Operations

Changelog

End-user release notes for GlobalStacks.

Changelog

0.1.182

Date: 2026-06-06

Main capability: scoped app and agent authorization.

Added

Add device pairing screens for reviewing BYO host-agent installations.
Add OAuth consent screens for authorizing external clients against organizations, clusters, or sandboxes.
Add a Connected apps screen for reviewing and revoking external client access.
Add signed-request interaction screens for approving or denying agent-native requests.
Show a combined CLI install-and-device-login command as the recommended setup path in the console.
Document OAuth device login as the recommended CLI authentication flow.
Show cross-agent infra mesh health in the host table and host overview.
Document Tailscale-compatible agent mesh networking, sandbox DNS aliases, and virtual addressing.
Keep host-reported mesh health fresh between topology changes and back off repeated sandbox runtime reconcile failures.
Show completed host-pairing approvals as a clean confirmation state instead of a disabled review form.
Run an optional managed Headscale mesh backend so the control plane can mint short-lived host mesh join keys automatically.

Fixed

Require mesh control-plane settings during deployment so upgraded hosts can reconcile cross-agent mesh instead of staying degraded.
Default deployment examples to managed mesh instead of requiring reusable mesh join credentials.
Give host mesh joins a longer configurable timeout so first-time Headscale joins can finish instead of reporting degraded too early.
Keep degraded host mesh reconciliation retrying after reconnects and keep the managed mesh backend available if startup races its API socket.
Let host agents recover from timed-out mesh joins by accepting the next reconciliation attempt and resetting stale local mesh state.
Use control-plane assigned mesh addresses during host mesh reconciliation when local mesh readiness lags after registration.
Report the final host mesh reconciliation result after a timeout so stale overlap notices do not leave hosts marked degraded.
Avoid brief false degraded host mesh states during upgrades when assigned-address recovery completes just after the local mesh timeout.
Show each host’s current mesh address on the host overview mesh card and connected-hosts table.
Add a mesh view to the connected-hosts list with a visual map of ready hosts, their mesh addresses, and placeholder latency labels.
Replace placeholder host mesh latency labels with agent-reported peer latency probes in the connected-hosts mesh view.
Replay host mesh topology when upgraded agents need peer endpoint data for latency probes, and probe peer mesh addresses directly when hostname dialing is not ready.
Install the managed mesh traffic policy at startup so joined hosts can exchange cross-host mesh traffic and report peer latency by default.
Give typed host-agent upgrades enough time to complete on busy hosts before marking the upgrade action failed.
Return from host-agent upgrade scheduling immediately so the console does not stay stuck while a host finishes the typed upgrade action.
Recover host terminal sessions that timed out before the agent reported any shell output.
Recover host terminal pages from stale session URLs after a control-plane restart.
Keep host log tailing steady as new lines arrive and avoid showing typed runtime actions as operator terminal connect/disconnect noise.
Make the connected-hosts mesh view easier to scan with clearer host nodes, link badges, and summary health metrics.
Draw connected-host mesh links to host node edges so topology lines no longer cut through host cards.
Add a direct Install host agent action to the Hosts page and clarify that host enrollment uses the gstacks-agent installer, not CLI-only auth.
Keep host mesh retries from replacing an in-progress tsnet join after timeouts.
Recover degraded host mesh sessions by restarting the local mesh join and probing peer latency after listeners are ready.
Make the host agent installer a single device-authenticated command that installs gstacks, approves host enrollment, and installs gstacks-agent with a short-lived token.
Publish Windows gstacks-agent release artifacts for mesh and port-forwarding hosts without JuiceFS volume support.
Prompt for elevated permissions when a non-root macOS operator upgrades an existing system host agent.
Keep CLI device-login QR codes inside the terminal instead of opening a temporary image file.
Choose a default sandbox terminal shell from sandbox settings, with matching CLI shell overrides for new host and sandbox terminal sessions.

0.1.181

Date: 2026-05-31

Main capability: safer sandbox runtime reconciliation.

Fixed

Prevent background sandbox start and stop reconciliation from sending many concurrent runtime actions to the same host.
Cancel host-agent runtime actions when the control-plane request times out so stale Docker or Proxmox work does not keep piling up.
Show the GlobalStacks system organization to owner accounts that are members of it, add a scripted system workspace/bootstrap cluster create path, and keep normal organization settings changes disabled for that system workspace.
Keep fast console reloads from briefly showing the sign-in screen or missing-asset errors during live frontend rebuilds.
Create a dedicated system build cluster for the system organization so infrastructure and build workflows can start from an active cluster context.

0.1.180

Date: 2026-05-31

Main capability: faster console overview loading.

Changed

Load the console overview from a cached organization snapshot first, with automatic refresh when infrastructure state changes.
Fall back to live reads when the cached overview is unavailable so the console remains usable during cache outages.

Fixed

Re-enrolling the same host now updates the existing host record instead of creating duplicate connected-host rows.

0.1.179

Date: 2026-05-31

Main capability: source-control repository connections for builds.

Added

Add Gitea and GitHub source-control provider connections and repository connections for Git-backed blueprint and extension runtime builds.
Allow builds, extension setup, and sandbox repository bootstrap to select a repository connection instead of manually wiring source access policies.
Keep source credentials stored as broker secrets and pass private HTTPS build credentials only through brokered source egress.

0.1.178

Date: 2026-05-31

Main capability: system-owned extension publishing and stricter install consent.

Changed

Manage first-party extension listings, versions, runtime builds, and shared artifacts through the GlobalStacks system organization.
Require cluster-scoped consent before sandbox-backed extensions can be installed into a tenant.
Show and record extension build runtime and build egress requirements during install consent.
Keep sandbox-backed extension installs blocked until an immutable runtime artifact is published.

