v0.36.0 — "Reverend Mother"
Reverend Mother Gaius Helen Mohiam (Dune, 1965, Frank Herbert) — the Bene Gesserit who holds the gom jabbar to your throat and decides, by what you do under the test, who is human enough to pass. v0.36 gives Curia the same discernment: every sender is met at the gate, sorted by tier, and let only as far as earned trust allows.
This release rebuilds how Curia decides who to trust. The old two-part split — a status (provisional / confirmed / blocked) plus a separate trust level — gave way to a single, ordered capability tier: blocked → unknown → known → trusted → principal. Alongside it, each contact now has a kind (person, organization, automated, agent, or you, the principal). One ordered gate, one clear label.
New contacts start at unknown and are no longer left in limbo. Instead of being queued for you to triage, an unrecognized sender gets a careful, read-only reply — Curia will answer or ask a question, but takes no actions and shares none of your private context. As real correspondence builds, contacts rise to known automatically, through your back-and-forth, their email domain, and Curia's own judgment. Noreply addresses, newsletters, and bulk senders are spotted and marked automated, so they stay out of your way.
Trust now has teeth at every gate. A new action gate escalates consequential, third-party-facing requests from lower-tier senders for your approval, and a disclosure gate on outbound messages withholds your availability, other people's details, and confidential content from anyone whose tier hasn't earned it. When a case is genuinely ambiguous, an escalation judge weighs it — and, by design, escalates rather than guesses. You can set a tier yourself any time ("treat Dana as trusted"), and a weekly scan proposes scheduling-access grants for you to approve or decline.
The admin console grew up around all this: a read-only contact View drawer so a stray click can't change data, direct tier and kind editing, a permission-grants panel with per-grant revoke, and deep links into the knowledge graph. A new de-duplication sweep quietly merges obvious duplicate contacts and asks before merging the uncertain ones — never touching you.
Under the hood, the held-message machinery, the old trust-level column, and a handful of retired skills are gone for good; the principal contact is now structurally impossible to demote or merge away; and a batch of dependency and image CVEs were cleared along the way.
the hand on the box.
who passes, the gate decides,
not who claims to pass.