-
Carol v0.0.1-rc.15
Pre-releasereleased this
2026-06-24 16:26:30 +00:00 | 120 commits to main since this release0.0.1-rc.15 — 2026-06-24
Bug fixes
- require expo/config-plugins re-export instead of undeclared @expo/config-plugins (#284) (
c721954) - COPY patches/ into deps stage so pnpm install can apply patchedDependencies (#282) (
2e8f4ae)
Other
- Merge pull request 'fix(android): require expo/config-plugins re-export from with-release-signing plugin' (#285) from 284-android-config-plugins-require into main (
0113f9a) - Merge pull request 'fix(docker): COPY patches/ into deps stage for pnpm patchedDependencies' (#283) from 282-dockerfile-patches-copy into main (
ae5e231)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:480ae2ff9689a170c4c789715a255aa9f2fd4ffed8376be75d856e90ae80da8c cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:480ae2ff9689a170c4c789715a255aa9f2fd4ffed8376be75d856e90ae80da8cDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- require expo/config-plugins re-export instead of undeclared @expo/config-plugins (#284) (
-
Carol v0.0.1-rc.13
Pre-releasereleased this
2026-06-24 12:54:35 +00:00 | 126 commits to main since this release0.0.1-rc.13 — 2026-06-24
Bug fixes
Features
- convert Projects to display-first view with Edit toggle (#273) (
58c81b4) - rename Account to Settings + pin to sidebar bottom (#271) (
a41efde) - mount PWA update toast in root layout (#225) (
3616ce3) - PWA update toast component (#225) (
b07d752) - service worker update detection hook (#225) (
4f8d53d) - service worker handles SKIP_WAITING message (#225) (
ad36ad2)
Other
- Merge pull request 'feat(client): convert Projects to display-first view + Edit toggle (#273)' (#276) from 273-projects-display-first into main (
dcea37d) - Merge pull request 'fix(i18n): use single-brace {count} in organisations count labels' (#275) from 272-orgs-count-interpolation into main (
ea91b4b) - Merge pull request 'feat(client): rename Account to Settings + pin to sidebar bottom (#271)' (#274) from 271-settings-sidebar-bottom into main (
be9de11) - Merge pull request 'feat(client): service-worker update toast (#225)' (#270) from 225-sw-update-toast into main (
5a09537)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:3d8a6cd652d0f3c51d28fd1e806eb186e49f365f1cbfadba20fc192bd0d9fce5 cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:3d8a6cd652d0f3c51d28fd1e806eb186e49f365f1cbfadba20fc192bd0d9fce5Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- convert Projects to display-first view with Edit toggle (#273) (
-
Carol v0.0.1-rc.12
Pre-releasereleased this
2026-06-24 12:18:31 +00:00 | 137 commits to main since this release0.0.1-rc.12 — 2026-06-24
Features
- network tabs and organization detail screen (#28) (
97f64f1) - hooks for organization detail, links, key-people (#28) (
93f67ad) - organizations routes for detail, links, key-people (#28) (
ddebd82) - expand organizations schema with description, links, key-people (#28) (
8d54269)
Other
- Merge pull request 'feat(api+client): organizations feature with links and key people (#28)' (#269) from 28-organizations-feature into main (
5ba43bd)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:881779f0d9ae52138b7ce2986a547e9187e96e6eee4020c3bb4832e4982db77a cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:881779f0d9ae52138b7ce2986a547e9187e96e6eee4020c3bb4832e4982db77aDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- network tabs and organization detail screen (#28) (
-
Carol v0.0.1-rc.11
Pre-releasereleased this
2026-06-24 02:20:45 +00:00 | 142 commits to main since this release0.0.1-rc.11 — 2026-06-24
Bug fixes
- sidebar follows app theme; collapsed brand row is a single tap target (
11aca71) - convert plural templates from ICU to i18next native format (
