v1.1
1.1.1778855131 | 2026-05-15
This release hardens the release path around package installability, signed
asset manifests, Policy V2 settings, service reload behavior, debug reports,
and release metadata. It keeps release-facing surfaces honest: Capsem ships
.pkg and .deb artifacts with signed manifest checks, while the desktop
self-updater and configured external policy hook dispatch remain deferred until
their full runtime paths are wired and verified.
Highlights
Section titled “Highlights”Install and Asset Verification
Section titled “Install and Asset Verification”macOS .pkg and Linux .deb package flows now include signed
manifest.json snapshots and all required host helper binaries. Setup,
capsem update --assets, service startup, status, and doctor diagnostics use
verified manifest loading so unsigned or invalid manifests fail loudly instead
of silently downgrading asset verification. Release install E2E also starts
from clean-checkout VM assets and repacks the Linux .deb in place, so CI
installs the same package payload it validates.
Linux app release jobs also install minisign before signing package payload
manifests, so the signed-manifest packaging path is proved before publication.
Release Debug and Status
Section titled “Release Debug and Status”capsem debug now emits a structured capsem.debug.v1 report for local
install diagnosis, and install status capture keeps typed setup, service,
asset, saved-VM, and helper-binary failures visible. These reports are designed
for release support: they preserve the useful state without dumping secret
environment values.
Release Workflow
Section titled “Release Workflow”Release preflight checks validate the manifest signing key, keep Linux package
publication release-blocking, and include the signed manifest plus boot assets
in provenance. VM asset manifests use consistent same-day patch selection and
canonical rootfs validation before publication. just cut-release prepares a
local release commit and tag only; publishing now requires deliberate manual
pushes of main and the immutable tag before watching the tag workflow.
Policy V2 Settings
Section titled “Policy V2 Settings”The Settings UI can stage, review, import, generate, rename, delete, save, and
export named Policy V2 rules without hiding pending changes. Unsupported hook
rules and non-shipping runtime surfaces are hidden or rejected for this
release, including new policy.hook.* writes.
Runtime Reload Truth
Section titled “Runtime Reload Truth”Settings reload failures now return structured saved-but-not-applied state, including affected session IDs. The UI keeps a retry banner until reload succeeds, settings change again, or all affected sessions stop.
Policy Hook Scope
Section titled “Policy Hook Scope”Policy Hook Spec0 remains shipped as infrastructure: the OpenAPI contract, hardened client, fail-closed validation, and audit-row machinery are available for future integration work. Configured external hook dispatch is not exposed as a shipped settings/UI/runtime surface in this release.