Changelog

May 17, 2026 — Website refresh: AI mini-apps positioning, MCP discoverability, prod-infra runbook

Documentation and infrastructure changes that shipped on kdcube.tech alongside the platform release below. Tracked here because the operational layer between platform and operator is part of what the project ships.

• Messaging reframe — runtime for AI mini-apps. Home, Why, What, How, Q&A, Glossary, Compare reframed under one thesis: KDCube is the runtime for the long tail of small focused AI apps a team ships. The first one is easy; running a fleet is where the engineering work lives, and the operational layer that absorbs that work is what KDCube provides. New "Why this is going to keep happening" industry-context section on Why explains why the trend exists (scopeable units, not one general agent) and addresses the standard sprawl critique. Read the Why page →
• Compare-page mini-apps axis. compare.html intro leads with mini-apps + operational-layer framing (regulated industries is still implicit, no longer the headline). Each deep-dive (vs LangGraph, vs Bedrock AgentCore, vs CrewAI) gains a "fleet of apps" bullet in 'When to pick which': per-app authoring vs shared operational layer; AgentCore cost flips at 3–10 apps; CrewAI optimizes for one complex multi-agent system, KDCube for many simpler ones. See the comparison →
• MCP discoverability shipped on the apex. https://kdcube.tech/mcp/docs is now a 308 method-preserving redirect to the canonical bundle URL via a CloudFront Function. Vanity URL stays stable across bundle re-versions. Quickstart Step 4 gets a collapsible client-tabs UI (Claude Code, Claude Desktop, Cursor, OpenAI Codex CLI, Gemini CLI) — defaults closed, ~80px tall vs ~800px stacked. Claude Code plugin install path (/plugin install kdcube-docs@kdcube) added as a first-class option. Setup →
• Production infrastructure automation. One idempotent scripts/prod-infra/deploy.sh provisions the full prod stack end-to-end: CloudFront vanity function (with apex canonicalization folded in), WAF Web ACL with AWS managed rule groups + per-IP rate-based block, Response Headers Policy, GitHub Actions OIDC role with inline policy scoped to function + distribution ARNs, GitHub repo variable set via gh, plus a local-deployer-policy bootstrap for the operator's own IAM user. Field-level preflight validation catches AWS InvalidArgument constraints (RHP Comment limits, reserved headers, WAF Description length, etc.) locally before any write. Companion preview-infra/deploy.sh carries a mirror of the vanity table so PR previews 308 the same as production.
• Operator runbook for future agents. scripts/prod-infra/README.md restructured around tasks instead of flags. TL;DR is the most common operation (bundle re-version). Five numbered runbooks cover first-time setup, new vanity URLs, runtime-host migration, and rollback. A "Field-level constraints (lessons learned the hard way)" table documents every InvalidArgument / ValidationError we hit during bring-up and maps each to the preflight check that now catches it. AGENTS.md gains a "Production infra" section telling future agents which four files must be edited together on every bundle re-version.
• Glossary: "AI app" defined. Added as the first KDCube concept, with the mini-app alias and a JSON-LD DefinedTerm entry. Read the entry →
• Machine-readable manifests aligned. agents.json tagline + description and llms.txt rewritten to lead with mini-apps positioning. agents.json gains a claude_code_plugin block (marketplace, install commands, MCP server namespace, slash commands) for AI crawlers and MCP tool indexers consuming the manifest.

Release 2026.5.17.452 — May 17, 2026 — user memory, bundle-scoped service keys, embedded control plane

• User memory subsystem. Bundles can opt into a first-class persistent memory layer: durable per-user memories with structured types, an LLM-driven reconciler that merges, scores, and expires entries per turn, ReAct-side memsearch, and a mountable Memories admin widget. A scheduled memory.reconciliation.run job keeps the store healthy. MemoryEntrypointMixin and entrypoint_with_memory.py ship as the base classes for bundles that want it.
• Bundle-scoped service keys. get_service_secret / get_service_secret_async resolves provider keys (OpenAI, Anthropic, Gemini, OpenRouter, Brave, Stripe, git auth) bundle-first via bundles.secrets.yaml with the platform secrets.yaml as fallback. ModelRouter and all service call-sites migrated. Subprocess bootstrap now propagates BUNDLE_ID_CV into spawned workers so bundle context survives across the exec boundary.
• Memory-enabled bundle widgets. Reference versatile and kdcube.copilot bundles ship refreshed widget surfaces wired to the memory store, plus a new telegram_copilot_webapp widget. Widget authors get expanded shared-ui.d.ts types and a working MemoryPage.tsx reference for browsing and editing user memories from inside a bundle widget.
• Configurable frame embedding policy. assembly.yaml gains proxy.frame_embedding: { mode: standalone | allowlist, allowed_origins: […] }. Nginx / OpenResty templates and the CLI installer honor it; operators can embed the KDCube control plane inside a customer-owned origin without hand-patching nginx. The control-plane shell stays DENY by default; bundle widgets and static docs stay SAMEORIGIN.
• Embedded control plane + shared build locks. Control-plane React panels (Conversations, Economics, Redis, Monitoring, OpEx, Billing) accept an embedded-host config so a bundle can host them in-line. A new observed_file_locks / observed_redis_locks layer plus expanded git_bundle locking lets multiple workers share bundle build and clone operations safely.
• Bundle reload propagation + module eviction. Reload broadcasts evict changed bundle modules from the processor's import cache and log propagation across processor instances. Hot-reloading a bundle now actually picks up code changes instead of serving cached modules.
• Tightened ReAct finalization protocol. v2 / v3 runtimes harden the decision-to-finalize handoff so the agent stops emitting partial finalizations or skipping the final answer step. End-users see cleaner, more reliable answer termination.
• Ingress reads bundle registry metadata-only. The ingress service no longer pulls full bundle payloads when it only needs registry metadata. Cuts ingress-side memory and startup time on workspaces with many bundles.
• Telegram setup docs for the reference bundles, plus expanded capabilities-overview and quick-start docs.

