This is the biggest user-facing release since the World Computer launch, not because it adds another long list of features, but because the main pieces now start to feel usable together.
The dApp Centre now has real apps. Elacity V3 now live inside ElastOS. The dDRM open path has been rebuilt. Media playback is cleaner. Email login is now supported. The latest PC2 security audit has been closed. And under all of this, Elastos Runtime 0.20 is now available as an early look at where ElastOS is going next.
This release is not just another PC2 update. It is the point where the desktop, the app store, dDRM, identity, payments, and runtime permissions start to connect in a way normal users can actually try.
What is new in v1.2
- A working dApp Centre with Elacity NFT and Glide Finance as the first two installable apps
- Elacity V3 contracts on ElastOS, covering content access, royalties, and channel logic
- A rebuilt Lit Protocol path for dDRM access
- Two new Rust media engines, one for video and audio, one for PDFs, Images, 3D models, CSV, EPUB ebooks, and more
- Email Login now live, Login is no longer wallet only
- A closed PC2 security audit, with all 7 external findings resolved
- Elastos Runtime 0.20, a Rust based local runtime where apps and agents start with no permissions until you grant them
1. The dApp Centre now has real apps
In v1.1, the dApp Centre was still early. In v1.2, you can open it, install apps, and actually use them. The first two installable apps are Elacity NFT and Glide Finance.
- Elacity NFT
This is the first app in the new store. It gives users a marketplace for browsing, trading, and collecting NFTs connected to the Elastos ecosystem. The important part is not just that the marketplace exists inside PC2. It is that it runs as part of the personal cloud experience, where content, identity, payments, and access control are all moving into the same user-owned environment. - Glide Finance
Elastos Smart Chain’s only DEX is also available through the dApp Centre. It brings token swaps, liquidity, farming, staking, analytics, and governance access into PC2. A wallet bridge handles connection, and the RPC fallback path helps keep the app responsive when one provider has issues.
This is the difference in v1.2: the dApp Centre is no longer a page full of placeholders. It has real apps, fetched from the network, verified, and launched inside your PC2.
Signed apps, fetched from the network
The app store model in ElastOS is different from simply linking to a website. Apps are packaged as capsules. Each capsule is signed, content-addressed, and checked before it runs. PC2 fetches the app, verifies the signature and hash, then launches it in a sandbox. That matters because the user is not just opening a random web page. The user is installing signed software into their own cloud.
For v1.2, the old placeholder catalogue has been cleaned up. The dApp Centre now focuses on real apps, including bundled Elacity apps and the two installable third-party apps, Elacity NFT and Glide Finance.
2. Elacity V3 now live inside ElastOS
v1.2 brings Elacity’s V3 marketplace and access-control contracts into ElastOS, adding a real monetization path for creators inside the product.
The bigger story is not just one chain. It is that ElastOS is beginning to support omnichain operations, with Base as the first supported route for USDC markets.
For creators, V3 improves how content access, royalties, and content identity are handled. Instead of each content type following a separate path, access now comes down to one core check: does this wallet have access to this content ID? That check runs through the V3 contract path and Lit Protocol.
V3 also supports royalty splitting at mint time, so creator and protocol shares can be handled directly through the contract flow instead of manually by creators. Free and paid mints now follow the same content identity model, making the system cleaner for creators and easier to maintain across content types.
3. The dDRM path has been rebuilt
The most important security change in v1.2 is in the dDRM open flow. In the previous path, part of the Lit Action flow depended too much on a client-supplied user address. Since Lit Actions are public on IPFS, that created a path that needed to be closed.
v1.2 removes that weakness.
The new flow uses session key delegation. At wallet connect, the wallet signs a delegation that allows a device-bound key to open dDRM content for a limited session. After that, the user can open content without repeated wallet popups, but the session is still tied to the wallet, the device, and the signed delegation.
The Lit Action now checks the delegation, the request signature, the action binding, freshness, replay protection, expiry, and the V3 access check before returning a content key.
Older clients do not fall back to the old path. They get a clear [401 session_bundle_required] response and must upgrade.
4. Two new Rust media engines
v1.2 adds two Rust based media engines.
- Elacity Player
The player handles video and audio playback. It supports the DASH and CENC path used by protected media, including AV1 video and audio playback. It avoids depending on browser DRM modules and keeps the playback path more controlled inside the Elacity stack. - Elacity Viewer
Elacity Viewer, also called the dDRM Viewer, handles non-streaming content.
It supports: PDFs, Images, 3D models, CSV datasets, Fonts, Archives, EPUB ebooks, CBZ comics.
PDFs support watermarking, page navigation, and zoom. EPUBs support a protected reader path with forensic watermarking. Comics and other visual formats get cleaner routing through the viewer.
The bigger point is that protected content is no longer treated as only video. Creators can publish many file types, and users can open them through the same dDRM model.
5. Login is no longer wallet only
Wallet login still works, and it remains the best path for crypto-native users. But v1.2 removes a major barrier for everyone else.
Users can now sign in with:
-
- MetaMask
- WalletConnect
This is a big change for creators, buyers, and people who want to use a personal cloud without dealing with seed phrases on day one. Email login use Particle Auth. The user still gets a wallet address and can also use a smart account for flows like batch mints, sponsored gas, and creator channel setup.
