FirstCall v0.2.1

FirstCall v0.2.1 adds a verifiable desktop GUI launch path and refreshes the public demos from the released Windows archive.

Highlights:

• Desktop GUI now supports --data-dir, --config-dir, --screen, and --sample for repeatable validation and demos.
• README now includes both CLI/MCP and desktop GUI demos.
• The former non-goal framing was replaced with positive support-boundary documentation.
• Package/runtime hardening from v0.2.0 remains: body-kind preservation, request fingerprint recomputation, stricter package validation, generated MCP stdio roundtrip in CI, and release archive checks.

Verification performed for this release:

• GitHub Actions CI passed on Windows, Linux, and macOS.
• CLI lifecycle, Loopback verify, Security audit, and Release binaries workflows passed.
• The Windows v0.2.1 release zip was downloaded locally and checked against SHA256SUMS.txt.
• The downloaded firstcall.exe reported firstcall 0.2.1 and accepted the GUI validation flags.
• The downloaded firstcall-cli.exe reported firstcall-cli 0.2.1.
• The downloaded CLI verified GitHub GET /user with HTTP 200, exported a package, inspected it as ready, installed generated MCP dependencies, built the TypeScript server, and called the generated MCP tool successfully over stdio.
• The downloaded GUI was launched against an isolated SQLite store created by the downloaded CLI, captured showing sample request parsing and recipe storage rendering, and used to refresh the README GUI GIF.

Download the archive for your OS, extract it, and run:

• firstcall --screen new --sample curl for the desktop GUI workbench.
• firstcall-cli version for the automation CLI.

CLI verification remains environment-first. Do not put real secrets in command history, scripts, or exported artifacts.

FirstCall v0.2.0

FirstCall v0.2.0 hardens the agent-package path from verified HTTP request to generated MCP server.

Highlights:

• Preserves imported body kinds (none, json, text, form, multipart) in agent packages.
• Recomputes request fingerprints during package inspection/import readiness checks.
• Validates generated package metadata more strictly before import.
• Adds a real generated MCP stdio roundtrip to the CLI lifecycle workflow.
• Adds release-archive checks that extract each uploaded package and run the packaged CLI.
• Shortens the README and refreshes the main demo GIF from a downloaded v0.2.0 Windows release asset.

Verification performed for this release:

• GitHub Actions CI passed on Windows, Linux, and macOS.
• Security audit passed.
• CLI lifecycle passed with npm install, npm run build, and a generated MCP tool call.
• The Windows release zip was downloaded locally, checked against SHA256SUMS.txt, extracted, and used to verify GitHub GET /user, package the verified recipe, build the generated MCP server, and call it successfully over stdio.

Download the archive for your OS, extract it, and run:

• firstcall for the desktop GUI workbench.
• firstcall-cli version for the automation CLI.

CLI verification remains environment-first. Do not put real secrets in command history, scripts, or exported artifacts.

FirstCall v0.1.0

FirstCall v0.1.0

FirstCall is a Rust 2024 local-first verified API recipe workbench for turning request sources into verified, reusable recipes and redacted agent-ready API tool packages.

Highlights

• Desktop GUI workbench for request-source intake, parser notes, draft candidate review, runtime slot/auth entry, local execution, attempts, recipes, and settings.
• firstcall-cli automation surface for verify, package, validate-package, inspect-package, import-package, recipe-list, recipe-show, and JSON reports.
• Static source adapters for curl, docs, OpenAPI, Postman Collection, HAR, .http / .rest, Hurl, Bruno/OpenCollection, and GraphQL-over-HTTP JSON body detection.
• OpenAPI local relative JSON/YAML $ref support with safe handling for remote refs, cycles, depth limits, malformed files, and resolver-root boundaries.
• Redacted agent package export with manifest validation, inspect-gated import, and storage-backed re-verification.
• Optional MCP compile smoke through validate-package --mcp-compile-smoke.
• Optional native keyring backend for GUI credential UX, with session-memory fallback.
• Desktop feature split: default builds include the GUI, while firstcall-cli supports --no-default-features CLI-only builds.
• Native save dialogs for GUI Markdown/JSON recipe exports.
• CI coverage for cross-platform builds, CLI-only builds, security audit, and local loopback lifecycle verification.

Safety Boundaries

• Local-first only: no cloud backend or marketplace.
• CLI verification remains environment-first and does not read GUI keyring/session-memory secrets.
• Imported scripts/tests/runtime hooks from source tools are not executed.
• Remote OpenAPI refs are not fetched.
• Generated mcp-server/ files are package artifacts, not import source of truth.
• Raw secrets are not intentionally written to SQLite, exports, package files, logs, CLI reports, recipe-list, or recipe-show output.
• Mutating HTTP methods require the existing --allow-mutating guard.

Validation

This release is expected to pass:

• cargo fmt --all -- --check
• cargo clippy --all-targets --all-features -- -D warnings
• cargo test --locked
• cargo build --locked
• cargo build --locked --bin firstcall-cli --no-default-features
• cargo build --locked --features "desktop native-keyring"