github ovumcy/ovumcy-web v1.4.0

3 hours ago

Adds declarative owner provisioning from the operator CLI and clarifies the
product as owner-role-only with per-account isolation, enabling household
self-hosting. No database migrations; no breaking API changes.

Added

  • ovumcy users create <email> operator CLI command. Provisions an owner account declaratively — for example from a YunoHost install script — without the open-register-then-close workaround. The password is read from stdin (for automation) or an interactive no-echo prompt, never from argv or the environment; --show-recovery-code prints the one-time recovery code on demand; --skip-if-exists makes re-runs idempotent.
  • Household self-hosting. A single instance may host several independent owner accounts, each the sole owner of its own data and isolated from the others. The privacy model is documented as owner-role-only in SECURITY.md and docs/SECURITY_INVARIANTS.md, with cross-owner isolation pinned by regression tests.

Internal

  • Removed the never-shipped non-owner "viewer" sanitization path; the day-read service now returns owner data directly. The role-integrity guard (ValidateSupportedWebUser) is retained.

Don't miss a new ovumcy-web release

NewReleases is sending notifications on new releases.