• v1.0.0-beta.31 444ce29527

    Morphit v1.0.0-beta.31
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 38s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 31s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 13s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 17m53s
    morphit-release / Build + publish release tarball (push) Successful in 18m43s
    Stable

    agorise released this 2026-06-25 23:42:42 +00:00 | 59 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    This release makes publishing to the chain more private and more reliable, fixes a
    settings bug that could show you another account's profile, polishes the sign-in and
    locked-screen experience, unifies the navigation arrows, fixes the desktop update
    banner, and clears out some obsolete account-creation machinery for operators.

    Nothing here changes how trading works, what anything costs, or what data Morphit
    keeps (still none of it). If you're already signed in, your account, keys, and
    balances carry over untouched.

    Privacy and reliability

    • Publishing to the chain now goes through your operator's own node. Previously,
      every action you published — placing or editing an order, sending a chat message,
      updating your profile, leaving feedback — was sent straight from your browser to a
      third-party Blurt node. That leaked your IP address and your exact action to a node
      Morphit doesn't control, and it broke entirely if that node went down or changed
      its settings. Now those writes travel through the same node that already serves the
      app, so outsiders never see your connection, and if anything does go wrong you get
      the real reason instead of a generic "couldn't broadcast" message. This matches how
      reading already worked, and it falls back to the old path automatically if your
      operator's node is briefly unreachable, so it can never be less reliable than
      before.

    • Fixed: switching accounts could show the previous account's profile. If you
      signed out and back in as a different account, the Settings page could show the
      earlier account's display name, short bio, and links. Profile drafts are now kept
      separately per account, the leftover shared drafts are cleared, and the form fills
      in from what's actually on chain for the account you're signed in as.

    • Clearer connection errors in Settings. The RPC-endpoint panel in Settings now
      tells you why a node isn't responding — "Timed out", "Unreachable", or the HTTP
      error — instead of only showing it as failing.

    Signing in

    • The header button says "Unlock" when your keys are saved. On a device that
      remembers your keys, the top-right button now reads "Unlock" (and takes you to the
      welcome-back screen) instead of "Start", which looked as if you had no account. A
      brand-new device still says "Start".

    • Refreshing a locked page sends you home. If you refresh, lock, or arrive on a
      page that needs you signed in — settings, posting, chat, backups, two-factor —
      while your session is locked, you now land on the homepage with that "Unlock"
      button, instead of being stranded on an empty page.

    • The password field is focused and ready. On the welcome-back screen you can now
      just type your password and press Enter; the field is focused automatically.

    • Matching icons on the sign-in buttons. The "sign in with your keys" and "use my
      phone" buttons now use crisp matching icons.

    Your profile, orders, and settings

    • Save-locally buttons everywhere they belong. The blurt.media and Nostr fields
      now each have a "Save locally only" button alongside "Save & broadcast", matching
      the short-bio field.

    • Small fixes: the blurt.media and Nostr inputs now show one clear colour per
      state instead of a doubled border, profile icons are spaced consistently, and the
      balance refresh button always shows a visible spin when you tap it.

    • Clearer "My Orders" when you're signed out. If you open your orders page before
      signing in — or on a locked device — the page now explains what to do in its own
      words (with both a "create an account" and an "I already have an account" option),
      rather than borrowing the wording from the order-posting screen. A locked device
      never reveals your past trades.

    Getting around

    • Unified navigation arrows. The back and forward arrows across the app now share
      one consistent style — they slide in the direction they point and turn green on
      hover, with no underline — matching the "Learn more" arrows on the homepage. They
      also point the correct way in right-to-left languages.

    • A tidier sign-up intro. The introductory explanation now appears only on the
      first sign-up step instead of repeating on every step.

    Updates

    • Fixed the "update available" banner on desktop. The banner could get stuck or
      reload the page on its own. Now it only reloads when you choose "Load it now", the
      "Later" button simply dismisses it for the session, and it reappears on its own if
      a newer version is deployed.

    Help / FAQ

    • FAQ links now scroll to the right place. Footer links into the FAQ (such as the
      AGPL-3.0 and API links) now smoothly scroll to and open the article they point at,
      even for articles far down the page.

    • A safer seed-import button. On the import screen, the "Unlock my account" button
      now activates only when you've entered exactly twelve words, so a stray paste can't
      light it up prematurely.

    For operators

    • Footer addresses show only what you've configured. The Tor, i2p, Lokinet, Nostr,
      and ENS pills in the footer now appear only for the networks you've actually set,
      instead of showing greyed-out placeholders for the ones you haven't.

    • ENS links to the bare name. An advertised ENS address now links to the bare name
      (e.g. morphit.eth), which ENS-aware browsers resolve directly with no centralized
      gateway.

    • Removed the obsolete weekly ACT-minting machinery. Since beta.28, account
      creation pays the chain's creation fee inline with a direct account_create op, so
      the old weekly "mint Account Creation Tokens" ceremony no longer exists. This
      release removes the leftovers that still referred to it: two dead systemd unit
      templates, a dead helper script entry, and stale instructions in the launch
      checklist, automation notes, security notes, and the Ansible deployment role that
      told you to run a command that no longer exists. What you need to do is unchanged
      and simpler:
      keep @morphit-relay funded with enough liquid BLURT to cover
      signups (about 100 BLURT per account). If you're upgrading from an older deploy that
      set up the weekly timer, you can remove the morphit-relay-mint-acts service and
      timer; they do nothing now.

    • As with recent betas, this release changes no third-party dependencies.

