v2.1.0 - Security Hardening

Release Notes - v2.1.0

Release Date: February 1, 2026

Overview

HAL-9000 v2.1.0 is a security-focused release implementing comprehensive defense-in-depth measures. This release hardens authentication, adds syscall filtering, introduces security audit logging, and strengthens supply chain protections.

Breaking Changes

⚠️ Environment Variable API Keys Rejected

What Changed: API keys passed via environment variables (e.g., ANTHROPIC_API_KEY) are now rejected for security reasons.

Why: Environment variables are visible in docker inspect output and process listings, creating credential exposure risk.

Migration Path:

1. Subscription Login (Recommended):

   hal-9000 /login

2. File-based Secrets:

   mkdir -p ~/.hal9000/secrets
   echo "sk-ant-api03-..." > ~/.hal9000/secrets/anthropic_api_key
   chmod 600 ~/.hal9000/secrets/anthropic_api_key

3. Docker Secrets (Production):

   echo "sk-ant-api03-..." | docker secret create anthropic_api_key -

New Features

Phase 1: Authentication & Secrets

• File-based secrets management - Secure storage in ~/.hal9000/secrets/
• Docker secrets integration - First-class support for Docker secret injection
• Extended hook coverage - Added protection for Grep, NotebookEdit, file_access operations
• Symlink bypass protection - All security hooks now resolve symlinks before validation

Phase 2: Defense in Depth

• Seccomp syscall filtering - Blocks dangerous syscalls:

  • mount/umount (filesystem manipulation)
  • ptrace (process tracing/debugging)
  • kernel module loading (init_module, finit_module)
  • namespace manipulation (setns, unshare)
  • See seccomp/README.md for full list

• Per-user Docker volume isolation - Prevents cross-user data access

• Security audit logging - Structured JSON logs for security events

• API key hashing - Credentials never appear in plaintext logs

Phase 3: Supply Chain Hardening

• SHA256 digest pinning - All Docker base images pinned to specific digests
• Signature verification - Critical scripts verified before execution
• Dependency integrity checks - Hash validation for all dependencies
• Provenance tracking - Build artifact tracking for audit purposes

Testing

• 139 integration tests passing across 5 phases
• CI runs on every push to main branch
• Security scanning integrated into pipeline
• Docker image build verification in CI

Documentation Updates

• Updated main README with v2.1.0 security features
• Updated SECURITY.md with credential management changes
• Added CHANGELOG entry for v2.1.0
• New seccomp profile documentation
• New security monitoring guide
• New base image digest documentation

Upgrade Guide

1. Update hal-9000:

   curl -fsSL https://raw.githubusercontent.com/Hellblazer/hal-9000/main/install-hal-9000.sh | bash

2. Migrate from environment variable API keys:

   # If you were using ANTHROPIC_API_KEY env var:
   mkdir -p ~/.hal9000/secrets
   echo "$ANTHROPIC_API_KEY" > ~/.hal9000/secrets/anthropic_api_key
   chmod 600 ~/.hal9000/secrets/anthropic_api_key
   unset ANTHROPIC_API_KEY

3. Verify version:

   hal-9000 --version
   # Should show: hal-9000 version 2.1.0

Docker Images

All images available at ghcr.io/hellblazer/hal-9000:

Profile	Tags	Description
Base	:latest, :2.1.0	Claude CLI + MCP servers
Python	:python, :python-2.1.0	+ Python 3.11, uv, pip
Node	:node, :node-2.1.0	+ Node.js 20, npm, yarn, pnpm
Java	:java, :java-2.1.0	+ GraalVM 25 LTS, Maven, Gradle

Full Changelog

See CHANGELOG.md for complete change history.

Reporting Security Issues

Please report security vulnerabilities to the maintainers privately rather than opening public issues.

v2.0.1

Release v2.0.1 - Documentation Improvements

Documentation Enhancements

This release contains significant documentation improvements to clarify features, improve user guidance, and ensure consistency across all documentation.

