All notable changes to this project will be documented in this file.
The Ideon project follows the Keep a Changelog format and uses Semantic Versioning.
- Fixed multiple issues related to Link block metadata handling and rendering behavior.
- Fixed block teleportation during canvas resize when another block was focused.
- Fixed canvas crashes caused by malformed or incomplete block metadata by normalizing parsed metadata shapes and by hardening canvas hydration.
- Alignment Helper Lines: Visual guide lines now appear when dragging nodes to help align them with other blocks. Shows horizontal and vertical alignment guides.
- Sketch Block Custom Color Picker: Added an option allowing users to select any custom color using hex input or gradient picker.
- NEW Kanban Block: Added a minimal Kanban block with customizable columns and drag and drop support for tasks between the Kanban and checklist blocks.
- Improved Mobile Experience: Completely improved the mobile UI and layout to ensure the application works smoothly on smartphone portrait screens.
- Camera Centering on Keyboard Navigation: the viewport now smoothly centers on blocks when navigating with arrow keys or vim keys (h/j/k/l), making it easier to follow focus across the canvas.
- Fixed multiple sketch block issues, including disappearing or delayed drawings, and improved real-time rendering.
- Fixed security audit logging failures in Docker PostgreSQL deployments by preventing nested transaction conflicts. Audit events for project operations (create, delete, etc.) now log successfully.
- Automated Snapshots: the canvas now automatically saves snapshots after significant actions.
- Sync Status Indicator: a real-time connection indicator shows the current sync state.
- Sketch Block Eraser Customization: the eraser tool now supports custom size input (1-100px) in addition to the preset sizes.
- PostgreSQL 16 → 18: upgraded the officially supported PostgreSQL version. Existing PostgreSQL 16 deployments continue to work without any changes. If you want to upgrade, see the migration guide.
- Fixed all remaining Row-Level Security (RLS) issues, including critical failures when running on PostgreSQL 18. These fixes pave the way for migrating Ideon's officially supported PostgreSQL version from 16 to 18.
- Improved overall CPU usage when working inside the canvas.
- Create Block Modal — replaced the context menu block list with a searchable grid modal (
Ctrl+A) for adding blocks. Features all block types with icons and a search input - Shell Block — a fully interactive terminal embedded in the canvas, powered by xterm.js and node-pty. Supports start/stop/kill lifecycle: Stop pauses the session while preserving the scrollback buffer for instant resume, Kill destroys the session entirely. Zero RAM consumption when stopped. Restricted to project creators and owners.
- Changelog Viewer — when an update is available, the version badge tooltip now includes a "See changes" link. Clicking it opens a modal that fetches the changelog directly from Internet, with all versions newer than the current one subtly highlighted.
- Added a Command Palette (
Ctrl+P) displaying all keyboard shortcuts in a searchable card grid, with a discreet hint button on the canvas.
- Added drag-and-drop reordering for checklist items.
- Added keyboard navigation for the canvas (Arrow keys and Vim keys h/j/k/l).
- Added
Entershortcut to enter edit mode on a selected block. - Added
Escapeshortcut to unselect all blocks. - Added common keyboard shortcuts (Ctrl+B/I/U/K, Undo/Redo) to the Markdown editor.
- Added
GIT_ALLOWED_HOSTSenvironment variable to allow fetching stats from internal/private Git repositories (bypassing SSRF protection for specified hosts).
- Improved block title layout to handle long text gracefully (ellipsis, better resizing).
- Improved scrolling behavior in Account settings with better section positioning.
- Fixed Git block stats not refreshing correctly by disabling aggressive caching and ensuring timestamp updates even when stats are unchanged. Added error indicator for failed fetches.
- Added support for Tables and Task Lists (checkboxes) in the Markdown editor (Note Block).
- Fixed a critical issue where project pages would return 404 on PostgreSQL by ensuring all queries run within an authenticated RLS session (#46).
- Resolved Docker permission issues and significantly improved build times by optimizing the entrypoint script (#45).
- Resolved a race condition during project loading where blocks would briefly appear and then disappear. The system now waits for remote synchronization before initializing the canvas, ensuring a stable and consistent view for large projects.
-
Introduced 4 distinct project roles (Creator, Owner, Editor, Viewer) to separate management privileges from content editing and read-only access.
-
A new "Request Access" workflow allows users to ask for an invitation to private projects. Owners can now approve or reject these requests directly from the project settings.
- Resolved a critical privacy issue where private projects could be incorrectly visible to other users on the dashboard. Your projects are now properly secured and only visible to you and your team.
- Light theme readability and small comfort improvements across the interface.
- General UX polish to make interactions feel smoother.
- Large internal refactor to improve maintainability.
- Split oversized files into smaller modules and removed redundant code.
- Simplified structure to make future contributions easier.
Fixed several vulnerabilities:
- SSRF Protection: Implemented strict validation on the image proxy to block private IP access and enforce HTTPS (OWASP SSRF, CWE-918).
- WebSocket Security: Added strict Origin validation to prevent Cross-Site WebSocket Hijacking (OWASP CSWSH, CWE-346).
- IP Spoofing: Implemented trusted proxy-aware IP extraction for accurate client identification (OWASP Logging, RFC 7239).
- Emoji reactions on blocks to enable quick feedback during collaboration without editing content
- Edge labels to clarify relationships between blocks and improve visual structure.
