v0.7.0 - Security Monitoring, NFT Network Detection, and opencode Support

Release v0.7.0

Massive release with 30+ bug fixes, security monitoring system, nftables network monitoring, opencode support, permission modes, and comprehensive security hardening.

Highlights

• Security Monitoring System - Real-time threat detection for reverse shells, data exfiltration, credential scanning, and suspicious network activity with automated response (pause/kill) and JSONL audit logging
• nftables Network Monitoring - Kernel-level packet filtering that catches all network events including short-lived connections, blocked attempts, and DNS queries — tamper-proof from inside the container
• opencode Support - Full support for opencode AI coding agent with session resume, config management, and permission mode integration
• Configurable Permission Mode - Switch between bypass (auto-grant all) and interactive (human-in-the-loop approval) for AI tool commands
• NFT Monitor with Automated Response - Detects RFC1918 access, cloud metadata endpoints, C2 ports (4444, 5555, 31337), allowlist violations, and DNS anomalies — automatically pauses or kills containers based on threat severity
• Supply-Chain Attack Protection - .git/hooks, .git/config, .husky, and .vscode mounted read-only by default to prevent hook injection and task auto-execution
• Preserve Workspace Path - Option to mount workspace at the same absolute path inside the container as on the host
• coi resume Command - Resume containers paused by security monitoring
• Claude Effort Level Config - Prevent interactive prompts during autonomous sessions
• Embedded Build Assets - coi build works from any directory (no need to run from project root)

Bug Fixes (30+)

• opencode session resume in ephemeral mode — --continue now correctly resumes sessions (#196)
• coi build --force works from any directory — Build assets embedded via //go:embed (#176)
• Docker Compose sysctl permission denied — Pre-set net.ipv4.ip_unprivileged_port_start=0 at Incus level (#187)
• Persistent session resume creates fresh container — Reuses original slot on resume (#190)
• opencode session resume broken — Tool-agnostic metadata.json check instead of hardcoded .claude (#183)
• opencode interactive permission mode ineffective — Returns proper {"permission": {"*": "ask"}} (#186)
• Docker Compose fails inside session containers — Security flags set before first boot to eliminate race condition
• Double-cleanup race condition in shell signal handler — Wrapped in sync.Once
• Container user UID/GID remapping — Correct remapping for non-default code_uid (#166)
• Config merge drops boolean settings — 13 boolean fields converted to pointer types for proper nil handling
• Firewall rule accumulation causing system hang — Fixed cleanup across all termination paths (100k+ rule buildup)
• Docker commands without sudo — Socket group ownership fixed for all session types (#134)
• /tmp exhaustion causing agent hangs — Disk-backed tmpfs by default with auto-cleanup (#135)
• Security monitoring TUI corruption — All output routed to audit log, no more stdout spam
• NFT monitoring rules cleanup — Proper cleanup on kill, shutdown, and auto-kill paths
• Protected paths with preserve_workspace_path — Dynamic workspace path resolution
• And 15+ more fixes — see CHANGELOG.md for the complete list

New Features

Security Monitoring System

Always-on monitoring during sessions that detects and responds to threats in real-time:

• Process monitoring — Reverse shells, environment variable scanning, credential access
• Filesystem monitoring — Large read/write detection for data exfiltration prevention
• Network monitoring (nftables) — Kernel-level packet filtering, C2 port detection, metadata endpoint blocking
• Automated response — INFO/WARNING (log) → HIGH (pause container) → CRITICAL (kill container)
• Audit logging — JSONL format at ~/.coi/audit/<container-name>.jsonl

Enable with coi shell --monitor or configure in ~/.config/coi/config.toml:

[monitoring]
enabled = true
auto_pause_on_high = true
auto_kill_on_critical = true

nftables Network Monitoring

Kernel-level monitoring that can't be tampered with from inside the container:

• Catches all connection attempts including blocked ones and <100ms connections
• Detects RFC1918 access, metadata endpoints, suspicious ports, DNS anomalies
• Rate-limited logging (100 packets/sec normal, unlimited for suspicious traffic)
• Dropped event tracking with operator notifications

opencode Support

coi shell --tool opencode
# or configure in .coi.toml:
# [tool]
# name = "opencode"

Full session resume, XDG-compliant config paths, permission mode support.

