Gatewarden Nexus

Changelog

What's New

Follow the evolution of Gatewarden Nexus. New features, improvements, and platform updates — from initial launch to the latest release.

v0.7.2latest

Full Vector Search Stack, Session Vectorization & Multi-Model AI

June 2026

Feature: Session Entries Vectorized

  • 1,016 session entries embedded— the complete operational history of every project is now semantically searchable. Agents surface relevant prior work across session boundaries by meaning, not by date.
  • Token savings via relevant_context— instead of loading all ADRs + recent sessions categorically, agents call include: ['relevant_context']with a query string and receive 8–10 semantically ranked items across all six entity types in a single MCP call.
  • Auto-embedding on session_append— note, correction, handoff, and ADR entries are embedded automatically after each append. Historical entries covered by backfill.

Feature: Complete Vector Search Foundation

  • Six entity types searchable— decisions, ingest items, research notes, planning items, project documents, and session entries all carry 1536-dimensional embedding vectors with HNSW indexes.
  • Semantic + hybrid search modeskb_search now supports semantic(pure cosine similarity) and hybrid (keyword + semantic, 0.4/0.6 re-ranking) in addition to the existing keyword mode.
  • All write paths covered— 7 API routes have async embedding hooks. Every new document, ADR, scan report, CLI import, session entry, and file upload is automatically embedded with zero latency impact on the API response.

Feature: Confidentiality-Aware AI Routing

  • Code-enforced data classification— OpenAI and AWS Textract are automatically blocked for VS-NfD, GEHEIM, EU-RESTRICTED and higher. No configuration required — the classification is inherited from the customer level.
  • Local embedding for classified projects— DGX Spark routes classified content to gte-Qwen2-1.5B-instruct (1536-dim, same as OpenAI). No schema changes. Both providers coexist in the same vector column.

Feature: DGX Spark Multi-Model Stack

  • Three models, one GB10 (71 GB / 128 GB)— Qwen3-14B (code/reasoning, port 8000), gte-Qwen2-1.5B-instruct (embedding, port 8001), Qwen2.5-VL-7B (vision OCR, port 8003). All accessible via a single OpenAI-compatible LiteLLM endpoint.
  • Vision OCR for scanned PDFs— Qwen2.5-VL-7B extracts text from scanned documents for classified projects where AWS Textract is blocked. Result stored in project_documents.extracted_text and embedded locally.

DB: Migrations 0102–0105

  • pgvector extension + 5 embedding tables(0102) and match_embeddings RPC with HNSW cosine search (0103).
  • RLS policy refactor(0104) — 6 child tables now use is_project_member()SECURITY DEFINER helper. FK index added oncontracts.customer_id.
  • session_entries vectorized(0105) — embedding column + HNSW index + JOIN-awarematch_embeddings branch for project scoping.

API: Cache-Control + Build Fix

  • Cache-Control headers on 8 read-heavy routes: tags (300 s), flavors/baselines (600 s), skills (120 s), profiles (60 s), decisions (60 s), license (no-store), mcp/projects (no-store).
  • Build fixnpx next build completes without errors locally. The _global-error SSG prerender crash (React 19 / Next.js 16 bug) is suppressed.

Feature: Cross-Project Search

  • Unified knowledge search— the Searchpage is now live. Search across decisions, session entries, documents, and research notes — from all your projects in a single view, grouped by project.
  • Hybrid mode by default— combines keyword (ILIKE) and semantic (pgvector cosine) results for the best relevance. Keyword and semantic-only modes also available.
  • Confidentiality-aware— VS-NfD and classified projects appear in search results only for team members. On Nexus Cloud, classified projects use keyword search; full semantic search for classified content requires Self-Hosted Nexus with a local AI stack.
v0.7.1

Project README, Enriched Agent Context & Security Hardening

June 2026

Feature: Semantic Vector Search (pgvector)

  • pgvector-powered semantic search— search across ADRs, documents, research notes, and planning items by meaning, not just keywords. Powered by PostgreSQL pgvector with HNSW indexes for fast cosine-similarity queries across 1536-dimensional embedding vectors.
  • Three search modeskeyword (ILIKE, existing),semantic (pure vector similarity), andhybrid (keyword + semantic with 0.4/0.6 re-ranking). All modes available via thekb_search MCP tool.
  • Automatic embedding on write— every new document, ADR, scan report, CLI import, and file upload is automatically embedded in the background. Updates to existing items trigger re-embedding. Zero latency impact on API responses (fire-and-forget).
  • Embed backfillmake embed-backfill processes all existing knowledge items. Idempotent, rate-limit-safe, and confidentiality-aware. Initial backfill: 190 items across all projects.

Feature: Confidentiality-Aware AI Routing

  • Classification-driven routing— external API calls (OpenAI, AWS Textract) are automatically blocked for VS-NfD, GEHEIM, EU-RESTRICTED and higher classifications. Effective confidentiality is computed as max(project level, customer level).
  • Local embedding fallback— classified projects route to the on-premise DGX Spark embedding model (gte-Qwen2-1.5B-instruct, 1536 dimensions — identical to OpenAI). No data leaves the network for VS-NfD content.
  • Dual text extraction— uploaded documents are automatically text-extracted: direct read for .txt/.md, pdf-parse for text-native PDFs, AWS Textract for scanned PDFs (blocked for classified projects). Extracted text is stored and embedded for search.

Feature: DGX Spark Multi-Model Stack

  • Three AI models on one DGX Spark— NVIDIA GB10 (128 GB unified memory) now runs three vLLM instances simultaneously: Qwen3-14B for code and reasoning, gte-Qwen2-1.5B-instruct for local embedding, and Qwen2.5-VL-7B for vision OCR — all within 71 GB of the 128 GB budget.
  • Unified LiteLLM proxy— all three models are accessible via a single OpenAI-compatible API endpoint with automatic model routing. Same API surface for cloud and local inference.

Feature: Project Overview (README)

  • Markdown README field— projects now carry a full Markdown overview document describing purpose, tech stack, architecture, and constraints. Editable via CodeMirror editor with Source/Preview toggle and .md file upload in the project wizard.
  • Dashboard widget— read-only Markdown renderer with Source/Preview toggle and PDF export button on the project dashboard, below the memory grid tiles.
  • Agent-visible at init— README is surfaced in kb_memoryproject block (8 new fields) and rendered as “Project Overview” in auto-generated AGENTS.md.

Security Audit & Fixes

  • Full OWASP Top 10 audit— 6 domains, 46 checks, 42 passed (91% score). Report persisted as knowledge-base scan report.
  • SEC-002: Webhook rate limiting— dedicated 300 req/min IP-based flood guard on/api/webhooks/ (previously skipped).
  • SEC-003: SVG validation hardened— structural root-element check replaces text-based detection.
  • SEC-004: Error message leak fixed— API keys route returns fixed “Unauthorized” instead of raw Supabase error internals.

UI: Dashboard Improvements

  • Directives tab layout— Core and Project directives now displayed in a compact tab view instead of stacked panels, saving vertical space on the project dashboard.
  • Task assignee selection— tasks can be assigned to project members via dropdown.

