v1.8.0 — Agent Reliability & Production Monitoring Fixes

Summary

Comprehensive production reliability improvements identified through live session monitoring. Fixes 10 issues across hallucination detection, browser navigation, report streaming, and stuck detection.

Agent Reliability

• Hallucination rewrite timeout: Increased from 3s to 15s (configurable via HALLUCINATION_REWRITE_TIMEOUT), giving LLMs a fair chance to rewrite unsupported claims
• Stuck detector: Research mode awareness — threshold relaxed to 12 (from 6) during deep research to prevent false positives
• Truncation recovery: Reference auto-fix cap raised from 5 to 50 to handle large citation gaps from LLM output truncation
• Report file superseding: Old execution-phase report files are now removed when re-summarization produces a revised version
• HEAD precheck domain blocking: After 2+ connection drops on a domain, full Playwright navigation is skipped entirely (saves 20-30s per blocked domain)

Frontend

• Report streaming panel: ToolPanel now auto-opens when report summarization begins — users see live streaming text instead of a blank "Writing report" step
• Fallback report card: When SSE drops during summarization, a fallback report card is created from accumulated streaming text
• Usage event handler: Registered usage SSE event type to suppress console warnings

Charts & Visualization

• Chart semantics analysis: New chart_semantics.py for spec-sheet detection and heterogeneous data filtering
• Plotly orchestration: Enhanced error handling and SVG fallback when Plotly runtime is unavailable
• Plotly env passthrough: PLOTLY_RUNTIME_AVAILABLE now configurable via docker-compose environment

Agent Architecture

• BaseAgent decomposition: Refactored into focused mixins with UsageEvent for token/cost tracking
• Execution pipeline: Pre-trim report caching, summary recovery from cache on stream failure
• Step failure handling: Improved recovery logic and retry behavior

Testing

• All CI checks green (backend lint, backend tests, integration tests, frontend lint+types+tests)
• Updated middleware count tests for PermissionGateMiddleware
• Updated chart attachment tests for SVG fallback behavior
• Updated format enforcement test for re-enforcement LLM call pattern
• New tests for chart analysis, execution suggestions, report quality pipeline

Other

• npm audit: Fixed 2 vulnerabilities (1 high, 1 critical)
• ChatMessage layout: Hierarchy-aware rendering with sanitization
• Cross-platform fixes for PDF rendering and path traversal checks

v1.7.1

Release v1.7.1

---

Docker Images

GitHub Container Registry (ghcr.io):

docker pull ghcr.io/mohamed-elkholy95/pythinker-frontend:1.7.1
docker pull ghcr.io/mohamed-elkholy95/pythinker-backend:1.7.1
docker pull ghcr.io/mohamed-elkholy95/pythinker-sandbox:1.7.1

Docker Hub:

docker pull pythinker/pythinker-frontend:1.7.1
docker pull pythinker/pythinker-backend:1.7.1
docker pull pythinker/pythinker-sandbox:1.7.1

Quick start:

IMAGE_TAG=1.7.1 docker compose -f docker-compose.yml up -d

v1.7.0 — Ephemeral Sandbox Lifecycle

What's New

Ephemeral Sandbox Mode (Per-Session Isolation)

Each user session now gets its own isolated Docker sandbox container, automatically destroyed when the session ends. No more shared static sandbox.

Changes:

• docker-compose-deploy.yml: Docker socket upgraded to read-write; static sandbox moved to optional static-sandbox profile; backend/gateway no longer depend on a pre-existing sandbox service
• Backend: Ephemeral containers now receive full environment variable parity with compose-managed sandboxes (~25 env vars including supervisor auth, VNC, LLM proxy, runtime callbacks, cloud tokens)
• Config: Added 7 new sandbox pass-through settings for ephemeral container provisioning

