All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
2.21.3 - 2026-04-21
- Detect curl -v/--verbose as potential auth header leak in audit (#246) (#270)
2.1.1 - 2026-02-02
- Release v2.21.2
- DNS pinning no longer captures subdomains — use host-record instead of address= (#245) (#271)
- Detect and preserve work on post-container commit failure (#256) (#263)
- Bump the github-actions group with 2 updates (#264)
- Detect and recover from hung agent after completion (#257) (#259)
- Release v2.20.4
- Skip ShellCheck SARIF on scheduled security scans (#254)
- Detect and repair corrupted Podman container store (#253)
- Resolve inject_file_template NUL bytes false positive (#252)
- Detect /workspace virtio-fs mount drop mid-run (#250)
- Inject_file_template for formatted credential files (#241) (#247)
- AI agent changes
- Update test_cleanup_shows_sections for gated default cleanups
- Address ensemble review — restore --worktrees, extend symlink guards
- Add --vm-health flag for inode and disk monitoring (#238)
- Bump the github-actions group with 3 updates
- Address ensemble review findings for vm-health
- Fix SC1126 and SC2034 errors in vm-health code
- Document --vm-health flag and Podman VM inode monitoring
- Extract _liveness_should_kill decision function
- Remove dead CLEAN_WORKTREES variable, simplify tests
- Fix log_debug set -e trap and test env var scoping
- Address review findings in _liveness_should_kill
- Add SIGKILL fallback in liveness kill test for slow CI
- Accept --worktrees flag in argument parser (#220)
- Bump go.opentelemetry.io/otel/sdk
- Use printf in _yaml_escape and add missing tests for review findings
- Handle read-only workspace and assert warning in test
- Apply YAML escaping to K8s env vars and add edge case tests
- Include gist-instructions.md in container image and add missing K8s env vars (#202)
- Use retry loop in kill test to fix CI flakiness (#234)
- Prevent liveness monitor from killing agents waiting on API responses (#232)
- Prevent spurious commits of test artifacts and git push hangs (#227) (#233)
- Bump github/codeql-action from 4.34.1 to 4.35.1 in the github-actions group (#228)
- Replace expired RELEASE_TOKEN PAT with GitHub App token in auto-release (#230)
- Use RELEASE_TOKEN for checkout in auto-release workflow (#229)
- Upgrade Node.js from 18.18.0 (EOL) to 24.14.1 LTS (#225)
- Update CLAUDE.md to reflect current codebase state (v2.16.6)
- Address ensemble review findings for #221
- Fast-fail on empty /workspace mount and harden GC safety (#221)
- Bump the github-actions group with 2 updates
- Pass explicit args to repoint_sanitized_git_objects (SC2120)
- Address ensemble review findings for #219
- Re-point sanitized-git objects symlink after container exit (#219)
- Export CLAUDE_HOME for deeperdive-marketplace plugins
- Use literal prefix replacement and add multi-version test
- Rewrite host-absolute paths in installed_plugins.json (#217)
- Tighten command inference patterns and review cleanup
- Support explicit agent.type in config YAML for LSP injection (#213)
- Correct porcelain parsing and improve review findings
- Prevent post-container commit from silently losing staged files (#211)
- Built-in agent liveness monitoring and auto-kill (#209)
- Address review findings in liveness monitor
- Remove unused LAUNCH_SCRIPT variable
- Guard VERSION write and add install layout comments
- Handle "unknown" version in compare and write VERSION on install
- Redirect display output to stderr to prevent stdout pollution
- Bump google.golang.org/grpc
- Support LSP server configuration via kapsis config YAML
- Skip progress injection instead of /tmp fallback
- Fall back to /tmp when workspace is read-only
- Prevent test-ssh-cache-cleanup.sh from hanging
- Parse top-level audit.enabled YAML config for volume mount
- Add audit trail to landing page + fix config-based audit mount
- Integrate audit system into hooks and container launch
- Add post-run audit report script
- Add K8s backend integration for audit system
- Add real-time pattern detection library
- Add core audit trail library with hash-chained JSONL logging
- Add coverage for JSON report, alerts-only, cleanup, and false positives