Configurable Permission Mode

[tool]
permission_mode = "interactive"  # or "bypass" (default)

Supply-Chain Protection (Configurable)

[security]
# Default protected paths (read-only):
# .git/hooks, .git/config, .husky, .vscode
additional_protected_paths = [".idea", "Makefile"]  # add more
# disable_protection = false  # not recommended

New Commands

• coi resume [container] — Resume containers paused by security monitoring
• coi container list [--format json|text] — Raw container listing for automation
• coi container exec -t — PTY allocation for interactive sessions

Health Checks

• Incus storage pool — Warns at 80% usage, fails at 90%
• Container connectivity — Tests DNS + HTTP from inside a container
• Network restriction — Verifies restricted mode actually blocks private networks

Refactoring

• Unified config handling for all tools via ToolWithConfigDirFiles interface
• Decomposed duplicated code in shell.go (~76 lines eliminated)
• Typed Evidence structs replacing interface{} for threat events
• context.Context support throughout Incus command execution

CI/CD

• Zabbly package install fallback to Ubuntu native Incus
• Base Ubuntu image caching in GitHub Actions
• NFT rule assertion stabilized with polling loops

Installation

Quick Install (Linux)

curl -fsSL https://raw.githubusercontent.com/mensfeld/code-on-incus/master/install.sh | bash

Manual Installation

Linux AMD64 (x86_64)

wget https://github.com/mensfeld/code-on-incus/releases/download/v0.7.0/coi-linux-amd64
chmod +x coi-linux-amd64
sudo mv coi-linux-amd64 /usr/local/bin/coi

Linux ARM64 (aarch64)

wget https://github.com/mensfeld/code-on-incus/releases/download/v0.7.0/coi-linux-arm64
chmod +x coi-linux-arm64
sudo mv coi-linux-arm64 /usr/local/bin/coi

After Installation

coi build --force   # Rebuild image with new features
coi setup           # First-time setup (if new install)

Full changelog: CHANGELOG.md

v0.6.0 - Resource Limits, AWS Bedrock, and Snapshots

Release v0.6.0

Major release with resource limits, AWS Bedrock support, and container snapshots.

🎉 Highlights

• Resource and time limits - Control CPU, memory, disk I/O, and runtime with auto-stop
• AWS Bedrock validation - Automatic setup validation for Colima/Lima with clear error messages
• Container snapshots - Full checkpoint/restore with stateful support
• System health checks - coi health command for diagnostics
• Firewalld network isolation - Simplified setup, no more OVN dependencies
• Automatic Docker support - Nested containers work out of the box

🐛 Bug Fixes

• Settings.json merge - Fixed critical bug where user settings were overwritten (#76)
• Session listing - Fixed coi list --all to always show Saved Sessions section (#81)
• Tool-agnostic listing - Fixed hardcoded .claude directory check (#81)
• Test isolation - Fixed intermittent test failures from container pollution (#81)
• Colima build timeouts - Added 15-minute timeout with retry logic (#81)
• DNS auto-fix - Extended detection for localhost DNS and missing configs (#83)

✨ Features

Resource and Time Limits

Configure via TOML config, profiles, or CLI flags:

• CPU count/allowance/priority
• Memory limit/enforce/swap
• Disk read/write/max rates
• Max processes
• Auto-stop after max runtime with graceful or force shutdown

coi shell --limit-cpu=2 --limit-memory=2GiB --limit-duration=2h

AWS Bedrock for Colima/Lima

Automatic validation prevents broken setups:

