Skip to content

Releases: getmunin/munin

v4.67.2

Choose a tag to compare

@github-actions github-actions released this 05 Jul 13:47
76e6065

Patch Changes

  • fbb276c: Fix chat-widget read-state loss on identity claim: when an anonymous session is claimed by a verified visitor (identify), the anonymous end-user's conv_message_reads rows are now migrated to the verified end-user before the anonymous end-user is deleted. Previously the read receipts were cascade-deleted with the anonymous end-user, so already-read agent replies resurfaced as unread (phantom unread badge) after logging in.
    • @getmunin/core@4.67.2
    • @getmunin/db@4.67.2
    • @getmunin/types@4.67.2
    • @getmunin/mcp-toolkit@4.67.2
    • @getmunin/inspector-app@4.67.2
    • @getmunin/agent-runtime@4.67.2
    • @getmunin/emails@4.67.2

Published packages

  • @getmunin/analytics-tracker@4.67.2
  • @getmunin/chat-widget@4.67.2
  • @getmunin/agent-host@4.67.2
  • @getmunin/agent-runtime@4.67.2
  • @getmunin/backend-core@4.67.2
  • @getmunin/core@4.67.2
  • @getmunin/dashboard-pages@4.67.2
  • @getmunin/db@4.67.2
  • @getmunin/docs-pages@4.67.2
  • @getmunin/emails@4.67.2
  • @getmunin/inspector-app@4.67.2
  • @getmunin/mcp-toolkit@4.67.2
  • @getmunin/sdk@4.67.2
  • @getmunin/types@4.67.2
  • @getmunin/ui@4.67.2

v4.67.1

Choose a tag to compare

@github-actions github-actions released this 05 Jul 08:35
fc9109c

Patch Changes

  • 824e3d7: Fix anonymous→identified chat carry-over: the widget now claims a pre-existing anonymous session on boot when configured with a verified identity (data-external-id + data-user-hash). Previously it set the in-memory identity for reads but never called identify, so the backend's leak-protection returned empty history for the still-anonymous session — a conversation started anonymously (e.g. on a marketing site) was invisible after logging in until the visitor sent a new message. The claim now runs once on connect, before history is loaded.

Published packages

  • @getmunin/analytics-tracker@4.67.1
  • @getmunin/chat-widget@4.67.1
  • @getmunin/agent-host@4.67.1
  • @getmunin/agent-runtime@4.67.1
  • @getmunin/backend-core@4.67.1
  • @getmunin/core@4.67.1
  • @getmunin/dashboard-pages@4.67.1
  • @getmunin/db@4.67.1
  • @getmunin/docs-pages@4.67.1
  • @getmunin/emails@4.67.1
  • @getmunin/inspector-app@4.67.1
  • @getmunin/mcp-toolkit@4.67.1
  • @getmunin/sdk@4.67.1
  • @getmunin/types@4.67.1
  • @getmunin/ui@4.67.1

v4.67.0

Choose a tag to compare

@github-actions github-actions released this 05 Jul 06:26
81afdc6

Minor Changes

  • eead33b: Security hardening from a follow-up audit.

    • Widget session credential moved out of the URL (BREAKING): the widget read endpoints (GET /v1/widget/messages, GET /v1/widget/conversations, GET /v1/widget/voice/available) no longer accept the session credential in the query string. sessionId, sessionIds, verifiedExternalId, and userHash must now be sent as the x-munin-session-id, x-munin-session-ids, x-munin-verified-external-id, and x-munin-user-hash request headers. This keeps the session token — which grants read/write on a visitor's conversation — out of server, proxy, and CDN access logs. The bundled chat widget is updated; any custom integration that called these GET endpoints must move the fields from the query string to headers.
    • Widget origin allowlist is required by default (BREAKING): a widget channel with an empty originAllowlist now rejects all traffic, and creating one without an allowlist fails, unless MUNIN_WIDGET_REQUIRE_ALLOWLIST is explicitly set to 0/false. Previously the allowlist was only enforced when the flag was opted in. Existing widget channels without an allowlist stop accepting requests until their origins are configured (or the flag is disabled). This inverts the default to fail-closed.
    • OAuth mcp:admin scope is gated by org role (BREAKING): OAuth access tokens (opaque and JWT) issued to users whose org membership role is not owner or admin no longer carry the mcp:admin scope or the admin MCP audience — they resolve to the self-service surface. Previously any member who consented to an mcp:admin scope grant reached every admin MCP tool. Admin API keys (mn_admin_*) are unaffected.
    • Channel webhook endpoint hardened: POST /v1/conversations/channels/:channelId/webhook is now rate-limited (per-IP, like the other public endpoints) and returns a uniform 401 for both unknown-channel and signature-verification failures to prevent channel-id enumeration. Note: an unknown channel now returns 401 instead of 404.

