What's New

April 16, 2026

Clean pressed background for toolbar toggle icons

Pressed horizontal toolbar buttons (pinned wave, pinned saved search, and other toggle icons) no longer render a two-tone gray/blue background.

✓Fixed

• Removed the legacy buttonDown sprite under HorizontalToolbarButtonWidget pressed state so toggled toolbar icons now show a single clean rounded-blue overlay instead of a half-gray half-blue mix

April 16, 2026

Fix perf Alloy archive verification

The performance workflow now verifies and unpacks the same Grafana Alloy archive filename so checksum validation does not fail before the perf job starts.

✓Fixed

• Aligned the perf workflow's Alloy checksum verification and unzip steps on the same architecture-specific archive filename

April 16, 2026

Harden prebuilt Docker build against Ubuntu mirror sync errors

The production deploy pipeline now retries apt-get inside Dockerfile.prebuilt with progressive backoff, so a transient Ubuntu mirror hash-mismatch no longer aborts the whole deploy.

✓Fixed

• Wrapped apt-get update/install in Dockerfile.prebuilt in a retry loop with progressive backoff and Acquire::Retries so transient mirror sync hiccups do not fail the deploy

April 16, 2026

Preserve every word when typing into a blip on Android

Android Chrome and Brave were silently dropping the first character of every composed word (typing "new blip" produced "ewlip") because the editor's mutation handler was activating the typing extractor mid-composition. The IME composition flow now owns DOM character mutations between compositionstart and compositionend, so the typing extractor no longer stomps on the IME scratch container as it is torn down.

✓Fixed

• Android IME composition no longer drops the first character of each word when typing into a new or existing blip
• DOM character mutations that arrive between compositionstart and compositionend are now handled exclusively by the composition flow, avoiding a stale typing-extractor state that survived compositionend

April 13, 2026

Avoid blocking on loading wavelets

Wavelet-dependent cache and indexing paths now skip still-loading wavelets and emit load-state diagnostics instead of blocking on incomplete state.

✓Fixed

• Prevented cached wavelet invalidation and copy paths from blocking on wavelets that are still loading
• Added wavelet load-state diagnostics so slow or timed-out loads report their state, age, and executor context in server logs

April 13, 2026

Wrap pinned saved searches onto another toolbar row

Pinned saved-search buttons in the search panel now wrap onto additional toolbar rows instead of forcing horizontal scrolling, and the search results panel follows the toolbar's rendered height.

✓Fixed

• Pinned saved searches in the search panel now remain visible by wrapping onto another toolbar row when space runs out
• The search panel keeps its wave-count bar and result list aligned below the real wrapped toolbar height instead of overlapping the extra row

April 13, 2026

OT search protocol bootstrap

OT search subscriptions now carry the raw query to the server and receive their first snapshot on the OT channel itself, removing the old dependency on an HTTP `/search` bootstrap.

✓Fixed

• Search wavelet open requests now include the raw search query so the server can compute and publish the initial live-search snapshot immediately
• OT search cold-start no longer depends on a side-effect from the legacy `/search` servlet before the sidebar can populate

April 13, 2026

Same-name index upgrade conflicts

Mongo delta-store startup now treats same-name index key-spec conflicts as upgradeable so legacy applied-version indexes can be repaired without forcing append-guard mode.

✓Fixed

• Mongo delta-store startup now upgrades legacy applied-version indexes when Mongo reports same-name key-spec conflicts, instead of refusing new delta writes until restart

April 13, 2026

Clarify the Next Unread toolbar icon

The wave toolbar now uses a directional chevron plus unread-accent dot for Next Unread instead of a bell, making the action easier to recognize at a glance.

✓Fixed

• Replaced the Next Unread bell glyph with a clearer directional chevron and unread-colored dot in the wave toolbar

April 13, 2026

Mongo startup migrations now run before readiness

Mongo-backed v4 deployments now run Mongock startup migrations before the server is considered ready, with deploy-time verification tied to the migration completion marker.

✦New

• Mongo-backed v4 startup now runs versioned Mongock schema migrations before Wave begins serving traffic
• Deploy and rollback verification now wait for the canonical Mongock completion marker before continuing
• Mongo migration tests now cover the startup baseline, degraded fallback, and deploy bootstrap checks

April 13, 2026

Disable Mongock transactions for standalone Mongo deployments

Mongo-backed startup migrations now disable Mongock transactions so standalone MongoDB deployments can apply schema changes without replica-set transaction support.

✓Fixed

• Disabled Mongock transaction usage before the startup migration runner executes against Mongo v4
• Kept the driver on primary reads while leaving read and write concern overrides unchanged

April 13, 2026

Gate Mongock startup migrations to Mongo-backed persistence

Wave startup now runs Mongock migrations only when the active core persistence path is MongoDB on the v4 driver, avoiding unnecessary migration startup work for file- or memory-backed deployments.

✓Fixed

• Mongo-backed v4 deployments now run the startup migration runner exactly once during persistence wiring
• File- and memory-backed deployments skip Mongock entirely even if Mongo connection settings are present in the config

April 13, 2026

Avoid false Mongo migration marker failures on SIGPIPE

Deploy verification now treats a matched Mongock completion marker as success even when the Docker logs pipeline exits with SIGPIPE after `grep -q` stops reading.

✓Fixed

• Deployment marker verification now captures recent container logs before searching for the Mongock completion message so `set -o pipefail` does not turn a successful match into a failure
• Added regression coverage for the `docker compose logs --since ... | grep -q` SIGPIPE path that previously misreported completed migrations as missing

April 13, 2026

Reuse Lucene indexes across startup

Wave startup now reuses an existing Lucene index when rebuild-on-startup is disabled, avoiding full corpus repair on every restart while preserving empty-index bootstrap and explicit rebuilds.

✓Fixed

• Lucene startup now skips the old startup repair pass when a reusable on-disk index already exists and `core.lucene9_rebuild_on_startup` is false
• Empty Lucene directories still trigger an initial build and explicit admin reindex operations still perform full rebuilds

April 13, 2026

Add Grafana-backed performance observability

The performance workflow now exports Wave and runner metrics to Grafana Cloud during Gatling runs and can upsert a matching Grafana dashboard for perf analysis.

✦New

• Added a local perf metrics exporter plus Alloy config generation so the performance workflow can scrape Wave, runner, and summary metrics during Gatling runs
• Added Grafana dashboard provisioning assets and workflow wiring so performance runs can publish observability data into Grafana Cloud

April 13, 2026

Add an importable Grafana analytics dashboard

Added a starter Grafana dashboard for Wave analytics counters and aligned the host docs with the metrics and JSON-log signals the runtime actually emits.

✦New

• Added a starter Grafana dashboard for the exported `wave_analytics_*` Prometheus counters plus request-rate and p95 latency charts
• Documented the dashboard import path and removed references to unsupported logfmt analytics event queries so the runbook matches the current Wave and Alloy pipeline

April 13, 2026

Move admin analytics out to Grafana

Wave no longer renders an admin analytics tab; the remaining analytics signals are exported through `/metrics` and the Grafana Alloy pipeline instead of being stored and queried inside the app.

✦New

• Removed the /admin Analytics tab and its server-side analytics API/history storage paths
• Wave now exports aggregate analytics counters through the existing Prometheus `/metrics` endpoint for Grafana dashboards and alerts
• Updated the SupaWave Alloy host configuration and runbook so Grafana Cloud scrapes Wave application metrics directly

April 13, 2026

Retry transient GHCR push failures during deploy builds

The Contabo deploy workflow now retries transient GHCR push failures and rejects invalid retry settings instead of silently skipping pushes or crashing mid-loop.

✓Fixed

• Deploy builds now push images through a retry helper that retries known transient registry and network failures before giving up.
• The retry helper now validates its retry-count and retry-delay environment variables and regression coverage now includes fail-fast, retry exhaustion, and invalid-config cases.

April 13, 2026

Restore deploy health wait window

Blue-green deploys now wait up to seven minutes for the target slot to report healthy, with the poll interval and timeout still configurable through environment variables.

✓Fixed

• Restored the default slot health wait window from the old 180-second cutoff to 420 seconds so slower Lucene-backed startups can finish before deploys abort
• Kept the slot health polling interval and timeout configurable through deploy environment variables without requiring script edits

April 13, 2026

Fix remaining Android IME root-blip text corruption case

Android/mobile IME composition no longer drops already-typed leading characters when Chrome temporarily promotes the composing word into a transient selection range.

✓Fixed

• Android/mobile IME composition no longer drops already-typed leading characters when Chrome temporarily promotes the composing word into a transient selection range.

April 12, 2026

Added Worktree Diagnostics Bundle Guidance

Adds a bundled diagnostics command and runbook so issue worktrees can capture compact startup, smoke, endpoint, and log evidence without inventing a separate observability workflow.

✦New

• Add scripts/worktree-diagnostics.sh: emits a Markdown diagnostics bundle with endpoint probes, smoke-check output, startup tail, and server-log tail for the current worktree runtime
• Add docs/runbooks/worktree-diagnostics.md: explains when to run the bundle, what it captures, and how to reference it from issue comments and PR summaries
• Update scripts/worktree-boot.sh, docs/runbooks/worktree-lane-lifecycle.md, docs/runbooks/README.md, and docs/SMOKE_TESTS.md so the diagnostics bundle is discoverable from the existing worktree verification flow

April 12, 2026

Fix top-panel toggle button active surface

The Pin and Archive top-panel buttons now keep a full-width active highlight instead of showing only a partial pressed background when toggled on.

✓Fixed

• Restored the shared down-state overlay for compact top-panel icon buttons like Pin and Archive so the active highlight spans the full button width
• Removed the compact-only down-state override that reintroduced a split active background on toggled toolbar buttons

April 12, 2026

Add a restore window for tag removal

Removing a wave tag now shows a 20-second restore toast so accidental tag deletes can be undone without reopening the tag editor.

