@@ -7,6 +7,169 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
77
88## [ Unreleased]
99
10+ ## [ 0.8.0] — 2026-05-27
11+
12+ ### Added
13+ - ** ` truestamp console ` interactive TUI.** New subcommand opens a
14+ long-lived, authenticated WebSocket to the Truestamp backend
15+ (multiplexed Phoenix Channels: ` console:lobby ` for commands +
16+ stream events, ` console:clock ` for server-time ticks) and renders
17+ four panes — ** Monitor** (toggleable stream subscriptions with a
18+ scrollable, reversible event waterfall; 24h time-windowed
19+ retention, 100k hard cap), ** New Item** (form + live
20+ ` items.created → items.committed ` lifecycle card with a leading
21+ "Submission mode" Select for external-hash vs.
22+ claims-as-source-of-truth), ** Teams** (membership list + in-place
23+ team switch via ` scope.switch_team ` ), and ** Connection**
24+ (diagnostics with reconnect countdown, server-time clock, push
25+ counters, log file path, and a live third-party health-check
26+ table). Reconnect-with-backoff (1→2→5→10→30s), server-side
27+ first-event-immediate event coalescing into ` <resource>.burst `
28+ summaries, two-stage readiness gate (socketReady / sessionReady).
29+ Architecture and wire-protocol notes in
30+ [ docs/engineering/console.md] ( docs/engineering/console.md ) .
31+ - ** ` truestamp beacon ` subcommand.** Read-only access to the
32+ Truestamp beacons JSON: API at ` /api/json/beacons/* ` : ` beacon `
33+ (default = ` latest ` ), ` beacon list ` , ` beacon get <uuidv7> ` ,
34+ ` beacon by-hash <64-hex> ` . Output is plain Unix-friendly text by
35+ default with optional ` --json ` / ` --hash-only ` / ` -s ` modes. The
36+ single-beacon card emits two shareable public-web links
37+ (` Details → {host}/beacons/<hash> ` and
38+ ` Verify → {host}/verify/beacon/<id> ` ) and renders unconditionally
39+ — localhost and plain-http hosts too — so links work when
40+ developing against a local server.
41+ - ** ` truestamp team ` subcommand.** `team list / show / set /
42+ unset` . ` team list` emits a four-column ` ★/ID/NAME/ROLE` table
43+ over ` GET /api/json/memberships?include=team ` ; ` team set <id> `
44+ validates by reading ` /teams/{id} ` first so a typo or revoked
45+ membership refuses to write; ` team set ` with no arg opens an
46+ interactive picker; ` team unset ` reverts to the server's
47+ personal-team auto-fallback. Active selection persists in the
48+ top-level ` team ` key in ` ~/.config/truestamp/config.toml ` . The
49+ console Teams pane (key ` 3 ` ) is wired to the same source of
50+ truth, and ` config show ` / ` auth status ` both surface ` Team Name `
51+ / ` Team Role ` rows alongside the bare id.
52+ - ** Claims-as-source-of-truth submission mode for `truestamp
53+ create`.** A second submission mode where no external file is
54+ required — the claims content itself is what gets timestamped,
55+ gated by a server-side meaningful-content rule (≥ 32-char
56+ description or non-empty metadata). The ` --hash ` / ` --hash-type `
57+ pair is now co-required: both supplied (external-hash mode) or
58+ both omitted (claims-content mode). Mirrored in the console New
59+ Item pane via a leading ` Submission mode ` Select; hash + hash_type
60+ fields auto-hide in claims-content mode and the description field
61+ enforces the ≥ 32-char rule inline.
62+ - ** CLI-wide JSON logger with redaction and panic recovery.**
63+ ` internal/logging ` extends a single structured ` slog ` JSON logger
64+ across every subcommand. ` internal/redact ` scrubs api_key
65+ patterns from log payloads (security-critical — covered by the
66+ ` TestRedactSecrets ` fuzz target). A top-level panic recovery
67+ installs a ` slog.Error("panic", ...) ` handler that captures
68+ goroutine stacks before the process exits, so the console's
69+ Bubble Tea event loop never leaks an uncaught panic to a black
70+ terminal.
71+ - ** Third-party health checks in the Connection pane.** Probes
72+ Truestamp service (` {base_url}/health ` ), Truestamp keyring,
73+ NIST Beacon, Stellar Horizon (mainnet), and Blockstream every
74+ minute while the pane is open. Results sort problems first
75+ (failed → degraded → checking → unknown → ok). Manual refresh
76+ rate-limited to one run per 3 seconds.
77+ - ** ` /release ` Claude Code skill.** Canonical end-to-end release
78+ flow for this repo, documented at
79+ [ .claude/skills/release/SKILL.md] ( .claude/skills/release/SKILL.md ) .
80+ Walks the full playbook (pre-flight quality gate, GoReleaser
81+ dry-run, CHANGELOG update, release PR + CI, signed annotated tag,
82+ release.yml watch, post-release artifact verification) and
83+ delegates partial-failure recovery to a sibling reference doc.
84+ ` CONTRIBUTING.md ` points at the skill as the normal way to ship.
