v2.41.0

What's Changed

• fix: c3_shell uses Git Bash on Windows, not cmd.exe (v2.41.0) by @drknowhow in #25

Full Changelog: v2.40.0...v2.41.0

v2.40.0

What's Changed

• fix: Bitbucket Data Center integration hardening (v2.40.0) by @drknowhow in #24

Full Changelog: v2.39.1...v2.40.0

v2.39.1

What's Changed

• fix: circuit breaker for c3_delegate CLI backends (v2.39.1) by @drknowhow in #22
• fix: reword circuit breaker docstrings to satisfy windows-reliability open() guard by @drknowhow in #23

Full Changelog: v2.39.0...v2.39.1

v2.39.0

What's Changed

• fix: security & correctness hardening (v2.39.0) by @drknowhow in #21

Full Changelog: v2.38.1...v2.39.0

v2.38.1

What's Changed

• feat: Oracle activity reporting — cross-project daily digest (v2.38.0) by @drknowhow in #18
• fix: force UTF-8 console so Oracle server starts on Windows cp1252 by @drknowhow in #19
• fix: lazy store init — MCP server starts in <1s (v2.38.1) by @drknowhow in #20

Full Changelog: v2.37.0...v2.38.1

v2.37.0

What's Changed

• feat: non-destructive config generation (v2.37.0) by @drknowhow in #17

Full Changelog: v2.36.0...v2.37.0

v2.36.0

What's Changed

• feat: simplify install + upgrade — self-contained wheel, c3-mcp entry point, c3 upgrade (v2.36.0) by @drknowhow in #16

Full Changelog: v2.35.0...v2.36.0

v2.35.0

What's Changed

• feat: git branch awareness - scoped re-index + ledger/session/snapshot stamping (v2.35.0) by @drknowhow in #15

Full Changelog: v2.34.0...v2.35.0

v2.34.0

v2.34.0 — Tooling robustness & security observability

Improvements surfaced while exploring the tool, focused on day-to-day Windows friction and defense-in-depth.

pip install -U code-context-control

⚡ c3_shell

• Forces UTF-8 in child processes and decodes output as UTF-8 — fixes cp1252 UnicodeEncodeError crashes when a command prints →, box-drawing, or emoji on Windows.
• Self-sweeps stray 0-byte "ghost" files created during a command (shell-redirect / metacharacter artifacts like a >Lnnn marker or 2>$null leaking a filename), and reports them. Install-independent and only removes files that appeared during the command — pre-existing files are never touched.
• No longer auto-filters git status/diff/log/show/branch output — those are needed verbatim.

🔒 Security

• Guard observability: a startup log line and a web_guard block in the UI /api/health confirm the localhost guard (2.33.0) is active.
• MCP transport Host allowlist: the Oracle MCP server (:3332) now rejects requests whose Host header isn't loopback or the configured bind_host/allowed_hosts — defense-in-depth against DNS rebinding, on top of the Bearer gate.

🧹 Refactor

• De-duplicated the MCP-section TOML helpers (parse / upsert / remove / escape) that had drifted between cli/server.py and cli/hub_server.py into a single shared core/mcp_toml.py (reconciled: quote-stripped keys, unlink an emptied config file). Net −235 lines across the two servers.

✅ Quality

• +23 tests (test_shell_robustness, test_mcp_host_guard, test_mcp_toml); full suite 381 passing across macOS/Ubuntu/Windows × py3.10–3.12.

See CHANGELOG.md for full details.

v2.33.0

v2.33.0 — Web security hardening

Security-hardening release closing a cross-origin / DNS-rebinding gap in C3's local web servers, plus two related hardenings and two c3_read fixes.

pip install -U code-context-control

🔒 Security

• Cross-origin / CSRF + DNS-rebinding hardening for all local web servers. The Hub, per-project UI, and Oracle bind to loopback but had no auth, no Origin/Host validation, and wildcard CORS — so any web page open in the user's browser could drive state-changing endpoints (the launch-ide custom command, adding a malicious MCP server, downgrading Claude permissions, wiping data) and read the Oracle Discovery bearer token. A new shared guard (core/web_security.py) now enforces a Host-header allowlist (defeats DNS rebinding) + an Origin/Referer check on every request (defeats CSRF), and replaces wildcard CORS with scoped, same-origin reflection. Loopback and non-browser API clients are unaffected; non-loopback binds honour host/bind_host + an optional allowed_hosts list. Oracle Discovery bearer auth still applies on top.
• api_projects_open (Hub + UI) now refuses non-directory paths, so it can no longer launch an arbitrary file via the OS default handler.
• c3_shell blocklist strengthened to also cover rm -rf /*, rm -rf of a whole top-level system directory, and Windows whole-drive-root wipes (del/rd/format C:\). Nested-path deletes stay allowed. Documented explicitly as a best-effort guard, not a sandbox.

🐛 Fixed

• c3_read silently returned the file map instead of source for lines range reads — MCP serializes lines as a string (e.g. "[22, 193]"), which fell through the range logic. lines is now coerced like symbols.
• Comma-separated symbols ("a,b,c") now split into multiple targets instead of being read as one ambiguous name.

✅ Quality

• New tests: tests/test_web_security.py, tests/test_read_coercion.py; extended tests/test_c3_shell.py. Full suite green across macOS/Ubuntu/Windows × py3.10–3.12.

See CHANGELOG.md for full details.