Changelog

A new section on the Technology page explains the design decision behind shipping the MCP server as a single compiled Rust binary with no runtime dependencies. The piece covers distribution simplicity, startup latency, memory overhead, the security read-only boundary, and how the binary format enforces the architectural separation between the ingestion pipeline and the retrieval layer. An illustrated diagram compares the script-based alternative side-by-side with the binary approach. All content is available in English, Brazilian Portuguese, and Spanish.

• Technology page: new "Why executable binaries" section between Architecture and Manifesto.
• Covers distribution (zero dependencies), startup latency, memory footprint, Rust memory safety, and architectural enforcement.
• Illustrated WebP diagram comparing script-based MCP servers vs the compiled binary approach.
• Full translations in English, Brazilian Portuguese, and Spanish.

Blogmarks now prevents duplicate accounts when someone starts with email on one path and phone on another. Invite approval creates an onboarding session instead of a Cognito user, the invite link verifies the original contact channel automatically, onboarding requires verification of the missing channel before account creation, and admins can merge duplicate users into one canonical identity. The app header also brings back a visible sign-in/sign-out action so locked-out users can recover access immediately.

• Onboarding: invite requests accept either email or phone, and the invite link verifies that original channel automatically.
• Identity: onboarding requires the second channel before Cognito user creation, so new users start with both email and phone verified.
• Admin: duplicate users can now be merged into one canonical account, with bookmarks and push subscriptions moved over.
• Auth UI: sign-in/sign-out is visible again in the header, with onboarding flowing back into sign-in cleanly.
• Infra: adds onboarding sessions and identity alias tables plus the Lambda routes and IAM needed to enforce unique aliases.

The /technology page is now fully illustrated with six production-quality WebP diagrams covering the Enquire origins story, surveillance capitalism, Solid Pod architecture, MCP local query flow, system architecture, and the Enquire-to-Blogmarks manifesto timeline. All images are served as optimized WebP assets under /static/technology/ for long-lived CDN caching.

• Technology page: replace placeholder wireframes with six production WebP diagrams.
• Assets: convert raw PNGs to WebP (85% quality), achieving 97–99% file-size reduction.
• Caching: images served from /static/technology/ match the Workbox CacheFirst rule for static assets.
• Code: remove ImagePlaceholder component; wire next/image with intrinsic dimensions for stable layout.

Blogmarks now ships with an app-level internationalization layer that works with the static export build. The web app supports English, Brazilian Portuguese, and Spanish, resolves locale from explicit choice, saved preference, and browser context, and exposes a language switcher across desktop and mobile navigation.

• I18n: add shared translation infrastructure for the static Next.js export instead of locale-based routing.
• Locales: support English, Brazilian Portuguese, and Spanish with browser and timezone-aware default detection.
• Navigation: add a language switcher to the desktop header and mobile menu.
• UI: localize core web-app surfaces including home, add, sign-in, admin, privacy, offline, and changelog pages.
• Formatting: render dates and related copy with the active locale across the app shell.

Blogmarks now treats web auth as a shared session instead of a collection of per-component token checks. The app keeps users signed in until the Cognito refresh token actually expires, refreshes proactively before token expiry, syncs auth changes across tabs, retries protected API calls after a controlled refresh, and preserves sign-in intent for save flows that need authentication.

• Auth: centralize web session state so signed-in status stays consistent across pages and tabs.
• Persistence: refresh ID tokens proactively and keep the current session alive until refresh truly fails.
• Recovery: retry authenticated API requests once after refresh instead of surfacing avoidable 401s.
• UX: preserve sign-in intent for add/clipboard/offline-sync flows so users resume work after re-auth.
• Tests: add focused coverage for shared auth state, refresh deduping, and 401 retry behavior.

Follow-up cleanup for the feed hotfix: the first visible bookmark image on the homepage is no longer lazy-loaded, which removes a Largest Contentful Paint penalty from the live public feed, and bookmark footer text now uses higher-contrast colors so the accessibility audit passes consistently.

