33 releases 33 tags

RSS feed

• v1.0.0-beta.13 8526656108

  Compare

  Morphit v1.0.0-beta.13 Stable

  agorise released this 2026-06-11 18:52:45 +00:00 | 24 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  A fast follow-up to beta.12 that fixes the one thing standing between an
  operator and a genuinely unattended node, plus four front-end bugs you
  would hit on day one. Headline: the relay's systemd service now
  actually starts. beta.12 shipped the relay as a hardened, sandboxed
  systemd unit — but the sandbox restricted network address families to
  IPv4/IPv6 only and left out Unix domain sockets, which the TypeScript
  runtime (tsx) needs for its own internal plumbing. The result was a
  relay that crash-looped at boot with EAFNOSUPPORT. This release adds
  AF_UNIX back to every affected unit, so the relay (and the MCP and
  mint-acts units) come up cleanly. Recommended for all operators, and
  especially anyone who did the beta.12 systemd migration and found the
  relay wouldn't stay up. This release also folds in a comprehensive
  pre-release hardening audit (details under the hood).

  Added

  • A "Forget address history" control. Settings → Privacy now lets you
    clear the crypto addresses Morphit remembers on your device for
    autofill — it shows how many are stored and wipes them on a two-step
    confirm. That list was always local-only and never left your device;
    this just gives you a one-tap way to clear it.

  Fixed

  • The relay systemd service no longer crash-loops at startup. The
    shipped morphit-relay.service (and morphit-mcp.service,
    morphit-relay-mint-acts.service) sandboxed the process to
    AF_INET AF_INET6 and omitted AF_UNIX. The TypeScript runner
    communicates over a Unix domain socket internally, so that socket
    failed to open and the service never came up. All three units now
    permit AF_UNIX. The indexer unit was already correct and is
    unchanged.

  • Footer "Media kit" and "PGP keys" links no longer 404. Clicking
    the media-kit (/morphit-mediakit.zip) or PGP-keys (/pgp_keys.asc)
    links — and the warrant-canary link — used to land on a blank 404 with
    a spurious language prefix in the URL. The client-side router was
    intercepting these file links and mistaking the filename for a locale.
    They now force a real browser navigation and download/open correctly.
    The same fix was applied to the corresponding links on the Security
    and "About this instance" pages.

  • Block-explorer search for an account no longer 404s. Searching the
    explorer for an account (for example @morphit) used to land on a
    blank 404 because the resulting navigation dropped the active language
    prefix from the URL. Account, transaction, and block searches now keep
    the locale prefix and resolve correctly.

  • An instance's "Registered" date now shows the real date. The
    morphit.io card on the Instances page showed Registered: — instead
    of the operator account's on-chain creation date. It now shows the
    real date (18 April, 2026 for @morphit). On upgrade the indexer also
    repairs any directory row that still carries the old placeholder, so
    the date appears after the next indexer start — without overwriting a
    genuine registration date for any real peer.

  • An instance no longer shows itself as "Unreachable." The directory
    probe was firing a real HTTP request at the node's own public URL to
    decide reachability. Many deployments can't reach their own public
    address from inside the box (no hairpin NAT / loopback), so a healthy
    node reported itself Unreachable. The probe now recognises its own
    origin and marks it reachable locally instead of round-tripping over
    the network. Real peers are still probed exactly as before.

  • Some in-app links could land on a blank 404. A sweep of internal
    links found 23 that were missing the active language prefix —
    including two-segment chat and order-detail links (which 404'd) and a
    dead "inbox" link with no destination. All now navigate correctly.

  • The MCP server no longer exposes a lister's fee mechanics to AI
    agents. The read-only get_listing tool (used by AI agents querying
    the public orderbook over the MCP server) returned the raw owner-view
    record, which included the lister's internal fee method and status. It
    now returns the same public-fields-only view as the search tool.

  • The "Can I trade goods and services?" FAQ now matches the full asset
    list. It had enumerated only 10 of the supported assets; it now uses
    drift-proof wording ("BTC, XMR, Blurt, or any other coin Morphit
    lists") that won't go stale as the asset list changes.

  Under the hood

  • Several new regression smokes guard the fixes above: the two from
    the systemd/static-asset fixes (a check that fails if any
    tsx/node/npm unit restricts address families without AF_UNIX,
    and a check that fails if any same-origin static-asset link is missing
    the attribute that forces a real navigation), plus checks that every
    internal link carries a language prefix, that every operator-doc
    section reference in the code resolves to a real heading, that the MCP
    tools only ever return public fields, and that the test battery's
    registration stays internally consistent.

  • A comprehensive pre-release audit. Before this release every code
    path was re-walked: a hostile-operator re-pass of all 17 chain-operation
    handlers (zero new findings), plus passes over navigation, cross-stack
    wiring, error/empty states, regex and SSRF defenses, database fields,
    memory teardown, broken references, the MCP server, dead translation
    keys, the ops-cli command surface, and the privacy claims in the docs
    (no-IP-logging, no-cookies, no-analytics — each verified against the
    code). Findings were fixed in-line; the items above are the
    user-visible ones.

  • The Farsi (فارسی) translation was professionally revised — 114
    strings improved by a native translator (more natural phrasing,
    properly localized UI terms, a corrected right-to-left URL), kept at
    full key parity with the other locales.

  • Broader search descriptions. The orderbook, FAQ, post-order, and
    sign-in pages now signal the full range of supported coins in their
    search-result descriptions — not just the BTC, XMR, and Blurt
    flagships — across all ten languages, so the pages can surface for
    people searching to buy or sell the other listed coins.

