A running timeline of what shipped.

Projects are now searchable in the global search bar — find projects by name or description alongside workunits, tasks, and assets

Project workunit listings now use server-side pagination and accurate per-status counts instead of client-side filtering capped at 100 items

Workunits ordered by most recently updated, with pagination that scrolls to top after page navigation

Project icon changed from folder to briefcase (IconBriefcase) to clearly distinguish projects from workunits

Protobuf generation now runs inside the Docker container with pinned plugin versions, eliminating cross-machine version drift

Clicking workunit and task search results now navigates to the actual item page instead of re-searching by name

OpenRouter OAuth callback no longer panics when session is saved twice — removed intermediate Save() call

OpenRouter OAuth callback timeout increased from 10s to 30s to accommodate KMS encryption latency

MCP server updated golang.org/x/text to v0.32.0 for Go 1.25 compatibility

Signup form action URL corrected to POST route, fixing 405 Method Not Allowed on registration

Scaleway Key Manager (KMS) envelope encryption replaces static ENCRYPTION_KEY for API key storage

OAuth state parameter added to OpenRouter PKCE flow preventing CSRF attacks

Credential redaction expanded to cover GitHub tokens (ghp_*, ghs_*, github_pat_*) and bearer tokens

GitHub tokens now passed via GIT_ASKPASS instead of embedded in command-line URLs

Encryption key validated at startup — server fails fast on misconfiguration instead of at first use

Rate limiting added to public OAuth endpoints (/oauth/token, /oauth/register)

GitHub API error messages sanitized to prevent internal detail leakage

ARIA labels added to modals, buttons, and select elements for screen reader accessibility

Keyboard navigation support — Escape key closes modals, backdrop click dismisses dialogs

HTMX polling pauses when browser tab is hidden to save bandwidth and battery

Date formatting standardized to client-side toLocaleString for consistent timezone handling

Context cancellation now respected in retry loops — cancelled executions release resources immediately

Output buffer capped at 10MB preventing OOM from runaway VM processes

Unbounded HTTP response body reads replaced with 1MB limit on PKCE and GitHub clients

PKCE code verifier now deleted before token exchange ensuring one-time use

Missing database indexes added for execution queries (org+created_at, target_task_id)

Input length validation added to CreateExecution preventing oversized field submissions

Transaction timeout added to CreatePullRequest preventing indefinite row locks

Error wrapping standardized to use %w across the branch for proper error chain inspection

GitHub App (WorkunitApp) replaces Personal Access Tokens for repository access with automatic installation token rotation

OpenRouter OAuth PKCE flow replaces manual API key input — users connect with one click

550 lines of confirmed dead code removed across API and web modules

OAuth callback session handling hardened against edge cases

OpenCode CLI agentic workflow replaces single-shot OpenRouter API calls for smarter, multi-step AI execution

Real-time streaming of agent tool actions during execution with live UI updates

Execution index page listing all executions across the organization

Agent tool actions displayed inline showing what the AI is doing in real time

SSH tunnel resilience with automatic reconnection and job heartbeat monitoring

Execution completion detection improved for agentic workflows

Repository URL and default branch fields added to project settings for execution context

Select All/Deselect All toggle for suggested tasks in execution setup

Configurable execution timeouts (up to 60 minutes) per execution

Dynamic AI model list fetched from OpenRouter API instead of hardcoded options

Execution duration displayed on completion for time tracking

HTMX polling expanded to update all dynamic sections during execution

API Keys navigation links added to organization and user settings menus

Cloud execution platform — run AI agents on ephemeral VMs against your GitHub repositories

Explore mode: AI analyzes your codebase, identifies issues, and suggests tasks with one click

Implement mode: AI executes tasks, creates branches, and opens pull requests automatically

AES-256-GCM encryption package for secure BYOK API key storage at rest

ExecutionService gRPC with full lifecycle management (create, cancel, get, list executions)

External service clients for Sprites (ephemeral VMs), OpenRouter, and GitHub APIs

Execution worker with explore and implement modes, job polling, and VM lifecycle management

