v0.1.46

Promoted from v0.1.46-rc.3 with no product-code changes. Validated on all three backends: local macOS portable + live release checks (Apple VF), hosted Linux Firecracker full E2E on KVM, and hosted Windows Hyper-V parity smokes — re-run green as automated gates on this tag.

Security

• model pull verifies downloads against the upstream Hugging Face LFS digest and fails closed on mismatch, non-LFS files, or unresolvable digests.
• debugfs requests (cp, artifacts get) are built from validated, quoted arguments; remote paths are validated in the copy layer.
• OCI layer extraction rejects backslash path separators in entry names and link targets; the Windows symlink marker writes through the os.Root sandbox.
• Host state files are now created 0600 (state dirs 0700).

Fixes

• Firecracker user networking works on stock Ubuntu 24.04 (pasta -- option terminator).
• doctor live-probes unprivileged user namespace creation and reports an actionable remediation when AppArmor blocks it.
• Secret-access audit and Hyper-V event-log appends report close errors instead of silently dropping records.

Breaking (Go library)

• workspace.ExecWithMetadata now returns (ExecResult, ExecRetryMetadata, error) — error last. CLI and MCP behavior unchanged.

Internals & CI

• Declarative vmkit.BackendCapabilities table; dispatch errors preserve chains for errors.Is/As.
• golangci-lint + actionlint in CI; dead code removed; package docs; coverage collection.
• Live Linux and Windows suites run on GitHub-hosted runners nightly, on release tags, and on demand.
• The microagent-rc Homebrew channel is retired: only stable releases ship to the tap.

Install: brew install geoffbelknap/tap/microagent — see CHANGELOG.md for full details.