Skip to content

cdeust/Cortex

v3.14.6 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Data & Storage
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agent-memory-system anthropic artificial-intelligence causal-inference claude claude-code
+14 more
claude-code-plugin cognitive-architecture cognitive-science episodic-memory hopfield-network llm-memory long-term-memory mcp-server model-context-protocol neuroscience persistent-memory predictive-coding retrieval-augmented-generation vector-db

Summary

AI summary

Session-scoped OTP cooldowns close an abuse vector and usage alerts warn owners before billing caps hit.

Full changelog
  • release: v3.14.6 — silent AP self-heal + canonical domain ids
  • fix(ap): silent self-heal for stale graph slots + multi-roster resolver — install/setup-project never errors
  • docs(adr): ADR-0049 — Cortex stays local on main; server-side deferred
  • fix(ci): ruff format 4 files + add pre-commit-ruff hook for CI parity
  • refactor: sync clean pii-fixtures + secret-shield hook from zetetic (post-scrub)
  • fix(domains): canonicalise domain ids — kill worktree-path noise in viz + list_domains
  • feat(hooks/briefing): dynamic _SPECIALIST_AGENTS load + zetetic bridge ADR
  • fix(ci): remove 2 unused imports from pii-daemon (ruff check F401)
  • fix(ci): apply ruff format to 3 files (CI was failing on Lint)
  • fix(security): remove TP secret-fixture corpus (working tree + history)
  • release: v3.14.5 — adopt canonical uvx pattern (per modelcontextprotocol/servers)
  • refactor: complete sync — add missing memory commands + drain hook
  • refactor: sync spawn-agent.sh + .mcp.json wiring from zetetic-team-subagents
  • refactor: sync genius agents batch B (51-98) from zetetic-team-subagents
  • refactor: sync genius agents batch A (1-50) from zetetic-team-subagents
  • refactor: sync 19 team agents from zetetic-team-subagents (Batch 2)
  • refactor: sync memory infrastructure from zetetic-team-subagents (Batch 1)
  • release: v3.14.4 — launcher self-installs full base runtime
  • release: v3.14.3 — align MCP wiring with Anthropic-official plugin convention
  • release: bump marketplace.json to v3.14.2
  • release: v3.14.2 — native AST CALLS chains + humanized panel + Dijkstra compliance
  • refactor(compliance): Dijkstra YELLOW items — all UI files under 300 LOC
  • fix(ci+compliance): ruff format + Dijkstra RED items (panel split, dead param)
  • fix(ui): humanization corrections from Eco + Vygotsky + Feynman audits
  • feat(ui): humanize workflow-graph detail panel for non-technical users
  • fix(ci): install [codebase] extra + skip tree-sitter tests without it
  • fix(graph): CALLS edges were silently dropped — cross-verified by Wu + Feynman
  • feat(graph): caller-qualified CALLS — full method-to-method dependency chain
  • refactor(ap): remove legacy CORTEX_ENABLE_AP env var — single source of truth
  • feat(ap): flip default to ON, make user-overridable via MCP config
  • feat(graph): native AST source — L6 depth without automatised-pipeline
  • docs: GitNexus competitive analysis + 5-move science-grounded plan
  • docs: gap analysis v2 — CORRECTED after reading AP source + web search
  • docs: gap analysis — codebase analysis as first-class Cortex core
  • docs(darval): reply draft for issue #14 OB4 fix + O1 resolution
  • refactor(homeostatic): tighten OB4 fix — fold clips, flag estimate
  • fix(homeostatic): issue #14 OB4 — emit bimodality_after on scale-invariant paths
  • test(main): bump tool-count assertion to 46 for Gap 1 (query_workflow_graph)
  • feat(graph): Gap 1 — query_workflow_graph MCP tool + README refresh
  • feat(graph): Gap 6 — confidence + reason on WorkflowEdge
