• v1.0.0-beta.11 57c7ef73c8

    Morphit v1.0.0-beta.11
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 35s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 27s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 10s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 15m42s
    morphit-release / Build + publish release tarball (push) Successful in 16m33s
    Stable

    agorise released this 2026-06-10 23:06:04 +00:00 | 84 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A large operator-experience release. The morphit-ops command-line tool
    gains a guided BunkerWeb installer, an API-based indexer-health
    view
    that works without root or database access, a redesigned
    top-to-bottom setup menu
    , and broader OS recognition across the
    Debian/Ubuntu family — including hardened, lightweight servers like
    Kicksecure and popular derivatives like Linux Mint and Pop!_OS. It also
    ships the real fix for the post-beta.10 "frontend stale after
    upgrade" problem (now detected by the build-directory mount rather than a
    container name, so custom reverse-proxy stacks are handled too), plus a
    right-to-left display fix on the coin carousel. Recommended for every
    operator.

    Added

    • Guided BunkerWeb installer — morphit-ops bunkerweb. When the WAF
      isn't up yet and you're at an interactive terminal, the command now
      walks you through bringing up the canonical ops/bunkerweb/ stack:
      it confirms before each step, copies the shipped config into
      /etc/bunkerweb (never clobbering an existing one), prompts for and
      validates your domain (SERVER_NAME), guards against the missing-TLS-
      certificate crash-loop (pointing you at morphit-ops ssl first), then
      runs docker compose pull and docker compose up -d and re-verifies.
      Status checks (when the stack is already up, with --json, or
      non-interactively) remain read-only.

    • morphit-ops health — indexer health over HTTP. A new menu view
      that queries the running indexer's /v1/health endpoint and prints a
      one-line verdict — synced, behind (with the lag in blocks), or
      unreachable — plus the healthy/total RPC count. Because it talks
      HTTP rather than reading the database or config, it works as the
      unprivileged morphit user even when the full Status dashboard can't.
      Exit code is 0 synced, 1 behind, 2 unreachable — drops straight
      into a cron health-check.

    • Broader operating-system support. The setup pre-flight now
      green-lights the whole Debian/Ubuntu family as first-class: Ubuntu
      24.04/26.04 LTS and Debian 12+, plus popular derivatives recognized
      automatically from their base codename — Linux Mint, Pop!_OS, Zorin
      OS, KDE neon, elementary OS — and hardened-Debian distributions like
      Kicksecure, which make excellent lean, security-focused nodes. The
      pre-flight also gained PostgreSQL and Docker checks.

    Changed

    • Redesigned morphit-ops main menu. Reorganized into four
      lifecycle groups — Install & upgrade, Configure the instance,
      Secure the server, Check & operate — in a newbie-friendly
      top-to-bottom order, with plain-language blurbs and recommendations
      that state their tradeoffs. Three similarly-named commands (doctor /
      health / status) are now disambiguated by purpose.

    • "● update available" is now bright yellow in the menu, so a
      pending upgrade is easy to spot at a glance.

    Fixed

    • morphit-ops upgrade reliably republishes the web frontend on any
      Docker deployment.
      The upgrade now finds the frontend container by
      the apps/web/build bind-mount it carries — regardless of the
      container's name (morphit-frontend, bunkerweb-frontend-1, a
      hand-rolled stack, …) — and docker restarts it so it serves the
      freshly-built files. Earlier releases recreated a container matched by
      name through the example compose file, which missed custom or renamed
      stacks; mount-based detection handles them with no manual steps.

    • Coin carousel renders left-to-right in right-to-left locales. On
      the Farsi interface the asset carousel is now pinned to dir="ltr" so
      ticker symbols and prices read in the correct order.

    • Removed a dead, unused translation key left over from an earlier
      release.

    Notes for operators

    • Debian 12+ and Kicksecure are supported via the manual setup
      path (morphit-ops install), not the one-command Ansible playbook —
      the playbook targets the Ubuntu 24.04 "noble" family (Ubuntu 24.04,
      Mint 22, Pop!_OS, Zorin 17, KDE neon, elementary). See
      docs/RUN-A-MORPHIT-NODE.md §3.

    • If a custom BunkerWeb stack left your frontend stale after a previous
      upgrade, beta.11's morphit-ops upgrade detects and restarts your
      container automatically — no by-hand --force-recreate needed.


    Morphit is non-custodial and no-KYC. As always, verify the release
    signature against the published fingerprint before deploying.

    Downloads
  • v1.0.0-beta.10 94922e8c28

    Morphit v1.0.0-beta.10
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 34s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 27s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 10s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 15m14s
    morphit-release / Build + publish release tarball (push) Successful in 16m13s
    Stable

    agorise released this 2026-06-10 17:09:59 +00:00 | 86 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A focused operator-reliability release. It fixes a bug in morphit-ops upgrade that left the web frontend stale after an upgrade on BunkerWeb
    deployments
    — the backend would move to the new version while visitors
    kept loading the old build (and never saw the "Load it now" update
    prompt, because the old build was still being served). Recommended for
    every operator, especially anyone running the BunkerWeb WAF.

    If your site upgraded but still shows the previous version, this release
    is the fix — and you can confirm the stale state with
    curl -s https://<your-host>/_app/version.json (an unchanged build
    timestamp after an upgrade means the frontend wasn't rebuilt).

    Fixed

    • morphit-ops upgrade now always rebuilds and republishes the web
      frontend.
      Previously the rebuild step only ran when the bare-metal
      web root (/var/www/morphit-frontend) existed. On a BunkerWeb
      deployment — where the site is served by the frontend container from
      a different path, not /var/www — the upgrade silently skipped the
      rebuild, upgraded the backend, and reported success, leaving the
      container serving the old build. The web app is now rebuilt on every
      upgrade regardless of deployment style.