Architecture Decisions

  • ADR-0044— Project-Scoped Skills and Agent-Files.
  • ADR-0045— Project README Field and Enriched kb_memory Project Context.
  • ADR-0046— Vector Search Foundation: pgvector Embeddings, OpenAI Embed Backfill, Textract PDF Pipeline, and CNPG Fallback.
  • ADR-0047— Confidentiality-Aware Embedding and Text Extraction Routing.
  • ADR-0048— DGX Spark Multi-Model Deployment: Local Embedding + Vision OCR.
v0.7.0

DGX Spark, Plugin Marketplace, Licensing Rework & Project Intelligence

June 2026

DGX Spark Local LLM Provider

  • NVIDIA DGX Spark deployment— Qwen3-14B running on local NVIDIA GB10 (Grace Blackwell) hardware via vLLM + LiteLLM + Caddy stack. Model routing policy: local by default, cloud only by explicit human escalation. Spark enabled in all 10 projects.
  • Performance benchmarks— 8.05–8.15 tok/s single-request, 125.6 tok/s at 16x concurrency (96.6% efficiency). 48K context confirmed with no measurable penalty. Prefix caching reduces TTFT significantly for warm contexts.
  • ADR-0041 / 0042 / 0043— architecture decisions for DGX Spark provisioning, single-model consolidation, and Qwen3-14B with Thinking Mode — all accepted.

Plugin Marketplace

  • Dedicated plugin catalog— new public /pluginspage with hero, stats bar, plugin cards (icon, highlights, hooks/tools count), and “How Plugins Work” explainer. Each plugin has a full detail page at /plugins/[slug] with key features, hooks, tools, sidebar, and breadcrumb navigation.
  • Free + Alpha tiers— 2 free plugins (Compaction+, Cost Control) included with every plan. 4 alpha plugins (€1,99/mo, Pro+Enterprise): Vault Shield, Knowledge Graph, LLM Bridge, CI Bridge. Source code published at beta for all plugins.
  • CI Bridge— new alpha plugin connecting CI/CD pipelines to Nexus project intelligence. Validates PRs against ADRs and directives, generates architectural review comments, and reports results into sessions. GitHub Actions + GitLab CI support.
  • Navigation & cross-links— “Plugins” added to main navbar. Links from pricing page, tools page, and plugin detail sidebars to the catalog. GitHub repos linked for plugin collection and CLI.

Licensing & Self-Hosting

  • Self-Hosted = Pro for Free— new pricing model: Cloud SaaS is paid, self-hosted gets the full Pro feature set at no cost. No license key, no phone-home, no artificial limits.
  • Pricing page callout— “We only charge for the cloud. The product is free.” banner above the tier grid, setting the framing before users see prices.
  • Community tier: 1 customer— Community plan now includes 1 customer organization, enabling real client work from day one.
  • Deployment packages announced— Docker Compose, Helm chart, Terraform IaC, and bare-metal deployment options coming soon.
  • Funding transparency— Cloud revenue funds operational costs and OSS development. No venture capital, no stakeholder dividends.

Project Intelligence Repositioning

  • New positioning— Nexus repositioned as the “project intelligence layer for agentic development”. Updated homepage hero, meta tags, OG/Twitter cards, features section, and FAQ to reflect intelligence-layer framing.
  • Competitive analysis— Omnigent (Databricks) meta-harness positioning analyzed and ingested as knowledge document. Nexus differentiation: upstream intelligence vs downstream orchestration.

Project-Scoped Skills & Agent Files

  • Project-level ownership (ADR-0044)— skills and agent files can now be created at project scope (project_id FK) alongside existing core (platform-wide) entities. Partial unique indexes prevent ID collisions between scopes.
  • Promotion workflow— project-scoped skills can be promoted to core via the entity review system. Two new email templates for promotion submission and decision notifications (17 total).
  • Dual-section managers— project skills and agent-files pages now show two sections: Project (with inline create forms) and Assigned Core. Project badge and scoped edit permissions in detail views.

Core Skill: nx-learnings

  • Project learnings capture— new core skill for recording architectural learnings, patterns, and anti-patterns. Assigned to all projects. Total core skills: 13.

UI Improvements

  • Read-only banners— Global Skills, Agent Files, Workspaces, and Customers pages show a gold “read-only” banner for non-admin users with gated create/edit buttons.
  • Projects filter widget— SearchBar, status tabs, collapsible advanced filter panel, and view toggle on the projects listing page.
  • Dashboard project filters— “My Projects” on the dashboard home now has search, visibility tabs, and customer/starred filters.
  • Wizard step circles clickable— step indicators in edit mode are now clickable with hover ring and tooltips for quick navigation between steps.
  • Edit → Modify— project edit page title changed from “Edit” to “Modify <Name> Project” for clarity.
  • AI Hardware page— new mock page under Operations with “Alpha” badge, list + detail views, and coming-soon dialogs for future hardware management features.
  • Cost display— all cost values rounded to 2 decimal places ($X.XX) across sessions, cost page, and project overview widget.
  • Tools page updated— tool count 56 → 58, new directives and utility sections added. Plugin table shows status badges and handles empty repo URLs for alpha plugins.

Bug Fixes

  • Customer-edit team assignments— fixed team assignment persistence in customer edit form.
  • Skills & agent-files edit button— restored missing edit buttons on detail pages.
  • Session “Unknown” user— fixed user display name fallback in session timelines.
  • Customer visibility— removed redundant app-level created_byfilters; RLS policies handle visibility correctly.
  • Member-add widget— fixed auth.users admin API lookup,isPlatformUser check, and email fallback.
  • AI Hardware 500 error— extracted HardwareNode type into shareddata.ts module (no 'use client') for server + client import compatibility.
  • Login page CLS— added min-h-[70vh]to prevent cumulative layout shift (CLS 0.119 → 0).
  • Plugin detail hover— fixed “View pricing” button text unreadable on hover in dark CTA section.

Security

  • SEC-001: npm audit clean— 38 packages updated, 0 critical and 0 high vulnerabilities remaining. 2 moderate (postcss/next) unfixable upstream.
  • SEC-002: impersonation audit trail— all impersonation events logged to audit_eventswith actor, target user, and IP address.
  • SEC-005: select('*') removed— all 14 select('*') calls replaced with explicit column lists across 12 files.
  • Security scan auto-ingest— scan results automatically persisted as ingest documents via session_append (migration 0099).

Performance

  • Performance scan: 98/100— Lighthouse 99/100/100/100, all Core Web Vitals passing.
  • Bundle optimization— extracted pdf-fonts.ts to prevent wizard form from pulling @react-pdf/renderer(~42 KiB saved from initial bundle).
  • Scan report auto-ingestsession_append auto-creates ingest documents for security and performance scan entries, persisting results without manual action.

CLI v0.7.0

  • Provider passthroughProviderConfig changed toserde_json::Value for opaque passthrough.nexus pull writes provider blocks toopencode.json. DGX Spark auto-mapped.
  • Init prompt fixnexus init no longer prompts for API URL when the global config file already exists.
  • 237 passing tests. GitHub release rebuilt.

Database

  • 0098project_id FK on skills and agent_files, partial unique indexes, full RLS policy rewrite (13 policies), entity_reviews CHECK extended for agent_file type.
  • 0099— scan report classification: new scan_report classification type for ingest items, auto-created by session_appendon security/performance scan entries.
v0.6.13

Cost Tracking, Documents Merge, Performance & CLI Open-Source

May / June 2026

Cost Tracking Dashboard

  • Cost detail page— new /cost route per project with summary cards (total cost, tokens, messages, sessions), token breakdown, per-model aggregate table, and per-session collapsible detail list.
  • Project overview widget— cost widget in the Project Memory grid showing estimated USD spend with direct link to the cost detail page.
  • Session cost snapshots— session detail pages show cost snapshot entries as green cards with token breakdown and collapsible per-model table. Session close blocks include cost in the stats grid.
  • nexus-cost-control plugin v2.0— OpenCode plugin that captures token usage and estimated cost from native AssistantMessage.infodata. Zero external dependencies — no Helicone or third-party API required.