Web UI for starting executions, viewing real-time progress, and managing API keys

Implement mode UI with task selection, CreatePR flow, and suggested task gating

Execution steps tracked with proto enums for type-safe status and step_type handling

Worker hardened with concurrency limits, signal handling, and comprehensive test coverage

SSRF prevention, race condition fixes, and error sanitization in execution service

Database indexes added for execution queries and UUID collision prevention in VM names

Cancellation detection and idempotency checks prevent duplicate or orphaned executions

Signup form action URL corrected to match POST route

Verbose query logging disabled by default in development environment

Private repository cloning supported with authenticated GitHub access

Sprites file write retries and job context lifetime handling improved

Full observability stack with Grafana, Loki (logs), Tempo (traces), and Mimir (metrics)

OpenTelemetry instrumentation across API, web, and MCP servers for distributed tracing

Database query tracing with per-query performance metrics

Notification triggers for workunit and task status changes

Workunits now always belong to a project for better organization and navigation

GitHub Actions CI pipeline with parallel testing across all services

Authorization hardened across all resources to prevent cross-organization data access

OAuth default scopes fixed to include read and MCP tool access

Type-safe URL building across the entire codebase replacing hardcoded paths

Unimplemented API endpoints removed for a cleaner, more predictable API surface

Password reset now uses constant-time checks for invalid email formats

Token auto-revocation timing formula corrected

Check-in response form now displays flash messages on submission

Task actions and navigation use project-scoped URLs consistently

CTA buttons no longer wrap awkwardly on small screens

Notification badge expands properly for multi-digit unread counts

Complete landing page redesign with broader value proposition beyond AI-only messaging

Default button type set to submit for consistent form behavior

Pagination on assets list page now correctly displays different pages instead of always showing first page results

Hierarchical directory structure for organizing assets with nested folders

MCP directory tool with polyaction pattern supporting create, get, list, update, delete, and move operations

Directory filtering in search with directory_id and root_only parameters for scoped asset queries

Move assets between directories via update_asset with directory_id field

Documentation section with tree sidebar for hierarchical directory browsing

New Documentation & Directories guide with natural language AI prompt examples

Shared organization helpers extracted to common package reducing code duplication

Cursor-based pagination support for directory searches using page_token

Simplified string matching using stdlib functions for better Unicode handling

New Project Management guide covering project lifecycle, organization, and AI integration

Workunit Workflows guide updated with 'Workunits and Projects' section explaining hierarchy

Core Concepts guide updated with new Projects section and visual hierarchy diagram

Managing Assets guide updated with 'Linking Assets to Projects' section

Check-ins guide updated with 'Check-in Scope' section for organization-wide vs project-scoped check-ins

Collaboration guide updated to include project context in team collaboration

Guides index page reorganized with Project Management as first feature guide

Project filter dropdown on assets list page for filtering assets by project

MCP tool consolidation: 12 tools merged into 4 polymorphic tools saving ~5.6k tokens

Unified create_asset and update_asset tools replacing 8 type-specific asset tools

Unified project_asset_link tool replacing link/unlink pair with action parameter

Unified remove_project tool replacing archive/delete pair with action parameter

Reduced JSON schema verbosity across all MCP tool definitions

MCP task status conversion now handles 'wont_do' status correctly

Project owner selector dropdown replacing manual text input for better user selection

Markdown rendering support for project descriptions

Clickable owner name linking to user profile on project detail and list pages

MCP Go SDK upgraded to v1.1.0 with stable API guarantees

Stateless mode enabled for MCP server to survive deployments and load balancing

Project-scoped URLs for task links ensuring proper navigation context

Proper breadcrumb navigation on task detail pages within projects

Rebranded from 'Calm AI' to 'One Workspace. Multiple AI Models.'