  ---

  Upgrade notes

  This is a drop-in upgrade from beta.12. If you did the beta.12 systemd
  migration and the relay would not stay running, this release is the fix:
  after upgrading, re-copy the shipped unit files into place and reload
  systemd (the upgrade pulls the corrected units; copying them is what
  applies the AF_UNIX change). The indexer restart also re-seeds the
  federation directory, which is what corrects the "Registered" date and
  the self-"Unreachable" status on your own instance card.

  Downloads

  • morphit-v1.0.0-beta.13.tar.gz
    3 downloads · 2026-06-11 19:30:43 +00:00 · 9.2 MiB
  • morphit-v1.0.0-beta.13.tar.gz.sha256
    3 downloads · 2026-06-11 19:30:41 +00:00 · 96 B
• v1.0.0-beta.12 7e98f353da

  Compare

  Morphit v1.0.0-beta.12 Stable

  agorise released this 2026-06-11 03:46:02 +00:00 | 25 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  A reliability, operations, and polish release. It supersedes the
  incomplete beta.11 (whose release never finished) and folds in all of
  that work, then adds the headline change: Morphit nodes now run as
  proper systemd services that survive reboots and restart themselves —
  and the relay unlocks its signing key at boot from an encrypted
  credential, so there is no plaintext passphrase on disk and nothing to
  type by hand. Operators no longer need to babysit screen sessions.
  The rest is a guided web-firewall installer, a smarter upgrade that
  won't strand a running node on old code, clearer menu labelling, and a
  round of front-end polish. Recommended for all operators — the
  systemd setup is a one-time migration that makes a node genuinely
  unattended (see the migration note at the end and RUN-A-MORPHIT-NODE.md
  "Set up systemd services").

  Added

  • Proper systemd services for the indexer and relay — unattended,
    reboot-surviving, self-restarting. The shipped
    morphit-indexer.service and morphit-relay.service now match the
    standard /opt/morphit layout, come back automatically after any
    reboot, and restart on failure. No more running the services inside
    screen and re-attaching to fix them. (If you installed somewhere
    other than /opt/morphit, a one-line systemd drop-in points the
    units at your paths — the docs show how.)

  • The relay's signing key is unlocked at boot by an encrypted
    credential — no plaintext passphrase, ever. The relay's active key
    stays encrypted at rest; its passphrase is supplied via a systemd
    encrypted credential (systemd-creds), bound to the host (and the
    TPM, if present) and useless if copied off the machine. The decrypted
    value lives only in RAM and never appears in the process environment
    or on persistent disk. The relay unit refuses to start without it,
    by design, so a node can never silently fall back to a plaintext
    secret.

  • A guided, plain-English BunkerWeb installer in morphit-ops. The
    web-firewall menu entry can now install and bring up the optional
    BunkerWeb WAF for you, with a confirmation at each step, instead of
    only reporting its status.

  • A no-database "is the indexer caught up?" health view in the menu.
    A new menu item checks the running indexer over HTTP (/v1/health) —
    sync state, last indexed block, and lag — and works without database
    or config access, so you can check sync as an ordinary user.

  • Menu items that need elevated privileges now say so. Every
    morphit-ops action that reads the root-owned config, touches the
    database, or runs a privileged system operation now carries a dim
    (needs sudo) on its first line. The only unprivileged actions — the
    HTTP health check and Quit — are left unmarked.

  Changed

  • The upgrade is safer about a running node. morphit-ops upgrade
    now refuses to prune an old backup directory while processes are still
    running out of it, and warns — with process IDs and restart guidance —
    if it finds an indexer or relay still running on the old code after an
    upgrade (the exact situation that can otherwise strand a node on a
    stale tree).

  • Front-end polish. A brighter, wider shimmer on the wordmark; the
    brand gradient now headlines the glossary, explorer, instances, and
    QR-pair-login pages; and the instances list renders each node's
    registration date in a clean "18 April, 2026" form (with a guard
    against placeholder/epoch dates).

  • Clearer privacy wording. The privacy/terms copy that explains what
    is public on the blockchain now reads more plainly — your offers, and
    the feedback and reviews you leave and receive, are public for
    reputation, posterity, and your own research on other traders — across
    all ten languages.

  • A brighter "update available" marker in the upgrade menu, so it
    stays legible on pale terminal themes.

  Fixed

  • The coin carousel renders left-to-right in right-to-left locales.
    The scrolling asset strip is now forced dir="ltr" so the tickers
    don't reverse under the Farsi layout.

  • The upgrade reliably refreshes the front end. The upgrade
    identifies the running front-end container by its build bind-mount and
    restarts it directly, with no assumptions about its compose project or
    container name — so the new build is actually served afterwards.

  • Removed a dead translation key. An unused "welcome" string was
    deleted from the locale files.

  Under the hood

  • systemCheck now recognises Linux Mint and verifies Postgres and
    Docker availability, and the main menu was reorganised into a
    top-to-bottom, newcomer-friendly walkthrough with plain-English
    recommendations and their trade-offs.
  • The relay's key-unlock path gained non-interactive credential-file and
    environment-variable modes — the credential file is the enforced
    production path; the environment variable is dev-only and logs a
    warning — covered by fourteen unit scenarios.
  • New regression coverage: the menu's (needs sudo) tagging is asserted
    against the live menu, so a future command can't silently gain or skip
    the marker.

  ---

  Upgrading an existing node to unattended systemd (one time). After
  you've updated the tree to beta.12:

  1. Create the relay credential, using the same passphrase you already
     use to unlock the relay key:

     echo -n '<relay-passphrase>' | sudo systemd-creds encrypt --name=relay_passphrase - /etc/morphit/relay_passphrase.cred
     

  2. Install and enable the services:

     sudo cp /opt/morphit/ops/systemd/morphit-{indexer,relay}.service /etc/systemd/system/
     sudo systemctl daemon-reload
     sudo systemctl enable --now morphit-indexer morphit-relay
     

  3. Verify: sudo systemctl status morphit-indexer morphit-relay, and
     check the indexer with morphit-ops health.
  4. Once both are healthy, stop the old screen sessions.

