v0.1.3 — vulndb library, --enrich pipeline, CI hardening

First release where the source tree, git tag, and GitHub release page agree on the same version. Closes a 10-month gap where tags advanced past the v0.0.2 release artifact without a published release matching.

New features

• libs/vulndb — OSV.dev cross-reference + auto-VEX emission. New CLI verbs euxis vulndb query <PURL> (direct OSV lookup, returns BlockingFindings exit code on High/Critical) and euxis vulndb sync. (#86)
• euxis sbom --enrich — cross-reference SBOM components against OSV.dev and auto-emit VexStatement{Affected}. (#88)
• euxis check --enrich — runs the SBOM/OSV.dev cross-reference inline before the verify-everything playbook, writes euxis-vex.openvex.json next to the verdict. Failure is non-fatal. (#91)

Real bug fixes

• Coroutine reference-parameter UB in IStreamingProvider + the three concrete providers (Claude / OpenAI / Gemini). The signatures took const std::string& model, const std::string& prompt; C++ coroutines don't extend reference parameter lifetimes across suspensions. ASan caught the dangling stack reads on Ubuntu GCC 14 as json::exception.type_error.316 with varying high-bit bytes. Same bug class as the earlier session_store::stream_episodes fix. (#100, closes #95)
• IterationBudget::refund precondition — contradicted the documented "returns false if full" contract; aborted the contracts pilot on full budget. (#99)
• RegistryClientCacheTest heap-use-after-free — held a const char* from std::getenv across a setenv (which reallocs the environ block). Snapshot to std::optional<std::string>. (#89)
• Daemon-child race in InfraCmdTest — fixture's remove_all raced with the spawned daemon's writes. Now stops the daemon before TearDown. (#89)

Build + CI

• Drop the import std; pilot from default builds (toolchain gap on AppleClang 21 / Homebrew LLVM 22)
• Switch libs/platform/src/execution_backend.cpp from fork + execvp to posix_spawnp (modern atomic spawn primitive)
• Apple Clang as the macOS toolchain (Homebrew LLVM 22 + GitHub SDK proved incompatible)
• std::jthread → std::thread + std::atomic<bool> across 4 sites (Apple Clang libc++ hasn't shipped <stop_token> as of 2026-06)
• \$\{CMAKE_CXX_COMPILER_ID\} IMPORTED-target guard in euxis_relax_thirdparty_warnings (Ubuntu apt-installed deps)
• Wno-pre-c++2b-compat + Wno-unknown-warning-option for the multi-arg subscript operator
• Drop macos-13 (Intel) from CI — GitHub's Intel runner pool starvation blocks merges

Distribution

• One-liner install.sh for Linux + macOS, all four arch tuples
• Homebrew tap formula at scripts/release/Formula/euxis.rb (copy into sebastienrousseau/homebrew-tap after this release)
• .deb + .rpm packages (#85)

Documentation

• 10-minute Getting Started tour with real doctor / vulndb query / sbom --enrich output (#90)
• Three launch-week blog drafts in docs/blog/ ready for publication (#87)
• README rewrites in noyalib style (31 files)
• docs/development/quality-gates-baseline.md + restored .clang-tidy security check set

Known limitations

• ExecLocalBackendTest.* (5 cases) are guarded with EUXIS_SKIP_EXEC_ON_LINUX on Linux — GitHub Actions ubuntu-24.04 runner rejects every form of execve from forked test children with EPERM regardless of code path. Library code verified correct on macOS Apple Clang under ASan/UBSan (10/10 pass). See #96 for the full investigation.

Install

```bash
curl -fsSL https://raw.githubusercontent.com/sebastienrousseau/euxis/v0.1.3/scripts/release/install.sh | sh
```

Or build from source: see `docs/essentials/quick-start.md`.