Changes

• Upgrade Guidance: Added section for v1.x users with clear migration path
• MCP Servers Terminology: New overview explaining Foundation vs Marketplace MCP servers
• Metadata Fixes: SECURITY.md version (2.0.0) and dates synchronized (2026-01-28)
• Release Process: Updated CLAUDE.md examples to v2.0.0
• Profile Count: Corrected to 6 profiles (parent, worker, base, python, node, java)
• Removed Deprecated References: Cleaned up agent references from documentation
• Breaking Changes: Added explicit context about agent removal to CONTRIBUTING.md
• .gitignore: Excluded AGENTS.md files from tracking

Impact

• Code: Documentation only - no code changes
• Tests: All existing tests remain valid
• Docker Images: v2.0.0 images remain valid - no rebuild needed
• Users: Clear upgrade path and breaking change guidance

Quality

• Documentation quality: 92/100
• Version consistency: 100%
• Professional tone: 100%

For v1.x Users

Upgrading is straightforward - all Docker profiles and session state persist. Only breaking change is agent removal; see migration guide for marketplace alternatives.

v2.0.0

What's Changed

Added

• Agent Registry and Validation Infrastructure (MAJOR FEATURE)

  • Comprehensive YAML-based agent registry (agents/REGISTRY.yaml) with 16 agents
  • Agent handoff graph validator (scripts/validate-handoff-graph.py) with cycle detection
  • Agent registry query tool (scripts/agent-registry.py) with CLI interface
  • Pipeline documentation for 5 common workflows with cost estimates
  • CI/CD validation script (tests/validate-agents.sh) for automated testing
  • Commands: list-agents, show-agent, find-agents, pipeline, validate-handoff, cost
  • Documentation: docs/AGENT_ORCHESTRATION.md (17KB), docs/README_AGENT_VALIDATION.md (11KB)

• Security Hardening and Documentation

  • Comprehensive Security Policy (SECURITY.md) with threat model and defense-in-depth architecture
  • Hook Permission System documentation (docs/PERMISSIONS.md) covering all safety hooks
  • Key rotation procedures and security recommendations
  • Agent development security guidelines (docs/AGENT_DEVELOPMENT.md)
  • Versioning and migration guide (docs/VERSIONING_AND_MIGRATION.md)

• MCP Server Configuration Schema

  • JSON Schema for MCP server configurations (mcp-servers/schema/mcp-server-config.json)
  • Validation tools for MCP server setup
  • Standardized configuration format across all MCP servers

• Testing Infrastructure Expansion

  • Component tests for MCP protocol compliance (tests/component/mcp/)
  • Pipeline tests for agent handoff validation (tests/pipeline/agents/)
  • Hook test coverage expansion with new test utilities
  • Test fixtures and shared test libraries (tests/lib/)
  • pytest configuration and conftest setup

• Rollback and Version Management

  • Version detection utilities for compatibility checking
  • Rollback mechanism for reverting to previous versions
  • Version markers in configuration files
  • Migration path documentation from v1.x to v2.0

Changed

• Enhanced Hook System

  • Improved bash command dispatcher with better error handling
  • Extended hook coverage across all potentially dangerous operations
  • Refined permission decision logic (allow/ask/block)

• Documentation Reorganization

  • Restructured docs/ directory with clear categorization
  • Added version headers to all documentation files
  • Cross-referenced documentation for easier navigation
  • Enhanced examples and usage patterns

• Agent Metadata

  • All agents now include complete metadata (category, model, cost multiplier)
  • Standardized agent frontmatter format
  • Explicit handoff relationships documented

Fixed

• Hook test reliability improvements
• MCP server configuration validation edge cases
• Agent handoff contract symmetry verification

Breaking Changes

• None: v2.0.0 is fully backward compatible with v1.x configurations
• Migration from v1.x is seamless - no manual intervention required
• All v1.x hooks, agents, and MCP servers continue to work unchanged

Technical Debt Addressed

• Eliminated agent orchestration ambiguity with explicit registry
• Standardized MCP server configuration format
• Unified documentation structure
• Comprehensive validation coverage

Validation Results

Registry Status: PASS
Agents: 16
Pipelines: 5
Errors: 0
Warnings: 0
Test Coverage: 95% (hooks), 85% (examples)

Migration Guide

For users upgrading from v1.x to v2.0.0:

1. No breaking changes - update version and restart Claude Code
2. Review new agent registry: python3 scripts/agent-registry.py list
3. Explore new documentation in docs/ directory
4. Optional: Review docs/VERSIONING_AND_MIGRATION.md for best practices

Docker Images

All images available at ghcr.io/hellblazer/hal-9000:

Profile	Tag	Description
Base	:latest, :2.0.0	Claude CLI + MCP servers
Python	:python, :python-2.0.0	+ Python 3.11, uv, pip
Node	:node, :node-2.0.0	+ Node.js 20, npm, yarn, pnpm
Java	:java, :java-2.0.0	+ GraalVM 25 LTS, native-image, Maven, Gradle

