Skip to content

Releases: johnzilla/blindjoin

v1.7.0

Choose a tag to compare

@github-actions github-actions released this 04 Jun 02:29
v1.7.0
v1.7.0 Simplification Reduced supply-chain surface and release ceremo…

v1.6.0

Choose a tag to compare

@github-actions github-actions released this 03 Jun 15:40
v1.6.0
v1.6.0 Supply-Chain Attestation

Closes the v1.5 unsigned-build supply-chain gap. Every release tarball
and ghcr.io image is cosign-signed (keyless OIDC, no maintainer key
custody), SLSA v1.0 provenance-attested, and SPDX SBOM-attested. Base-
image digests pin in docker/digests.txt. blindjoin-linux-amd64.tar.gz
rebuilds byte-for-byte from source on ubuntu-24.04.

12 of 14 v1 requirements shipped. SIGN-03 (PGP YubiKey path) deferred
indefinitely. REPRO-04 (reproducible-builds.org registry submission)
descoped.

~1,400 lines of process theater stripped from the surface at milestone
close (no auto-issue spam, no cron schedules, no custom CI grep gates
on comment presence, no vanity registry submissions). Real cryptographic
verification and supply-chain pinning intact.

Verify:
  cosign verify-blob --bundle blindjoin-linux-amd64.tar.gz.bundle \
    --certificate-identity-regexp 'https://github.com/<owner>/blindjoin/\.github/workflows/release\.yml@refs/tags/v.*' \
    --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
    blindjoin-linux-amd64.tar.gz

Recipe + per-tag expected sha256: docs/REPRODUCIBLE-BUILD.md

v1.5.0

Choose a tag to compare

@github-actions github-actions released this 01 Jun 03:19
v1.5.0
v1.5.0 Audit-Readiness & Multi-Script Finish

Delivered: Closes the v1.4 follow-throughs (production sign bodies for
P2TR + P2SH-P2WPKH, accurate fees for mixed-script rounds), readies the
codebase for external security audit (charter, audit.toml refresh,
structurally-bounded RSA SecretKey lifetime), and lands the release-
readiness P0s (SECURITY.md, CHANGELOG.md, CI release-smoke gate,
Dockerfile ARG-based digest pinning scaffold).

Key accomplishments:
- Production BIP-322 sign bodies for P2TR (Schnorr keypath) and
  P2SH-P2WPKH (BIP-143) shipped in shared::bip322; test-only escape
  hatches (sign_simple_test_only + per-script sign_for_tests) deleted;
  shared::bip322 public surface shrunk to exactly 9 symbols with
  V1.4-CRIT-01 dispatcher-only invariant load-bearing at the type
  level (Phase 19 — BIP322-05, BIP322-06, BIP322-07).
- Per-script BIP-141 vbyte table (P2WPKH 68/31, P2TR 58/43 round-UP,
  P2SH-P2WPKH 91/32) replaces the legacy P2WPKH-only constants;
  ParticipantInput.script_type plumbed through dispatch_ownership_proof
  → UtxoDetails → RegisteredInput; v1.4 P2WPKH-only fee_share == 266
  byte-equality preserved (Phase 20 — FEE-01, FEE-02, FEE-03).
- External audit charter at docs/AUDIT-CHARTER.md (574 LOC, 8 H2
  sections) shipped. RSA SecretKey lifetime tightened from prose to
  Rust type signature: Option<RsaBlindSigner> on RoundStateInner, SOLE
  FSM chokepoint at state.rs:202, grep-verified (Phase 21 — AUDIT-01,
  AUDIT-02, AUDIT-03).
- SECURITY.md + CHANGELOG.md at repo root with responsible-disclosure
  contact, supply-chain status callout, and Keep-a-Changelog entries
  v1.0 → v1.5 (post-archive polish — quick task 260531-thw).
- CI release-smoke gate: release.yml + docker.yml check jobs now run
  cargo test --workspace --all-targets under BLINDJOIN_REQUIRE_BITCOIND=1
  via a composite install-bitcoind action; rehearsal-verified via
  workflow_dispatch on 2026-06-01 (run 26731267747, check passed in
  9m12s, build job skipped per the publish gate). Dockerfile bases
  pinnable via CARGO_CHEF_REF + DEBIAN_REF build args; bitcoind image
  in compose bumped from 27 → 30 to match .bitcoind-version 30.2.
  Quick tasks 260531-thw + 260531-ubf.

