v1.44.0 — Regression Tracker, Postmortem Generator & Fleet Topology

What's New

✨ Features

• Agent Regression Tracker dashboard — detect and visualize agent performance regressions over time
• Incident Postmortem Generator dashboard — automated postmortem report generation from incident data
• Fleet Topology Map — interactive network visualization of agent fleet relationships
• Cost Anomaly Detector dashboard — proactive cost monitoring and alerting

🐛 Bug Fixes

• Add input validation to anomaly endpoints and fix profiler column name bug

⚡ Performance

• Reuse event index in _max_concurrent_usage, eliminating O(R×E) scan
• Single-pass _compute_trend\ with closed-form x_mean in CapacityPlanner
• Cache normalisation, hashing, and trend computation in error fingerprinting
• Replace O(n×m) \Array.includes\ with Set lookups in profiler list endpoint
• Amortize entropy syscall with pre-allocated random ID pool

🔧 Refactor & Cleanup

• Extract
  ecordFailedDelivery\ helper to deduplicate 3 identical INSERT blocks in webhooks
• Remove 33 unused imports across 20 CLI modules, fix undefined name bug in cli_bottleneck

🧪 Tests

• Add 46 tests for \cli_digest\ module

📦 Dependencies

• Bump pydantic requirement from >=2.13.0 to >=2.13.3
• Bump docker/login-action 3→4, codecov/codecov-action 5→6, docker/setup-buildx-action 3→4
• Bump actions/attest-build-provenance 2→4, actions/checkout 4→6

Full Changelog: v1.43.0...v1.44.0

v1.43.0 — Static Asset Fast-Path, Session Validation & SBOM Attestation

What's Changed

🚀 Performance

• Static asset fast-path — serve static files before the API middleware stack, eliminating unnecessary middleware overhead for asset requests. Added covering index for analytics queries. (\44673e7)

🐛 Bug Fixes

• Session status validation — validate session status against allowed values in the \session_end\ handler, preventing invalid state transitions and silent data corruption. (\450ead9)

🔒 CI/CD & Security

• SBOM generation & build provenance — Docker workflow now generates a Software Bill of Materials and build provenance attestation for supply-chain transparency. (\284abc3)

Full Changelog: v1.42.0...v1.43.0

v1.42.0 — Runbook Automator, Security Hardening & Performance Optimizations

What's New

Features

• Runbook Automator Dashboard — automated incident response playbooks with configurable triggers
• Smart Alert Correlator — groups related alerts to reduce notification noise
• Agent Behavior Profiler — drift detection for agent behavioral changes
• Codecov integration for coverage tracking

Security

• Patch 3 npm audit vulnerabilities (path-to-regexp ReDoS, brace-expansion hang, picomatch injection)
• Sanitize agent_name inputs in SLA module, cap window_hours, bound snapshot storage
• Validate input types in PUT update handlers
• Add usedforsecurity=False to md5 calls in postmortem.py
• Restrict file permissions on CLI config containing API key
• Fix SQLite variable overflow, validate agent names in profiler
• Harden severity classification and annotation input validation

Performance

• Optimize event ID generation, cache eviction, and tag batch queries
• Single-pass GroupStats initialization (7 passes → 1)
• Cache model aggregates and eliminate redundant sorts in spending/budget
• Single-pass baseline computation with sum-of-squares for anomalies
• Consolidate 3 DB queries into single CTE for leaderboard
• Cache extractServiceName results and optimize isFailure regex
• Eliminate spread-copy in parseEventRow, reduce allocations in export
• Fix LRU cache pollution in session search
• Compute MTBF in SQL, wrap error queries in transaction
• Optimize linearRegression to single-pass

Fixes

• Correct daily session count aggregation in forecast
• Fix ReferenceError in trend detection (hoisted regression variables)
• Align SQL column names with sessions/events schema in profiler
• Cap event buffer and alert history to prevent memory leak

Refactoring

• Extract statement cache to shared lib, use createLazyStatements
• Standardize CLI command signatures to args-only pattern
• Extract dashboard and replay into separate modules
• Migrate scorecards and pricing to createLazyStatements

CI/CD

• Add Trivy vulnerability scanning and smoke test to Docker workflow

Dependencies

• Bump better-sqlite3 11.10->12.9, httpx >=0.28.1, setuptools >=82.0.1, pydantic >=2.13, pytest >=8.4.2, upload-pages-artifact v4->v5

Full Changelog: v1.41.0...v1.42.0

v1.41.0 — Codecov Integration & Repo Cleanup

What's Changed

✨ Features

• Codecov integration — Added coverage tracking workflow for automated code coverage reporting on every push and PR

🧹 Maintenance

• Repo cleanup — Removed misplaced files from other repositories that were accidentally committed

Full Changelog: v1.40.0...v1.41.0

v1.40.0 — Lazy Statements Migration & Correlation Performance

What's Changed

Performance

• perf(correlation): Build shared event index to eliminate 3 redundant full-event scans in correlation analysis

Refactoring

• refactor: Migrate scorecards and pricing routes to createLazyStatements pattern for consistent lazy-loading
• refactor: Extract _get_tracker() helper and consolidate duplicated ormat_duration across session metrics

Documentation

• docs(api): Add Profiler and Command Center endpoint documentation

Full Changelog: v1.39.0...v1.40.0

v1.39.0 — SLA Input Sanitization & Forecast Caching

What's Changed

Security

• Sanitize SLA agent_name inputs — validate and sanitize agent_name parameters to prevent injection; cap window_hours to a reasonable maximum; bound snapshot storage to prevent unbounded growth (0a44454)

Performance

• Cache model aggregates in forecast — cache model-level aggregates and eliminate redundant sorts in spending_summary and check_budget endpoints for faster dashboard loads (6bfb882)

Full Changelog: v1.38.0...v1.39.0

v1.38.0 — Forecast Trend Detection Fix

What's Changed

Bug Fixes

• fix(forecast): Hoist regression variables to avoid ReferenceError in trend detection — the slope and intercept variables from linearRegression() were scoped inside a conditional block, causing a ReferenceError when the trend-detection path executed. Variables are now hoisted to the correct scope so forecast trend analysis works reliably.

Full Changelog: v1.37.0...v1.38.0

v1.37.0 — Input Validation for PUT Handlers

Security

• Validate input types in PUT update handlers — alerts and webhooks routes now validate request body field types before processing updates, preventing type confusion and potential injection via malformed payloads (\�lerts.js, \webhooks.js)

Commits

• 7bca589 security: validate input types in PUT update handlers

v1.36.0 — Forecast Session Count Fix & Regression Reuse

What's Changed

Bug Fixes

• Fixed daily session count aggregation in forecast endpoints — The daily aggregate query grouped by (date, model), making \COUNT(DISTINCT session_id)\ per model group inaccurate for sessions spanning multiple models. Previously took \max\ across groups which undercounted. Now uses a dedicated query without model grouping for accurate per-day session counts.

Performance

• Reuse pre-computed regression in trend detection — When the linear forecast method already computed regression results for cost/token predictions, those are now passed to \detectTrend()\ instead of recomputing \linearRegression()\ redundantly.

v1.35.0 — CLI Reference Documentation

What's New

Documentation

• Comprehensive CLI reference guide (docs/CLI.md) — covers all 50+ CLI subcommands organized by category (agent management, session control, model configuration, diagnostics, etc.)
• Documents global options, config management, and environment variables
• Includes practical workflow examples for common tasks
• README now links to the full CLI reference

Full Changelog: v1.34.0...v1.35.0