9417737)
Features
- network screen + person detail (#27) (
ed33886) - people + organizations hooks + regenerated typed client (#27) (
db63dc9) - /api/people and /api/organizations CRUD with nested sub-resources (#27) (
a5e5500) - people + organizations tables, repos, and dual-engine tests (#27) (
b47dda0) - sidebar redesign per design package (
79758dc) - page-level edit toggle on Profile (
754046d) - add profile.edit.* keys for page-level edit toggle (
895c6fc) - projects screen — list, create, edit, delete (#26) (
f701111) - projects screen catalog (#26) (
0c610d6) - projects hooks + regenerated typed client (#26) (
940eba2) - /api/projects CRUD + zod DTOs + openapi (#26) (
73ef109) - projects table + repository (#26) (
9217c16)
Other
- Merge pull request 'feat(api+client): people feature with relatives, met-through, organizations, and notes (#27)' (#268) from 27-people-feature into main (
837c9e9) - Merge pull request 'feat(client): sidebar redesign per design package' (#267) from sidebar-design-refresh into main (
20452bc) - Merge pull request 'feat(client): page-level edit toggle on Profile (per design package)' (#266) from profile-page-level-edit into main (
4f197af) - Merge pull request 'feat(api+client): projects feature (#26)' (#265) from 26-projects-feature into main (
e8ebebf) - Merge pull request 'fix(i18n): convert plural templates from ICU to i18next native format' (#264) from fix-plural-templates into main (
574b4d2)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:7f3cf72c8d0b54481961844805fa23f360121b93a0fd32b45d0f1acf96dac5b5 cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:7f3cf72c8d0b54481961844805fa23f360121b93a0fd32b45d0f1acf96dac5b5Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- sidebar follows app theme; collapsed brand row is a single tap target (
-
Carol v0.0.1-rc.10
Pre-releasereleased this
2026-06-23 20:40:35 +00:00 | 161 commits to main since this release0.0.1-rc.10 — 2026-06-23
Bug fixes
- switch Avatar to expo-image so source.headers reach the network (#256) (
9869485) - use expo-file-system File for native picture upload (#253, fifth attempt) (
d1705d7) - bypass URL rewriter for picture upload (#253, fourth attempt) (
b9e3989) - strip wrong Content-Type on multipart so RN regenerates it (
b71fbe8) - detect FormData via RN polyfill private field, not just Content-Type (
d17bd65) - include oauth_inits in postgres teardown table list (
4151e9c) - profile picture upload + display on android (#253, #256) — second pass (
7c4fde0) - wire Enter-to-submit across form-bearing screens (#255) (
2500c7a) - keyboard-aware scroll across form-bearing screens (#254) (
3a3d3cc) - profile picture renders on android (#256) (
9832f11) - profile picture upload works on android (#253) (
60413aa) - drop literal tags from empty-state strings (
fb82042) - configure i18next for single-brace {var} interpolation (
4ca1356) - domain routes accept bearer tokens, not just session (
4246d17) - give the sidebar shell flex: 1 so the nav list renders (
ceb6780) - respect the status-bar inset in the mobile header (
7c4c969) - /api/auth/me accepts bearer tokens, not session-only (
a813f2a) - invalidate useMe cache after login (
f7b33be) - iterate Headers explicitly when rewriting Request (
69bb01e) - middlewares return undefined when not modifying (
827ef5b) - explicitly copy request body in the off-origin rewriter (
74c70c9) - rewrite relative URLs in the off-origin rewriter (
745e3b1) - pin react-native to 0.85.3 via pnpm.overrides (
f85521e) - pin react + react-dom to 19.2.3 via pnpm.overrides (
ab2ed62) - loosen react pin so the bundle ships one copy (
7546fd7) - make SPA catch-all optional so
/serves index.html (#185) (bc045c0) - unwrap cursor pagination envelope on flat-list hooks (#184) (
