Stabilize the RAG pipeline, harden security, and polish the installer.

Highlights

• Thread-safe, integrity-verified RAG — concurrent indexing no longer corrupts state; cache files now use JSON + HMAC-SHA256 signatures instead of pickle
• Actionable PDF failures — password-protected and corrupted PDFs return clear remediation guidance instead of silent 0-chunk indexes
• Silent indexing failures surfaced — 0-chunk cases now raise real errors the agent can explain
• Lemonade Server bundled into the Windows installer — one click, no separate download
• macOS releases unblocked — ad-hoc DMG signing ships; installer paths on all platforms fixed (CF redirect, .sh path, DMG location)
• C++ runtime: Ollama-compatible /v1 endpoints — drop-in replacement for Ollama clients
• Claude review pipeline + agent-builder tooling — every PR gets an LLM review before humans look at it

Why it matters

This release is about trust. RAG answers are now reproducible under concurrency, cache files can't be silently tampered with, PDF failures tell users what to do next, and the installer works the first time on Windows and macOS. It's the foundation the v0.18 agent work builds on.