SilentHelm — CHANGELOG
======================

v1.0.0 (Initial Public Release)
-------------------------------
Core
- Local-first logging (JSONL) and incident bundles (Incidents\*)
- HTML report generation with:
  - Security Status summary (last 24h)
  - Incident cards with severity badges (Critical/High/Medium/Low)
  - “Most likely cause” summary
  - “Recommended next steps” (adaptive guidance)
  - Collapsible technical details + optional raw log view
- Canary file protection:
  - Canary file creation in monitored directories
  - High-confidence incident when canary is touched (modify/rename/delete)
- Heuristics:
  - File burst detection (mass file changes in a short window)
  - Suspicious process heuristics (pattern-based)
  - Suspicious file pattern / extension heuristics
- Incident creation rate limiting (default: 1 per 60 seconds)

Monitoring
- Default monitored locations:
  - Desktop
  - Documents
  - Downloads
- extraWatchDirs:
  - Add additional directories to monitor via config
  - Live reload supports full add/remove (stop threads cleanly on removal)

Tray UX
- Tray menu:
  - Status
  - Run report (generate + open in default browser)
  - Reload config
  - Open log file
  - Exit
- Critical alert UX:
  - Tray tooltip indicates CRITICAL state
  - Balloon notification for new critical incidents (deduped)

Website / Branding
- Updated look & feel and copy to reflect v1 features
- Color palette aligned across report + site (modern cybersecurity theme)

Notes
-----
- SilentHelm complements antivirus/EDR; it is not a replacement.
- Admin mode may provide improved visibility depending on system policies.

End of file