✓Fixed

• Tag removal now shows a compact restore toast instead of a passive confirmation-only message
• Restoring a just-removed tag re-adds it from the toast action without leaving the current wave

April 12, 2026

Let users close tag restore toasts

Tag-removal restore toasts now include a manual close action that immediately finalizes the delete instead of keeping the restore window open.

✓Fixed

• Tag removal toasts now include a Close action alongside Restore
• Closing the toast immediately clears the pending restore window so the delete is finalized at once

April 12, 2026

Keep tag search fresh after wave cache commit notifications

Fixes stale `tag:` results when a cached wave lags behind a newer committed wavelet version delivered through commit notifications.

✓Fixed

• Invalidate a cached wave only when a commit notification proves the cached wavelet version is older than the committed version
• Preserve fresh local wave state so immediate metadata searches still reuse the in-memory cache when no newer committed data exists
• Add regression coverage for existing tag documents, stale shared-store caches, and pure `tag:` queries that must stay on the legacy search path

April 12, 2026

Update SupaWave repository references after GitHub rename

The app welcome wave and the repo’s operational tooling now point at the renamed SupaWave GitHub repository instead of the legacy incubator-wave slug.

✓Fixed

• Updated the in-app welcome wave repository link and label to point at the renamed `vega113/supawave` GitHub repository
• Updated PR-monitoring scripts, GitHub issue filters, and related operational docs to use the new repository slug so automation follows the renamed repo

April 12, 2026

Fix SupaWave Grafana log discovery

Grafana Alloy now tails only SupaWave's structured JSON log files and the host docs call out the correct selectors for finding those logs in Grafana.

✓Fixed

• Updated the SupaWave Alloy file tailer to target the structured `wave-json*.log` files so Loki discovery stays aligned with the JSON parser pipeline
• Documented the SupaWave Grafana selectors and troubleshooting steps needed to confirm Alloy is shipping the application logs correctly

April 12, 2026

Split-brain wavelet safety

Deploy overlap handling now shuts down replaced slots more defensively, stale wavelet persists fail fast without wedging the queue, and the corrupted-wave repair classifier keeps sibling wavelets independent.

✓Fixed

• Deploy rollback and cutover now fail closed if the replaced slot cannot be verified as stopped, instead of treating a failed `docker compose ps` check as success
• Stale wavelet persist failures now clear or reschedule queued persistence work so later callers do not hang behind an unexecuted retry task
• Corrupted-wave repair classification now buckets duplicate history by both wave id and wavelet id so one ambiguous sibling no longer blocks a safe repair on the same wave

April 12, 2026

Search panel unread reload fix

Search results now stop reviving stale unread counts for public/shared waves after a page reload when the stored user-data wavelet only has the legacy empty read-state.

✓Fixed

• Search digests now treat legacy empty public/shared user-data read-state the same as the original bootstrap case, so reopening the app no longer brings back stale unread badges
• The unread:true search path now uses the same legacy empty-UDW repair logic as digest generation, keeping unread filters aligned with the sidebar count

April 12, 2026

Cover search metadata paths for tags, mentions, and tasks

Added regression coverage to ensure tag, mention, and task searches continue to route through the expected metadata and legacy-query paths.

✓Fixed

• Added Lucene query-model and provider regression coverage so pure tag queries stay on the legacy metadata filter path
• Added end-to-end coverage for mention and task metadata search lookups so assigned and mentioned waves remain discoverable

April 12, 2026

Fix stale saved indicator during local edits

The topbar save state now treats locally uncommitted wave changes as unsaved instead of waiting only for server acknowledgements.

✓Fixed

• The topbar save state now treats locally uncommitted wave changes as unsaved instead of waiting only for server acknowledgements.

April 12, 2026

Robot RPC commit-failure responses

Robot RPC write calls now return JSON-RPC errors when the underlying delta fails to commit, instead of returning a success payload with a reply id that was never persisted.

✓Fixed

• The Jakarta robot RPC servlet now rewrites optimistic write responses into JSON-RPC errors when delta submission fails, so streaming bots do not receive phantom newBlipId values
• Added a regression test covering submitRequest failure handling for mutating robot RPC operations

April 12, 2026

OT search tag routing and fallback policy

Tag searches now stay on the OT/Lucene path when indexed search is enabled, and OT search no longer silently bootstraps or falls back to legacy HTTP polling unless an explicit fallback flag is enabled.

✓Fixed

• Tag queries now use Lucene candidate filtering in OT search mode instead of forcing the legacy tag-document path
• Added an `ot-search-fallback` feature flag, defaulting off, so production OT search surfaces failures immediately instead of silently switching to legacy HTTP bootstrap or polling

April 12, 2026

Keep mobile blips visible beneath wrapped edit toolbars

The wave conversation scroller now follows the real rendered toolbar height on mobile, so wrapped edit toolbars no longer cover the first blip while you edit.

✓Fixed

• When the mobile edit toolbar grows beyond a single row, the conversation pane now shifts down to keep the first blip fully visible
• Toolbar height changes from reflow and viewport resizing now resync the wave panel instead of leaving blip content hidden under the toolbar

April 12, 2026

Fix mobile new-blip edit loss after delayed composition teardown

New blips on mobile no longer lose typed text when the browser finishes composition without restoring a selection before the trailing DOM mutation arrives.

✓Fixed

• Allowed the trailing DOM mutation fallback to materialize browser-owned text when delayed composition end returns no editor selection
• Preserved the mobile new-blip flow where text previously appeared locally but disappeared after Done or reload

April 12, 2026

Show who reacted on desktop and mobile

Adds a Wave-native reaction-authors popup so people can inspect who reacted without relying on browser-default menus or tooltips.

✓Fixed

• Reaction chips now expose a custom authors popup for desktop secondary actions and keyboard inspection
• Mobile users can tap the reaction count to inspect who reacted without losing the quick reaction-toggle path

April 12, 2026

Remove Jakarta/Main Shadow Source Duplicates

Removed same-path Jakarta/main shadow classes and tightened the duplicate-source regression guard so formatting changes cannot bypass it.

✓Fixed

• Removed remaining duplicate Java source shadows between main and jakarta-overrides for the Jakarta migration closeout
• Hardened the duplicate-source regression test so exact exclude sets must still parse correctly even if build.sbt formatting changes

April 12, 2026

Move tag creation into the tag bar

Adding tags now happens inline in the existing tag bar so mobile no longer opens a cramped modal popup for tag entry.

✓Fixed

• The tag add button now opens a compact inline composer directly in the tags bar instead of a centered popup dialog
• Inline tag entry keeps comma-separated tag creation and keyboard shortcuts while fitting cleanly inside the mobile tags footer

April 12, 2026

Keep draft GWT dev output out of the production war tree

Updated the new dev GWT compile task to emit draft artifacts into a separate directory so production packaging continues to rely on full compileGwt output.

✓Fixed

• compileGwtDev now writes draft Safari-only GWT output into war-dev instead of war.
• Added a changelog fragment for the new dev-only GWT compile task behavior.

April 12, 2026

Silence unsupported CssResource constructs in GWT wave panel CSS

Removes unsupported `@media` and `calc()` usage from legacy GWT CssResource inputs and adds a regression test so compileGwt stops emitting parser warnings for the affected wave panel resources.

✓Fixed

• Removed unsupported CssResource syntax from the affected wave panel CSS resources.
• Added a regression test that fails if the blocked `@media` or `calc()` constructs return.

April 12, 2026

Fail Deploys Without Sanity Credentials

Deploy automation now fails closed when sanity-check credentials are missing so production rollouts cannot silently skip the post-deploy gate.

✓Fixed

• Require SANITY_ADDRESS and SANITY_PASSWORD before deploy runs continue so the deploy sanity gate cannot be bypassed by missing configuration
• Documented the deploy sanity credential requirement alongside the deploy workflow guard and regression test coverage

April 12, 2026

Suppress false deploy-failure alerts on cancelled runs

Deploy failure issue creation and notification now ignore cancelled runs without hiding real deploy or pre-deploy failures.

✓Fixed

• Deploy-failure alerts now skip cancelled runs while still firing for real deploy failures and early job failures.
• The deploy workflow no longer depends on checked-out helper code to decide whether failure alerts should run.

April 11, 2026

Close the reaction picker reliably after selection

Prevents duplicate add-reaction popups from lingering after a reaction is chosen and keeps repeated keyboard and click interactions stable.

✓Fixed

• The add-reaction picker now tracks a single active popup so repeated activation does not leave stale popups behind
• The picker moves focus into the emoji grid on open so keyboard selection continues in the active popup

April 11, 2026

Fix insecure random number generation in OperationQueue

Replaced java.util.Random with java.security.SecureRandom for the ID_GENERATOR field in OperationQueue.

✓Fixed

• Replaced java.util.Random with java.security.SecureRandom for generating temporary IDs in OperationQueue to fix a security vulnerability.

April 11, 2026

Fix MD5 vulnerability in Gravatar URL generation

Upgraded the hashing algorithm in HtmlRenderer from MD5 to SHA-256 for generating avatar URLs.

✓Fixed

• Upgraded Gravatar email hashing algorithm from MD5 to SHA-256 to resolve a security vulnerability.

April 11, 2026

Fix Android IME word-boundary corruption

Android/mobile editing no longer double-applies delayed post-composition DOM mutations that dropped leading letters and spaces while finishing a blip.

✓Fixed

• Stopped delayed Android IME composition end from falling through into the legacy DOM-mutation typing fallback in the same mutation event
• Preserved word-leading characters and inter-word spacing for the empty-blip editing path that could collapse `new blip` to `ewlip` on Android

April 10, 2026

Wave Reactions

Blips now support lightweight emoji reactions with inline counts and quick toggles.

✦New

• Added lightweight emoji reactions on wave blips with quick add, remove, and replace interactions
• Reaction counts now render inline on reacted blips without changing the message text itself

April 10, 2026

Wave Tasks: cleaner assignee labels

Task assignee labels now show the selected participant identifier without the extra owner prefix.

