Last updated: May 12, 2026, 08:49 PM UTC

Sasha Studio Release Notes: v1.0.1351 to v1.0.1393

Release Period: March 2026 - May 2026
Version Range: 1.0.1351 → 1.0.1393
Total Commits: 303

TL;DR - Business Summary

What's New in Plain English:

This release reshapes some of the most-used parts of Sasha — how chats reload, how you sign in, how you organise projects, and how the interface looks. Five headline capabilities:

  1. Rock-Solid Chat History — Reloading a chat used to double-fetch, flicker, and occasionally drop messages. A months-long rewrite replaces that fragile pipeline with a single, well-instrumented stream that reads directly from the conversation transcript on disk. Chats now reload reliably, even after a network drop.

  2. Sign In with Your Claude Subscription — You no longer need to manage an Anthropic API key or AWS Bedrock account if you already have a Claude Pro/Max subscription. A new "Sign in with Claude" flow uses OAuth, so Sasha never sees your password and the bill goes through your subscription.

  3. Modules — Mini-Apps Inside Sasha — Sasha now hosts purpose-built mini-apps ("Modules") alongside the chat: a Report Builder, an Email Drafter, a Candidate Comparison view. Each one is a self-contained HTML app that can talk back to the chat to fetch data or trigger actions.

  4. Redesigned Navigation & Visual Identity — A new hamburger-led navigation, slim header with account menu, refreshed colour palette, improved contrast and accessibility, and a cleaner project sidebar. Less chrome, more workspace.

  5. Exa Web Research, Built In — A first-party Exa MCP integration lets Sasha search and summarise the live web without you setting up MCP yourself. One toggle in Tools settings.

Business Value:

  • Reliability: Chats no longer "lose their place" during long sessions or after a tab reload
  • Faster Onboarding: New users can sign in with their existing Claude subscription in under a minute — no API key paperwork
  • Workflow Specialisation: Modules turn Sasha from a chat into a platform — each customer can have purpose-built tools sitting next to the AI
  • Trust & Compliance: 250+ dependency security patches; tighter file-access guards; SOC-style audit of every path the server reads from disk

Executive Summary

This release is dominated by a multi-month engineering programme to make chat history bullet-proof. The old pipeline relied on a tangle of overlapping fetches — a fast WebSocket stream, a slower JSONL re-read for reconciliation, and a "thin stream" reconciler that tried to merge the two. Under real-world conditions (rolling deploys, intermittent networks, long sessions, large transcripts) those paths could fight each other, producing duplicates, flicker, or missing messages. The new pipeline (codenames A, B, and Y) replaces all of that with a single subscribe-and-stream model: the server tails the conversation's JSONL transcript on disk, hands each message to the client with a cursor, and the client can reconnect at any time and pick up exactly where it left off. A new in-browser Chat Debug Pane (Cmd+Shift+Y) records every WebSocket frame so this work is observable in production, not just in dev.

Alongside the reliability programme, this release introduces subscription-based authentication. Until now, Sasha required either an Anthropic API key or AWS Bedrock credentials. New users can now choose "Sign in with Claude" — an OAuth flow that uses an existing Claude Pro or Max subscription. The implementation went through several iterations (CLI-based exchange → direct HTTP exchange) and includes careful guards so the subscription token isn't overridden by stray ANTHROPIC_API_KEY env vars on the host.

The third major thread is Modules — a new way to package purpose-built mini-apps inside Sasha. A Module is an HTML app with a MODULE.md manifest. Sasha auto-mounts a route, adds it to the sidebar, and provides a postMessage bridge so the module can call back into the chat. Three demo modules ship in this release: Email Drafter, Report Builder, and Candidate Comparison. A new module-builder skill walks customers through creating their own.

The user interface received a substantial design overhaul — new palette, improved accessibility contrast, the navigation moved from a horizontal tab bar to a hamburger menu, a slim header with an AppMenu and AccountMenu was added, and a comprehensive performance and theme-consistency pass landed. Project folders gained a proper NewFolderDialog (replacing native browser prompts), a one-shot "create folder + first chat" action, and freshly created folders now sort to the top of the project list.

