Skip to content
Graphnosis Graphnosis

Changelog

What changed in each release, in user-facing terms. Internal refactors and dev-only cleanups aren’t listed.

Conventions: Added = new features, Changed = behavior or UX shifts, Fixed = bugs, Security = anything affecting your data, Migrations = automatic upgrades the app applies to existing cortexes.

v0.10.1 — Boot stability and UI polish

Patch release fixing issues found in installed v0.10.0 DMGs.

Fixed

  • Consent toast storm on first launch. Dozens of “Memory access requires confirmation” popups appeared on boot because markClientSeen() was deferred until the user clicked through the first-connect modal — meanwhile the background poller kept firing a new modal for each engram that finished loading. The fix: mark the client as seen immediately when the modal opens, and add a guard so only one first-connect modal can be pending at a time.
  • 3D node tooltip stuck at top of canvas. The node label was rendering at a fixed position in the top-left corner of the 3D view instead of floating near the cursor. The graph library’s internal d3.pointer() returns incorrect coordinates in the Tauri production webview; replaced with a custom .atlas-node-tip element positioned via mousemove using raw clientX/clientY − getBoundingClientRect().
  • QR code blank in mobile setup. The QR code in the mobile/remote setup wizard (Step 3) rendered as a white blank. The Tauri CSP’s default-src 'self' blocked the data: URL the QR library writes into an <img> element. Fixed by adding img-src 'self' data: blob: to the CSP.
  • Graphnosis Docs duplicated on app update. Every time the app detected a newer bundled docs version and re-ingested, it appended a new copy of the docs to the existing graphnosis-docs engram instead of replacing it. The docs:ingest handler now purges all existing sources in that engram before re-ingesting.
  • Sidebar logo not centered. The Graphnosis logo in the left sidebar was visually offset. Fixed the wrapper to use display:flex; justify-content:center instead of relying on margin:auto inside the flex column.
  • forget tool modal described source-level behavior. The in-app MCP Tools browser entry for forget still said the tool removes a source. Updated to describe node-level soft-delete, the recall_structured prerequisite for finding node IDs, and that removing an entire source is a user-only action in the Sources page.
  • MCP Tools modal brand badge layout. The Graphnosis logo and wordmark now appear as a top-right badge (logo above label) with align-items:flex-start on the header, cleanly separated from the tool name on the left. The “Full MCP Tools reference” docs link is flush left in the footer via margin-right:auto.
  • Updater bundle missing from CI. The release workflow was not producing the .app.tar.gz needed by the Tauri updater endpoint. Added "createUpdaterArtifacts": true to tauri.conf.json.

