v0.8.0

First release on the 0.8.x line: 0.8.x is the mature pre-1.0 development line (0.9.x is reserved for stabilization and 1.0 readiness). The jump from 0.1.46 changes no behavior. Promoted from v0.8.0-rc.1 with no product-code changes; the tag-gated live suites (Linux Firecracker full E2E on KVM, Windows Hyper-V parity smokes) ran green on the rc tag and re-run as automated gates on this tag.

Workspace model pairing

• create --model (or spec model:) pairs a workspace with a local model: resolve, pull if missing, ensure a host runner, and bake MICROAGENT_MODEL_URL/OPENAI_BASE_URL into the guest env. The canonical ref persists in spec, manifest, and options.
• start re-pairs from the manifest each boot; lifecycle verbs release the runner holder; supervise re-pairs before every supervised boot, including policy restarts.
• Exposed on the MCP workspace.create tool.

Fixes

• Companion processes no longer leak when a detached user-network guest exits on its own; delete refuses while recorded companions are alive.
• Snapshot/pause/resume no longer drop runtime config fields (exec and shell work immediately after a snapshot).
• create --setup keeps the OCI image env (including PATH) on later boots.
• exec ws -- cmd -h runs the guest command instead of printing exec usage.
• Guests get standard /dev/fd, /dev/stdin|stdout|stderr symlinks (fixes bash process substitution, e.g. the official postgres image).
• Secret flags (--secret, --secrets-env-file, --secret-on-demand) work flag-after-name in create.

Breaking

• serve mcp is no longer listed in CLI help (it is launched by MCP clients; interactive launch now prints client setup guidance). The command itself is unchanged.
• Go library: workspace.ResetGuestConfigCommand removed; rootfs BuildRequest gains ResetFinalConfig/FinalCommand/FinalMode, and FinalCommandAndMode reports the final command and mode.
• Docs recipes/ moved to guides/; examples renamed body -> agent (minimal-agent*, agent.py).

Docs and install

• Docs site rewritten end to end: quickstart, coming-from-Docker, decision-first concepts, full CLI reference, six new task guides, first-agent tutorial.
• Local dev builds report 0.8.0-<sha>[-dirty]; source installs are friendlier.

Install: brew install geoffbelknap/tap/microagent — see CHANGELOG.md for full details.

v0.8.0-rc.1

Release candidate for v0.8.0, the first release on the 0.8.x line. Validated by the tag-gated live suites (Linux Firecracker full E2E on KVM, Windows Hyper-V parity smokes) — both green on this tag. See CHANGELOG.md for the full v0.8.0 notes.

v0.1.46

Promoted from v0.1.46-rc.3 with no product-code changes. Validated on all three backends: local macOS portable + live release checks (Apple VF), hosted Linux Firecracker full E2E on KVM, and hosted Windows Hyper-V parity smokes — re-run green as automated gates on this tag.

Security

• model pull verifies downloads against the upstream Hugging Face LFS digest and fails closed on mismatch, non-LFS files, or unresolvable digests.
• debugfs requests (cp, artifacts get) are built from validated, quoted arguments; remote paths are validated in the copy layer.
• OCI layer extraction rejects backslash path separators in entry names and link targets; the Windows symlink marker writes through the os.Root sandbox.
• Host state files are now created 0600 (state dirs 0700).

Fixes

• Firecracker user networking works on stock Ubuntu 24.04 (pasta -- option terminator).
• doctor live-probes unprivileged user namespace creation and reports an actionable remediation when AppArmor blocks it.
• Secret-access audit and Hyper-V event-log appends report close errors instead of silently dropping records.

Breaking (Go library)

• workspace.ExecWithMetadata now returns (ExecResult, ExecRetryMetadata, error) — error last. CLI and MCP behavior unchanged.

Internals & CI

• Declarative vmkit.BackendCapabilities table; dispatch errors preserve chains for errors.Is/As.
• golangci-lint + actionlint in CI; dead code removed; package docs; coverage collection.
• Live Linux and Windows suites run on GitHub-hosted runners nightly, on release tags, and on demand.
• The microagent-rc Homebrew channel is retired: only stable releases ship to the tap.

Install: brew install geoffbelknap/tap/microagent — see CHANGELOG.md for full details.

v0.1.46-rc.3

Release candidate for v0.1.46. Validated on all three backends against this exact commit: full local macOS portable + live release checks (Apple VF), hosted Linux Firecracker full E2E on KVM, and hosted Windows Hyper-V parity smokes — plus both live suites re-run green as automated gates on this tag.

Security

• model pull verifies downloads against the upstream Hugging Face LFS digest and fails closed on mismatch, non-LFS files, or unresolvable digests.
• debugfs requests (cp, artifacts get) are built from validated, quoted arguments instead of raw string concatenation; remote paths are validated in the copy layer.
• OCI layer extraction rejects backslash path separators in entry names and link targets; the Windows symlink marker writes through the os.Root sandbox.
• Host state files are now created 0600 (state dirs 0700) — workspace topology and runtime config are no longer readable by other local users.

Fixes

• Firecracker user networking works on stock Ubuntu 24.04: pasta is invoked with a -- option terminator so older getopt-permuting releases don't choke on the supervisor's flags.
• doctor runs a live CLONE_NEWUSER probe and reports user networking unavailable (with a remediation hint) on hosts where AppArmor blocks unprivileged user namespaces.
• Secret-access audit and Hyper-V event-log appends report close errors instead of silently dropping records.

Breaking (Go library)

• workspace.ExecWithMetadata now returns (ExecResult, ExecRetryMetadata, error) — error last, per Go convention. CLI and MCP behavior unchanged.

