Changelog
What changed in each release, in user-facing terms. Internal refactors and dev-only cleanups aren’t listed.
Conventions: Added = new features, Changed = behavior or UX shifts, Fixed = bugs, Security = anything affecting your data, Migrations = automatic upgrades the app applies to existing cortexes.
v1.23.3 — Home growth, obligation deadlines, and Memory Integrity attention
2026-06-26
Your Cortex home dashboard is more reliable — growth stats load from the op-log, cards stop resetting mid-fetch, and Memory Integrity nudges stay in sync between the sticky banner and Ghampus. Ghampus routes “what’s due” to deterministic obligation recall, auto-indexes deadlines from saved text, and correction proposals are scoped so a single fix cannot rewrite unrelated memories.
Added
- Home ingest growth sparkline — daily
ingestSourcebuckets viaactivity.growthStatsIPC; Growth card shows real counts with an honest retry when the sidecar is slow. - Obligation auto-extract —
remember, clip ingest, and Ghampus saves infer deadline / renewal / review-by dates from natural language (ISO dates, “due Friday”, month-day phrases, Romanian cues). recall_obligationsrouting — Ghampus phrases like “what’s due this week” or “list due obligations” route to deterministic obligation recall instead of broad semantic search.- Memory Integrity attention surfaces — sticky home banner and floating Ghampus bubble share one dismiss signature; snooze clears both until the queue changes.
- Correction scope guardrails — local-LLM edit proposals cap at the top recall match unless you explicitly name multiple targets; deletes require removal language;
test:correction-scopeships in the sidecar tree. - Docs: HeroDiagram contradiction examples — in-diagram callouts on the Getting Started overview (not separate UnBrain diagrams).
Changed
- Memory Integrity Queue tab — pending corrections appear alongside contradictions and duplicates in the unified workbench queue.
- Ghampus attention nudge — tab switches and dismiss actions stay in sync with the home attention strip.
- Ghampus scroll rendering — zoom/scroll layout fix for long threads in the Tauri webview.
- Standing instructions (
GRAPHNOSIS.md) — documentsobligationmetadata onremember/ingest_batchand therecall_obligationstool.
Fixed
- Home dashboard tab re-tap — removed duplicate
showAtlasHomeDashboard()calls that reset card skeletons mid-flight;isHomeDashboardView()gates attention rendering. - Corrections oplog compaction — concurrent sweep callers share one in-flight promise so compaction does not duplicate work or log spam.
- 3D Engram Reset — legend Reset restores real edge categories without forcing the GNN “Predicted” overlay back on.
v1.23.2 — Ghampus memory commands and Home dashboard reliability
2026-06-25
Ghampus gets first-class slash commands for editing, comparing, and forgetting memories — with guardrails that stop fabricated “based on your memory” claims when recall is empty. Your Cortex home cards load in parallel and never stay stuck on skeleton placeholders. Contradiction triage is hardened with a shipped eval harness.
Added
- Ghampus
/edit [correction]— propose a memory correction from chat; review and approve the diff in Check-in before anything is saved. - Ghampus
/compare [topic]— find sources and check for contradictions from chat; full compare workbench remains in Foresight → Memory Integrity. - Ghampus
/forget [topic]— search for memories to remove, with scoped engram hints and candidate previews. - Recall honesty guardrails — Ghampus strips fabricated attested-memory claims when recall was empty or thin; advice queries prefer your saved facts over general-knowledge defaults.
- Memory search retry — phrases like “search my memory” re-run the prior question instead of treating the phrase literally.
- Contradiction eval harness — deterministic 71-pair routing gate (
test:contradiction) ships in the source tree; triage hardening reduces false-positive surfacing (supersession, negation artifacts, complementary facts). - Docs: un-brain overview — three diagrams on the Getting Started overview (un-brain map, inverted forgetting curve, silent vs surfaced conflict) with a link to the whitepaper.
- Landing: Claude disclosure — restored “Built in the open, with Claude” origin story and mid-build quote on graphnosis.org.
Changed
- Home dashboard card loading — Needs you, digest, Foresight, and growth cards load in parallel IPC; an 8-second watchdog replaces stuck skeletons with honest empty/retry copy.
- Trust & Vitality card — clicking the Home Ghampus card opens Ghampus chat (header mark still opens the intro modal).
- Get Connected — Organization catalog and Compliance schema sections are collapsible by default.
- Ghampus empty-thread logo — CSS classes replace inline styles so production Tauri bundles match dev sizing.
- Update modal — title left, seahorse + wordmark pinned top-right; fresh-chat modal footer spacing improved.
- Updater feedback — manual “Check for updates” (menu or tray) shows a toast when you’re already on the latest version or when the check fails.
- SDK — sidecar pins
@nehloo/graphnosis^0.7.2.
Fixed
- Home card skeleton hang — cold boot and slow sidecar no longer leave async cards on loading placeholders indefinitely.
/skillsfilter — keyword normalization handles trailing spaces and partial matches more reliably.
v1.23.1 — Ghampus send queue after /insights
2026-06-24
Hotfix: Ghampus no longer hangs with the send button disabled after an /insights preview turn completes.
Fixed
- Ghampus send queue after /insights — insights-preview turns now call
notifyGhampusTurnDone, releasing the serialized send queue so you can message Ghampus again immediately after an insights card finishes.
v1.23.0 — Memory Integrity and Ghampus compose
2026-06-24
Graphnosis catches when your memory disagrees with itself — surfaces it clearly, helps you fix it (with Ghampus), and never silently stores conflicting facts side by side. Ghampus gets a compose rail while you type, serialized send turns, multilingual save/recall, and session summaries when you start fresh.
Added
- Memory Integrity Workbench (Foresight → Memory Integrity): unified queue for corrections, contradictions, and duplicates; Keep A / Keep B / Mark debate; compare two sources; resolution history; on-demand cortex scan.
- Attention strip on Your Cortex when anything needs review; rail badge shows unified count (corrections + contradictions + duplicates).
- Persisted contradiction queue — review pairs survive sidecar restart; dismissals stick.
- Ingest → queue — SDK contradictions from new memories enter the Workbench immediately.
- MCP
compare_sources(Pro) — external agents can audit two source documents; in-app compare is free. - Ghampus consistency walk — phrases like “check my memory for contradictions” start a guided, approval-only review.
- Foresight insights dashboard — tile grid for patterns, gaps, and opportunities;
/insightspreview in Ghampus chat. - Ghampus compose rail — proactive engram chips, intent hints, and integrity warnings while typing; optional local-LLM intent refinement.
- Remember & start fresh — session summary promotes durable facts from an ephemeral chat thread before clearing it.
- Presentation mode — demo-safe redaction config for talks and screenshots.
- New chat engram dropdown — pick the target engram when starting a Ghampus thread.
Changed
- Coherence / Vitality — unresolved contradictions in the queue lower coherence alongside duplicate pairs.
- Full scan now includes contradiction scan (not 6h-only).
- Away digest includes Memory Integrity counts when items are pending.
- Ghampus send queue — turns serialize on the sidecar; new sends no longer preempt in-flight work.
- Multilingual save/recall — Ghampus routes remember/recall in the language you type.
- Skill train & recall formatting — cleaner step gutters and recall presentation for walk_skill output.
- Selection follow-up — highlight text in chat for contextual Ghampus replies.
Fixed
- Needs you / rail badge sync — badge count and Home “Needs you” card stay aligned when corrections arrive via MCP poll.
- Ghampus avatar & scroll — mascot and thread scroll behavior stay stable on long conversations.
v1.22.0 — Ghampus Hush branding and proactive intelligence
2026-06-21
Ghampus Hush is the official name for the in-app confidential AI — marketing, docs, and desktop UI aligned on Your confidential AI. Already on it. Proactive tips, memory suggestions, reminders, clarification flows, and performance profiles ship in this release.
Added
- Ghampus Hush branding. Desktop rail, header, tray, and marketing/docs use the Hush product name and tagline; mascot remains Ghampus the seahorse.
- Proactive tips & memory suggestions. In-chat tip cards when idle; post-reply suggestions to save decisions, deadlines, and facts you shared.
- Reminders & temporal parsing. Obligation due-dates surfaced from cortex content; startup, daily, and weekly summaries.
- Clarification & recovery nudges. Ghampus asks when intent is ambiguous; recovery prompts when brain/embed workers stall.
- Walk skill picker. Choose which skill to walk from chat without leaving the textarea.
- Performance profiles. Low / balanced / high impact presets for embed workers, docs deferral, and background lane scheduling.
- History cache. Faster Ghampus thread load on repeat visits.
Changed
- Vitality health nudges. Idle-time cortex-gardening suggestions for low-scoring engrams.
- Background lane scheduler. Serializes heavy brain/Ghampus work under low-impact profile.
- Enterprise FAQ & persona pages. Copy updated for confidential-AI positioning.
Fixed
- Brain recovery & embed workers. More resilient worker lifecycle; safer queueing during recall.
- Ghampus busy/timeouts. Clearer handling when sidecar is saturated or steps exceed bounds.
v1.21.1 — Ghampus stop, timeouts, and skill train
2026-06-21
Ghampus turns can be stopped mid-flight, long-running steps time out with a clear message, and you can start skill training from chat. Trace panel polish and safer recall on sensitive engrams.
Added
- Stop Ghampus. Stop button cancels the in-flight turn; sidecar registers and clears turn handles cleanly.
- Turn timeouts. LLM and tool steps are bounded; timeouts surface a user-facing message instead of hanging.
- Skill train from chat. Routes
/train,train skill …, and related intents throughlist_skills/get_skill/walk_skill_structured. - Romanian recall routing. Search phrasing like caută maps to recall intent alongside English patterns.
Changed
- Trace panel. Elapsed time formatting, pinned expanded meta, copy-icon hover fix, and restyled Stop control.
- Sensitive engram recall. Tighter limits and guards when recalling from high-consent engrams; embedding queue respects recall scope.
- In-app Ghampus MCP. Local Ghampus tool chains bypass external MCP consent/replay guards where appropriate.
Notes
- Ghampus eval fixture corpus extended for cancel, timeout, skill-train, and Romanian routing cases.
v1.21.0 — Ghampus routing, Touch ID, and activity
2026-06-21
Major Ghampus upgrade: intent routing and tool planning moved out of a monolithic sidecar path into testable modules, with a trace panel in the UI. Touch ID unlock is more reliable after passphrase changes. Activity and audit views load faster on large cortexes.
Added
- Ghampus trace panel. See tool steps, thinking, and cards as Ghampus works; conversation auto-scrolls with new trace events.
- Ghampus routing stack. Intent classification, engram resolution, grounding, multilingual handling, and structured tool planning — orchestrated through dedicated sidecar modules instead of one IPC blob.
- Activity audit improvements. Bounded op-log queries with cursor paging and actor attribution; home digest no longer times out pulling the full op-log on large cortexes.
- LLM temperature presets. Settings expose preset temperature choices for local LLM capability tuning.
- Smoketest guardrails. Pre-commit hook blocks re-adding gitignored
smoketest*.tssources; documented in project instructions.
Changed
- MCP consent UX. Consent modal shows friendly client names (including Ghampus); in-app Ghampus multi-tool recall chains no longer trip external MCP rate/replay guards.
- Home vitality bars. Engram score bars use grade-based colours that render correctly in production WebKit; label column width aligns across rows.
Fixed
- Touch ID unlock. Passphrase is cached only after the sidecar proves decryption; stale biometric reads are cleared with a clear recovery message instead of blocking typed unlock.
Notes
- Ghampus eval harness scripts and fixtures ship for local QA regression — not wired into CI yet.
- Sidecar smoke passes all functional phases; recall latency benchmark may fail on slower machines (environment-specific threshold).
v1.20.3 — CI fix (re-ship cortex unlock)
2026-06-20
Re-publish after v1.20.2 failed CI — an accidental Ghampus WIP hunk in main.ts referenced APIs not yet in @graphnosis-app/core.
Fixed
- Build / release. Removed stray
resolveLlmTemperaturecall from the sidecar boot path so Linux Server smoke and the release workflow compile again. - Cortex unlock (same as v1.20.2): Bun-compiled sidecar no longer crashes loading
package.jsonat boot.
Notes
- Use 1.20.3 on Mac Mini — v1.20.2 installers never published.
v1.20.2 — Cortex unlock on Apple Silicon Macs
2026-06-20
Fixes a sidecar startup crash that prevented unlocking a cortex on fresh installs (including Mac Mini agent setups).
Fixed
- Cortex unlock. The compiled sidecar no longer crashes loading
package.jsonat boot (Cannot find module '../package.json'in Bun binaries). Version is passed from the app shell viaGRAPHNOSIS_APP_VERSIONinstead.
Notes
- Same Hermes integration as v1.20.0 / v1.20.1 — use 1.20.2 on Mac Mini and any machine where 1.20.1 could not open a cortex.
v1.20.1 — Release pipeline fix
2026-06-20
Re-publish of v1.20.0 after CI failed to build Linux server smoke artifacts.
Fixed
- CI build graph.
@graphnosis/mcp-relayis excluded from the monorepopnpm -r buildstep so@graphnosis-app/corecompiles before the sidecar; release and Linux Server workflows complete again.
Notes
- Same Hermes integration as v1.20.0 — use this build if v1.20.0 installers never appeared on GitHub Releases.
v1.20.0 — Hermes Agent integration
2026-06-20
Connect Graphnosis to Hermes Agent from Get Connected — memory auto-prefetch plus full MCP tools via a published npm relay.
Added
- Hermes setup wizard. Get Connected → Hermes writes
memory.provider: graphnosisandmcp_servers.graphnosisto~/.hermes/config.yaml, plusgraphnosis.jsonsocket settings. Confirms before replacing an existing Hermes memory provider. @graphnosis/mcp-relaynpm package. Stdio relay for any MCP client (npx @graphnosis/mcp-relay ~/.graphnosis/mcp.sock); shell wrapper fixesnpxbin resolution.- Hermes SKILL.md at
graphnosis.com/skills/graphnosis/SKILL.md— recall hygiene and consent for Hermes sessions. - Upstream PR bundles under
integrations/hermes-agent/andintegrations/hermes-desktop/(memory provider, MCP catalog, desktop UI patches).
Changed
- Connect Your AI docs — Hermes section documents both paths (memory provider + MCP catalog) and setup from the app wizard.
Notes
- Hermes Agent / Hermes Desktop upstream PRs are not merged yet; the app wizard and npm relay work today. Full Discover/Tools install cards ship in the desktop PR bundle when applied upstream.
v1.19.2 — Ghampus Run fix and live timestamps
2026-06-20
Small Ghampus polish: proactive skill cards run without throwing; thread timestamps stay fresh.
Fixed
- Proactive Run buttons. Clicking Run on a Ghampus proactive skill card no longer throws ReferenceError;
skillGraphIdis read from the card payload and the button disables while the walk starts.
Changed
- Live timestamps. Relative times in the Ghampus thread refresh every 30 seconds and on hover, so “2m ago” stays accurate without leaving the view.
v1.19.1 — Vitality settling, docs repair, and Ghampus recall polish
2026-06-20
Reliability and UX patch: boot-time vitality no longer drifts per-engram bars for minutes after unlock; ghost Graphnosis Docs metadata auto-repairs; Ghampus recall output is grouped and deduped; home dashboard cards load consistently.
Fixed
- Docs ghost engram. Settings row without a
.gaion disk is detected and rebuilt via async background ingest (no scary boot FAILED stack during repair race). - Docs re-ingest loop. Graphnosis Docs no longer wipe+re-ingests on every unlock when source count lags bundled pages; re-ingest defers until post-boot idle, respects hollow-bundle materialize, and only stamps version on full success — no repeated unlock toasts.
- Home dashboard cards. Autonomous Brain, Memory health, and Self-healing cards load reliably after unlock instead of staying blank on slow sweeps.
- PER ENGRAM chart. Full engram catalog (not just the one loaded in memory) during vitality settling, with cached scores and ”· updating…” until finish; archived rows dimmed; bar tracks pinned to the middle grid column so a lone bar no longer stretches the card.
- New engram wizard. Template/create flow no longer fails when metadata races disk load.
- Recall latency bench. Smoke regression guard uses the correct warm corpus threshold.
- Offer bundle counts.
checkOfferuses source count frozen at load time so mid-reconcile ingest does not skew recovery hints.
Changed
- Vitality settling. UI shows the last-session snapshot with
settling: trueuntil duplicate scan, temporal decay, and hollow-bundle materialize complete; then flips to live compute once. Per-engram scores persist inbrain.lastVitality.byGraph. - Work priority. Background Ghampus thinking runs at P2 while ingest/embedding stay P0–P1 via a cooperative priority queue.
- Ghampus recall. Structured grouping, audit-trail stripping, and synthesis formatting for cleaner chat answers; model dropdown dedupes duplicate labels.
- Skills library.
listSkillsfilters by engram template for faster open on large cortexes. - Sources. Batch forget selected sources from the desktop inspector.
- Self-healing. Single consolidated stat when every item has been rechecked.
- Boot logs. Ghost metadata skips downgrade to error-level noise.
- Save guards. Shrink-save blocked;
.lkgpromotion when a shell would overwrite substantial on-disk data.