    Under the hood

    • A fresh, independent code review re-ran the full test, type-check, and
      security-smoke suites from a clean slate and confirmed everything passes, including
      a close look at the new same-origin publishing path (it only forwards the
      operations Morphit actually uses, the transaction stays signed entirely on your
      device, and it's rate-limited) and the per-account profile fix.
    Downloads
  • v1.0.0-beta.30 41f38fd40a

    Morphit v1.0.0-beta.30
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 39s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 31s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 13s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 17m29s
    morphit-release / Build + publish release tarball (push) Successful in 18m37s
    Stable

    agorise released this 2026-06-25 02:00:26 +00:00 | 60 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    This release fixes an important sign-in reliability problem, adds a short bio to your
    profile, tidies up the settings and sign-up screens, makes the navigation arrows
    easier to see, and gives operators a new decentralized address option plus a fix for
    a crash in the node-management tool.

    Nothing here changes how trading works, what anything costs, or what data Morphit
    keeps (still none of it). If you're already signed in, your account, keys, and
    balances carry over untouched — and thanks to the fix below, staying signed in is now
    more reliable.

    Staying signed in

    • Refreshing the page no longer signs you out. If you chose to be remembered on
      this device, a normal page refresh could quietly drop you back to the import
      screen, as if you'd never saved your keys. That's fixed: refreshing the page,
      closing a tab, or locking one tab now leaves your saved keys in place, and only a
      real sign out clears them. Signing out in one tab still signs you out of the
      others, as before.

    Your profile and settings

    • New: a short bio. You can add an optional short bio (up to 128 characters) to
      your profile from Settings. It appears under your name on your profile page. Like
      your display name, you can save it on this device only or broadcast it so other
      instances see it.

    • Clearer save buttons. The two profile-save buttons are now labelled
      "Save locally only" and "Save & broadcast", with a one-line explanation of each
      above them, so it's obvious which one keeps a change on your device and which one
      publishes it.

    • A tidier settings screen. The avatar card moved up next to your account name,
      some wordy explanations were trimmed, and the auto-lock timer now shows a brief
      "Changed to …" confirmation when you pick a new value.

    Signing up

    • A progress bar. New accounts now see a simple "Step X of Y" progress bar during
      sign-up, so you can tell how far along you are. (If you're importing an existing
      account, you won't see it — that path is a single step.)

    Getting around

    • Bigger, clearer navigation arrows. The small back and forward arrows around the
      app are now larger and easier to see, and they match the colour and size of the
      text next to them. They also point the correct way in right-to-left languages.

    • Consistent back links. The "back" links at the top of the block explorer,
      privacy, and two-factor pages now all use the same clear styling instead of three
      different colours.

    Two-factor settings

    • A clearer two-factor page. The authenticator-app two-factor settings page got a
      visual tidy-up — its expandable sections are easier to spot, the recommended and
      not-recommended app lists are alphabetised, and the headings are clearer. (How
      two-factor works is unchanged.)

    For operators

    • A new decentralized address option: ENS (.eth). Your instance can now
      advertise an ENS .eth name alongside its Tor, i2p, and Lokinet addresses. It
      appears in the footer and on the instances page and links out through .eth.limo,
      giving visitors another censorship-resistant way to reach your node. Set it from
      the init wizard or the morphit-ops alt-address command; it's a display-only
      pointer, so there's no key to manage.

    • Fixed: the morphit-ops menu could crash after an upgrade. If you ran
      morphit-ops from a directory that had been replaced during an upgrade, choosing
      most menu items (edit settings, alternate addresses, status, and so on) would crash
      with a uv_cwd error. The tool now recovers cleanly and works regardless of which
      directory you launch it from.

    • As with recent betas, this release changes no third-party dependencies.

    Under the hood

    • A fresh, independent code review of the recent changes re-ran the full test and
      type-checking suite from a clean slate and confirmed everything passes, with the
      sign-in fix above pinned by an automated regression test so it can't quietly return.
      A few internal code comments were also brought back in line with how the sign-in
      code now actually behaves.
    Downloads
  • v1.0.0-beta.29 5199375ae9

    Morphit v1.0.0-beta.29
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 42s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 33s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 15s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 18m7s
    morphit-release / Build + publish release tarball (push) Successful in 18m41s
    Stable

    agorise released this 2026-06-24 03:11:16 +00:00 | 61 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    This release is mostly about making your account protection more trustworthy and
    your wallet and profile screens more accurate. The biggest work happened in the
    parts you can't see — the code that guards your keys — but there are also a number
    of visible fixes across the wallet, the profile, sign-up, the block explorer, and
    the operator tools, plus a new FAQ entry explaining why Morphit is licensed the way
    it is.

    Nothing here changes how trading works, what anything costs, or what data Morphit
    keeps (still none of it). If you're already signed in, you don't need to do
    anything; your account, keys, and balances carry over untouched.

    Your account protection

    • Changing your password no longer risks your hardware key. If you protect your
      account with a YubiKey, changing your password used to quietly drop the hardware
      key — afterwards the key could no longer unlock you. That's fixed: a password
      change now keeps every unlock method you've set up exactly as it was, hardware key
      included. (Two-factor authenticator codes were always preserved, and still are.)

    • Enrolling a hardware key now proves it actually works first. When you add a
      YubiKey, Morphit now checks that the key produces a real, unique response before it
      trusts it for unlocking — and refuses to finish if it can't. This closes a subtle
      way a misbehaving key or browser could have left you with a "protected" account
      that wasn't genuinely protected. Your password remains a fallback, so a bad key can
      never lock you out.

