Changelog

All notable changes to the Deposium CLI will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.4.2] - 2026-06-12

Second internal audit cycle — closes 5 HIGH-severity findings, 7 MEDIUM bugs, and the bulk of the code-health backlog from the post-v1.4.1 audit. 478/478 tests pass.

Security

• auth status no longer leaks dep_svc_* service-keys: the env-var and stored-credential paths now reject service-keys at the CLI boundary BEFORE transmitting them via X-API-Key. Previously the status check sent the key, got rejected, and the key landed in server access logs anyway. (#A5)
• No more path-segment URL injection: every interpolated ID in the client (documents, api-keys, validate reports) is now run through encodeURIComponent. Inputs like ../api-keys or 1?admin=true used to rewrite the request path; now they're properly escaped. (#A3)
• benchmark corpus --queries=<file> no longer leaks file content: when the JSON parse fails on file-read content, the error message now only names the path and emits position info — never echoes the file body. Previously --queries=/etc/hosts would have spilled the first 100 chars of /etc/hosts to stderr. V8's JSON.parse error message is also stripped of the snippet it embeds. (#B2)
• logout actually logs out on partial-migration installs: the legacy apiKey config slot is now cleared alongside the credentials store. Previously, on installs where the one-time encrypted-store migration didn't complete, the next getApiKey() resurrected the legacy key — auth logout looked successful but the user remained authenticated. (#B6)
• api-keys create/rotate no longer duplicates the secret in stdout: warning always goes to stderr (every format), JSON body always to stdout. > out.json now produces a clean parseable file instead of human warning text prepended to the JSON. Interactive users still see the loud one-time alert. (#B7)

Fixed

• validate --json propagates exit code 1 on failure: the previous release exited 0 even when the run failed — CI scripts that piped the JSON to jq and checked $? got false-positive success. (#A1)
• SSE chunk dispatch no longer swallows consumer-callback errors: handleSSEChunk's catch is now narrowed to JSON.parse only. SDK consumers' onToken / onMetadata / onChatPrompt errors now propagate instead of being silently lost — fixes "stream looks stalled" symptoms. (#A2)
• SSE multi-line data: payloads concatenated correctly: per spec, multiple data: lines in one event are joined with \n. Previously each new line overwrote the previous one. Also accept the space-less data:foo form the spec allows. (#B3)
• validate-hitl-form has an exhaustive switch on waiting_for: a server adding a 4th chat_prompt discriminant no longer falls through to undefined and tripping a downstream NPE. TypeScript also flags client/server drift at compile time. (#B4)
• --on-ambiguous=dump flushes stdout before exiting: replaces console.log(json); process.exit(0) with process.stdout.write(json, () => process.exit(0)) so the JSON reaches downstream | jq consumers even on slow pipes. (#B5)

Changed

• compound analyze --clear / --show-history removed: those flags were no-ops on the standalone command (one-shot process, no history to clear). Use deposium chat or deposium interactive for a REPL with persistent history. (#C11)
• upload-batch --parallel removed: advertised "reserved for future use" but never read. (#C5)
• parseIntOrThrow is strict: deposium logs view --limit=100GB used to silently use 100; now it errors with --limit must be an integer (got: "100GB"). Any user accidentally passing garbage gets a clearer signal. (#C9)
• intelligence summarize <results> and leanrag aggregate <results> help strings no longer claim to support - for stdin: stdin reading isn't implemented (the action throws "not yet supported"); the help text was lying. (#C6)
• Doc correction in CLAUDE.md: the Security Requirements section no longer claims safeParseJSON is Zod-validated. The helper wraps JSON.parse with sanitized error messages; runtime shape validation is tracked as a follow-up. (#B1)

