thaloco/pyro-mcp
1
Fork 0
Code Pull requests Releases Packages Activity Actions
pyro-mcp/CHANGELOG.md
Thales Maciel fc72fcd3a1 Add guest-only workspace secrets 
Add explicit workspace secrets across the CLI, SDK, and MCP, with create-time secret definitions and per-call secret-to-env mapping for exec, shell open, and service start. Persist only safe secret metadata in workspace records, materialize secret files under /run/pyro-secrets, and redact secret values from exec output, shell reads, service logs, and surfaced errors.

Fix the remaining real-guest shell gap by shipping bundled guest init alongside the guest agent and patching both into guest-backed workspace rootfs images before boot. The new init mounts devpts so PTY shells work on Firecracker guests, while reset continues to recreate the sandbox and re-materialize secrets from stored task-local secret material.

Validation: uv lock; UV_CACHE_DIR=.uv-cache make check; UV_CACHE_DIR=.uv-cache make dist-check; and a real guest-backed Firecracker smoke covering workspace create with secrets, secret-backed exec, shell, service, reset, and delete.
2026-03-12 15:43:34 -03:00

121 lines
6.5 KiB
Markdown
Raw Blame History

# Changelog
All notable user-visible changes to `pyro-mcp` are documented here.
## 2.9.0
- Added explicit workspace secrets across the CLI, Python SDK, and MCP server with
`pyro workspace create --secret/--secret-file`, `Pyro.create_workspace(..., secrets=...)`, and
the matching `workspace_create` MCP inputs.
- Added per-call secret-to-environment mapping for `workspace exec`, `workspace shell open`, and
`workspace service start`, with secret values redacted from command output, shell reads, service
logs, and persisted workspace logs.
- Kept secret-backed workspaces guest-only and fail-closed while re-materializing persisted secret
files outside `/workspace` across workspace creation and reset.
## 2.8.0
- Added explicit named workspace snapshots across the CLI, Python SDK, and MCP server with
`pyro workspace snapshot *`, `Pyro.create_snapshot()` / `list_snapshots()` /
`delete_snapshot()`, and the matching `snapshot_*` MCP tools.
- Added `pyro workspace reset` and `Pyro.reset_workspace()` so a workspace can recreate its full
sandbox from the immutable baseline or one named snapshot while keeping the same identity.
- Made reset a full-sandbox recovery path that clears command history, shells, and services while
preserving the workspace spec, named snapshots, and immutable baseline.
## 2.7.0
- Added first-class workspace services across the CLI, Python SDK, and MCP server with
`pyro workspace service *`, `Pyro.start_service()` / `list_services()` / `status_service()` /
`logs_service()` / `stop_service()`, and the matching `service_*` MCP tools.
- Added typed readiness probes for workspace services with file, TCP, HTTP, and command checks so
long-running processes can be started and inspected without relying on shell-fragile flows.
- Kept service state and logs outside `/workspace`, and surfaced aggregate service counts from
`workspace status` without polluting workspace diff or export semantics.
## 2.6.0
- Added explicit host-out workspace operations across the CLI, Python SDK, and MCP server with
`pyro workspace export`, `Pyro.export_workspace()`, `pyro workspace diff`,
`Pyro.diff_workspace()`, and the matching `workspace_export` / `workspace_diff` MCP tools.
- Captured an immutable create-time baseline for every new workspace so later `workspace diff`
compares the live `/workspace` tree against that original seed state.
- Kept export and diff separate from command execution and shell state so workspaces can mutate,
be inspected, and copy results back to the host without affecting command logs or shell sessions.
## 2.5.0
- Added persistent PTY shell sessions across the CLI, Python SDK, and MCP server with
`pyro workspace shell *`, `Pyro.open_shell()` / `read_shell()` / `write_shell()` /
`signal_shell()` / `close_shell()`, and `shell_*` MCP tools.
- Kept interactive shells separate from `workspace exec`, with cursor-based merged output reads
and explicit close/signal operations for long-lived workspace sessions.
- Updated the bundled guest agent and mock backend so shell sessions persist across separate
calls and are cleaned up automatically by `workspace delete`.
## 2.4.0
- Replaced the public persistent-workspace surface from `task_*` to `workspace_*` across the CLI,
Python SDK, and MCP server in one clean cut with no compatibility aliases.
- Renamed create-time seeding from `source_path` to `seed_path` for workspace creation while keeping
later `workspace sync push` imports on `source_path`.
- Switched persisted local records from `tasks/*/task.json` to `workspaces/*/workspace.json` and
updated the main docs/examples to the workspace-first language.
## 2.3.0
- Added `task sync push` across the CLI, Python SDK, and MCP server so started task workspaces can
import later host-side directory or archive content without being recreated.
- Reused the existing safe archive import path with an explicit destination under `/workspace`,
including host-side and guest-backed task support.
- Documented sync as a non-atomic update path in `2.3.0`, with delete-and-recreate as the recovery
path if a sync fails partway through.
## 2.2.0
- Added seeded task creation across the CLI, Python SDK, and MCP server with an optional
`source_path` for host directories and `.tar` / `.tar.gz` / `.tgz` archives.
- Seeded task workspaces now persist `workspace_seed` metadata so later status calls report how
`/workspace` was initialized.
- Reused the task workspace model from `2.1.0` while adding the first explicit host-to-task
content import path for repeated command workflows.
## 2.1.0
- Added the first persistent task workspace alpha across the CLI, Python SDK, and MCP server.
- Shipped `task create`, `task exec`, `task status`, `task logs`, and `task delete` as an additive
surface alongside the existing one-shot VM contract.
- Made task workspaces persistent across separate CLI/SDK/MCP processes by storing task records on
disk under the runtime base directory.
- Added per-task command journaling so repeated workspace commands can be inspected through
`pyro task logs` or the matching SDK/MCP methods.
## 2.0.1
- Fixed the default `pyro env pull` path so empty local profile directories no longer produce
broken cached installs or contradictory "Pulled" / "not installed" states.
- Hardened cache inspection and repair so broken environment symlinks are treated as uninstalled
and repaired on the next pull.
- Added human-mode phase markers for `pyro env pull` and `pyro run` to make longer guest flows
easier to follow from the CLI.
- Corrected the Python lifecycle example and docs to match the current `exec_vm` / `vm_exec`
auto-clean semantics.
## 2.0.0
- Made guest execution fail closed by default; host compatibility execution now requires
explicit opt-in with `--allow-host-compat` or `allow_host_compat=True`.
- Switched the main CLI commands to human-readable output by default and kept `--json`
for structured output.
- Added default sizing of `1 vCPU / 1024 MiB` across the CLI, Python SDK, and MCP tools.
- Unified environment cache resolution across `pyro`, `Pyro`, and `pyro doctor`.
- Kept the stable environment-first contract centered on `vm_run`, `pyro run`, and
curated OCI-published environments.
## 1.0.0
- Shipped the first stable public `pyro` CLI, `Pyro` SDK, and MCP server contract.
- Replaced the old bundled-profile model with curated named environments.
- Switched distribution to a thin Python package plus official OCI environment artifacts.
- Published the initial official environment catalog on public Docker Hub.
- Added first-party environment pull, inspect, prune, and one-shot run flows.
View git blame Copy permalink