Release 2026.5.13.117 — May 13, 2026 — off-turn job substrate, memory-maintenance direction

• @cron with span dimension. Scheduled bundle jobs can now declare span=system | process | instance with canonical enabled.cron.<alias> gating — one decorator covers tenant-scoped, per-replica, and platform-wide schedules.
• Proc-owned scheduler with per-job Redis locks. The reconcile loop guarantees a single owner per (span, job) at a time across replicas. Selectable scheduler backends ship in the same release.
• Bundle background job stream. kdcube_ai_app/infra/jobs/stream.py provides a generic async progress + log channel for off-turn jobs, addressable from the admin UI and chat surface using the same comm contract as turn-tied work.
• on_props_changed hook. Bundles can react to prop edits without a full reload — useful for live-config refreshes on long-running consumers (schedulers, MCP servers, persistent widgets).
• Dynamic per-resource config overrides. expr_config, tz_config, and other *_config shapes ship with an in-place admin override editor; admins can re-tune cron expressions, timezones, and per-resource knobs without a redeploy.
• Canonical enabled.* feature gates. Uniform gating across bundle / api / mcp / widget / cron — one mental model, one admin surface, one audit trail.
• Memory maintenance direction (announced). Durable user memory is moving toward explicit, user-reviewed maintenance: snapshots, async reconciliation jobs, proposal export, and restore. See Claude Dreams-style memory vs. KDCube ReAct memory → for the comparison and current safety posture.
• Versatile / Telegram copilot turn-isolated progress streams + Telegram copilot polish.
• MCP public copilot route-aware API keys + gateway config startup override.
• Bundle admin UI widgets + allowed_roles, configurable allowed_roles, in-place override editor, Bundle interface card refresh.

May 5, 2026 — tool file hosting

• Tool file hosting support. Bundle tools can now publish files through the platform's hosted-artifact pipeline; widgets and clients receive stable URLs without bespoke storage glue.

Release 2026.5.4.1846 — May 4, 2026 — Claude skill materialization, communicator activity streaming, widget rebuilds

• Claude skill materialization + accounting context. Skills resolved and applied at admission carry their full accounting context through the turn — per-skill cost attribution shows up in the economics ledger end-to-end.
• LLM streaming interface reference. First-class docs for the chat-stream contract — channels, event catalog, retry semantics — used by the default chat UI, bundle widgets, and custom main views.
• Communicator activity streaming. Activity (typing, "still working", queue position) now streams over the same comm pipeline as content and tool events.
• Buildable widget UI rebuilds. Widgets compiled at bundle build time pick up source changes deterministically; rebuild cache no longer goes stale across reload cycles.
• Non-PDF attachment handling in React timeline. Image and other binary attachments are persisted and re-served correctly across continuation turns.
• Exec event loop cleanup before shutdown. Graceful exec teardown stops new tasks, drains the event loop, then exits — no more half-flushed log batches on rolling deploys.
• Bundle agent integration docs shipped — explicit guidance on how a bundle plugs into the platform agent runtime.

May 3, 2026 — bundle background jobs, async secrets, MCP lifecycle

• Bundle background job stream. Bundles can spawn long-running background work tied to a turn; the platform streams progress and final artifacts through the standard comm channels.
• Async secrets runtime support. Secret resolution available as an awaitable in bundle code paths, so tools and skills can pull just-in-time secrets without blocking the event loop.
• Bundle MCP lifecycle + turn-payload state fix. Bundle-served MCP endpoints survive turn boundaries cleanly; payload state no longer leaks into the next conversation.
• Bundle tool integration rebinding fix. Tool integrations re-bind correctly across hot reloads; stale bindings no longer point at evicted bundle modules.
• Bundle props applied to REST operations. Per-bundle prop values flow into bundle-served REST endpoints so behaviour is consistent with chat and widget surfaces.
• Hydrated base64 user attachments. Inline base64 attachments in user messages are accepted and rehydrated without going through the upload service first.
• Nonstandard turn IDs in exec artifacts. Exec artifacts referencing turn IDs from external sources are accepted; turn-id path prefix guidance documented.
• Processor scheduler backend tests deterministic. Flaky timing-sensitive tests in the scheduler backend stabilised.
• Chat interface contracts docs + reusable bundle tool context docs landed.

