Changelog
What shipped, version by version
Tagged releases with signed artifacts. The full, technical changelog and the live commit stream both live in the open.
- 0.1.0-alpha.1Signed release →
First tagged release. The daemon, CLI, and operator console are usable end to end, and every release artifact is signed in CI with cosign keyless OIDC.
Added- covenant bootstrap grants the capabilities a fresh install needs, so the first intent works out of the box.
- Operator console overhaul: tasks, permissions, memory, messages, agents, spending, and the activity log rewritten for non-technical operators, with a command palette.
- Plain-English capability titles across the console and CLI.
- Source installer with dry-run, upgrade preflight, and rollback.
- Multi-platform release workflow (macOS arm64 and x86_64, Linux x86_64) with SHA-256 checksums and cosign signatures.
Changed- Getting-started and demo docs rewritten around the current CLI; alpha framing replaced with versioned releases.
- First-task errors point users at covenant bootstrap instead of granting each capability by hand.
Security- Capability trust root enforced at every verify callsite; the daemon refuses self-granted operator capabilities.
- Constant-time peer-token comparison; the audit chain refuses to rebuild on a length mismatch.
- CI hardening: per-job timeouts, no persisted credentials, CodeQL, and cargo-audit integrity checks.