    • A long-standing flaw in the encrypted key store was fixed. A wrong internal
      setting meant the hardware-key / layered key-store path could fail when writing —
      it now works correctly. This path requires a physical key, so it never affected
      password-only accounts.

    Wallet and profile

    • Voting power now matches your Blurt wallet. The "Voting" figure on your balance
      card and on explorer account pages now uses the same calculation Blurt's own wallet
      shows, to two decimals, instead of a different measure that could read low.

    • The balance card refreshes on demand and animates changes. A refresh button
      (matching the one on explorer pages) lets you pull fresh numbers, and changed
      balances count up smoothly rather than jumping.

    • Your profile picture is consistent everywhere. The little identicon in the
      account menu now always matches the one on your profile and settings — it used to
      occasionally show an older version until a full page reload.

    • Clearer sign-up. While you type a username, the claim button now previews
      "Claim my @yourname username now" in real time, the field shows a clear invalid
      state when a name is taken or reserved, and the "are you sure you want to leave?"
      prompt wording is plainer.

    • Smaller touches. The on-screen private key now carries a lock icon so it's
      obvious it's secret; low-balance hints are now a readable amber with a warning
      icon; a duplicate "sign out" button was removed from settings (the one in the
      account menu stays); and several support and explorer links now open correctly in
      a new tab.

    • Block explorer link fixes. Transaction and block links that could land on a
      "not found" page now resolve correctly, and the account page shows all four Blurt
      key types (owner, active, posting, memo).

    Connectivity

    • The node list is clearer and sortable. Your settings now list the relay/index
      nodes best-first, with a refresh button to re-check their speeds, latencies shown
      in seconds (turning amber when a node is slow), a plain "Error: " when a node
      is failing, and the full set of network nodes shown — including the ones your
      browser can't reach directly but your instance uses behind the scenes.

    A note on the license

    • New FAQ: "Why does Morphit use the AGPL-3.0 license?" A short, plain-language
      explanation of the privacy-and-freedom reasoning behind Morphit's copyleft license
      — why it's a better fit than permissive or no-license alternatives for software
      meant to be forked and run by anyone. The "AGPL-3.0" text in the footer now links
      straight to it.

    For operators

    • Two i2p addresses, not one. Your instance can now advertise both an
      always-resolvable .b32.i2p address and a human-readable .i2p vanity address
      (either, both, or neither), set independently. Existing single-address setups keep
      working.

    • Editing one alternate address no longer wipes the others. A bug in the main
      morphit-ops menu could erase your Tor, i2p, or Nostr addresses when you edited a
      different one. Editing alternate-network addresses now keeps the values you don't
      touch, the same way Branding & SEO already did. If your live instance lost its Tor
      onion to this, you can re-add it from the dedicated alt-address command without
      waiting — it's per-network and won't disturb the rest.

    • Node-health shows your sign-up funding at a glance. The morphit-ops node
      health view now surfaces your relay's account-creation funding status alongside
      version and uptime.

    • The desktop "update available" prompt now appears reliably, and a caching bug
      that made the footer occasionally "forget" your instance's name (and could serve
      stale data on mobile) is fixed; the fix heals itself on the next deploy with no
      hard reload needed.

    • As with recent betas, this release changes no third-party dependencies.

    Under the hood

    • The cryptographic core of both two-factor methods is now covered by automated
      tests
      for the first time — the full hardware-key enroll-and-unlock round trip and
      the authenticator-code enroll-and-verify flow, including that codes survive a
      password change, plus the new enrollment-verification guard described above.

    • The hardware-key USB transport has a complete, documented diagnosis of what still
      needs fixing on real hardware.
      The browser-to-key byte protocol has known issues
      that can only be verified and corrected with a physical key in hand; rather than
      guess, the exact problems are now written down in the code, and the enrollment
      guard above prevents an unverified key from ever being trusted in the meantime.

    Downloads
  • v1.0.0-beta.28 d18868dd80

    Morphit v1.0.0-beta.28
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 1m2s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 43s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 16s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 23m53s
    morphit-release / Build + publish release tarball (push) Successful in 25m10s
    Stable

    agorise released this 2026-06-23 06:36:04 +00:00 | 62 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    This release changes how your instance creates new Blurt accounts at signup, so
    that it uses the only account-creation method Blurt still supports. Until now the
    relay relied on Blurt's Account-Creation-Token system — minting tokens ahead of
    time and spending one per signup. Blurt disabled that system at a hard fork (both
    of its operations now hard-fail on the chain), so the relay now creates each
    account with a direct account-creation operation instead, paying the chain's
    account-creation fee inline at the moment someone signs up.

    For people signing up, nothing changes: registration still costs you nothing, you
    still get the welcome bonus after your first completed trade, and listing fees are
    unchanged. The difference is entirely on the relay's side — how it talks to the
    chain to create your account.

    Behind Morphit's beta access gate this hadn't surfaced as a visible failure yet,
    but the old token-based path would have blocked signups on any public instance.
    This release puts account creation back on a working footing.

    Changed

    • New accounts are created with a direct account-creation operation. The relay
      now pays the chain's account-creation fee (about 100 BLURT) inline, per signup,
      reading the exact current fee from the chain each time so it always matches what
      the network requires. The previous token-based approach — minting Account
      Creation Tokens in advance and consuming one per signup — is gone, because Blurt
      no longer allows either token operation. The account that ends up created, the
      one BLURT of starter bandwidth it receives, and the welcome bonus after a first
      trade are all exactly as before.