May 2, 2026 — bundle content release, widget subpaths, runtime contracts

• Bundle content release guide. First-class docs for shipping bundle changes — when to use git refs vs file-backed authority, how to roll back, how to coordinate with downstream consumers.
• Bundle widget subpaths. Widgets can declare nested URL paths, so bundles host more than one widget app under their own namespace without collisions.
• Source-folder bundle widgets. Widgets can be served straight from a source folder during local development; build step optional during iteration.
• Versatile bundle runtime contracts fix. Tightened the runtime read/write contract for the reference versatile bundle, eliminating subtle prop-vs-config drift.
• Bundle import descriptor shapes documented. Explicit reference for what an external bundle import looks like in bundles.yaml.
• Assembly path topology clarified. Host vs container path mapping for bundles now has a single canonical reference.
• Bundle builder docs + local runtime paths refreshed; subtle path inconsistencies between docs and the CLI fixed.

Release 2026.4.30.317 — April 30, 2026 — split-container exec, ISO runtime hardening

• Split-container exec strategy. Isolated code execution now defaults to running supervisor and executor in separate containers; the bubblewrap fallback path is rolled back. Strategy is selectable per deployment. Engineering write-up →
• Hardened ISO runtime. Tightened executor syscall surface; supervisor runtime hardened against escape attempts; split-exec logs persisted to the output mount.
• ISO runtime filesystem limits enforced. Per-tenant exec workspaces capped — bundles can't exhaust shared disk.
• PNG rendering reliability. Tighter buffer handling for the renderer; intermittent corruption fixed.
• Sandbox hardening pass. Isolated code execution audited end-to-end; defence-in-depth checks added (bubblewrap permitted under Docker AppArmor where opted in).

April 29, 2026 — admin customization as hard override, bundle release docs

• Agent admin customization treated as hard override. Operator-pushed customization wins over bundle-declared defaults, with fingerprint logging and head/tail trace for audit. Large exec output now constrained by admin customization rules.
• Generated file downloads fixed in OSS frontend.
• Safe-directory handling for ReAct git workspaces — git operations on shared turn workspaces no longer fail under multi-user Docker mounts.
• Bundle release workflow + content release + runtime feedback documented — explicit guidance for shipping bundle changes.
• Frontend config reference shipped in docs.
• CLI init upstream build flow clarified; descriptor-scoped init resolves explicit built-in bundle descriptors.

Release 2026.4.28.2229 — April 28, 2026 — CLI rewrite, frontend runtime config from server

• CLI subcommands + --info flag. kdcube reorganised into subcommand verbs (init, deploy, inspect, etc.); --info reports descriptor scope, runtime, and resolution. Docs aligned across the CLI surface.
• Run without --descriptors-location. Repo-default descriptors picked up automatically when the flag is omitted.
• Concurrent deployment guard hardened. False positives on cross-base deployment guard fixed; persistent operator defaults preserved across runs.
• Ambiguity refusal for targeted commands — CLI declines to act when target workdir cannot be resolved unambiguously, instead of guessing.
• OSS frontend config served from ingress. Frontend runtime config no longer baked at build time — assembly descriptor is the source of truth, served at request time. Cognito frontend auth type emitted correctly for OSS deployments.
• Chat timeline event ordering fix (PR #97) — out-of-order events surfaced as duplicate or missing turn blocks.

Release 2026.4.23.17 — April 23, 2026 — Tier 1 bundle docs, file-backed authority, on_props_changed

• Tier 1 bundle docs pack. Comprehensive bundle authoring documentation: plugin Tier 1 agent contract, Tier 1 bundle pack refinements, navigation, environment boundaries, runtime config guides, configuration consolidation, README + platform overview reframing.
• File-backed bundle authority. Bundles can be backed by a file path declared in their descriptor — used for vendored bundles and reproducible builds.
• Reserved bundle descriptor props preserved through deployment, so platform-managed metadata can't be overwritten accidentally.
• Bundle on_props_changed hook. Bundles react to shared-prop updates without restart.
• Node sidecar bridge example in the SDK — reference flow for a bundle that boots a Node sidecar and routes calls to it.
• GA release reruns are now safe. Existing release images are skipped on rerun; CI release pipeline tolerates retries.
• Postgres credentials sync from assembly descriptor to .env via kdcube — no more drift between the two.

