FTS prefilter instead of materializing every active memory; non-exhaustive evidence continues to fail closed as
uncertain. - Public presentation now uses a polished post-1.0 landing page, README, and package README narrative for clearer first-time evaluation.
Fixed
- MCP challenge and relationship mutations now attribute audit events to the trusted server actor instead of accepting caller-supplied attribution, and read-only host hooks skip cleanly, staying fail-open for the host session, when they encounter a newer unsupported SQLite schema.
- Codex and Claude Code plugin hooks now anchor published npm resolution at the plugin root, and the Codex MCP server uses its host-resolved plugin directory, preventing a user's npm workspace from shadowing the pinned Nuzo runtime.
- Published host canaries now create and verify fixtures with the public CLI, avoiding false forward-schema failures after a newer SQLite migration lands on
main. - GitHub Pages deploys now retry once inside the deploy job when the Pages backend returns a transient failure after accepting the artifact.
- GitHub Pages deployments now use explicit Pages configuration and queue deploy attempts instead of canceling an in-progress Pages deployment.
- Docker installer smoke tests now derive their pinned package version from the repository release instead of continuing to exercise the previous public version after a release bump.
The npm and MCP Registry release is bound to the retained dry-run artifact from workflow run 29312594381 at source commit 5e737986f28d09453d8fc012fc8eb1dd53e3583f.
Nuzo 1.0.0
Added
- A release-blocking developer-experience gate now validates staged npm
packages, CLI help and diagnostics, MCP startup, Codex and Claude Code
plugin layouts, first-run setup guidance, and cross-session host behavior. - The documentation site now serves a one-line, npm-backed installer at
https://nuzo.com.br/install.sh; it validates Node.js and npm, supports
exact Nuzo versions, verifies the installed CLI, and leaves host changes to
the explicitnuzo setupcommand. - Docker installer smoke coverage now exercises prerequisite failures, latest
and pinned package selection, and real registry installs on supported
Node.js 22 and 24 images across Debian and Alpine environments.
Changed
- CLI commands, MCP handlers, runtime configuration parsing, core memory
service internals, and benchmark harnesses are split into focused modules
while preserving the stable public CLI, MCP, storage, and package contracts. - TypeScript test code now follows the same explicit typing and unused-code
standards as production code. - Public release and operations guidance now reflects the completed
1.0.0
readiness audit, the stable package boundary, and current installation and
validation workflows. - GitHub Pages deployments now run only for site-relevant changes and cancel
superseded deployments, avoiding unrelated and conflicting deploy jobs.
Fixed
- Capture suggestions preserve an
uncertainresult when bounded candidate
evaluation cannot establish an exhaustive duplicate or conflict decision. - Core use cases now validate identifiers, revisions, pagination inputs,
import payloads, configuration limits, and scope boundaries before storage
or policy execution. - Managed-host postinstall refresh resolves only trusted executables from the
npm lifecycle environment and refuses unsafe or ambiguous command paths. - Lifecycle-hook stdin reads now enforce byte and time limits so malformed or
stalled hosts cannot cause unbounded buffering or waiting. - Release preparation now updates packaged plugin instructions while
preserving historical and stable1.0.0policy references during later
patch releases.
Security
- Secret scanning now detects fine-grained GitHub personal access tokens in
direct writes and imports without weakening false-positive controls. - Backup, export, model, plugin, and managed-host writes now reject symlinked
destinations and unsafe path components before replacing local files.
Nuzo 0.9.1
Changed
- Codex and Claude Code guidance now recognizes explicit durable-intent language such as "always do this", "from now on", and "remember this" as a trigger to propose the Nuzo capture flow, while keeping every inferred write behind a visible draft and explicit user confirmation.
- When a request combines an immediate safe action with a durable instruction, host guidance now performs the immediate action and then proposes the reusable behavior for confirmed capture, including workflows such as creating
AGENTS.<folder-name>.mdin future directories. - Public installation guidance now separates the one-time
nuzo setuppath from native host marketplace installation more clearly and keeps routine upgrade instructions concise. - Hook documentation now identifies the expected
SessionStartandUserPromptSubmittrust prompts and states that both hooks perform bounded, read-only recall and never write memory.
Packages
@nuzo/memory-core@0.9.1@nuzo/memory@0.9.1
The legacy transition packages remain deprecated at their final 0.9.0 release.
