Skip to content

Mistle

v0.9.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 21d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Affected surfaces

deps

ReleasePort's take

Light signal
editorial:auto 13d

The release blocks unknown OTP sign‑ins when account sign‑ups are disabled.

Why it matters: If sign‑ups are disabled, apply the v0.9.0 update immediately to block unauthorized OTP logins.

Summary

AI summary

Session‑scoped OTP sign‑ins are blocked when account sign‑ups are disabled.

Changes in this release

Security Medium

Update vulnerable dependency versions

Update vulnerable dependency versions

Source: llm_adapter@2026-05-21

Confidence: high
Security Medium

Block unknown OTP sign-ins when signups disabled

Block unknown OTP sign-ins when signups disabled

Source: llm_adapter@2026-05-21

Confidence: high
Security Medium

Check GitHub signing keys before save

Check GitHub signing keys before save

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Ensure sandboxd artifact before runtime startup

Ensure sandboxd artifact before runtime startup

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Add anthropic and opencode Go integrations

Add anthropic and opencode Go integrations

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Support opencode chat sessions

Support opencode chat sessions

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Enable sandbox providers independently

Enable sandbox providers independently

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Add sandboxd artifact resolver

Add sandboxd artifact resolver

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Support OpenCode model selection

Support OpenCode model selection

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Support OpenCode session attachments

Support OpenCode session attachments

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Add sandboxd version probe

Add sandboxd version probe

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Enable OpenCode TUI handoff

Enable OpenCode TUI handoff

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Combine sandbox profile integration connections

Combine sandbox profile integration connections

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Filter proxied connections by agent runtime

Filter proxied connections by agent runtime

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Add node runtime telemetry

Add node runtime telemetry

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Group integrations overview by kind

Group integrations overview by kind

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Add completed home sessions view

Add completed home sessions view

Source: llm_adapter@2026-05-21

Confidence: low
Performance Medium

Remove redundant database indexes

Remove redundant database indexes

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Keep opencode proxy alive after client disconnect

Keep opencode proxy alive after client disconnect

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Stabilize runtime system harness

Stabilize runtime system harness

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Include GitHub email permission for account linking

Include GitHub email permission for account linking

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Bound gateway egress websocket backpressure

Bound gateway egress websocket backpressure

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Allow scheduled system image pushes

Allow scheduled system image pushes

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Align sandbox profile automation action

Align sandbox profile automation action

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Derive local compose images from release version

Derive local compose images from release version

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Select opencode default composer model

Select opencode default composer model

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Add OpenCode session title generation

Add OpenCode session title generation

Source: llm_adapter@2026-05-21

Confidence: low
Full changelog

[0.9.0] - 2026-05-13

Features

  • Add sandboxd version probe (#1970)
  • Add sandboxd artifact resolver (#1975)
  • Ensure sandboxd artifact before runtime startup (#1990)
  • Add anthropic and opencode go integrations (#2006)
  • Add node runtime telemetry (#2009)
  • Support opencode chat sessions (#2008)
  • Support OpenCode model selection (#2017)
  • Enable OpenCode TUI handoff (#2014)
  • Combine sandbox profile integration connections (#2019)
  • Group integrations overview by kind (#2020)
  • Filter proxied connections by agent runtime (#2021)
  • Support OpenCode session attachments (#2027)
  • Enable sandbox providers independently (#2028)
  • Check github signing keys before save (#2031)
  • Add completed home sessions view (#2041)
  • Add optional dashboard PostHog tracking (#2032)

Bug Fixes

  • Update vulnerable dependency versions (#1968)
  • Allow scheduled system image pushes (#1994)
  • Bound gateway egress websocket backpressure (#2007)
  • Hide empty published runtime tools card (#2011)
  • Align published sandbox runtime editor UI (#2013)
  • Stabilize runtime system harness (#2016)
  • Align sandbox profile automation action (#2018)
  • Remove redundant database indexes (#2022)
  • Keep opencode proxy alive after client disconnect (#2023)
  • Select opencode default composer model (#2024)
  • Include github email permission for account linking (#2026)
  • Derive local compose images from release version (#2029)
  • Add OpenCode session title generation (#2033)
  • Block unknown otp sign-ins when signups disabled (#2039)
  • Keep dashboard integration logos light (#2042)