Added
ghampus-recall-format— shared formatters for Ghampus structured recall and grouped list rendering.work-priority— P0–P3 scheduling hints for sidecar background work.
Deferred
- Ghampus logo/layout polish in the chat modal (reverted to v1.19.0 asset; manual layout pass planned).
v1.19.0 — Skill runs, Temporal Job Memory, and Ghampus discipline
2026-06-20
Major skills-and-Ghampus release: resumable multi-skill runs with Activity oversight, Temporal Job Memory (obligations on memories + recall_obligations), proactive skill-dispatch matching, golden-walk regression fixtures, GSK semver/lineage, hollow-skill repair, catalog drift detection, Evidence Pack skill-run slice, and MLX/vLLM hooks for local OpenAI-compatible runtimes.
Added
- Skill runs (Team Playbooks 4b).
save_skill_run/resume_skill_runpersist captured walk variables and step progress to encrypted per-run files. Activity → Skill runs tab lists status, actor, and redacted vars; Evidence Pack exports askillRunsslice for compliance review. - Temporal Job Memory (phase 1–2). Optional
obligationfields onremember/ingest_batch(deadline,renewal,review-by) with a local obligation index, retention guard (active obligations block purge), and MCPrecall_obligations(due-window + type filters). Ghampus surfaces obligation-due proactive cards. - Skill lifecycle hardening. Golden-walk fixtures guard walk-plan shape;
skill-dispatch-syncexports dispatch rules to Cursor/Claude after retrain; GSK packs carry semver + lineage metadata;repairHollowSkillSourcerestores zero-node skills from snapshots; skill-recall bindings wire walk-time recall recipes. - Ghampus A′–D. Proactive dispatch trigger matching (context → skill slug), away-digest dedupe for quiet periods, savings-tracker baseline calibration, and Ghampus operator skill training script. Cloud/local routing accepts MLX-LM and vLLM OpenAI-compatible endpoints when configured (bring-your-own server — not a bundled turnkey stack).
- Catalog drift. Sidecar detects when subscribed org-catalog packages change on disk or SharePoint and surfaces drift in Activity for IT-aligned refresh.
- IPC/MCP surface.
skill:walkStructuredfor in-app structured walks;settings:getalias; trained-output title restoration in Skills library.
Changed
- Agent walker. Richer structured walk plans (parallel steps, loop caps, failure handlers); smoke coverage expanded across obligations, golden walks, dispatch sync, and RBAC.
- Compliance export. Evidence Pack JSON includes skill-run metadata (count + redacted list items) alongside op-log, consent, and MCP audit slices.
- Download sync.
release:sync-downloads/sync-graphnosis-md.mjsalso updatesFALLBACK_VERSIONin Cloudflare download handlers alongside_redirects.
Fixed
- Self-healing Activity. MCP and skill-run segments recover after transient sidecar errors without a full app restart.
- Hollow skills after in-place retrain. Repair path + trainer ordering prevents empty trained graphs from breaking library open/export.
Security
- RBAC matrix.
recall_obligationsrequiresrecallcapability (available to recall-only shares); skill-run save/resume requiresskill-walk(editor+ roles).
Migrations
- Obligation index builds on first unlock after upgrade; existing memories without obligations behave unchanged.
Deferred
- Calendar integrations, remote Ghampus hub, Slide G multi-skill orchestration UI, turnkey MLX/vLLM install wizard (hooks exist; you run the server).
v1.18.0 — Enterprise SSO, org catalog, and compliance
2026-06-20
Major enterprise release: federated OIDC cortex unlock, IT-managed engram catalog with MDM and SharePoint sync, compliance v1.2 (legal hold, retention, evidence packs), durable MCP audit logging, sharing RBAC, op-log tail replay with boot reliability fixes, Ghampus skill maintenance, and OpenAI/Anthropic walk adapters.
Added
- Enterprise SSO (OIDC). Settings → Enterprise SSO: federated cortex unlock via corporate IdP (Okta, Azure AD, Google Workspace, and other OIDC providers). Lock-screen sign-in, IdP group → sharing-role mapping, optional Entra tenant binding, IdP reachability probe for VPN-only IdPs, break-glass passphrase fallback, and headless
/admin/provisionfor MCP seats. - Organization Engram Catalog. IT publishes engram packages employees can subscribe to from the lock screen or Get Connected. SharePoint list sync, MDM bundle auto-install, IdP group entitlements, IT-controlled classification labels, and
requireSsoSessionpackages that block subscribe/recall without an IdP unlock. - Compliance v1.2. Source- and engram-level legal hold, retention job hooks, Evidence Pack export (signed op-log + MCP audit bundle),
recall_as_ofMCP tool for point-in-time recall, and IT-configurable classification schema via MDM or admin UI. - MCP audit log. Durable encrypted per-call audit trail with Activity → AI access log and enterprise export — no boot-time reconcile required.
- Sharing RBAC matrix. Session heartbeat lease, role-aware MCP
tools/listandtools/callenforcement, and enterprise sharing role picker in Team Admin. - Op-log tail replay.
oplogReconcileCheckpointon loadGraph replays only new tail events; idle op-log compaction surfaces in status bar and Activity. - Ghampus skill maintenance. Stale-skill retrain queue, SOP-preserving local LLM rewrite on train, walk plan/digest routing, and OpenAI-compatible + Anthropic walk adapters.
- Performance guard. Recall latency benchmark module with smoke regression guard (~200 ms p95 on warm single-engram corpus); docs qualify published ~75 ms figures.
Changed
- Autonomous Skills. Renamed from Memory-trained Skills; library/trainer rail (not Remember form); 3D atlas hidden under Skills/Search sub-modes.
- Org catalog UI moved to Get Connected; employee catalog shows entitlement reasons (groups, SSO required).
- Enterprise IT FAQ documents OIDC SSO availability today; SAML 2.0 SP remains on the roadmap.
- Boot sequence. Event-driven engram sweep, deferred brain passes, background reconcile — large cortexes unlock faster with correct engram counts immediately.
- Save guards. Block empty/shrink
.gaiwrites; auto-restore from.lkgwhen a shell overwrites substantial on-disk data.
Fixed
- Autonomous Skills pane. Restored Trained Output when opening library skills; rail shows library/trainer not brain pane. In-place retrain no longer renames the source before inserts (avoids hollow skills with zero nodes);
repairHollowSkillSourcerestores from snapshot on get/list/export; UI fallbacks and async race guards prevent stale Trained Output overwrites. - Boot/reconcile. Adapter.build no longer wipes loaded engrams; archived engrams load at boot; IPC unlock waits until engrams are queryable.
- Ghampus/UI. Snooze dropdown contrast; quiet-away digest dedupe; Premium Plans modal wiring after skills extraction.
- Linux MCP paths. Cursor and Claude Code config paths on Linux.
- Billing modal. Hoisted constants and
billing:domainEmailliteral fix. - Search rail. Results stay visible when re-entering checkin with an active query.
Security
- requireSsoSession catalog gate. Federated recall excludes SSO-gated engrams without IdP session; explicit recall throws a clear SSO-required error.
- Legal hold enforcement blocks forget/delete on held sources and engrams.
Migrations
- Automatic op-log checkpoint advancement on loadGraph; no manual cortex migration required.
Deferred
- SAML 2.0 service-provider flows, native MDM
.mobileconfig/.admxprofiles, macOS App Sandbox, Linux desktop code signing, FedRAMP FIPS module, SOC 2 Type II report.
v1.17.4 — Skills compile contract + Cursor connect
2026-06-19
Patch release aligning skill training with source-only compile, skills UI copy, and Cursor setup docs (plugin vs in-app MCP wizard).
Changed
- Skill training (source-only). Training compiles from your authored skill source with an empty engram at train time — personal memory is not baked into the trained graph. Recall applies at walk/runtime when MCP clients call
walk_skill_structured. - Skills UI. Renamed Memory-trained Skills → Autonomous Skills in nav and pane titles; praxis strip describes walkable SOPs dispatched each session. Home and trainer surfaces align with source-only compile and empty-engram training.
- Cursor setup (Option A). Docs and README: optional graphnosis-cursor-plugin for rules/skills/hooks; MCP via Graphnosis Configure Cursor wizard (
graphnosis-mcp-relay+~/.graphnosis/mcp.sock). - Download redirect fallbacks. Netlify
_redirectsandsync-graphnosis-md.mjsstay in sync for release download URLs.
Fixed
train_skillMCP tool description. Matches the empty-engram, source-only train contract (no misleading memory-augmented wording).
Note
- graphnosis-cursor-plugin v1.0.1 shipped separately from this app release.
v1.17.3 — Stability, Touch ID, and license refresh
2026-06-19
Patch release focused on session reliability, biometric unlock, and quieter license refresh when you unlock your cortex.
Fixed
- Memory engine recovery. If the background memory engine stops unexpectedly, Graphnosis returns to the lock screen and offers Restart memory instead of leaving the app in a broken unlocked state.
- Cleaner unlock. Each unlock starts from a fresh session, so a failed start cannot leave the UI open without a running memory engine.
- Touch ID reliability. Touch ID unlock is more dependable after sleep, cortex folder moves, and repeated unlock attempts on macOS. Saved credentials migrate automatically when the cortex path changes.
- Repeated license verification emails. Work-email license checks on unlock are throttled and no longer resend verification emails when a prior attempt was abandoned.
- Cortex switch display glitch. Home stats and the Sources list no longer briefly show counts from a previous cortex after you lock or switch folders.
Changed
- Sources panel layout (mobile). Filter bar, confirm dialogs, and action menus wrap below filenames on narrow screens; status badges are easier to read.
- Connect AI docs. Added a dev-build note: after
pnpm dev:desktop, Cursor may show “Loading tools” until you reload the window; Connections → Reconnect in Graphnosis refreshes MCP without restarting Cursor.
v1.17.2 — Local LLM routing + Engram Sharing + Ghampus dismiss
2026-06-18
Patch release fixing local model selection at call time, proactive-card dismiss in Ghampus, and Engram Sharing in the Tauri app.
Fixed
- Local LLM model mismatch. The sidecar no longer hardcodes
llama3.2:3b-instruct-q4_K_Mat boot. A newDynamicOllamaLlmproxy readssettings.ai.llmModelon every call, so machines running non-catalog models (e.g.mistral-nemo:12b) stop getting 404s. Changing the active model in Settings → Local LLM takes effect immediately without a sidecar restart; Ghampus skill walks also prefer the installed model over the catalog default. - Ghampus proactive-card Dismiss button. Async click handlers were calling
e.currentTarget.closest(...)after anawait, when the browser had already nulled outcurrentTarget. The card never removed. Dismiss and Run handlers now capture the button element before the first await. - Engram Sharing “Create share” button. All
sharing:*IPC calls used Tauriinvoke(...), which routes to Rust — but no Rust commands exist for sharing. Read calls failed silently via.catch()fallbacks; create threw an unhandled rejection and did nothing. Every sharing call now routes throughipcCall(...)to the Node sidecar, with an explicit error alert on create failure.
Changed
- Engram Sharing modal layout. Create form moved out of a
<details>footer into a proper modal-body section with a labelled heading. Engram picker uses a vertical checklist instead of horizontal chip wrapping so long engram lists stay scannable.
v1.17.1 — Ghampus chat surface + UI polish
2026-06-18
Ghampus gets a full chat thread with skill-match cards, walk plans, and proactive suggestions — plus rail-nav reorder, bubble contrast fixes, and a billing OTP guard.
Added
- Ghampus chat thread. Two-zone layout: scrollable conversation above, input row below. Message types include user/Ghampus bubbles, skill-match cards, walk-plan cards (step table + cost + model routing), and refine-proposal cards. Skill-running bubble with animated progress bar and rotating status phrases on “Walk it” / “Local-only”.
- Slash commands in Ghampus input.
/save,/recall, and/skillroute through a unified MCP tool dispatcher and persist toghampus-history.jsonl(last 100 messages reload on unlock). - Proactive skill-match inbox. A background ProactiveWatcher surfaces skill suggestions into the Ghampus thread; cards can be dismissed, snoozed, or run inline via
ghampus:inbox:*IPC. - Unified MCP tool dispatch. External AI clients still go through the MCP transport with policy checks; Ghampus calls the same handlers directly as the cortex owner. One implementation for all 47+ tools.
Changed
- Default landing tab. Your Cortex (atlas) is now first in the rail and the default landing page; Ghampus is second with a sparkle icon. Dashboard panels collapse under a “Dashboard ▸” toggle.
- Chat bubble contrast. User bubbles use dark teal/white in light mode and bright cyan/near-black in dark mode; Ghampus bubbles use
--color-surface-2so dark mode no longer renders white. - Vitality bars on macOS. Skill vitality bars set width and colour via CSS custom properties (
--bar-w,--bar-color-dark,--bar-color-light) so WebKit production builds render them correctly. - Unified Ghampus input placeholder. “Ask anything — type / to save, recall, or run a skill” across all engram contexts.
- Docs site nav. Ghampus nav item moved before Docs; Upgrade link removed from top menu; Ghampus chip enlarged on
/ghampusand the landing page.
Fixed
- Duplicate OTP emails on billing poll. The billing token endpoint no longer generates and sends a fresh OTP on every unauthenticated request while a valid code is still pending — stops burying the active code when the desktop polls before you enter it.
v1.17.0 — Ghampus: Your AI. Already on it.
2026-06-17
Watches your memory grow. Walks your playbook. Checks in. Reports back. Local and encrypted.
The biggest release since Memory-Trained Skills. Three connected pillars: Ghampus, a local AI agent that does for your second brain what your hippocampus does for your first — taps into your facts, walks the SOPs your team already trained, decides what to attend to from everything that arrived overnight; per-step model routing so each step of a skill picks the cheapest model that meets its needs; and file attachments that link local files (images, PDFs, OneNote, anything) to your memories without ingesting their content. Plus a savings tracker that measures what your memory layer earns you back against a baseline paid model, and a sharing-gate fix that finally unblocks Pro and Enterprise OTP users who couldn’t create shares.
Also rolled in here: the polish commits between v1.16.0 and v1.17.0 — the token → share rename in user-facing strings, Free-tier sharing (1 share included), persona landing pages, and a couple of Windows download-link fixes.
Added — Ghampus, the in-app local agent
- New top rail entry: Ghampus. First button in the left rail, default landing for new users — but you can pin any other view as your default landing via Settings → Preferences. Free, Pro, Teams, and Enterprise users all have access to the surface; per-tool license enforcement matches what your external MCP clients already see (foresight tools are Pro, etc.). Sensible empty state on day one — Ghampus works over the bundled
graphnosis-docsengram so even an empty cortex has something to ground its first session in. - Picking up where we left off. Recent memories Ghampus saved in prior sessions appear at the top of the tab, giving the session feeling without a “New chat / Past chats” sidebar to manage.
- While you were away. Inbound activity feed: connectors that ingested overnight, AI client conversation saves, shared-engram editor writes, direct ingests. Sensitive-engram items show “[preview hidden]” inline so the feed respects the existing tier-redaction story.
- Skills I can walk for you. Lists the trained-skill library so Ghampus can suggest a relevant SOP the moment it matches what you’re working on. Free users walk skills they already have; Pro adds auto-training proposals when patterns repeat.
- Linked files. Attach a local file path (image, PDF, doc, spreadsheet, video, OneNote URI — anything) to your memories without ingesting the file content. Files stay on disk; Graphnosis stores only the path + light metadata. Click to open the original in its native app. Two attach paths in the panel: native file picker and a “Path…” entry for shared drives and
onenote:-style URIs. - Linked files: content hash + repair. Every reachable file ≤ 256 MB gets a SHA-256 content hash at attach time. When the file moves, the “Find new location…” button hashes the candidate and confirms it matches before re-pointing the record — so a repaired link points at the actual same file, not a similarly-named one.
- Kill switch. Stop Ghampus from doing any work via the tray menu or the in-tab button. Audit log records the stop / resume; tool calls during a kill return a clean error instead of silent failure.
- Audit log. Every Ghampus tool call (and every denial) is recorded to
<cortex>/agent-audit.jsonland surfaces in the Ghampus audit view. Encrypted at rest with the rest of the cortex.
Added — Model routing, budgets, and Settings → Models
- Capability-based routing. Skills declare what each step needs —
reasoning,summarization,structured-output,cited,code,vision, etc. The router picks the cheapest available model that meets the constraints under your chosen strategy. Skills become portable across model setups: write one skill, ship it on any hardware. - Three strategies. Adaptive (cheapest model that meets the step’s needs — recommended), Local-only (never use a paid API; warns if a skill needs a capability your local models don’t have), Always best (strongest model available for every step; higher cost, fastest path to quality).
- Provider catalog. Ollama, MLX, vLLM (local); Anthropic Claude, OpenAI, Google Gemini, Bedrock, Azure OpenAI, GitHub Copilot, Groq, Fireworks, Together (paid). Twenty-plus known models with capability claims, per-1M-token pricing, average latency, and context window. Catalog versioned (
2026-06-15) so you can tell when numbers go stale. - GitHub Copilot integrated correctly. Reflects GitHub’s June 2026 move to AI Credits billing — Free, Pro $10, Pro+ $39, Max $100, Business $19, Enterprise $39 — with each plan’s included credit pool, flex overage, and the actual per-token underlying rates. Cost preview shows “$0.0021 of pool · 14% used” while you’re inside the credits, switches to flex or overage labels when the pool’s gone.
