diff --git a/Cargo.lock b/Cargo.lock
index f487451..2935223 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4424,7 +4424,7 @@ dependencies = [
 
 [[package]]
 name = "tracevault-cli"
-version = "0.12.0"
+version = "0.12.1"
 dependencies = [
  "chrono",
  "clap",
@@ -4443,7 +4443,7 @@ dependencies = [
 
 [[package]]
 name = "tracevault-core"
-version = "0.12.0"
+version = "0.12.1"
 dependencies = [
  "async-trait",
  "chrono",
@@ -4475,7 +4475,7 @@ dependencies = [
 
 [[package]]
 name = "tracevault-server"
-version = "0.12.0"
+version = "0.12.1"
 dependencies = [
  "aes-gcm",
  "argon2",
diff --git a/Cargo.toml b/Cargo.toml
index 0cd1cbb..3efc8f1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,7 +3,7 @@ members = ["crates/tracevault-core", "crates/tracevault-cli", "crates/tracevault
 resolver = "2"
 
 [workspace.package]
-version = "0.12.0"
+version = "0.12.1"
 edition = "2021"
 license = "Apache-2.0"
 repository = "https://github.com/softwaremill/tracevault"
diff --git a/crates/tracevault-server/CHANGELOG.md b/crates/tracevault-server/CHANGELOG.md
index 2f4c1a6..c3282c8 100644
--- a/crates/tracevault-server/CHANGELOG.md
+++ b/crates/tracevault-server/CHANGELOG.md
@@ -7,6 +7,186 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.12.1](https://github.com/softwaremill/tracevault/compare/v0.12.0...v0.12.1) - 2026-05-18
+
+### Added
+
+- *(ui)* add server-side pagination to policy evaluations table
+- *(orgs)* allow renaming org slug and match it case-insensitively
+- *(login)* replace org text input with dropdown and SSO-first UX
+- add detailed logging to chat indexing and summarization pipeline
+- auto-reindex sessions when transcript grows beyond indexed chunk count
+- accept mention overrides in chat message endpoint
+- add GET /chat/mentions endpoint for @ autocomplete
+- add chat API endpoints with conversation CRUD and RAG message handler
+- add chat query pipeline with filter extraction, two-stage retrieval, and response generation
+- add chat indexing pipeline with session completion hook and backfill
+- add chat conversations and messages repo layer
+- add session summarization service for RAG indexing
+- add transcript chunking logic with sliding windows for RAG
+- add chat summarization LLM settings endpoints
+- add fastembed wrapper service for local text embedding
+- add chat_search feature flag, ChatUse permission, and pgvector/fastembed deps
+- add migration for chat RAG tables, pgvector, and summarization config
+- enrich stories with session transcripts and clickable references
+- enrich story with session transcripts and clickable references
+- add GET /code/sessions endpoint for function sessions
+- add gather_function_sessions for code sessions endpoint
+- unify transcript display with timestamps across traces and analytics views
+- report attributed_sessions_sealed in CI verification
+- include session seal verification in chain verification
+- background sweep to seal stale sessions after 30min inactivity
+- seal sessions on SessionEnd when signing is enabled
+- seal commits on push when signing is enabled
+- add SealingService with commit and session sealing logic
+- add sealing repo layer for commit and session seals
+- migration for multi-seal sessions and verification counts
+- add sign method to SigningService
+- revamp invite flow UI, add invite acceptance page, improve error handling
+- wire invite routes, remove old invite_member endpoint
+- add invite link handlers (create, list, revoke, details, accept)
+- add generate_invite_token utility
+- add invite_expiry_minutes and cors_origin to AppState
+- add org_invites migration for invite link flow
+- add keyset pagination types and rewrite IN-subqueries
+- add hook adapter architecture with multi-tool detection
+- add SQL indexes, materialized views, and tool field migration
+- add repository layer for analytics, policies, compliance, pricing, code_stories
+- add repository layer for sessions, events, commits
+- add repository layer for users, orgs, repos, api_keys
+- add AppError type with IntoResponse and permission helper
+- add top AI tools section to author detail page and fix DataTable clickability
+- register AI tools analytics routes
+- add AI tools analytics endpoints and software summary
+- add AI tool usage tracking (migration + extraction)
+- add top authors leaderboard to dashboard
+- add author detail endpoint
+- add user_id to AuthorLeaderboard, drop unused fields
+- register software analytics routes
+- add software user detail endpoint
+- add software analytics list endpoint
+- extract software usage from Bash events at ingest
+- add user_software_usage migration
+- add manual pricing sync endpoint and sync status endpoint
+- wire startup + daily background pricing sync
+- add sync_pricing function with diff, update, and recalculation
+- add LiteLLM JSON parsing with model mapping and tests
+- add source field to PricingEntry struct and queries
+- add pricing sync migration (source column + sync log table)
+- *(stream)* extract token usage and costs from transcript chunks in real-time
+- *(api)* add traces UI endpoints (sessions, commits, timeline, attribution, branches) and remove old traces module
+- *(branch-tracking)* track commits reaching branches and tags via webhooks
+- *(attribution)* add line-level attribution engine with confidence scoring
+- *(api)* add streaming event endpoint
+- *(api)* add commit push endpoint with file-level attribution
+- *(schema)* add streaming architecture tables
+- *(pricing)* add pricing CRUD and recalculate API endpoints
+- *(dashboard)* add handler and register GET /dashboard route
+- *(dashboard)* add compliance query
+- *(dashboard)* add KPI aggregation and sparkline queries
+- *(dashboard)* add types, response struct, and period range helper
