Skip to content

chore: release 0.8.0#854

Merged
joshuajbouw merged 1 commit into
mainfrom
chore/release-0.8.0
Jun 10, 2026
Merged

chore: release 0.8.0#854
joshuajbouw merged 1 commit into
mainfrom
chore/release-0.8.0

Conversation

@joshuajbouw

@joshuajbouw joshuajbouw commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

Linked Issue

Closes #853

Summary

chore: release — bumps all workspace crates 0.7.0 → 0.8.0 and rolls CHANGELOG [Unreleased] into [0.8.0] - 2026-06-10. Consolidates the ~50 PRs landed since v0.7.0:

Breaking: Capsule.toml [publish]/[subscribe]-only IPC surface (#858/#864/#865, [[interceptor]] / ipc_* arrays / [[topic]] removed), bearer v2, MSRV 1.95, astrid-openclaw removed (#833).

Changes

Branch history note: rebuilt on current main (was CONFLICTING and 12 commits behind); previous tip was 54c7294.

Release steps (maintainer)

  1. Merge this PR.
  2. Tag v0.8.0 on the merge commit → release.yml creates the GitHub release from the CHANGELOG block.
  3. Publish/distribute the new astrid binaries as usual.

Test Plan

Release PR — no code changes. cargo check --workspace passes on the rebuilt branch; full test/clippy/MSRV matrix runs in CI. The changelog merge was verified bullet-by-bullet in both directions: every [Unreleased] bullet on main appears in the rolled [0.8.0] section, and every bullet from the earlier curated roll is preserved verbatim.

@joshuajbouw joshuajbouw added chore Maintenance, deps, tooling skip-changelog Skip changelog enforcement for this PR labels Jun 5, 2026
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs the official 0.8.0 release for the project. It updates the workspace crate versions and finalizes the changelog to reflect the substantial features and improvements implemented since the 0.7.0 release, including the new HTTP admin gateway and enhanced resource governance.

Highlights

  • Version Bump: Updated all workspace crates from 0.7.0 to 0.8.0.
  • Changelog Consolidation: Rolled the [Unreleased] section into the [0.8.0] release and consolidated entries into a canonical structure.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.


A version bump brings us to eight, With features that make the code great. The changelog is clean, With all that we've seen, And ready to ship on this date.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request bumps the workspace package version and all internal crate dependencies from 0.7.0 to 0.8.0 in Cargo.toml. It also updates CHANGELOG.md to reflect the 0.8.0 release, organizing the changes under Breaking, Added, and Fixed sections while cleaning up the Unreleased section. There are no review comments on these changes, and no additional feedback is required.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

joshuajbouw added a commit that referenced this pull request Jun 6, 2026
…857)

## Linked Issue

Closes #855

## Summary

`SandboxCommand::wrap` — the macOS arm of the `host_process` spawn path
— disabled the OS-level subprocess sandbox on **every current Mac**
(Darwin >= 24 = macOS 15 Sequoia / macOS 26) and returned the command
**completely unsandboxed**, behind:

```rust
if seatbelt::darwin_major_version() >= 24 {
    tracing::warn!("macOS 15+ detected: sandbox-exec is deprecated. Running host process unsandboxed.");
    return Ok(inner_cmd);
}
```

On `host_process`-capable capsules (`astrid-capsule-shell`) every native
subprocess then inherited the host user's full filesystem reach — it
could read `~/.ssh`, dotfiles, and write anywhere the user can — with a
single `tracing::warn!` as the only signal. Containment also depended on
which spawn path a capsule happened to use: the MCP path
(`ProcessSandboxConfig::sandbox_prefix`) has **no** version guard and
sandboxed on the same machine.

### Root cause

The premise of the guard — that `sandbox-exec` is deprecated and
therefore non-enforcing on macOS 15+ — is **false**. `sandbox-exec` is
deprecated but still enforces on current macOS. The SIGABRT that
motivated the guard (introduced in #603, no reproducer, merged without
review) was a fail-closed **profile defect**: `wrap`'s inline profile
was a stale duplicate that omitted `(allow file-read* (literal "/"))`. A
dynamically-linked binary like `node` stats the filesystem root `/`
during `dyld` init; the profile denied it, Seatbelt correctly aborted
the process, and the guard converted that fail-closed signal into a
silent fail-open passthrough. The correct profile already lives in
`build_seatbelt_prefix` (it carries `(literal "/")` + `(allow mach*)`,
added for Node.js in #534) and runs on macOS 15+ via the MCP path.

## Changes

- Remove the `darwin_major_version() >= 24` guard and the stale
duplicate inline profile in `wrap`.
- Route `wrap`'s macOS arm through `build_seatbelt_prefix` — a single
Seatbelt profile now backs **both** the `wrap` and MCP spawn paths.
- Drop the now-dead `darwin_major_version` helper.
- Fail-closed by construction: if `sandbox-exec` genuinely can't run,
the spawn errors (`ENOENT`) and the subprocess never launches — never a
silent unsandboxed launch. (Matches the `SandboxPolicy::Required`
posture from #655.)
- `wrap` no longer has a panic path (the builder returns `io::Result`);
its `# Panics` doc is removed.

