Release v0.9.x

0.9.0 — 0.9.18 | 2026-03-18 to 2026-03-21

The 0.9 series focused on onboarding, security hardening, and release infrastructure.

Highlights

• First-run setup wizard — 6-step guided configuration that runs while the VM image downloads in the background, with real-time API key validation against provider endpoints
• MCP gateway rewritten to use rmcp (official Rust MCP SDK) — proper Streamable HTTP transport, automatic pagination, typed tool routing
• Security presets (“Medium” and “High”) — one-click profiles selectable from Settings > Security
• Kernel hardening — heap zeroing, SLUB freelist hardening, page randomization, KPTI, ARM64 BTI + PAC, seccomp filter
• App auto-update with signed updater artifacts and latest.json
• Release pipeline unified into a single CI job (build + publish on tag push)

Added (0.9.0 — 0.9.12)

• Host config auto-detection (wizard scans ~/.gitconfig, ~/.ssh/*.pub, env vars, gh auth token)
• Multi-version asset manifest (manifest.json) with merge across releases
• Persistent logging system with three-layer tracing and per-VM log files
• Logs view with live event stream, boot timeline, session history, and level filtering
• Resumable asset downloads via HTTP Range headers
• Repositories section with git identity, GitHub/GitLab tokens, and GH_TOKEN/GITLAB_TOKEN injection
• fetch_http markdown format, Wikipedia in default allow list, tmux and gh in rootfs
• User-editable bashrc and tmux.conf as file settings
• API key validation with debounced spinner and inline check/X badge
• Expanded key detection from ~/.config/openai/api_key and ~/.anthropic/api_key
• Build verification documentation (SBOM, attestation, manifest signatures)

Added (0.9.13)

• is_main_thread() guard on VM start/stop to prevent off-main-thread crashes
• Boot path logging for resolve_rootfs and create_asset_manager
• cut-release recipe for one-command version bump, tag, push, and CI wait

Changed

• Settings restructured under “Security” top-level section
• MCP server UI redesigned with collapsible cards and status labels
• Tool origin telemetry expanded (native/mcp_proxy/local)
• just install runs validation gates only; .app bundling is CI-only
• Release pipeline merged from two steps into single build-and-publish job
• Site domain references updated from capsem.dev to capsem.org
• Seven 0.9.x news posts consolidated into this page

Fixed

• First-launch crash when gui_boot_vm was called from tokio worker thread after rootfs download
• MCP server bearer token double “Bearer” prefix
• Tool call double-counting in stats
• AI provider disable now takes effect on keep-alive connections
• fetch_http UTF-8 safety and subpath content extraction
• Git authentication switched to .git-credentials
• tmux PATH and config for npm-global binaries
• svelte-check failures on dist/ build artifacts
• Download progress shown for returning users with missing rootfs

Security

• Kernel hardening: INIT_ON_ALLOC, SLUB freelist, page randomization, KPTI, BTI + PAC, HARDENED_USERCOPY, seccomp, cmdline hardening
• Git credential tokens reject @ and : to prevent URL injection

Fixed (0.9.13 — 0.9.18)

• First-launch crash from gui_boot_vm called from wrong thread (0.9.13)
• Download progress not shown on first launch (0.9.14)
• latest.json missing from release artifacts (0.9.14)
• MCP server and filesystem watcher missing from release VM assets (0.9.18)
• MCP panel showing “no VM running” after boot (0.9.18)

Removed

• Stdio bridge for MCP servers (replaced by HTTP client via rmcp SDK)