Skip to content

Releases: resolvicomai/kassinao

Kassinão v1.4.16

Choose a tag to compare

@github-actions github-actions released this 16 Jul 19:00
Immutable release. Only release title and notes can be modified.
5d936be

Security

  • The isolated public process now accepts the image's no-dump marker and preload only as an exact, atomic runtime-owned pair tied to its current PID. Partial, altered, or operator-injected loader configuration still fails closed without logging the supplied values.
  • Dedicated and shared VPS audits now reject application containers whose sealed no-dump entrypoint or command was overridden.

Fixed

  • The split landing/docs container now starts correctly through the production image entrypoint. Release verification runs the real public process and health check on both amd64 and arm64 so this container/runtime mismatch cannot ship again.

Imagem OCI multiarch por digest: ghcr.io/resolvicomai/kassinao@sha256:7ef7e03803bb4eb4f5daf5f8c78683edaeeb242e00a7d3de12dcf5be5b064333.

O kit operacional não contém checkout Git, código-fonte da aplicação nem credenciais; ele contém controles operacionais públicos selados, templates sem segredos e runtimes nativos. Verifique checksum e attestations antes do deploy. A imagem final passou pelo gate Trivy atual em amd64 e arm64.

Kassinão v1.4.15

Choose a tag to compare

@github-actions github-actions released this 16 Jul 17:22
Immutable release. Only release title and notes can be modified.
a638b48

Added

  • The public landing now includes a local, bilingual Product Hunt launch badge with no third-party embed or tracking script.

Changed

  • Navigation, language controls, footer links, and keyboard focus states have larger and clearer interaction targets across desktop and narrow mobile layouts.
  • App releases may reuse the existing immutable MCP package when its annotated tag is an ancestor of the reviewed app release and mcp/ is byte-for-byte unchanged. An executable, behavior-tested gate enforces both conditions before the workflow verifies the remote tag, npm signatures, and package attestation against the exact MCP commit; any MCP change requires a new MCP release first.

Fixed

  • Product Hunt launch documentation now records the verified public listing instead of retaining a placeholder URL or claiming the private production gates are complete.

Imagem OCI multiarch por digest: ghcr.io/resolvicomai/kassinao@sha256:42ef73ab9ab8ffb6dce236c363bc188e55094348a580bcef58404ac89fb9c9d5.

O kit operacional não contém checkout Git, código-fonte da aplicação nem credenciais; ele contém controles operacionais públicos selados, templates sem segredos e runtimes nativos. Verifique checksum e attestations antes do deploy. A imagem final passou pelo gate Trivy atual em amd64 e arm64.

Kassinão v1.4.14

Choose a tag to compare

@github-actions github-actions released this 16 Jul 14:52
Immutable release. Only release title and notes can be modified.
076df4d

Changed

  • kassinao-mcp@1.0.12 carries the unchanged 1.0.11 connector runtime under a fresh immutable package and tag, allowing MCP and app release provenance to bind to the exact reviewed 1.4.14 commit.

Fixed

  • Shared legacy migration guidance, security policy, operator messages, and bilingual documentation now state the exact recovery boundary: the preserved plaintext is a data rollback, not an operational path back to the legacy Compose stack. After a successful cutover, service recovery is fix-forward through the shared adapter unless the operator has separately built and host-tested a reversal adapter before migration.

Imagem OCI multiarch por digest: ghcr.io/resolvicomai/kassinao@sha256:d2f3b40569d3f0f14e0bdc8037b58a6f1082ef1b55e4864ca6a6a81247fa7ecc.

O kit operacional não contém checkout Git, código-fonte da aplicação nem credenciais; ele contém controles operacionais públicos selados, templates sem segredos e runtimes nativos. Verifique checksum e attestations antes do deploy. A imagem final passou pelo gate Trivy atual em amd64 e arm64.

