v0.3.1

What's Changed

• fix: add _readableState.ended to net.Socket stub (fixes #71) by @aayushprsingh in #73
• fix: exec() node fallback + feat: includeNodeShims option (fixes #64, #63) by @aayushprsingh in #66
• Fix nested export-star expansion in node loader by @Vercantez in #69
• fix(nodejs): scope npm/npx host fallback roots by @atharvasingh7007 in #72
• Migrate per-VM resource limits + virtualized identity from env to the BARE wire by @NathanFlurry in #82
• test: regression coverage for V8 Intl crash (#70), cross-exec loopback (#88), and JSON-over-VFS result decode (#11/#59) by @NathanFlurry in #97
• [codex] Restore sidecar reuse fast paths by @NathanFlurry in #98
• security: fix guest-reachable sandbox issues + remove over-defense against trusted config by @NathanFlurry in #100
• [codex] security runtime followups by @NathanFlurry in #99
• fix sandbox networking loopback dev servers by @NathanFlurry in #101
• [codex] refactor VFS into reusable crates and backends by @NathanFlurry in #102
• chore: rename to @agentos-software & @rivet-dev/agentos by @NathanFlurry in #105
• ci: publish WASM command packages manually, not in CI by @NathanFlurry in #107
• docs: website overhaul, OS-level pages link to agentOS, permissions tool→binding by @NathanFlurry in #106
• test+docs: host-mounted node_modules resolution (#109) by @NathanFlurry in #113
• feat: /workspace cwd + /home/agentos home + binding facade + all-platform publish by @NathanFlurry in #110
• fix: create crate asset dirs during publish by @NathanFlurry in #115
• fix: publish secure-exec vfs crates by @NathanFlurry in #116
• fix: coerce default http2.connect port to a number by @abcxff in #117
• ci(publish): guard native sidecar platform set by @NathanFlurry in #120
• fix(resolver): actionable "module not found" + host-mounted node_modules symlink coverage by @NathanFlurry in #114
• [codex] test custom JS VFS mounts by @NathanFlurry in #125
• perf: cut create-session latency via agent-SDK heap snapshot by @NathanFlurry in #124
• feat(codex+claude): wasi runtime fidelity fixes (non-blocking pipe/socket I/O, v8-bridge fidelity, codex toolchain) by @NathanFlurry in #126
• fix: backpressure bounded queues instead of destroying the session/sidecar + centralized queue tracker by @NathanFlurry in #123
• fix(v8-bridge): yield a macrotask between bridge socket reads (undici keep-alive leak) by @NathanFlurry in #122
• fix: repair main after #124 (rustfmt 1.96.0 + userland_code test ctors + clippy) by @NathanFlurry in #127

New Contributors

• @aayushprsingh made their first contribution in #73
• @Vercantez made their first contribution in #69
• @atharvasingh7007 made their first contribution in #72
• @abcxff made their first contribution in #117

Full Changelog: v0.3.0...v0.3.1

v0.3.1-rc.4

What's Changed

• fix: create crate asset dirs during publish by @NathanFlurry in #115
• fix: publish secure-exec vfs crates by @NathanFlurry in #116
• fix: coerce default http2.connect port to a number by @abcxff in #117
• ci(publish): guard native sidecar platform set by @NathanFlurry in #120
• fix(resolver): actionable "module not found" + host-mounted node_modules symlink coverage by @NathanFlurry in #114
• [codex] test custom JS VFS mounts by @NathanFlurry in #125
• perf: cut create-session latency via agent-SDK heap snapshot by @NathanFlurry in #124
• feat(codex+claude): wasi runtime fidelity fixes (non-blocking pipe/socket I/O, v8-bridge fidelity, codex toolchain) by @NathanFlurry in #126
• fix: backpressure bounded queues instead of destroying the session/sidecar + centralized queue tracker by @NathanFlurry in #123
• fix(v8-bridge): yield a macrotask between bridge socket reads (undici keep-alive leak) by @NathanFlurry in #122