Internal

• runMcpTool helper kills 59 callsites: the callTool → check isError → exit → format boilerplate that repeated across 16 command files is now centralized in src/utils/command-helpers.ts. Net −191 LOC on src/commands/. One callsite (benchmark compare) stays inline because it needs to skip failures and continue the loop. (#C1)
• client/mcp-client.ts split: the 997-line module is broken into 4 focused files — mcp-client.ts (slim class + HTTP API), new client/sse-stream.ts (chat / agent-resume helpers), new client/validate-stream.ts (pause/resume protocol), and new client/http-errors.ts (single source of truth for the "Cannot connect to Deposium API" wording previously duplicated 5×). Resolves the max-lines lint warning that had been on the file since v1.4.0. (#C2, #C13)
• chat and validate now use initializeCommand(): they used to hand-roll the 4-line getConfig → getBaseUrl → ensureAuthenticated → new MCPClient bootstrap that every other command had moved off long ago. (#C3)
• .requiredOption() unified: evaluate feedback (3 flags), duckdb connect / federate, mermaid generate — 6 sites that hand-rolled if (!opt) console.error; process.exit(1) now use commander's idiomatic check. (#C10)
• Dead exports removed: sleep, sanitizeErrorData, isRetryableError (internals.ts), DEFAULT_VALIDATE_TOOL (mcp-client.ts), CommandContext, InitializeOptions (command- helpers.ts), ValidateRenderOptions (validate-events.ts), and a vestigial re-export of isErrorWithCode / hasErrorCauseWithCode. (#C4)

[1.4.1] - 2026-05-25

Security

• Resolved moderate-severity advisory GHSA-jxxr-4gwj-5jf2 (brace-expansion DoS) transitively via npm update.

Internal

• In-range dependency refresh: axios 1.16.1, vitest 4.1.7, @typescript-eslint/* 8.59.4, inquirer 13.4.3, ora 9.4.0, tsx 4.22.3, prettier 3.8.3, dotenv 17.4.2, eslint 9.39.4, and others. No public API change; 453/453 tests pass.

[1.4.0] - 2026-05-16

Internal audit cycle — fixes for one production-blocking bug, one security inconsistency, and a sweep of UX / hygiene issues.

Fixed

• chat HITL resume now goes through Edge Runtime in the default (non---direct) mode. Previously the initial stream hit Edge but the resume POST hit the direct MCP URL — which is not exposed in production — so any chat_prompt pause failed immediately after the user picked an option.
• upload-batch is now subject to the same security posture as every other command: HTTPS enforcement on non-localhost URLs, the dep_svc_* service-key guardrail, and a consistent "Cannot connect to Deposium API" message on ECONNREFUSED.
• Stored-key fallback in ensureAuthenticated only triggers on genuine network failure (ECONNREFUSED / ENOTFOUND / ETIMEDOUT / ECONNRESET). A 5xx, timeout-with-response, or other server-side error now re-prompts instead of silently trusting the cached key — a revoked key behind a flapping server no longer keeps working locally.
• deposium config set api-key <value> now routes through the separate credentials store (chmod 0600 file) rather than the main config, and runs the service-key guardrail first.
• --json mode on deposium validate forces --on-ambiguous=fail by default. An explicit --on-ambiguous=prompt with --json is now rejected up front — previously, a TTY-side prompt could pollute the JSON report on stdout.
• Numeric option parsers throw actionable errors instead of pushing NaN to the server. deposium search foo --top-k abc now reports the flag and value client-side. Applies across ~30 callsites.
• Interactive menu: intelligence > suggest now prompts for tenant/space (was hardcoded 'default'), and evaluate > feedback collects real input (was sending placeholder demo data).
• SSE chat stream queues multiple chat_prompt events instead of overwriting; warns when an unhandled chat_prompt arrives.
• Auth error detection no longer string-matches ECONNREFUSED in messages — uses structural error codes (i18n-safe).
• config.ts plaintext migration checks for {/[ before attempting JSON.parse, so a corrupted-but-coincidentally-parseable ciphertext blob can't be misclassified as plaintext.

Changed (breaking)

• deposium logs view --tail removed. The flag was a no-op — the server tool returned a single snapshot whether --tail was set or not. Use the absence of the flag, which still returns the snapshot.
• deposium upload-batch no longer accepts --api-key / --api-url flags. Use the standard precedence: DEPOSIUM_API_KEY / DEPOSIUM_URL env vars, then config file, then prompt. The undocumented DEPOSIUM_API_URL env var is also removed.
• deposium corpus realtime-eval renamed to eval-snapshot (alias kept for back-compat). The command was always a one-shot call, never a recurring stream; the new name reflects that. The --interval flag is the server-side window size, not a poll interval.
• Config keys silent-mode and output-format removed. They were saved but never read. Use the per-command --silent and --format flags. The matching env vars (DEPOSIUM_SILENT, DEPOSIUM_OUTPUT) are also retired.
• evaluate feedback + query-history payloads use snake_case (user_id, query_id, time_range, include_global) to match the rest of the API.

