Releases: NVIDIA/OpenShell
Releases · NVIDIA/OpenShell
OpenShell v0.0.45
OpenShell v0.0.45
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.45 shWhat's Changed
- feat(k8s): make default workspace PVC storage size configurable by @sjenning in #1436
- refactor: deduplicate shared test helpers by @ericcurtin in #1399
- fix(ci): require PR checks to pass by @pimlock in #1461
- chore(deps): bump actions/download-artifact from 4.3.0 to 8.0.1 by @dependabot[bot] in #1459
- chore(deps): bump softprops/action-gh-release from 2.6.2 to 3.0.0 by @dependabot[bot] in #1458
- fix(build): install binaries built in part build tree by @zyga in #1462
- test(persistence): make CAS conflict test deterministic by @pimlock in #1464
- feat(agents): add LSM compatibility checks to review and spike skills by @derekwaynecarr in #1451
- ci(canary): add kind-based helm chart smoke test to Release Canary by @TaylorMutch in #1336
- test(e2e): default GPU probe image by @elezar in #1450
- docs(agents): add Docker GPU CDI debug hints by @elezar in #1448
Full Changelog: v0.0.44...v0.0.45
Contributors
sjenning, zyga, and 6 other contributors
Assets 26
- 5.38 MB
2026-05-20T15:56:26Z - 5.52 MB
2026-05-20T15:56:26Z - 14.8 MB
2026-05-20T15:56:26Z - 18.1 MB
2026-05-20T15:56:26Z - 18.8 MB
2026-05-20T15:56:26Z - 14.1 MB
2026-05-20T15:56:26Z - 14.6 MB
2026-05-20T15:56:26Z - 1.6 KB
2026-05-20T15:56:26Z - 28.8 MB
2026-05-20T15:56:26Z - 24.6 MB
2026-05-20T15:56:26Z -
2026-05-20T12:43:54Z -
2026-05-20T12:43:54Z - Loading
OpenShell Development Build
This build is automatically published on every commit to main that passes CI.
NOTE: This is a development build, not a tagged release, and may be unstable.
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=dev sh
OpenShell v0.0.44
OpenShell v0.0.44
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.44 shWhat's Changed
- feat(cli): add -o json/yaml output format to sandbox list by @benoitf in #1422
- feat(rpm): replace init-pki.sh with openshell-gateway generate-certs by @maxamillion in #1426
- fix(sandbox): stabilize forked socket owner test by @derekwaynecarr in #1417
- fix(docker): fall back to host arch for local builds by @elezar in #1420
- feat(db) resource version cas by @derekwaynecarr in #1292
- refactor(packaging): rely on gateway runtime defaults by @drew in #1415
- fix(security): refresh CI and gateway image dependencies by @johntmyers in #1432
- test(sandbox): cover inference stream truncation SSE errors by @mjamiv in #1418
- feat(e2e): enable mTLS for Podman compute driver by @russellb in #1430
- docs(helm): add chart readme generation by @TaylorMutch in #1437
- ci: extend artifact attestations to all release binaries by @mesutoezdil in #1398
- refactor(sandbox): replace iptables with nftables for network policy enforcement by @russellb in #1401
- fix(rpm): restore 0.0.0.0 bind address for Podman via default gateway.toml by @maxamillion in #1438
- test(e2e): close Podman driver test coverage gaps by @russellb in #1439
- feat(sandbox): inject DENO_CERT into sandbox child environment by @theFong in #1441
- fix(build): add z3 include path for RHEL/Fedora bindgen compatibility by @russellb in #1388
- chore(ci): pin all GitHub Actions to SHA digests by @fcanogab in #1233
- feat(providers): add credential refresh foundation by @johntmyers in #1349
New Contributors
Full Changelog: v0.0.43...v0.0.44
Contributors
drew, russellb, and 10 other contributors
Assets 26
OpenShell v0.0.43
OpenShell v0.0.43
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.43 shWhat's Changed
- fix(sandbox): remove DNS resolution from mechanistic mapper to prevent data exfiltration by @russellb in #1329