Tag is SSH-signed (ed25519 fingerprint SHA256:ECOieW3GHCOg3kfntXX1FP1Fg2KOTKkkf9tMEOypsVQ,
registered as a GitHub Signing Key on @johnzilla).

See .planning/MILESTONES.md and CHANGELOG.md for full details.

v1.4.0

Choose a tag to compare

@github-actions github-actions released this 31 May 01:35
v1.4.0 BIP-322 Multi-Script Support

Delivered: CoinJoin participation broadened from P2WPKH-only to P2WPKH + P2TR + P2SH-P2WPKH UTXOs with cryptographically unspoofable script-type cross-check.

Key accomplishments:
- Eliminated the is_p2wpkh() registration gate; multi-script ownership-proof dispatcher with on-chain CRIT-01 cross-check (statically unreachable spoofing via dispatcher-only public surface)
- Adopted upstream bip322 = "=0.0.10" crate via 26-LOC zero-lossy adapter; per-script verifier/signer + 9 cross-shape rejection tests against vendored official BIP-322 vectors (SHA d77863fb9e)
- PKARR record v0.2.0 with B3 compact field names (v/sst/ost); 209-byte production-onion measurement (11-byte headroom under 220-byte threshold)
- Client multi-script wallet (--type {p2wpkh|p2tr|p2sh-p2wpkh}) with fail-fast discovery rejecting mismatched coordinators BEFORE opening any Tor circuit
- WALLET-04 v1.3 <-> v1.4 backwards-compat shim verified bidirectionally (CD-7 two-phase try-parse encoder + pinned v1.3 binary at SHA 05f21438)
- Mixed-script acceptance gate: 1x P2WPKH + 1x P2TR + 1x P2SH-P2WPKH input through INPUT_REG -> BROADCAST in a single cargo test run
- Liquidity bot per-round script_types rotation (BLINDJOIN_BOT_SCRIPT_TYPES CSV) defeats V1.4-MIN-02 uniform-script fingerprint
- v1.3 P2WPKH-only full_round::* invariant held green at every v1.4 phase boundary (8/8 PASS)

Milestone-close cleanup also discharged 14 pre-existing clippy lints in shared/src/bip322/* (boxed bip322::Error source on CrateVerifyFailed; dropped redundant .to_vec() calls).

See .planning/MILESTONES.md for full details.

v1.3.0

Choose a tag to compare

@github-actions github-actions released this 29 May 19:57
v1.3 Test Infrastructure & Operational Hardening

Delivered: Trustworthy integration-test feedback loop — CI runs the bitcoind-dependent suite on every PR with zero Box::leak, RAII fixtures, and pinned dependencies; REPAIR-01 closed-local (all 8 full_round tests green) via direct fixes for the RSA SPKI handshake, bdk_wallet 2.3 segwit signing, partial-sig wire format, and coordinator witness_utxo correctness.

Key accomplishments:
- CI substrate: pinned bitcoind v30.2, PGP-verified install, BLINDJOIN_REQUIRE_BITCOIND=1 (TEST-01/02)
- Shared fixtures: require_bitcoind!() macro + BitcoindGuard RAII; zero Box::leak across tests/integration/ (TEST-03/04)
- CONTRIBUTING.md canonical pattern with verdict reference card (TEST-05)
- REPAIR-02: corepc-node feature pin CI grep gate (4026f50)
- REPAIR-01 closed-local: all 8 full_round::* tests green via direct commits (cc20f6f, 0bbcf3c, 39a2d0a, 8538238, 0780935, 489646f, 39302c3, 6f8c7e5, 9dad19f); full PR observation pending v1.4 cut
- Hygiene: 2 MEDIUM test backdoors removed, dead CLI flag dropped, planning state reconciled

See .planning/milestones/v1.3-ROADMAP.md and .planning/MILESTONES.md for full details.

v1.0.0

Choose a tag to compare

@github-actions github-actions released this 10 Apr 01:18
v1.0.0
f24a59b
v1.0.0