v1.7.2

v1.7.2 -- security hardening release

SSRF-harden outbound webhook/LLM delivery, owner-account deprovision
protection, read-scope on read-only POST endpoints, confidential
transport for credential bearers, credd proxy deny-by-default (#103).

v1.7.1

Added

• MCP: clients can attach artifacts inline on memory.store and on read tools (#98).
• MCP: underscore-normalized tool-name aliases so strict clients such as VS Code can call every tool (#97).
• forge: agent-forge absorbed into Kleos as a server-side CLI plus MCP tool surface (#96).
• cli: inject coordination read-back at session start so agents see live task/feed state.
• cli: derive the session-start bootstrap query from the cwd project and git branch.
• db: bounded run_migrations_to / run_tenant_migrations_to helpers for partial migration runs.

Fixed

• gate: forge-authorized Write/Edit now bypass the human-approval wait instead of blocking on it (#99).
• chiasm: reap stale never-heartbeated idle tasks, not only overdue ones.

v1.7.0 (pre-release)

Pre-release: published for validation. Will be promoted to the latest full release once confirmed good.

Added

• Frameshift cross-machine growth tenant (server-side), gated behind KLEOS_FRAMESHIFT_GROWTH (#94).
• kleos-phylax: secret-resolve modes. exec runs an allowlisted command with secrets injected into the child process, and verify/sign/derive let an agent use a secret without ever holding its plaintext.
• kleos-phylax: no-plaintext agent posture backed by fail-closed policy middleware.
• kleos-phylax: out-of-band approval notification and a capability-token decide endpoint.
• kleos-cleanup: --delete-where escape hatch for operator-specific junk.

Security

• Security audit remediation and monolith multi-user isolation hardening (#93).
• kleos-phylax: scrub-totality property tests and an adversarial plaintext-bypass test.

Fixed

• recall: is_static memories now decay by age in ranking instead of being pinned at full retrievability.
• kleos-sidecar: drop the orphaned GateResult.original_text field.
• gui: untrack stale .svelte-kit build artifacts and restore the ignore rule.

CI

• Pin the Rust toolchain to 1.94.0 across CI, Docker, and local dev so unpinned stable upgrades no longer break clippy -D warnings, and serialize the Syntheos mirror workflow to stop concurrent force-pushes from failing on the ref-lock CAS.

Database

• approvals: add decide_token_hash column (migration 85).

Full diff: v1.6.1...v1.7.0

v1.6.1

v1.6.1: memory-pollution bugfix (sidecar over-ingestion, eidolon doub…

v1.6.0

KNOWN ISSUE: do not use the kleos-sidecar binary from this release.

The 1.6.0 kleos-sidecar over-ingests raw session content. It ships every raw tool result to durable storage (retain_tool_calls defaulted to true) and the file-watcher gate appended the full raw assistant turn to its one-line summary, flooding the memory store with low-signal data and degrading recall. The session-start eidolon prompt also emitted a duplicate context banner and injected memory content without credential scrubbing.

Fixed in 1.6.1. Until 1.6.1 is published, build kleos-sidecar from main, or set KLEOS_RETAIN_TOOL_CALLS=false to stop the worst of the over-ingestion.

v1.5.0

- env var migration to KLEOS_ primary (ENGRAM_ still works as fallback) (#75)
- graph SQL overflow fix: graph renders at the 50k node ceiling (#77)
- GUI altitude fixes: Soma online-filter, Axon channel rollup, Thymus/Loom empty states (#78)
- Thymus session-end evaluation judge scaffold, shipped disabled pending off-box LLM compute (#76)
- GitHub CI build-and-test SIGBUS fix: CARGO_PROFILE_TEST_DEBUG=0 + free disk (#79)
- version drift correction: workspace crates bumped 1.2.1 -> 1.5.0, /health now reports 1.5.0 (#81)

v1.4.0

v1.4.0: phylax service, sidecar enhancements, CI fixes

v1.3.0: Codebase cleanup -- dead code removal and compression

Major internal refactor removing 13,000+ lines of dead code and compressing boilerplate across the workspace.

Highlights

• Removed dead cognitive module, brain oracle/pca/reasoning, guard module, quota_sync, skills/registry, skills/patch, and 20+ dead functions
• route! macro compresses 477 route entries (-4,094 lines)
• tenant_migration_sql! macro replaces 59 wrapper functions (-340 lines)
• Section divider compression across all crates
• Default impls for StoreRequest/SearchRequest
• Placeholder types.rs files removed, require_registry helper extracted
• CI clippy and deny fixes

205 files changed, 3,921 insertions, 17,148 deletions. Net: -13,227 lines.

Kleos v1.2.1

What's Changed (since v1.2.0)

Fixes

• Dreamer consolidation flag: background pipeline now correctly honours consolidation_enabled setting
• MCP NDJSON framing: auto-detect NDJSON vs Content-Length framing in stdio transport, tracing redirected to stderr

Tests

• Auth middleware integration tests (419 lines covering PIV, Bearer, scope enforcement, rate limiting)
• Disabled-consolidation pipeline test verifying the dreamer respects the flag
• MCP integration tests rewritten for server-side dispatch architecture
• PIV YubiKey end-to-end auth integration test

Infrastructure

• Workspace version bumped to 1.2.1 (all 17 crates)

v1.2.0

What's Changed

Features

• URL failover: kleos-client now accepts comma-separated KLEOS_URL for multi-network resilience (Wireguard primary, ZeroTier fallback)
• Server-side MCP endpoint with security hardening (#36)
• Handoff atoms subsystem for structured knowledge extraction (#34)

Security

• PIV default-PIN rejection: from_env_or_file() refuses factory-default PIN 123456 at runtime
• MCP endpoint hardened against 5 security findings

Fixes

• Structural search quality fixes for multi-tenant deployment (#35)
• Handoff auto-GC self-deadlock on single-writer pool resolved

Infrastructure

• Workspace version bumped to 1.2.0
• All 18 crates updated