Refactors

  • Move openai egress ownership to provider (#1965)
  • Remove runtime-authored egress routes (#1966)
  • Decouple runtime compile from provider access (#1969)
  • Remove agent provider access capability (#1971)
  • Improve automation create form (#1974)
  • Remove legacy webhook automation list (#1993)
  • Compile agent runtime at profile scope (#1982)
  • Remove runtime config from openai bindings (#1996)
  • Clean up agent runtime core API (#1997)
  • Share agent runtime provider route helpers (#1998)
  • Rename compiled runtime plan fragments (#1999)
  • Publish profiles without agent bindings (#2000)
  • Launch profiles without agent bindings (#2005)
  • Extract shared server request UI (#2010)
  • Share semantic chat grouping (#2015)

Documentation

  • Remove tokenizer architecture references (#2040)
  • Update product docs and screenshots (#2030)

Tests

  • Stabilize transparent egress counter diagnostics (#1987)
  • Persist public access proxy diagnostics (#1992)
  • Extend e2b resume diagnostics (#1995)
  • Persist runtime public access routes (#2012)
  • Expand Jira integration story coverage (#2025)

CI

  • Publish sandboxd release artifact (#1972)

Chores

  • (deps) Bump @opentelemetry/sdk-node from 0.215.0 to 0.217.0 (#1954)
  • (deps) Bump @commitlint/config-conventional from 20.5.3 to 21.0.0 (#1944)
  • (deps) Bump @opentelemetry/exporter-logs-otlp-http from 0.216.0 to 0.217.0 (#1946)
  • (deps) Bump tokio from 1.51.0 to 1.52.3 in /packages/sandboxd (#1948)
  • (deps) Bump @codemirror/autocomplete from 6.20.1 to 6.20.2 (#1951)
  • (deps) Bump reqwest from 0.13.2 to 0.13.3 in /packages/sandboxd (#1950)
  • (deps) Bump nix from 0.31.2 to 0.31.3 in /packages/sandboxd (#1949)
  • Harden CI workflow security (#1973)
  • (deps) Bump @pierre/diffs from 1.1.19 to 1.1.20 (#1985)
  • (deps) Bump oxfmt from 0.42.0 to 0.47.0 (#1978)
  • (deps) Bump tsc-alias from 1.8.16 to 1.8.17 (#1979)
  • (deps) Bump jsdom from 29.0.1 to 29.1.1 (#1980)
  • Update codex to 0.130.0 (#1988)
  • (deps) Bump @fast-check/vitest from 0.4.0 to 0.4.1 (#2004)
  • (deps) Bump @tanstack/react-query from 5.90.21 to 5.100.9 (#2003)
  • (deps) Bump @playwright/test from 1.58.2 to 1.59.1 (#2002)
  • (deps) Bump turbo from 2.9.6 to 2.9.9 (#2001)
  • (deps) Bump vite from 8.0.5 to 8.0.10 in /tests/system/fixtures/vite-dev-server (#1976)
  • (deps) Bump dockview from 5.2.0 to 6.0.1 (#1977)
  • (deps) Bump @rjsf/core from 6.5.1 to 6.5.2 (#2034)
  • (deps) Bump dockview from 6.0.1 to 6.0.3 (#2035)
  • (deps) Bump knip from 5.88.0 to 6.11.0 (#2036)
  • (deps) Bump react-router from 7.14.2 to 7.15.0 (#2038)
  • (deps) Bump @opentelemetry/core from 2.7.0 to 2.7.1 (#2037)
  • (release) V0.9.0 (#2043)
  • Bump sandboxd to 0.9.0 (#2044)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mistle

Get notified when new releases ship.

Sign up free

About Mistle

All releases →

Related context

Beta — feedback welcome: [email protected]