Changelog

Maturation release — 7 parallel-agent wave delivers test scaffolding, contract tests, vector store package, package documentation, refactor plans, and dead-code audit. No public API breaks.

Added — @nestor/rag package (NEW)

• First-class vector store abstraction. New workspace package with full scaffold: - VectorStore interface, VectorRecord, VectorSearchResult, VectorFilter types - InMemoryVectorStore — zero-dependency reference impl with cosine similarity, multi-tenant isolation, metadata filters - ChromaVectorStore — first-class adapter for Chroma (lazy import, chromadb as optional peer-dep) - Contract test factory runVectorStoreContract() that any future adapter can run - 17 tests pass (8 contract + 10 in-memory unit)
• TypeDoc setup + 3-4 KB README with quick-start and adapter authoring guide.

Added — Tests (+58 monorepo total)

• @nestor/sdk contract tests (NEW): 41 tests across 3 files — client.test.ts (13 tests, fetch stubbed), events.test.ts (8 tests, MockWebSocket), plugin.test.ts (~21 tests on definePlugin/defineTool/defineAdapter validation).
• CLI test scaffolding (5 files, 33 tests in describe.skip initially): install / shell / agent / start / daemon. Scaffolds need calibration against actual command surfaces — re-enabled in v3.6.
• Property test scaffolds for security primitives: engine_property.rs (approval allowlist), secret-redaction.property.test.ts, ssrf-guard.property.test.ts. Skipped at runtime pending dependency installs.

Added — Documentation

• 4 new package READMEs (~28 KB total): @nestor/agent (~10 KB), @nestor/orchestrator (~6 KB), @nestor/server (~7 KB), @nestor/types (~5 KB).
• v3.6 mission/controller.ts refactor plan at .audits/2026-04-30/v3.6-mission-controller-refactor-plan.md: full diagnostic of 1609 LOC + 17 methods, 6-module decomposition, minimal interfaces, callback injection, 8-step sequenced execution plan, 35-test coverage plan, risk register, rollback procedure. Scheduled post-launch.

Added — Tooling

• Knip dead-export baseline (.audits/2026-04-30/knip-dead-exports-baseline.md): 11 high-confidence + 6 medium-confidence dead exports identified. 7 Legacy* aliases removed.
• .github/CODEOWNERS — security-critical paths flagged for explicit review.
• vitest test scripts added to @nestor/cli and @nestor/sdk.
• fast-check and proptest dev-dependencies added.

Removed — Dead exports

• 7 Legacy* aliases from @nestor/skill-tester (LegacySkillTestRunner, LegacySkillTestCase/Suite/Results, LegacyTestResult, LegacySkillTestRunnerOptions). Zero internal imports verified.

Wired

• crates/nestor-core/src/approval/mod.rs now declares #[cfg(test)] mod engine_property; so the v3.5.2 property test scaffold is discoverable by cargo test.

Tests

• 316 TS tests pass (62 db + 106 agent + 48 orchestrator + 9 server + 30 skill-translator + 41 sdk + 17 rag + 3 messaging) — +58 vs v3.5.2.
• 9 Rust ssrf tests pass (no regression).
• CLI test scaffolds (33 tests) intentionally describe.skip until calibration sprint v3.6.

Continued audit-finding closure release. Closes 2 more security issues, ships 6 parallel-agent deliverables (eslint baseline, BMAD+ blog post, Atlas Week 1 launch bundle, SDK TypeDoc setup, Atlas execution scripts, mission/controller refactor plan).

Security

• 🟠 Sandbox network is now secure-by-default. packages/agent/src/sandbox/docker.ts previously enabled network access whenever networkPolicy !== 'none' — meaning an undefined networkPolicy accidentally enabled network. Reversed to fail-closed: networkEnabled = networkPolicy === 'restricted' || networkPolicy === 'full'. A console warning fires when networkPolicy is unset, making the secure default visible.
• 🟡 WASM SSRF DNS gap signaled at the API boundary. crates/nestor-core/src/security/ssrf.rs now exposes caller_must_pre_resolve: bool on ValidatedUrl. Set to true when the WASM (no-native) build path skipped DNS resolution, signaling the JS layer it MUST pre-resolve DNS and re-check IPs against private ranges before any fetch (prevents DNS rebinding via WASM-only deployments). Native builds set it to false after server-side DNS validation. 5 new Rust unit tests (9/9 ssrf tests pass).

