UrbanWafflezz/GilbertCodex

Gilbert Codex v0.8.0 is the cross-platform release-prep build for the desktop alpha. It keeps the recent reliability work and adds a guarded GitHub Actions release path for Windows, macOS, and Linux artifacts.

Release Status

• Version: 0.8.0
• Tag: v0.8.0
• Previous public release: v0.5.7
• Packaged targets: Windows x64, macOS Apple Silicon, macOS Intel, Linux x64
• Release vehicle: GitHub Actions Release workflow plus Tauri desktop bundles
• Windows artifact family: Gilbert-Codex-0.8.0-x64-setup.exe
• macOS artifact families: Gilbert-Codex-0.8.0-macos-aarch64.dmg, Gilbert-Codex-0.8.0-macos-x64.dmg, and matching updater archives
• Linux artifact families: Gilbert-Codex-0.8.0-linux-x64.deb and Gilbert-Codex-0.8.0-linux-x64.AppImage
• Update feed asset: latest.json
• Checksum assets: generated by the release workflow as .sha256 files
• Updater signature assets: generated by Tauri when the updater signing key is present
• Published SHA-256 values: pending final GitHub Actions release build
• Local validation status: Windows source validation pending this release-prep pass; macOS and Linux package builds must run on GitHub-hosted native runners

Do not fill the published checksums until the final GitHub Release artifacts have been built and uploaded. Keep the GitHub Release body aligned with this file.

What Changed

• Bumped the app, package lock, Rust crate, Cargo lock, and Tauri app metadata to 0.8.0.
• Expanded the GitHub Release workflow beyond Windows so it builds Windows first, then macOS Apple Silicon/Intel, then Linux x64.
• Kept the private release overlay requirement for every release job so packaged builds include the real local tool bridge instead of the public shim.
• Kept the Tauri updater signing-key check for every release job and enabled updater artifact generation for macOS and Linux release builds.
• Added SHA-256 checksum upload steps for macOS DMG/updater archives and Linux deb/AppImage artifacts.
• Added Linux runner system dependencies for Tauri 2 packaging, including WebKitGTK 4.1, appindicator, xdo, librsvg, libsecret, OpenSSL, and patchelf.
• Added npm run app:release:macos and npm run app:release:linux scripts for local native release builds when those platforms are available.
• Updated README, installer docs, platform docs, and roadmap references for the v0.8.0 cross-platform release path.

Release Notes For Testers

• On Windows, install the NSIS setup executable and verify first launch, sign-in, provider setup, chat, workspace tools, browser preview, terminal, notifications, updater check, and uninstall.
• On macOS Apple Silicon and Intel, mount the DMG, move the app into Applications, launch it, and verify Keychain-backed secrets, file picker permissions, terminal shell startup, browser preview, notifications, provider setup, and update checks.
• On Linux, test both deb and AppImage artifacts on a WebKitGTK 4.1-capable desktop and verify Secret Service-backed secrets, file picker behavior, terminal shell startup, browser preview, notifications, provider setup, and update checks.
• Confirm the latest.json release asset contains entries for Windows, macOS, and Linux after all release jobs complete.
• Confirm every downloadable package has a matching .sha256 file and every updater package has a matching .sig file.

Validation Commands

npm.cmd run build
npm.cmd run rust:fmt:check
npm.cmd run rust:check
npm.cmd test
git diff --check

Native package validation:

./scripts/macos-verify.sh
./scripts/linux-verify.sh

The GitHub Release workflow performs the signed updater release build when v0.8.0 is pushed or the workflow is dispatched with this version input. Manual workflow dispatches create a draft release for review; tag pushes publish the release.

Known Limits

macOS and Linux package artifacts are built on GitHub-hosted native runners, but they still need real-device launch smoke tests before the project should call those platforms fully verified.

macOS artifacts are ad-hoc signed for packaging unless Apple Developer signing and notarization credentials are added to the release path. Without notarization, Gatekeeper may require extra user confirmation on first launch.

Release builds require the private release overlay repository and Tauri updater signing key secrets. If those secrets are missing, the workflow should fail before shipping an incomplete desktop package.

Provider keys, OAuth secrets, GitHub tokens, Discord settings, local accounts, logs, local databases, workspace files, scan artifacts, release signing credentials, updater private keys, and private overlay credentials stay out of public Git and are not bundled into installers.