Release v1.19.19 is now live

Release 1.19.19 improves the Ask voice fullscreen experience for accessibility and clarity. The dialog uses an explicit title and description for assistive technology, dynamic status text for listening, connecting, TTS, mute, and follow-up prompts, and a short trust line under the sources pill when collapsed. The TTS answer region uses aria-live off during word-level highlighting to reduce screen reader churn; transcript scrolling respects reduced motion. The waveform halo animation respects prefers-reduced-motion, and the particle canvas skips heavy drawing while the tab is hidden. Closing the session returns focus to the voice entry control, and a Type with keyboard instead action exits to the main Ask view. Analytics records voice session end and fullscreen close with a source (button, Escape, or type instead). Hub and hero artwork reflect this release.

The same delivery cycle includes a security and quality pass (repo structure can be explored with Graphify when a local graph is built; see project-documentation/GRAPHIFY.md). Optional Upstash Redis rate limits protect /api/chat, /api/ask/transcribe, and /api/feedback when UPSTASH_REDIS_REST_URL and UPSTASH_REDIS_REST_TOKEN are set; without them, behavior is unchanged. Global response headers add X-Frame-Options, X-Content-Type-Options, and Referrer-Policy alongside the existing Permissions-Policy. Chat and transcribe return generic errors to clients while details stay in server logs. Billing validates Stripe customer ids (cus_…) from cookies or body. Web Push subscribe payloads use schema validation with bounded user-agent length. Ask feedback auto-issues use the correct GitHub repository.