Releases: OpenCoven/coven
Release list
Coven v0.0.53
Install
npm install -g @opencoven/cli@0.0.53Published npm packages
@opencoven/cli@0.0.53@opencoven/cli-macos@0.0.53@opencoven/cli-linux-x64@0.0.53@opencoven/cli-windows@0.0.53
Changes
- Model selection documentation now reflects the actual CLI-login surface: Codex CLI and Claude Code.
- Multi-host daemon specs now describe host fingerprints and the active host heartbeat/state flow.
Release evidence
- Workflow: https://github.com/OpenCoven/coven/actions/runs/28724682553
- Tagged commit:
a36fc5cb76bbafe7a0fbef888b68f22ad56106f5 - Compare: v0.0.52...v0.0.53
Coven v0.0.52
Install
npm install -g @opencoven/cli@0.0.52Published npm packages
@opencoven/cli@0.0.52@opencoven/cli-macos@0.0.52@opencoven/cli-linux-x64@0.0.52@opencoven/cli-windows@0.0.52
Changes
- Travel mode daemon foundations:
/api/v1/travel/profiles,/api/v1/travel/deltas, and/api/v1/travel/state. - Multi-host scheduler recovery routes: persisted decisions, redispatch state, and loop recovery endpoints.
- Release gate fix for repo-relative OpenCoven paths in the secret guard.
Release evidence
- Workflow: https://github.com/OpenCoven/coven/actions/runs/28708185412
- Tagged commit:
ef4cb873bda84c6d42c09f6f05c230ca3419d84a - Compare: v0.0.50...v0.0.52
Note: v0.0.51 was superseded by this patch-bumped recovery release after its release gate failed before npm publish.
Coven v0.0.50
What's Changed
- fix(release): skip already-published npm packages so reruns are safe by @BunsDev in #260
- chore: drop @opencoven/coven wrapper from release + docs by @BunsDev in #261
- Redesign Coven landing page by @BunsDev in #262
- feat: add eval loop control plane by @BunsDev in #263
- chore(deps): bump uuid from 1.23.3 to 1.23.4 by @dependabot[bot] in #272
- chore(deps): bump anyhow from 1.0.102 to 1.0.103 by @dependabot[bot] in #273
- feat(channels): add @opencoven/channels package (Discord + Telegram adapters) by @BunsDev in #274
- chore(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /packages/channels by @dependabot[bot] in #275
- chore(deps-dev): bump @types/node from 24.13.2 to 26.0.1 in /packages/channels by @dependabot[bot] in #276
- fix(cli): treat event search input as literal FTS by @BunsDev in #277
- Sanitize Windows harness prompt arguments by @BunsDev in #279
- fix: pin dependabot/fetch-metadata action to immutable SHA by @BunsDev in #280
- fix(ci): restrict Dependabot auto-merge to security alerts by @BunsDev in #281
- fix(cli): validate trusted adapter manifests by @BunsDev in #282
- release: fail on pre-existing npm package versions by @BunsDev in #283
- chore(skills): migrate OpenClaw skills into Coven by @BunsDev in #284
- docs: announce Independence Day PR event by @BunsDev in #285
- Wrap Windows cmd-shim arguments to prevent .cmd reparse injection by @BunsDev in #287
- Wrap Windows cmd-shim arguments to prevent .cmd reparse injection by @BunsDev in #288
- docs: plan single coven distribution by @BunsDev in #278
Full Changelog: v0.0.49...v0.0.50
Coven v0.0.48
What's Changed
- Added
coven run --thinkand--speed fast|balanced|thoroughas launch hints alongside--model. Claude launches map the hints to--effort; unsupported harnesses warn and continue. See issue #246 and PR #254. - Made
events_ftsbackfill resilient for large histories: bounded batches, completion tracking instore_meta, non-fatalSQLITE_BUSYhandling, and read-only connectionbusy_timeout. This prevents search-index backfill from blocking agent dispatch. See issue #249 and PR #254. - Updated CLI docs, Windows install guidance, and release notes for the new run flags and Windows package status.
