Releases: spearchucker667/Venice_Forge
Release list
v3.0.1-beta
Full Changelog: v3.0.0-beta...v3.0.1-beta
v3.0 beta
Public beta release for Venice Forge 3.0.
v2.1.2
v2.1.1
v2.1.0
Venice Forge v2.1.0
Windows, macOS, and Linux artifacts were produced by the release workflow.
Windows artifacts
These Windows artifacts are available in this draft release:
Venice-Forge-2.1.0-x64-Setup.exeVenice-Forge-2.1.0-x64-Portable.exeVenice-Forge-2.1.0-x64-Setup.exe.blockmaplatest.yml- SHA-256 sidecars for each Windows artifact above
Signing status
Windows signing credentials were not configured in GitHub Actions, so the workflow produced unsigned draft artifacts. Keep this release as a draft until the maintainer accepts unsigned distribution or configures Windows signing credentials and reruns the release workflow.
Validation
GitHub Actions run 27672747741 completed successfully across build-windows, build-macos, build-linux, and publish. The Windows job ran npm run dist:win, generated checksums, and passed npm run verify:dist:win.
Venice Forge v2.0.0
macOS release for Venice Forge v2.0.0. Windows artifacts will be added when the cross-platform build completes.
Venice Forge v1.0.6
What's Changed
Production Media Studio handoffs, derivative lineage, and 29-role semantic theme contract
- Production transient handoffs (VERIFY-040) —
useImageWorkspaceStorenow drives Use settings, Regenerate, Same seed, Remix & Generate, Upscale, and Edit without any dev-onlywindow.__veniceImageStudiobridge. The store is non-persisted and consumes each request exactly once. - Derivative lineage —
upsertDerivativepersists the child, deduplicates the parent'schildrenIds, and rolls back the child if the parent-write fails. Regenerate, Upscale, Edit, Remix, and Background-remove now produce correctly typed derivatives with both directions of the parent ↔ child link. - Model-aware image sizing — 13 width × height pairs and aspect ratios for aspect-only / aspect-resolution models. Seed control covers the full signed range, with a central
clampSeed/randomSeed/serializeSeedhelper. Quality and variants are gated on model capabilities and only emitted when supported. - 29-role semantic theme contract (VERIFY-041) — themes now normalize legacy persisted data, expose complete runtime / bootstrap / Tailwind variables, round-trip full snake_case YAML, and apply semantic roles to global / shared controls. Forge Dracula has WCAG AA pair coverage for text, inputs, buttons, statuses, selection, disabled text, and focus.
Windows path-canonicalization fix
mediaService.tsallowlist bases are now canonicalized throughfs.realpath()before containment comparison. Previously the child path was realpath'd but the allowlist bases were onlypath.resolve()'d, so on Windows CI (C:\Users\RUNNER~1↔C:\Users\runneradmin8.3 short-name mismatches)isWithin()returned false for files that legitimately lived inside the allowed directory. Three call sites updated:importMediaFromPath,revealMediaInFolder,readMediaMeta. Production security posture unchanged — symlink / junction escape protection, null-byte and overlong-path rejection, sibling-traversal rejection, and thePictures/Venice Forgesubfolder requirement are all preserved.
Windows test fixture stability
- The
mediaService.test.tscleanup helpers now delete only the named fixture files, never the parent temp dirs, so therealpathSync'd mock paths stay stable for the entire test run. Added diagnostic messages to everyexpect(result.ok)assertion that includeresult.error, the target path, the mocked temp root, and the mockedapp.getPath('downloads')value, so future CI failures are self-diagnosing.
Internal prompt-enhancer LLM
- New
prompt-enhancer-service.ts(config-driven model, temperature, max tokens, system prompts) honoursinternal_prompt_enhancer.enabledinconfig.yaml. Inspector Enhance / Remix buttons present a review modal and patch the result viaonPatchonly after explicit user approval. Default system prompts affirm safety-guard authority; the model id isvenice-uncensored-1-2.