MCP session persistence across server deployments eliminating 'session not found' errors

MCP create_system_asset now uses authenticated context for proper authorization

Missing update_mask in project edit form now properly persists changes

Removed unique constraint on asset names allowing duplicate names across organizations

Removed misleading View All link from Recent Workunits section on project page

Comprehensive project management for organizing workunits, assets, and check-ins into hierarchical projects

Project lifecycle management with planning, active, on-hold, completed, and archived statuses

Project statistics dashboard showing workunit, asset, and check-in counts

Full-text search with fuzzy matching for projects

Optional project assignment for workunits, assets, and check-ins

MCP integration with consolidated get_project tool including include_* fields for related data

Project-scoped URLs for all workunit operations enabling cleaner navigation hierarchy

Breadcrumb navigation throughout project and workunit pages

Inline content display on project pages replacing tabbed interface

Go upgraded to 1.25 and SQLC upgraded to 1.30.0

Workunit project assignment now properly persists and displays

Project statistics show accurate entity counts

Token authentication added to gRPC search calls for secure organization access validation

PKCE verification success security event type added for enhanced authentication tracking

AI context generation feature removed to simplify codebase and reduce maintenance overhead

Retrieval of existing AI context remains available via MCP and API endpoints

Per-check-in timezone configuration for accurate notification scheduling

Timezone selector with 50+ common timezones organized by region

Check-in notifications now respect user-specified timezone instead of server UTC

Automatic daylight saving time handling for recurring check-ins

Timezone validation using IANA timezone database

Complete check-ins system for team status updates and async communication

Automated check-in scheduling with daily, weekly, biweekly, and monthly frequencies

Check-in subscriber management and notification system

Check-in responses with markdown support and search integration

Check-in worker for automated scheduling and email notifications

Check-in guide with comprehensive documentation

Draft status for workunits to support work-in-progress planning

Proactive token refresh middleware for seamless authentication

Won't Do task status for explicitly tracking abandoned tasks

Structured logging with charmbracelet/log replacing standard logging

Enhanced validation for check-in forms and scheduling parameters

Organization access control for check-in services

HTMX support for check-in response updates and deletions

Avatar component consolidation across views

Task pagination limit increased with accurate total count calculation

UTF-8 rune counting for accurate string length validation

Task analytics now track and display Won't Do tasks separately

UUID normalization now case-insensitive for PostgreSQL compatibility

Secure password reset flow with time-limited tokens

OAuth PKCE validation and enhanced authorization flows

Automatic token refresh and session cleanup

Redis integration for caching and rate limiting

Enhanced security for token validation and rotation

Authorization checks across all resources

Structured logging with charmbracelet/log

OAuth client lookup and auth configuration alignment

Quick Start guide with step-by-step onboarding

AI Features guide documenting AI-powered capabilities

Managing Assets guide with comprehensive asset type documentation

Best Practices guide for team workflows

GitHub links updated to use discussions for community engagement

Consolidated 90+ inline SVG icons into centralized Icon component system

Extended Icon component from 27 to 45 icons with consistent patterns

Created comprehensive icon usage guide for developers

Type-safe icon system with compile-time validation

Email verification system with token generation and validation

Rate limiting for verification requests using Redis

Resend verification functionality with IP-based rate limiting

Email templates for verification and welcome messages

Organization-specific member listings for better security

Sorted distribution keys in analytics for consistent ordering

Task statistics query accuracy using correct workunit_id

Footer link to point to correct about page

Comprehensive notification system with email and push support

Real-time notification dropdown with unread count tracking

Web push notifications with service worker integration

Notification preferences management for email and push channels

Flash message system for user feedback

Notification triggers for tasks, workunits, and organization events

Database migrations with performance-optimized indexes

Mock notification senders for development and testing

Comprehensive notification documentation and testing guides

Task dependency management system with 'depends_on' relationships

Circular dependency detection and validation

Multi-select UI for managing task dependencies in forms

Dependency visualization in task and workunit views

Simplified dependency model (removed redundant 'blocks' field)

Enhanced error handling for dependency validation

Unified MCP search functionality across workunits, tasks and assets

AI context writing support for LLMs to preserve insights and reasoning

Workunit status management with smart routing (complete/archive)

Multi-LLM collaboration product messaging updates

Search ID pattern matching for partial UUID queries

Workunit ID in search results for task navigation

User menu component with dropdown for desktop navigation

Clickable asset names with hover effects

Documentation for getting workunit AI context

Privacy policy service provider updates

Form field heights and layout spacing adjustments

Type-specific field handling for assets (Products, Systems, People, Knowledge)