Release 2026.4.22.1914 / .1221 — April 22, 2026 — runtime contract, secrets, metrics descriptor

• Runtime read/write contract documented — what bundles may and may not access at runtime, with an explicit prohibition on direct config access in bundle code.
• Normalized secrets resolution and bundle cleanup. Settings secret-provider lookup unified across the runtime; bundle teardown deterministic.
• Metrics service runtime config from descriptor. Metrics endpoint and exporter settings now live in the assembly descriptor, not a separate config file.
• HTTPS vs SSH git transport contract documented for bundle source repos.
• Chat UI duplicate-turn fix — send no longer leaves the input populated and creates a single turn.

Release 2026.4.21.1656 — April 21, 2026 — enabled_config, conversation IDs, control plane

• Bundle enabled_config enforcement. Resources can be selectively enabled/disabled per environment without forking the bundle.
• Conversation IDs issued at ingress. Frontend can no longer mint conversation IDs; ingress validates supplied IDs before processing.
• Control plane Redis exposes a single-key delete action for operational tooling.
• Bundle props serialization. Shared bundle prop writes serialized to prevent races; updates published from a single shared store.
• Infra password loading via secrets provider. Postgres / Redis credentials read from the configured secrets provider instead of inline env vars.
• Gateway descriptor scope placeholders resolved at runtime — descriptor templates can reference deployment-scoped values without manual substitution.
• ReAct compaction — bounded internal-memory preservation shared across runtime variants; reactive iteration bonus explained in announce; live event budget credit added; shared React modules collapsed.
• Claude Code resume. Treat git lineage as the resume authority for Claude Code sessions; recovery is deterministic.
• CLI runtime inspection + split bundle roots exposed via kdcube.
• Cron timezone fix — 0 2 * * * previously interpreted in UTC; now respects the bundle's declared timezone.
• Multi-response followup timeline handling fixed; turn-log chat timestamps preserved on fetch.
• Code artifact support added to the artifacts pipeline.

Release 2026.4.17.247 — April 17, 2026

• Experimental ReAct v3 runtime. Selectable via AI_REACT_AGENT_VERSION=v3. Adds multi-action rounds in safe_fanout mode; actions execute sequentially, not in parallel. Hardened v3 streamer and final-answer streaming.
• Configurable ReAct agent version selector. Bundles can pin to v2 (default, production) or v3 (experimental) per deployment.
• Tightened ReAct v2 protocol and round handling. Consistent channel semantics, cleaner timeline block boundaries.
• Split bundle user types from raw roles. Cleaner separation between platform-level roles and bundle-declared user types.
• Local Kubernetes setup. Run KDCube on local K8s (kind / minikube / Colima) with the provided descriptors and Helm chart.
• Selectable processor scheduler backends. Swap the default scheduler for Kafka or alternate queues via descriptor config.
• Service watchdogs rendered from assembly descriptors. Auto-restart hung agents with timeout config driven by the deployment descriptor.
• Raw-quote tolerance in streamed HTML canvas artifacts. Fixes display issues for agent-rendered HTML widgets.

April 16, 2026

• Live followup attachments in ReAct timeline. Attachments surfaced inline on the active turn rather than as a separate side channel.
• v3 versatile streamer with widget coverage. Widgets now receive the full v3 stream shape.
• Activity watchdogs for long-running processor tasks. Detect stuck work earlier and surface it to ops.

April 14, 2026 — External log collector backend

• Logger collector backend shipped (PR #75). Frontend errors, warnings, and custom metrics collected, deduped (5 s window), tenant-enriched (tenant/project/user/session/conversation), and persisted.
• Skills loader bundle overrides. Bundles can override default platform skills without patching the platform.
• SSE fan-out stabilized. Silent drops on client reconnect fixed; DM-only fallback with warning log kept, broadcast fallback reverted.

April 13, 2026

• Persist interrupted ReAct turns even when workspace publish fails — no more lost turns on transient git errors.
• Live external ReAct events during active phases. External signals reach the agent mid-turn via polled event leases.
• Optional runtime instructions to the ReAct solver. Bundles can inject per-turn guidance without changing the system prompt.
• @venv improvements. Raw bundle module paths preserved in child loads; bundle-scoped venv helpers more reliable.
• Git bundle cache hardening. Correct permissions on container startup, atomic temp dirs, host cache roots ensured.

Release 2026.4.12.500 — April 12, 2026

• Claude Code bundle builder plugin marketplace. First-class support for Claude Code as a bundle-authoring agent inside KDCube. See Claude Code Agent Support.
• Bundle builder skill + public node bridge example. Reference flow for a bundle that authors other bundles.
• Persist live bundle config state and add export tooling. Runtime config survives restart; exportable for promotion between environments.
• Emit a single committed answer stream per turn. Removes duplicate streams that occasionally leaked across turn boundaries.
• Persist interrupted steer generation. Steers (mid-turn course corrections) durably recorded even if the main stream is interrupted.
• Detect ECS draining hosts and stop new processor intake, preventing work from landing on hosts about to be replaced.
• Group AWS secrets by document. Cleaner organization of secrets in Secrets Manager; bundle API failures now logged.
• Restore followup messages in conversation history on both open-source and chat-web clients.