  • fix(graph): populate Calls_* / Imports_* rel tables via AP resolve pass
  • fix(security): replace ancestor-walk loop with Path.is_relative_to
  • fix(security): werkzeug-style whitelist + Path.is_relative_to for CWE-22
  • fix(security): apply CodeQL's exact canonical sanitizer patterns
  • test(invariants): bump I2 allowlist for handlers/anchor.py after ruff format
  • fix(security): satisfy CodeQL on response-splitting + path-injection
  • feat(mcp): add title + annotations + outputSchema to every tool
  • fix(security): clear remaining CodeQL path-injection + response-splitting alerts
  • fix(security): add explicit path-containment checks (CWE-22)
  • docs: bump test count to 2500+ across README, CLAUDE.md, linkedin post
  • docs(readme): document L6 AST-symbol layer in Graph View
  • docs(readme): correct companion project name to automatised-pipeline
  • docs(readme): add ai-architect automated pipeline to companion projects
  • style: ruff format workflow_graph_source_ast
  • release: v3.14.1 — hero screenshot + version bump
  • docs(legend): expand L6 section with every AST symbol-type color
  • fix(ui): Board + Knowledge crash on symbol-label 'constructor'
  • fix(ui+ast): board/knowledge hang + multi-language symbol coverage
  • feat(ui): surface code-symbol impact in Knowledge + Board views
  • docs(readme): rewrite v3.14.0 callout without internal code names
  • docs+ui: L6 filter options, taller legend, README v3.14.0 callout
  • feat(viz): phase-driven graph build, AST integration, diff/legend polish
  • docs(adr): ADR-0046 — integrate with automatised-pipeline
  • style: fix ruff check — drop unused re-exports, retarget imports
  • style: apply ruff format to workflow-graph modules
  • docs(readme): new hero screenshot + workflow-graph section
  • fix(viz): eliminate alpha-box artifact + make Graph the default view
  • feat(viz): full file-access coverage + timestamps + compact filter row
  • feat(viz): Claude-workflow graph — radial hierarchy, filters, full diff coverage
  • fix(lint): drop remaining unused imports in pipeline_impact_bump test
  • docs(darval): github issue #14 O1 instrumentation ask
  • fix(lint): drop unused imports flagged by CI
  • feat(wiki): plain-language top-level README generator
  • feat(darval-o1): heat_delta instrumentation on cohort_correction output
  • fix(i2): allow-list pipeline_impact_bump heat_base writer
  • fix(darval-v3.13.2): forgetting_curve fit_quality + schema_acceleration bootstrap guard
  • feat(grooming): wiki templates + auditor + cortex-wiki-groomer agent
  • feat(pipeline-4): /cortex:cortex-setup-project handles optional pipeline
  • feat(pipeline-3): PostToolUse heat bump via pipeline detect_changes
  • feat(pipeline-2): SessionStart async re-analyze when graph stale
  • feat(pipeline-1): auto-wire ai-automatised-pipeline into mcp-connections.json
  • feat(doctor): optional codebase-pipeline detection with install guidance
  • style: ruff format + lint sweep for Phase 2-7 additions
  • fix(v3.13.2): revert plugin.json to launcher path (Claude Code marketplace install)
  • fix(v3.13.1): SQLite A3 migration + pinned plugin.json versions
  • docs(readme): v3.13.0 scalability release note + cortex-doctor + pool architecture
  • feat(marketplace): no-Python-required install + uvx-consistent hooks
  • bench(phase-5): LongMemEval 500-Q regression gate PASSED — exact match
  • release(v3.13.0): bump version + cortex-doctor CLI for marketplace users
  • feat(phase-7): hardening — content normalization, metrics, Dockerfile
  • feat(phase-4): chunked consolidate + streaming homeostatic moments
  • feat(phase-2): JOIN replacements for plasticity / synaptic tagging / co-activation
  • test(phase-5-step-6): I10 invariant — pool capacity vs cycle worker fanout
