Docs / Changelog

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog.

[0.4.2] - 2026-03-13

Added

  • Pagination — Collection list, collection detail (documents table), and explore catalog now paginated with shared Bootstrap 5 pagination partial
  • Terms of Service — 15-section legal page at /terms/ (French + English), Guinea governing law
  • Privacy Policy — 13-section privacy page at /privacy/ (French + English), covers data collection, retention, cookies, and user rights
  • Dashboard onboarding — 3-step "Getting Started" card for new users with zero collections/documents
  • Collection preview — Public collections can be previewed (document list) from the explore catalog before subscribing
  • Post-upload guidance — Success message now explains the processing pipeline (extraction → chunking → indexing)
  • Post-indexing nudge — Document detail shows success alert when indexing completes, prompting users to search or connect AI
  • Collection help text — Form explains what a collection is with examples
  • Source type auto-detection — File extension automatically sets the source type dropdown on upload
  • AI connection wizard — Guided 4-step setup at /connect/ for Claude Desktop, Claude Code, and REST API with inline key creation, pre-filled configs, copy-to-clipboard, and connection verification

Changed

  • Web search switched to GET — Search form uses GET for bookmarkable, refreshable URLs
  • Search limit field hidden — Defaults to 10, no longer exposed to users
  • Search scores — Raw decimal scores replaced with "Relevant" badge for clarity
  • Rate limiting — Switched from per-key to per-user counters to prevent bypass via multiple keys; MCP endpoint now rate-limited
  • API error format — All errors normalized to {"error": "..."} envelope via custom DRF exception handler
  • Scoped key creation — Collection picker shown at key creation time (hidden for full-access keys)
  • CSP — Removed unsafe-inline from script-src; all inline JS extracted to external files
  • MCP config format — Claude Desktop config now uses npx mcp-remote bridge (Claude Desktop doesn't support remote HTTP natively); docs and wizard updated
  • Settings page — Raw terminal commands replaced with link to the Connect AI wizard

[0.4.1] - 2026-03-13

Added

  • Login error differentiation — Specific error messages for wrong password, unactivated account, deleted account, and unknown email
  • Resend activation email — Link in login error message to resend activation email for unactivated accounts
  • Organization model — Organizations collected at registration, with editable name and logo on settings page
  • Mobile sidebar — Hamburger menu toggle with overlay for responsive navigation
  • Dashboard empty states — Call-to-action buttons when no collections or documents exist
  • Open Graph & Twitter Card — Social meta tags on landing page
  • Inline SVG favicon — Layers icon favicon on all pages
  • Password requirements — Shown on registration form

Changed

  • CSS extraction — Inline styles moved to CSS classes across 26 templates
  • JS extraction — Inline scripts moved to 6 external JS files for CSP compliance
  • Data minimization — Removed gender, dob, and bio fields from User model
  • User photo replaced — Replaced user photo with organization logo throughout the UI
  • WCAG contrast — Fixed --text-muted to 5.3:1 contrast ratio
  • Collection cards — Replaced onclick divs with semantic <a> tags
  • Delete account copy — Updated to reflect 7-day soft delete grace period
  • Docs navigation — Prev/next links now span across section boundaries
  • Upload button — Shows loading spinner on form submit
  • French translations — Updated for new features and registration flow

Fixed

  • document_count now refreshed on upload (not just delete)
  • Collection form cancel returns to detail page when editing
  • Sidebar no longer highlights Collections on Explore page
  • Full-access badge shown on API key detail instead of scoped-key UI
  • Usage chart colors fixed for light theme
  • Password fields no longer repopulated on validation error
  • register_done page now renders Django messages

[0.4.0] - 2026-03-12

Changed

  • Unified auth — All programmatic API access now uses aqn_ API keys with Bearer auth. DRF Token authentication removed from global defaults.
  • Full-access vs scoped keys — New is_full_access flag on API keys. Full-access keys see all user collections (for MCP/owner use). Scoped keys see only granted collections (for developers).
  • Scope-aware API views/api/search/, /api/collections/, /api/documents/ now respect API key scope. Scoped keys cannot manage subscriptions (403).
  • MCP scoping — MCP tools (search_documents, list_collections, get_document_info, search_by_tag) now scope results based on API key type.
  • Settings page — Replaced API Token card with API Keys card linking to /keys/.

