You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Added
Added the realm-native control plane under d2b.realms.<realm>, including
canonical <workload>.<realm-path>.d2b targets, provider-neutral workload
identity, realm network and UI metadata, generated realm artifacts, bounded
realm/operation inspection commands, and metadata-only topology, access, and
resource-allocation layers.
Added the explicit, default-denied unsafe-local provider for host-user
workloads. Generic typed exec and shell launcher items now work across
local VMs, qemu-media, and unsafe-local targets through d2b launch, with
persistent host shells, same-UID helper supervision, Wayland identity rails,
and visible no-isolation posture.
Added daemon-owned serial-console and audio operations, including
provider-capability dispatch and host/guest mute and volume controls.
Added an opt-in FIDO2/WebAuthn security-key proxy that presents a host device
to opted-in guests as virtual HID over vsock without transferring USB
ownership, plus status, session, cancellation, test, and notification
commands.
Added explicit USB attachment for any physically present device to an
eligible VM, with preflight validation, audited ownership, and rollback.
Added the opt-in d2b-clipd clipboard authority, picker-driven cross-realm
paste, virtualized guest clipboard transport, and Niri focused-window
attribution.
Added a compositor-agnostic UI color contract rendered as /etc/d2b/ui-colors.json and /etc/d2b/ui-colors.css, with a Niri VM-border
backend and per-realm accent metadata.
Added macvtap-backed external network attachment for env net VMs, including
independent egress NAT, port forwards, and mDNS/.local reflection.
Added generated storage and synchronization contracts, read-only startup
validation, d2b host doctor --read-only, and d2b host migrate-storage --dry-run.
Added provider-aware graceful VM shutdown with configurable global and per-VM
timeouts, plus explicit --force lifecycle overrides.
Added experimental remote full-host and provider-managed Azure Container Apps
adapters with capability matrices, bounded backoff/circuit behavior, and
redacted diagnostics. Production remote transport remains out of scope.
Added release automation that creates a version tag and GitHub release with
host binaries, checksums, and a Nix hash manifest when a dated changelog
section reaches main.
Changed
Breaking: Renamed the project to d2b: Double Dutch Bus. Commands,
packages, services, sockets, Nix options, paths, schemas, and telemetry now
use only d2b naming; no legacy aliases are provided.
Breaking: Removed the legacy d2b.gateways and nested gateway/ACA sandbox
configuration surfaces. Configurations must migrate to d2b.realms.
Breaking: Explicit d2b:// targets must include the reserved .d2b
suffix; omitted suffixes no longer fall back to local VM routing.
Breaking: Unsupported constellation streams and operations now return
typed unsupported errors instead of falling back to generic byte streams.
Breaking: VMs using usbip.yubikey = true must enable guest control;
USBIP attach and detach no longer have an SSH fallback.
Advanced the public manifest schema to version 7 and the private bundle
contract to version 11. The release adds runtime/provider capabilities,
graceful-shutdown metadata, realm artifacts, configured launcher items,
unsafe-local helper policy, and storage/synchronization contracts.
Renamed the Wayland proxy package and binary to d2b-wayland-proxy and the
configuration surface to graphics.waylandProxy.*. The former option path is
retained as a compatibility alias for this release.
Moved audio process identity entirely into the daemon-managed audio runner and
retired the former audio service path.
Changed live VM activation to a broker-prepare, guest-control activation, and
broker-commit flow. Offline activation now fails closed except for explicit
boot staging.
Changed daemon list/status handling to use request-scoped artifact snapshots
and parallel per-VM status probes, improving consistency and desktop-client
latency.
Changed runtime/state creation to rely on tmpfiles-owned parents and
narrowly-scoped ACLs instead of activation-time permission repair.
Changed d2b-priv-broker.service default logging from debug to info.
Fixed
Fixed unsafe-local graphical launches by supervising the proxy and configured
app in one verified user scope with private runtime paths, typed readiness,
first-client gating, bounded socket names, exact child reaping, canonical
realm colors, and no direct-compositor fallback.
Fixed picker/clipboard protocol compatibility, focus restoration, proxied
virtual-keyboard replay, endpoint payload handling, cancellation, and
backpressure while preserving picker-only transfer authority.
Fixed console and audio session ownership, QMP chardev handling, PipeWire
targeting, and provider dispatch.
Fixed daemon restart and host-switch continuity: d2bd.service reports ready
only after socket bind and runner adoption, while running VMs remain alive.
Fixed guest exec and GUI launch establishment timeouts under heavy virtiofs
load.
Fixed runtime, state, guest-control, observability, and per-role ACL ordering
so daemon and runner access survives reboot and host switches without local
overrides.
Removed d2b usb enroll; qemu-media USB boot selection now uses qemuMedia.source.usbSelector.byIdName and d2b usb probe.
Security
Kept realm relay/provider credentials, remote registries, and realm audit out
of the host daemon, broker, and bundle; relay identity is never mapped to
local lifecycle authorization.
Enforced same-UID unsafe-local helper registration, private proxy/readiness
sockets, immutable proxy binaries, operation fingerprint parity, fail-closed
group eligibility, and explicit logout/login after new group assignment.
Enforced picker/clipd-only cross-realm clipboard transfer, strict bounded and
redacted protocol metadata, destination-focus verification, and proxy-safe
synthetic paste ordering.
Tightened broker, runtime, qemu-media, observability, and per-role path
ownership so diagnostics remain redacted and mutable host state stays within
its declared authority.