  • feat(phase-5-step-4c): asyncio.to_thread wrap handlers at registration
  • feat(phase-5-step-4b): migrate 14 external store._conn.execute sites to pool
  • feat(phase-5-step-4a): _execute borrows from interactive_pool per call
  • feat(phase-5-step-5): per-tool admission semaphore middleware
  • feat(phase-5-step-3): latency-class registry for MCP tool handlers
  • feat(phase-5-step-2): ConnectionPool infrastructure in PgMemoryStore
  • feat(phase-5-step-1): psycopg_pool dep + pool config knobs
  • docs(phase-5): ConnectionPool + to_thread + admission design spec
  • docs(darval): github issue #14 A3 delivery reply draft
  • bench(a3-step-9): BEAM-100K regression gate PASSED — exact zero delta
  • bench(a3-step-9): LoCoMo 1982-Q regression gate PASSED
  • bench(a3-step-9): LongMemEval 500-Q regression gate PASSED
  • fix(a3): effective_heat underflow guards for multi-year age rows
  • feat(a3-step-8): delete legacy heat path — single A3 canonical implementation
  • feat(a3-step-7): flag-gated decay cycle no-op under A3_LAZY_HEAT
  • feat(a3-step-6): recall_memories_lazy PL/pgSQL function + get_a3_ddl
  • feat(a3-step-5): dual-path heat writers (anchor, preemptive_context, stale, sqlite)
  • chore(settings): add project permission allowlist for read-only ops
  • style: ruff format + drop unused import in Phase 6 fixes
  • feat(reranker): Platt calibration from rate_memory feedback (AF-2)
  • feat(a3-step-4): bump_heat_raw canonical writer + homeostatic_state helpers
  • feat(write_gate): auto-calibrate threshold from observed acceptance rate (AF-5)
  • feat(a3-step-2): effective_heat() + effective_heat_frozen() PL/pgSQL functions
  • feat(a3-step-1): CORTEX_MEMORY_A3_LAZY_HEAT flag + migration SQL scaffolding
  • fix(recall_hierarchical): require domain or memory_ids — kill O(N^2) uncapped fallback
  • style: ruff check --fix unused imports in Phase 1 tests
  • style: ruff format Phase 1 changes — line length + minor normalisation
  • fix(profile-store): per-domain split — bound write amplification per session
  • fix(compression): eliminate redundant gist encode on 0→2 transitions
  • fix(homeostatic): Welford one-pass moments for heat-distribution health
  • fix(wiki-sync): surface errors in remember handler, stop silent swallowing
  • fix(codebase-analyze): bounded-candidate rglob — ADR-0045 R2/R3
  • style: ruff format v3.12.x commits (CI format-check fix)
  • fix(validation): bounded tags envelope on remember (ADR-0045 R2)
  • fix(validation): tighten remember.content maxLength 50K→10K (ADR-0045 R2)
  • fix(embedding_cache): SHA256[:16] keys, never raw text (ADR-0045 R5)
  • fix(import_sessions): delete full_read path — streaming only (ADR-0045 R2)
  • release: v3.12.2 — darval field report fixes (#14)
  • feat(entities): case-variant canonicalization + merge migration
  • feat(diagnostics): cls + memify reason_for_zero signals (#14)
  • feat(backfill+homeostatic): age-decayed initial_heat + bimodality-aware cohort correction (#14)
  • release: v3.12.1 — hotfix: emergence_tracker import + I2 regression guard
  • docs(scalability): Phase 0 program — ADR-0045 + invariants I1-I10 + memory_entities audit + Phase 0.4.5 backfill design
  • chore(tools): TDQS A-grade rewrite across 53 MCP tool schemas + fix emergence_metrics import
  • release: v3.12.0 — upstream MCP ingest (ingest_codebase + ingest_prd)
  • feat(ingest): upstream MCP consumption — ingest_codebase + ingest_prd
  • fix(tests): update exploding_decay signature to match Phase B memories= param
  • release: v3.11.0 — consolidate batching + plasticity/CLS/cascade fixes
  • perf(consolidate): v3.11 deferred fixes — batching, cache, plasticity, CLS, cascade (#13)