b9e72f6) - drop access_tokens + refresh_tokens before users in CI teardown (#180) (
5d2e64a) - space note creates so cursor pagination is deterministic (#178) (
c3b413c) - lazy-load openapi registry inside GET handler (#178) (
db0ab48) - add tsx>esbuild to lavamoat.allowScripts as disabled (#178) (
500c50a) - restore nested next-intl/@swc/helpers@0.5.23 in package-lock.json (#178) (
31ec66b) - form inputs overflow their container on every screen (#24 follow-up) (
2be45c9)
Build / tooling
Chores
- strip diagnostics from picture upload + display path (
6521f57) - log Avatar source + load events to diagnose blank picture (
dbd0fa1) - introspect FormData ctor + parts to diagnose native send (
acb9e87) - log picker asset shape to diagnose FormDataPart error (
16f9e35) - bump rewriter diagnostic from console.log to console.warn (
8639d29) - instrument rewriter + upload catch to diagnose Android FormData path (
9a54364) - teach package-age check to walk pnpm-lock.yaml (#213) (
27a8bea) - ignore CVE-2026-12151 in Next.js bundled undici (
0c8fedb) - add lucide-react-native + nav icons (#210) (
3121888) - drop UI deps, prune public-route allowlist, refresh docs (#185) (
f01f0fd) - drop next-intl request config and tanstack query client (#185) (
93ea8a0) - delete root layout, providers, and PWA service worker (#185) (
d9961e8) - delete pwa screens, components, and themes (#185) (
b92ee95) - catalog keys for slice 2 screens (#184) (
2382bfe) - add en keys for profile/skills/experience client screens (#184) (
c629bfa) - bump vitest 2 → 4 + force vite 8 to clear OSV findings (#199) (
0ebe643) - scaffold @carol/client — Expo SDK 56 + Router + RN Web (#183) (
f752a5e) - scaffold @carol/api-client — package.json, tsconfig, vitest, eslint (#182) (
d147811) - restructure into pnpm workspaces — apps/api + placeholders (#181) (
6f626f5) - commit initial openapi.json (#178) (
0182366)
Documentation
- note /api/contracts in the paginated-endpoints list (
f0c3174) - fix the Expo Go recipe — don't pass --android (
85ed67d) - add CONTRIBUTING.md with local dev + build recipes (
f73958c) - refresh pagination section for #191 newly-paginated endpoints (
d868427) - wire @carol/api-client into CI + conventions doc + CLAUDE.md (#182) (
723c47b) - note bearer auth in CLAUDE.md, add ACCESS/REFRESH_TOKEN_TTL_SECONDS to README (#180) (
665a2e9) - name the PWA bundle as a release artifact in idea.md (#177) (
a4a4bb0) - adopt ADR-0027 for frontend/backend split (#177) (
0de0ec9)
Features
- link-session token for native OAuth linking (#245) (
be40c6f) - native clipboard via expo-clipboard (#218) (
55fc1fc) - contracts tab in the experience screen (
e14fdcd) - contracts catalog strings + contract_has_position key (
6170cbb) - contracts hooks + shared cache invalidation (
6b87f06) - contracts routes + DTOs + one-position invariant (
3a0f86f) - jobs.is_contract column + contract-aware repository (
563609a) - OAuth callback → bearer token handoff for native (#215) (
08f177d) - profile picture upload via expo-image-picker (#217) (
78f654e) - zod schema error messages → i18n catalog keys (#212) (
5fc6bcb) - linked-identities panel on the account screen (#216) (
32d0057) - show + change the configured server URL from the login screen (#235) (
1da0a58) - forgejo workflow for flatpak release (#188) (
4b19659) - flatpak manifest + desktop entry + icons (#188) (
5ec858a) - tauri shell wraps the expo web bundle (#188) (
5f67abf) - runtime URL plumbing distinguishes web vs tauri webview (#188) (
85e37ec) - public-route allowlist for new SW + manifest paths (#208) (
efdbfef) - service worker with precache + offline shell (#208) (
f4d02cc) - expo web manifest + icons (#208) (
4eb09d6) - tighter active-route + brand styling (#210) (
8666916) - native drawer + mobile hamburger (#210) (