✓Fixed

• Task assignee pills now display just the selected participant label instead of prefixing it with "Owner"

April 10, 2026

Tag chips now filter search

Wave tags now use a mobile-friendlier chip layout where tapping the chip filters search and a separate inline affordance removes the tag.

✓Fixed

• Tapping a tag chip now applies a `tag:<name>` search filter instead of opening the remove-confirm popup
• Tag removal now uses its own explicit inline affordance, so the destructive action is no longer bound to the main chip tap target
• The old centered remove-confirm popup is no longer part of the tag-removal flow, which keeps the interaction compact and usable on mobile

April 10, 2026

Restore search freshness for newly shared waves and newly added tags

Fixes a search freshness regression where recent participant/tag mutations could be missed when a per-user search view rebuilt during the reload cooldown window.

✓Fixed

• Per-user search view rebuilds now force a full wave-map refresh after recent non-search wave mutations instead of incorrectly reusing the cooldown path
• Added regression coverage for participant visibility, content searchability, and tag searchability on the runtime memory-view search path
• Extended the Java E2E suite to verify Bob can find a newly shared wave by content term and that `tag:<newtag>` returns the wave after a fresh tag mutation

April 10, 2026

Robot Streaming Replies

Robots can now progressively stream reply text into a dedicated wave blip using the documented createChild plus document.modify pattern.

✦New

• Documented and example-backed support for progressive robot replies that create one reply blip and update it incrementally with document.modify
• Robot docs now direct clients to use the passive bundle's rpcServerUrl hint for follow-on reply writes instead of hardcoding a single RPC endpoint

April 10, 2026

Robots: Refresh Legacy Passive Capability RPC Hints

Passive robots with legacy stored capabilities now refresh before event delivery so rpcServerUrl matches the configured OAuth mode after restart.

✓Fixed

• Passive robots now refresh legacy capability snapshots that are missing rpcServerUrl before generating event bundles
• Two-legged passive robots restored from older persisted records now recover /robot/rpc instead of falling back to the Data API endpoint

April 10, 2026

Robots: Auth-Mode-Aware rpcServerUrl Advertisement

Passive robot event bundles now advertise the JSON-RPC endpoint that matches the robot's configured OAuth mode.

✓Fixed

• Passive robots using 2-legged OAuth now receive /robot/rpc in EventMessageBundle.rpcServerUrl
• Passive robots using 3-legged OAuth now receive /robot/dataapi/rpc in EventMessageBundle.rpcServerUrl

April 10, 2026

Registration UX Test Coverage

Adds servlet-level regression tests for the PRG-based post-registration UX flow.

✓Fixed

• Added test coverage for GET /auth/signin?registered=1 rendering the account-created success banner
• Added test coverage for GET /auth/register?check-email=1 rendering the check-your-inbox page

April 10, 2026

Registration Success Guidance

Registration now guides you into sign-in or email activation with clearer next steps instead of leaving you on the signup form.

✓Fixed

• Successful direct registrations now send you to sign-in with a clear account-created state
• Email-confirmation registrations now open a dedicated check-your-inbox page with the activation steps
• Trying to sign in before activation now shows an action-required state instead of looking like bad credentials

April 10, 2026

Fix Android mobile text corruption while editing

Android/mobile IME edits no longer corrupt persisted text by dropping leading characters and spaces during composition-driven editing.

✓Fixed

• Android/mobile IME edits no longer corrupt persisted text by dropping leading characters and spaces during composition-driven editing.

April 10, 2026

Mobile search panel stays hidden while editing

Android/mobile blip edit sessions now preserve horizontal focus scroll state so the search panel does not slide over the typing area.

✓Fixed

• Preserved both vertical and horizontal ancestor scroll positions when the mobile editor focuses
• Prevented the off-canvas search panel from being revealed over the active blip editor during Android/mobile edit startup

April 10, 2026

Mobile edit persistence follow-up

Android/mobile edit sessions now restore a valid caret when opening a blip editor, preventing typed text from appearing only locally and disappearing after reload.

✓Fixed

• Restored mobile editor focus initialization so edit sessions start with a valid caret instead of a DOM-only typing surface
• Fixed both existing-blip edits and brand-new reply blips losing typed text after reload because no document ops were generated

April 10, 2026

Mobile attachment picker reliably handles gallery and file selections

The mobile attachment popup now avoids stale hidden-file-input state and duplicate chooser launches so camera, gallery, and general file selections reach the upload flow more reliably.

✓Fixed

• Reset the hidden attachment input before and after each mobile picker session so gallery and file selections are not dropped when the chooser reuses prior single-file state
• Prevent the nested Select Files button from triggering the native file picker twice, preserving the working camera path while improving photos, videos, and general file selection behavior

April 10, 2026

Unify the pin icon across search and wave toolbars

Uses the same pin glyph in the wave action toolbar that already appears in the search toolbar so the two compact toolbars read consistently.

✓Fixed

• The wave toolbar pin action now uses the same thumbtack-style icon as the search toolbar while keeping the existing compact toolbar sizing and alignment

April 10, 2026

Polish reaction chip alignment

Keeps the add-reaction affordance anchored and aligns reaction emoji/counts more cleanly within the existing Wave pill styling.

✓Fixed

• Reaction rows now keep the add-reaction control anchored at the leading edge instead of shifting when reactions are toggled
• Reaction chips now render explicit emoji and count spans so the pill content aligns more cleanly on a shared visual baseline

April 10, 2026

Mobile attachment upload resilience fixes

Mobile image uploads are now more tolerant of browser-specific file-picker and clipboard behavior, reducing silent failures when selecting or pasting images into a wave.

✓Fixed

• Attachment selection now recovers from mobile browsers that return from the file chooser without delivering the hidden input's normal change event
• Image paste upload now falls back to clipboard files when browsers do not populate clipboardData.items for pasted images

April 10, 2026

Polish mention previous/next toolbar icons

The wave-toolbar mention navigation buttons now use clearer directional arrows while keeping the existing mention control behavior and toolbar styling.

✓Fixed

• Prev @ and Next @ buttons in the wave toolbar now show clearer left/right direction cues
• Mention navigation behavior is unchanged; only the toolbar icon treatment was polished

April 10, 2026

Use a clearer add-reaction icon

Replaces the generic plus reaction affordance with a reaction-specific icon that reads more clearly in the wave UI.

✓Fixed

• The add-reaction control now uses a compact reaction icon instead of a bare plus
• The reaction add button keeps the existing chip styling while reading more clearly as a reaction action

April 10, 2026

Fix split active background on wave toolbar buttons

Keeps clicked and toggled wave-toolbar buttons on one coherent active surface instead of layering two mismatched background treatments.

✓Fixed

• Wave-toolbar buttons like Pin now render a single coherent active background when toggled on
• The compact toolbar active-state polish stays scoped to the clicked/toggled wave-toolbar button treatment

April 10, 2026

Restore the search toolbar chrome and remove temporary overflow affordance

Restores the intended toolbar-strip treatment for search and wave action rows, keeps refresh in the search toolbar, and removes the visible search-toolbar overflow button.

✓Fixed

• Search and wave toolbars render with the intended contained toolbar chrome again
• The search toolbar keeps its refresh action while dropping the temporary ... overflow control

April 10, 2026

Fix Grafana Alloy timestamp parsing for Wave JSON logs

Switched the Alloy timestamp format from millisecond to RFC3339Nano so microsecond-precision timestamps emitted by Wave JSON logs are parsed correctly and logs appear in Grafana.

✓Fixed

• Changed Grafana Alloy timestamp format from `2006-01-02T15:04:05.000Z07:00` (millisecond) to `RFC3339Nano` to match the microsecond-precision timestamps emitted by logstash-logback-encoder
• Added deploy-time diagnostics: script now prints WAVE_LOG_PATH, WAVE_TIMESTAMP_FORMAT, matched log files, and writes a syslog audit line when Loki shipping is configured
• Added structured JSON log output path logging at Wave server startup for operator visibility
• Added regression tests: Python unittest for Alloy config timestamp contract and Jakarta test for startup log diagnostic

April 10, 2026

Browser verification runbook wording follow-up

Clarifies the browser-verification runbook language around smoke checks, browser passes, and evidence capture.

✓Fixed

• Clarified that smoke checks prove the server boots, health responds, and the compiled web client asset is present
• Clarified that the browser pass is only for the narrow auth, routing, or UI behavior that curl cannot prove

April 10, 2026

Standardized Browser Verification Runbooks

Adds a browser-verification runbook and change-type matrix so agent lanes know when curl/smoke is enough and when a real browser pass is required, without introducing a new browser framework.

✦New

• Add docs/runbooks/browser-verification.md: defines the default UI-affecting verification path built on the existing wave-smoke-ui.sh and worktree-boot.sh + wave-smoke.sh baseline
• Add docs/runbooks/change-type-verification-matrix.md: decision matrix covering server-only, servlet/auth, GWT client/UI, packaging, and deployment-only change types
• Update docs/runbooks/worktree-lane-lifecycle.md: step 7 cross-links to the new browser-verification and change-type matrix runbooks
• Update docs/SMOKE_TESTS.md: adds browser-verification baseline section pointing to the new runbooks
• Update docs/runbooks/README.md: indexes the two new runbooks under Local Development

April 9, 2026

Welcome wave polish

The welcome wave now has clearer navigation guidance, stronger bot coaching for gpt-ts-bot@supawave.ai, public-wave discovery via the @ icon in the left search panel, and direct internal wave links across the onboarding/public support waves.

✦New

• Added gpt-ts-bot@supawave.ai guidance with concrete usage instructions in the welcome wave
• Explained public-wave discovery via the @ icon in the left search panel
• Added direct wave:// links to all six onboarding/public support waves

April 9, 2026

Welcome wave: real onboarding wave titles in navigation

The wave-to-wave navigation block in the welcome wave now uses the actual onboarding wave titles instead of generic 'Wave 0'–'Wave 5' placeholders.

