-
Carol v0.0.1-rc.10
Pre-releasereleased this
2026-06-23 20:40:35 +00:00 | 161 commits to main since this release0.0.1-rc.10 — 2026-06-23
Bug fixes
- switch Avatar to expo-image so source.headers reach the network (#256) (
9869485) - use expo-file-system File for native picture upload (#253, fifth attempt) (
d1705d7) - bypass URL rewriter for picture upload (#253, fourth attempt) (
b9e3989) - strip wrong Content-Type on multipart so RN regenerates it (
b71fbe8) - detect FormData via RN polyfill private field, not just Content-Type (
d17bd65) - include oauth_inits in postgres teardown table list (
4151e9c) - profile picture upload + display on android (#253, #256) — second pass (
7c4fde0) - wire Enter-to-submit across form-bearing screens (#255) (
2500c7a) - keyboard-aware scroll across form-bearing screens (#254) (
3a3d3cc) - profile picture renders on android (#256) (
9832f11) - profile picture upload works on android (#253) (
60413aa) - drop literal tags from empty-state strings (
fb82042) - configure i18next for single-brace {var} interpolation (
4ca1356) - domain routes accept bearer tokens, not just session (
4246d17) - give the sidebar shell flex: 1 so the nav list renders (
ceb6780) - respect the status-bar inset in the mobile header (
7c4c969) - /api/auth/me accepts bearer tokens, not session-only (
a813f2a) - invalidate useMe cache after login (
f7b33be) - iterate Headers explicitly when rewriting Request (
69bb01e) - middlewares return undefined when not modifying (
827ef5b) - explicitly copy request body in the off-origin rewriter (
74c70c9) - rewrite relative URLs in the off-origin rewriter (
745e3b1) - pin react-native to 0.85.3 via pnpm.overrides (
f85521e) - pin react + react-dom to 19.2.3 via pnpm.overrides (
ab2ed62) - loosen react pin so the bundle ships one copy (
7546fd7) - make SPA catch-all optional so
/serves index.html (#185) (bc045c0) - unwrap cursor pagination envelope on flat-list hooks (#184) (
b9e72f6) - drop access_tokens + refresh_tokens before users in CI teardown (#180) (
5d2e64a) - space note creates so cursor pagination is deterministic (#178) (
c3b413c) - lazy-load openapi registry inside GET handler (#178) (
db0ab48) - add tsx>esbuild to lavamoat.allowScripts as disabled (#178) (
500c50a) - restore nested next-intl/@swc/helpers@0.5.23 in package-lock.json (#178) (
31ec66b) - form inputs overflow their container on every screen (#24 follow-up) (
2be45c9)
Build / tooling
Chores
- strip diagnostics from picture upload + display path (
6521f57) - log Avatar source + load events to diagnose blank picture (
dbd0fa1) - introspect FormData ctor + parts to diagnose native send (
acb9e87) - log picker asset shape to diagnose FormDataPart error (
16f9e35) - bump rewriter diagnostic from console.log to console.warn (
8639d29) - instrument rewriter + upload catch to diagnose Android FormData path (
9a54364) - teach package-age check to walk pnpm-lock.yaml (#213) (
27a8bea) - ignore CVE-2026-12151 in Next.js bundled undici (
0c8fedb) - add lucide-react-native + nav icons (#210) (
3121888) - drop UI deps, prune public-route allowlist, refresh docs (#185) (
f01f0fd) - drop next-intl request config and tanstack query client (#185) (
93ea8a0) - delete root layout, providers, and PWA service worker (#185) (
d9961e8) - delete pwa screens, components, and themes (#185) (
b92ee95) - catalog keys for slice 2 screens (#184) (
2382bfe) - add en keys for profile/skills/experience client screens (#184) (
c629bfa) - bump vitest 2 → 4 + force vite 8 to clear OSV findings (#199) (
0ebe643) - scaffold @carol/client — Expo SDK 56 + Router + RN Web (#183) (
f752a5e) - scaffold @carol/api-client — package.json, tsconfig, vitest, eslint (#182) (
d147811) - restructure into pnpm workspaces — apps/api + placeholders (#181) (
6f626f5) - commit initial openapi.json (#178) (
0182366)
Documentation
- note /api/contracts in the paginated-endpoints list (
f0c3174) - fix the Expo Go recipe — don't pass --android (
85ed67d) - add CONTRIBUTING.md with local dev + build recipes (
f73958c) - refresh pagination section for #191 newly-paginated endpoints (
d868427) - wire @carol/api-client into CI + conventions doc + CLAUDE.md (#182) (
723c47b) - note bearer auth in CLAUDE.md, add ACCESS/REFRESH_TOKEN_TTL_SECONDS to README (#180) (
665a2e9) - name the PWA bundle as a release artifact in idea.md (#177) (
a4a4bb0) - adopt ADR-0027 for frontend/backend split (#177) (
0de0ec9)
Features
- link-session token for native OAuth linking (#245) (
be40c6f) - native clipboard via expo-clipboard (#218) (
55fc1fc) - contracts tab in the experience screen (