Kassinão v1.4.13

Choose a tag to compare

@github-actions github-actions released this 16 Jul 13:39
Immutable release. Only release title and notes can be modified.
60f38d1

Changed

  • kassinao-mcp@1.0.11 carries the unchanged 1.0.10 connector runtime under a fresh immutable package and tag, allowing MCP and app release provenance to bind to the exact reviewed 1.4.13 commit.

Fixed

  • Shared-host inventory, legacy-layout preparation, and encrypted-storage migration now read optional Docker mount and network fields through map-safe Go-template lookups. Docker Engine 29 may omit Name and Driver from bind-mount objects instead of returning empty strings; the release now preserves null for those optional values while continuing to reject missing required fields and unsafe neighboring mounts.

Imagem OCI multiarch por digest: ghcr.io/resolvicomai/kassinao@sha256:6579dac994f476233240794188dadd450bea02bae37d3f4002b509e467adbf6f.

O kit operacional não contém checkout Git, código-fonte da aplicação nem credenciais; ele contém controles operacionais públicos selados, templates sem segredos e runtimes nativos. Verifique checksum e attestations antes do deploy. A imagem final passou pelo gate Trivy atual em amd64 e arm64.

Kassinão v1.4.12

Choose a tag to compare

@github-actions github-actions released this 16 Jul 02:15
Immutable release. Only release title and notes can be modified.
7536046

Changed

  • kassinao-mcp@1.0.10 carries the unchanged 1.0.9 connector runtime under a fresh immutable package and tag, allowing MCP and app release provenance to bind to the exact reviewed 1.4.12 commit.
  • Docker stop operations use the canonical --timeout option instead of the deprecated --time alias while preserving the same bounded fail-closed containment behavior.

Fixed

  • Shared-host deploy and audit gates accept Docker Engine 29 serializing a requested zero MemorySwappiness as null only when the positive configured memory limit is exact and MemorySwap=Memory. Positive swappiness and any configuration that leaves effective swap available remain rejected.

Imagem OCI multiarch por digest: ghcr.io/resolvicomai/kassinao@sha256:f2877154c9bf009005fceb2151bb51b814cd7418c6ef2023d4606728fe19f2f3.

O kit operacional não contém checkout Git, código-fonte da aplicação nem credenciais; ele contém controles operacionais públicos selados, templates sem segredos e runtimes nativos. Verifique checksum e attestations antes do deploy. A imagem final passou pelo gate Trivy atual em amd64 e arm64.

Kassinão v1.4.11

Choose a tag to compare

@github-actions github-actions released this 15 Jul 21:44
Immutable release. Only release title and notes can be modified.
e61752b

Changed

  • kassinao-mcp@1.0.9 carries the unchanged 1.0.8 connector runtime under a fresh immutable package and tag, allowing both MCP and app release provenance to bind to the exact reviewed 1.4.11 commit.

Fixed

  • Legacy v1.4.9 plaintext-to-shared migration now removes the complete proven dedicated host-control set after the old containers are gone. The new fail-closed helper treats a completely absent set as a no-op, rejects partial or drifted installations before mutation, preserves Docker and neighboring workloads, and is included in the sealed operations bundle and bilingual runbook.
  • Linux no-dump gates now accept the kernel's hexadecimal all-zero coredump_filter representation, including 00000000, while continuing to reject empty or non-zero values.
  • Docker topology checks now render ranged Go-template values with explicit printf newlines, avoiding Docker 29's leading blank line from println in exact set comparisons.

Imagem OCI multiarch por digest: ghcr.io/resolvicomai/kassinao@sha256:468701ded2085009c72dbdb1eb88101f48af924bde583f4bccd67c10232890bd.

O kit operacional não contém checkout Git, código-fonte da aplicação nem credenciais; ele contém controles operacionais públicos selados, templates sem segredos e runtimes nativos. Verifique checksum e attestations antes do deploy. A imagem final passou pelo gate Trivy atual em amd64 e arm64.