0.1.177

Date: 2026-05-31

Main capability: database-generated sandbox IDs.

Changed

Generate new sandbox IDs with the gssbx_ prefix from the database.
Allow SSH config and proxy aliases to connect by direct gssbx_<sandbox-id> aliases as well as gs-<sandbox-name>.
Update CLI examples to use the new sandbox ID shape.

0.1.176

Date: 2026-05-31

Main capability: first-class build foundations.

Added

Add typed API and CLI commands for creating and tracking Git-backed builds that produce blueprint artifacts.
Add a console Builds page for tracking build status, placement, source, artifacts, and blocked errors.
Add blueprint detail pages that show artifact metadata, cache state, and related build status.
Queue source builds on the BuildKit builder blueprint dependency before host placement or builder sandbox creation.
Reconcile the digest-pinned BuildKit builder blueprint and provision a builder sandbox on the selected build host before waiting for typed build execution.
Build and publish the BuildKit builder image through a dedicated workflow, then require a digest-pinned builder seed image before source builds can run.
Mirror builder sandbox readiness and provisioning failures back into build and blueprint status.
Dispatch source builds to the assigned host agent through a typed build request once the builder sandbox is ready.
Push successful build output to the internal blueprint registry with a short-lived scoped credential and activate the blueprint from the digest-pinned artifact.
Run source builds through the builder sandbox’s sandbox-agent socket, with declared build egress enforced by the host-agent sandbox egress proxy.
Add dedicated build permissions for reading, creating, canceling, and retrying build requests.
Validate build source, Dockerfile paths, egress hosts, and builder selection before a build can be scheduled.
Keep source builds fail-closed until eligible build sandbox support is available, with hosted infrastructure requiring micro-VM isolation.
Add extension manifest build declarations for first-party extensions so build-time egress is separate from runtime permissions and egress.

0.1.175

Date: 2026-05-31

Main capability: blueprint workload process defaults.

Added

Add blueprint and sandbox process settings for setup hooks, start commands, working directories, readiness checks, and sandbox-level overrides.
Keep the sandbox agent as the default runtime path when no workload process is configured.
Add sandbox and blueprint entry point command fields, with blueprint sandboxes defaulting to sleep infinity when no long-lived command is configured.
Start Proxmox blueprint sandboxes with a keepalive entry point so OCI-style root filesystems stay online before the sandbox workload starts.
Show Proxmox sandbox start diagnostics with CT config highlights, recent start task logs, and likely-cause hints when a container fails before it becomes inspectable.
Separate developer profiles from extension profiles, with publisher identity on the developer and marketplace, install, scope, webhook, visibility, and media fields on each extension.
Add typed host agent upgrades from the console and CLI, with confirmation before scheduling an agent service restart.
Separate extension-provided operations from required permissions and scopes in install consent, and mount installed extension configuration views inside sandboxed console iframes.
Render installed extension configuration views through the shared GlobalStacks extension renderer while keeping iframe API access disabled.
Keep extension configuration UI disabled until the installed extension runtime sandbox has reconciled, and fail installs clearly when a sandbox runtime has no published artifact reference.
Show extension build artifact, install consent, runtime sandbox reconciliation, and configuration readiness progress on extension cards and install review screens.
Let extension cards create first-class runtime builds when the sandbox runtime image is missing and declared build metadata is available.

0.1.174

Date: 2026-05-31

Main capability: extension naming consistency.

Changed

Rename the console and CLI extension surfaces to use Extensions terminology.

Fixed

Pre-render the selected console cluster on refresh so the workspace selector no longer flashes as unselected while data reloads.
Pull blueprint artifacts during Proxmox sandbox provisioning when the host cache is cold, instead of failing the sandbox immediately.

0.1.173

Date: 2026-05-31

Main capability: extension developer foundations.

Added

Improve consistency of extension marketplace card layout and status presentation.
Improve consistency of console sign-in, account recovery, profile, CLI key, extension storage, and extension developer forms.
Improve consistency of organization member and sandbox volume attachment tables.
Improve consistency of the main sandboxes list.
Add filters above the main sandboxes list for search, status, runtime, and host.
Add filters above the hosts list for search, pool, status, and sandbox readiness.
Add filters above the blueprints inventory for search, status, and source.
Add blueprint auto-stop settings so new sandboxes can stop after a configured number of inactive seconds.
Show Configure actions for installed extensions that provide console UI, and move Cloudflare R2 storage setup into extension configuration instead of a separate cluster storage tab.
Move developer release tools to a dedicated page opened from the user menu.
Move provisioning token management to a dedicated account page opened from the user menu, with account navigation shared across account pages.
Present developer publishing as a register-first flow followed by an extensions table with create-extension and create-release dialogs.
Add extension-building documentation with manifest, viewport, permission, and sandboxed UI guidance.
Add an extension component library and style guide page with examples for root views, status, forms, actions, tables, and data grids.
Add a dedicated design system page derived from the current console UI for tokens, typography, layout, actions, forms, status, dialogs, tables, and terminals.
Add a style extension UI page for approved style tokens, layout props, spacing, sizing, preset component styles, and sandboxed iframe styling restrictions.
Add property tables and examples for every documented extension UI component.
Document the extension render model and versioned component contracts for properties, examples, events, accessibility, and compatibility.
Clarify that extension UI renders in sandboxed console iframes while privileged work still goes through declared permissions and brokered operations.

Fixed

Keep the extension install review dialog open when marketplace metadata omits optional permission, egress, or agent capability lists.
Show sandbox runtime telemetry gaps as “not reported” instead of “unknown” on sandbox status summaries.
Expire stale sandbox runtime reports so old running or starting states are not shown indefinitely when host telemetry stops refreshing.

