Fixes:
- Tidewave CLI now downloads from correct repo (tidewave_app)
with proper musl binary naming convention
Features:
- Python runtime managed by mise instead of system apt
- Python added as selectable component in interactive menu
Documentation:
- WINDOWS_PLAN.md explains Hyper-V vs WSL2 security tradeoffs
- Documents CVEs affecting WSL2 (2024-20681, 2025-9074, 2025-53788)
- Describes full implementation architecture and workflow
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Creates setup_env_windows.ps1 PowerShell script that:
- Provisions full Hyper-V VMs (not WSL2) for complete isolation
- Uses Ubuntu cloud images with cloud-init for automated setup
- Generates SSH keys for passwordless access
- Adds VMs to hosts file for easy <name>.local access
- Disables integration services by default for security
Hyper-V provides stronger isolation than WSL2:
- Separate kernel per VM
- Complete filesystem isolation (no /mnt/c mount)
- Own network stack (no firewall bypass)
- No ability to launch Windows programs from Linux
Also updates README with cross-platform quick start guides
and security comparison between WSL2 and Hyper-V.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- OpenCode: Open-source AI coding assistant (npm install -g opencode-ai)
Supports multiple LLM providers including OpenAI, Anthropic, Gemini
- Tidewave: Elixir/Phoenix MCP server for AI-powered development
Downloads binary from GitHub releases with ELF validation
Enables runtime introspection, SQL queries, and code evaluation
Both tools are optional components in the interactive installer.
Tidewave is automatically skipped if Erlang is not selected.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Ensures early failure with clear error messages if credential
decoding fails during VM provisioning.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rustup: Download script to temp file with shebang/size validation
before execution, matching mise/ollama pattern (line 1119)
- SKIP_EXPORTS: Refactor from embedded shell commands to base64-encoded
list decoded safely in VM, eliminating injection risk (line 478)
- Playwright symlink: Validate path is executable and within expected
cache directory before creating system symlinks (line 1053)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Establishes CLAUDE.md, CHANGELOG.md, and README.md as persistent
project memory. Adds documentation update triggers and semantic
versioning rules to ensure context is maintained across sessions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents all releases from v0.1.0 through v0.6.0 following
Keep a Changelog format with semantic versioning.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
