v0.14

0.14.0 | 2026-03-28

A major release adding Linux support, a config-driven build system, and the KVM hypervisor backend.

Highlights

Linux Support (KVM)

Capsem now runs on Linux via KVM in addition to macOS via Apple Virtualization.framework. The new hypervisor abstraction layer (Hypervisor, VmHandle, SerialConsole traits) enables platform-agnostic VM management. The KVM backend is a ~5,500 LOC embedded VMM using rust-vmm crates with virtio console, block, vsock, and VirtioFS devices.

Release artifacts include .deb and .AppImage packages alongside the macOS DMG.

capsem-builder

A new Python package (src/capsem/builder/) replaces the old images/build.py with a config-driven build system:

• Pydantic models for all guest image TOML configs
• Jinja2 Dockerfile templates for rootfs and kernel (multi-arch)
• Compiler-style validation linter with 12 error/warning categories
• Click CLI with validate, build, inspect, init, add, audit, new, mcp, and doctor commands
• 408 tests at 97% coverage

Multi-Arch Asset Pipeline

VM assets (kernel, initrd, rootfs) are now built per-architecture:

• CI builds arm64 and x86_64 in parallel on native runners
• Per-arch subdirectories (assets/arm64/, assets/x86_64/)
• Unified manifest.json with BLAKE3 hashes for both architectures
• SLSA build provenance attestation per architecture

Settings Schema

The settings system is now fully config-driven with Pydantic as the canonical schema source:

• Two-node-type design (GroupNode + SettingNode)
• JSON Schema generation with cross-language conformance tests (Python/Rust/TypeScript)
• Batch IPC commands replace 3 parallel calls with 1
• Settings UI is fully data-driven with no hardcoded group-name checks

Other Changes

• Direct clonefile(2) syscall: snapshot create dropped from 50ms to 3.7ms (93% faster)
• Hardlink-based snapshots for cross-platform support
• 30+ FUSE ops unit tests for the embedded VirtioFS server
• VirtioFS security hardening: resource limits, async worker thread, safe deserialization
• Claude Code installed via native installer (curl instead of npm)
• Guest artifacts reorganized from images/ to guest/config/ and guest/artifacts/
• Site deployment fixed (npm to pnpm)
• Snapshot MCP no longer hangs (blocking I/O on spawn_blocking)
• Numerous snapshot, vacuum, and telemetry fixes

Patch Releases

0.14.7

• Linux build fix — ApfsSnapshot used libc::clonefile (macOS-only) without a cfg gate, breaking Linux app compilation.

0.14.6

• CI build-assets Rust toolchain — v0.14.5 removed dtolnay/rust-toolchain when switching to just recipes, but build-rootfs cross-compiles the guest agent and needs the musl target.

0.14.5

• CI build-assets root cause fix — release workflow only built rootfs, missing vmlinuz and initrd.img. CI now uses just build-kernel and just build-rootfs recipes instead of reimplementing builder commands.
• Developer codesign diagnostics — just doctor runs a four-step codesigning check (Xcode CLTools, codesign binary, entitlements.plist, test sign). Every failure line includes a copy-pasteable fix command. _sign recipe and run_signed.sh fail immediately with actionable messages instead of cryptic errors.
• Platform guards — bootstrap.sh, just doctor, and _sign detect Linux and print which recipes are available (test, build-assets, audit) vs macOS-only (run, dev, bench).
• Developer docs — getting-started page now covers platform requirements, codesigning validation, and troubleshooting.

0.14.2

• KVM virtio_blk split-borrow — .take() pattern avoids split-borrow in queue_notify.
• CI assets/current — cp -r instead of ln -s (GitHub Actions strips symlinks).
• Guest agent libc::time_t — replaced deprecated type with i64.
• Developer onboarding — bootstrap script, .dev-setup sentinel, uv check in doctor, README prerequisites, dev-start skill.

0.14.1

• Builder uses Python blake3 — no longer shells out to b3sum CLI.
• Site pnpm 10 — fixed workspace detection issues.

See the full changelog for details.