0.1.172

Date: 2026-05-31

Main capability: production extension catalog availability.

Fixed

Show published extensions in the console marketplace after production deployments.

0.1.171

Date: 2026-05-30

Main capability: separate mesh planes for infrastructure and sandbox traffic.

Added

Add a cluster-scoped infra mesh plane for host agents and future data-plane services.
Keep infra mesh records out of the user-facing Networks API and local mesh join flow.
Document the infra mesh, sandbox mesh, control-plane, and sandbox runtime security boundaries.

Fixed

Prevent infra mesh topology from being exposed through sandbox DNS records or sandbox proxy listeners.

0.1.170

Date: 2026-05-23

Main capability: pinned sandbox placement.

Added

Add a sandbox Networks page for managing internet Access policies, mesh network membership, internal DNS aliases, and network topology refreshes from the sandbox context.
Add a host-agent setting for maximum concurrent operations so provisioning can roll through multiple queued sandboxes without overloading a single host.
Add host settings reconciliation for operation concurrency, including desired, applying, applied, and failed state in host activity.
Show Proxmox provisioning stage timing in activity logs for cleanup, container creation, startup, sandbox-agent launch, and workload startup.
Add short-lived sandbox SSH gateway tokens, direct SSH gateway sessions, CLI SSH proxy config generation, and Access topology SSH grants that reach only the selected sandbox through the connected host agent.
Show staged SSH gateway diagnostics on sandbox pages so users can see whether an SSH attempt reached token auth, sandbox TCP tunneling, upstream SSH handshake, or session open.
Show active CLI-driven SSH sessions from OpenSSH config proxy connections on sandbox pages.
Add a Windows PowerShell installer for gstacks with current-user PATH and completion setup, and document OpenSSH config generation for connecting to sandboxes by gs-* name and ID aliases.

Fixed

Make console table header rows semi-transparent with the same blurred surface treatment as the site header.
Keep sandbox reprovisioning and failed provisioning retries pinned to the existing host so runtime state and attached volumes are not treated as movable between hosts.
Reuse already-materialized Proxmox blueprint templates on a host instead of copying the same cached archive into Proxmox storage for every provisioning attempt.
Use reusable Proxmox CT templates and linked clones for faster LXC sandbox provisioning, with fallback to full clones or archive creation when linked clone support is unavailable.
Restore sandbox detail pages after a console rendering error could leave the page blank.
Report Proxmox Access egress as failed when the sandbox-side DNS path cannot resolve through the agent-managed broker instead of showing it as granted.
Mark older Proxmox Access topology states as unverified until a successful sandbox DNS probe has been recorded.
Remove local development install commands from public CLI docs and refine the marketing hero star field to use finer, more natural stars.
Show Windows CLI availability on the marketing homepage alongside the supported infrastructure signals.
Add a CLI option that writes a managed OpenSSH config block for gs-* sandbox name and ID aliases so Windows Remote-SSH clients can connect to sandboxes by name or ID.
Write sandbox SSH proxy config with an absolute gstacks path by default so Remote-SSH clients can launch the proxy even when their shell PATH is different.
Run CLI upgrades through the PowerShell installer on Windows and avoid downgrading when the installed CLI is newer than the published latest version.
Install a Windows gstacks command shim alongside gstacks.exe so shells can invoke the CLI without typing the .exe suffix.
Show a clear standalone PowerShell command when Windows completion is installed but the user’s profile cannot be updated automatically.
Register Bash and Zsh completion hooks from the Linux and macOS CLI installer, with clear manual commands when shell profile files cannot be updated.
Honor read-only sandbox volume attachments when exposing volumes through the sandbox volume portal.
Keep Proxmox sandbox volume mounts aligned with read-only attachment settings during provisioning and ongoing reconciliation.
Keep sandbox DNS responsive when tools issue back-to-back IPv4 and IPv6 lookups on the same connection, avoiding the 5-second delay before allowed ping or SSH-adjacent network checks run.
Stop scheduled console refreshes, ignore heartbeat-only agent updates for live event invalidation, and keep the sandbox stream from resending unchanged sandbox lists so sandbox and infrastructure data refresh only after meaningful changes or direct user actions.
Show session and total runtime for running Proxmox sandboxes when older runtime records did not include an explicit start timestamp.
Prefix sandbox IDs with gs-, keep sandbox names SSH-safe by allowing only letters, numbers, dots, underscores, and hyphens, and preserve gs-<name> aliases for SSH config mapping.
Show each sandbox SSH diagnostic session as open or closed in the SSH access panel.
Show a copyable gstacks ssh command gs-<sandbox-name> command in the sandbox SSH access panel.

0.1.169

Date: 2026-05-23

Main capability: marketing pricing page.

Added

Add a pricing page that compares self-hosted datacenter subscriptions with a GlobalStacks-managed control plane, managed infrastructure usage commitments, the early-adopter lifetime deal, and supported features for each plan.

0.1.168

Date: 2026-05-17

Main capability: visual Access topology and top-level secrets.

