Releases: OpenAdaptAI/openadapt-desktop
Release list
v0.5.0
v0.5.0 (2026-07-17)
This release is published under the MIT License.
Documentation
Features
Detailed Changes: v0.4.0...v0.5.0
v0.4.0
v0.4.0 (2026-07-17)
This release is published under the MIT License.
Bug Fixes
-
Close mkstemp fd in zip_dir so push works on Windows (#11,
160ae42) -
Keep the updater feed disabled until a signing-key lifecycle exists (#10,
65c037f)
Continuous Integration
Features
-
Build Tauri shell + Vite/React cockpit on the design system (#10,
65c037f) -
Rewire engine for hosted loop (auth, ingest push, flow bridge) (#11,
160ae42) -
Tauri shell + Vite/React cockpit on the design system (W2) (#10,
65c037f) -
Wire the local loop (IPC handlers, tray socket server, keychain) (#11,
160ae42)
Detailed Changes: v0.3.2...v0.4.0
OpenAdapt Desktop Experimental 0.1.1
Experimental Native Installers
OpenAdapt Desktop native packages are Experimental scaffold-shell artifacts.
They verify platform packaging and removal, not an integrated OpenAdapt workflow.
The window is hidden by default, the tray and Rust commands remain scaffolds, and
the Python sidecar is not started or bundled. Use openadapt-flow for the
supported record, compile, certify, replay, and governed-repair path.
Native releases use a distinct desktop-vX.Y.Z tag and prerelease channel. The
native version comes from package.json, src-tauri/Cargo.toml, and
src-tauri/tauri.conf.json; it is intentionally separate from the Python
package's semantic-release version.
Artifact labels
Every filename includes Experimental, the native version, operating system,
architecture, and signing state. The initial matrix is:
| Platform | Architectures | Packages | Signing labels |
|---|---|---|---|
| macOS | Apple Silicon (arm64), Intel (x86_64) |
DMG | adhoc or developer-id-notarized |
| Windows | x86_64 |
MSI and NSIS setup executable | unsigned or authenticode |
| Linux | x86_64 |
DEB and AppImage | unsigned plus GitHub provenance |
The build workflow runs structural install/uninstall smoke tests on clean hosted
runners. These tests do not certify recording, replay, the updater, Gatekeeper,
SmartScreen reputation, distribution-repository metadata, or production use.
Integrity and provenance
Release jobs stage the exact post-signing, smoke-tested files, generate one
sorted SHA256SUMS manifest, verify it, and create GitHub artifact attestations
over that manifest. Consumers can verify downloaded assets with:
sha256sum -c SHA256SUMS
for artifact in OpenAdapt-Desktop-Experimental-*; do
gh attestation verify "$artifact" --repo OpenAdaptAI/openadapt-desktop
doneAn attestation binds bytes to a build identity; it does not establish that the
software is secure or functionally complete.
External signing requirements
The protected native-release GitHub environment may provide complete signing
credential sets. Partial sets fail the build instead of falling back silently.
- macOS Developer ID and notarization:
APPLE_CERTIFICATE,
APPLE_CERTIFICATE_PASSWORD,APPLE_SIGNING_IDENTITY,APPLE_ID,
APPLE_PASSWORD, andAPPLE_TEAM_ID. - Windows Authenticode:
WINDOWS_CERTIFICATE,
WINDOWS_CERTIFICATE_PASSWORD, andWINDOWS_CERTIFICATE_THUMBPRINT. The
certificate must support code signing; Tauri uses SHA-256 and an RFC 3161
timestamp service. - Linux AppImage GPG is intentionally disabled until the workflow pins an
external AppImage signature validator and publishes the corresponding public
key fingerprint through an authenticated channel. AppImage does not
self-verify; DEB/RPM repository metadata signing is also a separate boundary.
When no complete credential set is configured, the prerelease remains explicit
about ad-hoc or unsigned status. The updater stays disabled until its independent
public/private signing-key lifecycle and recovery procedure are established.
v0.3.2
v0.3.1
v0.3.0
v0.3.0 (2026-07-15)
Features
- Align desktop with the hosted workflow loop (
99fee01)
Publish the Experimental Python authoring surface and unsigned CI shells while keeping signed installers, updater signing, and production distribution explicitly unsupported.
Detailed Changes: v0.2.0...v0.3.0
v0.2.0
v0.2.0 (2026-03-04)
Features
Add diagnostic command that checks all dependencies and configuration:
- Python version, data directory writability, database connectivity
- Core deps: openadapt-capture, openadapt-privacy, psutil
- Optional deps: boto3, huggingface_hub, magic-wormhole
- Backend credentials (S3 keys, HF token) when configured
- Shows actionable install instructions for missing dependencies
Bug fixes:
- audit.py: create parent directory before writing log entries
- wormhole.py: use subprocess.run() instead of Popen to await
completion and capture exit code properly
Co-authored-by: Claude Opus 4.6 noreply@anthropic.com
Detailed Changes: v0.1.1...v0.2.0
v0.1.1
v0.1.1 (2026-03-04)
Bug Fixes
- fix: replace deprecated macos-13 runner with macos-14 in build workflow
macos-13 runners have been deprecated by GitHub Actions, causing the Build Python Sidecar job to fail on every PR. Both macOS targets now use macos-14 (Apple Silicon), which supports x86_64 builds via Rosetta.
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
- fix: flaky concurrent reads test and deprecated macos-13 runner
- test_concurrent_reads: use separate IndexDB connections per thread
(WAL concurrent reads require separate connections, not a shared one) - build.yml: replace macos-13 with macos-14 (deprecated runner)
Co-authored-by: Claude Opus 4.6 noreply@anthropic.com
Continuous Integration
Add release.yml workflow triggered on push to main that:
- Runs python-semantic-release v9.15.2 to determine version bumps
from conventional commit messages (feat=minor, fix/perf=patch) - Builds with uv and publishes to PyPI (trusted publishing)
- Creates GitHub releases with changelogs
- Uses ADMIN_TOKEN to push through branch protection
- Skips semantic-release's own commits to prevent infinite loops
Also adds semantic_release config to pyproject.toml with version_toml + version_variables for dual version tracking (pyproject.toml + engine/init.py).
Co-authored-by: Claude Opus 4.6 noreply@anthropic.com
Detailed Changes: v0.1.0...v0.1.1
v0.1.0 — End-to-end engine with CLI
First release
The Python engine is fully functional end-to-end as a standalone CLI. 106 tests pass across all platforms.
Highlights
- Full recording pipeline:
record→scrub→review→uploadvia CLI - 13 CLI commands: record, list, info, scrub, review, approve, dismiss, upload, backends, storage, health, cleanup, config
- PII scrubbing: regex (email/CC/SSN/phone/IP) + Presidio NER fallback
- Egress gating: DB-persisted review state machine — nothing leaves the machine without approval
- Storage management: SQLite index DB, hot/warm/cold tiers, tar.gz archival, automatic cleanup
- Upload backends: S3 (boto3), HuggingFace Hub, Magic Wormhole — all implemented
- Health monitoring: memory (psutil) and disk monitoring with daemon threads
- Audit logging: append-only JSONL log of all network activity
Quick start
git clone https://github.com/OpenAdaptAI/openadapt-desktop.git
cd openadapt-desktop
uv sync
uv run openadapt record --task "Demo task" # Ctrl+C to stop
uv run openadapt listWhat's next
- Pause/resume recording
- Tauri WebView UI
- Tauri IPC wiring (Rust ↔ Python sidecar)
- Native installers (DMG, MSI, AppImage)
See README for full documentation.