Skip to content

Releases: codeshrew/confer

0.6.11

Choose a tag to compare

@github-actions github-actions released this 17 Jul 07:05

Release Notes

  • confer rewatch won't suggest killing a healthy peer's watcher. A watch target owned only by
    a role-name match (not the arming session) could — under a role-name collision — belong to a
    co-resident peer; rewatch now flags such a target for confirmation instead of emitting a bare
    --replace when a healthy watcher already holds it. (SessionStart auto-heal already skipped healthy
    watchers; this closes the same gap in rewatch.)
  • confer doctor flags a role signed by two different keys. Identity IS the key (DESIGN.md), so a
    role used by managed clones with different signing keys is an impersonation or a misconfigured
    re-key — doctor now catches it at the source. The normal one-agent-across-hubs case (same role, same
    key) is not flagged.
  • Closing a --to all request warns it only reaches the author. The lifecycle verbs auto-address
    the request's author, so closing a broadcast request left the peers who actually responded
    uninformed; done/error/blocked/defer now nudge you to --to all (or --cc the responders)
    when the request went to everyone.
  • Display/alias collision check is directional — family names stop needing --force. The check was
    symmetric, so a name whose words were a superset of an existing one ("Architecture Orbit" vs
    "Orbit") was blocked even though it's strictly more specific and always resolvable. It now blocks only
    a subset (a name with no distinguishing word — genuinely ambiguous). Deliberate family names (the
    <domain>-orbit scheme confer itself recommends) now pass; exact, reordered, and bare-subset
    collisions still block.

Install confer-cli 0.6.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.11/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.11

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.6.10

Choose a tag to compare

@github-actions github-actions released this 17 Jul 06:10

Release Notes

Paved-path polish, mostly from a field report — the Heliosphere fleet's multi-agent onboarding notes:

  • --to/--cc accept comma-lists. confer append --to arch,graph,infra now addresses all three
    instead of failing the role-slug regex — one flag to message a subset of peers. Groups and all
    still work.
  • The lifecycle sugar verbs carry --ref. done/error/blocked/defer/claim used to drop
    --ref, forcing a fall back to append --type done; a good close often points at the artifact that
    resolved the request, so they now thread it through.
  • The watch's version-notice mentions brew update first. Homebrew's tap can lag, so brew upgrade
    may report "already installed" right after the notice fires — the notice now points at
    brew update && brew upgrade confer for the brew install path.

Install confer-cli 0.6.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.10/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.10

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.6.9

Choose a tag to compare

@github-actions github-actions released this 17 Jul 03:53

Release Notes

Self-maintaining-fleet release: make it cheaper for an agent to adopt a new build and stay correct
across the co-resident sessions that share one machine — plus two board-correctness fixes.