Behind the scenes the team migrated the CJK Associates production instance from eu-west-2 to eu-west-1 to consolidate on the KnowCode AWS account, patched 257 Dependabot security alerts across every package manifest, hardened every server-side file path with safePath() to close CodeQL path-traversal findings, and added a session retention setting so administrators can control how long Claude session history is kept (default 365 days). A new Exa MCP integration ships pre-wired for first-party web research.

Major Features & Improvements

Chat Reliability Programme (A/B/Y/b2)

The largest piece of work in this release. Three coordinated tracks rebuild the chat history pipeline from the ground up.

  • Chat Debug Pane (Cmd+Shift+Y) - In-browser developer pane that records every WebSocket and JSONL frame. Available in every build behind a hidden shortcut; surfaces in Advanced settings. Diagnostic gold-dust for production support.
  • Server Event Ring + Cursor Protocol (B-track) - Per-session bounded buffer of streamed events on the server. Clients receive an opaque base64url cursor; on reconnect they resubscribe with their last cursor and the server replays anything they missed, or returns cursor-expired if they were away too long.
  • JSONL-Tail Backend (Y-track, the production path) - Replaces the in-memory ring with a fingerprint-and-partial-line-safe tail of the conversation's JSONL transcript on disk. Server-side resolveTranscriptPath validates the path against the authenticated session, so clients never see filesystem locations.
  • Client Cutover (b2-track) - The legacy "thin stream reconciliation", force-reload defer, double-fetch fallback, and post-complete JSONL re-read were all removed. The new useChatReplaySubscribe hook is the single load path. UUID-based deduplication in APPEND_MESSAGE, LOAD_SESSION_MESSAGES uses REPLACE semantics, manual refresh re-subscribes instead of triple-loading.
  • Stub-State UX for Missing Transcripts - When a session's transcript can't be loaded, the UI shows a clear, calm empty-state instead of a flicker and structured logs are written for support.
  • Layered E2E Test Suite - Three-layer test coverage (unit, integration, WS-protocol E2E) including synthetic stress tests that replaced the multi-day soak suite.

Subscription Authentication

  • Sign in with Claude (OAuth) - New provider option alongside Anthropic API key and AWS Bedrock. Uses CLAUDE_CODE_OAUTH_TOKEN and the standard Claude OAuth flow. Sasha never sees the user's password.
  • Direct HTTP Token Exchange - After an initial CLI-based exchange proved fragile, the flow pivoted to a direct HTTP exchange against claude.ai / claude.com. Handles both URL formats.
  • Provider Activation & Management - New /auth/subscription/login, /status, /disconnect endpoints; UI SubscriptionConfigModal for the activation flow.
  • Env-Var Guards - ANTHROPIC_API_KEY is cleared from the child process environment when a subscription token is active, preventing stray host-level keys from silently overriding the chosen provider.
  • Whitespace-Tolerant Token Paste - Pasted OAuth tokens are stripped of surrounding whitespace and newlines.
  • Health-Check Awareness - The system health check now counts an active subscription as a configured AI provider, so an instance with only a subscription no longer warns about being unconfigured.

Modules — Mini-Apps Inside Sasha

  • MODULE.md Manifest Format - Each module is a directory with a MODULE.md describing its name, route, sidebar entry, and entry HTML.
  • Generic Module Renderer - /module/:moduleName route mounts any module without per-module code.
  • Document-Viewer Integration - Modules open in the document viewer rather than a separate panel; a url field on the module event ties them in.
  • Module Bridge (sasha-modules.js) - Tiny chat-side library that brokers postMessage calls between the module iframe and the surrounding chat — modules can request data, trigger chat sends, or open files.
  • Synchronous /execute Endpoint - Modules can run actions against Claude and capture the output via a SmartWatcher, enabling deterministic UI flows.
  • Demo Modules Shipped - email-drafter, report-builder (test module), and the previously-shipped candidate-comparison now live in the Agents section of the sidebar.
  • module-builder Skill - Walks customers through creating their own modules, including the HTML-app structured-response pattern.

