Release v0.8.4

2026-03-06

Added

• apt-get install inside the VM: overlayfs with redirect_dir=on,metacopy=on enables dpkg directory renames without EXDEV errors. Packages installed in a session are gone after shutdown.
• apt-packages.txt: declarative package list baked into rootfs — edit and just build-assets to add/remove
• Debian apt sources switched to HTTPS with domains added to default allow list
• Package lists pre-populated at rootfs build time so apt-get install works without apt-get update
• force-unsafe-io dpkg config: skips redundant fsyncs on overlayfs
• Claude Code installed as native binary (from Anthropic’s GCS release bucket) instead of npm
• Ephemeral model preflight check (check_ephemeral_model): statically verifies capsem-init never skips mke2fs and never uses scratch disk as overlay upper
• Ephemeral model end-to-end test (check_persistence): boots two VMs, confirms files don’t persist
• just doctor command: checks all required dev tools and container runtime
• Release preflight checks (scripts/preflight.sh): validates Apple certificate format and keychain import
• scripts/fix_p12_legacy.sh: converts OpenSSL 3.x p12 to legacy 3DES format
• CI preflight job: fails fast on credential issues before build jobs
• Configuration overrides via CAPSEM_USER_CONFIG and CAPSEM_CORP_CONFIG env vars
• Thin DMG distribution: rootfs excluded from app bundle, downloaded on first launch with blake3 verification
• Asset manager with streaming download progress UI
• CLI auto-download: capsem "command" downloads rootfs with stderr progress if missing
• Squashfs support: boot_vm accepts both .squashfs and .img formats

Changed

• Release builds are CI-only (push vX.Y.Z tag to trigger)
• just build-assets and just install now run just doctor first

Fixed

• Apple certificate import in CI: re-exported p12 with legacy 3DES/SHA1 encryption

Security

• Ephemeral model invariants enforced by preflight + integration test