diff --git a/README.md b/README.md
index 8aa82cf..055f50d 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ You're now ready to develop. The workspace starts with `core-php` as the active
 core doctor
 
 # See workspace status
-core health
+core dev health
 
 # Run tests in the active package (core-php)
 core php test
diff --git a/scripts/install-core.ps1 b/scripts/install-core.ps1
index 59bdc9b..3c0a3ba 100644
--- a/scripts/install-core.ps1
+++ b/scripts/install-core.ps1
@@ -29,6 +29,23 @@ if ($PSVersionTable.PSVersion.Major -lt 4) {
 $Repo = "host-uk/core"
 $MinDiskSpaceMB = 100  # Minimum required disk space in MB
 
+# Resolve latest release version from GitHub API
+function Get-LatestVersion {
+    try {
+        if (Test-Command gh) {
+            $version = gh release view --repo $Repo --json tagName -q '.tagName' 2>$null
+            if ($version) { return $version }
+        }
+
+        # Fallback to GitHub API
+        $response = Invoke-RestMethod -Uri "https://api.github.com/repos/$Repo/releases/latest" -UseBasicParsing
+        if ($response.tag_name) { return $response.tag_name }
+    } catch {
+        Write-Warn "Could not determine latest version, using default branch"
+    }
+    return $null
+}
+
 function Write-Info { Write-Host "[INFO] $args" -ForegroundColor Green }
 function Write-Warn { Write-Host "[WARN] $args" -ForegroundColor Yellow }
 function Write-Err { Write-Host "[ERROR] $args" -ForegroundColor Red; exit 1 }
@@ -339,11 +356,23 @@ function Build-FromSource {
     $null = Set-SecureDirectoryAcl -Path $tmpdir -Required
 
     try {
+        # Resolve latest version for reproducible builds
+        $version = Get-LatestVersion
+        if ($version) {
+            Write-Info "Resolved latest version: $version"
+        } else {
+            Write-Warn "Building from default branch (version unknown)"
+        }
+
         Write-Info "Cloning $Repo..."
         $cloneDir = Join-Path $tmpdir "Core"
 
-        # Clone default branch
-        git clone --depth 1 "https://github.com/$Repo.git" $cloneDir
+        # Clone specific version if available, otherwise default branch
+        if ($version) {
+            git clone --depth 1 --branch $version "https://github.com/$Repo.git" $cloneDir
+        } else {
+            git clone --depth 1 "https://github.com/$Repo.git" $cloneDir
+        }
         if ($LASTEXITCODE -ne 0) {
             Write-Err "Failed to clone repository"
         }
diff --git a/scripts/install-core.sh b/scripts/install-core.sh
index 8c1f23f..751d9d8 100755
--- a/scripts/install-core.sh
+++ b/scripts/install-core.sh
@@ -21,10 +21,24 @@ set -e
 # - No TLS certificate pinning (relies on system CA store)
 
 REPO="host-uk/core"
-VERSION="v0.1.0"  # Pinned version - update when releasing new versions
+VERSION="${CORE_VERSION:-latest}"  # Use latest release, or set CORE_VERSION=dev for dev builds
 INSTALL_DIR="${INSTALL_DIR:-$HOME/.local/bin}"
 BUILD_FROM_SOURCE="${BUILD_FROM_SOURCE:-auto}"
 
+# Resolve "latest" to actual release tag
+resolve_version() {
+    if [[ "$VERSION" == "latest" ]]; then
+        if has gh; then
+            VERSION=$(gh release view --repo "$REPO" --json tagName -q '.tagName' 2>/dev/null) || VERSION="dev"
+        elif has curl; then
+            VERSION=$(curl -fsSL "https://api.github.com/repos/$REPO/releases/latest" 2>/dev/null | grep '"tag_name"' | head -1 | cut -d'"' -f4) || VERSION="dev"
+        else
+            VERSION="dev"
+        fi
+        info "Resolved latest version: $VERSION"
+    fi
+}
+
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
@@ -75,7 +89,8 @@ verify_hash() {
 
     actual_hash=$(compute_sha256 "$file")
 
-    if [[ "${actual_hash,,}" != "${expected_hash,,}" ]]; then
+    # Case-insensitive compare (bash 3 compatible)
+    if [[ "$(echo "$actual_hash" | tr '[:upper:]' '[:lower:]')" != "$(echo "$expected_hash" | tr '[:upper:]' '[:lower:]')" ]]; then
         rm -f "$file"
         error "Hash verification failed! Expected: $expected_hash, Got: $actual_hash. The downloaded file may be corrupted or tampered with."
     fi
@@ -282,6 +297,7 @@ verify() {
 }
 
 main() {
+    resolve_version
     info "Installing Core CLI (version $VERSION)..."
 
     # Verify install directory is safe before starting
diff --git a/scripts/install-deps.sh b/scripts/install-deps.sh
index eae6cfc..a2063a5 100755
--- a/scripts/install-deps.sh
+++ b/scripts/install-deps.sh
@@ -44,7 +44,8 @@ verify_hash() {
 
     actual_hash=$(compute_sha256 "$file")
 
-    if [[ "${actual_hash,,}" != "${expected_hash,,}" ]]; then
+    # Case-insensitive compare (bash 3 compatible)
+    if [[ "$(echo "$actual_hash" | tr '[:upper:]' '[:lower:]')" != "$(echo "$expected_hash" | tr '[:upper:]' '[:lower:]')" ]]; then
         rm -f "$file"
         error "Hash verification failed! Expected: $expected_hash, Got: $actual_hash"
     fi