- docs(installation): add container gateway page with docker run and compose examples by @ericcurtin in #1321
- feat(server): separate HTTPS from mTLS authentication by @sjenning in #1351
- fix(vm): collapse nested if blocks in container engine connect by @TaylorMutch in #1406
- feat(tui): add OIDC authentication support by @sjenning in #1405
- chore: remove SSH handshake secret residuals and fix agent memory by @maxamillion in #1403
- fix(scripts): replace mapfile with bash 3.2-compatible read loop by @benoitf in #1334
- fix(sandbox): exempt host gateway from SSRF block for rootless Podman by @maxamillion in #1279
- feat(exec): add bidirectional streaming for interactive TTY sessions by @benoitf in #1331
- fix(sandbox): allow HEAD where GET is permitted in L7 policy by @mesutoezdil in #1382
- feat(gateway): add TOML configuration file (RFC 0003) by @TaylorMutch in #1317
- feat(vm): boot sandboxes from ext4 root disks by @drew in #1263
- fix(ci): skip helm plugin verification in CI image by @drew in #1411
- fix(vm): restore sandboxes after gateway restart by @drew in #1407
- fix(vm): preserve guest TLS hostname by @drew in #1416
Full Changelog: v0.0.42...v0.0.43
Contributors
drew, russellb, and 6 other contributors
Assets 26
OpenShell VM Runtime
Build of the OpenShell VM runtime artifacts used by openshell-driver-vm.
NOTE: This is a development build.
Kernel Runtime Artifacts
Pre-built kernel runtime (libkrunfw + libkrun + gvproxy + umoci) for embedding
into the openshell-driver-vm binary. These are rebuilt on demand when the
kernel config or pinned dependency versions change.
| Platform | Artifact |
|---|---|
| Linux ARM64 | vm-runtime-linux-aarch64.tar.zst |
| Linux x86_64 | vm-runtime-linux-x86_64.tar.zst |
| macOS ARM64 | vm-runtime-darwin-aarch64.tar.zst |
Verify
gh release download vm-runtime -R NVIDIA/OpenShell -p vm-runtime-linux-x86_64.tar.zst
gh attestation verify vm-runtime-linux-x86_64.tar.zst -R NVIDIA/OpenShellOpenShell v0.0.42
OpenShell v0.0.42
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.42 shWhat's Changed
- perf(build): speed up local CLI rebuilds by @johntmyers in #1387
- fix(server): downgrade expected connection teardown errors to debug by @russellb in #1369
- refactor!(auth): drop SSH handshake secret by @TaylorMutch in #1274
- fix(vm): make /sandbox chown non-fatal for virtiofs rootless hosts by @russellb in #1389
- Revert "perf(build): speed up local CLI rebuilds" by @drew in #1395
- fix(installer): dump gateway logs on startup timeout by @drew in #1396
- fix(vm): enable NFT_LOG kernel module for nftables bypass detection by @russellb in #1391
- feat(vm): fall back to Podman socket when Docker is unavailable by @russellb in #1370
Full Changelog: v0.0.41...v0.0.42
Contributors
drew, russellb, and 2 other contributors
Assets 26
OpenShell v0.0.41
OpenShell v0.0.41
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.41 shWhat's Changed
- fix(server): restrict SQLite database file permissions to 0o600 by @alangou in #1359
- feat(ci): add helm-unittest mise task and CI step by @mesutoezdil in #1367
- feat(policy): agent-driven policy management — the agent half by @zredlined in #1323
- fix(images): remove image-specific owner and mode set for gateway binary by @sjenning in #1371
- fix(cli): cp-style sandbox download and workspace-boundary check by @laitingsheng in #1353
- test(e2e): add bypass detection test for sandbox REJECT rules by @russellb in #1368
- feat(helm): support custom CA for OIDC issuer TLS verification by @sjenning in #1373
- fix(gateway): keep vm driver opt-in by @drew in #1375