Nuzo 0.9.0
Added
- The CLI now supports local store recovery commands:
nuzo memory integrity,nuzo memory backup --path <file>, and
nuzo memory restore <file> --yes, including WAL-safe SQLite online backup
validation before restore. nuzo memory doctor --jsonnow exposes the same content-free store,
integrity, Git tracking, warning, and status diagnostics in a stable
machine-readable shape.- The Nuzo CLI now includes explicit host bootstrap commands:
nuzo setup,nuzo host install codex,nuzo host install claude-code, and
nuzo host install --all, with dry-run, JSON, and non-interactive
confirmation support. nuzo updateand targetednuzo host updatecommands now update only
already-installed Codex and Claude Code plugins, preserve the Claude Code
install scope, and avoid repeating first-time setup.- The shared runtime resolver now discovers ancestor project configuration,
resolves canonical project roots, enforces trusted host authorization, and
reports non-sensitive configuration provenance. - Repository marketplaces now expose the tracked Nuzo plugin as
nuzo@nuzo-memoryfor Codex and Claude Code without a source checkout or a
redundant global runtime install. - CI now validates native marketplace discovery and installation with pinned
Codex and Claude Code CLIs on Node.js 24. - MCP and host hook doctor diagnostics now include the same content-free
SQLite integrity summary as the CLI. - Deterministic public-documentation contracts now guard release versions,
version-gated commands, MCP tool names and count, supported Node.js lines,
npm package guidance, and user-versus-maintainer navigation in CI and Pages. - Supply-chain validation now requires GitHub Actions workflow
uses:entries
to be pinned to reviewed commit SHAs and release npm installation to use an
exact reviewed version. - Documentation CI now validates Markdown links, anchors, bounded external
links, shell snippet syntax, setup/update command drift, and core public
terminology across user-facing entry points. - CI now validates staged npm and generated plugin artifacts across the
supported Linux x64, macOS x64, and Windows x64 runtime matrix on Node.js 22
LTS and 24 LTS.
Changed
nuzo memory doctornow reports SQLite store integrity status and surfaces
integrity failures as warnings.- Host setup output now explains why each command runs and shows explicit
non-interactive examples for Codex, Claude Code, and both hosts. - Published MCP and lifecycle-hook paths now default to the active project and
user scopes in restricted mode, while the local CLI remains an explicit
administrator workflow. - Public GitHub, npm, getting-started, CLI, and host documentation now define
setup as a one-time operation and managed update as the routine upgrade path
planned for0.9.0. - Tracked host plugin sources now resolve the exact matching
@nuzo/memoryruntime and remain version-aligned through release tooling. - README, homepage, Getting Started, clean install, CLI, and host plugin pages
now lead with tested user installation and cross-session verification paths. - Current
0.8.1onboarding now excludes host-bootstrap and recovery commands
until those capabilities are published, while the0.9.0release gate
requires the new setup path to return to GitHub, Pages, and npm documentation. @nuzo/memory-cliand@nuzo/mcp-servernow identify0.9.0as their final
planned release before npm deprecation in favor of@nuzo/memory.- npm staging, publish-target checks, and publish automation now derive from a
shared package policy:0.9.0still includes the two legacy transition
packages, while later versions publish only@nuzo/memory-coreand
@nuzo/memoryand reject retired legacy staging. - Benchmark fixtures now distinguish portable JSON exports from operational
SQLite backups. - MCP
memory.list,memory.history, andmemory.exportresponses are now
bounded with explicitlimit,next_cursor, andtruncatedpagination
fields. The local CLI keeps full export as an explicit administrator action.
Fixed
- Semantic model inspection now verifies pinned file digests and rejects
missing, truncated, altered, unreadable, or symlinked model files before
reportingreadyor skipping provisioning repair.
Nuzo 0.8.1
Security and release-harness patch.
- Enforces restricted-scope authorization before returning memory history metadata.
- Keeps published NUZO-37 canaries strict while suppressing non-fatal npm warning noise.
- Records the exact 0.8.0 post-release validation evidence.
All current Nuzo packages and generated host plugin manifests remain version-aligned at 0.8.1.
Nuzo 0.8.0
Added
- CI now gates the canonical recall benchmark, the historical capture baseline,
and the current bounded capture relationship profile on every pull request. - A published optional-semantics smoke validates registry-installed fallback,
optional peer installation, local sidecar rebuild, and semantic/hybrid recall
against exact published packages. - The optional-semantics benchmark now includes a medium-store profile with
scoped status, fallback, cold and warm hybrid recall, peak RSS, canonical row
counts, vector row counts, and authorized vector count gates. - The NUZO-37 host canary proves the generated Codex and Claude Code artifacts
deliver the sameuser:defaultautoloadinstruction across fresh hook
invocations while preserving the untrusted-memory boundary. - An optional native host canary installs the Codex artifact through a temporary
local marketplace and validates the Claude Code artifact with the npm
distributed Claude Code CLI.