✓Fixed

• Navigation links in the welcome wave now show real titles: 'SupaWave Community — Questions, Feedback & Support', 'Welcome to SupaWave', 'Search Like a Pro', 'Collaboration Features', 'Making Waves Public', and 'Tips, Shortcuts, and Hidden Features'

April 9, 2026

Denser User Menu Layout

The account dropdown now uses tighter spacing and clearer grouped sections so common actions are easier to scan.

✦New

• Reduced excess vertical whitespace between user-menu actions while preserving the existing SupaWave topbar styling
• Added a clearer signed-in header and tighter section grouping for account, API, support, legal, and sign-out actions

April 9, 2026

Toolbar SVG Icon Polish and Hover Effects

Replaces toolbar PNG sprites with refined SVG icons and adds smooth hover and press visual feedback.

✓Fixed

• Replaced edit toolbar PNG sprites with polished SVG icons using lighter 18px strokes
• Added smooth hover color transition and press scale effect on toolbar icon buttons
• Scoped icon hover effects to enabled buttons only to avoid misleading disabled state feedback
• Converted toolbar button layout to flex-based for improved vertical centering and touch sizing

April 9, 2026

Increase toolbar icon canvas size for tighter vertical fit

Bumps the shared toolbar icon display size from 17px to 20px so search and wave toolbar icons fill more of the existing 36px action buttons without changing toolbar heights or panel offsets.

✓Fixed

• Search and wave toolbar icons render at 20px inside the existing action buttons, reducing visible vertical dead space without changing toolbar layout

April 9, 2026

Polish toolbar action canvas containment

Search and wave toolbar icons now sit inside a clearer solid action canvas instead of reading against the faded edge of the bar.

✓Fixed

• Search and wave toolbar action icons now render inside a subtle inset canvas that keeps them visually contained within the toolbar strip

April 9, 2026

Tasks button shows all assigned tasks by default

The Tasks toolbar button now opens `tasks:me` instead of `tasks:me unread:true`, showing all assigned tasks rather than only unread ones.

✓Fixed

• Tasks toolbar button click now sets the search query to `tasks:me`, displaying all tasks assigned to the current user
• Unread badge polling continues to use `tasks:me unread:true` so badge counts remain accurate

April 9, 2026

Strikethrough Styling for Completed Task Lines

Completed wave tasks now render with strikethrough text and a dimmed color, providing clear visual feedback on task status. Styling is applied on toggle and on document load, and cleaned up correctly when a task checkbox is removed.

✓Fixed

• Apply text-decoration: line-through and color: #767676 to the enclosing paragraph when a task checkbox is checked
• Remove styling when the checkbox is unchecked (guarded against multiple task checkboxes per paragraph)
• Clean up stale task-completed class via onDeactivated when a checked task checkbox is deleted
• Only affects task checkboxes (name prefixed with task:); generic form checkboxes are unaffected

April 9, 2026

Enable task-search feature flag by default

The task-search feature flag now defaults to enabled so fresh deployments show tasks search help and toolbar without a manual MongoDB record.

✓Fixed

• Changed task-search default in KnownFeatureFlags from false to true — prevents silent hide of tasks:all search help and Tasks toolbar button on new deployments or DB resets

April 9, 2026

Clarify task search semantics and help examples

Search now supports `tasks:all` for any visible task wave, and the search help panel explains the supported task-query forms more clearly.

✓Fixed

• Added `tasks:all` to find waves you can access that contain any task, alongside the existing `tasks:me` and user-targeted task queries
• Updated search help with clickable task-query examples for `tasks:all`, `tasks:me`, `tasks:user@domain`, local-domain shorthand such as `tasks:alice`, and `tasks:all unread:true`

April 9, 2026

Wave Tasks: assignee picker, due dates, and clearer ownership

Tasks in the wave editor now open a metadata popup for assignee and due date, and the task row shows explicit owner and due-date pills so ownership is easier to understand at a glance.

✦New

• Insert Task now opens an in-wave task details popup where you can assign the task to any current wave participant and set or clear a due date
• Task rows now render explicit owner and due-date pills beside the checkbox, using utility styling that stays visually distinct from @mentions
• Clicking the task metadata pills reopens the same popup so assignee and due date can be edited after the task is created

April 9, 2026

Fix vertical centering of toolbar icons

Switches toolbar button layout from float/margin centering to flexbox and adds a universal CSS rule to suppress the inline SVG baseline gap.

✓Fixed

• Replace float/margin-top centering in HorizontalToolbarButtonWidget with inline-flex + align-items:center for robust vertical alignment
• Add .visualElement svg { display: block } CSS rule to eliminate the inline baseline/descender gap for all toolbar SVG icons universally

April 9, 2026

Paste-to-Upload Images in Wave Editor

Adds clipboard image paste support to the wave editor: Ctrl+V/Cmd+V with an image on the clipboard automatically uploads and inserts the image inline at the cursor position.

✦New

• Paste an image from clipboard directly into the wave editor via Ctrl+V/Cmd+V
• Spinner toast appears during upload; image renders inline at paste cursor on success
• Error toast shown if upload fails or times out after 60 seconds
• Text paste behaviour is unaffected — falls through normally when no image is present

April 9, 2026

Multi-File Upload with Thumbnail Previews and Captions

Redesigns the attachment upload dialog with multi-file selection, per-file thumbnail previews, inline captions, real XHR progress bars, image compression, and drag-and-drop support.

✦New

• Select and upload multiple files at once via the attachment popup
• Thumbnail previews for images; file-type icon badges for non-image files
• Per-file caption input inserted into the wave alongside each attachment
• Real XHR upload progress bars with wave-shimmer animation per card
• Optional image compression with configurable display size (S/M/L) before upload
• Drag-and-drop files onto the drop zone to populate the selection
• Remove individual files from the pending batch before uploading
• Graceful error handling: failed uploads stay visible; queue continues to the next file

April 9, 2026

Mobile edit persistence fix

Android/mobile blip edits now commit pending IME text before the editor closes, preventing text that looked saved locally from disappearing after reload.

✓Fixed

• Committed pending IME composition text before mobile edit sessions detach the editor
• Added webdriver hooks for editor pending-input inspection while debugging the mobile edit-loss path

April 9, 2026

Fix attachment metadata lookups for plus-sign ids

URL-encodes attachment ids before the Wave client requests `/attachmentsInfo`, so image and file metadata still load when ids contain `+`.

✓Fixed

• Attachment thumbnails and image metadata now load correctly when the stored attachment id contains a plus sign

April 9, 2026

Polish toolbar icon scale and containment

Reduces the shared toolbar SVG display size so search and wave toolbars feel better centered inside the existing compact bars.

✓Fixed

• Search and wave toolbar icons render with slightly lighter visual density while keeping the same compact toolbar height

April 9, 2026

Fix toolbar clipping and compact spacing

Fixes the remaining 24px legacy toolbar height assumptions, tightens compact icon-button spacing, and aligns the search toolbar SVG contract with the wave/edit toolbars.

✓Fixed

• Search, wave, and edit toolbar icons now render fully without vertical clipping, including wrapped edit-toolbar rows on narrow widths
• Compact toolbar buttons use denser spacing and the search toolbar now shares the polished 18px SVG wrapper/sizing contract

April 8, 2026

Standardized Worktree Lane Boot Lifecycle

Adds a worktree boot helper script and runbook so agent lanes can reliably start, verify, and shut down isolated development environments without tribal knowledge.

✦New

• Add scripts/worktree-boot.sh: stages the app, detects port conflicts, writes a port-specific runtime config, and initializes the local-verification journal entry
• Add docs/runbooks/worktree-lane-lifecycle.md: single runbook covering worktree creation through shutdown
• Update scripts/wave-smoke.sh to honor PORT from the environment with numeric validation
• Document the journal/local-verification/ evidence contract in AGENTS.md and the agent orchestration plan

April 8, 2026

Welcome wave onboarding refresh

New accounts now receive a richer SupaWave welcome wave with guided product onboarding, inline advanced details, and a clearer path for AI-oriented collaboration.

✦New

• Replaced the minimal welcome wave with a field-guide style onboarding wave that explains what Wave is, why it is different, and how to start using it
• Added inline detail blips for history, Firefly naming, robot/API orientation, and active modernization topics so advanced context stays available without overwhelming the main path
• Welcome-wave creation now happens when an account becomes usable: immediately when email confirmation is disabled, or after successful email confirmation when it is enabled

April 8, 2026

Wave Tasks: assignable inline tasks with due dates and task search

Introduces inline tasks within wave documents — assignable to participants, searchable via `tasks:me`, and tracked with a badge in the search panel.

✦New

• Inline task creation via Insert Task toolbar button — inserts a checkbox element with task annotations (id, assignee, due date, reminders)
• Task search via `tasks:me` and `tasks:user@domain` tokens in both legacy and Lucene9 search paths
• Search panel toolbar badge showing count of open tasks assigned to the current user
• Per-wave task count badge in the search digest list
• Reminder offsets stored in document model (`task/reminders` annotation) for future in-app surfacing
• Server and public HTML renderers emit disabled checkboxes for task elements

April 8, 2026

Fix Stale Search Results and Unread Filter

Empty search queries now clear the wave list, and the unread:true filter correctly excludes read waves.

✓Fixed

• Fixed wave list not clearing when search returns zero results — header showed '0-0 of 0' but previous results remained visible
• Fixed unread:true filter returning read waves due to readState-based path iterating orphaned blip documents; now uses supplement-based counting consistent with digest generation

April 8, 2026

Render Medium And Large Attachments As Inline Images

Image attachments now use true inline rendering for medium and large display modes instead of just enlarging thumbnail cards.

✦New

• Medium and large image attachments now render from the original attachment image for a more Telegram-like inline photo experience
• Image attachments keep their attachment-backed document model while preserving thumbnail mode for compact displays
• New image uploads now default to medium display size instead of small thumbnails

April 8, 2026

Support Attachment-Backed Inline Images In The Robot API

Robots can now author attachment-backed inline images with optional display sizing through the Java/Data API surface.

