33 releases 33 tags

RSS feed

• v1.0.0-beta.3 88a9b4393c

  Compare

  Morphit v1.0.0-beta.3 Stable

  agorise released this 2026-06-03 02:36:04 +00:00 | 49 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  Third public beta. This release is focused on install and upgrade
  reliability — fixing a setup bug that could stop a fresh node from
  starting, and making the install/upgrade experience smoother for
  operators of every skill level.

  If you are running beta.1 or beta.2, see Upgrading below — the
  path is slightly different this time because of the boot fix.

  Fixed

  • Setup wizard wrote two settings into the wrong file, which
    stopped the indexer from starting. morphit-ops init placed
    MORPHIT_RELAY_SIGNUP_DAILY_CEILING and
    MORPHIT_RELAY_TRUSTED_PROXY_IPS into morphit.config.env, which
    is restricted to a small allowlist of operator-tunable values. The
    indexer correctly refuses to boot when it finds non-allowlisted
    keys there, so a freshly-configured node failed to start with
    [operator-config] ... contains keys not in the operator allowlist. These two settings now go into morphit.env (matching
    the relay's environment, the env templates, and the Ansible role),
    where the relay reads them as intended. New installs are
    unaffected by the old behavior; existing operators who hit this,
    see Upgrading.

  Added

  • morphit-ops install — a guided first-time install. Checks
    prerequisites (Node, PostgreSQL, git), runs the setup wizard,
    offers server hardening, and offers to put morphit-ops on your
    PATH so you can drop the npx prefix. On a fresh Ubuntu box, the
    Ansible playbook in ops/ansible/ still does the OS-level install
    (Node/PostgreSQL/services); morphit-ops install is the
    interactive, learn-as-you-go path.

  • docs/start-here/ — a plain-language navigation hub. Tells you
    exactly which document to open for what you want to do (install,
    upgrade, fix a problem, change settings, launch). New operators
    should start there.

  • docs/MIGRATE-TO-RELEASE-TRACK.md — a one-time procedure for
    nodes that were installed with git clone and therefore can't use
    morphit-ops upgrade yet (they lack the release-info.json that
    ships inside release tarballs).

  • A throwaway-VM install validator at
    scripts/validate-fresh-install.sh for operators helping certify
    the install path.

  Improved

  • morphit-ops upgrade now finds the newest release even when it
    is flagged as a pre-release. Previously it only looked at the
    latest stable release, so during the all-beta period it could
    report "already on the latest" and never upgrade. It now prefers a
    stable release when one exists and otherwise falls back to the
    newest release of any kind.

  Upgrading from beta.1 / beta.2

  The boot fix changes what the setup wizard writes; it does not
  change what an already-installed node has on disk. So:

  • If your morphit.config.env contains
    MORPHIT_RELAY_SIGNUP_DAILY_CEILING or
    MORPHIT_RELAY_TRUSTED_PROXY_IPS (any node configured by the
    beta.1/beta.2 wizard will), the cleanest path is a fresh install
    of this release followed by re-running npx morphit-ops init,
    which writes correct config. Back up your relay key
    (apps/relay/keystore.json or .wif) and apps/relay/altnet/
    first; your PostgreSQL database and on-chain registration are not
    affected. Full steps: docs/MIGRATE-TO-RELEASE-TRACK.md.

  • Or, to keep your existing config, remove those two lines from
    morphit.config.env (the relay reads them from morphit.env
    instead) and restart. If they aren't already in morphit.env, add
    MORPHIT_RELAY_SIGNUP_DAILY_CEILING=50 (or your chosen value)
    there.

  • From this release onward, npx morphit-ops upgrade carries your
    config and keys forward automatically.

  Verify the download

  sha256sum -c morphit-v1.0.0-beta.3.tar.gz.sha256
  

  Output must say OK before you extract.

  Status

  Pre-launch beta. Not yet recommended for production traffic. The
  canonical public instance is morphit.io. Community operators
  welcome — start at docs/start-here/.

