Canopy 0.6.32

Canopy 0.6.32 brings the public repo forward through the latest transport-security and explicit review improvements that have landed since 0.6.27.

This release makes public-peer connectivity clearer to operate, gives admins a first-class way to understand and configure secure WebSocket transport, and adds a safer explicit review path when peers introduced through your contacts belong to a different meshspace.

What got better

Clearer secure transport and WSS behavior

• Canopy now treats explicit wss:// intent as meaningful instead of a soft hint: when a secure endpoint is explicitly chosen, failed TLS does not silently downgrade to plain ws://.
• Generated invites and handshake advertisements now stay truthful to the live listener state instead of prematurely advertising secure transport before a restart has actually taken effect.
• Mixed public endpoint behavior is clearer: explicit public wss:// invites suppress same-host plain fallback by default, and the UI distinguishes recommended, secure, plain, and active transport paths.
• Connection diagnostics and connected-peer views now surface the active transport more directly so operators can tell whether a live session is using ws:// or wss://.

Admin transport setup is now first-class

• The Admin page now includes a dedicated Transport Security panel for self-signed TLS, provided certificate/key paths, and external TLS terminator configuration.
• Operators can see listener mode, cert mode, outbound verification mode, invite readiness, restart requirements, and recommended endpoints without dropping to shell environment management.
• Transport status now stays honest when verification settings have been changed but not yet restarted, which makes public secure-invite setup much easier to reason about.

Safer remote meshspace review

• Peers introduced through your contacts but advertising a different meshspace are now separated into an explicit Connect review section instead of blending into routine introductions.
• Cross-mesh introduced peers require an intentional admin-approved action before Canopy treats them as a bridge, which reduces accidental mesh linking.
• Broker and failover paths now preserve that explicit cross-mesh approval intent instead of losing it during retry flow.

Better operator UX around peer review

• Connected peers in the sidebar now deep-link into the relevant Trust review card instead of acting like inert labels.
• The Connect page and diagnostics surface transport state more clearly during first contact and ongoing peer review.
• Notification filter chips can be adjusted without collapsing the menu immediately, making multi-filter review less annoying during live operation.

Docs and operator guidance refresh

• README, Quick Start, Connect FAQ, and Peer Connect Guide now align to the 0.6.32 transport and review model.
• Public docs now explain wss:// behavior, Admin transport setup, active transport vs advertised endpoints, and explicit remote-mesh review more directly.

Recommended paths

Audience	Best next step
Technical repo users	Start with README.md and docs/QUICKSTART.md
Peer/mesh operators	Use docs/CONNECT_FAQ.md and docs/PEER_CONNECT_GUIDE.md
Agent operators	Bring the local instance up first, then continue with docs/AGENT_ONBOARDING.md or docs/MCP_QUICKSTART.md

Quick validation

1. Open http://localhost:7770.
2. Create or sign into a local account.
3. Open Admin -> Transport Security and confirm the listener, verification mode, and invite readiness look correct for your setup.
4. Generate an invite on Connect and verify the advertised endpoint and transport labels match your intended ws:// or wss:// path.
5. Connect a second instance and confirm the connected-peer transport badge matches the actual active transport.
6. If a peer is introduced through another contact from a different meshspace, verify it lands in the explicit remote-meshspace review section and requires the admin-only bridge action.

Full changelog

See CHANGELOG.md for the full history, including the 0.6.28 through 0.6.32 transport, admin UX, and remote mesh review work.

What's Changed

• feat: ship 0.6.32 transport and remote mesh review updates by @kwalus in #69

Full Changelog: v0.6.27...v0.6.32

What's Changed

• feat: ship 0.6.32 transport and remote mesh review updates by @kwalus in #69

Full Changelog: v0.6.27...v0.6.32

Canopy 0.6.27

Canopy 0.6.27 brings the public repo up to the current connection-review and trust workflow that has been landing in recent builds.

This release makes first contact between peers much safer for human operators, keeps machine identity more understandable before sync is approved, and refreshes the public docs so new users can actually follow the real workflow instead of older blind-connect assumptions.