Dokploy Environment Updates Required

• SANDBOX_IMAGE=ghcr.io/mohamed-elkholy95/pythinker-sandbox:latest
• SANDBOX_NETWORK=dokploy-network
• SANDBOX_POOL_ENABLED=false
• Remove all SANDBOX_POOL_* and SANDBOX_IDLE_TIMEOUT_* vars

Full Changelog: v1.6.0...v1.7.0

v1.6.0 — Agent Reliability, Monitoring & Test Coverage

[1.6.0] - 2026-03-26

Added

• Monitoring: CDP connection health Prometheus metric and alert
• Monitoring: MinIO health check in health monitor
• Monitoring: Grafana webhook endpoint for alert logging
• LLM: Fallback provider for key exhaustion recovery
• SSE: Register skill event type in native EventSource allowlist
• Tests: 2,200+ new tests across 50+ test files covering domain models, agent services, error handling, planning, reasoning, and infrastructure

Fixed

• Agent: Auto-fix incomplete references when inline citations are missing
• Agent: Add grounding re-research trigger for unsupported claims
• Agent: Add escalating stuck response with per-step forced output
• Agent: Add URL hallucination guard to prevent LLM URL fabrication
• Agent: Add HEAD precheck domain blocklist and fix domain_failures tracking bug
• Agent: Add hard circuit breaker for context cap escalation loop
• LLM: Use TTL-based exhaustion for auth errors instead of permanent invalidation
• Auth: Store rotated refresh token and validate JWT format
• Browser: Add RecursionError guard, reconnect debounce, and future suppression
• Browser: Replace asyncio.gather with asyncio.wait in shutdown drain and view_page extraction
• Sandbox: Always restart Chrome to maintain CDP availability
• Sandbox: Enable GPU compositing for PDF viewer rendering
• Sandbox: Enable Chrome PDF viewer by removing component extension block
• Sandbox: Suppress additional Chrome stderr noise patterns
• Frontend: Use cursor: none in view-only sandbox mode
• UI: Show default cursor on canvas in view-only tool panel
• UI: Add fallback for HtmlPreviewView loading background
• UI: Improve dark mode readability in report preview and tool views
• SSE: Register skill event type to prevent unknown-event warnings
• Middleware: Suppress anyio.WouldBlock on SSE client disconnect
• Metrics: Classify HTTP 4xx tool results as client_error
• HTTP Pool: Classify error types for actionable Prometheus metrics
• Monitoring: Raise TokenConsumptionSpike threshold to avoid false alerts
• Loki: Eliminate empty-ring startup errors on single-node deployment
• Loki: Skip ring stabilization wait for single-node deployment
• MinIO: Add retry with exponential backoff on initialization
• Docker: Add bucket creation to dev minio-init service
• Session: Stop polling completed sessions to prevent stale 404s
• AsyncIO: Add custom exception handler to suppress Playwright navigation noise

Changed

• Monitoring: Upgrade Loki/Promtail to 3.6.2, enhance dashboards and healthchecks
• Sandbox: Tune uvicorn reload, Chrome memory, VNC and Xvfb settings

Chores

• Remove CodeRabbit config and stale test report
• Remove redundant npm global install from frontend Dockerfile.dev
• Remove unused _suppress_navigation_error helper
• Auto-fix lint violations across sandbox, mock server, and utility scripts
• Format and fix ruff violations in all new test files

---

Docker Images

GitHub Container Registry (ghcr.io):

docker pull ghcr.io/mohamed-elkholy95/pythinker-frontend:1.6.0
docker pull ghcr.io/mohamed-elkholy95/pythinker-backend:1.6.0
docker pull ghcr.io/mohamed-elkholy95/pythinker-sandbox:1.6.0

Docker Hub:

docker pull pythinker/pythinker-frontend:1.6.0
docker pull pythinker/pythinker-backend:1.6.0
docker pull pythinker/pythinker-sandbox:1.6.0

Quick start:

