⚖️ Veritas Kanban 2.1.0 — Documentation, Security Hardening & Process
This release documents all v2.0 features, hardens security, and establishes the multi-agent development process going forward.
📖 Documentation
- README updated — All 7 new features documented (Squad Chat, Broadcasts, Deliverables, Polling, Delegation, OpenClaw Integration, Webhooks)
- 5 feature guides created in
docs/features/:- Squad Chat — Real-time agent communication with WebSocket, system messages
- Broadcast Notifications — Priority-based with read receipts
- Task Deliverables — First-class objects with type/status tracking
- Efficient Polling —
/api/changes?since=...with ETag support - Approval Delegation — Vacation mode with scoped delegation
- Cleaned up 8 scattered docs — Consolidated into proper feature guides
- Updated lessons learned — 13 operational lessons from multi-agent development
🔒 Security Hardening
- Gateway token stripped from API responses —
openclawGatewayTokenandsecretare now write-only fields; never returned in GET or PATCH responses - File locking added to notification-service and config-service — all write operations now protected by
withFileLock() - Path traversal protection verified across all services
- TOCTTOU race conditions eliminated in all read-modify-write operations
🚀 Performance
- Removed double cache invalidation in squad chat
- Added
React.memo()to message bubble components
📋 Process Improvements
- Pre-Commit Review Protocol added to CONTRIBUTING.md — mandatory 4 checks (Code, Functionality, Performance, Security) before every commit
- One Agent Per File rule documented — prevents concurrent edit conflicts
- Never push without human approval — explicit in contributing guidelines
👥 Contributors
TARS (code review), CASE (functionality review), Ava (performance review), K-2SO (security review + docs), R2-D2 (squad chat), VERITAS (orchestration)
Full Changelog: v2.0.0...v2.1.0