v0.10 — Consent, Activity Log, and safer AI tools

Added

  • Consent gate for sensitive data. Before any sensitive engram is served to an AI client, the Graphnosis app pops a one-click prompt: Deny / Allow once / Allow for 1 hour / Allow for today. Personal-tier recalls are silent by default (installation + MCP config are already two informed actions). The old phrase-typing flow is preserved as a headless fallback for SSH / CI / no-GUI sessions. See AI Access Controls.
  • Per-(client, tier) consent records. Every grant, expiration, and revocation is logged inside your cortex. Settings → AI shows currently-active grants and a full history modal. Records never leave your device.
  • Configurable consent intervals. Pick how long a confirmation is remembered before re-prompting: every access, 15 min, 30 min, 1 hour, 4 hours, daily, weekly, monthly, 6 months, or permanent. Per-engram overrides in Cortex Management → Edit Engrams; the stricter setting wins.
  • First-connect policy chooser. The first time a never-seen AI client triggers the consent flow, the app pops a one-time chooser so you can set per-tier defaults (always-allow / ask-1h / ask-1d / ask-every-time / never-allow). Editable later in Settings → AI → Client policies.
  • Recall rate limit. Each AI client is limited to 10 recall calls per 60 seconds. Catches burst-scan patterns.
  • Session replay blocker. A recall whose query is ≥ 85% similar (Jaccard token set) to a query issued within the last 60 seconds by the same client is blocked on the 3rd occurrence. First two identical queries pass (legitimate retries); sustained 3rd+ is the scraping pattern.
  • Opt-in session caps. Three optional cumulative-volume caps in Settings → AI → Optional session caps: token cap (default 100 000 when enabled), node cap (default 500), engram-breadth cap (default 6). All off by default.
  • Settings → AI → Extra precaution mode. New checkbox that gates personal-tier recalls behind the same in-app prompt + per-client policies + first-connect chooser as sensitive recalls. Off by default.
  • Top-bar sensitivity badge. A color-coded PUBLIC / PERSONAL / SENSITIVE pill next to the active engram in the top bar. Click to change tier or set a per-engram consent interval.
  • First-connect AI client modal. When a new AI client connects for the first time, Graphnosis asks whether it’s a chat assistant or an autonomous agent. Agent mode overrides the consent interval to “every recall” — extra friction for unattended automation.
  • 34 MCP tools across 9 categories. The toolset expanded from the original 11 to 34: full Engram discovery (list_engrams, suggest_engram, browse_engram, recent, get_engram_schema); structured recall variants (recall_structured, recall_with_citations, compare_engrams, cross_search); source operations (find_source, recall_source, transfer_source); engram operations (ingest_batch, engram_summary); brain maintenance (duplicate_pairs, healing_journal, gnn_status); approximate similarity (audit_memory, check_duplicate); and Local-LLM-backed (gnn_neighbors, llm_query, llm_distill). Full reference: MCP Tools.
  • Activity Log in Status pane — full upgrade. The Status tab’s activity feed now loads 20 entries at a time and adds more on scroll (IntersectionObserver sentinel). Each row shows: a short content preview (first ~120 chars of the memory), a triggeredBy badge indicating who initiated the action (user · ingest, user · forget, mcp · remember, brain · consolidation, connector · <kind>, etc.), and an Open in Sources ↗ button for source-linked events. Historical entries without attribution show no badge — no backfill.
  • Actor attribution on all write paths (triggeredBy). Every op-log event written by the sidecar now carries a triggeredBy field identifying the actor — mcp:remember, mcp:forget, mcp:correct, user:ingest, user:forget, user:correct, brain:reinforcement, brain:consolidation, connector:<kind>. The Activity Log surfaces this as a colour-coded badge. New cortexes and all events going forward are attributed automatically; no migration of historical events.
  • 3D Engram edge hard-lock. Any edge category with more than 10,000 edges is permanently hard-locked: it is never rendered, never toggled by the legend, and never triggered by hover — regardless of any setting. The legend row for a locked category is shown at 25% opacity with a “not-allowed” cursor and no interactivity. This prevents THREE.js geometry-allocation freezes on large cortexes (the trigger was a 65K-edge semantic graph). Categories between 5,000 and 10,000 remain in the existing auto-hide tier (off by default, re-enableable); categories below 5,000 are always interactive.
  • In-app MCP Tools browser. New MCP Tools button in the left sidebar (next to Settings) opens a dedicated page listing every tool grouped by category, with a short description, determinism class, and 1–3 example prompts you can paste straight into your AI client.
  • Boot loads your last-active engram first. Graphnosis now remembers which engram you had selected and loads it as the default on next unlock — the lock screen reveals with the correct engram already showing. See Boot & engram loading.
  • Sequential background engram loading. Secondary engrams load one at a time with event-loop yields between each, so the desktop app’s first list_nodes call doesn’t sit queued behind 12 concurrent decryption jobs. Reveals in ~3 seconds instead of 25–30 seconds on cortexes with many engrams. Status bar shows a live “Loading N more engrams…” countdown while the rest stream in.
  • Engram picker shows pending engrams. The active-engram dropdown lists every engram immediately on unlock — the ones still loading appear greyed out and aren’t clickable until they finish. Positions stay alphabetical with no reshuffling.
  • Local LLM-assisted search. Two checkboxes inline with the search box (only enabled when the local LLM is reachable): ”🤖 Synthesize answer” writes a 1-paragraph answer with citations, “Enhanced ranking” re-orders results by LLM-judged relevance. Settings → AI → “Use Local LLM only for search” restricts the LLM to in-app search and disables develop/predict/insights/llm_query MCP tools.
  • Local LLM checkbox toggle. The Go Non-Deterministic tab’s Local LLM master switch is now a labeled checkbox instead of separate Enable/Turn off buttons.
  • “Local LLM…” button replaces the static search-row hint. The previous “Requires a local AI model — enable in Go Non-Deterministic” cluttering the search row is now a small “Local LLM…” button that takes you directly to the toggle.
  • Search-results × close button. A close button in the search-results header mirrors the in-input × — clears the query and returns to the dashboard without scrolling back up to the input.
  • Needs Your Review overlay polish. The overlay now shows an immediate loading placeholder while populating (was empty for ~1s), and auto-closes when you switch away from the Deterministic Consolidation tab.
  • Amber idle indicator on MCP connections. AI tools panel rows turn amber + show · Idle Xm (compact: 47s / 12m / 3h) when a connection hasn’t seen a request in 15+ min. Returns to green pulse automatically on the next request. The status-bar dot and left-sidebar chip for that client also turn amber while idle.
  • × force-close button per MCP connection. Hover any row in the AI tools panel to reveal a × button; one click force-closes that connection. Non-destructive — the relay auto-reconnects on its next tool call and a fresh row appears. Hidden for stdio transport.
  • Relay reconnect window: indefinite. The MCP relay used to give up after 24 hours of waiting for the sidecar to come back. Now it parks forever (only exits when the AI client closes its stdin pipe). Closing Graphnosis for a week and reopening just works — your AI clients reconnect on their next tool call, no restart needed. Power users can still set a finite timeout via GRAPHNOSIS_RELAY_RECONNECT_MS env var or settings.json:mcpRelay.reconnectMs.