Performance Improvements

  • GIN index on session_entries.metadata— migration 0097 adds a jsonb_path_ops GIN index for fast JSONB containment queries used by cost tracking and plugin filtering.
  • Bounded MCP memory queries— all 6 unbounded queries in the MCP memory endpoint now have.limit() to prevent payload blowup as data grows.

CLI Open-Source

  • nexus-cli is now open-source— the Nexus CLI has been released as an open-source project on GitHub at gwnexus/nexus-cli. Community contributions welcome.

Unified Documents Page

  • Research + Ingest merged— the separate Research and Ingest sections are now combined into a single “Documents” widget and page with a tabbed interface (Notes, Files, Links).
  • ADR cross-reference— the documents page header includes a direct link to the Decisions page, clarifying that ADRs are managed separately.
  • Ingest item detail— moved from /ingest/[itemId] to /documents/[itemId]with updated breadcrumbs and navigation.

Repositories Management

  • Repositories widget— replaced the inline repository list on the project overview with a compact widget in the Project Memory grid showing the count.
  • Repositories page— new /repositories route with full CRUD: add repository URLs, remove entries, URL detection with external link icons.

Session Timeline

  • Plain-text previews— timeline entries now show a stripped plain-text summary (max 200 chars) instead of raw markdown. Tables, code blocks, and headings no longer clutter the timeline view.
  • Expandable detail— entries longer than 200 characters get a “Show full entry” toggle that reveals the complete content with full markdown rendering.

Bug Fixes

  • Setup Guide visibility— the Setup Guide link on the project overview is now visible to all project members, not just platform admins. The Edit button remains admin-only.
v0.6.12

Performance, Plugin Sync & UI Polish

May 2026

Performance Optimizations

  • Font optimization— migrated Switzer from raw @font-face + preload to next/font/local with CSS variable for automatic subsetting and zero-layout-shift loading.
  • N+1 query fix— skills export endpoint now batch-fetches pinned versions in a single query instead of per-item sequential queries.
  • Parallel queries— 4 server component pages now use Promise.all() for independent database queries (tasks, workspace, skills, letters).
  • Bounded list queries— added .limit(200) to 6 unbounded list pages (customers, decisions, letters, sessions, skills, workspace forks).
  • Explicit column selection— replaced select('*') with explicit columns in 3 server component pages to reduce data transfer.

Plugin Assignment Sync

  • Project creationopencode_plugin agent files are now filtered by selected plugins instead of auto-assigning all plugin files regardless of selection.
  • Project editing— plugin changes now sync project_agent_files: unselected plugins are removed, newly selected plugins are added.

Workspace & Devbox

  • Meta variable overridesC_DBX_META_* overrides now correctly reflected in workspace devbox preview, edit, and export via sharedapplyMetaVarsToBody() utility.
  • Gitleaks— added gitleaks: latest to all 4 workspace blueprint packages.

UI Polish

  • Confidentiality shields— project table and customer list now use ConfidentialityShieldMiniinstead of generic lock icons.
  • Customer logosCustomerAvatar component with logo + tooltip in dashboard project rows and customer list; dark circle fallback for missing logos.

CLI v0.6.12

  • Update check— background update check via GitHub API with 24h cache and 3s timeout. Never blocks CLI execution.
  • Clippy in pre-commit— added clippy lint checks to the pre-commit hook. 223 tests passing.
v0.6.11

Demo Licensing, Impersonation & Admin Mail

May 2026

Demo License Flow

  • Platform user role— full platform_user implementation with permissions, API guards, project isolation, sidebar badges, and tests. Demo Pro license: 3 customers, 50 projects, 4 seats, 60-day validity.
  • Customer ownership isolation— demo users see only own-created customers via created_bycolumn. Hard-delete restricted to admin only.
  • Auto-resolve role requests— pending role_requests are automatically marked approved when a demo license is granted.
  • License page— user-facing /dashboard/licensewith Pro status, “Demo” badge, days-remaining, resource usage bars, tier limits grid, and expiry explanation.
  • Extension requests— “Request license extension” button with rate-limited API endpoint using role_requests table.

Impersonation

  • App-layer impersonationplatform_owner can impersonate any user vianx-impersonate cookie. Amber warning banner across all 28+ dashboard pages using getEffectiveUser(). Read-only in Phase 1.

Admin Email

  • Delivery fix— switched to admin@gatewarden.eu due to CNAME+MX RFC conflict on nexus subdomain. ProtonMail MX + Resend inbound configured.
  • Test mail page— admin page at /dashboard/admin/mail/test with all 15 email templates, send individual or all.

Machine Registry

  • MCP v0.8.8— migration 0094 adds machines table for tracking CLI instances with machine ID, hostname, OS, and last-seen timestamp.
  • Session metadata— sessions now display agent model, toolstack, and machine info.

Agent Files & Workspace

  • AGENTS.md / CLAUDE.md regeneration— always regenerated on pull regardless of manual overrides. New “CODING DISCIPLINE” section added.
  • .env.nexus.local scaffold— included in agent file export for local environment setup.
  • Ansible/OpenTofu IaC workspace— new workspace flavor and blueprint for infrastructure-as-code projects.

UI Improvements

  • Confidentiality shield— enhanced selector with shield icon + level description in customer edit forms. Moved Security & Compliance section to top.
  • Customer logo component— restored CustomerLogo component after accidental removal.
v0.6.10

Envelope Encryption, Git Identity Guard & Unified Editor

May 2026

Envelope Encryption Architecture (ADR-0037)

  • Classification-driven encryption— application-level envelope encryption with four tiers (none / standard / elevated / maximum) mapped to the 12-level confidentiality taxonomy across Commercial, German VS, and EU/EUCI frameworks.
  • AES-256-GCM + HKDF-SHA256— per-project DEK for severity 0–5, per-object DEK for severity 6–7 (need-to-know principle). Envelope format with authenticated metadata, content hash, and key version tracking.
  • Pluggable Key Providers— Local (ENV master key), HashiCorp Vault (Transit), AWS KMS, Azure Key Vault, and GCP Cloud KMS. No vendor lock-in.
  • Key rotation lifecycle— versioned KEKs with managed transitions, resumable re-encryption jobs, and full audit logging.
  • Defense-in-depth— encrypted objects stay encrypted on classification downgrade. Upgrades mark existing objects for manual encryption.

Git Identity Guard

  • Per-project git identity— storeuser.name, user.email,user.signingkey, and commit.gpgsign per project. Prevents accidental commits with the wrong identity.
  • Wizard & agent file integration— collapsible “Git Identity” section in the project wizard, auto-generated # GIT IDENTITY block in AGENTS.md / CLAUDE.md.
  • CLI: nexus git verify|apply— compare and apply project git identity to local repo. Auto-applied on nexus init and nexus pull.

Vault Letter Tickets

  • Ticket-like features— assignee field, resolved-at timestamp (auto-managed via trigger), project-scoped labels with color, and PDF export with confidentiality watermarks.
  • Bug fixes— letter body persistence (actorUUID → TEXT), escaped newlines at MCP/UI/PDF layers, lightweight “Add Note” replaces full reply form.

