v0.3.0

What's Changed

• Sandbox external plugins with a permission lockfile and brokered dial by @piscisaureus in #681
• Add GitHub-based plugin distribution with semver and provenance by @piscisaureus in #687
• Add a persistent state service for external plugins (v2 M1) by @piscisaureus in #690
• Let external credentials rewrite the request URL and body (v2 M2) by @piscisaureus in #691
• Make external HTTPS plugin endpoints work end to end by @piscisaureus in #695
• Record a plugin's deferred egress on first load by @piscisaureus in #696
• Derive async grant TTL from approver and sync-wait timeouts by @arnauorriols in #697
• Add OTel GenAI telemetry export with optional message content by @arnauorriols in #684
• extplugin: deliver all bound credentials to conn endpoints by @piscisaureus in #698
• tailscale tunnel: wait for the node to join in Dial by @piscisaureus in #699
• extplugin: map the sql built-in family for external endpoints (v2 M3) by @piscisaureus in #700
• extplugin: host-served control plane (HostControl) for plugin Evaluate by @piscisaureus in #701
• extplugin: plugin-declared "privileged" capability (run unsandboxed, explicit approval) by @piscisaureus in #704
• relay: fail open when the auto-expose relay dies (#688) by @piscisaureus in #708
• Extend OTel GenAI telemetry to OpenAI providers by @arnauorriols in #711
• run: sanitize nsswitch hosts line in the sandbox by @piscisaureus in #716
• extplugin: brokered transport dial for tunnel plugins (via + UDP) by @piscisaureus in #714
• example: SOCKS5 tunnel + brokered passthrough (example is network=none) by @piscisaureus in #719
• extplugin: honor via/share/keepalive/credential on plugin tunnel blocks by @piscisaureus in #722
• docs: plugin tunnel transport dial + plugin-docs audit corrections by @piscisaureus in #721
• gateway: clear error when state_dir isn't writable by @piscisaureus in #723

Full Changelog: v0.2.12...v0.3.0