    • The upgrade now publishes the new build to the right place
      automatically.
      It detects how your site is served and acts
      accordingly: on bare-metal nginx it copies the build into your web
      root (as before); on BunkerWeb it recreates the frontend container so
      it picks up the freshly-built files (a running container otherwise
      keeps serving the pre-upgrade build). If neither is found — a
      non-standard setup — it leaves the rebuilt files on disk and tells you
      exactly where, instead of failing quietly.

    Notes for operators already on beta.9

    If you upgraded to beta.9 with morphit-ops upgrade on BunkerWeb and your
    frontend is stuck on the old version, you don't need to wait for this
    release to recover the current box — rebuild and recreate the container
    by hand:

    cd /opt/morphit/apps/web && npm run build
    docker compose -f /opt/morphit/ops/bunkerweb/docker-compose.yml up -d --force-recreate frontend
    

    (Node 22 is required for the build.) Once you're on beta.10, future
    upgrades do this for you.


    Morphit is non-custodial and no-KYC. As always, verify the release
    signature against the published fingerprint before deploying.

    Downloads
  • v1.0.0-beta.9 cb99b9acea

    Morphit v1.0.0-beta.9
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 35s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 27s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 10s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 15m24s
    morphit-release / Build + publish release tarball (push) Successful in 16m18s
    Stable

    agorise released this 2026-06-10 07:15:12 +00:00 | 87 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A security-hardening and correctness release on top of beta.8. Three
    operator-facing fixes lead it: the price-manipulation defenses are now
    fully active and visible on /v1/health; the Content-Security-Policy
    that was breaking in-browser crypto on some deploys is root-caused and
    fixed (and is now identical across every deploy path); and the
    production rate-limiting that could ban a busy instance for an hour is
    fixed. The rest is home/login polish, fresher FAQ and feed metadata, and
    a clean hostile-input audit of every indexer handler. Recommended for
    all operators — especially anyone who saw a blank/broken page behind a
    WAF, or whose instance was getting rate-limit-banned.

    Added

    • The price-manipulation defenses are now fully active and visible.
      Two of the three anti-manipulation detectors were built but not yet
      switched on: the slow-drift detector (catches a "frog in boiling
      water" attack that nudges the price a little each cycle) and the
      native-vs-external detector. Both are now wired alongside the existing
      cross-instance peer detector, and all three report their status in the
      /v1/health response so operators and monitors can see them working.

    • Feed readers now auto-discover all three formats. Every page that
      offers a feed advertises RSS 2.0, Atom, and JSON Feed in its
      autodiscovery tags (previously only RSS), so a reader finds whichever
      format it prefers without you pasting a URL.

    Changed

    • A correct, privacy-clean Content-Security-Policy on every deploy
      path.
      We root-caused why the CSP was sometimes blanking the site or
      breaking sign-in: it was being emitted as a <meta> tag that browsers
      can't fully enforce and that clobbered the working header. It is now a
      single real header, byte-identical across the nginx config, the
      operator docs, and the BunkerWeb path, and it keeps the QR-login camera
      working while dropping the external price API entirely for privacy. The
      Permissions-Policy is now a real header too. Operators who had been
      hand-editing the policy out should remove that workaround.

    • Production rate-limiting no longer bans busy instances. The WAF's
      per-IP limit on the API was tighter than a single page load, so a
      normal burst of requests could trip it, escalate to an hour-long IP
      ban, and then feed on its own error responses. The ceiling is raised to
      sit comfortably above the app's own fine-grained limiter, and a
      rate-limit burst can no longer escalate into a ban.

    • A lighter home page and a polished login. The "Welcome to your
      instance
      " banner is gone, the login heading now uses the brand
      gradient, and the wordmark's shine is slower and dimmer. The page shell
      shipped on every request is about a hundred lines lighter.

    • Fresher FAQ and machine-readable site description. The
      AI-crawler corpus that describes Morphit to assistants was out of date
      and is resynced (and now guarded against drifting again). The "follow
      Morphit with RSS" FAQ answer no longer implies that only three assets
      have feeds — every supported asset does.

    Fixed

    • The FAQ accordion opens reliably from a "related" link. Clicking a
      related-article pill at the bottom of an answer now scrolls to and
      opens
      the target article, instead of scrolling to a still-closed one.

    • The ops CLI no longer writes a placeholder tagline. Pressing Enter
      at the optional "Instance tagline" prompt during morphit-ops init
      used to save the literal text "A Morphit instance" to your config (and
      surface it on the homepage and in the federated directory). The prompt
      is now genuinely optional and writes nothing when left blank.

    • Source-repository labels corrected. The machine-readable site files
      now correctly identify the canonical source as the self-hosted Forgejo
      instance rather than a GitHub mirror.

    • Removed a duplicate database-schema definition. One table used by
      the price-drift defense was declared twice in the schema. It was
      harmless — the database created it once — but the duplicate is removed
      so the two copies can never drift apart.

    Under the hood

    • A complete hostile-input audit of all seventeen indexer message
      handlers came back clean, with one low-severity hardening fix: the
      forbidden-character policy that strips invisible/bidi control
      characters from user input had drifted slightly between handlers and is
      now converged (while deliberately keeping the right-to-left marks that
      the Farsi locale needs), with a new guard so the copies can't diverge
      again.