✦New

• Java robots can insert attachment-backed inline images with Image(attachmentId, caption) and optional display-size values of small, medium, or large
• document.modify now accepts non-form elements for inline image insertion instead of rejecting IMAGE elements server-side
• The published API docs now describe the importAttachment plus document.modify flow for attachment-backed inline images

April 8, 2026

Fix Inline Attachment Display Regressions

Follow-up fixes to PR #738 addressing source-selection regressions, thumbnail flicker, and premature attachment URL loads.

✓Fixed

• Legacy style="full" attachments now correctly use attachment source even when content metadata is temporarily unavailable (fullMode check precedes contentImage guard)
• Thumbnail size callbacks no longer trigger redundant URL reloads when the attachment source is already active
• Attachment size callbacks only trigger image loads when the attachment is the active source, reducing premature requests before the malware guard runs

April 8, 2026

Fix Profile Bio Newlines

Multi-line bios now display correctly in profile cards and the profile edit form.

✓Fixed

• Fixed newlines entered in bio being stored as literal \n sequences due to a broken JSON escape parser
• Legacy bios with literal \n sequences are migrated to real newlines on read when safe to do so

April 8, 2026

Fix Image Attachment Ellipse Shape

Image attachments were rendered with an oval/ellipse appearance due to an overly large border-radius on the thumbnail container. Reduced container border-radius to 6px and removed separate image border-radius so the container's overflow:hidden cleanly clips corners to a proper rectangle.

✓Fixed

• Image attachment thumbnails now display as rectangles with subtle 6px rounded corners instead of oval/ellipse shapes
• Removed asymmetric border-radius (8px top only) from the image element; container overflow:hidden now handles corner clipping consistently

April 8, 2026

Contact Form Accessible to Unauthenticated Users

The /contact page is now publicly accessible — anonymous visitors can view and submit the contact form without signing in.

✓Fixed

• Removed auth redirect from ContactServlet.doGet so unauthenticated users receive the contact form instead of being sent to sign-in
• Anonymous POST submissions are now accepted; email is read from the request body and validated for format
• Added IP-based rate limiting (max 3 submissions per IP per hour) to prevent abuse
• Added honeypot field to silently discard bot submissions
• Sanitized all input fields: control characters stripped (including \r for SMTP header injection prevention) and field lengths capped
• Updated HTML form: email field is editable and required for anonymous users, pre-filled and read-only for authenticated users; file attachment zone removed

April 8, 2026

Fix Robot Blip Newline Rendering

Newlines in robot-authored blip content are now converted to <line/> elements so they render correctly in the wave editor.

✓Fixed

• Robot blip content containing literal \n characters is now split into proper <line/> elements on insert
• Fixes #725: robot-generated multi-line blips were displayed as a single collapsed line

April 8, 2026

Admin Contact Notification Badge

Admin and owner users now see an envelope icon in the top bar with a real-time badge showing unread contact message counts.

✦New

• Envelope icon appears in the top bar for admin and owner roles, between the wifi icon and user avatar
• Red badge with unread contact message count, updated every 30 seconds via polling
• Pulsating red glow animation when there are unread messages
• Clicking the icon navigates to /admin#contacts and auto-activates the Contact Messages tab
• Admin page supports hash-based deep-linking for contacts, users, and other tabs

April 7, 2026

Server-side sweeper clears stale editor annotations from crashed sessions

A new background StaleAnnotationSweeper service runs every 10 minutes and submits cleanup deltas to close any user/d/ or user/e/ editor-session annotations older than 30 minutes, preventing crashed-session stale annotations from blocking bots indefinitely.

✓Fixed

• New StaleAnnotationSweeper service sweeps all wavelets every 10 minutes and closes stale open editor-session annotations (user/d/ and user/e/) older than 30 minutes
• GptBotRobot isBlipBeingEdited() now treats sessions with startTimeMs older than 30 minutes as stale so the GPT bot no longer skips blips with lingering crashed-session annotations
• EventGenerator allEditingSessionsClosed() uses the same 30-minute TTL so BLIP_EDITING_DONE fires correctly even when stale sessions remain on a blip
• Cleanup deltas are attributed to the first current participant rather than the annotation-derived user ID, closing a potential identity-spoofing vector

April 7, 2026

Clickable Examples in Search Help Panel

All search examples in the help panel are now clickable and execute the search immediately.

✦New

• Concrete filter rows (in:inbox, in:archive, in:all, in:pinned, with:@, unread:true, mentions:me) are now clickable spans that execute the search when clicked
• Abstract filter rows (with:user@domain, creator:user@domain, tag:name, title:text, content:text) now show a clickable 'try:' example in the description column
• All sort-option rows (orderby:datedesc, orderby:dateasc, etc.) are now clickable
• Combination examples (in:inbox tag:important, mentions:me unread:true, and more) are shown as a clickable grid in the Combinations section
• Removed the separate 'Examples — click to search' section; all examples are now integrated into the reference tables

April 7, 2026

Review Gate Quiet Window Extended to 10 Minutes

Increased the Codex review gate quiet window from 5 minutes to 10 minutes to prevent post-merge review bot comments from being missed.

✓Fixed

• Extended REVIEW_WINDOW_MS from 5 minutes to 10 minutes in the codex review gate script to ensure review bot comments arriving shortly after merge are captured
• Updated all user-facing messages, test constants, and workflow comments to reflect the new 10-minute window

April 7, 2026

PR Monitor Path-Based PR Number Detection

PR monitor now extracts PR numbers from worktree paths when pane titles lack a PR# marker, preventing unbounded accumulation of stale panes.

✓Fixed

• Detect PR numbers from pane worktree paths (pr-NNN-lane) as fallback when title has no PR# marker — panes with generic 'Claude Code' titles are now correctly identified and cleaned up
• Re-read pane list inside the PART 2 loop each iteration to prevent duplicate lane creation when launch_interactive_agent sleeps during startup

April 7, 2026

Pinned Waves Sort to Top in Inbox

Pinned waves are promoted to the top of the inbox and displayed with a pin icon. Explicit sort orders (orderby:) are respected and suppress pin promotion.

✦New

• Pinned waves appear at the top of in:inbox results (no orderby), sorted date-desc within each group
• Pin icon shown next to pinned waves in all search result views
• Explicit orderby: modifier disables pin promotion to respect user-chosen sort order

April 7, 2026

New Messages Pill Indicator

A floating pill appears when new messages arrive below the viewport, letting you jump to unread content with one click.

✦New

• Added floating 'N new messages' pill when scrolled up in a conversation
• Clicking the pill scrolls to the new content and dismisses it
• Pill auto-dismisses when scrolling near the bottom
• Feature-flagged via 'new-blip-indicator' server flag (off by default)

April 7, 2026

Mention UX Overhaul

Redesigned mention indicators with a red dot badge, per-wave unread counts, and in-wave navigation to the first @mention blip.

✓Fixed

• Red dot badge on the @ toolbar icon now shows accurate unread mention count using deduplicated wave IDs
• Per-wave @N badges in mention-search results correctly survive polling updates without disappearing
• Prev @/Next @ toolbar buttons now navigate directly to the first mention blip within a wave
• Legacy toolbar callers without a signed-in user no longer render non-functional Prev @/Next @ buttons
• Mention focus falls back to root blip when no blip is focused on initial wave load

April 7, 2026

Unread Mentions Badge

See at a glance how many waves have unread @mentions of you, and jump to the next one with a single click.

✦New

• Added unread mentions badge on the @ toolbar icon showing count of mentioned waves with unread messages
• Added floating @N navigation button to cycle through waves with unread mentions
• New feature flag: mention-unread-badge (requires mentions-search to also be enabled)

April 7, 2026

Mention Tracker Robustness

Fixes a loop where multi-page mention scans on slow connections were perpetually cancelled before completing.

✓Fixed

• Stale-request watchdog now resets per page fetch so slow-but-progressing multi-page scans are not incorrectly cancelled
• Watchdog timer now uses the injected TimerService for consistency and testability
• Duplicate wave IDs across paginated results are now deduplicated before updating the badge count

April 7, 2026

Fix Profile Image URL Construction

Profile avatars now display correctly for users who have uploaded a custom profile photo.

✓Fixed

• Fixed 431 error caused by base64 image data being used as a URL path segment in profile avatar requests
• InitialsProfilesFetcher and GravatarProfilesFetcher now correctly use the user address as the proxy URL key instead of the raw base64 attachment ID

April 7, 2026

Feature Flag Override Precedence Fix

User-specific feature flag overrides now take precedence over global enabled state, ensuring admins can disable features for individual users even when globally enabled.

✓Fixed

• Feature flag user overrides now take precedence over global enabled state — a user-specific disabled override correctly disables the flag even when globally enabled
• Fixed thread-safety issue in getEnabledFlagNames() that could mix cache generations during concurrent refresh

April 7, 2026

Fix Editor Cursor Corruption During Typing

Fixed an intermittent bug where characters could be inserted at incorrect positions mid-word during typing in the blip editor.

✓Fixed

• Fixed cursor corruption in the OT editor caused by AnnotationPainter's async transparentSlice DOM mutations displacing the browser caret without saving/restoring the selection
• transparentSlice in ContentDocument.FullContent now wraps DOM mutations with selectionMaintainer.saveSelection/restoreSelection, consistent with all other transparent DOM operations

April 7, 2026

CI: Unit Tests in PR Build Pipeline

Unit tests now run automatically on every pull request, catching regressions before merge.

✦New

• Added sbt unit test execution to the GitHub Actions PR build pipeline
• Test/update step retries up to 3 times to avoid transient dependency resolution failures

April 6, 2026

Smarter Upgrade Banner Messages

The upgrade popup now shows context-appropriate messages instead of a generic 'new version' notice for minor deploys.

✓Fixed

• Minor deploys (no changelog fragment) now show 'A minor update has been applied.' instead of the misleading generic update message
• Partial changelog deploys now show the first release title with 'and other updates.' for better clarity

April 6, 2026

Fix Premature Unread Badge Clear on Wave Open

Unread counts in the search panel no longer disappear when opening a wave that has unread blips from bots or other participants.