Added

Add an Access topology tab that maps clusters, hosts, sandboxes, mesh networks, and allowed internet destinations.
Show direct and Cloudflare gateway egress paths in the Access topology for self-hosted clusters.
Connect mesh networks directly to configured direct or Cloudflare egress gateways.
Show Internet outside the cluster boundary in the Access topology.
Add drag-to-connect topology actions for attaching sandboxes to mesh networks and granting sandbox internet access.
Show provisioning mesh edges while topology-driven sandbox network joins are being applied.
Create and attach a destination-only internet policy from the topology Allow action, then apply internet access through agent reconciliation.
Allow ping when a sandbox has an active internet Access policy, and remove that ICMP path when Access is removed.
Show sandbox-to-gateway-to-Internet policy paths for granted sandboxes even when they are not attached to a mesh network.
Keep internet grant lines on mesh-to-gateway paths when a sandbox is meshed so the topology stays readable around mesh nodes.
Inspect and revoke direct sandbox internet grants from the topology edge details.
Limit gateway-to-Internet topology lines to gateways that are actually used by granted sandboxes.
Keep Access topology columns ordered from agents to sandboxes, mesh networks, gateways, and Internet.
Center mesh and Internet topology nodes against their connected paths with stepped routing so links stay visible.
Add an organize control for reapplying the Access topology layout.
Create Proxmox sandbox containers without a network interface, including when internet Access is granted through the agent-managed TUN path.
Keep the Access topology current when agents, sandboxes, networks, or Access grants change elsewhere.
Create a sandbox on a specific host from the Access topology agent node.
Open sandbox terminals from the Access topology sandbox context menu, including middle-click new tab behavior.
Move secret vault and secret grant management into a dedicated top-level Secrets page.
Keep warmed Docker blueprint cache entries usable when the control plane rewrites the registry host before sandbox provisioning.
Project sandbox volumes through the connected host agent for both Docker and Proxmox sandboxes, so later volume attachments can use the same live portal path instead of direct container binds.
Attach sandbox volumes only through the live host-agent portal path, avoiding sandbox reprovisioning and terminal interruption during volume changes.
Keep Google sign-in console sessions on the normal console lifetime instead of sending operators back to login when the short-lived provider token expires.

Fixed

Make Proxmox sandbox deprovisioning tolerate longer cleanup, transient CT locks, and retrying after a CT has already been removed.
Deny running sandbox traffic through the connected agent when a direct Access grant is revoked.
Keep Docker sandbox Access removal on the agent-managed path instead of rewiring Docker networks.
Apply pending sandbox internet Allow changes through agent reconciliation even when runtime service metadata is stale.
Use Allow and Remove access wording in the Access console where operators add or remove sandbox internet paths.
Restart the Proxmox sandbox command agent after sandbox starts so terminals and exec sessions recover after CT restarts.
Attach shared volumes to ready sandbox forks through the live volume portal, including multi-sandbox attachments on the same Docker host.
Remove stale Docker Access deny rules during egress refresh so allowed internet paths recover cleanly.
Draw sandbox internet Access as a distinct amber path from the sandbox, separate from blue mesh membership links.
Reserve red internet topology paths for failed or drifted Access, and show removed internet access without an edge.
Keep the Internet node visible in the topology even when no sandbox currently has internet access.
Hide direct gateway nodes until an allowed or error internet path needs them.
Add All, Internet, and Mesh view modes inside the Access topology, with Mesh selected by default.
Use curved topology lines to reduce visual collisions between mesh and internet paths.
Highlight failed sandbox provisioning in the Access topology with an error-colored card and status pill.
Draw amber internet paths for every visible sandbox whose agent-applied Access state is allowed.
Open the remove-access modal from agent-applied amber internet paths in the topology.
Keep sandbox rows in the Access topology sorted by name so refreshes do not reshuffle them.
Keep Docker sandboxes without active internet Access on NetworkMode=none without creating per-sandbox egress networks or sidecars.
Route mesh service delivery through the sandbox agent socket instead of dialing Docker container IP addresses.
Route Docker sandbox internet Access through the sandbox agent and host agent instead of Docker egress networks or sidecars.
Route Proxmox sandbox internet Access through the sandbox agent and host agent instead of Proxmox bridge interception or host firewall rules.
Route sandbox TCP, DNS, and ping traffic through an agent-owned TUN path so internet Access works without proxy environment variables.

0.1.167

Date: 2026-05-17

Main capability: clearer Proxmox host readiness.

Fixes

Show the sandbox runtime used by each connected host, including Proxmox-ready hosts, instead of reporting Proxmox nodes as Docker unavailable.
Discover the local Proxmox node automatically when an agent is installed on a multi-node Proxmox cluster.

0.1.166

Date: 2026-05-17

Main capability: accurate local build versions and host archival.

Fixes

Show the current branch, commit, and commit-count version on local console and marketing version pages instead of development fallback values.
Archive offline hosts without requiring their old VM or runtime cleanup paths to still exist.
Remove archived sandbox volume attachments from volume views so volume counts match current hosts and active sandboxes.

0.1.165

Date: 2026-05-16

Main capability: hardened blueprint runtime cache.

Fixes

Validate local blueprint archive handles and configured host runtime tools before LXC, Firecracker, QEMU, or Proxmox sandboxes receive cache materialization metadata.
Keep blueprint-backed sandbox provisioning on agent-local cache handles only, with no Docker pull fallback to the control plane when cache materialization fails.
Add operator guidance for blueprint cache warm behavior, archive runtime prerequisites, and cache troubleshooting.

0.1.164

Date: 2026-05-16

Main capability: steadier host readiness.

Fixes

Keep host sandbox readiness stable when live Docker status is available but runtime traits arrive late or through another app instance.
Resolve blueprint image pull locations through the control plane before handing sandbox jobs to hosts, avoiding local-only registry references on remote agents.
Start sandboxes only from blueprint images already present in the agent cache, with clearer host logs for cache checks, hits, misses, and provisioning start.
Require scoped credentials for blueprint registry transfers and record per-tenant usage events for abuse controls and future billing.
Record cluster-aware usage for blueprint cache results and sandbox provisioning so BYO and managed capacity can be accounted separately.
Stream sandbox provisioning errors into host logs immediately while preserving the local replay queue for control-plane disconnects.

0.1.163

Date: 2026-05-16

Main capability: clearer sandbox provisioning progress.

