Changelog

Every release, every fix, every new API. Newest entries first.

v4.1 March 31, 2026 Living Memory
Dream Engine — Persistent Memory Consolidation
FeatureDream Engine — REM-style memory consolidation. 5 strategies: synthesize, pattern_extract, insight_generate, compress, associate. Runs as scheduled background process against your memory namespace. POST /v1/memory/dream/start
FeatureDream schedule persistence — Dream schedules now survive server restarts. Stored in dream_schedules SQLite table; restored on boot via restoreDreamSchedules(). Previously all active schedules were silently lost on restart.
FeatureDream schedule CRUDPOST /v1/memory/dream/schedule, DELETE /v1/memory/dream/schedule/:id, GET /v1/memory/dream/schedules. Each run updates last_run + run_count in DB.
Multiplayer Memory — Shared Agent Intelligence
FeatureMultiplayer Memory — Shared memory spaces with collaborator invites, role-based access (owner/editor/viewer), real-time multi-term search with relevance scoring. POST /v1/memory/share/create
FeatureRetention tiers — Customizable memory space lifetime: session (24h), daily (7d), weekly (30d), permanent. Background cleanup auto-expires spaces. POST /v1/memory/share/:id/retention
Fix11 Multiplayer Memory bugs fixed — Viewer role validation, audit trail for share/set, multi-term search, missing GET space info + activity endpoints, collaborator/accept bridge for shared memory access.
Planet Research — Full Internet Intelligence
Feature5-provider planet researchClaude (synthesis) · Grok/X (real-time + 日本語 Japanese X) · DeepSeek (小红书/知乎/微信/B站 Chinese internet) · OpenAI (academic depth) · Yandex (Яндекс/Telegram/VK Russian web). POST /v1/research
FeaturePlanet tier — All 5 providers, 2000 tokens, $100 credits. Deep/planet tiers get cross-synthesis: Claude Haiku synthesizes all 5 source perspectives into unified cross-cultural intelligence.
PerfResearch cache — 30-minute in-memory TTL cache, 200 entry max. Repeat queries return instantly at zero cost. Evicted by background cleanup job every 10 min.
Memory Compression
PerfAutomatic zlib compression — Values >512 bytes compressed with deflateRaw level 6 before write; transparently decompressed on read. ~z~ prefix marker. Zero new dependencies (built-in Node.js zlib). Applied to all 14+ memory read/write paths.
PerfBackground cleanup job — Runs every 10 min: TTL memory expiry, expired shared space deletion (cascades members + memory), research cache eviction.
Bug Fixes — Hive, Org, GraphRAG, Security
SecurityHive api_key leakGET /v1/hive/:id was spreading ...hive row, exposing owner api_key. Fixed: explicit safe field selection only.
SecurityNamespace security fixes/v1/memory/health and /v1/knowledge/auto-discover were using email as namespace suffix (leaked cross-account). Fixed: SHA-256 prefix scoping. /v1/context/session bare prefix never matched; fixed to LIKE prefix + ':%'.
Fix9 Hive bugs fixed — Standup type filter, existence checks on send + propose, governance quorum announcement to channel, GET /v1/hive(s) enriched with member/channel/message counts.
Fix7 Org/Swarm bugs fixed — hive_messages missing type column, wrong standup table, scale doesn't sync hive members, added DELETE /v1/org/:id, 4 missing template aliases (content-team, research-squad, qa-team, data-pipeline).
FixGraphRAG improvementsconfidence=0 coercion bug fixed, /v1/knowledge/add returns id, added DELETE /v1/knowledge/triple/:id, GET /v1/knowledge/stats, auto-discover persist option, 3 performance indexes.
FixMemory decay + snapshot persistence/v1/memory/decay now actually prunes DB entries (was compute-only). /v1/memory/snapshot now persists to memory_snapshots table with GET list + retrieve endpoints.
FixDuplicate route deduplication — Removed 3 dead Express route handlers: 2× duplicate POST /v1/eval/run, 1× duplicate GET /v1/templates/browse.
v4.0 March 31, 2026 AI Agent OS
Full AI Agent OS Relaunch — Computer-Use Era
FeatureAI Agent OS Positioning — Slopshop is now positioned as the Self-Hostable AI Agent OS for the Computer-Use Era. Three-pillar architecture: Brain (Memory 2.0), Hands (1,303 tools + Computer Use), Nervous System (runtime + SPIFFE/SVID identity + orchestration).
FixCritical: LLM planning ReferenceError — Fixed plan.model ReferenceError in agent.js that silently broke all LLM-based tool planning, causing every agent to fall back to keyword matcher.
FixCritical: sessions table schema conflict — Renamed server-v2.js sessions table to agent_sessions to fix schema collision with auth.js, which caused /v1/auth/me to hang permanently.
FixSecurity: self-transfer credit exploitPOST /v1/credits/transfer now rejects to_key === req.apiKey.
FixSecurity: referral code wildcard SQL injection — auth.js now validates referral code format (/^sk-slop-[0-9a-f]{8,}$/) before LIKE query.
