Releases: lenneTech/nest-server
Releases · lenneTech/nest-server
Release list
11.27.4
11.27.3
11.27.2
11.27.1
11.27.0
11.26.3
11.26.2
11.26.1
11.26.0
AI Assistant Module: a fully opt-in, multi-tenant-capable, OWASP-aligned assistance system with DB-backed LLM connections, role-filtered tool registry, governed safety mechanisms, and MCP server integration — introduced on branch feature/ai-module.
Core Features:
- DB-backed LLM connections with AES-256-GCM encrypted API keys (admin CRUD,
hasApiKeyoutput, production-secret guard) - Provider abstraction (
OpenAiCompatibleProvider,ClaudeCliProvider) with auto-detection ofsupportsNativeTools/supportsJsonResponse/contextWindow - Prioritized connection-resolution chain (global default → tenant default → user default → client selection → tenant/admin enforced)
- Role-filtered tool registry with
mutating/destructiveflags and pre-flightauthorize()hooks - Plan mode with all-or-nothing pre-flight authorization of every planned step
- Confirmation policy (
mutating.default/enforced,destructivealways-confirm, persistent tool grants "remember my choice") - Scoped tool policies (deny / ask / allow against tool arguments via regex)
- Lifecycle hooks (
PreToolUse/PostToolUse/SessionStart/Stop) - Token budgets per user AND per tenant (
day/month/nonereset windows, cumulative usage report, HTTP 429 with i18n translation) - Multi-turn conversations with
$push-based message persistence and capped retention - SSE streaming endpoint (
POST /ai/stream) plus REST and GraphQL single-shot - Multi-modal attachments (image URLs / dataUrls in prompts)
- Admin-defined named agent modes with
allowedToolsfilter and prompt addendum - Self-optimizing prompts (admin-editable tenant-scoped slots with override/reset, fragment-based builder, soft-delete via
enabled: false) - Governed learning loop (prompt hints from tool failures, admin-approval-gated or
autoApply) - User-facing prompt templates (
scope: user|tenant, owner-only mutations) - Runtime placeholder registry ({
{userId}},{{roles}},{{tools}}, …, project-specific placeholders dynamically registrable) - LLM-driven context compaction on context-window overflow with hard-trim fallback
- Deferred tool schemas plus built-in
search_toolsmeta-tool for large tool catalogs - Built-in
ask_user_questiontool for interactive clarification - Audit logging into
aiInteractions(admin-readable, prerequisite for budgets) - MCP server (
/ai/mcpStreamable HTTP) with lazy-loaded@modelcontextprotocol/sdkand 503 fallback when the SDK is missing - OAuth 2.1 for MCP clients (HMAC-SHA256 access tokens with
timingSafeEqual, PKCE S256-only, refresh-token rotation bound to client ID, dynamic client registration with persistedclient_secret) - SSRF allowlist for connection base URLs (
ai.allowedBaseUrlHosts) - Per-user rate limiting (max /
windowSeconds) - Three-layer security model (
@Restricted/@Roles/securityCheck) with global stripping ofapiKeyEncryptedand all token fields - Multi-tenancy isolation on slots, prompts, hints, budgets, and conversations
- Full override hooks for every collaborator via
ICoreModuleOverrides.ai