  See OPERATIONS.md §3 ("Relay reboot") and RUN-A-MORPHIT-NODE.md ("Set up
  systemd services") for the full details and the threat model.

  Downloads

  • morphit-v1.0.0-beta.12.tar.gz
    5 downloads · 2026-06-11 04:22:41 +00:00 · 9.1 MiB
  • morphit-v1.0.0-beta.12.tar.gz.sha256
    3 downloads · 2026-06-11 04:22:39 +00:00 · 96 B
• v1.0.0-beta.11 57c7ef73c8

  Compare

  Morphit v1.0.0-beta.11 Stable

  agorise released this 2026-06-10 23:06:04 +00:00 | 27 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  A large operator-experience release. The morphit-ops command-line tool
  gains a guided BunkerWeb installer, an API-based indexer-health
  view that works without root or database access, a redesigned
  top-to-bottom setup menu, and broader OS recognition across the
  Debian/Ubuntu family — including hardened, lightweight servers like
  Kicksecure and popular derivatives like Linux Mint and Pop!_OS. It also
  ships the real fix for the post-beta.10 "frontend stale after
  upgrade" problem (now detected by the build-directory mount rather than a
  container name, so custom reverse-proxy stacks are handled too), plus a
  right-to-left display fix on the coin carousel. Recommended for every
  operator.

  Added

  • Guided BunkerWeb installer — morphit-ops bunkerweb. When the WAF
    isn't up yet and you're at an interactive terminal, the command now
    walks you through bringing up the canonical ops/bunkerweb/ stack:
    it confirms before each step, copies the shipped config into
    /etc/bunkerweb (never clobbering an existing one), prompts for and
    validates your domain (SERVER_NAME), guards against the missing-TLS-
    certificate crash-loop (pointing you at morphit-ops ssl first), then
    runs docker compose pull and docker compose up -d and re-verifies.
    Status checks (when the stack is already up, with --json, or
    non-interactively) remain read-only.

  • morphit-ops health — indexer health over HTTP. A new menu view
    that queries the running indexer's /v1/health endpoint and prints a
    one-line verdict — synced, behind (with the lag in blocks), or
    unreachable — plus the healthy/total RPC count. Because it talks
    HTTP rather than reading the database or config, it works as the
    unprivileged morphit user even when the full Status dashboard can't.
    Exit code is 0 synced, 1 behind, 2 unreachable — drops straight
    into a cron health-check.

  • Broader operating-system support. The setup pre-flight now
    green-lights the whole Debian/Ubuntu family as first-class: Ubuntu
    24.04/26.04 LTS and Debian 12+, plus popular derivatives recognized
    automatically from their base codename — Linux Mint, Pop!_OS, Zorin
    OS, KDE neon, elementary OS — and hardened-Debian distributions like
    Kicksecure, which make excellent lean, security-focused nodes. The
    pre-flight also gained PostgreSQL and Docker checks.

  Changed

  • Redesigned morphit-ops main menu. Reorganized into four
    lifecycle groups — Install & upgrade, Configure the instance,
    Secure the server, Check & operate — in a newbie-friendly
    top-to-bottom order, with plain-language blurbs and recommendations
    that state their tradeoffs. Three similarly-named commands (doctor /
    health / status) are now disambiguated by purpose.

  • "● update available" is now bright yellow in the menu, so a
    pending upgrade is easy to spot at a glance.

  Fixed

  • morphit-ops upgrade reliably republishes the web frontend on any
    Docker deployment. The upgrade now finds the frontend container by
    the apps/web/build bind-mount it carries — regardless of the
    container's name (morphit-frontend, bunkerweb-frontend-1, a
    hand-rolled stack, …) — and docker restarts it so it serves the
    freshly-built files. Earlier releases recreated a container matched by
    name through the example compose file, which missed custom or renamed
    stacks; mount-based detection handles them with no manual steps.

  • Coin carousel renders left-to-right in right-to-left locales. On
    the Farsi interface the asset carousel is now pinned to dir="ltr" so
    ticker symbols and prices read in the correct order.

  • Removed a dead, unused translation key left over from an earlier
    release.

  Notes for operators

  • Debian 12+ and Kicksecure are supported via the manual setup
    path (morphit-ops install), not the one-command Ansible playbook —
    the playbook targets the Ubuntu 24.04 "noble" family (Ubuntu 24.04,
    Mint 22, Pop!_OS, Zorin 17, KDE neon, elementary). See
    docs/RUN-A-MORPHIT-NODE.md §3.

  • If a custom BunkerWeb stack left your frontend stale after a previous
    upgrade, beta.11's morphit-ops upgrade detects and restarts your
    container automatically — no by-hand --force-recreate needed.

  ---

  Morphit is non-custodial and no-KYC. As always, verify the release
  signature against the published fingerprint before deploying.

  Downloads

  • morphit-v1.0.0-beta.11.tar.gz
    4 downloads · 2026-06-10 23:56:33 +00:00 · 9.1 MiB
  • morphit-v1.0.0-beta.11.tar.gz.sha256
    3 downloads · 2026-06-10 23:56:31 +00:00 · 96 B
• v1.0.0-beta.10 94922e8c28

  Compare

  Morphit v1.0.0-beta.10 Stable

  agorise released this 2026-06-10 17:09:59 +00:00 | 29 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  A focused operator-reliability release. It fixes a bug in morphit-ops upgrade that left the web frontend stale after an upgrade on BunkerWeb
  deployments — the backend would move to the new version while visitors
  kept loading the old build (and never saw the "Load it now" update
  prompt, because the old build was still being served). Recommended for
  every operator, especially anyone running the BunkerWeb WAF.

