Skip to content

Releases: jurgenj136/pushover-cli

v0.1.3 — first supported release

Choose a tag to compare

@github-actions github-actions released this 17 Jul 12:20
v0.1.3
d739286

v0.1.3 is the first supported pre-1.0 release of pushover-cli, an unofficial, outbound-only Pushover Message API client for people, scripts, and explicitly authorised AI agents. Earlier v0.1.0-v0.1.2 releases remain unsupported.

Install

brew install jurgenj136/tap/pushover
go install github.com/jurgenj136/pushover-cli/cmd/pushover@v0.1.3

The portable Agent Skill is discoverable with:

npx --yes skills@1.5.9 add jurgenj136/pushover-cli --skill pushover-cli --yes

Scope

  • Transactional setup, profiles, recipient aliases, native or age-encrypted credential storage, and environment/stdin credentials for automation.
  • Batch sends, devices, priorities, emergency retry/expiry, sounds, timestamps, TTL, URLs, formatting, local or remote image attachments, recipient validation, dry-run, and confirmation.
  • Optional fail-closed end-to-end encryption for message fields.
  • Separate human, schema-versioned JSON, and documented plain TSV output contracts.
  • Deterministic Bash, Zsh, and Fish completion.

Delivery semantics

Every batch is fully validated before its first request. Sends are non-idempotent and each target is attempted at most once. The CLI never automatically retries a send. Timeouts or interrupted responses that may have reached Pushover are reported as ambiguous rather than retried.

Security model

Users supply credentials for their own Pushover account and application. Secrets are kept out of argv, logs, errors, fixtures, and release artifacts. Remote attachments require public HTTPS and use DNS-rebinding, redirect, size, type, and phase-timeout defenses. E2EE is fail-closed with no plaintext fallback. See SECURITY.md for trust boundaries and limitations.

Platforms and provenance

Release archives cover macOS, Linux, and Windows on amd64 and arm64. The release includes checksums.txt, one SPDX JSON SBOM per binary, archive/checksum provenance attestations, and binary/SBOM attestations. Homebrew and archive binaries report the release version, full commit, and build timestamp. Versioned go install reports version 0.1.3; commit and build date remain unknown when Go does not embed them.

Compatibility

This is a pre-1.0 release. The bundled Skill is version 0.1.0 and requires CLI 0.1.0 or newer. Breaking CLI flags, exit codes, TSV columns, or JSON schemas will use semantic-versioning major releases; other compatibility changes may still occur before 1.0.

Verification completed

The signed tag target, exact-SHA CI, GoReleaser snapshot, 13 uploaded assets, checksums, attestations, native archive metadata, public go install, public Skill discovery, Homebrew formula URLs and hashes, tap installation, and brew test were independently verified. No live Pushover send was performed.

v0.1.2 (unsupported)

v0.1.2 (unsupported) Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 17 Jul 11:39
v0.1.2
3f73f44

Unsupported release: do not use this as the first supported pushover-cli release.

The packaged GitHub archives contain correct v0.1.2 version, commit, and build-date metadata. However, the documented go install github.com/jurgenj136/pushover-cli/cmd/pushover@v0.1.2 path reports dev / unknown metadata, which breaks the released installation and skill-compatibility contract. The tag and artifacts are preserved for auditability. This is being fixed forward in v0.1.3.

Changelog

  • 3f73f44 fix(release): inject build metadata

v0.1.1 (unsupported)

v0.1.1 (unsupported) Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 17 Jul 09:59
v0.1.1
fbaa87c

⚠️ Unsupported release candidate: published binaries do not contain the intended version, commit, or build-date metadata. Do not install this release or its former Homebrew formula. Use v0.1.2 or newer once published and verified.

Changelog

  • fbaa87c fix(release): keep Syft outside checkout