chore: bump version to 0.7.0 + download page updates

Bumps: - crates/{core,cli,tauri-app}/Cargo.toml: 0.6.2 → 0.7.0 - crates/tauri-app/tauri.conf.json: 0.6.2 → 0.7.0 - gen/android/app/tauri.properties: versionName 0.7.0, versionCode 7000 website/download.html: v0.7.0 promoted to top with FoF release notes; v0.6.2 retained in archive section. Wire-additive notice + link to design.html#fof for full architecture. No -beta suffix this cycle: no users on prior version means no need for the beta carve-out. Will resume beta convention when there are real users to migrate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 20:48:08 -06:00 · 2026-05-14 20:48:08 -06:00 · d46fcb4ef4
commit d46fcb4ef4
parent 4ec3a80b6c
6 changed files with 43 additions and 20 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2732,7 +2732,7 @@ checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2"
 [[package]]
 name = "itsgoin-cli"
-version = "0.6.2"
+version = "0.7.0"
 dependencies = [
 "anyhow",
 "hex",
@ -2744,7 +2744,7 @@ dependencies = [
 [[package]]
 name = "itsgoin-core"
-version = "0.6.2"
+version = "0.7.0"
 dependencies = [
 "anyhow",
 "base64 0.22.1",
@ -2767,7 +2767,7 @@ dependencies = [
 [[package]]
 name = "itsgoin-desktop"
-version = "0.6.2"
+version = "0.7.0"
 dependencies = [
 "anyhow",
 "base64 0.22.1",
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "itsgoin-cli"
-version = "0.6.2"
+version = "0.7.0"
 edition = "2021"
 [[bin]]
--- a/crates/core/Cargo.toml
+++ b/crates/core/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "itsgoin-core"
-version = "0.6.2"
+version = "0.7.0"
 edition = "2021"
 [dependencies]
--- a/crates/tauri-app/Cargo.toml
+++ b/crates/tauri-app/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "itsgoin-desktop"
-version = "0.6.2"
+version = "0.7.0"
 edition = "2021"
 [lib]
--- a/crates/tauri-app/tauri.conf.json
+++ b/crates/tauri-app/tauri.conf.json
@ -1,6 +1,6 @@
 {
  "productName": "itsgoin",
-  "version": "0.6.2",
+  "version": "0.7.0",
  "identifier": "com.itsgoin.app",
  "build": {
    "frontendDist": "../../frontend",
--- a/website/download.html
+++ b/website/download.html
@ -46,6 +46,41 @@
                <p style="margin: 0.5rem 0 0 0; font-size: 0.8rem; color: var(--text-muted);">v0.5.3 is kept online only as an upgrade bridge &mdash; it no longer connects to the live network.</p>
            </div>
            <h2 style="margin-top: 2rem;">v0.7.0 &mdash; May 15, 2026</h2>
            <p style="color: var(--text-muted); font-size: 0.85rem;">Friend-of-Friend gating is live. Posts can be public to readers but FoF-gated for comments (Mode 2), or fully FoF-gated for body + comments (Mode 1, <code>FoFClosed</code>). The CDN verifies comment signatures before propagating, killing the bandwidth-DoS attack a single admitted FoF member could otherwise mount. Vouches distribute via HPKE-sealed wrappers in your bio post &mdash; no DMs, no recipient IDs on the wire.</p>
            <div class="downloads">
                <a href="itsgoin-0.7.0.apk" class="download-btn btn-android">
                    Android APK
                    <span class="sub">v0.7.0</span>
                </a>
                <a href="itsgoin_0.7.0_amd64.AppImage" class="download-btn btn-linux">
                    Linux AppImage
                    <span class="sub">v0.7.0</span>
                </a>
                <a href="itsgoin-cli-0.7.0-linux-amd64" class="download-btn btn-linux">
                    Linux CLI / Anchor
                    <span class="sub">v0.7.0</span>
                </a>
                <a href="itsgoin-0.7.0-windows-x64-setup.exe" class="download-btn btn-windows">
                    Windows Installer
                    <span class="sub">v0.7.0</span>
                </a>
            </div>
            <ul style="color: var(--text-muted); font-size: 0.85rem; line-height: 1.6; margin-top: 1rem;">
                <li><strong>Vouch primitive (V_me).</strong> Every persona owns a 32B symmetric key issued to vouchees via HPKE-sealed anonymous wrappers in the voucher's bio post. Receivers auto-scan followed bios; the keyring is per-persona.</li>
                <li><strong>Mode 2: public posts, FoF-gated comments.</strong> Body indexable and CDN-shardable like any public post; comments encrypted under a per-post CEK only FoF members can unwrap. Non-FoF observers see only ciphertext.</li>
                <li><strong>Mode 1: <code>FoFClosed</code> posts.</strong> Body itself encrypted under the FoF gating. Non-members propagate the ciphertext but cannot read it.</li>
                <li><strong>CDN-level comment verification.</strong> Per-V_x signing keypair + propagation-node four-check accept rule. Any admitted FoF member who tries to flood junk gets dropped at first hop &mdash; not just at the author's render-time filter.</li>