Tooling

• ESLint flat config v9 baseline collected. New eslint.config.js at repo root with @typescript-eslint/recommended-type-checked + import + vitest plugins. Warn-only mode for v3.6 — no fixes applied, no CI gate yet. Baseline: 1026 warnings across the monorepo (top: no-unsafe-assignment 389, no-explicit-any 169, no-misused-promises 146). Full breakdown in .audits/2026-04-30/eslint-summary.md. Hard-gate transition timeline: v3.7 = 5 rules promote to error, v4.0 = 60% reduction target.
• @nestor/sdk TypeDoc setup. New packages/sdk/typedoc.json, generated docs at packages/sdk/docs/ (gitignored). New packages/sdk/README.md (~2 KB) covering install, client + plugin quick-starts, public API surface table. JSDoc with @example blocks added to top-level public exports NestorClient, NestorEventStream, NestorApiError. Run corepack pnpm --filter @nestor/sdk docs to regenerate.

Content

• 2nd blog post: "Inside BMAD+: how 5 prompted personas actually delegate (and when they fail)". ~2200 words technical post-mortem of the BMAD+ persona stack. Honest disclosure of 3 production failures (hallucinated tool whitelist violations, persona context bleed, router cost explosion) that keep the system behind NESTOR_PERSONA_V2=1. Sources cite actual code (file:line) for verifiability. Live at https://nestor.sh/blog/inside-bmad-plus-personas.html. RSS feed + sitemap updated.

Launch readiness

• Week 1 launch execution bundle persisted. .audits/2026-04-26/week1-execution-bundle.md consolidates the demo video script + Discord setup checklist + HN Show post + 8 reply templates + failure recovery playbook + post-launch metrics dashboard with GREEN/YELLOW/RED thresholds. D-Day target: Tuesday 2026-05-05, 08:30 PT.
• scripts/launch-hn-day.sh added — 4-stage tab orchestrator (start / +30min / +2h / +24h) with cross-platform browser detection (xdg-open / open / cmd start) for the launch day timeline.

Reported

• mission/controller.ts refactor (1609 LOC) — analysis complete (6 concerns identified: lifecycle, planner, executor, evaluator, iterator, reporter), full architectural decomposition documented. Implementation deferred to a dedicated v3.6 sprint due to size. Reference architecture matches v3.5 store.ts split pattern (StoreCore delegation + minimal interfaces + callback injection).

Tests

• 258 TS tests pass (62 db + 106 agent + 48 orchestrator + 9 server + 30 skill-translator + 3 messaging) — zero regression.
• 9 Rust SSRF tests pass (5 new + 4 existing). Total Rust approval+SSRF: 30 tests pass.

Security + tooling patch release closing all 4 critical findings from the 2026-04-26 deep audit.

Security

• 🔴 CRITICAL: Approval allowlist substring bypass fixed. The approval engine in crates/nestor-core/src/approval/engine.rs previously matched allowlist entries via cmd.contains(pattern), allowing trivial bypass — e.g. allowlisting "git push" would also approve "git push --force", "git push origin main && rm -rf /", or "lsof" when allowlist contained "ls". Replaced with cmd_matches_pattern_safely() which enforces shell-aware token matching: pattern must START the command, end at a whitespace boundary, and the remainder must contain no dangerous shell operators (&&, ||, |, ;, >, <, &, backtick, $(). Added 11 new tests covering the audit-found bypasses and edge cases. Migration note: existing allowlist entries that relied on substring permissiveness now require exact match.
• 🟡 Encryption salt is now per-deployment. packages/db/src/encryption.ts previously hardcoded the salt. Now reads NESTOR_ENCRYPTION_SALT env var (recommended, min 16 chars) with a deprecation-warning fallback for backward compatibility. The hardcoded fallback will be removed in v4.0. Generate with node -e "console.log(require('crypto').randomBytes(32).toString('hex'))".
• .github/dependabot.yml added. Weekly automated dependency scanning across npm + cargo + github-actions ecosystems.

Fixed

• Native platform packages now version-sync. v3.5.0 shipped with @nestor-sh/native-* packages still pinned at 3.4.1 (scripts/sync-versions.mjs only synced 14 main packages). Native loader couldn't find matching prebuild → silent fallback to JS (~5–15% slower). v3.5.1 extends sync to cover the 4 native platform packages + CLI optionalDependencies.

Tests

• 11 new approval-engine Rust tests, 2 existing tests updated to strict-match semantics.
• Full monorepo: 258 TS tests pass, 21 Rust approval tests pass.

Audit deep-dive reports

Full findings persisted under .audits/2026-04-26/: full-project-report.md, deep-dives-summary.md, youtube-adoption-analysis.md, 4 YT cluster reports, 5 Week 1 launch deliverable drafts.

