v0.1.17

Changes

• Network access: Add per-install network access policy (localhost, localhost+tailscale, all) with HOST env override, chosen during onboarding and adjustable in System settings. (b9a8b7a)
• Network access: Move access filter into a dedicated module so config saves apply immediately without restart. (6ff3eb6, a55e39c)
• Network access: Show all bind addresses in startup log. (38d61df)
• Onboarding: Skip network step when HOST env locks the access policy, omitting the step from the wizard, summary row, and POST field. (9a2a659)
• Onboarding: Skip re-prompting for init password when session cookie is still valid. (b08884d)
• Auth: Add INIT_PASSWORD env to gate onboarding flow before a user password is set; replace prior AUTH_PASSWORD/NEXTAUTH_SECRET handling. (e4010a3)
• Workspace CLI: Inject a per-workspace Claude system prompt with purplemux CLI hints on server start, workspace create, rename, and directory change. (4faf0b2)
• Terminal UI: Lower header z-index so split button tooltip is not clipped; update Claude/Codex process icons to a dedicated Nerd Font glyph. (60d101b, b2de841)
• Copy pane: Allow editing text in copy pane drawer textarea. (70a835a)
• Session overlay: Restrict session-not-found overlay to terminal tabs only. (427ddd7)
• Landing page: Refocus hero on mobile workflow, add capability row above requirements strip. (26d67b6)
• Landing page: Track CTA clicks via PostHog autocapture across all 11 locale pages. (c9a02c6)
• Agent: Remove agent feature entirely and replace with workspace-scoped purplemux CLI. (4b89c65, 1e2169d, 5d60c65)
• Docs: Document npm version as the version bump workflow. (01fcbf1)

Fixes

• Security: Gate /api/auth/preflight behind session/CLI token once onboarding is complete to prevent leaking tool versions and Claude login state to unauthenticated callers; validate editorUrl server-side. (c49a656)
• Security: Require CLI token (x-pmux-token) for status hook endpoint, replacing the bypassable localhost IP check. (650c91a)