v4.2.0 — AI Chat Widget, Security Hardening & Performance

What's New in v4.2.0

AI Chat Widget

Add a floating AI assistant to any page with a single <script> tag. Visitor queries run a two-phase pipeline: hybrid semantic+fulltext search retrieves relevant excerpts, then Claude Haiku synthesizes a conversational answer streamed live via SSE. Works without an Anthropic key as a pure search experience. Fully configurable from the admin panel — title, colors, position, prompt templates, rate limits.

Fork MCP Tools (8 new tools → 72 total)

Eight dedicated tools for fork workspace management: list_forks, create_fork, get_fork, fork_page, remove_fork_page, merge_fork, archive_fork, delete_fork. Forks let you stage and preview sets of page edits before merging to live.

Security Hardening

• SecurityHeaders middleware: CSP (path-aware admin vs. public policy), HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
• SESSION_SECRET enforced at 32+ characters; server refuses to start with a weak secret
• Trusted proxy config: TrustFlyProxy reads the unspoofable Fly-Client-IP header in cloud deployments
• Chat endpoint: separate per-IP (5/min) and global (30/min) rate limiters, prompt injection defense
• API body size cap on all endpoints

Performance

• Optimized content query paths
• Bulk content operations (up to 100 pages per call)
• export_content for transform/re-import pipelines

---

Previous release: v1.1 · Full changelog: CHANGELOG.md

LightCMS v1.1.0

LightCMS v1.1.0

AI-native content management system with MCP server, REST API, and CLI tool.

What's New

• API Key System: Create and manage API keys from the admin panel for REST API, MCP, and CLI access
• REST API: Full /api/v1/ JSON API with Bearer token authentication for all resources
• CLI Tool: lightcms command-line tool for all content management operations
• MCP Refactor: MCP server now connects via REST API — no direct database access needed, enabling remote MCP clients
• MCPB Packaging: MCP bundle files (.mcpb) for streamlined distribution

MCP Bundle Installation

Download the .mcpb file for your platform, or build from source:

go build -o bin/lightcms-mcp ./cmd/mcp

claude mcp add --transport stdio lightcms-mcp \
  -e LIGHTCMS_URL="https://your-site.com" \
  -e LIGHTCMS_API_KEY="lc_your_key_here" \
  -- /path/to/bin/lightcms-mcp

CLI Installation

go build -o bin/lightcms ./cmd/cli

export LIGHTCMS_URL=https://your-site.com
export LIGHTCMS_API_KEY=lc_your_key_here
lightcms content list

See README for full documentation and 10 working MCP examples.

v1.0.0

Changelog

• 18f71f2 Add Fly.io deployment configuration
• eea3b28 Add LIGHTCMS_CONFIG_DIR support for MCP server setup
• 091c8ab Add MCP registry metadata, tool annotations, and privacy policy
• 5bc6810 Add MCP server and security improvements
• af1b901 Add MIT LICENSE and clarify website management focus
• 9d67e52 Add MongoDB change stream for real-time content sync
• 469ae26 Add comprehensive MCP API reference documentation
• 2c0f8af Add search/replace, template switching, asset library, and admin branding
• 093b7f7 Add theme versioning feature
• 44d0a35 Display environment mode in Configuration page
• 974001d Fix copyright year to 2026
• 284f3a3 Fix sticky header and mobile footer layout
• 659960e Fix template rendering in range blocks and improve deleted content query
• 39d6650 Initial commit: LightCMS v1.0
• 47784d9 Remove sitemap.xml from version control
• 5a29c79 Remove unused debug and migration utilities
• fae8ae3 Security hardening and inline theme version history
• 0b99f7f Update README to emphasize AI-native design