ADR Source Edit Mode

  • Inline section editing— Context, Decision, and Consequences as separate cards with per-section “Source” button opening a CodeMirror editor. Works for draft and under_review.

Unified Code Editor

  • Single CodeEditor component— all markdown/content editing now uses CodeMirror 6 (oneDark, line numbers, syntax highlighting). Replaces legacy textarea editors in ingest items, directives, skill resources, and MarkdownDocument source view.

Fixes

  • Plugin TUI deadlock— migration 0083 fixes OpenCode startup deadlock caused by awaiting uninitialized TUI in nexus-compaction-plus.
  • AGENTS.md directive sync— stale directives stripped and re-injected on every export.
  • Migration idempotency— 0067 + 0087 guarded with DROP IF EXISTS.
v0.6.9

Workspace Management & Shadow Mode

May 2026

Shadow Mode

  • Workspace shadow mode toggle— fork cards now include a toggle switch to enable/disable shadow mode. When active, workspace files (devbox.json, devbox.lock, .devbox/, scripts/devbox/) are excluded from git tracking via .git/info/exclude. A purple info banner explains what to run locally.
  • Shadow mode un-deprecated— shadow mode for agentic files is no longer deprecated. Root-level agentic files still need git-exclude management. All deprecation warnings and notes removed.

Workspace Improvements

  • Auto-generated script files— new forks automatically receive boilerplate script_files (dbx_init.sh, lib/common.sh, tmux launchers, OS overrides, ops scripts) generated from the blueprint or via sensible defaults.
  • Upstream sync info box— when a fork's upstream blueprint has changed, a golden info panel explains the 3-way merge behavior: unchanged fields update automatically, customized fields are preserved.
  • Ignore & Decouple— new button in the upstream info box to permanently decouple a fork from its blueprint. Confirmation dialog warns about consequences. Future blueprint updates will no longer trigger sync notifications for decoupled forks.
  • New baseline: Minimal K8s/Tilt— kubectl, k9s, tilt, kustomize, helm, cosign, syft, grype, trivy, slsa-verifier + DevOps CLI tools.
  • New flavor: Go (Expert)— go, gofumpt, golangci-lint, goreleaser, gotestsum, mockgen, protobuf, buf, delve, air + extended scripts.
  • Fork version badges — distinct blueprint v{n} (gray) and fork v{n} (blue) badges always visible on fork cards.

Editor & UI

  • Shared LineNumberedEditor highlightJson, highlightBash, and LineNumberedEditor extracted into a shared component — used by blueprint edit, blueprint detail, fork edit, and fork detail views.
  • Blueprint edit view upgrade— blueprint edit form now uses LineNumberedEditor with JSON and bash syntax highlighting, matching the fork edit experience.
  • Blueprint detail view upgrade— blueprint read-only detail page now uses LineNumberedEditor with syntax highlighting + line numbers, plus a read-only ScriptsTreeView for shell scripts.
  • Tags column removed— global workspaces table no longer shows the tags column.
  • OS overrides & scripts collapsed— TreeView sections start collapsed to reduce visual clutter.

Bug Fixes

  • Stale data fix— resolved three root causes of workspace fork stale reads: Next.js Data Cache disabled, p_script_files RPC parameter added, PATCH handler field mapping corrected.
  • Shell scripts save fix— editing via the JSON editor no longer clobbers TreeView changes and vice versa.
  • Duplicate line numbers fix highlightJson() no longer renders inline line numbers (editor gutter handles it).
  • P10k instant prompt post_init_script detects Powerlevel10k instant prompt and suppresses console output.

Blueprint API

  • PATCH returns affected forks— blueprint save now returns an affected_forks list and skips shadow-mode forks when setting upstream_changed.
  • Fork-impact dialog— after saving a blueprint, a dialog shows how many downstream forks are marked “Upstream Changed” and explains the user's options (Sync or Ignore & Decouple).

CLI (nexus-cli v0.6.9)

  • nexus workspace shadow on|off|status— new command to exclude workspace files from git tracking (devbox.json, devbox.lock, .devbox/, scripts/devbox/).
  • nexus pull— auto-applies workspace git-exclude when fork has shadow_mode = true.
  • Shadow un-deprecated nexus shadow on|off|status no longer prints deprecation warnings.
  • 211 passing tests.
v0.6.8

Smart Agent File Generation & Sync Protocol

May 2026

Agent File Auto-Generation (ADR-0036)

  • Smart content generation— AGENTS.md and CLAUDE.md are now auto-generated with rich, project-specific content during project creation and editing. Includes team members, skills (full body), plugins, MCP servers, customer context, and project directives inline.
  • Confidentiality rules— agent files automatically include tiered security rules based on the customer's confidentiality level (internal, confidential, strictly-confidential, and German/NATO/EU classifications).
  • Override source tracking — new body_override_source field tracks whether content is auto-generated, user-uploaded, or manually edited. Regeneration on project edit only occurs for auto-generated files, preserving manual and uploaded overrides.
  • Directive dedup— project directives embedded in auto-generated files are no longer duplicated at export time.

Sync Protocol

  • Content hashing— SHA-256 hashes are computed and stored after every nexus pull export, enabling drift detection between the platform and developer workspaces.
  • New MCP actions af_sync_check (compare local vs remote hashes), af_sync (bidirectional pull/push), and af_sync_status (bulk sync state query).
  • Out-of-sync indicator— project detail page shows an “Out of sync” warning badge when agent files have drifted from the platform version.
  • Sync badges in manager— the agent files manager displays per-file sync status (synced, local modified, conflict, remote modified) and last synced timestamp.

UI Improvements

  • Plugin visibility— all active plugins (including RTK) now appear in the project detail agent toolbox as amber badges, not just MCP-server-backed plugins.
  • Tags separation— project tags are visually separated from K/V metadata in the header with a label prefix and divider.
  • Confidentiality dedup— removed duplicate confidentiality badge from header (already shown in Security & Compliance card).
  • Team photos— project wizard confirm page now shows avatar photos for the owner and all team members.
  • Auto-generated badge— agent file assignments created by the project wizard are marked with an “auto” badge.

CLI (nexus-cli v0.6.8)

  • nexus status— new command to check sync state of all project agent files against the platform.
  • nexus push— upload local agent file changes to the platform as manual overrides.
  • nexus reset— discard local changes and pull fresh content from the platform.

Database

  • 0067 auto_generated boolean on project_agent_files
  • 0068 body_override_source text column
  • 0069 content_hash, last_synced_at, sync_status columns with performance index
v0.6.7

Workspace Pull Fix — PAT-Authenticated Export

May 2026

Fixed

  • Workspace pull 404 resolved — the nexus pull workspace export now works correctly with PAT token authentication. Previously, the workspace-forks endpoints only accepted cookie-based session auth, causing a 404 for all CLI users.
  • .env.local.example restored— the environment template file was tracked in git but missing from the working tree.

API

  • ws_export action in /api/mcp/agent-files— exports the active workspace fork (devbox.json + scripts) for a project using PAT authentication. Automatically finds the active fork without requiring a separate list call.

CLI (nexus-cli v0.6.7)

  • Single-call workspace export nexus pull --scope workspace now uses the MCP-authenticated ws_export action instead of the two-step list + export flow. Falls back to v1 if the endpoint is unavailable.
  • Graceful handling— when no workspace fork is assigned, the CLI shows a clean info message instead of an error.