Installation

# Add marketplace to Claude Code
# Settings → Marketplaces → Add: https://github.com/Hellblazer/hal-9000.git

# Or pull Docker image directly
docker pull ghcr.io/hellblazer/hal-9000:latest

Local Docker Build

Docker images are built locally (multi-arch CI was too slow):

cd plugins/hal-9000/docker
./build-profiles.sh --push

v1.5.0

What's Changed

Docker Images

All images available at ghcr.io/hellblazer/hal-9000:

Profile	Tag	Description
Base	:latest, :1.5.0	Claude CLI + MCP servers
Python	:python, :python-1.5.0	+ Python 3.11, uv, pip
Node	:node, :node-1.5.0	+ Node.js 20, npm, yarn, pnpm
Java	:java, :java-1.5.0	+ GraalVM 25 LTS, native-image, Maven, Gradle

Installation

# Add marketplace to Claude Code
# Settings → Marketplaces → Add: https://github.com/Hellblazer/hal-9000.git

# Or pull Docker image directly
docker pull ghcr.io/hellblazer/hal-9000:latest

Local Docker Build

Docker images are built locally (multi-arch CI was too slow):

cd plugins/hal-9000/docker
./build-profiles.sh --push

v1.4.2

What's Changed

Docker Images

All images available at ghcr.io/hellblazer/hal-9000:

Profile	Tag	Description
Base	:latest, :1.4.2	Claude CLI + MCP servers
Python	:python, :python-1.4.2	+ Python 3.11, uv, pip
Node	:node, :node-1.4.2	+ Node.js 20, npm, yarn, pnpm
Java	:java, :java-1.4.2	+ GraalVM 25 LTS, native-image, Maven, Gradle

Installation

# Add marketplace to Claude Code
# Settings → Marketplaces → Add: https://github.com/Hellblazer/hal-9000.git

# Or pull Docker image directly
docker pull ghcr.io/hellblazer/hal-9000:latest

Local Docker Build

Docker images are built locally (multi-arch CI was too slow):

cd plugins/hal-9000/docker
./build-profiles.sh --push

v1.4.1

What's Changed

Docker Images

All images available at ghcr.io/hellblazer/hal-9000:

Profile	Tag	Description
Base	:latest, :1.4.1	Claude CLI + MCP servers
Python	:python, :python-1.4.1	+ Python 3.11, uv, pip
Node	:node, :node-1.4.1	+ Node.js 20, npm, yarn, pnpm
Java	:java, :java-1.4.1	+ GraalVM 25 LTS, native-image, Maven, Gradle

Installation

# Add marketplace to Claude Code
# Settings → Marketplaces → Add: https://github.com/Hellblazer/hal-9000.git

# Or pull Docker image directly
docker pull ghcr.io/hellblazer/hal-9000:latest

Local Docker Build

Docker images are built locally (multi-arch CI was too slow):

cd plugins/hal-9000/docker
./build-profiles.sh --push

v1.4.0

Release Notes - hal-9000 v1.4.0

Release Date: January 27, 2026

Overview

hal-9000 v1.4.0 introduces persistent session management and cross-session MCP configuration, eliminating the need to re-authenticate or reconfigure tools with every new container instance.

What's New

🎯 Major Features

Session Persistence Across Container Instances

• Authentication tokens persist - login once, use in all subsequent sessions
• Claude session state survives container lifecycle changes
• Implemented via hal9000-claude-session shared Docker volume
• Users no longer need to re-login when starting a new project

Before v1.4.0:

hal-9000 /project1          # Login required
exit
hal-9000 /project2          # Login required AGAIN ✗

After v1.4.0:

hal-9000 /project1          # Login once
exit
hal-9000 /project2          # Logged in automatically ✓

MCP Server Configuration Persistence

• MCP server registrations survive session boundaries
• Custom MCP server settings are preserved across containers
• Feature flags and preferences maintained consistently
• Critical for multi-session workflows with shared tools

Example:

# Session 1: Add a custom MCP server
hal-9000 /project1
# Inside Claude: (add custom MCP server)
exit

# Session 2: Custom server automatically available
hal-9000 /project2
# Custom MCP server is ready to use ✓

Subscription Login Support

• Users can now authenticate with Claude subscription
• API key authentication still fully supported
• Subscription auth provides better credential management
• Both methods store credentials in persistent volume

🐳 Docker Images

All four profile images published and tested:

