v0.10.0

0.10.0 (2026-06-15)

Features

• ops: make install-service --write install the unit + actionable systemd doctor fix (#267) (bf32d00)
• sessions: Forget a stopped session to clear it from Recent/resumable (#268) (7b68db8)

Bug Fixes

• recap: make the SessionStart hook survive a frozen one-file binary (#279) (6caa0ae)
• ui: clarify launch Mode label + gate Spawn selector to the standard bridge (#265) (fefc3d9)
• ui: make detached & hosted Stop/Kill/Resume clickable; honest claude.ai framing (#266) (fdfd326)

Performance

• test: shrink hosted stop-grace so the suite isn't 30s slower (#275) (3a1cd76)

v0.9.0

0.9.0 (2026-06-14)

Features

• agents: cloud-deregistering stop for background sessions (BG-3) (#218) (c3bae48)
• agents: dispatch a claude --bg [--rc <name>] background session (BG-2) (#215) (83e2ad4)
• agents: read-only background-agents panel (BG-1) (#214) (a755723)
• agents: wire dispatch + stop buttons into the bg-agents panel (BG-4) (#220) (99fb3eb)
• configurable usage badge — currency conversion + tokens-only mode (#192) (d53a7f5)
• hosted: --resume respawn of a lost hosted session (CL-7) (#236) (671eee7)
• hosted: claustrum daemon connect-or-spawn lifecycle (CL-2) (#229) (da8f72d)
• hosted: claustrum NDJSON JSON-RPC client + fake daemon fixture (CL-1) (#224) (dff6c33)
• hosted: hosted-channel session engine (CL-4a) (#230) (d9ab7e6)
• hosted: live-view UI for hosted sessions (CL-4c) (#233) (234e525)
• hosted: orphan detection + recovery after a daemon restart (CL-8) (#237) (6a64eef)
• hosted: permissions approve/deny UI for hosted sessions (CL-5) (#234) (d5acb2d)
• hosted: persist + reattach hosted sessions across restarts (CL-6) (#235) (ea45088)
• hosted: wire the hosted channel into the app (CL-4b) (#231) (2e219a3)
• logs: redact the session URL in the on-disk bridge log (redact_session_url) (#200) (aa60bf6)
• notify on bridge crash via Apprise (optional extra) (#197) (8a1d944)
• per-project preflight endpoint (GET /api/projects/{name}/preflight) (#193) (18c0ec6)
• service: default KillMode=process so pty bridges survive a restart (#206) (992f84b)
• ui: two-zone dashboard redesign; migrate icons to Tabler Icons (#248) (c060d93)

Bug Fixes

• agents: don't report a clean stop when no live worker was found (#255) (8dfd1e3)
• app: end send-only WS handlers on client disconnect — ghost tasks stalled shutdown (#243) (397d84b)
• app: enforce bypass-permissions ceiling on hosted + bg-agent channels (#249) (90d74c2)
• app: friendly HTML 404 for browser navigation; unify project-not-found wording (#247) (a6ad579)
• auth: fsync parent dir when creating session.secret (#261) (8fafd6b)
• ci: always run CodeQL so docs-only PRs aren't blocked by code-scanning rule (#196) (71a0b66)
• correctness/robustness batch from a clean-room audit (#252) (4e097e3)
• docker: bump base image digest to clear stale OpenSSL CVEs (#216) (231cd8d)
• don't render the live metrics line twice in rows layout (#190) (535efdd)
• hosted: handle an over-limit claustrum frame without killing the reader (#256) (dc0249e)
• hosted: permission allow updatedInput + stop exit-latch race (#242) (a84b937)
• hosted: resolve parked requests on exit + fix live-view double-wire (#254) (0f83fe1)
• hosted: scrub claustrum's daemonize sentinel from the spawned daemon env (#241) (02242cb)
• hosted: surface terminal state in live-view; stop the dead-session reconnect loop (#245) (fb51cf4)
• inspector: gate cwd attribution on agent-view kind/state (#213) (c116fe9)
• logs: whole first WS tail line + 0600 verbatim bridge log when redaction off (#259) (f6f2b30)
• scrub Clauster secrets from every spawned child environment (#253) (926f315)
• state: harden state writes — 0700 dir, 0600 atomic temp, fsync durability (#258) (bc09bee)
• ui: clear stale New-project dialog state on close, mode-switch, and edit (#246) (b000f75)
• ui: label launch controls + guard the launch button against double-submit (#260) (be3efde)
• ui: render the Active status rail + fix keyboard focus order (#250) (a82cbe8)
• ui: restore the Tabler + Alpine.js attribution in the dashboard footer (#198) (9366c8b)
• ui: status-presentation parity, untrusted indicator, bypass-confirm gating (#251) (2becb73)
• usage: tolerate malformed token values instead of 500-ing the rollup (#257) (dce4efc)

v0.8.0

0.8.0 (2026-06-07)

Features

• add gated Prometheus /metrics endpoint (#178) (adac1c6)
• add read-only /api/widget summary endpoint (#179) (b38f71d)
• ui: cards ⇄ rows dashboard layout toggle (#173) (da027f0)
• ui: honest currency label on the cost badge (symbol only for USD) (#167) (ce5321c)
• ui: live per-bridge resource metrics (CPU / memory / disk) (#172) (bc2992e)