Release 2026.4.11.1358 — April 11, 2026

• Steer and followup support in the chat web app. Interrupt an in-flight agent turn with a steer; followups continue the conversation while the agent is still responding.
• ReAct steer interrupts the active turn. Steers now actually stop the current generation instead of queuing behind it.
• Shared external event log for ReAct continuations. External events are leased, retention-controlled, and ownership-verified so continuation turns can pick up where the previous one left off.
• Bundle local sidecars restart on hot reload. Sidecars stay in sync with the bundle without manual restart.
• Upstream source selection for descriptor installs. Pick source repos explicitly during non-interactive install.
• Webhook event handling now requires webhook_secret. Secret-less webhooks rejected.

Release 2026.4.10.153 — April 10, 2026

• Internal memory anchors added to ReAct. Named attention points on the timeline the agent can navigate to during retrieval and compaction.
• Bundle-native scheduled jobs via @cron. Declare cron jobs inside a bundle; the processor owns scheduling.
• Bundle @venv execution. Run bundle code inside a dedicated virtualenv with documented boundaries.
• Split local and git bundle roots. Cleaner separation between locally-mounted bundles and git-backed bundles.
• CLI renamed to kdcube. Consistent command name in all docs and examples.
• Bundle builder skills audit runtime dependencies before proposing changes.

April 9, 2026

• Local bundle prototyping and reload flow improvements. --bundle-reload evicts the target bundle's modules cleanly on CLI reload.
• Descriptor-driven non-interactive installer. Install KDCube entirely from a descriptor — no prompts.
• Assembly-descriptor secrets provider. Secrets resolved from the assembly descriptor at runtime; storage and routine config follow the same pattern.
• OpenRouter bundle docs. First-party example of an OpenRouter-routed bundle.
• Claude Code git-backed session-store bootstrap. Session continuity via a git-backed store for the Claude Code agent.

April 8, 2026 — Claude Code + external log collector

• Native Claude Code SDK runner added — the foundation for the bundle-usable Claude Code runtime.
• Account for Claude Code usage in copilot — per-turn tokens, cache activity, and cost surface in the economics engine.
• Resume existing Claude Code sessions correctly across restarts.
• External log collector wired through docker-compose and nginx. Frontend error tracking active on fresh deployments.
• Metrics service consolidation. Events service merged into metrics; all nginx configs route events through metrics.

Release 2026.4.07.101 — April 7, 2026

• Bundle static asset caching. Built bundle UI assets cached at the nginx layer.
• Framed bundle static UI allowed in nginx. Bundles can safely embed their own UI chrome.
• Economics tables migrated to per-tenant/project schema. Cleaner isolation at the database layer.
• Bundle-level allowed_roles access control. Bundles can declare which platform roles may invoke them.

April 6, 2026

• External log collector service shipped (PR #73) — frontend EventLoggerService integration.
• Bundle sidecars and typed HTTP bundle operations. Long-running auxiliary processes per bundle; typed operation endpoints.
• User bundle secrets + storage-backed secrets-file provider. Secret values resolved from files, with Kubernetes *_FILE pattern supported.
• Explicit public auth for bundle endpoints. Public (unauthenticated) surfaces must opt in explicitly.
• Stale versioned bundle storage cleaned automatically.

April 4, 2026

• @bundle_id decorator for declarative bundle ID definition.
• Public (unauthenticated) bundle operation endpoint pattern with explicit opt-in.
• Refined ReAct workspace checkout semantics. Pull separated from checkout seeding for predictable recovery.