  Downloads

  • morphit-v1.0.0-beta.3.tar.gz
    8 downloads · 2026-06-03 03:11:42 +00:00 · 8.6 MiB
  • morphit-v1.0.0-beta.3.tar.gz.sha256
    3 downloads · 2026-06-03 03:11:40 +00:00 · 95 B
• v1.0.0-beta.2 99f84580ea

  Compare

  Morphit v1.0.0-beta.2 Stable

  agorise released this 2026-06-01 22:17:56 +00:00 | 53 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  Second public beta of Morphit — a federated, non-custodial, no-KYC peer-to-peer
  marketplace for fiat ↔ BTC, XMR, BLURT, USDT, USDC, DAI, BCH, LTC, DASH, DOGE,
  ZEC, ARRR, DCR, SOL, ETH, and XRP trades.

  This release builds on v1.0.0-beta.1 and is focused almost entirely on the
  operator experience — the part beta-testing surfaced as the roughest. If
  you ran a beta.1 node, the headline is that running and maintaining your
  instance is now a guided, menu-driven experience, and upgrades safely preserve
  your configuration and signing key.

  Install

  See docs/RUN-A-MORPHIT-NODE.md for the friendly walkthrough.
  Plan two evenings: the first to set up the server and install
  things, the second to troubleshoot whatever didn't work the
  first time. Runs comfortably on a $5/mo VPS or a Raspberry Pi 4.

  For the day-zero procedure (the morning-of and first-24-hour
  operator runbook) see docs/LAUNCH-DAY.md.

  For ongoing day-1-through-day-7 monitoring see
  docs/POST-LAUNCH-WEEK-ONE.md.

  Upgrading from beta.1

  Use the built-in upgrader — docs/UPGRADING.md has the full procedure:

  sudo -u morphit npx morphit-ops upgrade
  

  It downloads this release, verifies the SHA-256, backs up your current
  install, swaps in the new code, carries your config and signing key
  forward automatically, reinstalls dependencies, and restarts your
  services — rolling everything back if any step fails.

  One-time note for this specific upgrade. morphit-ops upgrade runs
  the carry-forward using the code of the version you're upgrading from.
  beta.1 predates that feature, so on this first jump your config is not
  auto-carried — it is not lost, it's in the timestamped backup. Before
  upgrading, copy morphit.config.env, morphit.env, apps/relay/keystore.*,
  and apps/relay/altnet/ somewhere safe; after the upgrade, confirm they're
  present in your install dir and, if any are missing, copy them back from
  /opt/morphit.bak-<timestamp>/ and restart morphit-indexer and
  morphit-relay. From beta.2 onward every upgrade preserves them for you.

  Your on-chain operator registration is unaffected by any upgrade — it lives
  on the Blurt chain, not in your install.

  Verify the download

  sha256sum -c morphit-v1.0.0-beta.2.tar.gz.sha256
  

  For belt-and-braces, see docs/UPGRADING.md "Belt-and-braces verification"
  — it walks you through cloning the repo separately, running
  git tag -v v1.0.0-beta.2, and re-deriving the manifest from a
  clean checkout to compare against the tarball you downloaded.

  What's new since beta.1

  Everything below is shipped, smoke-tested, and source-verifiable against the
  tagged commit.

  One command to run your instance

  • morphit-ops now opens a menu. Run it with no arguments on a
    terminal and you get a grouped, plain-English menu — set up and
    change the instance, check on it (status, signups, abuse alerts,
    pending transfers, moderation flags), or manage keys and payment
    methods — so you pick an action by what you want to do instead of
    memorizing subcommand names. Every action is still runnable
    directly (e.g. morphit-ops status), and scripts/cron are
    unaffected: non-interactive runs print help exactly as before.
  • morphit-ops edit for ongoing changes. Change your RPC
    endpoints, description/SEO, origin, listing fees, or operator tag
    without re-running the full setup. It writes atomically, preserves
    permissions, and tells you exactly which services to restart.
  • Safe re-run of the setup wizard. Running morphit-ops init on
    an instance that's already configured no longer risks clobbering it
    — it warns you, then offers to edit a few settings (recommended),
    overwrite everything (with a confirmation and a backup), or cancel.

  A dedicated hardening wizard

  • morphit-ops harden (also "Harden this server" in the menu)
    walks you through securing the host: it generates a personalized
    hardening checklist with your domain and your reverse-proxy choice
    baked in — leading with the SSH-lockout safety rule — and can walk
    you through BunkerWeb, daily database backups, and the full
    Ubuntu / SSH / firewall / fail2ban / TLS checklist, or point you at
    the fully-automated Ansible path. Nothing here is Morphit-specific;
    it's the baseline every internet-facing server needs, sequenced for
    you with copy-paste commands.