Developer Tooling

  • ws-backup.sh— new utility script at scripts/ws-backup.sh to snapshot and restore pull-managed agentic files. Supports backup, restore, and status commands.
v0.6.6

Workspace 2.0 — Blueprint + Fork Architecture

May 2026

Features

  • Workspace Blueprints— workspaces are now first-class entities composed from a Baseline (core tools) and a Flavor (language toolchain). Create blueprints via a guided 5-step wizard from the new Workspaces dashboard page.
  • Project Forks— projects receive deep-copy forks of workspace blueprints. Each fork tracks its source version — upstream changes are detected automatically via database triggers.
  • Curated Catalog— 6 baselines (Minimal, DevOps, AWS/GCP/Azure Cloud, Docker/K8s) and 6 flavors (Node.js/TypeScript, Rust, Python, Go, PHP, Nexus Dev) available out of the box.
  • Version Tracking— workspace blueprints are versioned. Updates bump the version and flag all downstream forks with an upstream-changed indicator.

CLI (nexus-cli v0.6.6)

  • v2 Fork Export API nexus pull --scope workspace now uses the v2 fork-based export endpoint with automatic fallback to v1 for backward compatibility.
  • Upstream awareness— pull output shows upstream-changed indicator and shadow/direct mode.

API

  • GET/POST /api/workspaces— list and create workspace blueprints.
  • GET/PATCH/DELETE /api/workspaces/:id— manage individual blueprints with version bumping.
  • GET /api/workspaces/baselines and /flavors— catalog endpoints.
  • GET/POST /api/projects/:id/workspace-forks — list and create project forks.
  • POST /api/projects/:id/workspace-forks/:forkId/export — CLI export endpoint for devbox.json + scripts.
v0.6.5

Import, Shadow Deprecation, Session Metadata

May 2026

Features

  • Import API endpoint — new POST /api/mcp/import batch endpoint for importing agentic files, directives, and referenced documents into a Nexus project. Imported directives are created as disabled for review.
  • Dynamic cross-references in af_export — exported agent files (CLAUDE.md, AGENTS.md) now include a “Customer Repository Context” block listing pre-existing agentic files when import data exists.
  • Session entry metadata session_append now persists model, toolstack, and machine_id via JSONB metadata column (migration 0072). Dashboard shows colored badges per entry.
  • Collapsible compaction entries— session detail page uses native <details>/<summary> for compaction entries (default collapsed).
  • Setup guide corrected— CLI workflow order fixed to login → link → init → pull. References updated for ADR-0029 (.git/info/exclude).

CLI (nexus-cli v0.6.4)

  • Unified .git/info/exclude nexus init now always writes a unified exclude block to .git/info/exclude (.nexus/, .opencode/, opencode.json, .env.local) for clean repo-local exclusions.
  • .gitignore migration nexus init auto-detects and removes Nexus entries from .gitignore, moving them to .git/info/exclude instead (repo-local, never committed).
  • deinit cleanup nexus deinit now cleans up .git/info/exclude entries (both Nexus CLI and shadow blocks).

CLI (nexus-cli v0.6.3)

  • Secret leak fix build_opencode_entry translates ${env:VAR}{env:VAR} (OpenCode syntax) instead of resolving to plaintext values.
  • MCP server dedup merge_extra_mcp_servers detects servers with identical command arrays and skips duplicates with a warning.

Documentation

  • ADR-0029— .nexus as Local Workspace Cache: .git/exclude Strategy.
  • ADR-0028— Agentic File Import: Detection, Ingestion, and Cross-Referencing.
v0.6.4

Project Tasks, Security Hardening, CLI Machine-ID

May 2026

Features

  • Project-level Tasks (Phase 1)— full CRUD dashboard UI with status/priority filters, sortable table, task detail page with MarkdownDocument (source/preview, debounced auto-save), notes timeline, and properties sidebar.
  • Tasks API— project-scoped REST API for tasks CRUD and task notes (GET/POST/PATCH/DELETE).
  • CLI v0.6.1: Tasks export nexus pull exports open tasks as .nexus/TASKS.md sorted by priority.
  • CLI v0.6.2: Machine-ID— persistent UUID at ~/.config/nexus/machine.toml, sent as X-Nexus-Machine-Id header on every API call.

Security

  • OWASP Top 10 Audit— 18 findings identified, 7 fixed: agent_files RLS hardened (migration 0069), open redirect fix, rate limiting middleware (120/20/600 req/min), skills/commands RLS hardened (migration 0071), error message sanitization, PostgREST filter injection fix.
  • Ingest bulk-classify fix — replaced .update().in() with Promise.allSettled for reliable individual updates.

Improvements

  • Tasks removed from global sidebar — live exclusively at project level with count badge on project detail page.
  • CLI v0.6.0: nexus import command (agentic file scan, directive extraction, link resolution).

Documentation

  • ADR-0026— Skill Resources and Auto-Generated Frontmatter.
  • ADR-0027— .nexus as Exclusive Agentic Root.
v0.6.3

Skill Resources, auto-generated frontmatter, and UI consistency

May 2026

Features

  • Skill Resources (multi-file support)— skills can now have multiple resource files alongside the main body. New accordion UI for viewing, adding, editing, and deleting resources, with full versioning via JSONB snapshots.
  • Pending Resources in skill creation— resource files can be added during skill creation before the skill is saved.
  • Auto-generated skill frontmatter— skill metadata frontmatter is now generated on-the-fly during MCP export and retrieval, rather than stored in the database body.
  • MCP sk_get returns resources— the MCP skill retrieval tool now returns a resources array alongside the auto-frontmattered body.

Improvements

  • Source/Preview toggle— editor toolbar toggle now works in all modes with defaultMode respected.
  • Unified VersionControls— shared component used by both skill and agent-file detail pages with identical styling and behavior.
  • Consistent table design— both skills and agent-files tables now show Files column badges and collapsible archived sections.
  • Right-aligned action buttons— Edit, Start Review, and status action buttons are now consistently right-aligned across skills and agent-files detail pages, with the status badge on the left.
  • Content-change detection fix— skills API uses diff-based detection to prevent phantom version bumps.

OpenCode Plugin (nexus-compaction-plus v1.8.0)

  • Stable release— session context preservation across compaction events with full audit trail recording.
  • nexus_show_plugins tool— custom MCP tool showing loaded plugins, versions, API connection status, and registered hooks.
  • TUI startup toast— confirms plugin load with name, version, and connection status.
v0.6.2

License tier refactoring and per-user licensing

April 2026

Features

  • 3-tier license model— consolidated from 4 tiers to 3: Community (€0/mo), Pro (€6.95/mo), and Enterprise (€84.95/mo). Additional seats at €2.95/mo each.
  • Per-user license tables — new user_licenses and user_license_history tables with RLS, preparing groundwork for per-user billing in v0.7.0.
  • Community tier gate— project wizard team-members step now shows an upgrade banner and disables member selection for Community tier users.

Improvements

  • License page— 3-column plan comparison with monthly pricing.
  • TierBadge— updated styling for new tier names.
  • FAQ— Pro tier description updated with concrete pricing and seat details.

Documentation

  • ADR-0025— License Tier Refactoring: 3-Tier Model with Per-User Licensing (supersedes ADR-0014).
v0.6.1

PDF export for ADRs and agent skill files

April 2026

Features

  • PDF export for ADR/Decisions — export button on the decision detail page enables one-click PDF generation with S3 caching, completing PDF export coverage for all document-backed entity types.