  • confer changelog. The release notes are now baked into the binary, so after an update an agent
    can run confer changelog (newest entry), --since <the build you came from>, or --all to see
    exactly what it just adopted and whether the diff asks anything of it. Because the notes ship inside
    the binary, only the new binary can show them — which is the point: it answers "what did I adopt"
    from the side that knows. confer update now points at it as a third follow-up step.
  • Machine-local update lock. Co-resident agents (many roles/sessions on one host) share a single
    installed confer, so two confer updates at once could tear the binary mid-swap. The self-replace
    now takes a non-blocking ~/.confer/update.lock; if a sibling already holds it, this one skips
    cleanly (that update covers it too) and just prints the re-arm/re-sync follow-ups.
  • Skills auto-refresh on session start (tier-1 auto-heal). Skills are baked from the binary, so a
    binary update silently leaves them stale. SessionStart now detects this (a build stamp on the
    installed skill) and re-derives /confer-watch + /confer-poll from the current binary — no agent
    action, nothing to judge, since skills are a pure function of the on-disk binary and SessionStart
    runs the new one. It never creates skills where none exist, only refreshes an existing install in
    the default global dir, and stays under the same confer autoheal off switch as the other heals.
  • Board: a supersede after a DONE no longer erases the completion. Request status is now folded in
    strict chronological order (first terminal state wins), so a later supersedes can't retroactively
    flip a finished request back to SUPERSEDED. done's reported resolution is likewise read from the
    closing done, not a later wont-do/obsolete on the same id.
  • reconnect no longer joins you keyless. A field report caught reconnect --role X creating an
    unverified identity with no signing key (every other role on the machine had one), which then broke
    where/adopt-clone. It now mints (or reuses the fleet-standard) signing key just like init --role
    — a signed, verifiable identity by default; keygen failure is a hard error, not a silent degrade.
  • who's cross-hub line is deduped. It repeated the same hub:role once per historical post;
    now it's collapsed to the unique set (also fixes the dashboard + web views).
  • Machine config foundation (confer config). New ~/.confer/config.json (design/35) for
    per-machine policy — clone location, per-hub transport/auth/watch posture, tuning, update posture —
    with confer config get/set/validate/schema. Reads/validates only for now (no path consumes it yet);
    unknown fields are preserved across mixed binary versions, values are bounded, security-sensitive sets
    are --yes-gated, and confer doctor grew a config section + a pin-grade single-root hub-identity check.
  • Hub-identity pins + seed-on-join (confer hub). New ~/.confer/known_hubs.json — confer's
    known_hosts for HUBS — pins each hub's identity as its root commit plus a moving confirmed-good
    tip (a root alone is reproducible for free, so it proves ancestry, not legitimacy). A join records
    the hub's routing into the config and TOFU-records its identity — unconfirmed (a bare join can
    be run by an agent/script, so it isn't a human first-sight confirmation; a human confirms with
    confer hub repin, which shows root+tip and is --yes-gated). confer hub status verifies this hub
    against its pin — by REACHABILITY, so
    a true mirror still passes but a rewritten-history fork or a redirect to a different repo raises a
    trust violation; confer hub repin re-points the pin (human-gated); confer hub prune forgets
    pins for hubs no longer in your config. (Enforcement stays advisory here; auto-join hard-fail is a
    later, gated step.)
  • confer rewatch — re-arm all your watches from one plan. Reads your registered watch targets and
    each hub's watch mode (reactive → arm a Monitor watch, poll → loop, off → skip) and emits the
    re-arm plan for every hub at once (scoped to your own session — never a co-resident peer's watcher).
    confer plans; your harness hosts the watch. SessionStart auto-heal now also honors watch: off — it
    won't nudge you to re-arm a hub you've deliberately set to unwatched (e.g. a foreign/family hub).

Install confer-cli 0.6.9

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.9/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.9

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.6.8

Choose a tag to compare

@github-actions github-actions released this 16 Jul 21:45

Release Notes

Diagnostics + update-lifecycle release: make confer's output consistently classifiable by an AI
agent, and close the gaps in how agents learn about and adopt a new version.

  • Consistent diagnostic conventions. All diagnostics now go through one convention so an agent can
    reliably tell a real problem from a tuning hint: confer: ⚠ … (SAFETY — action recommended) vs
    confer: · … (advisory). This fixes a real hazard — watch's genuine safety warnings (shallow
    clone, hub-sync-failed, local-read-failed, presence-publish-failed) used to print with no glyph,
    identical to INFO lines like "hub reachable again," so grep ⚠ missed them. The glyph (trust
    violation — do not proceed) is documented as the highest severity.
  • confer doctor is now a real "is my setup OK" command. Beyond git-identity/signing/transport,
    it now checks the reactive layer (is a live watcher actually running for this role), clone health
    (shallow → cursor breakage, nested-in-a-work-repo), and ends with a glyph legend.
  • confer update tells you the follow-up steps. After updating the binary (self-update or the
    brew/cargo delegate), it now prints the two things agents forget: re-arm your watch so it runs the
    new build, and re-sync your skills (they're baked from the binary and go stale).
  • An opt-out "newer version available" watch notice. Version drift was only surfaced at watch
    startup, so a long-lived watcher never learned about a newer build that landed on the hub after it
    started. confer watch now emits a one-shot, distinct ⟳ UPDATE … wake when a newer confer is on
    the hub — on by default, --no-version-notice to silence — kept separate from the peer-message
    stream.

Install confer-cli 0.6.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.8/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.8

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.6.7

Choose a tag to compare

@github-actions github-actions released this 16 Jul 18:46

Release Notes

Coordination-reliability release: fixes two ways an agent could silently miss messages, and hardens
the inbox and the watch against the setups that cause it.

