Skip to content

Releases: BOHICA-LABS/darkshell

DarkShell v1.0.0

23 Mar 04:22
@github-actions github-actions
ds-v1.0.0
7c30353
This commit was signed with the committer’s verified signature.
drbothen Joshua Magady
GPG key ID: DAC5CB283C0C6AAB
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
DarkShell v1.0.0 Latest
Latest

[ds-v1.0.0] - 2026-03-23

Bug Fixes

  • (sandbox) Flaky status updates
  • (server) Cleanup server multiplexing, tls
  • (sandbox) Dynamically create and chown read_write directories
  • (sandbox) Add network namespace isolation for proxy mode
  • (cluster) Use iptables DNS proxy instead of host gateway for k3s DNS
  • (docs) Update quickstart command
  • (ci) Install docker buildx plugin for multi-arch image builds
  • (ci) Create multi-platform buildx builder for ECR publish mode
  • (ci) Create docker context for TLS-enabled DinD before buildx
  • (ci) Unset TLS env vars before buildx to avoid context conflict
  • (ci) Publish_ecr_images correctly publishes images (!15)
  • (cluster) Preserve gateway TLS settings during cluster deploy
  • (sandbox) Enforce network namespace and proxy policy in SSH sessions (!17)
  • (ci) Install cargo:cargo-edit on the CI image, add file that got missed
  • (ci) Make the multiplatform wheel build work in CI
  • (cli) Use raw cluster name for remote kubeconfig path lookup (!25)
  • (cluster) Remove stale image on destroy and verify architecture after pull
  • (security) Reject CONNECT to internal IPs (SSRF defense-in-depth) (!37)
  • (ci) Resolve sandbox Dockerfile path in multiarch publish script
  • (ci) Update publish job to see all tags
  • (sandbox) Prevent 30s stalls in HTTP proxy response relay (!44)
  • (sandbox) Avoid repeated TOFU rehashing for unchanged binaries (!47)
  • (sandbox) Fail closed when proxy netns setup fails (!50)
  • (providers) Prevent home path escape in expand_home (!54)
  • (cli) Use cluster URL port for SSH gateway resolution (!57)
  • (router) Replace model ID in request body with route-configured model (!56)
  • (sandbox) Emit structured CONNECT deny log for inference interception failures (!60)
  • (sandbox) Add HTTP/2 keep-alive and reconnect loop for log push (!61)
  • (logs) Reduce log noise and add reconnect observability (!62)
  • (providers) Use name instead of type on lookup (#46)
  • Inference routing improvements (#56)
  • (cli) Pass cluster name to ssh-proxy child process for correct TLS path resolution (#52)
  • (ci,publish) Harden publish flow and cache nemoclaw wheel builds (#55)
  • (cluster) Fully release resources on destroy to prevent port conflicts (#64)
  • (sandbox) Eliminate SSH transport race causing flaky E2E tests (#69)
  • (ci) Pin Python to 3.12.12 to avoid broken 3.12.13 source build (#74)
  • (ci) Harden cargo build retry by wiping target dir and disabling sccache (#77)
  • (proxy) Return 403 for non-CONNECT requests, add deny logging, and revise error messages (#79)
  • (cli) Add path hints for file-valued flags (#86)
  • (sandbox) Fix data corruption in sync --down and hang in sync --up (#93)
  • (ci) Replace deleted gsactions/dco-check with contributor-assistant (#98)
  • (security) Harden sandbox SSH with mandatory HMAC secret, NetworkPolicy, and nonce replay detection (#127)
  • (sandbox) Remove control plane bypass from proxy (#128)
  • (sandbox) Verify effective UID/GID after privilege drop (#132)
  • (cluster) Add openssl package to cluster image (#137)
  • (server) Prevent unbounded bus entry growth for sandbox IDs (#138)
  • (cluster) Replace openssl with /dev/urandom in cluster image (#139)
  • (server) Clamp list RPC page limit to prevent unbounded queries (#140)
  • (docker) Remediate container scan vulnerabilities across CI, cluster, and sandbox images (#144)
  • (server) Add field-level size limits to sandbox and provider creation (#145)
  • (build) Propagate packaged version through cluster artifacts (#164)
  • (ci) Standardize safe tag fetches (#165)
  • (ci) Drop unnecessary pipefail in docker build workflow (#166)
  • (ci) Use docker-safe publish image tags (#169)
  • (cli) Scope git-aware sandbox uploads to requested path (#171)
  • (sandbox) Fix create ordering race, dual-registry credentials, and policy identity clearing (#176)
  • (security) Add SSH session token expiry, connection limits, and lifecycle cleanup (#182)
  • (sandbox) Treat IPv6 ULA addresses as internal (#173)
  • (sandbox) Improve inference route refresh with conditional fetch and configurable interval (#185)
  • (containers) Remediate high-severity container vulnerabilities and remove openclaw (#191)
  • (tui) Use correct ssh-proxy CLI args in shell connect and exec (#193)
  • (docker) Remove unsupported npm dedupe -g command (#194)
  • (server) Merge provider credentials/config on update instead of replacing (#202)
  • (bootstrap) Update hardcoded navigator namespace refs to openshell (#212)
  • Switch community sandbox registry to GHCR and align TLS paths (#218)
  • (cli) Improve sandbox provisioning progress indicator (#221)
  • (cluster) Skip DNS probe for IP-literal registry hosts (#229)
  • (policy) Enforce run_as_user/run_as_group must be 'sandbox' (#230)