What's Changed

• v0.0.3 — safety hardening, perf wins, and SDK infrastructure by @sebastienrousseau in #61
• build(deps): Bump the python-security group across 1 directory with 2 updates by @dependabot[bot] in #75
• build(deps): Bump rich from 13.9.0 to 15.0.0 in /data/config/requirements by @dependabot[bot] in #71
• build(deps): Bump chromadb from 0.5.0 to 1.5.9 in /data/config/requirements by @dependabot[bot] in #73
• chore(public-readiness): CODEOWNERS + CodeQL workflow by @sebastienrousseau in #77
• docs(security): accept chromadb risk + ignore in dependabot by @sebastienrousseau in #78
• docs: rewrite every lib/app README to the noyalib reference shape by @sebastienrousseau in #84
• build(deps): Bump serde_json from 1.0.149 to 1.0.150 in /docs/euxis-sdk by @dependabot[bot] in #63
• build(deps): Bump serde_json from 1.0.149 to 1.0.150 in /docs/examples/rust-agent by @dependabot[bot] in #64
• build(deps): Bump softprops/action-gh-release from 2 to 3 by @dependabot[bot] in #65
• build(deps): Bump actions/setup-node from 4 to 6 by @dependabot[bot] in #79
• build(deps): Bump the python-version group in /data/config/requirements with 7 updates by @dependabot[bot] in #80
• build(deps): Bump github/codeql-action from 3 to 4 by @dependabot[bot] in #81
• build(deps): Bump docker/setup-qemu-action from 3 to 4 by @dependabot[bot] in #82
• build(deps): Bump docker/build-push-action from 6 to 7 by @dependabot[bot] in #83
• build(release): one-liner install + Homebrew tap formula + .deb/.rpm packages by @sebastienrousseau in #85
• feat(vulndb): OSV.dev enrichment + auto-VEX emission by @sebastienrousseau in #86
• docs(blog): launch-week drafts in Executive Pragmatist format by @sebastienrousseau in #87
• feat(cli): wire libs/vulndb into the CLI surface by @sebastienrousseau in #88
• chore(quality): close issue #42 sanitizer gate + clang-tidy/gcovr baselines by @sebastienrousseau in #89
• docs(getting-started): ten-minute tour with real output by @sebastienrousseau in #90
• feat(cli): --enrich flag on the check pipeline by @sebastienrousseau in #91
• chore(ci): drop four dead workflows referencing removed euxis-web/ by @sebastienrousseau in #92
• chore(ci): unbreak Ubuntu builds + branding gate; align stale version docs by @sebastienrousseau in #93
• chore(version): roll docs and source back to v0.0.2 to match latest release by @sebastienrousseau in #94
• fix(ci): main green — macOS LLVM 22 header path + Linux test guards by @sebastienrousseau in #99
• chore: restore .clang-tidy gate, bump to v0.1.3, stabilise etx ctest by @sebastienrousseau in #100

Full Changelog: v0.1.2...v0.1.3

v0.1.2

Release v0.1.2

v0.0.2

Changelog

All notable changes to Euxis will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[Unreleased]

---

[0.0.9] - 2026-02-16

Changed

• Dependency Security: Updated cryptography to address Dependabot-reported vulnerabilities

Fixed

• Release Hygiene: Documented issue closure status and release summary artifacts

Security

• Dependency Patching: Resolved 3 high and 2 moderate vulnerability alerts in the default branch