                <li><strong>Bucketed padding.</strong> Wrap-slot count and body size pad to power-of-2 buckets (up to 256 / 256KB) then linear steps above. Observer learns the bucket, never the real count.</li>
                <li><strong>Revocation + access-grant.</strong> Author can per-post revoke a chain (cascade-deletes stored comments by that signer); or post-hoc grant access to a newly-vouched persona without republishing.</li>
                <li><strong>V_me rotation, cascade, key-burn.</strong> Pure rotation grandfathers old content. Optional cascade revokes that chain across all the author's old posts. Key-burn swaps a single slot in-place for leaked-key scenarios.</li>
                <li><strong>Unlock cache + retry sweep.</strong> First successful unlock from an author is cached; later posts hot-path to a single AEAD attempt. Posts no held V_x unlocks queue up; sweep on new V_x arrival.</li>
                <li><strong>Pre-deploy hardening.</strong> Receive-path FoF wire-shape validation, queue-size caps, key-burn replay rejection (monotonic timestamps).</li>
            </ul>
            <p style="color: var(--text-muted); font-size: 0.85rem;">v0.7.0 is a wire-additive release: new <code>PostVisibility::FoFClosed</code> variant, new <code>BlobHeaderDiffOp::FoF{Revocation,AccessGrant,KeyBurn}</code>, new fields on <code>InlineComment</code> and <code>ProfilePostContent</code>. Old clients don't understand FoF gating; upgrade for FoF features. See <a href="design.html#fof">design.html section 20a</a> for the full architecture.</p>
            <h2 style="margin-top: 2rem;">v0.6.2 &mdash; April 23, 2026</h2>
            <p style="color: var(--text-muted); font-size: 0.85rem;">Every remaining persona-signed direct push is off the wire. Deletes, visibility changes, profile updates, and group-key distribution now travel as encrypted / signed posts through the CDN. Groups are a first-class primitive. Plus two pre-release fixes &mdash; an admin-forgery check on group keys and a cap on concurrent port-scan hole punches that explains the 10 Mbps upload storm some users saw on VPNs.</p>
@ -68,19 +103,7 @@
                </a>
            </div>
-            <ul style="color: var(--text-muted); font-size: 0.85rem; line-height: 1.6; margin-top: 1rem;">
+            <p style="color: var(--text-muted); font-size: 0.85rem;">v0.6.2 was the last release before FoF gating. v0.7.0 is wire-additive; v0.6.2 clients won't understand FoF posts but otherwise interop.</p>
                <li><strong>Deletes + visibility changes travel as signed control posts</strong> through the CDN. The <code>DeleteRecord</code> / <code>VisibilityUpdate</code> direct pushes are gone.</li>
                <li><strong>Profile display data (name, bio, avatar) travels as a persona-signed profile post.</strong> Peer-visible names are back &mdash; but bound to the posting identity, not the network endpoint.</li>
                <li><strong>Rich comments</strong> &mdash; a comment can reference a separate post for long bodies or attachments; inline preview is signed alongside the reference.</li>
                <li><strong>Groups as a primitive</strong> &mdash; many-way posting anchored at a public root post. Circles remain one-way (admin-only).</li>
                <li><strong>Group keys distribute as encrypted posts</strong> &mdash; the <code>GroupKeyDistribute</code> wire message is gone.</li>
                <li><strong>Audience removed.</strong> Simpler social graph; anyone-can-send model via follows.</li>
                <li><strong>PostPush / PostNotification wire messages retired</strong> &mdash; all content propagates via CDN.</li>
                <li><strong>Port-scan hole punches are now capped at 1 concurrent</strong> &mdash; fixes sustained multi-Mbps upload on obfuscated VPNs after anchor connect.</li>
                <li><strong>Outgoing-connect dedup</strong> &mdash; auto-reconnect, rebalance, and relay-introduction no longer race to the same peer.</li>
                <li><strong>Security fix: group-key distribution verifies the claimed admin matches the post author</strong>, preventing a pollution attack where a peer who knows your posting id could overwrite your stored group key.</li>
            </ul>
            <p style="color: var(--text-muted); font-size: 0.85rem;">v0.6.2 is a wire-breaking fork from v0.6.1 (the retired message types are not optional). Upgrade both ends.</p>
            <h2 style="margin-top: 2rem;">v0.6.1 &mdash; April 22, 2026</h2>
            <p style="color: var(--text-muted); font-size: 0.85rem;">Network identity is now fully separated from posting identity on every install. Plus: Android auto-backup disabled by default, Reset actually resets, import preserves your personas, and display name is optional.</p>