john/secure_agent_envs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
secure_agent_envs/CHANGELOG.md
guessthepw 65790ee3e2 Implements full Windows Hyper-V provisioning 
Rewrites setup_env_windows.ps1 to fully implement WINDOWS_PLAN.md with:
- Fixed cloud-init password handling using chpasswd
- Multiple ISO creation fallbacks (oscdimg/WSL/IMAPI2)
- Component skip parameters for VNC, PostgreSQL, Ollama, Playwright
- VNC password support via base64 encoding
- BITS transfer for reliable downloads
- SSH readiness checking before showing connection info

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 12:52:58 -05:00

138 lines
5 KiB
Markdown
Raw Blame History

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [0.13.0] - 2025-01-25
### Changed
- Rewrote `setup_env_windows.ps1` to fully implement WINDOWS_PLAN.md
- Password handling uses cloud-init `chpasswd` with plaintext (type: text) instead of broken hash generation
- Multiple ISO creation methods with fallback chain: oscdimg → WSL genisoimage → IMAPI2 COM
- Downloads use BITS transfer for reliability with progress reporting
- SSH readiness checking with timeout before displaying connection info
### Added
- Component skip parameters: `-SkipVNC`, `-SkipPostgreSQL`, `-SkipOllama`, `-SkipPlaywright`
- VNC password support via base64 encoding in cloud-init
- Automatic hosts file cleanup when VM is deleted with `-Force`
- Proper prerequisite checking for Hyper-V, Windows edition, and admin privileges
### Fixed
- Cloud-init password configuration (was using bash syntax in PowerShell)
- ISO creation now works without Windows ADK by using WSL or IMAPI2 fallbacks
- Hosts file handling with proper admin privilege elevation
## [0.12.0] - 2025-01-25
### Added
- Python runtime management via mise (alongside Node.js, Erlang, Elixir)
- `WINDOWS_PLAN.md` documenting Hyper-V implementation strategy and security rationale
### Fixed
- Tidewave CLI download URL (now uses correct `tidewave_app` repo with musl binaries)
### Changed
- Python is now a selectable component managed by mise instead of system apt
## [0.11.0] - 2025-01-25
### Added
- Windows support via Hyper-V for maximum security isolation
- `setup_env_windows.ps1` PowerShell script with full VM provisioning
- Ubuntu cloud image support with cloud-init automation
- SSH key generation for passwordless VM access on Windows
- Hosts file integration for easy `<vmname>.local` access
### Security
- Hyper-V provides stronger isolation than WSL2 (separate kernel, network, filesystem)
- No host integration services enabled by default
## [0.10.0] - 2025-01-25
### Added
- OpenCode: Open-source AI coding assistant with multi-provider support
- Tidewave CLI: Elixir/Phoenix MCP server for AI-powered development
- New component selection options for OpenCode and Tidewave
## [0.9.1] - 2025-01-25
### Fixed
- Add error checking for base64 decode operations in VM provisioning
- Add `set -e` to VM bootstrap script for early failure detection
## [0.9.0] - 2025-01-25
### Security
- Fix rustup pipe-to-shell vulnerability: now downloads to temp file with validation before execution
- Fix SKIP_EXPORTS command injection risk: refactored to use base64-encoded list instead of shell command string
- Fix Playwright symlink path validation: validates executable and path prefix before creating symlinks
## [0.8.0] - 2025-01-25
### Added
- Project memory system using CLAUDE.md, CHANGELOG.md, and README.md
- Versioning rules and documentation update guidelines in CLAUDE.md
## [0.7.0] - 2025-01-25
### Added
- CHANGELOG.md with version history following Keep a Changelog format
## [0.6.0] - 2025-01-25
### Changed
- All tools now use latest versions by default instead of pinning specific versions
- PostgreSQL authentication uses scram-sha-256 for all TCP connections
- Simplified tool installation by removing version pinning constraints
### Security
- VNC passwords are never stored and must be entered each time
- Added documentation for input validation patterns and safe config loading
## [0.5.0] - 2025-01-25
### Security
- Prevents shell injection through input validation and safe parameter passing
- Replaces direct sourcing with manual config parsing to avoid code execution
- Downloads and validates install scripts before execution instead of piping
- Uses base64 encoding for secure VM parameter transmission
- Adds checksum verification for binary downloads
- Creates secure temporary directories and files with proper permissions
## [0.4.0] - 2025-01-25
### Changed
- Replaces sequential installation with parallel step execution
- Introduces real-time progress dashboard with spinner and status
- Removes color variables to improve terminal compatibility
- Restructures logging with per-step files for better debugging
### Performance
- Significantly reduces total setup time by running independent steps concurrently
## [0.3.0] - 2025-01-25
### Added
- Dual-mode operation: orchestration on macOS, provisioning on Linux
- Interactive component selection with visual menu interface
- VNC desktop access for OAuth workflows and browser-based tasks
### Security
- Secure VM creation with disabled host filesystem access
## [0.2.0] - 2025-01-25
### Added
- OrbStack development sandbox setup script
- mise version manager with Node.js, Erlang, and Elixir support
- PostgreSQL 16 with remote access configuration
- Claude Code integration with multiple plugin marketplaces
- Chromium browser and Playwright for automation tasks
## [0.1.0] - 2025-01-25
### Added
- Initial project structure
Reference in a new issue View git blame Copy permalink