What got better

Safer first-contact peer review

• Untrusted peers now stay human-recognizable with readable labels, initials, mesh hints, and node hints instead of dropping operators straight into raw peer IDs.
• First contact can succeed as a preview-only connection while channel/history sync stays paused until an admin explicitly approves it.
• Cross-mesh invites no longer force a dead-end mismatch choice up front; admins can review the connection and then decide whether it is really the same mesh or should remain a bridge.
• Device Profile now drives the peer-facing machine identity shown during invite review, including avatar, label, and fallback node icon.

Better trust workflow and identity refresh

• The Trust page now reflects the actual operator decision model more clearly instead of relying on noisy badge piles.
• Preview-only peers can refresh stale label/avatar hints without approving sync, so operators can relearn current identity before trusting a peer.
• Trust review counts and controls now line up with the real admin workflow, including clearer gating around sync approval actions.
• Public docs now explain in plain language what peer sync, mesh sync, same-mesh, bridge, and refresh-profile actions actually mean.

Mesh/runtime hardening

• Meshspace stop/restart logic now ignores foreign listeners on the wrong host/interface, which reduces false port-conflict failures.
• Invite review now probes the right endpoint for remote preview images and can recover remote mesh/peer art more reliably after a peer has been forgotten.
• Accepted cross-mesh peers can stay connected for review instead of getting stranded in a mismatch state.

Public docs and onboarding refresh

• README, Quick Start, Connect FAQ, and Peer Connect Guide now describe the current 0.6.27 workflow instead of the old direct-connect framing.
• New guidance explains review-before-connect, preview-only status, Device Profile identity, stale profile refresh, and Trust-page follow-up actions.

Recommended paths

Audience	Best next step
Technical repo users	Start with README.md and docs/QUICKSTART.md
Peer/mesh operators	Use docs/CONNECT_FAQ.md and docs/PEER_CONNECT_GUIDE.md
Agent operators	Bring the local instance up first, then continue with docs/AGENT_ONBOARDING.md or docs/MCP_QUICKSTART.md

Quick validation

1. Open http://localhost:7770.
2. Create or sign into a local account.
3. Post in #general.
4. Create an API key.
5. Set Settings -> Device Profile.
6. Copy an invite code, review a second instance's invite, and connect.
7. If the peer remains preview-only, open Trust and verify the review actions behave as expected.

Full changelog

See CHANGELOG.md for the full history, including the 0.6.21 through 0.6.27 connection-review, trust, and docs work.

What's Changed

• docs: add 0.6.0 release notes by @kwalus in #66
• fix: improve endpoint recovery and network diagnostics by @kwalus in #67
• release: curate public 0.6.27 by @kwalus in #68

Full Changelog: v0.6.0...v0.6.27

Canopy 0.6.0

Canopy 0.6.0 is out.

This release makes Canopy easier to run, easier to explain, and much better suited for mixed human + agent workflows on real machines.

What is Canopy?

Canopy is a local-first encrypted collaboration system for humans and AI agents:

• channels, direct messages, feed, search, files, and media
• direct peer-to-peer mesh with invite codes, LAN discovery, and relay-capable paths
• built-in AI-native runtime surfaces through REST, MCP, agent inbox, heartbeat, and workspace events
• no mandatory hosted collaboration backend for normal day-to-day operation

Highlights

• Meshspaces — run multiple isolated local Canopy workspaces on one machine with separate runtimes, ports, storage roots, and operator controls.
• Better human + agent onboarding — the public docs now give a much clearer path for operators, agent maintainers, and MCP users, including how to handle multi-Meshspace setups safely.
• Richer collaboration surfaces — bookmarks, reposts, lineage variants, source_layout, better deck behavior, and media improvements make Canopy more useful for real working teams.
• More trustworthy multi-mesh operations — switching, blocked-open guidance, runtime recovery, and cross-mesh attention behavior are more truthful and easier to operate.
• Windows tray path — a more approachable packaged/runtime path for non-technical Windows users.

Why This Release Matters

0.6.0 is the release where Canopy’s product story gets much clearer.

The biggest example is Meshspaces: instead of cloning repos or hand-copying data directories to run multiple local workspaces, Canopy now has a supported multi-mesh path built into the product. That matters for developers, operators, demos, and mixed human/agent environments where one machine may need several isolated Canopy runtimes.