Bug Fixes

• ci: stop @claude review from cancelling itself (#183) (abbd8bf)
• ui: correct and clarify the permission-mode tooltip (#165) (5e6539e)

v0.7.0

0.7.0 (2026-06-06)

Features

• ui: actionable empty-state CTA (#159) (f382c1a)
• ui: tooltips pass across the dashboard card (#158) (68c4009)

Bug Fixes

• address four low-severity review findings (#155) (824c234)
• stop misclassifying a live clauster-launched pty bridge as external (#153) (3d12a6b)

v0.6.0

0.6.0 (2026-06-05)

Features

• ui: redesign the project card — clearer hierarchy, one primary action (#143) (8723498)
• ui: trust-on-start — prompt to trust a directory at launch (#144) (110da36)

Bug Fixes

• doctor: suppress the false "port in use" warning in the dashboard (#142) (5a56c5f)

v0.5.0

0.5.0 (2026-06-05)

Features

• api: GET /api/doctor — surface system readiness as JSON (#127) (070a39c)
• cli: instance_name — retitle process clauster[<name>] for ps/pgrep (#130) (254379d)
• ui: system-readiness (preflight) panel on the dashboard (#129) (d752cda)
• pty: recover the Open-session deep link on a --continue resume (#135) (44d58e4)
• ui: distinguish "Interrupted" from "Stopped" on the dashboard card (#136) (91d5c87)

Bug Fixes

• pty: a --continue resume reads "Failed to start" while actually running (#134) (c39829c)
• runner: a phantom STOPPED instance shadows a live external bridge (#133) (c08395b)

v0.4.0

What's Changed in v0.4.0

Highlights: signed releases (Sigstore-signed wheels/sdists on every GitHub Release), a per-launch standard / pty resume-mode picker, reboot-orphan bridge recovery, a cost-badge privacy toggle, and a broad UTF-8 file-I/O hardening pass.

Features

• Per-launch resume-mode picker — choose standard or pty true-resume per bridge from the spawn controls (#103)
• Resume UX — "Restart" renamed to Resume, plus a warned "Start new session" action (#101)
• Reboot-orphan recovery — after a host reboot, a discovered-but-dead bridge is resurfaced as a resumable stopped card instead of being silently dropped (#110)
• Cost-badge privacy toggle — usage.show_cost: false hides the per-project cost badge and skips the usage fetch (screen-share / demos); cost-figure provenance now documented (#121)

Bug Fixes

• Bridge mode is an instance property — editing claude.resume_mode no longer silently re-modes an already-running/stopped bridge; stop/resume honor the mode it launched with (#100)
• UTF-8 file I/O — explicit encoding="utf-8" on all file reads/writes, and a fix for an uncaught UnicodeDecodeError (it's a ValueError, not caught by except OSError) that could drop bridge-log markers or break malformed-input handling across several readers (#122)
• PID-reuse window tightened in is_live_bridge so a stop signal can't reach an unrelated reused PID (#104)
• Recap prompt-injection hardening — the recap boundary is now un-forgeable (SENTINEL-anchored) (#105)
• ~/.claude.json lost-update guard — the read-modify-write is flock-serialized so concurrent writers can't clobber each other's trust/remote-control state (#108)

Performance

• Test suite ~48s → ~14s on CI via pytest-xdist parallelism (#111)

Supply chain & CI

• Signed Releases (OpenSSF Scorecard) — release sdist/wheel are now Sigstore-signed and attached to the GitHub Release via an immutable draft→sign→publish flow (#114)
• PR-review setup: CodeRabbit as the automatic reviewer, Claude as an on-demand @claude backup; calibrated .coderabbit.yaml (#113, #116, #117, #119, #120)
• codecov.yml tuned to best practice; Codecov upload skipped on release PRs (#115, #109)
• Trivy image scan moved to main-push + cron (faster PRs) (#112)

Tests

• End-to-end clone-pipeline test (POST → background task → WebSocket progress) (#106)
• win32 pty-mode guard coverage (#107)

Full Changelog: v0.3.0...v0.4.0

v0.3.0

0.3.0 (2026-06-03)

Features

• docker: add a Docker Compose quickstart (#97) (e6c914d)
• doctor: check that the claude CLI is logged in (#84) (f902f23)

Bug Fixes

• runner: serialize concurrent spawns of the same project (#91) (2dc8eb0)
• runner: stop wiping persisted metadata for untracked projects (#92) (cca1c69)
• show Restart for stopped pty bridges so true-resume is reachable (#99) (5ea38aa)

v0.2.2

0.2.2 (2026-06-03)

Security

• This is a security release. A non-loopback bind (e.g. 0.0.0.0 or a LAN IP) could serve the dashboard unauthenticated when auth.enabled was left at its default false — even with a password configured — because the runtime guard only enforces auth when auth.enabled is set, while config validation did not require it. The config validator now refuses to start a non-loopback bind unless authentication is actually enforced (auth.enabled: true together with auth.password_required + a hash, or auth.reverse_proxy.enabled; or the explicit auth.allow_unauthenticated_network opt-out). All prior releases (≤ 0.2.1) are affected, including the Docker image. Upgrade, and on any networked deployment set auth.enabled: true. See GHSA-h4g2-xfmw-q2c9.

Bug Fixes

• auth: refuse non-loopback bind unless auth is actually enforced (#88) (d89d753)

v0.2.1

0.2.1 (2026-06-03)

Documentation

• absolute GitHub URLs in README so images render on PyPI (#79) (1feef42)