README.md:
- Add skip parameters example (-SkipVNC, -SkipOllama)
- Document VNC password prompt and minimum length
- Update requirements to show ISO creation fallbacks
CLAUDE.md:
- Add Windows script editing section
- Add Windows security patterns section
- Add Windows testing instructions
- Update VNC password minimum from 6 to 8 chars
- Document checksum verification for Windows
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security improvements:
- SHA256 checksum verification for Ubuntu image downloads
- Strict input validation for all user inputs (git name/email, passwords)
- Blocks shell metacharacters to prevent injection attacks
- Config file created with restricted ACL from the start
- VNC password minimum increased to 8 characters
- Security reminder to remove cloud-init ISO after first boot
Reliability improvements:
- ARM64 architecture detection for Windows on ARM
- Log file creation for troubleshooting
- Automatic cleanup on failure (VM, disk, ISO)
- Hosts file backup before modification
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rewrites setup_env_windows.ps1 to fully implement WINDOWS_PLAN.md with:
- Fixed cloud-init password handling using chpasswd
- Multiple ISO creation fallbacks (oscdimg/WSL/IMAPI2)
- Component skip parameters for VNC, PostgreSQL, Ollama, Playwright
- VNC password support via base64 encoding
- BITS transfer for reliable downloads
- SSH readiness checking before showing connection info
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes:
- Tidewave CLI now downloads from correct repo (tidewave_app)
with proper musl binary naming convention
Features:
- Python runtime managed by mise instead of system apt
- Python added as selectable component in interactive menu
Documentation:
- WINDOWS_PLAN.md explains Hyper-V vs WSL2 security tradeoffs
- Documents CVEs affecting WSL2 (2024-20681, 2025-9074, 2025-53788)
- Describes full implementation architecture and workflow
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Creates setup_env_windows.ps1 PowerShell script that:
- Provisions full Hyper-V VMs (not WSL2) for complete isolation
- Uses Ubuntu cloud images with cloud-init for automated setup
- Generates SSH keys for passwordless access
- Adds VMs to hosts file for easy <name>.local access
- Disables integration services by default for security
Hyper-V provides stronger isolation than WSL2:
- Separate kernel per VM
- Complete filesystem isolation (no /mnt/c mount)
- Own network stack (no firewall bypass)
- No ability to launch Windows programs from Linux
Also updates README with cross-platform quick start guides
and security comparison between WSL2 and Hyper-V.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- OpenCode: Open-source AI coding assistant (npm install -g opencode-ai)
Supports multiple LLM providers including OpenAI, Anthropic, Gemini
- Tidewave: Elixir/Phoenix MCP server for AI-powered development
Downloads binary from GitHub releases with ELF validation
Enables runtime introspection, SQL queries, and code evaluation
Both tools are optional components in the interactive installer.
Tidewave is automatically skipped if Erlang is not selected.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Ensures early failure with clear error messages if credential
decoding fails during VM provisioning.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rustup: Download script to temp file with shebang/size validation
before execution, matching mise/ollama pattern (line 1119)
- SKIP_EXPORTS: Refactor from embedded shell commands to base64-encoded
list decoded safely in VM, eliminating injection risk (line 478)
- Playwright symlink: Validate path is executable and within expected
cache directory before creating system symlinks (line 1053)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Establishes CLAUDE.md, CHANGELOG.md, and README.md as persistent
project memory. Adds documentation update triggers and semantic
versioning rules to ensure context is maintained across sessions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents all releases from v0.1.0 through v0.6.0 following
Keep a Changelog format with semantic versioning.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