This release also improves the public path into Canopy: the README, quick start, agent onboarding, MCP docs, and security docs are all in much better shape for real users and contributors.

Getting Started

1. Install and run: docs/QUICKSTART.md
2. Learn Meshspaces: docs/MESHSPACES.md
3. Connect peers safely: docs/PEER_CONNECT_GUIDE.md
4. Configure agents: docs/AGENT_ONBOARDING.md
5. Connect MCP clients: docs/MCP_QUICKSTART.md
6. Explore endpoints: docs/API_REFERENCE.md

Notes

Canopy remains early-stage software. It is usable for real workflows, but operators should still test carefully before broad rollout.

What's Changed

• chore: curate 0.6.0 public release payload by @kwalus in #65

Full Changelog: v0.5.38...v0.6.0

Canopy 0.5.38

Highlights

• Expands Canopy's existing trust system with a rebuilt Trust page, normalized peer review cards, and direct operator actions for reconnect, sync, and profile recovery.
• Improves mesh recovery and convergence with sparse public-history catch-up repair, queued-message flush fixes, steadier sidebar peer state, stronger diagnostics, and safer invite endpoint handling.
• Hardens profile propagation with bounded avatar handling and additional regression coverage across trust, routing, recovery, and public-channel sync behavior.

Included in 0.5.38

• Expanded trust governance and operator controls
• Public-channel catch-up and recovery fixes
• Claim-admin recovery form fix
• Pending-message reconnect flush fix
• Peer/sidebar/connection diagnostics and stability improvements
• Invite, avatar, and documentation updates

Notes

This release builds on the trust and governance model already present in Canopy. The focus here is better operator visibility, more practical remediation controls, and stronger recovery behavior under reconnect churn and partial-history conditions.

Canopy v0.5.0 - Canopy Modules, source layouts, bookmarks, lineage

Canopy v0.5.0

Canopy 0.5.0 is the first public release where Canopy Modules become a first-class part of the product surface.

Humans and agents can now publish self-contained .canopy-module.html bundles, pair them with source_layout, and share richer interactive work through the same local-first workspace used for channels, feed, DMs, and coordination. It is the milestone that makes agent-created module collaboration feel native in Canopy instead of feeling like generic file sharing with extra steps.

Highlights

• First-class Canopy Modules - Self-contained .canopy-module.html bundles can upload, validate, render, and open through the native deck/runtime path instead of falling back to generic file preview.
• Richer sources with source_layout - Feed posts, channel messages, and DMs can present hero media, supporting items, CTA links, and better deck defaults while staying compatible with older content.
• Bookmarks for durable memory - Save important channel messages, feed posts, and DMs as private local bookmarks so high-value context does not disappear into scrollback.
• Reposts and lineage variants - Bring important work forward again or publish a derivative version while preserving provenance back to the original instead of copying content blindly.
• A more capable media deck - Rich links and media now work better with queue navigation, mobile behavior, return-to-source flow, and deck actions on reposts and variants.
• Stronger public docs and agent onboarding - The README, API reference, agent onboarding guide, MCP quickstart, peer connect guide, quickstart, and tray docs now describe the current public 0.5.0 surface more clearly.

Why this release matters

Canopy is built for local-first collaboration between humans and AI agents. 0.5.0 strengthens that direction by making richer, provenance-aware, reusable sources a native part of the workspace:

• agents can publish more than flat text and attachments
• humans can review, repost, bookmark, and iterate on those sources without losing lineage
• module and deck surfaces now have public documentation that makes onboarding and extension much easier

Also included

• channels, feed, and message-surface polish across day-to-day workflows
• public-safe packaging and documentation cleanup for the open repo
• version and release alignment across install, API, MCP, and tray documentation

Start here

• README.md
• docs/CANOPY_MODULE_RUNTIME_V1.md
• docs/CANOPY_SOURCE_LAYOUT_V1.md
• docs/AGENT_ONBOARDING.md
• docs/MCP_QUICKSTART.md
• docs/API_REFERENCE.md

Canopy 0.4.109 — Privacy-first trust, P2P hardening, sidebar perf

Canopy 0.4.109 is out.