    For operators

    • No more token minting — keep the relay funded instead. There is no longer a
      weekly token-minting ceremony, no in-process auto-minter, and no mint-acts
      script or timer. Your relay creates each account by paying the fee directly from
      its liquid BLURT, so the one thing it needs is enough BLURT on hand to cover your
      signups (roughly 100 BLURT each, plus the welcome bonuses for people who go on to
      trade). When the balance runs low the relay pauses signups cleanly and your
      alert bot messages you over Matrix; top it up and signups resume on their own
      within about thirty seconds. The total cost is the same as before — only the
      timing changed, from pre-paying a weekly batch to paying per signup.

    • Upgrading from an earlier deploy: after morphit-ops upgrade, remove the
      leftover token-minting pieces if you set them up — the
      morphit-relay-mint-acts.service and .timer units, and any
      MORPHIT_RELAY_AUTOMINT_* or MORPHIT_RELAY_WEEKLY_ACT_COUNT lines in your
      relay's environment file. They no longer do anything. The funded-balance alert
      you may already have configured (the indexer's relay-balance threshold) keeps
      working unchanged. See OPERATIONS.md §0a for the funding math and §47 for the
      low-balance alerts. As with recent betas, this release changes no third-party
      dependencies.

    Under the hood

    • A regression guard pins the new path. A new automated check verifies that the
      relay builds the direct account-creation operation with the fee paid inline and
      the exact field layout the chain expects, and fails if anyone ever tries to bring
      back the disabled token operations. The key-custody design is unchanged — the
      same online key that signed the old operation signs the new one — and the
      architecture decision record and operator runbook have been updated to match.
    Downloads
  • v1.0.0-beta.27 7a5415a8a1

    Morphit v1.0.0-beta.27
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 1m0s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 42s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 14s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 22m40s
    morphit-release / Build + publish release tarball (push) Successful in 23m45s
    Stable

    agorise released this 2026-06-23 03:10:48 +00:00 | 63 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A small reliability release with one fix at its heart: your instance now routes
    around a Blurt RPC node that has gone down, instead of getting stuck on it. Every
    instance talks to a set of public Blurt nodes for reading the chain and
    broadcasting operations, and it already prefers the fastest one and fails over
    when a node times out or refuses the connection. But if a node's upstream proxy
    answered with an "origin is unreachable" error (the 520–527 status range), the
    instance treated that as a normal rejection and gave up on that request rather
    than trying another node. That's fixed: those errors are now recognized as "this
    node is unreachable — try the next one," so reads and broadcasts hop past a dead
    node automatically.

    The most visible symptom of the old behavior: a relay with a healthy BLURT
    balance could still mint zero account-creation tokens if the one node it
    reached for that broadcast happened to be down — the auto-minter would log a
    single failure and stop. With this release, a single down node no longer stalls
    account-creation token minting, signups, or anything else the relay or indexer
    broadcasts; the instance simply uses a node that's up.

    For operators: morphit-ops upgrade handles this release the usual way — it runs
    npm ci and rebuilds the web frontend, the command-line tools, and the MCP
    server for you. Like the last several betas, this release changes no
    third-party dependencies
    , so there's no special install step. Managing which
    Blurt RPC nodes your instance uses is the relay and indexer's job (with the
    upgrade flow keeping the defaults current) — never something you should have to
    hand-edit while the software is running.

    Fixed

    • Your instance routes around a downed Blurt RPC node. When a node's upstream
      proxy returns an "origin unreachable" error (HTTP 520–527 — e.g. 521 "web
      server is down"), the instance now classifies it as an unreachable endpoint and
      rotates to a healthy node, applying the same back-off it already uses for
      timeouts and rate limits. Previously these surfaced as ordinary errors, so a
      single down node could dead-end a request. This is what could leave a
      fully-funded relay minting zero account-creation tokens — its fastest node was
      down and it didn't fail over. Reads and broadcasts both recover now.

    For operators

    • Fresh Ansible deployments point at the current Blurt nodes. The Ansible
      deployment defaults pinned the indexer to a Blurt RPC node that has since been
      decommissioned (and the egress firewall opened only that node), so a brand-new
      Ansible install could come up unable to reach a working node. The defaults now
      use the current canonical set of six Blurt RPC endpoints, and the egress
      allowlist matches. If you deployed via Ansible and chose your own endpoints,
      nothing changes for you. (Installs created by morphit-ops init were never
      affected — they already used the canonical set.)

    Under the hood

    • More regression guards. New automated checks pin both fixes so a future
      change can't quietly undo them: the RPC pool's "try another node" logic is
      tested against the full origin-unreachable status range (including the exact
      error a relay saw in the field), and the canonical-endpoint guard — which keeps
      every copy of the node list in sync — now also covers the Ansible deployment
      defaults, the one place the list had been allowed to drift.
    Downloads
  • v1.0.0-beta.26 9ad3529127

    Morphit v1.0.0-beta.26
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 40s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 31s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 13s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 22m23s
    morphit-release / Build + publish release tarball (push) Successful in 24m23s
    Stable

    agorise released this 2026-06-22 23:33:03 +00:00 | 64 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A reliability release, with one fix that matters more than all the others: new
    account creation works again. On the way to launch we discovered that the Blurt
    library Morphit relies on couldn't sign the two operations behind account
    sign-ups and the relay's automatic token top-up, so a relay with plenty of funds
    could still turn people away with a misleading "temporarily out of funds"
    message. That's fixed. Alongside it: the "a new version is ready" prompt now
    appears on desktop, not just mobile; the node-health screen shows your
    account-creation-token buffer at a glance; the block explorer's account page got
    a thorough polish; and a handful of smaller display bugs are closed.