- Custom rate overrides. Enterprise-negotiated pricing per-provider or per-model. AI-credit pool conversions. An admin-enforced flag lets IT admins pin organization-wide rates that individual users can’t edit.
- Monthly budget cap + burndown forecast. Set a USD cap. The cost preview before every paid walk shows step-by-step model selection + estimated cost; approving once “remembers this plan” so recurring walks skip the preview while routing keeps succeeding. Dashboard projects when you’ll hit your cap at current pace and surfaces the single cheapest swap to stay under.
- Privacy-aware routing. Steps that touch
sensitive-tier engrams are hard-locked to local-only models. The router refuses to even consider a remote provider for these steps regardless of strategy. No tokens of sensitive content ever cross an API boundary. - Settings → Models panel. Provider toggles (with admin-lock badges for IT-managed entries), routing strategy radio, monthly budget input, per-provider model count + last-4-chars of stored key + credit pool state.
Added — Walker + AI client visibility
- Skill walker, Ollama-first. Drives a planned walk step-by-step against the chosen models, with variable substitution flowing captures forward. Per-step failures are recorded rather than halting the walk, so you can re-run individual steps. Ollama dispatches for real today; paid providers report a clear “needs configuration” message that the UI surfaces with a “connect a key” prompt.
- What Graphnosis saves you. New panel inside Ghampus. Every successful MCP
recallrecords a recall-only savings event (counterfactual: “that prompt would have cost $X at baseline rates”); every walker step records a routing-savings event when the picked model is cheaper than the baseline. 30-day aggregate with per-event-kind breakdown surfaces the dollar value of having a memory layer at all. - AI activity rollup. New panel on the Activity page. Per-client tally of what Claude Desktop / Cursor / Copilot / etc. did with your cortex in the last 30 days. Per-tool tally of what Ghampus called. Recent skill-walk attributions. Answers the question “what have my AI clients actually been doing with my memory” without scrolling the raw event timeline.
Added — Vision pipeline for attached images
- (A) Describe. Click
🔍 Describeon an attached image; Ghampus runs a local vision model (Llama 3.2 Vision via Ollama) to produce a text description, then ingests it as a normal source linked to the image. Works on every plan with a vision-capable local model installed. - (B) Structured extraction. Click
✨ Extracton a diagram or flowchart; the vision model produces a JSON{nodes:[...], edges:[...]}extraction that becomes graph memories with the existing entity-linking pass automatically wiring extracted entities to your other engrams. Pro-gated; proposed nodes/edges go through the same correction-flow review as any AI-proposed write. - (C) Annotation surface. Click
✏️ Annotateto mark up an image manually — draw boxes over regions, type labels, connect boxes with arrows. Saved annotations become graph nodes + edges. Best for high-stakes inputs (architectural diagrams, compliance flows) where extraction errors are unacceptable.
Added — Sharing polish on top of v1.16.0
- Free plan now ships with 1 active share included. v1.16.0 capped sharing to paid plans entirely; this lifts that cap so a Free user can hand one engram to a friend. Pro, Teams, and Enterprise stay at unlimited.
- “Share” replaces “Token” in every user-facing string. Settings UI, modal copy, the share-creation flow, the audit messages all read “share” now. Internal type names (
SharingToken, IPC method names, bearer token in HTTP headers) are unchanged — only what users read.
Changed
- Free, Pro, Teams, and Enterprise plans now ship sharing. Free: 1 active share. Paid plans: unlimited. The token-vs-share rename in user-facing strings happened in this line too — internal types still use the historical
SharingTokenname; everything the user reads says “share”. - Ghampus is the default landing tab for new cortexes. Existing users keep landing on whichever view they had selected last. Override in Settings → Preferences.
- MCP server’s
recallanddig_deepernow record savings events automatically. Visible in the Ghampus “What Graphnosis saves you” panel; no action required. agent:statusIPC returns plan tier ('free' | 'pro' | 'teams' | 'enterprise') instead of a boolean licensed flag. Drives the upsell language without paywalling the surface itself.
Fixed
- Pro and domain-seat Enterprise users can now create unlimited shares. The sharing gate was checking
features.includes('skill-training' | 'teams' | 'enterprise')— but v1.15.6 had updated the validator to accept domain-seat tokens with no explicit features, and the gate was never updated to match. Pro users whose token didn’t carry theskill-trainingfeature and Enterprise OTP users whose token carried no features at all both fell through and were treated as Free, capped at 1 share with “Free plan includes 1 share. Upgrade to Pro for unlimited shares.” The fix recognises any verified license token (personal or domain-seat) as paid. .gezEngram Pack export and import gate also fixed. Both endpoints checked the'teams'feature but the error message said “requires Pro” — now both use the same paid-plan helper and the message correctly reads “Pro, Teams, or Enterprise subscription”.- Windows download link no longer serves the v1.13.6 binary. Stale
_redirectsfallbacks were pointing at the previous-previous version for/download/windows. Now all platform fallbacks point at the current installer.
Security
- Sensitive engrams hard-block remote model routing. Steps that touch a sensitive engram refuse to send a single token to any non-local provider, regardless of routing strategy. Enforced in the planner; audited per call.
- Attachment scope filter. Defensive: even before sharing-tokened sessions can list attachments, the
collectAttachmentsfunction refuses to return out-of-scope paths so a future code path can’t accidentally leak them.
Migrations
- Older cortexes opening v1.17.0 get sensible defaults for the new
agentblock (kill switch ON, no license bit),modelsblock (Ollama enabled, Adaptive strategy, no budget), andattachmentsstore (empty manifest at<cortex>/attachments.jsonon first attach). No reingest, no rebuild — the panels just start empty and populate as you use them. graphnosis-docsengram is silently synced on first boot for new cortexes — no decline prompt, no consent step. The docs are bundled at build time, never fetched from a network, and the engram is yours to delete or archive if you don’t want it.
v1.15.6 — Domain seat OTP: scroll-into-view + token validation hardening
2026-06-12
Fixed
- OTP verification box now scrolls into view automatically — after clicking “Activate / Refresh” on a domain-allowlist email, the “Verify your work email” section with the 6-digit code input now scrolls into view inside the modal instead of staying below the visible area.
- Domain seat tokens with no feature list no longer fail validation — tokens minted for domain allowlist users are now accepted even if the
featuresfield is absent (defensive fallback to empty array). Added the same safeguard server-side when minting. - “Resend code” button now uses the domain email you typed, not the email from any stored subscription — prevents the same email-routing bug fixed in v1.15.5.
- OTP verification errors are now specific — the app shows a distinct message when the token format or signature check fails (rather than “Invalid code”), and logs diagnostic detail to the sidecar console for support investigation.
v1.15.5 — Domain seat OTP flow fix
2026-06-12
Fixed
- Domain seat activation now correctly triggers the OTP email — “Activate / Refresh” was sending the email from any previously stored license token instead of the email address just typed in the field. Users with an old token from a different address would always see “No subscription found” even for a valid domain. The entered address is now used directly.
v1.15.4 — Domain seat activation fixes & better license error messages
2026-06-12
Fixed
- “Activate / Refresh” now shows the real reason when activation fails — rate limiting shows “Too many requests — wait a moment and try again”, revoked addresses show a clear message, and server errors report the HTTP status instead of the generic “No token found.”
- Domain seat OTP flow no longer silently drops — the server now logs the domain lookup result on every token poll so failures are visible in the worker tail.
v1.15.3 — License panel polish
2026-06-12
Changed
- Settings menu item renamed to “Graphnosis Premium Plans” — reflects that Pro, Teams, and Enterprise are all managed from the same panel.
- License panel updated throughout — heading, subtitle, and subscribe section now mention all three plan tiers instead of Pro only.
- “Activate or refresh your license” section replaces the old “Refresh from billing server” label. The description now explains all three paths: Stripe receipt email (Pro), team invitation email (Teams), or work address (Enterprise domain seat). The email field and button labels are clearer about what to enter and what happens next.
- Email and token fields are now full-width — the email input and the paste-token textarea both fill the modal width for easier typing and pasting.
- OTP verification section fixed — the “Verify your work email” section no longer appears pre-emptively when the panel opens; it only surfaces after the server confirms a domain seat is available and a code has been sent.
v1.15.2 — Group subscriptions, Teams & Enterprise, domain seat activation
2026-06-12
Added
- Teams & Enterprise subscriptions — Stripe Checkout now supports
teams-monthly,teams-annual,enterprise-monthly, andenterprise-annualplans with a?seats=Nquantity parameter. Purchasing a Teams or Enterprise plan automatically creates a group record that the account owner can manage. - Domain allowlist activation — Organisations can now grant a Pro/Teams seat to anyone at a given domain (e.g. everyone
@company.com) up to a configured seat cap. Members activate by entering their work email in Settings → License → Refresh from server. - Email OTP for domain seats — To confirm inbox ownership before issuing a domain seat, the app now prompts for a 6-digit code sent to the work address. Entering the code in the new Verify your work email section of the License panel completes activation. Codes expire in 10 minutes; up to 5 attempts per code; a Resend button is available.
- Enterprise plan tier — Enterprise tokens carry the
enterprisefeature flag in addition to all Teams features, ready to gate SSO, audit-API access, and compliance features as they ship. - Admin provisioning API — A new set of
Authorization: Bearerprotected endpoints lets you comp seats, create groups, manage members, set domain allowlists, issue voucher codes, and view the audit log without touching the Stripe dashboard. See the Teams & Enterprise guide for usage examples.
Security
- Domain seat tokens are only issued after the work email is verified via OTP — prevents anyone who merely knows a colleague’s address from claiming their seat.
v1.15.1 — Smoother skill-pack imports
2026-06-12
Fixed
- Importing a skill pack (.gsk) now updates the Skills library immediately — the new engram and its skills appear right after import, instead of only after switching tabs and back.
- A progress notification stays up for the whole import, so a large pack ingesting no longer looks like nothing is happening — it shows what’s importing and where, then reports the result.
- The import dialog scrolls when a pack contains many skills — the destination picker and the Import button stay reachable no matter how long the list.
- “New skill” now clears the trainer form — the previously open skill’s text and name no longer linger when you start a fresh one.
Internal
- More reliable Windows release builds — Rust build caching cuts the cold compile from ~50 minutes to a few, plus per-job build timeouts so a stuck build fails fast.
v1.15.0 — Memory-trained Skills + choose which tools your AI sees
2026-06-11
Added
- Memory-trained Skills (formerly “Skills w/ Goals”). The library now groups your skills under expandable engram headers, adds a name + engram filter, and shows friendly names. Every skill gets a version history with one-click rollback, so a retrain is never a one-way door.
- Choose which MCP tools your AI clients can use — a Pro/Teams/Enterprise control in Settings → MCP Tools. Toggle any tool on or off, use per-group toggles, or apply an Expose all / Recall-only / Remember-only preset. It’s enforced inside Graphnosis, so a disabled tool can’t be seen or called by any AI client — handy if you want a read-only or save-only surface.
Fixed
- Closing the window no longer leaves the whole app blurry with no dialog to dismiss.
- No more false “lost connection to the memory engine” banner during brief busy moments like skill training — it now only appears if the connection is genuinely down.
- The Trained Output editor reads top-down — the skill’s goals as a contract block, then the numbered steps — instead of a jumbled order.
- 3D graph: Reset now also clears any legend filtering; Full Cortex lists your engrams by name; sweeping the cursor across the legend no longer freezes the view; and sources show friendly names.
- Renaming an engram in Cortex Management works, and Forgotten memories moved to the bottom of that screen.
v1.14.12 — Cleaner skill training & opt-in LLM rewrite
2026-06-11
Changed
- Training a skill keeps your procedure clean. When you trained or retrained a skill, Graphnosis used to staple whatever a broad memory search surfaced onto the skill — including unrelated notes — and some of them ended up mixed in as if they were steps in your procedure. Training now folds in a memory only when it’s genuinely relevant to that skill, keeps anything it does add as clearly-separated context (never as a step), and otherwise saves the skill exactly as you wrote it.
Added
- AI assistants can opt into local-LLM skill rewriting. Assistants that train skills through Graphnosis’s MCP tools can now request the local-LLM rewrite path (the same option the in-app training form already offered) instead of the default memory-augmented one. It runs entirely on your machine and stays off by default.
v1.14.11 — Fix window-close CPU spike & skill-retrain duplicates
2026-06-11
Fixed
- Closing the window no longer pins the CPU at hundreds of percent. On macOS the “Synapse is running” notification (and the update / engram-suggestion notifications) used a blocking “wait for click” path that spun a busy run loop on its own thread, burning a full CPU core per notification until clicked. On a Mac that hasn’t granted notification permission — most often a fresh install — the click never arrives, so the threads spun forever and accumulated one per window-close, driving the app past 700% CPU and spinning up the fans. All of these notifications are now non-blocking, so closing the window is free.
- The spurious “Choose Application — where is use_default?” dialog on window close is gone. It came from the same blocking-notification path (the underlying library tried to “open” a placeholder URL handler named
use_default, which macOS couldn’t resolve). Removing that path removes the dialog. - Re-training a skill now updates it in place instead of creating a duplicate. The MCP
train_skilltool matches an existing skill by name to rewrite it, but a normalization bug meant the match never succeeded — so every retrain silently created a second copy of the skill and left the old one behind. Retraining now correctly supersedes the previous version (and records a history snapshot you can roll back to).
v1.14.10 — Fix token rotation being silently reverted
2026-06-11
Fixed
- Rotating the VS Code bearer token now takes effect immediately and persists across restarts. A race condition between
setGraphMetadata/deleteGraphandsetSettingsmeant that any engram metadata write (name change, sensitivity tier, etc.) occurring while the rotation was saving could silently overwrite both the in-memory token and the encrypted token on disk with the pre-rotation value. The modal would show the new token (returned directly by the IPC before the overwrite landed), but every subsequent request — including after a restart — was validated against the old token. Fixed by routing all three settings-write paths through the samesettingsWriteQueueserialisation gate. - Rotate button now reflects the token that was actually committed. Previously the IPC handler returned the UUID it generated before confirming the value survived the write. It now re-reads from
getSettings()after the commit, so the modal always shows exactly what the server accepts.
v1.14.9 — VS Code bearer token mismatch fix & token rotation
2026-06-10
Fixed
- Bearer token shown in the Copilot setup modal now always matches the token the server accepts. The VS Code local bridge was capturing the token as a static string at sidecar startup. If settings were updated after startup (or if the mobile HTTP bridge was bound to the same port), the running server and the modal could disagree on the token, causing every manual curl / CLI connection to return 401 even with the “correct” token. The bridge now reads the token live from settings on every request (a getter, matching the pattern used by the mobile bridge), so the modal and the server always agree.
gh copilotCLI bearer token auth is case-insensitive. Per RFC 6750 theBearerscheme prefix is case-insensitive. The auth check now strips the prefix case-insensitively and trims whitespace before comparing, which also handles any trailing space introduced by copy-paste.
Added
- Rotate Token button in the Copilot setup modal. Generates a new bearer token, saves it, and updates the modal display in one click. VS Code Chat reconnects automatically via OAuth on its next request. A hint reminds you to update
~/.copilot/settings.jsonfor Copilot CLI.
v1.14.8 — OAuth device grant for CLI MCP clients
2026-06-10
Fixed
gh copilotCLI (and other CLI MCP clients) can now connect. Browser-based MCP clients (VS Code) use Authorization Code + PKCE to complete the OAuth flow. CLI clients cannot open a browser or receive a redirect, so they were getting stuck and returning 401. The local HTTP bridge now also implements the OAuth Device Authorization Grant (RFC 8628): the CLI requests a device code, the server auto-approves it immediately (no user interaction — it’s localhost), and the CLI receives the static bearer token on its first poll. Multiple clients (VS Code Chat + any CLI) can maintain concurrent MCP sessions independently.
v1.14.7 — Implement OAuth for VS Code MCP connection
2026-06-10
Fixed
- VS Code now connects via MCP without an OAuth error. VS Code’s MCP HTTP client follows the MCP Authorization spec and always initiates an OAuth 2.0 flow before using any configured static headers — there is no way to bypass this with a
headersentry inmcp.json. The Graphnosis local HTTP bridge now implements a minimal OAuth 2.0 Authorization Code + PKCE server. The authorization request is auto-approved for localhost (VS Code opens a browser tab that immediately redirects back with an auth code — no user click needed), and the token endpoint returns the existing static bearer token as the OAuth access token. After the one-time handshake, every request carries the correct token. The OAuth endpoints (/.well-known/oauth-protected-resource,/.well-known/oauth-authorization-server,/oauth/register,/oauth/authorize,/oauth/token) are all served without prior authentication.
v1.14.6 — Further VS Code OAuth suppression
2026-06-10
Fixed
- VS Code OAuth flow no longer triggers (follow-up to v1.14.5). Two additional changes: (1)
/.well-known/oauth-protected-resource(RFC 9728) is now handled before the auth gate alongside the other discovery endpoints — VS Code checks this beforeoauth-authorization-server. (2) The 401 response no longer includes aWWW-Authenticate: Bearerheader — that header is the specific signal VS Code’s MCP client uses to start its OAuth UI, and removing it causes VS Code to treat the failure as a plain auth error and fall through to using the static bearer headers configured inmcp.json.
v1.14.5 — Fix VS Code MCP OAuth redirect loop
2026-06-10
Fixed
- VS Code no longer triggers an OAuth flow when connecting. Recent VS Code versions probe
/.well-known/oauth-authorization-serverbefore applying configured bearer headers. Because that probe arrived without auth, the local MCP bridge returned 401 +WWW-Authenticate: Bearer, which VS Code interpreted as “OAuth required” and opened its OAuth UI instead of using the static token. The server now responds 404 to both/.well-known/oauth-authorization-serverand/.well-known/openid-configurationbefore any auth check, signalling that no OAuth server is present. VS Code falls through to its configuredAuthorization: Bearerheader and connects normally. - CORS preflight (OPTIONS) no longer requires auth. OPTIONS requests are now handled before the auth gate, which also unblocks browser-based MCP clients that send a preflight before adding credentials.
v1.14.4 — VS Code bearer token fix & MCP config open
2026-06-10
Two fixes to the VS Code / Copilot Chat setup modal.
