From 9d8e2186b15a330a9a84d03e39bea588d5d664be Mon Sep 17 00:00:00 2001
From: bradjin8 <headit74@hotmail.com>
Date: Thu, 28 May 2026 10:47:45 -0400
Subject: [PATCH 1/3] feat: initial implement of changelog and versioning
 policy

---
 CHANGELOG.md   | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 README.md      |  6 ++----
 pyproject.toml |  1 +
 3 files changed, 51 insertions(+), 4 deletions(-)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..f3ac227
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,48 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+- Hypothesis property-based tests for blob and bubble parsing (#71, #82)
+- PDF export endpoint coverage in CI (#72, #82)
+
+### Changed
+- Extract shared `from_dict` validation helpers for model classes, reducing duplication (#70, #80)
+- Enable mypy `strict-optional` and fix nullability gaps across the codebase (#69, #79)
+
+### Fixed
+- Add incomplete-result signaling on parse failure so callers can distinguish partial vs. complete data (#67, #78)
+- Replace `print()` error output with structured logging throughout (#68, #77)
+- Replace silent `except Exception: pass` with structured logging in workspace and bubble load paths (#66, #76)
+- Rename `_`-prefixed internal functions to public names to satisfy strict linters (#82)
+
+## [0.1.0] - 2026-05-21
+
+### Added
+- **Web UI** — browse and search all Cursor AI workspaces; conversation view with syntax-highlighted code blocks, dark/light mode, and bookmarkable chat URLs (#63)
+- **Export formats** — one-click export of chats as Markdown, HTML, PDF, JSON, and CSV from the web UI (#63)
+- **CLI export** (`cursor-chat-export` / `scripts/export.py`) — zip archive or individual Markdown files with YAML frontmatter; incremental mode (`--since last`) preserves state across runs (#63, #42, #61)
+- **Cursor CLI agent session support** — browse and export sessions stored in `~/.cursor/chats/` by the `cursor agent` CLI; gracefully degrades when the IDE database is absent (#7, #8, #63)
+- **Desktop app packaging** — Windows `.exe` via PyInstaller + pywebview; no Python installation required on the target machine (#63)
+- **Type-safe models** with schema validation at SQLite read boundaries (#24, #30)
+- **CI matrix** (Linux / macOS / Windows) running pytest, mypy, and gitleaks (#13, #19, #44, #62)
+- **Python packaging infrastructure** (`pyproject.toml` with hatchling, bounded dependency pins, `requirements-lock.txt`, Dependabot) (#45, #47, #49, #53)
+- Optional exclusion rules for sensitive projects and chats (#1, #2)
+- Full-text search with workspace and log-type filters (#63)
+
+### Fixed
+- Path traversal and symlink-escape protection on `/api/set-workspace` (#15, #22)
+- Disabled Werkzeug debug mode by default; opt-in via `--debug` / `FLASK_DEBUG=1` (#9, #20)
+- Sanitise Marked.js HTML output with DOMPurify (#11, #21)
+- Wrapped all production `sqlite3.connect()` calls in context managers (#17, #23)
+- Skip NULL bubble rows in workspace tabs loader (#50, #52)
+- Thread-unsafe `_workspace_path_override` race condition (#43, #54)
+- Normalise Windows-style paths on non-Windows hosts (#8)
+
+[Unreleased]: https://github.com/cppalliance/cppa-cursor-browser/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/cppalliance/cppa-cursor-browser/releases/tag/v0.1.0
diff --git a/README.md b/README.md
index 8bab6c1..d96b429 100644
--- a/README.md
+++ b/README.md
@@ -242,14 +242,12 @@ The desktop app uses [pywebview](https://pywebview.flowrl.com/) to render the Fl
 
 ## Versioning
 
-> **Merge note:** The full policy and `CHANGELOG.md` ship in [PR #85](https://github.com/cppalliance/cppa-cursor-browser/pull/85) (#74). Land that PR with or before this one to avoid duplicate or dead links.
-
 This project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html) (`MAJOR.MINOR.PATCH`).
 
 **Pre-1.0 stability (current):** The project is at `0.x.y`. During this phase:
 
 - **Minor version bumps (`0.x` → `0.x+1`)** may include breaking changes to the HTTP API, CLI flags, or exported file formats. Consumers of the `/api/*` endpoints or the `cursor-chat-export` CLI should review the changelog before upgrading.
-- **Patch version bumps (`0.x.y` → `0.x.y+1`)** are backward-compatible bug fixes only. Critical security fixes may break compatibility at any version with appropriate changelog notation.
+- **Patch version bumps (`0.x.y` → `0.x.y+1`)** are backward-compatible bug fixes only.
 
 **What constitutes a breaking change:**
 
@@ -263,7 +261,7 @@ Internal Python modules are not a semver-governed library API for external impor
 
 Adding new optional fields to JSON responses, adding new CLI flags with sensible defaults, or adding new export-format sections are *not* considered breaking.
 
-Notable changes will be documented in **[CHANGELOG.md](CHANGELOG.md)** following the [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) format (see #74 / PR #85).
+Notable changes will be documented in **[CHANGELOG.md](CHANGELOG.md)** following the [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) format.
 
