What's Changed
- Session lists now show every Profile available to the account unless a Profile filter is explicitly selected, and CLI start/stop/status no longer print the node:sqlite experimental warning.
- Clarify and confirmation replies now travel through the authenticated chat socket to the Hermes bridge, with response-path tests.
- Navigation entries and chat session rows now use native links for open-in-new-tab, copy-link, and persistent collapsed sidebar behavior.
- Session links no longer leak route Profile filters into the normal session list, and Open in new tab labels are localized.
- Skills now read
skills.external_dirsfrom the active Profile config, mark external skills, preserve local precedence, and resolve external files. - Login IP lockout now allows 10 failed attempts and the locked login screen shows clear-lock and reset-default-login recovery commands.
- Mobile and background chat disconnects are treated as transient, then reconnect resumes the run state from the server.
- Bridge tool marker flushing now persists partial tool-call marker prefixes at tool and run boundaries.
- Profile-aware history actions now delete sessions with profile-qualified targets and refresh History when the global Profile changes.
- The legacy
AUTH_DISABLEDbypass was removed for multi-user permissions, whileAUTH_TOKENremains supported.