  • (cli) Improve completion coverage and gateway selection (#241)
  • (cluster) Add missing k9s build stage to Dockerfile.cluster (#254)
  • (cluster) Run helm/kubectl inside container via docker exec (#255)
  • (proxy) Stream inference responses instead of buffering entire body (#261)
  • (cli) Add --no-keep for ephemeral sandbox create cleanup (#258)
  • (sandbox) Opt Node clients into proxy env support (#269)
  • (install) Use gh CLI for release downloads instead of HTTP (#285)
  • (bootstrap) Detect missing sandbox supervisor binary during gateway health check (#281)
  • (sandbox) Bypass proxy for localhost traffic (#290)
  • (cli) Use line-based stdin read for gateway recreate prompt (#292)
  • (canary) Use curl instead of gh CLI for release download (#299)
  • (cli) Show startup feedback for foreground forwards (#296)
  • (ci) Trigger release-tag workflow via workflow_dispatch from auto-tag (#315)
  • (cli) Check port availability before starting SSH forward (#309)
  • (router) Stop dropping client-sent default headers like anthropic-version (#320)
  • (ci) Use BuildKit secrets instead of build-arg for GITHUB_TOKEN (#327)
  • (core) Harden file permissions for user config directory (#328)
  • (ci) Remove legacy wheel publishing machinery (#331)
  • (ci) Prune stale devel wheel assets (#332)
  • (ci) Run wheel pruning before moving devel tag (#334)
  • (ci) Use github-script for wheel pruning instead of gh CLI (#354)
  • Security hardening from aardvark/codex scanner findings (#352)
  • (bootstrap) Use host cgroup namespace for gateway container (#329)
  • (bootstrap) Support cgroup v1 hosts by disabling kubelet failCgroupV1 check (#360)
  • (ci) Add actions:write permission to release-auto-tag workflow (#361)
  • (cli) Use --name flag in gateway destroy help messages (#368)
  • (e2e) Replace Docker Hub images in E2E tests to avoid rate limits (#369)
  • Use dedicated vouched branch to avoid branch protection (#379)
  • (ci) Skip remote sccache config for fork PRs (#388)
  • (verification) Send content type (#382)
  • (ci) Skip auto-tag when no new commits since latest tag (#399)
  • (docs) Resolve Pygments console lexer error in LM Studio tutorial (#402)
  • (installer) Remove duplicate app name in install output (#408)
  • (server) Add startup probe for gateway boot (#417)
  • (ci) Use published install script in release workflows (#416)
  • (deploy) Remove duplicate glob pattern in manifest cleanup loop (#428)
  • (ci) Check author_association before API calls in vouch gate (#442)
  • (ci) Fetch author_association via REST API instead of webhook payload (#444)
  • (ci) Pass wheel filenames as job output instead of re-downloading (#418)
  • (ci) Use ORG_READ_TOKEN for org membership check in vouch gate (#445)
  • (ci) Split vouch gate into two steps with separate tokens (#446)
  • (cli) Suppress browser popup during auth via OPENSHELL_NO_BROWSER env var (#419)
  • (ci) Use env context instead of secrets in step-level if condition (#452)
  • (ci) Simplify dev release install instructions to use install.sh (#453)
  • (bootstrap) Auto-cleanup Docker resources on failed gateway deploy (#464)
  • (bootstrap) Surface diagnostics for K8s namespace not ready failures (#466)
  • (sandbox) Rotate openshell.log daily, keep 3 files (#431)
  • (e2e) Update log-reading helpers for rolling file appender (#480) (#481)
  • (router) Increase inference validation token budget (#432)
  • (gateway) Allow first live network policy update (#493)
  • (docker) Set migrations dir permissions to 755 on COPY (#475)
  • (docker) Propagate OPENSHELL_IMAGE_TAG to cross-compile Dockerfiles (#530)
  • Remediate 5 critical findings from adversarial code review
  • Remediate darkshell-observe High+Medium findings
  • Remediate darkshell-mcp High+Medium findings
  • Remediate blueprint+CLI High+Medium findings
  • Remediate all 21 LOW findings from adversarial review
  • Use ephemeral port in sandbox_create_keeps_sandbox_with_forwarding test
  • (ci) Fix fork validation crate name check and security workflow
  • (ci) Resolve all CI pipeline failures + add lefthook
  • (ci) Exclude THIRD-PARTY-NOTICES from typos check (Dutch legal text)
  • (ci) Exclude CHANGELOG.md from typos (generated from upstream commits)
  • (ci) Skip upstream drop_privileges test on GitHub runners
  • (ci) Install cross via cargo instead of nonexistent action

Build

  • Add publishing for docker images and python wheel

CI/CD

  • Add GitHub Actions CI workflow with lint, test, and image build (#1)
  • Add publish workflow and refactor e2e into reusable workflow (#53)
  • Fix docs-build publish job and rename snapshot release to devel (#121)
  • (docs) Disable publish job until GitHub Pages is configured (#122)
  • Rename GHCR image paths from nv-agent-env to nemoclaw (#126)
  • (docs) Finish setting up PR doc preview workflow (#160)
  • Remove sandbox docker build from publish and e2e workflows (#275)
  • Speed up E2E pipeline by running on arm64 runners and skipping redundant cluster rebuild (#278)
  • (release) Pin OPENSHELL_IMAGE_TAG to version for tagged releases (#297)
  • (release) Add canary triggered after release workflow (#...
Read more

Contributors

drbothen
Assets 8
Loading