Release v0.8.1

2026-03-02

Added

• MCP Proxy Gateway: AI agents in the guest VM can use host-side MCP tools transparently via capsem-mcp-server binary injected at boot
• capsem-mcp-server: lightweight NDJSON-over-vsock bridge relaying MCP JSON-RPC between agents and host gateway on vsock:5003
• MCP gateway host module (capsem-core::mcp): types, policy engine, stdio bridge, server manager, vsock gateway
• Namespaced MCP tools: tools from multiple servers exposed as {server}__{tool} to prevent collisions
• Per-tool dynamic policy: each tool can be set to allow, warn, or block with hot-reload
• MCP server auto-detection from ~/.claude/settings.json and ~/.gemini/settings.json
• mcp_calls audit table with full telemetry for every MCP tool call
• Built-in HTTP tools: fetch_http, grep_http, http_headers — AI agents can fetch web content from within the sandbox, checked against domain policy
• MCP domain policy hot-reload: changing network settings immediately updates which domains tools can access
• 6 new capsem-doctor MCP tests
• fastmcp Python package in guest rootfs
• Filesystem watcher (capsem-fs-watch): inotify daemon streams file create/modify/delete events to host over vsock:5005
• fs_events audit table, FileEvent type, and frontend Files view
• OpenAI Responses API (/v1/responses) streaming support
• OpenAI cached token and reasoning token parsing
• Gemini thinking token parsing
• Non-streaming response parsing for all three providers
• Generic usage details tracking as extensible JSON map
• inject_capsem_mcp_server(): auto-merges MCP server config into Claude and Gemini settings.json at boot
• MCP Tools view in frontend with summary cards and searchable call log

Changed

• capsem-proto simplified: raw NDJSON passthrough replaces typed enums
• capsem-init deploys capsem-mcp-server from initrd
• Token details stored as flexible usage_details TEXT JSON column
• Cost estimation accounts for cached tokens

Fixed

• MCP gateway no longer sends response for notifications/initialized
• Token metrics double-counting in trace detail view
• Non-streaming API responses no longer recorded with null tokens
• HEAD connectivity checks filtered from model_call records