Published packages

  • @getmunin/analytics-tracker@4.67.0
  • @getmunin/chat-widget@4.67.0
  • @getmunin/agent-host@4.67.0
  • @getmunin/agent-runtime@4.67.0
  • @getmunin/backend-core@4.67.0
  • @getmunin/core@4.67.0
  • @getmunin/dashboard-pages@4.67.0
  • @getmunin/db@4.67.0
  • @getmunin/docs-pages@4.67.0
  • @getmunin/emails@4.67.0
  • @getmunin/inspector-app@4.67.0
  • @getmunin/mcp-toolkit@4.67.0
  • @getmunin/sdk@4.67.0
  • @getmunin/types@4.67.0
  • @getmunin/ui@4.67.0

v4.66.1

Choose a tag to compare

@github-actions github-actions released this 04 Jul 08:56
07daf91

Patch Changes

  • 47d67aa: widget: add data-munin-cookie-domain so a conversation can be shared across sibling subdomains

    The session and visitor ids are kept in localStorage with a cookie fallback, and both were host-only — a chat started on www.example.com did not carry over to app.example.com. Setting data-munin-cookie-domain=".example.com" now writes the session + visitor cookies with that Domain, so both subdomains read the same ids and the anonymous thread is claimed when the visitor signs in on the app. The value must be a suffix of the page's host or it is ignored (a rejected Domain would silently break persistence). Default behavior is unchanged (host-only).

  • d266e86: fix(crm): dismiss pending outreach proposals when a contact is merged

    Applying a merge proposal archives the duplicate contact with doNotContact: true but previously left its pending outreach proposals bound to the now-suppressed tombstone. Approving one of those orphaned proposals then failed at the eligibility gate with outreach_invalid: contact … is no longer eligible (suppression or consent withdrawn). The merge now dismisses the duplicate's pending proposals (with a contact merged into <keeperId> reason) and emits outreach.proposal.dismissed for each.

  • 47d67aa: widget: add data-munin-cookie-domain so a conversation can be shared across sibling subdomains

    The session and visitor ids are kept in localStorage with a cookie fallback, and both were host-only — a chat started on www.example.com did not carry over to app.example.com. Setting data-munin-cookie-domain=".example.com" now writes the session + visitor cookies with that Domain, so both subdomains read the same ids and the anonymous thread is claimed when the visitor signs in on the app. The value must be a suffix of the page's host or it is ignored (a rejected Domain would silently break persistence). Default behavior is unchanged (host-only).

    • @getmunin/inspector-app@4.66.1
    • @getmunin/core@4.66.1
    • @getmunin/db@4.66.1
    • @getmunin/types@4.66.1
    • @getmunin/mcp-toolkit@4.66.1
    • @getmunin/agent-runtime@4.66.1
    • @getmunin/emails@4.66.1
  • 3e0b921: Polish Norwegian (nb) dashboard translations. Replace the stiff blanket "tilbakekalle" for revoke with context-appropriate verbs (agents → "Koble fra", tokens/invitations → "Trekk tilbake", API keys → "Slett", tracker keys → "Deaktiver"), rename Trackers to "Sporing"/"Sporingskoder", and fix the anglicised "tokens" plural. Splits the shared common.revoke string into per-page dashboard.agents.revoke / dashboard.apiKeys.revoke keys so each surface can use its own verb.