    • New regression guards were added: one keeps the AI-crawler corpus in
      sync with the source FAQ, and one keeps the Content-Security-Policy and
      Permissions-Policy byte-identical across all four deploy surfaces and
      rejects a weakened-but-consistent edit.


    Morphit is non-custodial and no-KYC. It never holds your keys and never
    takes custody of funds. As always, verify the release signature against
    the published fingerprint before deploying.

    Downloads
  • v1.0.0-beta.8 5af5363530

    Morphit v1.0.0-beta.8
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 35s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 27s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 10s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 15m8s
    morphit-release / Build + publish release tarball (push) Successful in 16m4s
    Stable

    agorise released this 2026-06-09 07:16:19 +00:00 | 90 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A front-end, feeds, and operator-tooling release on top of beta.7.
    Every orderbook feed now comes in three formats — RSS 2.0, Atom, and
    JSON Feed — so any reader works, and one click on the orange RSS pill
    copies the feed's URL in whichever format you prefer. The home page
    and orderbook get a round of polish, operators running Linux Mint can
    now provision a node, and the ops CLI restarts the affected services
    for you after a config change. Recommended for all operators.

    Added

    • Every feed now speaks three formats — RSS 2.0, Atom, and JSON
      Feed.
      The worldwide, per-asset, and per-trader orderbook feeds are
      each available as .xml (RSS 2.0), .atom (Atom 1.0), and .json
      (JSON Feed 1.1), all carrying identical order data — pick whichever
      your reader prefers. Click any orange RSS pill — in the site footer,
      beside a filtered orderbook, or on a trader's profile — to choose a
      format and copy its URL to your clipboard. The picker and its
      confirmation are translated into all ten languages. See the "Can I
      follow Morphit with RSS?" entry in the FAQ.

    • The ops CLI restarts the affected services after a change. After
      you edit your instance configuration or wire alternative-network
      (Tor / Lokinet / I2P) footer addresses, morphit-ops now offers to
      restart the affected services for you, so the change takes effect
      without having to remember the systemctl incantation. Declining
      leaves everything untouched.

    • Linux Mint is a supported node OS. The Ansible provisioning
      playbook now recognises Mint and other Ubuntu noble derivatives
      and provisions them correctly, rather than only bare Ubuntu. See
      RUN-A-MORPHIT-NODE.md.

    Changed

    • A more polished home page and orderbook. "Products" are now
      called "goods" throughout, the home-page hero copy is tightened,
      "global" is now "worldwide," the home-page cards share an even
      height, and the wordmark's entrance animation has been retired in
      favour of a subtle header shine. On the orderbook, the filter
      dropdowns close cleanly the moment you pick an option. Updated in
      all ten languages.

    • The create-order form is easier to follow. The asset, currency,
      and payment fields now show a green focus ring as you tab through
      them — matching the region and "I want to see" fields — and the
      region field types out real place names one character at a time as a
      gentle hint (and stays still if you've asked your system to reduce
      motion).

    • A refreshed batch of FAQ answers for clarity and accuracy,
      across all ten languages.

    Fixed

    • The per-trader feed link now points to the trader's profile. The
      "follow this trader" subscribe link advertised a homepage URL that
      no longer exists; the feed now links to the trader's /@handle page,
      the same canonical profile URL used everywhere else on the site.
    Downloads
  • v1.0.0-beta.7 dffd12b705

    Morphit v1.0.0-beta.7
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 32s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 24s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 9s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 13m33s
    morphit-release / Build + publish release tarball (push) Successful in 14m15s
    Stable

    agorise released this 2026-06-07 03:44:20 +00:00 | 92 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A front-end and operator-tooling release on top of beta.6, capped by
    a full pre-release security and quality audit. The orderbook is much
    easier to filter — search coins, currencies, and payment methods as
    you type, and narrow to barter (products & services) listings. Operators
    get a new control to enable or disable individual payment methods, a
    single-host deploy recipe that is now correct out of the box, and a
    moderation fix so a seller you've blocked can no longer sway the price
    your instance computes. This release is recommended for all operators.

    Added

    • A much richer orderbook filter row. The asset picker now shows
      each coin's icon and lets you pick "Barter (products & services)";
      the currency filter is a type-ahead that accepts one or more
      currencies by name or ISO code (and the indexer matches any of
      them); and the payment-method filter is a type-ahead too. All three
      behave like the FAQ search — type, pick, and your choices become
      removable chips. The currency list loads only when you tap the
      field, so it costs nothing for visitors who never use it.

    • Operators can enable or disable specific payment methods. A new
      MORPHIT_INDEXER_DISABLED_PAYMENT_METHODS setting (mirroring the
      existing disabled-assets control) lets you turn individual payment
      methods — including Barter — on or off for your instance. The setup
      wizard has a step for it, your /about-this-instance page shows
      your policy, and the admin setup-wizard page gives you a checklist
      with a copy-paste env line. An order is only rejected if every one
      of its payment methods is disabled; mixed orders are kept. Default:
      every method enabled. See the "Payment-method configuration" section
      of OPERATIONS.md and the "Payment methods" section of
      RUN-A-MORPHIT-NODE.md.

    Changed

    • Clearer, friendlier orderbook filter wording in all ten
      languages (for example "I want to see" / "Everything", "Highest
      rated users first", "Most experienced users first"), plus an
      animated example placeholder in the region field that cycles through
      real place names.

    • Buttons use the brand teal with legible white text. The primary
      button face was retuned to a deeper teal so white labels meet the
      WCAG AA contrast bar, while the vivid teal stays in the animated
      border and accents.

