ignis/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

[0.8.6] - Karm (2026-06-12)

Added

• OBSIDIAN_PACKAGE env var: unpack a pre-placed .deb, .asar.gz, or .asar on first run instead of downloading, for offline or restricted networks.
• PROXY_ALLOW_PRIVATE_HOSTS env var: IPs or IPv4 CIDRs the cross-origin proxy may reach despite the private-address block.

Changed

• fs.promises.realpath is answered from the client-side cache; vault load no longer issues one realpath request per folder.

Fixed

• Sync file reads serve virtual plugin files the same as async reads.

Security

• Cross-origin proxy rewritten for better security
• Filesystem and vault error responses no longer include absolute server paths.
• Protocol-relative (//host) requests route through the proxy guard.
• Vault names are validated on creation; batch-read caps the number of paths per request.
• Demo mode: /api/ext/* blocked, and several security fixes
• The ob CLI is spawned without a shell.
• Dependency bumps clearing npm audit.

[0.8.5] - Karm (2026-06-07)

Added

• Server settings panel in the Ignis settings tab.
• assert, constants, and stream shims, plus callback-style fs methods and realpath.

Changed

• Write coalescing is now off by default (WRITE_COALESCE_MS=0).

Fixed

• Native menus now stay disabled on platforms where its default is true
• /app/data is now created and owned by the runtime user.
• Caddy reverse-proxy example uses the current basic_auth directive.

Security

• Cross-origin proxy rejects requests that resolve to private, loopback, or link-local addresses (SSRF guard).

[0.8.4] - Karm (2026-06-03)

Fixed

• Codeblocks calling clipboard APIs no longer causes reccursion error.

Security

• Hardened same-origin checks, virtual-plugin URL validation, token file permissions, and log line bounds.

[0.8.3] - Karm (2026-06-01)

Added

• WS_ORIGINS env var to restrict allowed Origin headers on WebSocket connections.

Fixed

• Ignis version is now rendered correctly.
• Tables in editing mode now render correctly in Firefox.

[0.8.2] - Karm (2026-05-23)

Fixed

• Various app menus crash when "Use native menus" enabled. Solved by forcing the setting off internally; the on-disk value is preserved across toggles.
• /api/fs/rename and /api/fs/copyFile reject missing path fields with 400 instead of silently resolving to the vault root.

[0.8.1] - Karm (2026-05-17)

Added

• "Available version" indicator in Ignis settings now links to the release page on GitHub.

Fixed

• Update check no longer reports a new version available when only the SemVer build metadata differs.

[0.8.0] - Karm (2026-05-16)

Added

• Demo mode: per-session vaults, auto-cleanup, proxy allowlist, login blocking. See examples/demo/.
• No-op guard in the bridge plugin and headless-sync plugin when loaded outside Ignis.
• "Open workspace in new tab" command now loads the workspace preset rather than the per-tab live state.
• Real digests for crypto.createHash (SHA-1/SHA-256/SHA-512/MD5) via @noble/hashes.
• LEGAL.md with the full EU Software Directive rationale.

Changed

• Obsidian pinned at 1.12.7.
• Entrypoint downloads .asar.gz instead of .deb. Smaller image, simpler extraction.
• FS shim path translation moved from the transport layer up to the shim's public surface, so caches and metadata operate only on physical paths.
• Readme cleanup.

Fixed

• navigator.vibrate made conditional. Firefox setups with dom.vibrator.enabled off no longer hit a TypeError.
• Write coalescer no longer holds HTTP responses open for the full debounce window. Buffered writes return immediately with synthetic mtime/size; only the first/stale writes wait on disk.
• Prefetch race in workspaces-per-tab resolved by the path-translation refactor.

[0.7.6] - Orm (2026-04-05)

Changed

• file patching to in-flight injection

[0.7.5] - Orm (2026-04-05)

Added

• per tab workspaces
• self-host auth examples
• better documentation

[0.7.4] - Orm (2026-03-30)

Added

• guards against running Obsidian sync and headless sync simultaneously

Changed

• improved status indicator for headless sync

[0.7.3] - Orm (2026-03-30)

Added

• status bar indicator for headless sync

[0.7.2] - Orm (2026-03-29)

Added

• utils shim

Fixed

• right sidebar toggle with css overrides
• clipboard functionality

[0.7.1] - Orm (2026-03-29)

Added

• Server plugin system
• obsidian-headless integration via server plugin

[0.6.4] - Slifer (2026-03-24)

Added

• Context menu items for downloading files and folders

[0.6.3] - Slifer (2026-03-24)

Changed

• Use stack fingerprinting to identify caller context for file staging registry

[0.6.2] - Slifer (2026-03-24)

Added

• File watcher system with WebSocket-based live sync for external vault changes
• Real-time detection of file create, modify, delete, and rename operations
• Echo guard to suppress events from local operations (prevents feedback loops)
• Automatic reconnection with exponential backoff for WebSocket client

[0.6.1] - Slifer (2026-03-24)

Added

• fetch() shim that proxies cross-origin requests through /api/proxy to bypass CORS restrictions
• Automatic Origin: app://obsidian.md header injection for cross-origin requests to match Obsidian desktop app
• User-Agent forwarding from browser to proxy for cross-origin requests

Fixed

• Obsidian Sync API authentication now works in browser (was blocked by CORS)
• Proxy response headers cleaned to exclude hop-by-hop headers (content-encoding, transfer-encoding, content-length, connection)

[0.6.0] - Slifer (2026-03-23)

Added

• zlib shim using pako library for compression/decompression operations (deflate, inflate, gzip, gunzip, etc.)
• File descriptor operations: fs.open(), fs.read(), fs.close(), fs.fstat() and sync variants
• fs.promises.open() returning FileHandle objects with stat(), read(), close() methods
• showOpenDialog electron dialog shim with browser file picker and vault upload
• showOpenDialogSync hacky workaround using file staging registry and two-step upload flow
• Enhanced Buffer shim with alloc(), allocUnsafe(), byteLength(), and isEncoding() methods

Fixed

• MessageDialog modal dismiss error when confirm button clicked
• Dialog shim modal event ordering to prevent null reference errors

[0.5.0] - Scatha (2026-03-22)

Added

• Compression middleware (gzip/brotli) for API responses to reduce bandwidth
• Plugin installation prompt system with per-vault trust flags
• Versioning system with cache-busting query parameters on script URLs
• Option to install ignis-bridge plugin to vaults imported at runtime

Changed

• Auto-creation of default vault now requires AUTO_CREATE_DEFAULT=true environment variable
• Script URLs (ignis-ui.js, shim-loader.js) now include version query params for automatic cache invalidation
• Cache headers: versioned assets cached for 1 year, non-versioned for 5 minutes

Fixed

• Vault manager not displaying when no vaults exist
• window.close() now shows vault manager when no vault is configured

Removed

• Unused VAULT_PATH environment variable fallback logic

[0.4.0] - Gostir (2026-03-18)

Added

• Vault management: create, rename, delete vaults
• Last active vault persistence: remembers which vault was open
• Plugin trust preservation: keeps plugin trust status when renaming vaults

Changed

• Refactored vault operations into shared service

Fixed

• Issues with dialogs and vault rename operations

---

Changelog tracking started at version 0.4.0. For earlier versions, please refer to commit history.