  Setup wizard improvements

  • BunkerWeb step. The setup wizard now asks whether BunkerWeb (an
    open-source reverse-proxy WAF, shipped turnkey at ops/bunkerweb/)
    will front your instance, and wires the trusted-proxy setting for
    you when you say yes — so your relay sees real client IPs.
  • Hardening step. The wizard finishes by offering to generate the
    same personalized hardening checklist described above.
  • Matrix alerting is on by default. The optional Matrix incident
    bot is now presented as a recommended default with clear setup
    steps for its own credentials, rather than an easy-to-miss opt-in.
  • Clearer prompts throughout — the wizard greeting reflects the
    real number of steps, the optional steps are clearly skippable with
    safe defaults, and the prompts spell out where each value appears
    publicly.

  Clearer on-chain registration

  • Honest, accurate output from morphit-ops register. The success
    screen no longer prints a confusing "Block: undefined" (Blurt
    confirms asynchronously — there's no block number at broadcast time)
    and no longer leaks internal RPC retry noise when your node
    transparently fails over to a healthy endpoint.
  • Specific failure guidance. When a broadcast fails, the tool now
    tells you exactly why (reserved tag, taken tag, wrong key, low Mana,
    all endpoints unreachable, …) and what to do — and on a low-Mana
    failure it offers to retry in place once you've powered up, with no
    wizard re-run.
  • Key verification made concrete. Prompts that ask you to confirm
    your relay's key now name the "Active Auth" field and give you
    the exact explorer URL — https://blocks.blurtwallet.com/#/@<your-account>
    — to check it against. morphit-ops show-key uses the same
    guidance.
  • Re-registration reminder. If you change your origin or operator
    tag with morphit-ops edit, the tool reminds you to re-run
    morphit-ops register so the rest of the federation sees the change
    (those two values live in your on-chain record; other settings are
    local-only).

  Safer upgrades

  • Your config and keys survive upgrades. morphit-ops upgrade now
    explicitly carries morphit.config.env, morphit.env, your relay
    keystore, your alt-network keys, and your hardening checklist forward
    into each new release — with their permissions intact — so a release
    upgrade brings your instance back up exactly as it was, on the new
    code, with no re-configuration. (See the one-time note above for the
    beta.1 → beta.2 jump specifically.)
  • docs/UPGRADING.md corrected and expanded to document the
    carry-forward step and the exact files preserved.

  Documentation and accuracy

  • docs/RUN-A-MORPHIT-NODE.md gained a "Managing your instance
    later" section covering the menu, the hardening wizard, and the
    re-registration rule.
  • README and operator docs were swept for accuracy against the
    actual code (app and config inventory, the relay's key type, the
    reverse-proxy configs that actually ship, and more).

  Reach

  Morphit instances are reachable over the public web, Tor .onion
  hidden services, I2P .b32 addresses, Lokinet, and Nostr. The
  federation directory at /instances on any node shows the other
  known instances and their alt-network addresses.

  Reporting issues

  Bug reports: open a New Issue on Forgejo
  (git.agorise.net/agorise/morphit) — the bug-report template
  auto-loads with the fields needed.

  Security disclosures go to the operator's Matrix DM channel
  listed in §16 of the bug-report template (or in
  docs/SECURITY.md). Do NOT post security issues as public
  Forgejo issues or in the community Matrix room.

  Acknowledgements

  Built on Blurt for the chain layer. The audit campaign is
  publicly readable in this repo, and so are the design tradeoffs
  — we made arguable calls, especially around chat-crypto
  primitives, and the reasoning is in the ADRs for you to push
  back on.

  ---

  Tag: v1.0.0-beta.2
  Built by: Forgejo Actions from a signed annotated tag (see
  .forgejo/workflows/release.yml)
  License: AGPL-3.0-only

  Downloads

  • morphit-v1.0.0-beta.2.tar.gz
    8 downloads · 2026-06-01 22:46:23 +00:00 · 8.5 MiB
  • morphit-v1.0.0-beta.2.tar.gz.sha256
    3 downloads · 2026-06-01 22:46:22 +00:00 · 95 B
• v1.0.0-beta.1 83ca7837d0

  Compare

  Morphit v1.0.0-beta.1 Stable

  agorise released this 2026-05-25 22:08:21 +00:00 | 81 commits to main since this release

  Signed by agorise

  GPG key ID: 53524E1F1017EB9C

  Morphit v1.0.0-beta.1

  First public beta of Morphit — a federated, non-custodial, no-KYC peer-to-peer
  marketplace for fiat ↔ BTC, XMR, BLURT, USDT, USDC, DAI, BCH, LTC, DASH, DOGE,
  ZEC, ARRR, DCR, SOL, ETH, and XRP trades.

