Skip to content

Commit e6d054f

Browse files
committed
Release v0.8.0
1 parent bdd272f commit e6d054f

1 file changed

Lines changed: 163 additions & 0 deletions

File tree

CHANGELOG.md

Lines changed: 163 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,169 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
77

88
## [Unreleased]
99

10+
## [0.8.0] — 2026-05-27
11+
12+
### Added
13+
- **`truestamp console` interactive TUI.** New subcommand opens a
14+
long-lived, authenticated WebSocket to the Truestamp backend
15+
(multiplexed Phoenix Channels: `console:lobby` for commands +
16+
stream events, `console:clock` for server-time ticks) and renders
17+
four panes — **Monitor** (toggleable stream subscriptions with a
18+
scrollable, reversible event waterfall; 24h time-windowed
19+
retention, 100k hard cap), **New Item** (form + live
20+
`items.created → items.committed` lifecycle card with a leading
21+
"Submission mode" Select for external-hash vs.
22+
claims-as-source-of-truth), **Teams** (membership list + in-place
23+
team switch via `scope.switch_team`), and **Connection**
24+
(diagnostics with reconnect countdown, server-time clock, push
25+
counters, log file path, and a live third-party health-check
26+
table). Reconnect-with-backoff (1→2→5→10→30s), server-side
27+
first-event-immediate event coalescing into `<resource>.burst`
28+
summaries, two-stage readiness gate (socketReady / sessionReady).
29+
Architecture and wire-protocol notes in
30+
[docs/engineering/console.md](docs/engineering/console.md).
31+
- **`truestamp beacon` subcommand.** Read-only access to the
32+
Truestamp beacons JSON:API at `/api/json/beacons/*`: `beacon`
33+
(default = `latest`), `beacon list`, `beacon get <uuidv7>`,
34+
`beacon by-hash <64-hex>`. Output is plain Unix-friendly text by
35+
default with optional `--json` / `--hash-only` / `-s` modes. The
36+
single-beacon card emits two shareable public-web links
37+
(`Details → {host}/beacons/<hash>` and
38+
`Verify → {host}/verify/beacon/<id>`) and renders unconditionally
39+
— localhost and plain-http hosts too — so links work when
40+
developing against a local server.
41+
- **`truestamp team` subcommand.** `team list / show / set /
42+
unset`. `team list` emits a four-column `★/ID/NAME/ROLE` table
43+
over `GET /api/json/memberships?include=team`; `team set <id>`
44+
validates by reading `/teams/{id}` first so a typo or revoked
45+
membership refuses to write; `team set` with no arg opens an
46+
interactive picker; `team unset` reverts to the server's
47+
personal-team auto-fallback. Active selection persists in the
48+
top-level `team` key in `~/.config/truestamp/config.toml`. The
49+
console Teams pane (key `3`) is wired to the same source of
50+
truth, and `config show` / `auth status` both surface `Team Name`
51+
/ `Team Role` rows alongside the bare id.
52+
- **Claims-as-source-of-truth submission mode for `truestamp
53+
create`.** A second submission mode where no external file is
54+
required — the claims content itself is what gets timestamped,
55+
gated by a server-side meaningful-content rule (≥ 32-char
56+
description or non-empty metadata). The `--hash` / `--hash-type`
57+
pair is now co-required: both supplied (external-hash mode) or
58+
both omitted (claims-content mode). Mirrored in the console New
59+
Item pane via a leading `Submission mode` Select; hash + hash_type
60+
fields auto-hide in claims-content mode and the description field
61+
enforces the ≥ 32-char rule inline.
62+
- **CLI-wide JSON logger with redaction and panic recovery.**
63+
`internal/logging` extends a single structured `slog` JSON logger
64+
across every subcommand. `internal/redact` scrubs api_key
65+
patterns from log payloads (security-critical — covered by the
66+
`TestRedactSecrets` fuzz target). A top-level panic recovery
67+
installs a `slog.Error("panic", ...)` handler that captures
68+
goroutine stacks before the process exits, so the console's
69+
Bubble Tea event loop never leaks an uncaught panic to a black
70+
terminal.
71+
- **Third-party health checks in the Connection pane.** Probes
72+
Truestamp service (`{base_url}/health`), Truestamp keyring,
73+
NIST Beacon, Stellar Horizon (mainnet), and Blockstream every
74+
minute while the pane is open. Results sort problems first
75+
(failed → degraded → checking → unknown → ok). Manual refresh
76+
rate-limited to one run per 3 seconds.
77+
- **`/release` Claude Code skill.** Canonical end-to-end release
78+
flow for this repo, documented at
79+
[.claude/skills/release/SKILL.md](.claude/skills/release/SKILL.md).
80+
Walks the full playbook (pre-flight quality gate, GoReleaser
81+
dry-run, CHANGELOG update, release PR + CI, signed annotated tag,
82+
release.yml watch, post-release artifact verification) and
83+
delegates partial-failure recovery to a sibling reference doc.
84+
`CONTRIBUTING.md` points at the skill as the normal way to ship.
85+
86+