• Performance: the lead bookmark OG image now loads eagerly with high fetch priority.
• Accessibility: hostname and site-name footer text now use higher-contrast colors.
• Tests: add coverage for the lead-image priority behavior on bookmark cards.

The feed was failing in production because the frontend preferred direct Lambda Function URLs for bookmark reads while the deployed Content Security Policy only allowed network requests to api.blogmarks.dev. The app now routes public and private feed requests through the API host first, falls back only when that host is not configured, and includes a regression test to keep the browser-compatible precedence in place.

• Feed: public and private bookmark reads now prefer https://api.blogmarks.dev in browser builds.
• CSP: avoids browser fetch failures caused by direct lambda-url hosts outside connect-src.
• Fallbacks: keeps FEED_URL and READ_URL support for environments without the API host.
• Tests: adds endpoint precedence coverage so deploy-time env combinations stay safe.

Bookmark saving no longer waits for runtime AI enrichment. New links resolve Google share wrappers and redirects, save with Open Graph title, description, image, and site name, and appear immediately in signed-in and public feeds. AI processor triggers and retries are disabled while the infrastructure remains available for a later cleanup.

• Save: unwrap Google share URLs and store the final resolved URL returned by the API.
• Metadata: fetch Open Graph title, description, image, and site name without AI.
• Feeds: show saved bookmarks immediately instead of filtering for aiStatus DONE.
• Home: signed-in users default to Your bookmarks, with Discover available via /?view=public.
• Infra: disable ai-processor stream triggers and ai-retry scheduler while keeping the resources in place.

The AI bookmark enrichment pipeline no longer uses CrewAI multi-agent orchestration. Instead, the four steps (scrape, analyze, tag, publish) run as sequential functions with direct HTTP calls to ai-gateway-rs for the two LLM steps. This eliminates the crewai and litellm dependencies, reduces container image size, improves Lambda cold starts, and makes failures easier to diagnose.

• Pipeline: replaced CrewAI crew with direct ai-gateway-rs /v1/chat/completions calls.
• Only 2 LLM calls needed (analyze + tag) — scrape and publish are plain functions.
• Removed crewai, litellm, openai, and anthropic SDK from Lambda dependencies.
• Tag step returns structured JSON instead of using tool_calls, eliminating a failure mode.

Adds a public /privacy policy covering the site and the Blogmarks Chrome extension, a footer link, and extension updates for store submission: Cognito host permission, default action title, store checklist doc, and a zip script for uploads.

• Site: new /privacy page and footer link (Chrome Web Store privacy policy URL).
• Extension: host permission for AWS Cognito IdP; manifest tooltip; version 1.0.1.
• Extension: CHROME_WEB_STORE.md (permissions, data safety notes, listing assets) and npm run package:store.
• Docs: README and AGENTS updated for correct unpacked load path and release zip contents.

The one-time code experience now uses six focused digit boxes instead of a single plain input. Sign-in and Android install/account creation both auto-advance, accept pasted or autofilled codes, auto-submit on the sixth digit, and show clearer success and error feedback. The app update banner now waits for a real build change instead of appearing on first service-worker activation.

• Auth modal: new six-box OTP input with auto-submit when the final digit is entered.
• Install prompt: the same six-box OTP flow now powers Android account creation and install gating.
• OTP UI: paste, autofill, backspace navigation, loading pulse, error shake, and success states.
• Update banner: do not announce a new version on first service-worker control; only show it for an actual build mismatch.
• Tests: added focused coverage for OTP typing, paste handling, auto-submit, and reset behavior.

Tightens the ai-retry Lambda so stuck PROCESSING items are only re-queued when under the CrewAI attempt ceiling, and items with enrichment attempts set are no longer picked up as “never processed.” Terraform sets a bounded retry count on the DynamoDB stream to the ai-processor and adjusts DLQ, processor, and read-bookmarks alarms to reduce false positives.