    • A wider, dismissable FAQ search. The search field is full-width
      on phones and centered on larger screens, dims the page behind it
      while open, and clears when you press Escape or tap outside.

    • A simpler, more honest Get-Morphit page. A no-KYC directory
      that isn't a code mirror was removed from the mirrors list, and the
      "update available" prompt now says, plainly, that reloading the page
      applies the update.

    • A bigger homepage wordmark, with all three logo dots visible and
      orbiting as intended.

    • Single-host nginx configs reconciled. ops/nginx/web.conf is now
      the colocated single-server config — it serves the site and proxies
      /v1/, /rss/, and /relay/ to the local indexer and relay — and
      the split-subdomain configs are clearly labeled optional/advanced. An
      operator who copies the shipped nginx files now gets a working
      single-host deploy. See RUN-A-MORPHIT-NODE.md §8 (Configure nginx).

    Fixed

    • Instance-local moderation now also covers your price feed. When
      you block an account, its listings were already hidden from your
      orderbook; now its orders are also dropped from the median behind
      your instance's own derived morphit_native / depeg price, so a
      blocked seller can no longer skew the price your instance computes
      from its orderbook. Blocking remains instance-local, reversible, and
      off-chain. See OPERATIONS.md §6a and RUN-A-MORPHIT-NODE.md §9.1.2.

    • The mobile language picker is no longer clipped, and the
      duplicate "Login / Register" link that showed on small screens has
      been removed (the avatar menu is the single sign-in entry point).

    • The security page no longer says "(in Phase 5)."

    Upgrading

    Use morphit-ops upgrade (or the Upgrade menu item). Your
    configuration, signing key, and per-network keys are carried forward
    automatically, and the services restart on the new code. There are no
    database migrations and no required configuration changes. If you want
    to disable any payment methods, set the optional
    MORPHIT_INDEXER_DISABLED_PAYMENT_METHODS (it defaults to all methods
    enabled). Most of this release is front-end, operator tooling, and
    documentation, but upgrading via a release is still the cleanest path.

    Downloads
  • v1.0.0-beta.6 fbfa61043f

    Morphit v1.0.0-beta.6
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 36s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 27s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 10s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 14m40s
    morphit-release / Build + publish release tarball (push) Successful in 15m31s
    Stable

    agorise released this 2026-06-06 04:31:10 +00:00 | 94 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A round of operator-quality-of-life and front-end polish on top of
    beta.5, driven by a real first install and a careful pre-release
    review. Operators get a clearer status dashboard (including proof
    their backups are running), a safer recovery command, and a
    single-host deploy recipe that actually works the first time.
    Visitors get a simpler "Get Morphit" page, a friendlier language
    picker, shared links that no longer 404, and a new FAQ explaining
    why Morphit's code is mirrored so widely. This release is
    recommended for all operators.

    Added

    • Status dashboard now shows your recent backups. morphit-ops status (menu item #10, "Status dashboard") ends with a Backups
      section listing your last three database backups — newest
      first, with each file's age and size — plus the backup directory
      and a reminder of how to copy a file off the host. It's the quick
      "are my backups actually happening?" check, and it gives you the
      exact path to download a backup or hand it to a developer if you
      ever need help. It's read-only and reads only the backup directory
      — never your database password or any keys. --json includes the
      same data. See OPERATIONS.md §31 and RUN-A-MORPHIT-NODE.md §10.

    • A "Why so many mirrors?" link on the Get Morphit page, and a FAQ
      answer to match.
      Morphit's source code is mirrored across many
      independent code hosts on purpose — decentralization is the second
      design priority, right behind privacy. A project that lives in one
      place can be taken down in one place, so the AGPL source lives on
      our own Forgejo server (the canonical copy), on GitHub, on more git
      hosts as they come online, and as a content-addressed copy on IPFS
      that no single host controls. If any one of them blocks or drops
      Morphit, every other copy is still there and anyone can re-host it.
      The new FAQ ("Why is Morphit's source mirrored to so many code
      hosts?") explains the reasoning, and you can verify any running
      instance against the SHA-256 hashes published on the Blurt chain.

    Changed

    • fast-forward is now a recovery-only command, with a guard. A
      normal install never needs it — the indexer starts at the Morphit
      genesis block and resumes from where it left off on every restart —
      so it's been moved out of the morphit-ops menu to keep it from
      becoming a footgun. It's still available directly when you need it
      for recovery, and it now refuses to run if your indexer looks
      live
      (its cursor was touched in the last ~90 seconds) unless you
      pass --force.

    • The morphit-ops menu now catches your eye when it matters. The
      "Upgrade to the latest version" line turns bold yellow when a newer
      release is available, and the "Status dashboard" line turns yellow
      or red when your relay balance is getting low — so you notice
      before it becomes a problem.

    • The "Get Morphit" page is simpler and accurate. Morphit installs
      as a Progressive Web App straight from your browser on Android,
      iPhone/iPad, and desktop — there is no APK, app-store listing, or
      native package, by design. The page now leads with that, and adds a
      "Source code & mirrors" section pointing at every place the code
      lives.

    • A friendlier language picker. With ten languages the selector
      used to run off the bottom of the screen; it's now a compact grid
      that fits any screen and scrolls if needed.

    Fixed

    • Shared links with the language prefix stripped no longer 404. A
      link like /faq?q=... (missing the /en/ prefix) now detects your
      browser's language and redirects to the right page, preserving the
      query and anchor, instead of showing an error.