Fixes

Show sandbox provisioning pickup, current stage, latest runtime message, and progress timeline on the sandbox overview while keeping detailed logs one click away.
Stop stale host-agent job polling loops after control WebSocket reconnects, reducing silent provisioning stalls on unstable host connections.

0.1.162

Date: 2026-05-16

Main capability: aligned version numbers.

Fixes

Use the commit-count version number consistently across release tags and live app version pages, while keeping the commit SHA as separate version-page metadata.

0.1.161

Date: 2026-05-10

Main capability: blueprint system images.

Features

Preselect Ubuntu LTS when creating image-backed blueprints and offer system image presets for Node, Python, and tiny Alpine bases.

0.1.160

Date: 2026-05-10

Main capability: faster terminal prompts.

Fixes

Open host and sandbox terminals with less startup delay before the first prompt appears.
Show ready sandbox forks as running when their child container is known.
Show volume attachments in a wider bottom detail panel with filtering and host-grouped sandbox attachments for dense attachment lists.

0.1.159

Date: 2026-05-10

Main capability: version release dates.

Fixes

Show the release date on the marketing and console version pages.
Use the same commit-count fallback for marketing version builds as console image builds.

0.1.158

Date: 2026-05-10

Main capability: blueprint-only sandboxes.

Fixes

Require sandbox creation to use GlobalStacks blueprints instead of arbitrary image references.
Update sandbox CLI creation examples and validation to point users to blueprints.
Protect sandbox-agent command execution with host-issued short-lived auth.
Add gstacks sandbox exec for one-off commands that run through the in-sandbox agent path.
Add Access with write-only secrets and outbound policies for configuring sandbox egress credentials without putting API keys inside sandboxes.
Add Access secret grants so stored credentials can be delivered to selected blueprints or sandboxes as environment variables.
Support generic multi-header Access policies from the console and CLI reference.
Add transparent Access HTTPS interception for eligible policies, including sandbox CA bootstrap and fail-closed behavior for untrusted or pinned clients.
Add Access egress sidecar operational guidance, decision logging, and production image pinning enforcement.
Register the CLI install directory in common shell startup files so new terminals can find gstacks.
Keep sandbox runtime status tied to the main sandbox container instead of Access egress sidecars.
Show the underlying failure reason when a sandbox fork fails.
Ask for confirmation before creating sandbox forks from the console.
Explain reprovisioning and ask for confirmation before reprovisioning or rescheduling a sandbox.
Keep create-blueprint dialogs inside the visible console viewport when names or image references are long.
Show running sandbox runtime state in green on the sandbox overview.
Remove visible borders from sandbox table row-hover action icons.
Fix filesystem forks for sandboxes that run through a sidecar network namespace.
Give filesystem fork children their own sandbox-agent identity and socket so CLI exec works immediately after forking.
Hide archived sandboxes and forks from CLI output unless --archived is passed.

0.1.157

Date: 2026-05-10

Main capability: release downloads.

Features

Add a releases docs page with live CLI install commands and expandable binary artefact tables.
Publish release manifest dates and file sizes so download pages can show current artefact metadata.
Keep the releases page last in the docs navigation.
Limit release install commands to the CLI, agent, and privileged agent installers, with copy buttons for each command.

0.1.156

Date: 2026-05-09

Main capability: safer production upgrades.

Fixes

Keep workspace data protections enforced during production upgrades.
Preserve existing provisioning, network, and volume records when upgrading older workspaces to cluster-aware infrastructure.
Show generic service errors with correlation codes instead of backend details when an unexpected failure occurs.
Verify production data access during rollout so incomplete upgrades are caught before the console reaches users.
Mark sandbox runtime as unknown when its host disconnects instead of showing stale running state.

0.1.155

Date: 2026-05-03

Main capability: locked-down sandbox runtime.

Features

Run new sandbox containers without direct network access or published host ports by default.
Keep sandbox terminal, log, file, and lifecycle access mediated through the connected agent.
Add a Host Agent docs article covering architecture, enrollment, CLI touchpoints, and runtime responsibilities.
Persist agent mesh runtime status, start agent DNS and proxy listeners, and issue mesh join keys from configured mesh control settings.
Verify locked-down sandbox services with container-internal health checks instead of host-published ports.
Remove ephemeral agent records when agents deregister while retaining archived host logs for review.
Show sandbox lifecycle and runtime as separate list columns with hover start and stop controls.

Fixes

Keep the homepage Run AI Code positioning while adding self-driving infrastructure language.
Allow provisioned sandboxes with stopped runtimes to start from the console.
Show console errors through pop-under notifications instead of duplicating inline banners.
Show sandbox runtime duration in the sandbox table using millisecond-based measurements formatted for reading.
Remove source-code bootstrap fields from sandbox creation until Git integration is available.
Keep running sandbox runtime durations ticking and roll back optimistic start or stop states after lifecycle errors.
Include minute and second detail in sandbox runtime duration labels.
Keep sandbox lifecycle status separate from runtime state when sandboxes are started or stopped.
Report sandbox runtime timing from periodic agent container discovery instead of inferring duration only in the console.
Show separate current-session and total-lifetime runtime metrics for sandboxes.
Recognize host architecture from raw agent traits and platform strings in sandbox and host tables.

0.1.154

Date: 2026-05-02

Main capability: organization team management.