Project Folder UX

  • NewFolderDialog Component - Replaces native window.prompt() with a proper modal: name field, "create empty folder instead" option, accessibility-friendly focus management, backdrop dismissal.
  • Atomic Create Folder + First Chat - New createFolderWithProject server helper + POST /api/folders/with-project endpoint creates a folder and its first chat in a single transaction, with rollback if either step fails.
  • One "New Folder" Button - The three redundant "New Project" buttons across the sidebar collapsed into a single "New Folder" affordance.
  • New Folders Sort to Top - Under the Recent sort, a freshly created folder now appears at position 1 (it used to drop to the bottom because empty folders had no session timestamps).
  • Contextual Empty-State Placeholder - The auto-created "chat 1" inside a new folder now shows a folder-aware empty-state prompt.

Navigation & Design System Overhaul

  • Hamburger-Led Navigation - The horizontal tab bar is gone. Primary navigation now lives in a hamburger menu (AppMenu) at top-left; account, theme, logout in the AccountMenu top-right.
  • Slim Header - New compact header replaces the old chrome.
  • Sidebar Cleanup - Removed the bottom action bar, removed search icons (search lives in the hamburger menu as "Search Chats"), removed the chat icon from the sidebar header. Projects section is collapsible with a heading.
  • Renamed "Modules" → "Agents" - Customer-facing rename to match how the section is actually used.
  • Comprehensive Theme Pass - New palette, accessibility-first contrast ratios, neutralised the blue toolbar styling, table body text now uses brand colours, toast backgrounds fixed (they were transparent).
  • Wider Default Panels - Skill editor now defaults to split view; document panels are wider.
  • Performance Improvements - Theme consistency and rendering performance pass across the whole UI.

Exa Web Research Integration

  • First-Party Exa MCP - A hosted Exa endpoint is now auto-registered at server startup; status, configure, register, and test routes mounted under /api/mcp/exa.
  • Tools Settings Card - Exa appears in the Content & Knowledge group of Tools settings.
  • Skill Advisor - A new skill teaches Claude when to reach for Exa.
  • exa-research-tool Mapping - The conventional tool name maps to the Exa MCP server so prompts work out of the box.

Session Retention Setting

  • General Settings Card - Administrators can now set cleanupPeriodDays (default 365) via the UI.
  • /api/admin/session-retention Endpoints - GET/PUT for the value, with audit-friendly persistence.
  • claudeSettings Service - New shared service that owns reads/writes to ~/.claude/settings.json (replacing scattered path.join references).
  • Startup Bootstrapping - Cleanup defaults to 365 days on first run.
  • Atomic Settings Writes - Settings writes use temp-and-rename to prevent corruption mid-write.

Bedrock & Model Support

  • Claude Opus 4.7 on Bedrock - Added to all four hardcoded model registries (modelConfigs, supportsExtendedContext, BEDROCK_MODEL_ID_TO_ALIAS, admin MODEL_OPTIONS); model ID corrected to anthropic.claude-opus-4-7.
  • Temperature-Deprecated Handling - Model discovery gracefully handles Anthropic's newer "temperature deprecated" error.

Report Publisher

  • Source Attribution Footer - Pages can now render a source attribution footer from page metadata.
  • Region Background Colour - Layout regions support a backgroundColor field.
  • Logo & Page Numbers as Global Overlays - Rendered on every page rather than re-declared per page.
  • Charts Fill Their Region - Charts now render at region dimensions instead of a fixed size.
  • Fit-Solver Improvements (G-81/82/83) - Dropped the +1000 base overflow penalty, raised minFontScale to 0.85, respects overflow: 'spill', body font 11→13pt, tighter line-height.

