thaloco/pyro-mcp
1
Fork 0
Code Pull requests Releases Packages Activity Actions
pyro-mcp/CHANGELOG.md
Thales Maciel c82f4629b2 Add workspace network policy and published ports 
Replace the workspace-level boolean network toggle with explicit network policies and attach localhost TCP publication to workspace services.

Persist network_policy in workspace records, validate --publish requests, and run host-side proxy helpers that follow the service lifecycle so published ports are cleaned up on failure, stop, reset, and delete.

Update the CLI, SDK, MCP contract, docs, roadmap, and examples for the new policy model, add coverage for the proxy and manager edge cases, and validate with uv lock, UV_CACHE_DIR=.uv-cache make check, UV_CACHE_DIR=.uv-cache make dist-check, and a real guest-backed published-port probe smoke.
2026-03-12 18:12:57 -03:00

130 lines
7 KiB
Markdown
Raw Blame History

# Changelog
All notable user-visible changes to `pyro-mcp` are documented here.
## 2.10.0
- Replaced the workspace-level boolean network toggle with explicit workspace network policies:
`off`, `egress`, and `egress+published-ports`.
- Added localhost-only published TCP ports for workspace services across the CLI, Python SDK, and
MCP server, including returned host/guest port metadata on service start, list, and status.
- Kept published ports attached to services rather than `/workspace` itself, so host probing works
without changing workspace diff, export, shell, or reset semantics.
## 2.9.0
- Added explicit workspace secrets across the CLI, Python SDK, and MCP server with
`pyro workspace create --secret/--secret-file`, `Pyro.create_workspace(..., secrets=...)`, and
the matching `workspace_create` MCP inputs.
- Added per-call secret-to-environment mapping for `workspace exec`, `workspace shell open`, and
`workspace service start`, with secret values redacted from command output, shell reads, service
logs, and persisted workspace logs.
- Kept secret-backed workspaces guest-only and fail-closed while re-materializing persisted secret
files outside `/workspace` across workspace creation and reset.
## 2.8.0
- Added explicit named workspace snapshots across the CLI, Python SDK, and MCP server with
`pyro workspace snapshot *`, `Pyro.create_snapshot()` / `list_snapshots()` /
`delete_snapshot()`, and the matching `snapshot_*` MCP tools.
- Added `pyro workspace reset` and `Pyro.reset_workspace()` so a workspace can recreate its full
sandbox from the immutable baseline or one named snapshot while keeping the same identity.
- Made reset a full-sandbox recovery path that clears command history, shells, and services while
preserving the workspace spec, named snapshots, and immutable baseline.
## 2.7.0
- Added first-class workspace services across the CLI, Python SDK, and MCP server with
`pyro workspace service *`, `Pyro.start_service()` / `list_services()` / `status_service()` /
`logs_service()` / `stop_service()`, and the matching `service_*` MCP tools.
- Added typed readiness probes for workspace services with file, TCP, HTTP, and command checks so
long-running processes can be started and inspected without relying on shell-fragile flows.
- Kept service state and logs outside `/workspace`, and surfaced aggregate service counts from
`workspace status` without polluting workspace diff or export semantics.
## 2.6.0
- Added explicit host-out workspace operations across the CLI, Python SDK, and MCP server with
`pyro workspace export`, `Pyro.export_workspace()`, `pyro workspace diff`,
`Pyro.diff_workspace()`, and the matching `workspace_export` / `workspace_diff` MCP tools.
- Captured an immutable create-time baseline for every new workspace so later `workspace diff`
compares the live `/workspace` tree against that original seed state.
- Kept export and diff separate from command execution and shell state so workspaces can mutate,
be inspected, and copy results back to the host without affecting command logs or shell sessions.
## 2.5.0
- Added persistent PTY shell sessions across the CLI, Python SDK, and MCP server with
`pyro workspace shell *`, `Pyro.open_shell()` / `read_shell()` / `write_shell()` /
`signal_shell()` / `close_shell()`, and `shell_*` MCP tools.
- Kept interactive shells separate from `workspace exec`, with cursor-based merged output reads
and explicit close/signal operations for long-lived workspace sessions.
- Updated the bundled guest agent and mock backend so shell sessions persist across separate
calls and are cleaned up automatically by `workspace delete`.
## 2.4.0
- Replaced the public persistent-workspace surface from `task_*` to `workspace_*` across the CLI,
Python SDK, and MCP server in one clean cut with no compatibility aliases.
- Renamed create-time seeding from `source_path` to `seed_path` for workspace creation while keeping
later `workspace sync push` imports on `source_path`.
- Switched persisted local records from `tasks/*/task.json` to `workspaces/*/workspace.json` and
updated the main docs/examples to the workspace-first language.
## 2.3.0
- Added `task sync push` across the CLI, Python SDK, and MCP server so started task workspaces can
import later host-side directory or archive content without being recreated.
- Reused the existing safe archive import path with an explicit destination under `/workspace`,
including host-side and guest-backed task support.
- Documented sync as a non-atomic update path in `2.3.0`, with delete-and-recreate as the recovery
path if a sync fails partway through.
## 2.2.0
- Added seeded task creation across the CLI, Python SDK, and MCP server with an optional
`source_path` for host directories and `.tar` / `.tar.gz` / `.tgz` archives.
- Seeded task workspaces now persist `workspace_seed` metadata so later status calls report how
`/workspace` was initialized.
- Reused the task workspace model from `2.1.0` while adding the first explicit host-to-task
content import path for repeated command workflows.
## 2.1.0
- Added the first persistent task workspace alpha across the CLI, Python SDK, and MCP server.
- Shipped `task create`, `task exec`, `task status`, `task logs`, and `task delete` as an additive
surface alongside the existing one-shot VM contract.
- Made task workspaces persistent across separate CLI/SDK/MCP processes by storing task records on
disk under the runtime base directory.
- Added per-task command journaling so repeated workspace commands can be inspected through
`pyro task logs` or the matching SDK/MCP methods.
## 2.0.1
- Fixed the default `pyro env pull` path so empty local profile directories no longer produce
broken cached installs or contradictory "Pulled" / "not installed" states.
- Hardened cache inspection and repair so broken environment symlinks are treated as uninstalled
and repaired on the next pull.
- Added human-mode phase markers for `pyro env pull` and `pyro run` to make longer guest flows
easier to follow from the CLI.
- Corrected the Python lifecycle example and docs to match the current `exec_vm` / `vm_exec`
auto-clean semantics.
## 2.0.0
- Made guest execution fail closed by default; host compatibility execution now requires
explicit opt-in with `--allow-host-compat` or `allow_host_compat=True`.
- Switched the main CLI commands to human-readable output by default and kept `--json`
for structured output.
- Added default sizing of `1 vCPU / 1024 MiB` across the CLI, Python SDK, and MCP tools.
- Unified environment cache resolution across `pyro`, `Pyro`, and `pyro doctor`.
- Kept the stable environment-first contract centered on `vm_run`, `pyro run`, and
curated OCI-published environments.
## 1.0.0
- Shipped the first stable public `pyro` CLI, `Pyro` SDK, and MCP server contract.
- Replaced the old bundled-profile model with curated named environments.
- Switched distribution to a thin Python package plus official OCI environment artifacts.
- Published the initial official environment catalog on public Docker Hub.
- Added first-party environment pull, inspect, prune, and one-shot run flows.
View git blame Copy permalink