22181ad) - theme + locale switchers in the sidebar footer (#210) (
9c3ac74) - collapse + expand sidebar with persistence (#210) (
ccab92d) - forgejo workflow for signed android release (#187) (
0d407f3) - android build wiring (prebuild + signing config) (#187) (
9a7bbd2) - runtime API URL settings + secure storage (#187) (
cbf6819) - sidebar nav shell on the (app) layout (
a6f543c) - port projects, applications, chat as placeholders (#184) (
73da311) - add education section to experience screen (#184) (
06b416b) - port network placeholder to expo router (#184) (
15afc2a) - port account screen to expo router (#184) (
9b426bd) - catch-all to serve the Expo Web bundle (#186) (
fdb2982) - cursor pagination on /api/account/tokens (#191) (
eac0a8e) - cursor pagination on /api/profile/contacts (#191) (
24fa7f7) - cursor pagination on /api/educations (#191) (
27e9a88) - adopt sort/filter on /api/notes (#192) (
ea37116) - parseFilter helper (#192) (
5616c38) - parseSort helper (#192) (
d57ff40) - port experience (jobs) screen to expo router (#184) (
ae699bf) - port skills screen to expo router (#184) (
231f5c5) - port profile screen to expo router (#184) (
ce9853f) - theme + i18n + auth glue + Notes reference + CI gates (#183) (
1c32b55) - POST /api/auth/token + /api/auth/refresh, OpenAPI registration, tests (#180) (
9a27217) - mint + verify access tokens, refresh-rotation w/ reuse detection (#180) (
c96b512) - access + refresh token tables w/ family_id for reuse detection (#180) (
b5273bc) - generate OpenAPI 3.1 spec from zod + CI drift gate (#178) (
b62db24) - cursor pagination on /api/notes + conventions doc (#179) (
b596155) - migrate user + settings DTOs to zod (#179) (
f1c84b2) - adopt RFC 7807 Problem Details across all routes (#179) (
168a2b0) - jobs, positions, contributions — three-tier career history (#24) (
570f73f)
Other
- Merge pull request 'fix(client): profile picture upload + display on android (#253, #256)' (#263) from fix-formdata-detection into main (
951bc51) - Merge pull request 'feat(api+client): link-session token for native OAuth linking (#245)' (#262) from 245-native-oauth-link-session into main (
0b350ac) - Merge pull request 'fix(test): include oauth_inits in postgres teardown table list' (#261) from fix-postgres-tests-oauth-inits into main (
1d3207a) - Merge pull request 'fix(client): profile picture upload + display on android (#253, #256) — second pass' (#260) from 253-256-android-profile-picture-2 into main (
25df282) - Merge pull request 'fix(client): keyboard-aware scroll + Enter-to-submit on forms (#254, #255)' (#258) from 254-255-keyboard-form-ux into main (
dd5adea) - Merge pull request 'fix(client): profile picture upload + display on android (#253, #256)' (#257) from 253-android-profile-picture into main (
052daf3) - Merge pull request 'feat(client): native clipboard via expo-clipboard (#218)' (#247) from 218-native-clipboard into main (
b479d9c) - Merge pull request 'fix(i18n): drop literal tags from empty-state strings' (#252) from 251-em-tags into main (
a458673) - Merge pull request 'feat(api+client): contracts feature (#25)' (#250) from 25-contracts into main (
e20a9e8) - Merge pull request 'feat(api+client): OAuth callback → bearer token handoff for native (#215)' (#249) from 215-oauth-native-bearer into main (
55f24fb) - Merge pull request 'feat(client): profile picture upload via expo-image-picker (#217)' (#248) from 217-profile-picture-upload into main (
2f06806) - Merge pull request 'feat(api): zod schema error messages → i18n catalog keys (#212)' (#246) from 212-zod-i18n into main (
38e5459) - Merge pull request 'feat(api+client): linked-identities panel on the account screen (#216)' (#244) from 216-linked-identities-panel into main (
