Gilbert Codex v0.5.0

Gilbert Codex v0.5.0 is the biggest public alpha jump so far. It moves the app from a basic local desktop workspace toward a serious advanced AI app: local users, subscription account sign-in, image-generation artifacts, stronger chat/runtime behavior, safer review flows, support/funding links, and release automation that can publish updater-ready Windows builds.

This is still alpha software. Provider behavior varies by model and account route, and some edge cases are still being tightened through real testing. High-impact local actions, destructive operations, credential access, publishing, and outside-scope paths should remain behind visible review.

Release Status

• Version: 0.5.0
• Tag: v0.5.0
• Previous public milestone: v0.3.5
• Primary packaged target: Windows x64
• Release vehicle: GitHub Actions Release workflow plus Tauri NSIS installer
• Installer family: Gilbert-Codex-0.5.0-x64-setup.exe
• Update feed asset: latest.json
• Updater signature asset: Gilbert-Codex-0.5.0-x64-setup.exe.sig
• Checksum asset: Gilbert-Codex-0.5.0-x64-setup.exe.sha256
• Published SHA-256: 25db41c170934608d168d84ea04f5758aaa09623ea1f810abc47a8b03df6408b

Do not fill the checksum until the final installer artifact has been built and uploaded. Keep the GitHub Release body aligned with this file.

Why This Release Matters

v0.5.0 is the middle-ground release between the early alpha line and the path toward 1.0. The main chat workspace, settings, subscriptions, local data model, runtime behavior, and public release flow are now much closer to the product shape Gilbert Codex is aiming for.

The largest remaining product gap is the Apps page. v0.5.0 intentionally marks that area as coming next for Plugins, Apps, Skills, and more instead of overstating it as finished.

Headline Features

• Local users: local app accounts separate chat, project, settings, workspace, integration, and runtime state per user namespace.
• Chat workspace upgrades: queued sends, steering, better markdown display, image/file attachment improvements, generated artifacts, bulk delete review, and cleaner persistence.
• Subscription account sign-in: connect Codex / ChatGPT, Claude Code, Gemini CLI / Cloud Code, Antigravity, GitHub Copilot, Kiro, Kilo Code, Cline, Qwen Code, iFlow, Qoder, Kimi Coding, and CodeBuddy where the local subscription runtime supports them.
• Codex / ChatGPT route: browser sign-in handoff, local callback/proxy handling, account status, subscription model selection, and OpenRouter fallback.
• Image generation: generated images now render as real chat artifacts with progress, image grids, lightbox preview, and download controls. Codex / ChatGPT-backed subscription image generation is the first-class path in this release; broader image-provider coverage is still being tightened.
• Runtime modularization: the app root has been split into focused workspace modules so the chat runtime, routing, state, Discord, provider streaming, context handling, and local action flows are easier to maintain.
• Database responsiveness: local database load/write/migration work now runs off the UI path.
• Subscription sandbox controls: install/start progress, sign-out flows, uninstall confirmation, local data removal, safer local-path checks, and clearer user-facing copy.
• Support page: voluntary project-funding links open externally through hosted providers only, with secret-like values rejected before display.
• Public release flow: version fields, release notes, installer docs, and GitHub Actions remain aligned so pushing v0.5.0 can produce installer and updater assets.

Release Automation

The GitHub Release workflow builds the Windows NSIS installer with updater artifacts enabled, reads this release note into the GitHub Release body, uploads the installer, uploads latest.json, uploads the updater signature, and adds a SHA-256 checksum asset.

For automatic updates to reach installed devices, the repository must have these GitHub Actions secrets configured:

• TAURI_SIGNING_PRIVATE_KEY
• TAURI_SIGNING_PRIVATE_KEY_PASSWORD when the key is password-protected

Release trigger options:

• Push the v0.5.0 tag to run the release workflow as a tag release.
• Or dispatch the Release workflow manually with v0.5.0.

Public Repository Boundary

The public repository stays open-source ready while private local runtime sources, local databases, logs, generated outputs, dependencies, build artifacts, environment files, and signing credentials stay out of Git. This release keeps the public branch focused on collaboration-facing source, docs, workflows, and app code that should be reviewed publicly.