+- register session detail API route
+- add session detail transcript parser with per-call breakdown
+- add model_pricing table with seed data
+
+### Changed
+
+- *(server)* extract count_evaluations SQL to .sql file
+- *(policy)* honest action set, shared evaluator, exact tool matching, RBAC
+- simplify backfill to rely solely on chunk count comparison
+- extract SessionSearchFilter struct to fix clippy too_many_arguments
+- make resolve_org_llm public for chat module reuse
+- replace regex session linkification with structured Linked Sessions section
+- extract collect_file_commit_shas helper from story context
+- make is_valid_email public for reuse in invite handler
+- migrate all handlers to AppError and repo/service layers
+- strip non-software data from software user detail endpoint
+- slim get_software to org-wide tools only
+- remove git-ai, compute attribution server-side from sessions
+- clean up v2 references in comments, remove dead code and legacy script
+- extract seal fields into commit_seals table in compliance and CI
+- extract seal fields into session_seals in dashboard compliance query
+- rename sessions_v2/commits_v2 in analytics
+- rename sessions_v2/commits_v2 in remaining files
+- rename sessions_v2/commits_v2 in traces_ui
+- rename sessions_v2/commits_v2 in stream and commit_push endpoints
+- consolidate migrations, remove v2 suffixes from schema
+- use real session model names for pricing instead of canonical names
+- extract shared recalculate_sessions_for_pricing function
+- migrate all queries from old sessions table to sessions_v2
+- remove old traces.rs and legacy endpoints entirely
+- pricing module to support DB-backed rates with fallback
+
+### Fixed
+
+- *(server)* fix rustfmt indentation in count_evaluations
+- *(security)* autofix Path traversal attack possible
+- *(auth)* disable public registration once first user exists
+- *(server)* remove unused Arc import that breaks enterprise build
+- *(invites)* route existing accounts to login on invite accept
+- *(chat)* dedupe referenced commits across matched sessions
+- resolve clippy warnings in chat_indexing and story
+- *(chat-indexing)* cap embedding batch size to prevent OOM
+- replace nightly floor_char_boundary with stable helper
+- use div_ceil instead of manual reimplementation
+- exclude sessions without transcripts from indexing status and add backfill diagnostics
+- segment large transcripts for summarization and fix byte-boundary panic
+- use floor_char_boundary for string truncation to avoid panics on multi-byte chars
+- index all sessions regardless of status in chat backfill
+- grant admin role to API key auth instead of developer
+- chat UX improvements and bug fixes
+- make pgvector migration conditional for community installs without the extension
+- fallback to file_path query when git SHAs miss DB sessions
+- query sessions by file_path instead of git-walking
+- unify password minimum length to 10 characters
+- force-fetch refspecs and normalize deploy key PEM newline
+- add sealed_at to session hash, fix chain race condition with advisory lock
+- compute avg session duration from timestamps when duration_ms is missing
+- remove needless borrows in encryption tests (clippy)
+- resolve CI failures — add dead_code allows and avoid CodeQL hard-coded password flag
+- use DB pricing rates during ingestion instead of hardcoded fallbacks
+- prevent duplicate token/cost accumulation from overlapping transcript batches
+- apply repo/author filters to AI summary and filter empty sessions
+- apply repo/author filters to software analytics query
+- cast SUM(total_tokens) to BIGINT in software user detail query
+- resolve TypeScript narrowing errors in software pages
+- use git CLI for clone/fetch to support all SSH key formats
+- update migration 008 to use renamed sessions table
+- populate tool frequency data in session analytics
+- compute duration and messages from fallback sources in analytics sessions
+- resolve clippy warning in startup sync
+- auto-sync repos on startup, improve attribution blame and error UX
+- fix attribution confidence scoring and deduplicate file changes
+- *(api)* restore legacy POST /traces endpoint for backward compatibility with old CLI
+- *(api)* add committed_at to GROUP BY for linked commits query
+- *(ui)* fix navigation responsiveness, transcript rendering, file change display, linked commits dedup, and branch tracking from commit-push
+- *(stream)* process piggybacked transcript lines on all event types, not just Transcript
+- *(dashboard)* cast SUM() results to int8 for sqlx type compatibility
+- *(dashboard)* fill sparkline date gaps and parallelize queries
+- never drop transcript records when message field is missing
+- remove audit log from login to avoid nil org_id FK violation
+- fix display github hashes for real commits
+- fix warnings
+- fix cargo clippy
+
+### Security
+
+- implement NIST 800-63B password policy with breached password check
+- add email format validation on registration
+- add per-IP rate limiting on public and auth endpoints
+- add HMAC-SHA256 verification for GitHub webhook signatures
+- require CORS_ORIGIN env var, remove permissive fallback
+- sanitize Sqlx and Git error responses to prevent info leakage
+
+### Test
+
+- add coverage before dep upgrades (rand, reqwest, tower_governor)
+- add integration tests for invite link flow
+- add Tier 2 repo layer integration tests (api_keys, commits, policies, pricing, repos)
+- add API layer unit tests (policies, dashboard, pagination)
+- add server unit tests (auth, encryption, error, permissions, signing, pricing, config, attribution, stream)
+- add repository layer integration tests
+
 ## [0.12.0](https://github.com/softwaremill/tracevault/compare/v0.11.3...v0.12.0) - 2026-05-08
 
 ### Added