    • @getmunin/types@4.66.1
    • @getmunin/ui@4.66.1

Published packages

  • @getmunin/analytics-tracker@4.66.1
  • @getmunin/chat-widget@4.66.1
  • @getmunin/agent-host@4.66.1
  • @getmunin/agent-runtime@4.66.1
  • @getmunin/backend-core@4.66.1
  • @getmunin/core@4.66.1
  • @getmunin/dashboard-pages@4.66.1
  • @getmunin/db@4.66.1
  • @getmunin/docs-pages@4.66.1
  • @getmunin/emails@4.66.1
  • @getmunin/inspector-app@4.66.1
  • @getmunin/mcp-toolkit@4.66.1
  • @getmunin/sdk@4.66.1
  • @getmunin/types@4.66.1
  • @getmunin/ui@4.66.1

v4.66.0

Choose a tag to compare

@github-actions github-actions released this 03 Jul 19:49
db1d1d9

Minor Changes

  • 44a9d34: Munin Inspector MCP App: new @getmunin/inspector-app package builds the ui://munin/inspector panel (React, single self-contained HTML, SDK bundled — no CDN) with an outreach proposal review view and the hello diagnostics view. New outreach_approve_proposal / outreach_dismiss_proposal admin tools expose the existing decision surface over MCP (declared panel-only via _meta.ui.visibility: ["app"] so MCP App hosts hide them from the model — sends require a human click); outreach_list_proposals and inspector_hello now declare _meta.ui.resourceUri so supporting hosts render the panel inline, with approve/dismiss round-tripping over the widget channel. Adds skill://outreach/review-proposals.

  • abeb2ef: Serve ui:// MCP App resources (SEP-1865): tools can declare _meta.ui.resourceUri pointing at an app-audience HTML resource rendered inline by supporting hosts, with resource-level _meta (CSP) passed through resources/list / resources/read. App resources are kept separate from the skill:// catalog. Includes the inspector_hello spike tool + ui://inspector/hello panel, verified end-to-end against claude.ai including the widget-initiated callServerTool round trip.

  • 768642a: Localize the inspector panel from the MCP App host locale.

    • The panel reads getHostContext()?.locale after connect (falling back to navigator.language, then en) and re-renders on onhostcontextchanged, so it follows the user's Claude language setting rather than the iframe's browser default.
    • Strings live in a new inspector.* namespace in @getmunin/dashboard-pages' message catalogs (English + Norwegian), now exposed via a ./messages/*.json export; the panel bundles only that namespace (~1 kB per locale) through a small t(key, params) helper.
    • Ages in the proposal ledger format through Intl.RelativeTimeFormat with the host locale instead of hardcoded English abbreviations.

    Server-originated strings (tool error messages) remain English.

Patch Changes

  • 37c95e9: Outreach proposal mutations (outreach_approve_proposal, outreach_dismiss_proposal, propose/update) now return the same joined contact and campaign summaries as outreach_list_proposals. Previously they returned contact: null, which made the inspector panel's row title fall back to the raw contact id after a decision.

  • fb104ce: fix(docs): use the real mn_admin_ admin key prefix in MCP connect guides and setup placeholder (was the non-existent mn_live_)

  • 04cab6d: Resume a pending OAuth authorize instead of dropping it at the login page. When better-auth bounced /auth/oauth2/authorize to /login and the user already had a session, redirectIfAuthenticated ignored the OAuth query and redirected to /dashboard, stranding the connector mid-flow. It now detects authorize params (response_type=code + client_id) and redirects back to the authorize endpoint. The consent page's unauthenticated and switch-account bounces now carry the OAuth query to /login (the previous ?next= param was never read, and its absolute URL would have been rejected anyway), so the existing post-sign-in resume logic completes the flow.

