• v2.0 446a81626f

    rbrooks released this 2026-06-12 21:27:36 +00:00 | 203 commits to main since this release

    Highlights

    Timeline view — A new /timeline page lays every entry out chronologically, grouped by month, week, or day. A density histogram at the top lets you see where your research clusters at a glance; clicking any bar scrolls directly to that period. Filter by source, certainty, motif, or date range — all synced to the URL so links are shareable.

    Notes & conversations import — Two new import types that don't require a file upload. Paste plain text or Markdown directly into the app (each paragraph becomes one entry with automatic dedup via content hash), or import a conversation transcript from any JSON format with flexible field names (text/content/body, author/speaker, etc.). Speaker attribution is preserved as attributed_to.

    Bulk motif creation — The motif list now has a quick-create form that stays open and refocuses after each submission, so you can name a queue of motifs without interruption. A "Needs details" filter tab surfaces new motifs with no description or entries yet. On entry pages, the "Add to motif" panel lets you search or create-and-add in a single step.

    Motif linking from entry pages + connection timestamps — You can now assign an entry to motifs without navigating away. Connections support a timestamp field (M:SS, H:MM:SS, or raw seconds) for recording the exact moment in a video where a connection appears; timestamps render as chips in the motif detail view.

    Collaborative access — Generate read-only share links for any motif. Recipients see a clean public view (entries, connections, motif notes) with no login required. Links are labelled and revocable from the motif's share management panel.

    Stash webhook + API token auth — A new API token system (named, revocable bearer tokens) powers two token-authenticated webhook endpoints: POST /api/webhooks/stash ingests a Stash scene payload and creates an import job, and POST /api/webhooks/browser accepts a URL + selected text from a browser extension or share sheet. Both go through the same sanitize and dedup pipeline as all other import sources.

    Bulk AI re-analysis — A new AI Tools section in Settings lets you re-generate all text embeddings or re-describe all images against your current AI configuration. Progress is tracked live with a polling progress bar. Media uploads now also fingerprint files on upload to catch exact duplicates without an external library.

    Backup dashboard + failure alerting — The backup history table now shows duration, inline error messages, and expanded to 10 entries. A new backup.alertWebhookUrl setting fires a JSON webhook on backup failure, compatible with Slack, Discord, n8n, or any generic receiver.


    Internal

    Test suite — 89 integration and unit tests covering auth, entries CRUD, tags, motifs, connections, settings, import parsers, and security invariants (isSafeUrl, sanitizeContent, VALID_JOB_FIELDS). Runs against real Postgres and Redis — no mocks for infrastructure.

    Security & dependency upgrades — All High/Medium findings from the v1.0.0 audit resolved (parameterized LIMIT, sendFile root containment, URL scheme validation, rate limiting, env injection hardening). Major dependency upgrades: Express v5, openid-client v6, Vite v8, React Router v7, Tailwind CSS v4.

    Bug fix — Session cookie changed from SameSite=None to SameSite=Lax, fixing a silent cookie rejection issue in non-HTTPS dev environments that broke the OIDC login flow.

    Downloads