Releases: zR-JB/graphite-meter
Release list
v0.2.0
What's Changed
- Contain mobile drawer gestures by @zR-JB in #52
- feat: add selectable HTTP/1.1, HTTP/2, and HTTP/3 targets by @zR-JB in #53
Full Changelog: v0.1.5...v0.2.0
v0.1.5
What's Changed
Full Changelog: v0.1.4...v0.1.5
v0.1.4
What's Changed
- build(deps-dev): bump the client-deps group in /client with 5 updates by @dependabot[bot] in #43
- Unify effective throughput measurement across server and clients by @zR-JB in #45
- Fix wire-rate compensation model and automatic transport detection by @zR-JB in #46
- Detect trusted proxy client IP family for wire-rate compensation by @zR-JB in #48
- Fix throughput chart leakage across stage warmups by @zR-JB in #50
Full Changelog: v0.1.3...v0.1.4
v0.1.3
What's Changed
- fix tui bidirectional result drain by @zR-JB in #37
- Fix mobile touch ergonomics in the Svelte client by @zR-JB in #38
- Fix stage track and gauge state across throughput transitions by @zR-JB in #39
- Cleanup/svelte client lean pass by @zR-JB in #40
- Resolve CodeQL HTML comment stripping warning by @zR-JB in #41
- Align Svelte client pipeline with Bun and CI gates by @zR-JB in #42
Full Changelog: v0.1.2...v0.1.3
v0.1.2
What's Changed
- fix(preflight): advertise a real wss origin behind a TLS-terminating proxy by @zR-JB in #29
- Add unit tests across Go server/TUI/Svelte client, clean up narrative comments, harden CI by @zR-JB in #31
- Replace xorshift with crypto rand by @zR-JB in #32
- Fix upload/download measurement asymmetry in the native client + TUI polish by @zR-JB in #33
Full Changelog: v0.1.1...v0.1.2
v0.1.1
What's Changed
Full Changelog: v0.1.0...v0.1.1
⚠️ Windows Defender warnings & verifying this release
Windows may flag the native go TUI client: graphite-meter-client.exe (e.g. Trojan:Win32/Wacatac.C!ml or a SmartScreen prompt). This is most likely a false positive — Defender's ML heuristics routinely flag unsigned Go binaries with no download history, and this project has no code-signing certificate. Don't take that on trust: this release is bit-for-bit reproducible, so you can verify it yourself.
1. Verify your download
Checks the archive wasn't corrupted or swapped in transit (checksums.txt covers the archives):
# Linux / macOS
sha256sum -c checksums.txt --ignore-missing# Windows — compare against the matching line in checksums.txt
Get-FileHash .\graphite-meter-client_0.1.1_windows_amd64.zip -Algorithm SHA2562. Rebuild from source and compare
Proves the binary contains exactly the tagged source. Works from any OS (Go cross-compiles deterministically); needs only Git and Go. GOTOOLCHAIN pins the exact release compiler — a different Go version legitimately changes the bytes. core.autocrlf=false and the clean-tree check matter: any modification flips the embedded vcs.modified flag and the hash.
# Linux / macOS
git clone -c core.autocrlf=false https://github.com/zR-JB/graphite-meter
cd graphite-meter && git checkout v0.1.1 && cd go
git status --porcelain # must print nothing
GOTOOLCHAIN=go1.26.4 CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -trimpath \
-ldflags "-X github.com/zR-JB/graphite-meter/go/internal/goclient.Version=0.1.1" \
-o graphite-meter-client.exe ./cmd/graphite-meter-client
sha256sum graphite-meter-client.exe# Windows
git clone -c core.autocrlf=false https://github.com/zR-JB/graphite-meter
cd graphite-meter; git checkout v0.1.1; cd go
git status --porcelain # must print nothing
$env:GOTOOLCHAIN="go1.26.4"; $env:CGO_ENABLED="0"; $env:GOOS="windows"; $env:GOARCH="amd64"
go build -trimpath -ldflags "-X github.com/zR-JB/graphite-meter/go/internal/goclient.Version=0.1.1" -o graphite-meter-client.exe ./cmd/graphite-meter-client
Get-FileHash .\graphite-meter-client.exe -Algorithm SHA256Compare against the binary extracted from the release archive (hash the binary, not the zip/tar.gz — archives embed timestamps and never reproduce). Expected hashes for v0.1.1:
7ec6abba846dcb02e58c602097779c765f4d707364f117b900c06e6ec379e018 windows/amd64 graphite-meter-client.exe
302637289ee7bb84773e6f64a9e300a9afb8278856ee7d49272161272e0fb060 linux/amd64 graphite-meter-client
d1756f9c91a6c5c432634e1ffc08ac50d003113b83f9d5afea71c4cf7891fcd2 linux/arm64 graphite-meter-client
347709f591330543e1ab0eb5da83eb88f1aad246679f08d56881443a08442cd0 darwin/amd64 graphite-meter-client
386c2ace0c26beb7d14184050c10c9435b3bf464187cc1f747c272e92a7708c2 darwin/arm64 graphite-meter-client
For other platforms, change GOOS/GOARCH and drop the .exe. If a hash differs, go version -m <binary> prints every build input (compiler, vcs.revision, vcs.modified, all dependency checksums) — the differing line is your explanation.
3. Audit the code and dependencies
The client is small: go/cmd/graphite-meter-client + go/internal/goclient — no os/exec, no telemetry, no network destination beyond the server URL you pass it. Four direct dependencies (Charm Bubble Tea TUI stack, coder/websocket, santhosh-tekuri/jsonschema), all hash-pinned in go/go.sum and verified against Go's public checksum transparency log on every build. cd go && GOOS=windows go mod why -m <module> explains why any dependency is present. The pipeline (release.yml) uses SHA-pinned actions and only publishes tags merged to main.
v0.1.0
What's Changed
- Ci/GitHub actions by @zR-JB in #17
- ci: add branch guard, merge conflict markers, large files guard, gitleaks secret pre runs by @zR-JB in #19
- rename xhr-stream transport identifier to fetch-stream by @zR-JB in #20
- build(deps-dev): bump the client-deps group in /client with 8 updates by @dependabot[bot] in #18
- fix(build): unify client/server version stamping, guard release tags by @zR-JB in #21
- feat(bidirectional): implement real concurrent down+up transfer by @zR-JB in #22
- Prepare for release by @zR-JB in #23
- ci: release.yml now supports staged pre-releases. by @zR-JB in #24
- feat(cli): version-stamp the native TUI client, publish it on releases by @zR-JB in #25
New Contributors
- @zR-JB made their first contribution in #17
- @dependabot[bot] made their first contribution in #18
Full Changelog: https://github.com/zR-JB/graphite-meter/commits/v0.1.0