Release history

Added

Added

• · Hook pipeline (hooks/pipeline.py) — PreToolUse / PostToolUse shell callbacks configurable via config.yaml. Pre-hooks that exit non-zero deny execution; post-hooks run asynchronously. fnmatch pattern matching against ToolName or ToolName.action_name.
• · Plan mode (brain/plan_mode.py) — /plan presents the full execution plan as a rich table and waits for approval before any step runs. Auto-approves all-READ plans when plan_mode.auto_approve_low_risk: true.
• · Skills registry (skills/registry.py) — user-extensible slash commands from *.md files with YAML front-matter. Discovery: bundled → ~/.zenus/skills/ → .zenus/skills/. Bundled skills: commit, review-pr, simplify, explain, test-coverage.
• · Context compactor (context/compactor.py) — /compact summarises intent history via LLM and replaces it with one entry. Auto-triggers at configurable token threshold.
• · Session store (memory/session_store.py) — persist and resume sessions at ~/.zenus/sessions/.json (chmod 600). /session list/save/load/delete. Auto-prune to max_sessions.
• · TaskOps tool — formal task lifecycle: create, list, get, stop, output, purge. Wraps the background queue with a user-visible API. /tasks command.
• · ScheduleOps tool — register cron jobs from within an execution plan via crontab. Remote HTTP webhook triggers with URL scheme validation.
• · WorktreeOps tool — enter(branch), exit_worktree(), current(). Creates isolated git worktrees for risky work; auto-cleanup if no commits are made.
• · NotebookOps tool — read and edit Jupyter .ipynb cells without a kernel: list_cells, read_cell, edit_cell, add_cell, delete_cell, clear_outputs.
• · ToolSearch tool — runtime search of the tool registry by name or description.
• · AskUserQuestion tool — structured mid-plan user prompts with options validation and retry.
• · SleepTool — agent-callable wait primitive, capped at 300 seconds.
• · /doctor command — 10-check system health diagnostics rendered as a rich pass/fail table.
• · MCP server mode (zenus mcp-server) — exposes all tool actions via stdio/SSE to Claude Code, Cline, Continue. Tool names: {ToolName}__{action_name}. Privilege tier STANDARD by default.
• · MCP client mode — connect external MCP servers at startup; their tools are injected as mcp__{server}__{tool} into the Zenus registry.
• · mcp optional dependency (pip install "zenus-core[mcp]")
• · zenus mcp-server CLI subcommand with --transport, --host, --port, --allow-privileged flags.
• · MANIFESTO.md — first-principles document on the Zenus philosophy.
• · 141 new unit tests across 7 new test files (hooks, plan mode, skills, session, agentic tools, MCP, security).

Security

• · Secret masking in audit logs and intent history ([REDACTED] for API keys, bearer tokens, GitHub PATs).
• · Owner-only file permissions on ~/.zenus/logs/ and ~/.zenus/history/ (mode 0o700/0o600).
• · URL scheme validation in NetworkOps — rejects file://, dict:// and other non-HTTP(S)/FTP schemes.
• · Path resolution via Path.resolve() in FileOps — closes ../ traversal vectors.
• · GitHub token restricted to env-only — removed config.yaml fallback.
• · enforce_confirmation_policy() ensures risk≥2 steps always require confirmation.
• · Temp file permissions hardened to 0o600 in CodeExec.
• · 30 security regression tests.

Changed

• · LLM-driven search classification — replaced heuristic SearchDecisionEngine with LLM-based classification. The LLM now sets search_provider, search_category, and cannot_answer directly in IntentIR.
• · Structured debug-output controls (DebugFlags) with per-subsystem flags: orchestrator, brain, execution, voice, search. All default to False.
• · Academic query fallback routing: Semantic Scholar → arXiv → OpenAlex → Wikipedia.

Added

• · Semantic Scholar source — Allen Institute API, 200M+ academic papers, no API key required.
• · OpenAlex source — 240M+ scholarly works, open access.
• · Knowledge Graph (brain/knowledge_graph.py) — typed entity-relationship graph from ActionTracker events with BFS traversal and impact analysis.
• · Q&A mode — IntentIR.is_question short-circuits directly to llm.ask(), bypassing execution machinery.
• · Dynamic execution summary builder — concise human-readable summary from step results.
• · Autonomous web search with Brave Search API + 7-source parallel fallback (Wikipedia, HN, GitHub, Reddit, arXiv, RSS).
• · Voice v0.2.0 — faster-whisper STT (4× faster, no PyTorch), openwakeword wake detection, VoicePipeline entry point.
• · DebugConfig Pydantic model and debug.* config.yaml section.

Security

• · XML bomb protection — replaced stdlib xml.etree.ElementTree with defusedxml.
• · Prompt injection hardening — search results wrapped in untrusted-content delimiters.
• · Safe HTML stripping — _SafeHTMLStripper discards