    For operators: morphit-ops upgrade handles this release the usual way — it runs
    npm ci and rebuilds the web frontend, the command-line tools, and the MCP
    server for you. Like the last few betas, this release changes no third-party
    dependencies
    , so there's no special install step beyond the upgrade tool. After
    upgrading, your relay will top its account-creation-token buffer back up on its
    own; you can watch it on the node-health screen (option 13 in morphit-ops).

    New

    • Node health shows the auto-minter. The node-health screen now reports your
      relay's automatic account-creation-token (ACT) minter right next to version and
      uptime: a green "✓ N ACT's ready" with the buffer it tops up to, or a red
      "Disabled" if you've turned it off. It's on by default for every instance, so a
      relay keeps itself stocked to create accounts without you having to think about
      it.
    • The block explorer shows an account's four public keys. The account page now
      lists Owner, Active, Posting, and Memo public keys, instead of just the posting
      key — the full picture for anyone inspecting an account on-chain.
    • Reachability addresses are clickable. On the public instances directory, an
      instance's Tor, Lokinet, I2P, and Nostr addresses are now links you can open
      directly, rather than text you had to copy out of a tooltip.

    Fixed

    • New account sign-ups work again — and the relay restocks itself. The two
      on-chain operations behind creating an account and minting account-creation
      tokens couldn't be signed by the bundled Blurt library, which is why some
      instances showed "our registration service is temporarily out of funds" even
      with a healthy balance. Both operations now sign correctly, so sign-ups go
      through and the relay refills its token buffer automatically.
    • The "update ready" prompt now appears on desktop. Previously the prompt to
      load a freshly deployed version reliably showed up on mobile but often never
      appeared on a desktop browser, which would quietly pick up the new version on
      its own. The desktop prompt now appears the way it should, so loading an update
      is your choice on every device.
    • The footer remembers your instance's name. An over-eager cache could revert
      the operator's instance name in the footer back to the default until a hard
      reload; it now stays correct after a normal page load.
    • The order book's interest rate reads correctly. A display bug overstated the
      live BLURT annual rate by roughly five times on one surface; it now matches the
      real, on-chain-derived figure (the rate is always computed live, never
      hard-coded).
    • "Load older operations" no longer stalls near the start of history. On the
      explorer's account page, paging further back used to silently fail once you got
      close to the beginning of an account's history; it now loads the remaining
      operations correctly, with a clear loading indicator.
    • Explorer account links resolve. Transaction and block links on the account
      page no longer lead to a not-found page.
    • Two smaller display bugs. A profile picture that could differ between
      surfaces now derives from one consistent source, and a private account card no
      longer briefly appears for signed-out visitors.

    Improved

    • An accurate voting-power reading. The account's voting-power percentage now
      accounts for delegation (power received and delegated away), so heavy delegators
      see a correct figure rather than an understated one. For an account with no
      delegation, nothing changes. The label across the app is now simply "Voting,"
      and the accompanying hint drops an old, inaccurate description of how the chain
      charges for actions.
    • Clearer wording while signing in and setting up keys. Several small pieces of
      on-screen text on the login, avatar, and key-import screens were reworded for
      clarity, the key-import field now caps overly long input, and a private-key field
      shows a clearer icon.
    • A friendlier "leave this page?" warning. The prompt shown if you try to
      navigate away while choosing a username is now plainer, and the page previews
      your chosen "@name" on the claim button as you type.

    Under the hood

    • More regression guards. New automated checks pin the behaviors above — the
      account-creation-token serializers (proven byte-for-byte against the reference
      library), the node-health auto-minter line, the desktop update prompt, and the
      cache rules that keep the update surface fresh — so a future change can't quietly
      undo them.
    • The full project test suite runs clean again. Two service components that
      carry their checks as standalone smoke tests rather than unit tests were causing
      the repo-wide npm test to report a false failure; the command is green end to
      end again.
    • A repo-wide audit pass. A full security and code audit — including hostile-
      input checks on every on-chain operation handler, a sweep for dead database
      fields, stale references, and resource leaks, and complete persona walkthroughs
      across the app, the operator tools, and the read-only agent interface — found the
      tree in good shape, with the fixes above applied.
    • Translation upkeep. Every new or reworded piece of on-screen text ships in
      all ten languages.
    Downloads
  • v1.0.0-beta.25 61fc71d3c1

    Morphit v1.0.0-beta.25
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 41s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 32s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 14s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 17m28s
    morphit-release / Build + publish release tarball (push) Successful in 17m54s
    Stable

    agorise released this 2026-06-22 02:57:16 +00:00 | 66 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A trust, transparency, and launch-readiness release. The headline for operators
    is that the project's treasury addresses (BLURT, BTC, and XMR) are now baked into
    the software itself as a single source of truth — and the public instances
    directory flags any instance whose on-chain treasury doesn't match them, so a
    look-alike can't quietly redirect fees. Operators can also set their instance's
    display name and branding on the directory card. For everyone else: signing out
    now signs you out everywhere, the FAQ search is more precise, and a couple of
    small interface bugs are closed. Under the hood, the on-chain release machinery
    that the public launch depends on was completed and hardened.

    For operators: morphit-ops upgrade handles this release the usual way — it runs
    npm ci and rebuilds the web frontend, the command-line tools, and the MCP
    server for you. Like beta.24, this release changes no third-party
    dependencies
    , so there's no special install step beyond the upgrade tool.