  If your site upgraded but still shows the previous version, this release
  is the fix — and you can confirm the stale state with
  curl -s https://<your-host>/_app/version.json (an unchanged build
  timestamp after an upgrade means the frontend wasn't rebuilt).

  Fixed

  • morphit-ops upgrade now always rebuilds and republishes the web
    frontend. Previously the rebuild step only ran when the bare-metal
    web root (/var/www/morphit-frontend) existed. On a BunkerWeb
    deployment — where the site is served by the frontend container from
    a different path, not /var/www — the upgrade silently skipped the
    rebuild, upgraded the backend, and reported success, leaving the
    container serving the old build. The web app is now rebuilt on every
    upgrade regardless of deployment style.

  • The upgrade now publishes the new build to the right place
    automatically. It detects how your site is served and acts
    accordingly: on bare-metal nginx it copies the build into your web
    root (as before); on BunkerWeb it recreates the frontend container so
    it picks up the freshly-built files (a running container otherwise
    keeps serving the pre-upgrade build). If neither is found — a
    non-standard setup — it leaves the rebuilt files on disk and tells you
    exactly where, instead of failing quietly.

  Notes for operators already on beta.9

  If you upgraded to beta.9 with morphit-ops upgrade on BunkerWeb and your
  frontend is stuck on the old version, you don't need to wait for this
  release to recover the current box — rebuild and recreate the container
  by hand:

  cd /opt/morphit/apps/web && npm run build
  docker compose -f /opt/morphit/ops/bunkerweb/docker-compose.yml up -d --force-recreate frontend
  

  (Node 22 is required for the build.) Once you're on beta.10, future
  upgrades do this for you.

  ---

  Morphit is non-custodial and no-KYC. As always, verify the release
  signature against the published fingerprint before deploying.

  Downloads

  • morphit-v1.0.0-beta.10.tar.gz
    4 downloads · 2026-06-10 17:58:06 +00:00 · 9.1 MiB
  • morphit-v1.0.0-beta.10.tar.gz.sha256
    4 downloads · 2026-06-10 17:58:04 +00:00 · 96 B
• v1.0.0-beta.9 cb99b9acea

  Compare

  Morphit v1.0.0-beta.9 Stable

  agorise released this 2026-06-10 07:15:12 +00:00 | 30 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  A security-hardening and correctness release on top of beta.8. Three
  operator-facing fixes lead it: the price-manipulation defenses are now
  fully active and visible on /v1/health; the Content-Security-Policy
  that was breaking in-browser crypto on some deploys is root-caused and
  fixed (and is now identical across every deploy path); and the
  production rate-limiting that could ban a busy instance for an hour is
  fixed. The rest is home/login polish, fresher FAQ and feed metadata, and
  a clean hostile-input audit of every indexer handler. Recommended for
  all operators — especially anyone who saw a blank/broken page behind a
  WAF, or whose instance was getting rate-limit-banned.

  Added

  • The price-manipulation defenses are now fully active and visible.
    Two of the three anti-manipulation detectors were built but not yet
    switched on: the slow-drift detector (catches a "frog in boiling
    water" attack that nudges the price a little each cycle) and the
    native-vs-external detector. Both are now wired alongside the existing
    cross-instance peer detector, and all three report their status in the
    /v1/health response so operators and monitors can see them working.

  • Feed readers now auto-discover all three formats. Every page that
    offers a feed advertises RSS 2.0, Atom, and JSON Feed in its
    autodiscovery tags (previously only RSS), so a reader finds whichever
    format it prefers without you pasting a URL.

  Changed

  • A correct, privacy-clean Content-Security-Policy on every deploy
    path. We root-caused why the CSP was sometimes blanking the site or
    breaking sign-in: it was being emitted as a <meta> tag that browsers
    can't fully enforce and that clobbered the working header. It is now a
    single real header, byte-identical across the nginx config, the
    operator docs, and the BunkerWeb path, and it keeps the QR-login camera
    working while dropping the external price API entirely for privacy. The
    Permissions-Policy is now a real header too. Operators who had been
    hand-editing the policy out should remove that workaround.

  • Production rate-limiting no longer bans busy instances. The WAF's
    per-IP limit on the API was tighter than a single page load, so a
    normal burst of requests could trip it, escalate to an hour-long IP
    ban, and then feed on its own error responses. The ceiling is raised to
    sit comfortably above the app's own fine-grained limiter, and a
    rate-limit burst can no longer escalate into a ban.

  • A lighter home page and a polished login. The "Welcome to your
    instance" banner is gone, the login heading now uses the brand
    gradient, and the wordmark's shine is slower and dimmer. The page shell
    shipped on every request is about a hundred lines lighter.

  • Fresher FAQ and machine-readable site description. The
    AI-crawler corpus that describes Morphit to assistants was out of date
    and is resynced (and now guarded against drifting again). The "follow
    Morphit with RSS" FAQ answer no longer implies that only three assets
    have feeds — every supported asset does.

  Fixed

  • The FAQ accordion opens reliably from a "related" link. Clicking a
    related-article pill at the bottom of an answer now scrolls to and
    opens the target article, instead of scrolling to a still-closed one.

  • The ops CLI no longer writes a placeholder tagline. Pressing Enter
    at the optional "Instance tagline" prompt during morphit-ops init
    used to save the literal text "A Morphit instance" to your config (and
    surface it on the homepage and in the federated directory). The prompt
    is now genuinely optional and writes nothing when left blank.