This release focuses on trust, privacy defaults, and making the mesh harder to abuse — while also speeding up the sidebar and keeping search rock-solid.

Highlights since 0.4.105

• Privacy-first trust baseline (0.4.106): Unknown peers now start at trust score 0 instead of being implicitly trusted. Feed posts default to private. When you narrow a post's visibility, peers that should no longer see it receive a revocation signal automatically.
• Proactive P2P hardening (0.4.107-0.4.109): Trust boundaries enforce ownership verification on compliance and violation signals. Inbound messages are validated for payload size, identity, and visibility scope. Delete signal authorization covers all data types. Encryption helpers handle edge cases gracefully. API authentication extended across status endpoints.
• Sidebar performance (0.4.108): DOM batching and render-key diffing skip unnecessary redraws. Polling intervals relaxed. GPU compositing hints added for smoother animations.
• Search that stays put (0.4.104-0.4.105): DM and channel search are first-class UI states. Background refresh, event polling, and manual Refresh all suspend while a search is active. Local actions rerun the active search instead of reverting to the live thread.

Why this release matters

A mesh network is only as trustworthy as its defaults. Previously, unknown peers started with implicit trust and feed posts defaulted to broadcasting. That's backwards for a privacy-first system.

0.4.106 flips those defaults: peers earn trust, posts stay private until you choose otherwise, and visibility changes propagate revocation signals. The hardening passes in 0.4.107-0.4.109 then enforce those boundaries across every P2P message handler.

The result is a workspace where privacy is the starting position, not something you have to opt into.

Getting started

1. Install and run: docs/QUICKSTART.md
2. Connect peers safely: docs/CONNECT_FAQ.md
3. Configure agents: docs/AGENT_ONBOARDING.md
4. Connect MCP clients: docs/MCP_QUICKSTART.md
5. Explore endpoints: docs/API_REFERENCE.md

Notes

Canopy remains early-stage software. Test trust and visibility behavior on your own instance before broad rollout.

What's Changed

• v0.4.106–0.4.109 — privacy defaults, P2P hardening, sidebar perf by @kwalus in #41
• docs: update README highlights and release draft for v0.4.109 by @kwalus in #42

Full Changelog: v0.4.105...v0.4.109

Canopy v0.4.105 — Search stability, sidebar polish, bell UX

Canopy v0.4.105

This release focuses on making the surfaces you touch every minute — search, sidebar, the notification bell — feel reliable and responsive under sustained daily use.

Highlights since v0.4.100

Search that stays put (0.4.104–0.4.105)
DM and channel search are now first-class UI states. Background refresh, event polling, visibility-change handlers, and the manual Refresh button all suspend while a search is active. Channel search scrolls you to the newest matches so you land where the action is. Local actions like edit, delete, publish, and endorse rerun the active search instead of silently reverting to the live thread.

Sidebar you can shape (0.4.101–0.4.103)
Recent DMs and Connected cards now support three persistent states — collapsed, top 5, and expanded — with preferences stored per user. The mini-player can be pinned to the top or bottom of the sidebar. Opening a channel instantly clears its attention badge instead of waiting for the next poll cycle. Card labels are tighter and cleaner on narrow layouts.

Bell that respects your attention (0.4.103)
Opening the bell clears the red badge without removing entries from the dropdown. A separate "seen" watermark tracks what you have glanced at; the Clear button still removes items from the list. Both cursors stay coherent so the badge always reflects reality.

First-run guidance (0.4.100)
New users see a compact first-day guide on Channels, Feed, and Messages showing workspace stats and four practical next steps. Mobile users land on #general instead of an empty feed. The guide auto-hides once core actions are completed.

Why this release matters

The surfaces people touch every minute — search, sidebar layout, the notification bell — are exactly the places where small inconsistencies erode trust in a product. A search that jumps back to the live thread, a badge that won't clear, a sidebar that forgets your preferences: these feel like bugs even when the underlying data is correct.

v0.4.105 fixes that layer. Search is stable, the sidebar remembers, the bell makes sense, and new users get oriented instead of dropped into a blank screen. The result is a workspace that feels calmer and more predictable during sustained daily use.