Kassinão v1.4.10

Choose a tag to compare

@github-actions github-actions released this 15 Jul 20:07
Immutable release. Only release title and notes can be modified.
06c7013

Added

  • A separate shared production host adapter supports trusted same-operator workloads on one VPS without installing a Docker service drop-in or restarting the global Docker daemon. It uses docker-compose.shared.yml, a LUKS2 file container mounted at the private data root, Kassinão-scoped host controls, the existing release deployer, and a read-only shared-host audit.
  • migrate-shared-storage.sh copies an idle, exact plaintext runtime tree into a newly opened LUKS mapper, checks content and metadata before and after the mount switch, and preserves the original tree for explicit rollback and later private destruction.
  • check-shared-migration-rollback.sh validates fresh, pending, and purged migration states before deploy, backup, health, full audit, and host-control removal. finalize-shared-migration.sh verifies the preserved tree against the encrypted manifest, removes the logical plaintext copy only under explicit confirmation, and publishes a sealed purged receipt without claiming forensic erasure.
  • uninstall-shared-host-controls.sh removes only the verified shared-host controls after explicit confirmation, without stopping containers, restarting Docker, or deleting the release, encrypted storage, backing file, or secrets.

Changed

  • Production configuration now selects KASSINAO_HOST_SCOPE=dedicated|shared. The dedicated adapter remains the default and keeps its explicit dedicated-host acknowledgement; the shared adapter requires that acknowledgement to remain empty. Both adapters keep Git checkout and application source code off Kassinão's VPS paths and consume the verified operations bundle plus digest-pinned OCI image rather than cloning or building the project from Git. The bundle still contains public sealed Shell/Python controls, secret-free templates, and native runtimes; the shared adapter makes no source-layout claim about trusted neighboring workloads outside its boundary.
  • In shared mode, app.env and the optional Cloudflare Tunnel token now live under the encrypted data root and reach only their intended container through read-only bind mounts. They are absent from the release environment and Docker Config.Env.
  • README, security guidance, and bilingual product documentation now distinguish four configured HTTPS origins from their three-or-four hostnames, keep external origins separate from internal tunnel targets, and provide complete new-install, migration, finalization, and adapter-specific removal flows for an existing trusted shared VPS.
  • kassinao-mcp@1.0.8 keeps the macOS process-identity probe on an exact, non-secret environment while preserving the existing fail-closed credential lock.

Security

  • Official app containers now start through a multi-architecture static no-dump launcher. A constructor reapplies PR_SET_DUMPABLE=0 after each dynamic execve; every service keeps a hard core limit, while app processes and the shared tunnel launcher also enforce a zero coredump filter. Local media/transcription children no longer inherit application credentials or operator-controlled loader/TLS configuration, and the macOS MCP credential lock no longer forwards the client environment to ps.
  • Privileged operations scripts self-reexec through the architecture-matched runtime sealed in the operations-only bundle before reading secrets. The helper verifies the root-owned bundle, complete manifest, hashes, metadata, target script, and native ELF architecture before accepting its preload.
  • The shared-host audit requires the privately managed, reboot-persistent host-global pair kernel.core_pattern=/dev/null and fs.suid_dumpable=0 before runtime. The repository verifies but does not mutate these settings; prior values, neighbor impact, and recovery remain in the private instance runbook.
  • Shared-host containers use positive memory limits with MemorySwap=Memory, swappiness 0, and restart policy no, so they cannot silently restart before encrypted storage and scoped egress gates pass after a reboot.
  • The shared storage verifier proves the configured backing file, loop device, LUKS2 mapper/UUID, exact mount, safe mount flags, private runtime directories, and mount sentinel. Backing paths, mapper/UUID values, unlock material, secrets, and organization runbooks remain private instance configuration.
  • A shared plaintext migration creates an encrypted pending marker with a bounded 1-168 hour deadline. An inconsistent or expired pending state fails closed; after independent application and backup validation, explicit finalization publishes the purged receipt. Logical deletion does not imply secure erase from SSDs, journals, snapshots, backups, or provider storage.
  • The shared-host preflight reserves Kassinão's project, names, Linux bridges, Docker networks, protected paths, mounts, and environment allowlists before mutation. It rejects foreign privileged/device/Docker access, all added capabilities, host or container namespaces, volumes-from, protected-storage overlap, or Kassinão-network membership. This adapter does not claim protection against host root, Docker administrators, or the infrastructure/hypervisor operator.
  • Privileged controls resolve each expected container to its immutable Docker ID, validate the exact Compose project and service labels, revalidate immediately before mutation, and then act only on that ID. A foreign container squatting on a reserved name fails closed before firewall or lifecycle changes.
  • Full shared-host audits now require all three containers to be running, both application surfaces to be healthy, and their process limits and bounded json-file rotation to match the release exactly. Host-control removal re-runs an ownership preflight immediately before its first mutation and refuses partial or foreign topology.
  • Health-watch failures trigger the fail-closed egress containment unit instead of leaving a failed shared instance reachable until the next timer run.
  • Generic bot DMs no longer disclose the private app or MCP connection origin. Recording-specific DMs still revalidate current membership and ACL before sending a private link.