FeatureNew routes: GET /v1/keys, POST /v1/keys/create — List and create API keys (were 404 before).
FeatureHive route fixes — Added GET /v1/hive alias, GET /v1/hive/:id/members, GET /v1/hive/:id/activity.
FixNL Router INTENT_BOOSTS — Fixed 5 routing failures: site up/down → net-http-check, IP geo → net-ip-geo, gzip → data-compress (not array-zip), "what day is it" → date-now, password generation → crypto-password-generate.
Feature80+ new handlers — compute, sense, enrich, llm, memory, vertical, orchestrate categories all expanded with new handlers and bug fixes.
FixRegistry coherence — 369 missing schemas added, 19 duplicate slugs removed, 274 credits=0 entries corrected.
v3.7.0 March 31, 2026 Major
Agent Runtime OS — Computer-Use Era
Feature Agent Identity (NIST-aligned) — SPIFFE/SVID JWT tokens, Agent Name Service (ANS) registry, reputation scoring (rolling 0–10 weighted average: success +0.1, failure −0.3, error −0.5, timeout −0.2), A2A typed message passing, org management. POST /v1/identity/issue
Feature Computer Use Backend — Session recording with full action audit, screenshot OCR + pixel-diff verification, replay export (JSON/Python pyautogui/Markdown), human approval gates, checkpoint/restore, cross-session memory persistence. POST /v1/computer-use/session/start
Feature MCP Gateway + Policy Engine — Proxy with authorization propagation, HMAC-SHA256 signed manifest, session affinity, policy CRUD (5 condition types: tool_slug_matches, credit_over, agent_id_matches, time_range, tier_check), governance proposals + voting, SIEM/ECS audit export. GET /v1/gateway/manifest
Feature Observability Dashboard — Distributed traces, p95/p99 latency, cost attribution per tool/agent, ROI calculator, budget alerts, agent health scores (4-component model), status page + incident management. GET /v1/observe/dashboard
Feature Visual DAG Workflow Builder — Kahn's topological sort, DFS cycle detection, conditional branching (pure string parser, no eval), human-in-loop gates, dry-run mode, 10 pre-built templates. GET /v1/workflow/templates
Feature Tool Marketplace — 15 seed listings (5 free, 5 paid 10–50 credits, 3 templates, 2 packs), 70/30 revenue share, handler code security scan (16 dangerous-pattern regex blocks), review system. GET /v1/marketplace
Feature Eval Suite + Model Routing — Test suite CRUD, standard benchmark (5/5 · score 100 · grade A), model routing with round-robin/cost-optimized/performance/balanced strategies. POST /v1/eval/benchmark
New Tool Handlers (36 slugs across 6 categories)
Feature Vision (12)vision-base64-info, vision-extract-text (OCR), vision-image-hash, vision-screenshot-diff, vision-color-palette, vision-text-boxes, vision-metadata-strip, gen-qr-text, audio-duration-estimate, file-magic-detect, data-uri-parse, data-uri-create
Feature Finance (5)finance-compound-interest, finance-mortgage-calc, finance-dcf-simple, finance-portfolio-return, finance-risk-score  ·  DevOps (5)devops-docker-analyze, devops-k8s-validate, devops-semver-bump, devops-log-parse, devops-env-validate
Feature Legal (2)legal-contract-scan, legal-gdpr-scan  ·  Health (2)health-bmi-calc, health-medication-schedule  ·  Marketing (3)marketing-headline-score, marketing-ab-test-calc, seo-keyword-density
Feature Memory 2.0 (7)memory-score-update, memory-score-get, memory-drift-detect, memory-cluster, memory-knowledge-graph, memory-timeline, memory-importance-rank  ·  Smart RouterPOST /v1/route intent-based API selector
Security Fixes
Security Linear GraphQL injection fixed — Moved from string interpolation to parameterized variables: {}.
Security S3 upload real implementation — Native AWS Signature V4 via Node.js crypto. No AWS SDK. Credentials never logged.
Security orchestrate.js demo key — Reads ORCHESTRATE_API_KEY env var instead of hardcoded key.
Fix Hive /status — Fixed 500 error from non-existent hive_members table; reads hives.members JSON column directly.
Fix Memory history aliasmemory-history returns both versions and history fields + count for compatibility.
Fix Search response/v1/tools/search now includes _engine: "real", count, and search_time_ms.
v3.3.0 March 29, 2026 Major
Multi-LLM & Army Intelligence
  • Feature 4 cloud LLM providers: Anthropic Claude, OpenAI GPT, Grok (xAI), and DeepSeek. Auto-router at POST /v1/models/auto/generate picks the cheapest available provider.
  • Feature Army survey with LLM inference: POST /v1/army/survey sends a question to diverse simulated personas, each getting individual LLM inference. Returns aggregated sentiment, confidence, and open responses.
  • Feature Knowledge graph POST support: POST /v1/knowledge/add, /query, /walk, /path, and /auto-discover. Build and traverse knowledge graphs via API.