Maintenance release focused on reliability (numbered migrations), portability (NESTOR_HOME env var, darwin-x64 deprecate), and a deep refactor of three monolithic files (store.ts, runtime.ts, shell.ts) totalling −56% lines and 50+ new focused modules. No public API breaks. All 258 tests green throughout.

Added — Reliability

• CRIT-7 closed: real numbered migration system. New packages/db/src/migrations/runner.ts replaces the previous unconditional db.exec(CREATE_TABLES_SQL) on every open. Tracks applied migrations in _schema_migrations table (id, schema_version, applied_at, inferred). Idempotent on re-open. Backward-compatible with v3.4.x DBs via heuristic that detects pre-existing _schema_meta table and inserts a synthetic inferred=1 baseline row instead of re-running CREATE statements. 9 new tests in packages/db/src/__tests__/migrations.test.ts.

Added — Portability

• NESTOR_HOME env var support. When set, used as data-dir base instead of ~/.nestor. Honored by install, start, daemon, shell, watch, telemetry, evolve, schedule, skill. The v3.4.x sandboxed-install workaround is no longer needed.
• packages/cli/src/utils/paths.ts helper module exporting getNestorHome() (single source of truth for data-dir resolution).

Refactored — store.ts god-object split (−67%, 5828 → 1902 lines)

30+ domain stores extracted under packages/db/src/store/, each following the StoreCore interface with NestorStore delegating via thin pass-through methods. External API preserved — no consumer change required.

Domains extracted: Plugins, ApprovalAllowlist, Sessions, Skills (+versions+observations), CostEvents, Tenants, Goals, RunAnnotations, Handoffs, RunPlans, Snapshots, AgentSchedules, Webhooks, Guardrails, TrustScore, RunFeedback, CodeChunks (RAG), Conversations, ErrorPatterns, ChannelMappings, RBAC + AuditLog, UserProfiles, SessionIndex, KnowledgeBase, QualityMetrics, Prompts (versions + A/B + rollback), ApprovalRequests, MemoryEntries, AgentMemories + MemoryDecay, Budget (policies + scoped + incidents), Auth (Users + Sessions + multi API Keys), ProviderKeys, CustomTools (Tool Factory), Org (charts + nodes), CostEntries (Analytics), Missions (+ templates + learnings), PromptExperiments, SkillCandidates (Evolve), AdminDashboard queries, ImmutableAuditLog (hash-chained), AgentVersions, plus core entities (Agents + Workflows + Runs).

Refactored — runtime.ts split (−35%, 2107 → 1372 lines)

13 helper modules extracted under packages/agent/src/runtime/: cost.ts (estimateCost + 9-model COST_PER_1M_TOKENS table + accumulateUsage), tokens.ts (estimateTokenCount + truncateMessages with system+last-message preservation), per-iteration preflight, stream consumer, budget check helper (applied to both run() and runStreaming()), single tool call execution, context rotation, stuck/completion/question detection nudges, supervisor health check, tool context builder, LLM call OTel wrapper, finalizeRun, post-run side effects.

Refactored — shell.ts split (−48%, 2973 → 1531 lines)

13 focused modules extracted under packages/cli/src/commands/shell/:

• diff.ts — formatPlanStep + createUnifiedDiff + showDiffForStep
• history.ts — load/save/append shell_history (NESTOR_HOME-aware)
• completion.ts — slash command + filesystem path tab completion
• feedback.ts — inline y/n/skip TTY prompt + DB submit
• ui-helpers.ts — fmtNum, formatReplayDuration, progressBar, escapeHtml, simulateDelay, printConfigObject, renderStatusBar, clearStatusBar, printResponseStats, printInlineBudget, buildPrompt, formatToolOutput
• export.ts — /export json|md|html conversation export
• info-commands.ts — printWelcome, printHelp, /agents, /skills, /workflows, /config, /history, /budget, /status
• studio-command.ts — /studio on|off|status|open
• handoffs-commands.ts — /annotate, /handoffs, /resume (uses AgentTaskRunner callback)
• prompt-command.ts — /prompt list|save|activate|rollback|experiment
• plan-undo-commands.ts — /plan (dry-run + execute/step/cancel) + /undo (SnapshotManager)
• replay-command.ts — /replay <runId> with realistic timing + colored events

Removed

• darwin-x64 (Intel Mac) native prebuild deprecated. macOS-13 CI runner hung on cargo build --target x86_64-apple-darwin for v3.4.0 (24h timeout) and v3.4.1 (9h+ cancelled). Apple Silicon is ~all Macs sold since 2022 (~90%+ current macOS share). Intel Mac users keep working install via JS fallback (~5–15% slower on Rust security core hot paths). Removed from prebuild.yml matrix and packages/cli/package.json optionalDependencies. Stub kept under packages/native/npm/darwin-x64/ for easy revival.