- Suppress shellcheck false positives in k8s test helpers
- Add comprehensive test suite and cleanup integration
- Correct alert field name and severity case in report
- Replace fake API token in test to avoid GitGuardian false positive
- Address code review findings for audit library
- Add comprehensive audit system documentation
- Bump the github-actions group with 3 updates
- Address code review findings for #183
- Add stale worktree and branch cleanup for large repos (#183)
- Address review feedback for #168
- Ensure overlay mode status transitions to 'complete' (#168)
- Resolve grep -c race in check_orphan_volumes on CI
- Auto-cleanup volumes and images to prevent disk exhaustion (#191)
- Resolve gnome-keyring-daemon race condition in secret injection (#189)
- Correct protoc version and upgrade Node.js to v22 LTS
- Capture error output instead of swallowing it in cache-tree rebuild
- Rebuild index cache-tree after sanitized git sync (#186)
- Bump the github-actions group with 2 updates
- Enforce NetworkPolicy per agent pod based on network mode (#182)
- Wire task, git, and security fields to pod spec (#182)
- Add podAnnotations passthrough for Vault/OpenBao integration (#182)
- Implement operator reconciliation with pod builder and status bridge (#182)
- Scaffold Go operator with kubebuilder (#182)
- Add K8s backend detection to entrypoint.sh (#182)
- K8s backend dry-run outputs AgentRequest CR YAML (#182)
- Add K8s config translator library (#182)
- Add AgentRequest CRD definition and example (#182)
- Add backend-aware guards for sandbox and post-git (#182)
- Add K8s backend stub with CR lifecycle (#182)
- Add --backend flag to launch-agent.sh (#182)
- Add backend constants and test scaffold for K8s backend (#182)
- Upgrade Go dependencies to latest stable versions
- Add NetworkPolicy unit and integration tests (#182)
- Add pod_builder unit tests for task, git, and security wiring (#182)
- Add negative and edge case tests for config translation (#182)
- Add k8s config translation tests to category (#182)
- Add k8s test category to run-all-tests.sh (#182)
- Extract Podman backend from launch-agent.sh (#182)
- Add .worktrees/ to .gitignore
- Change API group from kapsis.io to kapsis.aviadshiber.github.io (#182)
- Upgrade OTel SDK to v1.40.0 (CVE-2026-24051) (#182)
- Update k8s config tests for YAML-escaped branch values (#182)
- Filter by agent container name and retry status updates on conflict (#182)
- Harden YAML escaping, wire generate_env_yaml, add kubectl failure counter (#182)
- Use omitempty for K8s API compat and only update GistUpdatedAt on change (#182)
- Set Guaranteed QoS and drop capabilities per security profile (#182)
- Prevent YAML injection in CR generator and fix bash 3.2 compat (#182)
- Add polling timeout, consolidate kubectl calls, move source to file scope (#182)
- Add K8s backend to landing page (#182)
- Update network isolation from Planned to Implemented (#182)
- Add feature maturity table and document network mode as planned (#182)
- Remove redundant auto-injected env vars from example CR (#182)
- Add K8s backend documentation (#182)
- Add compat.sh to container image (transitive dependency)
- Add missing container libs for entrypoint.sh (fixes #180)
- Use allowlist validation for keyring_collection and keyring_profile fields
- Add keyring_profile field for container-side D-Bus key (#176)
- Bump the github-actions group across 1 directory with 3 updates
- Prepend IgnoreUnknown to SSH config for macOS-to-Linux portability (#172)
- Add keyring_collection for 99designs/keyring compatibility (#170)
- 169-auto-worktree-cleanup
- Security hardening for gc_stale_worktrees
- Address PR review issues for worktree auto-cleanup
- Update landing page and README with latest features and agent profiles
- Address code review feedback on staging race condition
- Prevent torn reads in bind-mount staging with host-side snapshots
- Add secret store injection for container keychain secrets (#162)
- Address code review feedback on secret store injection
- Add trap EXIT to test framework to clean up test project dirs (#157)
- Bump github/codeql-action in the github-actions group