Deprecated

  • AQOON_TOKEN env var in aqoon-mcp package — Use AQOON_API_KEY (fallback still works).

Removed

  • POST /api/v1/search/ — Removed entirely. Use /api/search/ which supports both full-access and scoped API keys.
  • POST /api/token/ — Returns 410 Gone. Use API keys from /keys/ instead.
  • DRF TokenAuthentication from global REST Framework defaults.
  • Token generate/revoke/regenerate from Settings page.
  • DRF token support in MCP /mcp endpoint — Only aqn_ keys accepted.

[0.3.0] - 2026-03-08

Added

  • Public collectionsis_public flag on Collection model, admin-managed
  • Collection subscriptionsCollectionSubscription model for users to subscribe to public collections
  • Explore catalog page — Browse and subscribe to unsubscribed public collections (/explore/)
  • Subscribe/Unsubscribe views — Web views and API endpoint (POST/DELETE /api/collections/<slug>/subscribe/)
  • Centralized visibility helpersCollection.visible_for(), visible_docs_q(), and user_id variants used across all 19 query locations
  • Owner-only guards on mutation views (upload, edit, delete) — buttons hidden in templates for non-owners
  • Unsubscribe button on collection detail page for subscribed non-owners
  • Public badge on collection cards and detail page; "Subscribed" badge on non-owned collections in list
  • "Explore public collections" link on collections list page
  • is_subscribed field in Collection API serializer
  • CollectionSubscriptionAdmin in Django admin
  • Slug collision resolution (owned collection prioritized over subscribed)

[0.2.0] - 2026-03-08

Added

  • REST API — Token-authenticated endpoints for collections, documents, and search
  • Remote MCP endpoint — Hosted /mcp with Streamable HTTP transport, per-user scoping via token auth
  • Local MCP package — Pip-installable aqoon-mcp package with stdio transport
  • API token management — Generate/regenerate/revoke tokens in user settings page
  • KaaS Phase 1: API Key Managementaqn_-prefixed keys with SHA256 hashing, collection-scoped access grants, search via POST /api/search/
  • KaaS Phase 2: Rate LimitingRateTier model with 3 tiers (Free/Basic/Pro), Redis-based counters (minute/day/month windows), X-RateLimit-* headers
  • KaaS Phase 3: Usage TrackingUsageLog and UsageSummary models, async logging via Celery, daily aggregation, 90-day retention, Chart.js usage dashboard
  • KaaS Phase 4: Developer Dashboard — Public API docs page (/developers/), interactive search playground (/developers/playground/)
  • KaaS Phase 5: Billing IntegrationBillingPlan, Subscription, Invoice models, Stripe webhook handler, monthly invoice generation via Celery Beat, billing dashboard
  • ASGI routing (uvicorn) with dual auth support (DRF tokens + KaaS keys)
  • Django admin for rate tiers, API keys, usage logs, billing plans, subscriptions, invoices
  • Bootstrap modals for destructive actions (replacing browser confirm dialogs)
  • Sidebar navigation for API Keys, API Usage, and Billing

[0.1.0] - 2026-03-08

Added

  • Project scaffolding with 54 Startups standards
  • User authentication (register, login, password reset, account management)
  • Collection model for organizing documents
  • Document model with PDF/DOCX/image/text/URL source types
  • DocumentChunk model for vectorized content
  • Azure Document Intelligence integration for text extraction
  • Azure OpenAI embedding generation (text-embedding-3-small)
  • Azure AI Search hybrid search (text + vector, HNSW)
  • Azure Blob Storage for file uploads
  • Celery task for async document processing pipeline
  • Django web UI with Bootstrap 5.3 sidebar layout
  • Dashboard with stats and recent activity
  • Collection CRUD with card grid view
  • Document upload with drag-and-drop
  • Full-text + semantic search across collections
  • Document status polling (AJAX)
  • Standalone MCP server with 4 tools (search_documents, list_collections, get_document_info, search_by_tag)
  • Health check endpoint with database + Redis checks
  • Docker Compose setup (Django + PostgreSQL + Redis + Celery)