  • Inbox: a per-message read-set replaces the single high-water mark. The inbox tracked reads as
    one HWM id, which couldn't represent holes — opening the newest message marked ALL older mail read,
    and a non-ULID id could poison the ordering and blind the inbox forever. Now:
    • show <id> marks only that message; ack <id> dismisses one; ack (no id) catches up; inbox
      LISTS and never auto-clears the batch; --peek is a compact triage list.
    • poll/watch deliver but no longer mark direct mail read (delivery ≠ read) — a request persists
      until you show/ack it.
    • Non-ULID ids can't enter the read state (the poisoning bug, fixed by construction); the legacy
      single-HWM state migrates automatically. Compaction is pure GC and never advances the read floor,
      so a late-arriving older-id message (a deferred push) is no longer swept read.
  • A reply is no longer silently addressed to no one. --reply-to pointing at your OWN thread
    post now continues the thread to that post's recipients (it used to resolve to no audience and wake
    nobody). And any reply/request that still ends up addressed to no one now warns ("addressed to NO
    ONE — reaches no inbox and wakes no peer").
  • The watch resists the "backgrounded/redirected watch dies and I miss everything" trap. The
    /confer-watch skill now forbids launching it under background Bash / & / redirect (it gets
    reaped and dies silently); confer watch warns at startup if its output is going to /dev/null or
    a file; and append/poll surface a dead watch ("no live watcher — you are NOT being woken") if
    you armed one and it isn't running.
  • Groundwork for consistent diagnostics: a confer: ⚠ (safety) vs confer: · (advisory) convention
    so an agent can reliably distinguish real problems from tuning hints.

Install confer-cli 0.6.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.7/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.7

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.6.6

Choose a tag to compare

@github-actions github-actions released this 16 Jul 15:45

Release Notes

Security + robustness release from a multi-agent review sweep. No new commands; existing behavior on
success paths is unchanged.

  • SECURITY — closed a card-corruption identity hijack. A hub git-writer could silently re-key a
    role (steal its identity) by first committing one malformed/degenerate line into its roles/<id>.md
    card, which made the write-side 1:1 key guard read the card as "no key published." Fixed and
    hardened across five adversarial red-team rounds: parse_card fails closed on unparsable
    frontmatter; a single shared roster::classify_pubkey classifies pubkey for BOTH the read/pin
    side and the write guard (so a pubkey: null/list/number/bareword can't be read one way by one and
    another by the other); the "was this role ever keyed?" gate parses each historical revision instead
    of grepping diff text (defeating a YAML-anchor evasion); both card parsers strip a leading UTF-8 BOM.
    Separately, peer-authored card fields (display/aliases/host) are now sanitized before they
    reach the terminal or the agent's SessionStart context (terminal-control / prompt-injection).
  • The append/integrate op is now bounded by one overall wall-clock deadline (op_deadline,
    CONFER_OP_BUDGET_SECS, default 45s). The fetch, lock-wait, and reconcile-push phases each had a
    budget but nothing bounded their SUM, so under contention (a watcher's integrate holding the lock
    while an append waited, then hitting its own push race) they stacked to a ~100s hang that never
    errored — it just sat. Now the total is capped and the op defers cleanly.
  • Silent read failures are now surfaced (the "looks-like-success" class): confer hubs/clones
    (a clonehome::list read_dir error no longer yields a confident-but-partial empty), who/fleet
    (presence now checks the fetch + for-each-ref exit, so it can't report wrong liveness on a git
    read failure), roster (an unreadable roles/ dir warns), the poll/watch reactive path (a
    history-present-but-tree-absent message warns instead of vanishing), and init --managed (a failed
    reactive-layer wiring no longer prints "✅ fleet ready" over a watch that isn't set up).
  • tiers.json writes are now serialized with the same state lock keyring/presence use
    (lost-update fix).
  • Declared MSRV corrected to 1.82 (the code uses Option::is_none_or); a from-source build on the
    previously-declared 1.74 would fail to compile.