Fixed
- Bearer token now shows correctly. The setup modal was reading from the mobile HTTP bridge token (empty unless mobile access is enabled) instead of the VS Code local bridge token (auto-generated on first app start, always present). The modal now reads from the correct source, so the token field is populated as soon as the cortex is unlocked.
- “Install MCP Server” button opens the VS Code MCP config file. The button (previously “Install Extension”, previously pointing at the VS Code Marketplace) now opens the platform-specific VS Code MCP config file directly in VS Code (
~/Library/Application Support/Code/User/mcp.jsonon macOS,%APPDATA%\Code\User\mcp.jsonon Windows,~/.config/Code/User/mcp.jsonon Linux), so you can paste the JSON snippet from Option B without navigating there manually.
v1.14.3 — VS Code setup & copy fixes
2026-06-10
Three follow-up fixes to the VS Code / Copilot Chat setup modal.
Fixed
- “Install extension” button now works. The button was routing through a Tauri command whose scheme allowlist blocked
vscode:URLs, so clicks had no effect. It now goes through the correct command withvscode:explicitly permitted, so clicking it hands off to VS Code and opens the extension installation page directly. - Copy buttons now work reliably. The copy function was using
navigator.clipboard.writeTextwith no error handling — if the clipboard API was blocked or unavailable in the webview context, the rejection was silently swallowed and nothing happened. It now falls back to atextarea+execCommand('copy')path so the button always works. - VS Code MCP config path updated. VS Code now requires MCP servers to be registered in the global user config rather than a per-project
.vscode/mcp.json. Option B in the setup modal and the documentation now show the correct path for each platform:~/Library/Application Support/Code/User/mcp.json(macOS),%APPDATA%\Code\User\mcp.json(Windows),~/.config/Code/User/mcp.json(Linux).
v1.14.2 — VS Code & Copilot Chat setup fixes
2026-06-10
Two small but visible fixes to the VS Code / Copilot Chat setup modal.
Fixed
- VS Code MCP config snippet always shows valid JSON. The config field in Option B previously showed a prose message (“Unlock the cortex first…”) when the cortex was locked, making it impossible to see the snippet structure. It now always renders the full JSON block; when locked, the
Authorizationheader showsBearer <your-bearer-token>as a placeholder so you can preview and copy the format. The real token drops in automatically once you unlock. - “Install extension” button now opens VS Code directly. The button was linking to a Marketplace browser URL that returned a 404. It now uses the
vscode:extension/nehloo-interactive.graphnosisdeep-link scheme, which hands off to VS Code and opens the extension’s installation page without going through a browser.
v1.14.1 — Contradiction detection & sharper skill exports
2026-06-10
A focused follow-up to v1.14.0. Your memory now notices when two things you’ve saved disagree, trained skills export as ready-to-use Claude Code skills, and IT teams get a dedicated FAQ.
Added
- Contradiction detection. Graphnosis now spots memories that conflict — two notes about the same thing that say opposite things — and surfaces them in the Home Needs you review, where you keep the current one and retire the outdated one. Your AI client gets a matching
contradiction_pairstool to review and resolve them too. It runs quietly in the background and only surfaces high-confidence conflicts, so the list stays short and worth your attention. - Drop-in Claude Code skills. Exporting a trained skill as Markdown now produces a ready-to-use Claude Code skill — with proper
name/descriptionfrontmatter (the “when to use this” line your AI reads) and the full set of goals — so a skill you train in Graphnosis drops straight into a.claude/skillsfolder. - Enterprise IT FAQ. A new documentation page answering the security, installation, tamper-resistance, industrial/OT-integration, and compliance-mapping questions IT and infosec teams ask before approving Graphnosis.
Changed
- Batch saves report conflicts too. Saving several notes at once now reports any contradictions it detects, the same way single saves already did.
v1.14.0 — Security & privacy hardening
2026-06-09
A release focused on strengthening how your data is protected — at rest, while syncing between your devices, and when an AI client asks to read it. Most changes are invisible: your memories, recall, and skills work exactly as before. A couple of items need a quick action from you (below). We recommend everyone update.
Strengthened
- Sync integrity. The op-log your devices sync is now cryptographically signed per device and sequence-verified, adding strong protection for synced and backed-up data. (New format; your existing op-log history is still read.)
- Per-engram consent. Access approvals are now scoped to the specific engram an AI client requests — each sensitive engram is authorised individually, and the consent prompt names it.
- Encryption of bridge tokens at rest. The mobile, browser, and VS Code bridge tokens are now encrypted within your settings.
- Tighter on-disk isolation. Your cortex folder, settings, caches, op-log, and the app’s local sockets are now created with owner-only permissions.
- Sensitive engrams and recall. Sensitive engrams are kept out of broad “search everything” recall — they’re returned only when you explicitly name and approve them, and then only up to the sensitive-tier cap.
- Imported-file and stored-data handling. More robust, bounded parsing of imported files with size limits, stronger integrity verification of encrypted memory files, constant-time checks on secrets, safer link handling, and refreshed parsing dependencies.
Fixed
- Recovery-phrase reliability. Recovery-phrase backups are now reliably restorable. Action: if you created a recovery phrase before v1.14.0, please generate a new one (Settings → Security) — an earlier phrase may not restore your cortex.
- Sensitive recall returns results. Explicitly recalling an approved sensitive engram now returns content (capped to the sensitive tier); it could previously come back empty.
Migrations & actions
- Recovery phrase: regenerate it (see above).
- Bridge tokens: re-encrypted automatically on first save after upgrade. As a precaution, you may rotate them in Settings afterward.
- Consent approvals: existing approvals are requested once more as consent moves to per-engram scope.
- Op-log: the new signed format is written going forward; your existing history is read as before.
v1.13.6 — Pricing tiers, Pro tool gating, and upgrade page
2026-06-09
Added
- Free, Pro, and Teams pricing tiers. Graphnosis now has a public upgrade page at
/upgradeshowing all tiers side by side. Free stays free forever — all 31 core MCP tools, unlimited sources, up to 3 user engrams. Pro ($10/mo or $99/yr) unlocks 16 advanced tools plus unlimited engrams and unclamped connector cadence. Teams ($25/mo or $249/yr per person) adds team-collaboration features as they ship. - Annual billing. Pro and Teams can now be purchased annually — $99/yr for Pro and $249/yr for Teams (both save two months vs. monthly). The upgrade page has a monthly/annual toggle.
- Upgrade link in the nav and footer. A persistent Upgrade link appears in the top navigation bar and footer of graphnosis.com.
Changed
- 16 Pro tools are now gated behind a Pro or Teams license. Previously ungated tools that required a local LLM —
develop,predict,insights,llm_query,llm_distill— now return a clear license error instead of “Local LLM unavailable” on the free plan. Same forgnn_status,audit_memory, andduplicate_pairs. Skills-authoring tools (train_skill,export_skill,rollback_skill,skill_history,skill_vitality,save_skill_run,resume_skill_run) were already gated; now consistently enforced. - Free plan: 3 user engram limit. Free-plan users can create up to 3 engrams. The two built-in system engrams (
graphnosis-docs,graphnosis-skill-demos) don’t count toward the limit. Attempting to create a 4th engram returns a structuredENGRAM_LIMIT_REACHEDerror with an upgrade prompt in the app. - Free plan: connector cadence floor. On the free plan, network connector pull intervals are clamped to a minimum of 24 hours. Watch-based connectors (Obsidian, GBrain, AI Context Files) are unaffected — they use filesystem watchers. Pro removes the floor entirely.
- MCP tool documentation updated. The MCP Tools reference page now marks all 16 Pro tools with a ★ indicator, lists the correct free (5) vs. Pro (7) skill-authoring tool split, and renames the “Non-deterministic” section to “Foresight.”
v1.13.5 — Foresight, Your Cortex, and Claude Desktop extension
2026-06-08
Added
- Graphnosis is now available as a Claude Desktop extension. Install it from the Anthropic Connectors Directory to connect your local cortex to Claude Desktop with three config fields — cortex folder, passphrase, and default engram. No new setup required if you already have Graphnosis installed.
- MCP tool annotations. All 47 MCP tools now carry
title,readOnlyHint, anddestructiveHintmetadata, so AI clients that support tool annotations display cleaner, safer tool lists.
Changed
- “Non-Deterministic Aid” is now “Foresight.” The tab, all tooltips, error messages, and in-app references have been updated throughout the app. Same capabilities — GLL overlay, GNN predictions, local LLM — cleaner name.
- “Overview” is now “Your Cortex.” The main rail button label now reflects what it actually is: your personal memory home.
v1.13.4 — Low-power mode, cooler ingests, smoother graph
2026-06-07
A performance and reliability release focused on heat, battery, and import correctness on a busy machine — so Graphnosis stays cool and bounded even with many connectors, a large cortex, and a local LLM running alongside.
Added
- Low-power mode. A toggle in Settings that pauses the autonomous “brain” — duplicate detection, connection-weaving, neural-network and local-LLM passes — to cut CPU and save battery. Your graph still ingests, recalls, and saves normally; only the background self-improvement stops. A ⏻ Low-power chip in the status bar shows when it’s on (click it to jump to Preferences). The 3D animation is separate — use the Alive Engram toggle on the graph to pause that.
- Self-healing connector sync. A connector can no longer permanently miss a file. Pull now / Re-sync do a full re-scan; auto-sync connectors also promote to a full re-scan periodically (default every 30 min, configurable per connector via Full re-scan in the connector’s Edit form — set 0 to disable). So a file that was skipped or failed in an earlier run is always eventually re-checked, with no manual action.
- On-graph ingest progress. During a connector sync the 3D view shows a
[X%] ingesting <file> to <engram>…bar (redacted in Presentation Mode). - Linux builds. Graphnosis is now available for Linux as an
.AppImage(runs on any distro) and a.deb(Debian / Ubuntu), alongside the existing macOS and Windows installers.
Changed
- Re-scans skip unchanged files. A full re-scan used to re-embed every file just to discover it hadn’t changed — which on an already-ingested vault could peg the CPU and spin up the fans. The connector now records each file’s content hash and skips the embedding entirely when a file is unchanged, so repeat syncs and the periodic self-heal sweep are nearly free and stay cool.
- Dramatically lower idle memory on a large cortex. A multi-engram cortex that previously sat at several GB (and spiked higher) now idles close to ~1 GB — small enough to run beside a ~28 GB local model on a 32 GB machine. Achieved by not reading the cold operation log at boot, scavenging freed memory back to the OS, and standing the brain’s heavy passes down while any engram is ingesting.
- The 3D graph grows smoothly during ingest. New nodes ease into the existing layout instead of re-exploding the whole graph on every update, and the animation automatically pauses when the window is in the background.
Fixed
- The ”⟳ Syncing…” button reverts to ”⟳ Sync now” the moment an ingest finishes, instead of appearing stuck.
- Dragging the 3D graph rotates it again. A stuck Cmd/Ctrl state could leave a plain drag pinning nodes; the graph now re-asserts drag-to-rotate on every render (hold Cmd/Ctrl to move and pin a node).
- Vitality no longer drops after a restart on a large cortex — recent-activity is now counted from the memories themselves rather than a log read that was removed.
v1.13.3 — Large-cortex performance & reliability
2026-06-05
A reliability and performance release focused on big cortexes — many engrams, large imports, and heavy AI use at the same time. The headline is that the app stays responsive and bounded in memory even with a very large graph, plus a data-integrity fix for large engrams and two new import formats.
Added
- Excel (
.xlsx) and PowerPoint (.pptx) ingest. Spreadsheets and slide decks now import alongside the existing PDF / Office / Markdown formats.
Changed
- The 3D atlas handles very large engrams smoothly. It now renders the most-connected nodes (up to a cap) and resamples on demand as you explore, samples dense edge categories (showing a representative slice instead of hiding them), and settles freshly-ingested nodes incrementally instead of re-exploding the whole graph each time a new source lands. Selecting a new engram clears the view and shows a loading state while the next one streams in.
Fixed
- Large engrams no longer flagged as corrupted on load. A checksum sign bug mis-flagged big engrams (above ~17 MB) as failing integrity, sending them to quarantine. The check is fixed — affected engrams were never actually damaged and load normally again.
- The sidecar no longer stalls your AI client or the UI on a large cortex. Background “brain” work (duplicate detection, connection-weaving) now yields the processor and defers while you or an AI client are actively using Graphnosis, so recalls and the window stay responsive. Saves are serialized and memory-bounded, and the duplicate scan now covers engrams in rotation rather than all at once — which on a large cortex could spike memory and bog the whole machine down.
- The Activity timeline no longer times out when the history references an engram that was since deleted or isn’t loaded.
- Drag-and-drop file ingest works again.
- The “recovered ✓” badge on quarantined engrams no longer appears before recovery has actually completed.
Security
- Every engram save now keeps a last-known-good copy and a durable recovery log. If a write is interrupted or comes back unreadable, the app can fall back to the previous good copy instead of surfacing the failure as data loss — and the structural-only recovery log makes any such incident diagnosable after the fact.
v1.13.1 — Presentation Mode, per-source redaction, and billing hardening
2026-06-04
Patch release on top of v1.13.0. The headline is Presentation Mode — a demo-safe redaction layer so you can show Graphnosis (talks, screenshots, screen-shares) without exposing real memories. Plus a round of billing hardening and reliability fixes.
Added
- Presentation Mode. A new rail destination where you pre-select exactly what to reveal — per engram, source, skill, or goal, plus fixed surface toggles. On Start, everything else is redacted in place as solid ████ blocks with the layout preserved (not hidden, not blurred). Default-deny: anything you didn’t explicitly reveal stays masked, so a missed tag fails safe. It covers the Inspector, the 3D atlas (masked at the data layer, not just visually), MemoryStudio (raw context filtered per engram; LLM synthesis is all-or-nothing), Activity, Cortex Management, Settings (consent phrases, license email/expiry), the lock screen, and more. Your selection persists, but “active” never does — the app always boots un-masked, so you can’t get stuck; exit via the banner or Esc with a confirm step.
- Per-source redaction. Presentation Mode can reveal or mask individual sources within an engram: revealing an engram shows all its sources unless you’ve checked specific ones, in which case only those reveal. Precise across Search, the Inspector, Activity, MemoryStudio, and the 3D atlas.
- Activity “who made it” filter. The Activity page now filters by actor — Claude Code, the Autonomous brain, You, the App, or System — via a dropdown and per-row badges.
- Manage your subscription via Stripe’s portal. Manage subscription opens Stripe’s hosted billing portal (update card, cancel, view invoices) — Graphnosis keeps no billing account of its own.
- “Renews” vs “Expires” on your license. The license panel shows Renews <date> for an active subscription and Expires <date> once you’ve cancelled.
- Goal delete. Goal cards get a confirm-gated delete button.
Changed
- License refresh moved to the sidecar. The browser can’t poll the billing endpoint (CORS), so license refresh now runs in the sidecar, carrying a per-subscription secret from your claim link.
- Search results scroll back to the top on each new search, selecting an engram switches to the 3D view only when it makes sense, and Search / Sources / Activity now default to All Engrams.
- Presentation Mode clause added to the Terms of Use, and the Network activity guide now discloses the Pro-licensing and billing network paths.
Fixed
- The UI no longer freezes during a bulk or connector ingest. Ingesting a folder of many small files could lock the window mid-ingest; the sidecar now yields to the UI every few files so it stays clickable throughout.
- Search no longer crashes on special characters. Queries containing
(,*, or other regex metacharacters are now sanitized instead of throwing. - Skill engram double-wrench icon, lock-screen white flash on launch, and window-resize-on-launch are fixed; the window now reliably reveals (4-second fallback) and the app restarts itself cleanly after an update.
- Quieter terminal/log output during ingest — the benign-noise filter now also covers stderr chatter while still surfacing real errors and warnings.
