Releases

Saint's Mile v1.0.2

• Full combat system wiring and feature expansion from a 10-phase parallel agent swarm.
• Skill registry with age-variant skill progression
• Duo-tech system (paired character abilities)
• NPC ally AI — named characters use role-specific combat behavior
• Flee action, pressure engine, fear cascade, combo system
• Terrain effects (burning/flooding) at round boundaries

• `createKernel()`** — one-call facade replaces 4-step manual wiring
• `decideAsync()`** — async constraint evaluation for I/O-bound checks
• `PolicyBuilder`** — fluent API for validated policy construction
• `loadPolicy` / `dumpPolicy`** — Zod-validated persistence with deterministic serialization
• `applyPolicyProposal()`** — closes the learning loop
• `planFromMcpToolCall` / `feedbackFromMcpResult`** — MCP tool-call adapter

v1.0.6 — Dogfood Swarm v2

• Deep quality hardening — 456 tests, zero critical findings.
• Locked API contract: Pydantic response models as single source of truth
• XSS defense: `escapeHtml()` on all frontend innerHTML injections
• Secret handling: `_SecretValue` wrapper prevents seed leakage in tracebacks
• Per-address scoping in DryRunTransport (trust lines, offers)
• Float safety: try/except on all numeric conversions from network data

v1.4.0 — Dogfood Swarm

• AI Jam Sessions v1.4.0 ships the complete dogfood swarm — a 10-phase quality pass that added new tools, hardened every engine, humanized all error messages, and expanded test coverage from 594 to 692 tests.
• | Tool | What it does |
• |------|--------------|
• | `server_info` | Server version, library stats, engine list, active session |
• | `validate_song_entry` | Validate a song JSON against the schema before adding |
• | `transpose_song` | Transpose a song up or down by semitones — new key, new notes |

v0.3.0-beta.1

• Taste Compiler is now externally alpha-ready.
• This prerelease packages the first full proof cycle of the product:
• 6/6 artifact classes** now have enforcement checkers
• 6/6 artifact classes** are now live-proven across paired trials
• 7 paired trials** completed
• 245 baseline violations → 0 constrained**

v1.2.0 — Dogfood Swarm: Security + Features

• Fix path traversal guard in MCP `play_song` and `import_midi` (directory containment check)
• Fix XSS vulnerability in guitar tab HTML output
• Fix command injection risk in CLI `openInBrowser` on Windows
• Fix prototype pollution in `add_song` MCP tool
• Docker container now runs as non-root user
• Per-hand scoring breakdown (`breakdownByHand()`) with actionable feedback

XRPL Creator Capsule v1.0.0

• Creator-owned release system on the XRP Ledger. Issue work, sell directly, unlock collector benefits, govern revenue — all backed by durable on-chain proof.
• Studio Mode**: 6-step guided flow for creators (describe, benefit, review, publish, test, recover)
• Advanced Mode**: Full artifact control for developers and integrators
• 15 CLI commands** covering the complete release lifecycle
• 359 tests** across engine packages and desktop app
• | Phase | What it proves |

v1.0.0-rc.2 — Windows Preview

• First installable preview for non-engineers. Download, install, publish a release on XRPL Testnet.
• 1. **Windows MSI** (recommended) — download the `.msi`, run the installer
• 2. **Windows EXE** (portable) — download the `.exe` if you prefer no install
• > **Requires [Node.js 22+](https://nodejs.org/)** — the engine bridge runs as a Node subprocess. This requirement will be removed in a future release.
• Studio Mode** — guided 6-step flow: describe → benefits → review → publish → test access → recovery
• Sample release** — "Midnight Signal EP" demo so you can explore without your own files

XRPL Creator Capsule Desktop — Preview

• A desktop app for creators who want to publish, protect, and verify their creative releases on the XRPL blockchain.
• Create a release** — title, artist, edition size, collector benefits
• Publish on XRPL Testnet** — mint real NFTs (test tokens, no real value)
• Test collector access** — verify who can access your content
• Generate recovery bundles** — cryptographic proof that survives if the app disappears
• Inspect every proof artifact** — Advanced mode shows the full hash chain

