secure_agent_envs/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.12.0] - 2025-01-25

Added

• Python runtime management via mise (alongside Node.js, Erlang, Elixir)
• WINDOWS_PLAN.md documenting Hyper-V implementation strategy and security rationale

Fixed

• Tidewave CLI download URL (now uses correct tidewave_app repo with musl binaries)

Changed

• Python is now a selectable component managed by mise instead of system apt

[0.11.0] - 2025-01-25

Added

• Windows support via Hyper-V for maximum security isolation
• setup_env_windows.ps1 PowerShell script with full VM provisioning
• Ubuntu cloud image support with cloud-init automation
• SSH key generation for passwordless VM access on Windows
• Hosts file integration for easy <vmname>.local access

Security

• Hyper-V provides stronger isolation than WSL2 (separate kernel, network, filesystem)
• No host integration services enabled by default

[0.10.0] - 2025-01-25

Added

• OpenCode: Open-source AI coding assistant with multi-provider support
• Tidewave CLI: Elixir/Phoenix MCP server for AI-powered development
• New component selection options for OpenCode and Tidewave

[0.9.1] - 2025-01-25

Fixed

• Add error checking for base64 decode operations in VM provisioning
• Add set -e to VM bootstrap script for early failure detection

[0.9.0] - 2025-01-25

Security

• Fix rustup pipe-to-shell vulnerability: now downloads to temp file with validation before execution
• Fix SKIP_EXPORTS command injection risk: refactored to use base64-encoded list instead of shell command string
• Fix Playwright symlink path validation: validates executable and path prefix before creating symlinks

[0.8.0] - 2025-01-25

Added

• Project memory system using CLAUDE.md, CHANGELOG.md, and README.md
• Versioning rules and documentation update guidelines in CLAUDE.md

[0.7.0] - 2025-01-25

Added

• CHANGELOG.md with version history following Keep a Changelog format

[0.6.0] - 2025-01-25

Changed

• All tools now use latest versions by default instead of pinning specific versions
• PostgreSQL authentication uses scram-sha-256 for all TCP connections
• Simplified tool installation by removing version pinning constraints

Security

• VNC passwords are never stored and must be entered each time
• Added documentation for input validation patterns and safe config loading

[0.5.0] - 2025-01-25

Security

• Prevents shell injection through input validation and safe parameter passing
• Replaces direct sourcing with manual config parsing to avoid code execution
• Downloads and validates install scripts before execution instead of piping
• Uses base64 encoding for secure VM parameter transmission
• Adds checksum verification for binary downloads
• Creates secure temporary directories and files with proper permissions

[0.4.0] - 2025-01-25

Changed

• Replaces sequential installation with parallel step execution
• Introduces real-time progress dashboard with spinner and status
• Removes color variables to improve terminal compatibility
• Restructures logging with per-step files for better debugging

Performance

• Significantly reduces total setup time by running independent steps concurrently

[0.3.0] - 2025-01-25

Added

• Dual-mode operation: orchestration on macOS, provisioning on Linux
• Interactive component selection with visual menu interface
• VNC desktop access for OAuth workflows and browser-based tasks

Security

• Secure VM creation with disabled host filesystem access

[0.2.0] - 2025-01-25

Added

• OrbStack development sandbox setup script
• mise version manager with Node.js, Erlang, and Elixir support
• PostgreSQL 16 with remote access configuration
• Claude Code integration with multiple plugin marketplaces
• Chromium browser and Playwright for automation tasks

[0.1.0] - 2025-01-25

Added

• Initial project structure