We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Document --compression flag and host timezone inheritance - Image-Management: Add compression examples and dedicated section - Configuration: Add [timezone] config section and --timezone CLI flag
Update wiki for 0.8.0 unreleased changes System-Health-Check.md: - Rewrite example output with all 27 current checks - Expand "What's Checked" table with all categories and checks - Add Security Posture Details section (status logic table) - Add Version Checks section (Incus >= 6.1, nftables >= 0.9.0, kernel >= 5.15) - Add JSON output example with security_posture details - Update notes for Colima/Lima and privileged profile detection Security-Best-Practices.md: - Add privileged container guard, security posture verification, and kernel version enforcement to defense-in-depth summary (8 → 11 layers) Troubleshooting.md: - Add "COI refuses to start: security.privileged=true" entry with fix - Add "Kernel version warning on startup" entry FAQ.md: - Fix [container] → [paths] for preserve_workspace_path config
docs: add Configuration page and document 0.8.0 features across wiki - Create Configuration.md with full config reference (was linked but missing) - Add SSH agent forwarding and env var forwarding to Container-Lifecycle-and-Sessions - Update Network-Isolation with TTL-aware DNS refresh behavior - Add sandbox context file docs to Supported-Tools - Add SSH/env forwarding security considerations to Security-Best-Practices - Fix stale mount_claude_config reference in FAQ - Update env var isolation statement in FAQ for forward_env - Add Configuration link to Home page
docs(faq): add entry about orphaned firewalld zone bindings Explains that orphaned veth entries in firewalld are typically caused by Docker on the host (not COI), and how to clean them up or prevent accumulation with a cron job.
docs: add Configuration wiki page with hierarchy, per-repo config, and full reference
docs: expand FAQ with community questions and security monitoring emphasis Add 6 new FAQ entries based on YouTube community feedback: - Why not just use Docker with a volume? - How is COI different from Distrobox? - Why does COI use Colima on macOS? - Can I use Lima/limactl or a plain VM instead? - Why run an AI agent locally instead of in the cloud? - Can I use COI with local/self-hosted AI models? Update existing entries (Docker Sandboxes, DevContainers, comparison table) to highlight security monitoring capabilities as a key differentiator.
fix: replace non-existent coi monitor audit references with actual commands The `coi monitor audit` subcommand is not implemented (commented out in code). Replace all references with the actual working approach: reading audit JSONL files directly from ~/.coi/audit/. Pages updated: - Security-Monitoring.md (4 references) - Troubleshooting.md (2 references) - FAQ.md (1 reference)
docs: add permission_mode documentation (#165)
docs: add FAQ entry for mounting extra context files into containers Addresses issue #175 — documents how to mount additional context files (opencode agents, AGENTS.md, coding standards) into containers using --mount flag or config file mounts. Emphasizes mounting subdirectories rather than the parent config directory to avoid conflicts with COI's config management.
docs: update wiki with recent fixes and improvements Security Monitoring: - Add large file write detection, gateway IP RFC1918 exclusion - Document dropped event tracking and orphan NFT rule cleanup - Add alert deduplication and NFT error routing details Troubleshooting (6 new entries): - Docker Compose fails in session containers - Permission denied / UID/GID mismatch - Security settings silently disabled (config merge bug) - Firewall rules accumulating - Settings.json overwritten - Cross-device link session save errors Supported Tools: - Add Claude effort level configuration - Fix opencode config path to XDG-compliant location - Update Go interfaces (ToolWithConfigDirFiles, ToolWithEffortLevel) Network Isolation: - Clarify gateway IP auto-exclusion from RFC1918 checks - Document cleanup on all termination paths including nftables - Remove duplicated container access section Container Lifecycle: - Add coi persist and coi resume commands - Document Docker/Compose support in sessions - Note sync.Once cleanup protection Container Operations: - Document three-step launch sequence for Docker support - Add UID/GID remapping and extra mount documentation FAQ: Add Docker Compose and preserve_workspace_path entries Resource Limits: Add tmpfs_size to disk limits config
docs: add Claude effort level configuration Document the new [tool.claude] effort_level setting that controls response thoroughness and prevents interactive prompts in autonomous shell sessions.
docs: update wiki for recent security monitoring features Security-Monitoring.md: - Add large write detection for data exfiltration - Add disk space monitoring (/tmp > 80% warning) - Add coi resume command documentation - Add threat deduplication (30-second window) - Add complete configuration options - Add threat level table with severities - Add example for detecting data exfiltration - Add NFT cleanup troubleshooting Supported-Tools.md: - Update opencode resume behavior (--continue flag) - Add permission bypass row to comparison table System-Health-Check.md: - Clarify Incus storage pool thresholds Troubleshooting.md: - Add section for container paused by monitoring - Add section for container killed by monitoring - Document coi resume workflow FAQ.md: - Add real-time threat detection to protection list - Add monitoring best practices
docs: add Security Monitoring and Supported Tools pages, update health checks - Add Security-Monitoring.md: real-time threat detection, nftables monitoring, automated response, audit logging - Add Supported-Tools.md: Claude Code vs opencode comparison, tool selection, API key configuration, adding new tools - Update System-Health-Check.md: add Incus storage pool, monitoring checks, container networking checks - Update Security-Best-Practices.md: reference new Security Monitoring page - Update Home.md: add links to new pages
docs: update /tmp default to disk-backed in FAQ and Troubleshooting
docs: add /tmp full → agent hang to FAQ and Troubleshooting (#135)
docs: document automatic firewall cleanup for orphaned veth zone bindings Add documentation about the automatic cleanup of orphaned firewalld zone bindings that was added in PR #130. This includes: - Automatic cleanup when containers are deleted - Detection and removal of orphaned veth zone bindings - Manual cleanup commands This prevents firewalld from accumulating stale interface bindings over time.
Update Security Best Practices with automatic path protection feature - Document automatic read-only mounting of security-sensitive paths - Add table of default protected paths (.git/hooks, .git/config, .husky, .vscode) - Document configuration options (additional_protected_paths, protected_paths, disable_protection) - Explain attack vectors COI protects against - Add symlink security section - Reorganize Home.md with dedicated Security section
Fix image delete documentation - remove non-existent --force flag
Document container list command with JSON/text format Add documentation for the new coi container list command that provides raw container listing. Includes usage examples, JSON output structure, use cases, and comparison with the high-level coi list command.
Document PTY allocation support for container exec command Add comprehensive documentation for the new -t/--tty flag that enables pseudo-terminal allocation for interactive sessions. Includes usage examples, important notes about mutually exclusive flags, and common use cases for shells, tmux, and terminal applications.
Add Container Operations, File Transfer, Tmux Automation, and Image Management to Home page
Add focused usage guides: Container Operations, File Transfer, Tmux Automation, Image Management
Add Snapshot Management to Home page
Add Snapshot Management guide
Add Container Lifecycle and Sessions to Home page
Add Container Lifecycle and Sessions guide
Add System Health Check to Home page
Add System Health Check guide
Add Network Isolation to Home page
Add Network Isolation guide