Changed

  • forget MCP tool is now node-level only. forget takes nodeIds (one ID or an array of up to 20), never a source ID. Removing an entire ingested file, URL, or clip is a user-only action done from the Sources page in the app — AI clients have no API path to delete a whole source. The correct workflow: recall_structured to find the exact node(s), confirm the text, then forget(nodeIds=[...]). If a source has 500 nodes and only one fact is stale, only that node is removed; the other 499 are untouched.
  • merge_engrams removed from the MCP toolset. Merging engrams is now a user-only action in the app UI. AI clients can move individual sources between engrams via transfer_source, but cannot trigger a full engram merge. This prevents irreversible structural changes from automated AI flows.
  • Tagline updated. “Your local encrypted memory, indexed for deterministic recall — auditable.” The new ending reflects that every access decision is logged and reversible.
  • Sensitive-tier defaults. Sensitive engrams now require consent every hour by default (was: blocked outright). The block-by-default behavior is still available — pick “Every access” or set the engram to never be granted consent.
  • Personal-tier recalls are silent by default. The consent gate only fires for sensitive-tier recalls (or any tier in extra-precaution mode).
  • Federated recall silently scopes to consented tiers. When the AI doesn’t name specific engrams, Graphnosis silently excludes any un-consented sensitive engrams from the search instead of firing a prompt. The prompt only fires when the AI explicitly names a sensitive engram via only_engrams. Stops the surprise where merely having a sensitive engram caused every personal-data query to prompt.
  • MCP recall audit footer. When consent is valid, recall results now end with [<client> — <tier> access: valid until <time>. Revoke in Settings → AI.] so the AI surface always shows the current authorization state.
  • MCP consent errors now render correctly in Claude’s UI. The consent-required notice was being returned as a JSON-RPC -32603 Internal Error, which Claude renders as a generic “Tool execution failed” with no detail. Now returned as a proper tool result with isError: true so the full notice reaches the AI client’s UI.
  • Background neuron-field animation rewritten. The ambient “cortex simulation” behind the vitality card now uses pure Brownian motion with per-node pulsation and short directed-edge synapse pulses, replacing the prior attraction-based simulation that collapsed nodes into 2D lines. Opacity dropped from 0.55 → 0.2 so it reads as a true backdrop.
  • “Cortex secured” capitalization. Lock-screen boot status now reads “Cortex secured” instead of “cortex secured”.

Security

  • 5-attempt lockout per (client, tier). Five consecutive failed confirm_data_access attempts in 10 minutes revokes that pair’s consent and notifies you. Other consents are unaffected.
  • Per-cortex HMAC secret. Each cortex generates a 32-byte secret on first unlock that drives consent phrase rotation. Stored encrypted in your settings; never exposed via MCP, IPC responses, or logs.
  • MCP write protection. consentHmacKey, dataAccessConsents, consentIntervalSensitiveMs, consentIntervalPersonalMs, and clientTypes are not writable via any MCP tool. Only the authenticated Tauri IPC channel can update them.
  • Fast-fail when cortex is locked. Tool calls reaching the MCP relay while the cortex is locked now respond immediately with a clear “Graphnosis is locked” error instead of hanging up to 24 hours.

Fixed

  • 3D Engram freeze on Cmd+Tab and source-legend hover (large graphs). On cortexes with 65K+ semantic edges, switching apps or hovering any source row in the legend would freeze the UI for several seconds. Two causes fixed: (1) rapid hover events coalesced into a single requestAnimationFrame-gated refresh instead of stacking; (2) the linkVisibility peek-through callback — which temporarily reveals all edges for a hovered source — is now gated at 10,000 total links. Above that threshold the callback returns the current visibility state unchanged, preventing THREE.js from allocating geometry for tens of thousands of hidden edges in a single frame.
  • Lock-screen freeze during boot. The lock screen would sit on “Loading memories…” for 25–30s on large cortexes. The sidecar was using Promise.all for 12 concurrent decryption jobs, saturating the Node event loop and starving the IPC socket so the boot’s list_nodes call sat queued. Sequential loading + setImmediate yields between each load lets IPC interleave and reveals the lock screen in ~3 seconds.
  • Stale localStorage engram preference. If you deleted the engram you’d last selected, the next boot would silently create a fresh empty engram with that name. Now falls back to personal instead.
  • HMAC key race condition. Concurrent get_consent_phrase calls during Settings panel open no longer race on the atomic settings write. The in-flight promise is cached so the first save wins and concurrent callers share the same key.
  • mergeWithDefaults was dropping consentHmacKey. Every settings save was silently regenerating the phrase secret, breaking consent validation. The key is now explicitly preserved through merge.

Migrations

  • HMAC secret generation. Older cortexes that pre-date v0.10 will generate a fresh consent secret on first unlock. No user action required.
  • Consent records. Cortexes with no dataAccessConsents field are treated as having no granted consents. The first recall from an AI client triggers the first-time notice.

v0.9 — Deterministic Consolidation

Theme: a memory that strengthens, never weakens. The third tab is reborn as Deterministic Consolidation — an engine that makes every memory you add permanent and ever more retrievable. Connections strengthen the more you use them, engrams link to one another, and a daily consolidation pass integrates the whole cortex. Nothing here ever weakens a correct memory.

Added

  • Connection reinforcement. Memories recalled together have the connection between them strengthened (“fire together, wire together”); a repeatedly co-recalled pair with no link yet earns one. Reinforcement is live — strengthened connections genuinely rank higher in future recalls — and saturating, so it never runs away.
  • Cross-engram connections. Graphnosis now links memories across engrams — via shared named entities or high semantic similarity — so a query in one engram can surface what you know in another. Stored encrypted alongside your cortex.
  • Consolidation. A daily deep pass: transitive inference (if A→B and B→C, infer A→C), community detection, and redundancy cleanup (dead edges left dangling to already-deleted memories). All additive or tidying — a connection between two live memories is never removed.
  • Memory health. The tab’s headline is now a retrieval-quality report — connectivity, integration, confidence, coherence, reinforcement activity, and a saturation guard — instead of a raw size-and-density score.
  • Graphnosis Neural Network (opt-in). A new Go Non-Deterministic tab adds an optional, off-by-default neural network that predicts likely-missing connections between your memories. Predictions live in a separate encrypted overlay (neural-network.gnn) — never mixed into your deterministic graph — and surface only as clearly-labelled, one-click-removable suggestions. That tab is also the new home for the optional local-LLM setup and AI-generated insights.
  • Add the Graphnosis docs to your cortex. On unlock, Graphnosis offers to load its own documentation into a dedicated graphnosis-docs engram, so your AI can answer questions about Graphnosis itself. The docs are bundled inside the app — adding them is fully offline, with no network access — and refresh when you update the app.