Install
npm install -g @opencoven/cli@0.0.48
coven --versionPublished npm packages:
@opencoven/cli@0.0.48@opencoven/cli-macos@0.0.48@opencoven/cli-linux-x64@0.0.48@opencoven/cli-windows@0.0.48
Release Assets
This release includes native CLI binaries from the successful tag workflow:
coven-v0.0.48-macos-aarch64.tar.gzcoven-v0.0.48-linux-x64.tar.gzcoven-v0.0.48-windows-x64.zipSHA256SUMS
Verification
- Signed annotated tag:
v0.0.48 - Commit:
2dc3c804e17af61c339b684fc1568dfe5ff24745 - GitHub Actions release workflow succeeded: https://github.com/OpenCoven/coven/actions/runs/28126538933
- Published npm versions verified at
0.0.48for the wrapper and all three platform packages. - Local release-doc worktree baseline:
cargo test -p coven-clipassed.
Full changelog: v0.0.47...v0.0.48
Coven v0.0.42
What's Changed
- PowerShell-native
coven-codeinstall guidance for Windows users. When the interactive Coven UI needscoven-code, Windows now shows the npm install path, theinstall.ps1installer, and PowerShell-compatibleCOVEN_LEGACY_TUIfallback syntax instead of Unixcurl | bashcommands. - macOS and Linux guidance still points to the existing
install.sh | bashpath. - Release notes were updated in the docs changelog under the week of June 18, 2026.
Install
npm install -g @opencoven/cli@0.0.42
coven --versionPublished npm packages:
@opencoven/cli@0.0.42@opencoven/cli-macos@0.0.42@opencoven/cli-linux-x64@0.0.42@opencoven/cli-windows@0.0.42
Release Assets
This release includes native CLI binaries from the successful tag workflow:
coven-v0.0.42-macos-aarch64.tar.gzcoven-v0.0.42-linux-x64.tar.gzcoven-v0.0.42-windows-x64.zipSHA256SUMS
Verification
- Signed annotated tag:
v0.0.42 - Commit:
2c92d0703530ebcc7eaa3376301de40597e5f72a - GitHub Actions release workflow succeeded: https://github.com/OpenCoven/coven/actions/runs/27806743142
- Local pre-publish smoke passed before publish: release secret guard, publish unit tests, npm dry-run, temp install,
coven --version,coven doctor, andcoven --help.
Full changelog: v0.0.41...v0.0.42
Coven v0.0.40
What's Changed
Features:
e0642d8feat(cli): forwardcoven run --modelto harness model flagscb20190feat(cli): surface configured familiars incoven doctor3fed3d6feat: familiar avatars final — all 7 from Val reference images0577c80feat: higgsfield skill v2 — full kit absorbed + SKILL.md rewritten7a34e29feat: add higgsfield skill — runtime-portable image generationb44529adocs(familiars): add familiar identity model spec, plan, and public docs (#221)a842db7feat: update Cody avatar to final locked form (2026-06-17)
Fixes:
8fa0891fix(harness): keep Claude permissions enabled by default (#216)d8cb938fix(windows): fail closed on pipe ACL hardening (#217)23dbdacfix: require explicit harness adapter manifests (#218)0e61a3efix(cli): fail closed when packaged binary is missing (#219)d412b9bfix(coven-cli): confine prompt path expansion to workspace (#220)dd30c97Fix Windows harness launcher resolution277a851fix(docs): drop gray-matter for js-yaml 4.2.0 (GHSA-h67p-54hq-rp68)52b8084fix(coven-memory): hex-encode SHA-256 digest for sha2 0.11ecd41b0fix(ci): restore rust checks across platforms (#233)e8f5c61fix(ci): gate Dependabot auto-merge on patch/minor + bump fetch-metadata v36173082fix(daemon): stop the socket-takeover orphan storm + EINVAL connection drops (#242)
Chores/Deps:
- Multiple Dependabot bumps (uuid, rusqlite, turbovec, regex, ratatui, chrono, sha2, fastembed, windows-sys, dompurify, vitest, markdown-it, actions/checkout)
6eb4cb1chore(docs): remove dead Mintlify-compat site builder (#232)42443f4ci: auto-merge Dependabot security update PRs
Install
npm install -g @opencoven/cli@0.0.40Or upgrade:
npm install -g @opencoven/cli@latestSupported platforms: macOS arm64, Linux x64 (glibc), Windows x64.