    • A single-host (one server) deploy now works the first time. The
      documented nginx recipe now serves the prerendered site correctly
      (it was returning a 403 on locale pages) and routes the indexer and
      relay APIs to the right place (signup and the orderbook were
      failing). Live updates (the orderbook, chat, and instances streams)
      and the RSS feeds now route correctly on a single host too, and the
      OPERATIONS.md reference config plus the bundled BunkerWeb config
      are aligned with it. If you run the indexer, relay, and web app on
      one box, re-check RUN-A-MORPHIT-NODE.md §8 (and §24/§32 of
      OPERATIONS.md if you front it with BunkerWeb).

    • Deploys can no longer leave the app showing a blank page. The
      service worker now rebuilds redirected responses on navigations, so
      a page cached during a brief deploy-time redirect window can't break
      loading afterward. (If you ever hit a blank page mid-upgrade, a hard
      reload clears it.)

    • The "Create an account" link from the post page no longer 404s,
      and the comparison/settings input fields now match the dark theme.

    Upgrading

    Use morphit-ops upgrade (or the Upgrade menu item). Your
    configuration, signing key, and per-network keys are carried forward
    automatically, and the services restart on the new code. Most of this
    release is front-end and documentation, but upgrading via a release is
    still the cleanest path. There are no database migrations and no
    configuration changes required.

    Downloads
  • v1.0.0-beta.5 3a4d1af2ea

    Morphit v1.0.0-beta.5
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 36s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 28s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 10s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 14m54s
    morphit-release / Build + publish release tarball (push) Successful in 15m49s
    Stable

    agorise released this 2026-06-04 21:07:26 +00:00 | 98 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    Two operator-facing improvements on top of beta.4. First, your
    instance is now far more resilient to flaky Blurt RPC nodes — a
    single dead or rate-limited node no longer stalls your sync, and
    you can check your endpoints before you rely on them. Second, you
    can now moderate your own instance: review the abuse signals the
    indexer already collects and hide a troublesome account's listings
    — without touching the chain, anyone's funds, or any other
    instance. This release is recommended for all operators.

    Added

    • Instance-local moderation — review flags and block accounts.
      Morphit's indexer already watches for two abuse patterns: accounts
      that review each other suspiciously often (reciprocity rings) and
      accounts that look like the same person behind several names.
      beta.5 turns those signals into something you can act on. Run
      morphit-ops moderation (or pick Moderation from the
      morphit-ops menu) to review the flagged accounts and block any of
      them right there; you can also block or unblock any account by name
      with morphit-ops block <account> [reason] and morphit-ops unblock <account>.

      A block is instance-local. It hides that account's listings
      everywhere your instance shows them — the public orderbook, the
      per-account view, featured slots, the RSS feeds, and the live
      stream — and nothing more. It does not broadcast anything to
      the chain, does not touch anyone's funds, keys, or identity,
      and has no effect on any other Morphit instance. It is fully
      reversible. A blocked person signed in on your instance sees a
      clear, non-alarming banner explaining that their posts are hidden
      on this instance only and remain visible on every other Morphit
      instance, with a link to reach you — which is the whole point of a
      federation: no single instance can censor anyone across it. See
      OPERATIONS.md §6a and RUN-A-MORPHIT-NODE.md §9.1.2.

    • RPC endpoint health — checked before, and visible during, a run.
      morphit-ops doctor and the setup wizard (morphit-ops init) now
      test each Blurt RPC endpoint you have configured — a real chain
      query, not just a DNS lookup — and tell you in plain English
      whether they are all reachable, some are down, or all are dead,
      before you depend on them. (Pass --no-rpc to doctor to skip
      it.) And /v1/health now reports how many of your RPC endpoints are
      currently healthy, with full per-endpoint detail in the verbose
      view, so you can tell at a glance whether a sync problem is an RPC
      problem.

    • The morphit-ops menu now shows your version and pending flags.
      The menu lists your installed version next to Upgrade (and the
      latest available release, when it can reach the release server),
      and the number of unresolved moderation flags next to
      Moderation, so both are visible the moment you open the menu.

    Fixed

    • A single dead or rate-limited RPC node no longer stalls your
      instance.
      Two related fixes. The indexer now ships with the same
      built-in list of working Blurt RPC nodes the relay already had:
      previously the indexer required you to configure endpoints with no
      fallback, so a node set up with a list that later went dead — while
      the relay quietly ran on its own good defaults — could freeze the
      indexer's sync. Both services now fall back to the same vetted
      four-node list when the setting is absent, and the setup wizard
      writes that same list to both. Separately, an RPC node that is up
      but rate-limiting you (HTTP 429) or briefly erroring (502/503/504)
      is now treated as a reason to rotate to the next node and back off,
      instead of surfacing as a hard failure — so a throttling or flaky
      node is routed around automatically.

    • Quieter, clearer RPC logs. The noisy Didn't failover… lines
      the underlying Blurt library printed on every transport hiccup are
      now suppressed. Your real endpoint health is on /v1/health
      instead.

    Everything from beta.4 still applies

    beta.4 added morphit-ops doctor (a read-only "will my node start?"
    check) and fixed an indexer boot crash that happened when a Matrix
    room was set for operator alerts, plus two settings the setup
    wizard was not writing. See RELEASE-NOTES-v1.0.0-beta.4.md for
    details.

    Upgrading

    • If you installed cleanly from a recent release and your node runs,
      just npx morphit-ops upgrade to pick this up (it carries your
      config and keys forward). After upgrading, it is worth running
      morphit-ops doctor once — it now checks your RPC endpoints too.
    • No configuration change is required on your side. If you had
      manually copied RPC endpoints into MORPHIT_INDEXER_RPC_ENDPOINTS
      as a workaround, you can keep them or remove them — the indexer now
      has a safe built-in default either way.