---

[v0.0.2] - 2026-02-17

Added

• Multi-Tier Model Routing: Intelligent cost optimization with capability-to-model mapping (router.sh)
• ClawRouter Task Analysis: Automatic task complexity classification for optimal model selection
• Local Model Fallback: Ollama integration for zero-cost routine operations (heartbeats, status checks)
• Prompt Caching Support: Cache control hints for 90% API cost reduction on long prompts
• Benchmark Tool: euxis-bench for cost estimation and multi-tier performance validation
• TUI Router Transparency: Color-coded cost tier indicators on agent cards ($=Routine, $$$$=Reason)
• TUI Throttle UX: Visual "Throttled" and "Cooling" states when Resource Guard triggers
• TUI Audit Mode: python -m tui --audit for performance benchmarking and cross-platform checks
• TUI Router Shortcut: Ctrl+R shows router status in notification
• A2A Mesh Communication Protocol: Peer-to-peer agent discovery, shared state sync, and hand-off with deadlock detection (mesh.sh)
• Hardware-Aware Resource Throttling: Automatic CPU/RAM/load detection with thermal-aware staggered agent launches (resources.sh)
• Agent Bootstrap Wrapper: Mesh-mode agent launcher with capability registration and cleanup handling
• Concurrent Write Safety: flock-based locking for state.json preventing data corruption under parallel writes
• Process Priority Management: nice -n 15 scheduling for UI-friendly background agent execution
• Orphan Process Cleanup: SIGTERM→SIGKILL cascade on Ctrl+C with PID tracking
• Runtime Peer Discovery: mesh_discover_runtime() finds active agents by capability tag
• Shared Research Log: Append-only log for cross-agent collaboration without context bloat
• Gateway Protocol Architecture: Complete gateway server implementation with WebSocket support and multi-adapter framework
• Voice Streaming Pipeline: Real-time STT/TTS hooks with streaming WebSocket delivery and webhook payloads
• Gateway Authentication System: Hardened auth with token validation, rate limiting, and secure session management
• Voice Command Safety: Command filtering, audio validation, and safety hooks for voice interactions
• Gateway Canvas UI: Interactive canvas system with gesture support and real-time collaboration
• Gateway Adapters: Slack and Telegram adapter implementations with session management
• Gateway CLI Tools: Complete CLI toolkit for gateway management and testing
• Gateway JSON Schemas: Comprehensive schema validation for request/response/event frames
• Gateway Protocol Validation: Test harness and smoke testing suite for protocol compliance
• Documentation Overhaul: AI-ready llms.txt file and comprehensive gateway documentation
• New Core Agents: guard, pair, route for specialized coordination and safety
• New Fleet Agents: bridge, deep-researcher, distill, govern, heal, trace for enhanced capabilities
• Crypto Library Enhancements: Improved error handling, key management, and performance optimizations
• TUI Performance Improvements: Enhanced fleet monitoring, tips system, and configuration management
• Benchmark Infrastructure: TUI performance benchmarking and comprehensive test coverage

Changed

• Repository Reorganization: Modular euxis-* directory structure for distribution readiness
• Dispatch Mode Integration: Mesh mode now uses bootstrap wrapper instead of prompt-only coordination
• Agent Bootstrap Enhancement: Added router integration for automatic model selection before agent launch
• Cost Tier Configuration: Added router.json for customizable model mappings and cost estimates
• Dynamic Load Thresholds: Changed from static per-core limits to nproc × 0.8 formula
• Memory Threshold: Lowered to 75% for macOS swap safety (was 85%)
• Version Alignment: All 102 files synchronized to registry.json as single source of truth
• Voice Retention System: Enhanced audio processing with configurable retention policies
• Gateway Event Handling: Streamlined event processing with improved error recovery
• Authentication Flow: Simplified handshake process with better security controls
• Documentation Architecture: Restructured gateway docs with progressive disclosure
• Agent Escalation Paths: Enhanced inter-agent communication and conflict resolution
• Performance Metrics: Improved collectors and analyzers for better observability
• Test Infrastructure: Expanded test coverage with property-based and edge case testing

Fixed

• Concurrent State Corruption: flock locking prevents race conditions in mesh state writes
• euxis-loop Not Found: Added PATH setup to dispatch and playbook scripts
• Hyphenated Agent IDs: jq setpath/getpath handles keys with special characters
• Zombie Processes: Proper cleanup on interrupt with PID tracking and process group termination
• Gateway Auth Vulnerabilities: Hardened token validation and session security
• Voice Command Processing: Fixed audio stream handling and command safety
• TUI Layout Issues: Resolved fleet monitor grid spacing and responsive design
• Crypto Operations: Fixed error handling in key management and encryption operations
• Performance Bottlenecks: Optimized collectors and reduced memory overhead
• Documentation Links: Fixed cross-references throughout gateway documentation
• Test Reliability: Stabilized flaky tests and improved test isolation

