-
Carol v0.0.1-rc.25
Pre-releasereleased this
2026-06-29 18:56:40 +00:00 | 2 commits to main since this release0.0.1-rc.25 — 2026-06-29
Bug fixes
- let native clients manage Personal Access Tokens (#386) (
e5b51aa) - clear native session on logout so it doesn't auto-sign-in (
8aebae4) - complete Android OAuth on cold start (#300) (
fe806ee) - validate organizationId in the agent job/contract CRUD tools (#375) (
481fa0d) - back navigation follows history, not always the landing screen (
39f7346)
Chores
Features
- probe /api/health on server-setup save (#236) (
df4fbc9) - link_job_to_org agent tool (#375 follow-up) (
6b4a512) - link a Job/Contract employer to an Organization in the UI (#375) (
c2ed86e) - link a Job/Contract's employer to a network Organization (#375) (
9f79621)
Other
- Merge pull request 'fix(api): let native clients manage Personal Access Tokens (#386)' (#387) from 386-native-pat-management into main (
7f1b816) - Merge pull request 'fix(client): clear the native session on logout' (#385) from fix/native-logout-clears-session into main (
b074afe) - Merge pull request 'chore(client): scrub style={[...]} on DOM-leaf primitives + ESLint guardrail (#239)' (#384) from 239-style-array-scrub into main (
e72419d) - Merge pull request 'fix(client): complete Android OAuth on cold start (#300)' (#383) from 300-oauth-cold-start into main (
18f8ab4) - Merge pull request 'feat(client): probe /api/health on server-setup save (#236)' (#382) from 236-health-probe into main (
0e11d37) - Merge pull request 'fix(api): validate organizationId in the agent job/contract CRUD tools (#375)' (#381) from validate-job-org-in-crud-tools into main (
91e50a7) - Merge pull request 'test(e2e): cross-browser and mobile-viewport projects' (#380) from test/e2e-cross-browser-mobile into main (
89d7f0d) - Merge pull request 'feat(api): link_job_to_org agent tool (#375 follow-up)' (#379) from link-job-to-org-tool into main (
76b147b) - Merge pull request 'feat(client): link a Job/Contract employer to an Organization in the UI (#375)' (#378) from 375-job-org-link-client into main (
9490829) - Merge pull request 'test(e2e): shared session, db reset, and admin spec' (#377) from test/e2e-infra-hardening into main (
a8f904f) - Merge pull request 'feat(api): link a Job/Contract's employer to a network Organization (#375)' (#376) from 375-job-org-link-backend into main (
25fe865) - Merge pull request 'test(e2e): add per-domain critical-path specs' (#335) from test/e2e-per-domain-specs into main (
ad313e7) - Merge pull request 'fix(client): back navigation follows history, not always the landing screen' (#374) from fix-drawer-back-history into main (
9035718)
Tests
- cross-browser and mobile-viewport projects (
5ec412b) - shared session, db reset, and admin spec (
33b8014) - rename masked-input placeholder to clear njsscan (
0f8fb75) - add per-domain critical-path specs (
cc04a7d)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:70a8536cb9ddc10cde89423fdba4cf5674ec65af88fe40778badb0c1b97b8e8f cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:70a8536cb9ddc10cde89423fdba4cf5674ec65af88fe40778badb0c1b97b8e8fDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- let native clients manage Personal Access Tokens (#386) (
-
Carol v0.0.1-rc.24
Pre-releasereleased this
2026-06-29 15:00:15 +00:00 | 29 commits to main since this release0.0.1-rc.24 — 2026-06-29
Bug fixes
Features
- make Chat the default landing screen (was Notes) (
11e2972)
Other
- Merge pull request 'fix(client): open People & Organizations detail screens in read mode (#371)' (#372) from 371-network-read-mode into main (
bf5fb41) - Merge pull request 'feat(client): make Chat the default landing screen (was Notes)' (#373) from default-screen-chat into main (
c77be03)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:1b8031906f4f27bf78fccc841cda3227946b3d3e6cdd07f8a3fbab733ab7991f cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:1b8031906f4f27bf78fccc841cda3227946b3d3e6cdd07f8a3fbab733ab7991fDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- make Chat the default landing screen (was Notes) (
-
Carol v0.0.1-rc.23
Pre-releasereleased this