Improvements

  • OpenCode skill files — added skill definitions for ADR drafting, code review, database migration, performance scanning, security scanning, and plugin inspection workflows.
  • Compaction plugin fix — session ID capture from nexus_session_create responses now works correctly.
v0.6.0

Security hardening, PDF export, performance, and classification UX

April 2026

Security

  • Comprehensive security audit — 20 files reviewed and hardened. Document download now verifies project membership (IDOR fix), MCP identity scoped to user's projects, auth callback blocks open redirects, SVG uploads sanitized, and 10 API routes no longer leak raw database errors.
  • Aggregation function hardening — all RPC functions secured with SET search_path and project membership checks.
  • Markdown XSS protection rehype-sanitize added to all Markdown renderers across the application.

PDF Export

  • Export ingest documents as PDF — async Markdown-to-PDF generation with S3 caching and one-click download from the ingest detail page.

Classification & Knowledge Management

  • Quick-classify — classify ingest items directly from the detail page with a grouped dropdown. Supports bulk-classify for multi-select.
  • Research tile sub-counts — project overview now shows separate counts for Links, Docs, and Agent-promoted research items.

Performance

  • Database aggregation RPCs — new server-side functions replace N+1 client-side counting for projects, letters, and sessions.
  • Query parallelization — project detail, dashboard, letters, sessions, research, and ingest pages all load faster through parallel data fetching.
  • Centralized project access check — new shared helper eliminates ~283 lines of duplicated verification code across 11 pages.

UX Improvements

  • Indeterminate checkbox — select-all checkbox on the ingest list now shows an indeterminate state for partial selections.
v0.5.3

Security hardening, project editing, and UX polish

April 2026

Security

  • Hybrid Supabase client strategy (ADR-0023) — all API write operations now use the service client to prevent silent RLS failures. User client retained for authentication and reads as defense-in-depth. Migrated 14 API routes covering 19 database tables.

Project Editing

  • Documents in edit mode— existing offers, SOWs, and start documents displayed as inline tables with download and delete per category.
  • Agent config persistence— plugin settings, environment confirmation, and auto-generate flags loaded from and saved to the database.
  • Tags on detail page— project tags shown as blue badges on the project overview.
  • Skills sync— skill assignments persisted during both project creation and update.
  • Repositories and contacts— new project fields with dedicated input components in the wizard.

UX Improvements

  • Redesigned tag input— tags rendered as inline badges with backspace-delete and focus ring.
  • Full-width navbar— navigation bar now spans the full viewport width.
  • Setup guide— improved title format and nexus upgrade as primary install option.
  • Default agentic root— new projects default to .nexus instead of .claude.

Bug Fixes

  • Tags not saving— resolved silent RLS failure that prevented tags from being persisted for weeks.
  • Agent fields on update— tags, plugins, capabilities, and config now correctly saved when editing a project.
v0.5.0

Document management, vector search, and onboarding improvements

April 2026

Document Management

  • Project documents— upload, organize, and version documents per project with S3-backed storage and CloudFront CDN delivery.
  • Vector search— semantic search across uploaded documents using pgvector embeddings for intelligent retrieval.
  • OCR and AI analytics— automatic text extraction from PDFs and images with AI-powered metadata tagging and categorization.

Onboarding

  • Demo license request— new users can request a demo license to explore the full platform before committing.
  • Community showcase— read-only sample project with example ADRs, sessions, and documents for onboarding.
  • FAQ section— comprehensive FAQ and “Why Nexus” page based on real developer survey responses.

Improvements

  • Revised pricing— consolidated to Community, Pro, and Enterprise tiers with monthly pricing.
  • Early Access landing page— updated public-facing page reflecting the current development stage.
  • Email templates— rebranded and streamlined across all outbound emails.
v0.4.0

Devbox integration, skill lifecycle, and entity reviews

April 2026

Developer Experience

  • Devbox integration— interactive developer shell with module system for local development, diagnostics, and deployment tooling.
  • Skill lifecycle management— full CRUD for reusable agent skills with versioning, review workflow, and project assignment.

Governance

  • Entity review system— structured review workflow for skills and agent files with inline comments, state transitions, and audit trail.
  • Notification subscriptions— per-user notification preferences for ADR changes, session summaries, and letter updates.

Improvements

  • Performance— N+1 query elimination, batch loading for project overview widgets.
  • Session UI— enhanced with user attribution, avatars, timestamps, and markdown rendering.
  • CLI stabilization— improved install.sh, preflight checks, --yes flag for non-interactive usage.
  • MCP server— expanded to 47 tools across 14 endpoints.
v0.3.11

Customer billing fields, notification subscriptions, and CLI CDN migration

April 2026

Customer Management

  • Billing fields — new customer_number, vat_id, reverse_charge, and short_id columns on the customers table.
  • Invoicing fieldset— dedicated section in customer edit form with reverse charge toggle and VAT ID input.
  • New customer wizard— extended with customer number, short ID, VAT ID, and reverse charge across creation steps.
  • Project agent prefix— new projects auto-derive agent prefix from the customer's short_id.

Notification Subscriptions

  • Topic-based subscriptions— subscribe to release updates, feature previews, and beta releases per product (App, CLI, MCP, or all).
  • Settings UI— toggle-based subscription management in the Settings page.
  • GDPR unsubscribe — public /unsubscribe?token=... page for one-click unsubscribe without login, plus List-Unsubscribe header in all subscription emails.

CLI & Infrastructure

  • CDN installer install.sh migrated from GitHub raw URLs to S3/CloudFront for reliable access from the private repo.
  • CLI v0.1.5— released with corrected installer URLs.

Fixed

  • Dashboard overflow— long descriptions in recent sessions and decisions no longer break layout.
v0.3.10

Security hardening, DB indexes, and error sanitization

April 2026

Security

  • MCP project access — added checkProjectAccess() to 14 MCP action handlers that were previously accessible to any authenticated user.
  • SQL injection fix — added escapeIlike() to decisions search route to prevent injection via unsanitized string interpolation.
  • Error sanitization— replaced 38 instances of raw Supabase error leaks with sanitizeDbError() across all 10 MCP route files.
  • CLI path traversal — reject .. components in agent file write paths.
  • HTTP timeouts— 30s fetch timeout on MCP server, 30s request + 10s connect timeout on CLI.

Performance

  • DB indexes— 10 B-tree indexes on FK columns across sessions, tasks, letters, and related tables.
  • MCP search — replaced select('*') + JS filtering with DB-level ILIKE filtering and per-type result limits.
  • Dashboard counts— capped unbounded count queries with BATCH_LIMIT (10,000).

Fixed

  • force-dynamic — added export const dynamic = 'force-dynamic' to 59 cookie-dependent API routes to prevent Next.js from statically caching auth-dependent responses.
v0.3.9

Community license tier with full quota enforcement

April 2026

Community Tier

  • Hard quota limits— 1 seat, 1 customer, 10 private-only projects, 50 sessions, 10 decisions, 1 GB storage.
  • Quota enforcement— session, decision, storage, skill, and agent file creation blocked when limits are reached across both webapp and MCP APIs.
  • Seat check— new user registration blocked when seat quota is exceeded.
  • Private-only projects— community tier restricted to private project visibility.

