v0.1.0

First public beta. The features below are the baseline that subsequent releases build on.

Plural system tracking

• Members with name, pronouns, role, description, color, avatar, custom fields, tags, groups, and per-member privacy.
• Front log: who's currently fronting, history, and timeline view.
• Journals: per-member and system-wide markdown entries with image embeds, fronting snapshots, revision history with retention.
• System Safety: configurable grace periods on destructive actions (member/journal/image deletes, retention loosening) with re-auth.
• Encrypted at rest: member name, descriptions, journal content, custom field values, email, TOTP secrets — all application-level encrypted; lookups use blind indexes.

Auth & accounts

• Argon2id password hashing, optional TOTP, trusted-device enrolment.
• HttpOnly refresh-cookie sessions with reuse-detection grace window.
• API keys with per-resource scopes; admin scopes are admin-gated.
• Account deletion with grace period; admin promotion via env-driven email list.

Self-hosting & operations

• Multi-arch Docker images on GHCR for the backend (sheaf) and frontend (sheaf-web); docker compose reference setup.
• Postgres + Redis required; Alembic runs upgrade head on container start.
• Storage adapters: local disk and S3-compatible.
• Email adapters: SMTP, SES, SendGrid (optional dependencies).
• SHEAF_MODE flag toggles selfhosted vs SaaS behaviour without forking.

Build verifiability

• /v1/version endpoint reports the running commit, tag, and build time.
• Multi-arch Docker images on GHCR signed via sigstore/cosign keyless OIDC.
• SPDX SBOMs published as Sigstore attestations against each image.
• Frontend bundle protected by sha384 SRI integrity attributes.
• build-manifest.json listing every dist file's hash, also published as a Sigstore attestation against the sheaf-web image.
• /about page surfaces backend + frontend build provenance and a manifest summary.
• scripts/verify-release.sh automates /v1/version → cosign verification.
• See docs/VERIFYING.md for the full trust model.

Releases

• Tag-driven release workflow with a manual approval gate via the release GitHub Environment.
• Release assets: signed Docker images on GHCR, frontend tarball, build manifest, SPDX SBOM attestations.

What's Changed

• Bump pytest from 9.0.2 to 9.0.3 by @dependabot[bot] in #1
• Bump python-multipart from 0.0.22 to 0.0.26 by @dependabot[bot] in #2
• Bump mako from 1.3.10 to 1.3.11 by @dependabot[bot] in #3
• Cap dialog height to 90vh so tall content scrolls instead of overflows by @fullynocturnal in #4
• Security hardening by @SiteRelEnby in #5
• Login/security refinements by @SiteRelEnby in #6
• Add System Safety: grace periods + re-auth for destructive actions by @SiteRelEnby in #7
• fix refresh token handling by @SiteRelEnby in #8
• Bump postcss from 8.5.8 to 8.5.12 in /web by @dependabot[bot] in #9
• Add per-device companion sessions for paired wearables by @SiteRelEnby in #10
• Expand cascade-revoke and replay-window coverage for companion sessions by @SiteRelEnby in #11
• Journals and improved markdown formatting by @SiteRelEnby in #12
• Encrypt member name/description, journal/revision content, and custom fields by @SiteRelEnby in #13
• Add notifications for logged out users, improve test script by @SiteRelEnby in #16
• Verifiable builds (ongoing) by @SiteRelEnby in #15

New Contributors

• @dependabot[bot] made their first contribution in #1
• @fullynocturnal made their first contribution in #4
• @SiteRelEnby made their first contribution in #5

Full Changelog: https://github.com/sheaf-project/sheaf/commits/v0.1.0