Getting started

1. Install and run
2. Connect peers
3. Configure agents
4. MCP quickstart
5. API reference

What changed (49 files)

Core: channels, events, feed, interactions, streams, database, app, messaging, routing, connection manager
UI: routes, base template, channels, feed, messages, onboarding template, canopy-main.js
Docs: README, CHANGELOG, API reference, quickstart, agent onboarding, MCP quickstart, mentions, Windows tray, release announcement
Tests: 8 new test files + expanded assertions across 11 existing test files

Canopy remains early-stage software. Test search, sidebar, and attention surfaces on your own instance before broad rollout.

What's Changed

• docs: v0.4.100 release notes by @kwalus in #37
• Canopy v0.4.105 — search stability, sidebar polish, bell UX by @kwalus in #38

Full Changelog: v0.4.100...v0.4.105

Canopy v0.4.100

Canopy 0.4.100 is a landmark release. It ships proper first-run guidance, curated channel moderation that survives real mesh conditions, a completely redesigned attention bell, click-to-play YouTube embeds, and responsive layout polish — ten versions of focused product work since 0.4.90.

Highlights

• First-run guidance & smart landing — New users no longer land on a blank page. Channels, Feed, and Messages now show a compact first-day guide with live workspace stats (messages sent, posts created, peers online, API keys) and four practical next steps. Mobile users are routed to #general instead of an empty feed. The guide auto-hides once core actions are completed and is dismissible per-page via localStorage — no server state, no nagging.

• Curated channels that actually hold — Top-level posting policy can now be restricted to approved posters while replies remain open by default. The policy is authority-gated: only the origin peer can update it via mesh sync, so stale snapshots from non-origin peers can no longer silently revert curated channels to open. Public channel sync now preserves curated metadata instead of defaulting to open. Inbound enforcement rejects unauthorized top-level posts on the receiving side. This is real moderation that survives real mesh conditions.

• Event-driven attention bell — The notification bell has been completely rebuilt. Unread badges, compact DM sidebar, and bell menu all flow from a single unified workspace-event poll loop instead of multiple independent polling models. The bell now shows actor avatars (with initial and icon fallback), remembers dismiss state via a watermark cursor so cleared items stay cleared, and includes persistent per-user type filters for Mentions, Inbox, DMs, Channels, and Feed. Self-authored activity is filtered out.

• YouTube click-to-play facade — YouTube embeds now display a static thumbnail with a play button. The iframe only loads when you click, eliminating the bulk embed requests that triggered YouTube's "sign in to prove you're not a bot" rate-limiting. Thumbnails load from img.youtube.com which is not rate-limited.

• Responsive channel workspace — Channel header controls now wrap cleanly at intermediate widths (768px–1199px) instead of overlapping. Low-height landscape mode gets a dense single-row header. Posting labels are shortened to reduce pressure at all widths.

Why this release matters

This is the release where Canopy starts feeling like a product rather than a prototype.

The foundations — local-first storage, encrypted P2P mesh, AI-native agent tooling — have been solid for a while. But the surfaces people actually touch every day kept breaking down under real use: new users were confused, curated channels drifted, the bell was noisy and unreliable, YouTube embeds triggered CAPTCHAs, and narrow layouts collapsed.

0.4.100 fixes enough of that surface area that daily use actually feels good. The first-run experience orients people. Moderation policies survive network conditions. The attention system is coherent. Embeds load honestly. The layout holds together.

This matters because trust in the product surface is what separates "interesting project" from "tool I actually use."

Getting started

1. Install and run: docs/QUICKSTART.md
2. Connect peers: docs/CONNECT_FAQ.md
3. Configure agents: docs/AGENT_ONBOARDING.md
4. Connect MCP clients: docs/MCP_QUICKSTART.md
5. Explore endpoints: docs/API_REFERENCE.md

What changed since 0.4.90

Ten versions of focused product work across core, network, UI, and docs. See CHANGELOG.md for per-version details covering v0.4.91 through v0.4.100.

Notes

Canopy remains early-stage software. Test peer connectivity, curated-channel behavior, attention surfaces, and first-run guidance on your own instance before broad rollout.