Character avatars (HTTPS-allowlisted)
resolveCharacterImageUrlreads all known image fields (photoUrl/photo_url/avatar_url/image/image_url/ nested{url}), normalizes relative URLs, and rejects anything outside the Venice-host allowlist (outerface.venice.ai,venice.ai,api.venice.aiover HTTPS only).data:,file:,blob:,javascript:,localhost, and private-IP / loopback / link-local avatars are all blocked at the URL-resolver layer.
Repo hygiene
- Removed
POST_AUDIT_FINDINGS.md,docs/AUDIT_TODO.md,docs/deep-research-report.md(stale duplicates). docs/design/VENICE_UI_EXTRACTION.mdanddocs/design/VENICE_UI_PARITY_REFERENCE.mdgitignored as local-only design-roadmap scratchpads.docs/POST_VENICE_JINA_AUDIT_2026_06_06.mdanddocs/AUDIT_FOLLOWUP_2026_06_05.mdeach gained a "Status: historical, canonical source isdocs/summary_of_work.md" header.verify-markdown-linkshonours root.gitignore(mini-gitignore parser supports anchoring, negation, and globs) — locked byVERIFY-034. This unblocks CI on local-onlydocs/AGENTS/*.mdfiles..github/workflows/ci.ymlgained awindows-sensitive-testsjob (nocontinue-on-error)..github/workflows/release.ymlgained per-job timeouts and a concurrency group.
Misc hardening
- 2 MiB Jina response cap with stream cancellation and normalized 413 failures (VERIFY-039).
- Web-mode Jina keys remain ephemeral and never enter
localStorage/sessionStorage/ IndexedDB (VERIFY-038). - OS-secure configured state enables Venice UI actions without copying the persisted key into renderer memory (VERIFY-037).
- Linux packaging now ships arm64 AppImage + deb + rpm.
- Built artifacts contain no source maps.
Full changelog: v1.0.5...v1.0.6
v1.0.5
v1.0.5 — Characters tab + Local Master YAML Config See CHANGELOG.md for the full list of changes. Highlights: - Characters: new sidebar tab + character chats via venice_parameters.character_slug. - Local Master YAML Config: optional config.yaml / themes.yaml with safeStorage import/redaction; never exposes raw keys to the renderer. - 42 net new tests (881 total, 1 skipped). - 10 regression guards maintained (VERIFY-001..010). - Lint, typecheck, safety-guard, build all green.
v1.0.3
fix(security): resolve checkPathContained returning true on Windows f…
Venice Forge v1.0.2
[1.0.2] — 2026-05-29
Added
- Theme System: Complete token-based theming architecture with 17 semantic CSS variables mapped to Tailwind v4 utilities.
- Built-in themes: Forge Graphite (dark), Forge Daylight (light), Forge Copper (dark).
- ThemeMaker UI in Settings → Appearance with live preview, hex validation, and WCAG AA contrast warnings.
- FOUC-prevention bootstrap cache in
localStorageread by inline script before React mounts. - Canonical theme state persisted in encrypted IndexedDB (
app-settingsrecord). - New source directory
src/theme/with types, built-in palettes, apply logic, and contrast utilities. - New components
ThemeMaker.tsxandThemePreview.tsx.
- Added dual-platform macOS + Windows packaging support.
- Added generated macOS
.icnsapplication icon. - Added cross-platform checksum sidecar generation (
.sha256) for distribution artifacts. - Added cross-platform local testing and release verification scripts.
- Added macOS release workflow (
macos-release.yml) forarm64andx64builds. - Added ESLint configuration (
eslint.config.mjs) with TypeScript-ESLint and React Hooks rules. - Added Vitest coverage reporting via
@vitest/coverage-v8andnpm run test:coverage. - Added GitHub CodeQL security analysis workflow (
.github/workflows/codeql.yml). - Added
npm run lint:eslintscript for static analysis. - Added README release ribbon and badges for CI, Windows release, latest GitHub release, license, Node support, TypeScript strict mode, Electron, and Venice API.