  • perf(consolidate): per-stage telemetry + fix homeostatic import bug (#13)
  • perf(consolidate): per-stage telemetry + fix homeostatic silent failure (#13)
  • release: v3.10.1 — wiki_purge tool for cleaning audit-artefact pollution
  • fix(wiki): reject audit artefacts (backfill, stage-N, path/URL titles)
  • release: v3.10.0 — Cowork compat + TDQS schema enrichment
  • chore(tools): TDQS schema enrichment (40 tools) + sqlite memory_entities
  • style: ruff format memory_store after auto-fallback edit
  • feat(memory_store): auto-fallback to SQLite when DATABASE_URL absent
  • chore(plugin): declare CORTEX_RUNTIME in mcp env schema
  • security: use compile-time filename constants + README Glama badge
  • chore: add glama.json — maintainer manifest for Glama's evaluator
  • docs: refresh Views → Wiki screenshot with post-edit rendered view
  • docs: reposition Cortex as a scientific-authoring tool, not just memory+graph
  • security: close 2 new CodeQL alerts (ReDoS + HTTP response splitting)
  • feat(wiki ui): collapse duplicate-title entries in the sidebar tree
  • fix(wiki export): strip frontmatter before pandoc; re-inject as --metadata
  • fix(wiki export): clearer error messages; pre-check for LaTeX engine
  • ci+ui: skip ccplugins workflows without PAT; surface export errors in UI
  • feat(wiki redesign): Phase 10 — Pandoc export (PDF, LaTeX, DOCX, HTML)
  • feat(wiki redesign): Phase 9 — academic extensions
  • feat(wiki redesign): Phase 8 — inline editor with live KaTeX preview
  • feat(wiki redesign): Phase 7.3 — seed wiki from existing repo docs
  • feat(wiki redesign): Phase 7.1 + 7.2 — cold-start fix
  • ci: keep ccplugins fork in sync continuously
  • ci: auto-sync cortex plugin to ccplugins monorepo on release
  • docs: add Wiki + Knowledge screenshots; refresh Graph + Board shots
  • security: match CodeQL py/path-injection example verbatim (3rd attempt)
  • security: switch sanitizer to startswith pattern for CodeQL recognition
  • security: keep sanitized path on same variable through sink (CodeQL #48 #49)
  • security: close 6 CodeQL alerts in wiki_store + wiki_view_executor
  • feat(wiki redesign): Phase 6 — Frontend integration
  • feat(wiki redesign): Phase 5 — Malleability (user rules + executable views)
  • feat(wiki redesign): Phase 4 — Thermodynamics
  • feat(wiki redesign): Phase 3 — Concept emergence (Strauss grounded theory)
  • feat(wiki redesign): Phase 2.4 + 2.5 — Curate + Compile
  • feat(wiki redesign): Phase 2.3 — Synthesize phase (Path A + Path B)
  • feat(wiki redesign): Phase 2.2 — Resolve phase
  • feat(wiki redesign): Phase 2.1 — Extract phase (claim_events from memories)
  • fix(wiki migrate): accurate written/unchanged counter on idempotent re-runs
  • feat(wiki redesign): Phase 1.2 + 1.3 — migration + self-hosting loader
  • feat(wiki redesign): Phase 1.1 — wiki.* schema + IR models
  • feat: invert wiki gate + harden path traversal check (security)
  • fix: classifier tolerates markdown heading prefix in reject patterns
  • fix: reject / slash-command framing in wiki
  • release: v3.9.1 — hooks.json nested schema fix (#12)
  • fix: hooks.json nested schema per Claude Code requirement (#12)
  • style: apply ruff format + remove unused imports
  • feat: 7-view frontend + wiki classifier + backend schema fixes
  • fix: resolve ruff lint errors — unused/missing EmbeddingEngine imports
  • release: v3.9.0 — engram slot cache (#11) + safe GPU embedding (#10)
  • feat: safe GPU auto-detection for embedding engine (#10)
  • perf: cache engram slots + COUNT(*) for allocate_engram_slot (#11)
  • feat: sync all agents, skills, commands, hooks, tools from zetetic-team-subagents
  • fix: remove unauthorized attribution from all agent files