Imagem OCI multiarch por digest: ghcr.io/resolvicomai/kassinao@sha256:fdea5cc904c68110be81966f3cd5f9661010050e81a5d7498026c82d0203bb1d.

O kit operacional não contém checkout Git, código-fonte da aplicação nem credenciais; ele contém controles operacionais públicos selados, templates sem segredos e runtimes nativos. Verifique checksum e attestations antes do deploy. A imagem final passou pelo gate Trivy atual em amd64 e arm64.

Kassinão v1.4.9

Choose a tag to compare

@github-actions github-actions released this 15 Jul 05:18
Immutable release. Only release title and notes can be modified.
9f4e817

Security

  • The production image now removes bundled package managers and their global dependency trees after the build stage. Kassinão executes only node at runtime, so npm, npx, Corepack, Yarn, and related unused shims no longer expand the image attack surface.
  • The v1.4.8 workflow passed source audit, multi-architecture build, OCI provenance, anonymous pulls, and hardened runtime execution, then stopped on fixable high-severity vulnerabilities inside the base image's unused npm installation. It produced no version or rolling image tags, operations bundle, checksum, or GitHub Release.

Imagem OCI multiarch por digest: ghcr.io/resolvicomai/kassinao@sha256:2141c4414d63abb1f24ce8a22d2dade4e1a700d0e10959d11ba139aa67aec0c3.

O kit operacional não contém source nem credenciais. Verifique checksum e attestations antes do deploy. A imagem final passou pelo gate Trivy atual em amd64 e arm64.

Kassinão 1.4.4

Choose a tag to compare

@resolvicomai resolvicomai released this 14 Jul 20:13
b563eb5

Kassinão 1.4.4 fecha o perímetro entre o projeto público e cada instância privada self-hosted.

Principais mudanças

  • allowlist explícita de servidores Discord e validação fail-closed em comandos, recuperação, OAuth, app e MCP;
  • origens separadas para landing, docs, app e MCP, com isolamento por host e superfícies privadas sem indexação;
  • integrações externas desativadas por padrão, webhook de atas assinado e transcrição local sem execução por shell;
  • configuração e documentação completas para VPS, domínio próprio, proxy, backup criptografado e forks;
  • kassinao-mcp@1.0.6 publicado com proveniência no npm.

Atenção ao atualizar

Defina ALLOWED_GUILD_IDS para os servidores privados autorizados. GUILD_ID apenas limita o registro de comandos e não concede acesso. Use ALLOW_ALL_GUILDS=true somente se quiser operar deliberadamente uma instância pública multi-servidor.

Veja o changelog e o guia de atualização na documentação.

Kassinão 1.4.3

Choose a tag to compare

@resolvicomai resolvicomai released this 14 Jul 01:12
c5daa94

What's Changed

Full Changelog: v1.4.2...v1.4.3