    New

    • The project treasury is part of the software now. The canonical BLURT, BTC,
      and XMR treasury addresses are baked into the code as the single source of
      truth, rather than something each piece configures separately. Fee routing and
      every on-chain treasury check derive from that one place, which removes a whole
      class of "which address is right?" mistakes.
    • The directory flags treasury mismatches. On the public instances page, an
      instance whose on-chain treasury address doesn't match the canonical project
      treasury now carries a clear mismatch indicator — a trust signal that makes a
      fee-redirecting look-alike visible at a glance.
    • Name and brand your instance. Operators can set their instance's display
      name and branding for its directory card through morphit-ops, so your node
      shows up the way you want it to.

    Fixed

    • Sign out means sign out — everywhere. Signing out from any control,
      including the avatar menu, now clears your session across the whole app
      consistently, instead of leaving some surfaces still showing you as signed in.
    • Your instance's directory name actually updates. A bug kept an operator's
      chosen instance name from changing on the directory card; it now reflects what
      you set.
    • The asset picker on the order book closes properly. Selecting an asset no
      longer leaves the picker stuck open.

    Improved

    • Sharper FAQ search. Search now accepts ordinary straight quotes (not just
      curly ones) for exact-phrase matching, waits for a few characters before it
      starts matching so a single keystroke doesn't flood the results, and subtly
      highlights the matched terms so you can see why a result came up.
    • A foolproof path to the on-chain release. The release ceremony now has
      proper tooling: a laptop-only helper signs and broadcasts the on-chain release
      record with the signing key entered at a masked prompt (never stored, never
      logged), and previews exactly what it will send before asking for the key. The
      release bundle's integrity manifest now generates in the exact format the
      on-chain record and the in-browser verifier expect.
    • Clearer launch documentation. The operator launch runbook was de-duplicated
      and reconciled into one canonical sequence, so there's a single, unambiguous
      set of steps to follow at go-live.

    Under the hood

    • The on-chain release pipeline works end to end. The chain of build → integrity
      manifest → signed release record was completed and proven end to end, and is now
      pinned by automated checks so it can't drift back out of shape. This is the
      groundwork the public launch (which will let any visitor's browser verify the
      running site hasn't been tampered with) is built on.
    • Leaner chat bundle. A type-only import was corrected so a byte-handling
      polyfill no longer rides along into a chat code chunk it never needed.
    • More regression guards. New automated checks pin the behaviors above — the
      treasury single-source-of-truth, the release-manifest format, and more — so a
      future change can't quietly undo them.
    • Translation upkeep. Every new or reworded piece of on-screen text ships in
      all ten languages.
    Downloads
  • v1.0.0-beta.24 be90400a42

    Morphit v1.0.0-beta.24
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 40s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 31s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 14s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 16m57s
    morphit-release / Build + publish release tarball (push) Successful in 17m47s
    Stable

    agorise released this 2026-06-21 05:15:04 +00:00 | 67 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A reliability, self-healing, and polish release. The headline for operators is
    that your instance now keeps its own account-creation buffer topped up by
    itself — so new sign-ups stop failing silently when that buffer runs dry — and
    it alerts you the moment account creation is actually being refused. For
    everyone else: a sign-in bug that wrongly rejected a valid account is fixed, a
    couple of subtle key- and order-handling issues are closed, the FAQ comparisons
    are refreshed, and a long tail of smaller annoyances is tidied up.

    For operators: morphit-ops upgrade handles this release the usual way — it runs
    npm ci and rebuilds the web frontend, the command-line tools, and the MCP
    server for you. Unlike beta.23, this release changes no third-party
    dependencies
    , so there's no special install step beyond what the upgrade tool
    already does. If you haven't already, this is a good moment to set your alert
    address (morphit-ops → Matrix alerts) so the new account-creation alerts
    actually reach you.

    New

    • Your instance keeps itself able to create accounts. Creating a new account
      consumes a pre-minted "account token" the relay holds in a small buffer; when
      that buffer empties, sign-ups fail — regardless of how much BLURT the relay is
      holding. The relay now refills that buffer on its own, in the background,
      spending only above a reserve you set, so you no longer have to top it up by
      hand. This is on by default; set the auto-mint switch to off if you'd rather
      manage it yourself.
    • An alert the moment sign-ups are actually being refused. Previously, if the
      account-creation buffer ran dry, new users just hit a failure and you got no
      warning (the only balance alert watched BLURT, which could be plentiful while
      the buffer was empty). There's now a CRITICAL alert that fires exactly when the
      buffer falls to the point where sign-ups are being rejected — and clears itself
      when it recovers — so a silent sign-up outage can't go unnoticed.
    • Exact-phrase FAQ search. Wrap a search in quotes ("…") to match that exact
      phrase instead of the individual words.

    Fixed

    • Sign-in no longer wrongly rejects a valid account. Importing or signing in
      could report a perfectly valid account as "invalid" because the account-lookup
      request was being built with a doubled slash in the URL that the server then
      refused. The address is now always built correctly, so a real account is found.
    • The right key, every time. On the key panel, the short fingerprint shown on
      screen could differ from the full key the Copy button actually gave you. It now
      shows a shortened form of the same value you copy.
    • No accidental duplicate orders. If you navigated away while an order was
      mid-broadcast — unsure whether it had landed — and then posted again, you could
      create a second, duplicate order on-chain (each attempt gets its own random
      identifier). Navigation is now held while an order is being broadcast, the same
      protection the account-creation step already had.
    • "Register when you're ready" actually points somewhere. A sign-up message
      used to tell people to "register from Settings," but Settings has no
      account-creation step — only on-chain name verification. The wording now points
      at the real path (the register prompt on the order book), in all ten languages.
    • Operator console fixes. The morphit-ops status dashboard no longer dead-ends
      with "No database URL configured" when you run it from outside the install
      directory, and the menu's colored markers (including the bright "update
      available" flag) render in color again.
    • Quieter console behind the beta gate. A harmless-but-noisy manifest 401
      during the beta's password gate is resolved.
    • Smaller fixes. Clicking the logo (and a couple of other spots) no longer
      drops your in-memory session; a fresh page no longer loads with its top heading
      tucked under the sticky header; and a "you're about to switch accounts" prompt
      prevents a stale-session mix-up on the sign-in page.