Coven v0.0.39
What's Changed
65e0e96fix(harness): bypass permission prompts for claude sessions (#214)1ccfa4efix(daemon): pre-trust cwd for interactive claude sessions (#215)
Install
npm install -g @opencoven/cli@0.0.39Or upgrade:
npm install -g @opencoven/cli@latestSupported platforms: macOS arm64, Linux x64 (glibc), Windows x64.
Coven v0.0.38
What's Changed
ab6b7f8fix: restore capabilities scans and windows CI (#211) thanks @BunsDevea22a0ddocs: add Coven workflow standard (#212) thanks @BunsDev403bae2fix(run): resume claude sessions with --resume instead of --session-id (#213)
Install
npm install -g @opencoven/cli@0.0.38Or upgrade:
npm install -g @opencoven/cli@latestSupported platforms: macOS arm64, Linux x64 (glibc), Windows x64.
Coven v0.0.37
What's Changed
b62c330/0f11a1eperf: index-backed get_session / index get_session lookup (#198, #199)abc8ecbfix: SQLite WAL mode + 5s busy_timeout at connection open (#200)e24ed27ci: add windows-latest matrix leg to Rust checks job (#201)b789137fix: euid/ownership fail-closed on client-side socket connect (#202)59d5884fix(windows): cmd.exe metacharacter hardening for harness argv (#203)c1d3cc7fix(windows): owner-only DACL on named pipe via SetNamedSecurityInfoW (#204)5087c65feat(windows): daemon lifecycle — start/stop/status via Windows process APIs (#205)5a8af5afeat(windows): Job Object kill for stream-mode child process tree (#206)8eb998echore: enable cargo-deny license gate (#208)78810a2feat: branch-triage GH Action + weekly workflow (#209)
Install
npm install -g @opencoven/cli@0.0.37Or upgrade:
npm install -g @opencoven/cli@latestSupported platforms: macOS arm64, Linux x64 (glibc), Windows x64.
Coven v0.0.36
What's Changed
- fix(daemon): isolate per-connection errors + clean socket on exit (#197, f4554d8). A single malformed local HTTP request to the Unix-domain API socket no longer brings down the entire daemon.
serve_foreverpreviously used?onserve_next_connection, so any client parse error propagated out of the accept loop, exited the process, and left~/.coven/coven.sockorphaned. The Unix path now mirrors the TCP path's log-and-continue policy. - Daemon-lifetime cleanup hardening. A
ShutdownGuardDrop impl removescoven.sockanddaemon.jsonon every unwind path (normal return, propagatedErr, panic). SIGTERM / SIGINT / SIGHUP install an async-signal-safe handler (unlink(2)+_exit(2)only). A panic hook appends panic info + backtrace to~/.coven/daemon-recovery.logand removes both files. A startup breadcrumb is now logged so post-mortems can reason about daemon lifetime.
Install
npm install -g @opencoven/cli@0.0.36Or upgrade an existing install:
npm install -g @opencoven/cli@latestSupported platforms: macOS arm64, Linux x64 (glibc), Windows x64.
Verification
- Release workflow run
27160632141passed: signed-tag verification, release gates (cargo fmt + clippy + workspace test + secret scan), macOS / Linux / Windows release builds, npm dry-run, and OIDC npm publish — 7/7 jobs green in ~13m. - Tag
v0.0.36is an annotated SSH-signed tag pointing atf4554d8onorigin/main; signature verified againstNPM_RELEASE_ALLOWED_SIGNERS. - Live registry confirms
@opencoven/cli,@opencoven/cli-macos,@opencoven/cli-linux-x64, and@opencoven/cli-windowsall published at0.0.36. - Post-publish smoke against a fresh install:
coven --version→0.0.36; the daemon survives 3 distinct malformed local requests without crashing;coven daemon stopcleanly removes bothcoven.sockanddaemon.json.
Regression Test
unix_serve_loop_isolates_per_connection_errors (in crates/coven-cli/src/daemon.rs) sends a malformed request followed by a valid one and asserts the daemon stays bound and responsive. 44 daemon tests pass; cargo check --workspace + clippy -- -D warnings + fmt --check all clean.