Changed

  • The third tab is now “Deterministic Consolidation” (was “Autonomous upkeep”).
  • Memories no longer decay from disuse. Anything you deliberately add — a file, URL, clip, or saved conversation — keeps its confidence indefinitely. The only things that lower a memory’s standing are explicit correctness events (contradiction, supersession, your own correction), all audited and reversible.
  • Recalled memories are reinforced. Appearing in a recall result now gives a memory a small confidence boost — the strengthening half of the old decay/reinforce pair, now active.
  • The local LLM is now opt-in. Graphnosis no longer uses a local LLM just because one happens to be running. Insights and the richer develop / predict synthesis stay off until you explicitly enable the local LLM in the Go Non-Deterministic tab — detection is never consent.
  • correct no longer needs an AI model. The correction tool is deterministic by default — it supersedes the closest-matching memory with your fix, reproducibly, with no model required. The optional Neural Network widens its candidate set and the optional local LLM upgrades it to multi-edit diffs, but neither is required. With the local LLM off, develop / predict / insights also degrade gracefully — returning the deterministic recalled context with a clear note instead of failing quietly.
  • Vitality is a ratio-based score. The 0–100 vitality reading is now computed from connectivity, confidence, recent activity, and coherence, so it ranges meaningfully across a cortex’s life instead of pinning near the top.

Fixed

  • cortexes that wouldn’t open. A crashed embedding worker could stall the sidecar so a cortex never finished unlocking. The worker pool now routes around a dead worker and recovers.
  • Your AI client keeps working across Cortex switches. The MCP connection now uses a fixed per-user socket path, so a client you configured once (Claude Desktop, Cursor, …) keeps working after you switch or reopen cortexes.
  • A moved, renamed, or deleted cortex folder no longer crashes the app. If the folder Graphnosis remembered is gone, the app reports it cleanly instead of failing to start.
  • UI polish. The lock-screen footer no longer breaks awkwardly, the top-left logo is centered, the Settings → Connectors section renders cleanly, and the main tab strip no longer clips the first tab.

Migrations

None. Existing cortexes gain the cross-engram connection store on first run, and may be offered the bundled Graphnosis documentation; the neural network and local LLM both default to off until you opt in. No memory is altered on upgrade.

v0.8 — Autonomous upkeep

Theme: a cortex that maintains itself. Graphnosis now keeps your memory tidy on its own — merging duplicates it can prove are redundant, weaving connections between related memories, and surfacing the judgment calls it can’t safely make. New background passes run on a schedule: what they can fix, they fix; what needs you, they route to Check-in.

Added

  • Autonomous self-healing. A background duplicate scan merges memories that are provably the same — byte-identical text, or one fully contained within a longer one. Merges are automatic, conservative (a merge never loses information), and reversible (soft-delete, recorded in the op-log). The Autonomous tab’s Self-healing section shows the running count. Full detail in Deterministic Consolidation.
  • “Needs your review” in Check-in. Near-duplicate pairs that aren’t provably identical — a differing number, an added negation, a partial overlap — surface in the Check-in tab with both memories side by side and a one-click Same memory — merge / Keep both decision. Graphnosis heals what’s certain; you decide what’s ambiguous.
  • Automatic connection weaving. Memories that are clearly related but distinct get an automatic “related” connection, so isolated memories aren’t left floating. Conservative — already-dense memories are skipped, and typed/directional relationships are still left to you in the Check-in deck.
  • Post-ingest scan. Ingesting a file now triggers a duplicate scan shortly after it completes, so new content is checked promptly instead of waiting for the next scheduled pass.
  • Visible upkeep schedule. The Autonomous tab now shows the cadence of every background pass (duplicate scan every 20 min, connection forming 45 min, goal check 4 h, insights 6 h, memory decay 24 h).
  • Standalone / Local LLM shortcuts. Two buttons in the sidebar’s “Get connected” section explain the two modes — fully deterministic Standalone (the default) vs. adding a local LLM for insights and deeper connection-forming.

Changed

  • The third tab is now “Autonomous” — it collects vitality, self-healing, insights, goals, and live activity in one place.
  • Vitality shows 0 until it’s calculated, so a still-starting-up score is never mistaken for a real one.
  • “Cache everything” is the default content-cache mode, selected out of the box.
  • The memory trace clears on lock. Locking your cortex now clears the left-rail recents list and the detail pane, so a re-unlock starts with a clean slate.

Migrations

None. v0.8 is fully backward-compatible. The self-healing journal is created on first run; existing cortexes gain it automatically.

v0.7 — Sources management, 3D graph performance, and readability

Theme: make large cortexes easier to navigate and large graphs easier to work with. This release adds first-class source management (search, move between engrams), makes the 3D graph usable on 25K-edge graphs without freezing the UI, and addresses a wave of readability and polish issues reported after v0.6.