Internal

• New utils/parsers.ts helpers: parseIntOrThrow, parseOptionalInt, parseFloatOrThrow.
• New client/internals.ts::withRetry collapses four duplicated retry-on-transient-error loops (callTool, listTools, health, listSpaces, plus authenticatedRequest).
• New utils/auth.ts::isNetworkDownError classifies validation errors.
• mcp-client.ts::uploadBatch — multipart/form-data path with sequential reads (replaces the previous JSON+base64 batch).
• Tests: 453 passing (was 432); +21 regression tests covering H1, H3, M1, M2, M4, M5, M8.

[1.3.1] - 2026-05-06

Fixed

• Final scrub of two leftover domain-specific identifiers in src/client/types.ts (JSDoc example) and a test fixture label. HEAD is now fully neutral.

[1.3.0] - 2026-05-06

Added — deposium validate command

• New command deposium validate <dossier_id> — runs the dossier-validation macro end-to-end (N1 per-thematic + N2 cross-document + HITL). Streams 11 SSE events from the validate:* namespace, pauses interactively on chat_prompt, uploads missing pieces via the API gateway's /api/v2/files/batch-upload, and resumes via a tools/call re-call (Mode A: re-classify after upload — Mode B: structured hitl_response). See docs/commands/validate.md for the full reference.
• Flags: --level 1|2|both, --on-ambiguous prompt|fail|dump (3-mode subset of chat — pick-first is omitted because validate emits only chat_prompt type='form'), --language fr|en, --run-id (resume an existing paused run), --json (silent stream + report fetch to stdout), --verbose (per-document classification and per-requirement N1 verdicts).
• New SDK surface (re-exported from the package main entry):
• MCPClient.validateDossier(input, handlers) — orchestrates the tools/call SSE loop, transparently driving the Mode A / Mode B resume protocols on every chat_prompt.
• MCPClient.fetchValidateReport(runId) — fetches the canonical report JSON from GET /api/v1/reports/<run_id>?format=json. The report is separated from the SSE stream so the stream stays lean (large chat_history and N2 evidence stay off the wire) and the fetch is idempotent.
• Types: ValidateLevel, OnAmbiguousModeValidate, ValidateToolInput, ValidateChatPrompt, ValidateEvents (every validate:* payload as a tagged union), ValidateReportJson, ValidateStreamHandlers, HitlDecision, HitlResponse, plus typed form-field shapes (ValidateFormFieldSelect, ValidateFormFieldFileUpload, ValidateFormFieldText).

Added — programmatic SDK entry point

• New src/index.ts module re-exports the public surface (MCPClient, MCPAuthError, all chat-stream + self-service + validate types).
• package.json main switched from dist/cli.js to dist/index.js, with the CLI binary still wired via bin. Programmatic consumers can now import { MCPClient } from '@deposium/cli' without the package triggering CLI argv parsing on import.
• types: dist/index.d.ts added so editors find the public types from the package main entry.

Fixed

• MCPClient.postStream (used by both chatStream and the new validateDossier) now normalizes ECONNREFUSED to the same friendly "Cannot connect to Deposium API at <baseUrl>" message every other client method emits. Previously a server-down condition surfaced as a raw TypeError: fetch failed. Same fix applied to uploadFileForValidate so Mode A uploads during a validate pause get the same UX. (src/client/mcp-client.ts, src/utils/validate-file-upload.ts)
• validate --json no longer leaks Mode A upload progress lines ([upload] <path>...) onto stdout — they were polluting the JSON report and breaking downstream jq consumers. The interactive status logs are suppressed when --json is on.

Status

This release ships client-side code + unit tests against the frozen upstream validate:* SSE event contract. The server-side macro that emits these events lands in a follow-up rollout — end-to-end integration testing happens once both sides converge. Mock fixtures mirror the wire contract bit-for-bit, so any contract drift surfaces in unit tests via the renderer's exhaustiveness check before any production run.

