Release v0.9.0

2026-03-18

Added

• First-run setup wizard — 6-step guided configuration (Welcome, Security, AI Providers, Repositories, MCP Servers, All Set) that runs while the VM image downloads in the background
• Host config auto-detection — wizard scans ~/.gitconfig, ~/.ssh/*.pub, environment variables, and gh auth token to pre-populate settings
• App auto-update with createUpdaterArtifacts for .tar.gz + .sig updater files and latest.json
• Multi-version asset manifest (manifest.json) replaces single-version B3SUMS — supports multiple release versions and merge across releases
• Persistent logging system — three-layer tracing (stdout, per-launch JSONL, Tauri UI) with per-VM log files
• Logs view in sidebar with live event stream, boot timeline visualization, session history browser, and level filtering
• Security presets (“Medium” and “High”) — one-click security profiles selectable from Settings > Security
• Resumable asset downloads — partial files preserved across app restarts and continued via HTTP Range headers
• Repositories section in settings with git identity, GitHub/GitLab personal access tokens, and GH_TOKEN/GITLAB_TOKEN env var injection
• fetch_http now supports format=markdown (new default) for better AI agent consumption
• Wikipedia added to default allow list for MCP HTTP tools
• User-editable bashrc and tmux.conf as file settings in Settings > VM > Shell
• Added tmux and gh to the default rootfs

Changed

• MCP gateway rewritten to use rmcp (official Rust MCP SDK) — proper Streamable HTTP transport, automatic pagination, typed tool/resource/prompt routing
• Settings restructured — “Web” and “Package Registries” merged under new “Security” top-level section
• MCP server UI redesigned with collapsible server cards, URL/auth config, and status labels
• Tool origin telemetry expanded from 2 values to 3 (native/mcp_proxy/local)
• just install now runs validation gates only; .app bundling is CI-only

Removed

• Stdio bridge for MCP servers — replaced by HTTP client via rmcp SDK

Fixed

• MCP server bearer token auth sent double “Bearer” prefix
• Tool calls no longer double-counted in stats (MCP-proxied calls filtered from native counts)
• AI provider disable now takes effect immediately on keep-alive connections
• fetch_http paginate is now UTF-8 safe (no panics on multi-byte content)
• fetch_http on subpaths returns full page content (switched to html5ever parser)
• Git authentication switched to .git-credentials for out-of-the-box git push
• tmux PATH and config fixes for npm-global binaries

Security

• Kernel hardening: heap zeroing (INIT_ON_ALLOC), SLUB freelist hardening, page allocator randomization, KPTI, ARM64 BTI + PAC, HARDENED_USERCOPY, seccomp filter, cmdline hardening
• Git credential tokens reject @ and : characters to prevent URL injection