Added

  • Sources search filter. A “Filter sources…” input sits above the Sources list. Typing narrows the list instantly — source names and file paths both match. Engram group headings hide automatically when none of their sources match, so you only see the groups that are relevant.
  • Move a source to another engram. Each source row now has a Move to… button. A compact inline picker appears with a list of your other engrams (sorted alphabetically). Pick an existing engram or choose New Engram… to create one right from the picker — the new engram is created with a Personal template and your chosen display name, and the move happens in the same gesture. All chunks, embeddings, and the content cache entry transfer with the source; the graph re-links automatically after the move.
  • Help button in the top bar. A ? button next to the Lock button opens docs.graphnosis.com in your default browser.

Changed

  • Sticky engram headings in Sources. When you scroll through a long sources list, the current engram’s name header sticks to the menu bar so you always know which engram you’re looking at. The heading is replaced by the next engram’s heading as it scrolls into view.
  • Semantic edges auto-hide on large graphs. When a graph has more than 5,000 semantic (embedding-similarity) edges, Graphnosis automatically hides that category in the 3D view to keep framerate navigable. The legend shows semantic edges as “off” so you can re-enable them at any time. Switching to a smaller graph that is below the threshold restores them automatically.
  • 3D graph layout no longer freezes the UI during initial layout. The force simulation now scales its parameters to the graph’s node count. Large graphs (1,500+ nodes) skip the synchronous warmup pass and run with a faster alpha-decay and fewer collision iterations — the graph appears immediately and settles in the background. Periodic reheat is also disabled above this threshold. Small graphs are unaffected.
  • 3D graph reset no longer shifts the view. Previously the Reset button moved the orbit pivot to the world origin, which caused the camera to visibly jump when the pivot didn’t coincide with the view center. Reset now only clears selection emphasis (node size, opacity); the camera stays exactly where it was.
  • Engrams sorted alphabetically in all pickers. The top-bar engram dropdown, the move-to picker, the connector target selector, and the Settings engram lists all now sort by display name instead of creation order.
  • ai-conversation source references rendered as readable labels everywhere. The detail-pane breadcrumb and trivia-card source label now show AI: <topic> (or AI conversation when no topic is set), matching the formatting the Sources list and atlas legend already used. The raw ai-conversation:<timestamp>:<topic> ref no longer appears anywhere in the UI.

Fixed

  • Sources list scroll position preserved after a move. Confirming a move previously reloaded the list and scrolled it back to the top. The view now stays in place.
  • Sources list auto-refreshes after a move completes rather than requiring a manual pane switch to see the updated state.

Migrations

None. v0.7 is fully backward-compatible with v0.6 cortexes.

v0.6 — Mobile, connectors, and the broader MCP-client universe

Theme: make your cortex reachable from anywhere, growing on its own from the tools you already use. The biggest single release since v0.1 in scope of new surface — a mobile bridge with a 3-step wizard, six service connectors with BYO credentials, encryption for those credentials at rest, broader MCP-client coverage beyond Claude Desktop / Code / Cursor, and a Settings UI to manage all of it.

Added

  • Mobile & Remote Access. New HTTP/SSE MCP bridge on port 3457 with bearer-token auth, configurable interface (loopback-only vs all-interfaces). Auto-generated UUID token, no manual token handling. Connect Claude for iOS, Claude for Android, browser extensions, or any HTTP MCP client — over LAN at home or Tailscale anywhere. Full walkthrough at Connect from your phone.
  • 3-step mobile setup wizard. Settings → Mobile & Remote Access → “Set up mobile access…” — enable the bridge, pick the network interface (Tailscale-aware, recommended), copy MCP URL + masked bearer with one-click Copy buttons. Returning-user fast path: jumps straight to Step 3 on re-open.
  • Six service connectors. Auto-ingest from existing tools, all BYO-credentials so Graphnosis is never in any OAuth chain:
    • RSS / Atom — pull from any feed URLs, deduplicated by guid
    • GitHub — issues, PRs, releases from a list of repos (fine-grained PAT)
    • Slack — starred items + optional channel history (your own Slack app)
    • Trello — cards + checklists from selected boards (API key + token)
    • Linear — issues with team / state / priority filters (personal API key)
    • Generic webhook — receive POSTs from Zapier, IFTTT, custom scripts, iOS Shortcuts; auto-generated unique URL per connector Full walkthroughs per connector at Auto-ingest from your tools.
  • Settings → Connectors panel. Install, configure, pull-now, edit, remove — all 6 kinds. Status pills (enabled / disabled / error / pulling), last-pull timestamp, event counts, target engram, per-row actions. Lives between AI Clients and Cortex Tools in Settings.
  • Connector credentials encrypted at rest. XChaCha20-Poly1305 with the cortex data key, base64-stored in settings.json as credentialsEnc. Same primitive as .gai files. Cloud-sync-safe — providers see ciphertext only. Migration from v0.6 plaintext is automatic on next save.
  • Broader MCP-client coverage. Added drop-in support documentation for Zed, Cline (VS Code), Continue.dev, Goose (Block), 5ire, Witsy, LibreChat, and Open WebUI — all the same graphnosis server entry, just different config-file paths per client.
  • Sources pane → Settings deep links. Above the Sources list, a quiet hint banner: “Want this list to grow on its own? Connect an AI client → · Set up a connector →”. One click jumps to Settings, scrolls the relevant panel into view with a brief accent ring.
  • Custom engram picker in the top bar — always opens downward (replaces native <select> whose macOS-default open direction often drifted upward off the top bar). Outside-click and Escape close. Selected option indicator + chevron button.