License UI

  • Community badge— new tier badge styling for community accounts.
  • Quota gauges— sessions and decisions usage gauges added to the license page.
  • Plan comparison— 4-column grid comparing Community, Professional, Business, and Enterprise tiers.
v0.3.8

Landing page preference, agent file assignments, and admin mail

April 2026

User Experience

  • Landing page preference— configure which page to show after login (Settings > Landing Page) with 2-level dropdown supporting direct project navigation.
  • Cross-project navigation— new Coordination menu item (placeholder for linked-projects feature).

Agent Files

  • Project assignments— M:N junction table for assigning global agent files to specific projects with version pinning and enable/disable toggle.
  • Scoped export af_export now returns project-level assignments instead of all tenant files. Project directives embedded into agent-category files during nexus pull.

Email & Notifications

  • Project membership emails— rich HTML templates for invite, role change, and removal notifications.
  • Admin mail inbox— full admin UI for inbound emails from Resend webhooks with search, pagination, bulk delete, and reply functionality.

Security

  • Admin mail hardening— ILIKE injection prevention, UUID validation, from-address allowlist, iframe sandbox XSS protection.
v0.3.7

Skill editor UX overhaul

April 2026

Editor Improvements

  • Source-first editing— skill editor now opens in markdown source view by default with a segmented Source/Preview toggle.
  • Integrated upload— Upload .md button moved directly into the editor toolbar alongside the source/preview toggle.
  • Tags in control pane— tag picker relocated from the markdown area into the settings panel alongside command name and description.
  • Status badge— skill status now appears right-aligned in the actions bar next to Edit / Save / Cancel.

Lifecycle Management

  • Danger Zone— new section with archive/unarchive and permanent delete (slug-based confirmation), replacing the top-bar archive button.
  • DELETE API— new endpoint for permanent skill deletion with full cascade (tags, commands, versions, assignments, reviews).

Skill Creation

  • Blueprint template— downloadable skill-blueprint.md with all recommended sections, hosted on S3/CloudFront.
  • New default tags— Workflow, Code Quality, DevOps, Testing, Documentation, Agent, and Init added to the tag library.
v0.3.6

Code audit, security fixes, and dead code cleanup

April 2026

Bug Fixes & Security

  • MCP auth profile lookup— fixed wrong column in profile query causing MCP tokens to always get displayName: null.
  • MCP actor identity— resolveActor now returns auth user UUID instead of surrogate PK.
  • Decision links security— DELETE handler now scopes by decision_id, preventing cross-project link deletion.
  • Guarded request.json()— 7 API routes now catch malformed JSON payloads instead of crashing.

Performance

  • Query parallelization— 6 dashboard pages now run independent queries via Promise.all (settings, customers, sessions, letters, session detail, decision edit).
  • License quota check— 5 independent quota queries parallelized; eliminated wasted query that fired but was never awaited.
  • Replaced framer-motion— mobile nav animation now uses pure CSS keyframes (~130KB removed from client bundle).

Cleanup

  • Removed 4 unused npm deps— zod, dayjs, react-use-measure, framer-motion.
  • Removed ~64 template assets— placeholder images and SVGs from Radiant/Tailwind UI template across 12 directories.
  • Dead code removal— deleted unused proxy.ts, dead CSS keyframe, and no-op useEffect.
  • Error boundaries— added root not-found.tsx (branded 404) and error.tsx (root error boundary).
  • MCP auth refactor— deduplicated token logic by importing shared utilities from api-auth.ts.
v0.3.5

Code quality, performance, and consistency fixes

April 2026

Performance

  • N+1 query elimination— letters and sessions list pages now fetch message/entry counts in a single batch query instead of one query per row.
  • Query parallelization— customer detail page now runs projects, contracts, and profile queries in parallel via Promise.all.
  • Loading skeleton— new dashboard loading.tsx provides a shimmer placeholder during RSC navigation.

Code Quality

  • Safe error handling— new shared toApiError() utility replaces 29 unsafe error casts across 13 API routes with proper type checking.
  • Unified status styles— consolidated 7 duplicate STATUS_COLORS maps into a single shared module, fixing color inconsistencies between pages.
  • Explicit column selects— skills API GET now uses explicit column lists instead of .select('*').
  • Error observability— 5 silent catch blocks now log warnings for easier debugging.
  • Removed debug logging— cleaned up console.log left in project delete endpoint.
v0.3.4

Skill versioning, markdown editing, and UI refinements

April 2026

Skill Versioning

  • Version history panel— skill detail page now shows all version snapshots with view/switch capability. Older versions display read-only with amber banner.
  • Create new version— checkbox in edit mode saves content as a new version (v{N+1}) and resets status to draft, requiring a new review cycle.
  • Version seeding— existing skills with version > 1 now have backfilled snapshots, making all versions selectable in the project skills dropdown.

Skill Editing

  • Markdown preview/source— skill content uses the same MarkdownDocument component as ADRs, with live preview and source toggle.
  • File upload— upload .md/.txt files directly in edit mode. Frontmatter extraction for description.
  • Custom command slug— editable command name when auto-generate is enabled (default derives from skill ID).

UI/UX

  • Clickable skills— skill names and IDs in both the management table and project skills view are now clickable links to the skill detail/edit page.
  • Governance widget— redesigned Accept/Reject buttons with icons, joined vote button group, and right-aligned controls.
  • Billing fonts— plugin prices now match the License Fee row styling.

API

  • Versions endpoint — new GET /api/skills/[id]/versions returns all version snapshots with metadata and accepted-by profiles.
  • Enhanced PATCH PATCH /api/skills/[id] now supports create_new_version and command_slug parameters.
v0.3.3

Performance hardening, error recovery, and dead code cleanup

April 2026

Performance

  • Query parallelization— dashboard, project detail, and decision detail pages now batch independent Supabase queries into parallel Promise.allcalls, reducing waterfall latency by 200–400ms per page
  • N+1 elimination getProjectsWithStats reduced from 4N count queries to 4 batch queries; getCustomerSummaries from N to 1; skills export version lookup from N to 1
  • Explicit column selection— replaced 10 high-value .select('*') instances with explicit column lists across pages and API routes

Error recovery

  • Error boundaries — added global-error.tsx, dashboard/error.tsx, and projects/[id]/error.tsx with retry buttons and fallback navigation

Cleanup

  • Removed 10 unused component files (~3,000 lines of dead code including a 1,050-line keyboard component with framer-motion)
v0.3.2

ADR governance, change requests, license UX, and performance audit

April 2026

ADR governance

  • Governance widget— unified panel with status badge, lifecycle buttons (submit, accept, reject), and community voting with required reason on downvotes
  • Change request flow— accepted ADRs show a “Request Change” link; the form creates a new ADR with supersedes pointing to the original

Dashboard & navigation

  • Projects section moved before Customers; starred projects sort first
  • Recent sessions now link directly to session detail pages
  • Recent decisions link to ADR detail with full governance context
  • Planning feature removed from sidebar and project overview (deferred to v1.0)
  • Top progress bar for page transitions via nextjs-toploader

Skills & directives

  • Skills table restructured with skill_id as primary identifier and merged name/description column
  • Version-pinning dropdown in project skills manager replacing pin/unpin buttons
  • Directives priority changed to high / medium / low enum with colored badges and client-side sort; body made optional

License & billing

  • Enterprise tier badge with black/gold styling and circle icon; “Active” label moved to the right
  • Billing restructured as line-item rows with right-aligned amounts
  • Three plugin line items: OpenCode Audit, Advanced Sessions, External Encryption Provider

Quality & safety

  • Danger zone uses project slug instead of name for delete confirmation
  • Fixture letters replace test data with [Fixture] prefix
  • Architectural audit: identified 7 categories of improvements including query parallelization, N+1 fixes, missing error boundaries, and dead code cleanup
v0.3.1

