Jane (Speaker for the Dead, 1986, Orson Scott Card) — a hyperintelligent being who lives in the ansible network, holds every key, knows every identity, and asks one question before charting the fastest path. v0.37 gives Curia the same instincts: credentials move into the vault, principal identity resolves from contacts alone, and the setup wizard asks what you need first, then gets you there.
What's new
Credentials are vault-only now
Email account grants moved out of environment variables and into the encrypted vault. You manage mailboxes from Settings → Channels → Email → Email accounts in the console — connect as many as you need, each with its own named Nylas grant stored at channel.email.<name>.nylas_grant_id. The old channel_accounts YAML block and CEO_PRIMARY_EMAIL env var are retired.
MCP servers can now declare credentials too. Add a secrets: block to any MCP entry in skills.yaml, and the console surfaces labelled vault fields for each key under Settings → MCP Skills. The server stays disabled until every declared secret resolves — same gate as local skills' install.requires_secrets.
Google Workspace OAuth credentials (google_oauth_client_id, google_oauth_client_secret, curia_google_email) moved into the vault as well. The Drive skill and the google-workspace MCP subprocess both read them via ctx.secret().
Principal identity is contacts-only
findContactBySystemRole('principal') is now the single source of truth for who the principal is. The PII redactor bypass, CEO notifiers, outbound filter, and email adapter all read this contact row. A repairPrincipalMetadata call at startup keeps the principal KG node in sync, and its decay class is now forced to permanent so it can never be archived.
Setup wizard v2
The setup wizard flips to an outcome-backward concierge. It surfaces what's already done (via setup-status), asks what you most want Curia to do first, and walks the shortest path to that first working integration. Tasks you're not ready for can be deferred with setup-defer and picked up in any future session.
Step 2 is new: "Your details" captures timezone, preferred name, title, primary email, and working hours via POST /api/setup/principal/profile. The assistant's name and signature are now pre-populated by the wizard (LLM-suggested, static fallback) rather than shown as blank placeholders.
Also shipped
- Specialist secret-capture resume — when a specialist mints a secret-capture link, the coordinator now re-delegates to that same specialist when the link is redeemed, so the workflow continues instead of stalling. (migration 061)
- Debrief clear fixed —
context-bridge-clearnow matches all active outbound-context entries by meeting subject, not just the one in the injected window. Meeting-debrief stamps subject and event ID on every send and self-clears on close. - Bullpen dedup — a per-agent read watermark stops threads from being re-injected until new activity arrives.
- Drift detector false-positives — task-wake jobs no longer trigger drift checks; the duplicate outbound send on drift-pause is gone.
- Contacts dedup lifecycle — resolved dedups close their review task and sweep the outbound-context entry on every terminal outcome.
context-bridge-releaserestriction lifted — specialists can now release their own exchange entries without needing coordinator involvement.- Coordinator Drive moves — file reparenting via
add_parents/remove_parentsnow works; "move this doc into a folder" requests land correctly. skills/**typecheck in CI — all skill handlers and tests are now type-checked on every run.js-yaml5.0.0 — imports migrated to named exports.
Each key in its vault.
She untangles who you are
from what you can do.