    Improved

    • The FAQ comparisons are current. The "how is Morphit different from …"
      articles were reorganized and brought up to date — including the recent
      real-world events that make the case (a major Bisq/Haveno-class exploit and the
      shutdown of a long-running competitor) — across all ten languages.
    • One wordmark, loaded once. The header, hero, and footer logo are now the
      exact same asset, fetched a single time and cached, instead of being requested
      repeatedly.
    • Glossary and copy. The glossary intro, the "BLURT Power" entry, and a number
      of labels and descriptions were tightened, with every change shipped in all ten
      languages.

    Under the hood

    • Self-healing by default. The account-token refill loop is bounded (it never
      spends below your reserve, mints only toward a target, and caps how much it does
      per cycle) and logs what it does, so the relay can keep itself healthy without
      surprising you.
    • More regression guards. New automated checks pin the behaviors above — the
      duplicate-order guard, the corrected sign-in lookup, a documentation-vs-code
      check that catches an operator example naming a setting the software doesn't
      read, and more — so a future change can't quietly undo them.
    • A deep, repo-wide audit pass. A multi-session review swept every workspace
      for drift, dead code, hostile-input handling, privacy leaks, and documentation
      accuracy; the findings it surfaced are the fixes above.
    • Translation upkeep. Every new or reworded piece of on-screen text ships in
      all ten languages.
    Downloads
  • v1.0.0-beta.23 6ff183e4f4

    Morphit v1.0.0-beta.23
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 40s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 30s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 13s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 16m59s
    morphit-release / Build + publish release tarball (push) Successful in 17m49s
    Stable

    agorise released this 2026-06-20 05:00:08 +00:00 | 68 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A privacy, reliability, and polish release. The headline is that your browser
    no longer talks to third-party Blurt nodes to do everyday things: reading your
    balance and history, browsing the block explorer, and confirming your key when
    you sign in all now go through the instance you're already using. That closes a
    quiet leak where outside servers could see your IP address and which account you
    were looking at. On top of that, the "a new version is available" prompt now
    shows up reliably, the QR sign-in code lasts its full five minutes, signing in
    checks your input more helpfully, the first-trade flow is clearer, and a long
    list of smaller annoyances are fixed.

    For operators: this release does require reinstalling dependencies — run
    npm install (or npm ci) as part of your deploy, because a dependency was
    updated since beta.22. If you run behind BunkerWeb and your instance was first
    deployed before the frontend config was switched to a bind-mount, do a one-time
    docker compose up -d frontend so the new no-cache rules for the update files
    take effect (a plain restart won't attach the new volume; fresh installs get it
    automatically). morphit-ops upgrade now also rebuilds the command-line tools
    and the MCP server, not just the web frontend.

    New

    • Your browser stops phoning third-party servers to read the chain. Looking
      at your balance, your transaction history, and the block explorer used to make
      your browser contact outside Blurt nodes directly — which meant those nodes
      could see your IP address and which account you were viewing. All of that now
      goes through the instance you're already on, so there's nothing new for an
      outside server to learn about you. It's also more reliable: reads no longer
      break just because one particular set of public nodes is down.
    • Signing in no longer leaks which account is yours. When you sign in or
      import a key, Morphit checks that your key matches your on-chain account. That
      check used to go straight to a third-party node, tying your IP to your account
      at the moment you logged in. It now goes through your instance instead. Your
      secret key still never leaves your device — only your public account name is
      ever looked up.
    • A "refresh now" button on the block explorer. An account's explorer page
      updates on its own, but slows down its checks when the page sits idle, so a
      brand-new transaction could take up to a minute to appear. There's now a
      refresh button that pulls the latest straight away, plus a small note so you
      know roughly how fresh what you're seeing is.

    Fixed

    • The logo no longer logs you out. Clicking the Morphit logo (and a couple of
      other spots) used to drop your in-memory session. Those now keep you signed in,
      the same way the rest of the site's links already did.
    • The "new version available" prompt now actually appears. On some setups a
      caching layer could keep serving the old app, so the prompt to reload into a
      fresh version never showed. The app now also checks the deployed version
      directly and offers the update even in that case.
    • The QR sign-in code lasts the full five minutes it promises. Pairing a
      phone by QR code could quietly expire after about a minute on some setups. It
      now stays valid for the whole five minutes.
    • Smaller fixes: a couple of explorer/account links that showed a placeholder
      and led nowhere now work; a mistyped "blurt.media" link that used to slip
      through is now caught.