  • 45f0e56: Stop MCP App hosts' rounded iframe clipping from slicing the panel border. The panel applies the host's style variables and rounds itself with --border-radius-lg where available; on platform: 'mobile' hosts (which draw their own rounded card around the embed) it drops its outer border entirely and lets the host frame it. Hosts that send no style tokens keep the square Munin look.

  • b84577f: Package the Tailwind theme and brand fonts in @getmunin/ui.

    • New @getmunin/ui/tailwind-preset export carries the whole Munin theme (token-mapped palette, semantic shadcn colors, radii, fonts, motion). Consumers shrink their Tailwind config to presets: [muninPreset] plus their own content globs; the OSS web app now does exactly that.
    • styles/fonts.css now resolves the woff2 files shipped inside the package (src/fonts/) via relative URLs instead of assuming the consumer hosts them at /fonts/…. Next emits them as hashed static assets; Vite (singlefile) inlines them. apps/web/public/fonts and the inspector-app's private font copies are gone.
    • The inspector-app build now compiles Tailwind (preset + PostCSS), so future panel views can use @getmunin/ui components directly; importing them through the barrel is tree-shaking-safe (sideEffects is now declared) and does not pull next-themes or sonner into the iframe bundle.

Published packages

  • @getmunin/analytics-tracker@4.66.0
  • @getmunin/chat-widget@4.66.0
  • @getmunin/agent-host@4.66.0
  • @getmunin/agent-runtime@4.66.0
  • @getmunin/backend-core@4.66.0
  • @getmunin/core@4.66.0
  • @getmunin/dashboard-pages@4.66.0
  • @getmunin/db@4.66.0
  • @getmunin/docs-pages@4.66.0
  • @getmunin/emails@4.66.0
  • @getmunin/inspector-app@4.66.0
  • @getmunin/mcp-toolkit@4.66.0
  • @getmunin/sdk@4.66.0
  • @getmunin/types@4.66.0
  • @getmunin/ui@4.66.0

v4.65.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 22:10
5c588f5

Minor Changes

  • 07f1d6e: analytics-tracker: expose a readiness signal. Once the tracker's public API is installed it sets window.mn.ready = true and dispatches a munin:ready CustomEvent on document, so consumers can run identify round trips (or any window.mn.* call) as soon as the async script is ready — no polling, no dependence on the loader's own readiness callback:

    window.mn?.ready ? go() : document.addEventListener('munin:ready', go, { once: true });

    skill://analytics/identify-visitors, the frontend-integration playbook, and the dashboard embed snippet now show this pattern.

Patch Changes

  • 07f1d6e: analytics-tracker: expose a readiness signal. Once the tracker's public API is installed it sets window.mn.ready = true and dispatches a munin:ready CustomEvent on document, so consumers can run identify round trips (or any window.mn.* call) as soon as the async script is ready — no polling, no dependence on the loader's own readiness callback:

    window.mn?.ready ? go() : document.addEventListener('munin:ready', go, { once: true });

    skill://analytics/identify-visitors, the frontend-integration playbook, and the dashboard embed snippet now show this pattern.

    • @getmunin/core@4.65.0
    • @getmunin/db@4.65.0
    • @getmunin/types@4.65.0
    • @getmunin/mcp-toolkit@4.65.0
    • @getmunin/agent-runtime@4.65.0
    • @getmunin/emails@4.65.0
  • 07f1d6e: analytics-tracker: expose a readiness signal. Once the tracker's public API is installed it sets window.mn.ready = true and dispatches a munin:ready CustomEvent on document, so consumers can run identify round trips (or any window.mn.* call) as soon as the async script is ready — no polling, no dependence on the loader's own readiness callback:

    window.mn?.ready ? go() : document.addEventListener('munin:ready', go, { once: true });

    skill://analytics/identify-visitors, the frontend-integration playbook, and the dashboard embed snippet now show this pattern.