Tests

• 5 new test files plus targeted guards in existing suites:
• validate-events.test.ts — 28 tests (renderer per event + silent
  • verbose toggles + verdict glyph mapping + final pass/fail logic)
• validate-hitl-form.test.ts — 17 tests (mode dispatch, every waiting_for discriminant, skip keyword, file-path validator)
• validate-file-upload.test.ts — 9 tests (multipart POST, response shape normalization, 401 → MCPAuthError, generic HTTP errors, ECONNREFUSED normalization)
• validate-dossier.test.ts — 9 tests (single-stream happy path, failure terminal, JSON-RPC envelope shape, Mode A + Mode B resume loops, fetchValidateReport 200/404)
• commands/validate.test.ts — 17 tests (parsers + arg forwarding
  • --json + exit-code semantics)
• +1 guard in mcp-client.test.ts > chatStream for ECONNREFUSED normalization.
• 348 → 429 tests, all green. Lint clean (only the pre-existing mcp-client.ts file-size warning), typecheck clean.

Documentation

• docs/commands/validate.md — new command reference (flags, examples, exit codes, SSE event vocabulary, report fetch, programmatic use).
• docs/guides/on-ambiguous-flag.md — extended to cover validate's 3-mode subset and the Mode A / Mode B resume protocol (distinct from chat's /api/agent-resume).
• docs/guides/best-practices.md — new "Validate a dossier" workflow recipe with both interactive and CI patterns.
• README.md — command index updated (24 entries; validate added).

[1.1.7] - 2026-04-25

Added — Service-key guardrail

• The CLI now rejects dep_svc_* API keys at startup with an actionable message. Service-keys are issued for server-side inter-process authentication only; the CLI is invoked by a human and must use a user-key (dep_live_* / dep_test_*). The check fires for env-var, stored credential, and interactive-prompt paths; rejection happens before any HTTP call. (src/utils/auth.ts)

Source-aware error message points the user at the exact place to fix: DEPOSIUM_API_KEY env var, ~/.deposium/credentials, or the prompt.

Changed

• MCPAuthErrorCode enum gains 'accept_invalid' to mirror the canonical 9-code list shipped by the upstream AUTH_ERROR contract. The CLI itself never triggers this code (it sets Accept: application/json, text/event-stream on every request), but exporting the full enum keeps SDK consumers in sync with the upstream contract.

Tests

• 8 new tests in auth.test.ts: env-var dep_svc_* rejection (pre-server-call), stored dep_svc_* rejection, prompt-validate rejecting pasted service-keys, and 5 unit tests for assertNotServiceKey() covering all sources + error-message contents.
• 340 → 348 tests, all green.

[1.1.6] - 2026-04-25

Changed (internal refactor — no user-visible changes)

• src/client/mcp-client.ts split into 4 files for maintainability:
• src/client/types.ts — all public type/interface declarations (MCPTool, MCPSpace, MCPDocument, SSE*, etc.)
• src/client/auth-error.ts — MCPAuthError, MCPAuthErrorCode, buildAuthError
• src/client/internals.ts — retry classification, request-id generation, axios-error normalization helpers
• src/client/mcp-client.ts — MCPClient class only
• mcp-client.ts re-exports every moved symbol so existing imports (import { MCPTool } from './client/mcp-client') keep working without changes. The new files are an additional import surface, not a breaking one.
• MCPClient.authenticatedRequest cyclomatic complexity reduced from 21 to under the 15 ceiling by extracting dispatchHttp (HTTP method dispatch) and throwForKnownAxiosError (ECONNREFUSED / 401 / 404 mapping) helpers.
• MCPClient.parseSSEStream no longer uses a non-null assertion on response.body — narrowed via an early-throw check.

Tests

• New "Wire format guard" describe block in mcp-client.test.ts — pins HTTP method + path + body shape for all 13 public client methods (callTool, listSpaces, listDocuments, getDocument, deleteDocument, listApiKeys, createApiKey, deleteApiKey, rotateApiKey, getApiKeyUsage, plus query-string edge cases). Refactor was performed after this guard landed — server contract preserved bit-for-bit.
• 328 → 340 tests, all green.

