chore: write v0.8.0-rc1 changelog
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
parent
8e0b938dc0
commit
36e1fd0727
138
CHANGELOG.md
138
CHANGELOG.md
@ -7,6 +7,144 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
## [0.8.0-rc1] - 2026-03-11
|
||||
|
||||
### Added
|
||||
|
||||
#### W3C Identity & Credentials
|
||||
- W3C DID Core v1.0 compliant DID Document generation (`did:key` method)
|
||||
- DID Document verification and cross-node resolution over Tor
|
||||
- JSON-LD Verifiable Credentials (VC Data Model 2.0, Ed25519Signature2020 proofs)
|
||||
- Verifiable Presentation creation with selective disclosure
|
||||
- Credentials management UI at `/dashboard/web5/credentials`
|
||||
|
||||
#### Decentralized Web Node (DWN)
|
||||
- DWN message store with CRUD, protocol registration, and query interface
|
||||
- DWN HTTP API (`POST /dwn`, `GET /dwn/health`)
|
||||
- Bidirectional peer sync over Tor via SOCKS proxy
|
||||
- DWN management UI in Web5 page with protocol browser
|
||||
|
||||
#### Multi-Node Federation
|
||||
- Node federation protocol with invite codes (`fed1:` prefix), trust levels, state sync
|
||||
- Federation dashboard at `/dashboard/server/federation`
|
||||
- Federated app deployment to trusted peers over Tor
|
||||
- Architecture documented in `docs/multi-node-architecture.md`
|
||||
|
||||
#### Decentralized Marketplace
|
||||
- NIP-78 Nostr-based app manifest discovery across relays
|
||||
- Trust scoring (0-100) based on DID verification, relay consensus, federation trust
|
||||
- App manifest publishing with Nostr secp256k1 signing
|
||||
- Community marketplace tab in App Store with trust score badges
|
||||
|
||||
#### Networking
|
||||
- VPN integration (Tailscale + WireGuard) with keypair generation and status display
|
||||
- Mesh networking via Meshtastic LoRa devices with node discovery
|
||||
- DNS-over-HTTPS configuration (Cloudflare, Google, Quad9, Mullvad, Custom)
|
||||
- WiFi/Ethernet configuration via `nmcli` with scan-and-connect modal
|
||||
- Network interfaces display in Server page
|
||||
|
||||
#### Hardware Wallet Support
|
||||
- PSBT signing flow (create, QR display, finalize, broadcast)
|
||||
- USB hardware wallet detection (ColdCard, Trezor, Ledger)
|
||||
- Hardware wallet signing UI in LND views
|
||||
|
||||
#### System Management
|
||||
- System monitoring (CPU, RAM, disk gauges on Dashboard)
|
||||
- Automatic update system with download, apply, rollback, and scheduling
|
||||
- Disk space management with auto-cleanup at 90% usage
|
||||
- Container health monitoring with auto-recovery (max 3 restart attempts)
|
||||
- Crash recovery via PID-file detection and container snapshot restoration
|
||||
- Graceful shutdown with in-flight request draining (5s timeout)
|
||||
|
||||
#### Backup & Restore
|
||||
- Full backup with tar.gz + ChaCha20-Poly1305 encryption
|
||||
- Backup create, list, verify, restore, delete via RPC
|
||||
- USB drive detection and backup-to-USB
|
||||
- Backup UI in Settings page
|
||||
|
||||
#### Kiosk Mode
|
||||
- Chromium kiosk with auto-restart and watchdog service
|
||||
- Recovery page at `/recovery` (no auth required)
|
||||
- Kiosk keyboard shortcuts (Ctrl+Shift+R/H/Q)
|
||||
- Systemd services for kiosk and watchdog
|
||||
|
||||
#### ARM64 Support
|
||||
- Cross-compilation for aarch64 with rustls-tls
|
||||
- All 6 core apps verified with multi-arch images
|
||||
- Parameterized ISO build script (`ARCH=arm64`)
|
||||
- RPi 5 testing guide
|
||||
|
||||
#### Testing
|
||||
- 236 frontend tests across 17 test files (Vitest)
|
||||
