All notable changes to QyverixAI are documented in this file.
- Added a dedicated changelog page in
docs/CHANGELOG.md. - Added changelog guidance for contributors and PR authors.
- Added
POST /auth/logoutto revoke the caller's access token. - Added an append-only audit log for privileged admin actions, with a
queryable
GET /admin/audit-logsendpoint and admin-gated user role management (PUT /admin/users/{id}/role) and deletion (DELETE /admin/users/{id}).
- Linked the changelog from
README.mdfor faster discoverability.
- Hardened authentication against token replay: access tokens now carry a
unique
jti, and revoked tokens (e.g. after logout) are rejected via a server-side denylist until they expire. - Audit-log entries redact sensitive fields (passwords, tokens, secrets, API keys) before they are persisted.
- Prevent resource exhaustion by adding size constraints (max_length=200) and truncation rules on search query parameter q in GET /history/search.
- Initial public release of QyverixAI.
- Code analysis features for explain, debug, and improve workflows.
- Frontend and backend integration with local history, share links, and file upload support.
- API endpoints for explanation, debugging, suggestions, analysis, and share.
- Documentation and contribution guidance for GSSoC 2026 contributors.
- N/A
- N/A