Skip to content

nfemmanuel/iranti

v0.4.0 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 1mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Multi‑tenant identity layer adds per‑user scoping with default user ID 1 for backward compatibility.

Full changelog

What's new

Multi-tenant identity layer — Users and tokens tables ship in this release. Every API operation is now scoped to a userId, with a default user (id=1) keeping backwards compatibility for all existing single-tenant installations.

Consumer MCP endpoint — A new /mcp/:token route gives external agents access to iranti_remember, iranti_recall, and iranti_forget over stateless HTTP. Tokens are resolved from the database, scoped per user, and checked against the mcp_consumer_* token scope prefix.

Bidirectional attend captureiranti_attend now captures response content on the post-response pass and auto-writes durable facts from the assistant's output without requiring a manual iranti_write call. File references in responses are extracted and persisted automatically.

Threshold-based write guard — The write guard now blocks at 5 pending unlogged edits instead of 1. The tracker also gained path normalization, per-file dedup (same file edited multiple times only counts once), and an ignore list covering generated files, migrations, and vendored directories.

Feedback endpointPOST /feedback accepts satisfaction signals from the iranti feedback CLI command. Unauthenticated, rate-limited by IP, idempotent on feedbackId for safe offline-retry queue replay.

Commits

  • feat(multi-tenant) — identity layer, consumer MCP endpoint, token management
  • feat(attend) — bidirectional capture, threshold-based write guard
  • feat(feedback) — server-side POST /feedback endpoint
  • fix(tests) — test suite alignment for multi-tenant schema changes

Breaking Changes

  • API operations now require a `userId` parameter; existing calls without it default to user ID 1 for backward compatibility.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track nfemmanuel/iranti

Get notified when new releases ship.

Sign up free

About nfemmanuel/iranti

Persistent shared memory for AI coding agents. Stores facts as `entity/key/value` triples with hybrid semantic search, task checkpoints, and conflict resolution — shared across Claude Code, Codex CLI, and GitHub Copilot.

All releases →

Related context

Beta — feedback welcome: [email protected]