Skip to content

Releases: udhawan97/Golavo

v0.15.0

Choose a tag to compare

@github-actions github-actions released this 17 Jul 03:19

Golavo v0.15.0 — One home for each rule

Golavo 0.15.0 changes no forecast, no source boundary, and no seal. It changes where the
app's rules live. Three of them had drifted into being kept in several places at once,
and each copy was one edit away from disagreeing with the others. Every committed sample
artifact reproduces byte-for-byte on this release, which is the evidence that the engine
underneath is untouched.

This is a release for the codebase's future, not for this week's page.

Why an architecture release

The most important promise Golavo makes is that a forecast never sees the future. Until
now, the app kept that promise in four places.

The rule is: train on everything before kickoff - 1s, from this fixture's own source,
never the fixture's own row, and fail closed if a later row survives. The guard that
enforces the last part was always central and always machine-checked. But the cutoff was
derived independently in the match analysis, the retrospective, the seal path, and the
evaluation folds — and the scoping half existed twice, character for character, in the
server's analysis path and in the core retrospective. Nothing checked that the two copies
agreed. A comment in one of them said it matched "the app's own on-demand path" and named
the other file; that promise was the only thing holding them together.

That class of leak has already bitten this project three times in a single day, always the
same way: stale data hid the problem, and fresh data woke it up.

Now there is one module. leak_safe_training_view returns a fixture's training history and
the instant it was cut off at, and the four facts are inseparable inside it — you cannot
get the rows without the cutoff, or the cutoff without the scoping, or either without the
guard having run. The seal path calls the same module and only tightens the boundary
(min(as_of, kickoff - 1s)), never loosens it.

What else moved

Cached reads. Six surfaces each hand-rolled the same dance: retry across a data
refresh, key a private cache, re-check the snapshot before trusting a hit, stamp the
provenance. Worse, the base module hardcoded the names of the modules caching on top of
it in order to invalidate them — so a seventh cached read would be invalidated only if
somebody remembered to add it to a tuple, and if they forgot, the app would serve a retired
data generation after a refresh and look exactly like it was working. Readers now register
themselves. Forgetting is no longer possible.

Background jobs. The retrospective borrowed the AI read's job store, which meant a
football backtest reported "Assembling the evidence" until the endpoint stamped over it,
and the UI minted an AI job id and rewrote its prefix with a regular expression. Each kind
of work now declares its own stages and its own id space.

The trust table. The retrospective's skill fold scores five model families; the
backtest offers four, dropping bivariate Poisson because it is numerically identical to
independent Poisson and would imply two opinions where there is one. The React view knew
that rule too, and re-applied it. If either side had changed, the page's two tables would
have quietly contradicted each other. The sidecar now sends the four voices and names what
it dropped.

What you will notice

Almost nothing, which is the point.

  • The retrospective's trust table is unchanged on screen, but the API now sends four
    families rather than five and names the omitted one in a new omitted_families field.
    Anything reading trust.models for a five-family list should read omitted_families.
  • The retrospective's job routes now accept only their own lane's job ids. A job id from
    the AI lane submitted to the retrospective's start or cancel route returns 400 where it
    was previously accepted and acted on. Golavo's own UI has always minted the right id, so
    this only affects a client that hand-rolled one.
  • Competition analytics is cached per minute rather than recomputed per request.
  • Sealed forecasts, replays, outlooks, and evaluation folds are unchanged.

Verification

  • 808 Python tests and 177 UI tests pass.
  • The 8 committed sample artifacts (sealed, scored, abstained, voided) validate unchanged —
    the seal engine now runs through the shared leak-safe view and produces identical bytes.
  • Provenance, source-registry, license-isolation, correction-isolation, research-isolation
    and context-pack validators all pass.
  • New machine-checked guards: the leak-safe view's cutoff, scoping and self-exclusion; the
    snapshot reader's staleness and self-registration (every shipped cached read is named);
    each job lane's stage vocabulary; that two concurrent retrospective runs cannot cross
    their packs; and that the client's contract types cannot drift from the frozen schema.

v0.14.2

Choose a tag to compare

@github-actions github-actions released this 17 Jul 01:34

Golavo v0.14.2 — The final, a leak closed, the tournament looked back on

Golavo 0.14.2 brings the 2026 World Cup final into the app, closes a training-data leak
that the tournament's own exact kickoff times made reachable, and adds a retrospective
that backtests every played match of the tournament. The source rules, the model-input
boundary, and the seal→score loop are unchanged.

