v0.9.2

What's Changed

• fix(sandbox): exit cleanly after harness instead of hanging (openlock-to9) by @vessux in #64
• chore(release): v0.9.2 — macOS static-z3 hotfix by @vessux in #65

Full Changelog: v0.9.1...v0.9.2

v0.9.1

What's Changed

• fix(release): build x64 Linux binary with bun baseline target (no AVX2) by @vessux in #63

Full Changelog: v0.9.0...v0.9.1

v0.9.1-rc1

Full Changelog: v0.9.0...v0.9.1-rc1

Full Changelog: v0.9.0...v0.9.1-rc1

Full Changelog: v0.9.0...v0.9.1-rc1

Full Changelog: v0.9.0...v0.9.1-rc1

v0.9.0

Onboarding golden path (setup → init → validate), a slim single-image multi-harness sandbox, and an actionable doctor. Bundled openshell fork stays at v0.6.0.

Added

• Onboarding wizards — openlock setup and openlock init. setup writes machine-wide defaults (runtime / harness / provider) to ~/.config/openlock/config.yaml, with the provider list filtered to harness-compatible ids. init scaffolds a project's .openlock/ — a commented config.yaml with a real workdir mount, a harness-trimmed policy.yaml, and a seeded Containerfile — via a fresh-entry fork (defaults or guided Q&A), gap-filling missing files without clobbering a complete folder (use --force). Non-TTY runs print a manual-config hint and exit non-zero.
• openlock validate. Checks a project's .openlock/ config and policy — structure, semantic mount rules, and filesystem source existence — against a single shared rule source, printing a per-file summary. Replaces the narrower validate-policy command.
• Slim, single-image sandbox with a multi-harness model. One base.Containerfile (Ubuntu + Node + Python 3 + uv, with sha256-pinned Node/uv tarballs) replaces the previous four-capability image matrix; per-project images layer on top of .openlock/Containerfile. New commands: openlock update-base, openlock prune-images [--legacy], and openlock --print-base-tag.
• Prebuilt base image on ghcr. Release tags now build and push a multi-arch (amd64 + arm64) ghcr.io/vessux/openlock-base:<hash>; fresh installs pull it instead of running the slow local apt/node/uv build. Local build stays the offline / air-gapped fallback.
• Onboarding documentation. Tracked docs/ walking the install → doctor → init → validate → sandbox golden path, plus a harness-agnostic docs/agent-config-reference.md and llms.txt.

Changed

• .openlock/ is now complete-or-error. sandbox no longer lazily scaffolds or restores a missing/incomplete .openlock/; it errors with a "run openlock init" hint instead.
• doctor is actionable and install-safe. Per-check fix hints under failures, Bun.which-based command detection (fixes a Fedora false-negative), a non-interactive mode safe for curl | sh, and install.sh now runs openlock doctor at the end.
• Cached dev-mode gateway builds. Fork-source cargo build --release output is cached by a fork-tree fingerprint (~190 s cold → ~74 ms hit); OPENLOCK_REBUILD=1 forces a rebuild.

Removed

• caps config key. The single base image carries Node, Python, and uv unconditionally; a stale caps: key is now rejected by openlock validate. Cap-keyed default-{js,py,js-py}.yaml policies and core*.Containerfile images collapse into a single default.yaml / base.Containerfile.
• validate-policy command, folded into openlock validate.

Fixed

• Sandbox harness symlinks. Inherited ln -sf lines pointing harness binaries at /usr/local/bin were clobbering the correct npm-created symlinks under the tarball-slim Node prefix; removed, and covered by a new live-integration smoke test.
• Restored mkdir -p /sandbox/repo in the base image so the bind-mount target pre-exists.
• Hardened the post-create exec integration test against an echo-proxy first-egress race (the recurring CI exit-56 flake).