2026-06-29 14:18:22 +00:00 | 33 commits to main since this release0.0.1-rc.23 — 2026-06-29
Features
- use the shared ProposalDiff in the activity undo card (#363 follow-up) (
e0f676d) - chat conversation management — rename, delete, search, auto-scroll (#364) (
307f6c7)
Other
- Merge pull request 'feat(client): use the shared ProposalDiff in the activity undo card (#363 follow-up)' (#370) from 363-followup-activity-diff into main (
25376ff) - Merge pull request 'feat(client): chat conversation management — rename, delete, search, auto-scroll (#364)' (#369) from 364-chat-conversation-ui into main (
4c7688e)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:92cd1c262ed911e7d66ef6922e0ac450d62f6d7d109a38917fe21726a9f60733 cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:92cd1c262ed911e7d66ef6922e0ac450d62f6d7d109a38917fe21726a9f60733Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- use the shared ProposalDiff in the activity undo card (#363 follow-up) (
-
Carol v0.0.1-rc.22
Pre-releasereleased this
2026-06-29 13:53:40 +00:00 | 37 commits to main since this release0.0.1-rc.22 — 2026-06-29
Bug fixes
Chores
Documentation
- add the agent / MCP setup guide for self-hosters (
eceea52)
Features
- render proposal diffs as readable field-level changes (#363) (
2aa3158) - rename + delete conversation endpoints (#364) (
2477890) - render chat replies as markdown with collapsible thinking (
78a204f) - undo button on the activity screen (
01cd2ff) - undo an agent write by proposing its inverse (ADR-0031) (
9a6a34e) - agent activity history UI — "what Carol changed" (
c4569eb) - GET /api/agent/audit — the user's agent write history (
6b1798e)
Other
- Merge pull request 'chore(api): register MessageDto as a named OpenAPI component (#365)' (#368) from 365-name-messagedto-component into main (
ec27a4c) - Merge pull request 'feat(client): render proposal diffs as readable field-level changes (#363)' (#367) from 363-readable-proposal-diffs into main (
357a8b8) - Merge pull request 'feat(api): rename + delete conversation endpoints (#364)' (#366) from 364-chat-conversation-mgmt into main (
f1bd354) - Merge pull request 'docs: add the agent / MCP setup guide for self-hosters' (#360) from agent-setup-guide into main (
9e8c34d) - Merge pull request 'feat(client): render chat replies as markdown with collapsible thinking' (#359) from 352-chat-markdown into main (
aa55e08) - Merge pull request 'fix(client): give every edit button the pencil icon (#353)' (#358) from 353-standardize-edit-buttons into main (
3f574aa) - Merge pull request 'feat(client): undo button on the activity screen' (#357) from 356-undo-button-ui into main (
58bde43) - Merge pull request 'feat(api): undo an agent write by proposing its inverse (ADR-0031)' (#355) from 352-agent-write-undo into main (
dcb1e19) - Merge pull request 'feat(client): agent activity history UI — "what Carol changed"' (#351) from 350-activity-history-ui into main (
f278e79) - Merge pull request 'feat(api): GET /api/agent/audit — the user's agent write history' (#349) from 348-audit-log-api into main (
7b95d97)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:2fdaa6394d978c66913678632702a3c37c8cb0ca7cccd16b0b6a429d3560f47b cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:2fdaa6394d978c66913678632702a3c37c8cb0ca7cccd16b0b6a429d3560f47bDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- add the agent / MCP setup guide for self-hosters (
-
Carol v0.0.1-rc.21
Pre-releasereleased this
2026-06-29 11:23:44 +00:00 | 57 commits to main since this release0.0.1-rc.21 — 2026-06-29
Bug fixes
- typecheck export test + regenerate api-client types (
966ca62)
Chores
- regenerate types for the proposal-read endpoint (
2a95954)
Documentation
- ADR-0030 agent tool surface granularity and naming (
dc61bd2) - ADR-0029 agent runtime architecture (
fcccf01)
Features
- built-in chat UI — streaming chat panel + inline write confirmations (
874f046) - conversation + agent hooks + pure SSE streaming transport (
2f40657) - GET /api/agent/proposals/{id} — read a proposed agent write (
1c9c2e4) - streaming agent turns — LlmClient.stream() + SSE chat endpoint (
729d3fd) - server-side agent loop + conversations/messages schema (