Changed

• KNOWN-ISSUES.md rewritten to reflect v3.5 deprecate decision for darwin-x64.
• 5 CLI command files no longer import homedir from node:os directly (daemon.ts, shell.ts, watch.ts, telemetry.ts, config.ts). They now go through getNestorHome() for consistency.

Dev tooling

• vitest aligned to ^3.2.4 across all 8 package.json files (was mixed: ^2.1.8 on 3 files, ^3.0.0 on 5). Verified: 249 tests pass / 48 skipped / 0 failed across agent, db, messaging, orchestrator, server, skill-translator — zero regression vs v3.4.1 baseline.

Patterns established (for future refactors)

• Domain Store extraction: each domain extends StoreCore, NestorStore delegates via Parameters<> / ReturnType<> typing. External API preserved via thin pass-through.
• Helper extraction with minimal interfaces: when a function depends on a 30+ field session/runtime, define a minimal interface in the new module describing only the fields it actually reads (e.g. UiSession, CompleterSession, PlanSession).
• Callback pattern for cross-module dependencies: when extracted code needs a function still in the parent file (e.g. executeAgentTask, importAgentModule), pass it as a callback parameter (AgentTaskRunner, AgentModuleLoader). Keeps dependency direction one-way.

Premier release publique sur npm après la phase beta privée. Cette version consolide un audit de sécurité complet (8 CRITIQUES + 5 HIGHs fermés), ajoute la persona stack BMAD+ derrière un flag, et termine le ménage architectural amorcé dans les milestones v3.1 -> v3.3.

Added

• BMAD+ persona stack (ATLAS / FORGE / SENTINEL / NEXUS / SHADOW) chargée depuis packages/agent/src/prompts/*.md, gated par NESTOR_PERSONA_V2=1 — aucune modification du comportement par défaut si le flag n'est pas positionne.
• .claude-plugin/ — manifeste Claude Code (plugin.json + marketplace.json) pour publier Nestor comme plugin Claude Code officiel.
• Audit Framework skill v1.0.0 dans skills-registry/audit-framework/ — packagée en release ZIP, utilisable comme skill réutilisable pour auditer d'autres projets.
• Agents plannifiés (scheduled agents) end-to-end : nouvelle table agent_schedules (DB schema v12 -> v13), routes POST/DELETE/GET /api/agents/:id/schedule, filtre ?scheduled=true, exécution pilotée par le cron tick du AgentScheduler et migration one-shot du ~/.nestor/schedules.json du CLI vers la DB.
• Intégration tests : chat-approval, auth-flow, rate-limit-http, messaging/bridge, agent/meta-tool, agent/safety-detectors.
• Rust NAPI prebuilds : workflow GitHub Actions prebuild.yml qui build la matrice linux-x64-gnu / darwin-arm64 / darwin-x64 / win32-x64-msvc sur tag v*.*.* et publie les packages @nestor/native-<target> sur npm.
• Store split : packages/db/src/store/core.ts, governed-memory.ts, kg.ts, vector.ts — store.ts passe de ~7000 à 6446 lignes via délégation, zéro changement de comportement public.

Changed

• Le loader du core Rust NAPI préfère désormais les prebuilds platform via optionalDependencies; le fallback WASM sql.js reste disponible pour les environnements sans binaire natif.
• Bundle ESM du CLI : ajout d'une bannière createRequire pour que les dépendances CJS fonctionnent après bundling.
• AgentRuntime : finalizeRun() extrait — post-run logic partagée entre _runInternal et runStreaming (experiment, skill evolve, error analyzer, memory writeback, session indexing).
• CircuitBreaker, QuestionDetector, CompletionDetector sont maintenant câblés dans les deux branches du runtime (streaming + non-streaming), gatés par config.safety.*Enabled (défaut true). Sortie de complétion en dual-condition (heuristique + marker explicite).
• Fabrique d'adapter LLM unifiée : nouveau primitive createAdapterForProvider(provider, model) dans @nestor/agent, consommé par chat server, one-shot runner, messaging bridge, MCP nestor_run_agent, et MissionAgentFactory. Un seul switch à maintenir.

