v0.9
0.9.0 — 0.9.18 | 2026-03-18 to 2026-03-21
The 0.9 series shipped the first-run experience, MCP rewrite, security presets, and a hardened release pipeline. 18 patch releases stabilized the full stack.
First-run experience
Section titled “First-run experience”- 6-step setup wizard (Welcome, Security, AI Providers, Repositories, MCP Servers, All Set) that runs while the VM image downloads in background
- Host config auto-detection: scans
~/.gitconfig,~/.ssh/*.pub, env vars, andgh auth tokento pre-populate settings - Resumable asset downloads via HTTP Range headers
- Thin DMG distribution: rootfs excluded from bundle (was 463 MB), downloaded on first launch with blake3 verification
MCP gateway rewrite
Section titled “MCP gateway rewrite”- Rewrote MCP gateway on rmcp (official Rust MCP SDK) with Streamable HTTP transport, replacing hand-rolled JSON-RPC/SSE
fetch_httpnow returns markdown by default with full HTML-to-markdown conversion- MCP byte tracking (
bytes_sent/bytes_received) for I/O auditability - Builtin MCP tool HTTP requests emit
net_eventsfor network audit visibility
Security and policy
Section titled “Security and policy”- Security presets (“Medium” and “High”) — one-click security profiles
- Kernel hardening: heap zeroing, SLUB freelist hardening, page allocator randomization, KPTI, ARM64 BTI+PAC, seccomp filter
- Git credential tokens reject
@and:characters to prevent URL injection - Guest config file permissions tightened to 0o600 (owner-only)
Settings and UI
Section titled “Settings and UI”- Settings UI auto-generated from TOML tree — adding settings to
defaults.tomlrequires zero frontend code - Config lint engine validates all settings (JSON format, number ranges, API key format, URL format)
- AI stats tab with model usage, token breakdown, cost-over-time, and provider distribution charts
- File analytics section with action breakdown and events-over-time charts
- LayerChart v2 for all analytics visualizations
Release pipeline
Section titled “Release pipeline”- CI-only releases via tag push, with preflight credential validation
- App auto-update with minisign signature verification
- Multi-version asset manifest replacing single-version B3SUMS
- Build attestation (SLSA provenance + SBOM) restored
Notable fixes
Section titled “Notable fixes”- Anthropic SSE responses now decompressed before parsing (was returning NULL for all usage/cost data)
- First-launch crash from tokio worker thread calling VZ on non-main thread
- Policy changes now take effect immediately on existing keep-alive connections