    Verify the download

    sha256sum -c morphit-v1.0.0-beta.5.tar.gz.sha256
    

    Output must say OK before you extract.

    Status

    Pre-launch beta. Not yet recommended for production traffic. The
    canonical public instance is morphit.io. Community operators
    welcome — start at docs/start-here/.

    Downloads
  • v1.0.0-beta.4 ec6b1d5b29

    Morphit v1.0.0-beta.4
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 37s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 28s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 10s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 14m58s
    morphit-release / Build + publish release tarball (push) Successful in 15m56s
    Stable

    agorise released this 2026-06-03 06:05:32 +00:00 | 101 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    A small but important fix on top of beta.3: the indexer could fail
    to start on instances that set a Matrix room for operator
    alerts. If you are on beta.3 (or earlier) and your indexer starts
    fine, this release is still recommended but not urgent. If your
    indexer crashes at boot with ReferenceError: require is not defined, this release fixes it.

    Added

    • morphit-ops doctor — a read-only "will my node start?" check.
      Run it from your install directory and it tells you, in plain
      English, whether the indexer and relay will start with the config
      you have on disk — before you start them. It reports exactly
      what is wrong (a missing required setting, a value in the wrong
      file, a key-file permission) and how to fix it, and it changes
      nothing on your system. If your node won't boot, run morphit-ops doctor first. It also runs a short security check: it tells
      you whether your relay's active key is encrypted or stored in
      plaintext (and how to encrypt it), and flags any secret file that
      other users on the box can read. (This security check is
      operator-only — it is deliberately not exposed on the public
      health endpoint.)

    Fixed

    • Indexer crashed at startup when MORPHIT_INDEXER_OPERATOR_MATRIX_ROOM
      was set.
      The config code validated the Matrix room alias using a
      CommonJS require() call, which is undefined in the indexer's
      ES-module runtime — so boot failed with ReferenceError: require is not defined the moment a non-empty room value was present.
      Instances that left the room unset were unaffected, which is why
      it surfaced late. The validator now uses a normal module import.
      Added a startup regression test (and a repo-wide guard against
      this whole class of CommonJS-in-ESM bug) so it cannot recur.

    • Setup wizard never wrote two settings the indexer requires.
      An instance configured with morphit-ops init (rather than the
      Ansible playbook) was missing MORPHIT_INDEXER_PUBLIC_ORIGIN and
      MORPHIT_INDEXER_OFFICIAL_POSTING_PUBKEY, so the indexer refused
      to start with config validation failed: ... Required. The wizard
      now writes both — the public origin (the same one it already asks
      you for) and the official @morphit posting key (a fixed value,
      the same for every instance). If you set up via the wizard and your
      indexer won't start citing these, re-run npx morphit-ops init on
      this release, or add both to your morphit.env by hand (see
      ops/env/indexer.env.example).

    Everything from beta.3 still applies

    beta.3 fixed the setup wizard writing two settings into the wrong
    file (which stopped the indexer from booting with an "operator
    allowlist" error), added the guided morphit-ops install, the
    docs/start-here/ navigation hub, the migrate-to-release-track
    guide, and made morphit-ops upgrade discover pre-release-flagged
    releases. See RELEASE-NOTES-v1.0.0-beta.4.md for details.

    Upgrading

    • If you installed cleanly from the beta.3 release and your indexer
      runs, just npx morphit-ops upgrade to pick this up (it carries
      your config and keys forward).
    • If your beta.3 indexer crashed at boot with the require error,
      upgrade to this release and start it again — no config change
      needed on your side.

    Verify the download

    sha256sum -c morphit-v1.0.0-beta.4.tar.gz.sha256
    

    Output must say OK before you extract.

    Status

    Pre-launch beta. Not yet recommended for production traffic. The
    canonical public instance is morphit.io. Community operators
    welcome — start at docs/start-here/.

    Downloads
  • v1.0.0-beta.3 88a9b4393c

    Morphit v1.0.0-beta.3
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 36s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 27s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 10s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 13m48s
    morphit-release / Build + publish release tarball (push) Successful in 14m34s
    Stable

    agorise released this 2026-06-03 02:36:04 +00:00 | 106 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    Third public beta. This release is focused on install and upgrade
    reliability
    — fixing a setup bug that could stop a fresh node from
    starting, and making the install/upgrade experience smoother for
    operators of every skill level.

    If you are running beta.1 or beta.2, see Upgrading below — the
    path is slightly different this time because of the boot fix.

    Fixed

    • Setup wizard wrote two settings into the wrong file, which
      stopped the indexer from starting.
      morphit-ops init placed
      MORPHIT_RELAY_SIGNUP_DAILY_CEILING and
      MORPHIT_RELAY_TRUSTED_PROXY_IPS into morphit.config.env, which
      is restricted to a small allowlist of operator-tunable values. The
      indexer correctly refuses to boot when it finds non-allowlisted
      keys there, so a freshly-configured node failed to start with
      [operator-config] ... contains keys not in the operator allowlist. These two settings now go into morphit.env (matching
      the relay's environment, the env templates, and the Ansible role),
      where the relay reads them as intended. New installs are
      unaffected by the old behavior; existing operators who hit this,
      see Upgrading.

    Added

    • morphit-ops install — a guided first-time install. Checks
      prerequisites (Node, PostgreSQL, git), runs the setup wizard,
      offers server hardening, and offers to put morphit-ops on your
      PATH so you can drop the npx prefix. On a fresh Ubuntu box, the
      Ansible playbook in ops/ansible/ still does the OS-level install
      (Node/PostgreSQL/services); morphit-ops install is the
      interactive, learn-as-you-go path.