 When an API surface is scheduled for removal, follow the process in **[docs/API_DEPRECATION.md](docs/API_DEPRECATION.md)** (response headers, changelog entries, minimum notice period).
 
diff --git a/pyproject.toml b/pyproject.toml
index fb927ee..2ad1af5 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -80,6 +80,7 @@ include = [
     "requirements.txt",
     "README.md",
     "docs/",
+    "CHANGELOG.md",
     "DEPLOYMENT.md",
     "LICENSE",
     "cursor-browser.spec",

From 5e8585854b0d1b70da18f1d49c59db689d858c73 Mon Sep 17 00:00:00 2001
From: bradjin8 <headit74@hotmail.com>
Date: Thu, 28 May 2026 11:49:02 -0400
Subject: [PATCH 2/3] removed: yet to be released v0.1.0

---
 CHANGELOG.md | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f3ac227..9f2ba90 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,22 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-### Added
-- Hypothesis property-based tests for blob and bubble parsing (#71, #82)
-- PDF export endpoint coverage in CI (#72, #82)
-
-### Changed
-- Extract shared `from_dict` validation helpers for model classes, reducing duplication (#70, #80)
-- Enable mypy `strict-optional` and fix nullability gaps across the codebase (#69, #79)
-
-### Fixed
-- Add incomplete-result signaling on parse failure so callers can distinguish partial vs. complete data (#67, #78)
-- Replace `print()` error output with structured logging throughout (#68, #77)
-- Replace silent `except Exception: pass` with structured logging in workspace and bubble load paths (#66, #76)
-- Rename `_`-prefixed internal functions to public names to satisfy strict linters (#82)
-
-## [0.1.0] - 2026-05-21
-
 ### Added
 - **Web UI** — browse and search all Cursor AI workspaces; conversation view with syntax-highlighted code blocks, dark/light mode, and bookmarkable chat URLs (#63)
 - **Export formats** — one-click export of chats as Markdown, HTML, PDF, JSON, and CSV from the web UI (#63)
@@ -34,6 +18,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Python packaging infrastructure** (`pyproject.toml` with hatchling, bounded dependency pins, `requirements-lock.txt`, Dependabot) (#45, #47, #49, #53)
 - Optional exclusion rules for sensitive projects and chats (#1, #2)
 - Full-text search with workspace and log-type filters (#63)
+- Hypothesis property-based tests for blob and bubble parsing (#71, #81)
+- PDF export endpoint coverage in CI (#72, #82)
+
+### Changed
+- Extract shared `from_dict` validation helpers for model classes, reducing duplication (#70, #80)
+- Enable mypy `strict-optional` and fix nullability gaps across the codebase (#69, #79)
 
 ### Fixed
 - Path traversal and symlink-escape protection on `/api/set-workspace` (#15, #22)
@@ -43,6 +33,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Skip NULL bubble rows in workspace tabs loader (#50, #52)
 - Thread-unsafe `_workspace_path_override` race condition (#43, #54)
 - Normalise Windows-style paths on non-Windows hosts (#8)
+- Add incomplete-result signaling on parse failure so callers can distinguish partial vs. complete data (#67, #78)
+- Replace `print()` error output with structured logging throughout (#68, #77)
+- Replace silent `except Exception: pass` with structured logging in workspace and bubble load paths (#66, #76)
+- Rename `_`-prefixed internal functions to public names to satisfy strict linters (#82)
 
-[Unreleased]: https://github.com/cppalliance/cppa-cursor-browser/compare/v0.1.0...HEAD
-[0.1.0]: https://github.com/cppalliance/cppa-cursor-browser/releases/tag/v0.1.0
+[Unreleased]: https://github.com/cppalliance/cppa-cursor-browser/commits/HEAD

From 9f1c7680f83ffccb249ea0408fa9248cb5085785 Mon Sep 17 00:00:00 2001
From: bradjin8 <headit74@hotmail.com>
Date: Thu, 28 May 2026 14:10:45 -0400
Subject: [PATCH 3/3] docs: fix CHANGELOG issue refs for PDF tests and API
 decoupling

#82 is PR for PDF export tests (issue #72), not the _-prefix rename.
Reference issue #73 for decoupling API handlers from service internals.
---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9f2ba90..ab783b1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,7 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Optional exclusion rules for sensitive projects and chats (#1, #2)
 - Full-text search with workspace and log-type filters (#63)
 - Hypothesis property-based tests for blob and bubble parsing (#71, #81)
-- PDF export endpoint coverage in CI (#72, #82)
+- PDF export endpoint coverage in CI (#72)
 
 ### Changed
 - Extract shared `from_dict` validation helpers for model classes, reducing duplication (#70, #80)
@@ -36,6 +36,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add incomplete-result signaling on parse failure so callers can distinguish partial vs. complete data (#67, #78)
 - Replace `print()` error output with structured logging throughout (#68, #77)
 - Replace silent `except Exception: pass` with structured logging in workspace and bubble load paths (#66, #76)
-- Rename `_`-prefixed internal functions to public names to satisfy strict linters (#82)
+- Decouple API handlers from private `_`-prefixed service internals (#73)
 
 [Unreleased]: https://github.com/cppalliance/cppa-cursor-browser/commits/HEAD