Fixed

• CRIT-1 (RCE via chat auto-approve) : packages/server/src/routes/chat.ts — outils dangereux désormais gatés via createApprovalChecker en mode smart par défaut (auparavant NoOp, d'où l'exposition RCE). Mode lu depuis security.approvalMode (off / smart / manual).
• CRIT-2 (uncaughtException sans exit) : packages/server/src/middleware/error-handler.ts appelle process.exit(1) avec délai 100 ms pour flush des logs, puis le superviseur restart propre.
• CRIT-3 (messaging runAgent stub) : nouveau oneshot-agent-runner.ts + injection d'un vrai executor dans MessagingBridge. Les bots Discord/Slack/Telegram appellent maintenant un AgentRuntime complet (approval=smart, 15 itérations, budget 0.50$, non-streaming).
• CRIT-4 (CLI guardrail async bug) : toutes les sous-commandes (list/add/remove/toggle) sont async et await getStore().
• CRIT-6 (webhooks en mémoire uniquement) : nouvelle table DB webhooks (schema v11 -> v12), CRUD complet (saveWebhook, getWebhook, listWebhooks, deleteWebhook, setWebhookEnabled), WebhookService délègue tout à NestorStore — les abonnements survivent au restart.
• CRIT-8 (divergence type adapter anthropic vs claude) : 'claude' choisi comme valeur canonique; UI AgentsPage.tsx + 17 occurrences dans 4 templates JSON + migration idempotente UPDATE agents SET adapter_type='claude' WHERE adapter_type='anthropic' dans NestorStore.initialize().
• HIGH : OAuth state cookie avec secure: req.secure + sameSite: 'lax' sur flows Google et GitHub.
• HIGH : perUserRateLimit monté globalement sur /api après auth (falls back en IP quand unauthed).
• HIGH : spoofing X-Tenant-ID / ?tenant= retourne désormais 403 TENANT_ACCESS_DENIED (bypass admin préservé) au lieu de downgrade silencieux.
• HIGH : vérification signature webhook pour Telegram (compare constant-time x-telegram-bot-api-secret-token), Slack (HMAC-SHA256 sur v0:<ts>:<rawBody>, fenêtre replay 5 min), Discord (Ed25519 via tweetnacl lazy-import). express.json({verify}) conserve req.rawBody pour vérification exacte.
• HIGH : MCP nestor_run_agent — câble registerBuiltinTools + registerSystemTools + createApprovalChecker({mode:'smart'}) + respecte budget (cap 0.50$, 15 itérations max). Auparavant l'agent MCP n'avait aucun tool et tournait en NoOp approval.
• HIGH : CLI agent run / agent stop ne sont plus des stubs — POST réel sur /api/agents/:id/run et /stop, lecture de host:port depuis le config (défaut 127.0.0.1:3100), messages d'erreur clairs quand le serveur est injoignable.
• HIGH : routes /api/evolve/candidates (list + stats, get, approve, reject, delete) absentes de l'API mais attendues par l'UI — créées dans packages/server/src/routes/evolve.ts.
• HIGH : CLI telemetry ESM require bug — requires runtime remplacés par des imports ESM au top-level dans telemetry.ts.
• HIGH : CLI skill install --source npm échouait sous Windows (execFileSync('tar', …)) — nouveau tar-extract.ts pur JS (zlib.gunzipSync + parser 512-byte ustar), path-traversal hardened, même chemin Windows/macOS/Linux.
• AuthContext synthetic admin : flag isSyntheticAdmin + bannière jaune dans Layout quand le serveur d'auth est injoignable (auparavant auto-login admin silencieux).
• FTS5 silent fallback : décision de garder sql.js + LIKE (marginal gain vs coût de migration better-sqlite3), mais log startup au niveau warn quand le fallback est actif.
• README : mojibake UTF-8 nettoyé; commande d'install publique documentée (npx nestor-sh install).

Removed / Breaking

• Suppression de la beta gate privée. npx nestor-sh install ne requiert plus de clé de licence. Les utilisateurs qui upgradaient depuis une build pre-publique peuvent supprimer ~/.nestor/license.key (ignoré, ne casse rien).
• Purge de 8 modules morts (~3 300 lignes) dans @nestor/agent : skills/agentskills-loader, skills/reference-loader, testing/benchmark, testing/experiment, testing/evaluators, knowledge/shared-memory, rag/mental-model, llm/structured, dry-run/step-executor. Exports publics associés retirés de agent/index.ts (StepExecutor, PluginLoader, SharedKnowledgeBase, MentalModelBuilder, AgentSkillsLoader, ReferenceLoader, AgentBenchmark, ExperimentRunner, runStructured, et les 8 evaluators). Si vous dépendiez d'un de ces symboles (improbable — ils étaient inutilisés), figez-vous sur v3.3.0 le temps de la migration.