Security

• Gateway Security Hardening: Input validation, rate limiting, and secure defaults
• Voice Command Safety: Audio validation and command filtering to prevent abuse
• Authentication Improvements: Token expiration, secure session handling, and audit logging
• Crypto Library Security: Enhanced key management and secure random generation

---

[0.0.7] - 2026-02-09

Added

• ETX Terminal Experience: Full-featured TUI built on Python Textual framework with dark/light/contrast themes
• Metrics Dashboard: Real-time performance sparklines and fleet monitoring with visual indicators
• Squad Detail View: Comprehensive squad management interface with member status and coordination
• Playbook Browser: Visual playbook selection and execution with 16 language playbooks
• Cortex Screen: Memory browser for episodic, semantic, and procedural knowledge
• Provider Modal: Interactive AI provider selection with capability indicators
• Welcome Screen: Onboarding experience for new users with guided setup
• Help and About Screens: In-app documentation and version information
• Tool Runner Screen: Direct tool execution interface with output streaming
• Command Palette: Quick actions via Ctrl+K with fuzzy search
• 16 Language Playbooks: Go, Rust, Python, TypeScript, Java, Kotlin, Swift, C++, Ruby, PHP, Scala, Elixir, Haskell, Clojure, C#, and Dart with consistency-audited 10-gate enforcement
• 91 TUI Tests: Comprehensive test suite (51 + 40 tests) ensuring UI reliability
• SQLite Registry: Migrated from JSON to SQLite for improved performance across 15 files
• Agent Escalation Protocols: Automated escalation paths for complex tasks
• Shell Test Infrastructure: Comprehensive testing framework for shell libraries
• Python Unit Tests: 95%+ code coverage with comprehensive test suite
• Weekly Cache Cleanup: Automated CI workflow for cache management

Changed

• Architecture Cleanup: Lean cross-platform structure with improved modularity
• CI Optimization: GitHub Actions workflows optimized for $0 budget operation
• Provider Clarity: Made provider usage explicit with command syntax documentation
• Documentation Style: Apple-style progressive disclosure throughout all guides
• Branding Signatures: Standardized across all outputs and documentation
• Version Format: Updated for certification compliance requirements
• Agent Descriptions: Expanded with clearer role definitions and capabilities
• Tone Consistency: Replaced em dashes with colons for natural, conversational tone
• Provider Naming: Renamed Amazon Q to Kiro CLI for clarity
• Removed Providers: OpenCode and Kilo Code removed from supported providers

Deprecated

• JSON Registry Format: SQLite is now the primary storage; JSON support will be removed in v0.0.2

Removed

• OpenCode Provider: Discontinued due to lack of active development
• Kilo Code Provider: Merged functionality into other providers
• Gitignored Audit Files: Removed from version control for cleaner repository

Fixed

• Test Failures: Resolved 3 test failures from standards enforcement
• Playbook Standards: Addressed 14 playbook findings for consistency
• TUI Security: Hardened input validation and sandboxing
• Dependency Pinning: All dependencies now pinned to specific versions
• Broken Documentation Links: Fixed cross-references throughout docs
• Gemini Provider Config: Removed invalid --search-web flag
• Security Vulnerabilities: Resolved all identified security findings with mandatory enforcement gate
• Dispatch Output: Fixed "Verify: null" display issue in dispatch functions
• Fleet Monitor Layout: Fixed grid layout taking incorrect space allocation
  -...

Euxis v0.0.1: Initial Release

Euxis v0.0.1: Initial Release

This initial release establishes the baseline for the Euxis Enterprise Unified eXecution Intelligence System.

Core Packages

• euxis-core: Shared core logic and shell libraries
• euxis-cli: CLI entry points and orchestration
• euxis-gateway: WebSocket control plane
• euxis-tui: Textual UI application

Summary of Changes included in v0.0.1

• Version normalization across 395 files from 0.1.0 to 0.0.1
• Upgraded dependencies including minimatch to resolve CVE-2026-26996
• Established Enterprise-Grade documentation and thresholds
• Sync lifecycle metrics after orchestrator dispatch

v0.1.1

Release v0.1.1

v0.1.0

Release v0.1.0