[Unreleased] Added · MCP server mode (zenus mcp-server) — exposes all tool actions via stdio/SSE to Claude Code, Cline, Continue. Privilege tier STANDARD by default. · MCP client mode — connect external MCP servers at startup; their tools are injected into the Zenus registry as mcp__{server}__{tool}. · mcp optional dependency (pip install "zenus-core[mcp]") · MCPConfig schema with full Pydantic validation for mcp.server and mcp.client sections. · zenus mcp-server CLI subcommand with --transport, --host, --port, --allow-privileged flags. · 35 MCP unit tests covering server build, tool registration, privilege enforcement, CLI parsing, and client lifecycle. · MANIFESTO.md — first-principles document on the Zenus philosophy. Security · Secret masking in audit logs and intent history ([REDACTED] for API keys, bearer tokens, GitHub PATs). · Owner-only file permissions on ~/.zenus/logs/ and ~/.zenus/history/ (mode 0o700/0o600). · URL scheme validation in NetworkOps — rejects file://, dict:// and other non-HTTP(S)/FTP schemes. · Path resolution via Path.resolve() in FileOps — closes ../ traversal vectors. · GitHub token restricted to env-only — removed config.yaml fallback. · enforce_confirmation_policy() ensures risk≥2 steps always require confirmation. · Temp file permissions hardened to 0o600 in CodeExec. · 30 security regression tests.
[1.1.0] 2026-03-21 Changed · LLM-driven search classification — replaced heuristic SearchDecisionEngine with LLM-based classification. The LLM now sets search_provider, search_category, and cannot_answer directly in IntentIR. · Structured debug-output controls (DebugFlags) with per-subsystem flags: orchestrator, brain, execution, voice, search. All default to False. · Academic query fallback routing: Semantic Scholar → arXiv → OpenAlex → Wikipedia. Added · Semantic Scholar source — Allen Institute API, 200M+ academic papers, no API key required. · OpenAlex source — 240M+ scholarly works, open access. · Knowledge Graph (brain/knowledge_graph.py) — typed entity-relationship graph from ActionTracker events with BFS traversal and impact analysis. · Q&A mode — IntentIR.is_question short-circuits directly to llm.ask(), bypassing execution machinery. · Dynamic execution summary builder — concise human-readable summary from step results. · Autonomous web search with Brave Search API + 7-source parallel fallback (Wikipedia, HN, GitHub, Reddit, arXiv, RSS). · Voice v0.2.0 — faster-whisper STT (4× faster, no PyTorch), openwakeword wake detection, VoicePipeline entry point. · DebugConfig Pydantic model and debug.* config.yaml section. Security · XML bomb protection — replaced stdlib xml.etree.ElementTree with defusedxml. · Prompt injection hardening — search results wrapped in untrusted-content delimiters. · Safe HTML stripping — _SafeHTMLStripper discards 