✓Fixed

• Opening a wave no longer immediately zeroes the unread badge in the search panel; the badge now reflects actual read state as reported by the supplement

April 6, 2026

Fix Android mobile reconnect after server deploy

Android Chrome users no longer see the connection indicator flip from green to yellow when they start writing after a server deploy.

✓Fixed

• Android: stale WebSocket onclose from old socket no longer triggers false reconnect after successful reconnection

April 6, 2026

Fix mention-subscription test for non-participants

Fixes a failing unit test that verified mention subscriptions are triggered for non-participant users at waveletCommitted.

✓Fixed

• Fixed Mockito stub overload mismatch in SearchWaveletUpdaterTest: DocOpCursor extends DocInitializationCursor, so any() resolved to the wrong apply() overload, preventing the test from verifying mention subscription dispatch to non-participants

April 6, 2026

Fix Lucene real-time indexer: consumer thread diagnostics and field regression tests

Adds consumer thread health logging (startup, per-enqueue at FINE, heartbeat every 100 updates) to diagnose silent index-stall after startup. Adds 7 regression tests validating that tag and mention fields are stored and queryable via in-memory Lucene round-trips.

✓Fixed

• Lucene index consumer thread now logs startup and a heartbeat every 100 processed updates
• waveletCommitted() logs each enqueue at FINE level for per-wave visibility when needed
• Added regression tests: tag fields stored in index, mention fields stored, empty mentions skipped, tag TermQuery round-trip, tag mismatch, mention TermQuery round-trip, re-index updates tag correctly

April 6, 2026

GPT Bot Smart Reply Improvements

Four improvements to the gpt-bot: editing guard, root-thread replies, per-wave conversation memory, and web search.

✦New

• Bot now waits for editing to finish (user/d annotation cleared) before responding to DOCUMENT_CHANGED events
• Bot replies are appended to the root thread instead of as inline child blips
• Per-wave conversation history with token-based pruning (len/4 estimate, drops oldest turns when >80 000 tokens)
• Web search tool via OpenAI function calling backed by DuckDuckGo instant answers

✓Fixed

• Sibling follow-up heuristic restricted to non-root threads to prevent over-triggering after root-thread replies
• Conversation history reads are now properly synchronized against concurrent pruning

April 6, 2026

Fix gpt-bot @mention handling and reply-thread continuations

The gpt-bot now reliably responds to @mentions and to follow-up messages sent in its reply threads without requiring a re-typed @mention. Three root causes were addressed: missing DOCUMENT_CHANGED capability causing the server to stop dispatching events, a missing PARENT context causing the parent-blip lookup to fail in production, and an empty-blip guard to prevent premature replies when new thread blips are created.

✓Fixed

• Declare DOCUMENT_CHANGED capability in the bot XML so the server delivers @mention events after a capability refresh
• Changed capability context from SELF,SIBLINGS to SELF,SIBLINGS,PARENT so parent blips are included in event bundles
• Bot now replies to follow-up messages in its reply threads without requiring a re-typed @mention
• Guard against empty WAVELET_BLIP_CREATED events triggering premature bot replies before the user has typed

April 6, 2026

GPT Bot Editing Guard Fix

The GPT bot now correctly detects when a user has finished editing, so it replies after editing ends instead of being permanently silenced.

✓Fixed

• Fixed GPT bot editing guard: bot was checking annotation existence instead of value, causing it to never reply to @mentions

April 6, 2026

gpt-bot: reply to bot-thread continuations and default to OpenAI engine

The gpt-bot now responds to all messages in threads where it has previously replied, not just explicit @mentions. Inline-reply siblings are also covered via a thread-scan. The startup default engine is changed from echo to openai (with graceful fallback to echo when OPENAI_API_KEY is absent), and the contributor check now uses anyMatch instead of only the last contributor.

✓Fixed

• Bot now responds to follow-up replies in threads it participated in even when @mention is absent
• Added isBotThreadReply helper that uses anyMatch across all contributors (not just last) for correctness
• Inline-reply thread siblings are scanned so inline continuations inside a bot blip also trigger replies
• gptbot-start.sh default engine changed from echo to openai; falls back to echo with a warning when OPENAI_API_KEY is not set

April 6, 2026

Fix mentions:me search returning all waves

The mentions:me search query was returning all waves instead of only waves where the user was mentioned. The Lucene9 search provider was stripping the mentions: token from the legacy query, bypassing filterByMentions in SimpleSearchProviderImpl. The Lucene MENTIONED field is also unreliable for waves indexed before the mentions feature was deployed. Fix routes mentions: filters back through the legacy annotation-based filterByMentions path, which reads directly from wave data and is always authoritative.

✓Fixed

• mentions:me search now correctly returns only waves where the current user has a mention annotation, instead of returning all accessible waves

April 6, 2026

Echo Bot Separation and Smarter Echo Timing

The echo bot is now a separate robot registration (echo-bot@supawave.ai) and replies only once when you finish editing a message, not on every keystroke.

✦New

• Introduced echo-bot@supawave.ai as a dedicated echo robot on port 8088
• Added GPTBOT_SUBMITTED_ONLY flag: when true, the bot skips DOCUMENT_CHANGED events and only replies after blip editing is complete (BLIP_SUBMITTED)
• Added echobot-start.sh and echobot-stop.sh startup scripts

✓Fixed

• Fixed mktemp race in gptbot-start.sh by using a proper XXXXXXXX suffix pattern
• Added named Cloudflare tunnel support via CLOUDFLARE_TUNNEL_NAME for persistent bot URLs

April 6, 2026

Fix Echo-Bot Not Responding to Messages

Echo-bot now processes DOCUMENT_CHANGED events regardless of the submittedOnly setting, restoring replies after BLIP_SUBMITTED was phased out.

✓Fixed

• GptBotRobot now handles DOCUMENT_CHANGED events when submittedOnly=true — BLIP_SUBMITTED is phased out in modern Wave, so DOCUMENT_CHANGED is the authoritative blip-committed signal

April 6, 2026

Bot Profile Popup

Show a bot profile popup when clicking a bot avatar in a wave.

✦New

• Clicking a bot's avatar or participant icon now opens a profile popup showing the bot's name, address, description, owner, and registration date. Bots display a robot icon avatar and have no Edit Profile or Send Message buttons.

April 6, 2026

New BLIP_EDITING_DONE robot event replaces removed BLIP_SUBMITTED

Robots can now subscribe to BLIP_EDITING_DONE — a synthetic event fired when all editing sessions on a blip are complete. BLIP_SUBMITTED has been removed entirely (it was never generated by the server). GptBotRobot updated to use BLIP_EDITING_DONE as its primary trigger.

✦New

• New BLIP_EDITING_DONE event type synthesized by EventGenerator when all user/d/ annotations have end timestamps
• GptBotRobot now subscribes to BLIP_EDITING_DONE for reliable editing-completion detection
• Removed BLIP_SUBMITTED event type, BlipSubmittedEvent class, and onBlipSubmitted handler — the event was never generated by the server

April 5, 2026

Fit saved-searches popups on mobile

Saved-searches editor dialogs now clamp to the viewport and let their controls wrap on narrow screens, avoiding horizontal overflow on mobile.

✓Fixed

• Popup dialogs now shrink to fit smaller viewports instead of overflowing the screen
• Saved-search toolbar and row layouts now wrap before they break the mobile layout

April 5, 2026

RTL language support with auto-detection and toolbar toggle

Paragraphs now use dir="auto" for browser-native RTL auto-detection (Hebrew, Arabic). Added RTL/LTR toolbar buttons for manual override. Clicking an active direction button returns the paragraph to auto mode.

✦New

• Paragraphs with no explicit direction render with dir="auto" — the browser detects RTL from the first strong bidi character (same algorithm as Gmail)
• RTL and LTR toggle buttons in the editor toolbar let users force a paragraph direction
• Clicking an active direction button returns the paragraph to auto-detect mode
• CSS uses text-align:start so RTL paragraphs naturally align right without an explicit alignment override
• Explicit LTR stored as d="l"; explicit RTL as d="r"; auto state has no d attribute

✓Fixed

• Toggling direction off now clears any alignment that was implicitly set by the direction toggle
• Indentation uses margin-inline-start for bidi-correct indent on both auto-detected and explicit RTL paragraphs

April 5, 2026

Refine robot form element updates

Robot form element updates now preserve the existing wire format, and the form-value event docs reflect the supported value-backed element types.

✓Fixed

• UPDATE_ELEMENT now rewrites form elements through their XML serializer instead of setting invalid attributes
• Checkbox updates keep the existing default value unless it is explicitly changed
• FORM_VALUE_CHANGED is documented for value-attribute-backed form elements only

April 5, 2026

Reload after prolonged reconnect to resync the client

The client now performs a hard reload after a long disconnect so it can recover cleanly from deploys or server restarts.

✓Fixed

• Automatically reloads the page after a disconnect lasting longer than 5 seconds once the connection is restored
• Preserves short disconnects as normal network hiccups without forcing a reload

April 5, 2026

Save edits before prolonged reconnect reloads

Prolonged reconnects now end the active edit session before the client reloads, so the browser resyncs from a clean state without discarding draft changes.

✓Fixed

• Reloads after prolonged disconnects now always resync the client once the connection is restored
• Any active edit session is ended before the reload so draft changes are saved first

April 5, 2026

Add @mention support in the editor and search UI

Adds inline mention autocomplete and rendering, mention-aware search, and a backend capability gate so the search UI only advertises mentions where they are supported. The follow-up fix also rejects raw mentions queries on Solr so they fail closed instead of returning incorrect results.