Security
- Entitlement-theft fix on the license endpoint. The license-token poll was keyed on email alone, so anyone who knew (or guessed) a subscriber’s email could pull their replayable license token — and confirm the email was a paying customer. The endpoint now requires a per-subscription secret, compares it in constant time, and otherwise returns an indistinguishable “no subscription” response — failing closed.
- Per-cortex settings writes are now serialized. Concurrent writes (e.g. a connector state update racing a user change) could interleave and truncate or merge
settings.json. Writes are now serial, each with a unique temp file before the atomic rename, so two in-flight writes can’t clobber each other.
Migrations
- Pro users may need to re-claim once. Legacy license records have no poll secret, so the hardened endpoint fails them closed — clicking your claim link again mints a fresh, secured token. Manual token paste is unaffected.
v1.13.0 — Personal Server: reach your cortex from any device
2026-06-03
The headline: Graphnosis can now run as a personal server. The sidecar serves the full app in a browser — so you can reach your cortex from a phone, tablet, or another computer, on your home network or anywhere over Tailscale, with the cortex staying encrypted on the server. The Mac desktop app is unchanged and remains the primary experience; this is additive. This release also reorganizes the desktop app around a Home mission-control dashboard, advances Skills with cross-engram and parallel orchestration, and adds an enterprise admin-policy layer.
Added
- Browser access (personal-server mode). Turn on Settings → Mobile & Remote → Browser access and Graphnosis serves its UI on a separate port. Scan the QR (or open the URL + paste the access token) from any device. Sessions use a bearer token; live updates stream over the connection so a memory saved on your laptop appears on your phone.
- Mobile-responsive UI. On phones: a bottom nav (Memory · MCP · Status), a slide-out menu, full-screen panels, a bottom inspector drawer, and a 3D engram view that fits the screen. Installable to your home screen as a PWA. Tablets adapt by orientation.
- Connect Claude for iOS / Android. The Mobile & Remote panel hands you an MCP server URL + bearer token (and a QR) to add Graphnosis as an MCP server in your phone’s AI client.
- Tailscale HTTPS, auto-detected. Run
tailscale serveand the app automatically switches the browser and MCP QR codes to real-certificatehttps://…ts.netURLs (which iOS requires) — no certificate setup on your side. - Linux / Docker server. Run the sidecar headless on a Linux box (systemd unit,
.env, and a multi-arch Docker image included) for an always-on personal server. - Live file connectors. The GBrain, Obsidian, and AI Context Files connectors now watch their folder and ingest new or changed notes within seconds, instead of only on a timer. The poll interval is now configurable in Settings → Connectors.
- Home — a mission-control dashboard. The desktop app is reorganized around a rail of first-class destinations (Home · 3D Engram · Sources · Skills + Goals · Foresight · Brainstorming · Search · Activity · Status), with the manual recall / remember / edit / dig-deeper / GNN tools collapsed into a Manual tools drawer (“your AI client does this for you”). Home opens on a cortex-wide overview: Trust & Vitality, Memory health, Self-healing, Recent activity, Needs-you items, Stranded memories, a Since you last opened digest, and an On-Premise egress ledger. Picking an engram now scopes the current view instead of yanking you to the 3D atlas.
- Foresight page. Goals plus brain
predict/insightsin one place (shown when the Local LLM is enabled). - Biometric unlock for personal-server browser mode. Touch ID, Windows Hello, or a hardware security key (WebAuthn) can unlock the browser UI. It authenticates access to the server — minting the same session token a pasted access token would — and does not decrypt the cortex. Available only in a secure context (Tailscale HTTPS or
localhost); token/QR unlock remains the always-available fallback. The desktop app keeps using native Touch ID and is unaffected. - Exclude a source from recall. A per-source toggle hides that source’s nodes from AI
recall/dig_deeper/ node search while keeping it fully visible — and forgettable — everywhere in the app. Excluded rows are dimmed and struck-through; the flag persists with the cortex. - Enterprise admin-policy layer. IT admins can centrally disable specific connectors (incoming data) and AI clients (outgoing memory access) via environment variables or a
policy.jsonnext to the cortex. A disabled client’s tool calls are rejected and a disabled connector won’t mount; when the policy is centrally managed, a local user can’t override it. For individual users the same mechanism makes them admin of their own sidecar. - Skills — cross-engram
@skill:calls. A skill can now invoke a skill that lives in another engram. Resolutions are persisted in an encrypted side-table and surface in the walk, with cross-engram targets flagged bytargetGraphId. - Skills — concurrent sub-skills (
@parallel).@parallel: [a, b(arg=$x)] -> [$ra, $rb]dispatches the listed sub-skills concurrently and captures each return under its positional variable.walk_skill_structuredsurfaces aparallel[]set per step. - Skills — loop convergence guards + typed inputs.
@loop: N max=Mcaps a loop at M iterations so an executor can stop a non-progressing loop, andRequires: $branch:string, $policy:{phased|atomic}, $count:numbernow parses inline argument types (exposed asrequiresTypes) so inputs can be validated before a skill runs. Both stay backward-compatible with the untyped/uncapped forms. - Skills — resumable runs. Two new MCP tools,
save_skill_runandresume_skill_run, persist a multi-skill run’s captured variables and progress to an encrypted per-run file, so an orchestration can be paused and continued in a later session. - Connectors — opt-in “mirror deletions.” Local-file connectors (GBrain, Obsidian, AI Context Files) can optionally remove the corresponding memories when a watched file is deleted, keeping the cortex in sync with the folder. Off by default.
Changed
- Starter skill demos install in one language. When you add the bundled demo skills, pick English or Romanian — only that set of 3 installs, not both.
- 47 MCP tools across 10 categories. Up from 45 —
save_skill_runandresume_skill_runjoin the Skills (SOPs) group, which now has 12 tools.
Fixed
- Large folder imports no longer lose files. A connector pulling a folder of more than ~50 notes previously stopped after the first batch and silently skipped the rest. It now ingests the whole folder, in order, without dropping the tail.
- Startup crash from a missing runtime polyfill. A dependency added for the personal-server work could crash the bundled binary on launch; the required
reflect-metadatapolyfill is now loaded so the app starts reliably.
v1.12.0 — Skills as Standard Operating Procedures + MemoryStudio
2026-05-31
The big shift in this release: Skills are now first-class, executable Standard Operating Procedures. A skill is no longer just a markdown body — it is a graph of steps with goals, loops, branches, anchored context, and cross-skill orchestration that any MCP client can walk and execute. The MCP surface grows from 35 to 45 tools.
Added
- Skills as SOPs. Skills are wired into the cortex as graphs with five evidence-tagged edge types:
skill:seqfor the linear chain,skill:loopfor “go back to step N”,skill:branchfor conditional forks,skill:ctxfor recalled memories anchored to a specific step, andskill:callsfor cross-skill invocation. See Skills as SOPs. - Position-aware recall placement. Training no longer dumps recalled memories at the end as a flat block — each fragment is placed in the procedure at the position where it actually fits. Two-step deterministic check: similarity to surrounding steps + triplet coherence between
prevstep / fragment /nextstep. Fragments that don’t fit anywhere mid-procedure go to aSupporting contextblock instead. - Eight goal categories per skill. Added
Trigger:,Prerequisites:,On failure:,Requires:, andProduces:to the original three (Success:,Out of scope:,On completion:). Each renders as a colored chip in the editor and is wired to the title with acontains/skill:goaledge. The full set is what makes a skill executable rather than just readable. - Cross-skill orchestration. A step can invoke another skill with
@skill: target-name(arg=value, arg=$priorVar) -> $captureName. The bare form@skill: namestill works. The AI executor reads the structured plan fromwalk_skill_structuredand resolves variables, captures returns, and routes failures. walk_skillandwalk_skill_structuredMCP tools. Two paired tools — narrative SOP text for human-facing guidance, JSONSkillExecutionPlanfor AI execution. The structured plan includesrequires/produces, ordered steps withcallsmetadata, andfailureHandlersderived fromOn failure:blocks.- Eight more Skills MCP tools.
get_skill,list_skills,train_skill,export_skill,delete_skill,skill_history,rollback_skill,skill_vitality— the full lifecycle, all deterministic reads/writes against the Skills engram. - 45 MCP tools across 10 categories. Up from 35 / 9. The new Skills (SOPs) group is the tenth category.
- Bundled Skill Demos. Three signed
.gskdemo packs auto-load into a dedicated Skill Demos engram on the first unlock of a fresh cortex: Code review (single-skill with prerequisites + failure recovery), Safe Deploy (six-skill cross-skill orchestration with$capturesand rollback handlers), and Comprehensive job memory (a longer SOP showing position-aware placement on the full goal block). All three are inspectable, editable, and deletable — they are normal skills in a normal engram. - In-place retrain + snapshot history. Retraining mutates the existing skill source in place via the op-log; the
sourceIdis stable across retrains so inbound@skill:references keep resolving. Every retrain writes a snapshot of the prior body, goals, and edges to a per-cortex encrypted side-table. Browse via theskill_historyMCP tool or the Skills page UI. - Skill rollback.
rollback_skill(or the UI button) restores any snapshot. The rollback itself is recorded as a new snapshot so the lineage is preserved — nothing is destroyed. - Pro train path — LLM-rewritten body with attribution. With the Pro license + Local LLM, the local LLM rewrites body steps to integrate recalled context fluently, while every fact pulled in keeps its
_(from source)_marker. The rewrite happens entirely on-device. Free path remains the deterministic memory-augmented body (recall appended in-place with attribution); the user picks per skill, the AI client does not. - Autonomous retrain (Pro). Brain-engine loop that re-runs
train_skillon a schedule, on cortex growth, on vitality decay, or any of those (hybrid). Three autonomy levels: auto-accept, notify, preview-first. Opt-in per skill from the Skills page. - Streaming trainer with live diff. Ollama tokens stream back to the desktop during training so the diff paints as Ghampus writes — green/red line-diff hunks update in real time.
< >arrows navigate hunks; a Cancel button stops the run cleanly. Draft body is auto-saved tolocalStorageevery 500ms so refreshing or quitting mid-train does not lose work. - AI-driven engram creation for Skills. If the AI calls
train_skillagainst a cortex with no Skills engram, the sidecar broadcasts anengram-create-suggestedevent (template:skill) instead of hard-erroring. The user confirms or renames in the in-app banner; the engram is created with the raw skill ingested as askillsource; the AI retries and training proceeds. Theskilltemplate is also available manually from the New Engram wizard. - MemoryStudio — a first-party UI for what AI clients do via MCP. New top-level tab covering Skills · Recall · Dig Deeper · Remember · Edit / Correct · GNN Exploration · (All Tools), all running entirely on-device with no internet required. Every panel delegates to the same
host/brainfunctions used by the MCP tools — no logic duplication, so what you see in Studio is what an AI sees over MCP. See MemoryStudio.- Per-tool result panels. Recall and Dig Deeper snapshot their rendered DOM + slider state on tab leave and restore on tab enter; switching between tools preserves each one’s last result, slider position, and LLM output independently.
- Threshold slider syncs per tool. Each tool re-anchors the slider to its own saved Δ (separate
localStoragekeys per tool) so a tool always opens at its own preferred strictness, not the previous tool’s value. - Cross-engram Memory Trace. Clicking nodes across different engrams in the raw-context panel no longer resets the rail’s Memory Trace; a global recents list (with per-engram fallback preview lookup) accumulates across switches.
- Remember as the default tab on open, with a two-click confirm on Save memory — the second click commits, and the pending state resets the moment the textarea content changes.
- Cross-engram search-result clicks switch the active engram before selecting, so the inspector populates instead of showing empty.
- Collapsible left sidebar. Chevron toggle in the top-right collapses everything to icon-only (56px wide); state persists across sessions. Memory Trace, AI-clients / Data-sources groups, and bottom-row labels hide; tooltips keep navigation discoverable.
- New rail icons — MemoryStudio (brain/cognition), Sources (document with corner), Status (EKG pulse). Inline line-art SVGs that tint with the existing fg-dim/fg palette.
- Tab strip polish — font 14px → 12px, padding 14px → 9px per side (~30px saved across the strip). Each tab gets a thin turquoise left border at 28% opacity as a visual separator; the active tab raises it to 55%; the first tab has no left border.
- GAP status-bar pill sits left of GLL — pulses green while the trainer is busy, greys when idle, and is clickable to jump straight to the Skills chip.
- Loopback verification — privacy as a visible signal. Tauri
verify_local_llmcommand:pgrepby process name →lsofby port fallback →lsof -i -P -n -p PIDto enumerate the local LLM daemon’s open sockets, classifying each as loopback (127.0.0.1,::1,localhost) or external. The result feeds an inline badge so you can prove at a glance that Ollama is not phoning home. - Ghampus on the dashboard. The duplicate “Graphnosis · your second cortex” headline is replaced with a Ghampus block: “Ghampus / your memory seahorse.” with a faint, bobbing seahorse mark behind the text in the top-right of the title.
- Meet Ghampus modal. Clicking the Ghampus title block opens a “Hi again. I’m Ghampus.” modal with origin story, what-I-do bullets, where-you’ll-bump-into-me list, what-I-will-never-do trust spine, and a closing “Pleased to be your hippocampus.” Backdrop click / Got it / Esc close. Keyboard-accessible (role=button, tabindex, Enter/Space). See The story of Ghampus.
- What’s New carousel modal. A single multi-slide intro modal (MemoryStudio → Graphnosis Skills / Autonomous Praxis) replaces the previous two separate startup modals. Dot indicators at the top jump between slides; the primary button reads “Next” while slides remain and switches to “Get started” on the last slide. Single dismissal key (
graphnosis.whatsNewV1Dismissed) covers the whole carousel. - Pro upgrade flow — Stripe + Cloudflare-hosted
/upgrade. New marketing landing at graphnosis.com/upgrade (hero, $10/mo card, feature list, FAQ, contact)./upgrade/checkoutcreates a Stripe Checkout Session; on success,/upgrade/successemails a magic link with agraphnosis://claimURL. Webhook signs license tokens with Ed25519 and stores them in Cloudflare KV. License validation is offline-first after delivery. graphnosis://URL scheme registered (macOS + Windows). Clicking the post-checkout magic link activates Pro automatically — the deep-link handler routesgraphnosis://claiminto the sidecar’slicense:setTokenIPC. Manual paste in Settings → Pro license still works for headless or air-gapped setups.- Compact New Engram wizard. Wizard modal is significantly shorter: subtitle compressed to one line, Display name + Internal ID inputs side-by-side, sensitivity tier section trimmed to two lines, radio captions shortened (AI always on / Ask once / Ask hourly), template-card padding and font tightened.
skilltemplate added as a free-tier option. - Window state persistence. Window remembers its size, position, and maximize state across launches. Starts hidden until JS confirms ≥ minWidth/minHeight, then reveals — no more visible jump from a stale stored size.
recall→dig_deeperescalation flow is now well-defined. AI clients should calldig_deeperwith the same query whenrecallreturns 0–3 nodes, before telling the user nothing was found. The MCP tool descriptions enforce this. See MCP Tools —dig_deeper.- 0-score node filter.
recallandrecall_structured(via the underlyingquery/queryRich) now filter out structural SDK expansion nodes that have no seed score (score=0). Only semantically scored nodes appear in AI responses and MemoryStudio. Eliminates the confusing 0.00-confidence rows users were seeing in AI output. - Insights — honest empty-states + faster retry. The
insightsMCP tool surfaces explicit messages for no-LLM / timeout / no-data, and the background loop retries after 1h on transient failure instead of 6h. - License launcher moved to the top of Settings. Previously buried in the Settings modal; now visually consistent with the other settings panels (transparent background, top of the Settings pane).
- Atlas engram-switch loader. Switching engrams on the 3D atlas wipes the canvas immediately and pops a centered loading overlay with a turquoise spinner, friendly label (“Loading
…” ), and a sub-line that fills in with the node count once the IPC returns. Old engram’s nodes no longer linger 1–3s reading as “switch didn’t work.”
Changed
.gts→.gskrename. The skill wire format extension changed from.gts(“Graphnosis Training Skill”) to.gsk(“Graphnosis Skill Kit”) — it reads more naturally to users and matches the file-type association now registered on macOS and Windows. Older.gtsfiles still import — the loader matches on magic bytes (GSK\x01), not the filename. See File formats —.gsk..gskpacks are Ed25519-signed. Every export is signed; every import verifies. Tampered or unsigned packs are rejected. The Graphnosis signing secret never enters the codebase. Third parties publishing their own packs use their own keypair and ship the public key alongside.- Tauri file-association registered. Double-clicking a
.gskfile in Finder or Explorer prompts the Graphnosis app to import it into the cortex you choose. - One source per skill instead of per-train. Retraining no longer creates a new source — the existing source is mutated in place. Existing per-train sources from older cortexes are coalesced on first launch (migration is one-shot, no user action required).
Fixed
- Preview-mode textbox no longer suppresses input. A focus-trap bug in the skill preview pane was eating the first character of every edit. Resolved.
- Archived skills are now hidden from the Skills picker. Previously an archived skill could still be selected from the picker and trained, leading to ghost sources.