d525373) - Merge pull request 'chore(ci): teach package-age check to walk pnpm-lock.yaml (#213)' (#242) from 213-pnpm-lock-package-ages into main (
425d9cb) - Merge pull request 'chore(security): ignore CVE-2026-12151 in Next.js bundled undici' (#240) from trivyignore-next-undici into main (
542dfd6) - Merge pull request 'feat(client): show + change the configured server URL from the login screen (#235)' (#238) from 235-login-server-url into main (
55277f7) - Merge pull request 'fix(deps): pin react-native to 0.85.3 via pnpm.overrides' (#232) from fix-rn-dedupe into main (
729f10c) - Merge pull request 'docs: add CONTRIBUTING.md with local dev + build recipes' (#231) from contributing-md into main (
0ee4841) - Merge pull request 'feat(client): linux flatpak via tauri shell (#188)' (#222) from 188-linux-flatpak into main (
e75e5aa) - Merge pull request 'feat(client): restore PWA install + offline shell via Expo (#208)' (#223) from 208-pwa-install-offline into main (
270d9ff) - Merge pull request 'feat(client): nav shell — icons, collapse, switchers, native drawer (#210)' (#211) from 210-nav-shell-features into main (
af8da7a) - Merge pull request 'feat(client): signed Android APK build with runtime API URL (#187)' (#207) from 187-android-build into main (
5a47d9f) - Merge pull request 'chore(api): decommission Next.js UI (#185)' (#209) from 185-decommission-nextjs-ui into main (
983dd57) - Merge pull request 'feat(client): port projects, applications, chat as placeholders (#184)' (#206) from 184-projects-applications-chat into main (
efb63f7) - Merge pull request 'feat(client): port account, network, education screens (#184)' (#205) from 184-people-account-slice into main (
bb3851d) - Merge pull request 'feat: single-container deployment — API serves the Expo Web bundle (#186)' (#204) from 186-single-container-deployment into main (
c6de397) - Merge pull request 'feat(api): cursor pagination on remaining flat lists (#191)' (#203) from 191-pagination-remaining-lists into main (
ae02f45) - Merge pull request 'feat(api): parseSort + parseFilter query helpers (#192)' (#202) from 192-sort-filter-helpers into main (
f3ecfd2) - Merge pull request 'feat(client): port profile/skills/experience screens (#184)' (#201) from 184-career-core-screens into main (
9cd4f7d) - Merge pull request 'chore(deps): bump vitest 2 → 4 + force vite 8 to clear OSV findings (#199)' (#200) from 199-bump-vitest-vite into main (
f2320c6) - Merge pull request 'feat(client): scaffold @carol/client — Expo Router + RN Web (#183)' (#198) from 183-expo-client-scaffolding into main (
8527d2a) - Merge pull request 'feat(api-client): generated typed client + TanStack Query hooks (#182)' (#197) from 182-generated-api-client into main (
ecf7f8c) - Merge pull request 'chore: restructure into pnpm workspaces — apps/api + placeholders (#181)' (#195) from 181-workspace-restructure into main (
511fc71) - Merge pull request 'feat(api): token-based auth — bearer + refresh (#180)' (#194) from 180-token-auth into main (
2851492) - Merge pull request 'feat(api): OpenAPI 3.1 spec generation + /api/openapi.json + CI drift gate (#178)' (#193) from 178-openapi-spec-generation into main (
54b936f) - Merge pull request 'feat(api): contract hardening — Problem Details, zod, pagination (#179)' (#190) from 179-api-contract-hardening into main (
826e340) - Merge pull request 'docs(adr): adopt ADR-0027 for frontend/backend split (#177)' (#189) from 177-adr-frontend-backend-split into main (
062daea) - Merge pull request 'feat(service+pwa): jobs, positions, contributions — three-tier career history (#24)' (#175) from 24-jobs-positions-contributions into main (
c2f3834) - Merge pull request 'refactor(pwa): add semantic colour tokens + migrate primitives off inlined hex (#149)' (#174) from 149-semantic-color-tokens into main (