    • docs/start-here/ — a plain-language navigation hub. Tells you
      exactly which document to open for what you want to do (install,
      upgrade, fix a problem, change settings, launch). New operators
      should start there.

    • docs/MIGRATE-TO-RELEASE-TRACK.md — a one-time procedure for
      nodes that were installed with git clone and therefore can't use
      morphit-ops upgrade yet (they lack the release-info.json that
      ships inside release tarballs).

    • A throwaway-VM install validator at
      scripts/validate-fresh-install.sh for operators helping certify
      the install path.

    Improved

    • morphit-ops upgrade now finds the newest release even when it
      is flagged as a pre-release.
      Previously it only looked at the
      latest stable release, so during the all-beta period it could
      report "already on the latest" and never upgrade. It now prefers a
      stable release when one exists and otherwise falls back to the
      newest release of any kind.

    Upgrading from beta.1 / beta.2

    The boot fix changes what the setup wizard writes; it does not
    change what an already-installed node has on disk. So:

    • If your morphit.config.env contains
      MORPHIT_RELAY_SIGNUP_DAILY_CEILING or
      MORPHIT_RELAY_TRUSTED_PROXY_IPS
      (any node configured by the
      beta.1/beta.2 wizard will), the cleanest path is a fresh install
      of this release followed by re-running npx morphit-ops init,
      which writes correct config. Back up your relay key
      (apps/relay/keystore.json or .wif) and apps/relay/altnet/
      first; your PostgreSQL database and on-chain registration are not
      affected. Full steps: docs/MIGRATE-TO-RELEASE-TRACK.md.

    • Or, to keep your existing config, remove those two lines from
      morphit.config.env (the relay reads them from morphit.env
      instead) and restart. If they aren't already in morphit.env, add
      MORPHIT_RELAY_SIGNUP_DAILY_CEILING=50 (or your chosen value)
      there.

    • From this release onward, npx morphit-ops upgrade carries your
      config and keys forward automatically.

    Verify the download

    sha256sum -c morphit-v1.0.0-beta.3.tar.gz.sha256
    

    Output must say OK before you extract.

    Status

    Pre-launch beta. Not yet recommended for production traffic. The
    canonical public instance is morphit.io. Community operators
    welcome — start at docs/start-here/.

    Downloads
  • v1.0.0-beta.2 99f84580ea

    Morphit v1.0.0-beta.2
    All checks were successful
    morphit-ci / TypeScript typecheck (sweep all workspaces) (push) Successful in 37s
    morphit-ci / apps/web svelte-check (svelte-kit sync + svelte-aware tsc) (push) Successful in 28s
    morphit-ci / ansible-lint (playbook quality gate) (push) Successful in 10s
    morphit-ci / Smoke suite (run-smokes.sh, triple-pulse) (push) Successful in 14m2s
    morphit-release / Build + publish release tarball (push) Successful in 14m45s
    Stable

    agorise released this 2026-06-01 22:17:56 +00:00 | 110 commits to main since this release

    Signed by agorise
    GPG key ID: 53524E1F1017EB9C

    Second public beta of Morphit — a federated, non-custodial, no-KYC peer-to-peer
    marketplace for fiat ↔ BTC, XMR, BLURT, USDT, USDC, DAI, BCH, LTC, DASH, DOGE,
    ZEC, ARRR, DCR, SOL, ETH, and XRP trades.

    This release builds on v1.0.0-beta.1 and is focused almost entirely on the
    operator experience — the part beta-testing surfaced as the roughest. If
    you ran a beta.1 node, the headline is that running and maintaining your
    instance is now a guided, menu-driven experience, and upgrades safely preserve
    your configuration and signing key.

    Install

    See docs/RUN-A-MORPHIT-NODE.md for the friendly walkthrough.
    Plan two evenings: the first to set up the server and install
    things, the second to troubleshoot whatever didn't work the
    first time. Runs comfortably on a $5/mo VPS or a Raspberry Pi 4.

    For the day-zero procedure (the morning-of and first-24-hour
    operator runbook) see docs/LAUNCH-DAY.md.

    For ongoing day-1-through-day-7 monitoring see
    docs/POST-LAUNCH-WEEK-ONE.md.

    Upgrading from beta.1

    Use the built-in upgrader — docs/UPGRADING.md has the full procedure:

    sudo -u morphit npx morphit-ops upgrade
    

    It downloads this release, verifies the SHA-256, backs up your current
    install, swaps in the new code, carries your config and signing key
    forward automatically
    , reinstalls dependencies, and restarts your
    services — rolling everything back if any step fails.

    One-time note for this specific upgrade. morphit-ops upgrade runs
    the carry-forward using the code of the version you're upgrading from.
    beta.1 predates that feature, so on this first jump your config is not
    auto-carried — it is not lost, it's in the timestamped backup. Before
    upgrading, copy morphit.config.env, morphit.env, apps/relay/keystore.*,
    and apps/relay/altnet/ somewhere safe; after the upgrade, confirm they're
    present in your install dir and, if any are missing, copy them back from
    /opt/morphit.bak-<timestamp>/ and restart morphit-indexer and
    morphit-relay. From beta.2 onward every upgrade preserves them for you.

    Your on-chain operator registration is unaffected by any upgrade — it lives
    on the Blurt chain, not in your install.

