v0.34.0 — "Heimdall"
Heimdall (Norse myth; Marvel's Thor, 2011, Kenneth Branagh) — the unsleeping sentry of the Bifröst, who sees and hears across the nine realms and lets no one cross the gate unbidden. v0.34 gives Curia the same watch at every threshold: a registry decides which skills, agents, and channels may load; a secrets vault holds the keys, so nothing enables until its credentials are present; and a second-stage judge guards what crosses outward. Nothing runs, or leaves, without passing the gate.
This release is about gates. Curia learned to control what loads, what enables, and what leaves.
Skills, agents, and channels now live in a registry. Each one has an install/enable lifecycle backed by the database, and only enabled items load at runtime. A trusted core set reconciles on startup, and you manage the rest from new standalone Skills and Agents console pages — searchable, paginated, with model tier, memory scopes, action risk, and sensitivity all visible at a glance. Channels got the same treatment, with an always-on HTTP/CLI safeguard so you can't accidentally lock yourself out.
Secrets moved into an encrypted vault. Curia now stores credentials with AES-256-GCM in PostgreSQL behind a single encryption key that setup generates for you. Skills resolve secrets vault-first, and application secrets no longer sit in plaintext .env — only the four values that bootstrap the vault itself remain. Skills can now declare which secrets they need: try to enable web-search without a Tavily key and Curia stops you, then lets you enter the key inline. There's a key-rotation script for when you need it.
Outbound mail gained a second line of defense. A configurable, recipient-aware LLM-as-judge runs after the existing content rules, catching internal reasoning or sensitive financial and credential data before it can leak to a mixed audience. When something is blocked, the CEO notification now tells you why (in principal-safe terms), when, and which audit event to look at.
The CEO inbox got sharper. Triage labels are now emoji-prefixed and easier to scan in the Gmail sidebar (🚨 Urgent, ✅ Handled, ✍️ Drafted, 📌 Seen, ✔️ Cleared), urgent messages get starred automatically, and a new
Reliability and security hardening throughout. The startup health check no longer waits out the initial email backlog before reporting healthy. Email polling persists its watermark and survives restarts without dropping messages, and emits audit events you can watch. Duplicate replies are suppressed. On the security side: GitHub Actions pinned to commit SHAs, least-privilege workflow tokens, base-image CVE patches, dependency pins, a ReDoS fix, and a new OpenSSF Scorecard workflow tracking supply-chain posture.
The full list is in the changelog.
keys turn in the vault
the gate learns every true name
nothing leaves unseen