embedctl 0.2.0

v0.2.0 — Hardware readiness foundation

This release moves embedctl from the v0.1 local flutter-pi control loop into the v0.2 evidence, agent UX, profiling, and hardware readiness milestone.

Evidence and reviewability

• Added evidence manifest validation with SHA-256 hashes.
• Added NDJSON transcript events for command timelines.
• Added evidence inspect for bundle validation and summary output.
• Added evidence diff for comparing target profile hashes, verdicts, metrics, and artifacts across runs.
• Kept redaction and sensitive-payload handling explicit in bundle metadata.

Plan/apply and transport hardening

• Added saved-plan push, pull, and sync apply execution.
• Added plan hash and target profile hash verification before file-transfer apply.
• Added explicit apply policy gating for file-transfer execution.
• Revalidated remote paths against the install root before mutation.
• Refused overwrite/delete semantics for file-transfer apply.

Bridge and workflow automation

• Added safe bridge snapshot output for agent-readable state scaffolding.
• Added bridge batch planning for replayable flow files.
• Added workflow replay wrapping bridge batch output.
• Added local-first workflow record from explicit seed commands.
• Added release bridge absence proof fields to bridge snapshots so release builds can report declared_disabled, unknown, or non-release applicability separately from QA bridge success.

Logs and runtime debugging

• Added bounded live logs --follow probes for declared systemd service logs.
• Kept log follow read-only and target-policy gated through shell.
• Preserved descriptor-only log output when follow mode is not requested.

Profiling and hardware sizing

• Added launch, steady-state, and frame profiling snapshot commands.
• Added host facts with explicit unknown/unavailable states.
• Added read-only target-side probes for /proc, PSI, cgroup, and thermal facts when target shell policy allows probing.
• Labeled target metric source, status, and confidence instead of estimating missing hardware facts.

Hardware readiness

• Added public-safe hardware-readiness planning notes for real-device smoke, workflow recording, adapter examples, release bridge absence evidence, and target profiling probes.
• Added manual-only local smoke support for private profile based runs.
• Added .embedctl-smoke/ as an ignored local artifact path.
• Added public-safe app-adapter flow template support.
• Kept app routes, domain semantics, raw payload values, private hosts, and serial/device access details out of generic core.

Provider skeletons

• Added read-only provider list and provider doctor skeleton commands.
• Added provider interface documentation for future lab/provider integrations.

Verification

• Local bash scripts/verify.sh passed before release.
• GitHub Actions CI passed for the release commit.
• The Release workflow created tag v0.2.0 and this GitHub Release automatically from the non--dev version.

Follow-up scope

• Interactive bridge-session recording remains follow-up work; current recording is local-first from seed commands.
• Unbounded streaming transport remains follow-up work; current logs --follow is a bounded live probe.
• Provider hardware mutation, power backends, measurement backends, OTA hooks, and lab integrations remain v0.3+ work.
• Future releases should be cut more narrowly as patch releases such as 0.2.1, 0.2.2, and so on instead of bundling many unrelated readiness improvements into one release.