- Added
docs/REPOSITORY_TREE.mdwith a public repository map and segment ownership notes. - Added
docs/LEGAL.mdwith Venice.ai TOS/privacy/API links, affiliation notice, API key handling notes, and release disclaimers. - Added root
SECURITY.md,SUPPORT.md, GitHub issue templates, pull request template, and Dependabot configuration. - Added
docs/Venice_swagger_api.yamlanddocs/venice_llm_info.mdas the canonical API reference used for alignment work.
Changed
- Refactored
verify-distto support both Windows and macOS file validations. secureStore.tsstrictly enforces macOS Keychain encryption exactly like Windows DPAPI.- Updated all supporting documentation to match the current app status and public release process.
- CI workflow now uses
npm ci --prefer-offlinefor slightly faster installs and reproducibility. - Windows release workflow now generates and uploads SHA-256 checksum sidecar files for
.exeartifacts. - Updated
metadata.jsonto describe Venice Forge instead of the previous empty/generated metadata. readDesktopErrorBody(src/services/veniceClient.ts) andreadResponseError(electron/services/veniceClient.ts) both now correctly parse VeniceDetailedError(Zod format:{ details: { _errors, fieldName: { _errors } } }) — previously fell through to "Unknown Venice API error" for all schema-validation failures.- Diagnostic dispatch deduplication: failed Venice requests now emit exactly one
SET_DIAGNOSTICSentry with the resolved error message. Previously, each failure emitted two entries — an initial empty-error entry and a second entry with the error — causing duplicate rows in the Status log. - Web-mode diagnostics parity: non-2xx responses in the web transport now parse Venice
DetailedErrorconsistently and avoid catch-path duplicate diagnostics once an HTTP diagnostics entry has already been emitted.
Fixed
- CI:
.github/workflows/windows-release.ymlreferenced non-existentactions/checkout@v6andactions/setup-node@v6. Downgraded to@v4to match the latest published action versions and restore the release pipeline. - Test:
src/services/desktopBridge.test.tsfailed withReferenceError: indexedDB is not definedbecausevi.stubGlobal("window", {})stripped the fake-indexeddb instance from jsdom. The test now stubswindowwith{ indexedDB: global.indexedDB }so theisConfigured()path can open the fake database. - BUG-003: Settings auto-save had no debounce — rapid changes could race and persist out-of-order state. Added a 500 ms debounce to the save effect.
- BUG-004: IndexedDB init failure still marked
dbReady=true, causing later writes to a broken database. Only setsdbReady/settingsHydratedon successful init. - BUG-005:
SET_CHAT_DRAFT,SET_IMAGE_DRAFT,SET_BATCH_DRAFTreducers crashed onnull/undefinedpatch. Added truthy guard beforeObject.assign. - BUG-006:
dedupeKeythrew unhandledTypeErroron circular request bodies. WrappedJSON.stringifyin try/catch with"[circular]"fallback. - BUG-007: Import loops over stores sequentially with
awaitinsidefor…of. Store writes are now parallelised viaPromise.all. - BUG-008: Rate-limit
reqCountsMap grew unbounded under multi-IP traffic. Added a 10,000-entry cap with FIFO eviction. - BUG-010: Raw
console.error/console.warncalls left in production renderer and server paths (17 occurrences). Replaced with conditional shared logger (src/shared/logger.ts). - BUG-011:
AbortSignal.any/AbortSignal.timeoutmay throw in older runtimes. AddedcreateTimeoutSignal()helper with manual fallback. - BUG-013:
veniceFetchdeduplication map could leak promises on abrupt navigation. Addedbeforeunloadlistener that clearsinFlight. - BUG-018:
veniceFetchDesktopassertedmethod as "GET" | "POST"instead of narrowing. Method parameter now typed as"GET" | "POST". - BUG-019:
veniceFetch<T = any>disabled TypeScript inference. Generic default changed fromanytounknown. - BUG-022: Log rotation overwrote the single backup file. Implemented 3-file rotation ring (