Changed

  • Brand line: “Your Local Encrypted Second Cortex” (dropped the comma between Local and Encrypted — cleaner rhythm). Lock-screen unlock prompt sharpened to “Unlock your encrypted second cortex:” — fits the act of entering a passphrase.
  • Atlas legend labels. AI-conversation source labels were rendering as raw refs (ai-conversation:1779139479066:Milestone — …); now formatted to AI: <topic> so the legend reads as a list of things, not internal sourceRefs. Full label preserved in hover tooltip.
  • About panel links updated for current org / docs URLs: Source → nehloo-interactive/graphnosis-app (LLC org), Docs → docs.graphnosis.com. New Terms link added next to Privacy.
  • Engram-suggest banner preview now renders the full text scrollable inside the banner (was 280-char truncation), so you can read what the AI is about to save before confirming.

Fixed

  • Sidecar typecheck violations from the mobile session’s HTTP-bridge + connectors commits (zod v4 record signature change, exactOptionalPropertyTypes strict mode catching explicit-undefined property assignments). 8 errors → 0, unblocking the v0.6 connectors UI work.
  • Engram dropdown direction. Was a macOS-OS-controlled annoyance for picker placement near the top bar; now custom-rendered to always drop down predictably.

Security

  • Connector credential encryption at rest (described above) closes the gap where v0.5 / pre-v0.6.1 settings.json stored Slack/GitHub/Trello/Linear tokens plaintext. Anyone backing up or cloud-syncing their cortex folder pre-v0.6.1 should re-paste their connector credentials so the new encrypted-at-rest path takes effect, then verify settings.json shows "credentialsEnc" instead of "credentials" for each connector.

Migrations

None required. v0.6 is fully backward-compatible with v0.5 cortexes. The first settings save after upgrading to v0.6.1 transparently encrypts any plaintext connector credentials.

v0.5 — More AI clients, smarter remember, background notifications

Theme: let any AI client confidently target a specific engram, and tell you when the app’s in the background. Plus a broader AI-client expansion beyond Claude Desktop, and ingest performance you can dial in.

Added

  • Claude Code (CLI) and Cursor support alongside Claude Desktop. The “Connect an AI client” modal in the menu-bar tray now writes the correct config for all three. Settings → AI Clients lets you re-run the configuration for any of them at any time. All three use the same stdio MCP transport against the bundled sidecar binary — same cortex, same memory, three faces.
  • target_engram parameter on remember. An AI client can now say “save this to my book-notes engram” instead of dumping into the default. Graphnosis resolves the name with a normalized exact match, then a dependency-free fuzzy matcher (substring containment + token-set Jaccard + Levenshtein) and surfaces one of three outcomes:
    • Exact match → write immediately.
    • Close matches → a banner top-center in the app lists ranked candidates with match reasons (contains your text · 90%, same words · 100%, close spelling · 75%). You pick which existing engram to use or create a new one with the AI’s suggested name.
    • No match → banner offers “Create new” only. The AI never auto-creates an engram or silently disambiguates — every new engram is a human-confirmed decision.
  • One-click create-and-save from the banner. Click “Create engram & save” and the app creates the engram (template: personal, your suggested display name) AND ingests the note in one gesture. Top-bar engram dropdown refreshes immediately so the new engram is selectable everywhere.
  • Background notifications for AI-driven confirmations. When the menu-bar panel is collapsed or another app is on top, the app fires a native macOS notification for events that need your attention: engram-create-suggested (an AI wants to save into a new engram) and correction-proposed (an AI proposed a correct diff). Foreground stays silent — the in-app banner is the only signal so you’re never double-notified. Permission requested lazily on first event.
  • Ingest performance presets in Settings → AI Settings. Chunk size (fine 300 chars / balanced 500 / coarse 2500) and embed batch (small 64 / medium 256 / large 1024 / auto based on total RAM). Lets you trade ingest speed against recall granularity without touching env vars.
  • Pluggable 3D engine architecture. The 3D Engram view now boots through an engine-selector with three implementations: deck.gl (default), three.js + custom physics worker, and three.js + force-graph-3d. Settings → AI Settings → Visualization lets you switch engines live. Default is deck.gl for stability across large graphs; three.js variants are available for engagement experiments.
  • Right sidebar memory inspector. Click any node in 3D Engram or any row in Sources / Recall to open a sticky right-side detail pane: full text, source, neighbors, “How are these connected?” picker, +Connect candidates with sticky Connect/Cancel buttons at the bottom.
  • Check-in deck redesign. The daily check-in panel got a denser, less cluttered layout — 10 inline “Connect as” buttons (was 6), turquoise tagline, mustard-gold inline content, grayed-out non-interactive chips, single-click Forget confirm.
  • AI-conversation source kind on the Sources list. When an AI calls remember with kind: 'ai-conversation', the Sources list shows a distinct icon so you can tell “the AI paraphrased our conversation” from “the AI saw this in a doc I shared”. (Schema was added in v0.4; the UI distinction landed in v0.5.)

Changed

  • remember MCP tool parameters. Renamed graphgraphId, removed tags (never wired through), added kind and label. See MCP Tools reference for the current shape.
  • Synapse copy across the app. “this App’s Synapse” / “this App’s running Synapse” → “Graphnosis Synapse” everywhere it appeared (configure-client modal, tour, status text). The synapse story is now consistent: the synapse is the bridge between your AI client and your cortex, period.
  • Configure-client modal post-success state. After a successful Connect, the modal now shows a check + “Done” instead of leaving “Apply” visible (Apply was a stale instruction — there was nothing left to apply).