  • Source-repository labels corrected. The machine-readable site files
    now correctly identify the canonical source as the self-hosted Forgejo
    instance rather than a GitHub mirror.

  • Removed a duplicate database-schema definition. One table used by
    the price-drift defense was declared twice in the schema. It was
    harmless — the database created it once — but the duplicate is removed
    so the two copies can never drift apart.

  Under the hood

  • A complete hostile-input audit of all seventeen indexer message
    handlers came back clean, with one low-severity hardening fix: the
    forbidden-character policy that strips invisible/bidi control
    characters from user input had drifted slightly between handlers and is
    now converged (while deliberately keeping the right-to-left marks that
    the Farsi locale needs), with a new guard so the copies can't diverge
    again.

  • New regression guards were added: one keeps the AI-crawler corpus in
    sync with the source FAQ, and one keeps the Content-Security-Policy and
    Permissions-Policy byte-identical across all four deploy surfaces and
    rejects a weakened-but-consistent edit.

  ---

  Morphit is non-custodial and no-KYC. It never holds your keys and never
  takes custody of funds. As always, verify the release signature against
  the published fingerprint before deploying.

  Downloads

  • morphit-v1.0.0-beta.9.tar.gz
    5 downloads · 2026-06-10 07:50:46 +00:00 · 9.1 MiB
  • morphit-v1.0.0-beta.9.tar.gz.sha256
    4 downloads · 2026-06-10 07:50:44 +00:00 · 95 B
• v1.0.0-beta.8 5af5363530

  Compare

  Morphit v1.0.0-beta.8 Stable

  agorise released this 2026-06-09 07:16:19 +00:00 | 33 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  A front-end, feeds, and operator-tooling release on top of beta.7.
  Every orderbook feed now comes in three formats — RSS 2.0, Atom, and
  JSON Feed — so any reader works, and one click on the orange RSS pill
  copies the feed's URL in whichever format you prefer. The home page
  and orderbook get a round of polish, operators running Linux Mint can
  now provision a node, and the ops CLI restarts the affected services
  for you after a config change. Recommended for all operators.

  Added

  • Every feed now speaks three formats — RSS 2.0, Atom, and JSON
    Feed. The worldwide, per-asset, and per-trader orderbook feeds are
    each available as .xml (RSS 2.0), .atom (Atom 1.0), and .json
    (JSON Feed 1.1), all carrying identical order data — pick whichever
    your reader prefers. Click any orange RSS pill — in the site footer,
    beside a filtered orderbook, or on a trader's profile — to choose a
    format and copy its URL to your clipboard. The picker and its
    confirmation are translated into all ten languages. See the "Can I
    follow Morphit with RSS?" entry in the FAQ.

  • The ops CLI restarts the affected services after a change. After
    you edit your instance configuration or wire alternative-network
    (Tor / Lokinet / I2P) footer addresses, morphit-ops now offers to
    restart the affected services for you, so the change takes effect
    without having to remember the systemctl incantation. Declining
    leaves everything untouched.

  • Linux Mint is a supported node OS. The Ansible provisioning
    playbook now recognises Mint and other Ubuntu noble derivatives
    and provisions them correctly, rather than only bare Ubuntu. See
    RUN-A-MORPHIT-NODE.md.

  Changed

  • A more polished home page and orderbook. "Products" are now
    called "goods" throughout, the home-page hero copy is tightened,
    "global" is now "worldwide," the home-page cards share an even
    height, and the wordmark's entrance animation has been retired in
    favour of a subtle header shine. On the orderbook, the filter
    dropdowns close cleanly the moment you pick an option. Updated in
    all ten languages.

  • The create-order form is easier to follow. The asset, currency,
    and payment fields now show a green focus ring as you tab through
    them — matching the region and "I want to see" fields — and the
    region field types out real place names one character at a time as a
    gentle hint (and stays still if you've asked your system to reduce
    motion).

  • A refreshed batch of FAQ answers for clarity and accuracy,
    across all ten languages.

  Fixed

  • The per-trader feed link now points to the trader's profile. The
    "follow this trader" subscribe link advertised a homepage URL that
    no longer exists; the feed now links to the trader's /@handle page,
    the same canonical profile URL used everywhere else on the site.

  Downloads

  • morphit-v1.0.0-beta.8.tar.gz
    3 downloads · 2026-06-09 07:35:27 +00:00 · 9 MiB
  • morphit-v1.0.0-beta.8.tar.gz.sha256
    3 downloads · 2026-06-09 07:35:25 +00:00 · 95 B
• v1.0.0-beta.7 dffd12b705

  Compare

  Morphit v1.0.0-beta.7 Stable

  agorise released this 2026-06-07 03:44:20 +00:00 | 35 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  A front-end and operator-tooling release on top of beta.6, capped by
  a full pre-release security and quality audit. The orderbook is much
  easier to filter — search coins, currencies, and payment methods as
  you type, and narrow to barter (products & services) listings. Operators
  get a new control to enable or disable individual payment methods, a
  single-host deploy recipe that is now correct out of the box, and a
  moderation fix so a seller you've blocked can no longer sway the price
  your instance computes. This release is recommended for all operators.

  Added

  • A much richer orderbook filter row. The asset picker now shows
    each coin's icon and lets you pick "Barter (products & services)";
    the currency filter is a type-ahead that accepts one or more
    currencies by name or ISO code (and the indexer matches any of
    them); and the payment-method filter is a type-ahead too. All three
    behave like the FAQ search — type, pick, and your choices become
    removable chips. The currency list loads only when you tap the
    field, so it costs nothing for visitors who never use it.