    Improved

    • Signing in checks your input as you type. The account-name box re-checks
      when you edit it and turns red with a clear marker if the name can't exist or
      isn't found; the posting-key box flags an obviously-wrong key the moment you
      paste it; the confirm-password field tells you right away if it doesn't match.
      A connection problem never shows a false red — that isn't your fault.
    • The "how will you pay?" step is clearer. The payment section on a new
      listing was relabeled and tidied, the four payment categories now start
      collapsed so the page isn't a wall of options, and the currency you want paid
      in is now a searchable picker instead of a free-text box.
    • Your first trade is guided. Because a brand-new account needs a little
      BLURT before it can do anything else, your very first trade is set up as a buy
      of BLURT — explained on the page, with the listing fee waived — and is set to
      expire in seven days. After that first trade, everything is fully open as
      before.
    • A few helpful notes added. The instances page suggests bookmarking a few
      instances (and their privacy-network addresses) since the order book lives
      on-chain and is reachable through any of them; the privacy page now spells out
      plainly what Morphit does and doesn't collect; and the "back up my keys" page
      shows the right guidance when you signed in with only a posting key.
    • Small polish. Your avatar matches your public profile everywhere, the cards
      on your Orders page lift on hover and press on click, rows with a checkbox or
      radio button highlight on hover, and a number of labels and bits of wording
      were tightened.

    Under the hood

    • Privacy-first by construction. The chain reads and the sign-in key check
      now run server-side on the instance you're using, over its own vetted set of
      nodes, so no outside party sees your IP or your account during normal use. The
      parts that exist specifically to catch a misbehaving instance — verifying
      signatures, release authenticity, and a chat correspondent's key — deliberately
      still query the wider network directly, because routing those through a single
      instance would defeat their purpose.
    • A dependency was updated to pick up upstream security fixes, which is why
      this release needs npm install on deploy.
    • More regression guards, and translation upkeep. New automated checks pin
      the behaviors above so a future change can't quietly undo them, and every new
      or reworded piece of on-screen text ships in all ten languages.
    Downloads
  • v1.0.0-beta.22 b722356698

    Morphit v1.0.0-beta.22
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 41s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 32s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 14s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 17m51s
    morphit-release / Build + publish release tarball (push) Successful in 18m38s
    Stable

    agorise released this 2026-06-19 03:48:48 +00:00 | 69 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A sign-in, session, and polish release. The headline is that your session now
    follows you across browser tabs: open a Morphit link in a new tab — or reload
    one tab while others stay open — and you no longer have to sign in again, with no
    keys ever written to disk. And when you sign out, you now sign out of every open
    tab at once. On top of that, signing in got more helpful as you type, your avatar
    now matches your public profile everywhere, two broken account links are fixed,
    and a handful of smaller annoyances are cleaned up.

    For operators: there's nothing required beyond deploying this build. Everything
    in this release is on the visitor side — there are no configuration, service, or
    command changes since beta.21.

    New

    • Stay signed in across your open tabs. If you already have Morphit open and
      unlocked in one tab, opening a link in a new tab (or reloading another tab)
      picks up your session automatically — no second sign-in, not even a password
      prompt. Your keys are handed from tab to tab in memory only; they are never
      written to disk and they disappear the moment your last Morphit tab closes.
      This is separate from "Remember me," which remains the opt-in for surviving a
      full browser close.
    • Sign out everywhere at once. Signing out in one tab now also signs you out
      of every other open Morphit tab, so an explicit sign-out leaves no session
      lingering elsewhere. Closing a single tab, or letting a tab auto-lock after
      idling, does not sign out your other tabs — only an explicit Sign Out does.

    Fixed

    • Account links in the block explorer and your orders now work. A couple of
      links to an account's explorer page were showing a literal placeholder instead
      of the account name and led nowhere. Both now go to the right place.
    • No more phantom "Draft restored" message on a fresh New Post. Arriving at
      the New Post page from a prompt (for example the welcome flow, or a re-list)
      could later pop up a "draft restored" banner for a draft you never wrote.
      Pre-filled visits no longer save a stray draft, so the banner only appears for
      a draft you actually started.
    • "Back up my keys" handles posting-key sign-ins correctly. If you signed in
      with only a posting key, the page no longer offers a 12-word seed-phrase backup
      that doesn't apply to you; it shows the right note and keeps your encrypted
      keyfile backup.

    Improved

    • "Remember me on this device" now works however you sign in. Previously only
      a seed-phrase sign-in could be remembered; signing in with a JSON keyfile or a
      posting key is now offered the same choice. It stays unchecked by default, so
      nothing is saved to your device unless you ask for it.
    • Your avatar now matches your profile everywhere. The little identicon next
      to your name is now drawn from your account name consistently — so the avatar
      in the top-right menu matches the one on your public profile, in the order
      book, in chat, and everywhere else you appear.
    • The sign-in boxes check your input as you type. The account-name box
      re-checks whenever you edit it and turns red with a clear "invalid" marker if
      the name can't exist or isn't found on Blurt; the posting-key box flags an
      obviously-wrong key (wrong length or prefix) the moment you paste it. A
      connection problem never shows a false red — that isn't your fault.
    • Clearer wording in a few places. The welcome / first-trade card explains
      more plainly what your first trade gets you, and several labels and notes
      around saving links and keys were tightened. The "blurt.media" link box also
      now catches a mistyped address that used to slip through.
    • Small polish. The square cards on your Orders page lift on hover and press
      in on click like the rest of the site, and rows with a checkbox or radio button
      now show a subtle highlight when you hover them.

    Under the hood

    • Regression guards for the cross-tab session work. New automated checks pin
      the cross-tab sign-out so it propagates to sibling tabs, and — just as
      importantly — verify the safety rule that closing a tab or an idle auto-lock
      never signs you out of your other tabs. Closing this gap is what the release's
      cross-tab sign-out is about.
    • Regression guards for the sign-in validation. The new live checks on the
      account-name and posting-key boxes are pinned so a future edit can't quietly
      undo them.
    • Translation upkeep. Every new and reworded piece of on-screen text ships in
      all ten languages.
    Downloads