    Verify the download

    sha256sum -c morphit-v1.0.0-beta.2.tar.gz.sha256
    

    For belt-and-braces, see docs/UPGRADING.md "Belt-and-braces verification"
    — it walks you through cloning the repo separately, running
    git tag -v v1.0.0-beta.2, and re-deriving the manifest from a
    clean checkout to compare against the tarball you downloaded.

    What's new since beta.1

    Everything below is shipped, smoke-tested, and source-verifiable against the
    tagged commit.

    One command to run your instance

    • morphit-ops now opens a menu. Run it with no arguments on a
      terminal and you get a grouped, plain-English menu — set up and
      change the instance, check on it (status, signups, abuse alerts,
      pending transfers, moderation flags), or manage keys and payment
      methods — so you pick an action by what you want to do instead of
      memorizing subcommand names. Every action is still runnable
      directly (e.g. morphit-ops status), and scripts/cron are
      unaffected: non-interactive runs print help exactly as before.
    • morphit-ops edit for ongoing changes. Change your RPC
      endpoints, description/SEO, origin, listing fees, or operator tag
      without re-running the full setup. It writes atomically, preserves
      permissions, and tells you exactly which services to restart.
    • Safe re-run of the setup wizard. Running morphit-ops init on
      an instance that's already configured no longer risks clobbering it
      — it warns you, then offers to edit a few settings (recommended),
      overwrite everything (with a confirmation and a backup), or cancel.

    A dedicated hardening wizard

    • morphit-ops harden (also "Harden this server" in the menu)
      walks you through securing the host: it generates a personalized
      hardening checklist
      with your domain and your reverse-proxy choice
      baked in — leading with the SSH-lockout safety rule — and can walk
      you through BunkerWeb, daily database backups, and the full
      Ubuntu / SSH / firewall / fail2ban / TLS checklist, or point you at
      the fully-automated Ansible path. Nothing here is Morphit-specific;
      it's the baseline every internet-facing server needs, sequenced for
      you with copy-paste commands.

    Setup wizard improvements

    • BunkerWeb step. The setup wizard now asks whether BunkerWeb (an
      open-source reverse-proxy WAF, shipped turnkey at ops/bunkerweb/)
      will front your instance, and wires the trusted-proxy setting for
      you when you say yes — so your relay sees real client IPs.
    • Hardening step. The wizard finishes by offering to generate the
      same personalized hardening checklist described above.
    • Matrix alerting is on by default. The optional Matrix incident
      bot is now presented as a recommended default with clear setup
      steps for its own credentials, rather than an easy-to-miss opt-in.
    • Clearer prompts throughout — the wizard greeting reflects the
      real number of steps, the optional steps are clearly skippable with
      safe defaults, and the prompts spell out where each value appears
      publicly.

    Clearer on-chain registration

    • Honest, accurate output from morphit-ops register. The success
      screen no longer prints a confusing "Block: undefined" (Blurt
      confirms asynchronously — there's no block number at broadcast time)
      and no longer leaks internal RPC retry noise when your node
      transparently fails over to a healthy endpoint.
    • Specific failure guidance. When a broadcast fails, the tool now
      tells you exactly why (reserved tag, taken tag, wrong key, low Mana,
      all endpoints unreachable, …) and what to do — and on a low-Mana
      failure it offers to retry in place once you've powered up, with no
      wizard re-run.
    • Key verification made concrete. Prompts that ask you to confirm
      your relay's key now name the "Active Auth" field and give you
      the exact explorer URL — https://blocks.blurtwallet.com/#/@<your-account>
      — to check it against. morphit-ops show-key uses the same
      guidance.
    • Re-registration reminder. If you change your origin or operator
      tag with morphit-ops edit, the tool reminds you to re-run
      morphit-ops register so the rest of the federation sees the change
      (those two values live in your on-chain record; other settings are
      local-only).

    Safer upgrades

    • Your config and keys survive upgrades. morphit-ops upgrade now
      explicitly carries morphit.config.env, morphit.env, your relay
      keystore, your alt-network keys, and your hardening checklist forward
      into each new release — with their permissions intact — so a release
      upgrade brings your instance back up exactly as it was, on the new
      code, with no re-configuration. (See the one-time note above for the
      beta.1 → beta.2 jump specifically.)
    • docs/UPGRADING.md corrected and expanded to document the
      carry-forward step and the exact files preserved.

    Documentation and accuracy

    • docs/RUN-A-MORPHIT-NODE.md gained a "Managing your instance
      later" section covering the menu, the hardening wizard, and the
      re-registration rule.
    • README and operator docs were swept for accuracy against the
      actual code (app and config inventory, the relay's key type, the
      reverse-proxy configs that actually ship, and more).

    Reach

    Morphit instances are reachable over the public web, Tor .onion
    hidden services, I2P .b32 addresses, Lokinet, and Nostr. The
    federation directory at /instances on any node shows the other
    known instances and their alt-network addresses.

    Reporting issues

    Bug reports: open a New Issue on Forgejo
    (git.agorise.net/agorise/morphit) — the bug-report template
    auto-loads with the fields needed.

    Security disclosures go to the operator's Matrix DM channel
    listed in §16 of the bug-report template (or in
    docs/SECURITY.md). Do NOT post security issues as public
    Forgejo issues or in the community Matrix room.

    Acknowledgements

    Built on Blurt for the chain layer. The audit campaign is
    publicly readable in this repo, and so are the design tradeoffs
    — we made arguable calls, especially around chat-crypto
    primitives, and the reasoning is in the ADRs for you to push
    back on.


    Tag: v1.0.0-beta.2
    Built by: Forgejo Actions from a signed annotated tag (see
    .forgejo/workflows/release.yml)
    License: AGPL-3.0-only

    Downloads