  • DX Documentation updated: 4 LLM provider env vars, corrected 925 compute handlers, standardized pricing tiers (1K/$9, 10K/$49, 100K/$299, 1M/$1,999).
v3.2.0 March 27, 2026 Minor
Series B Engineering
  • Feature Comprehensive test suite with full endpoint coverage and edge case testing.
  • Feature Node.js and Python SDKs with typed interfaces and automatic retries.
  • Feature OpenAPI 3.1 spec at /v1/openapi.json. Structured JSON logging with request tracing.
  • DX Enterprise landing page, changelog, roadmap, and status page. Input validation hardened with schema enforcement.
v2.1.0 March 2026 Minor
Memory & Billing
  • Feature Free memory tier: 8 memory APIs now cost 0 credits — memory-set, memory-get, memory-search, memory-list, memory-delete, memory-stats, memory-namespace-list, and counter-get. Agents can now read and write persistent state without burning credits.
Agent System
  • Feature Agent templates: 5 pre-built agent workflows available at POST /v1/agent/template/:id. Templates: security-audit, content-analyzer, data-processor, domain-recon, hash-verify. Pass input and get a structured result back — no prompt engineering needed.
  • Feature Agent auto-memory: Every POST /v1/agent/run call now automatically stores the tool chain and result. Retrieve past runs at GET /v1/agent/history. Useful for auditing, debugging, and chaining multi-step agent workflows.
Site & Pages
  • Feature Security & trust page published at /security. Covers auth model, PBKDF2 key hashing, credit isolation, rate limiting, and responsible disclosure contact.
  • Feature Dedicated tools catalog at /tools. Browse all 78 tool categories by category with credit costs, method badges, and live endpoint links — without opening the full docs.
  • DX Updated homepage, docs, and pricing with current API counts, correct positioning, and v2.1.0 credit table. Removed stale references to pre-launch pricing.
v2.0.0 March 2026 Major
Breaking Changes
  • Breaking Complete server rewrite. Old server.js replaced by server-v2.js. API surface expanded from ~50 endpoints to 82 categories of real tools across 82 categories. All route slugs preserved where possible; new categories are additive.
  • Breaking Auth system replaced. Plain API keys replaced with a real signup/login flow backed by PBKDF2-hashed keys, stored in SQLite. Existing v1 keys are invalid — regenerate at POST /v1/auth/keys/rotate.
Core Platform
  • Feature Autonomous agent: POST /v1/agent/run accepts a natural-language task, selects the right tools from the registry, executes them in sequence, and returns a structured summary. Powered by Claude with the full API catalog as its tool set.
  • Feature Simple Q&A endpoint: POST /v1/ask for single-turn natural language questions. Lower credit cost than a full agent run; no tool orchestration overhead.
  • Feature Persistent memory system — 20 APIs covering namespaced key-value storage, vector-style search, counters, and memory stats. All data lives in SQLite, scoped per API key.
  • Feature Orchestration suite: retry, distributed lock, circuit breaker, cache, and rate limit APIs. Build resilient agent workflows without external infrastructure.
New API Categories
  • Feature World sensing — 30 APIs: fetch URL content, DNS lookup, SSL certificate inspection, tech stack detection (wappalyzer-style), WHOIS, port scan, redirect chain tracing.
  • Feature Code execution sandbox: JavaScript VM (isolated, no require), SQL queries against JSON datasets, array transform pipelines. Useful for agents that need to process structured data mid-run.
  • Feature 82 categories of tools across compute, crypto, text, math, dates, AI/LLM, network, memory, orchestration, code, and more. Full list in docs or tools catalog.
Billing & Distribution
  • Feature Credit system with Gumroad checkout. Buy credit packs directly from the dashboard. Credits are scoped per key and deducted atomically.
  • Feature Published to npm and PyPI as slopshop@2.0.0. Install the CLI: npm i -g slopshop or pip install slopshop.
  • Feature MCP server (mcp-server.js) for Claude Code integration. Run npm run mcp and point Claude Code at the local socket to use all 78 tool categories as native tools.
  • Feature Zapier integration via dedicated endpoints in zapier.js. Trigger any Slopshop API from a Zap without writing code.
  • Feature 14 pre-built pipes — composable multi-step workflows (e.g. fetch → extract → summarize → store) available via POST /v1/pipe/:name.
SEO & Discoverability
  • DX Per-API landing pages generated server-side, each with Schema.org SoftwareApplication markup, Open Graph tags, and canonical URLs. Full XML sitemap at /sitemap.xml.
v1.0.0 February 2026 Initial Release
  • Feature Initial launch. Core compute APIs: hashing, encoding, text utilities, math, date formatting, UUID generation, and basic crypto primitives.
  • Feature Credit-based billing. Every API call costs credits. Free tier included on signup. No subscriptions at launch — pay-as-you-go only.
  • Feature CLI tool (slop / slopshop) for running APIs from the terminal. Supports piped input, JSON output, and key management via slop auth.
  • DX Published package to npm. Node.js >=18 required. MIT licensed, self-hostable.