[1.1.5] - 2026-04-25

Fixed

• ensureAuthenticated() now honors DEPOSIUM_API_KEY env var as a fast path, mirroring getConfig().apiKey resolution priority. Previously the helper checked only the stored credential, so CI/CD usage with env-only config triggered the interactive prompt despite the key being available. (src/utils/auth.ts)

Changed

• deposium auth status now displays the active key source — DEPOSIUM_API_KEY env var (with a "overrides stored credentials" hint) or stored credentials. Clarifies which credential is in effect when both are set.
• docs/commands/auth.md rewritten — was stale (Feb 2025 revision, referenced the legacy ~/.deposium/config.json API key path before credentials store separation, wrong header case X-Api-Key instead of X-API-Key).
• docs/guides/configuration.md — new "Resolution Priority" section under Authentication clarifying env-var-wins behavior and the auth logout caveat (env var is not unset by logout).

Tests

• 4 new tests in auth.test.ts covering the env-var fast path: short-circuit, whitespace trimming, env-over-stored priority, empty-env fallback to stored.
• 324 → 328 tests, all green.

[1.1.3] - 2026-04-25

Added — Structured MCP auth errors

The CLI now exposes structured authentication errors when the server returns the new /api/cli/mcp 401 shape (deposium_API commit HASH):

{ "error": "MCP Auth Error", "message": "Invalid API key format",
  "error_code": "format_invalid", "hint": "...", "docs": "..." }

• New exported class MCPAuthError extends Error with errorCode, hint, docsUrl properties — switch on errorCode for stable programmatic handling.
• New exported type MCPAuthErrorCode — stable enum: key_missing, format_invalid, key_invalid, permission_denied, rate_limited, auth_unavailable, auth_timeout, auth_internal_error, unknown.
• New helper buildAuthError(responseData) — internal, used in 5 401 handlers (callTool, listTools, health, listSpaces, authenticatedRequest, SSE chatStream/resumeAgent). Returns MCPAuthError for structured responses, falls back to plain Error for legacy shapes.
• Error message includes hint (prefixed 💡) and docs URL (📖) — printable as-is for end-user output.
• docs/development/error-codes.md — full reference + switch-pattern example.

Changed

• 5 inline 401 handlers in src/client/mcp-client.ts consolidated to use buildAuthError() — was duplicated 5x with slightly different fallbacks.

Tests

• 4 new tests in mcp-client.test.ts covering structured/legacy/SSE paths
• 320 → 324 tests, all green

[1.1.2] - 2026-04-25

Removed

• Internal planning docs that had been checked in (not relevant to consumers).

[1.1.1] - 2026-04-25

Added

• docs/guides/best-practices.md — new "Self-service Workflows" section with 4 end-to-end recipes (onboarding, API key lifecycle, inventory cleanup, pre-flight health check)

[1.1.0] - 2026-04-25

Added — Self-service management (3 new commands)

deposium space — workspace management

• space list (alias ls) — GET /api/spaces
• space show <id> (alias info) — filter list client-side (server has no GET /api/spaces/:id yet)
• space create <name> [--description] (alias new) — MCP deposium_admin macro with operation=create_space (experimental — depends on MCP layer accepting CLI keys)

deposium files — document management

• files list [--space <id>] [--limit N] [--offset N] (alias ls) — GET /api/v1/documents/
• files show <id> (alias info) — GET /api/v1/documents/:id
• files check <id> (alias validate) — MCP check_file tool (experimental, same caveat as space create)
• files rm <id> (alias delete) — DELETE /api/v1/documents/:id with inquirer confirmation (use -y to skip)

deposium api-keys — server-side API key management (plan-gated)

• api-keys list (alias ls) — GET /api/api-keys
• api-keys create -n <name> [-s scopes] [-t tier] (alias new) — POST /api/api-keys with one-time secret display
• api-keys delete <id> (alias rm) — DELETE /api/api-keys/:id with confirmation
• api-keys rotate <id> — POST /api/api-keys/:id/rotate with confirmation + new-secret display
• api-keys usage <id> — GET /api/api-keys/:id/usage