Security

• 5 CRITIQUES fermées (CRIT-1 RCE chat, CRIT-2 uncaughtException, CRIT-3 messaging stub, CRIT-4 CLI guardrail, CRIT-6 webhooks mémoire, CRIT-8 adapter type drift). CRIT-5 (Rust NAPI prebuilds) et CRIT-7 (migration system réel) restent en backlog pour v3.5.
• 5 HIGHs fermées : signatures webhooks, OAuth cookie secure, per-user rate limit, tenant spoofing, AuthContext synthetic admin.
• Documentation : migration path pour les upgraders de la beta privée (suppression license.key, plus d'info dans README).

Added

• Wiring de 18 modules auparavant morts, livré par 6 agents parallèles : - W1 : DagExecutor + DagValidator + WorkflowScheduler — POST /api/workflows/:id/run (SSE streaming), /validate (dry-run), cron workflows dans le daemon, bouton "Run" dans l'UI avec progression live. - W2 : Messaging bridge (Discord + Slack + Telegram) auto-détecté au boot — routes status / send / webhook, CLI nestor-sh messaging, page Studio avec status cards et form d'envoi. - W3 : AgentScheduler + AgentSupervisor + HandoffGenerator + ErrorAnalyzer + SelfImproveEngine + DockerDeployer tous câblés dans daemon.ts et runtime.ts. - W4 : MemoryGovernor.purgeExpired() après writeback, EvolveEngine (recordTurn + review post-run + post-mission), route POST /api/skills/translate + outil nestor_translate_skill (#29). - W5 : 3 nouvelles pages UI (MessagingPage, SchedulerPage, EvolvePage) + onglet Governance dans MemoryPage + bouton Run SSE dans WorkflowsPage. - W6 : 3 nouvelles commandes CLI (schedule, evolve, messaging) + workflow run enrichi avec polling et --local.
• i18n EN + FR pour toutes les nouvelles pages.
• Sidebar mise à jour (Messaging, Scheduler, Evolve).

Changed

• @nestor/agent/index.ts : 17 nouveaux exports (prompt layers, memory governance, evolve engine).
• Context builder : nouveau module prompt-layers.ts (250 lignes) pour construction de prompt multi-couches.

Fixed

• Onboarding step 2 — écran blanc causé par une sliding layout sur petits écrans; remplacé par conditional rendering (441b655).

Added

• OpenRouter (7ème provider LLM) : adapter OpenRouterAdapter extends OpenAICompatAdapter, support de 300+ modèles via une seule clé API, modèles gratuits disponibles (gemini-flash:free, llama-3.3:free), headers HTTP-Referer + X-Title pour le classement OpenRouter.
• ModelRegistry dynamique : GET /api/models + filtres ?provider=, ?free=true. Fetch dynamique depuis OpenRouter /api/v1/models et Ollama /api/tags, listes statiques curées pour Anthropic / OpenAI / Gemini / Grok / Mistral, cache 1h par provider.
• Mission templates (5 presets) : OSINT, AI Weekly, Security Audit, Competitive Analysis, Newsletter — API + cartes UI.
• Workflow templates : TDD Loop, Content Pipeline, Ralph 3-Phase.
• Homoglyph detector (130+ caractères confusables Cyrillique / Grec / fullwidth).
• Skill scanner : 30+ patterns dangereux, 4 niveaux de sévérité, scan récursif de directories.
• Safe regex anti-ReDoS : détection quantifiers imbriqués, star-height, alternation.
• Backpressure validator system (697 lignes) : multi-validator en parallèle (tests + typecheck + lint + custom), strictness progressive (lenient -> moderate -> strict), détection de régression, CLI loop --validate "npm test" --strictness lenient.
• Flags CLI --max-iterations, --max-runtime, --fresh (skip conversation history) dans shell et loop.

Changed

• Router LLM : IDs de modèle contenant / sont auto-routés vers OpenRouter.
• providers.ts : status endpoint vérifie OPENROUTER_API_KEY.
• Onboarding wizard : OpenRouter ajouté comme choix de provider.

Fixed

• Git hooks désactivés sur clone (vérifié OK dans le flow d'install).