  • Operators can enable or disable specific payment methods. A new
    MORPHIT_INDEXER_DISABLED_PAYMENT_METHODS setting (mirroring the
    existing disabled-assets control) lets you turn individual payment
    methods — including Barter — on or off for your instance. The setup
    wizard has a step for it, your /about-this-instance page shows
    your policy, and the admin setup-wizard page gives you a checklist
    with a copy-paste env line. An order is only rejected if every one
    of its payment methods is disabled; mixed orders are kept. Default:
    every method enabled. See the "Payment-method configuration" section
    of OPERATIONS.md and the "Payment methods" section of
    RUN-A-MORPHIT-NODE.md.

  Changed

  • Clearer, friendlier orderbook filter wording in all ten
    languages (for example "I want to see" / "Everything", "Highest
    rated users first", "Most experienced users first"), plus an
    animated example placeholder in the region field that cycles through
    real place names.

  • Buttons use the brand teal with legible white text. The primary
    button face was retuned to a deeper teal so white labels meet the
    WCAG AA contrast bar, while the vivid teal stays in the animated
    border and accents.

  • A wider, dismissable FAQ search. The search field is full-width
    on phones and centered on larger screens, dims the page behind it
    while open, and clears when you press Escape or tap outside.

  • A simpler, more honest Get-Morphit page. A no-KYC directory
    that isn't a code mirror was removed from the mirrors list, and the
    "update available" prompt now says, plainly, that reloading the page
    applies the update.

  • A bigger homepage wordmark, with all three logo dots visible and
    orbiting as intended.

  • Single-host nginx configs reconciled. ops/nginx/web.conf is now
    the colocated single-server config — it serves the site and proxies
    /v1/, /rss/, and /relay/ to the local indexer and relay — and
    the split-subdomain configs are clearly labeled optional/advanced. An
    operator who copies the shipped nginx files now gets a working
    single-host deploy. See RUN-A-MORPHIT-NODE.md §8 (Configure nginx).

  Fixed

  • Instance-local moderation now also covers your price feed. When
    you block an account, its listings were already hidden from your
    orderbook; now its orders are also dropped from the median behind
    your instance's own derived morphit_native / depeg price, so a
    blocked seller can no longer skew the price your instance computes
    from its orderbook. Blocking remains instance-local, reversible, and
    off-chain. See OPERATIONS.md §6a and RUN-A-MORPHIT-NODE.md §9.1.2.

  • The mobile language picker is no longer clipped, and the
    duplicate "Login / Register" link that showed on small screens has
    been removed (the avatar menu is the single sign-in entry point).

  • The security page no longer says "(in Phase 5)."

  Upgrading

  Use morphit-ops upgrade (or the Upgrade menu item). Your
  configuration, signing key, and per-network keys are carried forward
  automatically, and the services restart on the new code. There are no
  database migrations and no required configuration changes. If you want
  to disable any payment methods, set the optional
  MORPHIT_INDEXER_DISABLED_PAYMENT_METHODS (it defaults to all methods
  enabled). Most of this release is front-end, operator tooling, and
  documentation, but upgrading via a release is still the cleanest path.

  Downloads

  • morphit-v1.0.0-beta.7.tar.gz
    5 downloads · 2026-06-07 04:22:15 +00:00 · 8.8 MiB
  • morphit-v1.0.0-beta.7.tar.gz.sha256
    3 downloads · 2026-06-07 04:22:14 +00:00 · 95 B
• v1.0.0-beta.6 fbfa61043f

  Compare

  Morphit v1.0.0-beta.6 Stable

  agorise released this 2026-06-06 04:31:10 +00:00 | 37 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  A round of operator-quality-of-life and front-end polish on top of
  beta.5, driven by a real first install and a careful pre-release
  review. Operators get a clearer status dashboard (including proof
  their backups are running), a safer recovery command, and a
  single-host deploy recipe that actually works the first time.
  Visitors get a simpler "Get Morphit" page, a friendlier language
  picker, shared links that no longer 404, and a new FAQ explaining
  why Morphit's code is mirrored so widely. This release is
  recommended for all operators.

  Added

  • Status dashboard now shows your recent backups. morphit-ops status (menu item #10, "Status dashboard") ends with a Backups
    section listing your last three database backups — newest
    first, with each file's age and size — plus the backup directory
    and a reminder of how to copy a file off the host. It's the quick
    "are my backups actually happening?" check, and it gives you the
    exact path to download a backup or hand it to a developer if you
    ever need help. It's read-only and reads only the backup directory
    — never your database password or any keys. --json includes the
    same data. See OPERATIONS.md §31 and RUN-A-MORPHIT-NODE.md §10.

  • A "Why so many mirrors?" link on the Get Morphit page, and a FAQ
    answer to match. Morphit's source code is mirrored across many
    independent code hosts on purpose — decentralization is the second
    design priority, right behind privacy. A project that lives in one
    place can be taken down in one place, so the AGPL source lives on
    our own Forgejo server (the canonical copy), on GitHub, on more git
    hosts as they come online, and as a content-addressed copy on IPFS
    that no single host controls. If any one of them blocks or drops
    Morphit, every other copy is still there and anyone can re-host it.
    The new FAQ ("Why is Morphit's source mirrored to so many code
    hosts?") explains the reasoning, and you can verify any running
    instance against the SHA-256 hashes published on the Blurt chain.

  Changed

  • fast-forward is now a recovery-only command, with a guard. A
    normal install never needs it — the indexer starts at the Morphit
    genesis block and resumes from where it left off on every restart —
    so it's been moved out of the morphit-ops menu to keep it from
    becoming a footgun. It's still available directly when you need it
    for recovery, and it now refuses to run if your indexer looks
    live (its cursor was touched in the last ~90 seconds) unless you
    pass --force.

