# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [0.14.1] - 2025-01-25 ### Changed - Updated README.md with Windows skip parameters and VNC password info - Updated CLAUDE.md with Windows script documentation and security patterns - Fixed VNC password minimum documentation (6 → 8 chars) ## [0.14.0] - 2025-01-25 ### Security - Add SHA256 checksum verification for Ubuntu cloud image downloads (prevents MITM attacks) - Add strict input validation for git name, email, VM password, and VNC password - Validate loaded config.env values to detect tampering - VNC password minimum increased from 6 to 8 characters - Block shell metacharacters in all user inputs to prevent injection - Config file created with restricted ACL from the start (no race condition window) - Add security reminder to remove cloud-init ISO after first boot (contains passwords) ### Added - ARM64 architecture detection for Windows on ARM devices - Log file creation at `$env:TEMP\setup_env_windows_.log` - Cleanup on failure: automatically removes partial VM, disk, and ISO on error - Hosts file backup before modification (removed on success, kept on failure) - Input validation functions: `Test-GitName`, `Test-GitEmail`, `Test-VMPassword`, `Test-VNCPassword` - Checksum caching to avoid re-downloading verification data ### Changed - Ubuntu image URL now uses detected architecture instead of hardcoded amd64 - All major operations now log to file for troubleshooting - VM creation wrapped in try/catch with automatic cleanup on failure ## [0.13.0] - 2025-01-25 ### Changed - Rewrote `setup_env_windows.ps1` to fully implement WINDOWS_PLAN.md - Password handling uses cloud-init `chpasswd` with plaintext (type: text) instead of broken hash generation - Multiple ISO creation methods with fallback chain: oscdimg → WSL genisoimage → IMAPI2 COM - Downloads use BITS transfer for reliability with progress reporting - SSH readiness checking with timeout before displaying connection info ### Added - Component skip parameters: `-SkipVNC`, `-SkipPostgreSQL`, `-SkipOllama`, `-SkipPlaywright` - VNC password support via base64 encoding in cloud-init - Automatic hosts file cleanup when VM is deleted with `-Force` - Proper prerequisite checking for Hyper-V, Windows edition, and admin privileges ### Fixed - Cloud-init password configuration (was using bash syntax in PowerShell) - ISO creation now works without Windows ADK by using WSL or IMAPI2 fallbacks - Hosts file handling with proper admin privilege elevation ## [0.12.0] - 2025-01-25 ### Added - Python runtime management via mise (alongside Node.js, Erlang, Elixir) - `WINDOWS_PLAN.md` documenting Hyper-V implementation strategy and security rationale ### Fixed - Tidewave CLI download URL (now uses correct `tidewave_app` repo with musl binaries) ### Changed - Python is now a selectable component managed by mise instead of system apt ## [0.11.0] - 2025-01-25 ### Added - Windows support via Hyper-V for maximum security isolation - `setup_env_windows.ps1` PowerShell script with full VM provisioning - Ubuntu cloud image support with cloud-init automation - SSH key generation for passwordless VM access on Windows - Hosts file integration for easy `.local` access ### Security - Hyper-V provides stronger isolation than WSL2 (separate kernel, network, filesystem) - No host integration services enabled by default ## [0.10.0] - 2025-01-25 ### Added - OpenCode: Open-source AI coding assistant with multi-provider support - Tidewave CLI: Elixir/Phoenix MCP server for AI-powered development - New component selection options for OpenCode and Tidewave ## [0.9.1] - 2025-01-25 ### Fixed - Add error checking for base64 decode operations in VM provisioning - Add `set -e` to VM bootstrap script for early failure detection ## [0.9.0] - 2025-01-25 ### Security - Fix rustup pipe-to-shell vulnerability: now downloads to temp file with validation before execution - Fix SKIP_EXPORTS command injection risk: refactored to use base64-encoded list instead of shell command string - Fix Playwright symlink path validation: validates executable and path prefix before creating symlinks ## [0.8.0] - 2025-01-25 ### Added - Project memory system using CLAUDE.md, CHANGELOG.md, and README.md - Versioning rules and documentation update guidelines in CLAUDE.md ## [0.7.0] - 2025-01-25 ### Added - CHANGELOG.md with version history following Keep a Changelog format ## [0.6.0] - 2025-01-25 ### Changed - All tools now use latest versions by default instead of pinning specific versions - PostgreSQL authentication uses scram-sha-256 for all TCP connections - Simplified tool installation by removing version pinning constraints ### Security - VNC passwords are never stored and must be entered each time - Added documentation for input validation patterns and safe config loading ## [0.5.0] - 2025-01-25 ### Security - Prevents shell injection through input validation and safe parameter passing - Replaces direct sourcing with manual config parsing to avoid code execution - Downloads and validates install scripts before execution instead of piping - Uses base64 encoding for secure VM parameter transmission - Adds checksum verification for binary downloads - Creates secure temporary directories and files with proper permissions ## [0.4.0] - 2025-01-25 ### Changed - Replaces sequential installation with parallel step execution - Introduces real-time progress dashboard with spinner and status - Removes color variables to improve terminal compatibility - Restructures logging with per-step files for better debugging ### Performance - Significantly reduces total setup time by running independent steps concurrently ## [0.3.0] - 2025-01-25 ### Added - Dual-mode operation: orchestration on macOS, provisioning on Linux - Interactive component selection with visual menu interface - VNC desktop access for OAuth workflows and browser-based tasks ### Security - Secure VM creation with disabled host filesystem access ## [0.2.0] - 2025-01-25 ### Added - OrbStack development sandbox setup script - mise version manager with Node.js, Erlang, and Elixir support - PostgreSQL 16 with remote access configuration - Claude Code integration with multiple plugin marketplaces - Chromium browser and Playwright for automation tasks ## [0.1.0] - 2025-01-25 ### Added - Initial project structure