• AWS CLI availability check
• Dual .aws path detection and warnings
• SSO cache permission validation
• Credential validity testing
• Mount configuration verification

Container Snapshots

Complete checkpoint management:

coi snapshot create              # Auto-named snapshot
coi snapshot create checkpoint1  # Named snapshot
coi snapshot list                # List all snapshots
coi snapshot restore checkpoint1 # Rollback
coi snapshot delete checkpoint1  # Cleanup

Health Check Command

coi health               # Basic health check
coi health --verbose     # Additional checks
coi health --format json # Machine-readable output

Checks: OS, Incus, permissions, images, network, firewalld, storage, config, containers

Firewalld Network Isolation

Simplified setup - no more OVN/OVS dependencies:

• Works with standard Incus bridge networks
• Container IP-based filtering
• Automatic cleanup on container stop
• Priority-based rule management

Other Features

• Automatic Docker support - Nesting flags set automatically
• Colima/Lima auto-detection - Disables UID shifting automatically
• Manual UID shift override - disable_shift config option
• coi persist command - Convert ephemeral to persistent
• IPv4 in coi list - Shows container IP addresses (#66)

🔧 Enhancements

• macOS/Colima docs - Clearer setup instructions and network mode guidance
• Claude CLI update - Native installer replaces deprecated npm method (#82)

🧪 Testing

• Docker integration tests
• coi persist integration tests
• Terminal sanitization tests
• IPv4 display tests
• Updated network isolation tests for firewalld

📚 Documentation

• Complete AWS Bedrock setup guide for macOS/Colima
• Resource limits configuration examples
• Network isolation setup with firewalld
• Snapshot workflow documentation

🔨 Installation

Quick Install (Linux)

# Install latest version
curl -fsSL https://raw.githubusercontent.com/mensfeld/code-on-incus/master/install.sh | bash

Manual Installation

Download the appropriate binary for your system:

Linux AMD64 (x86_64)

wget https://github.com/mensfeld/code-on-incus/releases/download/v0.6.0/coi-linux-amd64
chmod +x coi-linux-amd64
sudo mv coi-linux-amd64 /usr/local/bin/coi

Linux ARM64 (aarch64)

wget https://github.com/mensfeld/code-on-incus/releases/download/v0.6.0/coi-linux-arm64
chmod +x coi-linux-arm64
sudo mv coi-linux-arm64 /usr/local/bin/coi

Verify Installation

coi version
coi build
coi shell

⚠️ Breaking Changes

None - fully backward compatible with v0.5.x

📊 Release Stats

• 20 files changed: +3,519 additions
• 6 bug fixes
• 10 new features
• 2 enhancements
• New packages: internal/bedrock and internal/limits
• 42 new tests for limits feature alone

🔗 Links

• Full Changelog: https://github.com/mensfeld/code-on-incus/blob/master/CHANGELOG.md
• Documentation: https://github.com/mensfeld/code-on-incus/blob/master/README.md
• Issues: https://github.com/mensfeld/code-on-incus/issues

📋 Requirements

• Incus - Linux container manager
• Go 1.21+ - For building from source
• incus-admin group - User must be in incus-admin group

Release v0.5.2

Installation

Quick Install (Linux)

# Install latest version
curl -fsSL https://raw.githubusercontent.com/mensfeld/claude-on-incus/master/install.sh | bash

Manual Installation

Download the appropriate binary for your system:

Linux AMD64 (x86_64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.5.2/coi-linux-amd64
chmod +x coi-linux-amd64
sudo mv coi-linux-amd64 /usr/local/bin/coi

Linux ARM64 (aarch64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.5.2/coi-linux-arm64
chmod +x coi-linux-arm64
sudo mv coi-linux-arm64 /usr/local/bin/coi

Verify Installation

coi version
coi build sandbox
coi shell

What's Changed

See CHANGELOG.md for full changes.

