Release Notes ============= Release notes are written for people who need to know what changed without reading commits. Keep entries short, current, and grouped by impact. Unreleased ---------- Added ~~~~~ * Added production fail-closed controls for PHI log redaction, app/proxy rate limiting, CSP enforcement, direct virtualenv service execution, and stricter production study resolution. * Added production-readiness controls for proxy authentication, healthcheck wiring, release tagging, restore-drill automation, and root security/license governance files. * Added a production backlog page for deferred hardening items such as SBOMs, dependency-update automation, hosted-LLM budget limits, remote log sinks, conversation retention, and OCI packaging. * Added Makefile targets for Sphinx release notes, docs linkcheck, and docs CI parity. * Added this release-notes page to the Sphinx documentation. * Added a contribution rule that every pull request should include a user-readable release note unless the change is purely internal and has no operator, reviewer, developer, or user impact. Changed ~~~~~~~ * Updated Makefile cleanup targets to avoid whole-repo traversal and to preserve ``data/raw/`` and ``data/snapshots/``. * Reworked the GitHub README as a minimal entry point that sends readers to Sphinx for setup, IRB/auditor evidence, and developer detail. * Consolidated the Sphinx audience routing into the documentation landing page. * Moved the IRB/auditor profile into Sphinx and removed the old standalone Markdown dossier. Fixed ~~~~~ * Fixed local ``make chat`` startup when another Streamlit process already owns port 8501. * Fixed production/proxy startup when the deployment uses an explicit or default study name without raw study input mounted at import time. * Updated a sandbox regression test so its expected output no longer resembles a PHI phone-number pattern on Python 3.13. Release Note Rules ------------------ * Write for the affected audience, not from the commit history. * Put the newest entries first. * Use ISO dates when an entry moves from ``Unreleased`` to a released version. * Group entries under ``Added``, ``Changed``, ``Fixed``, ``Removed``, ``Deprecated``, or ``Security``. * Link to the relevant Sphinx page when a reader needs detail.