Internals & CI

• Backend differences centralized in a declarative vmkit.BackendCapabilities table (unknown backends fail closed); dispatch errors preserve the error chain for errors.Is/As.
• golangci-lint + actionlint enforced in CI; ~1,000 lines of dead code removed; package docs added; coverage collected on the Linux job.
• Live Linux (full E2E) and Windows Hyper-V (parity smokes) suites run on GitHub-hosted runners nightly, on every release tag, and on demand.

Install with brew install geoffbelknap/tap/microagent-rc. See CHANGELOG.md for full details.

v0.1.46-rc.2

v0.1.46-rc.2

Second release candidate for the v0.1.46 storage, networking, supervision, MCP, and AX release.

Changes since v0.1.46-rc.1

• Expanded the MCP management surface and command parity so agent clients can use more of the microagent workspace, artifact, snapshot, network, volume, and management operations through MCP.
• Added MCP streaming and host-mutation confirmation patterns.
• Moved transient structured-exec retry behavior into the shared workspace exec substrate, with retry metadata exposed through CLI AX and MCP.
• Updated AX structured errors with explicit retryability metadata.
• Updated docs and release/tap automation for RC dispatch.

Validation

• GitHub CI on main at 170e051 passed.
• Local non-live release check passed: make release-check.
• Live Linux parity for 170e051 was queued at release time.

v0.1.46-rc.1

v0.1.46-rc.1

Release candidate for the storage, networking, supervision, health, streaming exec, scaffold, commit/push, and Apple VF parity release.

Highlights

• Added microagent init <name> to scaffold starter agent body projects.
• Added health checks and restart-on-unhealthy behavior for supervised workspaces.
• Added streaming structured exec with exec --stream and workspace.ExecStream.
• Added managed named volumes and attach-by-name semantics.
• Added user-defined named networks on Linux/Firecracker with stable member IPs, managed bridge connectivity, and injected /etc/hosts resolution.
• Added microagent commit <workspace> <image-ref> and microagent images push for rootfs-to-OCI workflows.
• Added supervise --install and --uninstall for host reboot survival.
• Added Linux host networking readiness/setup visibility through diagnostics, doctor, and host setup-networking.
• Brought Apple Virtualization.framework validation up to the backend-neutral E2E surface, including networking, publish, workspace-connect, mediation/vsock transport, supervision, volumes, commit-images, secrets, health, and streaming exec coverage.

Validation

• scripts/dev/microagent-e2e.sh on macOS arm64: 23 passed, 0 skipped, 0 failed in 621s.
• GOTOOLCHAIN=go1.26.4 scripts/dev/release-check.sh passed locally.
• GitHub CI on main at 9cf94b8 passed.

v0.1.45

v0.1.45

Stable release for the AX/MCP/structured-exec readiness work.

Highlights

• Added AX output mode for agent-facing structured CLI responses and errors.
• Added microagent serve mcp with workspace lifecycle, status, inspect, exec, estimate, preview, idempotency, and capability-manifest tools.
• Added the structured exec protocol, guest service, host client, CLI command, and MCP wiring.
• Added runtime readiness signals for guest, shell, structured exec, result, and mediation state.
• Added mediation target readiness probing for running workspaces.
• Added bounded retry handling and retry metadata for transient MCP structured-exec connection failures.
• Added fast status/inspect readiness behavior for non-live workspace states.
• Expanded Linux/Firecracker E2E coverage for lifecycle, networking, mediation/transport, supervision, public CLI surface, and runtime contracts.

v0.1.45-rc.1

v0.1.45-rc.1

Release candidate for the AX/MCP/structured-exec readiness release.

Highlights

• Added AX output mode for agent-facing structured CLI responses and errors.
• Added microagent serve mcp with workspace lifecycle, status, inspect, exec, estimate, preview, idempotency, and capability-manifest tools.
• Added the structured exec protocol, guest service, host client, CLI command, and MCP wiring.
• Added runtime readiness signals for guest, shell, structured exec, result, and mediation state.
• Added mediation target readiness probing for running workspaces.
• Added bounded retry handling and retry metadata for transient MCP structured-exec connection failures.
• Added fast status/inspect readiness behavior for non-live workspace states.
• Expanded Linux/Firecracker E2E coverage for lifecycle, networking, mediation/transport, supervision, public CLI surface, and runtime contracts.

v0.1.44

Highlights since v0.1.43:

• Adds container-style run syntax and compatible flag aliases where they map cleanly to microVM behavior.
• Adds registry credential support for OCI pulls.
• Expands backend-neutral Linux and Apple VF E2E coverage across lifecycle, networking, transport, supervision, and public-surface behavior.
• Adds deeper Apple VF validation for mediation, cached NATS networking, network modes, publish forwarding, and workspace connect flows.
• Adds and documents Go library reference material, docs parity checks, and docs last-updated rendering.
• Adds experimental Windows Hyper-V backend work and protocol docs.
• Cleans up stale/manual workflow handling and skips Homebrew tap updates for prereleases.

Validation:

• scripts/dev/release-check.sh
• scripts/dev/release-check.sh --live
• Latest main CI for 75e5d4d

v0.1.44-rc.1

Release candidate for v0.1.44.

Highlights since v0.1.43:

• Adds container-style run syntax and compatible flag aliases where they map cleanly to microVM behavior.
• Adds registry credential support for OCI pulls.
• Expands E2E, docs parity, and CI coverage.
• Adds and documents the Go library reference and docs last-updated rendering.
• Adds experimental Windows Hyper-V backend work and protocol docs.
• Cleans up stale/manual workflow handling and skips Homebrew tap updates for prereleases.

Validation:

• scripts/dev/release-check.sh