  • style: "powered by ai-architect.tools" right-aligned on two lines
  • style: unify brand identity — teal accent + ai-architect.tools tag
  • feat: add ASCII art banner — SVG for GitHub README
  • security: fix command injection vectors (CodeQL CWE-78)
  • docs: compiled arxiv PDF + LinkedIn endorser post draft
  • fix: remove unused StageDetector import (ruff F401)
  • style: ruff format run_benchmark + stage_detector
  • feat: temporal assembler beats oracle — 0.471 MRR (+33.4%) on BEAM-10M
  • fix: apply genius review corrections across all docs
  • docs: arxiv-ready LaTeX paper for cs.IR submission
  • fix: replace all LaTeX with Unicode + code blocks for GitHub rendering
  • fix: LaTeX syntax issues in research papers
  • docs: rewrite science.md + research post as arxiv-style papers
  • docs: add per-category breakdowns under each benchmark
  • docs: update agent count to 27 specialists
  • docs: full narrative README rewrite — Zikkaron-style tutorial
  • docs: full narrative README — hook, scenario, benchmarks with context
  • docs: add auto-wiki feature + science table with brain analogies
  • fix: remove unused own_budget variable (ruff F841)
  • docs: move Scientific Foundation above Benchmarks
  • docs: slim README from 680 to 416 lines — product page, not paper
  • docs: slim README to product page, move science to docs/
  • docs: rewrite How It Works + Architecture in plain language
  • docs: reorganize scientific foundation into plain-language results
  • style: ruff format all context_assembly + benchmark files
  • docs: link README to public ai-prd-builder origin, not private repo
  • docs: trace architecture origin to ai-prd-builder (public, Sep 2025)
  • docs: add verifiable commit SHAs for prior art provenance
  • docs: update README with BEAM-10M scores + research post
  • feat: structured context assembly — 21.5% BEAM-10M improvement
  • release: v3.8.0 — auto-promote decision memories to wiki
  • release: v3.7.3 — fix Windows seed_project hang (#8)
  • release: v3.7.2 — surface real Postgres connection errors (#9)
  • chore: actually add traces/ to .gitignore
  • chore: ignore traces/ runtime telemetry directory
  • fix(recall): expose source column in recall_memories() PL/pgSQL
  • feat(wiki): rewrite as first-class authored layer, not PG projection
  • style(wiki): apply ruff format and fix import ordering
  • feat(wiki): add read-only Markdown projection of memory state
  • fix(setup): install benchmark and codebase deps in setup scripts
  • style: format abstention_gate.py
  • fix: restore validated 0.546 BEAM pipeline + benchmark setup docs
  • fix: pin uvx to Python 3.13 for MCP server
  • docs: link companion projects in README header
  • docs: document full BEAM ablation log in README
  • feat: instruction/preference typed retrieval + intent detection
  • feat: MMR diversity module + ablation results (disabled for now)
  • docs: correct benchmark scores, acknowledge database pollution error
  • feat: event ordering + summarization intent detection and chrono reranking
  • feat: emotional memory processing — retrieval, decay, reconsolidation
  • style: format pg_store modules
  • fix: stale prepared statement recovery + connection resilience
  • docs: update README with new visualization screenshots and install options
  • fix: cross-platform MCP via uvx, hooks via python detection
  • fix: break CodeQL taint chain — separate subcommand and args parameters
  • fix: remove unused os import in git_diff.py
  • fix: sever CodeQL taint chain in subprocess.run — use _GIT_BINARY + fresh list
  • fix: CORS headers for discussion detail fetch
  • fix: format session_start.py
  • fix: whitelist-based path security + deprecated utcnow