- Permanent “Empty Trash” option allowing users to fully clear deleted items and remove all related project content in one action.
- Performance improvements across the app.
- UX refinements to make interactions smoother and more responsive.
- Overall user experience enhancements.
- Fixed project creation failure due to missing ownerId in session by implementing robust token fallback (#42).
- Resolved an infinite recursion error in PostgreSQL RLS policies that prevented project creation in v0.3.3 (#40).
- Support for touch devices with long-press gestures, allowing access to all context menus (including block creation on the canvas) (#37).
- Resolved permission issues when using bind mounts by implementing a dynamic entrypoint script that automatically manages directory ownership (#38).
- New Sketch block type for freehand drawing and annotations.
- Added support for private repositories using personal access tokens.
- Compatible with GitHub, GitLab, Gitea, and Forgejo (including self-hosted instances).
- Public project sharing via shareable links
- Project organization using folders
- Full project export as a single image
- Resolved an issue where opening large projects could cause the application to crash.
- Miscellaneous bug fixes and performance improvements.
- Checklist Progress: Added visual progress tracking to checklist blocks with dynamic color indicators to easily monitor task completion.
- Application Version Tracking: Added a new system directly in the sidebar to monitor your current application version and instantly check for available updates.
- New Dashboard Navigation: Introduced a unified "Home" section with collapsible views for streamlined access.
- New Project Views:
- My Projects: Displays only the projects owned by you.
- Shared with me: Dedicated view for projects shared with you as a collaborator.
- Starred: Mark important projects as favorites for instant access.
- Recent: Automatically tracks and lists your most recently opened projects.
- Trash: Safe deletion workflow with options to restore or permanently delete projects.
- Implemented Undo/Redo system with keyboard shortcuts (Ctrl+Z/Y) and UI controls.
- Added "Don't ask again" option to the block deletion confirmation modal, allowing users to skip future confirmations.
- Added
Tabshortcut for creating child blocks. Pressing Tab on a selected block now creates a connected child block in the appropriate direction.
- Fixed Server-Side Request Forgery (SSRF) vulnerability in the link metadata service by implementing strict URL validation and blocking private IP ranges.
- Enforced mandatory
SECRET_KEYorAUTH_SECRETenvironment variables. The application will now fail to start if no secret is configured, preventing insecure deployments.
- Fixed metadata fetching for bare domains (e.g.,
google.com) by automatically normalizing URLs to use HTTPS.
- Fixed CI/CD workflow to prevent incomplete Docker builds on documentation changes (#18)
- Quoted OpenSSL string generation to prevent escape character issues during setup
- Added a hover badge on git, link, and contact blocks to make editing more discoverable and intuitive
- Fixed context menu behavior and right-click interactions on blocks.
- Fixed critical
JWTSessionErrorwhere Edge Middleware and Node.js Runtime were using mismatched secret configurations, causing login loops and WebSocket rejections.
- Removed
INTERNAL_SECRETenvironment variable and legacy key derivation logic to prevent potential authentication bypass.
- Fixed
MIDDLEWARE_INVOCATION_FAILEDerror on Edge Runtime (Vercel) by removing Node.js-specific dependencies from middleware. - Resolved system setup check failures by moving verification logic from client-side to server-side layout.
-
Added dynamic language loading system: new languages can now be added simply by dropping a JSON file into the i18n directory.
-
Added Prettier integration in Snippet Blocks for automatic code formatting.
-
Added Tiptap bubble menu for text formatting (bold, italic, etc.) to assist users unfamiliar with Markdown.
-
Added support for top and bottom connectors on blocks to allow more flexible flow layouts.
-
Support for self-hosted Git providers (GitLab, Gitea, Forgejo) in addition to GitHub. Auto-detection of Git provider based on URL.
-
Enhanced OIDC compatibility: added support for multiple profile picture fields (
picture,avatar,avatar_url) to handle diverse OIDC providers (e.g., Keycloak, Authentik). -
Added option to authorize SSO and block public registration page separately.
Ideon addresses the cognitive load of modern software development. By bringing code, design, and decision-making into a single spatial interface, it transforms abstract project metadata into a tangible, navigable map. The goal is to maintain a shared mental model across the entire lifecycle of a product, ensuring that the "why" and "how" remain accessible alongside the "what".
Built on a bleeding-edge foundation to ensure performance, security, and type safety:
- Framework: Next.js 16 (App Router) & React 19
- Language: TypeScript
- Data Layer: PostgreSQL with Kysely
- Real-time Engine: Yjs (CRDTs) over WebSockets
- Authentication: NextAuth.js v5
- Security: HKDF key derivation & AES-256-GCM encryption
- Spatial Workspace: An infinite canvas powered by ReactFlow for organizing project components visually
- Universal Blocks: First-class support for diverse content types:
- Rich Text & Markdown
- GitHub Repositories
- Code Snippets
- File Attachments
- External Links
- Color Palettes
- Contact Cards
- Multiplayer Collaboration: Real-time cursor tracking and concurrent editing enabled by CRDTs
- Temporal State: Comprehensive history tracking to view and revert project evolution over time
- Security:
- Field-level encryption with Argon2id for sensitive data
- Comprehensive audit logging for all critical actions
- Internationalization: Native i18n support: English and French (for now...)
- Deployment: Fully dockerized with Docker Compose for easy self-hosting