e844c96) - LLM provider adapters — Anthropic + OpenAI-compatible (
32c903d) - per-user LLM provider config with encrypted API-key storage (
39d43b9) - streamable-HTTP MCP server endpoint (/api/mcp, PAT-authed) (
2872ec6) - shared agent domain tool registry, proposals, and commit path (
6b3898e) - export user domain data as a tar.gz archive (
a185ab2) - surface per-OIDC-instance status on /api/health (
0710cb0) - implement invite and admin-approval registration policies (
2c49295)
Other
- Merge pull request 'feat(client): built-in chat UI — streaming chat panel + inline write confirmations' (#347) from 346-chat-ui into main (
d535b58) - Merge pull request 'feat(api-client): conversation + agent hooks + pure SSE streaming transport' (#345) from 344-api-client-agent-hooks into main (
664a2fb) - Merge pull request 'feat(api): GET /api/agent/proposals/{id} — read a proposed agent write' (#343) from 342-proposal-read-endpoint into main (
af007e4) - Merge pull request 'feat(api): streaming agent turns — LlmClient.stream() + SSE chat endpoint' (#341) from 340-agent-streaming into main (
8b75832) - Merge pull request 'feat(api): server-side agent loop + conversations/messages schema' (#339) from 338-agent-loop into main (
393cba3) - Merge pull request 'feat(api): LLM provider adapters — Anthropic + OpenAI-compatible' (#337) from 336-llm-provider-adapters into main (
5e3b1e9) - Merge pull request 'feat(api): per-user LLM provider config with encrypted API-key storage' (#334) from 333-llm-provider-config into main (
4b68097) - Merge pull request 'feat(api): streamable-HTTP MCP server endpoint (/api/mcp, PAT-authed)' (#332) from 331-mcp-endpoint into main (
2a17d97) - Merge pull request 'feat(api): shared agent domain tool registry, proposals, and commit path' (#330) from 51-domain-tool-surface into main (
46026b7) - Merge pull request 'test(e2e): Playwright harness and smoke suite' (#329) from test/e2e-playwright-foundation into main (
29f466c) - Merge pull request 'docs(adr): ADR-0030 agent tool surface granularity and naming' (#328) from 50-adr-tool-surface into main (
271e954) - Merge pull request 'docs(adr): ADR-0029 agent runtime architecture' (#324) from 48-adr-agent-runtime into main (
15d3866) - Merge pull request 'feat(api): export user domain data as a tar.gz archive' (#322) from feat/data-export into main (
d13f7ca) - Merge pull request 'feat(api): surface per-OIDC-instance status on /api/health' (#323) from 214-oidc-health into main (
d51af86) - Merge pull request 'feat(auth): implement invite and admin-approval registration policies' (#321) from 219-registration-policies into main (
f1d8337)
Tests
- silence njsscan hardcoded-password finding on test fixture (
82b0468) - add Playwright harness and smoke suite (
65a3196)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:9ff1726d19ba6fbc8d8e42dcbf03d0db9c997559a6afe5c10e932eb0fee0b8fd cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:9ff1726d19ba6fbc8d8e42dcbf03d0db9c997559a6afe5c10e932eb0fee0b8fdDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- typecheck export test + regenerate api-client types (
-
Carol v0.0.1-rc.20
Pre-releasereleased this
2026-06-27 01:45:57 +00:00 | 90 commits to main since this release0.0.1-rc.20 — 2026-06-27
Bug fixes
- consistent back navigation via goBackOr history-or-parent helper (
0366454) - keep native session alive via proactive token refresh (
7b378d1)
CI
- disable release-tag trigger while the build is blocked (
5430030)
Features
Other
- Merge pull request 'feat(client): add pull-to-refresh to every content page' (#314) from 309-pull-to-refresh into main (
377391c) - Merge pull request 'feat(client): merge Skills into Experience as a tab (#311)' (#312) from experience-skills-tab into main (
ff07e04) - Merge pull request 'ci(flatpak): disable release-tag trigger while the build is blocked' (#315) from 313-disable-flatpak-build into main (
4b53dfd) - Merge pull request 'fix(client): consistent back navigation via goBackOr history-or-parent helper' (#310) from 308-back-nav-consistency into main (
4c7156c) - Merge pull request 'fix(client): keep the Android app logged in via proactive token refresh (#306)' (#307) from native-stay-logged-in into main (