- 124+ backend tests (cargo test)
|
||||
- Playwright visual regression suite (12 pages)
|
||||
- Chaos testing (SIGKILL recovery, concurrent RPC, rapid restarts)
|
||||
- App lifecycle testing and dependency chain verification
|
||||
- 1-week continuous uptime monitoring
|
||||
|
||||
#### Documentation
|
||||
- Developer guide, API reference (100+ endpoints), app developer SDK guide
|
||||
- 5 Architecture Decision Records (Podman, DID:key, Nostr, Tor, ChaCha20)
|
||||
- Release process, canary deploy, quality baseline documentation
|
||||
|
||||
### Changed
|
||||
- Settings sections use `glass-card` instead of `path-option-card`
|
||||
- Web3 card shows "Coming Soon" badges instead of fake data
|
||||
- Network diagnostics moved from Settings to Server page
|
||||
- Removed `core/startos/` (2MB of dead code, zero dependencies)
|
||||
|
||||
### Fixed
|
||||
- CSRF protection on all state-changing RPC calls
|
||||
- CORS restricted to same-origin (removed `Access-Control-Allow-Origin: *`)
|
||||
- Nginx security headers (X-Frame-Options, CSP, X-Content-Type-Options)
|
||||
- All 24 silent catch blocks now log in dev mode
|
||||
- Zero `console.log` outside dev gate, zero `any` types
|
||||
|
||||
### Security
|
||||
- CSRF token validation on all state-changing endpoints
|
||||
- Same-origin CORS policy
|
||||
- Nginx security headers (SAMEORIGIN, nosniff, CSP, Referrer-Policy)
|
||||
- Container security hardened (readonly root, dropped caps, non-root, no-new-privileges)
|
||||
- Secrets rotation with AES-256-GCM and automatic scheduling
|
||||
|
||||
## [0.5.0-beta] - 2026-03-11
|
||||
|
||||
### Added
|
||||
|
||||
#### Security Hardening
|
||||
- Session inactivity expiry (24h), max 5 concurrent sessions with oldest eviction
|
||||
- Session rotation on password change (invalidates all other sessions)
|
||||
- Container security: `--cap-drop=ALL`, `--security-opt=no-new-privileges:true`, read-only root
|
||||
- Secrets rotation with AES-256-GCM encryption and metadata tracking
|
||||
- Path traversal prevention (nginx regex blocks + client-side sanitizePath)
|
||||
- Cookie-based auth for File Browser (removed token from URLs)
|
||||
- Login rate limiting (5 failures per 60s per IP)
|
||||
- TOTP two-factor authentication with backup codes
|
||||
|
||||
#### Performance
|
||||
- Backend startup: ~100ms
|
||||
- Frontend bundle: ~105 KB gzipped initial load
|
||||
- WebSocket heartbeat (30s ping/pong) with exponential backoff reconnection
|
||||
- Server-side 5-minute inactivity timeout for stale WebSocket connections
|
||||
- Real-time install progress reporting via WebSocket during container pulls
|
||||
- Connection state machine (connecting/connected/disconnecting/disconnected)
|
||||
|
||||
#### Apps & Integrations
|
||||
- Pinned all container images to specific versions (no `:latest` tags)
|
||||
- Fedimint and Fedimint Gateway with auto-LND detection
|
||||
- IndeedHub virtual app integration
|
||||
- Expanded read-only root filesystem support (electrs, nostr-relay, ollama)
|
||||
- Dependency chain validation (Bitcoin → Electrs → Mempool, Bitcoin → LND)
|
||||
|
||||
#### Documentation
|
||||
- Comprehensive user guide (docs/user-guide.md)
|
||||
- Beta release checklist (docs/BETA-RELEASE-CHECKLIST.md)
|
||||
- 72-hour stability test script
|
||||
|
||||
### Fixed
|
||||
- Penpot hardcoded secret key replaced with SHA256-derived key
|
||||
- WebSocket reconnection reliability after network interruption
|
||||
|
||||
## [0.1.0] - 2026-01-28
|
||||
|
||||
### 🎉 Initial Release
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user