v2.2.0 — Security hardening, privacy opt-in, retrieval quality

The biggest cycle since 2.0 — a security-hardening series, per-memory privacy with encrypted cross-device sync, and a large retrieval-quality jump. All local-first, zero telemetry.

Highlights

Security & crypto

• Key rotation with forward secrecy (versioned ENC2 envelopes)
• HMAC integrity on the manifest and every sync op; plaintext-injection rejection; manifest without integrity refuses to load
• Encrypted snapshots; corrupt/tampered rows fail gracefully, never panic

Privacy

• Per-memory privacy opt-in: Private by default; mark shared to sync; demote and it's retracted from other devices
• Persistent sync (passphrase in OS keychain, never on disk) + auto background pull
• Deny-by-default MCP capability policy
• Honest offline mode: CORTEX_NO_EMBEDDINGS=1 for a zero-network build; CI proves it

Retrieval quality

• Paraphrase recall 40% → ~90% at 5K memories (HNSW ef_search beam fix), latency unchanged
• Bounded query budget (DoS + timing-channel guard)
• No silent recall failures: dimension-mismatch rejected loudly; memory_stats shows recall health; memory_context min_confidence floor
• Contradiction detection from natural language; opt-in semantic near-dedup

Tooling & docs

• 30 MCP tools; RUST_LOG honored; WASM build
• New guides (memory tiers, backends comparison); one-command device setup with Claude Code auto-recall hook

Full list in CHANGELOG.md. Install: cargo build --release -p cortex-mcp-server or brew install gambletan/tap/cortex-mcp-server.

What's Changed

• GitHub presence optimization + adversarial-review fixes by @gambletan in #1
• fix: namespace recency ordering uses event time (self-evolve iter 2) by @gambletan in #2
• test: cover apply_op merge semantics (self-evolve iter 3) by @gambletan in #3
• fix: reject malformed embedding blobs (self-evolve iter 4) by @gambletan in #4
• ci: enforce zero network/telemetry deps in cortex-core (self-evolve iter 5) by @gambletan in #5
• feat: encrypt the sync snapshot, not just the oplog (self-evolve iter 6) by @gambletan in #6
• fix: corrupt/tampered memory rows fail gracefully, not panic (self-evolve iter 7) by @gambletan in #7
• fix: corrupt people rows fail gracefully, not panic (self-evolve iter 8) by @gambletan in #8
• fix: PersonUpsert no monotonic-field regression or post-delete resurrection (self-evolve iter 9) by @gambletan in #9
• fix: bound HTTP API inputs to MCP-layer parity (self-evolve iter 10) by @gambletan in #10
• docs(guides): add memory-tiers guide by @zsxh1990 in #12

New Contributors

• @gambletan made their first contribution in #1
• @zsxh1990 made their first contribution in #12

Full Changelog: v2.0.0...v2.2.0

What's Changed

• GitHub presence optimization + adversarial-review fixes by @gambletan in #1
• fix: namespace recency ordering uses event time (self-evolve iter 2) by @gambletan in #2
• test: cover apply_op merge semantics (self-evolve iter 3) by @gambletan in #3
• fix: reject malformed embedding blobs (self-evolve iter 4) by @gambletan in #4
• ci: enforce zero network/telemetry deps in cortex-core (self-evolve iter 5) by @gambletan in #5
• feat: encrypt the sync snapshot, not just the oplog (self-evolve iter 6) by @gambletan in #6
• fix: corrupt/tampered memory rows fail gracefully, not panic (self-evolve iter 7) by @gambletan in #7
• fix: corrupt people rows fail gracefully, not panic (self-evolve iter 8) by @gambletan in #8
• fix: PersonUpsert no monotonic-field regression or post-delete resurrection (self-evolve iter 9) by @gambletan in #9
• fix: bound HTTP API inputs to MCP-layer parity (self-evolve iter 10) by @gambletan in #10
• docs(guides): add memory-tiers guide by @zsxh1990 in #12

New Contributors

• @gambletan made their first contribution in #1
• @zsxh1990 made their first contribution in #12