IMAGE_TAG=1.6.0 docker compose -f docker-compose.yml up -d

v1.5.0

[1.5.0] - 2026-03-26

Added

• Monitoring: Grafana dashboards, alert contact points, and Loki alerting rules
• Monitoring: Promtail JSON log parsing, multi-format level detection, and pipeline stages
• Monitoring: Prometheus instrumentation for LLM calls, tool calls, and active sessions
• Monitoring: Container resource telemetry with cAdvisor
• Backend: Configurable log format (auto/json/plain) for Docker-friendly structured output
• Backend: Hallucination correction feedback loop in output verification
• Backend: MiniMax M2.7 LLM provider support
• Backend: LLM-powered chart analysis replacing heuristic pipeline
• Backend: Domain-level URL failure blocking with cross-session cache
• Backend: Search query and browser navigation deduplication per step
• Backend: Expected tools on Step model for declarative action audit
• Backend: Middleware lifecycle hooks for per-step state reset
• Backend: Search evidence fed to output verifier for grounding
• Backend: Blocked-domains context injection from URL failure guard
• Backend: Configurable context cap with deep_research override
• Backend: Higher search and browser budgets for deep_research mode
• Frontend: Plan presentation and streaming tool display
• Frontend: Markdown preview and syntax-highlighted code view in editor
• Frontend: Inline chart/image previews for assistant attachments
• Frontend: Google Drive-style FileTypeIcon redesign
• Frontend: ThinkingIndicator component replacing static SVGs
• Frontend: Negative caching for auth status during backend restarts
• Frontend: Progress toast with rich layout and session notifications
• Frontend: TaskCompletedFooter with phased rating flow
• Sandbox: Parameterized resource limits with env-driven defaults
• Browser: Playwright tools and browser lifecycle metrics
• VNC: Pre-flight websockify check and improved error handling
• Agent: Improved stuck detection and tightened context limits
• Agent: Report quality improvements with source grounding and delivery fallbacks
• Email: BIMI SVG Tiny PS logo for Gmail brand display
• Config: Default rating notification email setting
• Tests: 4,500+ new tests across 120+ test files covering domain models, services, tools, and infrastructure

Fixed

• Models: Add missing RUNNING and FINISHED members to PlanStatus enum
• Auth: Skip server logout when token is already cleared
• Config: Raise deep_research context cap and planning budget
• Agents: Suppress stuck detector false positive during research steps
• UI: Guard sandbox connection init against completed sessions
• UI: Fix scoped CSS dark mode selectors and transparent text leak
• SSE: Prevent UUID resume cursor from causing full event replay
• Sandbox: Allow /tmp paths in file service and harden X11 cleanup
• Sandbox: Handle ProcessLookupError race in X11 screencast process cleanup
• Charts: Resolve chart attachment filename mismatch in reports
• Browser: Prevent Playwright route handler cascade on page close
• Browser: Catch PlaywrightError in route_handler to prevent TargetClosedError tracebacks
• Context Manager: Guard against None result in InsightSynthesizer
• Monitoring: Remove high-cardinality event label from Promtail
• Prometheus: Add missing rule_files references for recording rules
• Loki: Add retention config and reduce compactor workers for dev
• Alerts: Correct misleading annotation in ToolFailureRateHigh alert
• Alerts: Use changes() instead of increase() for container restart detection
• Metrics: Log partial ImportError instead of silently swallowing
• MongoDB: Raise wiredTiger cacheSizeGB to 0.25 (min required by Mongo 7.0.31)
• Tools: Reduce false-positive traceback_in_success anomalies in result analyzer

Changed

• Metrics: Prefix agent metrics with pythinker_ namespace
• Verification: Replace magic strings with ClaimVerdict constants
• Session: Use TakeoverReason enum for type-safe takeover handling
• Agent: Extract step action audit into StepExecutionContext
• UI: Extract useFavicon composable with persistent localStorage cache