e14fdcd) - contracts catalog strings + contract_has_position key (
6170cbb) - contracts hooks + shared cache invalidation (
6b87f06) - contracts routes + DTOs + one-position invariant (
3a0f86f) - jobs.is_contract column + contract-aware repository (
563609a) - OAuth callback → bearer token handoff for native (#215) (
08f177d) - profile picture upload via expo-image-picker (#217) (
78f654e) - zod schema error messages → i18n catalog keys (#212) (
5fc6bcb) - linked-identities panel on the account screen (#216) (
32d0057) - show + change the configured server URL from the login screen (#235) (
1da0a58) - forgejo workflow for flatpak release (#188) (
4b19659) - flatpak manifest + desktop entry + icons (#188) (
5ec858a) - tauri shell wraps the expo web bundle (#188) (
5f67abf) - runtime URL plumbing distinguishes web vs tauri webview (#188) (
85e37ec) - public-route allowlist for new SW + manifest paths (#208) (
efdbfef) - service worker with precache + offline shell (#208) (
f4d02cc) - expo web manifest + icons (#208) (
4eb09d6) - tighter active-route + brand styling (#210) (
8666916) - native drawer + mobile hamburger (#210) (
22181ad) - theme + locale switchers in the sidebar footer (#210) (
9c3ac74) - collapse + expand sidebar with persistence (#210) (
ccab92d) - forgejo workflow for signed android release (#187) (
0d407f3) - android build wiring (prebuild + signing config) (#187) (
9a7bbd2) - runtime API URL settings + secure storage (#187) (
cbf6819) - sidebar nav shell on the (app) layout (
a6f543c) - port projects, applications, chat as placeholders (#184) (
73da311) - add education section to experience screen (#184) (
06b416b) - port network placeholder to expo router (#184) (
15afc2a) - port account screen to expo router (#184) (
9b426bd) - catch-all to serve the Expo Web bundle (#186) (
fdb2982) - cursor pagination on /api/account/tokens (#191) (
eac0a8e) - cursor pagination on /api/profile/contacts (#191) (
24fa7f7) - cursor pagination on /api/educations (#191) (
27e9a88) - adopt sort/filter on /api/notes (#192) (
ea37116) - parseFilter helper (#192) (
5616c38) - parseSort helper (#192) (
d57ff40) - port experience (jobs) screen to expo router (#184) (
ae699bf) - port skills screen to expo router (#184) (
231f5c5) - port profile screen to expo router (#184) (
ce9853f) - theme + i18n + auth glue + Notes reference + CI gates (#183) (
1c32b55) - POST /api/auth/token + /api/auth/refresh, OpenAPI registration, tests (#180) (
9a27217) - mint + verify access tokens, refresh-rotation w/ reuse detection (#180) (
c96b512) - access + refresh token tables w/ family_id for reuse detection (#180) (
b5273bc) - generate OpenAPI 3.1 spec from zod + CI drift gate (#178) (
b62db24) - cursor pagination on /api/notes + conventions doc (#179) (
b596155) - migrate user + settings DTOs to zod (#179) (
f1c84b2) - adopt RFC 7807 Problem Details across all routes (#179) (
168a2b0) - jobs, positions, contributions — three-tier career history (#24) (
570f73f)
Other
- Merge pull request 'fix(client): profile picture upload + display on android (#253, #256)' (#263) from fix-formdata-detection into main (
951bc51) - Merge pull request 'feat(api+client): link-session token for native OAuth linking (#245)' (#262) from 245-native-oauth-link-session into main (
0b350ac) - Merge pull request 'fix(test): include oauth_inits in postgres teardown table list' (#261) from fix-postgres-tests-oauth-inits into main (
1d3207a) - Merge pull request 'fix(client): profile picture upload + display on android (#253, #256) — second pass' (#260) from 253-256-android-profile-picture-2 into main (
25df282) - Merge pull request 'fix(client): keyboard-aware scroll + Enter-to-submit on forms (#254, #255)' (#258) from 254-255-keyboard-form-ux into main (
dd5adea) - Merge pull request 'fix(client): profile picture upload + display on android (#253, #256)' (#257) from 253-android-profile-picture into main (
052daf3) - Merge pull request 'feat(client): native clipboard via expo-clipboard (#218)' (#247) from 218-native-clipboard into main (
b479d9c) - Merge pull request 'fix(i18n): drop literal tags from empty-state strings' (#252) from 251-em-tags into main (
a458673) - Merge pull request 'feat(api+client): contracts feature (#25)' (#250) from 25-contracts into main (
e20a9e8) - Merge pull request 'feat(api+client): OAuth callback → bearer token handoff for native (#215)' (#249) from 215-oauth-native-bearer into main (
55f24fb) - Merge pull request 'feat(client): profile picture upload via expo-image-picker (#217)' (#248) from 217-profile-picture-upload into main (