Upgrade Notes For Users

• Install the Windows x64 setup executable from GitHub Releases.
• If Windows SmartScreen appears, review the source before continuing. This alpha is unsigned unless a signed build is provided.
• Create or sign into a local Gilbert user to keep chats, projects, settings, and workspace state namespaced.
• Configure provider keys, local endpoints, subscription accounts, GitHub OAuth, Discord, and workspace permissions from Settings.
• For Codex / ChatGPT subscription routing, open Settings > Subscriptions, set up subscriptions, sign in with Codex / ChatGPT, then choose a live subscription model.
• For image generation, enable the image option in the composer or Subscriptions settings and use a connected Codex / ChatGPT-backed image-capable route.
• For local models, start LM Studio or Ollama first, confirm the endpoint is reachable, then select the matching provider/model in Gilbert.
• Keep local databases, logs, screenshots, provider errors, tokens, and workspace paths out of public issues unless they are sanitized.

Upgrade Notes For Maintainers

• Keep version fields aligned across package.json, package-lock.json, src-tauri/Cargo.toml, src-tauri/Cargo.lock, and src-tauri/tauri.conf.json.
• Keep docs/releases/v0.5.0.md aligned with the GitHub Release body.
• Use npm.cmd on Windows PowerShell if the npm shim is blocked by script policy.
• Run the full build and Rust check before pushing the release tag.
• Confirm the release workflow has TAURI_SIGNING_PRIVATE_KEY and TAURI_SIGNING_PRIVATE_KEY_PASSWORD when updater artifacts are required.
• Confirm generated artifacts, logs, local database files, secrets, dependency folders, private local runtime sources, and build outputs stay out of Git.

Validation Commands

Recommended local checks:

npm.cmd run build
npm.cmd run rust:fmt:check
npm.cmd run rust:check
npm.cmd run audit:prod
git diff --check

Recommended release build:

npm.cmd run app:release

The GitHub release workflow performs the Windows updater release build when the tag is pushed or the workflow is dispatched with a version input.

Known Issues

Provider And Subscription Reliability

Hosted providers, local providers, and subscription-backed routes can behave differently across structured output, long context, empty responses, source-backed synthesis, image support, quota windows, and account refresh.

Workarounds:

• Try a model known to behave well for the current task.
• Try a local model through LM Studio or Ollama when cloud routing is unstable.
• Reconnect a subscription account when quota or account status looks stale.
• Include provider, model ID, prompt, and sanitized visible activity details when reporting.

Apps Page Is Next

The Apps page is intentionally marked as coming next for Plugins, Apps, Skills, and more. The core chat, settings, subscription, and release surfaces moved forward first.

Approval UX Still Needs Polish

Risk-based review exists, but approval cards, grouped activity, and final review surfaces still need more real-world refinement.

Windows-Only Packaged Release

Windows x64 is the only official packaged target for v0.5.0. macOS and Linux source support exists, but official release artifacts require native validation.

Unsigned Windows Installer

The installer is not Authenticode code-signed unless a release is built with valid signing configuration. SmartScreen warnings are expected on some machines.

Security And Privacy Notes

Gilbert Codex is local-first. Provider keys, GitHub tokens, Discord settings, subscription sign-ins, local accounts, local databases, logs, workspace files, scan artifacts, release signing credentials, updater private keys, and private local runtime sources are local user data. They should not be committed or attached to public issues.

The release continues the repository hygiene posture:

• .env stays ignored.
• Local SQLite databases stay ignored.
• SQLite journal and WAL files stay ignored.
• Local scan outputs stay ignored.
• Local browser/test output stays ignored.
• Dependency folders stay ignored.
• Build outputs stay ignored.
• Release signing credentials stay out of source control.

Production Readiness Posture

v0.5.0 is ready for broader public alpha testing and updater-backed Windows release prep. It is not claiming perfect provider reliability or finished Apps/Plugins support. The right posture is to ship the build with explicit known issues, gather compatibility reports, and keep tightening the runtime with real evidence.