Close open uploads, image-proxy SSRF, fail-open AI quotas in production,
auth gaps on app routes, and MCP tenant isolation issues.
Co-authored-by: Cursor <cursoragent@cursor.com>
1. replaceAll (Find & Replace) — une seule transaction ProseMirror
au lieu d'un forEach cassé. Tous les matchs sont maintenant remplacés.
2. Link Preview unwrap — deleteNode() au lieu de clearer les attrs
qui laissaient un nœud fantôme invisible dans le document.
3. Conversion Markdown → richtext — breaks: true dans marked.parse()
Les simple newlines sont maintenant convertis en <br>.
+ préserve les blocs custom (toggle, callout, math, columns,
outline, link-preview) en commentaires HTML lors de l'export MD.
4. emitNoteChange exercices — shape corrigée (type:'created' attend
un objet Note, pas noteId/notebookId séparés).
5. Raccourcis clavier sans conflit :
Cmd+Shift+C → Cmd+Alt+C (callout, avant: copier)
Cmd+Shift+O → Cmd+Alt+O (outline, avant: historique/signets)
Cmd+Shift+L → Cmd+Alt+L (colonnes, avant: lock screen macOS)
Rend les liens entre notes visibles et persistants (sync NoteLink au save, auto-save, graphe réseau rafraîchi), ajoute living blocks, Memory Echo, recherche globale, consentement IA explicite et consolide les prototypes design en architectural-grid.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Sidebar: dynamic brand-accent colors, brainstorm section restyled
- AI chat general: popup panel with expand/collapse, hides when contextual AI open
- AI chat contextual: tabs reordered (Actions first), X close button, height fix
- Settings: all tabs restyled, 6 new color presets (sage, terracotta, iron, etc.)
- Global color cleanup: emerald/orange hardcoded → brand-accent dynamic
- Brainstorm page: orange → brand-accent throughout
- PageEntry animation component added to key pages
- Floating AI button: bg-brand-accent instead of hardcoded black
- i18n: all 15 locales updated with new AI/billing keys
- Billing: freemium quota tracking, BYOK, stripe subscription scaffolding
- Admin: integrated into new design
- AGENTS.md + CLAUDE.md project rules added
Security:
- Add auth + file type/size validation to upload API
- Add admin auth to /api/admin/ endpoints
- Add SSRF protection to scrape action
- Whitelist fields in PUT /api/notes/[id] to prevent mass assignment
- Protect /lab, /agents, /chat, /canvas, /notebooks routes in middleware
AI provider fixes:
- Add deepseek/openrouter to factory ProviderType (was silently falling back to ollama)
- Fix title-suggestion.service.ts to use factory instead of hardcoded OpenAI
- Fix getAIProvider→getChatProvider in memory-echo, notebook-summary, agent-executor
- Fix getAIProvider→getTagsProvider in notebook-suggestion, title-suggestions, transform-markdown
Functional bugs:
- Fix ALLOW_REGISTRATION AND→OR logic
- Fix note-editor.tsx passing stale props to useAutoTagging instead of local state
- Fix stale Note.embedding type (migrated to NoteEmbedding table)
- Remove hardcoded SQLite path from prisma.ts
Frontend:
- Add AbortController to useAutoTagging and useTitleSuggestions hooks
- Add error rollback to optimistic UI in note-inline-editor
- Remove stale closure over notebookId/language in useAutoTagging
Cleanup:
- Rename docker-compose from keepnotes→memento
- Remove unused unstable_cache import from config.ts
- Remove dead useUndoRedo hook
- Fix TagSuggestion type (add isNewLabel, reasoning)
- Remove dead AIConfig/AIProviderType types
- Fix ghost-tags unused isEmpty var and as any cast
- Fix note-editor titleSuggestions typed as any[]
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove BMAD framework, IDE configs, dev screenshots, test files,
internal docs, and backup files
- Rename keep-notes/ to memento-note/
- Update all references from keep-notes to memento-note
- Add Apache 2.0 license with Commons Clause (non-commercial restriction)
- Add clean .gitignore and .env.docker.example