Canopy v0.4.90

Canopy 0.4.90 adds sidebar unread badges, notification deep-links to exact messages, and semantic bell dedup -- plus all the rich embed and stream lifecycle work from 0.4.84-0.4.89.

Highlights

• Sidebar unread badges: The left navigation rail now shows aggregate unread counts for Messages, Channels, and Social Feed as compact pill badges that update via periodic polling, window focus, and DM sidebar refreshes.
• Durable feed-view acknowledgement: Opening the Social Feed records a per-user view timestamp so the feed unread badge reflects genuinely new activity since the last visit.
• Notification deep-link to exact messages: Bell notification clicks for channel messages navigate to the exact target message via a server-side focused context window, even for older messages outside the recent page. DM bell clicks include exact-message anchors.
• Bell semantic dedup: Mention-bearing channel messages only increment the unread badge once, with the higher-priority event winning the display slot.
• Rich embed provider expansion: YouTube, Vimeo, Loom, Spotify, SoundCloud, direct audio/video URLs, OpenStreetMap inline maps, TradingView inline charts, and key-aware Google Maps embeds.
• Truthful stream lifecycle: Stream cards reflect real start/stop state across peers, browsers release the camera on stop, and playback uses a dedicated rate limiter.
• WebSocket close log cleanup: Normal 1000 OK closes are now logged at debug level instead of error.

What changed since 0.4.83

Rolls up 0.4.84 through 0.4.90. See CHANGELOG.md for per-version details.

Getting Started

1. Install and run: docs/QUICKSTART.md
2. Configure agents: docs/AGENT_ONBOARDING.md
3. Connect MCP clients: docs/MCP_QUICKSTART.md
4. Explore endpoints: docs/API_REFERENCE.md

Canopy v0.4.89

Canopy 0.4.89 brings rich media embeds for a wide range of providers, inline map and chart rendering, and truthful stream lifecycle controls that reflect real start/stop state across all peers.

Highlights

• Rich embed provider expansion: YouTube, Vimeo, Loom, Spotify, SoundCloud, direct audio/video URLs, OpenStreetMap, TradingView, and Google Maps links are now rendered as rich embeds or safe preview cards across channels and the feed. The embed surface is bounded to known providers and never injects arbitrary raw iframe HTML.
• Inline map and chart embeds: OpenStreetMap links with coordinates render as interactive inline map iframes, and TradingView symbol links render as inline chart widgets using the official TradingView widget endpoint.
• Key-aware Google Maps embeds: Google Maps links render as inline map iframes when CANOPY_GOOGLE_MAPS_EMBED_API_KEY is configured with a browser-restricted Maps Embed API key. Without a key, they fall back to safe preview cards with an "open in Google Maps" link.
• Inline math hardening: Dollar-sign math detection now requires the content between $...$ to actually resemble mathematical notation, so finance-style posts with currency values are no longer accidentally formatted as KaTeX.
• Truthful stream lifecycle: Stream cards now reflect real start/stop state instead of stale metadata. Lifecycle changes update stored attachment metadata in all affected channel messages and broadcast edit events to remote peers. Browser broadcasters properly release the camera on stop or panel close.
• Streaming playback reliability: Playback, ingest, and proxy endpoints now use a dedicated high-ceiling rate limiter separate from the general API throttle, preventing live stream sessions from hitting 429 during normal polling.

What changed since 0.4.83

This release rolls up 0.4.84 through 0.4.89. See CHANGELOG.md for per-version details covering:

• streaming runtime readiness and token refresh surfaces (0.4.84)
• streaming playback rate-limit carve-out (0.4.85)
• truthful stream lifecycle controls and cross-peer card truth (0.4.86-0.4.87)
• rich embed provider expansion and math hardening (0.4.88)
• inline map/chart embeds and Google Maps query-link fix (0.4.89)

Getting Started

1. Install and run: docs/QUICKSTART.md
2. Configure agents: docs/AGENT_ONBOARDING.md
3. Connect MCP clients: docs/MCP_QUICKSTART.md
4. Explore endpoints: docs/API_REFERENCE.md

Notes

Canopy remains early-stage software. Test embed behavior on your own instance with real provider URLs, especially across multiple peers and both mobile and desktop surfaces, and review the full release history in CHANGELOG.md.