  • fix: bump pyproject.toml version to 3.4.2 for PyPI release
  • fix: remove unused os import in http_server.py
  • fix: remove duplicate shell=False kwarg in git_diff.py
  • style: format launcher.py and setup.py
  • feat: cross-platform setup.py for Windows support
  • fix: harden path sanitization for CodeQL — pre-validate before resolve()
  • feat: pipeline tree with canvas bezier lines, scroll sync, surpriseScore
  • fix: plugin.json hooks format + marketplace v3.4.1
  • wip: pipeline tree improvements + surpriseScore + security fixes
  • fix: resolve all remaining CodeQL path traversal and command injection alerts
  • feat: pipeline tree view, board flow header, UI improvements (P2)
  • feat: coordinated selection + minimizable detail panel
  • feat: coordinated selection (brushing/linking) between graph and board views
  • fix: format install_hooks.py and test_cold_start.py, bump pyproject.toml to 3.4.0
  • fix: format 5 files to pass ruff formatting check
  • fix: resolve all CodeQL security alerts + update auto-backfill tests
  • fix: resolve ReDoS vulnerability in CamelCase regex (CodeQL py/redos)
  • feat: consolidation pipeline, board view, replay tracking, auto-backfill (v3.4.0)
  • fix: make .mcp.json work in both plugin and project context
  • docs: fix cowork install command to cortex-cowork
  • docs: add Cortex-cowork link for Cowork users
  • fix: bump marketplace.json version to 3.3.0, update description
  • docs: add marketplace installation as recommended setup path
  • fix: format embedding_engine.py
  • merge: security hardening + setup-project rebuild_profiles fix
  • revert: restore original http_launcher.py — PYTHONPATH inherited from env
  • fix: setup-project skill adds rebuild_profiles as Phase 2
  • fix: viz server inherits CLAUDE_PLUGIN_DATA deps in PYTHONPATH
  • security: harden code without touching install flow
  • revert: security audit merge — broke marketplace plugin flow
  • merge: security audit fixes — verified from bare metal
  • fix: setup.sh registers MCP server in ~/.claude.json
  • security: fix all findings from audit
  • docs: add Getting Started section with installation guide
  • docs: add Neural Graph section, update hooks/module counts
  • docs: update agent team from 11 to 18 specialists
  • fix: Docker — install hooks as cortex user, add CORTEX_RUNTIME env
  • feat: discussions in neural graph, conversation viewer, fix all tests
  • fix: hooks use exit 0 for skip cases, not exit 1
  • fix: format install_hooks.py, remove dead code
  • feat: runtime-aware storage, user-level hooks, autonomous setup
  • fix: install psycopg before MCP server starts, use correct PYTHONPATH
  • revert: remove broken memory neural graph integration (5 commits)
  • fix: unified graph uses in-process server + materialized links + batch loading
  • fix: single-command setup — DATABASE_URL default, backfill, env propagation
  • fix: standalone viz server uses PostgreSQL + navigation API routes
  • feat: complete Obsidian-like navigation — timeline, entity detail, live editing
  • feat: Obsidian-like knowledge navigation — local graph, backlinks, breadcrumbs
  • feat: neural evolution wave 2 — faithful DA RPE, schema acceleration, single-command setup
  • chore: clean tasks — 6 development axes, remove 9 obsolete files
  • fix: test report issues — checkpoint created_at, narrative cleanup, output caps
  • fix: brighten text-dim for readability on dark backgrounds
  • feat: dashboard UI updates for v3.2.0 — agent colors, protection rings, team badges
  • feat: seamless auto-recall hook + full plugin hook registration
  • fix: replace Mermaid with SVG diagrams for consistent rendering
  • fix: replace ASCII diagrams with Mermaid for GitHub rendering