Forecasts no longer train on the future

This is the reason to update.

Training rows were selected by calendar date. A date is not a time, so every fixture
on a day looked simultaneous: a result from 20:00 could inform a forecast for a match
that kicked off at 00:30 that morning. The leakage guard compared the same dates, so it
could not see the problem it existed to catch.

  • What changes for you: Match Cockpit replays on days with several matches will show
    different probabilities than 0.14.1. That is the fix, not a regression — those replays
    were using information that did not exist yet.
  • What does not change: sealed forecasts were never affected. A match played later
    the same day is not complete when a seal is written, so it was already excluded.
    Historical backtests cut on day boundaries and are unchanged.
  • Why now: almost every row in the index is a midnight date stand-in, and midnight is
    never later than midnight — so date ordering was accidentally correct until real kickoff
    times arrived. Of the 92 completed matches carrying a true kickoff, 55 were affected,
    and all 55 are 2026 World Cup matches.

The World Cup outlook had a related fault: it treated a semifinal as decided whenever the
snapshot carried a result, without asking whether that match had kicked off at the cutoff
being requested. Asking about an earlier moment could return a later match's winner as
settled fact.

The final is in the app

  • Spain v Argentina, 19 July, 19:00 UTC, and the third-place match, France v England,
    18 July, 21:00 UTC — both with exact kickoff times, so the seal window stays open until
    the whistle instead of closing at midnight the night before.
  • Both semifinals now carry their results: France 0-2 Spain, England 1-2 Argentina.

A retrospective of the tournament

New in Model Lab → World Cup 2026 retrospective.

It replays every played match of the tournament at that match's own pre-kickoff cutoff —
the same cutoff a seal uses — and ranks them by how surprised the goal model was. Beside
it sits the tournament's evaluation fold, answering a different question with a different
cutoff: did the models have skill at all, judged from outside the tournament.

Every number on the page is a backtest, not a record. Nothing there was called in
advance by anyone; nothing is persisted or scored as a seal. The page says so, because a
backtest sitting alone is easy to mistake for a track record.

  • Computed on demand from your active data — a few minutes, with real progress and a
    cancel button — then cached until that data changes.
  • Rows whose training data includes a same-day date-proxy kickoff are marked. Their
    ordering within the day cannot be proven, and the page says that rather than implying a
    precision it does not have.

Unchanged

Installers remain OS-unsigned. The deterministic engine, source registry, licence
isolation, and the display-only OpenLigaDB overlay boundary are untouched.

v0.14.1

Choose a tag to compare

@github-actions github-actions released this 16 Jul 19:00

Golavo v0.14.1 — Live results, cleaner context

Golavo 0.14.1 fixes the installed-app refresh path that could leave completed picks
unsettled, then reshapes Match Conditions into a calmer, more scannable read. The
deterministic forecast engine, source rules, and model-input boundary are unchanged.

Results now reach Pick History

  • Packaged HTTPS refresh works: the frozen sidecar now ships and uses an explicit
    CA trust bundle instead of inheriting a build-machine OpenSSL path that does not
    exist on another Mac.
  • Completed evidence stays append-only: an upstream file can remove an old result
    without erasing the already verified local result. Refresh metadata records the base
    index hash and every retained completed match.
  • Fixture identities survive harmless corrections: unique international fixtures
    keep their local match id when an upstream venue label changes, so picks and follows
    do not lose their match reference.
  • Safety checks still fail closed: changed completed scores remain blocked, while
    equivalent duplicate completed rows may be consolidated safely.
  • The UI follows the active generation: My Season and Pick History reload as soon
    as a new data generation activates, so finals and points appear without restarting.
  • First-launch prompts stay ordered: the newcomer tour yields to update notices and
    the Software Update sheet instead of covering the action that opens a newly found release.

Match Conditions is easier to read

  • Four icon-led cards align location, venue, local kickoff, and elevation with a compact
    resolved-field indicator and dedicated source rows.
  • Home and away teams use matching recovery timelines with stable travel-origin and
    great-circle fields instead of drifting three-column text.
  • Subtle pitch-grid texture, restrained home/away accents, and a designed route canvas
    add visual structure while staying inside Golavo's existing dark editorial theme.
  • Missing route and weather coverage now have intentional, concise states. Sources,
    calculations, and the statement that this context never enters a forecast remain
    directly available.