  • The morphit-ops menu now catches your eye when it matters. The
    "Upgrade to the latest version" line turns bold yellow when a newer
    release is available, and the "Status dashboard" line turns yellow
    or red when your relay balance is getting low — so you notice
    before it becomes a problem.

  • The "Get Morphit" page is simpler and accurate. Morphit installs
    as a Progressive Web App straight from your browser on Android,
    iPhone/iPad, and desktop — there is no APK, app-store listing, or
    native package, by design. The page now leads with that, and adds a
    "Source code & mirrors" section pointing at every place the code
    lives.

  • A friendlier language picker. With ten languages the selector
    used to run off the bottom of the screen; it's now a compact grid
    that fits any screen and scrolls if needed.

  Fixed

  • Shared links with the language prefix stripped no longer 404. A
    link like /faq?q=... (missing the /en/ prefix) now detects your
    browser's language and redirects to the right page, preserving the
    query and anchor, instead of showing an error.

  • A single-host (one server) deploy now works the first time. The
    documented nginx recipe now serves the prerendered site correctly
    (it was returning a 403 on locale pages) and routes the indexer and
    relay APIs to the right place (signup and the orderbook were
    failing). Live updates (the orderbook, chat, and instances streams)
    and the RSS feeds now route correctly on a single host too, and the
    OPERATIONS.md reference config plus the bundled BunkerWeb config
    are aligned with it. If you run the indexer, relay, and web app on
    one box, re-check RUN-A-MORPHIT-NODE.md §8 (and §24/§32 of
    OPERATIONS.md if you front it with BunkerWeb).

  • Deploys can no longer leave the app showing a blank page. The
    service worker now rebuilds redirected responses on navigations, so
    a page cached during a brief deploy-time redirect window can't break
    loading afterward. (If you ever hit a blank page mid-upgrade, a hard
    reload clears it.)

  • The "Create an account" link from the post page no longer 404s,
    and the comparison/settings input fields now match the dark theme.

  Upgrading

  Use morphit-ops upgrade (or the Upgrade menu item). Your
  configuration, signing key, and per-network keys are carried forward
  automatically, and the services restart on the new code. Most of this
  release is front-end and documentation, but upgrading via a release is
  still the cleanest path. There are no database migrations and no
  configuration changes required.

  Downloads

  • morphit-v1.0.0-beta.6.tar.gz
    4 downloads · 2026-06-06 04:48:16 +00:00 · 8.7 MiB
  • morphit-v1.0.0-beta.6.tar.gz.sha256
    3 downloads · 2026-06-06 04:48:15 +00:00 · 95 B
• v1.0.0-beta.5 3a4d1af2ea

  Compare

  Morphit v1.0.0-beta.5 Stable

  agorise released this 2026-06-04 21:07:26 +00:00 | 41 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  Two operator-facing improvements on top of beta.4. First, your
  instance is now far more resilient to flaky Blurt RPC nodes — a
  single dead or rate-limited node no longer stalls your sync, and
  you can check your endpoints before you rely on them. Second, you
  can now moderate your own instance: review the abuse signals the
  indexer already collects and hide a troublesome account's listings
  — without touching the chain, anyone's funds, or any other
  instance. This release is recommended for all operators.

  Added

  • Instance-local moderation — review flags and block accounts.
    Morphit's indexer already watches for two abuse patterns: accounts
    that review each other suspiciously often (reciprocity rings) and
    accounts that look like the same person behind several names.
    beta.5 turns those signals into something you can act on. Run
    morphit-ops moderation (or pick Moderation from the
    morphit-ops menu) to review the flagged accounts and block any of
    them right there; you can also block or unblock any account by name
    with morphit-ops block <account> [reason] and morphit-ops unblock <account>.

    A block is instance-local. It hides that account's listings
    everywhere your instance shows them — the public orderbook, the
    per-account view, featured slots, the RSS feeds, and the live
    stream — and nothing more. It does not broadcast anything to
    the chain, does not touch anyone's funds, keys, or identity,
    and has no effect on any other Morphit instance. It is fully
    reversible. A blocked person signed in on your instance sees a
    clear, non-alarming banner explaining that their posts are hidden
    on this instance only and remain visible on every other Morphit
    instance, with a link to reach you — which is the whole point of a
    federation: no single instance can censor anyone across it. See
    OPERATIONS.md §6a and RUN-A-MORPHIT-NODE.md §9.1.2.

  • RPC endpoint health — checked before, and visible during, a run.
    morphit-ops doctor and the setup wizard (morphit-ops init) now
    test each Blurt RPC endpoint you have configured — a real chain
    query, not just a DNS lookup — and tell you in plain English
    whether they are all reachable, some are down, or all are dead,
    before you depend on them. (Pass --no-rpc to doctor to skip
    it.) And /v1/health now reports how many of your RPC endpoints are
    currently healthy, with full per-endpoint detail in the verbose
    view, so you can tell at a glance whether a sync problem is an RPC
    problem.

  • The morphit-ops menu now shows your version and pending flags.
    The menu lists your installed version next to Upgrade (and the
    latest available release, when it can reach the release server),
    and the number of unresolved moderation flags next to
    Moderation, so both are visible the moment you open the menu.

  Fixed

  • A single dead or rate-limited RPC node no longer stalls your
    instance. Two related fixes. The indexer now ships with the same
    built-in list of working Blurt RPC nodes the relay already had:
    previously the indexer required you to configure endpoints with no
    fallback, so a node set up with a list that later went dead — while
    the relay quietly ran on its own good defaults — could freeze the
    indexer's sync. Both services now fall back to the same vetted
    four-node list when the setting is absent, and the setup wizard
    writes that same list to both. Separately, an RPC node that is up
    but rate-limiting you (HTTP 429) or briefly erroring (502/503/504)
    is now treated as a reason to rotate to the next node and back off,
    instead of surfacing as a hard failure — so a throttling or flaky
    node is routed around automatically.