• Version alignment release — matches npm wrapper @mcptoolshop/xrpl-lab@1.0.5. All changes were shipped in v1.0.3.

v1.0.3 — Dogfood Swarm + Web Dashboard

• Health Pass (Stages A-C):** 90 findings fixed — logic bugs, CI security hardening, defensive guards, graceful degradation, observability
• Web Dashboard:** FastAPI server + Astro frontend with interactive module runner via WebSocket
• `xrpl-lab serve`:** New CLI command starts API server + web dashboard
• 355 tests** (up from 228)
• Ruff clean**, CI green, 36-page site build
• Interactive web dashboard at `/app/` with module catalog, live runner, artifact viewer, doctor page

v1.1.0 — Dogfood Swarm

• The result of a full 10-phase dogfood swarm — 70 health findings fixed, ~50 features shipped, 26 → 136 tests.
• Master volume** — global gain control that scales all layers
• Sleep timer** — 15m / 30m / 1h / 2h auto-stop with countdown
• Saved presets** — save, load, and delete named mixes
• Fade in/out** — smooth volume transitions on layer add/remove
• Per-layer mute** — silence individual layers without removing them

v2.1.0 — Dogfood Swarm

• Dogfood swarm**: 52 fixes, 18 new features, tests 299 → 656.
• Tree traversal**: `flattenNodes`, `walkNodes`, `filterNodes`
• Query API**: `queryByRole`, `findFirst`, `findByRole`
• Builders**: `createNode`, `createCapture`
• JSON renderer**: `renderJSON` for LLM tool-calling
• Markdown renderer**: `renderMarkdown` for LLM consumption

v2.3.2 — Swarm Audit Remediation

• First repo processed through the dogfood-labs Swarm Protocol v1.0.
• 10 parallel audit agents found 148 findings (0 critical, 6 high, 33 medium).
• 10 parallel remediation agents fixed all highs. 43 files changed across 27 packages.
• Core Runtime:** Engine.world returns Readonly, EventBus snapshots handlers, dead code removed
• Mechanical Modules:** Extracted shared makeEvent helper from 7 duplicate copies
• Content Schemas:** One-way neighbor check softened to advisory

v1.1.0 — Swarm Protocol

• A reusable protocol for orchestrating 10+ parallel Claude agents to audit and remediate any repo, with all evidence flowing into structured databases.
• 8-phase lifecycle:**
• 1. CLAIM — create manifest checkpoint
• 2. EXPLORE — 1-3 agents scan repo structure
• 3. ASSIGN — map components to agents with exclusive file ownership
• 4. AUDIT — 10 parallel agents evaluate 80 controls across 19 domains

v1.0.1 — Security Remediation

• 20 parallel Claude agents audited and remediated the entire codebase:
• 10 audit agents** identified 108 findings (1 critical, 13 high, 36 medium)
• 10 remediation agents** fixed all criticals and all highs in one pass
• Never-upgrade invariant restored:** Null/undefined proposed verdict no longer silently defaults to "pass." The system now fails closed, treating missing or unrecognized verdicts as "fail."
• Provenance run_url regex anchored (prevents URL prefix injection)
• Repo/SHA binding checks added to GitHub provenance verification

• Audit + quality pass: version alignment tests, SHA-pinned CI

• Audit + quality pass: --version flag, SHA-pinned CI, version alignment tests

• Server version was hardcoded at 0.2.0 — now reads dynamically from package.json
• `version.ts` module with dynamic VERSION/NAME exports
• 3 version tests

