v6.0.0

v6.0.0 — Two-tier token authentication

BREAKING CHANGES. Workstation auth model rewritten. Pre-v6 configurations stop working until re-issued — see Migration below.

What changed

• Two-tier token model. Workstations read ENGRAM_TOKEN (per-workstation API token issued via the dashboard /tokens page). Operator key ENGRAM_AUTH_ADMIN_TOKEN lives ONLY on the server host.
• Plugin .mcp.json env rename: ENGRAM_AUTH_ADMIN_TOKEN → ENGRAM_TOKEN. No legacy fallback chain.
• Daemon fail-fast when ENGRAM_URL is set but ENGRAM_TOKEN is empty — replaces the silent graceful-degrade to loom_*-only that masked PR #203 regression class for days.
• Issuance hardening. POST/GET/DELETE /api/auth/tokens require admin browser session cookie; bearer is rejected with 403.
• Symmetric validation. Single auth.Validator shared by HTTP middleware AND gRPC interceptor.
• Strict token shape gate. engram_ + exactly 32 hex chars, fails closed before any DB / bcrypt work.
• Whitelisted scope mapping. Only read-write / read-only are accepted from the api_tokens.scope column.
• Connection pool keys credential AND TLS-CA hash. Rotating either forces a fresh dial.
• First @critical test (tests/critical/auth_two_tier_test.go) — bootstraps project-wide critical-suite gate.
• First production playbook (docs/PRODUCTION-TESTING-PLAYBOOK.md) — bootstraps rule #11.

Migration

1. Update the plugin: /plugin update engram@engram
2. Open <your-server-url>/tokens as admin, generate a keycard per workstation
3. /engram:setup — paste the new keycard
4. Remove any ENGRAM_AUTH_ADMIN_TOKEN / ENGRAM_API_TOKEN entries from ~/.claude/settings.json
5. Restart Claude Code

Critical-suite verdict

PASS — 6/6 sub-tests green. The test directly asserts the gRPC interceptor accepts a dashboard-issued keycard — i.e. it would have caught PR #203 regression class at CI time.

PR

#208 (17/17 review threads resolved)

v5.2.5

Sharp cards (no rounded corners), remove top whitespace, tighter layout

v5.2.4

Bug Fixes

• Vault reveal/delete: no longer require project query param — dashboard admin view works
  • Falls back to cross-project lookup by credential name (GetByName/DeleteByName)
  • Orphaned credentials (encrypted with lost key) now show 409 "key mismatch" instead of 400 "project is required"
  • Frontend displays: "Cannot decrypt: this credential was encrypted with a different vault key"

v5.2.3

Bug Fixes

• Vault dashboard: reveal and delete now work for all credentials listed in admin view
  • Server returns project field in credential list response
  • Frontend passes project param to reveal/delete API calls
  • Vault table shows Project column for credential provenance

v5.2.2 — Vault fix + UI polish

Fixed

• Vault: credentials now visible in dashboard (was returning empty list without project param)
• Issues table: title no longer truncated, columns tightened
• Issues table: project names cleaned (hash suffixes stripped, paths shortened)
• Markdown: removed unreliable heuristic auto-detect, render as-is
• Markdown: added formatting guide to MCP tool docs (agents must fence code)

Added

• System page (/system): server info, health grid, theme selector, updates, config
• Shiki syntax highlighting: code blocks with github-light/dark themes + diff rendering
• Theme toggle icon in sidebar footer (cycles light/dark/system)
• Sonner toaster in root layout
• prefers-reduced-motion media query
• CredentialStore.ListAll() for admin dashboard

Changed

• Sidebar nav spacing improved (px-2, gap-1)
• Issues: project identity issue #166 filed for server-side cleanup

Full Changelog: v5.2.1...v5.2.2

v5.2.1 — UX Polish

Fixed

• Logo in sidebar now links to home (removed separate Home nav item)
• Theme toggle cycles Light → Dark → System (auto follows OS preference)
• Removed dead "Search observations..." search bar
• Removed empty AppHeader — update widget moved inline to top bar with SidebarTrigger
• Login page: Email/Token tabs centered
• Issues header wraps on narrow viewports
• Issue comment textarea: monospace font + markdown syntax hint

Full Changelog: v5.2.0...v5.2.1

v5.2.0 — Full Dashboard Redesign

What's Changed

Complete dashboard redesign with shadcn-vue component library, light/dark theme support, and modern design system.

