What's new

Changelog

New features, fixes, and architecture decisions for agentic.hosting. Follow along as the platform evolves.

Unreleased

In progress
Fixed
  • Warm pool integrationCreate() now acquires pre-warmed containers from the pool instead of always cold-starting; environment creation is now sub-200ms when pool has capacity
  • Ghost pool rows — pool refill now prunes DB rows pointing to non-existent containers, preventing stale entries from blocking pool capacity after restarts
  • Pool resource GC — garbage collector now handles ah-pool- volumes and ah.type=warm-pool containers to prevent orphaned resources

v0.5.0

March 30, 2026
Added
  • + Instant Environments — first-class interactive workspaces for AI agents with full lifecycle management (create, start, stop, exec, delete)
  • + Warm Pool — pre-created containers for instant environment startup with configurable pool sizes per template
  • + Language Templates — built-in environment templates for default (Ubuntu), Node.js, Python, and Go workspaces
  • + Workspace Sync — git-based file synchronization to environment workspaces via HTTPS
  • + Preview Routing — HTTP routing to running environment containers with automatic Traefik configuration
  • + Deployment tracking — persistent deployments table records every deploy with status, timing, build ID, and source metadata #79
  • + PATCH /v1/services/{id} — rename services without redeploying #83
  • + Health endpoint cache bypass — ?fresh=true query parameter skips the 30-second cache #99
  • + Docker storage info in GET /v1/system/health/detailed — disk usage and storage driver details #105
  • + Audit logging — AUDIT-level log entries when env vars are revealed, connection strings accessed, or kanban admin tokens retrieved #101
  • + Activity feed filtering — resource_type, action, service_id, since, and offset query parameters on GET /v1/activity #89
  • + Build log tail preservation — ring buffer retains the last N log lines when builds exceed max log size #106
  • + Tenant reactivation — POST /v1/tenant/reactivate restores a suspended tenant using the bootstrap token #107
  • + Snapshot retention policy — configurable snapshot-max-per-service and snapshot-max-age with automatic GC cleanup #103
  • + Async kanban provisioning — kanban board creation is now non-blocking with configurable port range #102
  • + Configurable kanban port range — --kanban-port-start and --kanban-port-end CLI flags #109
  • + Master key rotation — ah rotate-key CLI subcommand re-encrypts all secrets with a new AES-256-GCM key #84
  • + Bootstrap token rotation — POST /v1/auth/bootstrap/validate endpoint and multi-token support via comma-separated AH_BOOTSTRAP_TOKEN #85
Fixed
  • ~ Localhost-mode Traefik routes now coexist with public-domain HTTPS redirects by moving HTTP→HTTPS redirect behavior into per-service dynamic routers
  • ~ Health check script now defaults to the shipped API port (8080) and uses GNU timeout or Homebrew gtimeout when available
  • ~ Disk health monitoring now checks both the ah state dir and Docker data dir instead of only the root filesystem
  • ~ Port validation rejects port <= 0 on service creation with a clear 400 error #87
  • ~ Build cancellation on tenant suspend — CancelAllForTenant stops queued and running builds #88
  • ~ Pagination limit cap on list endpoints prevents unbounded queries #93
  • ~ Database name validation enforces DNS-safe names via regex #104
  • ~ Quota error codes — QuotaExceeded now returns 409 Conflict instead of 403 Forbidden #100
Changed
  • Runbook guidance for localhost mode now matches the host-local Traefik dev route instead of telling operators to add manual exposure config
  • Environment variable documentation — documented forbidden keys and semantics in API reference #90, #111
  • Comprehensive rate limit test suite for per-tenant and global rate limiters #80