Added — Client API surface

• 5 new public interfaces in src/client/mcp-client.ts: MCPSpace, MCPDocument, MCPDocumentDetail, MCPDocumentPagination, MCPApiKey, MCPApiKeyCreated, MCPApiKeyUsage
• 9 new client methods: listSpaces, listDocuments, getDocument, deleteDocument, listApiKeys, createApiKey, deleteApiKey, rotateApiKey, getApiKeyUsage
• Internal authenticatedRequest helper that factorizes the retry-on-transient-errors loop + 401/404 error mapping (used by all new methods; older inline-retry methods kept as-is for now)

Added — Testing

• 50 new tests across space.test.ts (14), files.test.ts (19), api-keys.test.ts (17)
• Full suite: 270 → 320 tests in 27 test files
• vitest.config.ts with testTimeout: 15000 (vitest 4.x default of 5s was tight under load)

Added — Documentation

• docs/commands/space.md, docs/commands/files.md, docs/commands/api-keys.md — full per-command references
• README + docs/commands/README.md updated for the 3 new commands
• ROADMAP.md "Self-service management" section + v1.2 candidates moved (files download, connector commands, etc.)

[1.0.4] - 2026-04-25

Added — Test expansion

• Tests: src/__tests__/chat-history.test.ts — 28 new unit tests (was 0% covered, now 100%)
• Tests: 12 new tests in auth.test.ts for ensureAuthenticated + promptApiKey (auth.ts: 26% → ~100%)
• Tests: 8 new tests in chat-hitl.test.ts for runChatTurn HITL orchestration (chat.ts: 20% → 47%)

Changed

• Testing: Suite total 156 → 204 tests
• Coverage: Statements 72% → 76% globally

[1.0.3] - 2026-04-25

Added

• Helper: resolveTenantSpace(options, config) exported from command-helpers.ts — replaces 22 duplicated lines across 8 commands
• Docs: JSDoc on 8 public exports of src/utils/config.ts (setConfig, deleteConfig, resetConfig, getConfigPath, setApiKey, deleteApiKey, hasApiKey, getCredentialsPath)
• Docs: JSDoc block on re-exports in command-helpers.ts (isErrorWithCode, hasErrorCauseWithCode, getErrorMessage)

Changed

• Type safety: MCPClient.callTool args type tightened (Record<string, any> → Record<string, unknown>); removed eslint-disable comment
• Refactor: 8 commands (benchmark, corpus, evaluate, graph, intelligence, leanrag, mermaid, search) now use resolveTenantSpace helper
• Comments: Clarified intent of try/catch-as-control-flow in benchmark.ts and upload-batch.ts
• Docs: CLAUDE.md sync — version bump, test count, removed stale logger.ts reference, added chat-history.ts

[1.0.2] - 2026-04-25

Changed

• Dependencies: Updated 9 packages within semver range (no breaking changes)
• @typescript-eslint/* 8.56.1 → 8.59.0
• @vitest/coverage-v8, vitest 4.0.18 → 4.1.5
• dotenv 17.3.1 → 17.4.2
• inquirer 13.3.0 → 13.4.2
• lint-staged 16.3.1 → 16.4.0
• ora 9.3.0 → 9.4.0
• prettier 3.8.1 → 3.8.3

Fixed

• 3 moderate vulnerabilities resolved via npm audit fix:
• axios — Cloud Metadata Exfiltration via Header Injection Chain (GHSA-fvcv-3m26-pcqx)
• brace-expansion — Zero-step ReDoS (GHSA-f886-m6hf-6m8v)
• follow-redirects — Auth headers leaked to cross-domain redirects (GHSA-r4q5-vmmm-2653)

[1.0.1] - 2026-04-24

Added — First public open-source release on npm

Phase I Item 5 — HITL chat (Human-In-The-Loop)

• HITL: chat_prompt SSE event type + onChatPrompt callback in MCPClient (src/client/mcp-client.ts)
• HITL: MCPClient.resumeAgent(url, correlationId, { value | values }) — POST to /api/agent-resume, streams the continuation
• HITL: deposium chat --on-ambiguous=<prompt|fail|dump|pick-first> (TTY-aware default)
• HITL: inquirer picker rendering for type='choice' and type='confirm' prompts
• Tests: 14 tests in chat-hitl.test.ts (mode dispatch, TTY defaults, resumeAgent POST shape, SSE chat_prompt parsing)
• Docs: docs/guides/on-ambiguous-flag.md — user-facing policy reference