- IPC timeout on long skill trains. The sidecar IPC bridge was timing out after 30s on cortexes with thousands of recall candidates. The timeout is now adaptive to candidate-set size and
train_skillcarries its own progress channel. - Recall / Dig Deeper button stuck disabled after a search.
runStudioRecall’s slider re-run fast-path was returning before entering thetry/finallythat re-enables the button, and most fresh recalls trigger an auto-apply slider re-run viarevealThresholdSlider. Every exit path now hitsfinally { recallBtn.disabled = false }. - Sidecar 90s startup hang on Windows. A blocking probe at boot would wait the full 90s when the embed-worker subprocess failed silently. Now terminates failed workers immediately and surfaces the error so the cortex load unblocks.
- Orphan lock on Windows after force-quit. A crash or force-quit on Windows could leave the cortex lock file in place, blocking the next launch. The sidecar now releases the lock cleanly on exit and self-heals on the next launch if it finds a stale one.
- Billing —
sendMagicLinknot awaited on Cloudflare Workers. Workers kill fire-and-forget promises the moment the response is returned, so the magic-link email was sometimes silently dropped. The webhook nowawaits the send before responding to Stripe. - Billing — Stripe
ui_modevalue. Switched from'hosted'to the correct'hosted_page'so checkout creation stops 400-ing. - SDK
appendTextsourceRef-header artifact. A stray header line was leaking into appended text in some skill-edit paths; stripped before write.
Migrations
- Skill sources coalesce on first launch. Cortexes upgraded from v1.11.x with multiple per-train sources per skill are migrated to one-source-per-skill, with the prior versions written into the snapshot side-table as the initial history. Migration is one-shot, idempotent, and runs before any background process starts.
.gtsfiles in user folders are not renamed. The migration is read-only —.gtsimports still work indefinitely. Re-exporting writes a.gskfile alongside.
v1.11.1 — Startup reliability and status bar polish
2026-05-26
Patch release fixing issues found in installed v1.11.0 builds.
Fixed
- All engrams are fully loaded before any background process starts. Connectors (RSS, GitHub, Slack, etc.) and the brain engine now wait for the complete cortex to be in memory before they begin. Previously, connectors could fire ingest jobs on engrams that hadn’t finished decrypting yet, causing partial writes and the greyed-out engrams visible in the picker until the load caught up.
- Update notification “OK” now opens the in-app install modal. Clicking OK on the macOS system notification did nothing if Graphnosis was minimised or hidden — the event was delivered to a hidden webview and the listener never fired. The click handler now brings the window forward and re-emits the event so the Install modal appears reliably.
- CI release: DMG located dynamically instead of by hardcoded filename. The release workflow now finds whatever DMG Tauri produces (arch suffix varies by runner) rather than assuming
_aarch64.dmg. Fixes the v1.11.1 CI failure where the build produced the DMG at the correct path but the step couldn’t find it because the package version was mismatched. - Status bar items right-aligned reliably. Version, Vitality, GLL, GNN, and the MCP client indicator are now wrapped in a single flex container with
margin-left:auto, replacing a fragile empty-span spacer approach that left the items drifting at intermediate positions on some window widths. - Offline source categories added to landing page. The “Auto-ingest from the tools you already use” section on graphnosis.com now lists the full range of off-the-grid sources — smart home, IoT sensors, local networks, research instruments, personal agents, robotics, agriculture — with a link to the step-by-step recipes guide.
v1.11.0 — Overlay recall, LLM capability split, and UI redesign
2026-05-26
Added
dig_deeperMCP tool. New escalation tool for queries thatrecallcan’t fully answer — it searches harder, crosses engram boundaries, and tells your AI which strategy found each result. AI clients should call it before reporting “nothing found.” See MCP Tools.- Inferred layer in recall responses. When overlay engines are running, recall results now include a clearly-labelled inferred section — predictions from the neural network and the local LLM, kept visually separate from your attested memory so you always know what’s real versus what’s suggested.
- AI now flags thin or lopsided recalls. Eight core tools surface a heads-up when a recall looks suspiciously narrow — too few results for what was asked, or one engram drowning out all the others — so you know to prompt your AI to look harder.
- Source-filename hint in recall. When a query matches a source filename but not the nodes inside it,
recallnames the source so your AI can follow up instead of stopping at “nothing found.” - LLM capability split. The Foresight panel now has five independently-toggleable switches instead of a single on/off: Recall enrichment, Correction parsing, Distillation, Insights & predictions, and Edge prediction. All off by default, all on-device.
- Edge prediction loop. With Edge prediction enabled, a background process periodically finds memory pairs that look related but aren’t yet connected, proposes a link, and queues it for your review in the Graphnosis Local Layer (.GLL) section of the Foresight tab.
- Full light-mode palette. The app now has a complete, designed light theme. Dark mode is unchanged.
- Overlay engine indicators in the status bar. Two small pills — turquoise for the Local LLM, purple for the Neural Network — sit beside the MCP client indicator, dimmed when the engine is idle and pulsing when it’s active.
- ⌘F global search shortcut. Pressing ⌘F from anywhere in the app jumps to the search input.
- 3D atlas: grab-to-rotate, ⌘-drag-to-move. Plain drag now rotates the graph like a globe. ⌘-held switches back to per-node repositioning.
- Lock screen cortex-missing notice. If the last-used cortex folder has been moved, renamed, or is on an unmounted drive, the lock screen tells you before you try to unlock.
- Browse… buttons for Obsidian and GBrain connectors. Folder picker in each connector’s setup modal — no more manual path typing.
- Privacy notice on all connector forms. Every connector now shows a one-line local-first reminder: credentials stay on your device, encrypted alongside your cortex.
- Network activity guide. New guide covering what Graphnosis connects to, why, and how to verify it yourself. See Network activity.
- Purge All in Cortex Management. When two or more engrams have forgotten nodes, a single Purge All button clears them all in one step.
- Windows: full sidecar + relay support. The bundled binaries now work on Windows, and the in-app Configure Claude Desktop / Claude Code / Cursor flows support Windows paths and config locations.
- Search bar shows which engram you’re searching. The stats line below the search input now reads “Coding · 4 matches for ‘sensors’” so you always know which engram produced the results.
- Semantic search tells you when results are off-topic. If the embedding search returns results that don’t actually contain your search terms, the stats line now says so explicitly: “No match for ‘sensors’ — showing 30 nearest (may not be relevant).” Previously those results silently appeared and looked like real matches.
- Engram picker updates in real time as each engram loads. Previously all pending engrams turned active at the same moment (when the last one finished). Now each one becomes clickable the moment it’s ready.
- Startup is significantly faster for large cortexes. Engrams are available for search and recall the moment each one finishes loading, instead of all at once at the end. Cortexes with many engrams that previously took 30–40 seconds to become responsive are now usable in a few seconds.
Changed
- 35 MCP tools.
dig_deeperjoins the Core memory group — up from 34. correctrenamed toedit. The tool now covers three situations: correcting a factual error, updating outdated content, and appending new detail to an existing memory. The old namecorrectstill works as a backward-compatible alias — existing AI clients don’t need a session restart.- Vitality no longer resets on every boot. The score you left with is what you see on the next unlock, not an inflated placeholder while the first background scan runs.
- Status bar layout. Overlay engine pills and the MCP client indicator are now pushed to the far right, leaving the left side clear for the theme toggle and cortex path. The ⌘K search chip is gone — ⌘F handles it.
- Clicking the MCP indicator opens the Status page.
- Predicted edges hidden by default in the 3D atlas. The overlay edges no longer appear unless you turn them on — the canonical view stays clean.
- Recall audit footer no longer lists every engram. Only engrams that contributed results appear in the footer; the rest are summarised as a count. Previously all engram names — including sensitive ones — were listed on every recall.
- Engram scoping in recall now works regardless of how your AI formats the parameter.
only_engramsandexcept_engramsaccept a list, a JSON-encoded string, or a bare name — all three were previously handled inconsistently.
Fixed
- Vitality 97 → 75 drop on boot. Vitality now persists across sessions.
- Interrupted shutdown left cortex in a broken state. A force-quit or crash during a graph save used to require manually triggering “Recover from op-log” in Settings. Graphnosis now self-heals on the next launch and shows a toast with the recovery count.
- Error banners appeared on the lock screen. They now only show inside the authenticated app.
- Recall missed memories with accented characters. “Stefan” and “Ștefan”, “resume” and “résumé” — diacritic variants now match each other in entity search. Your stored text is unchanged.
- Graphnosis no longer pegs CPU when Ollama is unresponsive. The connection now times out and backs off cleanly.
- Connectors no longer write to archived engrams. Previously an archived engram could still receive connector updates (RSS feeds, GitHub, etc.), which caused a quarantine loop on the next boot. Connectors now skip archived targets entirely.
- Closing Graphnosis unexpectedly no longer leaves the sidecar running in the background. A crash or force-quit now also terminates the background process, preventing a stale sidecar from blocking the next launch.
v0.10.1 — Boot stability and UI polish
2026-05-24
Patch release fixing issues found in installed v0.10.0 DMGs.
Fixed
- Consent toast storm on first launch. Dozens of “Memory access requires confirmation” popups appeared on boot because
markClientSeen()was deferred until the user clicked through the first-connect modal — meanwhile the background poller kept firing a new modal for each engram that finished loading. The fix: mark the client as seen immediately when the modal opens, and add a guard so only one first-connect modal can be pending at a time. - 3D node tooltip stuck at top of canvas. The node label was rendering at a fixed position in the top-left corner of the 3D view instead of floating near the cursor. The graph library’s internal
d3.pointer()returns incorrect coordinates in the Tauri production webview; replaced with a custom.atlas-node-tipelement positioned viamousemoveusing rawclientX/clientY − getBoundingClientRect(). - QR code blank in mobile setup. The QR code in the mobile/remote setup wizard (Step 3) rendered as a white blank. The Tauri CSP’s
default-src 'self'blocked thedata:URL the QR library writes into an<img>element. Fixed by addingimg-src 'self' data: blob:to the CSP. - Graphnosis Docs duplicated on app update. Every time the app detected a newer bundled docs version and re-ingested, it appended a new copy of the docs to the existing
graphnosis-docsengram instead of replacing it. Thedocs:ingesthandler now purges all existing sources in that engram before re-ingesting. - Sidebar logo not centered. The Graphnosis logo in the left sidebar was visually offset. Fixed the wrapper to use
display:flex; justify-content:centerinstead of relying onmargin:autoinside the flex column. forgettool modal described source-level behavior. The in-app MCP Tools browser entry forforgetstill said the tool removes a source. Updated to describe node-level soft-delete, therecall_structuredprerequisite for finding node IDs, and that removing an entire source is a user-only action in the Sources page.- MCP Tools modal brand badge layout. The Graphnosis logo and wordmark now appear as a top-right badge (logo above label) with
align-items:flex-starton the header, cleanly separated from the tool name on the left. The “Full MCP Tools reference” docs link is flush left in the footer viamargin-right:auto. - Updater bundle missing from CI. The release workflow was not producing the
.app.tar.gzneeded by the Tauri updater endpoint. Added"createUpdaterArtifacts": truetotauri.conf.json.
v0.10 — Consent, Activity Log, and safer AI tools
2026-05-24
Added
- Consent gate for sensitive data. Before any
sensitiveengram is served to an AI client, the Graphnosis app pops a one-click prompt: Deny / Allow once / Allow for 1 hour / Allow for today. Personal-tier recalls are silent by default (installation + MCP config are already two informed actions). The old phrase-typing flow is preserved as a headless fallback for SSH / CI / no-GUI sessions. See AI Access Controls. - Per-(client, tier) consent records. Every grant, expiration, and revocation is logged inside your cortex. Settings → AI shows currently-active grants and a full history modal. Records never leave your device.
- Configurable consent intervals. Pick how long a confirmation is remembered before re-prompting: every access, 15 min, 30 min, 1 hour, 4 hours, daily, weekly, monthly, 6 months, or permanent. Per-engram overrides in Cortex Management → Edit Engrams; the stricter setting wins.
- First-connect policy chooser. The first time a never-seen AI client triggers the consent flow, the app pops a one-time chooser so you can set per-tier defaults (always-allow / ask-1h / ask-1d / ask-every-time / never-allow). Editable later in Settings → AI → Client policies.
- Recall rate limit. Each AI client is limited to 10 recall calls per 60 seconds. Catches burst-scan patterns.
- Session replay blocker. A recall whose query is ≥ 85% similar (Jaccard token set) to a query issued within the last 60 seconds by the same client is blocked on the 3rd occurrence. First two identical queries pass (legitimate retries); sustained 3rd+ is the scraping pattern.
- Opt-in session caps. Three optional cumulative-volume caps in Settings → AI → Optional session caps: token cap (default 100 000 when enabled), node cap (default 500), engram-breadth cap (default 6). All off by default.
- Settings → AI → Extra precaution mode. New checkbox that gates
personal-tier recalls behind the same in-app prompt + per-client policies + first-connect chooser as sensitive recalls. Off by default. - Top-bar sensitivity badge. A color-coded PUBLIC / PERSONAL / SENSITIVE pill next to the active engram in the top bar. Click to change tier or set a per-engram consent interval.
- First-connect AI client modal. When a new AI client connects for the first time, Graphnosis asks whether it’s a chat assistant or an autonomous agent. Agent mode overrides the consent interval to “every recall” — extra friction for unattended automation.
- 34 MCP tools across 9 categories. The toolset expanded from the original 11 to 34: full Engram discovery (
list_engrams,suggest_engram,browse_engram,recent,get_engram_schema); structured recall variants (recall_structured,recall_with_citations,compare_engrams,cross_search); source operations (find_source,recall_source,transfer_source); engram operations (ingest_batch,engram_summary); brain maintenance (duplicate_pairs,healing_journal,gnn_status); approximate similarity (audit_memory,check_duplicate); and Local-LLM-backed (gnn_neighbors,llm_query,llm_distill). Full reference: MCP Tools. - Activity Log in Status pane — full upgrade. The Status tab’s activity feed now loads 20 entries at a time and adds more on scroll (IntersectionObserver sentinel). Each row shows: a short content preview (first ~120 chars of the memory), a triggeredBy badge indicating who initiated the action (
user · ingest,user · forget,mcp · remember,brain · consolidation,connector · <kind>, etc.), and an Open in Sources ↗ button for source-linked events. Historical entries without attribution show no badge — no backfill. - Actor attribution on all write paths (
triggeredBy). Every op-log event written by the sidecar now carries atriggeredByfield identifying the actor —mcp:remember,mcp:forget,mcp:correct,user:ingest,user:forget,user:correct,brain:reinforcement,brain:consolidation,connector:<kind>. The Activity Log surfaces this as a colour-coded badge. New cortexes and all events going forward are attributed automatically; no migration of historical events. - 3D Engram edge hard-lock. Any edge category with more than 10,000 edges is permanently hard-locked: it is never rendered, never toggled by the legend, and never triggered by hover — regardless of any setting. The legend row for a locked category is shown at 25% opacity with a “not-allowed” cursor and no interactivity. This prevents THREE.js geometry-allocation freezes on large cortexes (the trigger was a 65K-edge semantic graph). Categories between 5,000 and 10,000 remain in the existing auto-hide tier (off by default, re-enableable); categories below 5,000 are always interactive.
- In-app MCP Tools browser. New MCP Tools button in the left sidebar (next to Settings) opens a dedicated page listing every tool grouped by category, with a short description, determinism class, and 1–3 example prompts you can paste straight into your AI client.
- Boot loads your last-active engram first. Graphnosis now remembers which engram you had selected and loads it as the default on next unlock — the lock screen reveals with the correct engram already showing. See Boot & engram loading.
- Sequential background engram loading. Secondary engrams load one at a time with event-loop yields between each, so the desktop app’s first
list_nodescall doesn’t sit queued behind 12 concurrent decryption jobs. Reveals in ~3 seconds instead of 25–30 seconds on cortexes with many engrams. Status bar shows a live “Loading N more engrams…” countdown while the rest stream in. - Engram picker shows pending engrams. The active-engram dropdown lists every engram immediately on unlock — the ones still loading appear greyed out and aren’t clickable until they finish. Positions stay alphabetical with no reshuffling.
- Local LLM-assisted search. Two checkboxes inline with the search box (only enabled when the local LLM is reachable): ”🤖 Synthesize answer” writes a 1-paragraph answer with citations, “Enhanced ranking” re-orders results by LLM-judged relevance. Settings → AI → “Use Local LLM only for search” restricts the LLM to in-app search and disables
develop/predict/insights/llm_queryMCP tools. - Local LLM checkbox toggle. The Go Non-Deterministic tab’s Local LLM master switch is now a labeled checkbox instead of separate Enable/Turn off buttons.
- “Local LLM…” button replaces the static search-row hint. The previous “Requires a local AI model — enable in Go Non-Deterministic” cluttering the search row is now a small “Local LLM…” button that takes you directly to the toggle.
- Search-results × close button. A close button in the search-results header mirrors the in-input × — clears the query and returns to the dashboard without scrolling back up to the input.
- Needs Your Review overlay polish. The overlay now shows an immediate loading placeholder while populating (was empty for ~1s), and auto-closes when you switch away from the Deterministic Consolidation tab.