• Lambda ai-retry: respect max CrewAI attempts when scanning stuck PROCESSING bookmarks.
• Lambda ai-retry: skip “unprocessed” path when aiEnrichmentAttempts exists.
• Terraform: maximum_retry_attempts = 2 on ai-processor event source mapping.
• Terraform: tune DLQ / ai-processor / read-bookmarks alarms (thresholds, periods, DLQ Maximum statistic).

Removed the repeated Blogmarks heading below the site header, rolled the home page back to a single public bookmarks feed, removed the unfinished private-versus-public home toggle, and dropped Changelog from the shared navigation. Copy and metadata now match the current public-first product state.

• Home: always render the public feed on `/`; remove `Your bookmarks` and `Discover` controls.
• Navigation: remove Changelog from the shared header and mobile menu.
• Routing: redirect `/saved` to `/` instead of reviving the old saved-view query parameter.
• Copy: remove stale Discover/private wording from feed states, metadata, and changelog labels.

Architecture review and refactoring pass: removed 6 dead components, enabled TypeScript strict mode, extracted shared utilities (apiClient, saveBookmark, networkStatus), replaced silent error catches with structured reporting, and set up full test infrastructure with Vitest, React Testing Library, and MSW. Added 54 new tests covering auth, url-utils, BookmarkCard, pendingBookmarkSync, bookmarkQueue, and useAuth. Also finalized the home feed UX hierarchy and copy.

• Refactor: deleted 6 dead components, enabled strict mode, fixed all type safety gaps.
• Refactor: extracted shared apiClient, saveBookmark, and networkStatus utilities from duplicated patterns.
• Fix: replaced 5 silent catch blocks with structured error reporting; fixed MobileNav and InstallPrompt cleanup.
• Test: set up Vitest with jsdom, React Testing Library, MSW, and v8 coverage (62 tests, up from 8).
• Home: finalized feed UX hierarchy and copy for private-first layout.

Signed-in users land on a private bookmark list at `/` instead of the public list. A secondary control switches back to the public feed. Anonymous visitors see only the public stream with a single sign-in call to action. Deep link `/?view=public` opens the public view; `/?view=saved` and `/saved` open the private view and normalize the URL to `/`. Configuration error copy in the feed matches that split.

• Home: default private feed when authenticated; `/?view=public` opens the public feed.
• Home: signed-out layout removes the old two-tab row; one sign-in CTA with `next=/?view=saved`.
• BookmarkFeed: clearer misconfiguration messages for private vs public endpoints.

The maximum failed CrewAI processor runs per bookmark now defaults to 2 (was 3). Operators can still raise or lower the cap with environment variable AI_ENRICHMENT_MAX_CREWAI_ATTEMPTS on ai-processor and ai-retry, or Terraform variable ai_enrichment_max_crewai_attempts. ADR 001, AGENTS.md, and the MVP roadmap describe the configured maximum instead of a hardcoded threshold.

• Python Lambdas: default AI_ENRICHMENT_MAX_CREWAI_ATTEMPTS fallback is 2.
• Terraform: ai_enrichment_max_crewai_attempts default is 2.
• Docs: ADR 001 context and LangGraph gate wording; AGENTS.md MVP bullet; roadmap operator note.
• npm: sync:github-vars, sync:ecr-github-var, deploy:ai-processor; sync-github-vars sets ECR_AI_PROCESSOR_URI for CI.

The release workflow Review step now lists concrete commands: recent git log, status, open issues via gh, and optional open PRs. AGENTS Commands use ASCII quotes for the release-it infra note.

• Step 1: git log --oneline -20, git status, gh issue list --state open, gh pr list when useful.
• Infra comment: straight double quotes around "release it".