• Audit + quality pass: diagnose command, --version flag, workflow fixes
• chore(deps): bump the all-actions group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/mcp-tool-shop-org/file-compass/pull/33
• audit: fix CLI, workflows, author + quality pass by @mcp-tool-shop in https://github.com/mcp-tool-shop-org/file-compass/pull/34
• feat: diagnose command + v1.0.1 audit pass by @mcp-tool-shop in https://github.com/mcp-tool-shop-org/file-compass/pull/35
• chore(deps): bump the all-actions group across 1 directory with 5 updates by @dependabot[bot] in https://github.com/mcp-tool-shop-org/file-compass/pull/33
• audit: fix CLI, workflows, author + quality pass by @mcp-tool-shop in https://github.com/mcp-tool-shop-org/file-compass/pull/34

v1.2.0 — Pack Promotion

• Calibrated packs promoted to default entry. Auto-selection, mismatch detection, alternative suggestion, free-routing fallback. See CHANGELOG.md.

v1.1.0 — Full Spine Complete

• See [CHANGELOG.md](CHANGELOG.md) for full notes. 31 roles, 7 proven team packs, 212 tests, 35 execution trials.

v1.0.3 -- Binary release for npm launcher

• Adds pre-built binaries for the npm launcher path (`npx @mcptoolshop/star-freight`).
• `star-freight-1.0.3-linux-x64`
• `star-freight-1.0.3-darwin-arm64`
• `star-freight-1.0.3-win-x64.exe`
• `checksums-1.0.3.txt` (SHA256)
• Added `release-binaries.yml` workflow (PyInstaller + SHA256 checksums)

v1.0.2 -- Star Freight Print-and-Play Board Game

• Rebuilt the print-and-play PDF generator as a proper Star Freight board game, not a Portlight reskin.
• Lanes** read as governed corridors (inspected / convoy / contested / hazard / gray), not neutral sea routes
• Pressure deck** (40 cards) replaces weather with institutional forces: inspections, seizures, scarcity spikes, convoy delays, pirate ambushes, house challenges, market shifts
• Quarter deck** replaces seasons with political rhythm: Scarcity / Convoy / Sanctions / Claims
• Captain archetypes**: Relief / Gray / Honor -- three distinct lives, not three skill sets
• Vessels**: Rustbucket / Hauler / Runner / Warbird / Bulkframe -- campaign postures, not ship classes

Saint's Mile v1.0.0

• A frontier JRPG built in Rust for the terminal.
• You play as Galen Rook across four decades — from a nineteen-year-old deputy's runner to an older man returning to the place where his life was written wrong.
• Download:** Grab `saints-mile-windows-v1.0.0.zip`, extract, and run `saints-mile.exe` in any terminal.
• Build from source:** `cargo install saints-mile` or clone and `cargo run --release`.
• 16 chapters across four life phases
• 6 party members with distinct combat identities

Portlight v1.0.0

• First stable release of Portlight — a trade-first maritime strategy CLI.
• 10 ports across 3 regions, 8 trade goods, 17 sea routes
• Route arbitrage, contracts, infrastructure, finance, and commercial reputation
• Save/load with full state round-trip
• 609 tests passing
• pip:**

• Fix:** Treaty counter derived from game state instead of module-level global (prevents duplicate treaty IDs across game loads)
• Fix:** SECURITY.md corrected wallet filename and proof file description
• Fix:** Wallet seed no longer printed to terminal in `sov wallet` output
• Fix:** `_load_game()` return type no longer uses `type: ignore` suppression
• Changed:** PyPI classifier updated to Production/Stable
• Changed:** Combined publish + release-binaries into single `release.yml` workflow

• Sounds now evolve with your session — not just what tool fired, but how the work is *going*.
• Streak awareness** — consecutive successful plays build harmonic intensity (5 levels). Your productive session *sounds* productive.
• Error escalation** — repeated errors get progressively more urgent (5 levels). You'll know something is stuck without reading the output.
• Completion fanfare** — session end is outcome-aware: triumphant ascending chord for great sessions, muted resolution for rough ones.
• New `--intensity` and `--escalation` flags for manual control
• `demo` and `export` commands showcase all new variants

v1.2.0 — Preview Reliability

• Two new MCP tools that solve the preview race condition and false-positive hook problem:
• `guardian_preview_ready`** — Polls a localhost port until the dev server responds. Use between `preview_start` and `preview_snapshot` to avoid `chrome-error://` race conditions.
• `guardian_preview_recover`** — Diagnoses stuck preview sessions. Classifies the project type (web vs desktop vs CLI) and returns step-by-step recovery guidance. For non-web projects, returns "skip preview" to suppress the irrelevant hook.
• Port readiness probe** (`src/port-probe.ts`) — TCP/HTTP polling with configurable interval, timeout, and health check. Zero new dependencies.
• Project classifier** (`src/project-classify.ts`) — Heuristic detection of web-node, web-python, web-static, desktop (Tauri/MAUI/Electron/WPF), and CLI projects.
• Recovery plan includes preview readiness guidance at healthy level

• DaemonVersion now correctly reports the current version instead of `0.2.0-lite`
• Event log file no longer grows unbounded — rotates at 5 MB, keeps one generation
• Event writes are buffered (flush every 500ms or 50 entries) instead of synchronous per-event
• Event stream endpoint no longer holds the global lock during long-poll
• Tray app resolves control panel path for packaged layout (sibling `app/` folder)
• Tray polls notification settings every 30s instead of every 2s

• `start` skips completed lessons and picks up where you left off. Shows "Welcome back" when resuming.
• Guided flow asks "What do you want to write on the ledger?" before lesson 4 — the moment people remember.
• Each lesson tracks duration. Total training time shown in certificate, proof pack, and completion banner.
• `xrpl-camp status` shows a rich visual checklist with ✓/◌ markers, durations, and a "← next" indicator.
• 110 tests (19 new), all passing
• Fully backward-compatible with existing session files

GlyphStudio v1 — A Governed Pixel Asset Studio

• GlyphStudio v1 is a governed pixel asset studio for creating stills, animation, variants, reusable parts, and structured output.
• This release focuses on five connected product arcs:
• Palette variants, reusable parts, document variants, and batch bundle export.
• Unified library, pinning and recency, search and keyboard retrieval, and interchange.
• Project templates, asset packs, apply-to-project flows, and an upgraded start surface.
• Starter recipes, contextual workflow hints, shortcut discovery, and canonical sample content.

CommandUI v1.0.0

• Starlight handbook (7 pages, 7 locales), retranslated READMEs, landing page CTA → handbook.

• httpx connection pooling** — reuse connections instead of creating one per request
• Semaphore context manager** — `async with sem:` pattern, prevents slot leaks on exceptions
• Race condition fix** — `_active` counter protected by asyncio.Lock
• Cache path traversal** — uses `relative_to()` instead of string comparison
• Structured logging** — replaces `print(stderr)` with Python logging module
• Specific exceptions** — no more bare `except Exception` in ollama.py

• Renamed PyPI distribution from `py-polyglot` to `polyglot-gpu` (import name `pypolyglot` unchanged)
• CLI entry point renamed to `polyglot-gpu`
• Added trusted publisher workflow for PyPI releases
• ```bash
• pip install polyglot-gpu
• ```

• Oregon Trail-style survival game with AI Game Master and optional XRPL ledger backpack.
• Procedurally generated wilderness with seeded world generation
• 6 camp actions: travel, rest, hunt, repair, ration, abandon cargo
• AI Game Master with 3 narrative profiles (Chronicler, Fireside, Lantern-Bearer)
• Rich terminal UI via Textual
• Save/load with automatic checkpoint system

v1.3.0 — Multi-Tenant SaaS Architecture

• App template upgraded** to `/app/[workspace]/…` multi-tenant routing (3 seeded workspaces)
• RBAC policy layer** — `canViewBilling`, `canManageTeam`, `canManageWorkspace`
• Feature flags** — `billing`, `teams`, `auditLog`, `apiKeys` with `isEnabled()` gating
• Centralized data layer** — workspace-keyed projects, metrics, and activity
• Path-preserving workspace switcher** with plan badges (starter / pro / business)
• AccessDenied component** + billing page RBAC gate

• First release with full RepoMesh evidence pipeline:
• CycloneDX SBOM generated and attached
• SLSA-style provenance statement attached
• Signed ReleasePublished event broadcast to ledger
• This release should converge to trust score 100/100 in the network.