  • Quieter, clearer RPC logs. The noisy Didn't failover… lines
    the underlying Blurt library printed on every transport hiccup are
    now suppressed. Your real endpoint health is on /v1/health
    instead.

  Everything from beta.4 still applies

  beta.4 added morphit-ops doctor (a read-only "will my node start?"
  check) and fixed an indexer boot crash that happened when a Matrix
  room was set for operator alerts, plus two settings the setup
  wizard was not writing. See RELEASE-NOTES-v1.0.0-beta.4.md for
  details.

  Upgrading

  • If you installed cleanly from a recent release and your node runs,
    just npx morphit-ops upgrade to pick this up (it carries your
    config and keys forward). After upgrading, it is worth running
    morphit-ops doctor once — it now checks your RPC endpoints too.
  • No configuration change is required on your side. If you had
    manually copied RPC endpoints into MORPHIT_INDEXER_RPC_ENDPOINTS
    as a workaround, you can keep them or remove them — the indexer now
    has a safe built-in default either way.

  Verify the download

  sha256sum -c morphit-v1.0.0-beta.5.tar.gz.sha256
  

  Output must say OK before you extract.

  Status

  Pre-launch beta. Not yet recommended for production traffic. The
  canonical public instance is morphit.io. Community operators
  welcome — start at docs/start-here/.

  Downloads

  • morphit-v1.0.0-beta.5.tar.gz
    5 downloads · 2026-06-04 21:44:00 +00:00 · 8.7 MiB
  • morphit-v1.0.0-beta.5.tar.gz.sha256
    3 downloads · 2026-06-04 21:43:59 +00:00 · 95 B
• v1.0.0-beta.4 ec6b1d5b29

  Compare

  Morphit v1.0.0-beta.4 Stable

  agorise released this 2026-06-03 06:05:32 +00:00 | 44 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  A small but important fix on top of beta.3: the indexer could fail
  to start on instances that set a Matrix room for operator
  alerts. If you are on beta.3 (or earlier) and your indexer starts
  fine, this release is still recommended but not urgent. If your
  indexer crashes at boot with ReferenceError: require is not defined, this release fixes it.

  Added

  • morphit-ops doctor — a read-only "will my node start?" check.
    Run it from your install directory and it tells you, in plain
    English, whether the indexer and relay will start with the config
    you have on disk — before you start them. It reports exactly
    what is wrong (a missing required setting, a value in the wrong
    file, a key-file permission) and how to fix it, and it changes
    nothing on your system. If your node won't boot, run morphit-ops doctor first. It also runs a short security check: it tells
    you whether your relay's active key is encrypted or stored in
    plaintext (and how to encrypt it), and flags any secret file that
    other users on the box can read. (This security check is
    operator-only — it is deliberately not exposed on the public
    health endpoint.)

  Fixed

  • Indexer crashed at startup when MORPHIT_INDEXER_OPERATOR_MATRIX_ROOM
    was set. The config code validated the Matrix room alias using a
    CommonJS require() call, which is undefined in the indexer's
    ES-module runtime — so boot failed with ReferenceError: require is not defined the moment a non-empty room value was present.
    Instances that left the room unset were unaffected, which is why
    it surfaced late. The validator now uses a normal module import.
    Added a startup regression test (and a repo-wide guard against
    this whole class of CommonJS-in-ESM bug) so it cannot recur.

  • Setup wizard never wrote two settings the indexer requires.
    An instance configured with morphit-ops init (rather than the
    Ansible playbook) was missing MORPHIT_INDEXER_PUBLIC_ORIGIN and
    MORPHIT_INDEXER_OFFICIAL_POSTING_PUBKEY, so the indexer refused
    to start with config validation failed: ... Required. The wizard
    now writes both — the public origin (the same one it already asks
    you for) and the official @morphit posting key (a fixed value,
    the same for every instance). If you set up via the wizard and your
    indexer won't start citing these, re-run npx morphit-ops init on
    this release, or add both to your morphit.env by hand (see
    ops/env/indexer.env.example).

  Everything from beta.3 still applies

  beta.3 fixed the setup wizard writing two settings into the wrong
  file (which stopped the indexer from booting with an "operator
  allowlist" error), added the guided morphit-ops install, the
  docs/start-here/ navigation hub, the migrate-to-release-track
  guide, and made morphit-ops upgrade discover pre-release-flagged
  releases. See RELEASE-NOTES-v1.0.0-beta.4.md for details.

  Upgrading

  • If you installed cleanly from the beta.3 release and your indexer
    runs, just npx morphit-ops upgrade to pick this up (it carries
    your config and keys forward).
  • If your beta.3 indexer crashed at boot with the require error,
    upgrade to this release and start it again — no config change
    needed on your side.

  Verify the download

  sha256sum -c morphit-v1.0.0-beta.4.tar.gz.sha256
  

  Output must say OK before you extract.

  Status

  Pre-launch beta. Not yet recommended for production traffic. The
  canonical public instance is morphit.io. Community operators
  welcome — start at docs/start-here/.

  Downloads

  • morphit-v1.0.0-beta.4.tar.gz
    11 downloads · 2026-06-03 06:41:20 +00:00 · 8.6 MiB
  • morphit-v1.0.0-beta.4.tar.gz.sha256
    4 downloads · 2026-06-03 06:41:18 +00:00 · 95 B