20e7302)
Performance
- cache the access token in memory (
a5930f8)
Refactor
Tests
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:f5cc22626146df70ae94061ff19e36a55060d75d7164bd43d38c9ade925e461b cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:f5cc22626146df70ae94061ff19e36a55060d75d7164bd43d38c9ade925e461bDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- switch Avatar to expo-image so source.headers reach the network (#256) (
-
Carol v0.0.1-rc.9
Pre-releasereleased this
2026-06-20 04:09:19 +00:00 | 315 commits to main since this release0.0.1-rc.9 — 2026-06-20
Bug fixes
- wire favicon + apple-touch-icon to existing /icon assets (
521b34c) - give the page lede breathing room from the h1 (#141) (
edd63a4) - disable Renovate grouping; one PR per dep (#127) (
93d98b2) - update npm production deps to ^0.17.0 (
73204f5)
Build / tooling
- pin local + CI tool versions in
.tool-versions(#157) (ccfdde2) - regenerate lockfile under npm 10 to add @swc/helpers peer dep (
1aec334)
CI
Chores
- update sigstore/cosign-installer action to v3.10.1 (
0af2c12) - update actions/checkout digest to df4cb1c (
aa40645) - update docker/login-action digest to c94ce9f (
ff0f9fd) - update docker/dockerfile docker tag to v1.24 (
b2ce901) - update dockerfile base images to v24 (
ac69d61)
Documentation
- adopt Carol's voice in user-facing copy (#145) (
8ab67c5) - compact CLAUDE.md by offloading restated detail (#151) (
e741d1e) - document APP_URL requirement for reverse-proxied deployments (#99) (
8c336e7) - self-hoster setup + env-var reference; CLAUDE.md convention to keep it current (#114) (
e074562)
Features
- rebuild /experience with subnav + view/edit toggle (#144) (
e4b1068) - rebuild /skills against DS primitives + view/edit toggle (#143) (
82be92b) - rebuild /profile against DS primitives + view/edit toggle (#142) (
724f3a7) - rebuild /account/tokens against DS primitives + tokens (#141) (
f40f12b) - rebuild /account against DS primitives + tokens (#141) (
ae69bb0) - collapsable sidebar with narrow-viewport drawer (#162) (
7c56d3b) - replace top-nav with left sidebar app shell (#140) (
66a6159) - adopt next-intl + migrate every visible string (#146) (
c40623a) - in-tree component primitives + /dev/components showcase (#139) (
e729a7d) - adopt Carol DS token surface with --color-* bridge (#138) (
da2c7b8) - Personal Access Tokens — agent-runtime authentication (#49) (
be3710c) - Education feature — per-user education history (#23) (
fda4a04) - Skills feature — user-orderable sections + nested skills (
f71a259)
Other
- Merge pull request 'docs(pwa): adopt Carol's voice in user-facing copy (#145)' (#173) from 145-voice-rewrite into main (
3eaa296) - Merge pull request 'feat(pwa): rebuild /experience with subnav + view/edit toggle (#144)' (#172) from 144-experience-ds-rebuild into main (
1ebc4aa) - Merge pull request 'feat(pwa): rebuild /skills against DS primitives + view/edit toggle (#143)' (#170) from 143-skills-ds-rebuild into main (
d24a0f9) - Merge pull request 'fix(pwa): wire favicon + apple-touch-icon to existing /icon assets' (#171) from chore-favicon-metadata into main (
0f6e3ce) - Merge pull request 'feat(pwa): rebuild /profile against DS primitives + view/edit toggle (#142)' (#169) from 142-profile-ds-rebuild into main (
ea6f724) - Merge pull request 'feat(pwa): rebuild /account against DS primitives + tokens (#141)' (#167) from 141-account-ds-rebuild into main (
b7dfc87) - Merge pull request 'feat(pwa): collapsable sidebar + narrow-viewport drawer (#162)' (#166) from 162-sidebar-collapse into main (
fca6d75) - Merge pull request 'feat(pwa): replace top-nav with left sidebar app shell (#140)' (#161) from 140-app-shell-sidebar into main (