HTMX support for asset delete and bulk actions

Simplified JSON schema descriptions with type-specific asset details

Full paths for gofumpt and templ in docker-compose

Search query parameter changed from 'search' to 'q'

Type-specific asset views and protocol buffer updates

Type-specific asset handlers with shared utilities

Enhanced asset search and card layout

Comprehensive documentation for development workflow

Task orchestration and agent delegation guidelines

MCP integration guide with route and layout

Inline markdown content support for knowledge assets

Markdown processing utilities with field length limits

OAuth refresh token grant type handling

Handler to get authenticated user details

Guide styling improvements (margin cleanup)

Markdown stripping from problem statement in workunit view

Form component with automatic CSRF token injection

Batch operations and enhanced workunit details

Batch retrieval endpoints for assets and tasks

OAuth refresh token replay protection and auto-refresh

CSRF validation skip for OAuth public API endpoints

Responsive padding improvements in layouts and navigation

Workunit asset management documentation

Progressive Web App (PWA) support with service worker

Product section with pricing, features, apps, changelog and status pages

Support, guides, privacy and terms pages

CSS versioning for cache busting

Meta tags and favicons for SEO and branding

Responsive navigation design and button styling

Safe area padding for mobile devices

Switch statements replacing if-else chains for cleaner code

JavaScript bundling and minification in build process

Favicon assets update with simplified SVG

Organization invitation system with email templates

Workunit edit form and handler

Task edit functionality with improved form components

Field mask support for update operations

MCP update tools for assets, workunits and tasks

User-specific listing endpoints with filtering for workunits/tasks

Organization name and invitation support for signup

Development tools and formatter service updates

Tailwind class ordering for consistent styling

API client access and variable initialization simplification

Templ binary and generate step in Dockerfile

HTMX request redirect handling after asset update

Actual team member count fetching on homepage

Comprehensive gRPC client implementation

Comprehensive logging middleware with request IDs

Asset service client and create asset handler

Link component integrated with headings

Task counts in workunit listing

PostgreSQL image upgrade from 16 to 18-alpine

Activity item sorting with time.Time field

Workunit card spacing improvements

Link asset request construction in CreateWorkunit

Actual task count display in workunit card

Asset error handling and list initialization

Comprehensive gRPC client implementation

Templ file formatting and cleanup

Interactive database seeder for development

Pagination for assets and workunits lists

Comprehensive analytics for assets, workunits and tasks

Clickable user names with profile links throughout UI

Development guidelines documentation updates

Test password generation in seeder

Unified search functionality

Updated a-h/templ dependency

MCP-specific OAuth discovery and protected resource endpoints

CORS support and preflight handling in auth middleware

Response modes support in OAuth discovery metadata

OAuth compliance improvements for unauthorized responses

Updated caniuse-lite dependency

Display name management for users

Organization slug field removal and refactoring

Session update for display name instead of email

Task detail view with comments and time tracking

Task time logging functionality

Strongly-typed tool registration system for handlers

Get task handler with optional data retrieval

WebBaseURL configuration for OAuth endpoints

Base64 support for OAuth JWT key

Simplified grant types handling with string arrays

gRPC client creation updated to use NewClient

OAuth JWT key parsing debug logging

Transaction rollback prevention after successful commit

Duplicate error variable declaration removed

Default port changed from 8080 to 9000

Secure OAuth 2.1 server with JWT signing

OAuth 2.1 with device and authorization code flows

RegisterRoute support for multiple HTTP methods

Simplified grant types handling in database layer

MCP server docker setup optimization

MCP server with authentication and comprehensive tools

Documentation for organization, asset, task, and sync tools

Fixed missing newlines and dependency updates

Complete rename from workspace to workunit across codebase

Account settings and analytics functionality

Consolidated auth error handling and session checks

Module rename from lazarus to workunit

Migration from AlyxPink to 3615-computer organization

MCP server implementation documentation