Fixed

  • remember returned “Ingest produced 0 nodes” for some markdown inputs. Root cause was in the SDK’s parseMarkdown — input with no headers returned an empty section list. Three-layer fix: SDK v0.5.1 wraps headerless input in a synthetic section, sidecar adds a symmetric fallback for the kind=markdown → 0-nodes case, MCP remember routes short text / long markdown / long headerless text differently.

Migrations

None. v0.5 is fully backward-compatible with v0.4 cortexes.

v0.4 — Touch ID, attribution, and a better Check-in

Added

  • Touch ID unlock (macOS). Lock screen now shows an “Unlock with Touch ID” button once you’ve signed in with a passphrase at least once. Powered by a Swift sidecar binary that talks to Apple’s LocalAuthentication.framework — the actual unlock still reads your saved passphrase from the macOS Keychain after biometric success. Falls back gracefully on Macs without a Touch ID sensor.
  • AI client attribution on Sources. When an AI client adds a memory via the remember MCP tool, the Sources list shows a small turquoise badge — via claude-ai, via cursor, etc. — derived from the MCP initialize handshake’s clientInfo.name. User-added sources (drag-drop, paste, file picker) have no badge.
  • ai-conversation source kind. The remember MCP tool now accepts an optional kind: 'clip' | 'ai-conversation' parameter. AI clients can use ai-conversation when saving a turn or summary of the CURRENT conversation, distinct from clip for facts extracted from external content. The Sources list surfaces these differently so the user can tell “the AI paraphrased me” from “the AI saw this in a doc I shared”.
  • Correction attribution on the op-log. Every event emitted by applyCorrection (addNode, editNode, supersede, deleteNode) now carries correctedBy when the correction came through an MCP client. The audit log can show “Claude edited this node” alongside the content + reason.
  • Default cortex path suggestion. First-time users see ~/Graphnosis-Cortex pre-filled in the lock-screen folder input — no need to click Choose to pick a path. The folder is created on first unlock if it doesn’t exist.

Changed

  • Check-in card layout overhaul:
    • Removed the “Choose another memory” search box (redundant with ⌘K and the deck arrows).
    • Bottom action bar now has only Skip and 🗑 Forget (was Looks right / Fix / Skip + an in-card Forget).
    • Forget asks for a single-click confirm: “Forget this memory? It will be soft-deleted (recoverable until Purge)” → Cancel / 🗑 Forget anyway.
    • Inline-text colors: source + candidate memory texts are now mustard gold (#d4a82c) to distinguish content from interactive elements.
    • fact / trust 0.90 chips are grayed out so they read as info, not buttons.
    • Funny tagline at the top of each card is now turquoise (matching the seahorse logo) and a touch larger.
    • Connect as shows up to 10 inline buttons (was 6), always topped up with generic types (Same topic / Related / Mentioned in / Depends on / Cited in / Builds on / Contradicts).
  • “How are these connected?” picker (opened from candidate panel’s “Other…”):
    • Overlays the right-side memory-trace sidebar instead of dimming the whole screen — you can still see source + candidate while picking.
    • Auto-closes when you click either node text, switch to 3D Engram, click anywhere else on the deck card, or hit Escape.
  • Lock screen title: “Unlock your private cortex” → “Unlock your private second cortex of memories:”.
  • Last-used cortex path is now pre-filled and the passphrase field auto-focuses on launch.

Fixed

  • Dev-server infinite rebuild loop. Tauri’s file watcher was triggering a fresh build every time build.rs rewrote the Swift biometric binary. Fixed via .taurignore excluding binaries/ + an mtime guard in build.rs that skips swiftc when the binary is already up-to-date.

v0.3 — Recovery, safety, and the synapse story

The big theme: make data loss require a series of unlikely mistakes, not just one bad day. Five new safety layers, a real passphrase-rotation flow, and several long-standing UI bugs fixed in the process.

Added

  • 24-word BIP-39 recovery phrase. Generated locally when you create a new cortex (or auto-backfilled on first unlock of a pre-v0.3 cortex). Shown exactly once via a gated lock-screen modal — the unlock → app transition is paused until you acknowledge. See Recovery.
  • Passphrase change. Settings → after a recovery-mode unlock, the app offers to set a new passphrase. Instant — only the wrapper file is rewritten; engrams stay encrypted with the same data key. The recovery phrase remains valid.
  • Regenerate recovery phrase. Settings → Recovery phrase → typed-confirmation flow. Useful if you never saw the original modal, suspect the phrase is exposed, or want periodic rotation.
  • Cortex Management. Settings → Cortex Tools → red “Cortex Management…” button opens a dedicated modal for every destructive engram operation: forgotten-memories purge, engram archive/delete, quarantined-file restore/delete. Every action gated by typed confirmation.
  • Auto-quarantine. When Graphnosis detects a corrupt .gai at startup (HMAC mismatch, signature failure), it auto-renames the file to <id>.gai.corrupt-<timestamp> so the next launch doesn’t keep retrying it. The engram becomes “missing” until you recover it from the op-log.
  • Recovery from op-log: live progress + backgroundable. The “Recover selected” flow now returns immediately, runs in the background, and pushes per-source progress events to the UI. You can close the panel and keep working; a native notification fires when recovery completes. Previously a 60–90-minute PDF re-ingest would time out at 10 minutes with no progress visible.
  • Snapshot offer before destructive ops. “Save a snapshot first?” prompt now appears before recover-from-op-log and before changing the passphrase. The snapshot now includes master.enc and recovery.enc — previously these were silently omitted, which would have bricked any restored snapshot.
  • Native macOS notifications for ingest completion and recovery completion. Permission requested lazily on first event.
  • Two-worker embedding pool. Embedding work runs in dedicated worker threads instead of the main process, keeping the UI responsive during large ingests (the 4233-page PDF case).
  • Auto-jump to 3D Engram after ingest. When the last file in a batch finishes successfully and adds at least one node, the UI hops to the 3D Engram view so you immediately see your new memories in the graph.
  • Seahorse / hippocampus / engram brand story. The seahorse logo is now explained inline: “hippocampus” is Greek for seahorse — the brain region the logo references is exactly the structure Graphnosis embodies in software (encoding, storage, retrieval).
  • Keeping your cortex safe guide. New doc consolidating the five safety layers and what to do when things go wrong.