    • @getmunin/types@4.65.0
    • @getmunin/ui@4.65.0

Published packages

  • @getmunin/analytics-tracker@4.65.0
  • @getmunin/chat-widget@4.65.0
  • @getmunin/agent-host@4.65.0
  • @getmunin/agent-runtime@4.65.0
  • @getmunin/backend-core@4.65.0
  • @getmunin/core@4.65.0
  • @getmunin/dashboard-pages@4.65.0
  • @getmunin/db@4.65.0
  • @getmunin/docs-pages@4.65.0
  • @getmunin/emails@4.65.0
  • @getmunin/mcp-toolkit@4.65.0
  • @getmunin/sdk@4.65.0
  • @getmunin/types@4.65.0
  • @getmunin/ui@4.65.0

v4.64.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 20:40
054af5c

Minor Changes

  • 1823364: Security hardening from a full audit.

    • Voice tool bridges (Vapi, Threll): enforce tenancy on every self-service tool call. The bridges previously disabled RLS without setting app.org_id and granted wildcard scope, allowing cross-tenant reads/writes; they now apply the standard tenancy GUCs and the restricted self-service scope set.
    • OAuth JWT verification: pin verification to the algorithm bound to the trusted JWKS key and reject symmetric algorithms, closing an algorithm-confusion gap.
    • Analytics identify (BREAKING): the identity hash now signs ${externalId}:${visitorId} so a leaked hash can't link a different visitor. Compute HMAC(secret, "<externalId>:<visitorId>") where visitorId comes from the new window.mn.getVisitorId(). The server-rendered data-external-id/data-user-hash auto-identify is removed — do the read-visitor-id → sign → window.mn.identify() round trip instead.
    • Webhook replay guidance: documented that receivers should reject deliveries whose signed createdAt is outside a freshness window (in addition to the existing x-munin-delivery-id idempotency). No wire-format change — the signature scheme is unchanged.
    • MCP scopes: webhooks_*, feedback_*, and system_alerts_* tools now require real webhooks:* / feedback:* / system_alerts:* scopes instead of being gated by audience alone.
    • Capability tokens: view, unsubscribe, and email-open tokens now enforce a max age (and reject future-dated tokens), preventing indefinite replay of leaked links.
    • Tool hints: conv_test_channel and conv_test_email_channel are marked destructive (they open outbound vendor connections) so they prompt before running.
    • Input validation: a caller-supplied endUserId is validated against the caller's org in delegated-token minting and crm_create_contact.

Patch Changes

  • 43fdff8: fix(widget): stop iCloud Passwords popover from opening on the message composer

    The composer textarea had no autocomplete attribute, so browsers defaulted it to on and the iCloud Passwords extension classified the widget as a login form (helped by the save-thread email field), offering credential autofill when typing a message. Set autocomplete="off" (and autocorrect="off") on the composer to opt it out.

  • 3387922: Fix crm_apply_merge_proposal crashing with a bare 500 when the proposal's recommendedPatch carries a timestamp field (e.g. consentGivenAt) as an ISO string. Drizzle's timestamp encoder calls value.toISOString() during query build, which throws on a string. The patch is now normalized before the keeper update: values for timestamp columns are coerced from ISO strings (or epoch numbers) to Date, and keys that aren't real, patchable contact columns are dropped instead of being passed through to .set().

  • b4978ab: Format date and datetime fields in the read-only CMS entry drawer using the viewer's locale instead of printing the raw stored ISO string (e.g. Jun 29, 2026, 12:00 PM rather than 2026-06-29T12:00:00.000Z), matching how the edit-mode date picker displays them.

  • bd0cb38: fix(channels): stop the email channel dialog button label flashing on cancel

    The "Edit email channel" dialog derived its edit/create state live from the
    editChannel prop. Cancelling cleared that prop before the dialog's close
    animation finished, briefly re-rendering the still-mounted dialog in create
    mode (the footer button flashed from "Save changes" to "Create"). The edit
    state is now frozen while the dialog is open.

