README.md:
- Add skip parameters example (-SkipVNC, -SkipOllama)
- Document VNC password prompt and minimum length
- Update requirements to show ISO creation fallbacks
CLAUDE.md:
- Add Windows script editing section
- Add Windows security patterns section
- Add Windows testing instructions
- Update VNC password minimum from 6 to 8 chars
- Document checksum verification for Windows
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security improvements:
- SHA256 checksum verification for Ubuntu image downloads
- Strict input validation for all user inputs (git name/email, passwords)
- Blocks shell metacharacters to prevent injection attacks
- Config file created with restricted ACL from the start
- VNC password minimum increased to 8 characters
- Security reminder to remove cloud-init ISO after first boot
Reliability improvements:
- ARM64 architecture detection for Windows on ARM
- Log file creation for troubleshooting
- Automatic cleanup on failure (VM, disk, ISO)
- Hosts file backup before modification
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rewrites setup_env_windows.ps1 to fully implement WINDOWS_PLAN.md with:
- Fixed cloud-init password handling using chpasswd
- Multiple ISO creation fallbacks (oscdimg/WSL/IMAPI2)
- Component skip parameters for VNC, PostgreSQL, Ollama, Playwright
- VNC password support via base64 encoding
- BITS transfer for reliable downloads
- SSH readiness checking before showing connection info
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes:
- Tidewave CLI now downloads from correct repo (tidewave_app)
with proper musl binary naming convention
Features:
- Python runtime managed by mise instead of system apt
- Python added as selectable component in interactive menu
Documentation:
- WINDOWS_PLAN.md explains Hyper-V vs WSL2 security tradeoffs
- Documents CVEs affecting WSL2 (2024-20681, 2025-9074, 2025-53788)
- Describes full implementation architecture and workflow
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Integrates Python as a selectable component alongside existing Node.js and Erlang options
Updates component descriptions to reflect mise's expanded language support
Includes pip upgrade during Python installation for package management
Fixes Tidewave CLI download URL and architecture detection for improved reliability
Creates setup_env_windows.ps1 PowerShell script that:
- Provisions full Hyper-V VMs (not WSL2) for complete isolation
- Uses Ubuntu cloud images with cloud-init for automated setup
- Generates SSH keys for passwordless access
- Adds VMs to hosts file for easy <name>.local access
- Disables integration services by default for security
Hyper-V provides stronger isolation than WSL2:
- Separate kernel per VM
- Complete filesystem isolation (no /mnt/c mount)
- Own network stack (no firewall bypass)
- No ability to launch Windows programs from Linux
Also updates README with cross-platform quick start guides
and security comparison between WSL2 and Hyper-V.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- OpenCode: Open-source AI coding assistant (npm install -g opencode-ai)
Supports multiple LLM providers including OpenAI, Anthropic, Gemini
- Tidewave: Elixir/Phoenix MCP server for AI-powered development
Downloads binary from GitHub releases with ELF validation
Enables runtime introspection, SQL queries, and code evaluation
Both tools are optional components in the interactive installer.
Tidewave is automatically skipped if Erlang is not selected.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Ensures early failure with clear error messages if credential
decoding fails during VM provisioning.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rustup: Download script to temp file with shebang/size validation
before execution, matching mise/ollama pattern (line 1119)
- SKIP_EXPORTS: Refactor from embedded shell commands to base64-encoded
list decoded safely in VM, eliminating injection risk (line 478)
- Playwright symlink: Validate path is executable and within expected
cache directory before creating system symlinks (line 1053)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Establishes CLAUDE.md, CHANGELOG.md, and README.md as persistent
project memory. Adds documentation update triggers and semantic
versioning rules to ensure context is maintained across sessions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents all releases from v0.1.0 through v0.6.0 following
Keep a Changelog format with semantic versioning.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Switches all tools to use latest versions by default instead of pinning specific versions, reducing maintenance overhead while still allowing customization for Erlang and Elixir.
Enhances security measures by documenting input validation patterns, safe config loading practices, and credential handling procedures. Updates PostgreSQL authentication to use scram-sha-256 for all TCP connections.
Clarifies that VNC passwords are never stored and must be entered each time, improving the security posture of credential management.
Simplifies tool installation by removing version pinning constraints and using native package managers where appropriate.
Prevents shell injection through input validation and safe parameter passing
Replaces direct sourcing with manual config parsing to avoid code execution
Downloads and validates install scripts before execution instead of piping
Uses base64 encoding for secure VM parameter transmission
Adds checksum verification for binary downloads
Creates secure temporary directories and files with proper permissions
Addresses multiple security vulnerabilities in environment setup process
Replaces sequential installation with parallel step execution
Introduces real-time progress dashboard with spinner and status
Removes color variables to improve terminal compatibility
Restructures logging with per-step files for better debugging
Significantly reduces total setup time by running independent steps concurrently
Implements orchestration on macOS and provisioning on Linux for isolated Claude Code environments
Adds interactive component selection with visual menu interface
Enables secure VM creation with disabled host filesystem access
Provides comprehensive toolchain including PostgreSQL, Erlang/Elixir, and browser automation
Configures VNC desktop access for OAuth workflows and browser-based tasks
Creates comprehensive environment configuration for Elixir/Erlang development with browser automation capabilities
Installs and configures mise version manager, Node.js LTS, Erlang 28.3.1, and Elixir 1.19.5-otp-28
Sets up PostgreSQL 16 with trust authentication and remote access
Integrates Claude Code with multiple plugin marketplaces and MCP servers
Includes Chromium browser and Playwright for automation tasks
Enables seamless development workflow between macOS host and Ubuntu VM with detailed connection instructions