AGENTS.md now lists an explicit post-merge terraform plan/apply step on every release so live IAM and Lambda/ECR wiring stay aligned with the repo, not only when .tf files change.

• Release workflow: step 9 is Terraform apply (operator credentials); CI/tag/release steps renumbered.
• Commands section documents plan -input=false and apply as part of standard release.

The Deploy workflow can build the blogmarks-ai-processor Docker image, push it to ECR, and update the Lambda when lambda/ai-processor or the workflow changes, or when workflow_dispatch runs with force_ai_processor. The blogmarks-deploy IAM user now allows ECR push to the ai-processor repository and UpdateFunctionCode on that Lambda after terraform apply.

• deploy.yml: paths-filter job, deploy-ai-processor with ECR login, SHA + latest tags, update-function-code with image URI.
• Terraform: deploy policy extended with ai_processor Lambda ARN and scoped ECR statements.
• Docs: AGENTS.md and terraform README note ECR_AI_PROCESSOR_URI and IAM prerequisite.
• scripts/sync-github-ecr-variable.sh sets the GitHub variable from terraform output.

The ai-processor Lambda now verifies DynamoDB after CrewAI finishes, attempts a structured fallback persist from task outputs when the Publisher skips save_bookmark, and marks ERROR plus fails the batch if the bookmark never reaches DONE. Publisher instructions and iteration budget were tightened. Terraform zip packaging no longer excludes crew.py and tools.py.

• Handler: after crew kickoff, re-read item; try_persist_from_crew_output from scrape/analyze/tag JSON; else aiStatus=ERROR and RuntimeError for DLQ/retry visibility.
• tools.py: shared persist_enriched_bookmark() for SaveBookmarkTool and fallback parsing.
• crew.py: Publisher max_iter increased; publish task mandates a real save_bookmark call with exact item_id.
• Terraform: ai-processor archive_file excludes only requirements.txt and Dockerfile so zip fallback Lambda is not missing modules.
• AGENTS.md: Bright Data MCP setup for Cursor; minor doc wording.

Replaced CLAUDE.md with AGENTS.md adding product MVP vision and strategic roadmap. Removed stale Sanity CMS runtime files. Added phased engineering plan in plans/agents-mvp-roadmap.md.

• AGENTS.md replaces CLAUDE.md with MVP section covering MCP tagging, LangGraph fallback, dataflow abstraction, and RAG-as-a-service direction.
• Phased roadmap (P0–P6) in plans/agents-mvp-roadmap.md with GitHub issue tracking.
• Removed stale .sanity/runtime/ files left over from the Sanity CMS era.

Signed-in users get a saved-items tab on the home page backed by the read-bookmarks Lambda, with processing and error states visible. The extension shares title-resolution and types with the web app via a configurable API base URL. Read-bookmarks CORS matches the site allowlist; Vitest covers feed parsing and offline queue helpers.

• Public and signed-in tabs on `/` with `/?view=saved` deep link; private feed uses Zod-validated responses and abortable fetches.
• Extension: `VITE_API_BASE_URL` plus shared `shared/titleResolution` and `shared/savedBookmark`.
• read-bookmarks: list all user items (not only DONE), expose aiError and aiImage; stricter CORS including extension origins.
• Vitest unit tests and CI step; docs/NEXT_UPGRADE_PLAN.md for Next and TypeScript upgrades.

Removed personal references (About page, author bio, social links) and gave Blogmarks a product-focused identity with updated metadata, navigation, and footer.

• Removed personal About page and author data; replaced with Changelog in header navigation.
• Updated site tagline and description to product-focused messaging.
• Simplified footer: personal social links replaced with product repo and RSS feed.
• Removed empty Projects page placeholder.

Web Share Target now uses POST with multipart/form-data; the service worker rewrites it to the existing /add GET flow. Documented locking down the remote Terraform state bucket.

