v3.10.1

What's new

CLI

Improvements

• Border width now comes from a single BORDER constant in fse.ui.styles — same pattern as fsd
• Added missing module headers to commands/__init__.py and helpers/__init__.py

Docs

• Fixed step numbering in getting-started (was 1, 2, 2, 3, 4)
• Fixed missing step 2 in troubleshooting (was 1, 3)

v3.10.0

What's new

CLI

Improvements

• Error messages are now consistent — 😐 for simple invalid input, Error: for failures (bright red-orange), ⚠️ for warnings. Same pattern as formseal-decrypt

Breaking changes

• fse keygen -json now uses a single dash instead of --json.

---

Docs

• Removed --- separators cluttering every page
• Fixed stale references (--json → -json, outdated setup instructions)

v3.9.1

What's new

CLI

Fixes

• fse set logging now accepts case-insensitive values (True, FALSE, etc.)

v3.9.0

What's new

Browser runtime

Fixes

• Catch fse.config.js syntax errors via new Function() pre-parse instead of relying on try/catch around appendChild
• Guard mount when config is missing — no more "FSE is not defined" cascade
• Load fse.log.js before config files so syntax errors are logged properly

Improvements

• Centralised FSE_LOG logger with [formseal] prefix, error+fix message pairs
• New logging config flag (fse set logging true|false) — when false, suppresses info and warning logs (errors always show)
• Submit log now includes full submission UUID
• Replaced all raw console.* calls with FSE_LOG.error/warn/info

CLI

Features

• fse set logging <true|false> — toggle console logging from the CLI

Docs

• Updated commands reference, cheatsheet, and troubleshooting guide for logging feature
• Removed stale issue templates
• Cleaned up CONTRIBUTING.md tree diagram and references

v3.8.0

What's new

Browser runtime

Improvements

• Removed dead hasOwnProperty branches in fse.freeze.js
• Added console.warn on malformed fields.jsonl lines in globals.js

CLI

Features

• fse set origin <name> — configure form origin identifier
• fse --status -fields — show per-field details (type, max length, required)
• fse keygen --json — machine-readable JSON key output
• Implicit fse field <name> type:<type> — omit the add keyword

Breaking changes

• Removed fse doctor command (field type definitions now live in helpers/fields.py, validation is at runtime)

Improvements

• Restructured CLI tree: flat commands/, helpers/, ui/ layout
• Extracted field type definitions to helpers/fields.py (single source of truth)
• Removed dead code: duplicate errors.py, unused functions (badge, code, link, cmd_line), dead alias -u, dead command_not_implemented
• Unified cosmetic output: ✨ instead of green *, consistent pipe/indentation formatting

Docs

• Updated CONTRIBUTING.md tree, commands reference, cheatsheet, integration guides, README, and getting-started for all CLI changes
• Fixed inject-version.yml workflow path for version.py

v3.7.0

What's new

• new command: fse keygen generates X25519 keypair for encryption
• output as JSON: { "publicKey": "...", "privateKey": "..." } in base64url format
• red WARNING message reminds users to keep keys safe and never store on server

v3.6.0

What's new:

Security

• add runtime freeze layer (fse.freeze.js) - config, crypto, payload, validation, and form modules are now immutable at initialization
• enforce secure context - formseal refuses to run on HTTP (except localhost/127.0.0.1 during dev)
• remove built-in honeypot - spam protection (honeypot, CAPTCHA, etc.) is now developer responsibility

Logging

• add init summary log - shows endpoint, field count, form selector, and any warnings after mount (in browser console)

General

• naming consistency - use lowercase "formseal" throughout codebase

Docs

• update docs - security.md with runtime tampering and HTTPS requirements, html.md examples now include method="POST"

Breaking changes

• honeypot field (_hp) no longer automatically handled - developers must implement their own spam protection if needed

v3.5.0

What's new

Breaking changes

• commands renamed: update → set
  • fse update endpoint is now fse set endpoint
  • fse update key is now fse set key
• init/reset simplified: no more interactive configure prompt after scaffolding. run fse set endpoint and fse set key separately.

New features

• validate-before-write: invalid keys and endpoints are rejected immediately, never persisted
• double-https prevention: entering https://example.com no longer becomes https://https://example.com
• fse --status: new command shows current endpoint, key, origin, and field count

Improvements

• cli structure now mirrors formseal-fetch patterns
• all paths and helpers centralized in fse/cli/general/helpers
• command dispatch refactored to dict-based routing

Documentation

• README, commands reference, contributing guide, and getting-started docs rewritten

v3.4.2

What's new

Ciphertext

• ciphertexts are now prefixed with formseal. when POSTed
• makes it easy to identify formseal payloads at storage

Example: formseal.wmqp7gz1Vg_KLjQOGE2C0Fmx...

Payload version remains same:

• the fse.v1.0 inside the decrypted JSON is the payload schema version — that stays the same. It's a different thing from the storage format (the formseal. prefix).

v3.4.1

What's new

General

• new docs: README index, troubleshooting guide, commands reference
• new contribution guide (CONTRIBUTING.md)
• new GitHub issue templates

CLI improvements

• root command now shows about (no duplicate code)
• --version shows "vX.Y.Z" cleanly