- Fix inaccuracies across user-facing documentation
- Update CLAUDE.md with comprehensive codebase documentation
- Support different local and remote branch names via --remote-branch
- Add test coverage analysis with prioritized recommendations
- Address PR review feedback for config whitelist filtering
- Support hook and MCP server whitelisting in container config
- Use set -e safe arithmetic to prevent silent container crashes
- Add platform detection to build-agent-image.sh for CI compatibility
- Address PR review feedback for DNS filtering fix
- Check KAPSIS_RESOLV_CONF_MOUNTED before resolv.conf writability test
- Fix-shellcheck-sc2064
- Fix-homoglyph-count
- Fix-sanitize-review
- File-sanitization-spec
- Use staged_before in re-staging assertion
- Bump the github-actions group with 2 updates
- Test-sdkman-offline-mode
- Sdkman-offline-mode
- Update secret masking test for --env-file behavior
- Add test agent config for env-file tests in CI
- Use correct SDKMAN config key sdkman_selfupdate_feature
- Resolve SC2034 shellcheck warning in test-containerfile.sh
- Add animated progress display to terminal demo
- Show log file location on failure
- Add in-place terminal progress visualization
- Auto-prune dangling images after successful builds
- Update test patterns to accept quoted variable references
- Preserve exit code in EXIT trap and fix short-circuit bugs
- Show 100% progress before completion message
- Remove -i flag for non-interactive runs to prevent hang
- Address PR review issues for progress display
- Resolve CLI network mode override and output buffering
- Add set +u protection to switch-java.sh
- Show real-time container output and log it
- Handle set -u when sourcing SDKMAN/NVM in bashrc
- Show actual container errors instead of generic message
- Ensure completion message is always shown
- Use ERROR log level for cleaner progress display
- Suppress verbose logs when progress display is active
- Add security warning about bash -x debug mode exposing secrets
- Document progress display environment variables
- Bump the github-actions group with 2 updates
- Refactor --no-push to positive --push flag
- Refactor --no-push to positive --push flag
- Add NET_BIND_SERVICE to default capabilities
- Use fallback chain for Java version switching
- Support Claude CLI native installer for minimal images
- Add fail-fast dependency validation for agent builds
- Add configurable container dependencies system
- Add tests for KAPSIS_NETWORK_MODE env var passing
- Pass KAPSIS_NETWORK_MODE env var for all network modes
- Pre-cache protoc binaries and add Java version config
- Replace heredoc with echo commands in protoc cache section
- Resolve ShellCheck warnings SC2178 and SC2128
- Prevent SCRIPT_DIR namespace pollution in sourced scripts
- Extend secret sanitization to all log levels
- Sanitize secrets in debug logs
- Skip entrypoint in base-branch env var test
- Disable commit signing in all test repos + fix shellcheck
- Disable commit signing in test repos
- Add --base-branch parameter for proper branch creation (#116)
- Add commit verification, SSH fallback, and worktree resume (#121)
- Bump the github-actions group with 2 updates (#120)
- Map schedule event to manual for differential-shellcheck (#119)
- Expand environment variables in config paths (#112)
- Scope validation agent-agnostic and mode-aware (#118)
- Add artifactory-build to DNS allowlist (#117)
- Release v1.5.4
- Verify critical scripts during installation (#106) (#111)
- Bump actions/checkout from 4.3.1 to 6.0.1 in the github-actions group (#108)
- Add agent gist for live activity updates
- Prevent CWD corruption in scope validation tests
- Improve gist feature with constant and instruction injection
- Harden gist feature with path validation and config control
- Add --dev flag for developer setup with pre-commit hooks
- Integrate security.sh library into launch-agent.sh
- Improve content architecture and reduce redundancy
- Update for GA release, remove beta branding
- Add security hardening library and profiles (WIP)
- Update pre-commit hooks and fix deprecation warnings
- Help text shows correct command name for package manager installs
