Highlights

• Report UI now renders markdown correctly, including ordered lists, instead of showing raw markdown syntax.
• Production hardening now includes explicit CORS origin restrictions, browser security headers, and reduced public endpoint exposure.
• Vendor resolution and cache behavior were tightened for cases like Palantir vs Palintir.

Included changes

• Render markdown correctly in the report UI (#7)
• Restrict API CORS origins (#11)
• Add browser security headers (#12)
• Reduce public endpoint exposure (#13)
• Fix Palantir resolution cache convergence (#6)

Operational notes

• Production now expects ALLOWED_ORIGINS to be set explicitly.
• Detailed health output moved behind /api/internal/health with x-internal-api-token in production.
• Public /api/health is now liveness-only.

Postgres-backed caching for vendor resolution and research artifacts
accepted vs weak cache promotion
background refresh on cache hits
manual Refresh research action in the live UI
production migration support via npm run db:migrate

ArchReviewAgent v0.1.0

Initial release of the enterprise guardrail research application.

Included in this release

• React research workspace with chat-style vendor review flow
• Node/Express backend with staged research pipeline
• OpenAI Agents SDK integration for vendor intake, retrieval, and decisioning
• Live progress streaming for long-running research
• Security-analyst decisioning focused on EU data residency and enterprise deployment
• Test mode for fast UI validation without live web research
• Browser-local conversation history
• Structured logging and staged backend tests
• TOGAF-style architecture document

Scope

This release establishes the first end-to-end baseline for procurement-style third-party product review using public vendor evidence and confidence-based recommendations.