f7aed4d) - Merge pull request 'chore(deps): update sigstore/cosign-installer action to v3.10.1' (#159) from renovate-sigstore-cosign-installer-3.x into main (
eae5b94) - Merge pull request 'chore(deps): update actions/checkout digest to df4cb1c' (#154) from renovate-actions-checkout-digest into main (
238742e) - Merge pull request 'chore(deps): update docker/login-action digest to c94ce9f' (#155) from renovate-docker-login-action-digest into main (
4ca8e8c) - Merge pull request 'chore(deps): update docker/dockerfile docker tag to v1.24' (#156) from renovate-docker-dockerfile-1.x into main (
6c0996d) - Merge pull request 'build: pin local + CI tool versions in
.tool-versions(#157)' (#158) from 157-pin-tool-versions into main (05f24c2) - Merge pull request 'feat(i18n): adopt next-intl + migrate every visible string (#146)' (#153) from 146-i18n into main (
8c96b92) - Merge pull request 'docs: compact CLAUDE.md by offloading restated detail (#151)' (#152) from 151-compact-claudemd into main (
f1d1919) - Merge pull request 'feat(ui): in-tree component primitives + /dev/components showcase (#139)' (#148) from 139-ui-primitives into main (
17437cd) - Merge pull request 'feat(themes): adopt Carol DS token surface with
--color-*bridge (#138)' (#147) from 138-ds-tokens into main (d109c8b) - Merge pull request 'ci(security): flag <30d-old packages introduced by a PR (#136)' (#137) from 136-package-age-check into main (
7cb066f) - Merge pull request 'feat(auth): Personal Access Tokens — agent-runtime authentication (#49)' (#135) from 49-personal-access-tokens into main (
f323e17) - Merge pull request 'fix(ci): disable Renovate grouping; one PR per dep (#127)' (#130) from 126-renovate-no-grouping into main (
1817228) - Merge pull request 'feat: Education feature — per-user education history (#23)' (#128) from 23-education into main (
c88bf0c) - Merge pull request 'feat: Skills feature — user-orderable sections + nested skills (#22)' (#126) from 22-skills into main (
06be170) - Merge pull request 'chore(deps): update dockerfile base images (major)' (#122) from renovate-major-dockerfile-base-images into main (
a9eaa8f) - Merge pull request 'docs(auth): document APP_URL requirement for reverse-proxied deployments (#99)' (#125) from 99-app-url-docs into main (
fc501f0) - Merge pull request 'fix(deps): update npm production deps to ^0.17.0' (#121) from renovate-npm-production-deps into main (
751310d) - Merge pull request 'docs(readme): self-hoster setup + env-var reference; CLAUDE.md convention to keep it current (#114)' (#118) from 114-readme-config into main (
276ee6a)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:37c359579ef30693a2fa23d30ece5116b7b26c22d98401b902927593a745e564 cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:37c359579ef30693a2fa23d30ece5116b7b26c22d98401b902927593a745e564Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- wire favicon + apple-touch-icon to existing /icon assets (
-
Carol v0.0.1-rc.8
Pre-releasereleased this
2026-06-18 14:20:46 +00:00 | 370 commits to main since this release0.0.1-rc.8 — 2026-06-18
Features
- per-instance opt-out for the email_verified strict check (
a8167cc)
Other
- Merge pull request 'feat(auth): per-instance opt-out for the email_verified strict check (#115)' (#117) from 115-oidc-email-verified-optional into main (
bcf1f92)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:6d2b01d694c0be175d62a7bfbc668b5419c06fabf5c3a7353f2b5ac0e0e3db57 cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:6d2b01d694c0be175d62a7bfbc668b5419c06fabf5c3a7353f2b5ac0e0e3db57Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- per-instance opt-out for the email_verified strict check (
-
Carol v0.0.1-rc.7
Pre-releasereleased this
2026-06-18 13:49:03 +00:00 | 372 commits to main since this release0.0.1-rc.7 — 2026-06-18