Added

• web_search multi-engine fallback (DuckDuckGo -> Google -> Bing) : 5 parsers, rotation User-Agent, 2 tentatives par moteur, mode "auto" qui cascade les 3 avant de rendre.
• Feedback UX sur boutons mission : Toast + SpinnerButton + loading states pour Deep Dive, Re-run, Iterate, Archive, Chat.
• Report quality : filtrage type=error + confidence<0.2 avant génération LLM, exclusion des erreurs du calcul accuracy/depth, légende de confidence, section gaps, détection auto FR/EN dans ReportGenerator.
• Smart iteration : 5 stratégies distinctes par cycle (broaden -> alternative_sources -> synthesis -> indirect -> last_resort).
• KG smart injection : synthesizeKgContext() avec filtre de pertinence (keyword overlap avec sous-objectif) et domain knowledge orchestrator (workarounds de blockers).
• Rapports de gap : WIRING-AUDIT.md (18 sous-systèmes), COMPREHENSIVE-GAP-ANALYSIS.md (594 fichiers scannés, 79 patterns).

Changed

• CircuitBreaker, QuestionDetector, CompletionDetector instanciés dans runtime.ts (câblage effectif arrive en v3.4).
• Mission agents reçoivent désormais registerSystemTools (Obsidian, n8n, memory).
• OrchestratorStore passé au CapabilityResearchEngine.

Fixed

• Mission controller : iteration logic plus robuste (report-generator + controller + builtin tools refactorisés, ~700 lignes touchées).

## v3.0.0 (2026-04-13)

Added

• Capability Research Engine: pre-mission domain research
• Obsidian integration (4 tools: create/read/search/link notes)
• n8n integration (3 tools: trigger/list/execute workflows)
• Website update: missions.html showcase page + FTP deploy

## v2.9.0 (2026-04-13)

Added

• Mission archive with full-text search API
• Session handoff generator (context export for fresh sessions)
• 3-layer memory architecture: episodic + semantic + working

## v2.8.0 (2026-04-13)

Added

• Fresh-context loop: automatic context rotation for long missions
• Question detector: identifies when agent needs human input
• Completion detector: recognizes when sub-objectives are truly done

## v2.7.1 (2026-04-13)

Fixed

• Fix ALL hardcoded versions across the monorepo
• sync-versions.mjs now covers 26 files

## v2.7.0 (2026-04-13)

Added

• Knowledge Graph read-before-write: agents consult brain before starting work
• Persistent vector memory with SQLite FTS

Fixed

• npm publish workflow fixes

## v2.6.1 (2026-04-13)

Fixed

• Analytics chart rendering fixes
• Mission action feedback improvements
• Version sync across all packages

## v2.6.0 (2026-04-13)

Added

• Analytics: cost chart with period selector, Y-axis labels, tooltips
• Mission browser: search, categories, status filters, sort, deliver buttons
• Mission UX: 6 action buttons + iterate endpoint + smarter iteration

Changed

• Dark theme form elements: 78% transparent backgrounds on select/input/textarea

Fixed

• web_search: filter DuckDuckGo ad URLs (ad_domain, y.js redirects)

## v2.5.0 (2026-04-12)

Added

• Data flow: wire missions to analytics + runs + brain reindex
• Studio UX polish
• Pattern synthesis from completed missions

## v2.4.0 (2026-04-12)

Added

• Persistent vector memory (SimpleVectorStore with SQLite FTS)
• Pattern Harvester: extracts reusable patterns from completed missions
• Webmaster skills

## v2.3.0 (2026-04-12)

Added

• Intent understanding: smarter objective parsing
• Safety mechanisms for autonomous execution
• Intelligence layer: cross-reference engine, second brain, domain orchestrators
• Smart iteration: quality-driven retry logic
• Self-improving tools: nestor_build_tool (agents create their own tools on demand)
• 5 OSINT specialized tools: wayback_fetch, whois_lookup, github_user, sirene_search, hn_search

Fixed

• Mission pipeline: 5 critical fixes (timeouts, dedicated engines, shared store)
• Chat mission tools + pipeline crash recovery + OSINT ethics guard

## v2.2.3 (2026-04-10)

Fixed

• Build green with Plugin SDK + Vector Memory

## v2.2.2 (2026-04-10)

Added

• Plugin SDK for third-party tool development
• Vector Memory (SimpleVectorStore)

## v2.2.1 (2026-04-07)

Added

• Real mission execution with end-to-end pipeline
• web_scrape tool for detailed page extraction
• LoadingScreen component for mission progress

## v2.2.0 (2026-04-07)

Added

• Mission system wired to chat interface
• Build green across all packages

## v2.1.1 (2026-04-07)

Added

• Onboarding wizard for first-time setup
• API key manager: secure storage + Studio UI + auto-load
• Proactive agent: web_search tool + never-give-up system prompt
• Simplified sidebar with 14 system tools