2f06806) - Merge pull request 'feat(api): zod schema error messages → i18n catalog keys (#212)' (#246) from 212-zod-i18n into main (
38e5459) - Merge pull request 'feat(api+client): linked-identities panel on the account screen (#216)' (#244) from 216-linked-identities-panel into main (
d525373) - Merge pull request 'chore(ci): teach package-age check to walk pnpm-lock.yaml (#213)' (#242) from 213-pnpm-lock-package-ages into main (
425d9cb) - Merge pull request 'chore(security): ignore CVE-2026-12151 in Next.js bundled undici' (#240) from trivyignore-next-undici into main (
542dfd6) - Merge pull request 'feat(client): show + change the configured server URL from the login screen (#235)' (#238) from 235-login-server-url into main (
55277f7) - Merge pull request 'fix(deps): pin react-native to 0.85.3 via pnpm.overrides' (#232) from fix-rn-dedupe into main (
729f10c) - Merge pull request 'docs: add CONTRIBUTING.md with local dev + build recipes' (#231) from contributing-md into main (
0ee4841) - Merge pull request 'feat(client): linux flatpak via tauri shell (#188)' (#222) from 188-linux-flatpak into main (
e75e5aa) - Merge pull request 'feat(client): restore PWA install + offline shell via Expo (#208)' (#223) from 208-pwa-install-offline into main (
270d9ff) - Merge pull request 'feat(client): nav shell — icons, collapse, switchers, native drawer (#210)' (#211) from 210-nav-shell-features into main (
af8da7a) - Merge pull request 'feat(client): signed Android APK build with runtime API URL (#187)' (#207) from 187-android-build into main (
5a47d9f) - Merge pull request 'chore(api): decommission Next.js UI (#185)' (#209) from 185-decommission-nextjs-ui into main (
983dd57) - Merge pull request 'feat(client): port projects, applications, chat as placeholders (#184)' (#206) from 184-projects-applications-chat into main (
efb63f7) - Merge pull request 'feat(client): port account, network, education screens (#184)' (#205) from 184-people-account-slice into main (
bb3851d) - Merge pull request 'feat: single-container deployment — API serves the Expo Web bundle (#186)' (#204) from 186-single-container-deployment into main (
c6de397) - Merge pull request 'feat(api): cursor pagination on remaining flat lists (#191)' (#203) from 191-pagination-remaining-lists into main (
ae02f45) - Merge pull request 'feat(api): parseSort + parseFilter query helpers (#192)' (#202) from 192-sort-filter-helpers into main (
f3ecfd2) - Merge pull request 'feat(client): port profile/skills/experience screens (#184)' (#201) from 184-career-core-screens into main (
9cd4f7d) - Merge pull request 'chore(deps): bump vitest 2 → 4 + force vite 8 to clear OSV findings (#199)' (#200) from 199-bump-vitest-vite into main (
f2320c6) - Merge pull request 'feat(client): scaffold @carol/client — Expo Router + RN Web (#183)' (#198) from 183-expo-client-scaffolding into main (
8527d2a) - Merge pull request 'feat(api-client): generated typed client + TanStack Query hooks (#182)' (#197) from 182-generated-api-client into main (
ecf7f8c) - Merge pull request 'chore: restructure into pnpm workspaces — apps/api + placeholders (#181)' (#195) from 181-workspace-restructure into main (
511fc71) - Merge pull request 'feat(api): token-based auth — bearer + refresh (#180)' (#194) from 180-token-auth into main (
2851492) - Merge pull request 'feat(api): OpenAPI 3.1 spec generation + /api/openapi.json + CI drift gate (#178)' (#193) from 178-openapi-spec-generation into main (
54b936f) - Merge pull request 'feat(api): contract hardening — Problem Details, zod, pagination (#179)' (#190) from 179-api-contract-hardening into main (
826e340) - Merge pull request 'docs(adr): adopt ADR-0027 for frontend/backend split (#177)' (#189) from 177-adr-frontend-backend-split into main (
062daea) - Merge pull request 'feat(service+pwa): jobs, positions, contributions — three-tier career history (#24)' (#175) from 24-jobs-positions-contributions into main (
c2f3834) - Merge pull request 'refactor(pwa): add semantic colour tokens + migrate primitives off inlined hex (#149)' (#174) from 149-semantic-color-tokens into main (
20e7302)
Performance
- cache the access token in memory (
a5930f8)
Refactor
Tests
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:f5cc22626146df70ae94061ff19e36a55060d75d7164bd43d38c9ade925e461b cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:f5cc22626146df70ae94061ff19e36a55060d75d7164bd43d38c9ade925e461bDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- switch Avatar to expo-image so source.headers reach the network (#256) (