Install and update safely

  • macOS: open the DMG, drag Golavo to Applications, then right-click Golavo and
    choose Open on first launch if Gatekeeper warns.
  • Windows: if SmartScreen appears, choose More info → Run anyway after confirming
    the download came from this GitHub release.
  • SHA256SUMS.txt detects corrupted manual downloads. In-app updates are separately
    authenticated with the updater signature compiled into Golavo.

Installers remain OS-unsigned. Golavo remains free, local-first, non-betting, and fully
usable without AI, accounts, paid APIs, or user keys.

v0.14.0

Choose a tag to compare

@github-actions github-actions released this 16 Jul 14:51

Golavo v0.14.0 — Source-aware depth, kept honest

Golavo 0.14.0 makes free-data refresh and match follow-up real without turning the
app into a background tracker or weakening the deterministic forecast boundary.

What is new

  • Approved-source refresh: consent-gated manual, launch, and while-open checks for
    martj42 internationals plus genuinely published OpenFootball World Cup and club files.
    Raw responses are hashed, schema-checked, activated atomically, and retain a
    last-known-good generation.
  • Optional OpenLigaDB overlay: keyless Bundesliga 1/2/3 and DFB-Pokal context fetched
    per user into a removable, display-only ODbL database. No OpenLigaDB bytes ship or enter
    CC0 packs, training, forecasts, calibration, settlements, or exports.
  • Geographic match context: unique-exact GeoNames places, revision-pinned Wikidata
    venue entities, an offline Natural Earth route map, and deterministic local-kickoff,
    rest, distance, and travel displays. Context is not a model input.
  • Follow this match: local follow/unfollow, targeted checks, deduplicated kickoff,
    venue, score and settlement-availability history, plus optional local notifications.
    Checks stop when Golavo closes.
  • Provenance-first corrections: source-backed local proposals with immutable history,
    explicit license namespaces, fail-closed conflicts, and user-triggered export. Proposals
    never alter packs, training data, calibration, settlements, or sealed forecasts.
  • Evidence-bound research: user-selected Wikimedia sources are captured with exact
    text, URL, retrieval time and hash; deterministic parsing precedes optional local
    AI fallback. Candidates route into correction review. DuckDuckGo HTML scraping is off.
  • Deeper deterministic explanations: Match Cockpit now names history support, exact
    model-voice gaps, capability coverage, missing evidence, and hypothetical change triggers.
    It does not call these confidence, accuracy, or causal model effects.

Release hardening

  • Match analysis uses a validated content-addressed cache and Phase 8 performs no extra
    model fit, keeping repeat exploration quick.
  • The frozen server no longer carries unrelated optional ML/dataframe runtimes; local AI
    still connects over HTTP, while desktop downloads and cold-start extraction stay lean.
  • Release builds embed and expose their exact 40-character source commit in the runtime,
    Settings, and new forecast artifacts.
  • The release workflow runs Python, determinism, provenance, license isolation, UI, and
    docs gates before platform packaging or publication.
  • Update recovery retains only the latest retired ledger generation, preventing unbounded
    Application Support growth.
  • The website and README now present the new local-data workflows, larger product media,
    and a repaired architecture diagram whose developer label stays inside its capsule.

Installers remain OS-unsigned, so Gatekeeper or SmartScreen may warn on first install.
In-app update downloads are cryptographically verified. Golavo remains free, local-first,
non-betting, and fully usable without AI, OpenLigaDB, accounts, paid APIs, or user keys.

Install and update safely

  • macOS: open the DMG, drag Golavo to Applications, then right-click Golavo and choose
    Open on first launch. If Gatekeeper still blocks it, run
    xattr -dr com.apple.quarantine /Applications/Golavo.app and open it again.
  • Windows: if SmartScreen appears, choose More info → Run anyway after confirming the
    download came from this GitHub release.
  • SHA256SUMS.txt detects a corrupted manual download; because the checksum is distributed
    beside the files, it is not an authenticity signature. In-app updates are separately
    verified against the public key compiled into Golavo before installation.
  • Builds older than v0.2.1 did not include the updater. Install v0.14.0 manually once; later
    releases can then use the consent-gated in-app update flow.

v0.13.0

Choose a tag to compare

@github-actions github-actions released this 15 Jul 18:44

Golavo v0.13.0 — Competition intelligence, kept in its lane

Golavo 0.13.0 adds competition-local strength and workload analytics, European
competition pages, exact World Cup bracket outlooks, verified domestic standings
and season gates, offline place/rest/travel context, and team-only historical
event research.

