# Changelog

Pre-launch development log. Versioned entries (v1.0+) begin at public launch; until then, entries are dated.

Format inspired by [Keep a Changelog](https://keepachangelog.com/).

---

## 2026-05-09

### Added
- **PII (Personally Identifiable Information) sanitizer** (`src/backend/api/services/sanitizer.py`) — regex redaction of CC (credit card), SSN (Social Security Number), PHONE, IP (Internet Protocol address), and EMAIL before transcripts reach the LLM (Large Language Model). Speaker attribution lines preserved; only utterance bodies are redacted. Injected into `LLMClient.extract_commitments()`.
- **Email digest pipeline** — three new modules under `src/backend/api/services/email/`:
  - `send.py` — Resend (Resend Email API) HTTP transport via `httpx`; never raises; returns `False` on failure so the worker pipeline continues
  - `digest.py` — `DigestPayload` dataclass + `build_digest()` (queries open signals per workspace) + `get_workspace_member_emails()`
  - `render.py` — dark-theme inline HTML + plaintext renderer; caps signal lists at 10 per category with "+N more" label
- **`task_send_daily_digest` cron** in `worker.py` — fires at 07:00 UTC daily; iterates all workspaces, skips if no signals flagged, sends to all active members via Resend
- **Worker health in `/health`** — `task_poll_recent` writes `worker:last_seen` timestamp to Redis (TTL 10 min); `GET /health` reads it and returns `worker_ok: bool`; external uptime monitors can now detect a dead worker
- **Mobile Sync now** — `integrationsApi.sync()` in `features/integrations/api.ts`; active integration rows in mobile Settings show a Sync button with spinner and inline result message
- **`docs/launch/concerns.md`** — v1 launch concern tracker with hard blockers, demo blockers, tech debt, architecture notes, and resolved log
- **`RESEND_API_KEY` + `EMAIL_FROM`** config fields in `Settings`

### Changed
- **Privacy UI — default ingestion policy** — `default_policy` select added to `PrivacyTab` ("Ingest all" / "Block all"); `exclude_private_events` default corrected to `true` to match API schema
- **Commitment card — owner at a glance** — `owner_name` promoted to the badge row (full and compact views) with a `User` icon; removed from the low-contrast metadata line where it was visually buried
- **`docs/engineering/deploy-gcp.md`** — plain env vars table expanded with `EMBEDDING_DIM`, `EMBEDDING_PROVIDER`, `EMBEDDING_MODEL`, `LLM_PROVIDER`; added note on embedding dimension as a one-time provisioning decision
- **Mobile settings copy** — "Mobile is read-only at v1" replaced with "Tap Sync to pull recent meetings. Connect or disconnect from the web app."
- **`features/integrations/index.ts`** — exports `integrationsApi` so settings screen can call sync directly

---

## 2026-05-03

### Added
- **`docs/index.md`** — navigation hub for the doc tree
- **`issues/008-mobile-wiring.md`** — mobile-to-API + Zitadel mobile auth (M1–M6, ~3.5 d)
- **L11 (Meetings UI)** to `issues/007-pipeline-completion.md` — web meeting detail page + mobile inline meeting context
- **Hero phone mockup** on `web/index.html` — 3 sliding panels (Home / Timeline / Settings) mirroring the actual mobile app's UI; theme-aware Cloudflare Turnstile widget; tightened section padding to `py-16`

### Changed
- README and roadmap: status sections updated to reflect trust-topology Phase 0–2b shipped; pipeline value-layer in flight; mobile wiring tracked separately
- `docs/data-model.md`: header note added pointing at `schema.shared.sql` + `schema.workspace.sql` (the schema is split since Phase 2a)
- `docs/strategic-review.md`: marked as point-in-time April 2026 snapshot; current state pointers added at the top
- `docs/Phase 0.1.md` → `docs/phase-0.1.md` (no spaces in filenames); status note added pointing at current trackers
- Marketing site: "Q2 2026" copy dropped in favor of "By invitation"; role dropdown broadened to industry-agnostic tiers (CxO/Founder, VP/Director, Manager, IC, Investor)

### Removed
- **`docs/audit_codes.py`** — replaced by `src/backend/api/audit_codes.yaml` (declarative single source of truth for the Fasten audit registry; lives next to the runtime that loads it)