    • @getmunin/types@4.64.0
    • @getmunin/ui@4.64.0

Published packages

  • @getmunin/analytics-tracker@4.64.0
  • @getmunin/chat-widget@4.64.0
  • @getmunin/agent-host@4.64.0
  • @getmunin/agent-runtime@4.64.0
  • @getmunin/backend-core@4.64.0
  • @getmunin/core@4.64.0
  • @getmunin/dashboard-pages@4.64.0
  • @getmunin/db@4.64.0
  • @getmunin/docs-pages@4.64.0
  • @getmunin/emails@4.64.0
  • @getmunin/mcp-toolkit@4.64.0
  • @getmunin/sdk@4.64.0
  • @getmunin/types@4.64.0
  • @getmunin/ui@4.64.0

v4.63.1

Choose a tag to compare

@github-actions github-actions released this 30 Jun 11:40
4733da2

Patch Changes

  • 8c8b89c: conv: strip signatures that are a trailing contact block with no closing greeting

    Inbound emails whose signature is a bare contact block (e.g. an Outlook/Apple Mail HTML-table signature with no "Best regards" sign-off) could survive the cleanup pass when the real reply was short. Both the strip-email-signature curator skill and the conv_strip_message_signature tool refused to remove a block that was more than half the body, so a one-line reply followed by a large signature kept the signature.

    conv_strip_message_signature now allows a cut past the 50% guard when the caller supplies a signatureText that matches the removed trailing portion and carries two or more contact-info hints (email, phone, address, URL). The skill is updated to recognise greeting-less contact blocks and to always pass signatureText when the signature dominates the body.

    • @getmunin/core@4.63.1
    • @getmunin/db@4.63.1
    • @getmunin/types@4.63.1
    • @getmunin/mcp-toolkit@4.63.1
    • @getmunin/agent-runtime@4.63.1
    • @getmunin/emails@4.63.1
  • 0d56ab7: Fix two rendering gaps in the CMS draft-approval block editor. Array (string-list) and multi_select fields — and array-of-text block props such as a stat block's items — no longer fall through to a raw JSON dump: they render as a clean list / comma-separated values, and in edit mode get a proper list editor (add / remove / reorder) and a checkbox group. Markdown prose now renders GitHub-flavored markdown (tables, strikethrough) via remark-gfm, so a comparison table in a prose block shows as a table instead of raw pipe-delimited text. The GFM upgrade applies to all shared markdown rendering in the dashboard drawers (KB, outreach, conversation drafts, message bubbles).

  • 9a87f0b: Fix dashboard overview row heights and pill text centering. Queue rows no longer grow taller on hover — the right-hand slot now always reserves the action buttons' height (h-7) whether it shows the timestamp or the hover-revealed approve/dismiss buttons. The "open conversations" rows now reserve the same height, so both sections line up at a consistent row height. Pills (e.g. the CMS badge) get leading-none so their uppercase text is vertically centered within the badge instead of floating high.

Published packages

  • @getmunin/analytics-tracker@4.63.1
  • @getmunin/chat-widget@4.63.1
  • @getmunin/agent-host@4.63.1
  • @getmunin/agent-runtime@4.63.1
  • @getmunin/backend-core@4.63.1
  • @getmunin/core@4.63.1
  • @getmunin/dashboard-pages@4.63.1
  • @getmunin/db@4.63.1
  • @getmunin/docs-pages@4.63.1
  • @getmunin/emails@4.63.1
  • @getmunin/mcp-toolkit@4.63.1
  • @getmunin/sdk@4.63.1
  • @getmunin/types@4.63.1
  • @getmunin/ui@4.63.1

v4.63.0

Choose a tag to compare

@github-actions github-actions released this 30 Jun 09:41
3cc2f42

Minor Changes

  • cadc2c8: CMS: block types can carry an optional description. Each entry in a blocks field's options.blockTypes now accepts a description (≤500 chars) alongside name and label, so a collection can tell the agent what a block is for and when to use it while authoring (e.g. "Highlights a warning the reader must not miss; not for ordinary body text"). Optional and additive — existing collections and block content are unaffected.

  • 5902396: Show who a conversation is with in the inbox drawer instead of a bare end-user id.