New Contributors

• @abcxff made their first contribution in #117

Full Changelog: v0.3.1-rc.3...v0.3.1-rc.4

v0.3.1-rc.3

What's Changed

• feat: /workspace cwd + /home/agentos home + binding facade + all-platform publish by @NathanFlurry in #110

Full Changelog: v0.3.1-rc.1...v0.3.1-rc.3

v0.3.1-rc.2

What's Changed

• fix: add _readableState.ended to net.Socket stub (fixes #71) by @aayushprsingh in #73
• fix: exec() node fallback + feat: includeNodeShims option (fixes #64, #63) by @aayushprsingh in #66
• Fix nested export-star expansion in node loader by @Vercantez in #69
• fix(nodejs): scope npm/npx host fallback roots by @atharvasingh7007 in #72
• Migrate per-VM resource limits + virtualized identity from env to the BARE wire by @NathanFlurry in #82
• test: regression coverage for V8 Intl crash (#70), cross-exec loopback (#88), and JSON-over-VFS result decode (#11/#59) by @NathanFlurry in #97
• [codex] Restore sidecar reuse fast paths by @NathanFlurry in #98
• security: fix guest-reachable sandbox issues + remove over-defense against trusted config by @NathanFlurry in #100
• [codex] security runtime followups by @NathanFlurry in #99
• fix sandbox networking loopback dev servers by @NathanFlurry in #101
• [codex] refactor VFS into reusable crates and backends by @NathanFlurry in #102
• chore: rename to @agentos-software & @rivet-dev/agentos by @NathanFlurry in #105
• ci: publish WASM command packages manually, not in CI by @NathanFlurry in #107
• docs: website overhaul, OS-level pages link to agentOS, permissions tool→binding by @NathanFlurry in #106
• test+docs: host-mounted node_modules resolution (#109) by @NathanFlurry in #113

New Contributors

• @aayushprsingh made their first contribution in #73
• @Vercantez made their first contribution in #69
• @atharvasingh7007 made their first contribution in #72

Full Changelog: v0.3.0...v0.3.1-rc.2

v0.3.1-rc.1

What's Changed

• fix: add _readableState.ended to net.Socket stub (fixes #71) by @aayushprsingh in #73
• fix: exec() node fallback + feat: includeNodeShims option (fixes #64, #63) by @aayushprsingh in #66
• Fix nested export-star expansion in node loader by @Vercantez in #69
• fix(nodejs): scope npm/npx host fallback roots by @atharvasingh7007 in #72
• Migrate per-VM resource limits + virtualized identity from env to the BARE wire by @NathanFlurry in #82
• test: regression coverage for V8 Intl crash (#70), cross-exec loopback (#88), and JSON-over-VFS result decode (#11/#59) by @NathanFlurry in #97
• [codex] Restore sidecar reuse fast paths by @NathanFlurry in #98
• security: fix guest-reachable sandbox issues + remove over-defense against trusted config by @NathanFlurry in #100
• [codex] security runtime followups by @NathanFlurry in #99
• fix sandbox networking loopback dev servers by @NathanFlurry in #101
• [codex] refactor VFS into reusable crates and backends by @NathanFlurry in #102
• chore: rename to @agentos-software & @rivet-dev/agentos by @NathanFlurry in #105
• ci: publish WASM command packages manually, not in CI by @NathanFlurry in #107
• docs: website overhaul, OS-level pages link to agentOS, permissions tool→binding by @NathanFlurry in #106
• test+docs: host-mounted node_modules resolution (#109) by @NathanFlurry in #113

New Contributors

• @aayushprsingh made their first contribution in #73
• @Vercantez made their first contribution in #69
• @atharvasingh7007 made their first contribution in #72

