Skip to main content
Everything that must be done before tagging v0.1.0 and shipping to users. Items are ordered by dependency — complete them top to bottom.

Prerequisites Checklist

Without the Tauri signing keypair, auto-updater is dead. No user will ever receive an update.

1. Generate Tauri Signing Keypair

Status: 🔴 BLOCKING The Tauri updater requires an Ed25519 keypair. The private key signs every release bundle, and the public key is embedded in the app binary to verify updates.
1

Install Tauri CLI

cargo install tauri-cli --locked
2

Generate the keypair

cargo tauri signer generate -w ~/.tauri/openfang.key
Output:
Your public key was generated successfully:
dW50cnVzdGVkIGNvb...  <-- COPY THIS

Your private key was saved to: ~/.tauri/openfang.key
3

Save both values

You need them for steps 2 and 3.

2. Set the Public Key in tauri.conf.json

Status: 🔴 BLOCKING Open crates/openfang-desktop/tauri.conf.json and replace: 
"pubkey": "PLACEHOLDER_REPLACE_WITH_GENERATED_PUBKEY"
with the actual public key string from step 1: 
"pubkey": "dW50cnVzdGVkIGNvb..."

3. Add GitHub Repository Secrets

Status: 🔴 BLOCKING Go to GitHub repo → Settings → Secrets and variables → Actions → New repository secret:
Secret NameValueRequired
TAURI_SIGNING_PRIVATE_KEYContents of ~/.tauri/openfang.key✅ Yes
TAURI_SIGNING_PRIVATE_KEY_PASSWORDPassword set during keygen (or empty string)✅ Yes

Optional: macOS Code Signing

Without these, macOS users will see “app from unidentified developer” warnings. Requires an Apple Developer account ($99/year).
Secret NameValue
APPLE_CERTIFICATEBase64-encoded .p12 certificate file
APPLE_CERTIFICATE_PASSWORDPassword for the .p12 file
APPLE_SIGNING_IDENTITYe.g. Developer ID Application: Your Name (TEAMID)
APPLE_IDYour Apple ID email
APPLE_PASSWORDApp-specific password from appleid.apple.com
APPLE_TEAM_IDYour 10-character Team ID
To generate the base64 certificate: 
base64 -i Certificates.p12 | pbcopy

Optional: Windows Code Signing

Without this, Windows SmartScreen may warn users. Requires an EV code signing certificate.
Set certificateThumbprint in tauri.conf.json under bundle.windows and add the certificate to the Windows runner in CI.

4. Create Icon Assets

Status: 🟡 VERIFY The following icon files must exist in crates/openfang-desktop/icons/:
FileSizeUsage
icon.png1024x1024Source icon, macOS .icns generation
icon.icomulti-sizeWindows taskbar, installer
32x32.png32x32System tray, small contexts
128x128.png128x128Application lists
[email protected]256x256HiDPI/Retina displays
Verify they are real branded icons (not Tauri defaults). Generate from a single source SVG: 
# Using ImageMagick
convert icon.svg -resize 1024x1024 icon.png
convert icon.svg -resize 32x32 32x32.png
convert icon.svg -resize 128x128 128x128.png
convert icon.svg -resize 256x256 [email protected]
convert icon.svg -resize 256x256 -define icon:auto-resize=256,128,64,48,32,16 icon.ico

5. Set Up the openfang.sh Domain

Status: 🔴 BLOCKING for install scripts Users run curl -sSf https://openfang.sh | sh. Options:
  • GitHub Pages: Point openfang.sh to a GitHub Pages site that redirects / to scripts/install.sh from the latest release
  • Cloudflare Workers / Vercel: Serve the install scripts with proper Content-Type: text/plain headers
  • Raw GitHub redirect: Use openfang.sh as a CNAME to raw.githubusercontent.com/RightNow-AI/openfang/main/scripts/install.sh (less reliable)
The install scripts reference:
  • https://openfang.sh → serves scripts/install.sh
  • https://openfang.sh/install.ps1 → serves scripts/install.ps1
Until the domain is set up, users can install via: 
curl -sSf https://raw.githubusercontent.com/RightNow-AI/openfang/main/scripts/install.sh | sh

