TL;DR
- Prompt Chains now have a Graph view — see your multi-step workflows as a visual flow chart with all the success and branch paths drawn out.
- NovaKit is installable and works offline. Install it from your browser's address bar and use it on a plane.
- App Lock + Panic Wipe in Settings → Security. Gate the whole app behind your passphrase, set an auto-lock timer, and erase every trace with one click.
- Encrypted
.novakitbackup files you can stash in any cloud drive. The cloud provider sees scrambled ciphertext; only your passphrase opens it. - Auto-archive + storage breakdown in Settings → Storage. Archive dormant conversations automatically and see exactly where your space is going.
- Cross-device sync (BYOS). Sync to WebDAV servers, Google Drive, or Dropbox — storage you rent, credentials you own. NovaKit never sees your data.
The theme
The release isn't about adding more features for their own sake. Everything on the list above makes one of three promises more real:
- Your data stays yours — encrypted backups you control, sync to storage you rent, OAuth connections you own.
- NovaKit keeps working when the network doesn't — the app is installable and works offline.
- The workspace is fast to understand — Prompt Chain graph view, storage dashboard, clearer settings.
Let's walk through each.
Prompt Chains: list view + graph view
The Chain editor is primarily a sortable card list — each card is one LLM step with its own model, system prompt, template, input source, and branch targets. Editing is faster there than on a node canvas because most of what you change per step is prompt text.
But for understanding a chain — especially one with multiple branches — a list hides the shape of the flow. So we added a second tab: Graph. Each step becomes a node, every success path becomes a solid arrow, every "if this condition fails" branch becomes a dashed red arrow. The entry step is highlighted. Clicking any node jumps the card editor to that step.
The graph is read-mostly on purpose. No drag-to-wire, no node creation. Edit in the list (where text editing is ergonomic), check your work in the graph.
Offline PWA
NovaKit is now a Progressive Web App. Install it from your browser's address bar, or on iOS/Android via "Add to Home Screen." The app opens in its own standalone window.
Offline you can:
- Browse and search every past conversation
- Read, edit, and organize prompts, personas, and chain templates
- View the cost dashboard and usage history
- Review memories, knowledge base collections, and settings
You can't send new messages offline, because that needs a network round-trip to the AI provider. When you're offline, a banner surfaces at the bottom of the screen; the composer gracefully tells you the send would fail.
AI requests are never cached — they always go straight to the provider for a fresh response. Only the app's own pages and resources sit in the offline cache.
App Lock + Panic Wipe
The vault lock has always protected your API keys — you enter your passphrase to decrypt them on load. But your conversations, prompts, knowledge base, and memories have been readable to anyone who sits down at your browser. Fine for a personal machine. Risky on a shared one.
App Lock closes that gap. Toggle it on in Settings → Security and NovaKit won't show anything until you unlock with your vault passphrase. Pair it with the auto-lock timer to lock automatically after inactivity.
Panic Wipe is the other half: a one-click nuke in the Settings → Security → Danger Zone. It wipes every last trace of NovaKit from this browser — conversations, keys, caches, the installed app shell — and reloads. No undo. Useful when you need the workspace gone now.
Encrypted .novakit backups
Settings → Storage has always had a JSON export button. The new "Create encrypted backup" option wraps the same data in a single .novakit file that's been end-to-end encrypted with your vault passphrase. Without the passphrase, the file is opaque nonsense — safe to stash in Google Drive, iCloud, Dropbox, or any backup service.
Restore supports merge (keep existing data, add missing rows) or replace (wipe and restore).
Why a new format instead of plain JSON? Because most people want their backup somewhere convenient, and "somewhere convenient" is usually a cloud drive. Plain JSON leaks everything to whoever runs that drive.
Auto-archive + storage breakdown
Two small but useful additions in Settings → Storage:
- Auto-archive dropdown: never / 30 / 60 / 90 / 180 days. Non-pinned conversations that haven't been touched in the chosen window get archived on the next app load. Archived conversations are hidden from the main list but remain searchable and exportable.
- Storage breakdown card: row count and approximate size per table. Tells you where your space is going — usually messages and knowledge-base chunks.
BYOS cross-device sync
Cross-device sync on NovaKit works differently from TypingMind, ChatGPT, or any other SaaS AI app. Those vendors host your sync. NovaKit doesn't host anything — you bring your own storage:
- WebDAV (Nextcloud, Synology NAS, any WebDAV server) — fully implemented.
- Google Drive and Dropbox — the adapters are in place; the OAuth flow is the remaining piece.
The file pushed to remote is the same encrypted .novakit backup. The storage provider only ever sees ciphertext. When you pull, NovaKit decrypts locally with your passphrase and merges into your workspace.
One detail worth its own note: user-owned OAuth
For Google Drive and Dropbox, NovaKit does not ship developer OAuth credentials. Most apps bake in a single client ID so every user authenticates through the vendor's OAuth registration. That's why you see "acme-ai.com" in your Google "Third-party apps" list — one shared client for every user of the product.
NovaKit asks you to register your own OAuth client in Google Cloud Console or Dropbox Developers, and paste the ID into Settings → Sync. Your Google account sees "your-own-app wants Drive access" — not NovaKit. The trade-off is ~5 minutes of one-time setup; the payoff is a genuinely zero-trust integration. There's a separate post walking through this: user-owned OAuth.
What didn't make this release
A few things we planned and deferred:
- Auto-backup reminders after N conversations — the encrypted backup feature exists, the nudge doesn't yet.
- Local embeddings for knowledge base — today the KB still sends document text to OpenAI for embedding.
- Offline message queue — today the composer fails when offline. Queuing the send for when you reconnect is next.
- Optional full-database encryption — today only API keys are encrypted at rest. Encrypting everything else is on the list.
- Google Drive / Dropbox OAuth flow — adapters exist, the sign-in dance isn't wired up yet.
None of these are blockers. Each is in the backlog as a follow-up.
What's next
Teams is the next major milestone: shared workspaces, shared prompts and chains, team analytics, SSO, audit logs. If you're on a Pro license, Teams will be a monthly upgrade — founding members get the founding rate.
In the meantime, everything above is live for every Starter and Pro member. Open the app, skim the full changelog, or check the roadmap to see what's coming.