---

## 2026-05-02

### Added
- **Trust topology delivery** — Phases 0, 1, 2a, 2b shipped on `phase/3-zitadel` (commits `d8cad77`, `bb44fab`, `5880950`, `230509d`, `e3475e3`, `e193a36`, `c2361be`, `2a346f0`, `5165a8d`):
  - Phase 0 — unprivileged `continuum_app` runtime role + 6-assertion RLS regression test
  - Phase 1 — `docs/trust-topology.md` (threat actors, isolation layers, locked decisions D1–D10)
  - Phase 2a — schema-per-tenant + tenant-routing layer (`get_db(workspace_id)`) + hard-fail GUC + trap-schema default + ORM-execute listener
  - Phase 2b — cross-workspace `my_memberships` RLS via `app.user_id` GUC; `users_visible_in_workspace` view; per-workspace LLM provider config; role-gated commitment visibility (`workspace | executives | private`)
- **Phase 3 in-band hardening** — TLS-to-DB startup check; HTTPS-only Zitadel issuer in prod (Z7); CI gates (3 lints + GitHub Actions running 19-assertion RLS regression on every PR); worker dispatch GUC enforcement; 13 `# TODO(audit):` markers at mutation sites (later grew to 19 as audit coverage expanded — see [014-fasten-wiring.md](issues/014-fasten-wiring.md)) for future Fasten swap
- **`issues/005-trust-topology-delivery.md`** — program tracker with commit hashes per phase
- **`issues/006-zitadel.md`** — JWT-validation gaps Z1–Z8 (Z7 shipped; rest open) + mobile Native OIDC app + Zoho IdP (later merged in 2026-05-28)
- **`issues/007-pipeline-completion.md`** — value-layer plan (L1–L11) for continuity matcher + signal evaluator + Decisions feature + Meetings UI
- **`docs/audit_codes.yaml`** — Fasten audit registry as declarative YAML (10 domains, ~30 codes)
- **Logging readiness for Fasten swap** (`621ca11`): `request_id` ContextVar + middleware + filter + `X-Request-Id` response header; worker error-logging decorator threading correlation; bare-except sweep (4 sites fixed)
- **`web/waitlist.php`** + Cloudflare Turnstile-aware form + `web/README-deploy.md` (Bluehost + DNS guide)

### Changed
- `issues/launch-blockers.md` (originally `003-launch-blockers.md`) — corrected stale status board (false ✅ on waitlist code; flipped six rows from ⏳ to ✅ as the trust-topology work landed)
- `issues/done/site-waitlist-deploy.md` / `issues/app-security.md` (originally `003a` / `003b`) — superseded RLS scope marked; deploy-side items still open
- `web/index.html` — hero rebuilt with side-by-side text/phone layout; mockup mirrors `src/mobile/app/(tabs)/_layout.tsx` exactly (Home / Timeline / People / Settings tabs with sliding indicator + active-glyph color); real workspace names (Apple, Salesforce, nerdAppLabs); industry-agnostic role names (Parker, Craig, Monika)

---

## 2026-04-30

### Added
- **Architecture decision record:** workspace-coupled integrations (Identity / Workspace / Workspace Integrations 3-layer model) — [docs/architecture.md](docs/architecture.md)
- **v1 launch architecture spec:** Tier 1/2/3 scope, 6–8 week sequence, run cost, red lines — [launch-architecture.md](docs/launch-architecture.md)
- **`workspace_integrations` table** to data model + Source interface to architecture
- **Document map** section in [v1-launch-spec.md](docs/v1-launch-spec.md) linking all planning docs in read-this-order
- **Threat model row** for OAuth token storage (Secret Manager refs)

### Changed
- README + roadmap: Phase 0.2 marked **absorbed into Phase 3** — Google Meet ships as the first `Source` against `workspace_integrations` rather than as a standalone phase
- v1.md: invite-only onboarding at v1.0 (was self-serve); self-serve trial deferred to v1.1 to match [launch-architecture.md](docs/launch-architecture.md)

---

## 2026-04-29

### Added
- **Phase 3 Zitadel v4 stack:** Login V2 split + dedicated `zitadel-db` Postgres + `continuum-*` project prefix
- **`zitadel-login` container** (Next.js Login V2 UI) with `network_mode: service:zitadel`; bootstrap volume for federated PAT
- **Stop-tracking** ⋮ menu on commitment cards + confirmation dialog
- **Settings → Connections + Privacy** tabs (live Google status, sync/disconnect, title patterns, excluded emails, private-event toggle)
- **`pitch.md`** — hero tagline + 4-point structure + closing
- **`docs/security-plan.md`, `docs/ai-plan.md`, `docs/ai-engineering.md`**
- **`issues/001-switch-extraction-to-native-tool-use.md`** — first tracked issue

### Changed
- **Continuum → Continuum State** brand convention across positioning docs
- Cherry-picked `phase/0.2-google-meet` UI (Settings, stop-tracking dialog, api.ts) into `phase/3-zitadel`
- Landing page: theme toggle, two-tone wordmark, "why this / now / us" section, SEO copy, legal pages

### Fixed
- Stop-tracking per meeting header
- Connect raw JSON error
- Zitadel healthcheck (distroless image — switched from `wget` to `/app/zitadel ready`)
- Seeder script: BusyBox `wget` → `curl`; v4 endpoint rename (`branding` → `label`); ash-safe wait loop; `Host: localhost` header for instance routing

---

## 2026-04-28

### Added
- **Zitadel JWT validation middleware** (`middleware/jwt_auth.py`)
- **Zitadel self-hosted in Docker** (initial setup with shared Postgres, before later split)
- **Phase 3 dashboard UI** — auth wiring, grouping, due-date urgency colors, sheet polish

---

## Earlier

See `git log` for v0.x phase work (Phase 0.1 transcript upload + extraction + dashboard shell). The original `phase/0.2-google-meet` branch (with backend Meet ingestion + privacy gate) has been **deleted** — its work is being reimplemented under the workspace-coupled model (see [docs/architecture.md](docs/architecture.md)). Last commit on that branch was `360addb`, recoverable via `git log --all --oneline` if needed.