    GET /v1/conversations/:id (and the ConversationDetail it returns) now carries
    the resolved counterpart identity — contactEmail, contactName, contactPhone
    — preferring the linked conv_contacts row and falling back to the end_users
    row. Both the full and simplified conversation drawers render the email (then
    name) in the header rather than the raw end-user id.

    Also tightens the queue row layout so long titles truncate and the row actions
    swap in on hover without overlapping the timestamp.

  • 834138e: outreach: stop re-drafting already-contacted prospects + add per-campaign automation switches

    • outreach_propose_initial now refuses a fresh first-touch when the contact already has a sent or approved initial proposal in that campaign (previously dedup only covered pending drafts, so the weekly curator could re-draft someone who was already emailed). dismissed/failed proposals still allow a re-draft.
    • New outreach_campaigns columns auto_draft_initial (default false) and auto_draft_replies (default true), exposed on outreach_create_campaign / outreach_update_campaign / outreach_list_campaigns. The weekly first-touch curator only drafts for campaigns with autoDraftInitial = true, and inbound prospect replies are auto-drafted only when autoDraftReplies = true. Existing campaigns keep auto-replies but must opt in to automated first-touch.
  • 499cce8: Render and edit CMS blocks in the draft approval drawer. Block-typed fields (e.g. an article body) previously fell through to a raw JSON dump; they now render as labeled block cards — each prop shown through its own field viewer (markdown, assets, etc.). In edit mode you can change block prop values, replace inline assets, add blocks (by type), remove them, and reorder them. Saving converts expanded asset props back to ids and restores inline asset:// references so block content round-trips without losing asset links.

    Also: the CMS draft drawer's select fields now use the shared NativeSelect (consistent chevron with the rest of the dashboard instead of the browser-default arrow), and the outreach draft drawer's "Edit" action is now disabled while an approve/dismiss is in flight, matching the other queue drawers.

Published packages

  • @getmunin/analytics-tracker@4.63.0
  • @getmunin/chat-widget@4.63.0
  • @getmunin/agent-host@4.63.0
  • @getmunin/agent-runtime@4.63.0
  • @getmunin/backend-core@4.63.0
  • @getmunin/core@4.63.0
  • @getmunin/dashboard-pages@4.63.0
  • @getmunin/db@4.63.0
  • @getmunin/docs-pages@4.63.0
  • @getmunin/emails@4.63.0
  • @getmunin/mcp-toolkit@4.63.0
  • @getmunin/sdk@4.63.0
  • @getmunin/types@4.63.0
  • @getmunin/ui@4.63.0

v4.62.1

Choose a tag to compare

@github-actions github-actions released this 29 Jun 10:22
e359a4a

Patch Changes

  • 81e91ae: Fix the cms_asset_references migration (0048) being silently skipped on
    existing databases. Its journal when timestamp was lower than the preceding
    migration's, and drizzle only applies migrations whose timestamp is newer than
    the latest one already recorded — so on any database already past 0047 the
    table was never created, and the follow-up RLS step failed with
    relation "cms_asset_references" does not exist. Fresh databases (CI) applied
    everything in order, which is why it passed review.

    The timestamp is corrected, the migration is made idempotent (so a database
    that already applied the broken version re-runs it as a no-op), and a new test
    asserts journal when timestamps strictly increase with idx to catch this
    class of bug before release.

    • @getmunin/types@4.62.1

Published packages

  • @getmunin/analytics-tracker@4.62.1
  • @getmunin/chat-widget@4.62.1
  • @getmunin/agent-host@4.62.1
  • @getmunin/agent-runtime@4.62.1
  • @getmunin/backend-core@4.62.1
  • @getmunin/core@4.62.1
  • @getmunin/dashboard-pages@4.62.1
  • @getmunin/db@4.62.1
  • @getmunin/docs-pages@4.62.1
  • @getmunin/emails@4.62.1
  • @getmunin/mcp-toolkit@4.62.1
  • @getmunin/sdk@4.62.1
  • @getmunin/types@4.62.1
  • @getmunin/ui@4.62.1