## Test Plan

### Automated

- [x] `cargo test -p astrid-workspace` green (56 passed), including:
- `seatbelt_root_read_is_load_bearing_for_real_binary` — spawns a **real
`node`** under the generated profile and asserts it runs (T1), then
strips `(literal "/")` and asserts the same profile **fails closed**
(T3). Skips cleanly when `node` or a usable `sandbox-exec` is absent
(e.g. nested-sandbox CI).
- `wrap_always_sandboxes_via_shared_profile` — `wrap` now always returns
a `sandbox-exec`-wrapped command carrying the root-read rule (never a
passthrough).
- [x] No new clippy warnings — `cargo clippy --workspace --all-features
-- -D warnings` clean for the changed crate; `astrid-capsule` (the
consumer) compiles.

### Manual

- [x] Verified on **Darwin 25.2**: T1 exits 0, T3 fails closed — matches
the issue's repro table.

## External verification

The deprecation claim and SBPL mechanism were independently verified
against documentation:

- `sandbox-exec` is **deprecated but still enforcing** on macOS 15 /
macOS 26 (Apple DTS confirmation that it remains functional with no
supported replacement for non-App-Store process sandboxing; third-party
reports debugging live Seatbelt denials on Darwin 25 in Dec 2025;
Chrome/Firefox/Homebrew/SwiftPM still depend on it).
- `(literal "/")` grants only a `stat` on the **root inode**, not the
recursive access `(subpath "/")` would — so the fix is minimal-aperture,
not a widening.
- App Sandbox / entitlements require a signed `.app` bundle and
**cannot** wrap arbitrary spawned binaries like `node`, so
`sandbox-exec` is the only mechanism for this use case.

## Notes / follow-ups

- `(allow mach*)` in the shared profile is a deliberately broad wildcard
— pragmatic for running general-purpose binaries (e.g. `node`'s
`os.cpus()` needs `mach-host*`), a conscious trade-off.
- If Apple ever removes `sandbox-exec`, the correct response is a real
replacement, **not** another silent-fallback version guard
(fail-secure).
- Kernel-internal sandbox wiring: no WIT/IPC/capability-contract change,
so no RFC.
- Security fix that should land in **0.8.0** — once merged I'll rebase
the release PR (#854) so this entry folds into `[0.8.0]`.

## Checklist

- [x] Linked to an issue
- [x] CHANGELOG.md updated under `[Unreleased]`
Bump all workspace crates 0.7.0 -> 0.8.0 (workspace.package version + the 23 in-workspace path-dependency version pins, now including astrid-emit; axum/axum-server stay on their external 0.7) and roll CHANGELOG [Unreleased] into [0.8.0] - 2026-06-10.

Rebuilt on main: the previous branch tip predated 12 merged PRs (#851..#885) and was conflicting. The consolidated section keeps the earlier roll's curation (canonical section order, every bullet preserved verbatim — re-verified both directions) and merges the 13 bullets those newer PRs added to [Unreleased]: the Capsule.toml manifest-surface removals (#858/#864/#865) under Breaking, mcp serve / persistent-process tier / capability introspection (#879/#866/#868) under Added, the recv-path quota fix (#877) under Fixed, and the audit-scoping / allow_persistent / macOS-sandbox entries (#850/#872/#855) under Security. Adds a release synopsis paragraph that release.yml extracts into the GitHub release body on tag. No code changes.

Closes #853
@joshuajbouw joshuajbouw force-pushed the chore/release-0.8.0 branch from 54c7294 to ad5053c Compare June 10, 2026 16:09
joshuajbouw added a commit that referenced this pull request Jun 10, 2026
## Linked Issue

Closes #888

## Summary

The `PR template filled in` check hard-requires a non-empty `## Test
Plan` section, and the template's scaffolding (cargo-test checkboxes)
assumes a code-change PR. Release PRs (version bump + changelog roll,
e.g. #854), docs-only, and CI-only PRs either fail the check or fill in
checkboxes that aren't true. This generalizes the section to `##
Verification` while keeping the legacy name accepted.

## Changes

- Template: `## Test Plan` → generic `## Verification` with per-kind
guidance (code / release / docs-CI-chore); Checklist CHANGELOG line now
covers the release-roll and not-applicable cases.
- Check: extraction factored into `section_content()`; new
`check_section_any()` accepts `## Verification` **or** legacy `## Test
Plan`, so in-flight PRs keep passing.
- Latent bug fix: the old `sed '1d;$d'` deleted the range's last line
*positionally*, which ate a content line whenever the checked section
was the final section of a PR body. The closing header is now removed by
pattern.

## Verification

Ran the check function locally against four PR bodies: `## Verification`
as the final body section with content (passes — previously bitten by
the `$d` bug), legacy `## Test Plan` mid-body (passes),
comment-placeholder-only section (fails as intended), section absent
(fails as intended). This PR's own body exercises the new check
end-to-end, since `pull_request` workflows run from the merge ref.

## Checklist

- [x] Linked to an issue
- [x] CHANGELOG.md updated (not applicable — CI/template-only change;
the changelog workflow does not trigger on `.github/` paths)
@joshuajbouw joshuajbouw merged commit d936e4d into main Jun 10, 2026
22 of 23 checks passed
@joshuajbouw joshuajbouw deleted the chore/release-0.8.0 branch June 10, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

chore Maintenance, deps, tooling skip-changelog Skip changelog enforcement for this PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

chore: release 0.8.0

1 participant