  This release is for community operators who want to stand up an early
  instance and for beta testers to try real trades on morphit.io.

  Install

  See docs/RUN-A-MORPHIT-NODE.md for the friendly walkthrough.
  Plan two evenings: the first to set up the server and install
  things, the second to troubleshoot whatever didn't work the
  first time. Runs comfortably on a $5/mo VPS or a Raspberry Pi 4.

  For the day-zero procedure (the morning-of and first-24-hour
  operator runbook) see docs/LAUNCH-DAY.md.

  For ongoing day-1-through-day-7 monitoring see
  docs/POST-LAUNCH-WEEK-ONE.md.

  Verify the download

  sha256sum -c morphit-v1.0.0-beta.1.tar.gz.sha256
  

  For belt-and-braces, see docs/UPGRADING.md "Belt-and-braces verification"
  — it walks you through cloning the repo separately, running
  git tag -v v1.0.0-beta.1, and re-deriving the manifest from a
  clean checkout to compare against the tarball you downloaded.

  What's in the beta

  This is the first public release. Everything listed below is
  shipped, smoke-tested, and source-verifiable against the tagged
  commit. For the exhaustive claim-by-claim breakdown, read
  MORPHIT-BRAG-LIST.md.

  Trading

  • Sixteen tradable assets out of the box: BTC, XMR, BLURT, USDT, USDC,
    DAI, BCH, LTC, DASH, DOGE, ZEC, ARRR, DCR, SOL, ETH, XRP. Three —
    BTC, XMR, BLURT — are the original core; listing fees can be paid in
    any of them. The other thirteen are trade-only (peer-to-peer trading
    supported; listing fees still settle in BTC/XMR/BLURT). Each is enabled
    by default at the operator's instance and can be turned off per-ticker via
    MORPHIT_INDEXER_DISABLED_ASSETS or interactively at install time via the
    setup wizard's trade-only-policy step.
    • EVM-multi-network stablecoins (USDT, USDC, DAI) span four
      networks each, with a no-default-network rule so users can't
      accidentally cross-send. USDT covers Ethereum / ERC-20, Tron /
      TRC-20, Solana / SPL, and BNB Smart Chain / BEP-20. USDC covers
      Ethereum / ERC-20, Solana / SPL, Base, and Polygon. DAI covers
      Ethereum / ERC-20, Polygon, Base, and Arbitrum. Amount-jitter
      at 6-decimal precision applies (cp30 reversal of the earlier
      USDT pass-through decision — Circle/Tether/MakerDAO governance
      powers are documented per-asset as separate, independently-real
      threats).
    • UTXO chains (BCH, LTC, DASH, DOGE) accept their canonical address
      families: LTC accepts all four forms (legacy P2PKH L…, modern P2SH
      M…, deprecated P2SH 3…, bech32/bech32m ltc1…); DASH accepts both
      base58 forms (P2PKH X…, P2SH 7…); BCH covers CashAddr and legacy;
      DOGE base58 (D…). DASH ships with optional PrivateSend awareness
      — a chain-level masternode-coordinated CoinJoin variant — surfaced in
      the per-asset privacy guide; users pre-mix in their Dash wallet before
      sharing the address.
    • Shielded chains (ZEC, ARRR). ZEC supports both transparent (t1/
      t3) and shielded (zs1 Sapling, u1 Unified Address) — pick per
      trade. ARRR is shielded-by-construction (Sapling only; no transparent
      option exists at the chain layer).
    • Hybrid PoW/PoS chain (DCR — Decred) with Politeia-anchored
      governance documented in the per-asset guide.
    • High-throughput / smart-contract chains (SOL, ETH, XRP). ETH
      addresses are EIP-55 mixed-case-checksum-validated; XRP supports
      destination tags and respects the 1-XRP base reserve. Block-explorer
      health-probed at install time and re-probed on every address-share.
  • Listing fees in BLURT, BTC, or XMR — choice belongs to the
    poster. Default operator-treasury target is $0.25 USD per
    order; BLURT-paying posters get an automatic 50% discount
    (so a BLURT fee on the canonical instance currently rounds to
    ~60 BLURT ≈ $0.12).
  • First buy of BLURT is fee-waived — new users can post their
    first order without holding any BLURT.
  • Featured-slot auction with a minimum-hours floor (prevents
    micro-bid sniping), per-bidder bid history, outbid push
    notifications (cp17), and anti-snipe soft-close
    (cp18 — expiring top-5 bids extend by 5 minutes when a new
    bid arrives within the snipe window, capped at 6 extensions /
    30 minutes total).

