• v0.0.1-rc.25 7f1b8163db

    Carol v0.0.1-rc.25
    All checks were successful
    Secrets / gitleaks (push) Successful in 9s
    Release / Build, sign, and publish (push) Successful in 2m22s
    Release (Android) / Build, sign, attach (push) Successful in 13m48s
    Pre-release

    james released this 2026-06-29 18:56:40 +00:00 | 2 commits to main since this release

    Signed by james
    SSH key fingerprint: SHA256:vAv/s1UqS+brNCXATCv/JPKIc/j94WCgmQAszXM+m8s

    0.0.1-rc.25 — 2026-06-29

    Bug fixes

    • let native clients manage Personal Access Tokens (#386) (e5b51aa)
    • clear native session on logout so it doesn't auto-sign-in (8aebae4)
    • complete Android OAuth on cold start (#300) (fe806ee)
    • validate organizationId in the agent job/contract CRUD tools (#375) (481fa0d)
    • back navigation follows history, not always the landing screen (39f7346)

    Chores

    • scrub style={[...]} on DOM-leaf primitives + ESLint guardrail (#239) (1c35e77)

    Features

    • probe /api/health on server-setup save (#236) (df4fbc9)
    • link_job_to_org agent tool (#375 follow-up) (6b4a512)
    • link a Job/Contract employer to an Organization in the UI (#375) (c2ed86e)
    • link a Job/Contract's employer to a network Organization (#375) (9f79621)

    Other

    • Merge pull request 'fix(api): let native clients manage Personal Access Tokens (#386)' (#387) from 386-native-pat-management into main (7f1b816)
    • Merge pull request 'fix(client): clear the native session on logout' (#385) from fix/native-logout-clears-session into main (b074afe)
    • Merge pull request 'chore(client): scrub style={[...]} on DOM-leaf primitives + ESLint guardrail (#239)' (#384) from 239-style-array-scrub into main (e72419d)
    • Merge pull request 'fix(client): complete Android OAuth on cold start (#300)' (#383) from 300-oauth-cold-start into main (18f8ab4)
    • Merge pull request 'feat(client): probe /api/health on server-setup save (#236)' (#382) from 236-health-probe into main (0e11d37)
    • Merge pull request 'fix(api): validate organizationId in the agent job/contract CRUD tools (#375)' (#381) from validate-job-org-in-crud-tools into main (91e50a7)
    • Merge pull request 'test(e2e): cross-browser and mobile-viewport projects' (#380) from test/e2e-cross-browser-mobile into main (89d7f0d)
    • Merge pull request 'feat(api): link_job_to_org agent tool (#375 follow-up)' (#379) from link-job-to-org-tool into main (76b147b)
    • Merge pull request 'feat(client): link a Job/Contract employer to an Organization in the UI (#375)' (#378) from 375-job-org-link-client into main (9490829)
    • Merge pull request 'test(e2e): shared session, db reset, and admin spec' (#377) from test/e2e-infra-hardening into main (a8f904f)
    • Merge pull request 'feat(api): link a Job/Contract's employer to a network Organization (#375)' (#376) from 375-job-org-link-backend into main (25fe865)
    • Merge pull request 'test(e2e): add per-domain critical-path specs' (#335) from test/e2e-per-domain-specs into main (ad313e7)
    • Merge pull request 'fix(client): back navigation follows history, not always the landing screen' (#374) from fix-drawer-back-history into main (9035718)

    Tests

    • cross-browser and mobile-viewport projects (5ec412b)
    • shared session, db reset, and admin spec (33b8014)
    • rename masked-input placeholder to clear njsscan (0f8fb75)
    • add per-domain critical-path specs (cc04a7d)

    Verifying the image

    cosign verify \
      --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \
      forge.wynning.tech/james/carol@sha256:70a8536cb9ddc10cde89423fdba4cf5674ec65af88fe40778badb0c1b97b8e8f
    
    cosign verify-attestation \
      --type slsaprovenance1 \
      --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \
      forge.wynning.tech/james/carol@sha256:70a8536cb9ddc10cde89423fdba4cf5674ec65af88fe40778badb0c1b97b8e8f
    
    Downloads