Performance

• Config: Enable Qdrant quantization and semantic cache by default
• Docker: Add BuildKit cache mounts for apt, uv, and npm
• Docker: Create lightweight gateway Dockerfile without browser deps
• Docker: Make gateway and VNC opt-in services
• Sandbox: Tune CDP screencast everyNthFrame from 1 to 3
• Sandbox: Remove addon packages from default runtime requirements
• Backend: Add GC tuning after startup initialization
• Compose: Add backend and MinIO resource limits to dev compose
• Observability: Cap in-memory trace retention
• Metrics: Replace unbounded histogram observations with bucket aggregation
• Infra: Right-size connection pools and production memory limits
• Agent: Per-step context compaction to prevent 130K accumulation
• Agent: Hard context cap and recovery truncation to prevent 60s+ LLM calls
• Browser: HEAD pre-check to skip dead URLs before full navigation

Security

• Auth: Block AUTH_PROVIDER=none in production environment
• Security: Use proper URL hostname validation and bump vulnerable deps
• Metrics: Suppress METRICS_PASSWORD warning in development mode

---

Docker Images

GitHub Container Registry (ghcr.io):

docker pull ghcr.io/mohamed-elkholy95/pythinker-frontend:1.5.0
docker pull ghcr.io/mohamed-elkholy95/pythinker-backend:1.5.0
docker pull ghcr.io/mohamed-elkholy95/pythinker-sandbox:1.5.0

Docker Hub:

docker pull pythinker/pythinker-frontend:1.5.0
docker pull pythinker/pythinker-backend:1.5.0
docker pull pythinker/pythinker-sandbox:1.5.0

Quick start:

IMAGE_TAG=1.5.0 docker compose -f docker-compose.yml up -d

v1.4.0 — Projects, Library & Code Quality

What's New

Projects System (Full Stack)

• Project CRUD: Create, list, and manage projects with domain model, MongoDB repository, API routes, and Vue frontend
• Project Pages: Grid listing page and detail page with Manus-style two-column layout
• Project Context: Inject project instructions, files, and skills into agent execution at session creation
• Project Sidebar: Collapsible projects section with animated expand/collapse, file upload, and skill selection
• Project Sessions: Display project sessions with status badges; exclude project-scoped sessions from global sidebar
• Latest Message Preview: Surface latest_message in project sessions API for quick preview

Library Enhancements

• Sessions/Files tabs with rich file cards
• GET /sessions/all-files endpoint for Library files view
• Redesigned Library page matching Manus reference design

UI/UX Improvements

• Model Branding: MODEL_DISPLAY_NAME env var for custom header title with DM Sans typography
• Search Modal: Rich two-line layout matching reference design
• Mobile: Responsive TaskProgressBar, ToolPanelContent touch targets, tighter ChatPage header
• Live Preview: Compact font design for desktop/mobile thumbnails
• Route transition ghost frame fix for screencast

Sandbox & Browser

• On-Demand Chrome: ChromeLifecycleManager for on-demand browser lifecycle (autostart=false)
• Browser endpoints: /browser/ensure and /browser/status API
• WebSocket state moved from module scope to per-instance (fixes concurrent sessions)
• Chrome started before CDP health probes to avoid false-negative checks

Agent Reliability

• Fast-ack timeout + tool tracing observability
• Reduced hallucination gate false-positive block rate
• SSE log visibility, search chain accuracy, startup race fixes
• Stale cancel event and orphaned sandbox cleanup

Security

• Basic auth on /metrics endpoint
• Tightened CSP headers + charset on HTML responses

Code Quality

• 132 TypeScript errors → 0: Full type-check compliance (vue-tsc --noEmit)
• 0 ESLint warnings: Eliminated all no-explicit-any across 8 files
• All backend tests passing: 6548 passed (fixed Beanie get_motor_collection patches)
• Removed 44 stray console.log/debug statements
• Pinned upper bounds on 48 Python dependency versions
• CLAUDE.md project instructions added

Infrastructure

• MongoDB replica-set healthcheck made tolerant (longer start_period, cleaner exit)
• Dependency injection for ProjectService (file service factory)
• Relaxed websockets upper bound for browser-use compatibility
• Codex-first harness foundation with governance hooks

---

Full Changelog: v1.3.0...v1.4.0

v1.3.0 — Screencast Reliability & Agent Quality

[1.3.0] - 2026-03-22

Highlights

200 commits since v1.2.0 — major reliability improvements across screencast streaming, agent output quality, and production infrastructure.

