- Updated generate-appcast.sh with prominent warnings about using -f flag
- Added critical warnings to release documentation (RELEASE.md and release-guide.md)
- Created validate-sparkle-signature.sh script to verify signatures before release
- Added pre-release checklist items for signature validation
- Documented the beta 8 incident and resolution
This ensures we always use the correct file-based private key and never accidentally use the keychain key that produces incompatible signatures.
- Corrected Stats.store description as privacy-first analytics backend
- Fixed benefits section to reflect actual features (not CDN)
- Clarified that Stats.store is a transparent proxy, not hosting files
- Added details about anonymous data collection
- Stats.store cache confirmed to be 1 minute as documented
- Updated appcast-prerelease.xml with correct signature generated from file-based private key
- Added comprehensive documentation about Sparkle/Stats.store integration
- Documented the beta 8 incident and resolution
- The issue was caused by using the wrong private key (keychain vs file)
- Document lessons learned from v1.0.0-beta.5 release
- Add quick reference guide for common release tasks
- Include troubleshooting for timeout and appcast issues
- Clarify DMG notarization behavior (DMGs aren't notarized, only apps inside)
- Always use --account VibeTunnel for Sparkle signing
- Add automatic DMG volume cleanup to prevent resource errors
- Better handling of CHANGELOG.md location (check both mac/ and root)
- Add comprehensive RELEASE-LESSONS.md with all gotchas
- Add signature verification step to release process
- Improve error messages and debugging output
- Pass SPARKLE_ACCOUNT environment variable through scripts
- Move all macOS-specific code from root to mac/ directory
- Move app icons and assets to dedicated assets/ directory
- Update GitHub workflows for new structure
- Consolidate documentation files
- Clean up root directory for better multi-platform organization