  Identity, signup, and chat

  • No KYC, no email, no phone, no IP logging. Signup is a
    posting public key plus a chosen username.
  • Account creation is free to the user. The operator's relay
    pre-mints Account Creation Tokens (ACTs) in a weekly batch
    ceremony at ~100 BLURT each and consumes one ACT per signup
    via fee-free create_claimed_account. The user pays nothing.
  • End-to-end encrypted chat with per-message ECIES (X25519 +
    ChaCha20-Poly1305-IETF, libsodium). Sender ephemerals are
    wiped after one use. Ciphertext is stored on-chain;
    the indexer cannot decrypt. See docs/adr/0015-chat-crypto.md
    for the threat-model rationale (why no Double Ratchet).
  • Opt-in 8-word out-of-band fingerprint verification for
    belt-and-suspenders MITM protection beyond the chain-anchored
    TOFU pin. PGP word list, never BIP39 — deliberately distinct
    from seed phrases.
  • Desktop QR pairing (ADR-0022) — paired-readonly desktop
    session, posting key stays on phone, all writes route through
    phone for signing. WhatsApp-Web mental model.

  Notifications

  • Web Push subscriptions (cp13–cp16, hardened cp131) for
    chat / feedback / outbid events. VAPID-protected; subscribe
    AND unsubscribe both require a valid posting-key signature
    over a canonical message binding account-name + endpoint +
    timestamp. The canonical message ACTION keyword
    (subscribe vs unsubscribe) is part of the signed payload,
    so a captured subscribe signature cannot be replayed as an
    unsubscribe (and vice-versa). Captured signatures expire
    after 5 minutes and cannot be replayed across accounts or
    devices. Operators set
    MORPHIT_RELAY_PUSH_REQUIRE_SIGNED=true to require
    signatures (the default for new deployments); permissive
    mode is available for legacy clients during roll-forward.
  • In-tab ambient channels (title-bar badge, favicon dot,
    audio cue, vibration) work even without VAPID keys configured.

  Operator setup

  • Setup wizard (npx morphit-ops init, ~18 prompts) covers
    treasury addresses (BTC + XMR), explorer URLs with live health
    probes, listing-fee USD target with live price recompute, VAPID
    keys for Web Push, operator-tag for federation cost attribution,
    and the trade-only asset policy (per-ticker enable/disable for
    every Category-B asset: USDT, USDC, DAI, BCH, LTC, DASH, DOGE,
    ZEC, ARRR, DCR, SOL, ETH, XRP).
  • Federated cost attribution — each operator's relay pays only
    for ops that route through their own instance (operator tag
    registered on-chain via morphit_operator_register_v1).
  • Operator kill-switch for compromise scenarios — relay-side
    flag disables signups and posts a banner pointing users at
    other instances. See docs/BETA-INCIDENT-RUNBOOK.md.
  • Reproducible builds — every tarball is rebuildable
    byte-for-byte from its tagged commit; bundle hashes are
    broadcast on-chain via morphit_release_v1.