Features

Create company organizations from the console.
Keep the default organization personal and create new organizations as multi-user business workspaces.
Switch the active organization for tenant-scoped infrastructure, sandbox, network, and volume views.
Invite teammates with copyable invitation links and manage member roles from the Team page.
Create filesystem sandbox forks through the connected host agent and complete fork status asynchronously.
Show sandbox fork status and mode in CLI fork output.
Add a batch sandbox fork API for speculative multi-branch workflows.
List sandbox forks from the parent sandbox API for branch-aware workflows.
Show parent and child sandbox branches on the console sandbox overview.
List sandbox forks from the CLI with gstacks sandbox forks.
Create multiple sandbox forks from the CLI with gstacks sandbox fork --count.
Create named single or batch sandbox forks from the console sandbox overview.
Return sandbox fork root, ancestor, and descendant lineage from the sandbox API.
Show sandbox fork lineage from the CLI with gstacks sandbox lineage.
Show full sandbox fork lineage in the console and support explicit batch fork names.
Automatically archive expired disposable sandbox forks when their TTL has passed.
Add foundational image-backed blueprint records and read APIs.
Activate, deactivate, and delete blueprint records through the API.
Add registry connection CRUD APIs for private image-backed blueprint sources.
Persist internal blueprint artifact metadata, immutable digest references, and local filesystem-backed registry blobs.
Create sandboxes from active blueprints and track the source blueprint on sandbox records.
Show blueprint and registry inventory in the console and allow sandbox creation from active blueprints.
Manage image-backed blueprints from the CLI with create, list, get, activate, deactivate, and delete commands.
Manage external registry connections from the CLI and inspect internal blueprint registry repositories and artifacts.
Create sandboxes from active blueprints with gstacks sandbox create --blueprint and capture sandbox blueprints with gstacks sandbox blueprint.
Mark locally published image-backed blueprints active as soon as their local artifact metadata is stored.
Normalize common registry provider aliases for Docker Hub, GHCR, GitLab, AWS ECR, Google Artifact Registry, and Azure Container Registry.
Create sandbox-backed blueprints from the console and show sandbox provenance on blueprint registry cards.
Add console controls for viewing, adding, and deleting external registry connections with secret-reference guidance.
Document blueprint retention behavior and block deletion while live sandboxes still reference a blueprint.
Validate and normalize image references before creating image-backed blueprints.
Allow gstacks blueprint create --registry to use a registry connection name as well as an ID.
Add repository bootstrap fields to sandbox creation so a blueprint sandbox can clone a repository into /workspace.
Add console repository bootstrap fields and sandbox overview status for repository-backed sandboxes.
Allow sandbox repository bootstrap to reuse an existing repository link with repository_id or gstacks sandbox create --repo-id.
Dispatch sandbox blueprint capture through the connected agent and mark captured blueprints active or build-failed from the agent response.
Surface operator-configured S3 blueprint repository storage settings in registry discovery without exposing access secrets.
Require an explicit registry connection when creating image-backed blueprints with the private-image flag.
Serve the internal blueprint repository through an embedded OCI registry and issue scoped pull credentials to agents.
Verify local blueprint registry blob digests after writes so corrupted local artifacts fail fast.
Queue blueprint cache warm jobs when active blueprints are created or reactivated with cache warming enabled.
Add agent control messages for blueprint image cache warming and inventory reporting.
Dispatch queued blueprint cache warm jobs to online agents and persist successful warm results.
Prefer hosts with cached blueprint images during sandbox placement when capacity and policy are otherwise comparable.
Add a manual blueprint cache warm API and include cache counts in blueprint responses.
Enforce agent-side blueprint image cache size limits by evicting older blueprint images while preserving the warmed artifact.
Require credential references for private image-backed blueprints and record read-only import provenance on internal artifacts.
Publish local blueprint artifacts as OCI manifests in the embedded registry and store the manifest digest as the internal artifact reference.
Import image-backed blueprint manifests and blobs from source registries into the embedded blueprint registry for local filesystem-backed operation.
Add gstacks blueprint create --wait so operators can verify image-backed blueprint imports before using them.
Document S3-backed blueprint repository durability and agent image cache behavior.

Fixes

Keep cluster creation available from the cluster selector when a workspace has no clusters.
Replace separate organization and cluster selects with one searchable organization-to-cluster switcher.
Preview an organization’s clusters on hover in the workspace switcher so an organization and cluster can be selected together.
Carry the active cluster in console paths and block host or sandbox detail views outside that cluster context.
Dim and disable infrastructure navigation until a cluster is selected.
Archive empty clusters from the clusters page while blocking archival when hosts or sandboxes remain.
Move CLI API key management from Hosts into a dedicated account page linked from the profile menu.
Require explicit cluster targets in CLI sandbox, network, and volume creation commands.
Return absolute invitation links and log local invitation links during development.
Report sandbox volume portal mount health separately from the host volume mount so stale sandbox binds do not appear live.
Keep blueprint cache warm dispatch working from agent heartbeats that do not carry a human user scope.
Explain that active child forks must be archived before archiving their parent sandbox.
Show sandbox archive errors inside the confirmation modal instead of behind the modal overlay.
Inherit active sandbox volume attachments when creating sandbox forks.
Fix the registry console page crash when blueprint or repository timestamps are rendered.
Add a dedicated Blueprints console navigation item and move blueprint inventory out of the Registry page.
Create image-backed blueprints from the Blueprints page by entering an image reference and optional registry connection.
Clarify that Registries are read-only source registry connections for pulling images into blueprints.
Show blueprints in a table, support blueprint archival, and hide archived blueprints behind a toggle by default.
Search provider images with a debounced registry-aware picker when creating image-backed blueprints.
Create image-backed blueprints asynchronously and stream build progress while source images import.
Show image-backed blueprint creation progress in the Blueprints table.
Add a global console event stream that invalidates resource lists when infrastructure records change.
Publish blueprint artifact references in Docker-pullable form and serve the embedded registry at /v2/ for agent pulls.
Report fast container exits and captured container output in sandbox deployment logs.
Exclude archived blueprints from the Blueprints page summary count.
Keep revoked invitations out of the active pending-invitations list.
Show a specific invitation error when the signed-in account does not match the invited email.
Show signed-in email mismatches on the invitation page before accepting.