Requirements

• Incus - Linux container manager
• Go 1.21+ - For building from source
• incus-admin group - User must be in incus-admin group

Documentation

• README
• PERSISTENT_MODE.md
• Integration Tests

Release v0.5.1

Installation

Quick Install (Linux)

# Install latest version
curl -fsSL https://raw.githubusercontent.com/mensfeld/claude-on-incus/master/install.sh | bash

Manual Installation

Download the appropriate binary for your system:

Linux AMD64 (x86_64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.5.1/coi-linux-amd64
chmod +x coi-linux-amd64
sudo mv coi-linux-amd64 /usr/local/bin/coi

Linux ARM64 (aarch64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.5.1/coi-linux-arm64
chmod +x coi-linux-arm64
sudo mv coi-linux-arm64 /usr/local/bin/coi

Verify Installation

coi version
coi build sandbox
coi shell

What's Changed

See CHANGELOG.md for full changes.

Requirements

• Incus - Linux container manager
• Go 1.21+ - For building from source
• incus-admin group - User must be in incus-admin group

Documentation

• README
• PERSISTENT_MODE.md
• Integration Tests

Release v0.5.0

Installation

Quick Install (Linux)

# Install latest version
curl -fsSL https://raw.githubusercontent.com/mensfeld/claude-on-incus/master/install.sh | bash

Manual Installation

Download the appropriate binary for your system:

Linux AMD64 (x86_64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.5.0/coi-linux-amd64
chmod +x coi-linux-amd64
sudo mv coi-linux-amd64 /usr/local/bin/coi

Linux ARM64 (aarch64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.5.0/coi-linux-arm64
chmod +x coi-linux-arm64
sudo mv coi-linux-arm64 /usr/local/bin/coi

Verify Installation

coi version
coi build sandbox
coi shell

What's Changed

See CHANGELOG.md for full changes.

Requirements

• Incus - Linux container manager
• Go 1.21+ - For building from source
• incus-admin group - User must be in incus-admin group

Documentation

• README
• PERSISTENT_MODE.md
• Integration Tests

Release v0.4.0

Installation

Quick Install (Linux)

# Install latest version
curl -fsSL https://raw.githubusercontent.com/mensfeld/claude-on-incus/master/install.sh | bash

Manual Installation

Download the appropriate binary for your system:

Linux AMD64 (x86_64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.4.0/coi-linux-amd64
chmod +x coi-linux-amd64
sudo mv coi-linux-amd64 /usr/local/bin/coi

Linux ARM64 (aarch64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.4.0/coi-linux-arm64
chmod +x coi-linux-arm64
sudo mv coi-linux-arm64 /usr/local/bin/coi

Verify Installation

coi version
coi build sandbox
coi shell

What's Changed

See CHANGELOG.md for full changes.

Requirements

• Incus - Linux container manager
• Go 1.21+ - For building from source
• incus-admin group - User must be in incus-admin group

Documentation

• README
• PERSISTENT_MODE.md
• Integration Tests

Release v0.3.1

Installation

Quick Install (Linux)

# Install latest version
curl -fsSL https://raw.githubusercontent.com/mensfeld/claude-on-incus/master/install.sh | bash

Manual Installation

Download the appropriate binary for your system:

Linux AMD64 (x86_64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.3.1/coi-linux-amd64
chmod +x coi-linux-amd64
sudo mv coi-linux-amd64 /usr/local/bin/coi

Linux ARM64 (aarch64)

wget https://github.com/mensfeld/claude-on-incus/releases/download/v0.3.1/coi-linux-arm64
chmod +x coi-linux-arm64
sudo mv coi-linux-arm64 /usr/local/bin/coi

Verify Installation

coi version
coi build sandbox
coi shell

What's Changed

See CHANGELOG.md for full changes.

Requirements

• Incus - Linux container manager
• Go 1.21+ - For building from source
• incus-admin group - User must be in incus-admin group

Documentation

• README
• PERSISTENT_MODE.md
• Integration Tests