Note: Please avoid minting or buying with Particle Smart Wallets for now. Particle is upgrading its smart wallet system, and using the current flow may place assets in an older account path that may not be supported later. Use a normal wallet until the upgrade is live and tested in ElastOS.
After the upgrade, ElastOS can support universal USDC payments, letting users buy from supported chains while Base works mostly in the background.
6. Security work closed before release
v1.2 also closes the latest PC2 and gateway security audit.
A community researcher, jhond0e, submitted a serious audit on April 18. The v1.2 release closes all 7 in-scope external findings, plus 20 of 21 internal findings.
The security work included:
- Removing risky mock token and wallet inference code
- Locking update routes behind owner checks
- Adding rate limits to sensitive update routes
- Adding SIWE and SIWS based login checks
- Locking setup routes behind a one-time first-run token
- Tightening proxy handling to avoid IP spoofing from LAN attackers
- Replacing shell based gateway commands with safer argument based calls
- Requiring provisioning tokens for mutating gateway routes
- Adding secret scanning on commits, pull requests, and long-lived branches
The v1.2 branch also includes 79 passing security test cases across 5 specs.
This part may not look flashy, but it matters. A personal cloud cannot ask users to trust it while leaving basic owner, login, update, and gateway routes loose.
7. Elastos Runtime 0.20 is now available
The other major part of this release is Elastos Runtime 0.20. As one of the four ElastOS pillars, Runtime is the smaller Rust based layer that more ElastOS apps can move toward over time.
The basic idea is simple: apps and AI agents should not start with broad access to your machine. In Runtime 0.20, every app starts with zero permissions. If an app needs access to a file, a wallet action, a network route, or something else, it needs a capability token. That token says exactly what the app can do and for how long.
That matters even more for AI agents.
A note app should not see your wallet. A music player should not read your private documents. An AI agent that helps with scheduling should not get open-ended access to your whole machine forever.
Runtime is built around that idea from the start.
Signed capsules and one permission model
Runtime 0.20 runs signed, content addressed capsules. If the package changes, the signature check fails. If the publisher is not trusted, it should not run. That gives users and developers a clearer model for how apps are installed, updated, and trusted. Runtime 0.20 is also built to support different execution types under one permission model:
- Native binaries
- WASM sandboxes
- MicroVMs
The app does not need to care which one it runs on. It only sees the permissions it has been granted.
That is the long-term direction for ElastOS: humans, apps, and AI agents using the same authority model, with clear permissions that can be granted, checked, and revoked.
Runtime now has a real desktop shell
Runtime 0.20 is not just a CLI. It now includes Home, a small signed desktop shell with window management, a taskbar, search, a system tray, and an Elastos Manager control panel. Hosted rooms can also run in two ways. Users can connect through their own PC2 nodes over Carrier, or one node can host a public gateway page where outside users request access and the owner approves them.
The bundled GBA emulator also gained persistent save state and capsule-aware file routing. Open a .gba file and it goes to the emulator. Open a markdown file and it goes to the viewer. Open a video and it goes to the media player.
This is still early, but it is now something you can install and test.
8. Smaller fixes that users will feel
A lot of v1.2 is not about new screens. It is about making the thing feel less rough. Some of the fixes:
- Audio-only playback no longer stalls around the 39 second mark
- The dApp Centre catalogue has been cleaned up
- Stale local app entries are removed after update
- Missing icons now fall back more gracefully
- The network path for app capsules is more reliable
- DHT announcements are now properly awaited
- PC2 nodes behind common home networks can receive content through relay paths more reliably
These are the types of fixes that do not always sound big in a release note, but they change whether people keep using the product after the first try.
How to get started
Try ElastOS
- Desktop Launcher (Mac and Linux): Download Launcher
- Terminal Install (Mac/Linux): curl -fsSL https://raw.githubusercontent.com/Elacity/pc2.net/main/scripts/start-local.sh | bash
- NVIDIA Jetson: cd ~ && git clone https://github.com/Elacity/pc2.net.git && cd pc2.net && sudo bash scripts/install-arm.sh
- Docs: docs.ela.city | GitHub: github.com/Elacity/pc2.net
- Network Map: map.ela.city | Portal: portal.ela.city
- v1.0.x / v1.1.x / v1.2.0 / v1.2.1 / v1.2.2 Terminal command below – those older in-app updaters predate the fixes needed for a clean v1.2.5 install
curl -fsSL https://raw.githubusercontent.com/Elacity/pc2.net/main/scripts/update.sh | bash
Elastos Runtime 0.20
curl -fsSL https://elastos.elacitylabs.com/install.sh | bash
elastos setup
elastos
Linux x86_64 and aarch64 are supported today. macOS and Windows host adapters are planned..
What comes next
v1.2 is the release where several pieces start to meet in one place.
The dApp Centre has working apps. dDRM is on the V3 path. Users can sign in without a wallet. Media playback is broader. Runtime 0.20 gives developers an early path toward signed capsules and permissioned apps.
The next areas to watch are:
- More first-party capsules in Runtime
- A cleaner capsule SDK for outside developers
- More dDRM content types and wallet flows
- Public capsule discovery through apps.ela.city
- More of PC2 gradually moving toward the Runtime model
The important part is that ElastOS is becoming easier to try without losing the original idea.
Your data, your apps, your content, and eventually your AI agents should run under keys and permissions you control.
v1.2 brings that closer.