0.1.153

Date: 2026-04-26

Main capability: steadier cluster-scoped console navigation.

Fixes

Server-render the cluster selector state so the console sidebar stays stable while client data loads.
Rename the account Team entry to Organization and link it to the organization workspace page.
Hide organization management for personal workspaces and prevent removing yourself or the last owner from an organization.
Start new organizations with no default cluster, show a first-cluster empty state, and allow deleting empty business organizations.
Server-render organization navigation and organization page data to avoid client-only account screens.

0.1.152

Date: 2026-04-26

Main capability: infrastructure clusters for sandbox capacity.

Features

Add tenant clusters as the infrastructure boundary for hosts and sandbox placement.
Create BYO and GlobalStacks-managed clusters from the console, CLI, and API.
Keep existing self-hosted hosts compatible through a default BYO cluster.
Scope hosts and provisioning tokens to BYO clusters while keeping managed clusters focused on sandbox capacity.

0.1.151

Date: 2026-04-26

Main capability: sandbox-only product focus.

Changes

Remove project, deployment, service, build, and repository workflows from the visible console and CLI.
Reposition GlobalStacks around secure sandbox execution for AI agents.
Keep host, sandbox, network, volume, provisioning, and activity workflows as the primary product surface.

0.1.150

Date: 2026-04-26

Main capability: marketing site navigation pages.

Features

Position the homepage around running AI-generated code in isolated sandboxes.
Add Infrastructure, Talk with experts, Guides, About & contact, Privacy notice, Terms of service, and End user agreement pages.
Replace placeholder and social footer links with links to real marketing, documentation, and legal pages.

0.1.149

Date: 2026-04-26

Main capability: automatic console deployment.

Fixes

Trigger the rolling console deployment directly after a successful application image build.

0.1.148

Date: 2026-04-26

Main capability: simpler version pages.

Fixes

Hide the internal commit count from console and marketing version pages.

0.1.147

Date: 2026-04-26

Main capability: production version metadata.

Fixes

Show production build version, branch, commit, and commit count instead of development fallback values.

0.1.146

Date: 2026-04-26

Main capability: archived host cleanup.

Fixes

Archive sandboxes whose assigned host is already archived without requiring a live runtime connection.

0.1.145

Date: 2026-04-26

Main capability: cleaner registration examples.

Fixes

Use a neutral example name in the console registration form.

0.1.144

Date: 2025-12-28

Main capability: clearer sandbox and volume deployment feedback.

Features

Use sandbox names with spaces and mixed formatting.
Attach the same volume to more than one sandbox on the same host.

Fixes

Attach volumes to sandboxes and see clear deployment feedback when a mount cannot be completed.
Keep sandbox volume state accurate after an unsuccessful deployment.
See sandbox volume attachment failures in the console during and after deployment.
Clean up failed attachment state after an unsuccessful sandbox volume deployment.

0.1.140

Date: 2025-12-28

Main capability: sandbox activity in the console.

Features

Review deployment activity inside sandbox logs.
See deployment log lines and control-plane activity in one sandbox log timeline.
Filter activity by sandbox, agent, event type, severity, and time range from the Activity page.

0.1.136

Date: 2025-12-28

Main capability: console network operations and host provisioning guidance.

Features

Create sandbox networks from the console.
Run network diagnostics from the console.
See privileged provisioning recommended in the console where system-level host capabilities are needed.
Select diagnostic source, target alias, and port from the console.
Review per-agent diagnostic results for mesh join, topology, DNS records, route availability, and policy outcome.

0.1.130

Date: 2025-12-28

Main capability: CLI troubleshooting.

Features

Use verbose CLI output when troubleshooting a failed command.
Print underlying API and local CLI actions when --verbose is enabled.

0.1.129

Date: 2025-12-28

Main capability: safer host-agent upgrades.

Fixes

Upgrade host agents with less disruption to active terminal work.
Reconnect to terminal sessions after an agent restarts or reconnects.
Install the agent more safely on hosts that already have a system service running.
Preserve the installed agent’s upgrade source across future upgrades.
Restart a stale agent service after an upgrade that does not replace the binary.

0.1.120

Date: 2025-12-27

Main capability: network policy checks and local access.

Features

Allow traffic between selected sources and targets with network policies.
Resolve a network alias and test whether a route is allowed before opening a shell.
Join a sandbox network from a local machine for development and debugging.
Forward a network service to localhost from the CLI.
Check whether a source selector can reach a target alias and port.
View local mesh join status, assigned addresses, DNS domain, and expiration.

0.1.117

Date: 2025-12-27

Main capability: network alias management.

Features

List, add, and remove network aliases from the CLI.
Add and remove sandbox network aliases from the console.
Publish multiple ports for the same sandbox alias when needed.
Resolve aliases to their network DNS names before testing traffic.

0.1.107

Date: 2025-12-27

Main capability: sandbox networks.

Features

Create, list, and inspect sandbox networks.
Attach and detach sandboxes from a network.
Give sandboxes stable network aliases such as api or postgres.
Expose one or more ports for each alias.
Use DNS-safe network slugs and optional DNS suffixes.
Inspect network membership, alias counts, and connected host participation.

0.1.104

Date: 2025-12-21

Main capability: account and sign-in management in the console.

Features

Manage profile details and connected identity accounts from the console.
Sign in with clearer email-based auth forms and Google entry points where configured.
Edit display name and full name from the profile page.
Review the current authenticated account and linked identity providers.

0.1.100

Date: 2025-12-21

Main capability: improved console terminal and provisioning flows.