File Tree & Performance

  • fileTreeCache Module - TTL-based file tree cache with request coalescing, warmed on startup, with broad-spectrum invalidation.
  • Wired into All File Endpoints - Endpoints now check the cache; mutations invalidate it.
  • detectDocumentOperation Broadened - Now detects operations on all file types, not just markdown.

Stability & Reliability

Chat Pipeline

  • Stub Flicker on Session Change - Stub state is now cleared on session-change instead of per-load.
  • Empty-Session Auto-Load Loop - Fixed a loop where an empty session would re-request itself indefinitely.
  • Rate-Limit Envelope Suppression - rate_limit_info envelopes are now suppressed in the chat normalizer instead of rendering as junk frames.
  • In-Place Compaction Detection - JSONL cursors include a prefixHash to detect when the underlying file was compacted in place.

Production Ops / ECS

  • CJK Rolling-Deploy SQLite Contention - Root-caused and fixed. Initial retention sweeps and cloudDriveManager initialisation are now deferred 60 seconds to avoid contending for the SQLite write lock during ECS rolling-deploy overlap. Full RCA document captured.
  • Stale Meeting Recovery - Re-introduced on the 60-second deferred path.
  • CJK Infrastructure Migration - CJK Sasha migrated from eu-west-2 to eu-west-1 on the KnowCode AWS account to consolidate networking.

Auth Hardening

  • OAuth Token Routing - OAuth tokens now correctly route through the subscription provider, not the Claude API provider.
  • Claude CLI 2.1.112 Pin - Downgraded from a newer CLI that didn't accept the OAuth token; documented the dependency.
  • Bun Binary Detection - Native Bun detection in both the main CLI spawn path and the auth path.
  • Listener Cleanup - Auth flow now cleans up listeners, handles timeouts, and recovers from stale processes.
  • stdin Handling - Auth code piping switched from execFile to spawn with explicit stdin close.
  • Subscription Guard ESM Fix - Replaced lingering CommonJS require with ESM import.

Security

  • 257 Dependabot Alerts Patched - Comprehensive sweep across every package manifest in the repo.
  • CodeQL Path-Traversal Findings Closed - Remaining path.join calls in server/index.js wrapped in safePath(). postMessage origin checks tightened.
  • Mermaid → 10.9.6, protobufjs Override - Targeted critical-severity bumps.
  • Control-Panel & Claude-Historian Critical Alerts - Patched.

UI Bug Fixes

  • Knowledge Files Race Condition - Fixed a race in the sidebar's knowledge files fetch.
  • Toast Backgrounds - Were transparent, now readable.
  • User Bubble Accents - Less aggressive, persisted expansion state.
  • Thumbs Up/Down Removed - Chat message feedback buttons removed.
  • Chat Attachments - JSON now in the allowed file types list.

Developer Experience & Docs

Documentation

  • Y Implementation Plan + Codex Review - Full design spec and Codex peer review captured for the JSONL-tail rewrite.
  • B Spec, Plan, Verification Findings - Three documents (V1/V2/V3) tracking the event-ring design through verification.
  • A1 Chat Debug Pane Plan - Plan and spec for the debug pane.
  • Chat-Pipeline Sequencing - A "desired end state" doc and sequenced program plan tying A, B, Y, and b2 together.
  • Session Retention Spec + Plan - Full design docs for the retention setting.
  • CJK Rolling-Deploy RCA - 2026-05-10 SQLite lock incident root-cause analysis.
  • Testing Strategy Refresh - PRD-level testing strategy updated to reflect the 5-goal framing, layered E2E plan, and Y-track work.
  • Exa Documentation - New skill plus product-doc surfacing across the help articles.

Development Tools

  • Chat Debug Pane in All Builds - Available everywhere; render toggle pill in DEV, hidden behind the Advanced menu in prod.
  • downloadFrames Helper - One-click download of captured WebSocket frames for support tickets.
  • Vitest v8 Coverage - Coverage measurement now wired in.
  • @testing-library/react Added - Chat debug pane tests.
  • Local Dev Fix - npm run server now loads .env.local (was previously silently missing the env file).
  • Dockerfile - Added bc calculator to the container image.