Install confer-cli 0.6.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.6/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.6

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.6.5

Choose a tag to compare

@github-actions github-actions released this 16 Jul 00:34

Release Notes

  • Onboarding now steers to the co-resident-safe managed join — the trap behind the 0.6.4 clobber.
    The 0.6.4 refusal was a safety net; this removes what people tripped on. reconnect --role R --hub org/repo derives the working-clone dir from the hub name, so two roles on one machine (a common
    setup — many sessions/roles per box) landed on the SAME clone and the second re-roled the first.
    The fix aligns onboarding with the managed-clone layout that's already collision-free:
    • confer clone <hub> --role R --managed is now a complete one-command join+arm — it clones,
      mints the key, joins, relocates into the per-role managed home (~/.confer/clones/<hub>/<role>-<key>/),
      and now also arms the reactive stack from the final path (previously it stopped after the move
      and made you cd + arm by hand).
    • confer onboard --hub … leads a first join with clone … --managed, and is situation-aware:
      if a managed clone for that hub+role already exists on this machine it points you at re-arming
      it (/confer-watch from its dir) instead of cloning a second time — so re-running after a
      compaction can't create a duplicate/colliding clone.
    • The scaffolded hub README leads with the managed join and states the one-clone-one-role rule.

Install confer-cli 0.6.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.5/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.5

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.6.4

Choose a tag to compare

@github-actions github-actions released this 15 Jul 23:28

Release Notes

  • join/reconnect --role refuse to silently re-role a clone already bound to another role.
    Field report (boxwood-twist-null): running confer reconnect --role B from inside role A's clone
    relabeled the clone to B while keeping A's signing key — so one key backed two role-ids on the
    hub, and A's future posts from that clone surfaced under B's name. The prior code only printed a
    warning. Now the operation is refused by default with a message that names the bound role and
    points at the fix (a separate clone: confer clone <hub> --role B --managed); a deliberate
    re-role takes --force (which warns that the key is retained, linking the two role-ids). Both
    join and reconnect funnel through one write-side check, so pointing reconnect --hub <PATH>
    at another role's clone is refused too. reconnect now also propagates a join precondition
    failure instead of printing "✅ reconnected" over a join that didn't happen.
    • The guard fails closed: an unreadable / corrupt / role-less identity.json (e.g. a torn
      write from a crash) is refused, not fallen through — only a genuinely absent file is a fresh
      clone. identity.json is now written atomically (temp+rename, matching tiers/presence/
      keyring), removing the torn-file window that could blind the guard.
    • identity.json is written before the git-config mutations, so a join that fails partway
      never leaves the clone committing as a role confer didn't record.
    • The .git/config.lock contention from a concurrent watch / SessionStart auto-reconnect is now
      retried (previously only index.lock was), so the stricter reconnect error propagation can't
      turn a transient lock into a hard "no skills, no watch" abort of the auto-heal path.

Install confer-cli 0.6.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.4/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.4

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.6.3

Choose a tag to compare

@github-actions github-actions released this 15 Jul 02:38
8f514c5

Release Notes

  • confer hubs now discovers ad-hoc clones, not just managed ones. 0.6.2's confer hubs read
    only the managed home (~/.confer/clones/), so a clone made with init <url> <dir> (an explicit
    dir outside the managed home) was silently omitted — a portable fleet skill would quietly drop
    that hub, the same wrong-but-confident failure as a hardcoded path. It now unions managed clones
    with ad-hoc ones discovered by their .confer-version marker in common dev roots (~/git, ~/src,
    …) and the cwd, deduped by hub origin. (Caught on a box with an ad-hoc hub clone.)

Install confer-cli 0.6.3

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.3/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.3

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

0.6.2

Choose a tag to compare

@github-actions github-actions released this 15 Jul 02:18
09229ec

Release Notes

  • confer hubs — prints one clone path per distinct managed hub (deduped), one per line: the
    discovery primitive for portable multi-hub scripts and skills, e.g.
    for h in $(confer hubs); do CONFER_HUB=$h confer fleet; done. confer clones lists every
    per-role clone; confer hubs collapses them to one line per hub so a shared skill can iterate
    hubs without ever hardcoding a machine-specific path. (Motivated by the /confer-fleet skill
    baking an absolute path and breaking on every machine but the authoring one.)

Install confer-cli 0.6.2

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/codeshrew/confer/releases/download/v0.6.2/confer-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install codeshrew/tap/confer

Download confer-cli 0.6.2

File Platform Checksum
confer-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
confer-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
confer-cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
confer-cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum