nativesoul 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -15,6 +15,24 @@ product after ADR-045; there is no Free/Pro split.
15
15
  ### Product
16
16
  - _Nothing yet._
17
17
 
18
+ ## [0.1.1] — 2026-07-01
19
+
20
+ ### Product
21
+ - EPIC-021 Work items/board is complete: migration 6, local work item status
22
+ machine, `nativesoul work` CLI, `life_work_item_*` MCP tools, audit timeline,
23
+ forward `metadata.run_id`, and reverse `runs.evidence_json.work_item_id`
24
+ linkage.
25
+ - EPIC-022 started with dashboard schema v2 and static viewer expansion:
26
+ read-only `work`, `approvals`, and `cost` sections plus Work Board, Pending
27
+ Approvals, honest Cost cards, and `dashboard data --section work|approvals|cost`
28
+ with graceful degradation and no server.
29
+ - EPIC-023 started with host-reported-only `RunCost` capture: optional heartbeat
30
+ cost metadata is redacted, normalized, stored in existing `runs.cost_json`, and
31
+ estimated/malformed values are treated as not reported.
32
+
33
+ ### Quality
34
+ - Test suite at release: 381 tests across 50 files.
35
+
18
36
  ## [0.1.0] — 2026-06-23
19
37
 
20
38
  Initial pre-1.0 (`@beta`) baseline. Local-first continuity layer for coding
@@ -35,8 +53,9 @@ telemetry, never copies credentials.
35
53
  - Approval gate: approval domain, CLI, MCP tools, standing-order auto-approval,
36
54
  and audit events while preserving side-effect-free policy evaluation.
37
55
  (EPIC-020 Done.)
38
- - Closed npm distribution remains in launch prep under EPIC-024; this beta
39
- package uses minified runtime entrypoints and release audit/provenance gates.
56
+ - Closed npm distribution is live: private source repo, minified npm artifact,
57
+ boot gate, release audit/provenance gates, and `nativesoul@0.1.0` published
58
+ to npm (`beta` and npm-created `latest` dist-tags).
40
59
 
41
60
  <!-- Version links omitted intentionally: NativeSoul is proprietary and closed
42
61
  (ADR-045), not a public OSS repo — compare/release URLs would not resolve for
package/README.md CHANGED
@@ -59,7 +59,7 @@ It runs entirely on your machine (`~/.nativesoul/`), keeps **no background proce
59
59
 
60
60
  ## Quick Start
61
61
 
62
- > **Note on distribution.** NativeSoul is a proprietary, **closed** package (minified `dist/`, private repo) published to npm as a **paid** product. The public `npm publish` is pending, so today you install via the **host prompt** (recommended) or a **local tarball** (for testing). `npm install -g nativesoul` will be the path once published — usage requires an activated license (`nativesoul license activate <key>`).
62
+ > **Note on distribution.** NativeSoul is a proprietary, **closed** package (minified `dist/`, private repo) published to npm as a **paid** product. Install the beta with `npm install -g nativesoul@beta` (currently `0.1.0`). Usage requires an activated license (`nativesoul license activate <key>`).
63
63
 
64
64
  ### Option A — Host-first install (recommended)
65
65
 
@@ -342,7 +342,7 @@ npm test # build + non-e2e suite
342
342
  npm run test:e2e
343
343
  ```
344
344
 
345
- Release gates (no real publish, tokens, or signing keys):
345
+ Release gates (tokens and signing keys stay outside the repo):
346
346
 
347
347
  ```sh
348
348
  npm run package:local # local tarball + provenance manifest
@@ -351,7 +351,7 @@ npm run release:security:audit # lint + typecheck + policy + tests + build + s
351
351
  npm run release:provenance:dry-run
352
352
  ```
353
353
 
354
- `npm publish` remains blocked until package visibility and npm authentication are explicitly approved (handled by @devops; see [`docs/guides/npm-beta-release-rollback.md`](docs/guides/npm-beta-release-rollback.md)). The security audit does not read npm tokens, sign with real keys, or claim public SLSA/registry attestation.
354
+ `nativesoul@0.1.0` has been published to npm. Future publish/dist-tag operations remain @devops-only (see [`docs/guides/npm-beta-release-rollback.md`](docs/guides/npm-beta-release-rollback.md)). The security audit does not read npm tokens, sign with real keys, or claim public SLSA/registry attestation.
355
355
 
356
356
  ---
357
357