March 2026 — descriptor-driven deployments, hardened runtime, economics polish

• Release 2026.3.31.203 / .158 (Mar 31). react.doc knowledge-space reader bundle shipped, evidence-first bundle authoring guidance, isolated-exec doc exploration, versatile reference bundle for bundle builders, local search tools in the exec runtime, workspace rehosting for historical directories.
• Release 2026.3.27.2050 / .26.1101 / .25.1215 (Mar 25–27). Normalized repo-source handling in CLI descriptors, React suggested followup wording, Excel export integration, tenant schema sanitization.
• Release 2026.3.22.013 (Mar 22). Economics UX pass: billing-widget scope aligned to project, profiler, MCP bundle props + named secrets, kdcube-cli stop command, debug controls for notifications.
• Release 2026.3.21.410 (Mar 21). Explicit user-scope respect in ReAct planning, relative symlinks for react.doc knowledge, bundle-storage propagation to execute_code_python, locked-per-storage-root knowledge builds, ReAct loop-exit routing + patch failure recovery.
• Release 2026.3.19.1347 / .311 (Mar 19). ECS task protection with configurable proc shutdown budget, proc long-run protection documented, Docker exec mount preflight for opaque host paths, proc autoscaling metrics aligned with exported monitoring, rate-limiting UX with rolling daily window.
• Release 2026.3.17.1155 / .110 (Mar 17). Proc singleton workflow reuse refreshes comm_context on each request; BUNDLES_FORCE_ENV_ON_STARTUP makes bundles.yaml authoritative; atomic chat enqueue includes continuation counter prefix; Fargate exec runtime mode for proc task defs.
• Release 2026.3.16.2245 / .2104 / .1519 / .1240 / .127 (Mar 16). Postgres SSL (asyncpg): POSTGRES_SSL=true maps to sslmode=require by default, with explicit POSTGRES_SSL_MODE / POSTGRES_SSL_ROOT_CERT. Version-tolerant Uvicorn shutdown diagnostics, parent/worker signal snapshots, process-tree logging. Modular secrets manager with Redis recovery tests. Conversation continuation mailbox.
• Release 2026.3.15.435 (Mar 15). CI adds verify-images job to catch silently missing DockerHub images; envsubst installed in web-proxy image.
• Release 2026.3.14.348 (Mar 14). Localhost-only internal bundle update endpoint on proc; Stripe config refactor, subscription plan change bug fixes, docs rewrite.
• Release 2026.3.13.245 / .210 (Mar 13). Bundle defaults canonical from code with reloaded configuration; react.doc knowledge defaults documented at canonical source; ECS + proxy deployment architecture docs.
• Release 2026.3.12.2356 / .039 (Mar 12). Bundle defaults: canonical configuration, reload code defaults, UI/docs fixes; ReactMCP bundle docs; react.patch streaming + file outputs fixed.
• Release 2026.3.11.453 (Mar 11). Gateway descriptor + assembly/secrets unification; proxylogin wiring; OpenRouter SDK integration + example agent; CLI UI-port prompting with explicit overrides.
• Release 2026.3.10.209 (Mar 10). Auth-aware frontend config sync; nginx runtime file; CLI README auth configuration.
• Release 2026.3.9.115 (Mar 9). Source-pool SID remap + search-result artifacts; web-only citations; bundle descriptor flow; Docker exec mounts for bundles.
• Release 2026.3.8.440 / .427 / .351 (Mar 8). Local secrets sidecar + runtime injection flow: kdcube-secrets service, tmpfs store, Settings-centralized secret reads, CLI secrets lifecycle.
• Release 2026.3.7.326 / .6.2011 / .6.1513 / .6.314 / .6.1245 (Mar 6–7). CLI reset mode with value re-prompting; git bundles HTTPS token auth + selector UI; installer moved into kdcube_cli; multi-arch (linux/amd64 + linux/arm64) release images; CI fixes for heredoc and version injection.
• Release 2026.3.5 (Mar 5). Bundle outbound firewall docs, turn-workspace documentation + REACT_PERSIST_WORKSPACE flag, CLI UX polish (Ctrl+C handling, truecolor detection, SSH terminal hardening), kdcube-cli rename, PyPI banner assets.
• Release 2026.3.3 / .1 (Mar 1–3). Config-driven throttle bypass patterns in gateway; react.doc knowledge bundle shipped; ingress runs as appuser; pre-ECS release descriptor for bundle deployment.

February 2026 — services split, ReAct v2, economics depth

• Service split (Feb 27). Ingress and processor split into separate services; dedicated metrics service; gateway config + monitoring revamp; integrations controller moved out of ingress; frontend config loaded at runtime (not build-time); /api/integrations routed through proc.
• ReAct v2 timeline-first (Feb 15). ReAct moved from a 2-section strict protocol to the versatile streamer with 2–3 channels (thinking, ReactDecisionOutV2, code). Channels are independently subscribable. Code-execution widget reworked around ReactDecisionOutV2 + code channels for realtime progress.
• Three-checkpoint cache (Feb 16). Added the last block of the previous turn as a third cache checkpoint; react.hide synchronizes allowed threshold with pre-tail; optional thread forking on unrecoverable errors.
• Timeline as single source of truth (Feb 13–14). All products stored on the timeline; recorded-stream persistence pre-deprecated; thin source-pool on timeline index; tool-result interpretation and error propagation improved; citation replacement and output de-duplication across streamers fixed.
• Feedback system (Feb 19). Feedback integrated with conversation-timeline concept; infra (exec) config updates.
• Economics — subscriptions (Feb 18). Per-period subscriptions, Stripe flows, admin ops, schema cleanup, docs. Strict tier limits for subscription users; clamped per-turn estimate.
• Serviceability (Feb 21–22). Redis connection pooling with centralized reconnection handling; relay re-established on Redis reconnect; PG pooling inferred from concurrency settings; paid-user gateway config; session rate-limit at tenant/project scope; monitoring reset endpoints for throttling/backpressure.
• Bundle hot reload (Feb 15). AI Bundle spec allows git-defined bundles and hot-reload across all service replicas of a tenant.
• Docker stacks (Feb 11–15). Managed-services docker-compose; frontend accepts JSON as config (not build-time baked); pgAdmin for local development; Fargate adapter for isolated exec.
• Context pruning (Feb 11). Progressive context pruning; session pruning mechanism and policies; rename of hide/memsearch.
• Turn workspace (Feb 11). Conversation timeline as single source of truth; workspace optimization for distributed usage.
• Bundle platform (Feb 2). Bundle admin UI; base entrypoint; example bundles.