Bug fixes
- use execFileSync for git diff in coverage script (
92e4c55) - drop per-rule rangeStrategy from npm-majors packageRule (#94) (
7c601e6) - route scanner-comment API calls via internal Forgejo URL (#104) (
ac39bcb) - post-callback redirect honors APP_URL (reverse-proxy) (
c3777b9)
CI
- coverage report with soft targets as sticky PR comment (
f02519a) - add workflow_dispatch workflow for ad-hoc feature-branch images (#108) (
6352947)
Features
- name, contact details, picture, title statement, brief (#21) (
052393a) - OIDC userinfo fallback for email / email_verified (
a694e94)
Other
- Merge pull request 'ci(test): coverage report with soft targets as sticky PR comment (#110)' (#111) from 110-ci-coverage into main (
dd99a7f) - Merge pull request 'fix(ci): drop per-rule rangeStrategy from npm-majors packageRule (#94)' (#112) from 94-renovate-config-fix into main (
ceb8282) - Merge pull request 'feat(profile): name, contact details, picture, title statement, brief (#21)' (#113) from 21-profile into main (
de86751) - Merge pull request 'ci(build): add workflow_dispatch workflow for ad-hoc feature-branch images (#108)' (#109) from 108-feature-branch-image-workflow into main (
ae98e91) - Merge pull request 'fix(ci): route scanner-comment API calls via internal Forgejo URL (#104)' (#107) from 99-forgejo-api-url-override into main (
b19de99) - Merge pull request 'feat(auth): OIDC userinfo fallback for email / email_verified (#105)' (#106) from 105-oidc-userinfo-fallback into main (
4de8b7c) - Merge pull request 'fix(auth): post-callback redirect honors APP_URL (reverse-proxy) (#102)' (#103) from 102-redirect-honor-app-url into main (
5afe834)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:716a7334db60b1292a475238db30b45aee926cab9ee8fc3a3306fa6e354be00e cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:716a7334db60b1292a475238db30b45aee926cab9ee8fc3a3306fa6e354be00eDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- use execFileSync for git diff in coverage script (
-
Carol v0.0.1-rc.6
Pre-releasereleased this
2026-06-18 03:51:27 +00:00 | 387 commits to main since this release0.0.1-rc.6 — 2026-06-18
Features
- surface OIDC callback errors with distinct codes + log cause (
6fd6509)
Other
- Merge pull request 'feat(auth): surface OIDC callback errors with distinct codes + log cause (#100)' (#101) from 100-oauth-callback-diagnostics into main (
73ddb10)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:61a8f71badb030717e690d038c0291feb9af0bdc7bdde1c33198f2426c58ceed cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:61a8f71badb030717e690d038c0291feb9af0bdc7bdde1c33198f2426c58ceedDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- surface OIDC callback errors with distinct codes + log cause (
-
Carol v0.0.1-rc.5
Pre-releasereleased this
2026-06-18 03:20:52 +00:00 | 389 commits to main since this release0.0.1-rc.5 — 2026-06-18
Features
- generic OIDC provider with discovery + per-endpoint overrides (
72a5af9)
Other
- Merge pull request 'feat(auth): generic OIDC provider with discovery + per-endpoint overrides (#85)' (#96) from 85-oidc into main (
fbcd705) - Merge pull request 'ci(security): post scanner findings as sticky PR comments (#68)' (#95) from 68-sticky-scanner-comments into main (
dd2f321)
Verifying the image
cosign verify \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:2cde81b89e65aa2f5f6c1f0dd3a173ee1ef8fef0a5bfe132b66b546e8f575730 cosign verify-attestation \ --type slsaprovenance1 \ --key https://forge.wynning.tech/james/carol/raw/branch/main/cosign.pub \ forge.wynning.tech/james/carol@sha256:2cde81b89e65aa2f5f6c1f0dd3a173ee1ef8fef0a5bfe132b66b546e8f575730Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- generic OIDC provider with discovery + per-endpoint overrides (