ba24b4c)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:2f4f6c1d4bafe2637745e11729120695c58245fae6702aeaaa66c2ea469fe69a cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:2f4f6c1d4bafe2637745e11729120695c58245fae6702aeaaa66c2ea469fe69aDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- consistent back navigation via goBackOr history-or-parent helper (
-
Carol v0.0.1-rc.19
Pre-releasereleased this
2026-06-26 23:42:52 +00:00 | 100 commits to main since this release0.0.1-rc.19 — 2026-06-26
Bug fixes
- use the Carol web icon for the Android app icon (
fe68633) - bump Flatpak Rust toolchain to 1.88.0 (
1edb076)
Other
- Merge pull request 'fix(client): use the Carol web icon for the Android app icon' (#305) from 303-android-app-icon into main (
3ac635d) - Merge pull request 'fix(ci): bump Flatpak Rust toolchain to 1.88.0 (#301)' (#302) from flatpak-rust-toolchain-188 into main (
7f8198d)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:e01fdf0ee0787dac6bae85fb3d9b505f7df9375a6a7a50fa51aa167beaa223bb cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:e01fdf0ee0787dac6bae85fb3d9b505f7df9375a6a7a50fa51aa167beaa223bbDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- use the Carol web icon for the Android app icon (
-
Carol v0.0.1-rc.18
Pre-releasereleased this
2026-06-26 23:04:49 +00:00 | 104 commits to main since this release0.0.1-rc.18 — 2026-06-26
Bug fixes
- tmpfs Postgres service data dir (#277) (
e726a9a) - WHATWG URL polyfill + native-intent for Android OAuth return (
6a271aa)
Other
- Merge pull request 'fix(ci): stop Postgres state-bleed across CI runs (#277)' (#299) from 277-postgres-ci-state-bleed into main (
0dffb26) - Merge pull request 'fix(client): WHATWG URL polyfill + native-intent for Android OAuth return' (#298) from 297-android-oauth-url-polyfill into main (
76a9d44)
Tests
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:1e658e9401425bb468c316aa827bdc08d743eb933eef423a381b1c0befbc5afc cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:1e658e9401425bb468c316aa827bdc08d743eb933eef423a381b1c0befbc5afcDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- tmpfs Postgres service data dir (#277) (
-
Carol v0.0.1-rc.17
Pre-releasereleased this
2026-06-26 22:30:06 +00:00 | 109 commits to main since this release0.0.1-rc.17 — 2026-06-26
Bug fixes
- inset the native sidebar below the status bar (
dfa3748) - bump Flatpak Rust toolchain to 1.85 and stamp build version (
9eeacab) - stamp app.json expo.version in the container build (
2c1b484)
Features
- log app name and version at server startup (
ec09774)
Other
- Merge pull request 'fix(client): inset the native sidebar below the status bar' (#296) from 295-sidebar-safe-area into main (
f12fffa) - Merge pull request 'fix(ci): bump Flatpak Rust toolchain to 1.85 and stamp build version' (#294) from 293-flatpak-rust-toolchain into main (
9b482d4) - Merge pull request 'fix(ci): stamp app.json expo.version in the container build' (#292) from 291-web-version-stamp into main (
1bebb8c)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:0186daef37949abe6d89009c560a7c07e2b684b5a07921aa7cc7597f15e9abc3 cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:0186daef37949abe6d89009c560a7c07e2b684b5a07921aa7cc7597f15e9abc3Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- inset the native sidebar below the status bar (
-
Carol v0.0.1-rc.16
Pre-releasereleased this
2026-06-26 21:56:24 +00:00 | 116 commits to main since this release0.0.1-rc.16 — 2026-06-26
Bug fixes
- bumped expo-secure-store (
3698cc7)
Features
- show app + server version at the bottom of settings (
f06d68c)
Other
- Merge pull request 'feat(client): show app + server version at the bottom of settings' (#290) from 289-settings-version-display into main (
a006ee5) - Merge pull request 'fix(android): bumped expo-secure-store' (#288) from 287-android-crash into main (
d5bff3b)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:40216ab3493a2be129a2aab5e4c3344d6f386ad22da8ba64bc1ad939601afac9 cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:40216ab3493a2be129a2aab5e4c3344d6f386ad22da8ba64bc1ad939601afac9Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- bumped expo-secure-store (