- Amber idle indicator on MCP connections. AI tools panel rows turn amber + show
· Idle Xm(compact:47s/12m/3h) when a connection hasn’t seen a request in 15+ min. Returns to green pulse automatically on the next request. The status-bar dot and left-sidebar chip for that client also turn amber while idle. - × force-close button per MCP connection. Hover any row in the AI tools panel to reveal a × button; one click force-closes that connection. Non-destructive — the relay auto-reconnects on its next tool call and a fresh row appears. Hidden for
stdiotransport. - Relay reconnect window: indefinite. The MCP relay used to give up after 24 hours of waiting for the sidecar to come back. Now it parks forever (only exits when the AI client closes its stdin pipe). Closing Graphnosis for a week and reopening just works — your AI clients reconnect on their next tool call, no restart needed. Power users can still set a finite timeout via
GRAPHNOSIS_RELAY_RECONNECT_MSenv var orsettings.json:mcpRelay.reconnectMs.
Changed
forgetMCP tool is now node-level only.forgettakesnodeIds(one ID or an array of up to 20), never a source ID. Removing an entire ingested file, URL, or clip is a user-only action done from the Sources page in the app — AI clients have no API path to delete a whole source. The correct workflow:recall_structuredto find the exact node(s), confirm the text, thenforget(nodeIds=[...]). If a source has 500 nodes and only one fact is stale, only that node is removed; the other 499 are untouched.merge_engramsremoved from the MCP toolset. Merging engrams is now a user-only action in the app UI. AI clients can move individual sources between engrams viatransfer_source, but cannot trigger a full engram merge. This prevents irreversible structural changes from automated AI flows.- Tagline updated. “Your local encrypted memory, indexed for deterministic recall — auditable.” The new ending reflects that every access decision is logged and reversible.
- Sensitive-tier defaults. Sensitive engrams now require consent every hour by default (was: blocked outright). The block-by-default behavior is still available — pick “Every access” or set the engram to never be granted consent.
- Personal-tier recalls are silent by default. The consent gate only fires for
sensitive-tier recalls (or any tier in extra-precaution mode). - Federated recall silently scopes to consented tiers. When the AI doesn’t name specific engrams, Graphnosis silently excludes any un-consented sensitive engrams from the search instead of firing a prompt. The prompt only fires when the AI explicitly names a sensitive engram via
only_engrams. Stops the surprise where merely having a sensitive engram caused every personal-data query to prompt. - MCP
recallaudit footer. When consent is valid, recall results now end with[<client> — <tier> access: valid until <time>. Revoke in Settings → AI.]so the AI surface always shows the current authorization state. - MCP consent errors now render correctly in Claude’s UI. The consent-required notice was being returned as a JSON-RPC
-32603 Internal Error, which Claude renders as a generic “Tool execution failed” with no detail. Now returned as a proper tool result withisError: trueso the full notice reaches the AI client’s UI. - Background neuron-field animation rewritten. The ambient “cortex simulation” behind the vitality card now uses pure Brownian motion with per-node pulsation and short directed-edge synapse pulses, replacing the prior attraction-based simulation that collapsed nodes into 2D lines. Opacity dropped from 0.55 → 0.2 so it reads as a true backdrop.
- “Cortex secured” capitalization. Lock-screen boot status now reads “Cortex secured” instead of “cortex secured”.
Security
- 5-attempt lockout per (client, tier). Five consecutive failed
confirm_data_accessattempts in 10 minutes revokes that pair’s consent and notifies you. Other consents are unaffected. - Per-cortex HMAC secret. Each cortex generates a 32-byte secret on first unlock that drives consent phrase rotation. Stored encrypted in your settings; never exposed via MCP, IPC responses, or logs.
- MCP write protection.
consentHmacKey,dataAccessConsents,consentIntervalSensitiveMs,consentIntervalPersonalMs, andclientTypesare not writable via any MCP tool. Only the authenticated Tauri IPC channel can update them. - Fast-fail when cortex is locked. Tool calls reaching the MCP relay while the cortex is locked now respond immediately with a clear “Graphnosis is locked” error instead of hanging up to 24 hours.
Fixed
- 3D Engram freeze on Cmd+Tab and source-legend hover (large graphs). On cortexes with 65K+ semantic edges, switching apps or hovering any source row in the legend would freeze the UI for several seconds. Two causes fixed: (1) rapid hover events coalesced into a single
requestAnimationFrame-gated refresh instead of stacking; (2) thelinkVisibilitypeek-through callback — which temporarily reveals all edges for a hovered source — is now gated at 10,000 total links. Above that threshold the callback returns the current visibility state unchanged, preventing THREE.js from allocating geometry for tens of thousands of hidden edges in a single frame. - Lock-screen freeze during boot. The lock screen would sit on “Loading memories…” for 25–30s on large cortexes. The sidecar was using
Promise.allfor 12 concurrent decryption jobs, saturating the Node event loop and starving the IPC socket so the boot’slist_nodescall sat queued. Sequential loading +setImmediateyields between each load lets IPC interleave and reveals the lock screen in ~3 seconds. - Stale localStorage engram preference. If you deleted the engram you’d last selected, the next boot would silently create a fresh empty engram with that name. Now falls back to
personalinstead. - HMAC key race condition. Concurrent
get_consent_phrasecalls during Settings panel open no longer race on the atomic settings write. The in-flight promise is cached so the first save wins and concurrent callers share the same key. mergeWithDefaultswas droppingconsentHmacKey. Every settings save was silently regenerating the phrase secret, breaking consent validation. The key is now explicitly preserved through merge.
Migrations
- HMAC secret generation. Older cortexes that pre-date v0.10 will generate a fresh consent secret on first unlock. No user action required.
- Consent records. Cortexes with no
dataAccessConsentsfield are treated as having no granted consents. The first recall from an AI client triggers the first-time notice.
v0.9 — Deterministic Consolidation
2026-05-22
Theme: a memory that strengthens, never weakens. The third tab is reborn as Deterministic Consolidation — an engine that makes every memory you add permanent and ever more retrievable. Connections strengthen the more you use them, engrams link to one another, and a daily consolidation pass integrates the whole cortex. Nothing here ever weakens a correct memory.
Added
- Connection reinforcement. Memories recalled together have the connection between them strengthened (“fire together, wire together”); a repeatedly co-recalled pair with no link yet earns one. Reinforcement is live — strengthened connections genuinely rank higher in future recalls — and saturating, so it never runs away.
- Cross-engram connections. Graphnosis now links memories across engrams — via shared named entities or high semantic similarity — so a query in one engram can surface what you know in another. Stored encrypted alongside your cortex.
- Consolidation. A daily deep pass: transitive inference (if A→B and B→C, infer A→C), community detection, and redundancy cleanup (dead edges left dangling to already-deleted memories). All additive or tidying — a connection between two live memories is never removed.
- Memory health. The tab’s headline is now a retrieval-quality report — connectivity, integration, confidence, coherence, reinforcement activity, and a saturation guard — instead of a raw size-and-density score.
- Graphnosis Neural Network (opt-in). A new Go Non-Deterministic tab adds an optional, off-by-default neural network that predicts likely-missing connections between your memories. Predictions live in a separate encrypted overlay (
neural-network.gnn) — never mixed into your deterministic graph — and surface only as clearly-labelled, one-click-removable suggestions. That tab is also the new home for the optional local-LLM setup and AI-generated insights. - Add the Graphnosis docs to your cortex. On unlock, Graphnosis offers to load its own documentation into a dedicated
graphnosis-docsengram, so your AI can answer questions about Graphnosis itself. The docs are bundled inside the app — adding them is fully offline, with no network access — and refresh when you update the app.
Changed
- The third tab is now “Deterministic Consolidation” (was “Autonomous upkeep”).
- Memories no longer decay from disuse. Anything you deliberately add — a file, URL, clip, or saved conversation — keeps its confidence indefinitely. The only things that lower a memory’s standing are explicit correctness events (contradiction, supersession, your own correction), all audited and reversible.
- Recalled memories are reinforced. Appearing in a recall result now gives a memory a small confidence boost — the strengthening half of the old decay/reinforce pair, now active.
- The local LLM is now opt-in. Graphnosis no longer uses a local LLM just because one happens to be running. Insights and the richer
develop/predictsynthesis stay off until you explicitly enable the local LLM in the Go Non-Deterministic tab — detection is never consent. correctno longer needs an AI model. The correction tool is deterministic by default — it supersedes the closest-matching memory with your fix, reproducibly, with no model required. The optional Neural Network widens its candidate set and the optional local LLM upgrades it to multi-edit diffs, but neither is required. With the local LLM off,develop/predict/insightsalso degrade gracefully — returning the deterministic recalled context with a clear note instead of failing quietly.- Vitality is a ratio-based score. The 0–100 vitality reading is now computed from connectivity, confidence, recent activity, and coherence, so it ranges meaningfully across a cortex’s life instead of pinning near the top.
Fixed
- cortexes that wouldn’t open. A crashed embedding worker could stall the sidecar so a cortex never finished unlocking. The worker pool now routes around a dead worker and recovers.
- Your AI client keeps working across Cortex switches. The MCP connection now uses a fixed per-user socket path, so a client you configured once (Claude Desktop, Cursor, …) keeps working after you switch or reopen cortexes.
- A moved, renamed, or deleted cortex folder no longer crashes the app. If the folder Graphnosis remembered is gone, the app reports it cleanly instead of failing to start.
- UI polish. The lock-screen footer no longer breaks awkwardly, the top-left logo is centered, the Settings → Connectors section renders cleanly, and the main tab strip no longer clips the first tab.
Migrations
None. Existing cortexes gain the cross-engram connection store on first run, and may be offered the bundled Graphnosis documentation; the neural network and local LLM both default to off until you opt in. No memory is altered on upgrade.
v0.8 — Autonomous upkeep
2026-05-21
Theme: a cortex that maintains itself. Graphnosis now keeps your memory tidy on its own — merging duplicates it can prove are redundant, weaving connections between related memories, and surfacing the judgment calls it can’t safely make. New background passes run on a schedule: what they can fix, they fix; what needs you, they route to Check-in.
Added
- Autonomous self-healing. A background duplicate scan merges memories that are provably the same — byte-identical text, or one fully contained within a longer one. Merges are automatic, conservative (a merge never loses information), and reversible (soft-delete, recorded in the op-log). The Autonomous tab’s Self-healing section shows the running count. Full detail in Deterministic Consolidation.
- “Needs your review” in Check-in. Near-duplicate pairs that aren’t provably identical — a differing number, an added negation, a partial overlap — surface in the Check-in tab with both memories side by side and a one-click Same memory — merge / Keep both decision. Graphnosis heals what’s certain; you decide what’s ambiguous.
- Automatic connection weaving. Memories that are clearly related but distinct get an automatic “related” connection, so isolated memories aren’t left floating. Conservative — already-dense memories are skipped, and typed/directional relationships are still left to you in the Check-in deck.
- Post-ingest scan. Ingesting a file now triggers a duplicate scan shortly after it completes, so new content is checked promptly instead of waiting for the next scheduled pass.
- Visible upkeep schedule. The Autonomous tab now shows the cadence of every background pass (duplicate scan every 20 min, connection forming 45 min, goal check 4 h, insights 6 h, memory decay 24 h).
- Standalone / Local LLM shortcuts. Two buttons in the sidebar’s “Get connected” section explain the two modes — fully deterministic Standalone (the default) vs. adding a local LLM for insights and deeper connection-forming.
Changed
- The third tab is now “Autonomous” — it collects vitality, self-healing, insights, goals, and live activity in one place.
- Vitality shows 0 until it’s calculated, so a still-starting-up score is never mistaken for a real one.
- “Cache everything” is the default content-cache mode, selected out of the box.
- The memory trace clears on lock. Locking your cortex now clears the left-rail recents list and the detail pane, so a re-unlock starts with a clean slate.
Migrations
None. v0.8 is fully backward-compatible. The self-healing journal is created on first run; existing cortexes gain it automatically.
v0.7 — Sources management, 3D graph performance, and readability
2026-05-20
Theme: make large cortexes easier to navigate and large graphs easier to work with. This release adds first-class source management (search, move between engrams), makes the 3D graph usable on 25K-edge graphs without freezing the UI, and addresses a wave of readability and polish issues reported after v0.6.
Added
- Sources search filter. A “Filter sources…” input sits above the Sources list. Typing narrows the list instantly — source names and file paths both match. Engram group headings hide automatically when none of their sources match, so you only see the groups that are relevant.
- Move a source to another engram. Each source row now has a Move to… button. A compact inline picker appears with a list of your other engrams (sorted alphabetically). Pick an existing engram or choose New Engram… to create one right from the picker — the new engram is created with a Personal template and your chosen display name, and the move happens in the same gesture. All chunks, embeddings, and the content cache entry transfer with the source; the graph re-links automatically after the move.
- Help button in the top bar. A
?button next to the Lock button opens docs.graphnosis.com in your default browser.
Changed
- Sticky engram headings in Sources. When you scroll through a long sources list, the current engram’s name header sticks to the menu bar so you always know which engram you’re looking at. The heading is replaced by the next engram’s heading as it scrolls into view.
- Semantic edges auto-hide on large graphs. When a graph has more than 5,000 semantic (embedding-similarity) edges, Graphnosis automatically hides that category in the 3D view to keep framerate navigable. The legend shows semantic edges as “off” so you can re-enable them at any time. Switching to a smaller graph that is below the threshold restores them automatically.
- 3D graph layout no longer freezes the UI during initial layout. The force simulation now scales its parameters to the graph’s node count. Large graphs (1,500+ nodes) skip the synchronous warmup pass and run with a faster alpha-decay and fewer collision iterations — the graph appears immediately and settles in the background. Periodic reheat is also disabled above this threshold. Small graphs are unaffected.
- 3D graph reset no longer shifts the view. Previously the Reset button moved the orbit pivot to the world origin, which caused the camera to visibly jump when the pivot didn’t coincide with the view center. Reset now only clears selection emphasis (node size, opacity); the camera stays exactly where it was.
- Engrams sorted alphabetically in all pickers. The top-bar engram dropdown, the move-to picker, the connector target selector, and the Settings engram lists all now sort by display name instead of creation order.
ai-conversationsource references rendered as readable labels everywhere. The detail-pane breadcrumb and trivia-card source label now showAI: <topic>(orAI conversationwhen no topic is set), matching the formatting the Sources list and atlas legend already used. The rawai-conversation:<timestamp>:<topic>ref no longer appears anywhere in the UI.
Fixed
- Sources list scroll position preserved after a move. Confirming a move previously reloaded the list and scrolled it back to the top. The view now stays in place.
- Sources list auto-refreshes after a move completes rather than requiring a manual pane switch to see the updated state.
Migrations
None. v0.7 is fully backward-compatible with v0.6 cortexes.
v0.6 — Mobile, connectors, and the broader MCP-client universe
2026-05-19
Theme: make your cortex reachable from anywhere, growing on its own from the tools you already use. The biggest single release since v0.1 in scope of new surface — a mobile bridge with a 3-step wizard, six service connectors with BYO credentials, encryption for those credentials at rest, broader MCP-client coverage beyond Claude Desktop / Code / Cursor, and a Settings UI to manage all of it.
Added
- Mobile & Remote Access. New HTTP/SSE MCP bridge on port
3457with bearer-token auth, configurable interface (loopback-only vs all-interfaces). Auto-generated UUID token, no manual token handling. Connect Claude for iOS, Claude for Android, browser extensions, or any HTTP MCP client — over LAN at home or Tailscale anywhere. Full walkthrough at Connect from your phone. - 3-step mobile setup wizard. Settings → Mobile & Remote Access → “Set up mobile access…” — enable the bridge, pick the network interface (Tailscale-aware, recommended), copy MCP URL + masked bearer with one-click Copy buttons. Returning-user fast path: jumps straight to Step 3 on re-open.
- Six service connectors. Auto-ingest from existing tools, all BYO-credentials so Graphnosis is never in any OAuth chain:
- RSS / Atom — pull from any feed URLs, deduplicated by guid
- GitHub — issues, PRs, releases from a list of repos (fine-grained PAT)
- Slack — starred items + optional channel history (your own Slack app)
- Trello — cards + checklists from selected boards (API key + token)
- Linear — issues with team / state / priority filters (personal API key)
- Generic webhook — receive POSTs from Zapier, IFTTT, custom scripts, iOS Shortcuts; auto-generated unique URL per connector Full walkthroughs per connector at Auto-ingest from your tools.
- Settings → Connectors panel. Install, configure, pull-now, edit, remove — all 6 kinds. Status pills (enabled / disabled / error / pulling), last-pull timestamp, event counts, target engram, per-row actions. Lives between AI Clients and Cortex Tools in Settings.
- Connector credentials encrypted at rest. XChaCha20-Poly1305 with the cortex data key, base64-stored in
settings.jsonascredentialsEnc. Same primitive as.gaifiles. Cloud-sync-safe — providers see ciphertext only. Migration from v0.6 plaintext is automatic on next save. - Broader MCP-client coverage. Added drop-in support documentation for Zed, Cline (VS Code), Continue.dev, Goose (Block), 5ire, Witsy, LibreChat, and Open WebUI — all the same
graphnosisserver entry, just different config-file paths per client. - Sources pane → Settings deep links. Above the Sources list, a quiet hint banner: “Want this list to grow on its own? Connect an AI client → · Set up a connector →”. One click jumps to Settings, scrolls the relevant panel into view with a brief accent ring.