Full Changelog: v0.8.0...v0.9.0

v0.8.0

What's Changed

• docs(readme): document sandbox boundary; podman exec bypasses supervisor by @vessux in #35
• test(fixtures): align openrouter strip_headers with test assertion by @vessux in #37
• feat(runtime): docker support alongside podman by @vessux in #38
• fix(sandbox): retry openshell create once on early-fail (bxm) by @vessux in #39
• fix(sandbox): non-destructive stop + reap; auto-start on reattach (bd openlock-27e) by @vessux in #40
• fix(sandbox): keep gateway alive while any session metadata exists (bd openlock-ne9) by @vessux in #41
• chore(deps): bump fork to v0.5.1; drop Error→exited workaround (bd openlock-z9i, openlock-jqj) by @vessux in #42
• chore(deps): bump fork to v0.6.0; provision sandbox-JWT for gateway by @vessux in #43
• chore(release): v0.8.0 — explicit-only provider; drop anthropic auto-default by @vessux in #44

Full Changelog: v0.7.0...v0.8.0

v0.7.0

Security

• openlock-hnp — sandbox egress bypass fixed. Pre-v0.7.0 openlock launched the harness via raw podman exec, landing it in the container's default netns with no HTTPS_PROXY, no Landlock, no cred_inject. Outbound HTTPS reached real upstreams directly — the sandbox wasn't actually a sandbox. Affected Mac and Linux equally. All users on v0.6.0 and earlier should upgrade. Fix in #34. Defense-in-depth follow-up (openlock-9nv) tracks closing the host-side podman exec bypass too.

What's Changed

• ci(live-integration): install podman 5.x from alvistack OBS (sjr) by @vessux in #31
• chore(mounts): drop legacy repo.bundle reserved name (post-v0.6.0) by @vessux in #32
• feat: xoz v1 — pluggable provider registry + OpenRouter by @vessux in #33
• fix(sandbox): route harness exec through openshell supervisor (openlock-hnp) by @vessux in #34

Full Changelog: v0.6.0...v0.7.0

What's Changed

• ci(live-integration): install podman 5.x from alvistack OBS (sjr) by @vessux in #31
• chore(mounts): drop legacy repo.bundle reserved name (post-v0.6.0) by @vessux in #32
• feat: xoz v1 — pluggable provider registry + OpenRouter by @vessux in #33
• fix(sandbox): route harness exec through openshell supervisor (openlock-hnp) by @vessux in #34

Full Changelog: v0.6.0...v0.7.0

v0.6.0

What's Changed

• test(integration): claude harness binary triggers cred_inject live by @vessux in #28
• fix(ensure-gateway): drop bash -c wrapper in startGateway by @vessux in #29
• feat: mount system v2 (bind + git-bundle + workdir-as-mount) by @vessux in #30

Full Changelog: v0.5.1...v0.6.0

v0.5.1

What's Changed

• fix(sandbox): unref gateway subprocess so compiled CLI exits by @vessux in #26
• chore(release): bump version to 0.5.1 by @vessux in #27

Full Changelog: v0.5.0...v0.5.1

v0.5.0

What's Changed

• feat: gateway visibility in openlock list + drop --keep-gateway by @vessux in #14
• feat(cli): shell completion + interactive session picker by @vessux in #15
• fix(cli): correctness follow-ups for openlock-9tb (3ri/jp1/s46) by @vessux in #16
• feat: branch push-back (k2g) — auto-promote + openlock refs by @vessux in #17
• chore(cli): dedupe command descriptions + dynamic completion test by @vessux in #18
• feat(sandbox): auto-reap idle-stale sessions on runSandbox exit by @vessux in #19
• feat(cli): openlock report — diagnostic bundle by @vessux in #20
• feat(sandbox): config-driven seeds (mounts/args/env) by @vessux in #21
• feat: multi-harness support (opencode alongside claude_code) by @vessux in #22
• fix(policy): allow %2F on npm registry for scoped packages by @vessux in #23
• feat(sandbox): migrate gateway start to fork v0.3.0 (TOML config) by @vessux in #24
• chore(release): bump version to 0.5.0 by @vessux in #25

Full Changelog: v0.4.0...v0.5.0

v0.4.0

What's Changed

• release: v0.4.0 by @vessux in #13

Full Changelog: v0.3.0...v0.4.0