6. Verify Dockerfile Builds

Status: 🟡 VERIFY 
docker build -t openfang:local .
docker run --rm openfang:local --version
docker run --rm -p 4200:4200 -v openfang-data:/data openfang:local start
1

Binary runs and prints version

✅ Confirmed
2

start command boots the kernel and API server

✅ Confirmed
3

Port 4200 is accessible

✅ Confirmed
4

/data volume persists between container restarts

✅ Confirmed

7. Verify Install Scripts Locally

Status: 🟡 VERIFY before release

Linux/macOS

# Test against a real GitHub release (after first tag)
bash scripts/install.sh

# Or test syntax only
bash -n scripts/install.sh
shellcheck scripts/install.sh

Windows (PowerShell)

# Test against a real GitHub release (after first tag)
powershell -ExecutionPolicy Bypass -File scripts/install.ps1

# Or syntax check only
pwsh -NoProfile -Command "Get-Content scripts/install.ps1 | Out-Null"

Docker smoke test

docker build -f scripts/docker/install-smoke.Dockerfile .

8. Write CHANGELOG.md for v0.1.0

Status: 🟡 VERIFY The release workflow includes a link to CHANGELOG.md in every GitHub release body. Ensure it exists at the repo root and covers:

Core Features
  • All 14 crates and their purposes
  • 30 agent templates across 4 tiers

Integrations
  • 40 channels
  • 60 skills
  • 20 providers
  • 51 models

Security
  • 9 SOTA security systems
  • 7 critical fixes

Desktop App
  • Native app with auto-updater
  • System tray integration

Migration
  • Migration path from OpenClaw

Deployment
  • Docker and CLI install options

Release Process

Once steps 1-8 are complete:

9. First Release — Tag and Push

1

Ensure version matches everywhere

grep '"version"' crates/openfang-desktop/tauri.conf.json
grep '^version' Cargo.toml
2

Commit any final changes

git add -A
git commit -m "chore: prepare v0.1.0 release"
3

Tag and push

git tag v0.1.0
git push origin main --tags
This triggers the release workflow which:
  1. Builds desktop installers for 4 targets (Linux, macOS x86, macOS ARM, Windows)
  2. Generates signed latest.json for the auto-updater
  3. Builds CLI binaries for 5 targets
  4. Builds and pushes multi-arch Docker image
  5. Creates a GitHub Release with all artifacts

Post-Release Verification

After the release workflow completes (~15-30 min):

GitHub Release Page

Windows Desktop

  • .msi present
  • .exe present

macOS Desktop

  • .dmg present

Linux Desktop

  • .AppImage present
  • .deb present

Auto-Updater

  • latest.json present

CLI Binaries

  • .tar.gz archives (5 targets)
  • .zip (Windows)
  • SHA256 checksums

Auto-Updater Manifest

Visit: https://github.com/RightNow-AI/openfang/releases/latest/download/latest.json
  • JSON is valid
  • Contains signature fields (not empty strings)
  • Contains download URLs for all platforms
  • Version matches the tag

Docker Image

docker pull ghcr.io/RightNow-AI/openfang:latest
docker pull ghcr.io/RightNow-AI/openfang:0.1.0

# Verify both architectures
docker run --rm ghcr.io/RightNow-AI/openfang:latest --version

Desktop App Auto-Update (test with v0.1.1)

1

Install v0.1.0 from the release

Download and install the desktop app.
2

Tag v0.1.1 and push

Create a minor version bump to test the updater.
3

Wait for release workflow

Wait for the release workflow to complete.
4

Open the v0.1.0 app

After 10 seconds it should:
  • Show “OpenFang Updating…” notification
  • Download and install v0.1.1
  • Restart automatically to v0.1.1
5

Verify update

Right-click tray → “Check for Updates” → should show “Up to Date”

Install Scripts

# Linux/macOS
curl -sSf https://openfang.sh | sh
openfang --version  # Should print v0.1.0

# Windows PowerShell
irm https://openfang.sh/install.ps1 | iex
openfang --version

Dependency Flow

Steps 4-8 can be done in parallel. Steps 1-3 are sequential and must be done first.

Next Steps

Desktop App

Learn about the desktop app architecture

API Reference

Explore the REST API documentation