✦New

• Typing @ in the editor opens a participant autocomplete popup and inserts highlighted mention annotations
• Search results can be filtered with mentions:me where the backend supports mention search
• The search help panel and Mentions toolbar button are hidden on Solr deployments that do not support mention search
• Raw mentions queries on Solr are rejected instead of producing incorrect results

April 5, 2026

Use DOCUMENT_CHANGED with editor-activity guard for passive robot replies

The gpt-bot example robot now uses DOCUMENT_CHANGED (since BLIP_SUBMITTED is not implemented server-side) with an editor-annotation guard to avoid per-keystroke replies. Also adds OpenAI Chat Completions engine and diagnostic logging to RobotsGateway.

✦New

• Added OpenAI Chat Completions engine for gpt-bot (set GPTBOT_CODEX_ENGINE=openai)
• Added diagnostic INFO logging to RobotsGateway passive dispatch path

✓Fixed

• Passive DOCUMENT_CHANGED replies now wait for editor annotations (user/d/, user/e/) to clear before responding
• Fixed null root wavelet crash in search panel snippet rendering (WaveBasedDigest)

April 5, 2026

Preserve admin-set feature flags across restarts

Startup seeding now leaves an existing ot-search flag untouched, so admin-set enabled or disabled state survives restarts. Fresh deploys still initialize ot-search from the deployment default.

✓Fixed

• Startup seeding only creates ot-search when the flag is missing from the database
• Fresh deployments continue to initialize ot-search from the configured default

April 5, 2026

Clean up blip panel: remove ID display, hide edit hint on mobile

Removes the debugging blip-ID label from blip headers and hides the keyboard-shortcut hint on mobile viewports where it is irrelevant.

✓Fixed

• Removed the monospace blip-ID span and click-to-copy handler from blip headers
• Edit-mode hint (Shift+Enter / Esc) is now hidden on viewports narrower than 768px

April 5, 2026

Add Lucene query stats to Operations

The admin Operations page now shows Lucene query counts and rolling average query time in a dedicated sub-tab, alongside the existing overview and OT Search metrics. The ops status API now emits locale-stable Lucene timing fields so the page keeps loading across JVM locales.

✦New

• Added a Lucene sub-tab to the Operations page for query stats and related search-index metrics
• Exposed Lucene query count and average query time from the ops status API
• Kept the admin UI's timing displays stable across JVM locales

April 4, 2026

Fix gpt-bot robot URL handling and add echo engine

Keeps custom robot base paths intact when passive robots fetch capabilities or post callbacks, and adds an echo completion engine for local gpt-bot runs.

✦New

• Added an echo completion engine for gpt-bot local testing without a Codex CLI process

✓Fixed

• Passive capabilities fetches now preserve custom robot base paths instead of stripping them to the origin
• Passive callback posts now only treat URLs as normalized when their path actually ends with /_wave/robot/jsonrpc

April 4, 2026

Add admin analytics tab

The admin dashboard now surfaces wave, blip, user activity, and public-wave engagement metrics in a new analytics tab with live view tracking.

✦New

• Added an Analytics tab to /admin with wave totals, blip totals, login/activity windows, private/public partitions, top public waves, and top active users
• Live public-wave page/API views are now tracked since process start so the admin analytics view can rank public waves by actual observed traffic

April 3, 2026

Stop blocking startup on eager search warmup

Search startup no longer pre-builds the owner wave view by default, so deploys and reloads reach the app shell faster while real search requests keep the existing lazy rebuild path.

✓Fixed

• Moved startup search warmup behind a new search.startup_wave_view_warmup config flag that defaults to false
• Added focused Jakarta coverage for disabled startup warmup, owner normalization, fallback wave-map warmup, and non-fatal warmup failures

April 3, 2026

Extract durable architecture references

Moves long-lived architecture guidance into dedicated docs and surfaces those references from the README documentation map.

✦New

• Added links in the README.md Documentation map section for the Jakarta dual-source rules, runtime entrypoints and wiring, and dev persistence topology references

April 2, 2026

Reduce OT search write amplification on hot public waves

OT search now keeps low-latency updates for low-fanout searches while batching hot public-wave updates back to a polling-equivalent cadence with new ops visibility.

✓Fixed

• Batch hot public OT search edits per wave
• Keep low-fanout OT search behavior unchanged
• Expose batching counters in admin ops status
• Speed up affected-subscription lookup with a direct user-to-subscriptions index
• Add focused coverage for hot-wave and boundary scenarios

April 2, 2026

Enable OT search locally

Seeds the ot-search feature flag from server config so local runtime state stays aligned with the OT-search gate.

✓Fixed

• OT search now follows search.ot_search_enabled in the persistent feature-flag store
• Fresh local stores no longer advertise ot-search as enabled unless the server config turns it on

April 2, 2026

Add the gpt-bot example robot

Adds a copyable Java gpt-bot example with Wave callback endpoints, mention-driven replies, and safer default runtime settings.

✦New

• Added a standalone gpt-bot example server with capabilities.xml, profile, and callback handling
• Local Codex invocation now powers mention-driven replies in the example robot
• README.md and docs/gpt-bot.md document local run, Cloudflare tunnel, and robot registration steps

✓Fixed

• Codex runs stay sandboxed by default unless GPTBOT_CODEX_UNSAFE_BYPASS=true is set
• Mention handling now deduplicates overlapping blip events and fetches SupaWave context only for actionable mentions
• HTTP worker threads now use caller-runs backpressure, callback tokens are redacted from status output, callback auth no longer depends on public URL exposure, and invalid env values fall back to defaults with warnings

April 1, 2026

JWT Robot API Migration with Scope Enforcement

Robot and Data APIs now enforce per-operation JWT scopes, add a /robot/token endpoint alias, and provide migration support for legacy pre-scoped long-lived tokens.

✦New

• Added /robot/token endpoint as an alias for /robot/dataapi/token for improved API discoverability
• Implemented per-operation JWT scope enforcement for Data and Robot APIs
• Notify operations (robot.notify, robot.notifyCapabilitiesHash) now require only data:read scope instead of wave:robot:active

✓Fixed

• Fixed shared mutable state race condition in BaseApiServlet operations list handling
• Added migration fallback for legacy unscoped tokens that defaults scopes by token type
• Scope validation errors now return HTTP 403 instead of 401 to properly distinguish insufficient scope from invalid token
• Removed duplicate JWT validation in DataApiServlet and ActiveApiServlet

March 30, 2026

Security: Avatar XSS Fix

Escape avatar URL values in HTML attribute context to prevent stored XSS via attacker-controlled profile image URLs.

✓Fixed

• Escape avatar src attribute values in participant, blip author, and digest views to prevent stored XSS

March 30, 2026

Harden rendered URL sanitizer

Replaces the URI-based link/image URL sanitizer with a permissive scheme-extraction check that handles URLs with spaces, adds wave:// support, and rejects protocol-relative URLs.

✓Fixed

• URLs with unencoded spaces (e.g. search query strings) are no longer incorrectly dropped by the /render endpoint
• Internal wave:// and waveid:// links remain navigable in rendered HTML output
• Protocol-relative URLs (//host/path) are now rejected to prevent open-redirect attacks

March 30, 2026

Restore runtime static assets under root war

Ensures favicons, authentication CSS, logo, and images are served correctly after relocating runtime static assets.

✓Fixed

• Move auth CSS, favicons, logo, and image assets into war/static to match the runtime asset root.

March 30, 2026

Fix default logoUrl path after static asset restructure

Updates the default logoUrl client flag from static/images/logo.png to static/logo.png to prevent a 404 after the logo was moved out of the images/ subdirectory.

✓Fixed

• Corrected default logoUrl from static/images/logo.png to static/logo.png to match the new asset location and prevent runtime 404s.

March 30, 2026

Jakarta Session and WebSocket Auth Hardening

Jakarta session-token lookup now always resolves auth tokens, and invalid WebSocket auth closes with a policy-violation reason.

✓Fixed

• Enabled Jakarta session-token lookup for token-based auth without a feature flag
• Closed invalid-auth WebSocket messages with a policy-violation reason and aligned the server log message

March 29, 2026

Robot Control Room Upgrades

Robot owners can now manage richer robot metadata, pause unsafe automations, and keep secrets masked after the initial reveal.

✦New

• Added robot descriptions, created/updated timestamps, pause state, and owner-only dashboard actions for updating callback URLs, descriptions, and deleting robots
• Kept newly created or rotated secrets available for one-time copy while masking secret previews in the dashboard and starter prompt
• Added a dashboard Test Bot action that refreshes robot capabilities after a callback URL is configured

✓Fixed

• Blocked paused robots from receiving client-credentials API tokens or passive runtime updates

March 28, 2026

Tagged Wave Scroll Fix

The bottom of a wave now stays reachable above the tags bar.

✓Fixed

• Aligned the wave scroll offset with the full rendered tags-bar height so bottom content is no longer clipped behind it

March 28, 2026

Unread Search Read-State Fix

Unread-only searches now evaluate persisted read state so read waves stop leaking into unread results.

✓Fixed

• Unread-only searches now use wavelet read-state data instead of relying on the conversation-model supplement path
• Read waves no longer remain in `unread:true` results when every matching wave has already been opened

March 28, 2026

Shared Wave Pinning

Pinning and unpinning now works for waves you can access even when you are not the wave owner.

✓Fixed

• Fixed shared-wave pin and unpin requests so they update your per-user state without requiring wave ownership

March 28, 2026

Search Refresh Stability

Search refreshes no longer preserve stale sidebar rows when the latest result set is empty.

✓Fixed

• Fixed simple search refresh handling so empty result updates clear stale wave rows instead of leaving old unread/message counts behind

March 28, 2026

Search Panel Unread Accuracy

Opened waves now keep the correct unread state in the polling search panel.

✓Fixed

• Stopped opened search results from dropping back to a stale local read state before the polling digest catches up
• Kept higher live unread and message counts when the open wave has newer local state than the last search snapshot

March 28, 2026

Search Bootstrap Loading UX

The search panel now shows loading skeletons only for blank OT bootstrap loads and keeps direct-search results visible while OT overlay state times out cleanly.

