Skip to content

Releases: Kashkovsky/threadnote

v1.6.2

Choose a tag to compare

@Kashkovsky Kashkovsky released this 02 Jul 20:56

Security hardening for shared memories and local update paths.

  • Shared-memory sync now blocks inbound files that look like credentials before they are indexed, skips symlinks/non-regular files, strips personal provenance from shared notes, and refuses to overwrite/delete local memory that no longer matches the previous shared version.
  • The scrubber now covers more common credential formats, including AWS session/secret keys, Google API/OAuth tokens, Stripe keys/webhook secrets, Slack/Discord tokens and webhooks, database URLs with credentials, and Basic auth values.
  • MCP grep/glob/add_resource proxy tools now reject leading-dash arguments before forwarding to OpenViking.
  • threadnote update and threadnote version no longer trust a custom THREADNOTE_NPM_REGISTRY unless --allow-untrusted-registry or THREADNOTE_ALLOW_UNTRUSTED_NPM_REGISTRY=1 is set.

1.6.1: reliable seed imports and OpenViking 0.4.7

Choose a tag to compare

@Kashkovsky Kashkovsky released this 02 Jul 16:51

This patch makes Threadnote seeding quieter and more reliable on current OpenViking installs.

  • threadnote seed no longer asks OpenViking to create a reason-linked memory for every imported repo document. That removes the repeated OPENAI_API_KEY warning for local users who only want to seed project guidance into OpenViking.
  • threadnote seed --graph and threadnote seed-skills use the same safer resource-import path, so generated dependency facts and skill catalogs avoid the same warning behavior.
  • Threadnote now pins OpenViking 0.4.7. After updating Threadnote, the post-update repair path upgrades older OpenViking installs and restarts the server when needed, picking up upstream storage, QueueFS, embedding queue, and MCP reliability fixes.

Typical update flow:

threadnote update
threadnote seed

If OpenViking was installed separately and is still older after updating Threadnote:

threadnote install --force

1.6.0: worksets, trace handoffs, and dependency facts

Choose a tag to compare

@Kashkovsky Kashkovsky released this 02 Jul 15:26

Threadnote now carries more of the context agents need to resume work across related repos, reviews, and local sessions without turning your workspace into a managed job runner.

  • Handoffs can now point at the exact context a future agent should read. Use --reference for read-only memory links and --pr, --issue, or --ci to record the review state that mattered when the handoff was written.

    threadnote handoff \
      --task "continue the auth cleanup" \
      --reference viking://user/denys/memories/durable/projects/app/auth.md \
      --pr https://github.com/acme/app/pull/42 \
      --ci "unit tests green, e2e pending"
  • Recall understands those references: links and includes the referenced context one hop deep, so a concise handoff can still lead the next agent to the durable design note, investigation, or related branch state it depends on.

  • Multi-repo worksets let you name groups of seeded projects and recall them together. Add a top-level worksets: block to the seed manifest, then use it from the CLI or MCP recall_context tool.

    worksets:
      - name: platform
        description: app, API, and design-system repos
        projects: [web-app, api, design-system]
    threadnote workset list
    threadnote workset show platform
    threadnote recall --workset platform "latest auth handoff"
  • threadnote seed --graph can generate a plain .graph.md resource for each project from package.json and go.mod. This gives recall lightweight dependency facts and [[project]] links without adding a separate graph UI or background service.

    threadnote seed --graph
    threadnote read viking://resources/repos/web-app/.graph.md
  • Pre-compact handoffs can include a short, scrubbed trace summary from the current session: recent user intents, event count, and tools used. Credential-looking content drops the trace instead of writing it, and large transcripts are read from a bounded tail.

  • Technical hardening: explicit workset typos now fail before any recall search runs, init-manifest preserves existing worksets, generated graph cache filenames are sanitized, shared publishing strips personal provenance, and regex escaping now handles * correctly.

1.5.0: recall relevancy weighting + memory project/path consistency

Choose a tag to compare

@Kashkovsky Kashkovsky released this 01 Jul 11:59

Sharper recall ranking and a new memory data-consistency guardrail.

  • Recall ranks exact (lexical) matches by term rarity and title match instead of raw count, so a query's common words no longer flood the top and a memory whose topic names the query leads its category; keyword-only hits are labelled as such and an all-keyword result set is flagged low-confidence. #49
  • Agent-artifact review packs are no longer surfaced as memories in recall. #49
  • New doctor check flags any memory whose frontmatter project disagrees with its storage path, and in-place shared updates keep the project from the path so the two can't drift. #50
  • Typecheck migrated to the TypeScript 7 RC, plus dependency bumps (vitest, typescript-eslint, @types/node, globals, actions/checkout). #48

Also bumps the package version to 1.5.0.

1.4.5: self-heal rejected llama-cpp-python wheel installs

Choose a tag to compare

@Kashkovsky Kashkovsky released this 26 Jun 07:30

Threadnote now recovers automatically when uv rejects a prebuilt llama-cpp-python wheel with trailing data after the ZIP EOCD.