Added

• Canvas: Canvas viewer modal with 5 components wired into ChatPage
• Frontend: Editable ReportModal with TipTap edit toggle
• Frontend: Manus-style report card redesign with file attachments grid
• Frontend: TaskInterruptedFooter for cancelled sessions
• Frontend: Self-hosted Libre Baskerville font (eliminates Google Fonts external dependency)
• Frontend: PlannerActivityIndicator with richer animations and bouncing dots
• Frontend: Fullscreen and take-control buttons replacing split/chat buttons
• Streaming: StreamExecutor with cancellation grace period and idle timeout
• Streaming: ToolExecutorWithHeartbeat for tool-level heartbeat signals
• Context: SessionContextExtractor for session-aware intent classification
• Context: Expanded conversation context capture from 5 to 12 event types
• Classifier: Session-aware guards to prevent mode downgrade on follow-ups
• Browser: Enhanced background preview browsing with configurable dwell and auto-scroll
• Sandbox: /sandbox-context endpoint for cross-container context fetch
• Deploy: VPS bootstrap script, SSH auto-deploy, nginx Telegram webhook proxy

Fixed

• Screencast Reliability (this release):

  • Terminal-state guards prevent reconnection storms for completed/failed sessions
  • Backend rejects screencast requests for terminal sessions (HTTP 409 / WS 1008)
  • X11 event queue drain on session teardown prevents 35K+ event leak
  • STUN DNS resolution errors suppressed in Chrome stderr filter
  • SharedImageManager GPU compositing noise suppressed
  • Debounced all screencast WebSocket reconnection triggers
  • Prevented duplicate WebSocket connections on init
  • Tuned x11vnc to prevent X11 event queue buildup

• SSE Streaming:

  • Prevented retry storm on terminal sessions (retry=86400000 for browser EventSource)
  • Only store Redis stream IDs as SSE resume cursors (fixes format mismatch)
  • Added retry directive and discuss-mode resume support

• Agent Output Quality:

  • Hallucination guardrail and citation enforcement
  • Rewrite unsupported claims instead of only appending disclaimer
  • Summarization recovery for empty final message after tool loop
  • JSON salvage for malformed LLM responses
  • Strip orphaned tool-call placeholders from report content
  • Filter self-referential claims from grounding verification
  • Prevent [Previously called ...] markers from leaking into reports
  • Configurable stale session cleanup threshold (replaces hardcoded 0)

• Security:

  • OWASP security headers middleware via Traefik
  • HSTS header, tightened CSP, suppressed server fingerprint
  • Resolved Trivy CVE findings in sandbox and backend images
  • pip-audit dependency vulnerability scanning in CI
  • Tightened CSP, removed SYS_CHROOT per production audit
  • Quote temp_file path in sandbox file write command (injection prevention)

• Browser:

  • Park cursor after every browser action to prevent screencast artifact
  • Removed DOM cursor injection (Konva overlay is sole cursor)
  • Full-page innerText fallback for low-content extraction
  • Retry display navigation on background task failure

• Frontend:

  • Resolved 5 Lighthouse accessibility violations
  • Hide duplicate Planning header during streaming placeholder
  • Gradient fade mask above chatbox input area
  • macOS Apple-style pointer cursor on viewer surfaces
  • Graceful session 404 handling on maintenance cleanup

