Every release, in detail — features, fixes, performance work, and security updates from the team building Evermuse.
Cherry-picked hotfix release covering chat file uploads on Cloud Functions v2 and product association on meeting reassignment.
multer with direct busboy parsing for Cloud Functions v2 — restores attachment uploads in chat.product_id when a meeting is reassigned to a project, with a backfill migration for affected rows.additional_amount bucket on subscribed plans could skip the Chargebee usage.create call; every credit consumed now flows through Chargebee's tier engine for accurate inclusion vs. overage math.transformers to <4.52 to restore torch compatibility.Cross-cutting release touching authentication, frontend bundle size, dependency modernization, the Meetings tab, and the MCP authorization flow.
user_id cookie with HMAC at login and verify it on subsequent requests; the DB token fallback has been removed.last_access_token field and the GetUserByAccessToken DAO method.console.log calls in chat routes with the structured log service to prevent accidental data leakage.process.env from the Vite build configuration and switch source maps to hidden mode in production.manualChunks for vendor splitting and add route-based code splitting with React.lazy.chargebee.js to unblock initial render.video.js.antd with the ShadCN Checkbox and RadioGroup.react-beautiful-dnd with @dnd-kit.swiper with embla-carousel-react.yup with zod; replace is-online with native browser APIs.react-player.firebase-storage dependency.getErrorMessage instead of any-casting caught errors.projectFilter state and stop kebab key events from bubbling.clearStaleAuthCookies change after regression.OriginalTranscriptCard still imported by editDialog.meetingLinks and featureGate.selectedProject across thread switches.ProjectSelect to compose surfaces and persist selection.CompactThreadSwitcher while threads load.onSnapshot from clobbering local edits.ProjectDataPanel.ProjectContext to a Zustand store, with unit test coverage.getProjectsByProductId.ingest_failed when Inngest onFailure fires.EventType for the invite-email error log and stop invite-email failures from crashing the invite flow.ingest_app_upload in the usage breakdown aggregation.getDocs waterfall with parallel onSnapshot listeners.getMeetingOverviews call from ProjectContext.isLoading.ProjectContext.completed status so they don't hang in processing.Major release introducing document support across the product, rebuilding the ingest pipeline, overhauling Projects, and unifying credit metering.
SourceIcon component with MIME-based icon resolution._project_id with _project_ids array across envelope, record processor, and DAOs.processIngestRecord and processIngestBatchReady.classifyRecord replaces the naive classifier.DOC_NORMALIZATION_ENABLED.readRecordAtLine helper.Signal and SignalType types with Zod schemas.director_workflow_docs workflow with quotes, needs, and feedback nodes.doc_overview_flow workflow with aligned input naming.wait-on improvements; Semgrep 1.154.0 compatibility.protobufjs to address upstream advisories.export=download bypass to the /uc path only.DocumentClassification with bucket helpers.signals from the EmbeddingCollection enum.product_assigned_at on an actual product change.axios to 1.15.0.super_admin flag to a Push API labs flag.ExecuteWorkflow to streaming to prevent Cloud Run timeouts.agi-tools search.UND_ERR_BODY_TIMEOUT._destinations with _product_id / _project_id as the primary routing fields across schema, Firestore, GCS paths, Inngest events, OpenAPI spec, and load tests._nature is now required on every ingest record._project_id must be consistent across all records in a batch._product_id restricted to path-safe characters.chat_history ingest type replaced with conversation.docker-compose for more reliable long-running agent sessions.NaN dates).NewWorkspaceSubscription instead of swallowing them.workspace:billing permission.object-cover and support dark mode.chunkArray to a shared utility and chunk Vellum calls.featureGate.ts) and dedicated features routes.emFeatures and workspaceFeatures collections.run_subagent MCP tool for dispatching sub-agent tasks.TranscriptPreview component.CitationTooltipOverlay replaces per-message Tippy tooltips for better rendering performance.ChatMessage and MessageParts to prevent re-renders during streaming.user_id cookie fallback for the Google / Microsoft token refresh race condition.refresh-email-token from the requireWorkspaceRole coverage check.body-parser and multer via dependency updates.user.integrations in shouldFireZoomToast.Badge changed from div to span to fix a DOM nesting warning.created_at value.AskAnythingContent remount on thread switch.customFetch.neutral-700) in the Sources panel.backend/src/seeds/; added staging deploy step.Resolved several high- and critical-severity static-analysis findings and upgraded the body-parser dependency.
body-parser and serialize-javascript to versions free of known advisories.basic-ftp, rollup, minimatch, and hono to versions that resolve known upstream advisories.InvitesDAO.GetInviteById method.swiper and axios to versions free of known advisories.invalid_grant check.step.run; added calendar-specific mock infrastructure for tests.Significant authentication and file-upload reliability work, plus tokenizer and infrastructure improvements.
sameSite=lax in local / test environments.Authorization to CORS allowedHeaders for backwards compatibility.authCustomFetch.UploadIntent types and DAO in shared.authService updates the token hash on login and refresh.tokenUtils using js-tiktoken for accurate OpenAI token counting.chunkText maxTokens validation to prevent infinite loops.gpt-tokenizer with js-tiktoken to resolve WASM bundling issues.tokenUtils test performance improved from ~90s to ~3s.ChooseExistingProject using useCallback.batchCreateNotesLiveMeet.useLogoUrl URL check ordering to prevent incorrect path extraction.NOT_FOUND errors in batch-create-notes-live-meet.JWT_KEY and NODE_ENV to the E2E tests workflow.meetings.stored_name.getMeetUrlByStoredName endpoint flagged for IDOR risk.Multi-tenant authorization hardening, granular per-endpoint permissions, and the first full pass of SOC 2-compliant logging.
getMeetingOverviews API request when opening a project with media files.preact, @remix-run/router, and qs.scheduleBotCreation, verifySubscriptionsRenewalDates, feedBuilder, workspaceFeedBuilder, workspaceProductFeedBuilder, deleteNeeds, runCategorizer, verifyLastInvoicePayments, productSpecDistillationAndRoadmap.calendarService, meetingService, workspacesService, authService, notesService, …).jest-junit configuration and test:ci scripts for backend, shared, and frontend workspaces.scheduleBotCreation, deleteNeeds, feed-builder, verifySubscriptionsRenewalDates, and more.jest-junit test reporting and improved test workflow configurations.jws package to resolve a high-severity HS256 signature verification advisory.related_articles to 8 items in the news-competitor workflow and safely access them with optional chaining.--frozen-lockfile.AI Advisor surface, the new Data Tab, and infrastructure tuned for higher concurrency.
maxInstances to 100 on dev and 1000 on prod for better horizontal scaling.tasksOptions to the services workspace as the single source of truth.glob to address a known advisory.competitorUnique creation.MS.GenAccessToken().DisconnectDialog migrated to the ShadCN Dialog component.services workspace in the monorepo for Inngest functions, with dedicated deployment scripts.@typed-firestore/server.backend/src/utils/index.js moved to shared/src/utils/index.ts.Date / Firestore Timestamp consistently.scheduleBotCreation job for better error tracking.proj-overview Vellum workflow and refactored related components.OpportunityDialog to use named exports.hasAccess checks in chat thread operations.productId before saving research questions.uploadRecording endpoint.MeetingsDAO create / update.Six months in the making — Evermuse v1 moves from raw data collection to AI-powered synthesis.
Timestamp handling across meeting flows.WatchEvents.uploadRecording endpoint against path-traversal and added stronger file-upload validation.Subscribe to the Everblog for product updates, new releases, and playbooks for building in the age of AI.