- Custom engram picker in the top bar — always opens downward (replaces native
<select>whose macOS-default open direction often drifted upward off the top bar). Outside-click and Escape close. Selected option indicator + chevron button.
Changed
- Brand line: “Your Local Encrypted Second Cortex” (dropped the comma between Local and Encrypted — cleaner rhythm). Lock-screen unlock prompt sharpened to “Unlock your encrypted second cortex:” — fits the act of entering a passphrase.
- Atlas legend labels. AI-conversation source labels were rendering as raw refs (
ai-conversation:1779139479066:Milestone — …); now formatted toAI: <topic>so the legend reads as a list of things, not internal sourceRefs. Full label preserved in hover tooltip. - About panel links updated for current org / docs URLs: Source →
nehloo-interactive/graphnosis-app(LLC org), Docs →docs.graphnosis.com. New Terms link added next to Privacy. - Engram-suggest banner preview now renders the full text scrollable inside the banner (was 280-char truncation), so you can read what the AI is about to save before confirming.
Fixed
- Sidecar typecheck violations from the mobile session’s HTTP-bridge + connectors commits (zod v4
recordsignature change,exactOptionalPropertyTypesstrict mode catching explicit-undefined property assignments). 8 errors → 0, unblocking the v0.6 connectors UI work. - Engram dropdown direction. Was a macOS-OS-controlled annoyance for picker placement near the top bar; now custom-rendered to always drop down predictably.
Security
- Connector credential encryption at rest (described above) closes the gap where v0.5 / pre-v0.6.1 settings.json stored Slack/GitHub/Trello/Linear tokens plaintext. Anyone backing up or cloud-syncing their cortex folder pre-v0.6.1 should re-paste their connector credentials so the new encrypted-at-rest path takes effect, then verify
settings.jsonshows"credentialsEnc"instead of"credentials"for each connector.
Migrations
None required. v0.6 is fully backward-compatible with v0.5 cortexes. The first settings save after upgrading to v0.6.1 transparently encrypts any plaintext connector credentials.
v0.5 — More AI clients, smarter remember, background notifications
2026-05-18
Theme: let any AI client confidently target a specific engram, and tell you when the app’s in the background. Plus a broader AI-client expansion beyond Claude Desktop, and ingest performance you can dial in.
Added
- Claude Code (CLI) and Cursor support alongside Claude Desktop. The “Connect an AI client” modal in the menu-bar tray now writes the correct config for all three. Settings → AI Clients lets you re-run the configuration for any of them at any time. All three use the same stdio MCP transport against the bundled sidecar binary — same cortex, same memory, three faces.
target_engramparameter onremember. An AI client can now say “save this to mybook-notesengram” instead of dumping into the default. Graphnosis resolves the name with a normalized exact match, then a dependency-free fuzzy matcher (substring containment + token-set Jaccard + Levenshtein) and surfaces one of three outcomes:- Exact match → write immediately.
- Close matches → a banner top-center in the app lists ranked candidates with match reasons (
contains your text · 90%,same words · 100%,close spelling · 75%). You pick which existing engram to use or create a new one with the AI’s suggested name. - No match → banner offers “Create new” only. The AI never auto-creates an engram or silently disambiguates — every new engram is a human-confirmed decision.
- One-click create-and-save from the banner. Click “Create engram & save” and the app creates the engram (template: personal, your suggested display name) AND ingests the note in one gesture. Top-bar engram dropdown refreshes immediately so the new engram is selectable everywhere.
- Background notifications for AI-driven confirmations. When the menu-bar panel is collapsed or another app is on top, the app fires a native macOS notification for events that need your attention:
engram-create-suggested(an AI wants to save into a new engram) andcorrection-proposed(an AI proposed acorrectdiff). Foreground stays silent — the in-app banner is the only signal so you’re never double-notified. Permission requested lazily on first event. - Ingest performance presets in Settings → AI Settings. Chunk size (
fine300 chars /balanced500 /coarse2500) and embed batch (small64 /medium256 /large1024 /autobased on total RAM). Lets you trade ingest speed against recall granularity without touching env vars. - Pluggable 3D engine architecture. The 3D Engram view now boots through an engine-selector with three implementations: deck.gl (default), three.js + custom physics worker, and three.js + force-graph-3d. Settings → AI Settings → Visualization lets you switch engines live. Default is deck.gl for stability across large graphs; three.js variants are available for engagement experiments.
- Right sidebar memory inspector. Click any node in 3D Engram or any row in Sources / Recall to open a sticky right-side detail pane: full text, source, neighbors, “How are these connected?” picker, +Connect candidates with sticky Connect/Cancel buttons at the bottom.
- Check-in deck redesign. The daily check-in panel got a denser, less cluttered layout — 10 inline “Connect as” buttons (was 6), turquoise tagline, mustard-gold inline content, grayed-out non-interactive chips, single-click Forget confirm.
- AI-conversation source kind on the Sources list. When an AI calls
rememberwithkind: 'ai-conversation', the Sources list shows a distinct icon so you can tell “the AI paraphrased our conversation” from “the AI saw this in a doc I shared”. (Schema was added in v0.4; the UI distinction landed in v0.5.)
Changed
rememberMCP tool parameters. Renamedgraph→graphId, removedtags(never wired through), addedkindandlabel. See MCP Tools reference for the current shape.- Synapse copy across the app. “this App’s Synapse” / “this App’s running Synapse” → “Graphnosis Synapse” everywhere it appeared (configure-client modal, tour, status text). The synapse story is now consistent: the synapse is the bridge between your AI client and your cortex, period.
- Configure-client modal post-success state. After a successful Connect, the modal now shows a check + “Done” instead of leaving “Apply” visible (Apply was a stale instruction — there was nothing left to apply).
Fixed
rememberreturned “Ingest produced 0 nodes” for some markdown inputs. Root cause was in the SDK’sparseMarkdown— input with no headers returned an empty section list. Three-layer fix: SDK v0.5.1 wraps headerless input in a synthetic section, sidecar adds a symmetric fallback for the kind=markdown → 0-nodes case, MCPrememberroutes short text / long markdown / long headerless text differently.
Migrations
None. v0.5 is fully backward-compatible with v0.4 cortexes.
v0.4 — Touch ID, attribution, and a better Check-in
2026-05-16
Added
- Touch ID unlock (macOS). Lock screen now shows an “Unlock with Touch ID” button once you’ve signed in with a passphrase at least once. Powered by a Swift sidecar binary that talks to Apple’s LocalAuthentication.framework — the actual unlock still reads your saved passphrase from the macOS Keychain after biometric success. Falls back gracefully on Macs without a Touch ID sensor.
- AI client attribution on Sources. When an AI client adds a memory via the
rememberMCP tool, the Sources list shows a small turquoise badge —via claude-ai,via cursor, etc. — derived from the MCPinitializehandshake’sclientInfo.name. User-added sources (drag-drop, paste, file picker) have no badge. ai-conversationsource kind. TherememberMCP tool now accepts an optionalkind: 'clip' | 'ai-conversation'parameter. AI clients can useai-conversationwhen saving a turn or summary of the CURRENT conversation, distinct fromclipfor facts extracted from external content. The Sources list surfaces these differently so the user can tell “the AI paraphrased me” from “the AI saw this in a doc I shared”.- Correction attribution on the op-log. Every event emitted by
applyCorrection(addNode, editNode, supersede, deleteNode) now carriescorrectedBywhen the correction came through an MCP client. The audit log can show “Claude edited this node” alongside the content + reason. - Default cortex path suggestion. First-time users see
~/Graphnosis-Cortexpre-filled in the lock-screen folder input — no need to click Choose to pick a path. The folder is created on first unlock if it doesn’t exist.
Changed
- Check-in card layout overhaul:
- Removed the “Choose another memory” search box (redundant with ⌘K and the deck arrows).
- Bottom action bar now has only Skip and 🗑 Forget (was Looks right / Fix / Skip + an in-card Forget).
- Forget asks for a single-click confirm: “Forget this memory? It will be soft-deleted (recoverable until Purge)” → Cancel / 🗑 Forget anyway.
- Inline-text colors: source + candidate memory texts are now mustard gold (
#d4a82c) to distinguish content from interactive elements. fact/trust 0.90chips are grayed out so they read as info, not buttons.- Funny tagline at the top of each card is now turquoise (matching the seahorse logo) and a touch larger.
- Connect as shows up to 10 inline buttons (was 6), always topped up with generic types (Same topic / Related / Mentioned in / Depends on / Cited in / Builds on / Contradicts).
- “How are these connected?” picker (opened from candidate panel’s “Other…”):
- Overlays the right-side memory-trace sidebar instead of dimming the whole screen — you can still see source + candidate while picking.
- Auto-closes when you click either node text, switch to 3D Engram, click anywhere else on the deck card, or hit Escape.
- Lock screen title: “Unlock your private cortex” → “Unlock your private second cortex of memories:”.
- Last-used cortex path is now pre-filled and the passphrase field auto-focuses on launch.
Fixed
- Dev-server infinite rebuild loop. Tauri’s file watcher was triggering a fresh build every time
build.rsrewrote the Swift biometric binary. Fixed via.taurignoreexcludingbinaries/+ an mtime guard inbuild.rsthat skips swiftc when the binary is already up-to-date.
v0.3 — Recovery, safety, and the synapse story
2026-05-15
The big theme: make data loss require a series of unlikely mistakes, not just one bad day. Five new safety layers, a real passphrase-rotation flow, and several long-standing UI bugs fixed in the process.
Added
- 24-word BIP-39 recovery phrase. Generated locally when you create a new cortex (or auto-backfilled on first unlock of a pre-v0.3 cortex). Shown exactly once via a gated lock-screen modal — the unlock → app transition is paused until you acknowledge. See Recovery.
- Passphrase change. Settings → after a recovery-mode unlock, the app offers to set a new passphrase. Instant — only the wrapper file is rewritten; engrams stay encrypted with the same data key. The recovery phrase remains valid.
- Regenerate recovery phrase. Settings → Recovery phrase → typed-confirmation flow. Useful if you never saw the original modal, suspect the phrase is exposed, or want periodic rotation.
- Cortex Management. Settings → Cortex Tools → red “Cortex Management…” button opens a dedicated modal for every destructive engram operation: forgotten-memories purge, engram archive/delete, quarantined-file restore/delete. Every action gated by typed confirmation.
- Auto-quarantine. When Graphnosis detects a corrupt
.gaiat startup (HMAC mismatch, signature failure), it auto-renames the file to<id>.gai.corrupt-<timestamp>so the next launch doesn’t keep retrying it. The engram becomes “missing” until you recover it from the op-log. - Recovery from op-log: live progress + backgroundable. The “Recover selected” flow now returns immediately, runs in the background, and pushes per-source progress events to the UI. You can close the panel and keep working; a native notification fires when recovery completes. Previously a 60–90-minute PDF re-ingest would time out at 10 minutes with no progress visible.
- Snapshot offer before destructive ops. “Save a snapshot first?” prompt now appears before recover-from-op-log and before changing the passphrase. The snapshot now includes
master.encandrecovery.enc— previously these were silently omitted, which would have bricked any restored snapshot. - Native macOS notifications for ingest completion and recovery completion. Permission requested lazily on first event.
- Two-worker embedding pool. Embedding work runs in dedicated worker threads instead of the main process, keeping the UI responsive during large ingests (the 4233-page PDF case).
- Auto-jump to 3D Engram after ingest. When the last file in a batch finishes successfully and adds at least one node, the UI hops to the 3D Engram view so you immediately see your new memories in the graph.
- Seahorse / hippocampus / engram brand story. The seahorse logo is now explained inline: “hippocampus” is Greek for seahorse — the brain region the logo references is exactly the structure Graphnosis embodies in software (encoding, storage, retrieval).
- Keeping your cortex safe guide. New doc consolidating the five safety layers and what to do when things go wrong.
Changed
- Settings tab reorganization. The Preferences modal is now just app-behavior knobs (cache mode, forget behavior, MCP relay, AI client routing). Engrams management, quarantined files, and the “forgotten memories” / purge surface all moved into the new Cortex Management modal. Recovery-phrase regeneration is a top-level Settings tab panel.
- Tray menu: “Open inspector…” → “Open Graphnosis…”.
- Unlock screen title: “Unlock your Graphnosis cortex folder” → “Unlock your private cortex”. Passphrase field gained an inline warning about the passphrase being the only key + recovery-phrase fallback.
- Content cache default cap raised from 50 MB → 512 MB per source. Now covers realistic large reference manuals (e.g. a 4233-page PDF at ~210 MB) without users having to change settings.
- Tour copy updated to reference the hippocampus / engram / synapse / seahorse story and to explain that Graphnosis must be running and the cortex unlocked for AI clients to read memories.
- Status pane is now a read-only health snapshot. “Forgotten memories” footer moved to Cortex Management (where every destructive op lives).
Fixed
- Tauri 2 event-name silent failure. Periods aren’t allowed in Tauri 2 event names (only
[a-z0-9],-,/,:,_). The app was emittinggraphnosis://cortex.created,graphnosis://ingest.progress,graphnosis://ingest.done,graphnosis://recovery.progress,graphnosis://recovery.done— all rejected silently. Result: the one-time recovery-phrase modal never showed, ingest progress toasts never updated, recovery progress bars never updated. All five renamed to use hyphens. .gai/.bundlecorruption from interrupted saves. Pre-v0.3 the app usedfs.writeFiledirectly to the canonical path, leaving partial files on process kill (force-quit, OS kill, crash). All saves now go through an atomic-write helper (tmp → fsync → rename). POSIXrename(2)is atomic — either the old file is intact or the new one is fully written.- Large engrams silently disappearing from the picker. A graph with a 160 MB+ embcache could throw mid-load and never make it into the in-memory engram map. Cache load failures are now non-fatal — the graph is added with an empty cache and embeddings rebuild from scratch.
- Recovery panel timed out at 600s even when the sidecar was still working. The Rust → sidecar IPC for
recovery.applyis now async — returns{ accepted, jobId }in 15s; the actual work pushes events. - Duplicate
formatBytesfunction declaration broke dev-server HMR. - Quarantine timestamps showing 1970. Display now auto-detects seconds-vs-milliseconds in the filename so manually-quarantined files (with
date +%stimestamps) render the right date.
Security
- Two-tier key model (
master.enc). Passphrase no longer directly derives the data key. Argon2id(passphrase, salt) derives a wrap key that decryptsmaster.enc, which holds the actual data key. Industry-standard pattern; makes passphrase rotation an O(1) operation instead of having to re-encrypt every file in the cortex. - Recovery phrase wraps the data key, not the passphrase. The previous documentation said the opposite. The phrase is an independent unlock path: phrase → Argon2id → recovery wrap key →
recovery.enc→ data key. Lose the passphrase, the phrase still works; lose both, no one (including us) can open your cortex. - Atomic writes close a class of “I unlocked yesterday but today the file is corrupt” scenarios that had no recoverable cause beyond “the save was interrupted.”
Migrations
These run automatically on first unlock of a pre-v0.3 cortex; no user action required.
master.encwritten. Existing cortexes use the legacy “passphrase = data key” model. On first v0.3 unlock, the app derives the same key, writesmaster.encwrapping it, and from that point on uses the wrapped-key path. Old code can still open the cortex until you change the passphrase.recovery.encgenerated. Pre-v0.3 cortexes had no recovery phrase. The first v0.3 unlock generates a fresh 24-word phrase, wraps the data key, writesrecovery.enc, and shows the phrase via the one-time lock-screen modal. Write it down before clicking Continue.
If you miss the modal (closed too fast, lost focus), regenerate from Settings → Recovery phrase any time.
v0.2.x and earlier
2026-05-11 → 2026-05-13
Pre-v0.3 changes weren’t tracked in this changelog. The headline features for those releases:
- v0.2.x · 2026-05-13: PDF ingest worker, op-log recovery flow (sync), source index, embedding cache, MCP relay
- v0.1.x · 2026-05-11: Initial release — local-first encrypted cortex, MCP server, federated recall, BGE-small embeddings, Tauri shell
@nehloo/graphnosis SDK — first publish
2026-04-12
The Graphnosis App is built on top of the open-source @nehloo/graphnosis SDK (Apache-2.0) — the deterministic dual-graph engine that powers every engram: TF-IDF + embeddings + the directed/undirected edge model, encryption, the op-log, federated recall, and the recall / remember / edit primitives the App’s MCP tools delegate to.
The SDK was first published to npm on 2026-04-12, a month before the App scaffold landed. Every release listed above pins a specific SDK version in apps/desktop-sidecar/package.json; the App’s behavior is the SDK’s behavior plus the desktop shell, the MCP server, MemoryStudio, Skills, connectors, and the brain engine on top.
If you build with Graphnosis directly — without the App — the SDK is what you reach for. The App is one consumer of it; the SDK is the foundation.
Future releases will be tracked here from the date they ship.