  Privacy

  • No cookies, no analytics, no third-party CDN, no Cloudflare.
  • No IP logging. The relay extracts client IP as an in-memory
    rate-limit bucket key and discards it when the window passes.
    The code carries this as a binding contract — adding IP logging
    would require an ADR and a security advisory.
  • XMR view-key privacy — the operator's private view key is
    strictly env-only on their box, never published on-chain, in
    APIs, in logs, or in release ops. Per-payment proofs are
    user-supplied at trade time.
  • Transparent-chain privacy framework (cp26 + cp30). Registry-driven
    per-asset privacy practices surface in the address-share modal
    and at /[lang]/privacy/{asset}:
    • Amount-jitter on every transparent asset (BTC, BCH, LTC, DASH,
      DOGE, ZEC transparent, DCR, BLURT — XMR has been jittered since cp3,
      and stablecoins USDT/USDC/DAI jitter at 6-decimal precision per cp30):
      default ON; adds a small random extra (≤999 sat for UTXO chains, ≤99
      milliblurt for BLURT, scaled per-asset for the others) to defeat
      amount-correlation between the orderbook post and the on-chain
      transfer.
    • Client-side address-reuse warning: localStorage-only,
      never transmitted to any Morphit server; surfaces an amber
      chip when the user is about to share an address they've
      shared from this device before.
    • Optional PayJoin (BIP-78) endpoint for BTC: when both
      seller and buyer wallets support BIP-78, the seller pastes
      their PayJoin endpoint URL into the BTC address-share modal
      and Morphit relays it via pj= in the bitcoin: URI.
      Wallets without PayJoin support fall back to a normal
      payment — zero footgun.
    • Per-asset privacy guides at /[lang]/privacy/{asset} for every
      tradable ticker, covering fresh-address practice, opt-in privacy
      tech (MWEB for LTC, CashFusion for BCH, PrivateSend for DASH,
      CoinJoin + PayJoin for BTC, Sapling/Orchard shielded sends for
      ZEC, shielded-by-default for ARRR, CoinShuffle++ for DCR),
      universal practices, and asset-specific caveats. Registry-driven:
      the next asset Morphit adds gets a privacy guide automatically by
      populating one struct field.
    • No wallet recommendations. Even reputable wallets have
      been compromised — Morphit names protocol standards, not
      wallet software.
  • DASH PrivateSend awareness (cp27). Dash's masternode-
    coordinated CoinJoin variant is documented in the per-asset
    privacy guide at /privacy/dash. Pre-mixing happens
    entirely wallet-side BEFORE the address is shared on Morphit
    — Morphit does not coordinate the mix, hold the funds, or
    expose users to masternode-trust trade-offs beyond what their
    wallet already does. The privacy guide explains the
    trade-offs honestly: anonymity set depends on simultaneous
    participants, and for the strongest privacy on Morphit XMR
    is still the right tool.

  Internationalization

  • 10 languages, fully translated: English, Spanish, French,
    German, Italian, Polish, Russian, Persian, Simplified Chinese,
    Traditional Chinese.
  • Per-locale prerendering — 170 static HTML files (17 routes
    × 10 locales) so non-English speakers never see a flash of
    English content.

  Audit and integrity

  • Several thousand self-checking smoke scenarios ship with
    the source — the exact count grows release-over-release as
    defenses are added. Run them yourself: bash scripts/run-smokes.sh.
    Triple-pulse them (three times back-to-back) to filter flakes.
  • Audit log in docs/AUDIT-2026-05.md (~25,400 lines), public
    in the repo, with every finding, every fix, every accepted
    risk documented.
  • 42 architecture decision records in docs/adr/0001-…
    through 0043-… (the 0016 slot is reserved-but-unused; its
    planned work shipped as ADR-0022).
  • AGPL-3.0-only. Operators running modified instances must
    make their source available to their users.

  Reach

  Morphit instances are reachable over the public web, Tor .onion
  hidden services, I2P .b32 addresses, Lokinet, and Nostr. The
  federation directory at /instances on any node shows the other
  known instances and their alt-network addresses.

  Reporting issues

  Bug reports: open a New Issue on Forgejo
  (git.agorise.net/agorise/morphit) — the bug-report template
  auto-loads with the fields needed.

  Security disclosures go to the operator's Matrix DM channel
  listed in §16 of the bug-report template (or in
  docs/SECURITY.md). Do NOT post security issues as public
  Forgejo issues or in the community Matrix room.

  Acknowledgements

  Built on Blurt for the chain layer. The audit campaign is
  publicly readable in this repo, and so are the design tradeoffs
  — we made arguable calls, especially around chat-crypto
  primitives, and the reasoning is in the ADRs for you to push
  back on.

  ---

  Tag: v1.0.0-beta.1
  Built by: Forgejo Actions from a signed annotated tag (see
  .forgejo/workflows/release.yml)
  License: AGPL-3.0-only

  Downloads

  • morphit-v1.0.0-beta.1.tar.gz
    7 downloads · 2026-05-25 22:31:08 +00:00 · 8 MiB
  • morphit-v1.0.0-beta.1.tar.gz.sha256
    3 downloads · 2026-05-25 22:31:27 +00:00 · 95 B