85+
86+ ### Changed
87+ - ** URL config consolidated into a single ` base_url ` .** Previous
88+ configs surfaced multiple endpoint URLs (api_url, keyring_url,
89+ websocket_url, health_url) that all derived from the same
90+ Truestamp deployment. The new ` base_url ` (default
91+ ` https://www.truestamp.com ` ) is the single dial — ` api_url ` ,
92+ ` keyring_url ` , the console WebSocket URL, and the health-check
93+ URL are all derived from it at config load, with the per-URL
94+ flags / env vars preserved for explicit override. ` config show `
95+ renders the derived values alongside ` base_url ` so the source of
96+ truth is obvious.
97+ - ** Console monitor waterfall redesigned.** Table-driven layout
98+ via ` lipgloss/v2/table ` , mouse-wheel scrolling, deterministic
99+ reverse-chronological event ordering, ID column no longer
100+ truncates the primary id, scroll indicator anchored to the title
101+ row, footer state-aware to whichever pane is focused. Default
102+ focus on app launch goes straight to the events waterfall so
103+ ` j/k ` /arrows scroll without a leading Tab. Header status trimmed
104+ — plan + stream count moved to the Connection pane to declutter
105+ the Monitor.
106+ - ** New Item form ergonomics.** Migrated to ` huh/v2 ` , the
107+ hash-type Select uses the canonical Display names shared with
108+ the watching screen, validation runs inline at the offending
109+ field with the three checks (algorithm registered, even-length
110+ hex, length matches algorithm) mandatory in every code path,
111+ ` ? ` toggles help by growing the body (no longer resizing the
112+ screen), watching screen drops the card border + fixes line
113+ wrap, esc returns cleanly to the form, and quit prompts for
114+ confirmation so an accidental ctrl-C doesn't lose a submission
115+ in flight.
116+ - ** Go toolchain pinned to 1.26.3.** ` .tool-versions ` (single
117+ source of truth for CI via ` mise ` ) and ` go.mod ` both bumped from
118+ 1.26.2 — see Security below.
119+
120+ ### Fixed
121+ - ** Health-check latency flake on fast loopback.** The Connection
122+ pane's ` checkHealthTarget ` rounded ` time.Since(start) ` to
123+ milliseconds at storage time. On a fast macOS runner the
124+ in-process httptest.Server round-trip completes in under 500µs,
125+ so the value collapsed to ` 0s ` and broke
126+ ` TestCheckHealthTarget_OK ` 's positive-latency assertion. The
127+ renderer in ` connection.go ` already rounds at display time, and
128+ ` TestRenderHealthSection_IconsAndDetails ` documents the storage
129+ contract by setting ` r.Latency = 42_000_000 ` (42ms in
130+ nanoseconds). Storage-time rounding was wrong on both counts:
131+ it lost sub-ms signal and made "too-fast-to-measure"
132+ indistinguishable from "never measured". Removed.
133+
134+ ### Security
135+ - ** Go 1.26.2 → 1.26.3** clears two stdlib advisories surfaced by
136+ ` task vuln-check ` : ** GO-2026-4971** (panic in ` net.Dial ` /
137+ ` LookupPort ` on Windows NUL bytes; reachable via
138+ ` httpclient.DownloadBytesCtx ` ) and ** GO-2026-4918** (infinite
139+ loop in ` net/http/internal/http2 ` on a bad
140+ ` SETTINGS_MAX_FRAME_SIZE ` ). Both fixed in 1.26.3. The
141+ ` .tool-versions ` comment block records the bump rationale so
142+ future Go bumps can compare against a known baseline.
143+
144+ ### Developer experience / tests
145+ - ** wschannel chaos test suite.** New ` internal/wschannel ` chaos
146+ tests under a ` chaos ` build tag exercise reconnect-with-backoff,
147+ topic rejoin replay, pending-call drain on disconnect, and
148+ api_key redaction under failure. ` task test-chaos ` runs them
149+ locally; the CI workflow runs them on every PR alongside the
150+ main test matrix.
151+ - ** wschannel codec fuzz tests.** Three new ` FuzzXxx ` targets
152+ cover Phoenix V2 array-form ` Frame ` unmarshal, reply parsing,
153+ and the api_key redactor. Seeds committed; CI replays them on
154+ every run plus runs each for 30s of active mutation per push as
155+ part of the existing fuzz step.
156+ - ** Phased TUI refactor (six phases).** Migration to lipgloss/v2 +
157+ bubbletea/v2 + huh/v2 broken into reviewable slices: chrome
158+ package + keymap-driven footer (Phase 1), mouse wheel scroll on
159+ Monitor (Phase 2), canonical event projector + lipgloss/v2/table
160+ for the waterfall (Phase 3), New Item form migration to huh/v2
161+ (Phase 4), Connection pane polish via lipgloss/v2/table (Phase
162+ 5), tests for chrome / events projector / keymaps (Phase 6).
163+
164+ ### Dependencies
165+ - ` golang.org/x/crypto ` 0.50.0 → 0.52.0
166+ - ` golang.org/x/mod ` 0.35.0 → 0.36.0
167+ - ` github.com/btcsuite/btcd/chaincfg/chainhash ` 1.1.0 → 1.2.0
168+ - ` github.com/fxamacker/cbor/v2 ` 2.9.1 → 2.9.2
169+ - ` github.com/knadh/koanf/parsers/toml/v2 ` 2.2.0 → 2.2.1
170+ - ` github/codeql-action ` (workflow) 4.35.2 → 4.35.3
171+ - ` goreleaser/goreleaser-action ` (workflow) patch bump
172+
10173## [ 0.7.1] — 2026-04-23
11174
12175### Changed
0 commit comments