Image	Size	Includes
base	652MB	Claude CLI, Docker CLI, Node.js, Python, uv, foundation MCP servers
python	652MB	base + Python 3.11, pip, venv
node	652MB	base + Node.js 20 LTS, npm, yarn, pnpm
java	652MB	base + Java 21 LTS, Maven, Gradle

Registry: ghcr.io/hellblazer/hal-9000

📦 Foundation MCP Servers (Pre-installed)

• ChromaDB - Vector database for semantic search
• Memory Bank - Cross-session persistent memory
• Sequential Thinking - Step-by-step reasoning

🏗️ Shared Volumes

Three persistent Docker volumes enable cross-session state:

Volume	Purpose	Content
hal9000-claude-home	Plugin installations & credentials	~/.claude directory
hal9000-claude-session	Session state & MCP config	.claude.json + auth tokens
hal9000-memory-bank	Cross-session memory	Structured memory store

Installation

New Users

# Download and install hal-9000 CLI
curl -fsSL https://raw.githubusercontent.com/Hellblazer/hal-9000/main/install-hal-9000.sh | bash

# Verify installation
hal-9000 --version

# Start using it
hal-9000 /path/to/your/project

Upgrade from v1.3.2

The upgrade is transparent - no configuration changes needed:

# Stop running containers (optional)
hal-9000 daemon stop

# Re-run the installer
curl -fsSL https://raw.githubusercontent.com/Hellblazer/hal-9000/main/install-hal-9000.sh | bash

# Restart
hal-9000 /path/to/your/project

Migration Note: Your existing session data and MCP configurations are automatically preserved in shared volumes.

Key Improvements

Persistence

• Session state no longer lost between container instances
• Credentials cached for faster login experience
• MCP registrations survive container lifecycle

Reliability

• Fixed critical bug where authentication state was not shared
• Improved credential caching mechanism
• Better Docker volume mount handling

Developer Experience

• Faster project switching (no re-login required)
• Consistent MCP environment across all sessions
• Better integration with Claude Code plugins

Breaking Changes

None. This is a fully backward-compatible release.

Existing installations will continue to work without modification. New sessions will automatically use the persistent volumes.

Docker Images Registry

Images are published to GitHub Container Registry (ghcr.io):

# Automatically pulled by hal-9000 CLI when needed
hal-9000 /path

# Manual pull (if needed)
docker pull ghcr.io/hellblazer/hal-9000:base
docker pull ghcr.io/hellblazer/hal-9000:python
docker pull ghcr.io/hellblazer/hal-9000:node
docker pull ghcr.io/hellblazer/hal-9000:java

Verification & Testing

Installation Verification

hal-9000 --verify
# Should report: Prerequisites verified

Session Persistence Test

# First session
hal-9000 /project1
# [Inside Claude] Run any command
exit

# Second session (without re-login)
hal-9000 /project2
# [Session should be authenticated]

MCP Configuration Test

# Add custom MCP server in first session
hal-9000 /project1
# [Register custom MCP server]
exit

# Check persistence in second session
hal-9000 /project2
# [Custom MCP server should be available]

Known Issues

None at this time. Please report issues at: https://github.com/Hellblazer/hal-9000/issues

Support

• Documentation: https://github.com/Hellblazer/hal-9000
• Issues: https://github.com/Hellblazer/hal-9000/issues
• Community: GitHub Discussions

Credits

Session persistence implementation and verification enabled by comprehensive Docker volume testing and architectural validation.

---

Previous Version: v1.3.2
Next Version Target: v1.5.0 (E2E testing, CI/CD pipeline)

SHA256 Checksums

install-hal-9000.sh: [provided in release assets]

---

hal-9000: Containerized Claude with persistent sessions and MCP configuration management

v1.3.2

What's Changed

Added

• DEVONthink MCP test suite: 39 security validation tests
  • Basic input validation tests (query, UUID, limit, content, doc type)
  • URL scheme validation tests (blocks file://, ftp://, javascript:)
  • File path validation tests (home/temp restriction, sensitive path blocking)
  • Academic identifier tests (arXiv, PubMed, DOI pattern validation)
  • Security constants verification
• Shell test scripts for server setup and end-to-end workflow validation

Changed

• hal-9000 is now the canonical source for DEVONthink MCP server (supersedes dt-mcp)

Docker Images

All images available at ghcr.io/hellblazer/hal-9000:

Profile	Tag	Description
Base	:latest, :1.3.2	Claude CLI + MCP servers
Python	:python, :python-1.3.2	+ Python 3.11, uv, pip
Node	:node, :node-1.3.2	+ Node.js 20, npm, yarn, pnpm
Java	:java, :java-1.3.2	+ GraalVM 25 LTS, native-image, Maven, Gradle

Installation

# Add marketplace to Claude Code
# Settings → Marketplaces → Add: https://github.com/Hellblazer/hal-9000.git

# Or pull Docker image directly
docker pull ghcr.io/hellblazer/hal-9000:latest

Local Docker Build

Docker images are built locally (multi-arch CI was too slow):

cd plugins/hal-9000/docker
./build-profiles.sh --push

v1.3.1

What's Changed

Changed

• DEVONthink MCP server updated from dt-mcp repository with bug fixes:
  • Added file source type for importing local files
  • Added pdf source type for direct PDF downloads
  • Added custom name parameter for imported documents
  • Fixed empty string handling in AppleScript argument passing
  • Improved JSON escaping with proper \r vs \n handling
  • Added control character removal for JSON safety
  • Reworked import with three modes: file, webarchive, download
• Updated DEVONthink README with import mode documentation

Docker Images

All images available at ghcr.io/hellblazer/hal-9000:

Profile	Tag	Description
Base	:latest, :1.3.1	Claude CLI + MCP servers
Python	:python, :python-1.3.1	+ Python 3.11, uv, pip
Node	:node, :node-1.3.1	+ Node.js 20, npm, yarn, pnpm
Java	:java, :java-1.3.1	+ GraalVM 25 LTS, native-image, Maven, Gradle

Installation

# Add marketplace to Claude Code
# Settings → Marketplaces → Add: https://github.com/Hellblazer/hal-9000.git

# Or pull Docker image directly
docker pull ghcr.io/hellblazer/hal-9000:latest

Local Docker Build

Docker images are built locally (multi-arch CI was too slow):

cd plugins/hal-9000/docker
./build-profiles.sh --push

v1.3.0

What's Changed

Added

• hal9000 command: New containerized Claude launcher for single and multi-session development
  • hal9000 run - Single container launch
  • hal9000 squad - Multiple parallel sessions
  • Session management: hal9000-list, hal9000-attach, hal9000-send, hal9000-broadcast, hal9000-stop, hal9000-cleanup
• CONTRIBUTING.md: Comprehensive contributor guide with instructions for adding agents, hooks, commands
• Shell script tests (bats): Test suite for container-common.sh shared library
• MCP server integration tests: Python test suite validating server availability and configuration
• Enhanced MCP documentation: Added concrete usage examples to ChromaDB, Memory Bank, and Sequential Thinking READMEs

Changed

• Refactored shell scripts: aod.sh and hal9000.sh now use lib/container-common.sh shared library
  • Eliminates ~200 lines of duplicate code
  • Shared functions: logging, locking, slot management, MCP config injection
• Updated ClaudeBox references to hal9000 throughout codebase
• Renamed is_claudebox_container() to is_hal9000_container() in common.sh
• Updated container name patterns in aod scripts from "claudebox-" to "aod-"
• Unified agent documentation - clarified 12 installed agents vs agent invocation patterns
• Repository structure in CLAUDE.md now reflects actual layout

Fixed

• DEVONthink installation instructions no longer reference non-existent external repository
• Version badge in plugins/hal-9000/README.md now matches plugin.json
• Agent selection guide uses correct agent names throughout
• Removed empty/accidental directories (mcp-servers/memory-bank/y/, scripts/, tools/)
• Updated .gitignore with Python cache directories (pycache/, .pytest_cache/)

Testing

• 40 hook tests passing (pytest)
• 10 MCP integration tests passing (pytest)
• Shell script tests ready for bats execution

Docker Images

All images available at ghcr.io/hellblazer/hal-9000:

Profile	Tag	Description
Base	:latest, :1.3.0	Claude CLI + MCP servers
Python	:python, :python-1.3.0	+ Python 3.11, uv, pip
Node	:node, :node-1.3.0	+ Node.js 20, npm, yarn, pnpm
Java	:java, :java-1.3.0	+ GraalVM 25 LTS, native-image, Maven, Gradle

Installation

# Add marketplace to Claude Code
# Settings → Marketplaces → Add: https://github.com/Hellblazer/hal-9000.git

# Or pull Docker image directly
docker pull ghcr.io/hellblazer/hal-9000:latest

Local Docker Build

Docker images are built locally (multi-arch CI was too slow):

cd plugins/hal-9000/docker
./build-profiles.sh --push