The release keeps its boundaries explicit:

  • World Cup and season outlooks are simulations, never sealed forecasts.
  • Current domestic season probabilities remain blocked without a complete,
    gap-free fixture list.
  • Pappalardo/Wyscout research is labeled by competition and era, ships no raw
    events or player identities, and never enters the model.
  • Weather has no value or provider until an issued-before-kickoff historical
    source passes the license and leakage gates.
  • World Cup 2026 now lives under International tournaments, not Domestic leagues.

Installers remain OS-unsigned, so first install may trigger Gatekeeper or
SmartScreen. In-app update downloads are cryptographically verified.

v0.12.0

Choose a tag to compare

@github-actions github-actions released this 15 Jul 05:20
814a9b1

Golavo v0.12.0

In-app updates are cryptographically signed: the updater verifies
every download against the public key compiled into the app before
installing (the .sig assets). Installers are not yet
OS-signed/notarized
, so macOS Gatekeeper and Windows SmartScreen
warn on FIRST install (macOS: right-click → Open; Windows: More
info → Run anyway). SHA256SUMS.txt detects a corrupted manual
download; it is not itself signed, so it does not by itself prove
authenticity — the in-app updater's signature check does.

Updating from v0.1.0 or v0.2.0? Builds before v0.2.1 shipped
without the in-app updater — download and install this version
manually once; after that, updates arrive in-app.

What's Changed

Full Changelog: v0.11.1...v0.12.0

v0.11.1

Choose a tag to compare

@github-actions github-actions released this 15 Jul 00:59

Golavo v0.11.1

In-app updates are cryptographically signed: the updater verifies
every download against the public key compiled into the app before
installing (the .sig assets). Installers are not yet
OS-signed/notarized
, so macOS Gatekeeper and Windows SmartScreen
warn on FIRST install (macOS: right-click → Open; Windows: More
info → Run anyway). SHA256SUMS.txt detects a corrupted manual
download; it is not itself signed, so it does not by itself prove
authenticity — the in-app updater's signature check does.

Updating from v0.1.0 or v0.2.0? Builds before v0.2.1 shipped
without the in-app updater — download and install this version
manually once; after that, updates arrive in-app.

Full Changelog: v0.10.3...v0.11.1

v0.10.3

Choose a tag to compare

@github-actions github-actions released this 14 Jul 23:21

Golavo v0.10.3

In-app updates are cryptographically signed: the updater verifies
every download against the public key compiled into the app before
installing (the .sig assets). Installers are not yet
OS-signed/notarized
, so macOS Gatekeeper and Windows SmartScreen
warn on FIRST install (macOS: right-click → Open; Windows: More
info → Run anyway). SHA256SUMS.txt detects a corrupted manual
download; it is not itself signed, so it does not by itself prove
authenticity — the in-app updater's signature check does.

Updating from v0.1.0 or v0.2.0? Builds before v0.2.1 shipped
without the in-app updater — download and install this version
manually once; after that, updates arrive in-app.

Full Changelog: v0.10.2...v0.10.3

v0.10.2

Choose a tag to compare

@github-actions github-actions released this 14 Jul 21:45

Golavo v0.10.2

In-app updates are cryptographically signed: the updater verifies
every download against the public key compiled into the app before
installing (the .sig assets). Installers are not yet
OS-signed/notarized
, so macOS Gatekeeper and Windows SmartScreen
warn on FIRST install (macOS: right-click → Open; Windows: More
info → Run anyway). SHA256SUMS.txt detects a corrupted manual
download; it is not itself signed, so it does not by itself prove
authenticity — the in-app updater's signature check does.

Updating from v0.1.0 or v0.2.0? Builds before v0.2.1 shipped
without the in-app updater — download and install this version
manually once; after that, updates arrive in-app.

What's Changed

Full Changelog: v0.10.0...v0.10.2

v0.10.0

Choose a tag to compare

@github-actions github-actions released this 14 Jul 20:06

Golavo v0.10.0

In-app updates are cryptographically signed: the updater verifies
every download against the public key compiled into the app before
installing (the .sig assets). Installers are not yet
OS-signed/notarized
, so macOS Gatekeeper and Windows SmartScreen
warn on FIRST install (macOS: right-click → Open; Windows: More
info → Run anyway). SHA256SUMS.txt detects a corrupted manual
download; it is not itself signed, so it does not by itself prove
authenticity — the in-app updater's signature check does.

Updating from v0.1.0 or v0.2.0? Builds before v0.2.1 shipped
without the in-app updater — download and install this version
manually once; after that, updates arrive in-app.

Full Changelog: v0.9.0...v0.10.0