Upgrade Notes

Subscription Auth

  • Action: To enable "Sign in with Claude" for an instance, ensure the host environment does not pre-set ANTHROPIC_API_KEY — it will be cleared automatically when a subscription token is active, but mixed configurations can confuse first-time activation.
  • CLI Version: The subscription path expects Claude CLI 2.1.112. Newer CLIs in the 2.1.119+ range are supported for the main spawn path; pinning matters only inside the auth flow itself.

Chat Pipeline

  • Action: The REPLAY_BACKEND=jsonl env var is now the default path for chat replay; explicit value is no longer required, but setting it explicitly makes deployments self-documenting.
  • Removed: The old useEventReplay hook, reconcileIfThinStream, force-reload defer, and __pendingHistoryReload are gone. Customer forks that referenced them will not compile.

Session Retention

  • Default: New installations start with cleanupPeriodDays=365. Existing instances that previously had no value set will inherit 365 on next start. Administrators wanting a shorter retention should set it explicitly via Settings → General.

Modules

  • Action: To add a module, drop a directory with MODULE.md into the modules path; Sasha will auto-mount the route, sidebar entry, and bridge. No code changes required.

Folders

  • Behavioural Change: Newly created folders now sort to the top of the project list under the Recent sort. Alphabetical sort is unaffected.

Breaking Changes

  • None at the public API level in this range. Internal hook removals (useEventReplay, historyLoadedRef, etc.) only affect customers who built on undocumented internals.

Changelog Summary (since v1.0.1350)

New Features

  • Chat reliability programme (A debug pane, B server event ring + cursor, Y JSONL-tail backend, b2 client cutover)
  • Subscription authentication via OAuth (CLAUDE_CODE_OAUTH_TOKEN)
  • Modules platform (MODULE.md manifest, generic renderer, bridge library, three demo modules, builder skill)
  • NewFolderDialog + atomic createFolderWithProject
  • New folders sort to top of Recent list
  • Hamburger-led navigation, AppMenu, AccountMenu, slim header
  • Comprehensive design system overhaul (palette, accessibility, performance)
  • Session retention setting (cleanupPeriodDays, default 365)
  • Exa MCP integration (auto-registered, Tools settings card, advisor skill)
  • Claude Opus 4.7 on Bedrock
  • fileTreeCache with TTL, request coalescing, warm-on-startup
  • Report Publisher: source attribution footer, region backgroundColor, global logo/page-number overlays, chart fill-region, fit-solver G-81/82/83
  • A/B Context Testing toggle in Advanced settings
  • Chat search moved to hamburger menu

Bug Fixes

  • Stub flicker on session change cleared correctly
  • Empty-session auto-load loop fixed
  • rate_limit_info envelopes suppressed in chat normalizer
  • JSONL cursors include prefixHash for in-place compaction detection
  • CJK rolling-deploy SQLite contention (defer initial sweeps 60s)
  • Race condition in sidebar knowledge files fetch
  • Toast backgrounds, user bubble accents, table text colour
  • JSON allowed in chat attachments
  • Auth: OAuth token routing, Bun detection, listener cleanup, stdin close, whitespace tolerance, ANTHROPIC_API_KEY override prevention
  • Bedrock: temperature-deprecated error handling, Opus 4.7 model ID
  • Health check counts subscription as configured provider
  • Provider/model read from DB on each spawn (no caching surprises)
  • Sub-agents no longer block auto-resume

Infrastructure / Ops

  • CJK Sasha migrated eu-west-2eu-west-1
  • Defer retention sweeps + cloudDriveManager init 60s to avoid SQLite lock during ECS rolling deploys
  • Stale meeting recovery on deferred path
  • Atomic JSON metadata writes (temp-and-rename)