Changed

  • Settings tab reorganization. The Preferences modal is now just app-behavior knobs (cache mode, forget behavior, MCP relay, AI client routing). Engrams management, quarantined files, and the “forgotten memories” / purge surface all moved into the new Cortex Management modal. Recovery-phrase regeneration is a top-level Settings tab panel.
  • Tray menu: “Open inspector…” → “Open Graphnosis…”.
  • Unlock screen title: “Unlock your Graphnosis cortex folder” → “Unlock your private cortex”. Passphrase field gained an inline warning about the passphrase being the only key + recovery-phrase fallback.
  • Content cache default cap raised from 50 MB → 512 MB per source. Now covers realistic large reference manuals (e.g. a 4233-page PDF at ~210 MB) without users having to change settings.
  • Tour copy updated to reference the hippocampus / engram / synapse / seahorse story and to explain that Graphnosis must be running and the cortex unlocked for AI clients to read memories.
  • Status pane is now a read-only health snapshot. “Forgotten memories” footer moved to Cortex Management (where every destructive op lives).

Fixed

  • Tauri 2 event-name silent failure. Periods aren’t allowed in Tauri 2 event names (only [a-z0-9], -, /, :, _). The app was emitting graphnosis://cortex.created, graphnosis://ingest.progress, graphnosis://ingest.done, graphnosis://recovery.progress, graphnosis://recovery.done — all rejected silently. Result: the one-time recovery-phrase modal never showed, ingest progress toasts never updated, recovery progress bars never updated. All five renamed to use hyphens.
  • .gai / .bundle corruption from interrupted saves. Pre-v0.3 the app used fs.writeFile directly to the canonical path, leaving partial files on process kill (force-quit, OS kill, crash). All saves now go through an atomic-write helper (tmp → fsync → rename). POSIX rename(2) is atomic — either the old file is intact or the new one is fully written.
  • Large engrams silently disappearing from the picker. A graph with a 160 MB+ embcache could throw mid-load and never make it into the in-memory engram map. Cache load failures are now non-fatal — the graph is added with an empty cache and embeddings rebuild from scratch.
  • Recovery panel timed out at 600s even when the sidecar was still working. The Rust → sidecar IPC for recovery.apply is now async — returns { accepted, jobId } in 15s; the actual work pushes events.
  • Duplicate formatBytes function declaration broke dev-server HMR.
  • Quarantine timestamps showing 1970. Display now auto-detects seconds-vs-milliseconds in the filename so manually-quarantined files (with date +%s timestamps) render the right date.

Security

  • Two-tier key model (master.enc). Passphrase no longer directly derives the data key. Argon2id(passphrase, salt) derives a wrap key that decrypts master.enc, which holds the actual data key. Industry-standard pattern; makes passphrase rotation an O(1) operation instead of having to re-encrypt every file in the cortex.
  • Recovery phrase wraps the data key, not the passphrase. The previous documentation said the opposite. The phrase is an independent unlock path: phrase → Argon2id → recovery wrap key → recovery.enc → data key. Lose the passphrase, the phrase still works; lose both, no one (including us) can open your cortex.
  • Atomic writes close a class of “I unlocked yesterday but today the file is corrupt” scenarios that had no recoverable cause beyond “the save was interrupted.”

Migrations

These run automatically on first unlock of a pre-v0.3 cortex; no user action required.

  1. master.enc written. Existing cortexes use the legacy “passphrase = data key” model. On first v0.3 unlock, the app derives the same key, writes master.enc wrapping it, and from that point on uses the wrapped-key path. Old code can still open the cortex until you change the passphrase.
  2. recovery.enc generated. Pre-v0.3 cortexes had no recovery phrase. The first v0.3 unlock generates a fresh 24-word phrase, wraps the data key, writes recovery.enc, and shows the phrase via the one-time lock-screen modal. Write it down before clicking Continue.

If you miss the modal (closed too fast, lost focus), regenerate from Settings → Recovery phrase any time.

v0.2.x and earlier

Pre-v0.3 changes weren’t tracked in this changelog. The headline features for those releases:

  • v0.2.x: PDF ingest worker, op-log recovery flow (sync), source index, embedding cache, MCP relay
  • v0.1.x: Initial release — local-first encrypted cortex, MCP server, federated recall, BGE-small embeddings, Tauri shell

Future releases will be tracked here from the date they ship.

© 2026 Nehloo Interactive LLC

Graphnosis™ is built by Nehloo Interactive.

GitHub Privacy Terms