From 06bfca5fdb2c3a6ca735977ef40c01cfa6ff25e2 Mon Sep 17 00:00:00 2001 From: claude_code Date: Sun, 21 Jun 2026 14:09:44 +0300 Subject: [PATCH] docs(changelog): 0.93.0 release notes --- CHANGELOG.md | 99 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 87 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 815c05a3..b1cb6ebb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,11 +10,60 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.93.0] - 2026-06-21 + +This release builds on the 0.91.0 AI foundation: admin-defined AI agent roles, +an anonymous AI assistant on public shares, server-side voice dictation, an +editor footnotes model, live page-template embeds, and sandboxed arbitrary-HTML +embeds — plus a large batch of security hardening and test coverage. + +### Breaking Changes + +- **MCP shared-token auth moved to its own header.** The `/mcp` shared guard + no longer reads `Authorization: Bearer `; it now reads only the + `X-MCP-Token` header. The `Authorization` header is now reserved for per-user + HTTP Basic / Bearer access-JWT credentials, so each `/mcp` request + authenticates as a specific user (the `MCP_DOCMOST_*` service account is only + a fallback). Existing MCP clients (e.g. Claude Desktop) configured with + `Authorization: Bearer ` must be reconfigured to send + `X-MCP-Token: ` instead. See `MCP_TOKEN` in `.env.example`. As a + one-time aid, the server logs a single migration warning when it sees the + old-style header. + ### Added -- Admin-only "Analytics / tracker" workspace setting: a raw HTML/JS snippet +- **AI agent roles**: admin-defined assistant personas with an optional + per-role model override, selectable in chat. +- **Anonymous AI assistant on public shares**: public-share visitors can chat + with a selectable agent-role identity that reuses the internal chat + presentation, with per-request output-token caps and a fail-closed Redis + limiter. +- **Voice dictation (STT)**: server-side speech-to-text with a mic button in + the chat and the editor, OpenRouter STT support, an endpoint test, and real + provider-error surfacing. +- **Footnotes**: an editor footnotes model (inline references + a definitions + list). +- **Page templates**: live whole-page embed (MVP) with a template-marker icon + in the page tree and a working Refresh action. +- **Arbitrary HTML/CSS/JS embeds**: a sandboxed-iframe embed block gated by a + per-workspace toggle (default OFF); insertable by any member when the toggle + is on. +- Admin-only **"Analytics / tracker"** workspace setting: a raw HTML/JS snippet injected into the `` of public share pages only (for analytics such as - Google Analytics or Yandex.Metrika). + Google Analytics or Yandex.Metrika), kept separate from the member-facing + HTML-embed feature. +- **MCP**: a hierarchical tree mode for `list_pages`, and per-user auth for the + embedded `/mcp` endpoint. +- **Page tree**: Expand all / Collapse all for the space tree, and + server-authoritative realtime tree updates. +- **AI chat UX**: a `get_current_page` tool for proxy-robust page context, a + current-context-size readout, an agent step cap raised 8→20 with a forced + final text answer, and auto-collapse of the chat window on page focus. +- **AI settings**: a Clear control inside the API-key field and an endpoint + status dot bound to "configured × enabled". +- **Client**: an always-visible space grid replacing the space-switcher popover, + removal of the sidebar Overview item, tighter comments-panel density, and no + auto-open of the comments panel when adding a comment. ### Changed @@ -28,16 +77,41 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 server-side strip is the public-share read path, which still honors the workspace HTML-embed toggle. -### Breaking Changes +### Fixed -- **MCP shared-token auth moved to its own header.** The `/mcp` shared guard - no longer reads `Authorization: Bearer `; it now reads only the - `X-MCP-Token` header. Existing MCP clients (e.g. Claude Desktop) configured - with `Authorization: Bearer ` must be reconfigured to send - `X-MCP-Token: ` instead. The `Authorization` header is now - reserved for per-user HTTP Basic / Bearer access JWT credentials. See - `MCP_TOKEN` in `.env.example`. As a one-time aid, the server logs a single - migration warning when it sees the old-style header. +- AI chat: preserve scroll position during streaming, record chats that fail on + their first turn, and resolve the current page for agent context behind + proxies. +- AI roles: guard `update()` against concurrent soft-delete; harden the model + override, role-name uniqueness, and id validation; sandwich the safety + framework around the role persona. +- Auth: handle null-password (SSO/LDAP-only) accounts without a bcrypt throw. +- Footnotes: survive duplicate-id definitions without collab divergence. +- HTML embed: fix stale iframe height and damp the resize loop; strip embeds at + serve time on authenticated read paths and the plain page-create path. +- Page templates: import `ThrottleModule` so collab boots, never strand an + in-flight page-embed id, and add defense-in-depth workspace checks. +- Pages: `movePage` cycle guard with no phantom `PAGE_MOVED` event. +- Import: surface the real error cause from `/pages/import` instead of a generic + 400. + +### Security + +- MCP: close an SSO/MFA bypass on Basic auth and stop minting non-init sessions; + close a brute-force limiter check-then-act race. +- Public share: block restricted descendants in the anonymous assistant, cap + per-request output, fail closed when Redis is unavailable, and reject non-text + message parts to close a size-cap bypass. +- Make `trustProxy` env-configurable with a safe default. + +### Internal + +- CI: gate the `develop` and release image builds on the test suite, run the + suites on push/PR, and build the `:develop` image on push to `develop`. +- Docs: replace `CLAUDE.md` with `AGENTS.md` codifying the agent workflow and + the release procedure, add migration-ordering guidance, and prune implemented + plans. +- A large batch of new server/client test coverage. ## [0.91.0] - 2026-06-18 @@ -121,5 +195,6 @@ knowledge layer, an embedded MCP server, and the Gitmost rebrand. - Build: drop the private EE submodule, retarget CI to GHCR, and update the Docker image to the GHCR registry. -[Unreleased]: https://github.com/vvzvlad/gitmost/compare/v0.91.0...HEAD +[Unreleased]: https://github.com/vvzvlad/gitmost/compare/v0.93.0...HEAD +[0.93.0]: https://github.com/vvzvlad/gitmost/compare/v0.91.0...v0.93.0 [0.91.0]: https://github.com/vvzvlad/gitmost/compare/v0.90.1...v0.91.0