Full Changelog: v0.3.0...v0.3.1-rc.1

v0.3.0

What's Changed

• feat: add Rust secure-exec runtime library by @NathanFlurry in #53
• feat: configurable JS runtime platform (CreateVmConfig.jsRuntime) by @NathanFlurry in #78
• perf(sidecar): cut guest fs RPC latency (fs-heavy workloads 5.7–41× faster) by @NathanFlurry in #77
• fix(ci): resolve pnpm/action-setup version conflict by @NathanFlurry in #83
• Security review fixes (secure-exec) by @NathanFlurry in #79
• fix(example): native-client uses current CreateVmConfig (unblocks CI) by @NathanFlurry in #84
• Security hardening: chokepoint lint + default-deny/safe-default guards by @NathanFlurry in #85
• Security review: close coverage gaps (DNS rebinding, supply chain, builtin desync, browser isolation) by @NathanFlurry in #86
• style: rustfmt security-review additions (unblock cargo fmt --check) by @NathanFlurry in #87
• feat: opt-in wall-clock execution backstop (complements CPU-time budget) by @NathanFlurry in #89
• fix(clippy): resolve -D warnings lints in security-review code by @NathanFlurry in #90
• ci: pin rust toolchain (1.96.0) + fix clippy lints by @NathanFlurry in #93
• test: make env-dependent dns/abort-signal conformance robust on CI by @NathanFlurry in #94
• test: stabilize crash-isolation timeout (pre-existing flake) by @NathanFlurry in #95

Full Changelog: v0.2.1...v0.3.0

v0.3.0-rc.2

What's Changed

• feat: add Rust secure-exec runtime library by @NathanFlurry in #53
• feat: configurable JS runtime platform (CreateVmConfig.jsRuntime) by @NathanFlurry in #78
• perf(sidecar): cut guest fs RPC latency (fs-heavy workloads 5.7–41× faster) by @NathanFlurry in #77
• fix(ci): resolve pnpm/action-setup version conflict by @NathanFlurry in #83
• Security review fixes (secure-exec) by @NathanFlurry in #79
• fix(example): native-client uses current CreateVmConfig (unblocks CI) by @NathanFlurry in #84
• Security hardening: chokepoint lint + default-deny/safe-default guards by @NathanFlurry in #85
• Security review: close coverage gaps (DNS rebinding, supply chain, builtin desync, browser isolation) by @NathanFlurry in #86
• style: rustfmt security-review additions (unblock cargo fmt --check) by @NathanFlurry in #87
• feat: opt-in wall-clock execution backstop (complements CPU-time budget) by @NathanFlurry in #89
• fix(clippy): resolve -D warnings lints in security-review code by @NathanFlurry in #90
• ci: pin rust toolchain (1.96.0) + fix clippy lints by @NathanFlurry in #93
• test: make env-dependent dns/abort-signal conformance robust on CI by @NathanFlurry in #94

Full Changelog: v0.2.1...v0.3.0-rc.2

v0.3.0-rc.1

What's Changed

• feat: add Rust secure-exec runtime library by @NathanFlurry in #53
• feat: configurable JS runtime platform (CreateVmConfig.jsRuntime) by @NathanFlurry in #78
• perf(sidecar): cut guest fs RPC latency (fs-heavy workloads 5.7–41× faster) by @NathanFlurry in #77
• fix(ci): resolve pnpm/action-setup version conflict by @NathanFlurry in #83
• Security review fixes (secure-exec) by @NathanFlurry in #79
• fix(example): native-client uses current CreateVmConfig (unblocks CI) by @NathanFlurry in #84
• Security hardening: chokepoint lint + default-deny/safe-default guards by @NathanFlurry in #85
• Security review: close coverage gaps (DNS rebinding, supply chain, builtin desync, browser isolation) by @NathanFlurry in #86
• style: rustfmt security-review additions (unblock cargo fmt --check) by @NathanFlurry in #87
• feat: opt-in wall-clock execution backstop (complements CPU-time budget) by @NathanFlurry in #89
• fix(clippy): resolve -D warnings lints in security-review code by @NathanFlurry in #90
• ci: pin rust toolchain (1.96.0) + fix clippy lints by @NathanFlurry in #93
• test: make env-dependent dns/abort-signal conformance robust on CI by @NathanFlurry in #94

Full Changelog: v0.2.1...v0.3.0-rc.1

v0.2.1

Full Changelog: v0.2.0...v0.2.1

v0.2.1-rc.1

Full Changelog: v0.2.0...v0.2.1-rc.1