v0.4.0

March 20, 2026
Added
  • + Custom domain support — --base-domain CLI flag makes service URLs https://{name}.{base-domain} with Traefik auto-TLS via Let's Encrypt #14
  • + Snapshot and template support for instant environment forking #43
  • + Per-tenant Vikunja kanban board provisioning #46, #47
  • + Supervisory dashboard — tenant control plane for services, databases, builds, and keys #37
  • + API key recovery via bootstrap token: POST /v1/auth/recover #12
  • + Redeploy endpoint: POST /v1/services/{id}/redeploy and deployment history: GET /v1/services/{id}/deployments #6
  • + Dev-only localhost Traefik routing when baseDomain is unset #67
  • + Cron-friendly health check script with webhook alerting #21
  • + Typed API errors, LRU auth cache, pagination improvements #39
  • + Claude Code skill restructured with progressive disclosure and ah- slash commands
Fixed
  • ~ Protocol-level readiness checks for Postgres and Redis — no more false positives from silent TCP listeners #51
  • ~ Support SHA refs in git builds via two-phase clone+checkout #56
  • ~ Preflight-check build existence before streaming logs #53
  • ~ Circuit breaker backoff now escalates with circuit_open_count #54
  • ~ Databases and kanbans stopped when tenant is suspended or deleted #55
  • ~ Volume data wiped before removal on database delete #9
  • ~ Restart now recreates container so env var changes take effect
  • ~ Renamed /agentic-paasd to /agentic-hosting across docs and server #19
Security & Architecture
  • HKDF key-separation scheme with 5 purpose-specific subkeys #8
  • Tenant-to-Traefik reachability analysis with iptables mitigation #50
  • Build egress allowlist architecture decision — Squid proxy approach #3
  • Firecracker integration plan from gVisor #1
  • Horizontal scaling gap analysis — 24 single-host assumptions identified #2
  • Daemonless build prototype — Kaniko recommended #7
  • Dev-environments MVP specification #41
  • ah vs OpenShell comparison #45
  • Traefik network fanout measurement script #15

v0.3.0

March 10, 2026
Added
  • + Self-healer: liveness probes via Docker HEALTHCHECK on all service containers
  • + Self-healer: reconciler auto-detects unhealthy containers and stops them
  • + Self-healer: auto circuit breaker recovery with exponential backoff (30m → 1h → 4h)
  • + DB migration: circuit_retry_at, circuit_open_count columns
  • + ContainerInfo.HealthStatus field (nil-safe)
Changed
  • Δ Reconciler interval: 60s → 30s (matches documented behavior)
  • Δ circuit_open UPDATE now sets circuit_retry_at and increments circuit_open_count

v0.2.0

February 15, 2026
Added
  • + Claude Code skill for AI agent automation of common operations
  • + /security-review slash command (4-pass audit)
  • + One-line curl installer (curl agentic.hosting/install.sh | bash)
  • + AI agent runbook
  • + Bash automation scripts: register, deploy, status, logs, db-provision
  • + Traefik static config with Let's Encrypt for agentic.hosting
  • + Website source with landing page
Changed
  • Δ Binary renamed: paasdah
  • Δ Project renamed: agentic-paasdagentic-hosting
  • Δ All env vars: PAASD_*AH_*
  • Δ Service: paasd.serviceah.service
  • Δ Data dir: /var/lib/paasd/var/lib/ah

v0.1.0

January 20, 2026
Added
  • + Multi-tenant HTTP API (chi v5 router)
  • + Tenant registration with bootstrap token (HMAC-compare, timing-safe)
  • + API key management: HMAC-SHA256 hashed, max 20/tenant, expiration support
  • + Service CRUD and lifecycle (start/stop/restart/reset)
  • + Container deployment via Docker Engine API with gVisor (runsc) runtime
  • + Per-tenant Docker bridge networks (internal, ICC=false, no internet egress)
  • + AES-256-GCM encrypted environment variables per service
  • + Nixpacks build pipeline: git URL → image → running container
  • + Build log streaming with follow=true (chunked HTTP)
  • + Managed Postgres 15 and Redis 7 provisioning
  • + Per-database Docker volumes with ah-db-* naming
  • + Encrypted database passwords and connection strings
  • + State reconciler: 30s loop syncing DB state to Docker reality
  • + Circuit breaker: 5 crashes / 10min window opens circuit
  • + Garbage collector: orphaned containers, volumes, images (5min interval)
  • + Disk watermarks: warn at 80%, block at 95%
  • + WAL-safe SQLite backup with gzip compression
  • + Auth middleware with 30s cache (5000 entries)
  • + Per-tenant rate limiting: 100 rps / 200 burst
  • + Global rate limiting: 500 rps / 1000 burst
  • + Idempotency cache: SHA-256 request body hash, 10min TTL
  • + HTTPS enforcement, loopback-only proxy trust
  • + systemd unit with security hardening
  • + Health endpoints: public and detailed (authed)
Security
  • gVisor syscall interception for all containers
  • ReadonlyRootfs + tmpfs for writable paths
  • CAP DROP ALL, NO_NEW_PRIVILEGES
  • PidsLimit=256, no swap allowed
  • bcrypt password hashing
  • Email enumeration prevention