Changed

• Deploy: Switched compose to pre-built GHCR images with build fallback
• CI: Upgraded GitHub Actions to Node.js 24 compatible versions, bumped ruff to >=0.15.7
• Frontend: Standardized app fonts to Arial (Libre Baskerville for logo only)
• Frontend: Restructured LiveMiniPreview with direct-render panels
• Plan-Act: Extracted streaming loop into StreamExecutor
• Agents: Downgraded hallucination gate when all plan steps completed

Infrastructure

• Production deployment on pythinker.com via Dokploy + Traefik
• CI builds images → GHCR → Dokploy pulls pre-built images
• Grafana + Loki + Prometheus monitoring stack

v1.2.0

[1.2.0] - 2026-03-20

Added

• Frontend: Terminal tool design tokens and CSS variables for consistent terminal theming
• Frontend: Live terminal ANSI prompt colorization and xterm theme integration
• Frontend: Tool panel terminal stage and timeline chrome styling
• Frontend: Floating jump-to-live overlay button for timeline navigation
• Frontend: Unified content-title bar with session names and browser URL display
• Frontend: Chat/Split/Close panel controls replacing header buttons
• Frontend: Manus-style compact step design with dotted timeline
• Frontend: BookOpen icon for skill_invoke tool events
• Frontend: Data-driven chroma recolor from chroma-render.json for agent cursor overlay
• Frontend: macOS Apple-style pointer cursor on all viewer surfaces
• Frontend: Forward browser tool events to LiveViewer for agent cursor overlay
• Skills: Deal Finder, Design, and Professional Coder official skills
• Skills: Skill Creator dialog with Teleport, Radix suppression, and compact layout
• Skills: "Create new skill" option in settings dropdown
• Deploy: Self-contained full-stack deploy compose package
• Types: session_name field and deriveSessionName utility

Fixed

• Test: Handle 429 rate limit retries in integration test helpers
• Deploy: Rewrite compose for Dokploy managed Traefik
• Panel: Terminal dark mode background alignment and content-title labels
• Files: Register all generated files with session and fix tracking pipeline
• Files: Remove trailing quote from Content-Disposition filename header
• Skills: Fix skill upsert with raw MongoDB update_one
• Skills: Fix SkillCreatorDialog z-index and event propagation from settings
• Skills: Correct OpenAILLM constructor parameter in draft endpoint
• Sandbox: Enable VNC websockify for Take Control feature
• Agents: Always emit wall-clock CRITICAL FORCE stop signal
• LLM: Record Anthropic key-pool success on key actually used
• Docker: Target specific Alpine packages instead of blanket upgrade
• Docker: Pin gh CLI to v2.88.1 to fix CRITICAL grpc CVE
• Docker: Upgrade Alpine base packages to fix libexpat/zlib CVEs
• CI: Install deps before Pyright and make non-blocking
• CI: Skip release creation when tag already exists
• CI: Ignore unfixable diskcache CVE-2025-69872 in pip-audit

Changed

• Panel: Standardize terminal design tokens and scrollbar CSS
• Timeline: Simplify TimelineControls, remove tooltip and unused props
• Chat: Polish compact step layout and remove tool chip borders
• Deploy: Standardize internal network name across compose files
• Auth: Multi-line AuthToken construction for readability

Security

• Dependencies: Bump Pillow and pin authlib/pypdf to fix 12 CVEs
• Dependencies: Bump flatted from 3.4.1 to 3.4.2 (frontend)

Performance

• Scraper: Cache lazy getattr exports in module globals

---

Docker Images

GitHub Container Registry (ghcr.io):

docker pull ghcr.io/mohamed-elkholy95/pythinker-frontend:1.2.0
docker pull ghcr.io/mohamed-elkholy95/pythinker-backend:1.2.0
docker pull ghcr.io/mohamed-elkholy95/pythinker-sandbox:1.2.0

Docker Hub:

docker pull pythinker/pythinker-frontend:1.2.0
docker pull pythinker/pythinker-backend:1.2.0
docker pull pythinker/pythinker-sandbox:1.2.0

Quick start:

IMAGE_TAG=1.2.0 docker compose -f docker-compose.yml up -d

v1.1.0 — Agent Middleware, Skill Authoring & Reliability

Highlights

100 commits since v1.0.3 — major feature additions, reliability improvements, and frontend polish.