### Changed
87+
- **URL config consolidated into a single `base_url`.** Previous
88+
configs surfaced multiple endpoint URLs (api_url, keyring_url,
89+
websocket_url, health_url) that all derived from the same
90+
Truestamp deployment. The new `base_url` (default
91+
`https://www.truestamp.com`) is the single dial — `api_url`,
92+
`keyring_url`, the console WebSocket URL, and the health-check
93+
URL are all derived from it at config load, with the per-URL
94+
flags / env vars preserved for explicit override. `config show`
95+
renders the derived values alongside `base_url` so the source of
96+
truth is obvious.
97+
- **Console monitor waterfall redesigned.** Table-driven layout
98+
via `lipgloss/v2/table`, mouse-wheel scrolling, deterministic
99+
reverse-chronological event ordering, ID column no longer
100+
truncates the primary id, scroll indicator anchored to the title
101+
row, footer state-aware to whichever pane is focused. Default
102+
focus on app launch goes straight to the events waterfall so
103+
`j/k`/arrows scroll without a leading Tab. Header status trimmed
104+
— plan + stream count moved to the Connection pane to declutter
105+
the Monitor.
106+
- **New Item form ergonomics.** Migrated to `huh/v2`, the
107+
hash-type Select uses the canonical Display names shared with
108+
the watching screen, validation runs inline at the offending
109+
field with the three checks (algorithm registered, even-length
110+
hex, length matches algorithm) mandatory in every code path,
111+
`?` toggles help by growing the body (no longer resizing the
112+
screen), watching screen drops the card border + fixes line
113+
wrap, esc returns cleanly to the form, and quit prompts for
114+
confirmation so an accidental ctrl-C doesn't lose a submission
115+
in flight.
116+
- **Go toolchain pinned to 1.26.3.** `.tool-versions` (single
117+
source of truth for CI via `mise`) and `go.mod` both bumped from
118+
1.26.2 — see Security below.
119+
120+
### Fixed
121+
- **Health-check latency flake on fast loopback.** The Connection
122+
pane's `checkHealthTarget` rounded `time.Since(start)` to
123+
milliseconds at storage time. On a fast macOS runner the
124+
in-process httptest.Server round-trip completes in under 500µs,
125+
so the value collapsed to `0s` and broke
126+
`TestCheckHealthTarget_OK`'s positive-latency assertion. The
127+
renderer in `connection.go` already rounds at display time, and
128+
`TestRenderHealthSection_IconsAndDetails` documents the storage
129+
contract by setting `r.Latency = 42_000_000` (42ms in
130+
nanoseconds). Storage-time rounding was wrong on both counts:
131+
it lost sub-ms signal and made "too-fast-to-measure"
132+
indistinguishable from "never measured". Removed.
133+
134+
### Security
135+
- **Go 1.26.2 → 1.26.3** clears two stdlib advisories surfaced by
136+
`task vuln-check`: **GO-2026-4971** (panic in `net.Dial` /
137+
`LookupPort` on Windows NUL bytes; reachable via
138+
`httpclient.DownloadBytesCtx`) and **GO-2026-4918** (infinite
139+
loop in `net/http/internal/http2` on a bad
140+
`SETTINGS_MAX_FRAME_SIZE`). Both fixed in 1.26.3. The
141+
`.tool-versions` comment block records the bump rationale so
142+
future Go bumps can compare against a known baseline.
143+
144+
### Developer experience / tests
145+
- **wschannel chaos test suite.** New `internal/wschannel` chaos
146+
tests under a `chaos` build tag exercise reconnect-with-backoff,
147+
topic rejoin replay, pending-call drain on disconnect, and
148+
api_key redaction under failure. `task test-chaos` runs them
149+
locally; the CI workflow runs them on every PR alongside the
150+
main test matrix.
151+
- **wschannel codec fuzz tests.** Three new `FuzzXxx` targets
152+
cover Phoenix V2 array-form `Frame` unmarshal, reply parsing,
153+
and the api_key redactor. Seeds committed; CI replays them on
154+
every run plus runs each for 30s of active mutation per push as
155+
part of the existing fuzz step.
156+
- **Phased TUI refactor (six phases).** Migration to lipgloss/v2 +
157+
bubbletea/v2 + huh/v2 broken into reviewable slices: chrome
158+
package + keymap-driven footer (Phase 1), mouse wheel scroll on
159+
Monitor (Phase 2), canonical event projector + lipgloss/v2/table
160+
for the waterfall (Phase 3), New Item form migration to huh/v2
161+
(Phase 4), Connection pane polish via lipgloss/v2/table (Phase
162+
5), tests for chrome / events projector / keymaps (Phase 6).
163+
164+
### Dependencies
165+
- `golang.org/x/crypto` 0.50.0 → 0.52.0
166+
- `golang.org/x/mod` 0.35.0 → 0.36.0
167+
- `github.com/btcsuite/btcd/chaincfg/chainhash` 1.1.0 → 1.2.0
168+
- `github.com/fxamacker/cbor/v2` 2.9.1 → 2.9.2
169+
- `github.com/knadh/koanf/parsers/toml/v2` 2.2.0 → 2.2.1
170+
- `github/codeql-action` (workflow) 4.35.2 → 4.35.3
171+
- `goreleaser/goreleaser-action` (workflow) patch bump
172+
10173
## [0.7.1] — 2026-04-23
11174

12175
### Changed

0 commit comments

Comments
 (0)