Security hardening

• Security: Config encryption via Conf({ encryptionKey }) with AES-256-GCM (scryptSync machine-derived key)
• Security: API key isolated in separate ~/.deposium/credentials file (encrypted, chmod 0600)
• Security: enforceUrlSecurity() — non-localhost HTTP connections refused by default
• Security: --insecure global flag + DEPOSIUM_INSECURE env var for override
• Security: Config directory chmod 0700, config files chmod 0600
• Security: Automatic migration of plaintext config to encrypted (backup .plaintext.bak)
• Networking: Chat streams routed via Edge Runtime gateway (/chat-stream) with auth + rate-limiting
• Networking: DEPOSIUM_EDGE_URL env var + edgeUrl config key (default localhost:9000)
• Networking: --direct flag on chat command for dev bypass (with warning)
• Networking: 429 rate-limit handling with Retry-After header and tier info
• Deprecation: DEPOSIUM_MCP_DIRECT_URL / mcpDirectUrl marked deprecated (use DEPOSIUM_EDGE_URL)

Open-source publication plumbing

• Project: LICENSE (MIT), SECURITY.md, CODE_OF_CONDUCT.md
• Project: GitHub Actions publish.yml — npm publish with provenance on tag v*.*.*
• Project: package.json files (scope tarball), publishConfig.access=public, homepage, bugs
• Project: Discord community link in security/conduct contacts
• Cleanup: Removed cross-repo references to private deposium_API; rewrote git history via filter-repo to scrub names + paths from earlier commits

Changed

• Dependencies: Major upgrades — conf 13→15, glob 11→13, mime-types 2→3, inquirer 12→13
• Dependencies: Patch/minor updates across the board
• Dependencies: Security overrides — minimatch >=10.2.4 (ReDoS), rollup >=4.59.0 (path traversal)
• Node.js: Minimum version bumped from 20 to 22 (engines field + CI)
• Code quality: All ESLint warnings resolved (67 → 0), || → ?? for nullish defaults
• Code quality: Removed dead logger module (344 LOC)
• Tests: 142 tests (was 137).

Fixed

• CVE fix: minimatch ReDoS (CVE-2026-26996)
• CVE fix: rollup path traversal
• CVE fix: axios __proto__ DoS (GHSA-43fc-jf86-j433)
• --silent no longer suppresses security warnings/errors

[1.0.0] - 2024-12-27

Added

• Core Commands
• Authentication (deposium auth login, deposium auth logout)
• Configuration management (deposium config set/get/delete/reset)
• Health check (deposium health)

• Tools listing (deposium tools)

• Search Commands

• deposium search - Multi-mode search (vector, FTS, fuzzy, graph)
• deposium graph - Knowledge graph operations (7 subcommands)

• deposium corpus - Corpus statistics and monitoring (7 subcommands)

• AI Commands

• deposium compound - Compound AI reasoning
• deposium intelligence - Intelligence analysis
• deposium dspy - DSPy pipeline execution
• deposium leanrag - LeanRAG operations
• deposium chat - Interactive AI chat mode

• deposium interactive - REPL interactive mode

• Data Commands

• deposium upload-batch - Batch document uploads
• deposium evaluate - RAG evaluation
• deposium benchmark - Model benchmarking (list, run, corpus, compare)
• deposium duckdb - DuckDB integration
• deposium mermaid - Diagram generation
• deposium query-history - Query tracking
• deposium logs - Server log management

• deposium ui - Interactive dashboards

• Infrastructure

• 137 unit/integration tests (Vitest)
• Structured logging with levels
• Retry logic with exponential backoff
• Graceful shutdown handlers
• HTTPS validation in production
• CI/CD with GitHub Actions

[0.1.0] - 2024-10-01

Added

• Initial Release
• Authentication (deposium login, deposium logout)
• Configuration management (deposium config)
• MCP tool invocation via HTTP
• Multiple output formats (json, table, markdown)

---

Links

• README - Installation and usage guide
• ROADMAP - Future plans and best practices
• Contributing - Contribution guidelines