  • docs: rewrite README for v3.2.0 — agent integration, hooks, skills
  • fix: correct hook semantics + format reranker.py for CI
  • feat: preemptive file context + agent briefing hooks
  • feat: decision auto-protection, team memory bus, auto-dream consolidation
  • feat: adaptive alpha reranking (disabled) + comprehensive ablation data
  • data: BEAM signal weight ablation + cross-benchmark regression analysis
  • chore: bump version to 3.1.0
  • fix: remove unused imports and variable (ruff lint)
  • style: format 13 files with ruff
  • docs: rewrite README — science-first, full paper transparency
  • fix: zetetic audit — remove invented constants, add ablation data
  • feat: zetetic rewrite — faithful paper implementations across all 33 core modules
  • docs: zetetic scientific standard reference document
  • wip: Bruch 2023 TMM convex fusion + faithful Titans + zetetic standard
  • fix: OR tsquery, benchmark isolation, Bruch 2023 TMM convex fusion
  • style: format git_diff.py and http_standalone.py with ruff
  • chore: bump version to 3.0.0
  • feat: redesign unified graph visualization UX
  • docs: update hero image alt text for v2.6.0 screenshots
  • docs: update hero images with v2.6.0 unified graph screenshots
  • fix: add HF model cache to release workflow
  • fix: add sentence-transformers and networkx to dev deps for CI
  • fix: move model pre-download after pip install, allow soft failure
  • fix: cache HuggingFace model in CI to prevent download failures
  • fix: ruff format http_standalone.py
  • release: v2.6.0 — remove memory dashboard, global memory dedup fix, cleanup
  • release: v2.5.5 — domain clustering in unified graph, per-project brain shells
  • release: v2.5.4 — update script + cache workaround documentation
  • release: v2.5.3 — auto-install embeddings, Docker one-liner, session warnings
  • release: v2.5.2 — schema resilience, lint fixes, all backends aligned
  • fix: ruff format + remove unused variable to pass CI lint
  • fix: consistent per-statement schema init across PG, SQLite, and Docker
  • feat: add cortex-remember-global and cortex-recall-global skills
  • feat: global memories — cross-project knowledge with auto-detection and visualization
  • fix: split DDL into individual statements to prevent cascading schema failures
  • release: v2.5.1 — version bump (2.5.0 tarball burned on PyPI)
  • fix: align package.json and safeskill-report.json to v2.5.0
  • release: v2.5.0
  • fix: 5 user-reported bugs — path validation, hierarchical recall, causal chain, narrative, seed
  • fix: persistent memory across Docker container restarts
  • fix: use shields.io badge for SafeSkill — their badge API is broken
  • fix: SafeSkill badge uses dynamic API from published npm package
  • fix: Docker entrypoint registers MCP in .claude.json, strips host config
  • fix: badge links to local SafeSkill report
  • docs: add SafeSkill 94/100 scan report, remove stale badge link
  • fix: add minimal package.json for SafeSkill scanner, update badge to 94/100
  • fix: remove legacy Node.js files flagged by SafeSkill security scan
  • Merge pull request #2 from OyaAIProd/safeskill-scan-1774780323456

Full Changelog: https://github.com/cdeust/Cortex/compare/v2.4.1...v3.14.6

Security Fixes

  • Authflow cooldowns now session-scoped — closes abuse vector where users changed phone/email mid-flow to reset OTP cooldowns
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track cdeust/Cortex

Get notified when new releases ship.

Sign up free

About cdeust/Cortex

Persistent memory for Claude Code grounded in computational neuroscience (41 cited papers)

All releases →

Related context

Beta — feedback welcome: [email protected]