January 2026 — Skills subsystem, widgets, sources pool

• Skills subsystem (Jan 19–22). Anthropic-compatible skills format; built-in skills (pdf/pptx/docx press, mermaid gen/val); SkillsSubsystem with context-var activation and portable descriptor export; namespace + glob filtering (public.*, public.*-press); skill discovery that avoids root-level markdown/YAML.
• Widgets (Jan 13–19). Server-side widget pattern for subsystem-to-client event communication; implemented widgets for code exec, web search, web fetch, turn status; widgets routed through dedicated subsystem channels.
• Sources pool + canonical artifacts (Jan 5–6). Source pool becomes single source of truth; artifacts carry canonical shape (name, kind inline/file, type, mime, format, summary, description, sources_used = list of SIDs). Everything is an artifact.
• Multimodal streaming (Jan 4). Attachments subsystem with multimodal streaming support across OpenAI, Gemini, and Anthropic.
• Attachments + ingress caps (Jan 7–8). Attachment hosting centralized; overall message-size limits in ingress with service-event reporting on caps failures; web tools add PDF and image source support.
• Context and memories reconciler (Jan 23–26). Turn memory + index-only fingerprint; conversation title persisted early; skills nudge for improved usage; memory presentation renderer with examples; turn summary generator + user-input summary generator.
• Streaming (Jan 22–26). Versatile channel-tag streamer + llm_generator backend with citation-safe streaming; stabilized channeled streamer; fast snippet segmenter.
• KDCube App Lab installer (Jan 23). First installer drop.
• Auth + gateway (Jan 28–30). Auth elements extraction from cookies; tokens centralized; MCP integration; arch doc.
• ReAct signals (Jan 27–28). Wrap-up signal through instruction + budget snapshot; safenet to trim skills params for tools that don't support them; skill-alias resolution to canonical IDs.

December 2025 — ISO runtime, web tools, economics foundation

• ISO runtime (Dec 4–12). Isolated exec runtime completion; 3-level isolation documented; iso runtime exec README; iso runtime for tool-only calls.
• Web search + fetch stack (Nov 29 – Dec 6). Hybrid backend with graceful service degradation, service-rate-limiting overcoming, best-effort dedup based on authoritative services rank list; accountable to web-service provider; custom HTML→markdown improved.
• Project economics (Dec 14–21). Multi-layer app-level rate limiting: app budget ($), per-user-type tier quota (tokens, requests), pay-as-you-go replenishment; control plane schema + management API; privileged (unlimited) tier handling.
• Solution engine (Dec 10–14). Solver module presentation and contract decoupling; ReAct context/strategy and budget → protocol; infra IO tools aligned on new slot attributes (gaps, draft, summary, inventorization).
• Citations and source pool (Dec 1–8). Multi-artifacts streaming in the canvas channel from LLM gen tool; source-pool SID remap; citation rendering hardened; neural filter+segmentator improvements.
• Gateway policy (Dec 5–6). Policy to govern backpressure, throttling, and rate limiting; auth on connect; SSE proxy config; SSE auth tokens in query params for EventSource.
• Infra (Dec 7–12). Docker-in-docker; multitenancy leftovers; session management atomic improvements; comm compose + nginx/env examples for the full system.
• Context retrieval (Dec 14–16). Presentation staging; context caching with lineage-aware slot binding; semantic + structural artifact summaries.
• Web resources (Dec 1–4). Stabilize search/fetch stack; improve PDF rendering; geo packages in requirements.
• ProxyLogin (Dec 17). ProxyLogin service added.