- feat(cli): add sandbox resource flags by @drew in #1376
- docs: replace --sync with --upload . in sync-files example by @mesutoezdil in #1366
- refactor(core): eliminate duplicate utilities across crates by @ericcurtin in #1381
Full Changelog: v0.0.40...v0.0.41
Contributors
drew, russellb, and 6 other contributors
Assets 26
OpenShell v0.0.40
OpenShell v0.0.40
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.40 shWhat's Changed
- feat(k8s): support nodeSelector and tolerations from platform_config by @Arnonrgo in #1327
- refactor(docker): split gateway/supervisor Dockerfiles and use native rust builds by @TaylorMutch in #1316
- docs: style fixes by @miyoungc in #1341
- fix(cli): use OS trust store for reqwest TLS verification by @sjenning in #1342
- fix(secret): Add custom derive Debug for SecretResolver to prevent secret leakage with {:?} by @alangou in #1322
- feat(gateway): add local-domain service routing by @pimlock in #1101
New Contributors
Full Changelog: v0.0.39...v0.0.40
Contributors
sjenning, Arnonrgo, and 4 other contributors
Assets 26
OpenShell v0.0.39
OpenShell v0.0.39
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.39 shWhat's Changed
- feat(gpu): honor device IDs in Docker and Podman by @elezar in #1253
- feat(k8s): support ImageVolumeSource for supervisor sideload by @mrunalp in #1300
- ci(kubernetes): add kube gateway e2e tests and gated CI workflow by @TaylorMutch in #1251
- fix(driver-kubernetes): propagate log_level as OPENSHELL_LOG_LEVEL env var by @mesutoezdil in #1310
- docs(helm): document supervisor.sideloadMethod and sandboxNamespace default by @mesutoezdil in #1309
- fix(vm): use bash 3.2-safe empty array expansion in supervisor build by @benoitf in #1311
- fix(vm): correct /sandbox ownership when rootfs is built by non-root host by @benoitf in #1176
- docs(rfc): add gateway configuration file RFC by @TaylorMutch in #951
- feat(relay): route forwarding through ForwardTcp by @pimlock in #1029
- fix(sandbox): rewrite messaging credential placeholders by @ericksoa in #1286
- fix(providers): read opencode config file during credential discovery by @ericcurtin in #1290
New Contributors
- @ericksoa made their first contribution in #1286
- @ericcurtin made their first contribution in #1290
Full Changelog: v0.0.38...v0.0.39
Contributors
mrunalp, ericksoa, and 6 other contributors
Assets 26
OpenShell v0.0.38
OpenShell v0.0.38
Quick install
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=v0.0.38 shWhat's Changed
- fix(install): register local gateway before probing listener by @drew in #1280
- fix(helm): derive sandboxNamespace from Release.Namespace instead of hardcoding by @sauagarwa in #1282
- chore(installer): promote package install script by @drew in #1261
- feat: agent-driven policy management MVP by @zredlined in #1151
- docs: document OPENSHELL_SSH_HANDSHAKE_SECRET in Getting Started by @russellb in #1287
- fix(gateway): update Podman supervisor build task name by @russellb in #1288
- fix(installer): guard incompatible v0.0.37 upgrades by @drew in #1294
- fix(docker): add SELinux labeling to bind mounts by @derekwaynecarr in #1291
- docs(readme): add roadmap and RFC issue guidance by @drew in #1284
- docs(rfc): move policy management RFC to 0002 by @drew in #1283
- feat(driver-kubernetes): disable service account token auto-mounting by @derekwaynecarr in #1298
- fix(docker): route VM-Docker runtimes through host-gateway by @laitingsheng in #1301
- (feat) early snap support by @zyga in #1238
New Contributors
Full Changelog: v0.0.37...v0.0.38
Contributors
drew, russellb, and 5 other contributors