Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 69 additions & 19 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,34 +1,84 @@
# Changelog

All notable changes to docsiq are published on
[GitHub Releases](https://github.com/RandomCodeSpace/docsiq/releases)
with auto-generated summaries grouped by label (security fixes, breaking
changes, new features, bug fixes, dependencies). Each release is tagged
with its signed SHA256SUMS and SLSA build provenance.
All notable changes to docsiq are documented here in a human-readable
form. The full per-commit history is available on
[GitHub Releases](https://github.com/RandomCodeSpace/docsiq/releases),
but this file is the curated summary.

This file summarises notable releases. The canonical source is the
Releases page linked above.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
Each release ships signed binaries (cosign keyless + Rekor), a signed
`SHA256SUMS`, and SLSA build provenance.

## [Unreleased]

### Added
- Governance and community files: `CODE_OF_CONDUCT.md`, `GOVERNANCE.md`,
`.github/CODEOWNERS`, `.github/release.yml`, `docs/ACCESSIBILITY.md`
- `.bestpractices.json` to track OpenSSF BestPractices criteria
- `CODE_OF_CONDUCT.md`, `GOVERNANCE.md`, `.github/CODEOWNERS`,
`.github/release.yml`, `docs/ACCESSIBILITY.md` — project governance
and community files (OpenSSF BestPractices passing tier).
- `.bestpractices.json` tracking the full OpenSSF BestPractices matrix
at repo root (78 Met / 10 N/A / 0 Unknown).

### Changed
- `SECURITY.md`: added a "Report archive" section clarifying that
GitHub Issues archives non-sensitive reports and Security Advisories
archives coordinated-disclosure reports.
- Release pipeline: dropped GoReleaser (its `prebuilt` builder is a
Pro-only feature and wasn't parsing in OSS goreleaser). The release
job now computes SHA256SUMS, signs with cosign keyless, and creates
the GitHub release directly — signing, provenance, and categorised
release notes are all preserved.
- CI: dropped macOS from the test matrix; Linux-only is sufficient to
gate PRs. The release workflow still builds darwin-arm64 binaries
natively on macOS runners.
- CI: removed `push: main` trigger from `ci.yml` and `fuzz.yml`;
`pull/N/merge` already validates the merged tree. Saves ~2 min of
runner time per merged PR. `codeql.yml` still runs on push to main
(the Security tab's default-branch data requires it).

## [0.0.2] — 2026-04-23

### Changed
- `SECURITY.md`: added "Report archive" section documenting GitHub Issues
and Security Advisories as the public archive

## [0.0.2] — 2026-04-20
- **Scorecard workflow cadence.** `scorecard.yml` now runs on release
completion and weekly on schedule instead of firing on every push to
`main`. The policy being scored is unchanged; this simply stops
re-scoring commits that don't move any Scorecard-visible state.

### Upgrade impact

Safe drop-in upgrade from v0.0.1. No API, CLI, or on-disk schema
changes — replace the binary in place.

GitHub Release: <https://github.com/RandomCodeSpace/docsiq/releases/tag/v0.0.2>

## [0.0.1] — 2026-04-23

First non-beta release. Establishes the feature set and API surface
that subsequent 0.0.x patches will maintain back-compat against.

### Added

See <https://github.com/RandomCodeSpace/docsiq/releases/tag/v0.0.2>
- **GraphRAG indexing pipeline** — five-phase ingestion: chunk, extract
entities/relationships/claims, community-detect (Louvain), embed,
persist.
- **Document loaders** — PDF (langchaingo), DOCX, TXT, Markdown, and a
polite web crawler with robots.txt + allow-list + MIME checks.
- **Multi-provider LLM layer** — Azure OpenAI, OpenAI, and Ollama
behind a single `internal/llm` abstraction.
- **Query engine** — hybrid local (vector + FTS5) and global
(community-summary) search.
- **Surfaces** — CLI (`docsiq index|search|serve`), REST API, MCP
server, and an embedded React SPA served by `docsiq serve`.
- **Storage** — single SQLite file with `sqlite_fts5` and `sqlite-vec`
for vector search. No external DB to deploy.
- **Signed releases** — cosign keyless via Sigstore (Rekor-anchored),
signed `SHA256SUMS`, and SLSA build provenance.

## [0.0.1] — 2026-04-15
### Known limitations

Initial release.
- Darwin support is limited to `arm64`; `amd64` is not built (cgo +
sqlite-vec cross-compile complexity).
- Pre-1.0: APIs and on-disk schema are not yet frozen.

See <https://github.com/RandomCodeSpace/docsiq/releases/tag/v0.0.1>
GitHub Release: <https://github.com/RandomCodeSpace/docsiq/releases/tag/v0.0.1>
Loading