Changed
- Release validation now explicitly includes the medium-store semantic gate,
the NUZO-37 host canary, and a post-release issue-hunting pass for focused
roadmap follow-up. - Repository layout documentation now states that
tools/is versioned
repository automation, not a runtime npm package surface.
Fixed
- MCP runtime shutdown now awaits optional semantic provider disposal before
closing the SQLite database or exiting on signals. - Scoped semantic index status now queries only authorized vector scopes in SQL
instead of loading all sidecar vectors and filtering unrelated scopes in
JavaScript. - Host-hook fixtures now use explicit
/example/...paths instead of
host-looking/opt/...paths.
Nuzo 0.7.0
Nuzo 0.7.0
Added
- Optional local semantic retrieval with a core provider contract, disposable revision-aware SQLite sidecar, atomic rebuild/clear, cosine search, and hybrid reciprocal-rank fusion.
- Pinned offline Transformers.js provider using
all-MiniLM-L6-v2-ONNXq4 vectors, explicit checksum-verified provisioning, and local-files-only inference behind an optional peer. - CLI semantic status, provision, rebuild, clear, semantic/hybrid recall, JSON diagnostics, and fallback controls.
- Additive MCP semantic/hybrid recall fields with machine-readable requested/effective mode and fallback diagnostics.
- Public synthetic benchmark, real-provider evaluation, staged-artifact validation, and independently gated English quality and safety evidence.
Changed
- Hybrid recall conservatively contributes only the strongest semantic candidate alongside bounded FTS results.
- Default installs remain FTS-only and do not include Transformers.js or model files.
Fixed
- JSON import now uses one no-follow descriptor for file type, size, and reading, closing a file-swap race.
- Semantic freshness checks ignore unrelated unauthorized scope changes.
See the 0.7.0 release gates and optional semantics guide.
Nuzo 0.6.0
Nuzo 0.6.0
Added
- Explicit confirmed capture decisions in core, MCP, and CLI through
memory.confirm_capture/nuzo memory confirm-capture, routing confirmed
creates and keep-separate choices through canonical remember behavior,
confirmed replacements through revision-checked update behavior, and reject
or clarify choices through zero-write results. - Opt-in bounded Capture Intelligence relationship evidence in core, MCP, and
CLI formemory.suggest_capture, covering update, related, independent,
uncertain, exact duplicate, policy-blocked, scope, archived, and evidence
limit cases without writes. - MCP protocol and CLI output coverage for bounded Capture Intelligence
relationship evidence, including compatibility defaults, policy errors,
IDs, revisions, candidate limits, reasons, and zero-write invariants. - Deterministic Capture Intelligence benchmark with a reproducible
v0.5.0
baseline, English-primary relationship fixtures, and zero-write, policy,
scope, archived, latency, and evidence-bound safety gates.
Nuzo 0.5.0
Recall Quality
Nuzo 0.5.0 makes local recall quality measurable and improves SQLite FTS ranking using reproducible evidence.
Added
- Deterministic public recall benchmark with 103 synthetic fixtures and 31 cases.
- Primary English quality gate plus Portuguese, Unicode, multilingual, tag, scope, bounded-result, archived, global, and no-match coverage.
- Reproducible comparison support for running the fixture harness against another built core revision.
Changed
- SQLite recall filters weak single-term noise from specific multi-term prompts.
- Exact topical tags and scoped unique terms remain strong, inspectable ranking evidence.
Evidence
v0.4.0: 96.8% top-1, 96.8% expected recall, 50.0% noise overall; English 92.3% top-1 and 64.3% noise.0.5.0: 100% top-1, 100% expected recall, 100% ranking-reason coverage, 0% noise.- Lifecycle hook matrix remains bounded and read-only across 75 memories and 53 scenarios.
v0.4.0
Summary
- Adds store-wide audit queries across core, CLI, and MCP.
- Documents source vs actor provenance and JSON export/import provenance behavior.
- Defines legacy transition package lifecycle policy for @nuzo/memory-cli and @nuzo/mcp-server.
Validation
- Node 22 and Node 24 CI passed.
- Documentation validation passed.
- CodeQL passed.
- npm artifact validation and host plugin smokes passed locally before release preparation.