• PWA manifest share_target uses POST + multipart; custom service worker returns 303 to /add?url=…&title=….
• E2E coverage for POST share handoff when running against the static export (CI).
• Terraform README: note on restricting the blogmarks-tfstate bucket to Terraform operators.

Fixed two Lighthouse accessibility failures: insufficient color contrast on the Refresh button in the update banner, and a label-content-name mismatch on the header logo link.

• Fix: Refresh button in update banner changed from sky-600 to sky-700 (~5.4:1 contrast, passing WCAG AA).
• Fix: Logo image alt changed to empty string so it is treated as decorative within the header link.
• Lighthouse accessibility score now 100/100.

Removed the public/private bookmark distinction. All bookmarks live in one unified feed on the home page. The Add link moved from the nav bar to a discrete "+" icon button.

• Single unified feed: all bookmarks are public, no more tabs or auth to read.
• Discrete "+" button in header for authenticated users replaces the nav Add link.
• Simplified BookmarkCard: cover images and extracted text shown for all bookmarks.
• Removed private API endpoints, auth gating, and polling from the feed.
• Net -162 lines of code removed.

Comprehensive architecture review and documentation update covering all system components. Fixed a bug where the share-target flow did not redirect unauthenticated users to sign-in when the save API was not configured.

• Fixed: share-target /add flow now redirects to sign-in regardless of API configuration.
• Updated CLAUDE.md and README.md with full system architecture including read-public, release-notify, push-subscriptions, ECR, CloudWatch, and browser extension.
• Added bird's-eye Mermaid system diagram to README.
• Corrected AI model references: CrewAI pipeline with Claude Haiku and Sonnet.

Resolved Google share URL extraction, title persistence from AI processing, and status filtering so bookmarks only appear when fully processed.

• Extract real URLs from Google share links before storing bookmarks.
• AI processor now writes the cleaned article title back to DynamoDB.
• Private API filters for DONE bookmarks only — no more PROCESSING clutter.
• ai-retry Lambda now recovers stuck PROCESSING items older than 15 minutes.
• Removed status badges and polling from frontend (only ready items shown).

Feed and Saved merged into a single Home page with a tab toggle for authenticated users. Header rebuilt with active link states, lean one-line footer, and typography fixes across the site.

• Unified Home page: public feed by default, "My Bookmarks" tab for signed-in users.
• Extracted shared BookmarkCard, TagSidebar, SkeletonCard, and BookmarkFeed components.
• Fixed Header: removed duplicate MobileNav, added active nav link highlighting.
• Fixed broken Tailwind classes (tracking-tigh, text-l, text-9xl) and bogus inter.className.
• Lean single-line footer with social icons right-aligned.
• Navigation trimmed to 4 links: Home, Tags, Add, About. Changelog moved to footer.

Restored the authenticated saved-bookmarks page, wired the UI back to the read API, and hardened the add flow so missing API configuration no longer looks like a successful save.

• Bring back authenticated view for your own bookmarks on the home page.
• Fallback public and private API URLs so feed and saved pages load with older deployments.
• Stop reporting successful saves when the write API is not configured.

The read API now pages DynamoDB correctly when filtering by AI tag, returns extracted article text (capped per item for payload size), and the saved page shows collapsible full text with safe hostname display.

• Fix sparse or empty lists when filtering by tag on saved bookmarks.
• Include aiContent in GET /bookmarks responses with a list-view size cap.
• Avoid render errors when a saved URL is not parseable.

Hardened tag-page bookmark loading when Sanity returns no matching tag, and shipped the public archive build as 2.3.0.

• Avoid runtime errors when a tag query returns an empty result set.
• Keeps home, tags index, and tag pages loading from Sanity at build time.

Blogmarks now refreshes HTML more aggressively, announces new app versions in-app, and lets signed-in readers opt into release notifications.

• Added a new version banner with refresh and changelog actions.
• Introduced a public changelog page for release notes.
• Added optional push notifications for signed-in users on supported browsers.