Agent Middleware Pipeline

A chain-of-responsibility middleware system for agents, enabling modular cross-cutting concerns:

• BaseMiddleware with 9 lifecycle hooks (pre/post tool call, pre/post LLM, etc.)
• MiddlewarePipeline orchestrator with AgentContextFactory for dependency injection
• Built-in adapters: HallucinationGuard, StuckDetection, SecurityAssessment
• Full integration test coverage

Skill Authoring & Trust System

• AI-assisted draft generation — POST /skills/authoring/draft endpoint with LLM-powered skill scaffolding
• Generate Draft button in SkillCreatorDialog for one-click skill creation
• Instruction trust levels — provenance-aware prompt assembly distinguishing system_authored vs user-created skills
• "Create new skill" shortcut added to settings dropdown

Reliability & Security

• Sandbox crash propagation to agent orchestrator
• Shutdown lifecycle for search engines and WriteCoalescer
• DuplicateKeyError handling in knowledge repository
• db_retry decorator on all Qdrant repository operations
• CachedSessionRepository rewritten to implement all 27 Protocol methods
• SYS_CHROOT capability removed, seccomp profile enforced
• CVE-2026-33123 — bumped pypdf to >=6.9.1

Frontend

• Manus-style header redesign with centered model name pill
• Pythinker SVG branding in collapsed sidebar with animated logo
• ChatPage decomposition into composables with SSE migration
• Replay mode tool panel sync when scrubbing timeline
• Accessibility — focus trap, ARIA attributes, form a11y in SkillCreatorDialog
• Typed event bus with EventBusEvents interface
• Timer leak fixes, deprecated composable removal, type safety improvements

Performance

• Vectorized MMR with numpy matrix operations for retrieval
• Cursor-based pagination for list_users

CI/CD

• Security scans now blocking; frontend lockfile/coverage enforced
• Removed broken SSH deploy job (Dokploy handles deployment)
• Test compatibility fixes for updated APIs

Refactoring

• Dead code removal: ChainOfVerification, deprecated Verification/Reflection models, 3 deprecated useToolStore methods
• Domain layer cleanup: removed app.core imports from BM25 encoder, sync_outbox, user_settings
• PodmanSandbox sync calls wrapped in asyncio.to_thread()
• Memory renamed to ConversationMemory

---

Full Changelog: v1.0.3...v1.1.0

v1.0.3 — Security Patch & CI Fixes

Security Fixes

Addresses all 29 open code scanning alerts from GitHub Advanced Security.

Code Vulnerability Fix

• py/path-injection (Alert #271): Added safe_resolve() defense-in-depth validation on all parent_dir/os.path.dirname() derivations in sandbox/app/services/file.py

Backend Dockerfile CVE Fixes

• CVE-2026-25537: Pinned uv to 0.7.12 (patched jsonwebtoken Rust crate)
• CVE-2026-1703, CVE-2025-8869: Upgraded system pip>=25.1
• CVE-2026-23949: Upgraded setuptools>=78.1.0 (vendors jaraco.context>=6.1.0)
• CVE-2026-24049: Added wheel>=0.46.2

Container Image CVE Fixes (via rebuild)

23 alerts auto-close on image rebuild:

• tar 7.4.3 → 7.5.11+ (6 CVEs × 3 locations)
• minimatch → 10.2.3+ (3 CVEs)
• glob → 11.1.0+ (1 CVE)
• diff → latest (1 CVE)

CI/CD Fixes

• Removed broken SSH deploy job from Build & Deploy workflow (Dokploy handles deployment)
• Fixed EventStoreRepository constructor (removed unused db_client param)
• Fixed wall-clock and event archival test compatibility with updated APIs
• All CI checks green: Test & Lint, Build Images, CodeQL