v0.3.0 — verifiable receipts + reproduce (the wedge)

Highlights

• reproduce (beta): re-run a recorded invocation + byte-compare vs the receipt → REPRODUCED / DIVERGED / TAMPERED / INCONCLUSIVE. Verify by re-execution, not trust (sound for network-off runs).
• Hardened receipts: Ed25519 / in-toto / DSSE → real pubkey-only public verification. dokan verify + pubkey offline.
• /output run-artifacts (content-addressed, folded into the receipt).
• True exactly-once: partial UNIQUE index + atomic insert-or-return.
• list_runs: verdict-vs-error outcome, script_id filter, all_green.
• Plus dokan update self-updater, GAP-2/4 security, clippy CI gate.

Beta framing on the wedge — runtime deterministic; output reproduces iff your code is.

v0.2.2

v0.2.2

• feat: reproduce primitive (#29) — reproduce(run_id) re-runs a prior run's exact source+input with caching disabled, so its receipt can be diffed against the original to verify determinism. Refuses with source_drift if the script source changed.
• fix: receipt honesty (#28) — say "tamper-evident" not "signed" across the operator surfaces; the receipt is a keyed HMAC (detects tampering for key-holders), not a third-party-verifiable signature. Wire format unchanged.
• feat: per-script mem/cpu caps (v0.1.1, #21) — mem_limit_mb / cpu_limit overrides for heavy jobs (fixes OOM exit137).
• docs: README concept + receipt-honesty refresh (#27).

First tagged release since v0.2.0 — v0.2.1's cockpit redesign is folded in.

dokan v0.2.0 — run artifacts: input files (beta/preview)

dokan v0.2.0 — run artifacts: input files (beta / preview)

Feed a job real local documents — a PDF, a dataset, a .md — without stuffing them into DOKAN_INPUT.

What's new

• upload_blob(data, filename?) → handle — content-addressed blob store (blake3); re-uploading identical bytes dedups to one row. 32 MiB per blob. download_blob(handle) fetches bytes back.
• run_script files={"<name>": "<handle>"} — materializes each file read-only at /input/<name> in the container.
• Blob shas fold into the run's receipt (and cache key), so a job reading /input stays a pure function of its declared inputs — determinism, cache, and a portable receipt are preserved, where a host bind-mount would break all three.

Why upload, not host-mount

Snapshot the bytes into the run; the agent on the host attaches the doc, the container never pierces its wall. The convergent pattern of E2B / Modal / OpenAI Code Interpreter, kept hermetic à la Bazel/Nix. Design: docs/specs/v0.2.0-run-artifacts.md.

No-files runs are byte-identical to before. Output artifacts (/output capture) land in a follow-up. Still honest beta/preview — see SECURITY.md.

dokan v0.1.2 — last-result-as-input (beta/preview)

dokan v0.1.2 — beta / preview

Stateful monitors on a stateless runtime.

What's new

• feed_prev_result (opt-in per script, default false). When true, dokan injects the most-recent prior run's structured result of the same script into the next run's DOKAN_INPUT.prev_result (any exit code — a monitor's exit-1 verdict still carries its state; null on the first run).
• A monitor can now keep a cross-run diff — read prev_result.state → diff → emit new state in ::dokan:result:: + exit nonzero on change — with no host files and no external store, staying deterministic and isolated.
• false = unchanged behavior for every existing script. Surfaced on get_script.

Schema-additive (ALTER TABLE ... ADD COLUMN IF NOT EXISTS), exec.rs untouched (merge happens in the dispatch path). Still honest beta/preview — see SECURITY.md. Full notes in CHANGELOG.md.

dokan v0.1.1 — per-script mem/cpu override (beta/preview)

dokan v0.1.1 — beta / preview

Per-script resource override — give a heavier job more memory/CPU without raising the cap for every container.

What's new

• upload_script now accepts optional mem_limit_mb (MiB) and cpu_limit (cores). A script with either set runs on a fresh one-off container with those caps instead of the executor's global --mem-limit-mb / --cpu-limit default. A missing dimension falls back to the global default. Surfaced on get_script.
• Fixes heavier jobs that OOM'd (exit 137) under the shared default cap — e.g. a memory-hungry monitor — without inflating the cap for everything.
• NULL = global default, so every existing script is unchanged.

Internal

• Warm-pool container creation refactored into a shared create_one helper; scripts with an override bypass the warm pool (kept global-only) and cold-create a dedicated container. No-override path is byte-identical.

Still honest beta/preview (single-tenant trust model — see SECURITY.md). Full notes in CHANGELOG.md.

dokan v0.1.0 — beta / preview

dokan v0.1.0 — beta / preview

dokan is an agent-operated automation runtime: your coding agent stands up, runs, and schedules deterministic workflows by talking to dokan over MCP. Zero LLM inside — the platform burns no tokens; the expensive intelligence stays in your agent, outside the runtime.

This is the first tagged release. dokan has been built and run in production against our own agent fleet; v0.1.0 makes the public presentation match that reality. Published as honest beta/preview — the release exists for OSS hygiene; a GA designation comes later.

What works in 0.1.0

• Deterministic Docker job execution — one job, one fresh network-isolated container, per-job CPU/mem caps + hard timeout, content-addressed cache (never recompute unchanged work).
• MCP control plane — upload / run / schedule / wire / read jobs over MCP (Streamable HTTP or stdio). Every response engineered to be token-frugal.
• Flow engine — compose_flow / run_flow over a validated DAG: when branches, map fan-out, compensate (saga rollback), retries, step-boundary durability.
• Triggers — 6-field cron + inbound webhooks (POST /hook/<token>).
• Write-only secrets, structured results + signed receipts, operator cockpit at / + Prometheus /metrics.

Run your first job (one command)

With a daemon up: ./examples/flagship/run.sh — a fraud-triage DAG driven over MCP the way an agent does it (upload → compose → run → read). No keys, no job network, fully reproducible. Proven green in CI (tests/p2_flows::flagship_demo_flow).

Honest status

Single-tenant trust model — see SECURITY.md. Ready for demos, design partners, and technical early adopters. Not yet turnkey multi-tenant (no SSO/RBAC/HA).

Full quickstart in the README · changelog in CHANGELOG.md.