New

• shadcn-vue component library — 25 component groups (Badge, Button, Card, Sidebar, Table, Dialog, Select, etc.)
• DESIGN.md — Google Labs design.md format design system spec with color, typography, spacing tokens
• Light + Dark mode — CSS variable theming with localStorage persistence and prefers-color-scheme detection
• Theme toggle in sidebar footer (Sun/Moon)
• HomeView dashboard — server status header, metric cards grid, system health grid, recent issues table, retrieval stats
• 404 catch-all route

Changed

• All 9 views rebuilt with shadcn-vue components
• Sidebar: clean nav-only layout, health/stats block removed
• Fonts: Inter + JetBrains Mono (replaced Fira Sans/Code)
• Icons: Lucide (replaced FontAwesome)
• Colors: CSS variable system (replaced hardcoded claude-* palette)

Removed

• 7 old custom components (Badge, Card, IconBox, Header, StatsCards, ConfirmDialog, Pagination)
• FontAwesome dependency
• Fira Sans/Code fonts
• Hardcoded dark-only theme
• Dead search route reference

Full Changelog: v5.1.0...v5.2.0

v5.1.0 — Post-v5 Dead Code Cleanup

What's Changed

Massive dead-code cleanup after v5.0.0 migration. ~15,500 lines removed across 4 PRs.

Removed

• Go dead code: All references to dropped tables (observations, raw_event_store, user_prompts, session_summaries, indexed_sessions) — PR #202
• Dead packages: llmclient, synthesis, backfill, dedup, pipeline, palace (aaak+mining) — PR #203
• Dead env vars: ENGRAM_LLM_, ENGRAM_HALFLIFE_, ENGRAM_ENTITY_EXTRACTION_*, and 37+ more — PR #203
• Dead UI: Activity Timeline, FilterTabs, ObservationCard, PromptCard, SummaryCard, ScoreBreakdown, RelationGraph, TagEditor, ObservationEditor, SearchResults — PR #204, #205
• Dead dependencies: vis-network, vis-data removed from UI — PR #205
• Dead types: observation.ts, prompt.ts, summary.ts, relation.ts, search.ts — PR #205

Added

• ENGRAM_AUTH_SKIP_LOCAL — RFC 1918 auth bypass for local network access — PR #203

Changed

• Env migration complete: ENGRAM_API_TOKEN → ENGRAM_AUTH_ADMIN_TOKEN everywhere — PR #203
• Dashboard home: stats-only view (Uptime, Sessions Today, Connected Clients, Status)
• StatsCards: Observations card replaced with Connected Clients

Full Changelog: v5.0.1...v5.1.0

v5.0.1: Post-release dead code cleanup

What's Changed

Post-release cleanup removing all residual dead code from the v5.0.0 dynamic features.

Highlights

• -11,529 lines of dead code removed across 2 PRs
• ENGRAM_API_TOKEN consolidated to ENGRAM_AUTH_ADMIN_TOKEN everywhere
• 6 dead packages deleted: llmclient, backfill, dedup, pipeline, palace, synthesis
• LLM extraction pipeline stripped from SDK processor
• Dead hook exports cleaned, sync-sessions.js + post-compact.js deleted
• Plugin version bumped to 5.0.1

PRs

• #202: Final dead-code sweep — remove v5 dropped-table references
• #203: CR-002 post-release cleanup — dead features, env vars, auth-skip-local config

Migration

• Replace ENGRAM_API_TOKEN with ENGRAM_AUTH_ADMIN_TOKEN in your deployment config
• ENGRAM_URL remains unchanged (client-side)
• New config fields ENGRAM_AUTH_SKIP_LOCAL and ENGRAM_AUTH_TRUSTED_PROXY available (implementation in next release)

v5.0.0

chore: prepare v5.0.0 release (#200)

* chore: prepare v5.0.0 release

* docs: fix v5.0.0 release surface

---------

Co-authored-by: Kirill Turanskiy <thebtf@users.noreply.github.com>