Full Changelog: v2.0.0...v2.2.0

What's Changed

• GitHub presence optimization + adversarial-review fixes by @gambletan in #1
• fix: namespace recency ordering uses event time (self-evolve iter 2) by @gambletan in #2
• test: cover apply_op merge semantics (self-evolve iter 3) by @gambletan in #3
• fix: reject malformed embedding blobs (self-evolve iter 4) by @gambletan in #4
• ci: enforce zero network/telemetry deps in cortex-core (self-evolve iter 5) by @gambletan in #5
• feat: encrypt the sync snapshot, not just the oplog (self-evolve iter 6) by @gambletan in #6
• fix: corrupt/tampered memory rows fail gracefully, not panic (self-evolve iter 7) by @gambletan in #7
• fix: corrupt people rows fail gracefully, not panic (self-evolve iter 8) by @gambletan in #8
• fix: PersonUpsert no monotonic-field regression or post-delete resurrection (self-evolve iter 9) by @gambletan in #9
• fix: bound HTTP API inputs to MCP-layer parity (self-evolve iter 10) by @gambletan in #10
• docs(guides): add memory-tiers guide by @zsxh1990 in #12

New Contributors

• @gambletan made their first contribution in #1
• @zsxh1990 made their first contribution in #12

Full Changelog: v2.0.0...v2.2.0

What's Changed

• GitHub presence optimization + adversarial-review fixes by @gambletan in #1
• fix: namespace recency ordering uses event time (self-evolve iter 2) by @gambletan in #2
• test: cover apply_op merge semantics (self-evolve iter 3) by @gambletan in #3
• fix: reject malformed embedding blobs (self-evolve iter 4) by @gambletan in #4
• ci: enforce zero network/telemetry deps in cortex-core (self-evolve iter 5) by @gambletan in #5
• feat: encrypt the sync snapshot, not just the oplog (self-evolve iter 6) by @gambletan in #6
• fix: corrupt/tampered memory rows fail gracefully, not panic (self-evolve iter 7) by @gambletan in #7
• fix: corrupt people rows fail gracefully, not panic (self-evolve iter 8) by @gambletan in #8
• fix: PersonUpsert no monotonic-field regression or post-delete resurrection (self-evolve iter 9) by @gambletan in #9
• fix: bound HTTP API inputs to MCP-layer parity (self-evolve iter 10) by @gambletan in #10
• docs(guides): add memory-tiers guide by @zsxh1990 in #12

New Contributors

• @gambletan made their first contribution in #1
• @zsxh1990 made their first contribution in #12

Full Changelog: v2.0.0...v2.2.0

v2.0.0

Full Changelog: v1.8.0...v2.0.0

v1.8.0

Full Changelog: v1.7.0...v1.8.0

v1.7.0

Full Changelog: v1.5.1...v1.7.0

v1.5.1 — Performance & Search Overhaul

What's New

Performance

• 2x faster search — HNSW rebuild debounce, read-lock search, parking_lot::Mutex
• Half memory usage — f16 vector quantization
• SIMD dot product for similarity search
• Read/write connection split + WAL tuning
• Batch operations — batch delete, batch ingest with dedup, batch salience updates
• Prepared statement caching for all reads and writes

Features

• FTS5 full-text search — replaces regex-based search
• Plugin system — configurable consolidation and index strategies
• Lazy HNSW index — builds on demand, not on startup
• CLI tools and install script
• Namespace isolation for multi-tenant deployments
• Event system and observability hooks
• Docker image on GHCR (ghcr.io/gambletan/cortex-http)

Testing

• 74 new tests for full coverage of perf optimizations
• 131+ total tests

Benchmarks

• Ingest: 62µs
• Search: <100µs
• 1,182x faster than Mem0 cloud

Full Changelog: v1.4.0...v1.5.1

v1.4.0 — HNSW Index, MCP Tools, CI/CD

What's New

• Incremental HNSW index — no full rebuild on insert
• SQL-indexed queries — faster tier/entity lookups
• LLM summarizer hook — pluggable summarization during consolidation
• 18 MCP tools for Claude Code / Claude Desktop integration
• CI/CD pipeline — automated testing and release
• Configurable decay and LLM inference settings
• Docker support — Dockerfile and GHCR workflow

Full Changelog: v1.3.0...v1.4.0

v1.3.0 — Query Expansion & Relationships

What's New

• Query expansion — automatic synonym and related-term search
• Bidirectional relationships — people graph traversal in both directions
• Context quality optimization — smarter retrieval ranking
• PyPI package renamed to cortex-ai-memory

Full Changelog: v1.2.0...v1.3.0