nativesoul 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +21 -2
- package/README.md +3 -3
- package/dist/packages/cli/src/index.js +242 -144
- package/dist/packages/mcp-server/src/index.js +113 -50
- package/docs/adr/ADR-042-control-plane-direction-and-deferral.md +1 -1
- package/docs/adr/ADR-043-versioning-and-release-policy.md +2 -2
- package/docs/legal/EULA.md +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -15,6 +15,24 @@ product after ADR-045; there is no Free/Pro split.
|
|
|
15
15
|
### Product
|
|
16
16
|
- _Nothing yet._
|
|
17
17
|
|
|
18
|
+
## [0.1.1] — 2026-07-01
|
|
19
|
+
|
|
20
|
+
### Product
|
|
21
|
+
- EPIC-021 Work items/board is complete: migration 6, local work item status
|
|
22
|
+
machine, `nativesoul work` CLI, `life_work_item_*` MCP tools, audit timeline,
|
|
23
|
+
forward `metadata.run_id`, and reverse `runs.evidence_json.work_item_id`
|
|
24
|
+
linkage.
|
|
25
|
+
- EPIC-022 started with dashboard schema v2 and static viewer expansion:
|
|
26
|
+
read-only `work`, `approvals`, and `cost` sections plus Work Board, Pending
|
|
27
|
+
Approvals, honest Cost cards, and `dashboard data --section work|approvals|cost`
|
|
28
|
+
with graceful degradation and no server.
|
|
29
|
+
- EPIC-023 started with host-reported-only `RunCost` capture: optional heartbeat
|
|
30
|
+
cost metadata is redacted, normalized, stored in existing `runs.cost_json`, and
|
|
31
|
+
estimated/malformed values are treated as not reported.
|
|
32
|
+
|
|
33
|
+
### Quality
|
|
34
|
+
- Test suite at release: 381 tests across 50 files.
|
|
35
|
+
|
|
18
36
|
## [0.1.0] — 2026-06-23
|
|
19
37
|
|
|
20
38
|
Initial pre-1.0 (`@beta`) baseline. Local-first continuity layer for coding
|
|
@@ -35,8 +53,9 @@ telemetry, never copies credentials.
|
|
|
35
53
|
- Approval gate: approval domain, CLI, MCP tools, standing-order auto-approval,
|
|
36
54
|
and audit events while preserving side-effect-free policy evaluation.
|
|
37
55
|
(EPIC-020 Done.)
|
|
38
|
-
- Closed npm distribution
|
|
39
|
-
|
|
56
|
+
- Closed npm distribution is live: private source repo, minified npm artifact,
|
|
57
|
+
boot gate, release audit/provenance gates, and `nativesoul@0.1.0` published
|
|
58
|
+
to npm (`beta` and npm-created `latest` dist-tags).
|
|
40
59
|
|
|
41
60
|
<!-- Version links omitted intentionally: NativeSoul is proprietary and closed
|
|
42
61
|
(ADR-045), not a public OSS repo — compare/release URLs would not resolve for
|
package/README.md
CHANGED
|
@@ -59,7 +59,7 @@ It runs entirely on your machine (`~/.nativesoul/`), keeps **no background proce
|
|
|
59
59
|
|
|
60
60
|
## Quick Start
|
|
61
61
|
|
|
62
|
-
> **Note on distribution.** NativeSoul is a proprietary, **closed** package (minified `dist/`, private repo) published to npm as a **paid** product.
|
|
62
|
+
> **Note on distribution.** NativeSoul is a proprietary, **closed** package (minified `dist/`, private repo) published to npm as a **paid** product. Install the beta with `npm install -g nativesoul@beta` (currently `0.1.0`). Usage requires an activated license (`nativesoul license activate <key>`).
|
|
63
63
|
|
|
64
64
|
### Option A — Host-first install (recommended)
|
|
65
65
|
|
|
@@ -342,7 +342,7 @@ npm test # build + non-e2e suite
|
|
|
342
342
|
npm run test:e2e
|
|
343
343
|
```
|
|
344
344
|
|
|
345
|
-
Release gates (
|
|
345
|
+
Release gates (tokens and signing keys stay outside the repo):
|
|
346
346
|
|
|
347
347
|
```sh
|
|
348
348
|
npm run package:local # local tarball + provenance manifest
|
|
@@ -351,7 +351,7 @@ npm run release:security:audit # lint + typecheck + policy + tests + build + s
|
|
|
351
351
|
npm run release:provenance:dry-run
|
|
352
352
|
```
|
|
353
353
|
|
|
354
|
-
`
|
|
354
|
+
`nativesoul@0.1.0` has been published to npm. Future publish/dist-tag operations remain @devops-only (see [`docs/guides/npm-beta-release-rollback.md`](docs/guides/npm-beta-release-rollback.md)). The security audit does not read npm tokens, sign with real keys, or claim public SLSA/registry attestation.
|
|
355
355
|
|
|
356
356
|
---
|
|
357
357
|
|