v0.13.0

Security

• Harden /etc permissions (CIS 6.1.x) — Build-time chown -R 0:0 + runtime chmod in guest-agent. Fixes macOS Docker VirtioFS losing UID 0 ownership.
• Harden /tmp tmpfs (CIS 1.1.3–1.1.4) — nosuid,nodev flags, deterministic nr_inodes=16384 cap.
• Remove /dev/vda and /dev/zram0 after use — Prevents raw disk reads bypassing filesystem permissions.

Features

• Session.exposed_ports — Read-only property exposing resolved port mappings (internal/external/host/url).
• Loopback interface up at boot — Enables localhost connectivity inside the VM. Fixes Bun FailedToOpenSocket.

Bug Fixes

• Signal-killed processes return 128+signal instead of -1 (e.g., SIGKILL→137, SIGSEGV→139).
• REPL PID guard — Forked children no longer write premature sentinels that corrupt parent output.
• sys.exit(None) returns 0 instead of 1, matching CPython convention.
• Stdin → /dev/null in all REPLs — input(), sys.stdin.read(), shell read, JS process.stdin.read() return immediate EOF instead of hanging on the protocol pipe.
• Shebang scripts in RAW mode — #! scripts (awk, perl, etc.) routed through temp file for kernel binfmt_script dispatch instead of failing silently via eval.
• Build: root-owned file cleanup — Fixes CI permission errors from sticky-bit /tmp.

Tests

140 new tests covering /etc hardening, /tmp inode exhaustion, block device removal, loopback TCP/UDP, fork PID guard, shebang dispatch, stdin EOF semantics, and exposed_ports.