✓Fixed

• The search panel now renders loading skeleton rows only when an OT-enabled bootstrap starts from an empty result set
• Refreshing search results keeps the current result rows visible instead of blanking the panel while the next direct-search request is in flight
• If OT overlay data never arrives, the client now clears that waiting state without blanking direct-search results or retrying OT reconnect forever

March 28, 2026

Save Status Reliability

Save warnings now clear more reliably after reconnects and wavelet resets.

✓Fixed

• Fixed a case where the saving indicator could stay yellow and keep showing the slow-save warning after a disconnected wavelet was replaced.

March 28, 2026

Save Recovery

Wave tabs recover cleanly after websocket reconnects instead of getting stuck in a long-saving state.

✓Fixed

• Reopened wave streams now accept the new websocket channel id instead of filtering against a stale one
• Active wave views now fail fast on websocket disconnect so the client reconnect flow can resubscribe and clear stuck saving indicators

March 28, 2026

Robot Registration Polish

The robot registration success page now keeps long credentials readable without breaking the layout.

✓Fixed

• Redesigned the Robot Registered page with a more polished SupaWave presentation
• Long consumer token secrets now wrap cleanly on desktop and narrow screens instead of overflowing the card

March 28, 2026

Robot Registration Flow

Robot registration now lets you create credentials first, add the callback URL later, and keeps `-bot` reserved for robots.

✦New

• Robot registration now lets you mint credentials first and add or update the callback URL later without rotating the secret
• Robot usernames must end with `-bot`, and regular user registrations now reject that reserved suffix

✓Fixed

• Pending robots can no longer use the `client_credentials` token flow until a callback URL is configured

March 28, 2026

Robot Dashboard Management

Added a new authenticated robot management dashboard to manage API tokens and callback URLs.

✦New

• Robot management dashboard where users can see robots they own, update callback URLs, and rotate compromised secrets
• Generated user and robot Data API JWTs from the new dashboard
• Consolidated user top bar menu with grouped sections for easier access to Account, Automation / APIs, Product / Support, and Legal surfaces

March 28, 2026

Robot Control Room Hardening

Robot owners can now rotate secrets safely from the control room, and legacy robot claims keep working after the onboarding redesign.

✦New

• Added secret rotation to the authenticated /account/robots control room without forcing a callback URL change

✓Fixed

• Robot registration now keeps its sign-in return path and requires an XSRF token before creating or claiming a robot
• Legacy ownerless robots can be claimed during re-registration even when their callback URL is unchanged

March 28, 2026

Reply Editor Stability

Deleting all text in a new reply no longer crashes the editor.

✓Fixed

• Flushed pending editor typing state before detaching a blip editor during reply transitions

March 28, 2026

Realtime Search Stability

Experimental OT-backed search now degrades more safely when the live snapshot cannot satisfy the requested result window, and the server only tracks live search state for active subscribers.

✓Fixed

• Expanded OT search result lists now fall back to polling instead of getting stuck behind a 50-result live snapshot
• Search wavelet bootstrap registration now skips inactive listeners and re-evaluates participant subscriptions conservatively to avoid stale live results

March 28, 2026

Public Wave Search Badges

Public wave search results no longer show stale fully unread badges after you open them.

✓Fixed

• Corrected the search panel so `with:@` public wave results keep read badges in sync when a public/shared wave opens without a user-data wavelet snapshot

March 28, 2026

Profile Last Seen

Profile cards now show last seen when a user allows it, and hide it when they turn it off.

✓Fixed

• Successful sign-in and ongoing authenticated activity now update the profile last-seen timestamp
• Turning off Show last seen removes the field from the profile card response

March 28, 2026

Rollout Flags Show Up Before First Enablement

Admin feature flags now list prepared rollout flags like lucene9 before they have been saved once.

✦New

• The admin feature flags screen now shows code-known rollout flags even when no stored flag record exists yet
• Stored rollout flag settings still override the default placeholder entry once a flag has been saved

March 28, 2026

Wavier Link References

Wave links now use a distinct SupaWave accent treatment before hover.

✓Fixed

• Changed blip links to a wavy ocean underline with a tinted accent shade so they stand apart from ordinary blue text
• Kept visited links clearly clickable with a separate lavender tint instead of blending back into body copy

March 28, 2026

Clearer Link Styling

Links in wave content now look clickable before hover.

✓Fixed

• Restored visible underlines for links inside wave content while keeping the existing Supawave link colors

March 28, 2026

Landing Page Accuracy

The landing page now reflects the product capabilities that are available today.

✓Fixed

• Removed the landing page federation claim until federation is actually supported
• Added landing page messaging for Robot registration and Data API token support

March 28, 2026

Inline Reply Refresh Stability

Inline replies now preserve their anchor more reliably when created from the current selection.

✓Fixed

• Stabilized inline reply anchor placement by flushing the active editor before reading the current selection

March 28, 2026

Direct Messages Stay Explicit

Two-person waves no longer turn into direct messages unless you start them from Send Message.

✓Fixed

• Ordinary waves with two participants now stay ordinary waves
• Only profile-card Send Message conversations are treated as locked direct messages

March 28, 2026

Deleted Blip Focus Recovery

Deleting a reply now preserves unread navigation by moving focus to the next surviving blip or its containing parent.

✓Fixed

• Fixed a crashy unread-navigation case when deleting a blip that still contained the currently focused descendant.
• When a deleted reply has no remaining siblings, focus now falls back to the containing parent blip instead of jumping unpredictably.

March 28, 2026

Archive Search Fix

Archived waves now leave the inbox immediately and show up in archived results.

✓Fixed

• Fixed inbox and archived search filters so per-user archive state is honored even for waves without a full manifest structure.

March 28, 2026

API Docs Discovery

API consumers and LLM agents can now discover the SupaWave docs from dedicated llms entrypoints and direct links across the product.

✦New

• Published `/llms.txt` and `/llms-full.txt` as LLM-friendly API docs entrypoints
• Added direct `/api-docs` links in the landing-page navigation bar, hero section, footer, and signed-in app menu

March 28, 2026

AI Robot Onboarding

Robot creation now starts from a SupaWave control room with an AI starter prompt, a one-hour Data API JWT, and clearer API docs for humans and LLMs.

✦New

• New authenticated /account/robots control room for creating pending robots and activating callback URLs later
• Ready Google AI Studio / Gemini starter prompt with standardized SUPAWAVE_* environment variable names
• Automatic one-hour Data API JWT generation inside the control room prompt

✦New

• Added a Robot & Data API entry point to the signed-in app menu
• Expanded /api-docs and /api/llm.txt with Build with AI guidance, minimal common operations, and clearer security/error notes

March 27, 2026

Unread-Only Search Filter

You can now narrow SupaWave search results to waves with unread blips only.

✦New

• Added the unread:true search filter for inbox, archive, pinned, and combined searches

✓Fixed

• Updated the search help popup with unread-only examples

March 27, 2026

Title and Content Search Filters

Search can now target wave titles or any blip content explicitly.

✦New

• Added title: search for root blip titles
• Added content: search across conversational blips
• Updated search help with clickable examples for the new filters

March 27, 2026

Smarter Empty Search Reset

Clearing the search box now returns you to the inbox instead of leaving the app in an empty-query state.

✓Fixed

• Empty or whitespace-only searches now normalize back to in:inbox

March 27, 2026

Search Bootstrap Recovery

The left search panel now restores itself reliably even when OT search is enabled.

✓Fixed

• Search now performs an immediate direct bootstrap before depending on OT updates
• Archive and inbox actions refresh search results correctly again

March 27, 2026

Restore Your Last Wave

SupaWave can reopen your last active wave after login or refresh and focus the next unread blip.

✦New

• When no URL fragment is present, SupaWave restores the last opened wave from local storage
• Wave opens now focus the last unread blip before falling back to the last blip

March 27, 2026

Release-Aware Upgrade Notes

Upgrade banners now map to the deployed release notes instead of always showing the newest changelog entry.

✓Fixed

• The upgrade banner now links to the exact deployed release notes when the release mapping is known
• Deploy metadata now keeps changelog release mapping aligned across upgrades and rollbacks

March 27, 2026

Realtime OT Search

SupaWave can subscribe to realtime search wavelets when the ot-search feature flag is enabled.

✦New

• Added OT-powered realtime search subscriptions behind the ot-search flag

March 27, 2026

OT Search Fallback

Experimental OT search now falls back automatically when realtime search data does not arrive in time.

✓Fixed

• The search panel no longer stays blank when OT search is enabled but no search-wavelet data arrives

March 27, 2026

Lucene 9 Search Rollout

A new Lucene 9 BM25 search backend is available behind the lucene9 feature flag.

✦New

• Added Lucene 9 full-text search with richer parsing and BM25 ranking behind the lucene9 flag

March 27, 2026

Live Unread Digests

Unread counts stay accurate during polling and OT-driven search refreshes.

✓Fixed

• Search refreshes now preserve live unread digest proxies instead of replacing them with stale snapshots

March 27, 2026

More Accurate Latest-Activity Sorting

Date-based sorting now reflects the most recent conversational activity across the whole wave.

✓Fixed

• Wave search ordering now uses the latest conversational wavelet activity instead of only the root wavelet

March 27, 2026

Inline Reply Stability

Inline replies no longer crash when SupaWave encounters a stale inline anchor reference.

✓Fixed

• Missing inline anchor references now fall back safely instead of throwing an Item not found client error

March 27, 2026

Implicit Content Search

Bare words in the search box now behave like content filters automatically.

✦New

• Plain search terms such as hello or meeting notes now search wave content without requiring content:

March 27, 2026

Changelog System

You can now review recent SupaWave releases from the app and see what changed after a deploy.

✦New

• Added the /changelog page with release history
• Added What's New links in the app menu and landing page

March 27, 2026

Built-In API Docs

SupaWave now ships human and LLM-friendly API documentation directly inside the app.

✦New

• Added /api-docs, /api/openapi.json, and /api/llm.txt for the Data and Robot APIs