November 2025 — ReAct runtime, accounting, feedback system

• ReAct runtime (Nov 22–27). React runtime initial drop; runner with entrypoint; isolation story; sources system and wiring.
• Accounting (Nov 20–22). User-path accounting lightweight via turn cache; async operations; aggregation module; accounting analytics; per-provider tracking; turn reporting with price-table breakdown (input/output/cache read/cache write).
• Rendering tools (Nov 5–6). PPTX renderer with citations slide; DOCX renderer; LLM backend signal for holistic HTML; PPTX renderer for generic markdown→pptx.
• Feedback (Nov 6–7). Conversation feedback API; clear-feedback support; feedback system docs.
• Conversation management (Nov 10–15). Multi-conversations with conversation-status infrastructure; conv-status over WebSocket; delete conversation flow; storage "delete tree" op.
• Streaming (Nov 13–19). JSON unicode; struct handling for jsons that contain fences; enhanced "do not solve the user problem" signals for 2-fold streaming; simple 1-fold streamer; globa service/conv turn error handling; streaming broadcast per logged-in session.
• LLM gen tool (Nov 4–19). Signal to use provided sources; XML support; sys-instruction caching in backend; cleaner citation side-car block handling.
• SSE (Nov 21–24). SSE support; SSE client README; WebSocket + SSE coexistence; infra messaging refactor (dynamic subscription on connected sessions only).
• Sources system (Nov 18–26). Citable sources unified format with shape preservation across tools; sources system activities; SID merge.
• Tools (Nov 10). Decouple tool subsystem to own module resolution, loading, and registration; capture comm cache in sandboxed executions.

October 2025 — codegen, context retrieval, price tables

• Codegen / iso runtime (Oct 9–12). CB runtime isolation with continuous program progress; iso runtime; codegen instructions refined.
• Context retrieval (Oct 18–25). API for turn-log artifact retrieval via search vector; ctx tools work with fully-qualified and short turn IDs; turn summary includes user prompt summary; fuse turn log and turn summary in context snippets.
• Accounting price tables (Oct 16–17). Reference price tables with input/output/cache-read/cache-write prices; turn reporting per service/provider/model; $ calculation per turn; streaming caching.
• Rendering (Oct 10). DOCX / PPTX tools drop.
• Transpiler (Oct 21). TSX → HTML transpiler (local + server) and LLM-tools backend.
• Knowledge Base (Oct 12). Recency signal on data sources + retrieval-segment derivation; UTC defaults; blend search scores when weights provided.
• Streaming helpers (Oct 9). 2-fold streaming helper (thinking + answer, optional format validation); citation helpers for cites/footnotes in HTML.
• Citations (Oct 29). Sticky citations — previous-turn citations are added to the used-sources repo when the artifact is derived; emphasize last-program citations only in multi-turn projects.
• Events + emitters (Oct 28–30). Canvas target for event emitters; efficient accounting events query; token-count utility; attachments scanner on the stack.

September 2025 — SDK, comm protocol, storage

• Comm protocol (Sep 12–30). Single-instance communicator replaced with cross-service communicator; comm-protocol rework for bundles; decrease scattering via protocol.
• 3-layered streaming (Sep 2). Internal thinking → user-facing thinking → structured output. Sink added for user-facing thinking emission.
• Codegen + exec runtime (Sep 6). Codegen agent; simple exec runtime; IO tools for generated code; basic rendering tools; chromium renderer in chat docker; GPT-5 support without temperature param.
• CB Core / TM Codegen (Sep 17). Codegen agentic system with exposed artifacts + turn-log writes; distinguish project canvas / project presentation / solver error; context store/index with tickets; context RAG.
• Conversation store (Sep 23). Shared asyncpg PG pool at infra level for AI bundles; improved citation-token handling; solver component optimizations; better fragmented-stream handling.
• Turn log (Sep 24). Represent turn log in a structured way; restore program log properly; prerequisites for CB memory.
• SDK basics (Sep 17). SDK docs for AI Bundle tools, emitter, and BundleArtifactStorage.
• Context management (Sep 1). Smarter preferences system; context management updates.
• Accounting (Aug 31 – Sep 1). Accounting definitions cleaner; inventory cleanup.
• Streaming comm (Sep 14). Streamlit websocket comm library; communication utilities library.

August 2025 — initial release of older internal tools as a single project

• Initial commit (Aug 20, 2025). Foundation of kdcube-ai-app.
• DB resource indexer (Aug 20). First data-plane component.
• Service auth flow (Aug 21). REST + WebSocket auth flow; CB → KB service; MIT license headings added across AI-app backend and chatbot UI sources.
• Custom chatbot app plugin (Aug 21). First pluggable application implementation.
• Multi-agentic-app runtime (Aug 23). Core platform can host multiple agentic applications at once.
• Agentic app bundle (Aug 24). First bundle example; project documentation started.
• Bundle mapping broadcast (Aug 24). Persistent broadcasted updates of the bundle mapping.
• Conversation history + graph DB (Aug 26). conversation_id / turn_id support, conversation history storage and index, Neo4j integrated for context DB.
• Chatbot comm (Aug 30). Chatbot comm protocol update; cross-service communicator.
• AIBundle context (Aug 28). Conversation ID, turn ID, and user details propagated to bundles.
• Hybrid search + tenant-scoped resources (Aug 23). Tenant included in resource names; hybrid search optimized.
• Deployment (Aug 24 – Sep 6). Lighter images, per-service requirements, renderer (chromium) in chat docker, neo4j in the stack.

Further history

For the complete per-commit record, release tags, and the long tail of fixes and improvements not surfaced here, see the GitHub releases page and the full commit log.