CLI install pipeline, MCP npm mode, preflight checks

April 2026

CLI (nexus-cli v0.1.1)

  • install.sh oneliner curl -fsSL .../install.sh | bash with platform detection, pre-built binary download from GitHub Releases, SHA256 checksum verification, and cargo fallback
  • GitHub Actions CI/CD— test matrix (ubuntu + macos), clippy, rustfmt, and automated 4-target release builds (aarch64-apple-darwin, x86_64-apple-darwin, x86_64-unknown-linux-gnu, aarch64-unknown-linux-gnu)
  • nexus preflight— environment readiness checks (git, node, npm, npx, config, credentials, API reachability, workspace, MCP configs)
  • --shadowed-ai flag on init — deprecated in v0.6.4 (superseded by automatic .git/info/exclude management, ADR-0029)
  • --yes / -yglobal flag — non-interactive mode for CI/CD and scripted usage

MCP Server (nexus-mcp v0.6.1)

  • npm distribution npx @gwdn/nexus-mcp for zero-install MCP server startup. CLI default switched from local to npm mode via mcp_source config key
  • 38 MCP tools total (added task_list, doc_list, session_delete)

Platform

  • Updated Tools page with current MCP/CLI versions, npm install instructions, full command reference, and correct tool counts
v0.3.0

Project stars, ADR voting, directives, and session filters

April 2026

Project management

  • Star/unstar projects — starred projects appear first in all listings (dashboard, project list, project detail)
  • Project directives: configurable rules and guidelines per project with categories, priorities, and enable/disable toggles

ADR governance

  • Community voting on architecture decisions: up/down votes with net score display
  • ADR linking in session timeline: clickable ADR badges and auto-detection of ADR-XXXX references in notes

Session improvements

  • Status tab filter: All / Resumable / Closed with live counters
  • Timeline date-range filter with quick presets (today, 7d, 30d, 90d) and custom from/to inputs

Infrastructure

  • Cache revalidation endpoint for on-demand Next.js cache flushing via make revalidate
  • Three new database migrations: project_stars, decision_votes, project_directives
v0.2.6

Session UI, governance actions, and skill reviews

April 2026

Sessions

  • User attribution with avatar display and display names in session timelines
  • Markdown rendering for session summaries and entry content
  • Formatted timestamps with relative time display

ADR governance

  • Governance action buttons: submit for review, accept, and reject with confirmation dialogs
  • Decision comments system with append-only chronological thread
  • Decision links and file attachments management
  • Entity tagging system for decisions

Skills & reviews

  • Review workflow for skills: submit, accept, reject, request revision with inline comments
  • Skill detail page with full content view and review status
v0.2.5

MCP API layer, skill management, and expanded dashboard

April 2026

MCP integration

  • Full MCP API backend: identity resolution, knowledge search, memory retrieval, sessions, tasks, letters, governance, skills, and reviews
  • PAT-based authentication with project-scoped permission checks

Skill management

  • Skill creation and editing with markdown body, versioning, and auto-generated OpenCode commands
  • Project skill assignments with version pinning and enable/disable
  • Skill export endpoint for CLI workspace synchronization

Dashboard

  • My Work section with pending reviews and open tasks
  • Project detail pages for sessions, decisions, tasks, letters, research, planning, and ingest
  • Team management page with role assignment
v0.2.4

Performance, edit forms, and deployment automation

April 2026

Performance

  • Self-hosted Switzer fonts replacing external fontshare dependency for faster LCP
  • Navbar bundle optimization: framer-motion replaced with CSS keyframes, Supabase SDK replaced with lightweight cookie heuristic
  • Lazy-loaded Supabase client for sign-out to reduce initial JS payload

Edit forms

  • Customer edit page with fieldsets for general info, contact, billing address, and notes
  • Project edit page with fieldsets for general info and timeline
  • Edit buttons on customer and project detail pages

Landing page

  • Redesigned hero with “Gatewarden / Nexus” heading and watermark logo
  • Cool Steel gradient replacing the original color scheme
  • Footer promotion line with Gatewarden Labs branding

Login

  • Restructured login page with email/password above GitHub OAuth
  • Forgot password flow with Supabase password reset email

DevOps

  • GitHub Actions post-deploy healthcheck verifying site and login page availability after each push to main
v0.2.3

Multi-step wizards, agent setup, and document management

April 2026

Project creation wizard

  • Five-step wizard: basics, timeline & budget, document upload, agent setup, and review
  • Offer and SOW PDF uploads with S3 storage and CloudFront delivery
  • Agent configuration: CLI flavor (OpenCode / Claude CLI) and plugin selection
  • Sidebar info panel with step guide and contextual tips

Customer creation wizard

  • Four-step wizard: basics, contact & billing, contract upload, and review
  • Adaptive flow: internal customers skip contact, billing, and contract steps automatically
  • Structured billing address with street, postal code, city, and country fields

Data model

  • New project_agents table for agent assignments per project
  • New project_offers table for offer/proposal document storage with lifecycle states
  • Extended document upload API to support offer, SOW, and contract types
v0.2.2

Project visibility, private projects, and RLS fixes

April 2026

Data model

  • Project visibility scopes: private, members only, and team
  • Optional customer assignment: private projects no longer require a customer
  • Owner tracking on projects for private project access control
  • Fixed RLS infinite recursion in project membership policies using SECURITY DEFINER helpers

UI improvements

  • Redesigned project creation form with visibility selector and conditional customer field
  • Project list shows lock icon for private projects
  • Non-private visibility options disabled when no customers exist
v0.2.1

Internal customers and tag system

April 2026

Data model

  • Internal customer flag: marks customers like Gatewarden Labs as internal, hiding contact, billing, and contract fields
  • Normalized tag system with shared tags table and polymorphic entity_tags junction supporting 11 entity types

UI improvements

  • New Customer form: internal customer checkbox that conditionally hides contact fields
v0.2.0

Landing page redesign, CRUD forms, and quality improvements

April 2026

Landing page

  • Hero banner with gradient background, version pill, and quick-access buttons
  • Public navigation with dark “Get access” sign-up button
  • Roadmap page with timeline, status legend, and sidebar
  • Roadmap link added to navigation and footer

New features

  • New Project form with customer selector, slug auto-generation, and status picker
  • New Customer form with industry, contact info, and notes fields
  • POST /api/projects endpoint for project creation
  • Admin-request widget on Dashboard and Projects empty states

Code quality

  • 46 audit findings resolved: DB-backed rate limiter, typed Supabase queries, N+1 fixes, pagination
  • Full type safety with generated Supabase types across all API routes and pages
  • Fixed column name mismatches exposed by strict Database generic
  • Fixed DataInteractive SSG crash in link component
  • Dashboard logo alignment fix
v0.1.0

Initial platform launch

April 2026

Initial Launch

  • GitHub OAuth authentication with automatic profile creation
  • Project-scoped RBAC with admin, editor, reviewer, and viewer roles
  • Long-term memory schema: sessions, decisions, research, planning, letters
  • MCP server with 11 tools across 3 layers (knowledge, coordination, governance)
  • API key system for delegated agent access
  • Customer, contract, and SOW management
  • S3 document storage with CloudFront delivery
  • Transactional email via Resend (nexus.gatewarden.eu domain)
  • Netlify deployment with CSP headers, HSTS, and security hardening