.1,.2,.3). - BUG-023:
catch (err: any)used in 8+ production files — loose error typing masked safety. Replaced withcatch (err)and runtime guards (err instanceof Error). - BUG-028:
sleepignored already-aborted signals, allowing stale timeouts to proceed. Now rejects immediately ifsignal.abortedbefore setting timeout. - BUG-029:
modelServiceswallowedlocalStoragewrite failures silently. Empty catch now warns via shared logger. - BUG-030:
byteLengthusednew Blob([value]).size— slow for large strings. Replaced withnew TextEncoder().encode(value).length. - BUG-036:
SettingsModulePropsusedstate: any, dispatch: any. Now typed withAppStateandAppDispatch. - BUG-037:
desktopUpdatescallbacks typed as(info: unknown)/(progress: unknown). Now useUpdateInfoandProgressInfofromelectron-updater. - BUG-040:
normalizeWebSearchSettingdid not warn on invalid input. Now logs a warning when coercion happens. - BUG-042:
isAllowedAppNavigationusedpath.normalizewithout symlink resolution. Addedfs.realpathSyncwith try/catch for both target and root paths. - BUG-043:
verify-dist-mac.cjsartifact name pattern did not matchelectron-builderdefault zip naming. Addedzip.artifactNametoelectron-builder.config.cjsto align naming. - BUG-044:
BatchDraftinterface had wrong fields (prompts,model,systemPromptinstead ofpromptsText). Fixed type to match actual runtime state; removed inline cast inBatchModule. - BUG-045:
cryptoService.keyPromiserejection was never cleared, causing permanent cache miss on any key-init failure. Added.catchhandler to reset latch and allow retry. - BUG-046: IPC
endpoint.searchquery string was forwarded without length cap, allowing pathological renderer inputs. Added 512-byte limit before building the return value. - BUG-047: Web-mode export
URL.revokeObjectURLwas called synchronously aftera.click(), causing race where download failed before browser processed the blob. Deferred revocation by 1 second. - BUG-048: Circuit breaker
circuitFailurescounter never reset whencircuitOpenUntiltimeout expired. Half-open reset now clears bothcircuitFailuresandcircuitOpenUntilon recovery window re-entry. - BUG-049:
setIntervalfor rate-limit map cleanup leaked on eachcreateServerApp()call in tests. Stored interval ID and exposedcleanupIntervals()method on returnedappobject. - BUG-050:
AppSettings.apiKeyfield declared in type but never written bySET_SETTINGSreducer, leading to misleading type surface. Removed unused field. - BUG-021:
StorageServiceandcryptoServiceexposedanyin public APIs (4 occurrences). AddedEncryptedPayloadandKeyRecordtypes; replacedanywith proper generics ingetOrCreateKey,encryptData<T>,decryptData<T>, and sort comparator. - BUG-020:
appReducerand model helpers usedanyparameters and return types, causing 16+ ESLint warnings and masking type safety across the state layer. Replaced allanywith narrow types:classifyModel(model: ModelInfo),flattenModels(payload: unknown),withFallbackModels(groups: Record<string, ModelInfo[]>), and explicitAppStateinterface. Broke the circular type dependency betweenappReducer.tsandtypes/app.tsby extractingAppStateinto a standalone interface. AddedChatHistoryItemtype for stored chat records. - BUG-042 follow-up: Added
electron/main.test.tswith 7 unit tests for symlink traversal blocking, path traversal, and containment checks. ExtractedcheckPathContained()intoelectron/utils/navigation.tsfor testability without loading Electron APIs. - SEC-R001: Added
'unsafe-inline'to productionscript-srcCSP to accommodate the inline theme bootstrap script inindex.html. - SEC-R002: Added auditable
logInfoentry whenVENICE_FORGE_DEBUG_DEVTOOLS=trueis detected in production. - THEME-R004: Added
isValidTheme()validation inexportImport.tsto sanitize malformed custom themes tonullon import. FixedredactSecretseagerly replacingtokenskey inside theme objects. Added export/import round-trip tests for custom themes. - THEME-R006: Added `prefers-co...