Security

  • 257 Dependabot alerts patched across all manifests
  • All path.join calls in server/index.js wrapped in safePath()
  • postMessage origin checks tightened
  • Mermaid → 10.9.6, protobufjs override
  • Critical alerts in control-panel + claude-historian patched

Documentation & Tooling

  • Y, B, A1 specs + plans + Codex review
  • Chat-pipeline sequencing program
  • Session retention spec + plan
  • CJK 2026-05-10 SQLite lock RCA
  • Testing strategy PRD refresh (5-goal framing, layered E2E)
  • Vitest v8 coverage measurement
  • @testing-library/react added
  • npm run server loads .env.local

Looking Ahead

  • More First-Party MCP Integrations: Exa is the first in what will be a curated set of MCP integrations that come pre-wired rather than requiring customer setup.
  • Module Marketplace: With the Modules platform in place, expect a curated library of off-the-shelf modules for common business workflows.
  • Chat Pipeline Maturity: Now that the JSONL-tail backend is production, expect work to land on richer replay features (skip-to-message, time-travel, search-within-session).
  • Session Retention Controls: The 365-day default is a starting point; future releases will add per-project and per-conversation retention overrides.

Jargon Buster - Technical Terms Explained

OAuth

  • An industry-standard way to sign in to a service using credentials from another service (like "Sign in with Google")
  • Sasha never sees your Claude password — the Claude website hands Sasha a token instead
  • This release adds "Sign in with Claude" as a third login option alongside API key and AWS Bedrock

JSONL

  • "JSON Lines" — a file where every line is a separate JSON record
  • Like a transcript log, one message per line, easy to append to and easy to read line-by-line
  • Each Sasha conversation has a JSONL file on disk; the new chat pipeline reads directly from it

Cursor (in chat replay)

  • An opaque token that says "here's where I was up to" — like a bookmark
  • When your browser tab reconnects to the server, it sends the cursor and the server replays only what you missed
  • Replaces the old approach of re-fetching the whole conversation

MCP (Model Context Protocol)

  • A protocol that lets AI models like Claude call external tools and services in a structured way
  • Think of it as a USB port for AI — plug in a tool, the model can use it
  • This release adds first-party Exa Web Research as a pre-wired MCP integration

Module

  • A self-contained mini-app that runs inside Sasha alongside the chat
  • Defined by a MODULE.md manifest file; no code changes needed to add one
  • Examples in this release: Email Drafter, Report Builder, Candidate Comparison

SQLite Lock Contention

  • SQLite (the database Sasha uses) only lets one process write at a time
  • When two server instances start at once (during a rolling deploy), they can fight for the lock and stall
  • Fix: defer non-essential startup work by 60 seconds so the new instance is settled before sweeps begin

Dependabot

  • GitHub's automatic security scanner that flags vulnerable third-party packages
  • An "alert" means a package Sasha depends on has a known security issue with a fix available
  • This release closes 257 of them

safePath()

  • Sasha's internal helper that prevents "path traversal" attacks — where a malicious filename like ../../etc/passwd could escape its intended folder
  • Every server-side file access in this release now goes through it
  • Closes a class of CodeQL security findings

Cache Coalescing

  • When ten parts of the UI all ask for the same file tree at the same time, "coalescing" sends one request and shares the result
  • Prevents the server from doing identical work ten times
  • New in the fileTreeCache module this release

Tail Read (JSONL tail)

  • Like the Unix tail -f command — read a file as it grows
  • The new chat backend tails the conversation's JSONL transcript to stream new messages as they're written
  • "Fingerprint + partial-line-safe" means it detects file rotations and never hands the client a half-written line

Rolling Deploy

  • A deployment strategy where the new version is started before the old one is stopped, so users never see downtime
  • The brief overlap is the window where SQLite lock contention can occur
  • Solved in this release by deferring startup sweeps

Thanks for upgrading. This release is the biggest reliability and visual refresh Sasha has shipped — chat history that just works, a sign-in flow that takes a minute, and a navigation that gets out of your way.