Changelog
Compact ledger for coordinated AppSurface releases across packages, CLI tooling, examples, and docs-facing behavior.
Source of truth
This changelog is the compact release ledger for AppSurface. The monorepo ships in unison, so each tagged version covers packages, CLI tooling, examples, and docs-facing behavior from this repository together.
Reading guide
Unreleasedtracks the next coordinated version and points to the living release note.- Future tagged sections will use the shape
## x.y.z - YYYY-MM-DD. - Every tagged section will link to a matching narrative release note in
releases/. - Breaking or behavior-changing updates must record migration guidance here and in the matching release note.
Unreleased
- Narrative release note: Upcoming release note
- Upgrade policy: Pre-1.0 upgrade policy
- Authoring workflow: Release authoring checklist
ForgeTrust.AppSurface.Web.OpenApinow requiresMicrosoft.OpenApiin the range[2.7.5, 3.0.0)and usesMicrosoft.AspNetCore.OpenApi10.0.9, keeping .NET 10 consumers on the supported 2.x line above the range affected by GHSA-v5pm-xwqc-g5wc without changing OpenAPI or Scalar endpoint behavior.- AppSurface Docs now exposes Theme Contract v1 through
AppSurfaceDocs:Theme, adding dark-family presets, supported accent/link overrides, density/chrome controls, startup validation, and export/archive-safe resolved CSS variables. - AppSurface Auth adds an AppHost-only
ForgeTrust.AppSurface.Auth.Aspire.Keycloakpackage for real local Keycloak OIDC proof, with deterministic realm/client/user import, secret-safe OIDC projection, fixed-port/readiness diagnostics, and a focused AppHost/web/verifier sample. appsurface pwa verifycan now prove real entry pages such as/account/resume, follow same-origin path-base-safe redirects, assert manifest values and icon declarations, decode PNG icon dimensions for CI evidence, and prove the configured AppSurface service worker is absent when offline support is disabled.ForgeTrust.AppSurface.Webnow composes independent offline and push capabilities into one service worker, exposes inert explicit browser registration, validates a strict privacy-safe notification payload and click destination, and keeps permission, subscription, and delivery application-owned.
0.2.0-preview.2 - 2026-07-02
- Narrative release note: v0.2.0-preview.2
- Release manifest:
releases/v0.2.0-preview.2.release.json - Release evidence bundle:
releases/v0.2.0-preview.2.evidence.json
0.2.0-preview.1 - 2026-06-28
- Narrative release note: v0.2.0-preview.1
- Release manifest:
releases/v0.2.0-preview.1.release.json - Release evidence bundle:
releases/v0.2.0-preview.1.evidence.json
0.1.0 - 2026-06-27
- Narrative release note: v0.1.0
- Release manifest:
releases/v0.1.0.release.json - Release evidence bundle:
releases/v0.1.0.evidence.json - Release-candidate history:
0.1.0-rc.1- 2026-05-290.1.0-rc.2- 2026-06-030.1.0-rc.3- 2026-06-080.1.0-rc.4- 2026-06-16