Features

Open host and sandbox terminals in fullscreen mode from the console.
Use improved console forms for provisioning hosts and attaching volumes.
Copy provisioning commands from the console.
Revoke provisioning tokens from the console.
Pick target kind, target ID, mount path, access mode, and read-only mode when attaching a volume.

0.1.96

Date: 2025-12-21

Main capability: system-managed host agents.

Features

Install the host agent as a system-managed service when the host requires it.
Use system-level installation when host features require service management or privileged volume operations.

0.1.95

Date: 2025-12-21

Main capability: sandbox volume attachments.

Features

Attach volumes to sandboxes on connected hosts.
Mount sandbox volumes at a chosen path.
Attach sandbox volumes in read-only mode when needed.
View sandbox volume mounts from the sandbox detail page.
Delete sandbox volume attachments from the console.

0.1.92

Date: 2025-12-20

Main capability: sandbox creation and deployment visibility in the console.

Features

Create sandboxes from the console and follow sandbox deployment status.
Choose sandbox CPU, memory, image, and target host settings from the console form.
Reschedule provisioning when a sandbox is pending or failed.
Stop, start, reprovision, or archive a sandbox from its detail page.
Open the assigned host directly from a sandbox detail page.

0.1.88

Date: 2025-12-20

Main capability: provider and repository management in the console.

Features

Inspect provider connections and repository links from the console.
Review provider status cards for connected and planned provider extensions.
Filter repository links by project context.

0.1.84

Date: 2025-12-20

Main capability: fuller project workspace in the console.

Features

Use the console on a fuller project and infrastructure workspace, including project source, builds, artifacts, deployments, domains, runtime targets, and settings pages.
Create and delete projects from the console.
Pin important projects for faster navigation.
Navigate directly to project subsections with stable URLs.
Use clickable resource cards to move between infrastructure, project, and runtime views.

0.1.79

Date: 2025-12-20

Main capability: terminal session discovery and reattachment.

Features

List active host terminal sessions from the CLI.
List active sandbox terminal sessions from the CLI.
Show active or idle terminal state, connected viewer, and connection time.
Attach to an existing host or sandbox terminal session by session ID.
Browse terminal session state more clearly in the console before opening a new session.

Fixes

Reconnect to host and sandbox terminals instead of starting over.
Switch between terminal sessions more reliably in the console and CLI.
Keep CLI terminal sessions alive during longer interactive work.

0.1.70

Date: 2025-12-20

Main capability: persistent terminal sessions across temporary connection loss.

Features

See who is attached to a terminal session and take over or reconnect from the console.
Reopen an existing host or sandbox terminal session from the browser after refresh.

Fixes

Keep terminal sessions available when the browser reconnects.
Continue host and sandbox terminal work after temporary connection loss.
Read cleaner host-agent logs during startup.
Ignore expected cancellation noise during agent claim polling.

0.1.55

Date: 2025-12-14

Main capability: more reliable host connectivity and name-based host terminal access.

Features

Open host terminals by host name.
Resolve host terminal targets by either host name or identifier.

Fixes

Keep hosts connected to the control plane for long-running operations.
Upgrade agents from the same configured download source used during install.

0.1.52

Date: 2025-12-13

Main capability: better console access from devices and support pages.

Features

Navigate the console from smaller screens with mobile navigation support.
View version information from dedicated version pages.
Open the same console sections from desktop or mobile navigation.

0.1.51

Date: 2025-12-13

Main capability: installer scripts for the host agent and gstacks CLI.

Features

Install the host agent from a published installer script.
Install the gstacks CLI from a published installer script.
Run installed binaries directly from the shell after installation.
Upgrade the agent and CLI in place.
Install shell completions alongside the CLI.

0.1.22

Date: 2025-12-07

Main capability: installed agent and CLI version reporting.

Features

Check the installed version when working with support or troubleshooting an environment.
See agent version information reported by connected hosts.

0.1.20

Date: 2025-12-06

Main capability: first console workspace for operational visibility.

Features

Use the console to inspect infrastructure, projects, deployments, services, hosts, sandboxes, and volumes.
Review host telemetry from the console, including CPU, memory, disk, service status, version, and Docker availability.
Inspect host logs and operational activity without opening a terminal first.
See sandbox placement, provisioning status, assigned host, and last update from the sandbox detail view.

0.1.18

Date: 2025-12-06

Main capability: volume lifecycle and local CLI tooling.

Features

Create detached volumes and attach them to hosts or sandboxes, including sandbox mount paths and read-only attachments.
List volume attachments and inspect where each volume is mounted.
Delete volume attachments when a host or sandbox no longer needs them.
Check the installed CLI version, upgrade the CLI, and generate shell completions.
Generate CLI reference data for the docs site.

0.1.12

Date: 2025-12-06

Main capability: host and sandbox operations from the CLI.

Features

List connected hosts, inspect host status, and manage host placement metadata such as tags and eligibility.
Open interactive host terminals through the connected host agent.
Review host runtime metadata, including connectivity status and IP address.
Create sandboxes with CPU, memory, image, host, tag, and trait placement options.
Filter sandbox lists by active, stopped, or archived state.
Start, stop, deprovision, and archive sandboxes from the CLI.
Open interactive terminals into sandboxes.

0.1.6

Date: 2025-12-06

Main capability: removed CLI workflows from the former deployment scope.

Features

These workflows are no longer part of the GlobalStacks product surface.

0.1.1

Date: 2025-12-06

Main capability: CLI authentication.

Features

Authenticate the CLI with a console-generated API key and check the active identity.
Create CLI API keys from the console for local operator workflows.
The former project setup workflows are no longer part of the GlobalStacks product surface.