Fixed

• Fix duplicate method names
• DB schema conflict resolution

## v2.1.0 (2026-04-06 - 2026-04-07)

Added

• Chat Studio with Gemini streaming
• Gemini tool calling support

Fixed

• Gemini tool calling args
• Gemini tool schema rebuild + smart filtering + circuit breaker
• Gemini default model: 2.0-flash (deprecated) -> 2.5-flash
• esbuild bundling + native module fallback

## v2.0.6 (2026-04-06)

Added

• Smoke test: all 15 Studio pages verified working

Fixed

• SPA routing fixes
• Version sync across packages
• Static file serving

## v2.0.5 (2026-04-06)

Added

• Auto version sync mechanism across all packages

## v2.0.4 (2026-04-06)

Added

• Beta gate for controlled access
• nestor-sh branding throughout
• Coming Soon website with modals

Fixed

• Studio embed fix for npx users
• CSRF skip in localhost mode
• Workflow transaction bug

## v2.0.0 (2026-04-06)

Added

• Complete all 16 missing features for 100% coverage
• Smoke test PASS verification
• Security model documentation (single-user vs multi-user)

Changed

• Renamed CLI binary: nestor -> nestor-sh (prevents npx conflict with jenkins package)
• All docs updated: nestor -> nestor-sh in every command example

Fixed

• Studio serving: /studio serves index.html directly (no redirect loop)
• Studio embed: UI dist bundled in CLI package for npx users
• CSRF token + single-user auth bypass

## v1.0.0-rc2 (2026-04-05)

Added

• Enterprise features
• i18n: 12 languages supported
• Security audit compliance
• E2E test suites

## v1.0.0-rc1 (2026-04-05)

Added

• Audit fixes + release preparation

Changed

• OWASP ASVS Level 2: all 6 PARTIAL items fixed to 100% compliance
• Security hardening: all CRITICAL+MAJOR audit findings resolved

## v0.5.1 (2026-04-05)

Added

• NIST CSF security hardening
• OWASP ASVS applied

## v0.5.0 (2026-04-05)

Added

• All 11 remaining platform items implemented
• Complete platform coverage

## v0.4.1 (2026-04-05)

Added

• 6 LLM providers supported
• Marketplace restructure
• Strategic vision document

## v0.4.0 (2026-04-05)

Added

• Complete trust, intelligence, and collaboration layers
• Infrastructure layer + specialist agent skills
• Use-cases documentation (audiences, environments)

## v0.3.0 (2026-04-05)

Added

• Industrial-grade platform: 15 major features
• Bilingual user guides (FR + EN)
• Complete non-specialist documentation (French)

## v0.2.0 (2026-04-01)

Added

• Complete platform: all 9 nice-to-haves implemented
• Cost analytics: DB table, service, 5 API routes, full UI dashboard
• Skill marketplace: service, registry seed (15 skills), 4 API routes
• Webhook triggers: HMAC signature verify, GitHub/Slack parsers
• Agent-to-agent messaging: MessageBus, send/request/broadcast
• VS Code extension: 3 tree views, 8 commands

Fixed

• E2E smoke test: 5 bugs fixed, 248 tests green

## v0.1.0 (2026-04-01)

Added

• Agent runtime: agentic loop, LLM calls, tool execution, budget tracking
• 3 LLM adapters: Claude, OpenAI, Ollama (streaming + retries)
• 5 built-in tools: shell_exec, file_read, file_write, file_list, web_fetch
• Database: sql.js (WASM SQLite), 15 tables, full CRUD
• Server: Express + WebSocket, 12 route files, auth, rate limiting
• MCP server: JSON-RPC 2.0, 15 tools, 4 resources, 2 prompts
• DAG orchestrator: validator, parallel executor, cron scheduler
• CLI: 12 commands with interactive shell
• Studio UI: React 19 + Tailwind, 11 pages, DAG editor, dark theme
• Rust N-API security bridge: 14 functions with JS fallbacks
• Approval engine: 40+ dangerous patterns, mode-based
• Docker sandbox: cap-drop ALL, read-only FS, network=none
• CI pipeline + GitHub repos configured

Fixed

• All 5 v0.1.0 blockers: approval, sandbox, streaming, build, server
• All TypeScript errors: 0 errors across 10 packages, 153 tests pass
• E2E smoke test: all 8 steps green

## v0.0.1 (2026-03-31)

Added

• Initial commit: Nestor AI Agent Platform
• Phase 0+1: Platform foundation and agent runtime
• Phase 2: Interactive shell, Studio UI, WebSocket real-time, daemon mode
• Phase 3: Admin UI toggle, DAG orchestrator, docs, tests, CI
• Phase 4: sql.js migration, SDK, Docker sandbox, build fixes