  • Detects the llama-cpp-python archive extraction failure during OpenViking install.
  • Retries without the prebuilt wheel index instead of asking users to clear caches or rerun commands.
  • Preserves macOS Metal source builds with CMAKE_ARGS="-DGGML_METAL=on" and caps compile parallelism with CMAKE_BUILD_PARALLEL_LEVEL=2.
  • Keeps remaining install failures focused on the package-manager output.

v1.4.4

Choose a tag to compare

@Kashkovsky Kashkovsky released this 25 Jun 14:20
be515c5

Pin OpenViking to 0.4.5 and remove Threadnote's temporary semantic-queue source patch.

  • Upgrades the pinned OpenViking install target to 0.4.5, which includes the upstream queuefs fix for non-directory memory URIs.
  • Removes the repair-semantic-queue command and the ov-semantic-poison-hotfix-2734 post-update migration.
  • Updates troubleshooting docs to use threadnote update / threadnote install --force for the OpenViking 0.4.5 fix path.

1.4.3: repair-semantic-queue recovery for the OV poison loop

Choose a tag to compare

@Kashkovsky Kashkovsky released this 19 Jun 17:34

Patch release: a recovery path for the OpenViking semantic-queue poison loop (#2734).

  • New threadnote repair-semantic-queue [--apply] patches the installed OpenViking to skip non-directory/missing memory URIs and restarts the server, so a stuck semantic message — a memory file enqueued for directory-level processing — drains on the next dequeue instead of re-enqueuing forever (the AGFS-persisted entry survives a restart otherwise). Idempotent, keeps a .threadnote-bak, and compile-checks the patched file before writing.
  • threadnote update offers it as a post-update step (with the usual consent prompt).

Temporary bridge: it no-ops once the pinned OpenViking includes the upstream fix (volcengine/OpenViking#2735).

1.4.2: doctor recall-shape fix + MCP stale-version reconnect nudge

Choose a tag to compare

@Kashkovsky Kashkovsky released this 19 Jun 14:33

Patch release: OpenViking 0.4.4 diagnostics fixes.

  • doctor recall-shape probe no longer false-warns on a healthy OpenViking 0.4.4. ov find/search --output json prints a cmd: ... preamble before the JSON and nests the buckets under a result envelope; the probe now parses exactly like recall does instead of warning "search output is not JSON".
  • MCP server now nudges you to reconnect after a threadnote update. The MCP server is a long-lived stdio process the client doesn't respawn mid-session, so an update silently left it running old code. recall_context/remember_context/health results now carry a one-line "reconnect (/mcp) to load the update" notice when a newer threadnote is installed on disk.

1.4.1: fix OpenViking 0.4.4 recall breakage and bound the reindex hang

Choose a tag to compare

@Kashkovsky Kashkovsky released this 19 Jun 14:05

Patch release fixing two OpenViking 0.4.4 interop regressions.

  • Recall (and every ov call) broken on OpenViking 0.4.4. 0.4.x removed the --agent-id flag from every ov subcommand and dropped agent_id as an HTTP identity input, so the 1.4.0 pin made every ov invocation fail with Unexpected argument: --agent-id — recall included. Identity is now --account + --user only.
  • AGFS memory-reindex hang bounded. A context_type=memory semantic queue entry pointed at a memory file fails OpenViking's _process_memory_directory and re-enqueues forever, starving the queue; ov reindex has no --timeout, so the post-write refresh and index repair could block for the full 10-minute command timeout. Both reindex waits are now bounded by reindexWaitTimeoutMs (default 120s, override THREADNOTE_REINDEX_TIMEOUT_MS).

Anyone on 1.4.0 should upgrade — recall is broken there against OpenViking 0.4.4.

1.4.0: OpenViking 0.4.4 pin, version/drift hardening, opt-in seed watches

Choose a tag to compare

@Kashkovsky Kashkovsky released this 19 Jun 13:36

Pins OpenViking to 0.4.4 (from 0.3.24). The 0.3.x→0.4.x transition is compatible as-is: memories already write to viking://user/, --agent-id stays a supported transition shim, and the ov version / find/search JSON / auth surfaces are unchanged.

Hardening:

  • compareVersions now ignores +build metadata, parses core segments as leading integers, and ranks PEP 440 post/pre-releases, so a local 0.4.4+local build is no longer misread as 0.4.0 and re-upgraded in a loop.
  • doctor warns when the installed OpenViking is older than the pin (install/doctor don't upgrade it — only repair/update do) and probes that recall's memories/resources/skills JSON buckets are intact.
  • Dropped the unused ov_search peerId/peer_id params and de-duplicated withIdentity.

New:

  • Opt-in THREADNOTE_SEED_WATCH_INTERVAL=<minutes> lets OpenViking auto-refresh seeded repo docs between threadnote seed/repair runs. Off by default; a watch attaches only to original, non-redaction-prone files, since an OpenViking-managed refresh re-ingests the file without Threadnote's per-import secret scan.