- Kapsis --help returns exit code 0 (Unix convention) (#102)
- Pin pre-commit hooks to immutable commit SHAs
- Add SEO meta tags, profile guidance, and footer clarity
- Improve security profiles terminology and interactivity
- Make security profiles interactive with hover/click
- Add security profiles spectrum visualization
- Help text shows correct command name for package manager installs
- Kapsis --help returns exit code 0 (Unix convention) (#102)
- Improve content architecture and reduce redundancy
- Update for GA release, remove beta branding
- Add pre-commit and pre-push hook system
- Generate descriptive CHANGELOG entries from commits
- Use output variable in spellcheck tests
- Release v1.1.0
- Release v1.0.0
- Release v0.20.4
- Release v0.20.3
- Release v0.20.2
- Release v0.20.1
- Release v0.20.0
- Release v0.19.0
- Release v0.18.1
- Release v0.18.0
- Release v0.17.0
- Release v0.16.1
- Release v0.16.0
- Release v0.15.0
- Release v0.14.0
- Release v0.13.1
- Release v0.13.0
- Release v0.12.1
- Release v0.8.6
- Release v0.8.5
- Release v0.8.4
- Package manager installations now work without GitHub authentication
- Homebrew formula updated to v0.7.6 with correct SHA256
- RPM spec updated to v0.7.6
- Debian changelog updated to v0.7.6
- CI automation to update all package definitions (Homebrew, RPM, Debian) on release
- Input validation and retry logic for package updates
- Livecheck block in Homebrew formula for version tracking
0.7.5 - 2025-12-27
- Add checksum verification and version pinning to install script (#54)
0.7.4 - 2025-12-27
- Add copy button and fix code overflow on mobile landing page (#53)
0.7.3 - 2025-12-27
- Clarify automatic dependency installation in setup.sh (#52)
0.7.2 - 2025-12-27
- Prioritize package manager installation over script execution (#51)
0.7.1 - 2025-12-27
- Implement behavior-based tests for partial coverage features (#50)
0.7.0 - 2025-12-27
- Package manager installation support (Homebrew, RPM, Debian) (#49)
0.6.0 - 2025-12-26
--ssh-cacheoption for cleanup script to clear SSH host key cache (#48)
0.5.3 - 2025-12-26
- Add Security section to landing page with SSH and network features (#47)
0.5.2 - 2025-12-26
- Fix high severity vulnerabilities (Phase 2) (#45)
0.5.1 - 2025-12-26
- Correct trivy-action SHA typo in CI (#46)
0.5.0 - 2025-12-26
- SSH host key verification system for secure git operations (#44)
0.4.1 - 2025-12-25
- Optimize CI with parallel jobs, smart filtering, and image caching (#43)
0.4.0 - 2025-12-25
- GitHub Pages landing page (#42)
- CI optimizations for faster builds
0.3.0 - 2025-12-25
- Verify push before signaling success in git workflow (#41)
0.2.6 - 2025-12-25
- Push even when agent commits itself (#39)
0.2.5 - 2025-12-25
- Support --config flag for image name resolution in preflight checks (#38)
0.2.4 - 2025-12-24
- Mount sanitized git at workspace root for native git support (#37)
0.2.3 - 2025-12-24
- Worktree permissions for rootless podman in CI (#36)
0.2.2 - 2025-12-24
- Improve test coverage and add container tests to PRs (#35)
0.2.1 - 2025-12-24
- Use SDKMAN for Maven to avoid archive.apache.org timeouts (#34)
0.2.0 - 2025-12-24
- Auto-generate changelog from conventional commits (#33)
0.1.2 - 2025-12-24
- Use PAT to trigger Release workflow on tag push (#32)
- Add concise CLAUDE.md referencing existing documentation (#31)
0.1.0 - 2025-12-24
- Initial release of Kapsis sandbox orchestration platform
- Multi-agent support: Claude Code, Aider, Codex, Gemini
- Podman-based container isolation with rootless execution
- Copy-on-Write filesystem isolation using overlays
- Git worktree integration for parallel branch development
- Maven isolation with snapshot blocking
- Centralized logging system with multiple log levels
- Status reporting and monitoring CLI
- Cleanup and disk reclamation utilities
- Pre-flight validation checks
- Comprehensive test suite (153 tests)
- Non-root container execution
- UID/GID namespace mapping
- Filesystem isolation from host
- Credential isolation via OS keychain integration
- No privileged container access
- Architecture documentation
- Configuration reference
- Git workflow guide
- Setup and installation guide
- Contributing guidelines