v0.2.6

Full Changelog: v0.2.5...v0.2.6

v0.2.5

Full Changelog: v0.2.4...v0.2.5

v0.2.4

Removed

• Unused Windows code-signing tooling — dropped the now-dead signed packaging scripts and the signing-environment verifier, since release builds are unsigned as of 0.2.3.

v0.2.3

Changed

• Windows installers are no longer code-signed — release builds now ship unsigned, consistent with the macOS builds. Windows SmartScreen may show an "unknown publisher" prompt on first install; in-app auto-update is unaffected (downloads remain HTTPS-fetched and sha512-verified against latest.yml).

v0.2.2

Fixed

• Windows auto-update no longer stalls after download — set win.verifyUpdateCodeSignature: false in the electron-builder config. With the self-signed certificate, Get-AuthenticodeSignature reports a non-Valid status (untrusted root), so electron-updater rejected the downloaded installer before reaching "Restart & install". Disabling the publisher-signature check lets the update install; downloads remain HTTPS-fetched and sha512-verified against latest.yml. Note: the currently-installed build still verifies, so one new build must be installed manually as a fresh bootstrap; releases after it update automatically.

v0.2.1

Fixed

• Welcome quick-connect username field visible — SSH quick connect on the main welcome screen now lays out the port and username fields in fixed/flexible columns so the username input no longer overflows out of view.

v0.2.0

Full Changelog: v0.1.9...v0.2.0

v0.1.9

Changed

• Dependency security updates — upgraded Electron, electron-builder, Vite, and better-sqlite3, then refreshed the pnpm lockfile. Added a pnpm override for PostCSS so pnpm audit --audit-level moderate reports no known vulnerabilities.
• UI build now type-checks React code — @hypershell/ui build runs tsc --noEmit before Vite, preventing renderer TypeScript regressions from passing CI/build gates.
• TypeScript dead-code checks enabled — root compiler config now enables noUnusedLocals and noUnusedParameters; unused imports, stale helpers, and test-only dead code were removed across desktop, session-core, db, and UI workspaces.

Fixed

• Renderer URL allowlist tightened — desktop renderer loading now allows only the exact packaged renderer file or the exact dev origin (http://127.0.0.1:5173), reducing preload API exposure risk.
• SFTP preload logging removed — sftpList no longer logs file names or raw response samples during normal operation or validation failures.
• Renderer type-safety regressions fixed — tmux detection, host import defaults, transfer event narrowing, terminal network state handling, tunnel store updates, host port-forward payloads, settings tests, and global app-version typing now pass strict UI type-checking.
• Terminal focus restored after tab and snippet actions — switching terminal tabs now refits and focuses the visible xterm instance, and sending a snippet returns focus to the active terminal session so pressing Enter submits to the terminal instead of the snippets panel.

v0.1.8

What's Changed

• fix(sftp): rewrite drag-out via SFTP stream + zip archival by @tomertec in #6

Full Changelog: v0.1.7...v0.1.8

v0.1.7

Full Changelog: v0.1.6...v0.1.7